Receive Daily Updates

Enter your email address:

Saturday, August 29, 2009

Hack Linux and Windows 7 Passwords using KON BOOT

Tired of trying breaking into that Linux box which pesks you with its password screen ? Well,your day is saved when  Kon Boot comes to rescue . Apart from the stupid logo,Kon-Boot is an fantastic prototype software which can change contents of a Linux kernel and Windows kernel while booting.It will you to log into a Linux system as “root” user without even typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.Entire Kon-Boot was written in pure x86 assembly in TASM 4.0.

Yeah..you read it right..it works !

Kon boot was mainly created for Ubuntu,but now it supports more Linux distributions. Kon Boot can crack an array of Windows and Linux operating systems ranging from Windows XP to even Windows 7,which makes it one of the first tools to break Windows 7 passwords.On the Linux from it supports Gentoo,Ubuntu,Debian and Fedora flavors.

Here is how you can Hack Linux Passwords using Kon-Boot-

  1. Boot with Kon-boot CD or Floppy
  2. When Linux is fully booted go to the console mode
  3. Type 'kon-usr' as login, if it works you should be now in the system
  4. Remember to restore the system when you are leaving, you can do this by typing 'kon-fix' as login again.

Here is a Sample Console output of what it will look like -

Ubuntu 8.04 torpeda tty1
torpeda login: kon-usr
# id
uid=0(root) gid=0(root)
# whoami
root

Here is how you can Hack Windows Passwords using Kon-Boot-

No special usage instructions are required for Windows users, just boot from Kon-Boot CD/Floppy, select your profile and put any password you want. You lost your password? Now it doesn't matter at all :P

You can Download Kon-Boot from here -Thats the stupid Kon-Boot logo :P

Floppy Image – FD0-konboot-v1.1-2in1.zip
CD ISO Image – CD-konboot-v1.1-2in1.zip

 

 

 

Keep Learning..

 

[ PS:Finally my workshop at SVIET is over and I am a bit free as of now..]

 

 

POSTED BY XERO.ALL RIGHTS RESERVED.

read more "Hack Linux and Windows 7 Passwords using KON BOOT"

Monday, August 24, 2009

Webmasters Rejoice - View your website in different resolutions

Optimizing your website for ads ? Popular advertisement services like Chitika have ads which only show to people browsing using specific resolution of screen. So in any case if you ever wonder that how your website appears to a visitor who might be having a different screen resolution then you,in that case,Viewlike us comes to rescue..

viewlike check ur website against multiple resolutions - rdhacker.blogspot.com

Viewlike us is a free online service which allows you to check that how your website looks in the most popular resolution formats,and it even supports console browser of WII,and even rake up your site against IPHONE browser.

Just type your URL in the box and get started. I hope the webmasters can now better adjust their ads according to their whims..

visit Viewlike

 

Keep learning

 

POSTED BY XERO . ALL RIGHTS RESERVED.

read more "Webmasters Rejoice - View your website in different resolutions"

Friday, August 14, 2009

My Experience with Reliance NetConnect

Speaking of Reliance Netconnect,this data card service promises (just promises,but breaks every one) download speedsReliance Netconnect is a bigger abonimation than you can think of up to 144Kbps,uninterrupted high speed great connectivity,4 times speeds more than dialup and many more.. 

Its all fake.

Out of wilderness I got this cool looking data card from my friend,and here is my personal experience.

I plugged it,the software installs automatically and the connection started.Until here it went all right,then the real trouble began.I surfed using this son of #$%^@ on my powerhouse PC,using Firefox 3.5 ,Windows XP SP3 and later tested it on Linux.To be honest,the Google homepage my PC Firefox sported opened in 64 seconds,yeah I timed it. I tried opening my gmail ID and you bet I started reading Mario Puzos The Sicilian in the mean time. I later navigated to game-trailers and tried opening pages,but it simply was not able to load multimedia content.

Reliance netconnect delivers Speeds ? Ah well.. - rdhacker.blogspot.com 

Speaking of 4 Times more speed then dialup,as dialup offers max speeds of 56.6 Kbps,theoretically they shall offer speeds of 224 Kbps of more,but they advertise speeds of 144 Kbps.Its like folks at Reliance are Bad at math.I checked the speed and it was about 5 Kbps - 12 Kbps max and it disconnected frequently even when the signal strength was full. There goes another claim in trash.

The Overall software interface is easy to use but offers less customization and there is no profile creation option.

I later plugged this device to my Linux box (Backtrack 3,Slax based linux and on Fedora core system) and it was unable to configure itself.I tried talking to customer support but they were not "available" and busy attending others while I they told me about the latest offerings from Reliance.More fake claims,I exclaimed to my self.I tried again later in evening,and finally when I got to talk to them,they had no idea about it. The USB a55hole

Reliance Netconnect is a Bad bad idea and it gets worse in no time. In all fields,this device sucks and is a waste of your precious hard earned money.

I suggest you to go for BSNL 3G if you want wireless internet,its rely good and offers unrestricted speeds of 300Kbps plus.

I believe you got my point,and if not..then you have no sanity. Ban this service.

 

POSTED BY XERO . ALL RIGHTS RESERVED.

 

read more "My Experience with Reliance NetConnect"

Protecting against Session Hijacking

  1. Use Encryption

  2. Use a secure protocol

  3. Limit incoming connections

  4. Minimize remote access

  5. Have strong authentication.

Countermeasure

When practical, limit successful sessions to specific IP addresses. This usually only works when dealing within an intranet setting, where the IP ranges are predictable and finite.

Countermeasure

Re-authenticate the user before critical actions are performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch.

Countermeasure

Use x.509 certificates to prevent more traditional types of TCP hijacking.

Countermeasure

Use encryption. This can be done by one or more of the following.

  • Forcing all incoming connections from the outside world to be fully encrypted.

  • Forcing all connections to critical machines to be fully encrypted.

  • Forcing all traffic on the network to be encrypted.

  • Using encrypted protocols, like those found in the OpenSSH suite. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keygen and sftp-server.

Countermeasure

Use strong authentication (like Kerberos) or peer-to-peer VPN's.


---Regards,
Amarjit Singh
read more "Protecting against Session Hijacking"

Remote TCP Session Reset Utility


This security tool can remotely display all active sessions on a terminal server, router, dial-in server, access server, etc. The user can reset any TCP session remotely.

Resetting a connection is simple.

  1. Start up the remote TCP session reset

  2. Enter the IP address of the machine whose connection is to be reset.

  3. Enter the read-write community string.

  4. Click on connect to retrieve a list of active TCP connections

  5. Click on the connection that is to be disconnected, and select 'Break' from the toolbar.


---Regards,
Amarjit Singh
read more "Remote TCP Session Reset Utility"

Monday, August 3, 2009

Automatic SQL Injection Tool – SQLMAP

Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web SQL Injection applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..

You Can download sqlmap 0.7 here:

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip

Posted by XERO . ALL RIGHTS RESERVED.

read more "Automatic SQL Injection Tool – SQLMAP"