Sorry You Are Hacked Again !!
-: Network Hacking :-
by Gaurav Bharadwaj on Saturday, September 3, 2011 at 4:35am ·
-: Network Hacking :-
Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.
Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.gappoll.co.cc
Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.
Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port
example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.in
Here "* * * Request timed out." indicates that firewall installed on that system block the request and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to find out exact operating system running on target system.
-: Password Hacking :-
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :
1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.
Check Your Password Strength
3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.
4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.
GAURAV BHARADWAJ
Internet Security and Ethical Hacking
by Gaurav Bharadwaj on Saturday, September 3, 2011 at 4:22am ·
Welcome to the unique confluence of hackers , crackers and security professionals
on the world wide web.
This is your complete resource for internet security and ethical hacking.
-: The Ethical Hacker :-
Most people thinks that hackers are computer criminals. They fail to recognise the fact that criminals and hackers are two totally different things. Media is responsible for this. Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organisations, companies, goverment, etc. to secure documents and secret information on the internet.
Recent Blog Posts
Mon, 29 Aug 2011 19:22:34 +0000
Using Google Servers as a DDoS Tool
Google’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza. Quatrini discovered that two vulnerable pages – /_/sharebox/linkpreview/ and gadgets/proxy? – can be used to request any file type, which Google+ will download and show – even if the [...]
Sun, 28 Aug 2011 18:40:41 +0000
Windows Remote Desktop Worm “Morto” Spreading
F-Secure Lab just found a new Internet worm, and it’s spreading in the wild. The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven’t seen before: RDP (Remote Desktop Protocol). Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you [...]
Quotes
"There is no security on this earth, There is only opportunity." - General Douglas MacArthur
BY
GAURAV KUMAR BHARADWAJ
BHARADWAJ ASSOCIATES AND COMPANY
CEH,INDIA
MOBILE PHONE ETHICAL TRICKS BY GAURAV KUMAR BHARADWAJ
On the main screen type
*#06# for checking the IMEI (International Mobile Equipment Identity).
*#7780# reset to factory settings.
*#67705646# This will clear the LCD display (operator logo).
*#0000# To view software version.
*#2820# Bluetooth device address.
*#746025625# Sim clock allowed status.
*#62209526# - Display the MAC address of the WLAN adapter. This is available only in the newer devices that support WLAN
#pw+1234567890+1# Shows if sim have restrictions.
*#92702689# - takes you to a secret menu where you may find some of the information below:
1. Displays Serial Number.
2. Displays the Month and Year of Manufacture
3. Displays (if there) the date where the phone was purchased (MMYY)
*#1471#
*#21# Allows you to check the number that "All Calls" are diverted to
*#30# Lets you see the private number
*#43# Allows you to check the "Call Waiting" status of your phone.
*#62# Allows you to check the number that "Divert If Unreachable (no service)" calls are diverted to
*#67# Allows you to check the number that "On Busy Calls" are diverted to
*#67705646# Removes operator logo on 3310 & 3330
*#73# Reset phone timers and game scores
*#746025625# Displays the SIM Clock status, if your phone supports this power saving feature "SIM Clock Stop Allowed", it means you will get the best standby time possible
*#7780#
Software version for the nokia 8110
*#92702689#
Displays - 1.Serial Number, 2.Date Made,
3.Purchase Date, 4.Date of last repair (0000 for no repairs), 5.Transfer User Data
This is the default security code
press and hold #
Lets you switch between lines
*#06# for checking the IMEI (International Mobile Equipment Identity).
*#7780# reset to factory settings.
*#67705646# This will clear the LCD display (operator logo).
*#0000# To view software version.
*#2820# Bluetooth device address.
*#746025625# Sim clock allowed status.
*#62209526# - Display the MAC address of the WLAN adapter. This is available only in the newer devices that support WLAN
#pw+1234567890+1# Shows if sim have restrictions.
*#92702689# - takes you to a secret menu where you may find some of the information below:
1. Displays Serial Number.
2. Displays the Month and Year of Manufacture
3. Displays (if there) the date where the phone was purchased (MMYY)
4. Displays the date of the last repair - if found (0000)
5. Shows life timer of phone (time passes since last start)
*#3370# - Enhanced Full Rate Codec (EFR) activation. Increase signal strength, better signal reception. It also help if u want to use GPRS and the service is not responding or too slow. Phone battery will drain faster though.
*#3370* - (EFR) deactivation. Phone will automatically restart. Increase battery life by 30% because phone receives less signal from network.
*#4720# - Half Rate Codec activation.
*#4720* - Half Rate Codec deactivation. The phone will automatically restart
If you forgot wallet code for Nokia S60 phone, use this code reset: *#7370925538#
Note, your data in the wallet will be erased. Phone will ask you the lock code. Default lock code is: 12345
to delete the contents and code of wallet. Press
Unlock service provider: Insert sim, turn phone on and press vol up-arrow keys) for 3 seconds, should say pin code. Press C, then press * message should flash, press * again and 04*pin*pin*pin#
*#7328748263373738# resets security code.
Default security code is 12345
4. Displays the date of the last repair - if found (0000)
5. Shows life timer of phone (time passes since last start)
*#3370# - Enhanced Full Rate Codec (EFR) activation. Increase signal strength, better signal reception. It also help if u want to use GPRS and the service is not responding or too slow. Phone battery will drain faster though.
*#3370* - (EFR) deactivation. Phone will automatically restart. Increase battery life by 30% because phone receives less signal from network.
*#4720# - Half Rate Codec activation.
*#4720* - Half Rate Codec deactivation. The phone will automatically restart
If you forgot wallet code for Nokia S60 phone, use this code reset: *#7370925538#
Note, your data in the wallet will be erased. Phone will ask you the lock code. Default lock code is: 12345
to delete the contents and code of wallet. Press
Unlock service provider: Insert sim, turn phone on and press vol up-arrow keys) for 3 seconds, should say pin code. Press C, then press * message should flash, press * again and 04*pin*pin*pin#
*#7328748263373738# resets security code.
Default security code is 12345
For More Info Join www.gappoll.go.to
and mail ur queries : gappoll@in.com
For tools visit: www.gappoll.co.cc
No comments:
Post a Comment