Steal data secretly using USB Dumper

Do u want to spy on others pendrive,be a jamesbond steal the contents of others pendrive as soon as they insert into your computer secretly.This tool was made way back in 2006.But many people are still not aware of it so I thought of writing a post on it. The old tool doesn't work on windows7 but this upgraded version does.You can use this tool in two ways either to steal others data or backupyour pendrive.After downloading this tool I have extracted them to the desktop, see the screenshots

you can see too files Dump.exe and Dump.ini .The settings of the exe file will be present in the ini
file see the screenshot.

The line backup=d:\dinesh007
tells the system where to store contents of the inserted drive. Now see the line traymenu=1 here 1 means it will be shown in the tray as active if you set this value to 0 then it will be not shown in the system tray.Lets check its working or not I have inserted my friend suman's pendrive for testing lets the contents of it using Mycomputer now you can see  

there is folder called project.Now lets check our jamesbond folder whether it is copied or not see the screen.

WOW cool na .Let me know whether you like this trick or not …….
Download this tool here USB dumper .

Read rest of entry

phish or no phish identify fake | phising pages

Web is full of roses and thorns,in the present cyberage as number of people depending on net increasing Cybercrime is also increasing.One of the most common methods of cybercrime is social engineering where hackers chat with us nicely ,get all information about us finally kick us into their fakepage nets.Many of the present net users cannot distinguish the differnence between a Fakepage and a original page.To overcome this Versign  a company best known for SSL certificates developed a site called https://www.phish-no-phish.com/ .This site let us hone our skills in detecting the differences between a  phising site and a original site.
See the screens

I sincerely advise my readers to dive into the site and stay safe.

Read rest of entry

Use timestopper to use your trail software forever

With the growth of internet usage ,we are downloading more and more softwares.But we cannot afford to buy all of them,To get around this we can follow a simple trick i.e use a trail software as if it was a purchased one.Yes download any trialware of your choice and you can use it as long as u wish to.computer geeks in the olden days used to stop their system time to make the trail software work forever.But now softwares are smart enough,so the best way to trick them is by using a software called TimeStopper.
Follow these steps to work with TimeStopper our ultimate Timemachine
Step 1. Open Time Stopper
Step 2. Browse and select .exe of required trial software
Step 3. Choose the new date (Any date which occurs in between your trial software time period before expiration, suggestion: set it to two days before trial software expiration date.)
Step 4. Choose any time
Step 5. Click open software on your selected date

If you wish to create an icon for your modified trial software and do not want to open Time stopper every time then use last button in software to create new icon. open that trial software after that from that newly created icon always otherwise it can expire. Download this amazing software from here TimeStopper

Read rest of entry

How to send secret messages

Steganography is the art of sending secret messages in such way that apart from reciever and sender no other person can see the message.According to greek origin the word steganography means concealed writing  .Steganography is different from Cryptography in which the message is made unreadable by others except the reciever.But the existence of a message is known in Cryptography.
In olden days Steganography was most prevalent when a secret message has to be sent from one king to the other.They used wood carved with message ,concealed it in wax to send the message.Usually no suspicion arises when seen by a third person.Believe it or not Human urine was also used to send secret messages.

Read rest of entry

Recover lost password from windows xp

This tip is extremely useful both for noobs as well as system admins.Sometimes we set a  strong  password to our system so that nobody can trace it inturn. we dont remember it after coming from a vacation .Sometimes our friends or relatives who wanna play a prank on us may change the password . To help us in such situations ill tell u 2 tips to help us recover our lost passwords.

Read rest of entry

creating a customised user account

Many people create user accounts using useraccounts option present in controlpanel.............right
but do u know that we can create user accounts using command prompt? many noobs dont know this trick
so am making this tutorial for them.
To create an account using dos
follow these steps
1. goto run dialogue box or use this shortcut "windows key+r"
2.Type cmd and press enter
3.Now type c:\net user to see the list of accounts present in ur system.
4.Now create a user account that doesnt exist using
c:\net user batman xxx /add and press enter
command actually creates an account named batman with password xxx and /add
adds the user batman to the current users
5. Now u can confirm that whether this account has been added or not by issuing
c:\net user command again .which in turn displays list of user accounts present in ur system

Now comes the interesting part.............................................

let us consider a scenario in which u wanna create an account or user who can access the account
only in da specified days in a week and in da specified time then wat would u do ..................
confused ok let me tell u how u can do that easily
for example take da batman account that we hav created.I want to make restrictions on batman account such that he can access my system from "monday to sunday" and in between the timings
"10am to 1pm " because after 1pm i want another user to login this computer to learn his lessons.
to accomplish the above task

c:\net user batman /time: M-SU,10am-1pm

congrats you hav successfully created a customised user account

Read rest of entry

denial of services and their prevention

Taking advantage of a known problem with the Operating System or any running services on the target, a good programmer can build an application that sends some data that causes the targeted system to crash.

The worst case scenario is not when a hacker crashes a service, but when it finds a way to maximize the CPU usage causing a total malfunction on the system.

1. SYN Floods

You should know that when a client and a server want to transmit data over the TCP protocol, a three-way handshake occurs:

• The client asks for a connection with a SYN (synchronize) package
• The server replies to the client with a SYN-ACK (syn-acknowledgments)
• The client sends a third packages as a ACK and the transmission of the data starts.

The SYN flood works by sending SYN packets from false IP addresses (IP spoofing). The server replies to that false IP address with an SYN-ACK and then waits for ACK. Doing this many times will cause the server to end up in the impossibility of opening new connection, creating a network congestion.

Another SYN flood attack involves sending a packet to the server, spoofed with the server's address (let's say the server's IP is 192.168.1.20 then you send a SYN packet from 192.168.1.20 to 192.168.1.20). Repeating this many times will make the server sending SYN-ACK and ACK to itself, blocking it.

Patches to this kind of attack used a connection number limit from the same source/timeframe. SYN cookies also hold down the handling of the packets until the sender's IP address is verified.

2. SMURF attacks

In this kind of attacks a massive amount of ping traffic (ICMP echos) is sent to the broadcast address of the network. The source IP address is spoofed to look like the target's. If this traffic is forwarded to the network, all hosts will reply with an echo to the target, believing that they receive an echo request (PING) from it. In a large networks, a targeted server for example can be flooded by hundreds of replies at once. By sending the spoofed packet several times, the server will be flooded until it crashes from the overload.

This kind of attacks were mostly patched by making the routers not forwarding broadcast directed traffic to the network.

3. LAND attacks

LAND attacks take advantage of opened network services on the target. By using a port sniffer, opened ports and services are found out. Then spoofed packages are sent with IP address source the same as IP address destination (server's address) to make it reply to itself. Let's say for example that it uses SNMP (simple network management protocol - service used to report network and system's usage). By making a SNMP service to reply to itself continuously it finally crashes.

4. Ping of death

This type of DoS attack takes advantage of a known issue with Windows 9x and older NT stations, as well as Linux prior to 2.0.32. Many routers and printers older then 1998 are vulnerable to this too.
It works by sending a malformed format of a ping packet. Usually, ping packets are small-sized (like 32bytes or 64bytes by default). Older Operating Systems and other devices could not handle ping larger than the maximum IP packet size of 65535 bytes (defined by RFC 791). By sending a large packet or a malformed one, any system that doesn't know how to handle it crashes (eg. in Windows 9x a blue screen of death was generated).
Patches are available on the web for any old operating systems or devices.

5. Ping flooding

This is probably the simplest DoS attack that exists. It is also the most used. It works by overwhelming the target with echo requests (pings) having large packets. The target has it's bandwidth occupied by these requests already and floods itself by starting to reply back. Of course, the attacker must have a larger bandwidth than the target (for example flooding a dial-up user from a 1Mbps connection).
With the increase of the servers' bandwidth, this type of attacks became useless for an ADSL user for instance.
The "problem" was solved by using multiple hosts, creating the first DDoS attacks (distributed denial of service).
DDoS attacks work by owning let's say 50 boxes each with 1Mbps bandwidth. Then the attacker uses all of them to ping flood the target, creating a great amount of traffic on the host.
Stacheldraht for example is a console that connects to owned boxes running Stacheldraht server. It then coordinates the attacks from a single point.
The solution to this type of attacks is the firewall, which filters any echo replies from being sent. Of course, firewalls can be crashed as well.

6. Fraggle attacks

A fraggle attack takes place when an attacker send massive amount of UDP echo data to network broadcast addresses, using a the target's IP as the packet's source. All hosts reply to the target, flooding it. It usually uses UDP PORT 7 (echo). This code was written by the same person who written the smurf attack.

7. Teardrop attacks

This attack involves packets sent by the attacker to the target with oversized payloads. This exploits a bug in the TCP/IP protocol stack, crashing the system. Only Windows 3.11, 95 and Linux prior to 2.0.32 were vulnerable to this kind of attack.

8. Other type of attacks

Other type of attacks involve application flooding, like IRC bot raw line which usually crash Windows boxes running mIRC or any other client. These attacks are based on a greater number of raw socket transactions than a computer can handle.

HOW TO PROTECT YOUR COMPUTER FROM ATTACKS

First of all, firewalls (in networking) represent the virtual barrier between your computer and other parts of the network (usually the Internet).

From the home-users point of view, a software-type firewall represents the best choice. You should also know that hardware firewalls exist too in the form of dedicated equipments that are placed to form demilitarized zones (DMZ). That means that it forms a border between the local network and usually the Internet (depending on the needs). These equipments are expensive and require good configuration knowledge - that is why they are considered professional solutions implemented in large networks.
Overall, a firewall's main goal is to filter unwanted traffic that goes both in and out.

How does it do it?
Well firstly, a good firewall software will override application's permissions. This means that it will ask for your approval to allow an application to access the outer network. You can deny the access for the application that you don't want to send information over the network (useful when infected with a Trojan virus that will connect to other hosts and take control of your station). This rule is applied for all programs even usually trusted. In the picture bellow you have an example applied to Yahoo Messenger.

Secondly, a firewall blocks common DoS (Denial of Service) attacks - in theory - that are sent to your computer. This includes SYN floods, Ping of death and many other known attacks. It works by ignoring all traffic that resembles with a known pattern and further ignoring the sender for a period of time. I know that these kind of organized attacks look like a long shot, but you will be surprised to see how many scan your computer for different stuff and try to get access in. Here is part of a firewall log to get a picture of what's happening when connected to the Internet.

Another useful thing that a firewall usually does is filtering the ports. Usually if you have an application that acts like a server, it opens some ports (virtual access points for data) to listen for requests from the network. Someone could "plant" such an application in your PC without even knowing it. And if it's some kind of management software, an antivirus software would not find it suspicious and block it. By doing this, people can gain administrative access in your computer. A firewall will alert you whenever an application starts listening for connections from the network. This comes in two ways, of course. If you do have a server-type application like a FTP server or a remote administration tool, your firewall will usually block it by default. You have to search in the settings of the firewall (these menus come in different forms depending on the producer) and open that port manually. It's simple on most home-user dedicated firewalls.

If you don't use any firewall software you should get one as soons as possible. That if your computer is connected to any kind of network or the Internt, otherwise it's useless.

I personally recommend ZoneAlarm (it exists in freeware version and a paid one that comes with an antivirus too - you can get it fromhttp://www.oldversion.com/program.php?n=zalarm) or Sygate Personal Firewall (get it from http://www.oldversion.com/program.php?n=sygate).

After installing it, the first thing that you should do is to set up your program access rights. So when you are asked for confirmation (let's say) for Mozilla Firefox to access the Internet, click the options that tells to use this setting next time and accept it. It will never ask you again for that confirmation.

Read rest of entry

hide ur file in an image in a techy way using winrar

1. Gather the file you wish to bind, and the image file, and place them in a folder. I will be using C:\New Folder
-The image will hereby be referred to in all examples as fluffy.jpg
-The file will hereby be referred to in all examples as New Text Document.txt

2. Add the file/files you will be injecting into the image into a WinRar .rar or .zip. From here on this will be referred to as (secret.rar)

3. Open command prompt by going to Start > Run > cmd

4. In Command Prompt, navigate to the folder where your two files are by typing
cd location [ex: cd C:\New Folder]

5. Type [copy /b sun.jpg + secret.rar sun.jpg] (remove the brackets)

Congrats, as far as anyone viewing is concerned, this file looks like a JPEG, acts like a JPEG, and is a JPEG, yet it now contains your file.

In order to view/extract your file, there are two options that you can take

a) Change the file extension from sun.jpg to sun.rar, then open and your file is there
b) Leave the file extension as is, right click, open with WinRar and your file is there

Read rest of entry

Phishing "Protect urself from it" !

Phishing continues to be one of the most significant security threats facing Internet users. During 2007, scammers distributed millions of phishing scam emails that targeted many different entities. Phishing attacks are sure to continue in 2008 and scammers will use such attacks to steal money and identities from many new victims around the world. Armed with a little knowledge about how phishing scams work, however, you can ensure that you do not become one of these victims.

Phishing scammers continue to find new victims all around the world

A phishing scam is one in which victims are tricked into providing personal information such as account numbers, passwords and credit card details to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a "look-a-like" webpage that is designed to resemble the target company's official website. Typically, emails are used as "bait" in order to get the potential victim to visit the bogus website. The emails use various devious ruses to trick readers into clicking on the included links, thereby opening the bogus website. Information submitted on these bogus websites is harvested by the scammers and may then be used to steal funds from the user's accounts and/or steal the victim's identity.

Phishing scam emails are created to give the illusion that they have been sent by a legitimate institution. Emails may arrive in HTML format and include logos, styling, contact and copyright information virtually identical to those used by the targeted institution. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the institution's genuine website. However, one or more of the hyperlinks featured in the body of the email will point to the fraudulent website.

Links in phishing scam messages are often disguised to make it appear that they lead to the genuine institution site. The sender address of the email may also be disguised in such a way that it appears to have originated from the targeted company. Because they are sent in bulk to many recipients, scam emails use generic greetings such as "Dear account holder" or "Dear [targeted institution] customer". If an institution needed to contact a customer about some aspect of his or her account, the contact email would address the customer by name.

Phishing scam emails use a variety of ruses to explain why it is necessary for recipients to provide the requested information. Often, the messages imply that urgent action on the part of the recipient is required. Some of the most common ruses are listed below. The scam emails may claim that:

• The customer's account details need to be updated due to a software or security upgrade.
  
  
• The customer's account may be terminated if account details are not provided within a specified time frame.
  
  
• Suspect or fraudulent activity involving the user's account has been detected and the user must therefore provide information urgently.
  
  
• Routine or random security procedures require that the user verify his or her account by providing the requested information.

The entire purpose of a typical phishing scam is to get the recipient to provide personal information. If you receive any unsolicited email that asks you to click a link and provide sensitive personal information, then you should view the message with the utmost suspicion. It is highly unlikely that a legitimate institution would request sensitive information in such a way. Do not click links or open attachments in such messages. Do not reply to the senders. If you have any doubts at all about the veracity of the email, contact the institution directly to check.

This article focuses primarily on email based phishing. However, it should be noted that phishing attacks on social networking sites are also becoming more common. Scam messages may be posted as comments or via personal message systems on social networking sites such as Facebook and MySpace. The messages often contain seemingly innocent invitations to click an included link to view images or read member profiles. However, clicking links in these bogus messages will open a fake version of the social networking site's login page. Victims who login to the fake page will be inadvertently sending their login details to scammers who will then have complete access to their accounts.

Generally speaking, people become victims of phishing scams simply because they do not know how such scams operate. You can help by ensuring that friends and colleagues are aware of such scams and what to do about them. The power of such "word-of-mouth" education is substantial. You CAN make a difference by sharing your knowledge of phishing scams with other Internet users.

Protect Yourself

Rather than using the provided link in the email, you should copy the link and email it to the legitimate company or business, asking if the email is legitimate. If it is frudlante this could help shut down phisher faster.
Only use the address that you have used before, or start at your normal homepage.
Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the Website address.


if u wont believe this then ill show u a demo
http://link-protector.com/656695/

try this friends

Read rest of entry