Translate

Thursday, November 17, 2011

Learn from a pair of walking legs, the foot that is forward has no pride & the foot which is behind has no shame... because they both know their situation will change soon


Mere rab ne ye karam anokha rakha,
Di sari khushi par tanha rakha.
Toot jata hai har khwab pura hokar,
Isliye Maine Ek khwab adhura rakha.


Hum unki khushi ki dua mangte rahe,
Behad or bepnah mangte rahe.
Aaj wo khush hai kisi or ke sath,
Ab samjh aaya hum KHUDA se apne liye hi sazaa mangte rahe

LAKSHYA HO TO AISA

Teacher: Tum bade hokar kya karoge ?

Student: shaadi..!!!!!!
Teacher: nahi, mera matlab hai kya banoge?.....

Student: dulha.!!!!!!!!!!!
Teacher: oh, i mean bade hokar kya hasil karoge?

Student: dulhan
Teacher: IDIOT mera matlab bade ho kar mummy papa k liye kya karoge?
Student: bahu laaunga
Teacher: stupid tumhare papa tumse kya chahte hai?

Student: pota
Teacher: he bhagwan, tumari zindagi ka kya maksad hai?

Student: hum do humare do, jab tak teesra na ho......!!!!!!

Mil Gai Khushi

Mil gai khushi tujhe mere dil ko chaak karke,

Mil kya gaya tumhe mera jahan barbad karke,

Royenge ab ye soch ke hum umr bhar,

Chale gaye wo mujhe khushiyon se azaad karke...

Tadap uthti hai dil me tujhko khabar kahan,

Tumhe to mil hi gaya hai doosra jahan,

Bhatak rahe the dard ke samandar me,

Sochta hu ab gham se bachkar jaun kahan...

Bejan kar ke ja rahe ho tum mujhe,

Kabr ke andar tadpa rahe ho tum mujhe,

Chain kahan ab yaha pe mujhe,

Hath pakad duje ka jala rahe ho tum mujhe . .

Thursday, October 20, 2011

Heart Touching

कुछ ऐसी उलझन क्यों बड़ाई जिंदगी ने,

हर वो बात जो मैंने सुलझाई,फिर उलझाई जिंदगी ने!!

कोई शिकवा करू भी तो किस चीज़ का,क्या छोड़ा है जिंदगी ने,

न पूरी ख़ुशी ही दी,न पूरा गम,क्या कहू क्या दिया है जिंदगी ने!!

जानता हु जीतना आदत है तेरी,तुम एक दिन जीत ही जाओगे,

पर मेरी मौत से पहले तुम मुझे न हरा पाओगे!!

ये जिंदगी मेरी,तुझसे कोई सिकवा नही मुझे,

तू कभी मुझे खुश देख न पायी,और में कभी खुश रख न पाया तुझे!!

लोग कहते रहे,तेरा नसीब अच्छा होगा,सब अच्छा होगा,

पर आज सोचता हु, अब इससे ज्यादा बुरा और क्या होगा!!

तू अपने दाव आजमाती चल,में मोहरा हु पिटता रहूँगा,

ये जिंदगी पर याद रखना, तेरी सतरंज पर कभी एक पल तो मेरा होगा!!

Friday, April 1, 2011

Finding the MAC Address of Remote Computer (Advanced)

Every device on a TCP/IP network has a unique number assigned to it called the MAC (Media Access Control) address. The MAC address is used by the network hardware such as routers, switches, etc. to send traffic from one device to another device on your network.

Your computer uses a service called ARP (Address Resolution Protocol) to resolve and track the TCP/IP and MAC address of the remote devices that you're communicating with. This information is handy for doing semi-low level network troubleshooting. It can also be used for granting or denying permissions to a network segment or device on that network.

To determine the MAC address of a remote device:
  • Open the MS-DOS prompt (From the Run... command, type "CMD" and press Enter).
  • Ping a remote device that you want to find the MAC address (for example: PING 192.168.0.1).
  • Type "ARP -A", and press Enter.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS>arp -a


Interface: 192.168.1.100 --- 0x10004
Internet Address Physical Address Type

192.168.1.1 aa-fb-c8-34-da-7a dynamic

SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: An In-depth Explanation
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: A Simple Example
Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access.

Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL queries and creative guess work to important table and field names. The sheer simplicity of SQL Injection has fuelled its popularity.

What is the impact of SQL Injection?
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use subselects, or append additional queries.

In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.

Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.

Example of a SQLInjection Attack
Here is a sample basic HTML form with two inputs, login and password.






The easiest way for the login.asp to work is by building a database query that looks like this:

SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’

If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x

SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what the first part contains.

This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!

How do I prevent SQL Injection attacks?
Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web attacks. Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your databases servers through web applications. Isn’t this what they have been designed to do?

Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.

Tuesday, March 22, 2011

Port Scanning

It is similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are two of the protocols that make up the TCP/IP protocol suite which is used universally to communicate on the Internet. Each of these has ports 0 through 65535 available so essentially there are more than 65,000 doors to lock.

The first 1024 TCP ports are called the Well-Known Ports and are associated with standard services such as FTP, HTTP, SMTP or DNS. Some of the addresses over 1023 also have commonly associated services, but the majority of these ports are not associated with any service and are available for a program or application to use to communicate on.

Port scanning software, in its most basic state, simply sends out a request to connect to the target computer on each port sequentially and makes a note of which ports responded or seem open to more in-depth probing.

If the port scan is being done with malicious intent, the intruder would generally prefer to go undetected. Network security applications can be configured to alert administrators if they detect connection requests across a broad range of ports from a single host. To get around this the intruder can do the port scan in strobe or stealth mode. Strobing limits the ports to a smaller target set rather than blanket scanning all 65536 ports. Stealth scanning uses techniques such as slowing the scan. By scanning the ports over a much longer period of time you reduce the chance that the target will trigger an alert.

By setting different TCP flags or sending different types of TCP packets the port scan can generate different results or locate open ports in different ways. A SYN scan will tell the port scanner which ports are listening and which are not depending on the type of response generated. A FIN scan will generate a response from closed ports- but ports that are open and listening will not send a response, so the port scanner will be able to determine which ports are open and which are not.

There are a number of different methods to perform the actual port scans as well as tricks to hide the true source of port scan. You can read more about some of these by visiting these web sites: Port Scanning or Network Probes Explained.

It is possible to monitor your network for port scans. The trick, as with most things in information security, is to find the right balance between network performance and network safety. You could monitor for SYN scans by logging any attempt to send a SYN packet to a port that isn't open or listening. However, rather than being alerted every time a single attempt occurs- and possibly being awakened in the middle of the night for an otherwise innocent mistake- you should decide on thresholds to trigger the alert. For instance you might say that if there are more than 10 SYN packet attempts to non-listening ports in a given minute that an alert should be triggered. You could design filters and traps to detect a variety of port scan methods- watching for a spike in FIN packets or just an anomylous number of connection attempts to a variety of ports and / or IP addresses from a single IP source.

To help ensure that your network is protected and secure you may wish to perform your own port scans. A MAJOR caveat here is to ensure you have the approval of all the powers that be before embarking on this project lest you find yourself on the wrong side of the law. To get accurate results it may be best to perform the port scan from a remote location using non-company equipment and a different ISP. Using software such as NMap you can scan a range of IP addresses and ports and find out what an attacker would see if they were to port scan your network. NMap in particular allows you to control almost every aspect of the scan and perform various types of port scans to fit your needs.

Once you find out what ports respond as being open by port scanning your own network you can begin to work on determining whether its actually necessary for those ports to be accessible from outside your network. If they're not necessary you should shut them down or block them. If they are necessary, you can begin to research what sorts of vulnerabilities and exploits your network is open to by having these ports accessible and work to apply the appropriate patches or mitigation to protect your network as much as possible.


Thursday, March 17, 2011

NetBus

NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.

NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998. It was in wide circulation before Back Orifice was released, in August 1998. The author claimed that the program was meant to be used for pranks, not for illegally breaking into computer systems. Translated from Swedish, the name means "NetPrank".

However, use of NetBus has had serious consequences. In 1999, NetBus was used to plant child pornography on the work computer of a law scholar at Lund University. The 3,500 images were discovered by system administrators, and the law scholar was assumed to have downloaded them knowingly. He lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.[1]

There are two components to the client–server architecture. The server must be installed and run on the computer that should be remotely controlled. It was a .exe file with a file size of almost 500 KB. The name and icon varied a lot from version to version. Common names were "Patch.exe" and "SysEdit.exe". When started for the first time, the server would install itself on the host computer, including modifying the Windows registry so that it starts automatically on each system startup. The server is a faceless process listening for connections on port 12345 (in some versions, the port number can be adjusted). Port 12346 is used for some tasks, as well as port 20034.

The client was a separate program presenting a graphical user interface that allowed the user to perform a number of activities on the remote computer. Examples of its capabilities:

  • Keystroke logging
  • Keystroke injection
  • Screen captures
  • Program launching
  • File browsing
  • Shutting down the system
  • Opening / closing CD-tray
  • Tunneling protocol (NetBus connections through a number of systems.)

The NetBus client was designed to support the following operating system versions:

Netbus client (v1.70) works fine in Windows 2000 and in Windows XP as well. Major parts of the protocol, used between the client and server interaction (in version 1.70) are textual. Thus the server can be controlled by typing human understandable commands over a raw TCP connection. It is more difficult than using the client application yet allows one to administrate computers with NetBus from operating environments other than Windows, or when original client is not available. Features (such as screen capture) require an application with ability of accepting binary data, such as netcat. Most of more common protocols (like the Internet Relay Chat protocol, POP3 SMTP, HTTP) can also be used over a raw connections in a similar way.

NetBus 2.0 Pro was released in February 1999. It was marketed commercially as a powerful remote administration tool. It was less stealthy, but special hacked versions exist that make it possible to use it for illegal purposes.

All versions of the program were widely used by "script kiddies" and was popularized by the release of Back Orifice. Because of its smaller size, Back Orifice can be used to gain some access to a machine. The attacker can then use Back Orifice to install the NetBus server on the target computer. Most anti-virus programs detect and remove NetBus.

Also existing is a tool called NetBuster. It pretends to be a running NetBus server, but causes connecting NetBus clients to crash. Additionally, a program called NetBusterBuster could be used to crash a remote NetBuster.

ping sweep (ICMP sweep)ping sweep (ICMP sweep)

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). Whereas a single ping will tell you

whether one specified host computer exists on the network, a ping sweep consists of ICMP (Internet Control Message Protocol) ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. Ping sweeps are among the older and slower methods used to scan a network.

There are a number of tools that can be used to do a ping sweep, such as fping, gping, and nmap for UNIX systems, and the Pinger software from Rhino9 and Ping Sweep from SolarWinds for Windows systems. Both Pinger and Ping Sweep send multiple packets at the same time and allow the user to resolve host names and save output to a file.

To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and Address Mask Requests can be used in a similar manner.