Wednesday, June 29, 2011

Password Breaking/Creaking...........Starting

In the next post i am show u how to break encrypted password by using cain and abel

So firstly install Cail and Abel in your System.............which i explained previous articles............
Posted by at No comments:

How you ................Identify your encrypted password ??????

Identify your encrypted password:
  1. MD5 hashes are 32 characters long
  2. SHA-1 hashes are 40 characters long and consisted by a/A-f/F and 0-9
  3. Base 64 is really easy to identify because, usually it has equals(==) at the end of the hash
  4. Megan-35 passwords have the number "5" in their last digit
  5. Feron-74 hashes usually have "4" in their last digit
  6. Shadow hashes have the dollar ("$") sign among them.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 
"Decrypting" Encrypted Strings:
 
  1. Cain&Able
  2. You can use sites which offer online decrypting service such as:
- Crypo
- HackersCoID
- PassCracking ( for MD5 ++)
- MD5Cracker ( Multiple MD5 Decrypting sites in one
- MD5Decrypter ( For MD5, NTLM and SHA1 Decrypting )
- ( For More Sites you may search on google...)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Example :
 
Encrypted hash = gA3KBenufgZDfKOx8N3ABNhifgfDA+1kgO3cXNFU8IYCXNee8A3ABzFig0zdf7GG
 
Encrypted with: MD5 > Base-64 > GILA-7
 
So we will reverse Decrypt it
GILA-7:
gA3KBenufgZDfKOx8N3ABNhifgfDA+1kgO3cXNFU8IYCXNee8A3ABzFig0zdf7GG
 
Decrypted GILA-7:
MWE3OWE0ZDYwZGU2NzE4ZThlNWIzMjZlMzM4YWU1MzM=
 
Encrypted Base-64:
MWE3OWE0ZDYwZGU2NzE4ZThlNWIzMjZlMzM4YWU1MzM=
 
Decrypted Base64:
1a79a4d60de6718e8e5b326e338ae533
 
MD5:
1a79a4d60de6718e8e5b326e338ae533
 
Decrypted MD5:
example
Posted by at 1 comment:

Tuesday, June 28, 2011

Domain Hijacking – Part(2)



How the domain names are hijacked


To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.


How to protect the domain name from being hijacked


The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.
Posted by at No comments:

Sunday, June 26, 2011

Domain Hijacking – How to Hijack a Domain

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows


Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked


Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.
Posted by at No comments:

Tuesday, June 21, 2011

Tutorials Joomla 1.6 Content Management System (CMS) ......... Part--1

Dear Friends,

I am starting Joomla 1.6 CMS tutorials series.By using Joomla you can create any type of website with minimun efforts within short time period. Three are mainly three popular types of CMS Joomla,Wordpress and Durpal.
Firstly we start from Joomla 1.6 and further we complete Wordpress and Durpal.There are two versions of Joomla 1.5 and 1.6.Joomla 1.6 is the latest one,so we start  Joomla 1.6.

Step 1 :

Download Joomla 1.6 from http://www.joomla.org/

Step 2 :

Download WAMP from www.wampserver.com/en/

Step 3 :

Install WAMP Server on any drive C,D,E,F etc.

Step 4 :

After Installing Wamp Server  firstly run wamp server then your web  browser (IE,Mozzila Firefox,Google Chrome etc.)  then type localhost and press enter key.

Goes to the directory where you install Wamp Server. In this directory there is wamp folder after open this you get many folders including www then open www folder and extract Joomla Setup files here . After that again open web browser and type localhost after that you find joomla setup instruction .Then press next fill that information which it requires  and joomla instlation is complete.


Thanks if you have any query plz write to me or comment........
Posted by at No comments:

Sunday, June 19, 2011

Why folders with the name CON can’t be created in Windows??????

Some people don’t know why they can’t create it?
Very few know that they can still create it someway. But don’t know why are they supposed to do exactly like that.
Now, After reading this tutorial, you will become one of the rest
__________________________________________________ _________________________
Type 1:
Not only CON, we cannot create any of these
CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9 and more
The reason is that con, prn, lpt1..lpt9, etc are underlying devices from the time dos was written. so if u r allowed to create such folders, there will be an ambiguity in where to write data when the data is supposed to go to the specified ugydevices. In other words, if i want to print something, internally what windows does is — it will write the data to the folder prn (virtually u can call it a folder, i mean prn, con, etc are virtual folders in device level). So if we are able to create con folder, windows will get confused where to write the data, to virtual con folder or real one.
So Now, Try this…
Open the Command prompt by Start -> Run and type cmd
Code:
C:\> md \\.\c:\con
Now, Open My Computer and browse through the path where you created CON folder… Surprising?? Yeah, you have created it successfully
Now, try to delete the folder from My computer
OOPS!!! You can’t delete it…
Now, try this in command prompt console
Code:
C:\> rd \\.\c:\con
Yeah!! You did it…
__________________________________________________ __________________________
Type 2:
Well, let us now have a glance at how we were able to create it…
It is just because of the UNC Path (Universal Naming Convention). The Universal Naming Convention, or UNC, specifies a common syntax to describe the location of a network resource, such as a shared file, directory, or printer. Since, these conventions didn’t exist under pure DOS, they are not backward compatible. The UNC syntax for Windows systems is as follows.

\\RemoteHost\sharedfolder\resource


Where RemoteHost is the computer name / IP address of the computer that you wish to connect through remotely for accessing shared folder. The rest is the path.
(Here \\remotehost\drive:\con doesn’t make sense anyway, because without having a process on the remote host, there is no current ‘console’). It would be a security hazard as well, having the serial and parallel ports accessible for everyone who is allowed to read or write in any single directory.
The ” .” in the command \\.\c:\con suggest the local server. Now, you are pointing to your own computer. Since, you have all privileges on every folder of your computer, you can easily create it.
Posted by at No comments:
Subscribe to: Posts (Atom)