Showing posts with label Hacktutors. Show all posts

Sunday, January 9, 2011

DDoS attack

Lone hacker theory in Wikileaks DDoS attack

Written by ph0bYx

Monday, 29 November 2010 13:55

By: By John Leyden - TheRegister.co.uk
A denial of service attack against Wikileaks that brought the whistleblower site to its knees on Sunday night, in the run up to its publication of classified State Department documents, may turn out to be the work of a lone hacker.
The attack, which rendered the site inaccessible for several hours, might be blamed on an application level assault targeting a vulnerability in Wikileak's Apache web server, according to internet reports.

A patriot-hacker called The Jester has previously used the XerXeS attack tool to attack jihadist sites. Now, if rumours are to be believed this tool was turned against Wikileaks on Sunday, making the site unavailable at a critical time.

Hundreds of thousands of US diplomatic cables were still published by The Guardian, with extracts run by other high-profile media publications, so the attack failed to block access to the diplomatically and politically embarrassing information, always an unrealistic goal.
"We are currently under a mass distributed denial of service attic," Wikileaks said on Sunday night, via updates to its Twitter feed. "El Pais, Le Monde, Speigel, Guardian & NYT will publish many US embassy cables tonight, even if WikiLeaks goes down," it added.
Rather than a purely conventional packet flood, it seems probable that the site was also hit by the XerXeS tool. A video showing how the tool works and an interview with the Jester (@th3j35t3r) can be found via Infosec Island here.
The Jester claimed responsibility for an attack on Wikileaks via a Twitter update on Sunday: "www.wikileaks.org - TANGO DOWN - for attempting to endanger the lives of our troops, 'other assets' & foreign relations," he said.
The Obama administration strongly condemned the leak of the diplomatic cables in similar terms arguing that the release puts lives at risk, damages US relations with its allies and undermines counterterrorism operations.
Claims by the Jester could, of course, just be hacker braggadocio and it may turn out that a more significant conventional packet flood attack was actually the main culprit in bringing Wikileaks to its knees. Analysis of the attack remains far from complete.
The release of the diplomatic cables on Sunday was Wikileaks's biggest release to date, and follows the controversial release of the Iraqi War Logs.
In related news, Netcraft reports that the Iraqi War Logs are no longer served by Amazon EC2 from the US. The DNS configurations over the warless.wikileaks.org site were changed over the past week so that the site is served solely by French hosting provider Octopuce.

What is CAPTCHA and How it Works?

CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.

Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.

What Purpose does CAPTCHA Exactly Serve?

CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.

Who Uses CAPTCHA?

CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.

Designing a CAPTCHA System

CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.
Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.

Breaking the CAPTCHA

The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.

Popularity: 3% [?]

What are Private and Public IP Addresses

Submitted by Srikanth on Wednesday, 7 July 201011 Comments

Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.
A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.
You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).
Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.
If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.
You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.
Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transperancy.

Tuesday, October 12, 2010

Hacking Game - UPLINK

Hacking Game - UPLINK - 63.68 MB - No Password
High tech computer crime and industrial espionage on the Internet of 2010.

You play an Uplink Agent who makes a living by performing jobs for major corporations. Your tasks involve hacking into rival computer systems, stealing research data, sabotaging other companies, laundering money, erasing evidence, or framing innocent people.

You use the money you earn to upgrade your computer systems, and to buy new software and tools. As your experience level increases you find more dangerous and profitable missions become available. You can speculate on a fully working stock market (and even influence its outcome). You can modify peoples academic or criminal records. You can divert money from bank transfers into your own accounts. You can even take part in the construction of the most deadly computer virus ever designed.

Download: (Size: 63.68 MB)

UpLoading.com

Mirror:

RapidShare
Support me and become a member of this blog!

Hacking Exposed: Network Security Secrets and Solutions, 4th Edition DVD | ISO | 1.26 GB

[center]

[/center]

[center]

[/center]
For those not familiar with the Hacking Exposed series of books, they are not for the networking/security newcomer and delve into the depths of reality hacking, tools and techniques that are actually used in the field. They show what is used, how to use it and how to effectively protect against it. These books are a must for any penetration tester, security admin or general network/system admin that has to deal with security. Until you really know what is out there and understand it, you can't hope to defend against it. The guts of the books stay the same, operating systems, networking, switches/routers etc with the addition of a Wireless section and and expansion of other sections that have become more relevant.

Download from Hotfile

Code:

http://hotfile.com/dl/69003522/4ae0521/H4CKEXP4th.part1.rar.html
http://hotfile.com/dl/69001726/a7c9c25/H4CKEXP4th.part2.rar.html
http://hotfile.com/dl/69002662/e239528/H4CKEXP4th.part3.rar.html
http://hotfile.com/dl/69002724/92d828c/H4CKEXP4th.part4.rar.html
http://hotfile.com/dl/69002773/ebc5320/H4CKEXP4th.part5.rar.html
http://hotfile.com/dl/69002867/4ed9131/H4CKEXP4th.part6.rar.html
http://hotfile.com/dl/69002862/4b23955/H4CKEXP4th.part7.rar.html

fileserve

Code:

http://www.fileserve.com/file/anxRXPd/H4CKEXP4th.part1.rar
http://www.fileserve.com/file/5dyjaQh/H4CKEXP4th.part2.rar
http://www.fileserve.com/file/AaKuNPz/H4CKEXP4th.part3.rar
http://www.fileserve.com/file/xg77qgM/H4CKEXP4th.part4.rar
http://www.fileserve.com/file/nPchxUZ/H4CKEXP4th.part5.rar
http://www.fileserve.com/file/3K93Kws/H4CKEXP4th.part6.rar
http://www.fileserve.com/file/QnDnznR/H4CKEXP4th.part7.rar

Cheers with interchangable links

Cisco IOS hacking, defense and forensics: The State of the Art - mp

Cisco IOS hacking, defense and forensics: The State of the Art
Genre: eLearning
[/center]

Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag.
To each attack type, we will also see what defensive measures are taken, what should be done and how Cisco forensics people will identify the attack and nail the attacker (or not).

Code:

http://www.fileserve.com/file/sd4kuPx/cisco_ios_attack_and_defense.part01.rar
http://www.fileserve.com/file/TFvdatD/cisco_ios_attack_and_defense.part02.rar
http://www.fileserve.com/file/sKdH3HS/cisco_ios_attack_and_defense.part03.rar
http://www.fileserve.com/file/cd8DxtS/cisco_ios_attack_and_defense.part04.rar
http://www.fileserve.com/file/EDFE7FF/cisco_ios_attack_and_defense.part05.rar
http://www.fileserve.com/file/uSNgwfG/cisco_ios_attack_and_defense.part06.rar
http://www.fileserve.com/file/XF5Q5cG/cisco_ios_attack_and_defense.part07.rar
http://www.fileserve.com/file/xdnzKMw/cisco_ios_attack_and_defense.part08.rar
http://www.fileserve.com/file/pyBAeFs/cisco_ios_attack_and_defense.part09.rar
http://www.fileserve.com/file/27tseXm/cisco_ios_attack_and_defense.part10.rar
http://www.fileserve.com/file/UpCSwbj/cisco_ios_attack_and_defense.part11.rar

Cracking - Hacking - Assembling - Disassembling Undercoverd + Tools | 469.13 MB

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of how to go about disassembling a program with holes without its source code. Detailing hacking methods used to analyze programs using a debugger and disassembler such as virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators, this guide covers methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack.

* Hacking and Cracking
- Hacking for Dummies Apr 2004.pdf
- CD Cracking Uncovered - Protection Against Unsanctioned CD Copying.chm
- eBook - Hacking - Maximum Security-A Hacker's Guide to Prote.pdf
- eBook O'Reilly - Hacking TCP IP Security.pdf
- Excel Hacks - 100 Industrial-Strength Tips & Tools.chm
- Hacker Disassembling Uncovered (2003).chm
- Hackers Beware (2001).pdf
- Hacker's Delight.chm
- Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
- Hacking - Hack Proofing Your Network - Internet Tradecraft.pdf
- Hacking - The Art Of Exploitation (2003).chm
- Hacking - The Art Of Exploitation.chm
- Hacking Access to Other Peoples Systems Made Simple.pdf
- hacking exposed - chapter16 - hacking the internet user.pdf
- Hacking for Beginers.rar
- Hacking Knoppix.chm
- Hacking-Maximum Security A Hackers Guide To Protecting Your Internet Site and Network.pdf
- Hardware Hacking - Have Fun While Voiding Your Warranty.pdf
- PC Hacks - 100 Industrial-Strength Tips & Tools.chm
- PDF Hacks - 100 Industrial-Strength Tips & Tools.chm
- Retro Gaming Hacks - Tips & Tools For Playing The Classics.chm
- Wi-Foo - The Secrets Of Wireless Hacking.chm

* Hackers Black Book
- 2_Hackers Blackbook-Eng.pdf
- Ebooks - The Hackers Blackbook (1).pdf
- Hackers Black Book.rar
- Hackers Blackbook.pdf
- hackers_blackbook.pdf

Code:

http://hotfile.com/dl/68952316/0626315/37Cracking-Hacking-Assembling-Disassembling.part1.rar_shytex.com.html
http://hotfile.com/dl/68952319/10032bc/37Cracking-Hacking-Assembling-Disassembling.part2.rar_shytex.com.html
http://hotfile.com/dl/68952317/55171fb/37Cracking-Hacking-Assembling-Disassembling.part3.rar_shytex.com.html
http://hotfile.com/dl/68952318/a249003/37Cracking-Hacking-Assembling-Disassembling.part4.rar_shytex.com.html
http://hotfile.com/dl/68952390/9bb49c4/37Cracking-Hacking-Assembling-Disassembling.part5.rar_shytex.com.html

Password default: shytex.com

Hacking Kit

Quote:

This cracking kit has every tool you will ever need to reverse engineer software. It is the largest collection of reverse engineering tools ever compiled. Check out the .txt files for a list of the many programs on each CD.

Code:

http://hotfile.com/dl/7250262/c31037a/HK.part1.rar.html
http://hotfile.com/dl/7250304/5100a65/HK.part2.rar.html
http://hotfile.com/dl/7250356/5e05cb5/HK.part3.rar.html

Professional Penetration Testing: Creating and Operating a Formal Hacking Lab (Ebook + DVD)

Monday, August 30, 2010

Send Messages to Other PCs over LAN on Windows

It’s really easy, all you need to do is follow thesesteps:

Run command prompt (Windows Logo Key + R, then type “cmd.exe”).

Running Command Prompt
Type net send x “Your message goes in here between in quotes”, in this command, replace the “x” with the username of the PC on your LAN to which you want the message to be sent. And hit Enter.

How to use Net Send command

If the user is on-line, your message will be sent or else an error message would appear.
You can also send messages to ALL THE PCs connected to your LAN at ONCE! To do that just type this command: net send * “Your message here!”
The star(*) in the above command tells cmd to send the message to all the PCs which are connected to your LAN rather than specifying one (including your PC also) :D

On Windows Vista and Windows 7

It’s the same thing as above, except the “net send”, you’ve to replace it with “msg”.
For example, msg x “Your message here” or (to send to all PCs) msg * “Your message here”
Please Note:
The ports used by these messenger services are 135, 137, 138, and 139. Make sure they aren’t blocked or the message will not be sent.
If you have any difficulty using any of these commands, please mention it in comments below. (or even if you don’t have, commenting is not a crime :P)

How to secure your network from Trojans

A Trojan, sometimes referred to as a Trojan horse, is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system.

Is trojan virus Dangerous?

The short answer is yes, and the long answer is sometimes No, because there are near a thousand different trojan horse viruses and they all will most likely alter your computer in some way or another.

Working of Trojans!

Types of Trojans:

1.Remote Access Trojans

2.Password Sending Trojans

3.Keyloggers

4.Destructive Trojans

5.Denial of Service (DoS) Attack Trojans

6.Proxy/Wingate Trojans

7.FTP Trojans

8.Software Detection Killers

How to Get Rid of Trojans:
Here are some practical tips to avoid getting infected (again). For more general security information, please see our main security help page.

NEVER download blindly from people or sites which you aren't 100% sure about. In other words, as the old saying goes, don't accept candy from strangers. If you do a lot of file downloading, it's often just a matter of time before you fall victim to a trojan.
Even if the file comes from a friend, you still must be sure what the file is before opening it, because many trojans will automatically try to spread themselves to friends in an email address book or on an IRC channel. There is seldom reason for a friend to send you a file that you didn't ask for. When in doubt, ask them first, and scan the attachment with a fully updated anti-virus program.
Beware of hidden file extensions! Windows by default hides the last extension of a file, so that innocuous-looking "susie.jpg" might really be "susie.jpg.exe" - an executable trojan! To reduce the chances of being tricked, unhide those pesky extensions.
NEVER use features in your programs that automatically get or preview files. Those features may seem convenient, but they let anybody send you anything which is extremely reckless. For example, never turn on "auto DCC get" in mIRC, instead ALWAYS screen every single file you get manually. Likewise, disable the preview mode in Outlook and other email programs.
Never blindly type commands that others tell you to type, or go to web addresses mentioned by strangers, or run pre-fabricated programs or scripts (not even popular ones). If you do so, you are potentially trusting a stranger with control over your computer, which can lead to trojan infection or other serious harm.
Don't be lulled into a false sense of security just because you run anti-virus programs. Those do not protect perfectly against many viruses and trojans, even when fully up to date. Anti-virus programs should not be your front line of security, but instead they serve as a backup in case something sneaks onto your computer.
Finally, don't download an executable program just to "check it out" - if it's a trojan, the first time you run it, you're already infected!

What is Phishing

What is Phishing?

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

What does a phishing scam look like?

Phishing e-mail messages take a number of forms. They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.

The following is an example of what a phishing scam in an e-mail message might look like.

Example of a phishing e-mail message, which includes a deceptive Web address that links to a scam Web site.

Here are a few phrases to look for if you think an e-mail message is a phishing scam.
1.Verify or update your account:

Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
2.you have won a prize or lottery:
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part
"3.If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking.

Tips to protect yourselves from phishing:

1. Don’t reply to, or click links within, emails that ask for personal, financial, or account information.

2. Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source. If necessary, look at the expanded header as some phishing use vulnerable email servers to rout their messages.

3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use bookmarks.

4. If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.

5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).

6. If you ever need to change your account information, such as your billing details or your password, you should always sign in to your account from the main login page of your trusted network (i.e. your bank’s main website) and make the changes directly within your account.

Sunday, August 29, 2010

HACKING means INNOVATION

What is known as cyber hacking?

There is no term like cyber hacking. Let me first clear this:
Hacker means a person who enjoys playing with computer systems and learning the details. They stretch their capabilities in computers.
Hacking is the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient. In the other words, we can say that HACKING means INNOVATION. Cracker is a person who uses his hacking skills for offensive purposes. He is a BAD guy. Ethical Hacker is a security expert who applies his hacking skills for defensive purposes

Which are the loopholes that can lead to hacking?

There is a system flaw in every computer system. It doesn’t matter how powerful system you have, how many different firewall programs you run or how many virus scanners you have. In the end you are your system’s worst enemy.
Social Engineering: This is a term used among “hackers” for techniques that rely on weaknesses in people rather than software; the goal is to trick people into revealing passwords or other information that compromises an individual system's security.

What precautions must a person take to prevent his site from being hacked?

Here are some things you can do to minimize the chances you’ll end up getting hacked and maximize the chances to fully recover quickly should your site crash (for whatever reason).
1. Use Strong Passwords.
Make your passwords not only hard to guess, but make them more difficult for sophisticated hackers to break as well. Randomly mix in special characters (found on the number keys with the shift button) as well as numbers and upper and lower case letters.

2. Keep Your Website Updated.

One of the most common ways websites get hacked is because their owners don’t keep their software up to date. If you don’t update your software, you leave yourself exposed.

3. Backup Regularly and Often.
A good backup can cover for a ton of other issues by making it possible to revert back to how things were before your site crashed.
I don’t believe any site is completely “hack proof.” But if you do these three things you will greatly reduce your risk of being hacked and make it much easier to recover if you encounter any problem.

Why hacking has become passion among the new generation?

Mostly you’ll find the individuals with slightly higher computer skills consider themselves as hackers. They glorify themselves on the accomplishments of others. Their idea of classing themselves as a hacker is that of acquire programs and utilities readily available on the net, use these programs with no real knowledge of how these applications work and if they manage to “break” into someone’s system class themselves as a hacker. These individuals are called “Kiddie Hackers.” These individuals are usually high school students. They brag about their accomplishments to their friends and try to build an image of being hackers.
Real hackers target mainly government institutions. They believe important information can be found within government institutions. To them the risk is worth it. Higher the element of security, better the challenge. Who is the best keyboard cowboy? So to speak! They don’t particularly care about bragging about their accomplishments as it exposes them to suspicion. They prefer to work from behind the scenes and preserve their anonymity.

Does this require any specific training?

YES. It is important to bear in mind that hackers break into a system for various reasons and purposes. It is therefore critical to understand how malicious hackers exploit systems and the probable reasons behind the attacks.
As Sun Tzu says in the 'Art of War', "If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat."
It is the duty of the system administrators and network security professionals to guard their infrastructure against exploits by knowing the enemy (the malicious hacker(s) who seek to use the very infrastructure for illegal activities).

How one can create awareness?

Awareness can be created by conducting Hacking workshops. Such workshops can be a medium to spread awareness about the tools and methods used by hackers to steal credit card and other confidential data. One can also learn more about the best known industry tools and the countermeasures used to protect against such hacks.

What are the different types of hacking?

Website Hacking - Cross site scripting (XSS), Local file inclusion (LFI), Remote file inclusion (RFI), Denial of Service (DOS), Distributed DoSs, SQL injection, Buffer Overflow
Email Hacking - Spoofing, Back Doors, Trojan Horses, Keyloggers, BruteForce, Social Engineering, Phishing, Fake Messengers, Cookie Stealer
Network Hacking - Denial of Service (DOS), Distributed DoSs, Sniffing, Viruses and Worms, DNS Poisoning or PHARMING, Whaling, Buffer Overflow
Password Hacking - Spoofing, Sniffing, Back Doors, Trojan Horses, Keyloggers, BruteForce, Social Engineering, Phishing, Fake Messengers, Cookie Stealer

Can hacking be considered as a profession?

Yes. 'Ethical Hacker' is now an accepted industry term. Ethical hacking is broadly defined as the methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems' operating environments. Ethical hackers usually employ the same tools and techniques as criminal attackers, but they neither damage the target systems nor steal information, thereby maintaining the integrity and confidentiality of the systems. Their job is to evaluate the security of targets of evaluation and update the organization regarding the vulnerabilities of the discovered and appropriate recommendations to mitigate the same.

How Hackers Exploit Protocols

When two layers on the same node communicate, or when peer layers
communicate, they rely on a well-defined protocol and precisely stated
message formats. The protocol states who initiates the connection, how
the session is terminated, the order of messages, what to do if an
error occurs, and other characteristics of the session that are
necessary for the exchange to succeed. A protocol also can be thought
of as an algorithm because most protocols are defined as state
machines.

As with other algorithms, order is important. If you want to bake a
cake, getting the right ingredients is just one part of the process.
Mixing and cooking the ingredients in the right order are required to
achieve an edible result. The same is true for network communications
protocols. If one half of the session decides to get creative with the
protocol, the results will not be guaranteed.

Getting the order of messages right is important, but you also need to
format the messages properly. A baking recipe is useless if the order
of the steps is clear, but the steps are not accurately defined. For
example, if the recipe is incorrectly copied from a friend and asks
for one unit of butter instead of one unit of flour, you will end up
with a different dessert. Similarly, in network message exchanges, if
message integrity cannot be guaranteed, any dialogue between the peers
will not succeed.

Designing a secure distributed protocol is more of an art than a
science. When someone at your site invents a new distributed security
protocol, alarm bells should sound. Unless this person is
knowledgeable and has studied a number of references, a better-than-
average chance exists for the protocol to have weaknesses.

Emerging Technicians

Sunday, January 9, 2011

DDoS attack

What is CAPTCHA and How it Works?

What Purpose does CAPTCHA Exactly Serve?

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

Who Uses CAPTCHA?

Designing a CAPTCHA System

Breaking the CAPTCHA

What are Private and Public IP Addresses

What are Public IP Addresses?

What are Private IP Addresses?

Tuesday, October 12, 2010

Hacking Game - UPLINK

Professional Penetration Testing: Creating and Operating a Formal Hacking Lab (Ebook + DVD)

Monday, August 30, 2010

Send Messages to Other PCs over LAN on Windows

It’s really easy, all you need to do is follow thesesteps:

On Windows Vista and Windows 7

How to secure your network from Trojans

What is Phishing

Sunday, August 29, 2010

HACKING means INNOVATION

How Hackers Exploit Protocols

Labels

Blog Archive

IP

Popular Posts

Followers

About Me

Your ip

Visits

Search This Blog