Thursday, February 24, 2011


This is an extreme example of Social Engineering technique, we need following things to do so.
1. Victim’s profile link ( you can get it easily )
2. His/Her Email which he/she uses to sign in
3. His/Her birth date which he/she has used in the profile
4. Make an Email ID on gmail or yahoo with the first name and last name same as on victim’s facebook profile.
* Now you will get this screen
Enter details. In the place of ‘ email address where you can be contacted ‘ enter the fake email u created.
* You will get a email on that ID in which facebook people will ask your problem. Reply to them that you are XYZ( victim’s name ) and you cant access your facebook account. Also you have lost access to your Email Address associated with the account. You dont know what to do now. The hacker is coming online regularly and using your account. If the victim is a girl also write ‘ I am a girl and it poses threat to my social life ‘ and write anything you want that could make them take action.
* After 2-3 days youu will get a reply. They will again ask you that you have access to your associated Email or not? Reply them that you still don’t have access to it. And repeat what all you wrote in first mail.
* Next Day or Same Day you will get an Email that your account is disabled.

This tutorial is for education purpose only, once deleted profile can never be recovered.

Thanks Tushar for this post.





Yes Guys, this is now possible, I’m not joking. Many of us think that this is not possible or we have to spend some money for such services but believe me that we don’t have to spend any money for getting this done. Yes, PhoneOnMap makes it possible. It’s a service that provides a free application that has to be installed in GPS cell phone and you are ready to track the phone from anywhere on the Internet.

This application can be useful for office work as well as family members. You can track your child as well as your girlfriend/wife too, LOL. This PhoneOnMap can be used worldwide and you can use it while traveling too. The data is stored on the company’s server for a period of one month. This can be an invaluable source for sales and marketing department of an organization to track the marketing agents.

If you are worried about the security and privacy of the service, let me tell that it is very secure and your cell phone can not be monitored by any Unauthorized User as in order to access the tracking system, you have to authenticate yourself through a personal code which was used as identification while installing application on cell phone.
Features of GPS cell phone tracking system:
  1. GPS cell phone tracker and locater will not work in the underground transportation.
  2. The application does not work when the phone is turned off.
  3. The data transmission outside provider’s coverage area will add roaming charges like any other phone service charge us.
  4. Once application is uninstalled from cell phone than you can’t do anything.
  5. On internet tracking system will show cell phone location between every 10 seconds to 10 minutes, which is depend on setting.
According to me this kind of service is very important for parents to track their children and from a business usage point of view an invaluable part of companies involved in supply and delivery system like Currier and Home delivery system. This will help them to get a real-time location of the object and provide an accurate time-frame for the delivery.
As of now this service does not provide the exact pin point location but the location determined s in the range of 10-20 meters. However with little intelligence the exact location can be easily determined especially when you wish to track your children or the cheating girlfriend ;)
www.phoneonmap.com

The Above article  posted by mr. tushar..

Your IP is exposed when ever you visit a website,when your Ip gets exposed it becomes easy to trace you and find out your personal information,Hackers can use your Ip to gain access to your personal files and documents and even can get into your paypal,alert etc accounts,Hide the Ip is a Software which masks your IP with one click and you can surf web anonymously,on the other hand Hackers can use this software to hide theiridentity and not get caught,its benificial for all and i recommend that every Pc should have this software installed
Hide the IP to be the best one. It’s ease of usereliabilitywide range of optionsspeed and unmatchable price were on top when compared to that of the remaining IP Hising softwares on the market.

Key Features of Hide the IP:

Hide IP Address »
Single click to completely hide your Online Identity. Others will see a fake IP address masking your real IP, thus, protecting your privacy.
Select Your Physical IP Location »
You decide which country will be indicated as your origin by simply choosing from a country list. We have hundreds, hourly updated, IP addresses available for use.
Anonymous Web Surfing »
You are protected from hackers who will be tricked by your fake IP instead of your real. They will never be able to find any information about you by tracing the fake IP.
Send Anonymous E-mails » Hide your IP in E-mail headers. Be protected while sending emails from Yahoo!, Hotmail, GMail. Upgrading to Platinum Service add-on will protect you in Outlook!
Bypass Website Country Restrictions »
Surf websites which are restricted for your country. Surf in forums on which you were banned.
Supports Internet Explorer, Firefox, Google Chrome, Safari, Opera.
So what are you waiting for? Download the free trial and test Hide the IP on your computer now! For more information on Hide the IP visit the following link.

Hide the IP


   http://www.ziddu.com/download/13003682/google_hack.pdf.html


  http://www.ziddu.com/download/13003681/Email_Spoofing.pdf.html


  http://www.ziddu.com/download/13003680/FTPExploitsByAnkitFadia.pdf.html


  http://www.ziddu.com/download/13003679/.html


   http://www.ziddu.com/download/13003678/DosAttacked.pdf.html


  http://www.ziddu.com/download/13003677/Corporate-security-excerpt.pdf.html


  http://www.ziddu.com/download/13003676/CREATINGWEBSITEINFLASH.pdf.html


  http://www.ziddu.com/download/13003675/DNS_CACHEPOISONING.pdf.html


  http://www.ziddu.com/download/13003674/ByStepProcessByAnkitFadiaHackingTruths_FTPExploits.pdf.html


  http://www.ziddu.com/download/13003673/FadiaAnkit-EncryptionAlgorithmsExplained.pdf.html


  http://www.ziddu.com/download/13002918/ABeginnersGuideToHackingComputerSystems.pdf.html


  http://www.ziddu.com/download/13002917/eBook-PDFHugoCornwall-TheHackersHandbook.pdf.html


  http://www.ziddu.com/download/13002916/ANKITFADIASBOOK.pdf.html


   http://www.ziddu.com/download/13002915/BookpdfHackingintocomputersystems-abeginnersguide.pdf.html 


   http://www.ziddu.com/download/13002914/Ebook-PdfUntoldWindowsTipsAndSecretsAnkitFadia.pdf.html


   http://www.ziddu.com/download/13002913/ebook_-_pdf_Hacking_IIS_Servers.pdf.html


   http://www.ziddu.com/download/13002912/AnkitFadiaHackingGuide.pdf.html


   http://www.ziddu.com/download/13002911/AttackingtheDNSProtocol.pdf.html


   http://www.ziddu.com/download/13002910/Ebook-ComputerHackingTheWindowsRegistry.pdf.html


   http://www.ziddu.com/download/13002909/BatchFileProgramming-AnkitFadia.pdf.html


  http://www.ziddu.com/download/13007277/hackingbook123456789.pdf.html


  http://www.ziddu.com/download/13007279/HackingforDummies-Wieley.pdf.html


  http://www.ziddu.com/download/13007280/HackingIntoComputerSystems-Beginners.pdf.html


 http://www.ziddu.com/download/13007281/g-FirewallsAndNetworksHowToHackIntoRemoteComputers.pdf.html


 http://www.ziddu.com/download/13007282/hackcrac.pdf.html


 http://www.ziddu.com/download/13007283/hacking-webapplicationshackingexposed.pdf.html


Use Windows 7 BitLocker to Password Protect, Encrypt USB  Drive Do you’ve some important data in your USB drive that you don’t want to share with anybody? It may be some documents, username/passwords or operating systems. Then why not encrypt the USB drive data with password? And if you’re using Windows7, you don’t even need any third party software for password protecting portable drives.
Windows 7 includes a program called BitLocker for encrypting any drive in 2-3 simple steps. Just follow the steps below… and you can secure you files inside USB flash drive but setting a password and encrypting data contents.

How to Use Windows 7 BitLocker to Password Protect USB, Potable Drives

Step 1 : Insert your USB drive, or any portable hard drive and Right click on it in explorer. Now choose “Turn on Bitlocker…
Use Windows 7 BitLocker to Password Protect,  Encrypt USB Drive
Step 2 : A small window will appear and prompt you for choosing a password that will be required while opening it later. Proceed by clicking the “Next“.
Use Windows 7 BitLocker to Password Protect,  Encrypt USB Drive
Step 3 : Bitlocker will create and save a recovery key in your PC in case you forget password. Simply choose the first option to save the recovery key in a text file in a secure place.
Use Windows 7 BitLocker to Password Protect  USB, Potable Drives
Step 4 : Wait for few minutes while it will be encrypting the portable drive slowly.Depends upon the data volume in your removable drive.
Use Windows 7 BitLocker to Password Protect  USB, Potable Drives
Step 5 : Once done, plug-off and insert the USB drive again to see the encryption in action. BitLocker encryption will be automatically run up and prompt you for putting the password. You have to put the password for only once for accessing the data in it until you plug off.
Use Windows 7 BitLocker to Password Protect  USB, Potable Drives
The encryption is absolutely machine independent i.e. whenever you will insert the USB drive to any other computer, it will still prompt for the decryption password.
Very useful for locking USB drives with password and encrypting it to keep it secure.

The Above Artical posted by Mr. Tushar Patel (

With the sudden rise in the Internet usage across the globe over the past few years, there has also been a rise in the amount of online scams and frauds. Today most of the Internet users are unaware of the most prevailing online threats which pose a real challenge for their safe Internet usage. As a result, Online Security has become a questionable factor for the most Internet users. However it is still possible to effectively combat online insecurity provided that the users are well aware of the common scams and frauds and know how to protect themselves. A study shows that over 91% of the Internet users are unaware of the online scams and are worried about their security. Well if you are one among those 91% then here is a list of 10 tips to ensure your total online security.
1. Always install a good antivirus software and keep it up-to-date. Also install a good anti-spyware to keep your PC away from spywares. Click Here for a list of recommended anti-spyware softwares.
2. Always visit known and trusted websites. If you are about to visit an unknown website, ensure that you do not click on suspectable links and banners.
3. Perform a virus scan on the files/email attachments that you download before executing them.
4. Regularly Update your operating system and browser software. For a better security it is recommended that you surf the Internet through the latest version of your browser program.
5. Never share your password (email, bank logins etc.) with any one for any reason. Choose a strong password (A blend of alphanumeric+special symbols) and change it regularly, eg. every 3 months. Avoid using easy-to-guess passwords. (ex. pet's name or kid's name)
6. Always type the URL of the website in your browser's address bar to enter the login pages. For ex. To login to your Gmail account type http://mail.google.com
7. Before you enter your password on any login page, ensure that you see https instead of http. ex. https://mail.google.com instead of http://mail.google.com. HTTPS protocol implements SSL (Secure Sockets Layer) and provide better security than a normal HTTP.

8. Beware of phishing emails! Do not respond to any email that request you to update your login details by clicking on a link in the body of the email. Such links can lead to Fake Login Pages (Spoofed Pages).

9. Always hit the logout button to close your login session rather than abruptly terminating the browser window. And clear your web browser caches after every session to removethe temporary files stored in the memory and hard disk of your PC.
10. Avoid (Stop) using any public computers or computers in the Internet cafes to access any sensitive/confidential information. Also avoid such computers to login to your email/bank accounts. You cannot be sure if any spyware, keystroke-logger, password-sniffer and other malicious programs have not been installed on such a PC.
By following the above 10 tips your online security can be guaranteed upto 90%. I hope this will help my readers for keeping themselves safe from any of the online insecurities. Cheers! Pass your comments.




If you're worried about email security, here is a step by step guide to help you check and determine if your Gmail account has been hacked or compromised in any way

Step 1: Find the 'Last Account Activity' Section Your Inbox


At the bottom of your Gmail inbox there is a 'Last Account Activity' section. Click on 'details' to launch the full blown monitor.

Step 2: See who has accessed your Gmail account recently

Next, what you'll see is a table of the most recent activity from your Gmail account. It shows you
  • How it was accessed (Browser/mobile etc)
  • Where exactly the IP address is (So you can do some further digging)
  • When it was accessed
Step 3: Understand the IP addresses – Has your Gmail really been hacked?


If you see IP addresses from different countries, don't be too quick to panic. If you use any 3rd party services which hook-up to your Gmail account, they will almost certainly show up in your activity log. To do you own investigation, you can use DomainTools to identify the IP address. This will help you differentiate normal activity and your Gmail account being hacked.

Step 4: Understand the alerts – Google's way of highlighting suspicious activity


Google will also do it's fair share of monitoring, and will also alert you if it sees suspicious activity both in your inbox, as well as your recent activity log. When this happens, and the IP addresses look suspicious, it is advisable to play it safe, assume your Gmail account has been hacked, and change your passwords immediately.

Step 5: Sign Out All Other Sessions – If you forgot to sign out on a public computer


If you are worried you did not not sign out of a public computer, you can 'sign out all other sessions'. This won't fix any hacked Gmail accounts, but it will resolve any careless mistakes. This is also useful if you happen to lose your mobile phone and you want to ensure your email is not read by others.

Step 4: Understand the alerts – Google's way of highlighting suspicious activity


Google will also do it's fair share of monitoring, and will also alert you if it sees suspicious activity both in your inbox, as well as your recent activity log. When this happens, and the IP addresses look suspicious, it is advisable to play it safe, assume your Gmail account has been hacked, and change your passwords immediately.

Step 6: What to do if your Gmail account has really been hacked

The first thing you do is change both your password and security question right away. Then make sure your new choices are very secure. Google themselves have some really good tips . For example in the case of security questions:
  • Choose a question only you know the answer to – make sure the question isn't associated with your password.
  • Pick a question that can't be answered through research (for example, avoid your mother's maiden name, your birth date, your first or last name, your social security number, your phone number, your pet's name, etc.).
  • Make sure your answer is memorable, but not easy to guess. Use an answer that is a complete sentence for even more security.
So there you have it. A step-by-step guide on fully understanding Gmail's account activity log, and how to check if your Gmail account has been hacked

Step 6: What to do if your Gmail account has really been hacked

The first thing you do is change both your password and security question right away. Then make sure your new choices are very secure. Google themselves have some really good tips . For example in the case of security questions:
  • Choose a question only you know the answer to – make sure the question isn't associated with your password.
  • Pick a question that can't be answered through research (for example, avoid your mother's maiden name, your birth date, your first or last name, your social security number, your phone number, your pet's name, etc.).
  • Make sure your answer is memorable, but not easy to guess. Use an answer that is a complete sentence for even more security.
So there you have it. A step-by-step guide on fully understanding Gmail's account activity log, and how to check if your Gmail account has been hacked .



World's first hack-free software

MELBOURNE: A team of Australia's ICT Research Centre of Excellence's spinout company Open Kernel Labs (OK Labs) developed a microkernel The 'seL4' and claimed it to be the the world's first hack-free software which can protect systems from failure or malicious attacks.  It is a small operating system kernel which regulates access to a computer's hardware. Its unique feature is that it has been mathematically proven to operate correctly, enabling it to separate trusted from untrusted software, protecting critical services from a failure or a malicious attack, say the scientists.
In future applications, seL4 could ensure that trusted financial transaction software from secure sources like banks or stock exchanges can operate securely on a customer's mobile phone alongside "untrusted" software, such as games downloaded from the Internet, according to its developers.

Lead scientist Gerwin Klein said, "Our seL4 microkernel is the only operating system kernel in existence whose source code has been mathematically proven to implement its specification correctly. Under the assumptions of the proof, the seL4 kernel for ARM11 will always do precisely what its specification says it will do."
It only works on sites being hosted on Ms-IIS server. Now a days many boxes are patched so it'll not work on them !!

Steps for Xp-

open run
type-

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEAD
F00-C265-11d0-BCED-00A0C90AB50F}

and press enter !

A new window name "WEB FOLDER" gets open

Right click and click on New, Add Web Folder then enter your vulnerable website address.

then next....finish
# now You can insert your page with name index.html by simply copy pasting.

Also after getting access to the website...Many websites don't allows you to
add your page. so leave them.

Dork- "Powered by IIS" or use your own unique dork.
 
Above article posted by Mr. Vishal Shah (Cyber Crime Investigator & Ethical Hacker)
Its a new type of Phishing attack!!

How The Attack Works

1. A user navigates to your normal looking site.

2. You detect when the page has lost its focus and hasn’t been interacted with for a while.

3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.

5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Above article posted by Mr. Vishal Shah (Cyber Crime Investigator & Ethical Hacker)
Now that the hacker has a full list of services running on the target system, to be able to exploit them, he has to first figure out what software and version the service is. One way the hacker can get this information, is to telnet into service port. In the example below, we will use command prompt on Windows (Start -> Run -> Type “cmd” -> Enter). If you are on a Mac, you will be using the terminal. Note: If you are using Windows Vista, then telnet is not installed by default. You can install it by doing the following simple steps.

o Click Start then select Control Panel.
o Select Programs and Features.
o Select Turn Windows features on or off.
o Select the Telnet Client option and click OK.
o A box will appear to confirm installation. The telnet command should now be installed

1. First, the hacker would choose one of the open ports that were revealed in the Nmap scan to continue with and attempt to exploit. Let’s say that when the hacker scanned his target, he found the port 21 open. As you can see on the chart above, port 21 is FTP. To find out what FTP software is running he would use telnet by running the command:
telnet www. targetsite.com 21

As you can see above, I ran this against my computer (localhost). So a hacker would insert a target URL in place of localhost.

2. Next, it would connect to the target and display a banner telling the hacker the software and its version as shown below. This is the information the hacker needs to continue and begin searching for vulnerabilities for the software discovered.

If the above method doesn’t work for you, then simply use Nmap’s full version.

Above article posted by Mr. Vishal Shah (Cyber Crime Investigator - Gujrat)