Archive for the ‘EATHICAL HACKING’ Category

Secure Yourself from Hackers & Hijackers


 

Secure Yourself from Hackers & Hijackers

  

  

Hackers and Browser Hijacking is one area of the Net that affects everyone at some stage.

In addition to having third party utilities such as SpyBot, Anti Virus scanners and firewalls installed there are some changes that can be made to Windows 2000/XP. Below are some details to make your system safer from hackers and hijackers.

Some of these tips require editing of the Registry so it is wise to either backup the registry and/or create a Restore Point.

1. Clearing the Page File at Shutdown
Windows 2000/XP paging file (Sometimes called the Swap File) can contain sensitive information such as plaintext passwords. Someone capable of accessing your system could scan that file and find its information. You can force windows to clear out this file.

In the registry navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management and add or edit the DWORD ClearPageFileAtShutdown. Set it to 1.

Note that when you do this, the system will take much longer to shut down: a system with a really big Page File (! Gig or more) may take a minute or two longer.

2. Disable the POSIX and OS/2 Subsystem.

Windows 2000 and XP come with little-documented subsystems it at allow compatibility with UNIX and OS/2 systems These rues systems are enabled by default but so rarely used that they are best off bring disabled completely to prevent possible service hijackings.

To disable these subsystems, open the registry and navigate to HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems. Delete the subkeys Os2 and Posix. then reboot.

   3. Never leave default passwords blank.
On installation, Windows 2000 sets up an Administrator account with total 
system access and prompts for a password. Guess what: by default, it allows that password to be blank. If a user doesn’t want to type a password, he can simply click Next and the system will be an open door for anyone who wants to log on. Always opt for a password of some kind when setting up the default account on a machine.

4. Disable the Guest account
Windows XP comes with a Guest account that’s used for limited access, but it’s still possible to do some damage with it. Disable it completely if you are not using it. Under Control Panel, select User Accounts, click on Guest Account and then select Turn Off the Guest Account.

5. Install Windows In a different directory.
Windows usually installs itself in the WINDOWS directory. 
Windows NT 4 0 and 2000 Will opt for WINNT. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. To defeat this install Windows to another directory when you’re setting it up – you can specify the name of the directory during setup. WINDIR is okay; so some people use WNDWS – A few (not that many) programs may not install properly if you install Windows to another folder but t hey are very few and they are far between

6. Fake out hackers with a dummy Administrator account
Since the default account in Windows 2000 is always named Administrator, an enterprising hacker can try to break into your system by attempting to guess the password on that account. It you never bothered to put a password on that account, say your prayers.

Rather than be a sucker to a hacker, put a password on the Administrator account it you haven’t done so already. Then change the name of the Administrator account. You’ll still be able to use the account under its new name, since Windows identifies user accounts by a back-end ID number rather than the name. Finally, create a new account named Administrator and disable it. This should frustrate any would -be break-ins.

You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. Right-click on My Computer, select Manager, open the Local Users and Groups subtree, look in the Users folder and right-click on any name to rename it. To add a new user, right-click on the containing folder and select New User. Finally, to disable an account, double-click it, check the Account is disabled box and click OK.

Don’t ever delete the original Administrator account. Some programs refuse to install without it and you might have to log in under that account at some point to setup such software. The original Administrator account is configured with a security ID that must continue to be present in the system.

7. Set the Hosts file to read-only to prevent name hijacking.

This one’s from (and to a degree, for) the experts. The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. When a network name and address is placed in HOSTS, the computer uses the address listed there for that network name rather than performing a lookup (which can take time). Experts edit this file to place their most commonly-visited sites into it, speeding things up considerably.

Unfortunately hijackers and hackers also love to put their own information into it – redirecting people from their favorite sites to places they don’t want to go. One of the most common entries in HOSTS is local host which is set 1770.0.1. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably.

To prevent HOSTS from being hijacked, set it to read-only. Go to the folder %Systemroot%system32driversetc, right-click on HOSTS, select Properties check the Read-Only box and click OK. If you want to add your own entries to HOSTS, you can unprotect it before doing so, but always remember to set it to read-only after you’re done.

8. Turn off unneeded Services
Windows 2000 and XP both come with many background services that don’t need to he running most of the time: Alerter, 
Messenger, Server (If you’re running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you’re not using Remote Desktop or NetMeeting), Remote Registry, Routing and Remote Access (if you’re not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host.
A good resource and instruction on which of these services can be disabled go to /http://www.blkviper.com/WinXP/

  

9. Disallow changes to IE settings through IE
This is another anti hijacker tip. IE can be set so that any changes to its settings must be performed through the Internet icon in the Control Panel, rather than through IE’s own interface. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools, Options menu in IE. You can disable this and still make changes to IE’s settings through the Control Panel.

Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting). Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting.

You can also keep IE from having other programs rename its default startup page, another particularly annoying form of hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD, Homepage and set it to 1.


10. Disable simple 
File Shares.
In Windows XP Professional, the Simple File Sharing mode is easily exploited, since it
抯 a little too easy to share out a file across your LAN (or the NET at large). To turn it off, go m My Computer, click Tools, Folder Option and the View tab, and uncheck Use Simple file sharing (Recommended). Click OK. When you do this you can access the Security tab in the Properties window for all folders; set permissions for folders; and take ownership of objects (but not in XP Home)

 

Advertisements

Beginner Hacking Ebooks


Freelance Jobs

Beginner Hacking Ebooks

Art of Assembly
Gray Hat Python
Hackers Black Book
SSH, The Secure Shell
Reversing Handbook C++
Reversing Secrets of Reverse Engineering
Stealing the Network: How to Own the Box
The Hackers Underground Handbook

FREE MEGA PACK OF TUTORIAL NETWORK HACKING DOWNLOAD LINK


FREE MEGA PACK OF TUTORIAL NETWORK HACKING DOWNLOAD LINK

Mega video tutorial

A Penetration Attack Reconstructed
A Quick and Dirty Intro to Nessus using the Auditor Boot CD!
Adding Modules to a Slax or Backtrack Live CD from Windows
Airplay replay attack – no wireless client required


Anonym.OS LiveCD with build in Tor Onion routing and Privoxy


BackTrack LiveCD to HD Installation Instruction Video


Basic Nmap Usage!


Basic Tools for Wardriving!


Bluesnarfer attack tool demonstration


Bluesnarfing a Nokia 6310i hand set


Breaking WEP in 10 minutes


Cain to ARP poison and sniff passwords!


Complete Hacking Video using Metasploit – Meterpreter


Cracking a 128 bit WEP key (Auditor)


Cracking a 128 Bit Wep key + entering the cridentials


Cracking Syskey and the SAM on Windows Using Samdump2 and John!


Cracking Windows Passwords with BackTrack and the Online Rainbow Tables at Plain-Text!


Cracking WPA Networks (Auditor)


DoS attack against Windows FTP Server – DoS


Droop s Box Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup and Other Tools!


Exploiting some bugs of tools used in Windows


Exploiting weaknesses of PPTP VPN (Auditor)


Finding Rogue SMB File Shares On Your Network!


Fun with Ettercap Filters!


How to crack the local windows passwords in the SAM database


How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor)


How to sniff around switches using Arpspoof and Ngrep!


Install VNC Remotely!


Internet Explorer Remote Command Execution Exploit (CMDExe) Client Side Attack (Hi-Res)


Internet Explorer Remote Command Execution Exploit (CMDExe) Client Side Attack (Lo-Res)


John The Ripper 1.7 password cracker Installation Instruction Video


Local Password Cracking Presentation for the Indiana Higher Education Cybersecurity Summit 2005!


MAC Bridging with Windows XP and Sniffing!


Mass De-Authentication using void11 (Auditor)


Metasploit Flash Tutorial!


MITM Hijacking


Nmap Video Tutorial 2 Port Scan Boogaloo!


Sniffing logins and passwords


Sniffing Remote Router Traffic via GRE Tunnels (Hi-Res)


Sniffing Remote Router Traffic via GRE Tunnels (Lo-Res)


Sniffing VoIP Using Cain!


Snort Instruction video – howto install into backtrack


SSH Dynamic Port Forwarding!


Start a session and get interactive commandline access to a remote Windows box!


Telnet Bruteforce


Tunneling Exploits through SSH


Use Brutus to crack a box running telnet!


Using NetworkActiv to sniff webpages on a Wi-Fi network!


WEP Cracking using Aireplay v2.2 Beta 7 (Whax 3.0)


WMF File Code Execution Vulnerability With Metasploit!


WPA Cracking using Aireplay v2.2 Beta 7 (Whax 3.0)

Download Fileserver

part 1
part 2
part 3
part 4
part 5
part 6
part 7
part 8

How to Become a Hacker


How to Become a Hacker

Most of us are very curious to learn Hacking and want to become a Hacker, but don’t know where to start. If you are in a samilar situation, then this article will most likely guide you to reach your goal.

On a regular basis, I get a lot of emails where people ask me ”How to Become a Hacker”.In fact, this question is not an easy one to answer, since hacking is not an art that can be mastered overnight. It requires knowledge, skills, creativity, dedication and of course the TIME. Everyone can become a hacker provided they learn it from the basics. So, if you wanna become a hacker, then all you need is a good source of knowledge that will guide you through various concepts of hacking from the basics.

What Skills do I Need to Become a Hacker?

In simple words, there is no magic to become a  Hacker. But like anything else that is worthwhile, it takes dedication and willingness to learn. It is most important to have a basic knowledge of topics such as operating system basics and it’s working, computer networks, computer security and of course programming. However, you need not be the expert in each or any of those topics mentioned. As you gain the basic knowledge of various branches of computer, you can choose any one as your favorite and advance in it.

What is the Best Way to Become a Hacker?

As said earlier, the best way to become a hacker is to start from the basics. You will have to master the basics to build a strong foundation. And once this is done, you’ll be in a position to explore new ideas and start thinking like a Hacker.

There exists tons of books on the market that will teach you hacking, but unfortunately, it requires a set of pre-established skills and knowledge to understand the concepts explained in the book. Also, most of them are not suitable for the beginners who doesn’t know anything about hacking.

Anyhow, I have found an excellent Book for the Beginners that will teach you hacking from the basics. This book is the first step to fulfil your dream of becoming a hacker. When I first read this book, I myself was surprised at how simple and easy it was laid out. I decided to introduce this book for all those enthusiasts as it can be the right source for the beginners who are interested to learn hacking from the basics. The good thing about this book is that, any one can understand the concepts presented here, without the need for any prior knowledge. This book is called

Become a Hacker

Learn Hacking

This book will take you from the core to the top. It will tell you how to hack in simple steps. Everything in this book is presented in a simple and effective manner. It is a great source for the beginner who would like to become a hacker. This will install a Hacker’s Mindseton you.

The following skills are uncovered in this book

1. You will learn all the hacker underground tricks and learn to apply them in real world situations.

2. You will be put into a hacker mindset so that you will learn to think like a Hacker.

3. By learning how a hacker thinks and acts, you will be able to protect yourself from future hack attacks.

4. You will acquire knowledge nonexistent to 99.9% of the people in the world!

5. This underground handbook may get you interested in pursuing a career as an Ethical Hacker.

This book is of great value for all those who have a dream to become a Hacker.

So what are you waiting for? Go grab your copy now from the following link


Wait… This is not the end. Rather it is just the beginning of your journey. To become a hacker, all you need is dedication and hard work. I wish you all the best for your future success.

Common Email Hacking Methods


Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach you email hacking, but it has more to do with raising awareness on some common email hacking methods.

Hackers can install keylogger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details.

A keylogger program is widely available on the internet.some of them are listed below

Win-Spy Monitor

Realtime Spy

SpyAgent Stealth

Spy Anywhere

For more information on keyloggers and it’s usage refer my post Hacking an email account.

Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs).

Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the web pages you visit. Also if you find your computer behaving oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.A detailed Email Hacking tutorial is discussed in the post Hacking an email account.

Common Terminologies used in Internet Security


If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these.

Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies.

Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it.

IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust.

Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web.

Trojan horse – a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information.

Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file.

Worm – A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.

Proxy Servers and Anonymizers


Freelance Jobs

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:
 

 

 

  • As firewall, a proxy protects the local network from outside access.
  • As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.
  • Proxy servers can be used (to some extent) to anonymize web surfing.
  • Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.
  • Proxy servers can afford some protection against hacking attacks.

Anonymizers

  • Anonymizers are services that help make your own web surfing anonymous.
  • The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.
  • An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.