WARNING/DISCLAIMER

The Author/Blogger shall hold no liability for special, incidental, or consequential damages arising out of or resulting from the use/misuse of the information in this Blog. It is strictly mentioned that these are all for learning and awareness purpose. Most of the articles are collected from various sources and many of them are blogger's own which meant for helping people who are interested in security system or beginners help for security systems and various IT purposes. Some of the articles are solely intended for IT Professionals and systems administrators with experience servicing computer. It is not intended for home users, hackers, or computer thieves attempting to crack PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, software and please use this information responsibly. Binod Narayan Sethi is not responsible for the use or misuse of these material, including loss of data, damage to hardware or personal injury. Information can help you to catch hackers and crackers and other cyber criminals. Information can help you to detect and manipulate the evil motives of these anti social intellectual peoples. Good use of the information protect you from evils and misuse of the information make you evil/criminal. Author of this site will not be responsible for use of material for any illicit mean or illicit act done by anybody in any means.

Binod Narayan Sethi

Binod Narayan Sethi
Programming,Web Development & Graphic Designing are my Hobbies.

All About Hackers

Know about the Hacker and their types. How they impact on society. Freedom of knowledge is harmful or dangerious it all talk about a Hacker. Let explore it...

How to Hack Email Accounts

Wondering to know how to hack an email account? Well, before you can do that, you need to understand the real ways of hacking that actually work and also that are simply scam and do not work.

Legal aspects of computing

Legal aspects of computing are related to various areas of law. Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies.

How to protect your email account from being hacked

Some of the most commonly used online scams which fool people and make them lose their passwords.The other commonly used method to steal password is by using a Key-logger. A Key-logger is nothing but a spyware.

TOP 5 HACKING TUTORIAL SITES

Hackers who find vulnerabilities to do nothing more than exploit them as much as humanly possible. Now that you know what sort of community you may be entering, let’s get on with the list of top sites where you can learn how to hack.

Saturday, July 23, 2011

A simple way to run roadrash on windows 7 (without any graphics problem).

A simple way to run Roadrash on windows 7 (without any graphics problem).

Many have problem with Road rash when play on Windows 7, when they open the road rash game may  display is abnormal and something like faded or oil paint like display. Here is a simple solution for that.

1. Right click of road rash icon go to properties and then open file location.
2. Create a bat file and write down the following code:

taskkill /f /im explorer.exe
Rashme.exe
start explorer.exe

or
taskkill /f /im explorer.exe
Roadrash.exe
start explorer.exe
Here Important is the *.exe file-name should be the same as game name.
3. Run the bat file and enjoy the game without problem.
4. You can also make a desktop shortcut of that bat file to start from desktop.

Change Windows 7 Startup Sound

First Method
1) For best results, boot out of Window 7 and into an alternative OS, such as XP. (This is assuming you dual boot.)

2) Locate the file "imageres.dll" in Vista's System32 folder. For instance, C:\Windows\System32\imageres.dll. Copy that file into a different location, i.e. your desktop.

3) Download ResHacker .

4) Open ResHacker. Open the imageres.dll file in ResHacker.

5) Find the folder that reads "WAVE" and expand everything below that.

6) Right click 1033 (this could have a different name depending on your locale), and click Replace Resource. Click "Open file with new resource", and find the wave file you want to replace it with. Once you're done, in Resource Type, type "WAVE", in Resource Name type "5051", and under Resource Language type "1033" (or whatever number you have). Once done, click Replace.

7) Click File, then click Save. Now you can copy this file to Vista's System32 folder.

Keep the imageres_original.dll file ResHack left behind in case you want to revert back to the original sound.

8) You might have some Permission issues while replacing the old file, if you have linux live cd handy, copy the new dll to a thumb drive  & boot off from it and replace the file.

OR

All Windows 7 allows is for you check or un-check play start up sound in Windows 7 you have to do the following to change the default sound of your choice

1) Use the following beta program Reshacker from
Download Resource Hacker 3.5.0.82 Beta / 3.4.0.79 - Analyze, change, add, erase or extract resources in EXE and DLL files - Softpedia

2) Locate the file "imageres.dll" in C:\ Windows\System32 folder. For instance, C:\Windows\System32\imageres.dll. Copy that file into a different location, i.e. your desktop.

3) Download ResHacker .

4) Open ResHacker. Open the imageres.dll file in ResHacker.

5) Find the folder that reads "WAVE" and expand everything below that.

6) Right click 1033 (this could have a different name depending on your locale), and click Replace Resource. Click "Open file with new resource", and find the wave file you want to replace it with. Once you're done, in Resource Type, type "WAVE", in Resource Name type "5080", and under Resource Language type "1033" (or whatever number you have). Once done, click Replace.

7) Click File, then click Save. Now you can copy this file to Vista's System32 folder.

Keep the imageres_original.dll file ResHack left behind in case you want to revert back to the original sound.

8) For Windows 7 go back to C:\Windows\System32 directory rename the imageres.dll to Imageres.old then copy and paste the new hacked Imageres.dll into C:\windows\system32 directory


Second Method
1.In Windows-7 there is only the choice: play the windows start up sound - yes or no. Make it No!

2. You can disable the startup sound and add a registry command to hklm\software\microsoft\windows\currentversion\run to play a sound file. If  this opens Media Player and leaves it open then use the command below to play a '.wav' file. Replace ringout and chooose your path and '.wav'.
 sndrec32.exe /embedding /PLAY /CLOSE "C:\Documents and Settings\David\Desktop\ringout.wav"

You can also use group policy or the task scheduler.


Monday, July 18, 2011

All about Hackers

All about Hackers

When we say a Hacker we often think a bad guy who is a skilled person but wicked or mentally violative for technical exploitations in our prelim conscious! Let’s itself hack the word Hacker. Actually what does it mean? Originally its derived from verb HACK, which means "To cut into repeatedly and/or irregularly," or “physically cut at something with repeated blows” for usage as a Slang Term or Jargon for the act of breaking into (hacking into) to explore the extreme engineering implemented in them so that we can find demerits in them which can be used in two ways i.e. construct it further to make it more secure, advanced, beauty and stronger or demolish or break them for selfish reasons which often depends upon the motive of that skilled person. These technical persons had ideology of knowledge or information for all and it should be free without or any kind of dominance in any forms to enjoy the freedom of knowledge or information. Information is the power and power is the information so any kind of dominance of hiding information or using information for monopoly purpose for self or organizational benefits which can be useful to mankind to develop intellectual growth and service to mankind should not be tolerated. Hacking is a culture of innovative peoples who use their intellectual ability in technical field basically for modifications of computer hardware, software, and other modern technical culture if motive is not evil/bad/offensive. When a Hacker misuses their intellectual ability in their social legal circumference then often falls in criminal categories. Here I must say the reveled knowledge/information followed by bad motive intellectuals for their personal benefits and selfish reasons or desires are not hackers they are simply criminals or Technical/Technology exploiters (TE)  and they use the hacking knowledge for their evil desires for exploiting or giving pain to others and many even name them as Black hated Hackers/Crackers (TE). So in simple understanding, if a technical skilled person breaking a creation or technology to explore the truth behind them for development or benefits of intelligence culture or have good motive for mankind is known as Hackers (Many also say Ethical Hackers or white Hated Hackers) if bad TE i.e. Technical exploiters or Skilled exploiters or Black Hated Hackers or Crackers. Hackers motive always constructive or defensive or protective where as TE  is always destructive and many times works for personal benefits and revenge. We can find different classification of the Hackers in various regions of the planet by different intellectuals but the above classification I found universal and easy to understand without any confusion. (by BNS)

* Many also categorize a third kind of Hackers i.e. the Grey Hat Hackers who explore the best of both the worlds i.e White world hackers and black world hackers. I rejected it because Hackers are not ordinary and common peoples and they have capability to explore the both the world and even most of them explore both but act as per their motives, so if motive is positive then its white hat hackers/Ethical hackers if bad then black hated hackers/Crackers. Here to be out of confusion Hackers are the good motive peoples and TE is bad motive peoples. Here TE is nothing but predefined Black hated hackers/Cracker. Since Hacker is a positive word so Black hated Hacker should completely removed to distinct Hackers nomenclature as good and non-conflicting so redefining Black hated Hacker as Technical/Technology/Program Exploiters is correct.

Types of Simple Computer Exploitations

1) Inside Jobs - Most security breeches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breeches.
2) Rogue Access Points - Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.
3) Back Doors - Hackers can gain access to a network by exploiting back doors' administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.
4) Viruses and Worms - Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail.
5) Trojan Horses - Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.
6) Denial of Service - DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets).
Distributed DoSs (DDoS5) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses.
7) Anarchists, Crackers, and Kiddies - Who are these people, and why are they attacking I your network?
Anarchists are people who just like to break stuff. They usually exploit any target of opportunity.
Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit.
Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch.
Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.
8) Sniffing and Spoofing - Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister.
Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

Explore many more are there with the growth of TE (Technical Exploitation) culture………..

Sunday, July 17, 2011

Yahoo Cookie,Gmail Cookie,...Facebook Cookie Stealing And Session Hijacking Introduction

What are cookies and how are they used by websites and web admins?

Cookies is a piece of code which identify you to the site. They store settings about your customized look and feel for the pages you view, your username and encrypted password or user id, who referred you to the site, profile preferences, and just about any kind of information the admins want them to store to customize your user experience. Cookies are most commonly used to give you access to login protected pages once you've entered your information, identify you in content that you change on the site (forum posts or article comments, for example), tell the administrators how you found the site, and more. Again, cookies will function as their creators have written them to function.

In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it.

What are session cookies or session IDs or session token?

Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just visit yahoo.com and Type in browser

Code:
javascript:alert(document.cookie);

You would get a pop up box showing you the cookies left by yahoo on our PC.

Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.

So it means sessions are stored in our browser in form of cookies.

An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.

Note : But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs.
What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session cookies and injecting it into your own browser to gain acess to victims account.

What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.

Eg: Cookie manager v1.5.1

You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking.

So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to use or change our browser cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):

Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843
Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683

Will this hack always work?

Well this trick won't work on all Yahoo,Gmail,...accounts and as Yahoo/Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail,yahoo.. it can work for sure.

How to use Hotfile Cookies for downloading as Premium

1) Sign up a new Free account on the http://hotfile.com site that you want to use premium cookie.

2) Install "Cookie Editor" addon ( https://addons.mozilla.org/en-US/firefox/addon/13793/ ) then restart your Firefox browser.

3) Sign in with your signed account.

4) From the Firefox menu, click to Tools then select Cookie Editor.

5) Double click to "Hotfile" site with "auth" value ( only signing into free account you will able to see under line in picture darked hotfile.com auth ) .


6) Paste this value to "Content" and click to Save button.


7) Copy/Paste the link to the browser that you want to download.

So friends, I hope you all liked it...Enjoy .....

Legal aspects of computing

Legal aspects of computing are related to various areas of law. Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law than property or contract law, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction. Information Technology Law (or IT Law) is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gamut of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce. These laws have been described as "paper laws" for "paperless environment". Read more...

How to Hack an Email Account – Email Hacking

Wondering to know how to hack an email account? Well, before you can do that, you need to understand the real ways of hacking that actually work and also that are simply scam and do not work.

So, here in this post, I am going to discuss some of the Real and Working Ways to hack emails; along with that, I am also going to make you aware of the common myths and scams associated with email hacking.

On a regular basis, a lot of people contact me about suspecting their boyfriend or girlfriend of cheating, and ask me how to hack their email password so as to find out the truth. If you are in a similar situation where you want to hack into someone’s email account, then this post might help you! but its unethical and crime.

With my experience  in the field of ethical hacking and computer security, I can tell you that, there exists only 2 foolproof methods to hack emails. All the other methods are simply scam or don’t work.

 Possible Ways to Hack an Email Account

1. Keylogging: The Easiest Way!

Keylogging simply refers to the process of recording each and every keystroke that a user types on a specific computer’s keyboard. This can be done using a small software program called keylogger (also known as spy software). Once you install this program on the target computer, it will automatically load from the start-up and start capturing every keystroke typed on that computer including usernames and passwords. A keylogger software will operate in a complete stealth mode and thus remains undetected.

In order to use this software, you don’t need to have any special knowledge of hacking. Anyone with a basic knowledge of computer should be able to install and use this software with ease. Lots of there so go for search and grab as per your choice.
 
2. Phishing: The Difficult Way

Phishing is the other most commonly used trick to hack email passwords. This method involves the use of Fake Login Pages whose look and feel are almost identical to that of legitimate websites. Fake login pages are created by many hackers which appear exactly as Gmail or Yahoo login pages.

Once you enter your login details on such a fake login page, they are actually stolen away by the hacker. However, creating a fake login page and taking it online to successfully hack an email account is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. Also, phishing is considered  as a serious criminal offense and hence it is a risky job to attempt phishing attack.

how to hack email account passwords using Phishing.
Phishing can be used to hack any account on web. Hence, Phishing is so much popular among hackers. Email account hacking can also be done using keylogger as explained in WinSpy keylogger.


Note : The security article is intended for educational purpose only. I am not responsible for any action done by you or any damage done to anyone.

Steps to Hack Email account password by phishing :

1. First of all, to start with you need a phisher of email account. For example, if you want to hack myspace, you should have myspace phisher. Just searching it in any search engine you can get easily these software like Myspace Hacking software which obtain phisher using "phisher creator" - a software to create phishers.

2. Using guidelines in that article, construct a phisher. Say you want to make orkut.com phisher. Just enter http://www.orkut.com/ in text field of Phisher Creator and you will get required orkut phisher. This phisher will have :
a. Index.htm and
b. write.php

3. Go to http://www.t35.com/ - a webhosting service offering free webspace. Now, sign up to this webhost using "Orkut" or "OrkutVerification" as Username. This is very important to make phisher url match with that of orkut.

Update: Many readers have reported (via comments) problems with t35.com. So, if you're having same problem, just try out 110mb.com. Thanks "tryingtolearn" for your update.
Also, you can use http://yourfreehosting.net/  for uploading your phisher (Recommended).

4. Now, after signing up, login to your account and upload the two files created in step 2 using Phisher Creator.

5. Now, sign up at Yahoo.com or gmail.com and use "Orkutsupport@gmail.com" or likewise email address while signing up. This will be email address visible to victim in his inbox. So, be careful while selecting this email address.

6. After signing up, compose mail such that it informs victim about the fact that you are a part of orkut support team and wanted to inform victim that his orkut account is accessed by illegal third party. Hence, you , as part of orkut support have mailed him to verify ownership of his orkut account by logging in his orkut account using the link provided and provide him the link of your orkut phisher ready to hack his orkut account password. You can use different logic to make him login his orkut account using our phisher.

Once, the victim tries to log into his account using our provided phisher link, his orkut account password is recorded at our free webhost. Now, just go to your t35.com account control panel and see your files database or list. You will get their one new file created named "passes.txt". If such file is not present, try refreshing the page and you will get that file. Now, simply click on "Open" and you will get victim userid and password recorded in that file.

Cheers.... his orkut account password hacked... You are, thus, able to hack orkut account password.

Update: If you wanna hack Email password, you can also use best Hacking software- WinSpy Keylogger which is FUD (Fully UnDetectable). This is personally recommended keylogger from Techotips. 
Common Myths and Scams Associated with Email Hacking

Today, there are many scam websites out there on the Internet which often misguide users with false information. Some of them may even rip off your pockets with false promises. So, here are some of the things that you need to be aware of:

1. There is no readymade software program (except the keylogger) that can hack emails and get you the password instantly just with a click of a button. So, if you come across any website that claims to sell such softwares, I would advise you to stay away from them.

2. Never trust any hacking service that claims to hack any email for just $100 or $200. All I can tell you is that, most of them are no more than a scam.

3. I have seen many websites on the Internet that are distributing fake tutorials on email hacking. Most of these tutorials will tell you something like this: “you need to send an email to passwordrecovery@gmail.com along with your username and password” (or something similar). Beware! Never give away your password to anyone nor send it to any email address. If you do so, you will lose your password itself in attempt to hack somebody else’s password.

How to protect your email account from being hacked

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is: “Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from being hacked.

If this is the case, then what is the reason for many people to lose their accounts?

The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams.


1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organization (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

    Never try to login/access your email account from the sites other than the original site.
    Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site. Always look at the web address box to verify that you are login to proper website.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely lose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy. Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs. Always beware about the suspicious person around you.

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes?  Then definitely you are under the risk of loosing your password. In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use your own PC to login to your accounts to ensure safety.

Will be added more....keep watching

Binod Narayan Sethi

Binod Narayan Sethi
Binod Narayan Sethi

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More