Pages

Banner 468 x 60px

 

Thursday, January 27

Google Dork To find sql

1 comments
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inur l: info.php?id=
inurl : pro.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
Read more...

Seven layers of OSI

2 comments
The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer

Let’s take a practical example so that we understand it better.

Layer 7 = Application Layer
You open your Internet browser and type in the name of the website of your target which you want to visit.

Layer 6 = Presentation Layer
Your browser knows how to show pictures from different format, such as JPG, PNG…
Your browser knows how to handle different file types, for example if the target’s web site is created using HTML or ASP, your browser know how to open these file types.
Also if the web page is encrypted, and you have the authority to open this page, then your browser will know how decrypt the page and show a readable format.

Layer 5 = Session Layer
This is the first step of networking, where your browser establishes a session between your computer and the Web Server, and terminates the session at the end.

Layer 4 = Transport Layer
The web page you requested needs to be divided into small chunks to be transferred, and arranged in order to be sent through the network.

Layer 3 = Network Layer
Now, the page is ready, but it doesn’t know how to reach you because your address is xxx.xxx.xxx.xxx, which is wired for the web server because it doesn’t know where this address is located, so in this step Addressing occurs and data is sent to the Network Card.

Layer 2 = Data Link Layer
Now, the data is ready to be transferred out of the computer, so the Data Link Layer starts packaging the data + the address of delivery

Layer 1 = Physical layer
This is the step when data is transferred into electrical signals that is understood by the network cables and devices
Read more...

Man in the browser (MITB) attacks

1 comments
Man-in-the-Browser (MitB), a form of Internet threat related to Man-in-the-Middle (MitM), is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place. The only way to counter a MitB attack is by utilising transaction verification.


The MitB Trojan works by utilising common facilities provided to enhance Browser capabilities such as Browser helper Objects, Extensions and User scripts etc., and is therefore virtually undetectable to virus scanning software.

One of the most effective methods in combating a MitB attack is through an out-of-band Transaction verification process. This overcomes the MitB Trojan by verifying the transaction details, as received by the host (bank), to the user (customer) over a channel other than the browser; typically an automated telephone call. OOB Transaction Verification is ideal for mass market use since it leverages devices already in the public domain (e.g. Landline, Cell Phone, etc) and requires no additional hardware devices yet enables Three Factor Authentication (utilising Voice Biometrics), Transaction Signing (to non-repudiation level) and Transaction Verification.
Read more...

LDAP Injection

1 comments
What is LDAP:

LDAP is a protocol that facilitates the location of organizations, individuals and other resources in a network. It is a streamlined version of DAP (Directory Access Protocol), which is part of X.500, a standard for network directory services.

The Lightweight Directory Access Protocol (LDAP) provides a mechanism for connecting to, searching, and modifying internet directories. LDAP statements (or Queries) used to retrieve data from information directories.

What is LDAP Injection:

LDAP injection is a specific form of attack that can be employed to compromise Web sites that construct LDAP (Lightweight Directory Access Protocol) statements from data provided by users. This is done by changing LDAP statements so dynamic Web applications can run with invalid permissions, allowing the attacker to alter, add or delete content.

LDAP injection works in much the same manner as SQL injection, a type of security exploit in which the attacker adds SQL (Structured Query Language) code to a Web form input box to gain access to resources or make changes to data. According to security experts, the main reason that LDAP injection and similar exploits are on the rise is the fact that security is not sufficiently emphasized in application development. To protect the integrity of Web sites and applications, experts recommend the implementation of simple precautions during development, such as controlling the types and numbers of characters that are accepted by input boxes.

The most common way to detect the LDAP Injection attack is:

1. Identify entry points that collect user input such as text boxes, query string parameters, etc.
2. Insert any character (‘(‘, ‘|’, ‘&’) as an input and submit the request.
3. Identify whether an exception/error message was generated relating to LDAP (e.g., Page cannot be displayed).

To know more about LDAP, Go through this links

http://www.zytrax.com/books/ldap/

and

http://www.zytrax.com/books/ldap/ch15/

 
Read more...

Cloud Computing

11 comments
Cloud computing is a technology that uses the internet and central remote servers to maintain data and applications. Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with internet access. This technology allows for much more efficient computing by centralizing storage, memory, processing and bandwidth.

A simple example of cloud computing is Yahoo email or Gmail etc. You dont need a software or a server to use them. All a consumer would need is just an internet connection and you can start sending emails. The server and email management software is all on the cloud ( internet) and is totally managed by the cloud service provider Yahoo , Google etc. The consumer gets to use the software alone and enjoy the benefits. The analogy is , 'If you only need milk , would you buy a cow ?' All the users or consumers need is to get the benefits of using the software or hardware of the computer like sending emails etc. Just to get this benefit (milk) why should a consumer buy a (cow) software /hardware ?

A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.

A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services.
Read more...

How to put your PC clean and Maintain privacy

1 comments
The software which i used to clean temporary files and make your system privacy

i will use the tool called CCLEANER

To download the ccleaner ClickHere
Read more...

Understanding Denial-of-Service Attacks

0 comments
What is a denial-of-service (DoS) attack?

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?

In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:

* Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).

* Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).

* Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.

How do you know if an attack is happening?

Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:

* unusually slow network performance (opening files or accessing websites)
* unavailability of a particular website
* inability to access any website
* dramatic increase in the amount of spam you receive in your account

What do you do if you think you are experiencing an attack?

Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance.

* If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked.

* If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.
Read more...

Online tools for hacking

0 comments
PICTURE To ASCII Convert - http://picascii.com
Whois - IP Address - Domain Name Lookup - http://cqcounter.com/whois/
AdHoc IP Tools http://tatumweb.com/iptools.htm
Ben's Web Utilities http://www.phaster.com/find_info_net_traffic.html
central OPS http://centralops.net/co/
dihe's IP Index http://ipindex.homelinux.net/index.php?
Domain Tools http://www.domaintools.com/
Global Whois Search http://www.ratite.com/whois/whois.html
Multi DNS Lookup (Bankes.com) http://www.bankes.com/nslookup.htm
Network Solutions http://www.networksolutions.com/whois/index.jsp
Public DNS Servers List http://80.247.230.136/dns.htm
BGPPlay http://www.ris.ripe.net/bgplay/
BrowserSpy http://browserspy.dk/
CERT Station http://browserspy.dk/
CIDR Reports (ASN & BGP Info) http://www.cidr-report.org/as2.0/
CodeFlux Tools (SSL lookups) http://codeflux.com/exec/tools/
Command Line Reference Page http://www.ss64.com/
Country to IP Address Reference http://www.proxyserverprivacy.com/ipaddress_range.php
Default Password List (another) (another) (another) http://www.cyxla.com/passwords/passwords.html
DiG Gateway http://www.spacereg.com/a.rpl?m=dig
digitalpoint DNS Zone Xfer http://www.digitalpoint.com/tools/zone-transfer/
Fixed Orbit (ASN & BGP Info) http://www.fixedorbit.com/search.htm
GeekTools (Does DNS AXFR) http://www.geektools.com/tools.php
Graphical DNS Tools http://www.zonecut.net/
HTML Status Codes (from RFC) http://www.w3.org/Protocols/rfc2616/rfc
HTTP Viewer http://www.rexswain.com/httpview.html
Hunt IP http://www.huntip.com/Tools/hostname.php
InfoSysSec Online Tools http://www.infosyssec.com/infosyssec/ipsectools.htm
Internet Topology Tools http://www.caida.org/tools/taxonomy/topotaxonomy.xml
MD5 Hash Reverse Engineering Site http://md5.rednoize.com/
Nerd Labs RevDNS Block Lookup (and other tools) http://www.nerdlabs.org/tools/revdns.php
NetBIOS Name Table http://www.cybersnipers.com/docs/nbnametable.htm
Netcraft http://news.netcraft.com/
Network-Tools (Does SSL lookups and chaos queries too)http://www.us.sorbs.net/lookup.shtml
Opus 1 (you can mod your UDP traces) http://www.opus1.com/www/traceroute.html
Open Proxies List http://www.samair.ru/proxy/
Relakks VPN Service https://www.relakks.com/
Root TLD Lookup http://www.iana.org/root-whois/index.html
Sam Spade http://samspade.org/
Swiss VPN http://www.swissvpn.net/
T1 Shopper Online Port Scanner http://www.t1shopper.com/tools/
TechnicalInfo http://www.technicalinfo.net/tools/index.html
Tiny URL (URL Decoder) http://tinyurl.com/
TrimWare Online Tools http://www.trimmail.com/news/tools/
User Agent Strings http://www.useragentstring.com/pages/us
Visual Route Server (big list of them!) http://webtrace.uni2.net/
Web Based Network Tools http://home.planet.nl/%7Ehouwe135/wbnt1/
Web Probe http://www.securityspace.com/sprobe/probe.html
Web Sniffer http://web-sniffer.net/
Well Known Ports (plus trojans!) http://www.neohapsis.com/neolabs/neo-ports/
Windows Event Id's http://eventid.net/
Read more...

Tools used in Application Security & Penetration Testing

1 comments
In this article I’ll tell you, what tools are typically used in Application Security (in short AppSec) & Penetration Testing (in short PenTest).

1. Foot-printing Tools : SamSpade, NSlookup, dig, whois, Netcraft, ike-scan, ping, tracert / traceroute, HTTPrint,P0f etc.

2. Port Scanning Tools : Nmap, Super Scan.

3. Packet Crafting Tools : Hping 2.

4. Web Application Scanning Tools : Acunetix, HP WebInspect, AppScan, Nikto,wikto, NStaker,Core-impact.

5. Application/Network Vulnerability Scanning Tools : Retina, Nessus, Core-impact, ike-probe, GFI-Languard, IPLocks VA (DataBase), App Detective (for DataBase servers), SARA.

6. OS Finger printing Tools : Nmap, Xprobe2.

7. Password Sniffing Tools : WireShark, Tcpdump, Ettercap, CAIN & Able.

8. Password Cracking Tools : Brutus, John the Ripper, Rainbow table, L0phtCrack, CAIN & Able.

9. Network Enumeration : DumSec, Winfo, nbtscan, SolarWinds, MegaPing.

10. Penetration testing Framework : Metasploit framework, Immunity Canvas.

11. Web-proxy : Paros, WebScarab.

12. Firewall ACL checking tool : Firewalk.
Read more...

Motivational Lines

0 comments
Koshish Karne Walon Ki Her Nahin Hoti
Lahron Se Dar Kar Nauka Par Nahin Hoti

Koshish Karne Walon Ki Her Nahin Hoti
Nanhi Chiti Jab Dana Lekar Chalti Hai

Chadhti Deewaron Par Sau Bar Phislati Hain
Man Ka Viswas Ragon Mein Sahas Bharta Hain

Chadhkar Girna Girkar Chadhna Na Akharta Hain
Akhir Uski Mehnat Bekar Nahin Hoti

Koshis Karne Walon Ki Her Nahin Hoti
Dubkiyan Sindhu Mein Gotakhor Lagata Hain

Ja Jakar Khali Haath Laut Aata Hain
Milte Nahin Sahaj Hi Moti Gahre Pani Mein

Badhta Duna Utsah Isi Hairani Mein
Muthi Uski Khali Her Bar Nahi Hoti

Koshis Karne Walon Ki Her Nahin Hoti
Asaflta Ek Chunauti Hain Swavikar Karo

Kya Kami Rah Gayi Dekho Aur Sudhar Karo
Jab Tak Na Safal Ho Nid Chain Ko Tyago Tum

Sangharshon Ka Maidan Chod Mat Bhago Tum
Kuch Kiye Bina Hi Jayjaykar Nahin Hoti
Koshis Karne Walon Ki Her Nahin Hoti

–Harivansh Rai Bachchan
Read more...