DattuDharanikota's: 2012-03-11

Thursday, March 15, 2012

How To Block Websties Without Software, block websites

Steps:

1] Browse C:\WINDOWS\system32\drivers\etc
2] Find the file named "HOSTS"
3] Open it in notepad
4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com ,
and that site will no longer be accessable.
5] Done!

-So-

127.0.0.1 localhost
127.0.0.2 www.blockedsite.com

-->www.blockedsite.com is now unaccessable<--

For every site after that you want to add, just add "1" to the last number
in the internal ip (127.0.0.2) and then the addy like before.

IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com

etc

http://127.0.0.1/

‎127.0.0.1

Thank You@dattu

How to Check if an Email Address is Valid or Not

Spam filters of popular email services like Gmail,Yahoo are very efficient and they keep a lot of junk emails out of your inbox.Still there are some sophisticated techniques available using which hackers bypass these spam filters.Emails are the prominent method used in phishing scams.

There are various free online services that allows you to send anonymous emails.Hackers can effortlessly create their own Anonymous Email service by simply uploading email PHP script to their servers.If you receive a suspicious email you can check whether that email id exists or it is fake.

Email address Checker is a free third party service. This checking tool connects to the mail server and checks whether the email exists. For valid email addresses, you can view additional intelligence including pictures, blog and local searches.

How to verify an Email Address is Valid or Not:-

Just go here http://tools.email-checker.com/

In the Email Address field give the email address which you want to verify and click on check button.

In the lower field you will see your result. In this example I had given two email address as you can see there will be a Tick Mark sign which is valid address and there will be a cross sign which is invalid email address.

For more information about the Email address click on the info button.

The only limitation of this tool is that you can only check three Email ID’s from one IP Address in a day.

That's really hard to hear for you guys..but if you are more thirsty, don't worry just ping me here as a comment or else in my comment box..I will give you a solution..

Thank You@dattu

Monday, March 12, 2012

How to create CON folder in windows XP which others can't ! !...

Hello guys...

Many ppl dont know that they cannot create "CON" folder in windows.

Some ppl dont know why they cant create it?

Very few know that they can still create it someway.. but donno why are they supposed to do exactly like that..

Try out creating a folder named CON or LPT or COM1

Not only CON, we cannot create any of these
CON, PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9 and more

The reason is that con, prn, lpt1..lpt9, etc are underlying devices from the time dos was written. so if u r allowed to create such folders, there will be an ambiguity in where to write data when the data is supposed to go to the specified devices. In other words, if i want to print something, internally what windows does is -- it will write the data to the folder prn (virtually u can call it a folder, i mean prn, con, etc are virtual folders in device level). So if we are able to create con folder, windows will get confused where to write the data, to virtual con folder or real one.

So Now, Try this...

Open the Command prompt by Start -> Run and typing cmd

Code:

C:\> md \\.\c:\con

Now, Open My Computer and browse through the path where you created CON folder... Surprising.. ?? Yeah.. you have created it successfully

Now, try to delete the folder from My computer

OOPS!!! You cant delete it...

Now, try this in command prompt console

Code:

C:\> rd \\.\c:\con

Thank You.@dattu

WEBSITE STRUCTURE[What type of things we Need to Consider Before Making Website]

WEBSITE STRUCTURE

Homepage

First page that you show to a visitor; it’s like a face of a person
Make sure it looks good, attractive and descriptive because it’s the first impression to the visitors
It’s like an introduction of your page (it should have introduction to every links in the website)
Includes graphic & animation (flash)
Has name, logo, description (about 1-2 paragraphs) , contact info., etc.
Search engine looks at text only (not graphic and animation)
So try to put your information in text as much as possible
Try to make your page the top ten website in search engine

- Contact Information

“Contact Us”

Includes company owner’s contact information or map to the company
Very important since it helps visitors to get in touch with the company
It is a place for the clients to send their own information

- Privacy Policy

It’s the term of agreement about the purpose of the visitors’ collected data
Make the visitors feel secure and sincere
Ensures the visitors that their data will not be misused
Cookies are collected when visitors launch the website
When visitors log in to the website, the information of their computers will be collected and save in cookies file
Visitors information can be sold to the spammer
Product Service and Information
Produces are needed to be categorized
Each category includes descriptions and information that attract visitors
Includes types of product and every information that is important (or interesting)
Must have permission to use any work with license
Copy right content – ask the permission from the owner of company first
In your website, photo/image should be taken by yourself
If you take it from somewhere else, you need to get proper permission from the owner of those photos
When you sell products, some people might now know how to operate them
You should provide after-sell service like putting the “How to” operate the product in your website
Services are important to the customers

- Biography

Tells personal information or history of the company
Helps people to understand how long the company is in the business
Longer time means higher experiences so the company provides better quality service/product
Not all type of website needs biography
Video Broadcasts
Helps use to tell information/advertisement/tutorial/produce service (How-to)
Makes visitors interest in your products
Provides technical support

- Site maps

Contains all links to every pages
It’s like a navigator; it shows a structure of your website
Makes it friendly to search engine
Gives visual structure of website

-Footer
It’s at the bottom of the page

Company name/copyright info./navigation link/contact info./privacy policy
- Company information (about us)

Describes company details/mission statement/philosophy/ biography/member of team/what can others benefit from you
Tells what you are doing and what will the visitors get in your website
Customer Service
Visitors get more information about a service
Way to serve customers better
It provides delivery, return products, problems solution, etc.
You can include a conversation box
The easier to use, the more customers you have (the more service is given to customers, the more the customers get more interest in you)
It’s a quick interaction between customers and company
Provides fast service but there must be privacy policy (make sure the customers’ information will not be shared to everyone)

- HTML

Follows website standard so that it’ll look organized
If you don’t follow the standard, you will ruin the design & content will be lost
WP3 (Web standard)
Make sure you follow the structure correctly or else your browser cannot display your website
Also make sure that every browser shows up your information correctly

- Site Credit

Advertises the name of the person who create the website (or who make the template)
Gives users/visitors more benefit
Attracts people to come to your site

- Portfolio

Media files/videos/MP3
It is the best way to market service
Shares news/industrial information
Tells what your company is doing

- FAQ (Frequency Asked Questions)

Helps visitors for easier way to get information
Shows contact information and provides customer service
Questions & answers
Helps customers solve problem about the products

- Site search

Eg. www.google.com
Not require but can make visitors stay in your site longer
Visitors can search for your entire website (using key words that they type)

- Terms of Service

States how site provides service
Includes concept/rights/usage registration/security/etc.
Tells conditions under which service is giving.

- Content pages (in folder)

Must have ‘footnote’ which includes…
Title of the page (that will appear on the title bar)
Keyword (to help in search engine)
Description

Thank You@dattu

How to use a trial program forever without activation.

Most of us are familiar with many software's that run only for a specified period of
time in the trial mode. Once the trial period is expired these software's stop
functioning and demand for a purchase. But there is a way to run the software's and
make them function beyond the trial period. Isn’t this interesting ?

I’ll try to explain this in brief.

When these software's are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After installation every time you run the software, it compares the current system date and time with the installed date and time. So, with this it can make out whether the trial period is expired or not.
So with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small Tool known as RunAsDate. RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application. RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the
current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003 and Vista. NOTE: FOLLOW THESE TIPS CAREFULLY

You have to follow these tips carefully to successfully “hack” a software and make it
run in it’s trial mode forever.

1. Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate.
3. After the trial period is expired, do not run the software(program) directly. If you
run the software directly even once, this “hack” may no longer work.
4. It is better and safe to inject the date of the last day in the trial period.
For example, if the trial period expires on jan 30 2009, always inject the date as jan
29 2009 in the RunAsDate.
RunAsDate can be downloaded from here:
http://www.nirsoft.net/utils/run_as_date.html

I hope this helps! :D

Thank You.@dattu

Sunday, March 11, 2012

HACK FACEBOOK ACCOUNTS USING DESKTOP PHISHING - THE SECOND ART OF PHISHING

Desktop Phishing is an advance form of phishing.

If you are a newbie Kindly read my previous post on normal phishing before proceeding.

CLICK HERE TO VIEW NORMAL PHISHING

In desktop phishing hackers change your Windows/System32/drivers/etc/hosts file,this file controls the internet browsing in your PC.

This method is a bit advanced.

Difference between phishing and desktop phishing is as follows.

In phishing :-

1. Attacker convinces the victim to click on the link of fake login page

which resembles a genuine login page.

2. Victim enters his credentials in fake login page that goes to attacker.

3. Victim is then redirected to an error page or

genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name.

We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing:-

1. Attacker sends an executable/batch file to victim which is fully FUD

and victim is supposed to double click on it. Attacker's job is done.

2. Victim types the domain name of orignal/genuine website

and is taken to our fake login page.

But the domain name remains the same as typed by victim and

victim doesn't come to know.

3. Rest of the things are same as in normal phishing.

What is Hosts File ?

The hosts file is a text file containing domain names and IP address associated with them.

Location of hosts file in windows: C:\Windows\System32\drivers\etc\

Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown.

When we visit www.anywebsite.com , we would be taken to this 115.125.124.50.

No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is attack ?

I hope you have got an idea that how modification of this hosts file on victim's computer can be misused.

We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page.

Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim.

Hence domain name is spoofed.

Two Steps to perform attack :-

1.Create and host phishing page on your computer.

2.Modify victim's host file.

Step 1 :- Create and host phishing page on your computer.

Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com.

An IP address points to a webserver and not a website.

So we need to host the phishing page on our computer using a webserver software like wamp or xampp.

DOWNLOAD XAMPP SERVER

Kindly read my simple tutorial on setting up XAMPP web server HERE and this step would be clear to you.

DOWNLOAD FACEBOOK PHISHING PACKAGE

Step 2 :- Modify victim's host file.

This step can performed in two different ways.

Method 1 -

Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.

Copy your hosts file and paste it anywhere .
Modify it according with your ip.
Edit it with any text editor and associate your public IP address with domain Facebook.com

Like in this case , when victim would visit Facebook.com, he would be taken to website hosted on IP '127.0.0.1

Obviously Replace 127.0.0.1 with your public IP.

Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.

Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

Method 2 -

Create a batch file which would modify hosts file as per your need.
Open your notepad and type the following text

Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat .

Extension must be .bat

When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack :-

1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect.

To overcome this we need to purchase static IP from our ISP.

Countermeasures:-

Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser.

Check the protocol whether it is "http" or "https" . https is secure.

Thank You@dattu