Thursday, February 19, 2009

Is Your Personal Email Account Being Hacked?

Did someone hack your personal Email/Facebook/hi5 accounts? Or did someone create any fake facebook/hi5/myspace profiles with your personal information? Yurp, Most of buggers are doing those things and having fun over it. Most of mails I received were regarding those matters and it seems most of girls facing those problems

So how do we find out the buggers who are trying to play against you? You may think they can be experts in computer programming and you are not much good enough to tackle them. Remember this; there is no one we can call as a genius unless they are really good enough depend on their experience. If so they won’t waste their valuable time to do those silly things rather than research on a new thing. So be Optimistic. The hacker's simple mistake will be enough to track him easily. In this post I’ll explain you few simple ways of locating hackers.

Basically the easiest way is to track his IP and locate him. The IPs can be dynamic or static. For example for website hosted servers or registered companies have static IPs. That assigned by your Internet Service Provider (ISP). It won’t change periodically. But our local machines IPs are dynamic. When we reset the router, our IP will be changed.

So how do we gonna track hacker's IP?? There are many ways of tracking IP. One way is allow him to click a link. That will be the easiest way unless the hacker uses any proxy browser. You can simply host a web page which locates IP of page requester and save it with the requested time. You can use an online free hosting server for it and pass that web page link in a tricky way to people that you want to track. The following php code stub will trace the IP of page requester and save it to a text file along with the requested time.

$clientip = $_SERVER['REMOTE_ADDR'];
$myFile = "testFile.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$thetime = time();
$stringData = "$clientip -- $thetime \n";
fwrite($fh, $stringData);
fclose($fh);
?>

Simply opening that text file you can get all IPs with accessed time.

So is that the only way to trace an IP? Nope there are many. Another way is if the hacker sent you a mail you can read the mail header information find out his IP unless he use Gmail. So what about Gmail? Actually most of hackers use Gmail to send mails. One advantage is, it doesn’t show senders IP and the other one is we can send anonymous mails using gsmtp.gmail.com server.
[For more information about anonymous mails see my previous post: -
http://gamenuwan.blogspot.com/2007/03/send-automatic-mail-using-smtp-server.html ]

Then if some one sent an email through yahoo/msn/etc how are we gonna find out? It’s simple. Go to you mail box options and set visible true to view full header of your email. Refer the following image of a yahoo mail header. The "Received: from [xxx.xx.xxx.xx]" is the sender's IP address.

Now you know few ways to trace someone's IP. After tracing the IP along with accessed Date and time how you gonna locate him?
First you can find out the location & registered names by searching it in IP lookup site.
Ex:- http://ip-lookup.net/, http://www.dnsstuff.com/

If he has a static IP you will be getting the registered name, location and some other information. But if he has a dynamic IP then the IP locating site will result the location and details of his Internet Service Provider (ISP). So you know the IP with accessed time. The ISP can locate him by tracing that mapped IP with time that he used it. The ISP has pool of IPs and dynamically mapped that IPs among users. So all the mapped IPs, Timestamps and the mapped user details should be logged on their servers.

Actually I explained you some simple methods to trace IPs. Those are more accurate and efficient methods. Other than that there are many other ways of tracing an IP.

Some other methods to trace hackers:-
- You can create a .swf with an action script in order to steal cookies, IP, etc and send it as an Email attachment
- If you know his email address you can send a messenger request and trace his IP while chatting. Ex:- You can share a file and run "netstat -a" in your command prompt or you can use WireShark tool I explained in my previous posts or You can use Sharp-IP-Getter to trace IP while chatting in the yahoo messenger]
- If you are familiar with Cross-site scripting (XSS), you can use malicious scripts to trace hackers or even to hack mail accounts.
- You can send a KeyLogger to monitor his all activities and received them via a mail.

Posted by GAME at 10:58 AM 96 comments

Tuesday, August 19, 2008

How to access blocked websites?? -Torpark, the anonymous browser

I would like to introduce to you guys a something more useful and powerful which can use for the anonymous internet surfing. I received so many mails by asking how to unblock restricted websites. I explained in my previous posts about proxy sites and also listed some proxy sites which you can use to browse the internet anonymously. But it seems all those proxy sites have been blocked on your network. So what to do if the firewalls on your network block all your favorite websites and proxy sites as well??

Don’t worry still you have a solution.. That is the Torpark.

So what the hell is that and how does it do it huh??
First of all how your firewall blocks websites?
Basically it blocks websites by specified website URLS and by looking at keywords which has given by network administrator. For example FortiGate firewall has web filtering features such as URL/Keyword/Phrase Block, URL Exempt List, Content Profiles, Blocks Java Applet, Cookies, Active X, etc. In the FortiGate firewall content blocking enables you to specify file types and words that should have to block. With web content block enabled, every requested web page is checked against the content block list. The score value of each pattern appearing on the page is added, and if the total is greater than the threshold value set in the protection profile, the page is blocked.

That can be happened if the firewall can read and understand the content of incoming data packets. So what if the firewall can’t understand the content of incoming data packets?? That means the firewall can’t find out any specific URLs or keywords within that web content…

So that’s what exactly happened when we are browsing internet using Torpark. So let’s go in to the subject….

The Torpark is a combination of Mozilla FireFox browser and the Tor(Onion Router).
So what the hell is Tor??
Tor is an Internet based system which enables users to communicate anonymously on the Internet. The Tor network encrypts traffic between a computer and the Tor network of routers. The client side Torpark browser connects out to Tor, periodically negotiating a virtual circuit through the Tor network. Tor provides a way for two parties - a connection initiator and a connection responder to communicate with each other anonymously. Which protects its communications against traffic analysis attacks. The all data packets are encrypted in a tunnel between your PC and the Tor network. After sending encrypted data to the Tor network, it will change the tunnels until it reach the internet as unencrypted. Also Tor network will be passing back data to your computer as encrypted and your Torpark browser is used to decrypt them and render it to user. So it will be bit slowly specially when establishing the circuit.

So now you see how hard it is for network observers (such as crackers, companies, and governments) to reliably learn who is talking to whom and for what purpose, by examining data packets flowing over the network since which used to communicate all data in an encrypted and anonymous way. And another good thing is Torpark browser is portable and you can run it in a USB drive as well.

So I think I am done with this post. Hope you all got the idea. So good luck you all.

You can Download Torpark using following Urls:-
http://www.download.com/Torpark/3000-2356_4-10586817.html?hhTest=1
Click here to Direct Download

For More Info:-
http://security.ngoinabox.org/ScreenShots/Torpark/manual.html
http://security.ngoinabox.org/Documentation/Manuals/chapters/Torpark.pdf
http://advosys.ca/viewpoints/2006/09/torpark-quick-look/
http://www.linux.com/articles/53394
http://news.softpedia.com/news/Anonymous-Portable-Web-Browsing-Via-Torpark-36123.shtml

Posted by GAME at 9:45 AM 4 comments

Friday, February 29, 2008

Find Hackers and Security Holes Using WIRESHARK!!

Hi Guys,

Up to now I have done few posts regarding hacking.. On this post I would like to introduce you a great tool called "Wireshark" in order to find out security vulnerabilities in your network, in other word find out hackers who accessing your computer or the network .... huh
The scenario is like this;
Think you are currently working on a computer network. There are thousands of computers. You feel someone is monitoring on you or someone is accessing your PC or someone is sniffing your yahoo chats or else you need to know which sites, IPs and Ports you are currently connected through your PC.

Test this command on your Windows Command Prompt:-

C:\>netstat -a

If you type that command on you Windows Command Prompt you could find out all the sites, IPs and Ports and people who currently accessing you computer. But if there is a serious hacking is going on its not enough to find out the bugger.

So lets move on to the topic.
Wireshark (formerly known as Ethereal) is an extremely valuable tool which capable to scan Wireless and Ethernet data and comes with some robust filtering capabilities. In another words Wireshark is a network protocol analyzer, or “packet sniffer”, that captures and shows contents of network frames. It runs on Unix/Linux, and Windows. Wireshark uses the WinPcap project to capture packets (lipcap on Linux).

If you are a network administrator it would be really useful to control your network interface and find security holes. Even the Linux platform is vulnerable to attacks. This is an open source network packet sniffing product that would watch on DNS, TCP, UDP, HTTP and most the known network protocols.

You can see the content of the captured data packets as well. If some other data packets going though your network location that would be captured as well. For example you can see the data packets received to the PCs that next to you. By looking at the content of data packets you can read their chat records as well.


Download Wireshark:-
http://www.wireshark.org/download.html
http://sourceforge.net/projects/wireshark/


Website:-
http://www.wireshark.org

Basic User Guides:-
http://portforward.com/networking/wireshark.htm
http://zone.ni.com/devzone/cda/tut/p/id/6746


Advanced User Guides:-
http://www.wireshark.org/docs/wsug_html_chunked/
http://ftp.uni-kl.de/pub/wireshark/docs/user-guide-us.pdf


Other References:-
http://www.willhackforsushi.com/books/377_eth_2e_06.pdf

Note:- This is an extremely powerful tool. If you are not a Network Administrator, be careful when you use this tool. Because if you run this tool on your machine which connected to a network, your Network Administrator can find out that you are using a Sniffing Tool. Because when you run it always there is a network traffic comes to your computer.

Posted by GAME at 10:58 PM 2 comments

Thursday, January 24, 2008

Windows Management Instrumentation! Its coool! :-)

hi guys,

I just like to give you a brief idea about WMI interface. Actually it’s a kind of efficient way to access OS resources using programming modules. In another words it’s a bridge between your Windows OS and programming interface. Using WMI interface you can programmatically change computer settings as well as do many operations which your administrator can do on your computer.

Actually it was very helpful for me once my PC infected with a damn virus and all administrative settings were disabled coz of it. So what I have done was I used WMI interface to access to OS resources including registry entries to change some settings. As well as if you are a developer it’s wide area you need to study.

Basically WMI used WMI Query Language (WQL) to manipulate system resources. It’s just like SQL queries; if you are familiar with SQL it’s easy to make adjustment to WQL. Actually it’s hard to give a clear definition on this, but try to think like WMI as a repository of properties and methods related to the system environment that you canaccess like a database.

You need a few different objects to perform WMI queries in .Net. They include the following:

(all within System.Management namespace)
ConnectionOptions
ManagementScope
ObjectQuery
ManagementObjectSearcher
ManagementObjectCollection
ManagementObject

Here is a sample program that I used to search folders

public static void FindFoldersByName(string strName)
{
try
{
// Execute WMI Query and wait for result
WqlObjectQuery wqlObjectQuery = new WqlObjectQuery
("SELECT Name FROM CIM_Directory WHERE FileName = '" + strName + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wqlObjectQuery);
ManagementObjectCollection collFolders = searcher.Get();

// Display each folder path...
foreach (ManagementObject folder in collFolders)
{
string strCurrentPath = folder.Properties["Name"].Value.ToString();
MessageBox.Show(strCurrentPath);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}

More on this:-
http://msdn2.microsoft.com/en-us/library/aa394582%28VS.85%29.aspx
http://msdn2.microsoft.com/en-us/library/aa510211.aspx
http://www.codeguru.com/csharp/csharp/cs_network/wmi/article.php/c6035/#WMI


Posted by GAME at 6:38 AM 1 comments

Thursday, September 20, 2007

Weird development of Keyloggers..

How comfortable would you be if you can read someone's every single word that typed, including email messages, passwords, and IM conversations and so on? Definitely you may feel its really awesome, in other end you may feel its terrible if you knew someone out there monitoring on you. It can and does happen via a bit of code known as a keylogger. A keylogger is a computer program that logs each keystroke a user types on a keyboard and saves this data into a file or transfers it via the Internet to a predetermined remote host. The keyloggers represent a serious threat to your computer’s security and personal privacy. It’s a kind of weird development in computer history

Basically there are two types of keyloggers

1) H/W keyloggers and
2) S/W keyloggers


Hardware Keyloggers plug in between a computer keyboard and a computer and log all keyboard activity on an internal memory.They are designed to work with PS/2 keyboards, and more recentlywith USB keyboards.

Hardware keyloggers have an advantage over software keyloggers as they begin logging from the moment a computer is turned on (and are therefore able to collect a BIOS password for instance), and do not require software installation (unlike software solutions).

But the SW keyloggers are much more powerful than the H/W keyloggers because now they are integrated with some Spy wares as well. Also we could find out HW keyloggers easily but to find an installed SW keylogger is a really hard job. It will entirely monitor what you have typed on your computer also processes currenly running on your computer as well as able to send keytrokes, chats, websites, screenshots of you computer desktop and passwords periodically as an email attachment or FTP to unknown parties. All the things are running as a hidden background process and you can’t view that process through the normal task manager.

Also some keylogger soft wares allow you to install it on a remote PC on your network or sent it to someone as an email attachments.


Here are some keyloggers I found in rapidshare.com

I suggest you to use it for some testing and educational purposes only, but if you try to use it in order to hack or to damage someone's PC, remember that there are some ways to find out who exactly installed the keylogger and currently monitoring.

Posted by GAME at 6:19 AM 6 comments

Tuesday, June 5, 2007

Cross Site Scripting (XSS) Vulnerabilities..

Hi ppl.. I was searching and working with some Cross Site Scripts (XSS) on past few weeks. So I'm interesting to give a brief idea about XSS Vulnerabilities of websites and mail accounts ..

By the way,, What is XSS??? What kind of things XSS can do???
XSS stand for cross-side scripting and you can do many things when you get to know about XSS.. For example you can login to someones mail account, destroy a website or do what ever things you want in a website.

Cross-site scripting is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes unauthorized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker.Sometimes attacker will send you a mail included with a malicious script. When you open it the script will execute and steal your cookie.

Different types of XSS attacks

1. DOM based or local XSS
-Precondition: the vulnerable page uses data from the document.location, document.URL or document.referer properties in an insecure manner.
-The payload is never located in the html but in the URL. Thus also works with static pages.
-Only works with browser which do not modify the URL characters (of course IE 6.0 does not...)
-Used with social-engineering.

2. Non-persistent or reflected XSS
-Such holes show up when data provided by a web client is immediately used by the server to generate a page of result.
-Payload vector: mostly malicious URLs/links
-Used with social engineering.

3. Stored, persistent or second-order XSS
-The payload is stored on the server.
-Used with or without social engineering.



Posted by GAME at 2:49 AM 1 comments

Thursday, April 12, 2007

Hacking GMAIL..

Hi ppl,
Want to customize your GMAIL accounts? Or want to know about how its really working? Or want to change it into an effiient way? Or Want to hack together scripts to do dangerously efficient things with your mail, This book will really help you!!

This ebook contains how gmail has implemented, how you could further customized it.Also on this book you could learn Ajax technology and CSS,JavaScripts in advance.
In author words,If you picked up a book called Hacking Gmail, you’re very likely to want it. If you’re a programmer looking to use Gmail in wacky ways, this book is for you. If you’re a power user looking to hack together scripts to do dangerously efficient things with your mail, this book is for you.
If you read this book and get some important tips[ex:- cookies,etc], hacking gmail accounts will not be an imposible thing.


Note:- I got this book from rapidshare.com.Someone has uploaded this book on to it. And I just gave the link for it. I will not responsible for whatever things anyone does after reading this.
Posted by GAME at 2:32 AM 0 comments

Tuesday, March 27, 2007

What is SQL injection?

Definition- SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. ~Wiki

Hi all, Want to hack some web databases which located in different locations?? Yeahhhh you can do it!! I have already tried and its really fun. I am not going to tell you the sites that I have tried, but you could find more...
All you have to do is block all JavaScripts on your browser. You can easily do it by Firefox web browser. In order to do that with Firefox browser you have to download a pluggin called Web Developer 1.1.3 and install it on your browser.

The Web Developer extension adds a menu and a toolbar to the browser with various web developer tools. It is designed for Firefox, Flock, Mozilla and Seamonkey, and will run on any platform that these browsers support including Windows, Mac OS X and Linux.
Several websites do their control validations using client side scriptings.
For example you want to retrive a invoice number from a particular website.
So the site allows you to enter only numbers(Integers) and also will retrieve only one record at a time.

So what will happen if you disable client scripts? If there isnt any sever side validations you have full privilege to enter anything on that field in order to process data.

So why dont you get full advantage of it?
If the website data processing has done by using SQL statements, Why dont you enter some SQL statements on that field and see what will happen?

Thats all about I have to say on this.. I guess you got my points.
ha ha!! All the best!

But keep it on your mind if you do something like that site will easily track your IP address and locate your location. So dont be afraid,use a anonymous proxy browsing site that I have mentioned below in order to hide IP and your funny face!! :-)

Some Usefull Links:-
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
http://www.imperva.com/application_defense_center/glossary/sql_injection.html

Posted by GAME at 5:46 AM 0 comments

Monday, March 26, 2007

Want to Block a Site?

yoo guys do you want to block a site in your local computer? or change the localhost name? or want to give a specific name to known IP address? its simple. You can do it by editing the host file in your windows OS. So first of all what is the host file?

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You could find windows hosts files in following locations..
Windows Vista = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98/ME = C:\WINDOWS

Open the hosts file in notepad.
For example if you want to block a site called www.hailztorm.com.
Type following commands in the bottom of your host file,

127.0.0.1 www.hailztorm.com

127.0.0.1 www.nuwandimuthu.tk
127.0.0.1 www.gmail.com

When you surf to a site, Windows automatically checks to see if the address is located in the Hosts file. The number 127.0.0.1 is the "loop back" IP address of your own computer, so Windows skips the link to the site (www.hailztorm.com) and moves on. The ad server can't open its window, so it can't load any programs, spyware, or cookie files either.
Posted by GAME at 6:49 AM 2 comments

Tuesday, March 20, 2007

Anonymous Proxy Surfing

When you surf the Internet your unique identification number (IP number) can be detected by any Website you visit.

By using an anonymous proxy to surf the web, lets you use another IP number which is provided by a server called anonymous proxy server as your unique identification number. Your location and IP address are not revealed due to the fact that you surf through a website that provides anonymous surfing. Even the fact that you are using a proxy server itself is also hidden.

Through an anonymous proxy, all web related activities can be done normally, like browsing, chatting, sending and receiving e-mails, transferring files, and more.
Here is a huge list of websites that helps you to hide your poxies when internet browsing.

Anonymous Proxy Servers

Anonymous proxy servers hide your IP address and thereby prevent unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they don’t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. ProxySite.com - a place where the huge list of public proxies is compiled. In a database you always can find the most modern lists, the Proxy are checked every minute, and the list is updated daily from various sources. The system uses the latest algorithm for set and sortings of servers by proxy, servers for anonymous access are checked. Results of Search always can be kept in file Excel.


Why Should You Use Anonymous Proxy Servers?
Any web resource you access can gather personal information about you through your unique IP address – your ID in the Internet. They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. You might become a target for many marketers and advertising agencies who, having information about your interests and knowing your IP address as well as your e-mail, will be able to send you regularly their spam and junk e-mails.

A web site can automatically exploit security holes in your system using not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. Everything a web site may need for that is only your IP address and some information about your operating system.

Posted by GAME at 5:11 AM 3 comments
Subscribe to: Posts (Atom)