Thursday, April 9, 2009

BEWARE of "Conficker worm's " VIRUS attack today

A malicious software program that has infected millions of computers could enter a more menacing phase on Wednesday, from an outright attack to a quiet mutation that would further its spread.

Computer security experts who have analysed the Conficker worm's code say it is designed to begin a new phase on April 1, and while it's unclear whether it will unleash havoc or remain dormant, its stubborn presence is rattling businesses with multimillion-dollar budgets to fight cyber crime.

Conficker, believed to reside on 2 - 12 million computers worldwide, is designed to turn an infected PC into a slave that responds to commands sent from a remote server that controls an army of slave computers known as a botnet.

"It can be used to attack as well as to spy. It can destroy files, it can connect to addresses on the Internet and it can forward your e-mail," said Gadi Evron, an expert on botnets who helps governments protect against cyber crime.

But like many security experts, he doubts Wednesday will see a big attack.

The virus has been powerful enough to attack infected computers for months by exploiting weaknesses in Microsoft's Windows operating system.

Evron and several other analysts said Wednesday's change could simply give Conficker enhanced functionality, possibly making it more dangerous.

"This is the electronic equivalent of being told there is a major storm that has a 20 per cent chance of hitting," said Mark Rasch, an executive at Secure IT Experts who spent 25 years prosecuting computer crimes at the US Department of Justice.

"It's not time to hide in the bunker. But it might be prudent to look out the window," he added.

In February, Microsoft announced it was offering a $250,000 reward for information leading to the arrest and conviction of whoever is responsible for creating Conficker, saying the worm constituted a "criminal attack."

Fears of ID Theft

Botnets are a major worry because they can surreptitiously steal identities, log sensitive corporate information, credit card numbers, online banking passwords or other key data users of infected PCs type on their keyboards

- Pramod Ambady

- JMD Computer

Tuesday, March 31, 2009

Hide Entire Drives Partition Without Registry

Here is a cool technique which hides entire hard disk drives by a simple procedure.
This is the best security tip to be employ against unauthorised users.

1) Go to Start > Run > type "diskpart". A DOS window will appear with following description.

DISKPART>

2) Then type "list volume" The result will look something like one as shown below-

3) Suppose you want to hide drive E then type "select volume 3"

Then a message will appear in same window { Volume 3 is the selected volume}

4) Now type "remove letter E"

Now a message will come { Diskpart Removed the Drive letter }

sometime it requires to reboot the computer.

Diskpart will remove the letter.

Windows XP is not having capabilty to identify the unknown volume.

Your Data is now safe from unauthorised users.

To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".

It means type "assign letter E".

 

Source:- http://www.insecure.in/hide_drive_trick.asp

Running Multiple Instances of Yahoo Messenger

If you are using Yahoo! Messenger v8.0 or above, YahooMulti.reg will let you run multiple copies of Yahoo Messenger.

At the same time which will allow you to login multiple ID’s at the same time.

1) Open Registry Editor (regedit.exe)

Click Start > Run and then type 'regedit' press enter.

2) Then Look For- HKEY_CURRENT_ USER\Software\yahoo\ pager\Test.

3) Then change this value of plural to like this- “Plural”=dword: 00000001

Source:- http://www.insecure.in/multiple_yahoo_trick.asp

Hide EXE File into JPG

This is a good trick to hide your exe files into a jpg file..!
How about sending a trojan or a keylogger into your victim using this trick..??

1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this 'picture.jpeg' in the same folder.

6) Now that you have a shortcut, rename it to whateve you want, for example, 'me.jpeg'.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field 'Start In' and leave it empty.

9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :-

'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'

10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.

11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.

12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-

%SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.

This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

Source:- http://www.insecure.in/hide_exe_jpg.asp

Increase Broadband Speed Using Simple Tweak

 
A Simple Tweak (XP Pro only) which will increase your Broadband Speed.
Make sure you Log on as Administrator, not as a user with Administrator privileges.
Follow the steps as given below-
1) Click on Start Button.
2) Select Run From Start Menu.
3) Type gpedit.msc
4) Expand the [Administrative Templates] branch.
5) Then Expand the [Network] branch.
6) Highlight(Select by Single Click) [QoS Packet Scheduler]
7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel)
8) Check(Select By Single Click on it) [Enabled]
9) Change [Bandwidth limit %] to 0 %
10) Click [OK] Button.
11) Restart Your PC.
12) Now Check Your Broadband Speed.

 

Source:- http://www.insecure.in/broadband_trick.asp

Create Folders And Files With NO! Name

This trick will allow you to create files and folders without any name.
Just follow the steps as given below :-
1) Select any file or folder.
2) Right click on it, select 'Rename' or simply press 'F2'.
3) Press and hold the 'Alt' key. While holding the Alt key, type numbers '0160' from the numpad.
Note :- Type the numbers '0160' from the numpad, that is, the numbers present on the right side of the keyboard.
Don’t type the numbers which are present on top of the character keys.
4) Press Enter and the nameless file or folder will be created.
Reason :- The file or folder that seems nameless is actually named with a single space.
But what if you want to create another nameless file or folder in the same directory ?
For this you will have to rename the file with 2 spaces.
Just follow the steps given below :-
1) Select file, Press 'F2'.
2) Hold 'Alt' key and type '0160' from the numpad.
3) Release the 'Alt' key. Now without doing anything else, again hold 'Alt' key and type '0160'.
4) Press 'Enter' and you will have second nameless file in the same directory.
5) Repeat step 3 to create as many nameless files or folders in the same directory.
(We have a problem with deleting these folders, to do so, start your computer in 'Safe Mode' and delete it from there.)

 

Source:- http://www.insecure.in/noname_trick.asp

Chat with Friends through ms dos Command Prompt

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".
4) Open Command Prompt.
5) Drag this file (.bat file) over to Command Prompt and press Enter.
6) You would then see something like this:

7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

Source:- http://www.insecure.in/cmd_chat_trick.asp

Run Firefox inside Firefox

How to run Firefox inside Firefox.?
Yup you can run Firefox inside Firefox just by typing following url.
How about Opening Firefox inside Firefox which is again in another Firefox..?
Not bad huh?
And its really easy too just type in this url in Firefox's address bar and there you go!
Firefox inside Firefox!
copy paste following url in a web browser (mozilla Firefox).

chrome://browser/content/browser.xul

Following is the screenshot of this trick (firefox in firefox in Firefox, which is again in another firefox)-

firefox inside firefox

 

Source:- http://www.insecure.in/firefox_in_firefox.asp

Reveal *****(Asterisk) Passwords Using Javascript

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.

javascript: alert(document.getElementById('Passwd').value);

4) As soon as you press 'Enter', A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox.

 

Source:- http://www.insecure.in/reveal_pass_trick.asp

Calculations On Command Prompt

The command processor CMD.EXE comes with a mini-calculator that can perform simple arithmetic on 32-bit signed integers:

C:\>set /a 2+2
4
C:\>set /a 2*(9/2)
8
C:\>set /a (2*9)/2
9
C:\>set /a "31>>2"
7

Note that we had to quote the shift operator since it would otherwise be misinterpreted as a "redirect stdout and append" operator.

For more information, type set /? at the command prompt.

 

Source:- http://www.insecure.in/cal_cmd_trick.asp

Folder Lock Without Any Software

Folder Lock With Password Without Any Software-
Paste the code given below in notepad and 'Save' it as batch file (with extension '.bat').

Any name will do.

Then you see a batch file. Double click on this batch file to create a folder locker.
New folder named 'Locker' would be formed at the same location.

Now bring all the files you want to hide in the 'Locker' folder. Double click on the batch file to lock the folder namely 'Locker'.

If you want to unlock your files,double click the batch file again and you would be prompted for password.

Enter the password and enjoy access to the folder.

if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM

echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==type your password here goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

 

Source:- http://www.insecure.in/folder_lock_trick.asp

Shutdown Command Via Command Prompt

The 'Shutdown' Command Becomes More Flexible and Automated when used from the Command Prompt.

To Run the 'Shutdown' command from the command prompt, go to 'Start > Run', type 'cmd', and press 'Enter'.

In the black box (the command prompt) type 'Shutdown' and the Switches you want to use with the 'Shutdown' command.

You have to use at least one switch for the shutdown command to work.
The Switches :-

The 'Shutdown' command has a few options called Switches. You can always see them by typing 'shutdown -?' in the command prompt if you forget any of them.

-i: Display GUI interface, must be the first option
-l: Log off (cannot be used with -m option)
-s: Shutdown the computer
-r: Shutdown and restart the computer
-a: Abort a system shutdown
-m \\computername: Remote computer to shutdown/restart/abort
-t xx: Set timeout for shutdown to xx seconds
-c “comment”: Shutdown comment (maximum of 127 characters)
-f: Forces running applications to close without warning
-d [u][p]:xx:yy: The reason code for the shutdown u is the user code p is a planned shutdown code xx is the major reason code (positive integer less than 256) yy is the minor reason code (positive integer less than 65536)

Note :- I’ve noticed using a switch with a '-' sign doesn’t work sometimes.
If you are having trouble try using a '/' in place of '-' in your switches.

Examples :-
shutdown –m \\computername –r –f

This command will restart the computer named computername and force any programs that might still be running to stop.

shutdown –m \\computername –r –f –c “I’m restarting your computer. Please save your work now.” –t 120

This command will restart the computer named computername, force any programs that might still be running to stop, give to user on that computer a message, and countdown 120 seconds before it restarts.

shutdown –m \\computername –a
This command will abort a previous shutdown command that is in progress.

Using A Batch File :-
You can create a file that performs the shutdown command on many computers at one time.

In this example I’m going to create a batch file that will use the shutdown command to shut down 3 computers on my home network before I go to bed.

Open 'Notepad' and type the shutdown command to shut down a computer for each computer on the network.

Make sure each shutdown command is on its own line.

An example of what should be typed in notepad is given below-

shutdown –m \\computer1 –s
shutdown –m \\computer2 –s
shutdown –m \\computer3 –s

Now I’ll save it as a batch file by going to file, save as, change save as type to all files, give the file a name ending with '.bat'. I named mine 'shutdown.bat'.

Pick the location to save the batch file in and save it.
When you run the batch file it’ll shutdown computer 1, 2, and 3 for you.
You can use any combination of shutdown commands in a batch file.

Source:- http://www.insecure.in/shutdown_cmd_trick.asp

The Ethical Hacker

Welcome to the unique confluence of hackers , crackers and security professionals on the world wide web.


This is your complete resource for internet security and ethical hacking.


 -: The Ethical Hacker :-hack
Most people think that hackers are computer criminals.
They fail to recognize the fact that criminals and hackers are two totally different things.
Media is responsible for this.
Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet.

Source:- http://www.insecure.in/

Windows-XP Password Cracking

Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.


First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.


Make sure that you have disabled the antivirus/firewall running on your system before installing and throughout this process.


Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".
Brute-Force:- As this techniques takes more time to complete, the attacker prefer this technique only when there is a hope that the password contain same type of characters or may be two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should contain less than 7 characters. Otherwise it takes more time to crack password, which may be the mixture of all types of characters along with special symbols.


The step-by-step explaination for this technique is given below-


1) Open the tool "Cain and Abel"  

2) Go into the category "Cracker"      it displays all sub-categories under "Cracker" in left panel.

3) Select "LM & NTLM Hashes" from left panel and then click on      symbol, you will be greeted by a window as shown.

4) Check "import hashes from local system" and then click "Next". This shows all the active accounts on local system like administrator, guest, etc. along with LM and NT hashed values of their respective passwords, as shown below.

5) Right clicking on any username shows all available options using which we can crack it's password.

6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM hashes to store local users' passwords.
7) You will be greeted by a window where you can modify properties for brute-force attack such as password length, character set, etc.

8) Click on "Start" button.
9) On completion it will reveal the exact password.

 

Cryptanalisys :- Basically, Cryptanalisys means Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.


This is the fastest technique of password cracking possible due to "Rainbow Tables".


A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for an algorithm that does not usually permit this operation.


Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.e brute-force). The steps coming after that are as follows-


5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables". Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are available free to download on internet.


Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can also create at own just by downloading rainbow table generator (winrtgen.zip of 181KB) free download at "http://www.oxid.it/downloads/winrtgen.zip"

6) Click on "Add Table"

7) Browse for the location of rainbow table on your system, select proper table and click "open".

8) Select the loaded table and then click on "Start" button.

9) On completetion it will show the exact password.


To learn windows password cracking techniques properly, one must understand "LM" & "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow Tables, etc.......!

Source:- http://www.insecure.in/winxp_passcrack.asp

Password Hacking

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.


Most passwords can be cracked by using following techniques :


1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.


Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.


A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.


Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.


Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.


Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

 

Source:- http://www.insecure.in/password_hacking.asp

 
Design and Bloggerized by JMD Computer