MAN-IN-THE-MIDDLE ATTACK

Man-In-The-Middle Attack
As discussed earlier, IPSec does not provide protection for protocols other than IP, leaving other protocols unprotected and vulnerable to attacks. One such attack uses the Address Resolution Protocol (ARP) to fool a client into sending data to a malicious peer. An attacker could launch a man-in-the-middle (MITM) attack by using forged ARP messages to insert a rogue entity into the data path.

HOW TO DELETE VIRUS MANUALLY WITHOUT USING ANY ANTI-VIRUS PROGRAMS

This tutorial will teach you how to delete virus manually without using any anti-virus programs in your computer. The tutorial is just basic but effective and it's easy to learn. The following steps are just a summary of the video related to Clint's blog post.


Note: To be able to delete any of your file, make sure it was not use by other programs of processes.


Begin Step 1. Let's use Task Manager.
Since virus and other infectious files are running it's process within your computer system, you are unable to delete the virus unless you kill or end the process that using the virus or keep it running. In this section, we will have to use the task manager in your computer systems in order to kill a process.
Press Ctrl + Alt + Del in your keyboard to access your task manager. In case you can't access your task manager it's either you are already infected by virus or other related files. You can download FREE extended task manager to replace your infected task manager, click here to download.

Now, if you already have the task manager, open it and go toprocess tab. This time, it's a little bit harder to determine which one of the process that is a virus or keep the virus running on your computer. You have to make a little research here. But here is a few tips for you to determine the virus. You have a files like this. csrss.exe, svchost.exe, smss.exe, Lsass.exe, most virus copy their names with that file names but got little bit difference in spelling. Review that files and if you found files like this: svcchost.exe, ssmss.exe, cssrss.exe, look at the spelling...that's a virus.
Another TIP. Open your command prompt. Go to Start>Run and type cmd.

A Command Prompt window will open. Now, type on the current location in your cmd this command: cd.. hit ENTER and another cd..hit ENTER.
Refer to the image below.

On your current DRIVE: type, dir /ah and hit ENTER. All directories and files with hidden attribute in your current drive will display.
Refer to the image below.

Now, look for autorun.inf file on the displayed items. If you found an autorun.inf file open it using notepad. Close now your cmd.

Here's how to open autorun.inf file using notepad.
Go to Run, type: notepad c:\autorun.inf and hit ENTER.

Note: we are currently in drive C. in case you have different drive letters, please change the C to your own drive letter.


An autorun.inf should open in notepad like this:

You have notice the OPEN command inside the autorun.inf. Now, after the open command there is a name "virusname.exe" which will be the name of the virus or worms. Go back now to your task manager and look for that name, select it and then END TASK. You have now end the virus process. You are now done with our first step.


Proceed to Step 2. Let's again use the Command Prompt.

Open command prompt from Start>Run and type cmd. Or go to All Programs>Accessories>Command Prompt.

In command prompt window. as we have done on the first step using command prompt, use again the cd.. command twice to go to our drive c. (note again: your drive maybe different with mine.)




Now, type dir /ah. Remember the name of the virus as on step 1? Then now, delete the virus using the del command. But first, remember that virus are hidden files, which means we should change it's attributes using attrib command.
Type attrib -s -h virusname.exe /s /f . Refer to the image below:

After changing the attribute, you can now freely delete the virus.
Type del "virusname.exe" /f. Refer to the image below:

Now, you should have deleted the virus. Next step is to navigate to your Windows folder and system32 folder. To navigate to windows folder. Use the command cd "windows" and then
do the same job again. First look for virus name, change the attribute and delete. After doing it, navigate to system32 then do the same job again. Next is to navigate to the other drives, example your D, E, F, or removable drives and do the same job. That's it.............


To know more on how to use the command prompt commands, just type the command name followed by /?
i.e. cd /?


Step 3. Let's restore the altered system files which cause by virus or worms. One or more of this important file are altered within your system after you get infected:


Command Prompt or cmd
Registry Editor or regedit.exe
Run command
Task Manager
Folder Options

EXPERT FINDS UNRESTRICTED FILE UPLOAD VULNERABILITY IN TWITTER – VIDEO

Ebrahim Hegazy, a cyber security analyst consultant at Q-CERT, has identified a couple of serious vulnerabilities in Twitter.


The first issue could have been leveraged by hackers to upload arbitrary files to Twitter’s systems. According to the expert, the flaw plagued dev.twitter.com, a website that allows developers to create applications that integrate Twitter.

“You will have a option to upload an image for that application. The uploader will check for the uploaded files to accept certain images extensions only, like PNG, JPG and other extensions won’t get uploaded,” the expert told Softpedia.

He added, “The vulnerability allowed me to bypass this security check/validation and to successfully upload .htaccess and .php files to twimg.com server. twimg.com is working as a CDN(content delivery network) which mean that every time I upload a file it will be hosted on a different server/subdomain for twimg.com.”

Under normal circumstances, a hacker who can upload PHP files to a server can execute commands on that server. However, since twimg.com works as a CDN, scripts cannot be executed on it.

On the other hand, there are still plenty of things cybercriminals can do. For instance, they can use the Twitter service as a botnet command and control server. This can be particularly efficient considering that twimg.com is a trusted domain.

Furthermore, hackers could have used the vulnerability to host their malicious files.

Hegazy says that an attacker could have damaged Twitter’s reputation by uploading a defacement page to twimg.com subdomains to make it look like they had been breached.

Fortunately, the flaw has been addressed by Twitter.

In addition to this vulnerability, the expert has also identified a vulnerability that could have been exploited by hackers to redirect users to arbitrary websites. This security hole has also been fixed by Twitter.

Twitter doesn’t have a bug bounty program yet. However, the company has added Ebrahim Hegazy’s name to its security hall of fame.

Here are the videos in which the expert shows how the unrestricted file upload vulnerability could have been exploited:

Check out the proof-of-concept video for the open redirect vulnerability:

+5000 DORKS FOR SQL INJECTION

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

+5000 dorks for SQL injection

Download :  LINK 1
 

PHPMYADMIN 4.0.9 OFFICIALLY RELEASED

phpMyAdmin, the popular tool written in PHP intended to handle the administration of MySQL databases, has just reached version 4.0.9.


The final version of phpMyAdmin 4.0.9 has been launched and is ready for download. The developers have implemented quite a few changes and improvements.

Highlights of phpMyAdmin 4.0.9:
• The view can now be updated during a search;
• Users can now refresh by deleting databases;
• Filtering the database names no longer includes empty groupings;
• phpMyAdmin now displays and manipulates the bit(64) fields appropriately;
• The navi panel refresh has been removed;
• SSL no longer redirects to port 80;
• The DROP DATABASE no longer displays the wrong database name.

A complete list of changes is available in the official changelog, which can also be found in the downloaded source archive.

DOWNLOAD :       LINK 1

GET THOUSANDS OF LIKES/FOLLOWERS ON FACEBOOK / YOUTUBE / TWITTER / INSTAGRAM

With This network you can exchange thousands of likes/subscribers/followers with other people.


What you should do?
1.
Register here: CLICK HERE TO REGISTER

2.
After you register login using your email address and password, go to free points section.

3.
Choose Facebook likes , Facebook Shares , Facebook Followers well but personally telling i use Facebook Followers as because unlike Facebook likes and shares the people you follow don't appears on your timeline.

4.
After you have some points go to ADD Site/Page and select the page you where you want to receive the points.

NOTE:

while adding your Facebook profile there set your CPC between 7-10
And yeah if you uses their facility on regular basis then you will daily receive 150 free points as a bonus.


GOOD LUCK :)

USING GOOGLE.COM TO FIND USERNAMES + PASSWORDS

Prerequisites:

1. A modern webbrowser and a internet.
2. Time

Method 1: Facebook
We will be using a google dork to find usernames and passwords of many accounts including Facebook!

The Dork: intext:charset_ test= email= default_persist ent=


Enter that into Google, and you will be presented with several sites that have username and passwords lists!

Method 2: WordPress!
This will look for WordPress backup files Which do contain the passwords, and all data for the site!


The Dork: filetype:sql inurl:wp-conten t/backup-*

Method 3: WWWBoard!
This will look for the user and passwords of WWWBoard users


The Dork: inurl:/ wwwboard/ passwd.txt

Method 4: FrontPage!
This will find all users and passwords, similar to above.



The Dork: ext:pwd inurl:(service | authors | administrators | users)"# -FrontPage-"

Method 5: Symfony
This finds database information and logins



The Dork: inurl:config/ databases.yml -trac -trunk -"Google Code"-source -repository

Method 6: TeamSpeak
This will search for the server.dbs file
(A Sqlite database file With the SuperAdmin username and password)


The Dork: server-dbs"intitle:index of"

Method 7: TeamSpeak 2
This will find the log file which has the Super Admin user and pass in the Top 100 lines. Look for"superadmin account info:"



The Dork: "inurl:Teamspea k2_RC2/ server.log"

Method 8: Get Admin pass
Simple dork which looks for all types of admin info



The Dork: "admin account info"filetype:log

Method 9: Private keys
This will find any .pem files which contain private keys.



The Dork: filetype:pem pem intext:private

And the Ultimate one, the regular directory full of passwords.

Method 10: The Dir of Passwords!
Simple one!


The Dork: intitle:"Index of..etc"passwd

DIFFERENT TYPES OF SERVERS

What is a Server?
A server is a device with a particular set of programs or protocols that provide various services, which other machines or clients request, to perform certain tasks. Together, a server and its clients form a client/server network which provides routing systems and centralized access to information, resources, stored data, etc. At the most ground level, one can consider it as a technology solution that serves files, data, print, fax resources and multiple computers. The advanced server versions, like Windows Small Business Server 2003 R2 enable the user to handle the accounts and passwords, allow or limit the access to shared resources, automatically support the data and access the business information remotely. For example, a file server is a machine that maintains files and allows clients or users to upload and download files from it. Similarly, a web server hosts websites and allows users to access these websites. Clients mainly include computers, printers, faxes or other devices that can be connected to the server. By using a server, one can securely share files and resources like fax machines and printers. Hence, with a server network, employees can access the Internet or company e-mail simultaneously.Servers also offer remote-management tools — which means an IT person can check usage and diagnose problems from another location. This also means you can perform routine maintenance such as adding new users or changing passwords

Different Types of Servers
The multiple types of servers or types of network servers are as follows:

Server Platform: Server platform is the fundamental hardware or software for a system which acts as an engine that drives the server. It is often used synonymously with an operating system.
Application Server: Also known as a type of middleware, it occupies a substantial amount of computing region between database servers and the end user, and is commonly used to connect the two.
Audio/Video Server: It provides multimedia capabilities to websites by helping the user to broadcast streaming multimedia content.
Chat Server: It serves the users to exchange data in an environment similar to Internet newsgroup which provides real time discussion capabilities.
Fax Server: It is one of the best option for organizations seeking for minimum incoming and outgoing telephone resources, but require to fax actual documents.
FTP Server: It works on one of the oldest of the Internet services, the file transfer protocol. It provides a secure file transfer between computers while ensuring file security and transfer control.
Groupware Server: It is a software designed that enables the users to work together, irrespective of the location, through the Internet or a corporate intranet and to function together in a virtual atmosphere.
IRC Server: It is an ideal option for those looking for real-time discussion capabilities. Internet Relay Chat comprises different network servers that enable the users to connect to each other through an IRC network.
List Server: It provides a better way of managing mailing lists. The server can be either open interactive discussion for the people or a one-way list that provide announcements, newsletters or advertising.
Mail Server: It transfers and stores mails over corporate networks through LANs, WANs and across the Internet.
News Server: It serves as a distribution and delivery source for many public news groups, approachable over the USENET news network.
Proxy Server: It acts as a mediator between a client program and an external server to filter requests, improve performance and share connections.
Telnet Server: It enables the users to log on to a host computer and execute tasks as if they are working on a remote computer.
Web Server: It provides static content to a web browser by loading a file from a disk and transferring it across the network to the user's web browser. This exchange is intermediated by the browser and the server, communicating using HTTP.These were the different types of servers which can be categorized according to their applications. Servers along with managing network resources are also dedicated, i.e. they perform no other task other than their server tasks.

SECURE SOCKETS LAYER (SSL) - AN INTRODUCTION

In the OSI model a reference model for effective communication we find a layer named transport layer. Just like a physical layer (where viruses attack normally) transport layer also need some sort of security because transport layer is responsible for transmission of data.


So what actually makes transport layer to make the transmission secure and to protect the data from any intruder.


Have you ever noticed that when you visit some website it starts with http:// and whenever you visit some sort of money transfer and other important websites you find https:// point is clear https means a secure communication it means that your data that transfer from this connection secure by using some cryptography techniques.



SSL or secure sockets layer are cryptographic protocols that provide secure communication over the Internet. So what actually a cryptography is " Cryptography is a science of secrete communication".
SSL uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.


                                                         HTTP VS HTTPS

The above picture shows that when ALICE sends the confidential information over insecure channel that there is a chance to sniff this confidential information (it might be a credit card information or may be your password etc). So the point is that an attacker can easily sniff this data and can easily read, understand and use for illegal activities because the data transfer in plain text regardless of any encryption it is simply a HTTP connection.

 

Now consider the second picture when an user send some sort of information over secure channel means if someone using HTTPS than the data first encrypt by using cryptography technique than it sends over channel, so in this case if someone sniff this data than he/she not able to understand it.


The above broad picture has clearly shows that HTTPS is secure, but how HTTPS is secure? Because it uses secure sockets layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate.

Where there's a will there's a way. By following this amazing quote some researcher has discovered some ways to crack/hack SSL certificate too. To hack SSL certificate we will post an article later on.