hello

RSS

Windows Unsolved Mysteries


Hi users, today we will share a few cool and mysterious things. Hope you all like this article . Here are some of the unsolved mysterious things involving the worlds most used OS "Windows" .One day i got a mail stating that......

Nobody can create a FOLDER anywhere on the computer which can be named as “CON”.This is something pretty cool…and unbelievable… At Microsoft the whole Team, including Bill Gates, couldn’t answer why this happened!

This is not the first time I listen about this funny question that "why we can't create a folder with name 'CON' , and I’m sure most of you also try to make folder "CON" just now after reading the title of article ! if no,then go and 1st try it .... If you try creating a folder named CON, as the mail claims, it’ll get renamed automatically to New Folder. But there is no mystery behind this, and the team at Microsoft very well knows the reason for this. :-)

Why is it not possible to create a folder named CON ?

Before we proceed further, let us tell you a small secret you can’t even create a folder named PRN, AUX, NUL and many others.

The reason you can’t create a folder with these names is because these are reserved keywords used by DOS. The below screen-shot taken from Microsoft’s website shows a list of reserved keywords in DOS.

If you try creating a folder with any of these names, the name automatically changes back to the default “New Folder”. And this is what has caused the confusion. Instead of automatically renaming the folder, had an explanatory warning message popped up.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

The Concept of Cracking


The scene of cracking has exploded, mostly due to the availability of cracking programs and popularity of websites that cost money. The Internet is filled with predictable and Internet dumb users. With these users comes an opportunity for you to take what is not yours by brute force.

This article is meant to guide you to successfully cracking accounts. So let's get on with it.

The Main Principle of Cracking

One difficult to grasp fact new crackers come to find out is that cracking a particular account is usually difficult. Understanding this fact is a key step in becoming a successful cracker. There's great success in numbers. The more user accounts you have to try and crack, the more likely you'll have success. The reason behind this is simple and logical. If you have a pair of dice, and need to roll snake eyes(two ones), the more tries you have, the better the chance of success.

The main principle of cracking is trying as many valid users(will be covered later) as possible. Despite what others may think, have 10,000 user accounts to try and crack is a much better scenario than having 3 user accounts and 10,000 passwords.

Internet Dumb Users

Most people on the Internet do not take security seriously. There is a misconceived notion about the Internet that it's secure and anonymous. This lack of concern leads to guessable and common passwords. Patterns, common words, and common names are usually likely passwords. These are usually chosen by these users because they're easy to remember. Another common lapse in judgment is the fact that these users usually use the same password for all things they have a password for; bank or credit card accounts, E-Mail accounts, and pretty much anything else you can imagine.

All About Passwords

Choosing passwords to crack with is a critical of your success. Using "tert34g" as a password to crack with is not a good idea. Yeah, there's some small chance that you may achieve one successful attempt with it, but it's a waste of time.

Think about it. What do most people have in common? Names, favorite foods, favorite animals, favorite sports teams, favorite colors, etc. Instead of relying on preexisting password lists, try creating your own. Why? Things change. What was popular last year is no longer popular. MySpace as a password was logical two years ago. Now, most people haven't logged into their MySpace in months. Your unique ideas may provide you great success. Think about what's popular now... Justin Bieber, Obama, or the Miami heat. I bet you never thought of "heat" as a password.

Selective passwords are what I call passwords that are applicable only to a single website. If you're attempting to crack Facebook accounts, passwords like facebook, Facebook, or FACEBOOK are likely to be successful. If you'd like to go further, go into why people use Facebook. You can logically come to the conclusion that people use it for friends, buddies, etc. Those are logical passwords. The web site's name is one of the most common passwords used by users because it's easy to remember, and that same logic applies to every site they have an account with.

Passwords are usually lazy. Most people are too lazy to put any effort into a password, so people will rarely capitalize a password. Any part of the password. Usually, passwords cased like Michelle are rarely successful. The extra motion needed to reach the shift key is usually not a desirable motion for most users. Lowercase passwords are by far the most popular. Uppercase passwords like PASSWORD follow in second, and "properly" cased passwords like "Password" are third.

Name as password = success. One of the most successful method for cracking is using the user name as a password. Bobby's password is possibly bobby, and Janet's is likely to be janet. You can go further, and remove numbers with some programs. Bobby1945's password is possibly bobby, or even boby1945. Again, laziness. Most programs support the use of user name as password, and can remove the letters or numbers from the password for added control.


Research the Website You're Cracking

A lot of sites are becoming critical of their users' passwords. Now, most require a minimum password length, and even have particular rules like they must contain a number. To help with this, I'll explain the most common passwords should these kinds of rule apply.

If a website requires a number, try common passwords, and add a "1", or any other number, on the end. password1, adam1, facebook1 are all quite plausible and lazy(which is what you're going for).

If a website requires a capital letter, try capitalizing the first letter, or all letters: Facebook, Password, PASSWORD, LOVE.

If a website requires a capital letter and a number, try capitalizing the first letter and adding a "1", or any other number, at the end: Password1, Michelle1, Rachel1.

If a website requires a symbol, try an exclamation mark(!) or a period(.) at the end of common passwords: password!, iloveyou., etc.

Research will prevent you from wasting time. If you don't do proper research, and you're cracking a site that requires passwords with a length of more than 4, and you're using "1234" as a password, you're not doing a bit of good other than wasting bits and bytes of bandwidth.

Trying Other Sites with Cracked Accounts
9 times out of 10, a user has at least two accounts with the same password. An ideal situation is when you crack an account, and look in the account information, then find the user's E-Mail address. It's not even 50% likely, but there's a better chance than usual that you know that E-Mail address's password. If and when you access the E-Mail account, it's probable that all other sites the user has registered on has sent him or her an E-Mail. Not many people clean their E-Mail box.


Don't Crack Air; Use Valid Users

If a user account doesn't exist, why would you try to crack it other than to waste time? Understand that like passwords, a lot of user names are common words, phrases, or patterns. bobby1 is more likely to exist than bobby10382.

As of this moment, there are a few program available for validating whether or not accounts exist. I will not discuss or list these programs, but do the research; it's well worth it.

Combos(Password Databases)

Combos, as they are called by most crackers, are lists of user names and passwords that have already been cracked for other sites. These are highly successful, but the success can be short lived if other users have access to the same combo. Programs that search for combos are useful, but as I just stated, the success they give can be short lived. These programs are predictable, by that I mean that they use the same, repetitive collecting mechanism.

Combos are a great asset to cracking, but it can be a gold rush which other users can "steal" your hard work.

Sample List

Here's a small sample password list off the top of my head that will likely be successful:

123456
123456789
abc123
asdf
asdfghjkl
54321
password
password1
lakers
bieber
michael
chris
jesus
money
green
yellow
blue
tiger
puppy
kitten
kitty
james
brandon
michelle
elizabeth
stacy

As you can see, all passwords are common words, or easy to remember patterns.

In Summary

Cracking accounts can be easy; and it can be hard. This all depends on your research and effort before cracking. Success is paved with research.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

How to Check If Your Antivirus Is Working?


Hi users, here is a common method to determine that if your antivirus program is working properly or not. I think you may know it already, but for the beginner (noobs) this can be informative.

* Open Notepad and copy the Code given below.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

* The text should be in one horizontal line.

* Then save file as "checkantivirus.com" including quotation-marks. (not necessary to be same as this file name, but save it in extension . com

* After some seconds saving this file, your Anti-Virus should come with the message that this file is infected with virus asking permission for its deletion/clean.

* This file is secure and it’s not going to infect your computer in whatever way. It is a standard text developed by the European Institute for Computer Anti-virus Research (EICAR). Every Anti-Virus is programmed to load this file as a virus.

* If your Anti-Virus will not hack this file as a virus, a program will appear as DOS window with this text EICAR-STANDARD-ANTIVIRUS-TEST-FILE.

* If this happens then you should probably find some other Anti-Virus up to date. It means that your PC might already being infected from viruses and your current Anti-Virus does not recognize them.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Tutorial On DNS Poisoning


Tutorial On DNS Poisoning


This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It’s purely educational, so I’m not responsible for how you use the information in it.

To start, you’ll need

• A computer running Linux (Ubuntu in my case)

• A basic understanding of how the Domain Name System (DNS) works.

Note that this is a more advanced topic; don’t try this if you don’t know what you’re doing.

Why DNS?


The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.

Here’s a pretty diagram to help explain it


google dns DNS Poisoning Tutorial


If we can find a way to tell the client the wrong IP address, and give them the IP of a malicious server instead, we can do some damage.

Malicious DNS Server


So if we want to send clients to a malicious web server, first we need to tell them its IP, and so we need to set up a malicious DNS server.
The server I’ve selected is dnsmasq – its lightweight and the only one that works for this purpose (that I’ve found)
To install dnsmasq on Ubuntu, run sudo apt-get install dnsmasq, or on other distributions of Linux, use the appropriate package manager.


Once you’ve installed it you can go and edit the configuration file (/etc/dnsmasq.conf)


sudo gedit /etc/dnsmasq.conf


The values in there should be sufficient for most purposes. What we want to do is hard-code some IPs for certain servers we want to spoof


The format for this is address=/HOST/IP


So for example;


address=/facebook.com/63.63.63.63


where 63.63.63.63 is the IP of your malicious web server


Save the file and restart dnsmasq by running


sudo /etc/init.d/dnsmasq restart


You now have a DNS server running which will redirect requests for facebook.com to 63.63.63.63

Malicious Web Server



You probably already have a web server installed. If not, install apache. This is pretty basic, so I won’t cover it here.


There are a couple of things you can do with the web server. It will be getting all the traffic intended for the orignal website, so the most likely cause of action would be to set up some sort of phishing site


I’ll presume you know how to do that though


Another alternative is to set up some sort of transparent proxy which logs all activity. I might come back to this in the future.

I Can Be Ur DNS Server Plz?


An alternative is to, instead of a spoof webserver, set up a Metasploit browser_autopwn module . You can have lots of fun with that


But how do you get a victim? Well this is where my project, the IP Experiment could come in handy


If you don’t know, the IP Experiment basically harvests people’s IPs through websites such as forums and scans them for open ports. A surprising number of these IPs have port 80 open and more often that not, that leads straight to a router configuration mini-site. ‘Admin’ and ‘password’ will get you far in life; its fairly easy to login and change the DNS settings, and BOOM. You have a victim!

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Steps to Better Secure Your Wireless Network From Hackers


Steps to Better Secure Your Wireless Network From Hackers

The reason we secure a wireless network is to stop people from using the services of our network who don’t have permission to utilize them. It is harder to secure a wireless network from hackers as compared to a classic wired network. This is due to the fact that a wireless network can be accessed anywhere inside the range of its antenna.


In order to secure a wireless network from hackers, we should take proper steps to save ourselves against security issues. If you don’t secure a wireless network from hackers, you might end up without its service. The consequence might also include the utilization of our network to attack further networks. To secure a wireless network from hackers, you should follow these simple wireless networking tips:

1) Strategic antenna placement:

The first thing you have to do is to position the access point’s antenna in a place which restricts the range of its signal to go further than the required area. You should not put the antenna close to a window because glass can’t obstruct its signals. Place it in a central location of the building.

2) Use WEP:

WEP stands for Wireless encryption protocol. It’s a customary technique for encrypting traffic on a wireless network. You should never skip it as that will allow hackers to get instant access to the traffic over a wireless network.

3) Change the SSID, disable the broadcast of SSID:

SSID stands for service set identifier. It is the recognition thread utilized by the wireless access point due to which the customers are capable of starting connections. For every wireless access point arranged, select an exclusive as well as unique SSID. Also, if it’s attainable, hold back the broadcast of the SSID out over the antenna. It wont appear in the listing of offered networks, while being able to provide services as usual.

4) Disable DHCP:


By doing this, the hackers will have to decode the TCP/IP parameters, subnet mask as well as the IP address in order to hack your wireless network.

5) Disable or modify SNMP settings:

Change the private as well as public community settings of SNMP. You can also just disable it. Otherwise the hackers will be able to utilize SNMP to get significant info regarding your wireless network.

6) Utilize access lists:

For additional security of your wireless network, and if your access point support this feature, employ an access list. An access list lets us determine precisely which machinery is permitted to attach to an access point. The access points which include the access list can employ trivial file transfer protocol (TFTP) now and then in order to download modernized lists to steer clear of hackers.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS