Disqus for Cyber Fort

Showing posts with label website. Show all posts
Showing posts with label website. Show all posts

Friday 18 October 2013

Bypass Any PHONE and SMS Verification Code Of Any Website

Be The First To Comment

shubucyber


In this artical i'll give you to get a free virtual number that can be used for reviving sms and sending SMS. You don't need to verify by email. You can create unlimited phone numbers, and the numbers will never expire, when they are in use.


shubucyber

 

Guide :-

Step 1:

First, you have to go to: Textfree Web for Free Unlimited Texting
http://goo.gl/S22st5 From Your Computer. Now from there, create an account. By clicking >> Signup FREE and then filling out the form.

Step 2:

Now login, into your account. When you have to enter the zip code, enter something like this 10453. At entering the age, just enter some random age.
Now choose a number and then hit >> Confirm.

Step 3:

Now click on >> Options. From there you can copy your phone number. Use this to bypass any SMS verification.

Thank you! Hope this article is helpful for you all guyzz. "HAPPY HACKING"
 
Read More

What Is Denial Of Service (DOS) attack ?

Be The First To Comment
shubucyber




It is an internet attack, where an attacker request a large number of connection to an internet server, through the use of an improper protocol. The attacker can leave a number of connections half open most system can handle only a small number of half open connection before they are no longer able to communicate with other system on the net, this attack completely disable the internet server.

          "OR"          You can say that, In this attack we use so much memory on the target system that it can serve the legitimate user.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Increasingly, DoS attacks have also been used as a form of resistance. DoS they say is a tool for registering dissent. 

Richard Stallman has stated that DoS is a form of 'Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

shubucyber


The list of DDoS attack victims includes some pretty major names. Microsoft suffered an attack from a DDoS called MyDoom. Crackers have targeted other major Internet players like Amazon, CNN, Yahoo and eBay. The DDoS names range from mildly amusing to disturbing :-

Ping of Death - bots create huge electronic packets and sends them on to victims.

Mailbomb - bots send a massive amount of e-mail, crashing e-mail servers.

Smurf Attack - bots send Internet Control Message Protocol (ICMP) messages to reflectors, see above illustration.

Teardrop - bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result.

Once an army begins a DDoS attack against a victim system, there are few things the system administrator can do to prevent catastrophe. He could choose to limit the amount of traffic allowed on his server, but this restricts legitimate Internet connections and zombies alike. If the administrator can determine the origin of the attacks, he can filter the traffic. Unfortunately, since many zombie computers disguise (or spoof) their addresses, this isn't always easy to do.
 
Read More

Monday 14 October 2013

Banksy sells art works for $60 in New York's Central Park

Be The First To Comment
Banksy sells art in New York's Central Park on Oct. 12, 2013. / BANKSY
Banksy, the elusive British graffiti artist who has taken up a month-long residency in New York, sold a few of his pieces on the cheap over the weekend.
And by cheap -- we mean $60 apiece. This is the same artist who has sold his art for thousands of dollars, sometimes hundreds of thousands.
Banksy revealed on his website that he had set up a table in New York City's Central Park on Saturday with original signed pieces. "Yesterday I set up a stall in the park selling 100% authentic original signed Banksy canvases. For $60 each," he wrote. But they weren't there for long, apparently. "That stall will not be there again today," he wrote Sunday.
Banksy had an elderly man set up shop at the stall, and according to a video posted on the artist's website, it took about four hours before the man made his first sale. A sign read: "Spray Art. $60."
"A lady buys two small canvases for her children, but only after negotiating a 50% discount," Banksy wrote on the video; the New Zealand woman bought two signed Banksy pieces for $120.
Banksy, who hasn't revealed his real name, has been in New York over the past week or so, creating art on the streets of New York. The results have been showing up all over social media.
Banksy was behind the 2010 Oscar-nominated documentary, "Exit Through the Gift Shop."
© 2013 CBS Interactive Inc. All Rights Reserved.
Read More

Saturday 5 October 2013

Attacking the Domain Name System (DNS) Protocol

Be The First To Comment


dns attack

DNS Overview :-

DNS is a heavily used protocol on the Internet yet has numerous security considerations. This paper whilst containing nothing new on DNS security brings together in one document many strands of DNS security which has been published and reported in many separate publications before. As such this document intends to act as a single point of reference for DNS security. This paper contains some basic and advanced level attacks.

Attacking the DNS Protocol :-

DNS stands for Domain Name System and it is used to resolve domain names to IP addresses and vice versa. A DNS server will listen on UDP port 53 for name resolution queries and TCP port 53 for zone transfers which are conducted most typically by other DNS servers. Estimates put DNS as occupying almost 20% of all Internet traffic.

The Berkley Internet Name Service (BIND) is the most common form of DNS server used on the Internet. BIND typically runs on UNIX type systems. The DNS server stores information which it serves out about a particular domain (also referred to as a namespace) in text files called zone files.

A DNS client runs a service called a resolver. The resolver handles all interaction with the DNS server in order to resolve names to IP addresses using what are called records. There are many types of records, but the most common are A, CNAME and MX records.

A client (the resolver) maintains a small amount of local cache which it will refer to first before looking at a local static host’s file and then finally the DNS server. The result returned will then be cached by the client for a small period of time.

When a DNS server is contacted for a resolution query, and if it is authoritative (has the answer to the question in its own database) for a particular domain (referred to as a zone) it will return the answer to the client. If it is not authoritative for the domain, the DNS server will contact other name servers and eventually it will get the answer it needs which is passed back to the client. This process is known as
recursion.

Additionally the client itself can attempt to contact additional DNS servers to resolve a name. When a client does so, it uses separate and additional queries based on referral answers from servers. This process is known as iteration. Generally recursion is the most common form of resolution used.

DNS Man in the Middle Attacks – DNS Hijacking :-

If an attacker is able to insert himself between the client and the DNS server he may be able to intercept replies to client name resolution queries and send false information mapping addresses to incorrect addresses. This type of attack is very much a race condition, in that the attacker needs to get his reply back to the client before the legitimate server does. The odds may be stacked in the favour of the client as a number of recursive queries may need to be made and the attacker may be able to slow the client’s primary DNS server down by using a denial of service attack.

Read More

Biggtest Cyber Attack In History Slows Down The Global Internet

Be The First To Comment
biggtest cyber attack in history slows down the global internet on march 29, 2013


attack on WWW

The internet around the globe has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

“Based on the reported scale of the attack, which was evaluated at 300 Gigabits per second, we can confirm that this is one of the largest DDoS operations to date,” online security firm Kaspersky Lab said in a statement, “There may be further disruptions on a larger scale as the attack escalates.”

 It is having an impact on popular services like Netflix – and experts worry it could escalate to affect banking and email systems.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists – a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Spamhaus said it was able to cope as it has highly distributed infrastructure and technology in a number of countries.

Read More

Saturday 17 August 2013

Email Spoofing – Basic Policies to Keep You Safe

Be The First To Comment
Your PayPal account has been locked!

Confirm your Bank Information Now!
You’ve Received a Secure Fax From The IRS.
Email spoofing  is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
A number of measures to address spoofing are available including: SPF, Sender ID, DKIM, and DMARC. Although their use is increasing, it is likely that almost half of all domains still do not have such measures in place. Email spoofing, the process of sending emails designed to appear as if they were sent by another sender, is certainly not a new method of distributing malware that harvests personal information or financial data. Each year, potentially hundreds of new spoofing schemes appear, ranging from emails claiming to contain faxes from the IRS to videos of social events such as the Boston marathon bombing.
email securityMere hours after the recent Oklahoma tornadoes, the various email traps (often referred to as SpamPots, a take on the term HoneyPot) used by the StopSign research and development team to collect samples and monitor trends had already seen several large surges of emails attempting to capitalize on the disaster, almost all of which containing attached viruses or links to malicious web sites.
There are several key actions you can take to protect yourself.
  • Don’t Click the Link — If a bank or merchant needs your information, you will always be able to enter it directly on their website, logging in as you normally would.
  • Don’t Open the Attachment — If you are not expecting an email attachment, or if it seems out of character for the sender, don’t open the attachment, even if the sender is someone you know personally.
  • Update Your Virus Scanner — Even emails you were expecting, and from people you know and trust, can contain viruses and links to malicious sites the sender may not have noticed.
Scanning every unknown file is always good policy, regardless of its origin. Even large corporations, which may rely on the browsing and email habits of hundreds if not thousands of people, are not free from the risk of infection. On more than one occasion, history has even seen companies accidentally distribute viruses via CD and even seemingly harmless devices containing flash memory. You can safeguard your own computer, but you can never account for another’s actions.
When an SMTP email is sent, the initial connection provides two pieces of address information:
  • MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user,and by default no checks are done that the sending system is authorized to send on behalf of that address.
  • RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header.
Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope.
Once the receiving mail server signals that it accepted these two items, the sending system sends the "DATA" command, and typically sends several header items, including:
  • From: Joe Q Doe <joeqdoe@example.com> - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.
  • Reply-to: Jane Roe <Jane.Roe@example.mil> - similarly not checked
The result is that the email recipient sees the email as having come from the address in the From: header; they may sometimes be able to find the MAIL FROM address; and if they reply to the email it will go to either the address presented in the MAIL FROM: or Reply-to: header - but none of these addresses are typically reliable
Safe browsing!. is my responsibility to keep u more secure ...
 
Read More

Monday 22 July 2013

How to find a Vulnerable Website

Be The First To Comment
Website Security is a major problem today and should be a priority in any organization or a webmaster, Now a days Hackers are concentrating alot of their efforts to find holes in a web application, If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers. Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start Hacking

 Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI) 
4.Directory Traversal attack 
5.Local File inclusion(LFI)
6.DDOS attack

I have explained some of these methods in my post "Common methods to hack a website"

Tools commonly used to find a vulnerable website

1.Acunetix


Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.





2.Nessus



Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file securitychecks a client/server architecture with a GTK graphical interface etc.




Download Nessus from the link below


3.Retina-



Retina is another Vulnerability Assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.




Download Retina from the link below



4.Metasploit Framework 




The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.



Download Metasploit from the link below :




hope u like this post...pls leave comment
Read More