November 11

miable, displaying a friendly and pleasant manner, we here at Amiable are friendly and enthusiastic spirit. Amiable is all about reducing the monopoly on the knowledge and share it with everyone. Every day, literally thousands of talented, hard-working folks out there gain new insight from their work, come up with brilliant ideas and then share their experience with us. Amiable aims to lay a strong underpinning for the technical development of our country, by developing an active interest among youth in new technologies. Cipher Magazine delivers useful and innovative information to future Information Security personals, Ethical Hackers and developers. Our aim with the magazine is to inform our readers about the latest trends and techniques in Ethical Hacking World. We try to persuade you not with the quantity but with the quality of the information we present. The magazine is available free of cost on our website Our twelve issues in the year are devoted to the Ethical Hacking World, which will show you the hacking world from their perspective. It's an excellent opportunity to observe security trends on the market for the readers, and for companies – to share their invaluable knowledge.


With the advent of technology, the world has been a better place to live in. Computer, mobiles, PDAs and robots are now day to day used things. With the advancement in technology there has always been a security threat. The magazine has been launched keeping in mind the security threat faced daily on the on the virtual world. ID thefts, viruses, malwares and security breaches made the virtual world a deadly place. Sharing of knowledge about security has been the theme of the magazine. We are a medium to share your knowledge with the world. Security Analysts who have been working in this filed for years should come forward to help people. Researchers can publish their researches and other security articles. Professional can write on security threats over the internet. Bloggers can contribute their blog. Students should come forward to publish their daily activities on security. I, at Amiable Technologies would like to request for contribution from Researchers, Professional, Bloggers, Enthusiasts and Students.

Aakash Mishra

The content of the magazine should not be edited and/or used in blogs and websites, content writers has copyrights on them. Magazine can be printed and distributed without Amiable Technologies' prior permission. The magazine should not be uploaded on any site other than The defaulters will be punished heavily under Cyber Criminal Acts.


Bouty For Fresh White Hat.....................................................................................1 Student Arrested for Hacking Thai PM's Account...................................................2 Android Malware Works on Remote Commands form Encrypted Blog...................3 Apache releases Security Advisory following Discovery of Backdoor threat by Context Researchers..............................................................................................4 Computer Virus Hits U.S. Drone Fleet.....................................................................5 18 Child Porn Websites Shut Down........................................................................5 Sony Ransacked in Huge Brute-Force Attack ..........................................................6 Sesame Street Hacked...........................................................................................6 Miley Cyrus Needs A Lesson.................................................................................7 Google Teams Up with Citizens Advice Bureau.....................................................7 Duqu: Son of Stuxnet............................................................................................8 Bug in Flash Player Mac Webcam Spying..............................................................9 Hackers Leak Citigroup CEO's Personal Data.........................................................9 Anonymous Hackers Shut Down Child Porn Website..........................................10 Microsoft’s YouTube Channel Hacked.................................................................11 Anonymous DDoS Oakland Police Site After Violence........................................12 China may have Hacked US Satellites..................................................................13 Fb’s EXE Attachment Vulnerability......................................................................13 Kinect Challenge for Malcon 2011 has been Completed by Indian Security Researcher 'Shantanu Gawde'............................................................................14 Facebook Ticker is Exposing Your Information....................................................15 India Shuts Down Server in Duqu Virus Investigation.........................................16 Browser Hijacking...............................................................................................17 Password File through FTP..................................................................................19 Bypass BIOS Passwords.......................................................................................20 TCP Wrappers......................................................................................................23 Hack an Ethernet ADSL Router............................................................................25 SQL Injection.......................................................................................................26 How to Hide the Partitions?................................................................................29 Ultimate Google Search Tips...............................................................................29 Eject your drives in and out infinitely..................................................................35 Making a Trojan Virus in ProRat v1.9..................................................................35

NSS Labs said that those who win can then sell their exploits on ExploitHub.400 in reward money. The exploits must be client-side remote exploits that can result in code execution. Penetration testers can also make requests via the marketplace for exploits for specific vulnerabilities. Residents from countries that the US has a standing embargo against are not allowed to participate. Those who write the winning exploits may then sell their code on ExploitHub.amiable.computerworlduk. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser and two were found in Adobe's Flash multimedia program. ExploitHub was set up to help with the development of penetration testing tools and to assist computer security researchers. The company. Those who want to buy exploits are vetted by NSS Labs to ensure the marketplace is not abused. a marketplace the company set up for penetration testers to acquire exploits to test against their infrastructure.November 2011 Bounty for Fresh White Hat Source: http://www. Proof-of-concept code and denial-ofservice conditions do not qualify. which has set aside $ 1 . plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. © NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities. with NSS Labs taking a 30% commission. NSS Labs will pay the developer with American Express gift cards.

in 2 . could face up to two years in prison if found guilty of illegally accessing computer systems without authorisation. Facebook or Twitter account without the owner's persmission doesn't ever mean it's an acceptable thing to do.November 2011 Student Arrested for Hacking Thai PM's Account Source: Thai authorities have arrested a university student who reportedly confessed to hacking the Twitter account of the country's prime minister.amiable. They say he hijacked Prime Minister Yingluck Shinawatra's account on Sunday to post several tweets accusing her government of incompetence and cronyism. Police say Ekkavit Tongdeeworakul. it's breaking the law and could lead to you getting in a lot of trouble. Anudith said he preferred not to reveal how the account was hacked.just because you can access someone else's email. 22. Remember folks . © www. Ekkavit is anarchitecture student at Bangkok's Chulalongkorn University. 22-year-old Aekawit Thongdeeworakul.sophos. turned himself in Wednesday. a fourth year architecture student at Chulalongkorn University. Information and Communication Technology Minister Anudith Nakornthap says Ekkavit is accused of violating the Computer Crime Act by illegally accessing computer data and could face up to two years in prison. In fact.

Step 2 Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_ANSERVER. no further © www. before doing any scans.461.sec. It can also download other malicious applications from this blog post. and download URL. As of this writing the package that is installed is "com. To get a one-glance comprehensive view of the behavior of this Backdoor.A If the detected files have already been cleaned.html. This backdoor may be unknowingly downloaded by a user while visiting malicious websites. receive. The blog post contains encrypted messages that the malware interprets as its commands.{BLOCKED}.200 VSAPI OPR Pattern Version: 8. or quarantined by your Trend Micro product. NOTES: This malware request the following permissions which it could use to perform malicious routines: Access network settings Access the Internet Control the vibrator Disable Keylock Make a Call Read low-level log files Read. It can also download and install additional applications. It may be manually installed by a user.November 2011 Android Malware Works on Remote Commands form Encrypted Blog This is the first known Android malware that reads blog posts and interprets these as commands. refer to the Threat Diagram shown below. read.00 VSAPI OPR Pattern Release Date: 29 Sep 2011 Step 1 This malware gathers specific information from the infected device. the package name to be downloaded.a ction={information} For Windows ME and XP users. therefore further compromising the affected device. It may be manually installed by a user.{BLOCKED} please make sure you disableSystem Restore to allow full scanning of your 3 . Technical Details File size: Varies File type: APK Initial samples received date: 27 Sep 2011 Build version IMEI IMSI Manufacturer Model OS version Pa c k a g e n a m e o f l e g i t i m a t e application SDK version It connects to the following URL to send the gathered information and retrieves an XML configuration file: http://b4. and write contacts Restart applications Wake the device It connects to a malicious URL to send the gathered information and get an XML configuration _8440ab780100t0nf. Arrival Details This backdoor may be unknowingly downloaded by a user while visiting malicious websites. and send SMS It gathers the following device information: The configuration file contains settings of the malware.amiable. deleted. Solution Minimum scan engine: 9.server" and downloaded from the blog post in http://blog.

“This latest vulnerability presents a potential back door to sensitive internal or DMZ systems but is totally avoidable if the reverse proxies are properly configured. While other proxies may suffer from the same vulnerability. or to present a single interface to a number of different web servers at different 4 . web servers and databases.” said Michael Jordon. Please check this Knowledge Base page for more information. which uses a rule-based rewriting engine to modify and rewrite web requests dynamically. Research and Development Manger at Apache released an advisory on Wednesday 5th October 2011 to all of its customers following the identification by Context's researchers of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. the specific attack identified by Context researchers was based on an Apache web server using the mod_rewrite proxy © www. You may opt to simply delete the quarantined files. Typical applications include load balancing. including administration interfaces on firewalls. Reverse proxies are used to route external HTTP and HTTPS web requests to one of several internal web servers to access data and resources. a full network compromise was possible including uploading Trojan WAR files to a server. Advertisement Here Contact for space : ads@amiable.” Full details of the reverse proxy bypass vulnerability are also documented in the Context blog published today at: http://www.November 2011 step is required. separating static from dynamic content. Download Trend Micro Mobile Security for Android. And if credentials on internal systems were NOTES: Trend Micro Mobile Security Solution Trend Micro has released an integrated solution for mobile devices.contextis. which provides automatic. real-time scanning to protect wireless devices against malicious code and viruses on the Web or hidden inside files. “We have not investigated other web servers and proxies but it reasonable to assume that the problem is more widespread. routers. When the web proxies had not been configured securely. Context alerted Apache to the weakness last month and have published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. Context was able to use an easy-to-obtain hacking tool in order to force a change in the request to access internal or DMZ systems. Manual Removal Instructions Step 1: Select Settings > Application > Manage Applications Step 2: Select {Detected Application Name} then click Uninstall Apache releases Security Advisory following Discovery of Backdoor threat by Context Researchers Source: http://www.

” the source says. has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. was living in New York. first detected nearly two weeks ago by the military's Host-Based Security System. The virus.S. a spokesman for Air Combat Command. logging pilots' every keystroke as they remotely fly missions over Afghanistan and other war zones. or responses to our computer In another example of the increasingly international nature of crime. Yet. “But no one's panicking.S.November 2011 Computer Virus Hits Source: www. Tadd Sholtis. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source.fbi. Since its launch in U.” says Lt. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security. the task force has built an international network of Internet child sexual exploitation investigators who share intelligence and work joint operations across national borders. And the infection underscores the ongoing security risks in what has become the U.S. and investigative techniques. emerging trends and technologies.” 18 Child Porn Websites Shut Down Source: http://www. a man was recently indicted on federal charges of running 18 Chinese-language child pornography websites out of his apartment in Flushing.wired.amiable. © www. which oversees the drones and all other Air Force tactical aircraft. The websites were being advertised to Chinese-speaking individuals in China. The Air Force declined to comment directly on the virus. Col. One concrete outcome of this partnership? The Ministry of Public Security sent its first Chinese officer to join the FBI's Innocent Images International Task Force and receive specialized training on such topics as legal principals.S. And one of their main suspects. worms. “It's getting a lot of attention. How it all started. threats. since that helps people looking to exploit or attack our systems to refine their approach. a Chinese-born man. Drone Fleet A computer virus has infected the cockpits of America's Predator and Reaper 5 . Once the fall 2011 training session is completed.. the task force will number 100 officers in 43 countries. New York. In late 2010. the FBI—through our legal attaché office in Beijing—received information from Chinese officials about their investigation of a large-scale child pornography website housed on U. So our New York office opened an investigation under our Innocent Images National Initiative and instituted an undercover operation. and other countries. and other malware we discover. which includes a comprehensive response to viruses. Exactly what's needed to combat the many child pornographers using the Internet to extend their nefarious reach around the globe.” However. servers. “We generally do not discuss specific vulnerabilities. in the U. military's most important weapons system. But the virus has resisted multiple efforts to remove it from Creech's computers. insiders say that senior officers at Creech are being briefed daily on the virus. network security specialists say.

.theregister. The attack – which used password and user ID combinations from an unidentified third-party source – succeeded in compromising 2011 Ransacked in Huge Brute-Force Attack 93. "Essentially framing this person as the culprit behind this. © www. one of the biggest data breach incident (by volume of records) in history. "YouTube's Community Guidelines prohibit graphic content." a YouTube representative told CNN. Details including names. Sony shut down its PlayStation Network in April in the aftermath of a far more damaging hack attack. These accounts have been locked and passwords reset.. modified its design. a social news site.amiable. It took Google about 22 minutes to take down the offensive content. "As always. Sony was widely criticised for its handling of the incident. according to The Next Web.000 Accounts Broken Into Source: http://www.” Mredxwx 's innocence was defended on one Internet forum. Personal information on 77 million account-holders was exposed as a result of the April PlayStation hack. "This appears to have been a venge-hack.” This isn't the first time a site affiliated with the Public Broadcasting System has been the target of hackers. the PBS News Hour blog was hacked and a phony news story planted on it that rappers Tupac Shakur and Biggie Smalls were still alive and living in New Sony has warned users against a massive bruteforce attack against PlayStation and Sony network accounts.pcworld. passwords and purchase histories was exposed by the megahack. In May. Both the motive for the latest attack against Sony network users and the identity of the perpetrator(s) remains unclear. Someone apparently wants to grief that 6 . Porn Posted Source: http://www.000 Sony Online Entertainment network accounts. was attacked by a hacker Sunday who deleted all videos from the channel. a popular stop on the Internet for preschool children. The service wasn't restored until a month later. Hacked." asserted "lasernut" on The Sesame Street channel on YouTube. addresses. and posted graphic porn to it. we remove inappropriate material as soon as we are made aware of it.000 PlayStation Network and 33.

I just did a quick Google search and came up with two possibilities through Yahoo! Answers already. in consultation the Google is to launch a campaign promoting online safety in association with the Citizens Advice Bureau (CAB). Basically. Google yourselves before you go inputting any of these personal details as security measures. All the hacker had to do was search which girl Miley's been friends with the longest (could it have been Mandy. another hacker has reached out to TMZ to share how laughably easy it was for him 'to hack intoMiley Cyrus Gmail account.telegraph. Anthony House. on public transport and 7 . The campaign will be the first that Google has ever run promoting something other than a product. though he doesn't say what it Using adverts in newspapers. you have to keep some facts secret so that no one else can find them. and voila! At the same time.amiable. When every minute detail — from your childhood nickname to your various tattoos — are exhaustively detailed on Wikipedia and in magazine interviews.” © www. from their YouTube days?). Miley: Don't use the name of your best friend (which the Internet knows) as your security question. the two organisations will encourage users to adopt secure passwords. Google claimed “the website and advertising campaign aim to empower users to tackle their online security concerns and make more informed decisions about their internet use”. he got a security question—the name of one of Miley's girlfriends. known as 'two-factor authentication'. It will primarily be funded by the search giant. log out of web browsers and computers when they've finished using them and even to adopt more complex ways of signing into their email accounts. Google Teams Up with Citizens Advice Bureau Source: http://www. There's always a chance that the hacker contacting TMZ is Chaney using another email address… but we can only hope he wouldn't be that stupid. When he tried to log in. this is yet another sphere of their lives where celebs are obligated to have extra security. First he tracked down her Gmail name. but many people aren't confident that they know how to. Google's Communications and Policy Manager added that “Everyone wants to stay safe online.November 2011 Miley Cyrus Needs A Lesson Source: With celebrity phone hacker Christopher Chaney arrested. such as its web browser Chrome. Here's a lesson in the Internet. Obviously that part won't take long. It will also cover child protection and the use of 'cookies' in web browsers.

SYS) is so similar to Stuxnet's driver (MRXCLS.November 2011 Duqu: Son of Stuxnet Source: mocana. 2012. Symantec says that certificate was revoked on October 8 . is a surveillance-based Trojan horse. Duqu only has an active lifetime of about 36 days. it uses a digital certificate set to expire August 2. the next threat. © www. Unlike Stuxnet. Duqu uses mock . but this is probably to limit its discovery. 2011. Duqu appears to be only collecting information about the design of other industrial control systems. which specifically damaged Siemens PCS 7 systems. designed to relay information back to a command and control center. 2010. and appears to have been created after the last Stuxnet file we recovered. Clues to Duqu's origin do exist. dubbed “Duqu” because the code has the code string ~DQ within it. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date Duqu. although Symantec admits it may also be elsewhere and not yet discovered.jpg files along with other dummy files. For example. all encrypted.” F-Secure's Mikko Hypponen tweeted “Duqu's kernel driver (JMINET7. According to Symantec.” At this time Duqu does not propagate and has been released only within targeted industries. Taiwan.SYS) that our back-end systems actually thought it's Stuxnet. or those that have access to the Stuxnet source code.amiable. The original compile dates on some of the variants of Duqu so far analyzed suggest it may have existed as far back as November 3. to exfiltrate data. The Symantec report states “the threat was written by the same It had to happen: Someone has released the next-step toward the next-generation Stuxnet virus. issued from a company in Taipei. although the target of this new virus is yet unclear. F-Secure's Hypponen thinks the certificate might have been stolen from C-Media in Taiwan.

the visitor's camera and microphone were activated and the video and audio intercepted. so that Adobe pays attention and fixes it more In retaliation for the arrest of protesters who tried to close their Citibank accounts. an email address. Data. After Occupy Wall Street Arrests Source: Engineers on 20th Oct patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission. and that a CSS opacity bug prevented it from working on other operating systems and browsers. still allowed important settings to be made while it was in transparent mode.theregister. Adobe patched Flash to blunt attacks that exploited the program to surreptitiously spy on the millions of people who use it. “It's been a few weeks and I haven't heard anything from Adobe yet. Aboukhadijeh was able to revive the attack by exploiting the settings manager. It wouldn't have been surprising if additional research uncovered ways to make the attack more universal.November 2011 Bug in Flash Player Mac Webcam Spying Source: http://www. “I think it's worth sharing it with the world now. Shortly after security researchers Jeremiah Grossman and Robert “RSnake” Hansen documented clickjacking in 2008. Aboukhadijeh went on to say he went public after reporting the vulnerability to Adobe and getting no reply.” Hackers Leak Citigroup CEO's Personal 9 . Engineers closed the hole by changing the behavior of Flash security dialog box when it's set to be transparent. which until Thursday's fix. two home” he said. Without warning. visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live demonstration. The attack closely resembled a separate Flash-based attack on webcams from 2008 using a class of exploit known as clickjacking. including cell and office phone numbers. To be attacked. legal and financial information © He said his demonstration worked only against Macs when using Firefox or Safari. hackers sympathetic to the Occupy Wall Street movement have released personal information about Citigroup Chief Executive Officer Vikram Pandit.

in 10 . you will become a target. the largest of which being "Lolita City.amiable. Freedom Hosting. "It does not matter who you are. who blame the financial sector for the bad economy. "This statement is not just aimed at Freedom Hosting.” Anonymous Hackers Shut Down Child Porn Website Source: http://www. "Our demands are simple. were all posted online by members of a hacker group known as CabinCr3w. Anonymous members played a key role in promoting the original Occupy Wall Street protest. reports Businessweek. The group. and oppose its influence on US politics. Pandit said he would be happy to meet with Occupy Wall Street protesters. which spent much of 2011 targeting many of the tech world's most illustrious The hacking group known as Anonymous has claimed responsibility for shutting down a website used to share pictures of child abuse. which began on September © www. It had previously contacted the hosts requesting that the offending content. but everyone on the internet. primarily through the use of Twitter and other social media and Internet properties.500 members online after hacking into the hosting company. It it is widely used for posting illegal materials.November 2011 and information about Pandit's family. also issued a warning to other hosting companies which enable child pornography to be shared. Last week. but also for circumnavigating widespread internet censorship in countries like China and Iran. or supporting child pornography. the Occupy movement has spread to more than 900 cities around the world. The group released a statement saying it has begun targeting over 40 websites responsible for posting and sharing the indecent images. promoting." added the statement. Advertisement Here Contact for space : ads@amiable. He said their complaints are “completely understandable. The request which was ignored. The group affiliates itself with the loose-knit group Anonymous. A month later. Remove all child pornography content from your servers. if we find you to be hosting. Refuse to provide hosting services to any website dealing with child pornography. be removed.techradar. which has a long history of high-profile hacks and data leaks.” Anonymous says it has published the login details for the site's 1. totalling over 100GB.” Anonymous says the site was accessible through the Tor network which allows for complete online anonymity and defends internet users against surveillance.

it's embarrassing and inconvenient for Hackers have taken control of Microsoft's official YouTube channel. has left a comment on one of the videos describing his theory on how Microsoft's YouTube account was compromised: This is how he "hacked" the channel: He legittly made the account Microsoft when youtube wasn't that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. Thats probably how the other big Channels got "hacked".amiable. After all. It seems unlikely that the change to the YouTube channel is a bizarre publicity stunt by Microsoft.November 2011 YouTube Channel Hacked Source: http://nakedsecurity.many of which are embedded on third-party sites around the world. One YouTube user. © www. Thumbs this up so people can see! Regardless of how the hack occurred.sophos. Although there are no details yet about how hackers managed to gain control of Microsoft's YouTube account. however. The flaw is that this account was probably still linked to this kid's email and microsoft forgot to change it or whatever. So all this kid had to do was recover this account using his old 11 . removed the company's videos and replaced them with ones of their own. the obvious suspicion has to be that a Microsoft employee who had administrative rights over the channel was careless with their password. what would be the sense in deleting its archive of past videos . Not that hard.

S. drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians. peaceful in the face of lethal force by Oakland PD.occupyoakland. AnonyOps AnonyOps tweet 'I'm amazed and proud of #occupyOakland protesters who stood defiant. police of numerous acts of is 12 . A DDoS (Distributed Denial of Service) attack against the department's website www. The attack was first announced via Anonymous' AnonOps Twitter! >>pastebin.' Police fired a number of tear gas www. and the website currently is unreachable.oaklandpolice. "@Anon_Central: Admin/User/Password Dump of Problem Oakland authorities? F--. The Web site published statements charging the U. during a recent raid designed to evict protesters from their #Anonymous. according to 2011 Anonymous DDoS Oakland Police Site After Violence Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors.amiable. Anonymous is offering a "no questions asked" $1. The most seriously injured victim was Scott Olsen. rubber bullets and non-lethal rounds at demonstrators on Tuesday night. an Iraq War veteran. His condition was upgraded to "fair" today. who suffered a fractured skull after being struck by a police projectile. Reports of police violence against Oakland protesters re-emerged Tuesday on the movement's Web site. According to the Pastebin document.000 reward for information about the officer who threw the projectile at Olsen © www.oaklandpolice. concussion grenades." read AnonOps' tweet.

a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008.” Indeed.” In a conflict. an act which could "critically disrupt the military's ability to deploy and operate during a military contingency.amiable. Facebook will return an error message stating: © www. "Such interference poses numerous potential 13 . However. you do NOT have to be friends with the user to send them a message with an attachment. Description: When attaching an executable file. the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation.November 2011 China may have Hacked US Satellites Source: http://www.S. Note. disrupt. such as satellite control facilities. Interestingly enough. "Access to a satellite's controls could allow an attacker to damage or destroy the A US congressional commission has confirmed that hackers "interfered" with two government satellites between 2007-2008 via a Norwegian ground station. the Chinese would try to "compromise. the site won't allow a user to attach an executable file. the draft claims." read a final draft report authored by the U. A bug was discovered to subvert these security mechanisms. and particularly "ground-based infrastructure. deceive or destroy" US space and computer systems. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission. According to Bloomberg. it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems. Using this feature normally. deny. for two minutes in June 2008 and nine minutes in October that year. while hackers tapped into a Terra AM-1 earth observation satellite twice. degrade. there is a feature to attach a file. particularly if achieved against satellites with more sensitive functions." Fb’s EXE Attachment Vulnerability Can Compromise with Users Security Summary: When using the Facebook 'Messages' tab.tgdaily. the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks.-China Economic and Security Review Commission.

The malware. (Information Sharing and Anaysis Center). With over 10 million devices sold till date.exe” It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. Director at ISAC. name=”attachment”. Rajshekhar Murthy. the kinect holds the Guiness book for world record for the fastest selling consumer electronics device . works on Windows 7 to secretly capture pictures of the victim / surroundings from a connected Kinect device and uploads them to a picasa account. In recent months. but Indian researcher 'Gawde' for MalCon 2011 has created a malware that utlizes Microsoft Kinect controller to secretly capture pictures and upload to a picasa account. To subvert the security mechanisms to allow an .and is exactly the reason why the malware is a Kinect Challenge for Malcon 2011 has been Completed by Indian Security Researcher 'Shantanu Gawde' Only 15 years old.exe ” This was enough to trick the parser and allow our executable file to be attached and sent in a message. Inside this POST request reads the line: Content-Disposition: form-data. Credits: Discovered by Nathan Power www. we modified the POST request by appending a space to our filename variable like so: filename=”cmd. © www.exe file type.amiable. a scientifc non-profit body that holds the International Malware Conference. there have been a number of innovative Kinect hacks that make use of the Kinect using both Open-Source drivers and the Kinect SDK. filename=”cmd. MalCon said.securitypentest. Impact: Potentially allow an attacker to compromise a victim's computer 14 .” When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server.November 2011 “Error Uploading: You cannot attach files of that type. code-named 'gawde' after its creators name.

her husband. Facebook Ticker is Exposing Your Information and Behavior Without Your Knowledge Source: http://www. " The Kinect malware 'gawde' goes a step ahead and even uses voice recognition to execute a program based on keyword. writing in his posts and vice versa. add friends.November 2011 "We believe that in coming 15 . as well as users that have been noted for his Nelson Novaes Neto. India. such a popular device can be an exciting target for visual and audio intelligence. where a “novel” explains how the issue of privacy (you can use any browser to play it). a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .amiable.riceoweek. but found nothing there. Description: This is a scenario where your online behavior can be exposed without their knowledge through the new tool in Facebook called Ticker. without the knowledge of the victim. One day her husband found his wife adding her ex-boyfriend as a friend and started talking to him. At MalCon research labs. The malware PC will be demonstrated at the upcoming MalCon 2011 in Mumbai. so it could not be updated of their shares of his wife. and told him his wife again added the ex-boyfriend and I was talking to him. each with its own profile. Check out a live demonstration. commonwealth and infrastructure. The husband checked the profile of the wife. a friend of the couple (as have the two friends) saw that updates the wife of his friend appear in real time ticker. I used four Facebook profiles to create this POC (proof of concept). He explain that this is not a code vulnerability. because according to Nelson. where a woman was cheating on her husband on Facebook. he reported this privacy issue to Facebook Secutiry team a few months ago and until now he haven't get any positive response from facebook. Nelson said on his blog ”This tool – monitor others began to run when it introduced a new feature called Ticker. a lot of windows based applications will be developed for Kinect and the device will gain further immense popularity and acceptance. After Facebook launched this new tool called Ticker. She then removed all the updates (updates) and blocked new updates to be published automatically on your profile (Wall). * You really know a friend tell me if it is real or fake profile – cloned?” Nelson Give Proof of Concept with a very creative real life scenario. but your friend can see everything from this thing called Ticker? The issue is now public . His friend said that this new tool (Ticker) lets you see updates from anyone on your list of friends. After her husband's become really angry. What is happening? As the husband could not see anything (updates it) in the profile of his wife. Thus.and from a perpective of an attacker. Synopsis: A couple are a Facebook user. He said “Considering I respect some code of ethics (that protect society. likes and can be seen by others (friend *) anyone without your permission. but here the whole issue is related to users privacy. we promote proactive security research and the malware utilizing Kinect is only a proof of concept.” © www. This new feature (Ticker) does not respect the privacy settings and it now Comments (updates). removed his wife's ex-boyfriend's profile.) I think it was going completely against users desires and worth to be shared with everyone. The wife also discovered that all comments (updates). added Likes and friends were available in your profile (Wall – Wall) and visible to everyone her friend.

S. "We are a little bit behind in the game. they are probably a step ahead. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "I am not able to comment on any investigations. "It's a very complex piece of software.November 2011 India Shuts Down Server in Duqu Virus Investigation Source: http://www. In March. director of the Indian Computer Emergency Response Team." said Marty Edwards.msn. "Knowing what these guys are doing. director of the U.amiable." said Gulshan Rai." said Don 16 . Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.” An official in India's Department of Information Technology who investigates cyber attacks also declined to discuss the matter. Researchers said they are still trying to figure out what the next phase of Duqu attacks might be. hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin © www." Advertisement Here Contact for space : ads@amiable. or Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat.msnbc. "This one is challenging. a director of the Dell SecureWorks Counter Threat Unit.

This should frustrate any would -be break-ins. Below are some details to make your system safer from hackers and hijackers. Always opt for a password of some kind when setting up the default account on a machine. put a password on the Administrator account it you haven't done so already. 2. Windows usually installs itself in the WINDOWS directory. Windows NT 4 0 and 2000 Will opt for can specify the name of the directory during setup. In the registry navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSes sion ManagerMemory Management and add or edit the DWORD ClearPageFileAtShutdown. Someone capable of accessing your system could scan that file and find its information. Then change the name of the Administrator account. Set it to 1. the system will take much longer to shut down: a system with a really big Page File (1 GB or more) may take a minute or two longer. Some of these tips require editing of the Registry so it is wise to either backup the registry and/or create a Restore Point. It you never bothered to put a password on that account.amiable. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. Note that when you do this. In addition to having third party utilities such as SpyBot. Disable the POSIX and OS/2 Subsystem: Windows 2000 and XP come with little-documented subsystems it at allow compatibility with UNIX and OS/2 systems These rues systems are enabled by default but so rarely used that they are best off bring disabled completely to prevent possible service hijackings. Rather than be a sucker to a hacker. Anti Virus scanners and firewalls installed there are some changes that can be made to Windows 2000/XP. ManagerSubSystems. Install Windows In a different directory: Windows 2000/XP paging file (Sometimes called the Swap File) can contain sensitive information such as plaintext passwords. If a user doesn't want to type a password. WINDIR is okay. Delete the subkeys Os2 and Posix then © www. You'll still be able to use the account under its new name. Never leave default passwords blank: On 17 . 3. it allows that password to be blank. Clearing the Page File at Shutdown: 4. he can simply click Next and the system will be an open door for anyone who wants to log on. say your prayers. Windows 2000 sets up an Administrator account with total system access and prompts for a password. 1. create a new account named Administrator and disable it. Guess what: by default. You can force windows to clear out this file. open the registry and navigate to HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession reboot. so some people use WNDWS . an enterprising hacker can try to break into your system by attempting to guess the password on that account. since Windows identifies user accounts by a back-end ID number rather than the name. To defeat this install Windows to another directory when you're setting it up .A few (not that many) programs may not install properly if you Install Windows to another folder but t hey are very few and they are far between 5.'Anonymous' Hackers Group Threat to New York Stock Exchange November 2011 Browser Hijacking Hackers and Browser Hijacking is one area of the Net that affects everyone at some stage. Finally. To disable these subsystems. Fake out hackers with a dummy Administrator account: Since the default account in Windows 2000 is always named Administrator.

Unfortunately hijackers and hackers also love to put their own information into it . 8. open the Local Users and Groups subtree. 6. double-Click it. but always remember to set it to read-only after you're done. go m My Computer. If you want to add your own entries to HOSTS. Finally. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably. speeding things up considerably. Click OK. Go to the folder %Systemroot%system32driversetc.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD. look in the Users folder and right-Click on any name to rename it. Turn off unneeded Services: Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter. select Properties check the Read-Only box and click OK. One of the most common entries in HOSTS is local host which is set 1770. Set the Hosts file to read-only to prevent name hijacking. and Universal Plug and Play Device Host. select Manager. rather than through IE's own interface. 7. right-click on HOSTS. To add a new user. Don't ever delete the original Administrator account.amiable. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools. To prevent HOSTS from being hijacked. set permissions for folders. Options menu in IE. Right-click on My Computer. to disable an account. Telnet. click on Guest Account and then select Turn Off the Guest Account. SSDP Discovery Service. NetMeeting Remote Desktop Sharing. the Simple File Sharing mode is easily exploited. another particularly annoying form of hijacking. and uncheck Use Simple file sharing (Recommended).blkviper. Server (If you're running a standalone machine with no file or printer shares). The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. This one's from (and to a degree. The original Administrator account is configured with a security ID that must continue to be present in the system. click Tools. Folder Option and the View tab. Disable it completely if you are not using it.redirecting people from their favorite sites to places they don't want to go. To turn it off. Disable simple File Shares: In Windows XP Professional. You can also keep IE from having other programs rename its default startup page. Homepage and set it to 1. When a network name and address is placed in HOSTS. Advertisement Here Contact for space : ads@amiable. select User Accounts. Remote Registry. Disable the Guest account: Windows XP comes with a Guest account that's used for limited access. Disallow changes to IE settings through IE: This is another anti hijacker tip. Experts edit this file to place their most commonly-visited sites into it. 9. When you do this you can access the Security tab in the Properties window for all folders. set it to read-only. for) the experts.0. A good resource and instruction on which of these services can be disabled go to /http://www. Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Routing and Remote Access (if you're not using Remote Access).111 Arrested for biggest identity theft and credit card fraud Case November 2011 You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. the computer uses the address listed there for that network name rather than performing a lookup (which can take time). you can unprotect it before doing so. Browse to HKEY. and take ownership of objects (but not in XP Home). since it's a little too easy to share out a file across your LAN (or the NET at large). IE can be set so that any changes to its settings must be performed through the Internet icon in the Control © www. Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting. Some programs refuse to install without it and you might have to log in under that account at some point to setup such 18 . check the Account is disabled box and Click OK. Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting). right-Click on the containing folder and select New User. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting).1. but it's still possible to do some damage with it. Under Control Panel. Messenger. You can disable this and still make changes to IE's settings through the Control 10.

The phf technique is by far the easiest way of getting a password file (although it doesn't work 95% of the time).Lulzsec hacker: 'we still have Sun emails. Now for a dictionary maker or a dictionary file. When you start a cracking program you will be asked to find the the password file. 1. 2. or Jack the 19 .amiable. First you need learn a little about the password file. 3. So I decided to include it. Cracking a password file isn't as complicated as it would seem. it's shadowed. The Superuser is the part that gives you root. and numeric letters may also be added) . So if you were trying to get the pw file for www. That's where a dictionary maker comes in. root:x:0:1:Superuser:/: ftp:x:202:102:Anonymous ftp:/u1/ftp: ftpadmin:x:203:102:ftp Administrator:/u1/ftp This is another example of a password file. I recommend that you look for Cracker Jack. The first step that you would take is to download or copy the file. lowercase. Below is another example of a shadowed password file: root:x:0:1:0000-Admin(0000):/:/usr/bin/csh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr /lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid no body:/: noaccess:x:60002:60002:uid no access:/: webmastr:x:53:53:WWW Admin:/export/home/webmastr:/ usr/bin/csh pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/ new/gregY/test/pin4geo:/bin/false ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false You replace the webpage_goes_here with the domain.webpage.b i n / p h f ? Q a l i a s = x % 0 a / bin/cat%20/etc/passwd and that's it! You just sit back and copy the file (if it works). Shadowed password files have an "x" in the place of a password or sometimes they are disguised as an * as well. only this one has one little difference. But to do the phf all you do is open a browser and type in the following link: h t t p : / / w e b p a g e _ g o e s _ h e r e /c g i . The second step is to find a password cracker and a dictionary maker. root:User:d7Bdg:1n2HG2:1127:20:Superuser TomJones:p5Y(h0tiC:1229:20:Tom Jones. Although it's nearly impossible to find a good cracker there are a few ok ones out there. stored in China' November 2011 Getting Password File through FTP Well one of the easiest ways of getting superuser access is through anonymous ftp access into a webpage. This causes problems for the password cracker and dictionary maker (both explained later in the text).. © Advertisement Here Contact for space : ads@amiable.. A dictionary maker finds all the possible letter combinations with the alphabet that you choose (ASCII. We can now go on to talk about how to crack it. Brute Force Cracker.:/usr/people/tomjones: /bin/csh BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh although the files vary from system to system. You then start up the cracker and follow the directions that it gives you. c o m / c g i . John the Ripper. That's the main part of the file. You can download one from nearly every hacker page on the net. But still i thought that you should know about it. Shadowed password files don't let you view or copy the actual encrypted password. Now that you know a little more about what the actual password file looks like you should be able to identify a normal encrypted password from a shadowed password file. caps.b i n / p h f ? Q a l i a s = x % 0 a / bin/cat%20/etc/passwd This is an example of a regular encrypted password file. The PHF Technique: Well I wasn't sure if I should include this section due to the fact that everybody already knows it and most servers have already found out about the bug and fixed it.w e b p a g e .com you would type: h t t p : / / w w w.

Never fear. the event the manufacturer cannot (or will not) help you. It is not intended for home users. or personal injury. please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. there are a number of methods that can be used to bypass or reset the BIOS password 20 . Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a is not responsible for the use or misuse of this material. November 2011 Bypass BIOS Passwords DISCLAIMER : This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. or computer thieves attempting to crack the password on a stolen PC. all is not lost. and please use this information responsibly. LabMice. or changes the password to intentionally lock out the corporate IT department. BIOS passwords can also be a liability if a user forgets their password. Please do not attempt any of these procedures if you are unfamiliar with computer hardware. In © www.Hacking group accuses German police of using info-stealing Trojan. Removing the CMOS battery for at least 10 minutes Before attempting to bypass the BIOS password on a Overloading the keyboard buffer computer. BIOS passwords can add an extra layer of security for desktop and laptop computers.amiable. They include: Using a manufacturers backdoor password to access the BIOS Use password cracking software Reset the CMOS using the jumpers or solder beads. Unfortunately. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS. damage to hardware. hackers. including loss of data.

especially IBM Thinkpads. so if you need to recover the data. simply remove the hard drive and install it in an identical system. The exceptions to this are laptops. next to the CMOS battery. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords Award BIOS backdoor passwords: ALFAROME ALLy aLLy aLLY ALLY aPAf _award AWARD_SW AWARD?SW AWARD SW AWARD PW AWKWARD awkward BIOSTAR CONCAT CONDO Condo d8on djonet HLT J64 J256 J262 j332 j322 KDD Lkwpeter LKWPETER PINT pint SER SKY_FOX SYXZ syxz shift + syxz TTPTHA ZAAADA ZBAAACA ZJAAADC 01322222 589589 589721 595595 598598 Press both mouse buttons repeatedly during the boot Password cracking software The following software can be used to either crack or reset the BIOS on many chipsets.CLEAR CMOS .I. On laptop computers. These passwords are case sensitive. so you may wish to try a variety of combinations. Laptops typically have better BIOS security than desktop systems. If it has. or configure it as a slave drive in an existing system. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive. turn the computer on and check if the password has been cleared. Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. the jumpers/dipswitches can sometimes be found along the edge of the motherboard.M. AMI BIOS backdoor passwords: AMI AAAMMMIII BIOS PASSWORD HEWITT RAND AMI?SW AMI_SW LKWPETER A. and we are not aware of any backdoor passwords that will work with name brand laptops. turn the computer off and return the jumpers or dipswitches to its original position. CONDO PHOENIX BIOS backdoor passwords: phoenix. or near the processor. BIOS MISC.CLR .Android malware . If the supervisor password is reset without resetting the and hard drive as well. which silently lock the hard drive if the supervisor password is enabled. use them cautiously and at your own risk.amiable. since these utilities do not come from the manufacturer.CLRPWD PASSWD . PHOENIX.1 !BIOS (get the how-to article) RemPass KILLCMOS Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS 21 . the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.PASSWORD . WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. these utilities may not work. CMOS. COMMON PASSWORDS ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj Other BIOS Passwords by Manufacturer : Manufacturer Password VOBIS & IBM merlin Dell Dell Biostar Biostar Compaq Compaq Enox xo11nE Epox central Freetech Posterie © www. Also. If the documentation is unavailable. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturer's documentation. you will be unable to access the data on the drive.Works on remote commands form encrypted blog November 2011 Using a Professional Service Please remember that most BIOS passwords do not protect the hard drive. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Once you locate and rest the jumper switches. Some manufacturers may label the jumper / dipswitch CLEAR . Cmos password recovery tools 3. Iwill iwill Jetway spooml Packard Bell bell9 QDI QDI Siemens SKY_FOX TMC BIGO Toshiba Toshiba TOSHIBA BIOS Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot IBM APTIVA BIOS Backdoor passwords Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password.

amiable. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort. you still have the option of using a professional service.) Some manufacturers backup the power to the CMOS chipset by using a capacitor. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. and these should be used to reset the 22 . IBM Thinkpads have special jumper switches on the motherboard. Some batteries are actually soldered onto the motherboard making this task more difficult. but cannot reset the hard drive password. If you reset the BIOS password. so please check your computer and motherboard documentation for details. and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power. There are too many chipsets to do a breakdown of which points to jump on individual chipsets. If you unplug the PC and remove the battery for 10-15 minutes. the CMOS may reset itself and the password should be blank. and the location of these solder beads can vary by manufacturer. so if your first attempt fails. so removing the CMOS battery may not work at all. This can be done by booting with the keyboard or mouse unattached to the systems. For most of these services. Another option may be to remove the CMOS chip from the motherboard for a period of time. you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.Apache Patch released for Reverse proxy Bypass Vulnerability November 2011 Removing the CMOS Battery The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. so be sure you are familiar with manually reconfiguring the BIOS settings before you do this. Many corporations offer a variety of services for desktop and laptop computers for between $100 and $ © www. Overloading the KeyBoard Buffer On some older computer systems. you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. you may not be able to access the drive and it will remain locked. Unsoldering the battery incorrectly may damage your motherboard and other components. Jumping the Solder Beads on the CMOS It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. leaves the battery out (with the system unplugged) for at least 24 hours. (Along with any other machine specific settings. or on some systems by hitting the ESC key over 100 times in rapid succession. even if you place it in a new laptop. Note: Removing the battery to reset the CMOS will not work for all PC's. (It looks like a small watch battery). Advertisement Here Contact for space : ads@amiable. Using a professional service If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password. so please don't attempt this if you are inexperienced.

the 'inetd' daemon responds to the connection request and looks up the /etc/services file for the service name running on Port 23 (This Port number is mentioned in the packet sent by X). read the below paragraph. quite remotely) something like Firewalls. they what do we do? This is when.telnetd etc. TCP wrappers also allow you to log and know who is using what service at what time and even for what purpose. Let us assume that the server is Y and the client(connection requestor) is X. then there is every chance of someone else using or misusing the services running on your system. Thus it has become very important to ensure that you define a access list which controls who all can have access to what services on your system and who all should be blocked or denied access to any of the services on your system. if there are certain rules which are defined by TCP 23 . are transferred to the Internet Daemon or the 'inetd'. It is used by 'inetd' to figure out which program or daemon to call on when there is a request for a connection to a particular service. So they infact are somewhat (well. Then 'inetd' runs in. Then. This is where TCP Wrappers are so efficient but easy to use. but instead communicates only with the 'inetd' in the beginning. TCP Wrappers basically act as efficient tools which allow us to define a set of rules called the access control rules. the thing to remember here is that all requests for connections received by a Linux box. Besides controlling the access to various services on your system. If someone gets to know your IP. Now.conf' file replies saying that a daemon called in. The Second File.e. once the 'inetd' receives a connection request.amiable. if we want to restrict some particular hosts from accessing our system and allow only a predefined set of hosts to access our system. then it does give the attacker an opportunity to be able to use the services or daemons running on varous ports of your system for malicious purposes. X send Y a packet containing the Port Number to which it wants to connect (In this case 23 or the Telnet Port) and other such information required for a TCP connection to start.ftpd. At Y. Now. /etc/services 2. Now. the 'inetd' and other programs or daemons like in. The /etc/services/ responds to 'inetd' saying that the service name running on Port 23 is Telnet. The '/etc/inetd. the above can be arranged as below: Anyway. in.telnetd.conf contains the names of various services and the names of the corresponding daemons or programs providing those services. which receives all connection requests on behalf of all services or daemons running on all the Port Numbers. © www. So. we need to have basic understanding of how exactly. as to how exactly the 'inetd' uses these two files to allow remote connections to take place.conf' and asks for the name of the daemon or program which runs the telnet service. Both these files work together and are interlinked. A TCP Wrapper acts as a daemon which resides between the main daemon of the linus system i. They check to see who has requested the connection and if the connection requestor in amongst the deny list. 'inetd' contacts '/etc/inetd. Right? Thus. then he is not allowed to open a connection.Microsoft FUSE Labs Sub-domain defaced by Hmei7 November 2011 TCP Wrappers If you are running a Linux box and connect to the net through it.telnetd and that is when its job is over and it starts listening for other connection requests. So What Exactly are TCP Wrappers? Well. before we go on. basically a remote system doesn't start out by directly communicating with the various daemons. These access control rules control or define which hosts or machines are allowed to access and use the services running on the local machine(where the TCP Wrappers areinstalled and configured) and which hosts or machines are denied access to these services. To understand with a real life example. The best thing about TCP Wrappers is that they can also be used to set boobey traps to catch lamers. It is basically used by the 'inetd' to figure out what service runs on a particular Port Number. then they indeed can be used to manipulate access control. the /etc/inetd. As all connections to the linux box will pass through the inetd. it uses 2 configurationfiles two determine what to do next. /etc/inetd. These two files are: 1. they will also definitely pass through the TCP Wrapper. Linux responds to a connection request. TCP Wrappers come to the rescue. Now. Now. the /etc/services file contains the names of the various Services and the corresponding port numbers on which they run.conf The first one. The 'inetd' is the main daemon on a Linux Machine.

PARANOID: Matches hosts whose names does not match with it's IP.deny file contains rules which decide whether to allow access to a govern as to which hosts to disallow particular host or not? Well. but also ensure that unwanted hosts or clients do not get access to the services offered by your server. Irrespective of whether the connection is allowed or denied.ftpd : abc. in order to restrict all services or disallow all services to all hosts. The Not So Secure but Service unresolved by or www. say you want to disallow hosts coming from the isp.e. which can be used for access control. The Not So Secure But Service Providing H e l p o r m a n p a g e s . connection is allowed to be opened.allow file should contain the service name and the hosts to which access should be allowed. If a match is found. KNOWN: Matches hosts which are resolved by DNS. in the hosts.ftpd : abc. is what level of security do you really want your system to have. Like ALL. O r v i s i t : System www.deny and access is allowed only if no match is found in the hosts. This would be the best option for you. The important thing to remember while configuring a tcpd. let us move on to how exactly to configure it. © www. the wrapper collects the source IP from the packet and accordingly allows or denies a connection. then enter the following line: in. information on how to install the TCP Wrapper read the Linux Documentation. say you want to be able to access the FTP daemon from abc. The /etc/hosts. So. 1. then the a system in the isp. The /etc/hosts. enter the below line: ALL:localhost Now. then enter the following line in the hosts. the Wrapper access. Providing System: which means that mosts services are open and most people are allowed access to it. the /etc/hosts. This way not only can you provide services to legitimate users. If you want to deny access to all services. you basically are left out with two options-: .e.allow list is Anyway. if your system is used as server providing services like mail. /usr/sbin/tcpd /etc/hosts.isp. we would certainly like to be able to access all services running on our own machine from our own machine. The Secure But No Service Providing wrapper enters a log into the system log System: This is typically meant for those file.allow file is checked first and then the hosts. that we know how tcpd works. UNKNOWN: Matches hosts which are 1. However.deny The following is a hosts. ALL: abc.deny file: ALL : ALL The Anyway.allow file.deny file Anyway.allow: ALL : LOCAL The Secure But No Service Providing System The thing to remember here is that the hosts.isp. the ALL wildcard was used to restrict access to all Now. how does the TCP p r a c t i c a l l y e m p t y.telnetd in. FTP. now.linux. Let us take an example of a is helped in this aspect by two files: typical rule of the /etc/hosts. then it searchs the Note: The '. as we allow access to most . tcpd abc.deny file to understand how exactly rules and anyone coming from scans the /etc/hosts. allowing everyone to open for the hostname of the connection requestor. Telnet etc to a number of legitimate users.newbielinux. Now.Student Arrested for hacking Thailand Prime Minister Accounts November 2011 NOTE: Normally. of you who are very security conscious and for those whose system is not NOTE: Now. NOTE: By Default both of them are the above will change to: But. if tcpd to disallow access to the FTP and even then no match is found or even if Telnet daemons to anyone coming from both the files are empty. then enter the following line: in. t h e Wrapper daemon i.deny file for a match.allow 2.isp.allow for a match the domain isp. there are a number of similiar Wildcards.linuxdoc.' preceeding the isp. HACKING TRUTH: To allow access to all services to systems within your local domain. /usr/sbin/tcpd For more system. the inetd is configured to call the concerned programs or daemons like telnetd connection is once TCP wrappers are installed.telnetd : ALL EXCEPT isp.isp. I am assuming that you have providing services to legitimate users. then the in.isp. once the inetd daemon calls on the TCP Wrapper or sends the packet recevied to the tells /etc/hosts. However. the or www. enter the following line in your /etc/hosts. if no matches are found. Well. Whatever kind of setup you may have. then the inetd is configured to call on the Wrapper instead of the concerned daemon. W h i l e .in 24 . been able to install the TCP Wrapper This ensures that no one misuses your daemon i. and allow all other hosts to access the telnet domain.deny entry which denies access to the Telnet and FTP As soon as the inetd sends the services to anyone coming from connection request to the Wrapper. Some common ones are: LOCAL: This matches for hostnames coming from the local In this case.

In show you ho w to exploit vulnerability a common that lies in m I have used ost ADSL rou to gain com Angry IP Sca ters so as plete access nner v3. © www. n in the belo bility actua w image.1 117. If you different ve r settings details. Now vulnerability it has d switch to the select the o which can exploited eve Display tab.0 to .in 25 . u can do it. ption “Host easily be n by a noob s with open and click on hacker just lik this post I will ports only” 92. ter. For m the default router settin co m m o n se ost routers username-p gs using a t o f d efa u assword pa admin-admin lt u se rn a m passwords. e you. you n Options inst eed to Go to ead of Tools Every route r comes w Step-4: Now ith a usern password usi click on Sta ame and ng which it is rt.amiable.195. set the range you can something a s 117. This m possible for change the it should m akes it the attackers ost likely w default usern to gain unau access and ork with th ame and pass thorized modify the e word. A et S e rv ic e popup askin d hence the g for usern password. paste wser's addre re d fro m come ss bar and h window will th e Inte rn provider an it enter. Suppose you r IP is 117.101. er will show in access r settings an a list of IPs w open as show d configure The vulnera ith Port 80 the device. Si users do no change the ame and nce most u t bother to password la sers do not passwords. lly lies in th username a e Default nd password Step-5: Now tha factory sett copy any of ings.255 so tha t there are 200-300 IP a at least ddresses in th e range. A sample gs page is sh etailed info own below. Step-2: Ope n Angry IP Sc anner. m of them are nder Port se ost unaware of lection ente to scan for p a serious the fact that r 80 (we nee ort 80).192. select from the lis to www. d to gain a another IP Step-1: Go ccess. be able to ga in access. rsion.Malware on Mac Computer Appears as a PDF File November 2011 How to Hack an Ethernet ADSL Router Almost half of th the globe use e Internet users across ADSL routers Step-3: Go to Tools->Pre /modems to connect to the Internet ferences an Ports tab. After a fe the IP scann possible to ga to the route w minutes.wh t and repea Atleast 1 ou atismyipadd Once the pa t the step-5 t of 5 IPs will ress.200 94. here see an optio you n called IP Ra nge: where yo will to enter the u need range of IP a ddress to sca n for. If yo following cess u are lucky gain access to you should the router se ttings page w can modify a Angry IP Sca here you ny of the rou nner ter settings. U d select the however. page can va The settings ry from rou ter to route router settin Here is a d r. have a defau and hence yo you will find address. H ir will be or admin-pa es and ere is how yo ssword. rmation on exploit the vu how to lnerability o If you do f an ADSL rou not succee ter.192.0 b are using a to the route and ISP login eta-4. ge is loaded . No lt password u will surely your IP te it down. yo -password a above and h u need the tool in the pro s specified it enter. Usually t comes with the the IP from th it in your bro the routers p re co nfi g u e list. Just enter th Before you e username proceed.

If not santised properly.Facebook Improves Security through Websense Service November 2011 SQL Injection SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. shopping carts and the general delivery of dynamic content. and Filemaker Pro. the only way that a web application (and users) can interact with the database. The web application has open access to the database in order to return (update) the requested (changed) information. all of which use SQL as their basic building blocks. SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the backend database. security mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). Examples of relational databases include Oracle. Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser.amiable. If valid. JSP. words. the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. All an attacker needs to perform an SQL Injection hacking attack is a web browser. DROP TABLE is as ominous as it sounds and in fact will eliminate the table with a particular name. Web applications and databases allow you to regularly run your business. This is only possible if the inputs are not properly sanitised (i. In the legitimate scenario of the login page example above. These website features are all susceptible to SQL Injection attacks. It is perhaps one of the most common application layer attack techniques used today. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers. The sheer simplicity of SQL Injection has fuelled its popularity. PHP. and CGI. INSERT. User credentials. the legitimate user is granted appropriate access.e. SQL commands include SELECT. in fact. web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. SQL or Structured Query Language is the computer language that allows you to store. the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. employees and a host of stakeholders. Since your website needs to be public. manipulate. feedback forms.. MySQL. suppliers. search pages. Microsoft Access. Such features as login pages. SQL is. an SQL query is generated from these details and submitted to the database for verification. In other © www. the hacker uses SQL queries and creativity to get to the database of sensitive corporate data through the web 26 . These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.NET. On verification. In SQL Injection. DELETE and DROP TABLE. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database. made invulnerable) and sent directly with the SQL query to the database. The technologies vulnerable to this attack are dynamic script languages including ASP. ASP. and retrieve data stored in a relational database (or a collection of tables which organise and structure data). support and product request forms. financial and payment information. When the legitimate user submits his details. company statistics may all be resident within a database and accessed by legitimate users through off-theshelf and custom web applications. knowledge of SQL queries and creative guess work to important table and field names. Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism? Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL Injection web attacks. shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. MS SQL Server. the SQL commands planned for the web application may look SQL Injection: A Simple Example Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum. Through SQL Injection. the user is allowed access.

Even if an attacker is not able to modify the system. What is certain is that the attacker will be able to execute arbitrary SQL Commands on the vulnerable system. or to execute shell commands on the underlying operating system. Each type of web application is hard coded with specific SQL queries that it will execute when performing its legitimate functions and communicating with the database. A read access normally is enabled for use by web application back ends. either to compromise it or else to obtain information. to UNION (used to select related information from two tables) arbitrary data. a hacker may inject additional SQL commands that broaden the range of SQL commands the web application will execute. A hacker will thus have a clear channel of communication (or. Despite the fact that it is relatively easy to protect against SQL Injection. it may be possible to read in or write out to files. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database! An attacker may execute arbitrary SQL statements on the vulnerable system. er an attacker is able to see the data stored on the database or not. The more expert of hackers rarely get caught. use subselects. <form method="post" action="http://localhost/login. If any input field of the web application is not properly sanitised. he would still be able to read valuable information. there are a large number of web applications that remain vulnerable. this SQL command (from the web application) instructs the database to match the username and password input by the legitimate user to the combination it has already stored. If improperly coded. login and password. According to the Web Application Security Consortium (WASC) 9% of the total hacking incidents reported in the media until 27th July 2006 were due to SQL Injection.asp"> <input name="tfUName" type="text" id="tfUName"> <input name="tfUPass" type="password" id="tfUPass"> </form> The easiest way for the login.asp to work is by building a database query that looks like this: SELECT id FROM logins WHERE username = '$username’ AND password = '$password’ If the variables $username and $password are requested directly from the user's input. Depending on the back-end database in use. in layman terms. More recent data from our own research shows that about 50% of the websites we have scanned this year are susceptible to SQL Injection vulnerabilities. Unfortunately the impact of SQL Injection is only uncoveredwhen the theft is discovered. The database could be set to restrict to certain commands only. It may be difficult to answer the question whether your web site and web applications are vulnerable to SQL Injection especially if you are not a programmer or you are not the person who has coded your web applications. or append additional queries. thus going beyond the original intended design and function.amiable.Cyber Cell Mumbai Websites hacked by Pakistani Hacker November 2011 like the following: SELECT count(*) FROM users_list_table WHERE username='FIELD_USERNAME’ AND password='FIELD_PASSWORD” In plain English. Data is being unwittingly stolen through various hack attacks all the time. In some cases. Is my database at risk to SQL Injection? SQL Injection is one of the most common application layer attacks currently being used on the Internet. © www. If an attacker can obtain access to these procedures it. This may compromise the integrity of your database and/or expose sensitive information. What an attacker gains access to also depends on the level of security set by the database. he is able to inject SQL Query / Commands through an input form field.[break][break]Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). this can easily be compromised. W h et h leads us to believe that significant chance that already at risk from SQL Example of a SQL Injection Attack Here is a sample basic HTML form with two 27 . really depends on how your website is coded to display the results of the queries sent. It may be possible to manipulate existing queries. a tunnel) to the database irrespective of all the intrusion detection systems and network security equipment installed before the physical database server. Our experience there is a your data is Injection. SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. then you run the risk of having your customer and company data compromised. What is the impact of SQL Injection? Once an attacker realizes that a system is vulnerable to SQL Injection.

Advertisement Here Contact for space : ads@amiable. Isn't this what they have been designed to do? Patching your servers.amiable.November 2011 Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x SELECT id FROM logins WHERE username = 'Cipher’ AND password = 'anything' OR 'x'='x’ As the inputs of the web application are not properly sanitised. Since your website needs to be public. programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks. The 'x'='x' part guarantees to be true regardless of what the first part 28 .in © www. security mechanisms will allow public web traffic to communicate with your databases servers through web applications. the use of the single quotes has turned the WHERE SQL command into a two-component clause. This will allow the attacker to bypass the login form without actually knowing a valid username / password combination! How do I prevent SQL Injection attacks? Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web attacks. databases.

usage rights. as command line 29 . You can also define how many results you want on the page.Now navigate through User Configuration> Administrative Templates > Windows Components> Windows Explorer 3. WARNING: Don't try to experiment with other options in gpedit. double click on this option and modify it accordingly. Then just below you will find another option “Prevent access to drives from My Computer”. what language and what file type you're looking for. When you enter smoke fire – it © www. or one of the specified keywords by entering search terms into the appropriate box. 3. what exactly your doing. And you can click the "Date. 4. To make it visible again select "disable" by double clicking on the “Hide these specified drives in My Computer” option.amiable.msc if you don't know. Save time – most of these advanced features are also available in Google's front page search box.November 2011 How to Hide the Partitions? This trick is for all those people who want to hide tons of data into their box. Advanced Search lets you type in a Top Level Domain (like . The best way to begin searching harder with Google is by clicking the Advanced Search in the "Search within site of domain" box to restrict results. 4. Ultimate Google Search Tips 1. 5. all with 2. This lets you search for exact phrases.msc 2. Google's main search invisibly combines search terms with the Boolean construct "AND". So here it is if you have very important data in your hard drive placed in some partition which you do not want anybody to see then this trick is only for you!!! 1. 7. Just click on Start>Run and type gpedit. Double click on “Hide these specified drives in My Computer” modify it accordingly. 5. numeric range and more" link to access more advanced features. 6. "all these words".

Lotus. Try: Christopher Columbus discovered * 19. The modifier inanchor is very specific. like this: ~eggplant 14. Shockwave Flash and plain text files. PostScript. For example: soccer filetype:pdf 22. 27. In fact. To make Google search for smoke or fire. These are called "stop words". Instead of OR you can type the | symbol. Exclude entire file types. If a stop word is included in a phrase between quote marks as a phrase. Synonym search looks for words that mean similar things. then one keyword OR another by grouping them with parentheses. then and if are ignored by Google. new pram -ebay excludes all results from eBay.amiable. as long as your syntax is correct. Find live webcams by searching for: inurl:view/view. If you're looking for files rather than pages – give index of as the intitle: parameter. using the same Boolean syntax we used to exclude key words earlier: rugby -filetype:doc 23. Google has some very powerful. only finding results in text used in page links. For example "intitle" only searches page titles. you can combine any Boolean search operators. put them in quotes: "there's no smoke without fire" 13. Try intitle:herbs 25. Exclude specific key words with the minus operator. like I.£500 20. Google recognizes 13 main file types through advanced search. just type smoke OR fire 9. 11. © www. The plus operator makes sure stop words are included. 26. To look for phrases. 16. For example. 15. the word is searched for. They must be upper case. including all Microsoft Office Document types.November 2011 looks for smoke AND fire. 8. An example: "sausage and mash" onions filetype:doc 24. Like: fish +and chips 17. Search for a specific term.shtml 28. You can also ask Google to fill in a blank. Boolean connectors like AND and OR are case sensitive. Search for any filetype directly using the modifier filetype:[filetype extension]. Use the tilde symbol before your keyword.. like this: water (smoke OR fire) 12. search for Sony TV between £300 and £500 with the string Sony TV £300. hidden search parameters. too. It helps you find web and FTP directories. 21. like this: smoke | fire 30 . Common words. Search for a numerical range using the num range operator. 18. and. The modifier inurl only searches the web address of a page: give inurl:spices a go.

If you ticked "Remember this Location" when you searched for show times. The modifier film: works just as well! 45. try cast: 47. Use the site: modifier when searching Google Images. Use it like this: you can find pages that Google thinks are related in content. Similar. Try typing director: The Dark Knight into the main search box. Enter showtimes and Google will prompt you for your has its own 31 . 49. you can pick specific archives. Want to know how many links there are to a site? Try link:sitename – for example the next time you can enter the name of a current film" will only return results from . For a dedicated film search page. The Boolean operators intitle and inurl work in Google 48. Similarly. 42.November 2011 29. 46. 40. using the related: modifier. Specify a site to search with the site: modifier – like this: search tips site:www. 36.dmoz. 39. The modifier info:site_name returns information about the specified page. If you use the operator "source:" in Google News. using "site:. as does OR. © www. at images. using inblogtitle:<keyword> 43.amiable. The above tip works with directory sites like www. For cast lists. Google News (news. 35. Google really likes movies. Enter it and it'll tell you when and where local films are showing. Access Google Directory – a database of handpicked and rated sites – at directory. For example: heather mills source:daily_mail 41. Google Blogsearch ( For example "intext" pulls terms from the body of a story. 44. location:uk for example. Using the "location:" filter enables you to return news from a chosen domains. do a normal search then click the "Similar Pages" link next to a has its own Boolean The general search engine can get very specific 38. go to www. You can search for a blog title. for and dynamically generated sites. For example: dvd recorder 30. 37. Try movie:<name of film> to look for movie reviews.

66. Click "More" under "Try something new" to access a full list of Google sites and new features. 62. An active. 32 . Google's calculator converts measurements and understands natural language. Google automatically populates them with suitable site suggestions. the terms you enter most often and links you've clicked on! 72. useful service missing from the list is "Personalised Search" – but you can access it via www. 57. This page lists searches you have recently made – and is divided into categories. 52. It does currency conversion too.November 2011 50. You'll get a free Gmail email account for one. Type in 14 stones in kilos. 71.. Click "Select Theme" to change the default look. Try typing 12*15 and hitting "Google Search" then click "Create Account". and then hit "Google Search".google. for example. 56. Want to know how clever Google really is? Type 2476 in roman numerals. Try searching for weather London – you'll get a full 4-day forecast. 53. And temperature! Just type: 98 f to c to convert Fahrenheit to Centigrade. 68. There's also a built-in dictionary. 65. With a Google account there are lots more extras available. enter cache:site_url into Google's search box to be taken direct to the stored site. Personalised Search also includes a bookmark facility – which enables you to save bookmarks online and access them from anywhere. "Custom Search" enables you to create a branded Google search for your own site. © www.. 51. iGoogle allows you to theme your page too. If you know the currency code you can type 200 GBP in EUR instead for more reliable results. 69."Sweet Dreams" is a theme that turns from day to night as you browse.. when you're logged in. Google stores the content of old sites. you can also personalise your front page. You can personalize your Google experience by creating a Google account. song or album returns music reviews. Click "Add a Tab" in iGoogle to add custom tabs. With your Google account. 55. 59.. 67. Alternatively. Clicking "pause" stops Google from recording your history. Click "Trends" to see the sites you visit most. Go to www. 70. Click "iGoogle" to add blog and site feeds. Try 200 pounds in euros 58. Some iGoogle themes change with time. You can search this cache direct with the syntax keyword cache:site_url 54. No calculator handy? Use Google's built in Try define:<word> in the search box. 60. 61. The modifier music: followed by a band.

and it will show you the answer at the top of its results. Google Image Search recognizes faces. 81. You can choose to filter results more stringently or switch it off completely. when you add image to the end of your search. Google's Safe Search protects you from explicit sexual content. What time is it? Find out anywhere by typing time then the name of a place. Did you know you can search within your returned results? Scroll down to the bottom of the search results page to find the link. 86. For example Indian food BA1 2BW finds restaurants in Bath. 85. You can also set Google to open your search results in a new window. 74. like this: Leeds map 33 . You may have noticed Google suggests alternate spellings for search terms – that's the built in spell checker! 83. Google finds images just as easily and lists them at the top. You can add bookmarks or access your bookmarks using the iGoogle Bookmarks gadget. you'll see the "Search Preferences". Near the language tools link. This handy page is full of secret functionality. You can invoke the spell checker directly by using spell: followed by your keyword. 82. Looking for a map? Just add map to the end of your query. too. You can specify which languages Google returns results in. Search locally by appending your postcode to the end of query. 80.November 2011 73. 84. 91. translating to the chosen language. Enter a statistics-based query like population of Britain into Google. Other features on the language tools page include a translator for blocks of text you can type or cut and paste. then choosing which countries sites to translate your query to. 75. 79. 94. Enter the carrier and flight number in Google's main search box to return flight tracking information. click "Translate this Page" to see it in English.amiable. 78. Click "I'm Feeling Lucky" to be taken straight to the first page Google finds for your keyword. Google's default of 10 results a page can be increased to up to 100 in Search Preferences. 89. add &imgtype=face to the end of the returned URL in the location bar. 90. 88. 92. © www. 93. with addresses and phone numbers! 76. ticking as many (or few) boxes as you like. If your search has none-English results. Keeping an eye on stocks? Type stocks: followed by market ticker for the company and Google returns the data from Google Finance. and then hit enter to filter out pictures that aren't people. There's also a box that you can enter a direct URL into. 87. You can search foreign sites specifically by clicking "Language Tools".

com/zeitgeist 96. experimental search can be found at www. enter them into the trends search box separated by © Perhaps the Swedish chef from the Muppets is your role model instead? Check the universe and everything into Want to see what others are searching for or improve your page rank? Go to www. 98. To compare the performance of two or more terms. Type answer to life. 97.November 2011 95. It will also tell you the number of horns on a unicorn Advertisement Here Contact for space : 34 . Another useful. 101. You may be surprised by the – where you can find the hottest search terms. Fancy searching Google in Klingon? Go to www.amiable.

5. Restart the Computer. Here I am demonstrating using PRORAT trojan. The basic functionality of all backdoors is same.1 colCDROMs. You can use any trojan or keylogger as per your ease. Type Eject.Item(i). Please make note that all these hacking tools and software are detected by antivirus. Open up the program..7" ) Set colCDROMs = oWMP. Go to File >> Save As.. Type Notepad and hit Enter 3. The password will be "pro" (Without Quotation Marks)..Eject Next ' cdrom For i = 0 to colCDROMs. Open Task Manager and in processes search for wscript. 1. 2. You have to uninstall or close you running antivirus first.Eject Next ' cdrom loop End If 4.vbs and click Save How to use: Just Double Click the saved file (Eject.November 2011 Eject your drives in and out infinitely A simple VB Script will serve the purpose.9 Here I will show you how to hack email account password using keyloggers and trojans. First of all Download ProRat v1. Now in Notepad type: Set oWMP = CreateObject("WMPlayer.vbs) How To Stop: 1. and this will stop the script 2. Once it is downloaded right click on the folder and choose to extract it.cdromCollection if 35 . Do the following: 1.Count .Count . Go to Start >> Run 2.OCX.Item(i). You should see the following: © www.Count >= 1 then do For i = 0 to colCDROMs..1 colCDROMs. A password prompt will come up.exe and click End Process Making a Trojan Virus in ProRat v1.amiable.

Here is a quick overview of what they mean and which should be checked: 6. For my example I will choose the regular text document icon since my file is a text document. Click on the Server Extensions button to continue. We will not be using the rest of the options. and the victim name. he will be connected to the victim's computer and have full control over it. Click on Server Icon to continue. but exe's looks suspicious so it would be smart to change it.exe". 4. Next put in your email so that when and if a victim gets infected it will send you a message. Click on the Create button in the bottom. He will be asked for the password that he made when he created the server. You can send this trojan server via email. 5.amiable. Next put in your IP address so the server could connect to you.November 2011 3. 11. Now Open General Settings. Here you choose what kind of server file to generate.exe files. go and run the 36 . Once he types it in. Here you will have the option to bind the trojan server file with another file. Password protect this file with ZIP and then email it. we will choose the server port the program will connect through. So by binding it with a legitimate file like a text document or a game. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. press Create Server. port and clicking Connect. the chances of someone clicking it go up. Click on the Bind with File button to continue. You can not send this file via email as "server. Rename this file to something describing the picture. Check the bind option and select a file to bind it to. The hacker would then get a message telling him that the victim was infected. I prefer using . Next we will create the ProRat Trojan server. Very important: Do not open the "binded_server" file on your system. ask him to unlock it using ZIP password. the password you will be asked to enter when the victim is infected and you wish to connect with them. A new file with name "binded_server" will be created. your server will be in the same folder as ProRat. After this. A hacker could also put it up as a torrent pretending it is something else. If you don't know your IP address click on the little arrow to have it filled in for you automatically. Remember a trojan can only be executed if a human runs it. the trojan will be installed onto his computer in the background. because it will be detected as trojan or virus. I will show you what happens when a victim installs the server onto his computer and what the hacker could do next. 10. 8. This tab is the most important tab. © www. because it is cryptable and has icon support. he will be in your control. The icons help mask what the file actually is. like the latest game that just came out so he could get people to download it. In the check boxes. He would then connect to his computer by typing in his IP address. Now. When the victim will double click on the file. Here you will choose an icon for your server file to have. 9. 7. Choose Create ProRat Server. pendrive or if you have physical access to the system. Once your victim downloads this ZIP file. Once the victim runs the server on his computer.

amiable. Below is an image of what the hacker would see if he chooses to take a screen shot of the victims © www. 13. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs. take a screen shot of his computer. Below I'll show you a few examples. Advertisement Here Contact for space : 37 . format his whole hard drive. Now the hacker has a lot of options to choose from as you can see on the right. he can shut down his pc. As you saw in the above example. and so much more. get all the saved passwords off his computer.November 2011 12. a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won't get infected. He has access to all victim's computer files. send a message to his computer.

st u d e n t s . after reading it a bit and staring at the cost. So. It is a very innovative field which made me work 24 * 7 on it. a Graphic Designer and a part of Amiable Technologies.. only harms the environment. The task. it increases if you share it. Yes. I soon Started finding the answer these questions and i come to a conclusion. When its Free?” It also enables the magazine to enlarge its abilities to masses.amiable. p ro fe s s i o n a l s . enthusiasts. professionally a web developer and Co-founder of Amiable Technologies. “ You will never loose a bit if you share your knowledge with the world. there is a mammoth increase in its use and disuse. Adarsh Shukla. k n o w l e d g e .e.” We decided to launch a Free Online magazine . I hope Readers will like it..Cipher is made for all those who are keen about Ethical hacking and what’s going on latest in the field of internet. It should be free.Another thing that came to my mind was Why we spend Money in earning Knowledge. we can not evaluate it in terms of money.amiable. You will get experience day by day which will take you to more heights. With this I present you CIPHER…A FREE Ethical Hacking Education is just like an emotion which should flow from one heart to the other. People share there views and reviews everyday over the Internet. “Why to buy. as the designer of this magazine was particularly curious about the concept of the magazine. The contribution by any reader will be an honor for us to include it in upcoming editions. Ethical Hacking. The magazine started to take shape: the ideas. To maintain the quality of the content. Why not give them free what they want? Why to waste money on paper and support pollution? At the end of the day." Mayank Tripathi.CiPHER November 11 Words byAmiable Amiable knowledge. Giving support to all those people who are not able to spend 150 bucks or so on buying Tech Magazines. Cipher is a perfect package for all computer lovers. content. Facebook played a role here. Aakash Mishra Founder It was raining heavily and I was sipping my coffee with just nothing in my mind. Jasmine Revolution was a result of sharing.. they prefer not to purchase. bloggers. Sitting behind me they were talking something about technology and people.. Two guys came in with heavy and geek looks. It gave me immense pleasure designing this magazine and I had some wonderful experiences of my life. it was done and I was working on how I can make this happen. We tried to eliminate that and we came across the Internet.! © www. so that everybody is empowered to get a hold on it. Suddenly one of them started talking loudly about the monopoly of magazines over the market. I guess. Moreover.. the Guru of Gurus. As the blood rushed in my brain. bloggers and moreover sharing.. I am sure one day our world will change. So kindly support us in making this magazine HUGE. Yes. i.. the polluting cause was eliminated. Send your article to us at content@amiable. With the computer era soaring.consuming. With this free magazine on Ethical And help us in making knowledge cost free. but the passion and excitement to learn something new dominated it all and I let myself go making it. Got to learn a lot. I started to contact people with extra terrestrial knowledge on Ethical Hacking and preparing a ground for them. It was planned that magazine will be FREE and can be downloaded or read from our website (www.. money is the root here. I have always seen students reaching at the technical magazines. Share your knowledge and make this magazine always FREE. Why knowledge cant be free. We have endeavored it giving emphasis on both freshers and professionals. The best part of such a knowledgeable magazine is that it is available for free. Education is priceless. I. Readers can contribute by mailing the content and contact details (blogs preferred) at content@amiable. “Knowledge is a Bloggers can mail a permalink of their blog. Why today knowledge is getting dumped under cost. It was great fun working with such knowledgeable persons like Mr. people. he was not that financially sound to buy costly magazine every month. I have seen and met people who are the best in their field but lack a medium to share their Adarsh Shukla . I came up with a brilliant thought. People are always a part of sharing and are . "Your Support Is our Demand. it rather came as a challenge for me.When its Free. enthusiasts. students.. I am on quest to educate a noob about Security of the systems. Use of paper. Examples are innumerable. I love to share things. Some of my batch mates and juniors too came to help me with my quest. It is our first attempt to eliminate factor of cost from knowledge. it will go through some editing before finally publishing it in the magazine. Why we have to pay for knowledge. and with Amiable Technologies.I find a great pleasure in launching this magazine Cipher. was difficult and time . From Childhood Times I love to read Tech Magazines but because of cost being a factor I was not able to buy them so frequently so to eliminate the factor of cost. professionals and researchers to please contribute towards the magazine. " Why to buy. It took a lot to convince them for sharing their content to the world. Aakash Mishra and Mr. Adarsh was always with me whether it's raining or temperature is 40ºC. I would like to request all the readers. no doubt. Any one who is interest to share his/her knowledge is kindly invited. Anmol Kanchan ( .kanchan@gmail.November 2011 Contributing Artists Mayank Tripathi ( © www.