01/10/10 | Free Ethical Hacking Hacking Tricks Learn How To Hack Hacking Passwords & Email Hacking

Friday, January 15, 2010

People are Easier to Hack then Networks: Proves GoogleHack in China

By now most of you have probably heard about the GoogleHack in China. Yesterday Google's Chief Legal Officer David Drummond that indicated the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routinely accessed by third parties. Drummond said that these accounts were compromised through phishing scams or malware, not through holes in Google's computing infrastructure.

And as expected there are saying that this proves that "The Cloud" isn't secure and CAN'T BE TRUSTED. BUT IN REAL....The GoogleHack proves the Cloud is More Secure then Traditional Desktop Software, not less.

FOR MORE CLICK HERE

The image below shows what appeared when Twitter was googled during the compromise. The translation:

“In the name of God, As an Iranian this is a reaction to Twitter’s interference sly which was U.S. authorities ordered in the internal affairs of my country…”

It’s not the first time we see such a standard response from Twitter, but check out this picture from Twitter’s Platform Lead engineer, Alex Payne.

Iranian Cyber Army

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?

WE PUSH THEM IN EMBARGO LIST

Take Care

The Email address provided gave the media access to the hackers, creating a wider reach for their message.

From the NY Times:

…the writing on the image which is not in English includes a line of Arabic script and the words “Ya Hussein” on the green flag, which is a reference to the prophet Muhammad’s grandson, who is revered in Iran. Further down the screen, there is a poem that says, roughly: ‘We will die if our leader orders us to fight, and if he wants, we will be patient and tolerant.’

SOURCE: www.penn-olson.com

Thursday, January 14, 2010

How Secure Gmail Service Is ???

After Chinese hackers broke GOOGLE its services, Google has tightened up Gmail encryption.

Since 2008 users of Google mail have had the option of using the HTTPS protocol, which encrypts mail as it travels between the web browser and Google's servers.

Writing in google official blog, Google said that using HTTPS helps protect data from being snooped by third parties, such as in public WiFi hotspots.

Initially Google decided to leave the choice of using HTTPS all the time instead of just during user signon to its users because the more secure protocol did slow down traffic.

After researching the matter, Google now thinks that the benefits outweigh the drawbacks and has turned on HTTPS on for everyone all the time.

It is rolling out default HTTPS for everyone. If you've previously set your own preference in Gmail Settings to HTTPS, nothing will change for your account. If punters trust the security of their networks and don't want default HTTPS turned on for performance reasons, they can turn it off from the Gmail Settings menu.

World's Largest Annual Hacker Conference, 26C3, Took place in Berlin last week

The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone.

A bit on the word "hacker", as I know the term might be bothering some of you. A HACKER: one who tinkers, one who deconstructs out of a natural curiosity about how something works and how it could be made to do something it wasn't originally intended to do. Such abilities are akin to the skilled locksmith, and do not automatically make a hacker a criminal. Unfortunately for many who work in mainstream media, the word has been hijacked to be synonymous with "electronic evildoer". Yet, like many words that have been used to keep minority groups down, hackers are taking the label back.

Announcements such as the GSM encryption crack may have made international headlines last month, but something much more significant is clear: throughout the world, hackers have come out from their bunkers and opened up community spaces. They go by various names (co-working spaces, clubhouses, hideouts, space stations) and are a global-scale breakthrough for a community that for decades has not always been willing or able to go public. By opening up, they've not only gone public, but have also opened their doors to anyone curious or interested in the world of technology and how things work.

This phenomenon may be bigger than it has ever been, but in some corners of the world, it is not altogether new. Groups of German hackers have long organised themselves as officially recognised clubs and taken on challenges of a technical (or non-technical) nature. In North America, the movement has seen its greatest expansion in the past few years, with spaces such as NYC Resistor in Brooklyn, Pumping Station: One in Chicago and Noisebridge in San Francisco providing a creative space for a rapidly growing membership. The hacker space movement includes clubs in different parts of Latin America, as well as in South Africa, Israel, Iran, Dubai, Thailand, Malaysia, Singapore, Indonesia, Japan and Australia. Every month, the list gets longer as more groups come forward and post their details online at hackerspaces.org, a central hub and wiki for all info about spaces, including how to start one.

Among the attendees at the 26C3 conference were the people behind wikileaks, the wiki clearinghouse for leaked documents. In its first few years wikileaks has come under attack by governments and other large institutions who fear its growing influence and has made international headlines on several occasions, including when it was ordered to shut down by a California court in 2008 after documents were leaked related to offshore bank activities. Presenting at this year's congress, their goal was to explain how this project could become an essential tool for journalists throughout the world who seek sources and secure methods to protect the identity of those with access to – and brave enough to leak – sensitive information.

Also present was Bre Pettis and his Makerbot Industries. The knob on your dishwasher broke off? Trying in vain to contact customer assistance and find some way to get a replacement part? Well Pettis had a better idea, and by using a 3D printer, produced his own replacement knob. His tinkering with 3D printing has resulted in the founding of his very own company, Makerbot, which has actual employees and its own manufacturing space in Brooklyn, shipping Makerbots all over the world. Pettis didn't tell us to buy his stuff, but talked about what other people have been building and how he envisages a future where people aren't just consumers: he dreams of a return of the tradition of people making things.

It is hard not to be in awe of what this group of hackers was able to build for a four-day conference: its GSM network, an internal Dect phone system, a radio station, its own all-volunteer first aid and emergency rescue team and an indescribably fast network with capacity that no conference or municipality in the world can compete with. It is no wonder spaces are popping up everywhere, as hackers come out of the cupboards and stand proudly as the talented explorers and critical thinkers that they are.

SOURCE: www.guardian.co.uk

Wednesday, January 13, 2010

Download free Tools to examine NTFS for unauthorized activity: FORENSIC TOOLKIT

The Forensic ToolKit™ contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity.

Key Features

AFind is the only tool that lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled.
HFind scans the disk for hidden files. It will find files that have either the hidden attribute set, or NT's unique and painful way of hiding things by using the directory/system attribute combination. This is the method that IE uses to hide data. HFind lists the last access times.
SFind scans the disk for hidden data streams and lists the last access times.
FileStat is a quick dump of all file and security attributes. It works on only one file at a time but this is usually sufficient.
Hunt is a quick way to see if a server reveals too much info via NULL sessions.

Command Line Switches

afind [dir] /f [filename] /ns=no subs /a after /b before /m between

time format =

hfind [dir] /hd=find dir/system attribs /ns=no subs

sfind [dir] /ns=no subs

filestat [filename]

hunt [\\servername]

System Requirements

Windows NT 4.0 SP3

16MB Memory

Administrator privileges

Audit log enabled with searchable records

Set NT command line buffer to 500 or more lines. 1200 or more lines works well

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Download free Internet Explorer activity forensic analysis tool: PASCO

Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.

Many computer crime investigations require the reconstruction of a subject's internet activity. Since this analysis technique is executed regularly, we researched the structure of the data found in Internet Explorer activity files (index.dat files). Pasco, the latin word meaning "browse", was developed to examine the contents of Internet Explorer's cache files. The foundation of Pasco's examination methodology is presented in the white paper located here. Pasco will parse the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

Usage: pasco [options]

-d Undelete Activity Records

-t Field Delimiter (TAB by default)

Example Usage:

[kjones:pasco/bin]% ./pasco index.dat > index.txt

Open index.txt as a TAB delimited file in MS Excel to further sort and filter your results:

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Learn How to Scan all open TCP and UDP ports using VISION

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features

Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.
View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.
Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

List Applications Running

List Services Running

List Devices Running

Faq

Q. Will Vision work on Windows 9x, Me, or XP?

A. Vision will not work on Windows 9x, or Me. It will work with Windows XP.

Q. I get “Must be Admin” error when trying to launch. I am the Administrator, so what’s the problem?

A. Check to ensure that nbt binding is enabled. In NT 4 this is done in your network interface bindings. Under Win2k check to ensure that you have the TCP/IP Netbios helper enabled.

System Requirements

NT 4/ Win 2000
NT 4 needs psapi.dll
800x600 res. minimum
256 colors min
32MB

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Download Free Tool to Find Ascii, Unicode and Resource strings in a file: BINTEXT

A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.

Useful tip: Place a shortcut to Bintext in your Windows\SendTo folder so that you can automatically send files to BinText by right-clicking on their names and choosing Send To -> BinText from the drop-down menu. You can set this up by right-clicking on bintext.exe, selecting Copy then open up your Windows\SendTo folder, right click the mouse and select Paste Shortcut.

** NOTE: Some Anti-virus packages may falsely report this product as a keylogger/trojan application. Please upgrade to the latest anti-virus definitions as this has been corrected by most vendors.**

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Download Free Internet Explorer Cookie Forensic Analysis Tool: GALLETA

Many computer crime investigations require the reconstruction of a subject's Internet Explorer Cookie files. Since this analysis technique is executed regularly, we researched the structure of the data found in the cookie files. Galleta, the Spanish word meaning "cookie", was developed to examine the contents of the cookie files. The foundation of Galleta's examination methodology will be documented in an upcoming whitepaper. Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

Usage: galleta [options]

-t Field Delimiter (TAB by default)

Example Usage:

[kjones:galleta/galleta_20030410_1/bin] kjones% ./galleta antihackertoolkit.txt > cookies.txt

Open cookies.txt as a TAB delimited file in MS Excel to further sort and filter your results

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Dump Firefox AutoComplete files into XML Using DUMPAUTOCOMPLETE

This application will search for the default Firefox profile of the user who runs the tool and dump the AutoComplete cache in XML format to standard output. Alternatively, autocomplete files can be passed to the application and they will be parsed as well. This application understands mork based autocomplete files (Firefox 1.x) as well as SQLite based formhistory and webappsstore files (Firefox 2.x).

The download package contains a standalone windows application. The MSVCR71.dll maybe needed on systems that do not already have this file. The full Python source code is also included and can be run on Windows, Mac OS X, Linux, or any other system with Python installed (the additional "pysqlite2" modulal is required for SQLite based file parsing).

Usage: dumpAutoComplete [formhistory[.dat|.sqlite]]

Example Usage:

C:\Bin\> dumpAutoComplete > mydata.xml

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

A binary file byte-patching program: PATCHIT

A file byte-patching utility. This is driven by a simple scripting language. It can patch sequences of bytes in any file, search for byte patterns (with wildcards) and also extract and utilise DLL exported function addresses as source positions in files to be patched.

The total command list is as follows:

MESSAGE <"message"> Displays a message during script execution.
DIR <"directory path"> Optional directory path to search for files. For compatibility it is advisable not to use specific drive names in the path.
FILE <"filename"> [filesize] Filename to patch. Optional filesize specifies the size that the file must match to be accepted.
FIND [<*>]... Performs a search on the current file for the sequence of bytes that match ... up to max 256. Use the keyword * to match any byte. If a match is found then the PATCH file position value is set to the file position at which the found pattern begins.
FUNCTION <"funcname"> Sets the current patch position to the file position of the given exported function name (case sensitive). It is assumed that the file being patched is a DLL.
PATCH [[POS ] | [OFFSET ]] ... Patches the current file at optional file position/offset. Replaces orig_byte with new_byte. Fails if original byte read from file is not orig_byte.
COPY <"orig_file"> <"new_file"> Copies "orig_file" to "new_file"
DELETE <"filename"> Deletes the specified file.
INIFILE <"filemame"> Specifies an INI file to be used in subsequent INI commands. This filename is relative to the last DIR directory path.
INISECTION <"section"> Specifies an INI section name for use in subsequent INIWRITE commands
INIWRITE <"keyname"> <"value"> Writes the given string value to the INI keyname in the previously specfied INI file's section.

It would be useful to write a program that performed the dual tasks of altering an application's behavior and at the same time kept a documented note of exactly what I had done to achieve the result in the form of the commented script file.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Iranian Cyber Army hit Baidu, China’s Internet search engine: Chinese hack back

The users who visited Baidu's Web site were redirected to a page with black screen that had an image of a green flag, and the page read in English and Arabic, "This site has been hacked by the Iranian Cyber Army."

The outage, which lasted for three and hours, affected many users as Baidu is China’s largest search engine, offering more than 50 search and community services.

Jeremy Rossi, a partner in Praetorian Security Group, a New York City-based security consultancy, told Computer World that it is likely that the Iranian Cyber Army attacked Baidu by altering its Domain Name System (DNS) at the registrar level.

There is a possibility that the hackers undertook a phishing attack to obtain a username and password that allowed them to access the records of Baidu at the registrar level, asserted Rossi.

The same method was used to hack Twitter in December. The company has said that a Twitter account was used to modify its DNS records.

The Twitter attack had lasted for more than an hour. The users who logged in were redirected to a page with black screen that had an image of a green flag, and the page read in English and Arabic that the site had been hacked by Iranian Cyber Army, asserting that they had the power to control and manage Internet.

It is not clear why Baidu’s Web site has been attacked.

Twitter was hacked after micro-blogging site was used by the pro-democracy forces in Iran earlier in summer to bring to light the country’s disputed presidential elections that were marred by blood bath.

At that time, when the media had a difficult time covering the elections, the opposition took to Twitter to provide minute by minute update along with videos.

It is likely that the attack on Baidu is the result of severing bilateral ties between the two countries following elections in Iran last year.

Additionally, Chinese Web users have created "CN4Iran", a discussion forum on Twitter, commenting on the situation in Iran and supporting the pro-democracy forces.

The attack, though short-lived, infuriated Chinese Web users.

In retaliation, the hackers in China attacked Web sites registered in Iran, which appeared with Chinese flags and their slogans.

An Iranian Web site, room98.ir, displayed a message by the Honker Union for China, “This morning your Iranian Cyber Army intrusion [sic] our baidu.com.

“Please tell your so-called Iranian Cyber Army: Don't intrusion Chinese website about The United States authorities to intervene the internal affairs of Iran's response. This is a warning!”

The Honker Union for China also posted a slogan on their Website, “We are China's hacker! Let the world hear the voice of China! The state is higher than the dignity of all!"

The Honker Union for China is a group in China that is quite active for hacktivisim. Its members combine hacking skills with patriotism and nationalism.

Over the years, they have launched a series of attacks on websites in the United States, mostly government-related sites.

SOURCE: The Money Times

Share This Post With Your Friends

Friday, January 15, 2010

People are Easier to Hack then Networks: Proves GoogleHack in China

Thursday, January 14, 2010

How Secure Gmail Service Is ???

World's Largest Annual Hacker Conference, 26C3, Took place in Berlin last week

Wednesday, January 13, 2010

Download free Tools to examine NTFS for unauthorized activity: FORENSIC TOOLKIT

Download free Internet Explorer activity forensic analysis tool: PASCO

Learn How to Scan all open TCP and UDP ports using VISION

Download Free Tool to Find Ascii, Unicode and Resource strings in a file: BINTEXT

Download Free Internet Explorer Cookie Forensic Analysis Tool: GALLETA

Dump Firefox AutoComplete files into XML Using DUMPAUTOCOMPLETE

A binary file byte-patching program: PATCHIT

Iranian Cyber Army hit Baidu, China’s Internet search engine: Chinese hack back