what is virtual machine?

Virtual Machine is just like a machine or operating system(s) installed into your operating system. It just work like an another computer. It is very useful when u need another operting system and u donot want to replace your present operating system or u donot want to spend a dedicated partition or extra space. It takes few GB space from your hard disk and physical memory and give it to the virtual machine. After installation of Virtual Machine inside your current operating system using a software like VMware or Virtual box, you can safely browse internet without letting others know your IP address. It is a very good method to hide your IP.
I will be shortly writing methods to hide your IP address.
good comments are always welcome!

DNS- Domain Name Server

What is DNS?
DNS or Domain Name Server is the server which maps the Domain name into its corresponding IP address. As we all know that every website or URL has a domain name, not only that; the email address also has its corresponding IP address. When we send email to any person, we know the email address but we donot know their IP so, it is the DNS who maps the email address to the corresponding IP adress and sends the email to the corresponding host of that IP because TCP/IP uses IP address to identify the host in any network.

Do email me if u want to know about anything.. vikash100dhn@gmail.com

How to hack gmail, facebook or other email id's password?

Although it is not easy to hack any password but if the victim is not aware of the security facts then their email id's can be easily hacked. Here are few methods to hack email id's:
Phishing:
you can easily hack one's email id using phishing. It is the method of making a fake webpage of facebook, yahoo, orkut, gmail etc. and uploading it on free hosting websites like my3gb.com and then sending the link to the victim. when the victim tries to login, its username and password will be redirected to the attacker's file which is uploaded on the server.

social engineering:
In this method the hacker tries to find out the security questions of the victim by using social engineering skills. Social engineering means finding the facts of the victim like hints for the password or the security questions without letting them know.

By using Keyloggers:
we can silently install keyloggers on their computer if physical access is available on their computer. Or by using your own computer and asking them to login and your computer will moniter the keystrokes and then find their username and password.
other ways are like DNS poisioning or using password attacks. In LAN we can use ARP poisioning or packet Sniffing.

XSS- Cross Site Scripting vulnerability/ Cookie Stealing

introduction:

This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)

what is cookie?

A cookie, also known as a web cookie, browser cookie, and HTTP cookie, is a piece of text stored on a user's computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data.

Cookies may be set by the server with or without an expiration date. Cookies without an expiration date exist until the browser terminates, while cookies with an expiration date may be stored by the browser until the expiration date passes. Users may also manually delete cookies in order to save space or to address privacy issue .

VPN and PROXY

VPN
VPN stands for virtual private network. A VPN keeps your wireless communications safe by creating a secure "tunnel," though which your encrypted data travels. These tunnels cannot be entered by data that is not properly encrypted. Not only is data encrypted when you use a VPN, but the originating and receiving network addresses are also encrypted. This adds an extra layer of security.

PROXY
Proxy sites enable you to bypass your own Internet provider and browse through the proxy web site. All that you have to do is type the web site address you would like to visit in the form they provide, and start browsing. Once you keep browsing using that form, you are protected and your real IP address is not being logged.

DNS poisioning

DNS- It stands for domain name server. As we know that it is used to resolve the domain name into its corresponding IP. As on internet everything is done using IP address. for example: if we manually input the ip of any site  and a domain name where the domain name will be redirected to the manually entered ip address. this process is known as DNS poisioning. for example if we put the ip of google and domain name of Facebook besides it then when a user will input the domain name for facebook it will show the page of google. The modification is made on the file which is inside the installation folder or windows. If windows is installed in C: drive then its path would be:
C:\Windows\System32\drivers\etc\hosts\
Goto this folder
now open it with notepad.
you will see something written like this:
127.0.0.1   localhost
write the following below it:
209.85.153.104    www.facebook.com
209.85.153.104    facebook.com

note that 209.85.153.104 is the ip of google. when user will enter the url as www.facebook.com or facebook.com then its browser will redirect this page to the google.
so, have fun with your friends using DNS poisioning...........
Do comment if u need any help.....

SQL INJECTION

• It is a technique that exploits security vulnerability occuring in the database layer of an application( generally SQL,MYSQL).
• The vulnerability is present when user input is either incorrectly filtered or few other escape character like %,-- are embedded in sql query such as 1'or'1'='1 is true for all cases and therefore executed.
• the attacker can try to gusess the username of an account by quring fpr so,o;ar iser ma,es ;ole ad% for admin.
• Attacker can insert data by appending commands or wrinting queries.
• Generally SQL vulnerability is found on site using ' after the url. If it shows error likeMicrosoft OLE DB error then the site is vulnerable to SQL injection.

what is 3G?

As the technology advances, we are moving into more new and latest technologies. Once there was 1st generation voice communication which used analog signals for voice communication using stationary wired telephones. In 2G or 2nd generation, the analog signal was digitalised and we were able to communicated voice and text using wireless cellular technology called mobile phone. Now a days, we are using 3G or 3rd generation mobile phones in which data transfer is at higer rates than 2G, now we can send videos and graphics or video calling , live T.V is easily available with a higer speed. This evolution in the cellular telephony service is known as 3G. Now scientists are researching on the advancement over 3G technology in which the data tranfer will be much faster.

find the people on the internet using name or email id or phone number

You can easily find out the people on the internet using the name, username, email id or phone number. just visit the website below:

http://www.pipl.com/

how to recover permanetly deleted files, folders from your hard drive other storage medium?

Although there are many softwares available for this purpose, i will recommend you to download tune up utilities. you can use this software to recover your permanently deleted files or folders. There are softwares you can download by searching in the google.

Passoword cracking or Password Hacking Tools

Brute Force attack:
It is an attack which includes all the possible permutation and combinations of passwords. But, it is very time consuming. As it takes a lot of efforts to try all possible combinations. for example if a password is 6 digit long then 10^6 combinations are possible. if it include alphabet or special characters then its complexity is even more. tool: brutus

Dictionary Attack:
In this attack attacker uses a set of words or string of possible and frequently used passwords. It is effective than bruteforce attack.

Keyloggers: There are many keyloggers available. You can download it by google search. But beware, your antivirus may treat it as a virus. It can be used as a spy to your computer. It records keystrokes, pictures of your screen at certain intervals and many more activities associated with your computer as per your settings.


Tips:

#Always remember u should keep your password long and atleast containg two types i.e alphabet and numbers or any special characters.

#Have some recovery method for passwords associated with the email ids in case they are hacked by someone.

Introduction to ethical hacking

Before jumping into Ethical hacking and hacking tips and tricks, it is needed to know what is ethical hacking all about and why do you need this and where you need this? You must know such aspects before you put yourselves into ethical hacking.  Just assume that you are in need of accessing your own security parameters of your system, to fix several issues related to it. If you do this, it’s also a kind of ethical hacking because all you want to do is to ensure your own safety and security of your information systems no matter whether you are a corporate owner or a home based user.  Security is must.
So now I successfully explained without any details that ethical hacking is some kind of security testing and related parameters. That is, testing your security related issues legally. So you need not worry about legal concerns if you really start in the right way. This is not at all the complete definition of ethical hacking and I cannot provide you a scientific or technical explanation just like Wikipedia does.
unless you donot know what are the security holes and vulnerability in your system yo cannot protect it. Ethical Hacking or penteration testing is just like that. There are now many certified courses are available for the ethical hacking.
I will put it in later posts.

GOOGLE: How does it work

What is google?

As it seems to be a foolish question to all reading my blog. But as we know that it is a very powerful search engine which produce unbelievable results by accepting predefined commands and any string.
It is a powerful tool for the hackers, crakers, script kiddies to gather confidential and sensitive informations which is not visible through common search.

How does it work?
It indexes pages on the web by using Spiders, crawlers or Robots. Google's spider, GoogleBot uses links on web pages. It travels from site to site by using these links. When google finds a new web page, its crawler crawls the page and transport it back on the google database server. These bots keep on crawling the sites to keep the google database updated. When we are looking for any search using a string it shows thousands of results based on the priority or the website describing the keyword show the result.


You can optimise your results using different syntaxes such as intitle, inurl, intext, file type etc. I have already added one post regarding the optimisation of your search using google.

Difference between virus, worm and Trojans

VIRUS:

Virus are the unwanted programs which infect other files, commonly .exe. They multiply with these exe files and modify or delete datas.

WORMS:
They are like virus but they donot modify or delete any data. They consum a lot of resources like your hard disk space by multiplying.

TROJANS:
They are like virus but sometimes very dangerous as they are often associated with RAT(Remote Access Trojan) or keyloggers. Initially you dont know that a trojan is running on your computer. They can send Keyloggs, Pictures and every activity associated with your computer as per their settings. They are generally contained within a legitimate program that user cannot understand that it is having trojan.

Types of hackers

CODERS:
Coders are programmers who have he ability to find unique vulnerabilities in existing software and to create working exploit codes. These hackers, are not seeking publicity and are rarely part of top news stories. They have good knowlege of OSI and TCP/IP models.


ADMINS: 

Admins are the more common than coders and may have experience with several operating systems, understand TCP/IP and know how  to exploit several vulnerabilities. THey generally have less depth of knowledge but possible greater breadth than coders. This level of hackers would be a part of a security team in a large organization. Some level of programming or scripting ability is required.

SCRIPT KIDDIES:
They are the lowest and most populated part of hackers. Their names comes from the fact that they use previously coded scripts and use hacking tools and softwares downloaded from internet. This types of hackers do hacking for just enjoyment or time pass. Sometimes they can be very dangerous as the acts done by them are somtimes unknown to them causing huge damage.

The other type of classifiction is based on the nature of hacker is Black hat, White hat and Grey hat.

TROJANS

What is trojan?

• An unauthorized program contained within a legitimate program. This unauthorized program performs ffunctins unkonown by the user. 

• A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions known by the user

working of trojans

• Attacker gets access to the trojaned syastema as the system goes online.
• Byway of the access provided by the trojan attacker can stage attacks of different types.

various trojan genre

• Remote Access Trojans(RAT)
• Password Sending Trojans
• Keyloggers
• Destructive
• Denial of Services(Dos) Attack Trojans
• FTP Trojans

modes of transmissions:

Attachments, Physical access, Browser and e-mail software bugs, NetBIOS(file sharing), Fake Programs, Untrusted sites and Freeware Softwares.

Symptoms:

• System is slow
• Task Manager Disabled
• unwanted Processes
• unwanted Files or Folders on the disk

preventions:

• Donot download software from any site which is not trusted.
• Donot click on any file or folder that you are not sure what is it.
• Donot click on any unknown link.

• There are many Trojan removing software available( I dont know that they work or not, i have tried one but it didn't worked)

remember prevention is better than cure....
keep reading...

NEW TOOLBAR FOR MS OFFICE

Google has launched a special cloud connect toolbar which is inbuild in the office applications like ms-word, ms-powerpoint ms excel. With this toolbar u can save your ms office data to the server of google.

How it works:

You have to login into your google account through this toolbar. After that this toolbar automatically starts saving data. Untill your google account is active all the documents will be saved in encripted form in the google server.

Stegnography: Hide any text in any picture.

step1: Put any picture and notepad file on desktop or any where u want.
Step2: Goto command prompt. Then go to the location where u have kept the files(i.e. image and notepad files)
Step3: Now type in the command prompt: copy /b abc.jpg+bcd.txt xyz.jpg (note that my picture name is    abc and notepad file is bcd and xyz is the file which will be created.
step4: Now u can see a image having name xyz. which contains the text which was contained in the notepad file(bcd).
step5: To see the notepad content right click the image and choose open with notepad.
Ste6: You will see encripted texts. Don't worry. scroll down. At the last u will see the content of your notepad files.


If u feel any problem then write to me...

How to hide any text in the notepad

step1: Goto command prompt. Type cmd in the run option.
step2: write cd\
step2: Now you are in c:\>
step4 :type- notpad vikash.txt:hidden.txt
step5: it will ask u that the filename of notepad (here vikash) not found do you want to create?(you can see a new notepad file) click yes.
Step6: Now type the content u want to keep hidden. and save it.
Step 7: when u will open the file u will see nothing written on it.
Step 8: To see the content Type the same command again ie( notpad vikash.txt:hidden.txt). You will be able to see the content.

ATTACK ON NETWORK SECURITY

There are basically three types of attacks-
1) Reconnaissance attack- This attack basically deals with the information gathering which is later used to compromise the network. This type of attack includes- Packet sniffing, Port scan, Ping sweeps etc.

2) Access attacks- This attack is done when the vulnerability in the network is found in 1st stage. this attack includes-IP spoofing, password cracking(Brute force attack, Dictionary attack), Man in middle attack(Session Hijacking), Server Spoofing, Trust exploitation, Buffer overflow.

3)Denial of Service(DoS) attack- • DoS attacks prevent access to part or all of a computer system. They are usually achieved by sending large amounts of jumbled or otherwise unmanageable data to a machine that is connected to a corporate network or the Internet, blocking legitimate traffic from getting through. Even more malicious is a Distributed Denial of Service attack (DDoS) in which the attacker compromises multiple machines or hosts. Ex- ping broadcast, Ping of death, smurf, teardrop.

few things u would like to know

1) How to know your ip address?
step1: open command prompt or type cmd in run
step2: type ipconfi/all
step3:press enter
this will show your ip address, physicsal/ mac address, and subnet mask and default gateway of your internal network for all network interfaces.

To find the IP of your computer within internet -
go to site: www.whatismyip.com or
                  www.whatismyipaddress.com

you can easily change your ip using proxy websites like:

www.anonymizer.com or
www.samair.ru/proxy