DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Angry IP Scanner

Angry IP Scanner


The next phase to reconnaissance is scanning. In this phase an attacker tries to gather information like IP address, operating system, open ports, running services etc. This information is further used by him to study kind of attack he must perform. Scanning can be classified into three major types,

  1. Port Scanning
  2. Network Scanning
  3. Vulnerability Scanning

During port scanning an attacker tries to find out number of ports open on target system and services running on them. The next stage is to find out number of active machines the target have and lastly vulnerability scanning in which attacker tries to get details about weaknesses present in target system.

There are several tools that can be used to perform port scanning among which nmap is considered as best which I have already discussed long before on this blog. To read about it have a look on Network Scanner Nmap.

Here in this section we will see how to determine active systems. For our practical we will use Angry IP Scanner. Angry IP Scanner is a tool which pings several hosts in a row to find out which of them is currently alive. Download Angry IP Scanner from http://www.angryip.org/w/Download. Run it and specify number of IP address you want to scan.


Work From Home e-mail Scam

Work From Home e-mail Scam


A week before I received an e-mail about earning from home, the e-mail was just like you can read below and it was sent by Mark Services. So I went there to have a look whats going on, by the way rather than telling anything they directly started asking for money but I was not ready to give them a penny until they gave me any clear idea for what I am paying for.

I left without giving paying anything. Next day they sent me SMS then called me, again they sent me an e-mail then they told me about everything in my educational qualification and said I am best fit for their job. But that was not the suspicious thing, the suspicious thing was every-time they sent me an e-mail, it was from different company name. I hope that makes you clear its a scam, don't fall prey to it. Of course they will be knowing everything about your educational qualifications because they have targeted Job Search sites for their work. Following is copy of e-mail that I received from them today, have a careful read.


Work From Home Opportunity!
Hello!
This is to inform you about “WORK FROM HOME OPPORTUNITY”. We are very pleased to explain you what we are and what we offer?

What We Are!


So let me brief you about our Company:

We are an International American Company.
We are right now operating officially in major 74 countries working for last 30 years.
We are operating officially in India also for last 11 years.
We deal in Health Nutrition and Personal Care & we are one of the best nutrition co. in the entire world.
Our company is NYSE (New York Stock Exchange) listed co.
Our company’s last year (2009) turnover is $3.7 Billion.

What We Offer!


We Offer “WORK FROM HOME INCOME OPPORTUNITY”, in this opportunity you can work from your home very-2 comfortably! To earn extra Part Time income without scarifying your present occupation or Full Time income.

Right now our Company’s business is expanding therefore we are looking for serious people to provide this “WORK FROM HOME INCOME OPPORTUNITY”.
We have multiple Work options.
Working on Telephone or Internet with an option of Working from Home, Internet, and Office Without scarifying your current occupation.
Our company provides all support and training needed.
You can do it Part/Full time in flexible hours.
No Specific Experience Needed…
Online Trainings, Traveling National, International & Vacation (Optional).etc.
We have a High American standard of Income.
Disclamer: Income may vary person to person

For more information we offer you to attend our ‘Work from Home Business Opportunity Meeting”.


VANUE:-PLOT NO 2 MORDEN SOCIETY,OPP.PRAGATI BHAVAN ,CHATRAPATI SQUARE, NAGPUR FRIDAY.


TIME:- 5:15 PM PM DATE:- 26/1/2011 wednesday

So confirm your appointment on the given number.

Call for an appointment on cell. No:-9766282346 9730247474.

At the registration desk ask for
Mrs shalu.
E-Mail:-confirmursuccess@gmail.com


Thanks for your time & looking forward to seeing you.

All The Best!
 


Advanced Google Hacking Operators

Advanced Google Hacking Operators


This is next part to Google Hacking, here we will discus some more search queries used for foot-printing. So following are your new queries, don't just read them practice them, you'll need a good practice of advanced operators just because they are more prone to give false positives.

Related:
This query will search web pages for the word specified after related. Please copy paste example in search engine and press enter.

Example: related:bill gates

define:
This query not only brings you definition and dictionary meaning of word but can also reveal you information about victims company. Try following query.

define:microsoft
define:your name
define:google

info:
This query is used to reveal history geography of word typed after it. Try following queries,

info:days of life of devil
info:microsoft
info:google

intext:
This will search every occurrence of word typed after it, it will not only search URL and title but also the text in body. Try this,

intext: google hacking
intext:days of life of devil

links:
This will search links to the URL that you will specify after it. Try following queries,

links:links:google.com

Now following are some other queries try them and see results yourself,

phonebook:bill gates
stocks:microsoft
stocks:linux
intitle:linux
inurl:linux

Please try them and let me know if you are facing any problem or any of those queries are not performing as you expected. Once you are good enough to use them we will discus how to use search queries to find files, folders, songs, movies, user-names and passwords.

Using Dynamic IP as Static IP

Using Dynamic IP as Static IP


As we discussed in Basic Lab Setup For Hacker a hacker needs a static IP which is really very expensive for a normal person to have. Here we will discus how we can counter this problem. Please note that this solution is temporary and can never really take place of static IP but for now it will work.

For this we will use DNS redirect service from www.no-ip.com alternatively you can also use www.dyndns.com.

First of all register with www.no-ip.com by clicking on “No-IP Free” on home page. After you complete registration form hey will send you an confirmation e-mail, once confirmed, then you can log in to your account.
 
Now click on “Hosts/Redirect”, then type the host redirect name you want to which Dynamic DNS will redirect traffic after associating your IP. Let other options remain as it is if you don't know what they do.
 
Now create your host name. Now download “Download Client”. After installing DUC client type your e-mail address and password.
To check its working or not, type www.whatismyipaddress.com and check your IP address now ping the host name you created both will have same IP address.

Note: Most of you might be thinking what is use of this setup, you'll know its use when we will cover Trojans and Spywares. Also note that there are several free as well as paid Trojan Clients and Spywares. But free tools are prone to get detected by anti-virus program so better opt for paid ones.




Bypass Any Windows Password Using ISO Tools

Bypass Any Windows Password Using ISO Tools


In this section we will discus about how to bypass Windows logon password using ISO tools. ISO image/tool is nothing but a CD/DVD image, you have to burn all these ISO images to a CD/DVD to make them work.

KON BOOT:
KON BOOT currently known as most powerful ISO password breaking tool since it can't only bypass Windows password during log on but can also bypass Linux passwords during log on. The powerful feature of KON BOOT is that it does not ask for password nor it resets it, just boot with CD and any OS installed in your Hard Disk will boot without asking for password, reboot again and all passwords will remain intact, so your victim can never suspect about someone just had look in his/her PC. I still don't know how this works but surely its an awesome master piece.

Countermeasure: Use some good Full Disk Encryption tool like Best Crypt or its free alternative True Crypt.



OphCrack:
OphCrack is one of the best known tool for Windows Password Recovery. At present it also supports some Linux flavors. OphCrack uses Rainbow Tables technique to recover Windows passwords. In Rainbow Tables method the password hash is compared to per-compiled hash database once the hash matches you get password.

Countermeasure: Use very strong password like this q@2Db4LevIl). No rainbow table utility can ever crack this kinda password.



Offline NT Password And Registry Editor:
Offline NT Password And Registry Editor does not recover password but it deletes password hash from SAM file removing password forever. Tool is text based and hence can be difficult for beginners to operate.

Countermeasure: Use a Full Disk Encryption tool.

Note: Each and every tool described here can crack all available versions of Windows. My personal say is to use OphCrack.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security