Posts

Showing posts from 2012

Access Your Facebook Account with 3 Passwords

Image
Did you know that you can login to your Facebook account using 3 different passwords? Seems interesting isn’t it? Yep! Unlike any other online account which has only one password to access, Facebook lets you log in using 3 different variants of your password. Only a few Facebook users are aware of this fact, but for many others, this might seem a bit surprising. Facebook accepts the following forms of your password: 1. Your Original Password Let me explain this to you with the following example. Assume that your default Facebook password that you created during the sign-up process is: 2. Password with the Case Toggled In the above password the letters ‘F’ and ‘P’ are in uppercase and the remaining are in the lowercase. If you TOGGLE the case where all the UPPERCASE characters are converted into the lowercase and vice versa, your default password “myFacebookPass” would become: Now if you log in using the above toggled password, your Facebook will accept it

Computer Cookie - Working, Vulnerability and Security

Image
Computer cookies are small piece of information in text format that’s sent to an web browser by an web server. This information can be accessed either by the web server or by the client computer. Cookie information can be used for authentication, identification of a user session, user's preferences, shopping cart contents, or anything else that can be accomplished through storing text data. What are the types of Cookie? Session cookie Persistent cookie Secure cookie HttpOnly cookie First-Party Cookie Third-Party Cookie Super cookie Zombie cookie Unsatisfactory Cookie Role of Cookie in Internet Session Management Session management is the process of keeping track of a user's activity across sessions of interaction with the computer system. Personalization Cookies may be used to remember the information about the user who has visited a website in order to show relevant content in the future. For example a web server may send a cookie containing the

SQL Injection Using Havij Tools

Image
SQL injection is a code injection technique that exploits a security vulnerability in a website's software . It is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL

Google Dork For "Remote File Inclusion"

Image
Google dork s are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking. Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. List Of Google Dork For Remote File Inclusion: inurl:rte/my_documents/my_files inurl:/my_documents/my_files/ inurl:/shoutbox/expanded.php?conf= inurl:/main.php?x= inurl:/myPHPCalendar/admin.php?cal_dir= inurl:/index.php/main.php?x= inurl:/index.php?include= inurl:/index.php?x= inurl:/index.php?open= inurl:/index.php?visualizar= inurl:/template.php?pagina= inurl:/index.php?pagina= inurl:/index.php?inc= inurl:"index.php?page=contact.php" inurl:"template.php?goto=" inurl:"video.php?content=" inurl:"pages.php?p

List of F1-F9 Key for cmd prompt

List of F1-F9 Key Commands for the Command Prompt F1 / right arrow: Repeats the letters of the last command line, one by one. F2: Displays a dialog asking user to "enter the char to copy up to" of the last command line F3: Repeats the last command line F4: Displays a dialog asking user to "enter the char to delete up to" of the last command line F5: Goes back one command line F6: Enters the traditional CTRL+Z (^z) F7: Displays a menu with the command line history F8: Cycles back through previous command lines (beginning with most recent) F9: Displays a dialog asking user to enter a command number, where 0 is for first command line entered. Alt+Enter: toggle full Screen mode. up/down: scroll thru/repeat previous entries Esc: delete line Note: The buffer allows a maximum of 50 command lines. After this number is reached, the first line will be replaced in sequence. Helpful accessibility keyboard shortcuts Switch FilterKeys on and off. Right SHIFT for eight seconds

NetBruteScanner (hack tools)

Image
NetBrute scans a range of IP addresses for shared resources that have been shared via Microsoft File and Printer Sharing. In addition, any SMB compatible shared resources will show (i.e. Samba Servers on a Unix/Linux machine). It is to be used by system administrators or home users to see what types of resources are shared and to warn the computer users if any unsecured resources are displayed. Ideally, only folders and printers should be shared if it is intended for the whole world to access them. If the folders and printers are not intended for the whole world, then passwords should be applied to the resources.  WebBrute attempts a brute force userid and password attack on an HTTP Authenticated web site that is using "Basic Authentication". It is to be used by webmasters or system administrators to test the strength of their userid and password scheme on Basic Authenticated web sites. Ideally, all passwords will be at least eight characters

OstroSoft Internet Tools (hack tools)

Image
OstroSoft Internet Tools is integrated set of network information utilities. It is intended for use by network, domain and systems administrators, network security professionals, Internet users and everyone who wants to know more about network and Internet. It gives you such vital information as: which computers on domain are running specified service - for example: how many newsservers are available on domain (Domain Scanner) what network services are running on specified computer (remote or local) - for example: Web server, telnet, mailserver, FTP, finger, etc. (Port Scanner) let you test if remote host is running, accessible from your system, and how long it takes to reach it (Ping) shows you the path TCP packet takes from your system to remote host (Traceroute) shows you the information about active connections on you computer (Netstat) resolves host names to IP addresses and vice versa (Host Resolver - dns) returns contact information (address, phone, fax, adm

Colasoft MAC Scanner (hack tools)

Image
 Colasoft MAC Scanner allows to scan the network and get a list of MAC addresses along with IP address, machine name, and manufacturer's information. It can automatically detect all subnets according to the IP addresses configured on multiple NICs of a machine. It supports multi-threaded scanning.  Click to download

How to Disable the Ability to Right Click on the Desktop ?

Image
This tweak removes the context menu that would normally appear when the user right clicks on the desktop or in the Explorer right results pane. Open your registry and find the key below. Create a new DWORD value, or modify the existing value called 'NoViewContextMenu' using the settings below. Exit your registry, you may need to restart or log out of Windows for the change to take effect. Settings: User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer] System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer] Name: NoViewContextMenu Type: REG_DWORD (DWORD Value) Value: (0 = disabled, 1 = enabled)

Httprint (hack - fingerprinting tool)

Image
    Introduction httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. More details on how httprint works can be found in the Introduction to HTTP fingerprinting paper. It is printer-friendly.   Features Identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules such as mod_security.c or by commercial products such as ServerMask.