Disqus for Cyber Fort

Showing posts with label network. Show all posts
Showing posts with label network. Show all posts

Tuesday, 4 March 2014

Change Your IP in Less Then 1 Minute

1 Comment


1. Click on “Start” in the bottom left hand corner of screen
2. Click on “Run”
3. Type in “command” and hit OK
 You should now be at an MSDOS prompt screen.
4. Type “ipconfig /release” just like that, and hit “enter”
5. Type “exit” and leave the prompt
6. Right-click on “Network Places” or “My Network Places” on your desktop.
7. Click on “properties”
You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on “Local Area Connection” and click “properties”
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab.
10. Click on “Use the following IP address” under the “General” tab.
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
13. Hit the “Ok” button here.
14. Hit the “Ok” button again.
You should now be back to the “Local Area Connection” screen.
15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings.
17. This time, select “Obtain an IP address automatically” tongue.gif
18. Hit “Ok”
19. Hit “Ok” again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.

NOTE:- This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back.

more info- Ezivera 
Read More

Thursday, 27 February 2014

“Outernet”a project to provide free wi-fi to entire world from space

2 Comments

Washington:  A US company is planning to build an 'Outernet - a global network of cube satellites broadcasting Internet data to all the people on the planet - for free.

The idea is to offer free Internet access to all people, regardless of location, bypassing filtering or other means of censorship, according to the New York based non-profit organisation, Media Development Investment Fund (MDIF).

MDIF proposes that hundreds of cube satellites be built and launched to create a constellation of sorts in the sky, allowing anyone with a phone or computer to access Internet data sent to the satellites by several hundred ground stations.


The organisation claims that 40 per cent of the people in the world today are still not able to connect to the Internet - and it's not just because of restrictive governments such as North Korea - it's also due to the high cost of bringing service to remote areas, 'phys.org' reported.


An Outernet would allow people from Siberia to parts of the western US to remote islands or villages in Africa to receive the same news as those in New York or Tokyo.

The Outernet would be one-way - data would flow from feeders to the satellites which would broadcast to all below.

MDIF plans to add the ability to transmit from anywhere as well as soon as funds become available.

MDIF has acknowledged that building such a network would not be cheap. Such satellites typically run $100,000 to $300,000 to build and launch.


How Does It Works ?

Outernet consists of a constellation of hundreds of low-cost, miniature satellites in Low Earth Orbit. Each satellite receives data streams from a network of ground stations and transmits that data in a continuous loop until new content is received. In order to serve the widest possible audience, the entire constellation utilizes globally-accepted, standards-based protocols, such as DVB, Digital Radio Mondiale, and UDP-based WiFi multicasting.


According to MDIF, Hundreds of cube satellites to be built and launched to create a constellation of sorts in the sky, which allow anyone to connect with the Internet through Mobile or Computer. Still today 40%  of the people in the world are there who are not able to connect to the Internet, due to several reasons includes restrictive government rules, high cost of bringing service to remote areas. An Outernet would allow people from Siberia to parts of the western US to remote islands or villages in Africa to receive the same news as those in New York or Tokyo. The Outernet would be one-way – data would flow from feeders to the satellites which would broadcast to all below. MDIF also waiting for the funds, after that it will be able to transmit from anywhere. According to MDIF, such type of networks cost $100,000 to $300,000 to build and launch, well it’s not a cheap amount. Currently the organization plans to have prototype satellites ready in June with initial deployment happening mid-2015. 

Read More

Thursday, 20 February 2014

Which Browser Is Better for Privacy And for Security Purpose

Be The First To Comment

Dear Lifehacker, 
With Firefox getting ads and Chrome extensions spying on me, is there really one browser that's better than the others when it comes to privacy? Does it matter if I use something like Opera or Safari instead? Is my browser watching what I'm doing and reporting back? P
That's a great question, and the answer isn't as clear cut as you might think. Different browsers handle user data in different ways, and when you toss add-ons and extensions into the mix, the picture changes even more. Let's take a look at some of the most popular browsers from a privacy angle, and see who has your back when it comes to tracking—or not tracking—what you do online. 

Chrome, and Google's Position on Browser Privacy

Google Chrome, being the dominant web browser in most of the world, has taken a few hits lately in the privacy department. Between adware-filled extensions and microphone-listening exploits, It might look like Chrome has privacy problems. However, both of those issues are third parties using a combination of built-in features and user trust to spy on them—it has nothing to do with the browser itself. We'll get to how third parties play into things a little bit later, but first, let’s talk about Chrome on its own.

Firefox, and the Mozilla Foundation


Firefox has long been touted as the best browser for privacy. It's open source, managed by the non-profit Mozilla Foundation (of which, it should be noted, Google is an investor), and is at the core of most privacy-focused browsers (like the previously mentioned Tor Browser Bundle). Even on the mobile side, Firefox for Android is open source and its code available to anyone who wants it. By most accounts, Mozilla is completely above board with what Firefox does, and the Foundation doesn't trade in user data, so there's no reason for them to harvest it.

What About Opera, Safari, and Internet Explorer?

So if you don't use Firefox or Chrome, where does that leave you? We asked the EFF, but none of their experts had any knowledge when it came to browsers that weren't Chrome or Firefox. They did, however, note that privacy advocates generally prefer open source browsers like over closed-source, proprietary ones like Apple's Safari and Microsoft's Internet Explorer. The EFF praised both however for pioneering their own privacy features, like Safari's 3rd party cookie blocking and IE's Tracking Protection Lists. Still, the fact that you can't see under the hood and that neither have developer APIs makes them tough to analyze. 

The Bottom Line: No, Your Browser Doesn’t Make a Huge Difference

So where does that leave us? Well, your browser is probably sending some information back to the company that created it, but that information is explicitly used to support the features you have turned on. As long as you trust the developer behind your favorite browser, this isn't an issue. Bonus: there's nothing dangerous or invasive about using Chrome sync or Firefox sync.


Read More

Thursday, 13 February 2014

Top 10 Best Firefox Add-ons of 2014

Be The First To Comment
Firefox is one of the best browsers out there. If used correctly, the effect can be pretty awesome. Let's have a look below for 12 addons which can help you improve the usage of Mozilla Firefox.

1.Collusion:

allows you to see which sites are using third-party cookies to track your movements across the Web. It shows, in real time, how that data creates a spider web of interaction between companies and other trackers.

2.URL Fixer

corrects typos in URLs that you enter in the address bar. For example, if you type google.con, it will correct it to google.com (asking first, if you enable confirmation). One reviewer of this add-on says it’s a “huge time saver” — and who doesn’t need to save time?

3.PearlTrees.


Collect, organize and share everything you like with your new visual and social library. Pearltrees’ unique visual interface lets you have all your interests at hand and inspires you with other’s collections.

4.TwitBin.

It allows you to keep up with all of your Twitter conversations right from your browser sidebar. Send messages, receive messages, share links, and more

5.Memonic Web Clipper,

which lets you capture content snippets on any page and choose sections of websites to save, share and discuss with friends. Keep more than just links: Save the essential content snippets and use them on any computer or mobile. Memonic combines the advantages of bookmarks with your private online notebook

6. 365scores Notifier

lets you get all the scores, updates and other information about your favorite teams in real time.

7.Do Not Track Plus

Firefox already has a feature called Do Not Track, which allows you to tell Websites not to track your online activity

8. Cheevos for Firefox


Want to learn about Firefox and brag to your friends about your pro-level Web surfing? May’s add-on choice Cheevos for Firefox— gets you there. With this add-on you gain achievements for using Firefox, whether it’s finding hidden Easter eggs within the product, or taking advantage of the power of the browser. It makes using the web more fun

9.Tab Badge,

which gives an alert on any one of your open tabs letting you know when there’s something new on that page.

10. Fabtabs

It was a big hit with Firefox users. By taking a small screenshot of the website you are currently viewing, and calculating the most commonly used color from that screenshot, Fab Tabs tries to take the one essential color from the website and apply it to the tab to not only makes your tabs look fabulous, but to help you navigate your tabs visually.



You may downloads all the addons from here:
https://addons.mozilla.org/en-US/firefox/


Read More

Sunday, 26 January 2014

Common Methods to Hack a Website

2 Comments
Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.


The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. 
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.


In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:

' OR 1=1 double-dash-txt.png 

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username =USRTEXT ' 
AND password = ‘PASSTEXT
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '
Two things you need to know about this:
['] closes the [user-name] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc. 
Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go to hack a Bank! 

Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidentlyBut the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.

Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack )


A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking




Cookie Poisoning:



Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");


It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'


and so on...

You may have to try 13 things before you get it completely right...

Password Cracking


Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. 
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Know more about Brute force attack

A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes. 

hope u like this article...
Read More

Thursday, 9 January 2014

Why You Should Learn to Run a Server Before You Learn to Code

1 Comment

server

To the disappointment of everyone who wants to learn to code so they can get rich or powerful, developer Dave Winer tells us that's probably not going to happen. He lists good reasons why you might want to learn to code, but recommends you learn to run a server first.


Learning to code is good if you have a calling, if you feel it's what you must do to express yourself. If you have ideas that you can implement in code that no one else is doing. Or if you just love the puzzles that programming is constantly presenting you with. You have to have a certain amount of self-hatred to love programming, between, because it's a grind. And to do it well you have to have a lot of all of these things.
You might think that by learning to code you get to be the Man Behind the Curtain, the all-powerful person who makes the digital world work. But that's not what coding is about. If you want power, and I've said this many times — rather than learn to code — first learn to run a server. That's real power. And it's far easier than programming.


Plus, running a server, Winer says is a gateway into programming. 
This advice echoes a previous perspective about learning to work with technology 
(only it's less dismissive of the benefits of learning to code).

Learning to code will not make you rich
 (or particularly powerful) | Scripting News

Photo by gruntzooki.

Read More

Thursday, 2 January 2014

Top 10 Threat Predictions for 2014

1 Comment
During the past few years, security threats and actual breaches have grown exponentially. Malware has gone mainstream, social engineering has become far more sophisticated, high-profile database hacks have become disturbingly common, and distributed denial-of-service (DDoS) attacks have rocked businesses across a wide range of industries. These attacks have rendered countinue ...

Android Malware Will Expand

As the Android OS takes root in game consoles, wearable devices, home automation equipment and industrial control systems, malware will appear on these devices.

Use of Encryption Will Increase


Fears that critical data and intellectual property could be compromised or stolen through malware or government eavesdropping will lead to an uptick in the use of encryption.



Shutting Down Botnet Operators

Law enforcement will broaden its scope and focus on a broader set of global cyber-targets, including botnet operators and individuals selling cyber-crime services.

Battling for the Deep Web


Improved versions of anonymous services and file-sharing  applications will grow, and it will become more difficult to infiltrate and take down these systems.


Targetig Off-Net Devices
Cyber-crooks will target infrastructure over desktops. The first generic exploitation frameworks and mass malware agents for home devices will appear.



Becoming More Transparent

On the heels of an FTC crackdown in 2013, network security vendors will face increased scrutiny and accountability.



Botnets Will Migrate


Cyber crooks will transition from a traditional client-server botnet approach to a P2P strategy that makes it more difficult to dismantle and disrupt their activities.


Botnets Will Cross-Breed

Increasingly sophisticated botnets will seek out other botnets and cross-infect with them to more effectively increase their base of machines.


More Attacks on Windows XP

When Microsoft stops supporting Windows XP on April 8, newly discovered vulnerabilities will not be patched, and systems will become vulnerable.

Biometrics Will Increase

The use of two-factor authentication and biometric methods—including tattoos, iris scanning and facial recognition—will grow.
Read More

Thursday, 12 December 2013

[THC-Hydra v7.5] Fast network logon cracker

1 Comment
CHANGELOG for 7.5

        * Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
        * Added module for Asterisk Call Manager
        * Added support for Android where some functions are not available
        * hydra main:
           - reduced the screen output if run without -h, full screen with -h
           - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
           - fixed -o output (thanks to www417)
           - warning if HYDRA_PROXY is defined but the module does not use it
           - fixed an issue with large input files and long entries

        * hydra library:
           - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
           - removed support for old OPENSSL libraries
        * HTTP Form module:
           - login and password values are now encoded if special characters are present
           - ^USER^ and ^PASS^ are now also supported in H= header values
           - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\
        * Mysql module: protocol 10 is now supported
        * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance.
        * Cisco module: fixed a small bug (thanks to Vitaly McLain)
        * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

 You can also take a look at the full CHANGES file

Download THC-Hydra v7.5


1. The source code of state-of-the-art Hydra: hydra-7.5.tar.gz
    (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, etc.)

 2. The source code of the stable tree of Hydra ONLY in case v7 gives you problems on unusual and old platforms: hydra-5.9.1-src.tar.gz

 3. The Win32/Cywin binary release: --- not anymore ---
    Install cygwin from http://www.cygwin.com  and compile it yourself. If you do not have cygwin installed - how do you think you will do proper securiy testing? duh ...


Read More

Saturday, 30 November 2013

Download Torrent Files With IDM

Be The First To Comment


Torrent use is very popular these days. Whether you want to download a large file, or even a small one, you can use a torrent to download your desired file. In order to download the files, you need seeders and leaches. The more seeders, the better because you get faster download speed. The lower the seeders and leaches count, the slower the speed.

IDM is a very popular download client that helps you download many files at once, but also accelerates the download process. If you especially want to download very large files, IDM can come in very handy because it separates the file(s) into parts and downloads the smaller parts in accelerates rate. Once everything is downloaded, the smaller files are put back together into the original file you intended to download. Fairly simple, right? Now let to know..
How you can Download Torrent Files With IDM 

Follow below steps to Download Torrent Files With IDM

Step 1: 

Select any Torrent download client such as utorrent or Bittorrent You can use these clients to download the Torrent files onto your computer.

Step 2: 

Go to a Torrent uploading site such as ExtraTorrent or zBigz. In this step, you will be uploading the Torrent you downloaded earlier.

Step 3: 

Upload the Torrent using the sites stated in the previous step, or if you have a site of your choosing, go from there. Make sure to use the “Free” uploading option. Assuming that you don’t want to pay for an account, just go with the free option. Do note that if you go with the free option, there are limitations set by the website. If you go with a premium account, some extra perks are provided.
Depending on how big the Torrent is, that’s how long it may take to upload. It also depends on how fast your Internet connection is. The faster your connection is, the faster the upload speed will be.

Step 4: 

Once you have uploaded the Torrent, there should be an option for you to “ZIP” the Torrent. Normally, there will be extra options to download the contents of the Torrent file individually, but for now, lets go with the “.zip” option.

Step 5: 

Once everything has been zipped in the “.zip” format, hit download. Internet Download Manager should pop up and automatically take over the download process instead of your browser.

This may seem like a bit tedious process, but it’s well worth knowing that you can download the Torrent through a ZIP file format without having to worry about increasing or decreasing connection speed. More people these days are using this process in order to speed up downloading and uploading of Torrents.

read more:-    How To Increase Download Speed of IDM using IDM Optimizer

Read More