Jumat, 07 Oktober 2011

Doppelganger Domain Attack


Doppelganger Domain Attack By Amrut Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited on Thursday · Edit Doc
Doppelganger Domain Attack



Domain typo-squatting is commonly used to spread malware to users whom accidentally misspell a legitimate domain in their web browser. A new type of domain typo-squatting takes advantage of an omission instead of a misspelling.
A Doppelganger Domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Doppelganger Domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information.
Each company in the Fortune 500 was profiled for susceptibility to Doppelganger Domains and 151 companies (or 30%) were found to be susceptible. In large corporations, email usage is extremely high and the likelihood of some email being mis-sent is high which could result in data leakage.
Security researcher Peter Kim and Garrett Gee who set up doppelgangerdomains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

By Amrut Deshmukh (SciWiz)
Diposting oleh di Tidak ada komentar:

Run Firefox inside Firefox


Run Firefox inside Firefox By Amrut Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited on Thursday · Edit Doc
-: Run Firefox inside Firefox :-

How to run Firefox inside Firefox.?

Yup you can run Firefox inside firefox just by typing following url.

How about Opening Firefox inside Firefox which is again in another Firefox..?
Not bad huh? 
And its really easy too just type in this url in Firefox's address bar and there you go! 
Firefox inside Firefox!

copy paste following url in a web browser (mozilla firefox).

chrome://browser/content/browser.xul

Following is the screenshot of this trick (firefox in firefox in firefox, which is again in another firefox)- 




By Amrut Deshmukh (SciWiz)
Diposting oleh di Tidak ada komentar:

Folder Lock With Password Without Any Software


Folder Lock With Password Without Any Software By Amrut S. Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited on Thursday · Edit Doc
Folder Lock With Password Without Any Software-
Paste the code given below in notepad and 'Save' it as batch file (with extension '.bat').
Any name will do. 
Then you see a batch file. Double click on this batch file to create a folder locker. 
New folder named 'Locker' would be formed at the same location. 
Now bring all the files you want to hide in the 'Locker' folder. Double click on the batch file to lock the folder namely 'Locker'. 
If you want to unlock your files,double click the batch file again and you would be prompted for password. 
Enter the password and enjoy access to the folder.



if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==type your password here goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

By Amrut S. Deshmukh (SciWiz)
Diposting oleh di Tidak ada komentar:

Havij 1.15 Pro


Havij 1.15 Pro

By Aarshit Mittal · Last edited 15 hours ago · Edit Doc
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?

Webknight WAF bypass added.
Bypassing mod_security made better
Unicode support added
A new method for tables/columns extraction in mssql
Continuing previous tables/columns extraction made available
Custom replacement added to the settings
Default injection value added to the settings (when using %Inject_Here%)
Table and column prefix added for blind injections
Custom table and column list added.
Custom time out added.
A new md5 cracker site added
bugfix: a bug releating to SELECT command
bugfix: finding string column
bugfix: getting multi column data in mssql
bugfix: finding mysql column count
bugfix: wrong syntax in injection string type in MsAccess
bugfix: false positive results was removed
bugfix: data extraction in url-encoded pages
bugfix: loading saved projects
bugfix: some errors in data extraction in mssql fixed.
bugfix: a bug in MsAccess when guessing tables and columns
bugfix: a bug when using proxy
bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
bugfix: false positive in finding columns count
bugfix: when mssql error based method failed
bugfix: a bug in saving data
bugfix: Oracle and PostgreSQL detection

Download from here 
Diposting oleh di Tidak ada komentar:

Steve Jobs, billionaire co-founder of Apple has died in California at the age of 56

Steve Jobs, billionaire co-founder of Apple and the mastermind behind an empire of products that revolutionised computing, telephony and the music industry, has died in California at the age of 56.

Jobs stepped down in August as chief executive of the company he helped set up in 1976, citing illness. He had been battling an unusual form of pancreatic cancer, and had received a liver transplant in 2009.

Jobs wrote in his letter of resignation: "I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple's CEO, I would be the first to let you know. Unfortunately, that day has come."

Apple released a statement paying tribute: "Steve's brilliance, passion and energy were the source of countless innovations that enrich and improve all of our lives … The world is immeasurably better because of Steve."
Bill Gates, the former chief executive of Microsoft, said in a statement that he was "truly saddened to learn of Steve Jobs's death". He added: "The world rarely sees someone who has had the profound impact Steve has had, the effects of which will be felt for many generations to come.
"For those of us lucky enough to get to work with him, it's been an insanely great honour. I will miss Steve immensely."

He is survived by his wife, Laurene, and four children. In a statement his family said Jobs "died peacefully today surrounded by his family … We know many of you will mourn with us, and we ask that you respect our privacy during our time of grief".

Jobs was one of the pioneers of Silicon Valley and helped establish the region's claim as the global centre of technology. He founded Apple with his childhood friend Steve Wozniak, and the two marketed what was considered the world's first personal computer, the Apple II.

He was ousted in a bitter boardroom battle in 1985, a move that he later claimed was the best thing that could have happened to him. Jobs went on to buy Pixar, the company behind some of the biggest animated hits in cinema history including Toy Story, Cars and Finding Nemo.
He returned to Apple 11 years later when it was being written off by rivals. What followed was one of the most remarkable comebacks in business history.

Apple was briefly the most valuable company in the world earlier this year, knocking oil giant Exxon Mobil off the top spot. The company produces $65.2bn a year in revenue compared with $7.1bn in its business year ending September 1997.

Starting with his brightly coloured iMacs, Jobs went on to launch hit after hit transformed personal computing.
Then came the success of the iPod, which revolutionised the music industry, leading to a collapse in CD sales and making Jobs one of the most powerful voices in an industry he loved.
His firm was named in homage to the Beatles' record label, Apple. But the borrowing was permitted on the basis that the computing firm would stay out of music. After the success of the iPod the two Apples became engaged in a lengthy legal battle which finally ended last year when the Beatles allowed iTunes to start selling their back catalogue.

Jobs's remarkable capacity to spot what people wanted next came without the aid of market research or focus groups.
"For something this complicated, it's really hard to design products by focus groups," he once said. "A lot of times, people don't know what they want until you show it to them."
Jobs initially hid his illness but his startling weight loss started to unnerve his investors. He took a six-month medical leave of absence in 2009, during which he received a liver transplant, and another medical leave of absence in mid-January before stepping down as chief executive in August.

Jobs leaves an estimated $8.3bn, but he often dismissed others' interest in his wealth. "Being the richest man in the cemetery doesn't matter to me … Going to bed at night saying we've done something wonderful … that's what matters to me."
Source: guardian.co.uk

President Obama's speech for the great man.

"Michelle and I are saddened to learn of the
passing of Steve Jobs. Steve was among the
greatest of American innovators – brave enough to think differently, bold enough to believe he could change the world, and talented enough to do it. By building one of the planet’s most
successful companies from his garage, he
exemplified the spirit of American ingenuity. By making computers personal and putting the internet in our pockets, he made the information revolution not only accessible, but intuitive and fun. And by turning his talents to storytelling, he has brought joy to millions of children and grownups alike.

Steve was fond of saying that he lived every day like it was his last. Because he did, he transformed our lives, redefined entire industries, and achieved one of the rarest feats in human history: he changed the way each of us sees the world. The world has lost a visionary. And there may be no greater tribute to Steve’s success than the fact that much of the world learned of his passing on a device he invented.

Michelle and I send our thoughts and prayers to
Steve’s wife Laurene, his family, and all those who loved him.."
Diposting oleh di Tidak ada komentar:

Fight with any virus you want


Fight with any virus you want

By Aarshit Mittal · Last edited 14 hours ago · Edit Doc
Fight with any virus you want

just follow these steps

If you got any virus/malware giving a lot of head ache so just download Malwarebytes and install it in safe mode and put a scan with it

and see the results

all infected files will be removed

after that restart ur pc in normal mode and crack this software with the keygen provided so just enjoy





To go into safe mode just see this post

Diposting oleh di Tidak ada komentar:

Sitemeter Hack – Hide Visual Tracker


Sitemeter Hack – Hide Visual Tracker (Counter) By Amrut Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited 13 hours ago · Edit Doc
Sitemeter Hack – Hide Visual Tracker (Counter)

Sitemeter, one of the best traffic counter for websites/blogs, it shows online users, Referrals (From where people coming to your site), country locations, browser etc etc.. all in detail.

This counter is visible to all visitors.
Invisible Counters (Tracker) is available for Premium Accounts Only…!

But you can easily hack to hide it.
Its just few setting changes which will work fine.

1) Login into your sitemeter account.
2) Go to ‘Manager’ from top menu.
3) Go to ‘Meter Style’ option from left hand menu.
4) Select 2nd last meter style (Counter, which shows simple numbers).
5) Now in “DIGIT COLOR” select ‘Transparent’, Similarly in “BACKGROUND COLOR” select ‘Transparent’.
6) DONE.

Now your sitemeter counter is invisible from normal eyes in your site
Place it anywhere in your website/blog, and track your traffic, users.
Enjoy…..!

By Amrut Deshmukh (SciWiz)
Diposting oleh di Tidak ada komentar:

Find Who is invisible or blocked you on Google Talk


Find Who is invisible or blocked you on Google Talk By Amrut Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited 13 hours ago · Edit Doc
Find Who is invisible or blocked you on Google Talk

Steps to find who is invisible or blocked you on gtalk :

1) Download & Install Pidgin
Click here to download Pidgin chat client. If you already have Pidgin installed, you may skip this step.

2) Configure Pidgin for Gtalk
You’ll probably start with the below screen. Click the Add button. “Accounts -> Manage Account” will also bring you to the same screen. Let’s add Gtalk to Pidgin.

Clicking Add will allow you to add new Gtalk account. The following two screenshots show what you need to fill up for Basic and Advance tab.


With all the settings properly entered, you should be able to connect to Gtalk and load your contacts successfully.

3) Find Who’s Blocking You
When someone blocked you in Gtalk (and other IMs), they appear offline just like your other contacts who are really offline. Right click, click on Get Info, and we’ll see how to differentiate them.

The following image is a comparison of 2 different contacts: Actual offline (left) and Blocked offline (right). If you are blocked, nothing will display under Buddy Information.

Thats all. Now you can easily find out who is really offline and who is blocking you from google chat.

By Amrut Deshmukh (SciWiz)
Diposting oleh di Tidak ada komentar:

Steganography


Steganography 101 By Amrut Deshmukh (SciWiz)

By Amrut Deshmukh · Last edited 2 hours ago · Edit Doc
Steganography 101
Part 1 of ??

EDIT: Sorry about the images, you'll need to copy & paste into the browser.. the IMG tag doesn't work. Maybe I can get a ZIP file up here at some point...


Steganography is "the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existance of the message". Anyone who is interested in cryptography and/or history has probably heard of the ancient Greeks who used various physical methods to hide messages: one common story is of messengers engraving secrets on a wooden tablet which was then covered in wax. Anyone who stopped the messanger to inspect his posessions simply saw a blank wax-covered tablet, or a wax-covered tablet with mundane information. Upon arrival at his destination, the recipient would scrape the top layer of wax off, revealing the message hidden underneath. Another method was to write the secret message on the shaved head of a messanger, and then wait until his hair grew back. This obviously took quite a while, but it was normal for messages to take days or weeks to arrive during that time. Another example with which we're all probably familiar with is invisible ink. The Revolutionary War-era Culper spy ring was known to use this technique, and according to all accounts that I've read, invisible ink is still used today in intelligence circles.

I should also distinguish cryptography from steganography with a couple thoughts:
1) Steganography hides text in plain sight, while cryptography scrambles plaintext (original message) into ciphertext (coded message)
2) Even though a message is hidden, you should always encrypt it as well (my opinion, anyway)
3) Every once in a while, you'll hear someone distinguish between a "code" and a "cipher". In the cryptography world, they're two different things, but are basically the same for purposes of this article.
4) You can easily hide messages in digital images with the most basic software out there (Hex editors, MS Paint, etc)
5) Other media types lend themselves to steganography, too. Messages can be hidden in audio/video files, or even plain text!
6) US government bureaus are well aware of the use of steganography, and there are fancy programs out there to detect steganography in various files.

If you're wondering why that list was unnecessarily long and perhaps even a bit random, take a look at the first capital letter of each item, including the "I" in the first sentance. That's another method of steganography, with a popular example being Lewis Carrol (of Alice in Wonderland fame). He often hid messages in his poems, using the first (or last) letter in each line.

Now that I've bored you with a very brief history and introduction, now on to the modern-day application of stegnaography in digital images. There are several different techniques that I'll discuss here, and as long as you're creative, I'm sure you can come up with a few of your own. 

1. Hiding the text in the image
This is a very basic technique. Take a look at the image you see here, then download it to your computer and open it with any image editing software. You don't need anything fancy for this - MS paint will do. It looks like a normal Starbucks logo, but I used the eyedropper tool to find the RGB value of the green border, then increased the "Green" value from 94 to 100. Go ahead, open it up in paint. Now, take the paint bucket tool (or whatever your program uses to fill an area), choose "White", then fill the green border. You should see a message appear:


This works well for short messages, or images with a single background color. You can use it on more complex images, but you'll have to re-color each letter to match the background.


What are RGB values, you ask? Well, the computer uses varying levels of the three primary colors for light (Red, Green, Blue). The values for each range from 0-255, indicating the level of each color. (In HTML/CSS, you'll see these as hexidecimal values, which is just the RGB values translated from decimal to hex.) A value of all zeros (0-0-0, or #000000) is black, and values of 255-255-255 or #FFFFFF are white. (As a side note, whenever the values are all equal, you'll get a shade of gray.)

The RGB values play a role in our next method: LSB replacement.

2. Least-significant bit replacement

LSB replacement is probably the most popular method for steganography. Why? Because it's simple, efficient, and easy to do! For the casual user, I recommend looking into QUICK STEGO. It's free, lightweight, and does the job well for basic purposes. You can also skip the math and technical stuff that follows. For a technical article on one program's methodology, see:http://www.csjournals.com/IJCSC/PDF1-2/24..pdf

For anyone still reading, LSB begins with taking the binary equivalent to the RGB value. Let's use MS Paint's standard "red" color (237-28-36) or #ED1C24. Open up Calculator (Windows), and select "Programmer" from the "View" menu. Enter 237 in decimal mode, then change to binary (8 digits). Repeat for 28 and 36. You should get:

11101101 00011100 00100100 **Note that I padded the leading zeroes for 28 and 36 to make 8 bits (or one byte). 

Let's take a breather here. A byte is made up of 8 bits, with a bit being either a 1 or 0. Since we have three bytes (or 3x8 bits), we are using 24-bit color. 

Now from this point on, each stego program uses their own method of encryption. I'm going to encode "X", using the unicode value 58 (111010).

Now, we're going to take the LEAST SIGNIFICANT BIT(s) - which are the ones on the right in each byte, and replace the last two bits with our message.


11101101 00011100 00100100 -- Initial RGB values
------11 ------10 ------10 -- Unicode Character 58, in binary format

11101111 00011110 00100110 -- New RGB values

239 30 38 239-30-38 (RGB)
EF 1E 26 #EF1E26 (Hex)

Compare these values to the originals: (237-28-36) or #ED1C24... it's not a difference that can be noticed to the human eye when done on one pixel only. In the image here, you'll see the "standard red" background, with the random circles in our "coded red" color. Yes, the difference is noticible, but again - you would only be doing this in one pixel. Now try and find that one stray pixel that's been encoded.
Now, if we were to continue to encode this manually, we would have to:
1) Translate each character of our message into ASCII, Unicode, etc, then to binary
2a) Figure out which pixels to perform the operation on (lets say every 7th pixel)
2b) Calculate the binary value for each pixel
3) Complete the LSB replacement
4) Re-color the pixel to match the value in step 3

To decode, we would:
1) Use the eyedropper tool to get the RGB value of every 7th pixel, calculate the binary value, and take the two last digits.
2) Re-compose the values from step 1 into a single value
3) Translate from binary to decimal
4) Look up the equivalent value (ASCII/Unicode)
5) Put the message back together again

This method I've just described is a painstakingly tedious method, and probably not useful for all intents and purposes. But you get the basic idea. As I said before, each program has their own algorithm, and several use logical operators on the different bits. That being said, most stego programs will only decode certain algorithms, and for best results both sender and recipient should use the same program.


3. USING A HEX EDITOR
Assuming you have an image of a suitable size and complexity, this is a pretty quick method. Simply open the file in a hex editor, scroll down until you find the random characters, and type your message. "Save As" another image, and make sure you didn't trash the file by over-writing something important. See the two lighthouse pictures for an example. If you compare the two, you'll notice a difference in the far bottom-right corner, due to overwriting image data with the hex editor. Take notice of the smiley face picture - I wrote a message using a hex editor, and screwed the image up pretty good! 





If you are suspecting a hidden message, it's pretty much a dead giveaway. But suppose you uploaded the lighthouse picture to your favorite social media webiste - I'm willing to bet that most of your friends wouldn't think twice about the little blotch on the bottom (if they even notice it!).
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)