Friday, March 11, 2011

Google Hacking

Google is an advance search engine. Everybody wants to do google before doing anything. Every time searching on Google provides us lot of information. But now-a-days this information can be harmful for any company. In Wikipedia Google hacking defines as “Google hacking involves using advance operators in the Google search engine to locate specific strings of text within search results”. It is possible to obtain the private and sensitive information from the web sites.

Google has four important technologies that can be used to implement in searching on google site:

· Google Bots: Crawl websites following hyperlinks to retrieve information which can be used in search requests

· Google Index: that is listing result of the searching options which is found by web crawlers

· Google Cache: even company remove data from the websites it could still be found in the google cache

· Google API: it is a advance option that allows for programmers to use XML to create applications to query google.

Some books/links also available on Google Hacking:

1. “Google Hacking for penetration testers” by Johnny Long

2. http://johnny.ihackstuff.com

3. “Google Hacks” books by Tara Calishain & Real Dornfest

Following are some examples of advance operator use as syntax on Google.

1. Site: rundle http://www.microsoft.com

2. Filetype: xls http://www.fanshawec.ca

3. Link: http://www.cisco.com

4. Cache: displays the version of a web

5. Intitle: student http://www.microsoft.com

6. Inurl:it displays web pages with a name in the URL

Monday, March 7, 2011

Steps of Hacking

Before becoming a ethical hacker, should have knowledge about network, knowledge of protocols (TCP/IP, HTTP, SMTP), windows, UNIX, programming languages, authentication protocols, firewall, wireless, scanning etc.

Following are the five steps for hacking.

1. Reconnaissance: it is used to gather the information from the different resources (newspapers, company web site, and Google search), how much you can.

2. Scanning: in this step try to find out the active IP address with the help of ping command etc. and also locate the different TCP/UDP ports.

3. Gain Access: after the scanning, net target is to gain the access it can be done with the help of buffer overflow and password guess.

4. Maintain Access: it is very difficult to gaining the access but it is more difficult to maintain the access without leaving any evidence. Try to take the help of backdoor program or Trojan horse.

5. Cover Tracks: after taking full access of the server, then delete the log file, in his way hackers can hide or disguise from the company. The best way is used the real program name of Trojan virus and copied it to the different directory.

Tuesday, March 1, 2011

Types of top software tools for Scanning.

Top 10 vulnerabilities scanner

Vulnerability is a kind of weakness in the programming or in the security network system. Following are the some vulnerability scanning technologies that can be used to find the vulnerabilities in your operating system.

· MBSA: Microsoft Baseline Security Analyzer

· Sara : Security Auditor's Research Assistant

· SAINT : Security Administrator's Integrated Network Tool

· GFI LANguard: A commercial network security scanner for Windows

· Nessus : Premier UNIX vulnerability assessment tool

· Core Impact : An automated, comprehensive penetration testing product

· X-scan : A general scanner for scanning network vulnerabilities

· QualysGuard : A web-based vulnerability scanner

· ISS Internet Scanner : Application-level vulnerability assessment

· Retina : Commercial vulnerability assessment scanner by eEye

Top 4 Application-Specific Scanners

· THC Amap : An application fingerprinting scanner

· Nbtscan : Gathers NetBIOS info from Windows networks

· Ike-scan : VPN detector/scanner

· SPIKE Proxy : HTTP Hacking

Top Password Cracker

· Cain and Abel : The top password recovery tool for Windows

· John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker

· THC Hydra : A Fast network authentication cracker which supports many different services

· Aircrack : The fastest available WEP/WPA cracking tool

· L0phtcrack : Windows password auditing and recovery application

· Airsnort : 802.11 WEP Encryption Cracking Tool

· Pwdump : A window password recovery tool

· RainbowCrack : An Innovative Password Hash Cracker

Top 4 Port Scanners

· Superscan : A Windows-only port scanner, pinger, and resolver

· Angry IP Scanner : IP address and port scanner

· Unicornscan : Not your mother's port scanner

· Scanrand : An unusually fast stateless network service and topology discovery system

Top 3 Vulnerability Exploitation Tools

· Metasploit Framework : Hack the Planet

· Core Impact : An automated, comprehensive penetration testing product

· Canvas : A Comprehensive Exploitation Framework

Saturday, February 26, 2011

What is Cloud Computing ?

“Cloud Computing” word come through cloud symbol which is used to signify the internet. In simple words we can say “Cloud computing is using the internet to access someone else’s software running on someone else’s hardware in someone else’s data centre while paying only for what you use”. Cloud Computing has some characteristics like it is used on demand of any time, a user can use more or little services according to requirements, and all services provided by third party so user need only computer and internet access.

Three services come under the Cloud Computing. First one is Infrastructure-as-a-Service (IaaS) like Amazon which make available virtual server to access and configure for data storage. Second, Platform-as-a-Service (PaaS) provides only infrastructure as a set of software and product development tools over the internet. For instance: - salesforce.com, googleApps. And last is Software-as-a-Service (SaaS) which provide the hardware & software infrastructure, and give information how interacts as a front end view.

Two types of cloud computing:

· Public /External Cloud: When the resources such-as applications and data storage is provided by the third party with full security features on the risks. The Third party handle with advanced web applications/ services through the internet.

· Private/Internal Cloud: When all features of public cloud are provided by a company/organization to their own clients is described as Internal Cloud. The security of financial statements, client’s personal information etc. is secure behind a firewall.

More addition, some engineers referred that community cloud and hybrid cloud are also types of Cloud Computing. The Layers are used in Cloud Computing to reach at destination like Client -->Applications -->Platform -->Infrastructure -->Server.

Monday, February 14, 2011

Types of Malware

Malware is a kind of application or program that is designed by hackers to attack the security system of any computer. These kinds of software secretly enter in the computer without the knowledge of vendor, and destroy everything. Use advance upgraded antivirus to protect your system from malware attacks.

Some malware types are given below:

1. Virus: A virus is a program that attempts to damage a computer system and replicate itself to other computer system. For example stoned, Michelangelo, Melissa, I love you etc.

2. Worms: A worm is a self replicating program that can be designed to do any number of things, such as delete files or send documents via e-mail. A worm can negatively impact network traffic just in the process of replicating itself. For example: code red, daprosy worm etc.

3. Trojan horse programs: A Trojan program is a combination of two or more executable into one file and wrap or bind with some things to cover itself. In this situation we can say all shining things are not gold so be careful while using internet and download anything. For example: sinowal Trojan.

Wednesday, February 9, 2011

Some Top Names of Hackers

White Hat Hackers
White hat hackers that persons which are hired by government, organization to protect their own systems from the hacking attacks of outside the world. everyone respect these members are government pay for this kind of works its called white hat hackers/ following are the some examples of good hackers which are popular in all over the world.

· Stephen Wozniak

· Tim Berners-Lee

· Linus Torvalds

· Richard Stallman

· Tsutomu Shimomura

Black hat Crackers
But crackers are not hired by any company they just delete the data or destroy the system rather than to just take the access of the system or steal the confidential data. following are the some names of crackers which are famous all over the world as a name of "black hat" crackers.

· Jonathan James

· Adrian Lamo

· Kevin Mitnick

· Robert Tappan Morris

· Shawn Fanning

· VallaH

· Gordon Lyon / Fyodor

· The Mentor

· Karl Koch / August Diehl

· Electron / Richard Jones

· Kevin Poulson / Dark Dante

Note: if you want to know about these hackers in detail then you can search on the any search engine. and take the knowledge whats kinds of techniques, methods, procedures are used to hack the systems by these hackers. or what kind of vulnerability has found recently.

Tuesday, February 8, 2011

Metasploit

It is an advance tool which is used for penetration testing of the secure network system or any particular PC. Network may be Local Area Network, Wide Area Network, Metropolitan Area Network or internet. Metasploit can be used in the security research development and Intrusion detection Systems signatures research. It was created by HD moore in 2003 with the help of perl scripting language. But the famous framework was rewritten in the Ruby programming language. It is an open source project which can be used for penetration testing, research as a legally.

Products of metasploit

1. Metasploit framework

· Choosing the exploit

· Configuring the exploit

· Check is there any risk while attack

· Choosing payload

· Configuring payload

· Modify the payload according to requirements.

· Execute the exploit

2. Metasploit Express

3. Metasploit Pro

4. NeXpose

Lehal Jasvir