what is virtual machine?

Virtual Machine is just like a machine or operating system(s) installed into your operating system. It just work like an another computer. It is very useful when u need another operting system and u donot want to replace your present operating system or u donot want to spend a dedicated partition or extra space. It takes few GB space from your hard disk and physical memory and give it to the virtual machine. After installation of Virtual Machine inside your current operating system using a software like VMware or Virtual box, you can safely browse internet without letting others know your IP address. It is a very good method to hide your IP.
I will be shortly writing methods to hide your IP address.
good comments are always welcome!

DNS- Domain Name Server

What is DNS?
DNS or Domain Name Server is the server which maps the Domain name into its corresponding IP address. As we all know that every website or URL has a domain name, not only that; the email address also has its corresponding IP address. When we send email to any person, we know the email address but we donot know their IP so, it is the DNS who maps the email address to the corresponding IP adress and sends the email to the corresponding host of that IP because TCP/IP uses IP address to identify the host in any network.

Do email me if u want to know about anything.. vikash100dhn@gmail.com

How to hack gmail, facebook or other email id's password?

Although it is not easy to hack any password but if the victim is not aware of the security facts then their email id's can be easily hacked. Here are few methods to hack email id's:
Phishing:
you can easily hack one's email id using phishing. It is the method of making a fake webpage of facebook, yahoo, orkut, gmail etc. and uploading it on free hosting websites like my3gb.com and then sending the link to the victim. when the victim tries to login, its username and password will be redirected to the attacker's file which is uploaded on the server.

social engineering:
In this method the hacker tries to find out the security questions of the victim by using social engineering skills. Social engineering means finding the facts of the victim like hints for the password or the security questions without letting them know.

By using Keyloggers:
we can silently install keyloggers on their computer if physical access is available on their computer. Or by using your own computer and asking them to login and your computer will moniter the keystrokes and then find their username and password.
other ways are like DNS poisioning or using password attacks. In LAN we can use ARP poisioning or packet Sniffing.

XSS- Cross Site Scripting vulnerability/ Cookie Stealing

introduction:

This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)

what is cookie?

A cookie, also known as a web cookie, browser cookie, and HTTP cookie, is a piece of text stored on a user's computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data.

Cookies may be set by the server with or without an expiration date. Cookies without an expiration date exist until the browser terminates, while cookies with an expiration date may be stored by the browser until the expiration date passes. Users may also manually delete cookies in order to save space or to address privacy issue .

VPN and PROXY

VPN
VPN stands for virtual private network. A VPN keeps your wireless communications safe by creating a secure "tunnel," though which your encrypted data travels. These tunnels cannot be entered by data that is not properly encrypted. Not only is data encrypted when you use a VPN, but the originating and receiving network addresses are also encrypted. This adds an extra layer of security.

PROXY
Proxy sites enable you to bypass your own Internet provider and browse through the proxy web site. All that you have to do is type the web site address you would like to visit in the form they provide, and start browsing. Once you keep browsing using that form, you are protected and your real IP address is not being logged.

DNS poisioning

DNS- It stands for domain name server. As we know that it is used to resolve the domain name into its corresponding IP. As on internet everything is done using IP address. for example: if we manually input the ip of any site  and a domain name where the domain name will be redirected to the manually entered ip address. this process is known as DNS poisioning. for example if we put the ip of google and domain name of Facebook besides it then when a user will input the domain name for facebook it will show the page of google. The modification is made on the file which is inside the installation folder or windows. If windows is installed in C: drive then its path would be:
C:\Windows\System32\drivers\etc\hosts\
Goto this folder
now open it with notepad.
you will see something written like this:
127.0.0.1   localhost
write the following below it:
209.85.153.104    www.facebook.com
209.85.153.104    facebook.com

note that 209.85.153.104 is the ip of google. when user will enter the url as www.facebook.com or facebook.com then its browser will redirect this page to the google.
so, have fun with your friends using DNS poisioning...........
Do comment if u need any help.....

SQL INJECTION

• It is a technique that exploits security vulnerability occuring in the database layer of an application( generally SQL,MYSQL).
• The vulnerability is present when user input is either incorrectly filtered or few other escape character like %,-- are embedded in sql query such as 1'or'1'='1 is true for all cases and therefore executed.
• the attacker can try to gusess the username of an account by quring fpr so,o;ar iser ma,es ;ole ad% for admin.
• Attacker can insert data by appending commands or wrinting queries.
• Generally SQL vulnerability is found on site using ' after the url. If it shows error likeMicrosoft OLE DB error then the site is vulnerable to SQL injection.

what is 3G?

As the technology advances, we are moving into more new and latest technologies. Once there was 1st generation voice communication which used analog signals for voice communication using stationary wired telephones. In 2G or 2nd generation, the analog signal was digitalised and we were able to communicated voice and text using wireless cellular technology called mobile phone. Now a days, we are using 3G or 3rd generation mobile phones in which data transfer is at higer rates than 2G, now we can send videos and graphics or video calling , live T.V is easily available with a higer speed. This evolution in the cellular telephony service is known as 3G. Now scientists are researching on the advancement over 3G technology in which the data tranfer will be much faster.

find the people on the internet using name or email id or phone number

You can easily find out the people on the internet using the name, username, email id or phone number. just visit the website below:

http://www.pipl.com/

how to recover permanetly deleted files, folders from your hard drive other storage medium?

Although there are many softwares available for this purpose, i will recommend you to download tune up utilities. you can use this software to recover your permanently deleted files or folders. There are softwares you can download by searching in the google.

Passoword cracking or Password Hacking Tools

Brute Force attack:
It is an attack which includes all the possible permutation and combinations of passwords. But, it is very time consuming. As it takes a lot of efforts to try all possible combinations. for example if a password is 6 digit long then 10^6 combinations are possible. if it include alphabet or special characters then its complexity is even more. tool: brutus

Dictionary Attack:
In this attack attacker uses a set of words or string of possible and frequently used passwords. It is effective than bruteforce attack.

Keyloggers: There are many keyloggers available. You can download it by google search. But beware, your antivirus may treat it as a virus. It can be used as a spy to your computer. It records keystrokes, pictures of your screen at certain intervals and many more activities associated with your computer as per your settings.


Tips:

#Always remember u should keep your password long and atleast containg two types i.e alphabet and numbers or any special characters.

#Have some recovery method for passwords associated with the email ids in case they are hacked by someone.

Introduction to ethical hacking

Before jumping into Ethical hacking and hacking tips and tricks, it is needed to know what is ethical hacking all about and why do you need this and where you need this? You must know such aspects before you put yourselves into ethical hacking.  Just assume that you are in need of accessing your own security parameters of your system, to fix several issues related to it. If you do this, it’s also a kind of ethical hacking because all you want to do is to ensure your own safety and security of your information systems no matter whether you are a corporate owner or a home based user.  Security is must.
So now I successfully explained without any details that ethical hacking is some kind of security testing and related parameters. That is, testing your security related issues legally. So you need not worry about legal concerns if you really start in the right way. This is not at all the complete definition of ethical hacking and I cannot provide you a scientific or technical explanation just like Wikipedia does.
unless you donot know what are the security holes and vulnerability in your system yo cannot protect it. Ethical Hacking or penteration testing is just like that. There are now many certified courses are available for the ethical hacking.
I will put it in later posts.

GOOGLE: How does it work

What is google?

As it seems to be a foolish question to all reading my blog. But as we know that it is a very powerful search engine which produce unbelievable results by accepting predefined commands and any string.
It is a powerful tool for the hackers, crakers, script kiddies to gather confidential and sensitive informations which is not visible through common search.

How does it work?
It indexes pages on the web by using Spiders, crawlers or Robots. Google's spider, GoogleBot uses links on web pages. It travels from site to site by using these links. When google finds a new web page, its crawler crawls the page and transport it back on the google database server. These bots keep on crawling the sites to keep the google database updated. When we are looking for any search using a string it shows thousands of results based on the priority or the website describing the keyword show the result.


You can optimise your results using different syntaxes such as intitle, inurl, intext, file type etc. I have already added one post regarding the optimisation of your search using google.

Difference between virus, worm and Trojans

VIRUS:

Virus are the unwanted programs which infect other files, commonly .exe. They multiply with these exe files and modify or delete datas.

WORMS:
They are like virus but they donot modify or delete any data. They consum a lot of resources like your hard disk space by multiplying.

TROJANS:
They are like virus but sometimes very dangerous as they are often associated with RAT(Remote Access Trojan) or keyloggers. Initially you dont know that a trojan is running on your computer. They can send Keyloggs, Pictures and every activity associated with your computer as per their settings. They are generally contained within a legitimate program that user cannot understand that it is having trojan.

Types of hackers

CODERS:
Coders are programmers who have he ability to find unique vulnerabilities in existing software and to create working exploit codes. These hackers, are not seeking publicity and are rarely part of top news stories. They have good knowlege of OSI and TCP/IP models.


ADMINS: 

Admins are the more common than coders and may have experience with several operating systems, understand TCP/IP and know how  to exploit several vulnerabilities. THey generally have less depth of knowledge but possible greater breadth than coders. This level of hackers would be a part of a security team in a large organization. Some level of programming or scripting ability is required.

SCRIPT KIDDIES:
They are the lowest and most populated part of hackers. Their names comes from the fact that they use previously coded scripts and use hacking tools and softwares downloaded from internet. This types of hackers do hacking for just enjoyment or time pass. Sometimes they can be very dangerous as the acts done by them are somtimes unknown to them causing huge damage.

The other type of classifiction is based on the nature of hacker is Black hat, White hat and Grey hat.