Thursday, March 15, 2012



How To Block Websties Without Software, block websites


Steps:

1] Browse C:\WINDOWS\system32\drivers\etc
2] Find the file named "HOSTS"
3] Open it in notepad
4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com ,
and that site will no longer be accessable.
5] Done!

-So-

127.0.0.1 localhost
127.0.0.2 www.blockedsite.com

-->www.blockedsite.com is now unaccessable<--

For every site after that you want to add, just add "1" to the last number
in the internal ip (127.0.0.2) and then the addy like before.

IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com

etc
‎127.0.0.1




Thank You@dattu


How to Check if an Email Address is Valid or Not


Spam filters of popular email services like Gmail,Yahoo are very efficient and they keep a lot of junk emails out of your inbox.Still there are some sophisticated techniques available using which hackers bypass these spam filters.Emails are the prominent method used in phishing scams.
There are various free online services that allows you to send anonymous emails.Hackers can effortlessly create their own Anonymous Email service by simply uploading email PHP script to their servers.If you receive a suspicious email you can check whether that email id exists or it is fake.
Email address Checker is a free third party service. This checking tool connects to the mail server and checks whether the email exists. For valid email addresses, you can view additional intelligence including pictures, blog and local searches.

How to verify an Email Address is Valid or Not:-

  • Just go here  http://tools.email-checker.com/
  • In the Email Address field give the email address which you want to verify and click on check button.
  • In the lower field you will see your result. In this example I had given two email address as you can see there will be a Tick Mark sign which is valid address and there will be a cross sign which is invalid email address.
  • For more information about the Email address click on the info button.
  • The only limitation of this tool is that you can only check three Email ID’s from one IP Address in a day.
  • That's really hard to hear for you guys..but if you are more thirsty, don't worry just ping me here as a comment or else in my comment box..I will give you a solution..

Thank You@dattu

Monday, March 12, 2012

How to create CON folder in windows XP which others can't ! !...

Hello guys...

Many ppl dont know that they cannot create "CON" folder in windows.

Some ppl dont know why they cant create it?

Very few know that they can still create it someway.. but donno why are they supposed to do exactly like that..





Try out creating a folder named CON or LPT or COM1



Not only CON, we cannot create any of these
CON, PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9 and more

The reason is that con, prn, lpt1..lpt9, etc are underlying devices from the time dos was written. so if u r allowed to create such folders, there will be an ambiguity in where to write data when the data is supposed to go to the specified devices. In other words, if i want to print something, internally what windows does is -- it will write the data to the folder prn (virtually u can call it a folder, i mean prn, con, etc are virtual folders in device level). So if we are able to create con folder, windows will get confused where to write the data, to virtual con folder or real one.

So Now, Try this...

Open the Command prompt by Start -> Run and typing cmd


Code:
C:\> md \\.\c:\con
Now, Open My Computer and browse through the path where you created CON folder... Surprising.. ?? Yeah.. you have created it successfully


Now, try to delete the folder from My computer


OOPS!!! You cant delete it...


Now, try this in command prompt console


Code:
C:\> rd \\.\c:\con
Thank You.@dattu

WEBSITE STRUCTURE[What type of things we Need to Consider Before Making Website]


WEBSITE STRUCTURE

Homepage



  • First page that you show to a visitor; it’s like a face of a person
  • Make sure it looks good, attractive and descriptive because it’s the first impression to the visitors
  • It’s like an introduction of your page (it should have introduction to every links in the website)
  • Includes graphic & animation (flash)
  • Has name, logo, description (about 1-2 paragraphs) , contact info., etc.
  • Search engine looks at text only (not graphic and animation) 
  • So try to put your information in text as much as possible
  • Try to make your page the top ten website in search engine


- Contact Information

“Contact Us”
  • Includes company owner’s contact information or map to the company
  • Very important since it helps visitors to get in touch with the company
  • It is a place for the clients to send their own information


- Privacy Policy
  • It’s the term of agreement about the purpose of the visitors’ collected data
  • Make the visitors feel secure and sincere
  • Ensures the visitors that their data will not be misused
  • Cookies are collected when visitors launch the website
  • When visitors log in to the website, the information of their computers will be collected and save in cookies file
  • Visitors information can be sold to the spammer
  • Product Service and Information
  • Produces are needed to be categorized 
  • Each category includes descriptions and information that attract visitors
  • Includes types of product and every information that is important (or interesting)
  • Must have permission to use any work with license 
  • Copy right content – ask the permission from the owner of company first
  • In your website, photo/image should be taken by yourself
  • If you take it from somewhere else, you need to get proper permission from the owner of those photos 
  • When you sell products, some people might now know how to operate them
  • You should provide after-sell service like putting the “How to” operate the product in your website
  • Services are important to the customers 


- Biography
  • Tells personal information or history of the company
  • Helps people to understand how long the company is in the business
  • Longer time means higher experiences so the company provides better quality service/product
  • Not all type of website needs biography 
  • Video Broadcasts 
  • Helps use to tell information/advertisement/tutorial/produce service (How-to)
  • Makes visitors interest in your products
  • Provides technical support 


- Site maps
  • Contains all links to every pages 
  • It’s like a navigator; it shows a structure of your website
  • Makes it friendly to search engine 
  • Gives visual structure of website

    -Footer
  • It’s at the bottom of the page
          Company name/copyright info./navigation link/contact info./privacy policy
 - Company information (about us)

  • Describes company details/mission statement/philosophy/ biography/member of team/what can others benefit from you
  • Tells what you are doing and what will the visitors get in your website
  • Customer Service 
  • Visitors get more information about a service
  • Way to serve customers better
  • It provides delivery, return products, problems solution, etc. 
  • You can include a conversation box
  • The easier to use, the more customers you have (the more service is given to customers, the more the customers get more interest in you)
  • It’s a quick interaction between customers and company 
  • Provides fast service but there must be privacy policy (make sure the customers’ information will not be shared to everyone)


- HTML
  • Follows website standard so that it’ll look organized
  • If you don’t follow the standard, you will ruin the design & content will be lost 
  • WP3  (Web standard) 
  • Make sure you follow the structure correctly or else your browser cannot display your website
  • Also make sure that every browser shows up your information correctly


- Site Credit
  • Advertises the name of the person who create the website (or who make the template)
  • Gives users/visitors more benefit
  • Attracts people to come to your site


- Portfolio
  • Media files/videos/MP3
  • It is the best way to market service 
  • Shares news/industrial information
  • Tells what your company is doing


- FAQ (Frequency Asked Questions)
  • Helps visitors for easier way to get information
  • Shows contact information and provides customer service
  • Questions & answers 
  • Helps customers solve problem about the products 


- Site search
  • Eg. www.google.com
  • Not require but can make visitors stay in your site longer
  • Visitors can search for your entire website (using key words that they type)
- Terms of Service
  • States how site provides service
  • Includes concept/rights/usage registration/security/etc. 
  • Tells conditions under which service is giving. 

- Content pages (in folder)
  • Must have ‘footnote’ which includes… 
  • Title of the page (that will appear on the title bar)
  • Keyword (to help in search engine)
  • Description
Thank You@dattu

How to use a trial program forever without activation.



Most of us are familiar with many software's that run only for a specified period of
time in the trial mode. Once the trial period is expired these software's stop
functioning and demand for a purchase. But there is a way to run the software's and
make them function beyond the trial period. Isn’t this interesting ?


I’ll try to explain this in brief.

When these software's are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After installation every time you run the software, it compares the current system date and time with the installed date and time. So, with this it can make out whether the trial period is expired or not.
So with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small Tool known as RunAsDate. RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application. RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the
current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003 and Vista. NOTE: FOLLOW THESE TIPS CAREFULLY


You have to follow these tips carefully to successfully “hack” a software and make it
run in it’s trial mode forever.


1.  Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate.
3.  After the trial period is expired, do not run the software(program) directly. If you
     run the software directly even once, this “hack” may no longer work.
4.  It is better and safe to inject the date of the last day in the trial period.
     For example, if the trial period expires on jan 30 2009, always inject the date as jan
     29 2009 in the RunAsDate.
     RunAsDate can be downloaded from here:
     http://www.nirsoft.net/utils/run_as_date.html




     I hope this helps! :D


Thank You.@dattu

Sunday, March 11, 2012

HACK FACEBOOK ACCOUNTS USING DESKTOP PHISHING - THE SECOND ART OF PHISHING





Desktop Phishing is an advance form of phishing. 
If you are a newbie Kindly read my previous post on normal phishing before proceeding.

CLICK HERE TO VIEW NORMAL PHISHING


In desktop phishing hackers change your Windows/System32/drivers/etc/hosts file,this file controls the internet browsing in your PC.
This method is a bit advanced.

Difference between phishing and desktop phishing is as follows.

In phishing :-



1. Attacker convinces the victim to click on the link of fake login page 
    which resembles a genuine login page.

2. Victim enters his credentials in fake login page that goes to attacker.

3. Victim is then redirected to an error page or 
     genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. 

We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing:-



1. Attacker sends an executable/batch file to victim which is fully FUD 
    and victim is supposed to double click on it. Attacker's job is done.

2. Victim types  the domain name of orignal/genuine website 
     and is taken to our fake login page. 
     But the domain name remains the same as typed by victim and 
     victim doesn't come to know.

3. Rest of the things are same as in normal phishing.

What is Hosts File ?

The hosts file  is a text file containing domain names and IP address associated with them.

Location of hosts file in windows: C:\Windows\System32\drivers\etc\

Whenever we visit any website, say www.anything.com , an query is sent to  Domain Name Server(DNS) to  look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown.
When we visit www.anywebsite.com , we would be taken to this 115.125.124.50. 

No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.





What is attack ?

I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. 

We  need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. 

Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. 

Hence domain name is spoofed.


Two Steps to perform attack :-

1.Create and host phishing page on your computer.

2.Modify victim's host file.


Step 1 :- Create and host phishing page on your computer.

Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. 

An IP address points to a webserver and not a website. 

So we need to host the phishing page on our computer using a webserver software like wamp or xampp.


Kindly read my simple tutorial on setting up XAMPP web server HERE and this step would be clear to you.


DOWNLOAD FACEBOOK PHISHING PACKAGE




Step 2 :- Modify victim's host file.



This  step can performed in two different ways. 

Method 1 - 

Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.


Copy your hosts file and paste it anywhere . 
Modify it according with your ip.
Edit it with any text editor and associate your public IP address with domain Facebook.com












Like in this case , when victim would visit Facebook.com, he would be taken to website hosted on IP '127.0.0.1


Obviously Replace 127.0.0.1 with your public IP.





Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.


















Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

Method 2 - 

Create a batch file which would modify hosts file as per your need.
Open your notepad and type the following text





Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat .


Extension must be .bat 


When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack :-

1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. 

To overcome this we need to purchase static IP from our ISP.

Countermeasures:-

Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. 

Check the protocol whether it is "http" or "https" . https is secure.
Thank You@dattu