Popular Post

Showing posts with label hacking. Show all posts

'123456' giving tough competition to 'password' in Worst 25 Passwords of 2013

By : Unknown

'123456' giving tough competition to 'password' in Worst 25 Passwords of 2013


Worst Passwords
123456, password, 12345678, qwerty… or abc123, How many of you have your password one of these??? I think quite a many of you.
Even after countless warnings and advices given to the users by many security researchers, people are continuously using a weak strength of password chains.
After observing many cyber attacks in 2013, we have seen many incidents where an attacker can predict or brute-force your passwords very easily.
From 2012, the only change till now is that the string “password” has shifted to the second place in a list of the most commonly used passphrases and string “123456” has taken the first place recently, according to an annual "Worst Passwords" report released by SplashData, a password management software company
They announced the annual list of 25 most common passwords i.e. Obviously the worst password that found on the Internet. The Most common lists of the passwords this year are "qwerty," "abc123," "111111," and "iloveyou", which are really easily guessable.
"Another interesting aspect of this year's list is that most short numerical passwords showed up even though websites are starting to enforce stronger password policies," says Morgan Slain, CEO of SplashData.
Below are the worst passwords list of 2013 with Rank and showing the comparison of it from 2012:
List of Worst Passwords 
If you are also using one of these passwords or other dictionary words, then you are advised to change it as soon as possible. We further advise you to use different passwords for different accounts, as if one of your account gets hacked, you’ll be totally ruined.
The above list of passwords was compiled from data dumps of stolen passwords posted online, and the firm says it was especially influenced by the millions of Adobe accounts that were compromised in the fall.
Fact & figure
Stricture Consulting Group attempted to decrypt the leaked Adobe passwords and released an estimate that almost 2 million of the more than 130 million users affected by the breach appeared to be using "123456" as a password.
Now when you talk about various security measures to protect your privacy and data, installing an Antivirus doesn’t mean that here your work gets over and you are safe enough. “God helps those who help themselves” likewise nobody can secure your privacy unless and until you yourself not willing to.
Here I have listed some useful tips to make your password strength secure and easier to remember:
  • Use a combination of lowercase, uppercase, numbers, and special characters of 8 characters long or more like s9%w^8@t$i
  • Use short passphrases with special characters separating to make it difficult for crackers and could be easily remembered like cry%like@me (cry like me)
  • Avoid using the same combination of passwords for different websites
  • If it is difficult for you to remember different passwords for different websites and accounts than try using Password manager applications like RoboForm, 1Password, LastPass.
STAY SECURE, STAY SAFE!
Read More
0 Comments
Tag : , ,

Bypass Victim Smartphone Through Viber App

By : Unknown

Bypass Victim Smartphone Through Viber App



Bypass Smartphone Lock Screen Through Viber App:
  •     First send viber message to victim
  •     Victim get viber message popups do some action on it.
  •     Then send another message to victim mobile.
  •     Victim mobile again get popup. Press back button of victim mobile.
  •     Now you get a full access of victim phone.

Read More
0 Comments
Tag : ,

How To Identify Fake Facebook Profiles

By : Unknown

How To Identify Fake Facebook Profiles



How can you detect the Fake FB Profile. On these days we are getting so many friend request specially by girls, but there is no way to identify that account is fake or original. So don't worry we are going to tell you simple method to detect fake Facebook account.

So this is a Facebook account which named by Sarikha Agarwal. Now we need to verify this account real or fake, so our first step is going to the images.google.com and click on camera image.





So when you click on search by image you will get popup like below image.



Now go to that profile, right click on image and click on copy image URL



now profile pic URL has copied.. now again go to images.google.com Tab and paste image URL 




When you enter then you get related images search...

Now you can better see that this profile is real or fake..So here is a proof that this profile is fake. Enjoy the trick..

 Be aware when you will going to add an beautiful or smart unknown person as your friend. So be checked first.. there are lot of fake profiles made everyday. This person might be spy on your profile and steal personal information like your photos, etc for their hacking stuffs.. So Be Safe Online..
Read More
0 Comments
Tag : , ,

Forensic Memory Analysis And Techniques For Windows, Linux And Mac OS

By : Unknown

Forensic Memory Analysis And Techniques For Windows, Linux And Mac OS


ABSTRACT
Due to the increased number of cases of cyber-crimes and intrusions, along with the storage capacity of hard disks and devices, it was necessary to extend the techniques of computer forensics, currently works consist in collection and analysis of static data stored hard drives, seeking to acquire evidence related to the occurrence of malicious activities in computer systems after its occurrence.
With the evolution of technological resources and the popularity of the Internet, it has become impractical to maintain only the traditional approach, due to the large volume of information to be analyzed and the growth of digital attacks. In this context, the analysis of data stored in volatile memory comes up with new techniques, it is necessary to check the processes that were running, established connections, or even access keys encrypted volumes, without causing the loss of sensitive information to the investigation, thus allowing the recovery of important data to the computer forensics.

Concept
Memory forensics is a promising technique that involves the process of capturing and analyzing data stored in volatile memory. Since, by volatile memory, which means that data can be lost on system shutdown, or can be rewritten in the normal functioning of the same. This characteristic of constant flux, the data in memory are usually less structured and predictable.

Data contained in the memory
The overview of the information stored in memory, everything is running on a computer is stored temporarily in memory, either in volatile memory, the paging file is related to virtual memory. By extracting an image of memory known as 'dump' memory is possible to identify the relationship of the running processes, it is possible to establish a relationship between the processes in order to identify which processes have started other processes, likewise, is feasible to identify which files, libraries, registry keys and sockets that were in use by each process. In summary, it is possible to map how the system was being used when generating the 'dump' memory and also recover executable programs stored in memory.

More information about “Dumps”
This is the method currently used by the experts in computer forensics to acquire the contents of RAM.
There are several programs that help the image acquisition memory system, this work. These tools make reading memory bit-by-bit and copy its contents to a file, the "dump" of memory. This file will have the same physical memory size of the system.
What should be taken into account, regardless of the tool being used, is that, as shown by the "Locard Exchange Principle", when an acquisition program dump is executed, it must be loaded into memory, meaning it will traces, and that some of the memory space that could contain valuable information will be used, and can even lead to changes in the area occupied by processes to paging files. Furthermore, while the tool is reading the contents of the memory, the status of the system is not frozen, which means that while some pages are being copied, and others may be changed if the process is that use is still running, for example. What will define the time spent to collect the image are factors such as processor speed, bus fees and operations in and out of the disc.

Creating "Forensic Image" with FTK Imager
 
INTRODUCTION
FTK Imager is a free tool provided by Access to Data acquiring forensic images. The tool allows you to create, mainly disk images…Besides creating forensic disk images, we can perform memory dumps and even perform a forensic analysis on the small image created. There are many other fucionalidades you will discover when you are working with it. The FTK Imager was created by the company AccessData and is free.

STEP TO STEP
Well, I'm looking for a simple and practical way to demonstrate these concepts. Let's click on the "File" menu and click the "Create Disk Image" and choose which disk or partition, or we will make the image. To choose the option to perform a forensic image of the disc, we will on the "Physical Drive”, if we want to make the image of a partition, let the option "Logical Drive". Look the pictures below:
 

Figure 1) FTK Imager.
 

Figure 2) Logical Drive.
 

Figure 3) Physical Drive.

Then I'll do the forensic image of a USB stick plugged into my machine, and also choose the option "Physical Drive ". Can I choose which device I want to make the image and then I click on the "Finish" button.
 

Figure 4) Select Drive.

Now click on "checkbox Verify images after area They created". With this option selected, the tool will calculate the "hash" MD5 and SHA1 image created after that, click the "ADD" button.
  

Figure 5) Create Image.

Let's select "RAW", to perform forensic image format which is the tool of "DD" and click "Next".
 

Figure 6) Select RAW.

Will request some information on evidência. We can fill these information . After that, click on "Next".  

Figure 7) Evidence Item Information.
 

Figure 8) Select Image Destination.

We will choose the output directory (where the forensic image is saved). "Image Filename" is where you must enter the filename of my image. In the "Image Fragment Size" I can put zero because I do not want my fragmented image. If I wanted to break into pieces, I put this field size in MB that every piece of my image would have. After that , just click on the "Finish" button.
 

Figure 9) The output directory.

Just click on the "Start" button.
 

Figure 10) Create Image. 

Figure 11) Image Sumary.

When the process of image acquisition forensics has finished , we can display a summary with various information.
In the same directory where the image was stored was created a “txt”, which is like a log , which has the same summary information.


Extraction of digital artifacts with Volatility:
INTRODUCTION
Volatility is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of samples of digital artifacts from volatile memory (RAM).

STEP TO STEP
The tool supports a variety of formats "dump", performs some automatic conversion between formats and can be used on any platform that supports Python. Installation and use are simple, simply unzip the package supplied by Systems Volatility in a system where Python already installed.
C:\Volatility>python volatility 

Figure 1) Supported Internel Comands.
Example: volatility pslist -f /path/to/my/file
 

Figure 2) Use the command volatility
The image 3 shows the use of the command "ident", which can be used to identify the date and time the image was collected, as well as providing information about the operating system on which the dump was generated:
C:\Volatility>python volatility ident –f C:\memorytest_rafael_fontes.dmp
 

Figure 3) Command ident.
You can use the --help option with any command to get help:
C:\Volatility>python volatility ident –-help
 

Figure 4) Option Volatility help tool.

To list the processes that were running at the time it was generated dump can use the "pslist." As can be seen below, the output will contain the name of the process, its identifier (Pid) and father process ID (PPID) beyond the time when it was started and other useful information.
C:\Volatility>python volatility pslist –f C:\memorytest_rafael_fontes.dmp
 

Figure 5) Use the command pslist.

The "connscan" provides information about the network connections that were active at the time the data were collected memory. Already the "sockets" displays the open sockets at the time the dump was generated. The command "files" displays open files for each process. You can specify the case number on the command line to display only those files opened by a particular process.
C:\Volatility>python volatility files –p 1740 –f C:\ memorytest_rafael_fontes.dmp
 

Figure 6) Use the command files.

The command "dlllist" displays a list of DLLs loaded for each process, and the command "regobjkeys" displays a list of registry keys opened by each process.
C:\Volatility>python volatility dlllist –p 1740 –f C:\memorytest_rafael_fontes.dmp
 

Figure 7) Use the command dlllist
C:\Volatility>python volatility regobjkeys –p 1740 –f C:\memorytest_rafael_fontes.dmp
 
Figure 8) Use the command regobjkeys.

It is possible, through command "procdump" extracting executable from the dump of memory, allowing access to the code that was running on the machine, and thus better understand their behavior.
C:\Volatility>python volatility procdump –p 1740 –f C:\ memorytest_rafael_fontes.dmp
 

Add caption

Figure 9) Use the command procdump.
It was possible to observe the generation of executable "executable.1740.exe" and the occurrence of informational messages like "Memory Not Accesible" after using the command "ProcDump". This is because not all the virtual memory addresses are accessible on the image because it may have been, for example, paged to disk. Thus, these messages provide an audit log so that you can determine which parts of the executable generated were successfully retrieved.

Practical examples,to determine the date and time of the image, for example, one can use the following command:
>>> Python volatility datetime -f target-2013-10-10.img
    Image Local date and time: Mon Oct 10 16:20:12 2013
The command pslist, in turn, determines the procedures that were running at the time the image was captured:

 >>> Python volatility pslist -f target-2013-10-10.img
Name Pid PPID THDs HNDs Time
lsass.exe 536 480 20 369 Mon Oct 10 16:22:18 2013
 To determine which system ports were open, one can employ the command "socks". For the system under analysis, it is possible to detect, for example, the process LSASS.exe listening on port 4500.
>>> Python volatility sockets -f target-2013-10-10.img

Forensic Memory for Linux distributions:     
 
S.M.A.R.T Linux  http://smartlinux.sourceforge.net/           
                                                                                  

Figure 1) S.M.AR.T. Linux.
S.M.A.R.T. Linux is a bootable floppy distribution containing tool (smartmontools) for monitoring IDE/SCSI hard disks (using Self-Monitoring, Analysis and Reporting Technology). Why floppy? Probably because all other distributions containing this useful utility are CD versions [and not everybody has a CD-ROM ;)]. It's going to be free, small, helpful and easy to use. Current version is based on Kernel 2.4.26, uClibc 0.9.24 and BusyBox 1.00 official release. Built on Slackware 10.0. 

The Sleuth Kit and Autopsy: http://www.sleuthkit.org/
 
                                                                                   
Autopsy™ and The Sleuth Kit™ are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types.

CAINE (Computer Aided Investigative Environment)  
http://www.caine-live.net/
 

Figure 4) C.A.I.N.E.
CAINE(Italian GNU/Linux live distribution created as a project of Digital Forensics) offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
• An interoperable environment that supports the digital investigator during the four phases of the digital investigation.
• A user friendly graphical interface.
• A semi-automated compilation of the final report.

For MAC OS X
Below are some tools that can be used for forensic analysis on computers with Mac OS X.

Mac OS X Forensics Imager 
http://www.appleexaminer.com/Utils/Downloads.html
 

Figure 1) Mac OS X Forensics Imager.
Tool for imaging disk byte by byte format Encase or FTK for later forensic analysis in these tools.

Metadata Extractor
Application to extract meta-data files for a specific folder in Mac Displays location on google maps in case there are geo-location information in the file.

File Juicer 
http://echoone.com/filejuicer/
 

Figure 2) File Juicer 1.
 
 Figure 3) File Juicer 2.

Commercial software that enables the extraction of images and texts from any file. Ignores format, and scans files byte by byte for identifying the data supported. Among other features, there are the following, which find application in forensic analysis:

•    Extract images from PowerPoint presentations and PDFs
•    Recover deleted pictures and videos from memory cards
•    Recover text from corrupt
•    Extract images and html files from the cache of Safari
•    Extract attachments from email archives
•    Generate Word document from simple PDFs
•    Recover photos from iPods in TIFF
•    Convert ZIP files which are in. EXE
•    Extract JPEG images in RAW format (Canon & Nikon)
•    Extracting data from different types of cache file
•    Find and extract file in general data in JPEG, JP2, PNG, GIF, PDF, BMP, WMF, EMF, PICT, TIFF, Flash, Zip, HTML, WAV, MP3, AVI, MOV, MPG, WMV, MP4, AU, AIFF or text.

CONCLUSION
There are several trends that are revolutionizing the Forensic Memory. The process to do the analysis in memory forensics also walks for a better solution and refinement of the technique, it is an approach increasingly relevant in the context of Computer Forensics. In certain cases the popularity and use of tools for encrypting volumes as TrueCrypt, or creating malware residing only in volatile memory, raise the difficulty of analyzing the data stored in these devices.
However, it is interesting to note that the Forensic Memory is best seen as a complement to other approaches. An example of this is the procedure in which an investigation after the image capture of volatile memory, it uses the "Analysis of Living Systems" as a way to determine the next step in solving the case. Later, in the laboratory, we use the "Memory Forensics" as a complement to traditional forensics, giving greater agility and precision to the process.
I hope my article has helped computational experts and specialists in information security.
Read More
0 Comments
Tag : ,
By : Unknown
ARPwner – ARP & DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and
a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.

PhotobucketDownload                                                                                         

Read More
0 Comments
Tag : ,

winAUTOPWN v3.0 Released - System vulnerability exploitation

By : Unknown
winAUTOPWN v3.0 Released - System vulnerability exploitation
Framework


WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. 
C4 - WAST gives users the freedom to select individual exploits and use them.
BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits
WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

PhotobucketDownload
Read More
0 Comments
Tag : ,

Intercepter Sniffer

By : Unknown
Intercepter Sniffer


Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

PhotobucketDownload
Read More
0 Comments
Tag : ,

The Mole: Automatic SQL Injection Exploitation Tool

By : Unknown
The Mole: Automatic SQL Injection Exploitation Tool


Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily.
Read more



PhotobucketDownload
Read More
0 Comments
Tag : ,

Havij v1.15 Advanced SQL Injection

By : Unknown
Havij v1.15 Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

PhotobucketDownload

Read More
0 Comments
Tag : ,

Sqlninja 0.2.6

By : Unknown

Sqlninja 0.2.6

 Features:
 >> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
>>  Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box. >> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
 a direct/reverse shell, but the DB server can resolve external hostnames
 (check the documentation for details about how this works). >> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
 server through a VNC server injection.
PhotobucketDownload
Read More
0 Comments
Tag : ,

Ani-Shell

By : Unknown



Ani-Shell


Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Customisation
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting
this feature on make sure you change the default email address (lionaneesh@gmail.com)
 to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better
security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.

Default Login
Username : lionaneesh
Password : lionaneesh

Features
    Shell
    Platform Independent
    Mass - Mailer
    Small Web-Server Fuzzer
    DDoser
    Design
    Secure Login
    Deletion of Files
    Bind Shell
    Back Connect
    Fixed Some Coding errors!
    Rename Files
    Encoded Title
    Traceback (Email Alerts)
    PHP Evaluate
    Better Command Execution (even supports older version of PHP)
    Mass Code Injector (Appender and Overwriter)
    Lock Mode Customization

Latest Version Addition
    Mail Bomber (With Less Spam detection feature)
    PHP Decoder
    Better Uploader
    Fixed some Coding errors

PhotobucketDownload
Read More
0 Comments
Tag : ,
Powered by Blogger.
Top | Home | About | Write For Us | Contact | Privacy Policy | Term Of Use | Sitemap
Copyright © 2014 kuch.in All Rights Reserved. Designed by Ashacks Team