KON BOOT DOWNLOAD LINK

www.metro-mendax.webege.com/koCD.iso

REGISTER IN IRC CHANNEL:

REGISTER IN IRC CHANNEL

Follow these following steps to register in Irc,

Download An Irc Client: xchat (recommended)

Install it and run it

Click start

In Window at Bottom u will be Seen a Chat Box

Type These Commands to get registered

/nick NickName

Press Enter

Enter the server address on which server u want to be registered

/server irc.anonops.com (recommended)

Press enter

/msg nickserv register password email@address

Then a Mail will be sent to your mail account and they will give a command link

Just paste the link in the chat box of the Irc client

Then U will be registered in their server

Whenever u want to login

Just enter the server command given and it will ask to identify

Then enter the following command and press enter

/msg nickserv identify password

After finishing identify then u have to join a channel

Type the following command to join a channel

/join #channelname

For joining in anonymous group first logon to their server

And join the following channels

#opegypt

#opisrael

Then u Will Be Seen Many Members Chatting with each other join them

WHAT IS FIREWALL?

Introduction to firewalls
   When you use internet in your college/school/offfice , You may not be access some websites, right? Do you know how they block those websites? They use firewalls for block websites. Firewall prevent the system from hackers attack. Lets us what is firewall.

What is Firewall?
     Firewall is working like a security guard standing outside the office. Usually, What the security guard do? He will allow those who has identity card and block those who has not the identity card. Right? Likewise, The firewall will block unauthorized access to the system.
Firewall may be a software or hardware. It will work based on the set of rules defined by the administrator. Using Firewall administrator can block certain website from being accessed.
All traffic from inside and outside of the network must pass through the firewall.
Only authorized trafic will be allowed to pass (based on the set of rules)



Types of Fire Walls
 Packet Filtering
 Appliction level gate way
 Circuit level gate way.

Packet Filtering (Network Layer)
A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packets. Router is configured such that it can filter incoming and outgoing packets. The packets will filtered based on the source and destination IP address.
IP spoofing attack is possible in this packet filtering. IP spoofing can be achieved by changing the source IP address of packets.
Stateful Inspection Firewalls
A stateful inspection packet filters tightens the rules of TCP traffic by creating a state table of out bound TCP connection. If the packet matches with existing connection based on the state table, it will be allowed. If it does not match, It will be evaluted according to the rule set for new connections.


Aplictaion Level Gateway
Application level gateway is also known as proxy server. The user communicate with the gateway using application layer of TCP/IP stack. The gateway asks the user for the name of the remote host to be connected. When the user enters valid user ID, gateway will give access to the remote application. This will block the malicious activity and correct the application behavior. This will ensure the safety of company.
More secure than packet filtering. Easy to log and audit all incoming traffic at the application level. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address

Circuit Level Gateway
The circuit level gateway works at session layer of OSI model. Monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on the session rules. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. This firewall is used when the administrator trusts internal users.

Why Firewall?
 Firewall block unauthorized users, prohibits vulnerable services from entering or leaving the network.
Protection from IP spoofing and routing attacks.
 Protection against Remote login, Trojan backdoors, Session hijacking, cookie stealing,etc.
Limitation of Firewalls
The fiewall cannot protect against attacks that by pass the firewall.
The firewall does not protect against internal threats
The firewall cannot protect against the transfer of virus infected progams (or) files. It would be impossible for the firewall to scan all incoming files, emails for viruses.

BATCH PROGRAMMING

What is Batch file?
Batch files are a list of command line instructions that are "batched" together in one file. Most of the command lines can be executed within the command prompt, but batch files make the work load much easier. Batch files can be opened, copied, and edited using notepad.

They are used for simple routines and low-level machine instruction. On Windows, many batch files can be seen within the c:\Windows directory.

Batch files, more or less, make up the backbone of the Windows Operating System. The operating system must have access to these files and be able to add and delete instructions from them. Delete them, and you have effectively disabled the OS.



Basic Batch File Utilities and Commands


Note: Any DOS command can be used within a batch file, below are a list of commands used to support the structure and flow of the batch file

@
Place @ in front of commands that you don't want echoed within the process.

CLS
Clears the screen of any previous data.

CALL
Calls another batch file. Once other batch file isfinished, control is returned to the first (i.e. CALL c:\Windows\Newbat.bat).

BREAK ON/OFF
When turned on within the batch file, the user has an option of stopping the batch file by bressing Ctrl+Break.

GOTO - This command is used to go to another section of the batch file. Sections can be added by adding a colon infront of a name

(i.e. :FIRSTSECTION, :SECONDSECTION):


Quote::FIRSTSECTION
REM Welcome to the first section
GOTO :SECONDSECTION

Quote: :SECONDSECTION
REM Welcome to the second section
GOTO :END
:END

It is possible to loop with the GOTO command:
Quote::START
REM NO!!!!!!!!!!!!!!!!!! IT'S LOOPING!!!!!!!!!!!!!
GOTO :START

PAUSE
The pause command halts a proccess until a key is hit by the user. Displays the message, "Press any key to continue..."

REM
Allows a remark to be placed within the code, displaying a message to the user (i.e. REM HELLO!).

ECHO ON
Command process is shown to user; @ is usually placed before (@ECHO ON).

ECHO OFF
Command process is not shown to the user; @ is usually placed before (@ECHO OFF).

end
Ends the process.


Simple Batch Programming to show Hello message is :

@echo off
echo "hello world"

Type this code into notepad and save it with .bat extenstion(For eg: hello.bat)

By double clicking the batch file,you can run the file. Above batch file will show the hello world but we can' see it. because the window will open and closed within a second.

We will see later how to see it.

MAC SPOOFING

First we will spoof our MAC address.

MAC stands for "Media Access Control". It is commonly used by the authorities to trace hackers. To make it harder to trace us, we can change it!

Step1: Firstly, download the Program NMAC:

Step2 : After you have installed it, open it up, and click proceed. You should see a list at the top of the window.
Click on the first one.


Note: The drop-down box under “Network Connection" changes.

If you are using a wired connection, you need to select the one that says “Local Area Connection". If you are using a wireless connection, you need to select the one that says “Wireless Network Connection". If you are using a VPN, that should be visible too.

Step3: Once you have found the correct one, click "Random" as many times as you like.

Step4: Now click on "Update MAC".

Click "Yes" to the window that follows, and wait until you get a window telling you that the adapter was restarted successfully.

Now you just spoofed your MAC address!

TOP 10 HACKING TECHNIQUES OF 2009

1. Creating a rogue CA certificate
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

2. HTTP Parameter Pollution (HPP)
Luca Carettoni, Stefano diPaola

3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack)
Thai Duong and Juliano Rizzo

4. Cross-domain search timing
Chris Evans

5. Slowloris HTTP DoS
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)

6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi-colon bug)
Soroush Dalili

7. Exploiting unexploitable XSS
Stephen Sclafani

8. Our Favorite XSS Filters and how to Attack them
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

9. RFC1918 Caching Security Issues
    Robert Hansen

10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
Robert Hansen

SOCIAL ENGINEERING

What is Social Engineering?
Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.


"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker.

skip to methods of Social Engineering

Some Examples
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker

Example 2: You receive an e-mail saying that your computer is infected by a virus. The message suggests that you install a tool available on an Internet site, to eliminate the virus from your computer.

The real function of this tool and does not eliminate a virus, but I give someone access to your computer and all data stored on it.

Example 3: a stranger calls your house and says it is the technical support of your ISP.
In this connection he says that his connection to the Internet is presenting a problem and then, ask your password to fix it. If you give your password, this so-called technical can perform a multitude of malicious activities, using your access account
Internet and therefore such activities relating to its name.

Practical Examples:

Retail Paging Systems
---------------------
Wal-Mart store phones have clearly marked buttons for the paging system. Wal-Mart is
the exception, not the rule. So how do you get on the paging system to have a little
fun when you're bored out of your mind shopping with your girlfriend? Social
engineering, my whipped friend. Find a phone and dial an extension, preferably the
store op. The key here is to become a harried employee, saying something similar
to..."This is Bill in shoes. What's the paging extension?" More often than not,
you'll get the extension without another word. Now, get some by saying something
sweet over the intercom.

Airport White Courtesy Phones
-----------------------------
Imagine you've already been stripped searched and you're waiting for your delayed
flight. Naturally, you gravitate to a phone. Is it white? Then you've got a free
call right in front of you. Just pick up to get the op. "This is Bill at Southwest,
Gate A5. We're swamped and our phones are tied. Can I get an outside line?" If
the phone does not have DTMF, or the op wants to dial the call for you, do not call
a number related to you.

Hotels
------
Hotels hold such promise. Some hotels have voice mail for each room, guests
receiving a PIN when they check in. Hotels also have "guest" phones; phones outside
of rooms that connect only to rooms or the front desk. Pick up a guest phone, make
like a friendly guest and say, "I forgot my PIN. Could I get it again? Room XXX."
Knowing the registered name of the target room helps, for the Hotel and Restaurant
Management Degree Program graduate may ask for it.

Do not follow through with the next social engineering example. Or, like the author,
try it on a friend. Go to the front desk and tell the attendant that you've locked
your key (card) in the laundromat, in your room, lost it, etc. Do not try this with
the attendant that checked you in. And again, do not enter someone's room without
permission.


Calling Technical Support
-------------------------
So you've found a new-fangled computerized phone and you want to learn more about it.
Do the same thing you do when you have trouble with your AOL - call tech support.
First, do a little planning (after getting the tech support number off of the phone
or the web). Get some info on the phone, like phone number, model number, other
identifying numbers, etc. Also, know the name of the facility in which the phone is
located. Now that you've got some ammo, you're ready to make the call. Posing as an
employee of the facility, call tech support and make up a problem for the phone
you've identified. Act a little dumb and be apologetic, acting like you don't want
to waste their time. All the while, pumping them for information - "I hate to bug
you for this, but <insert problem here>." <You'll get some info from tech support
here.> <Build on what you've learned and curiously ask another question.> And so
on until you reach the point where you can feel that it's time to end the call.
Occasionally acting amazed at their knowledge may be helpful.


Methods of Social Engineering

Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond.

Vishing or Phone Phishing:
This technique uses an Interactive Voice Response (IVR) system to recreate a legit sounding copy of a bank or other institution's IVR system. The slave is prompted to call in to the "bank" via a phone number provided in order to "verify" information.

Baiting
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the slave. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the slave to use the device.

Quid pro quo
Quid pro quo means something for something:

* An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware.

* In a 2003 information security survey, 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for a cheap pen. Similar surveys in later years obtained similar results using chocolates and other cheap lures, although they made no attempt to validate the passwords.

EMAIL ATTACKS

The Basic level Hacking is Email Account Hacking.  Everyone like to do first email account hacking only.  So here is the tutorial for budding hackers about email Hacking.

There are different types of Email Account Hacking .  Here is some of them :

Social Engineering
Phishing
Brute Force Attack
 Keylogger
 Guessing the Answer for the Security Question


SOCIAL ENGINEERING:

Social engineering takes advantage of the weakest link in any organization’s
information security defenses: people. Social engineering is
“people hacking” and involves maliciously exploiting the trusting nature of
human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes
great skill to come across as trustworthy to a stranger. It’s also by far the
toughest hack to protect against because people are involved.

Social Engineering is different from Physical Security exploits . In social engineering hackers will analyze about
victim.  Hackers will send mail to victim.  The contents will be related to the victim.

Eg:

✓ False support personnel claim that they need to install a patch or new
version of software on a user’s computer, talk the user into downloading
the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting
package or phone system, ask for the administrator password, and
obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords
of unsuspecting recipients. Hackers then use those passwords to
gain access to bank accounts and more. A related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys
to the computer room, receive a set of keys from security, and obtain
unauthorized access to physical and electronic information.

 Phishing WebPage:

     It is a fake webpage which looks similar to the original page of the website.  Using this WebPage we can easily get the Password of victims.  The process involved in creating Phishing webpage are,
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites.  (don't select a famous hosting site,they will find that
    your page is fake). Try uploading through the proxy server.

Guessing the Answer for Security Question:
    Do you remember that the mail sites will ask for the security questions to retrieve the mail account?  You can hack the mail account simply guessing the answer.  If the victim is your friend ,then it may very easy to hack.



BRUTE FORCE ATTACK:



A famous and traditional attacking method .  In this method ,the password will be found by trying all possible passwords with any program or software.




KEYLOGGERS:


  It is one of the spyware which will capture what you type in the keyboard.  so whenever you type the username and password ,it will simply capture.

   It is software program which will be attached with any softwares and send to victim.  While victim install the software ,the keylogger also start to work.  Keyloggers are exe files

HACKERS TYPES

Hackers are of 4 types:
1.white Hat Hackers
2.Grey Hat Hackers
3.Black Hat Hackers
4.script kiddies
5.Phreakers
6.Sucide Hackers

WHITE HAT HACKERS:

These Hackers Hack Only For Knowledge Not For Destructive Purpose. 

BLACK HAT HACKERS:

These Hackers Hack Only For Destructive Purpose And Harming Victims System.

GREY HAT HACKERS:

These Hackers Are Combination Of Black And White Hat Hackers.

SCRIPT KIDDIES:

These Hackers Are Expert In Programming,They Hack Using Scripting Languages.They Are More Dangerous.

PHREAKERS:

These Hackers Will Not Have Hacking Skills , But They Have Much Knowledge On Phone Disrupting Skills.They Hack Only Through Phone Lines.

SUCIDE HACKERS:

These Hackers Will Not Think Of Any Consequences During Hacking.They Will Not Hesitate To Go Jail.

HACKING STEPS

Main Steps To Be Know When You are Hacking The Website:
1.RECONNAISSACE
2.SCANNING
3.GAINING ACCESS
4.MAINTAING ACCESS
5.CLEARING TRACKS

WEBSITE OS DETECTION

To Know Any Website Operating System

In Command Promt ping the Website 

Then We Will Get TTL Values

TTL Means Time To Live

OS TTL

LINUX 64
CUSTOME LINUX 64
FREE BSD 64
WINDOWS XP 128
WINDOWS 7/VISTA 128
CISCO ROUTER 255