Home / Archives for April 2011

Block Autorun Malware using Bitdefender free tool

Posted by Deepanker Verma Thursday, April 28, 2011 0 comments

Block Autorun Malware using Bitdefender free tool

Autorun malware is the most widely found in the computer systems and removal devices. Most of the windows users are affected by this malware. The famous antivirus vendor company BitDefender has launched a free tool to protect windows user from this malware. Dubbed BitDefender USB Immunizer the application doesn't require any installation. It comes as a single executable which provides a simple user interface. It has 2 options for protection one for computer and other for removable media.

DarkComet-RAT v.3.3 Released

Posted by Deepanker Verma Tuesday, April 26, 2011 0 comments

DarkComet-RAT v.3.3 Released

You have used many types of RATs including DarkComet. Today i have a good news for all of you. New Version of DarkComet-RAT has been launched and available for download. i am not going in much detail about how to use it as a hacking tool because it is very simple to use. This post is only to tell you about the release of the latest version of DarkComet-RAT. DarkComet-RAT (Remote Administration Tool) is software design to control in the best condition and confort possible any kind of Microsoft Windows machine since Windows 2000.This software allow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.This software is a long time project , started the August 2008 , DarkComet-RAT is now one of the best and one of the most stable RAT ever made and totally free.

Vishing, a phishing attack over VoIP protocol

Posted by Deepanker Verma Saturday, April 23, 2011 0 comments

Vishing, a phishing attack over VoIP protocol

phishing is the main trick used for hacking email account, facebook and twitter accounts. This trick is used with social engineering for hacking. I think phishing is the best way to hack any account. Today i am going to write about phishing but over VoIP protocol. It is called vishing. Vishing term is the combination of "VOice" with "Phishing".

This trick use the trick of caller ID spoofing to make a call which looks like calles coming from a valid user with valid phone number. Vishing trick exploits the people's trust on the telephone service and caller id. A normal user do not know about caller id spoofing so he can easily be the victim of this attack. Vishing attack is used to steal credit card numbers or other personal information used in identity theft schemes from individuals.

Example of vishing
Wardialing: This is when attacker uses an automated system to call a specific area codes with a message of a local bank. Once victim answers the call, recording begins, requesting that the listener enter bank account, credit, or debit card numbers, along with PIN codes.

Caller ID Spoofing: This is the trick for cell phone network to display a false number on the recipient’s caller ID. A number of companies provide tools that facilitate caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank.

VoIP: Voice over Internet Protocol, or VoIP, is an Internet-based phone system that can facilitate vishing by allowing multiple technologies to work in tandem. Vishers are known to use VoIP to make calls, as well as to exploit databases connected to VoIP systems.

Avast WebRep for chrome, protection against malicious URLs in search results

Posted by Deepanker Verma Friday, April 22, 2011 1 comments

Avast WebRep for chrome, protection against malicious URLs in search results

Avast has released a Google chrome extension named WebRep. This extension is released as a part of new update to it's antivirus software. This extension will keep user safe from malicious links shown in the search results. this extension uses real-time data from the company's cloud intelligence gathering system for determining the URL to be malicious or not.

Facebook has announced two factor authentication

Posted by Deepanker Verma Wednesday, April 20, 2011 0 comments

Facebook has announced two factor authentication

Facebook is the main target of hackers and spammers these days. SO facebook security team always try to make it as secure as possible. In this way they have added many security features in the website. Now facebook security team has announce some safety and security changes which include two factor authentication system and improvements to it's Https supports.

In this multi-factor authentication systems, it has combined traditional passwords login system with additional identification methods, like one time use codes or digital keys.

Backdoor Distributed as Facebook Messenger Application

Posted by Deepanker Verma Tuesday, April 19, 2011 0 comments

Backdoor Distributed as Facebook Messenger Application

New rouge emails posing as official facebook communication service lead users to a 3rd party website which is distributing a backdoor as Facebook Messenger Application. This rouge email bear a subject as "someuser listed you as his uncle" and make use of real theme to look like real facebook notifications. In the body of message, it informs for a pending action including a friendship request. It's link is of www.facebook.com but it actually points to some 3rd party website.That new page has an advertisement of a program facebook Messenger which is claimed to be an app for quick access to messages from your Facebook account. The website contain an an executable called FacebookMessengerSetup.exe for download. According to researchers from Trend Micro, the file is an installer for BKDR_QUEJOB.EVL, a backdoor that opens a connection on TCP Port 1098 and listens for commands.
The backdoor allows attackers to update the malicious file, download and run other malware applications, and launch certain processes. Information about the infected system, such as installed antivirus products and OS version, is gathered and sent to an SMTP server.
we have seend so many password changing and phishing scamsin the faceboook. It's a new type of attack on facebook users. Be sure not to install any this type of plugins or software which is suspicious in any ways.

Microsoft Safety Scanner, free on demand antivirus tool from microsoft

Posted by Deepanker Verma Sunday, April 17, 2011 0 comments

Microsoft Safety Scanner, free on demand antivirus tool from microsoft

Today i have a good news for windows user. Now you have one more antiVirus tool. Microsoft has released an on demand antivirus tool. This tool is named as The Microsoft Safety Scanner. This tool is free to download for windows user and provide on demand scanning of viruses, spyware and other malicious softwares. This tool is portable and comes in both 32-bit and 64-bit versions for Windows XP and later.

It does not have update functionality and does not need any installation. The Microsoft Safety Scanner expires 10 days after being downloaded. To re-run a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Download Here:
http://www.microsoft.com/security/scanner/en-us/default.aspx

Hack website using SQL map | automatic SQL injection tool

Posted by Deepanker Verma Friday, April 15, 2011 5 comments

Hack website using SQL map | automatic SQL injection tool

SQL map v.0.9 Released

Today i am going to write a sql injection tool. It's V 0.9 is just released. There are many changes in this tool from it's previous version. Sql injection is one of the top web application vulnerabilities. It's very important to check a website against this vulnerability.

How to avoid facebook scams

Posted by Deepanker Verma Thursday, April 14, 2011 0 comments

How to avoid facebook scams

Facebook is the part of people's daily life. It's no. 1 socail networking website so it is used for spreading scams by spammers. Scammers search through Facebook user accounts and gather information from public profiles to send phishing emails so they can gather more secure information such as bank account numbers, credit card numbers and user login and password to other secure sites. On facebook scammers use facebook applications to gather user's information and use their profile to post links of worms and trojans. I wrote a post on securing facebook account from hackers. Today i am going to write some steps to protect your facebook account from scams.

Steps

UCSniff- VoIP Sniffing tool

Posted by Deepanker Verma Tuesday, April 12, 2011 0 comments

UCSniff- VoIP Sniffing tool

Most of the people think that VoIP service is secure and still safe from hackers. But today i am going to write about a tool which is freeware sniffing tool for VoIP service. This tool is UCSniff.

UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping.

RawCap | a sniffer for Windows

Posted by Deepanker Verma Monday, April 11, 2011 0 comments

RawCap - sniffer for Windows

Today i am going to write about a new released sniffer tool for windows. If you do not know about sniffer, read my post on sniffer introduction

That tool is RawCap which is free raw sockets sniffer for Windows. It is a command line tool. Tutorials of the tools can be found on the official website of the tool.

Features

zaproxy a web application penetration testing tool

Posted by Deepanker Verma Sunday, April 10, 2011 0 comments

zaproxy a web application penetration testing tool

Today i am going to write about a penetration testing tool for finding vulnerabilities in web application tool. Ifound it on code.google.com .

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

chrome shortcut keys

Posted by Deepanker Verma 0 comments

Google chrome shortcut keys

Today i am going to write some secrets of google chrome. Hey don't think too much. It's only a list of chrome shortcut keys. These keys can help you to navigate and use your chrome browser in faster an easy way.

CTRL + SHIFT + N : automatically opens up a Chrome ‘incognito’ window which allows you to surf on a PC without leaving behind any digital footprints.

SHIFT + Escape: allows for fast access to Chrome’s task Manager utility that allows you to nix browser processes that have gone awry.

CTRL + SHIFT + T: will open recently closed browser tabs.

source code of zeus is availabe for sale online

Posted by Deepanker Verma Wednesday, April 6, 2011 0 comments

source code of zeus is availabe for sale online

According to blog security experts of CSIS security group, many peoples are claiming to have the source code of zeus and selling it online. This news is true or false i can't say but they are also showing some snaps of archive and files which prove that they have access to the code which is written in php and C++. I think this news is true because many sources are supporting this news.

Apparently someone using the handle "IOO" is actively trying to sell ZeuS/zbot source code. For the past two weeks we have observed several individuals jumping the bandwagon announcing they have access to the Zbot/ZeuS source code and that it's for sale.

The news is also from some sources that the archive which is leaked is password protected and is yet to be cracked.

download Google Chrome 12.0.725.0 Dev with Malicious Downloads Protection

Posted by Deepanker Verma 0 comments

Google Chrome 12.0.725.0 Dev with Malicious Downloads Protection

Today Google has launched Chrome 12.0.725.0 dev with new Malicious download protection. This is now available for download on windows, linux and Mac os on various download website including chrome's official link. This new version of chrome is capable of protecting it's users against mslicious download links. This new feature will be integrated with Google Chrome and will display a warning if a user attempts to download a suspected malicious executable file.

Protect web application against SQL injection by SQL Inject Me 0.4.5 | a Firefox addon

Posted by Deepanker Verma Tuesday, April 5, 2011 0 comments

Protect web application against SQL injection by SQL Inject Me 0.4.5 | a Firefox addon

SQL injection is one of the most popular website vulnerability. It can cause a lot of damage to the website. An attacker can view your important data of your website. He can drop tables and gain access to your users passwords.It is very important to check your website against this type of attack. Today i am going to write about a firefox adon which can work as a penetration testing tool against SQLI.

hack a website using c99 script

Posted by Deepanker Verma Monday, April 4, 2011 3 comments

hack a website using c99 script

The c99 shell script is a very good way to hack a php enable web server. You have to find an unsecure uploader to upload this file to the server. Here i used unsecure uploader means the uploader which can't check for file extension and allow us to upload our executable scripts to the server.

This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.

NOTE: This post is only for educational purpose. We advice you not to try this on any website. Use of this script on any website is illegal.

OWASP The Open Web Application Security Project

Posted by Deepanker Verma Sunday, April 3, 2011 0 comments

OWASP The Open Web Application Security Project

The Hatkit Proxy is an intercepting http/tcp proxy which is based on the Owasp Proxy.
The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (webscarab/burp/paros etc).
Also, since the http traffic is stored in a MongoDB, the traffic is stored at an object-level, retaining the structure of the parsed traffic

yahoo messenger shortcuts keys

Posted by Deepanker Verma Saturday, April 2, 2011 0 comments

Yahoo messenger shortcuts keys

Yahoo Messenger is one of the most famous chat service of the world having many users all over the world. Yahoo messenger has several shortcut keys. These keys will help you while using yahoo messenger for chat to work in fast manner. Today i am going to write those shortcut keys for you. take a look at the list given below and use it to chat fast with your friends.

General Use Shortcut Key

Download Youtube videos as MP3 | online tools and browser addons

Posted by Deepanker Verma Friday, April 1, 2011 1 comments

Download Youtube videos as MP3

browser addons

Many times you want Mp3 songs for mobile or mp3 players. You can download videos from youtube by many downloaders and tricks. But you have to convert those videos to MP3 formats which can play in you mp3 player device. There is a better solution for that. You can directly download Mp3 from youTube. You need to download addon to your browser for that. You can also do the same by an online tool Video2Mp3 Media Converter. This online tool also available as addon to you firefox, chrome and safari web browser

Download links (addon and extension)

Hacking Tricks