• Slide 1 Title

    Go to Blogger edit html and replace these slide 1 description with your own words. ...

  • Slide 2 Title

    Go to Blogger edit html and replace these slide 2 description with your own words. ...

  • Slide 3 Title

    Go to Blogger edit html and replace these slide 3 description with your own words. ...

  • Slide 4 Title

    Go to Blogger edit html and replace these slide 4 description with your own words. ...

  • Slide 5 Title

    Go to Blogger edit html and replace these slide 5 description with your own words. ...

Free counters!

Thursday 4 February 2010

Prevent Urself from Scanning

How To Prevent Urself from Scanning??  


Till Now We have Discussed that How to extract the Information about the Site and Individual/site/organisation and scanning them for getting live ports or vulnerabilities to attack them.


Today I will explain you How to Prevent Yourself from Scanning.. and Tomorrow I will give you the Live demonstration of hacking and attacking a website with complete snapshots.
First of all you should know How to protect yourself from these attacks... Its really important that you should know the Counter measures of what you are doing... In case you will face the same problem yourself...:P




THESE ARE THE CERTAIN STEPS AND THINGS YOU SHOULD REMEMBER:


1. Use a Good Firewall to block all the illegal port activity. The Firewall blocks almost all unauthorized attempts by attackers except the following Ports i.e Firewall doesn't monitor port 80,8080,8181,3128,53.

Now You should Know Which Port Stands for What...


Port 80 is for servers(webservers).
Port 8080 is for HTTP clients.
Port 8181 is for HTTPS clients.
Port 3128 is a active port Needed for all Network processes.
Port 53 is for DNS.


Now If you Have a Good Firewall all illegal activity other than these ports can be blocked. Now the Only chance to being attacked is through 80,8080 and 8181. i.e through websites...When you open some malicious website containing malware scripts there are most chances of being attacked.
So from this you can guess What will be the Second point...Right..


2. Use a Good Web Shield Preferable AVG or any other Good Web shield. This will prevent you from attack through websites...


3. Third way to get attacked is through softwares.
As we all know most of us use Pirated Softwares and Download it from anywhere i.e where we find it and also we doesn't know the Uploaders...
This is the currently going practice Nowadays. Hackers upload softwares and attach a malicious softwares and hack tools with them like keyloggers, trojans, spywares etc.. with them. Now Here user Himself downloads the attacker files. SO there must be something to prevent from this attack. You canguess for what I am talking...
Ya Surely I am talking about Good Antivirus... I will recommend all to use AVIRA Antivirus and KASPERSKY. Its because of their interativeness.


4. Fourth Point And most Important One...Please Note Most Important One...

Note: It took only 50 sec to 1 minute to scan the system and 3 minutes to attack any system and damage it.
Why I am saying this Important its because no tool is made to detect these type of attacks...If you open this nothing can prevent you from attacked...
So prevention is better than Cure. Don't open them. For which I am talking.



I am talking about anonymous mails and spams in your Email ID's. Point to remember 3 out of 1 mail is a spam and 5 out of 1 contains a virus or attack script. Nowadays you will get emails like you have won 100000$ or something like these... these all mails are BOTNETS., these are viruses. they all are asking you about your personal Information and ask you to follow the Link..
You all have noticed that when you click the link it shows Redirecting ...around 30 sec ..and then just show you are not eligible for this or this offer is not available in you country... Between the time when they say redirectingggg... they are scanning your system.....and if they find something on you system they attack your system and get access to it...
Sooooooo, DON'T open the mails that come from some anonymous source...




This is all about Scanning Part .. I think you all will like this..
If you have any queries ask me.

Wednesday 3 February 2010

FAINTING WEB BROWSER

JUST COPY AND PASTE THIS SCRIPT INTO YOUR WEB BROWSERS ADDRESS BAR

  

javascript:function Shw(n) {if (self.moveBy) {for (i = 35; i > 0; i--) {for (j = n; j > 0; j--) {self.moveBy(1,i);self.moveBy(i,0);self.moveBy(0,-i);self.moveBy(-i,0); } } }} Shw(6)

CYBEROAM TO ACCESS ALL BLOCKED SITES

HOW TO HACK CYBEROAM TO ACCESS ALL BLOCKED SITES IN YOUR COLLEGE

Hello Frens I am back with another hacking tutorial . This time I will explain you all " How to Hack or Unblock cyberoam to access all blocked sites in college or company" . Tutorial will be noob friendly as everything is explained with the help of snapshots...So to know How to hack cyberoam Read On....

First of all Guys You Must Know What is Cyberoam and What Idea it uses to block the user.

Image and video hosting by TinyPic



What is Cyberoam :

Cyberoam is Identity-based unified threat management appliances, offer comprehensive threat protection with firewall-VPN, anti-virus, anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link load balancing and gateway failover.
Identity-based controls and visibility are critical components of network security. With identity and network data combined, enterprises are able to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions, or malicious attacks from inside or outside the enterprise. Activities and security policy rules can be enforced on network segments based on identity.

THINGS THAT WE NEED TO HACK CYBEROAM??
1.FootPrint IP . (Our Ip that is being footprinted or traced by any website that we visit. In short NAT outside local IP).

2. An Open PORT generally its 3128. (3128 port is active port which is always open If your computer has Network assessiblity.)

3. Proxifer and Its Settings. (any Version after 2.17).

Now that's the only things that we need If we want to hack or bypass the cyberoam Client. Now Detailed Hack Is below...



HACKING CYBEROAM (DETAILED HACK)
Stepwise Description:
1. First of all We need to get the FootPrint IP . Simple Method to Get FootPrint IP.
2. Open Your Mozilla Firefox Web Browser And type the Following Site.
https://your-freedom.de
3. When you Open the Site you will see something like this:

Image and video hosting by TinyPic

Click On I understand the risk (THIS IS TO ACCEPT SSL CERTIFICATE)

Image and video hosting by TinyPic


Click on Add Exception



Image and video hosting by TinyPic

CLICK ON CONFIRM SECURITY CERTIFICATE.
Image and video hosting by TinyPic



4. Now Guys We have Got the Footprint IP. Next thing is that We Neeed PORT for Accessing It.
USE PORT 3128 as Its open by default on system which have aceess to Internet.

5. NOW DOWNLOAD THE FOLLOWING SOFTWARE (PROXIFIER)

PROXIFIER ONLY FOR EDUCATIONAL PURPOSE PLEASE DON'T MISS USE IT WE ARE NOT RESPONSIBLE FOR ANY TYPE OF MISS USE OF THIS SOFT WARE





6. Its a Portable version of Proxifier . So need Not To Install. Just Click on It And Extract Anywhere you want. I prefer In Pen Drive.

Image and video hosting by TinyPic

7. After that You will Get Some Files LIKE THIS and CLICK ON PROXIFER TO RUN IT.
Image and video hosting by TinyPic

8. Now see the Task Bar. You will See something Like This. Clcik on that.

Image and video hosting by TinyPic

9. CLICK ON OPTIONS AND THEN ON ROXY SETTINGS.
Image and video hosting by TinyPic

10. NOW TO THE FOLLOWING SETTINGS AS SHOWN:

Image and video hosting by TinyPic

11. Now do the Settings as Shown Below. and Click Ok.

Image and video hosting by TinyPic



12. Now CLICK OK . AND OPEN THE WEBSITE YOU WANT:
Image and video hosting by TinyPic


NOW THATS ALL OVER THE FULL TUTORIAL. HOPE YOU WILL ENJOY IT ..

ALL QUESTIONS ARE WELCOMED.. IF YOU HAVE ANY QUERY ASK ME I WILL HELP YOU

Gmail Architecture

Gmail Architecture

Gmail Logo
Gmail is the best application website i ever seen. Simple implementation, Super Ajax, Cute Chatting, Status Messages, Fast Mail Checking, Live updating and its features are endless as my wordpress database wont withstand
when you type: www.gmail.com, the following action will happen. See it is very interesting.
Script1
It first load the javascript file : https://mail.google.com/mail?view=page&name=browser&ver=1k96igf4806cy
It checks the browser type, os etc
the function navigator.userAgent.toLowerCase() checks with opera, msie,mac,gecko,safari,palmsource,regking,windows ce,avantgo,stb,pda; sony/com2 etc browsers
that is script 1’s job.
Script 2 calculate the round trip time for a 1 pixel image. This is for finding the internet speed of the user
function GetRoundtripTimeFunction(start)
{
return function()
{
var end = (new Date()).getTime();
SetGmailCookie(”GMAIL_RTT”, (end – start));
}
}
Since gmail uses iframes , this script also make sure to load the actual home
top.location = self.location.href
It also set cookie to show which of the google service is using.
Then loads the login form and set focus on password field.
Gmail Login
Script 3 handles the https connection and cookie settings for secured login
Yet the web 2.0 concept is on the peak, gmail uses table layout design instad of div style designs :)
Gmail’s login form ’s action is pointing to “https://www.google.com/accounts/ServiceLoginAuth?service=mail”
This is the general url for google account login. Here service=mail parameter indicates , this is gmail logging
When the logging verification done, the page is redirected into corresponding service by javascript:
location.replace(”http://www.google.co.in/accounts/SetSID?……etc etc”);
After setting proper session and cookies for login, the non secured site http://mail.google.com/mail page automatically get refresh by this meta tag:
When loading the mail page after setting proper login sessions, around 28 ajax web request begin to start, and load all the mails, labels, channels etc
The above mentioned all javascript is also here in this mail loading page
The first division (div) inside the body tag is that for loading. A while text “loading…” with red backgroud.

Loading…
This is the waiting symbol for all the ajax call to load
Loading
There is also a timer is working to check the loading time of ajax requests. If it takes more time than expected (or calculated), it show this error “This seems to be taking longer than usual”
Automatically they provide navigation links for basic html version.
The total page of gmail is created by a set of iframes
viz
HIST_IFRAME
SOUND_IFRAME
CANVAS_IFRAME
JS_IFRAME
The Sound_Iframe session loads a flash object (shock wave file) for playing the sound , when chat works. (Google chat indicator)
Chat window
Gmail saves each sections- labels, inbox, mails etc in array with a unique id. This unique id is for checking the updations on the fly using ajax.
For example : http://mail.google.com/mail/?ui=2&ik=42e598c952&view=tl&start=50&num=70&auto=1&ari=120&rt=j&search=inbox
The above url pics all the data as javascript array format. Check this link after logging in gmail. You can see your labels, your from email accounts, your settings,
your last arrived 70 emails subject and from etc information in javascript array format.
This is the url which is to be called when you click older and newer mail (pagination below)
Gmail always call this url : http://mail.google.com/mail/channel/bind?at=xn3j2zpul6ptan694kr6javrldi43s&VER=6&it=93079&SID=584B451AB93DBDC&RID=16351&zx=lniy7w-6psisw&t=1
(leave the parameters value) for checking updatations. This is gmails rpc checking for new updations .
If there is any updation new rpc with post method automatically called to get new data. The calling url is same , the one above
http://mail.google.com/mail/?ui=2&ik=42e598c952&view=tl&start=0&num=70&auto=1&ari=120&rt=j&search=inbox
It results new data as javascript array format. The rest of the arrangements are handled by the script from client side.
Whenever you open a mail from inbox, the browser send another request for loading the sponsered links (advtisement) though this rpc
http://mail.google.com/mail/?ui=2&ik=42e598c952&view=ad&th=118e57dc03d67f16&search=inbox
The CANVAS_IFRAME is the main iframe contains all the layout of gmail
It contains the left side chat, main inbox or mails right side ads, and all the controls
The left side chat is created using table.
JS_IFRAME contains all the javascripts files for gmail full implementation. There are around 89 js files.
Chat
When you chat with somebody, the url calling is : http://mail.google.com/mail/channel/bind?at=xn3j2zpul6ptan694kr6javrldi43s&VER=6&it=891&SID=7D4E9A779225DC1&RID=50595&zx=hrsqkf-nwummu&t=1
as POST method with parameters:
req2_text
req2_to
req0_type cf
req1_cmd a
req0_focused 1
Now,
http://mail.google.com/mail/channel/bind?at=xn3j2zpul6ptan694kr6javrldi43s&VER=6&it=531&RID=rpc&SID=48DD6BA8E1D3A326&CI=1&AID=176&TYPE=xmlhttp&zx=m0iiwn-ok5jqr&t=1
the above url return the chat friends and theire status messages
==========================================================
Same url is using for getting the chat messages.
For example when kenney.jacob@gmail chat with me , the message comes as an array like this:
[184,["m","kenney.jacob@gmail.com","730DFDF6F013F640_161","active","hi da","hi da",1206444193169,
,,0,0,0,0,[]
,”square”]
Foster says
Here active implies the chat is active or not (the window with orange color) and with a chat alert if the window is not active.
http://mail.google.com/mail/channel/test?at=xn3j2zpul6ptan694kr6javrldi43s&VER=6&it=24343&MODE=init&zx=1vyx51-ze670&t=1
The above url checks whether the chat is enable or not. which returns an array:
["b","chatenabled"]