Wednesday, October 26, 2011

Download Exploit Pack - An open source security framework



Download Exploit Pack - An open source security framework




Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant search features and XML-based modules.


A GPL license for the entire project helps to ensure the code will remain free. It also features a ranking system for contributors, tutorials for everyone who wants to learn how to create new exploits and a community to call for help. 


It has a module editor that allows you to create your own custom exploits.
There is an instant search feature built-in on the GUI for easier access to modules.
Modules use XML DOM, so they are really easy to modify.
It uses Python as its Engine because the language is more widely used on security related programming.
A tutorial is also provided. If you want to earn money, they will pay you for each module you add to Exploit Pack.


Download Here:
http://exploitpack.com/download-framework

Download Havij 1.1.5

Download Havij 1.1.5


Havij is the one of the best tool for SQL injections which is used by most of the persons to hack website databse. This is a nice automated tool which takes tha URL and give you complete database of the website


The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.


What's in this

  1. Webknight WAF bypass added.
  2. Bypassing mod_security made better
  3. Unicode support added
  4. A new method for tables/columns extraction in mssql
  5. Continuing previous tables/columns extraction made available
  6. Custom replacement added to the settings
  7. Default injection value added to the settings (when using %Inject_Here%)
  8. Table and column prefix added for blind injections
  9. Custom table and column list added.
  10. Custom time out added.
  11. A new md5 cracker site added
  12. bugfix: a bug releating to SELECT command
  13. bugfix: finding string column
  14. bugfix: getting multi column data in mssql
  15. bugfix: finding mysql column count
  16. bugfix: wrong syntax in injection string type in MsAccess
  17. bugfix: false positive results was removed
  18. bugfix: data extraction in url-encoded pages
  19. bugfix: loading saved projects
  20. bugfix: some errors in data extraction in mssql fixed.
  21. bugfix: a bug in MsAccess when guessing tables and columns
  22. bugfix: a bug when using proxy
  23. bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
  24. bugfix: false positive in finding columns count
  25. bugfix: when mssql error based method failed
  26. bugfix: a bug in saving data
  27. bugfix: Oracle and PostgreSQL detection



Download Here:
http://www.filesonic.in/file/1898685311/Havij_1.15_Pro-By.ICF.rar

A-ddos - Kernel solution to prevent ddos attack

A-ddos - Kernel solution to prevent ddos attack


a-ddos is a kernel patch in order to prevent DDos attack at the low-hardware-level. It works well on a netbridge.


DDos is short for distributed denial-of-service,it becomes a serious threat nowadays. There hasn't been a perfect solution yet. a-ddos uses 512M(128M in current version) memory to keep tracks of every ipv4 address and a kernel-level timmer to record connections pre-second. While under attack, only the available IPs are allowed to be connected to the server.


Highlighted features
Fast
In order to determine every connection, only one memory-access is needed.


Stable
The implementation is simple and fast, while under syn-flood attack a-ddos takes less than 10% cpu time to handle.


Flexible
It's easy to extend the memory usage, nevertheless 4G/8 bit = 512MB can handle the whole IPV4 space!


Download
http://code.google.com/p/a-ddos/downloads/list


Read more:
http://code.google.com/p/a-ddos/wiki/PreviewWiki

download AnDOSid - DOS tool for android

download AnDOSid - DOS tool for android


A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.


Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.


AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.




Features:
Requires Internet access to send the http post data
Requires phone state to access the IMEI (one of the two identifiers sent with each post)


Download Here:
https://market.android.com/details?id=com.scott.herbert.AnDOSid&feature=featured-apps

download bsqlhacker | Advanced SQL Injection Framework



download bsqlhacker | Advanced SQL Injection Framework
 to


BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.


BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).


It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.


Key Features

  • Easy Mode
  • SQL Injection Wizard
  • Automated Attack Support (database dump)
  • ORACLE
  • MSSQL
  • MySQL (experimental)
  • General
  • Fast and Multithreaded
  • 4 Different SQL Injection Support
  • Blind SQL Injection
  • Time Based Blind SQL Injection
  • Deep Blind (based on advanced time delays) SQL Injection
  • Error Based SQL Injection
  • Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
  • RegEx Signature support
  • Console and GUI Support
  • Load / Save Support
  • Token / Nonce / ViewState etc. Support
  • Session Sharing Support
  • Advanced Configuration Support
  • Automated Attack mode, Automatically extract all database schema and data mode
  • Update / Exploit Repository Features
  • Metasploit alike but exploit repository support
  • Allows to save and share SQL Injection exploits
  • Supports auto-update
  • Custom GUI support for exploits (cookie input, URL input etc.)
  • GUI Features
  • Load and Save
  • Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
  • Visually view true and false responses as well as full HTML response, including time and stats
  • Connection Related
  • Proxy Support (Authenticated Proxy Support)
  • NTLM, Basic Auth Support, use default credentials of current user/application
  • SSL (also invalid certificates) Support
  • Custom Header Support
  • Injection Points (only one of them or combination)
  • Query String
  • Post
  • HTTP Headers
  • Cookies
  • Other
  • Post Injection data can be stored in a separated file
  • XML Output (not stable)
  • CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)
Read More:

Download Here:

download bsqlbf-v2.7 - Blind Sql Injection Brute Forcer

download bsqlbf-v2.7 - Blind Sql Injection Brute Forcer


This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:


0. MS-SQL
1. MySQL
2. PostgreSQL
3. Oracle


The tool supports 8 attack modes(-type switch):-


Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
Type 2: Blind SQL Injection in "order by" and "group by".
Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs
-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first
Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions
-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first


Download Here
http://code.google.com/p/bsqlbf-v2/downloads/list

Bot and botnets

The term bot, derived from “ro-bot” in its generic form. It is a script or set of scripts or a computer program which is designed to perform predefined functions repeatedly and automatically after being triggered intentionally or through a system infection. Bot runs automated tasks over internet. According to the type of working we can say that there are two of Bots.

Benevolent bots: Bots that are used to carry out legitimate activities in an automated manner are called benevolent bots. These are used in search engines to spider online website content and by online games to provide virtual opponent.
Malicious bots: Bots that are meant for malicious intent are known as malicious bots. bots used for DDos attack and spam bots are example of Malicious bots.




The first bot program Eggdrop created by Jeff Fisher in 1993 originated as a useful feature on Internet Relay Chat (IRC) for text based conferencing on many machines in a distributed fashion.

An IRC malicious bot program runs on an IRC host or client each time it boots in a hidden manner and controlled by commands given by other IRC bot(s). It is typically an executable file with a size of less than 15 KB in its compressed form. An IRC host computer running an IRC bot malware program becomes a Zombie or a drone (Choo – 2007). 


The first malicious IRC bot, Pretty Park Worm that appeared in 1999 contained a limited set of functionality and features, such as the ability to connect to a remote IRC server, retrieve basic system information e.g. operating system version, login names, email addresses, etc.


A collection of such type of bot affected systems are know as BOTNET (Bot Networks). A collection of compromised hosts or bot-infected machines running malware such as worms, Trojan horses, or backdoors under command & control (C&C) infrastructure.


Types of Botnets:  There are a variety of botnets in existence today. The three most commonly seen on home and office client computers are HTTP botnets that exploit vulnerabilities in web browsers, IRC botnets that allow operators to control the computers of unsuspecting users through an internet relay chat (IRC) channel, and Peer to Peer (P2P) botnets that infect files shared on P2P services like Gnutella or Limewire.

HTTP Botnets:HTTP typically is used for creation and control of botnets. Bots will sign in to an http server and wait for commands from a bot herder, or they will simply visit pre-designated sites to get commands that are coded into the site’s files.  Many HTTP bots have their own servers for downloading malware, phishing, etc. 

P2P Botnets:Many P2P applications are utilized by bot herders to share files that have bots and malware attached. In most cases, these bots are pre-programmed to perform specific functions when a file is opened, or when a container application like a game or desktop application is installed.

IRC Botnets: The most abundant use of botnets is accomplished using IRC applications. This is because the IRC protocol has been around the longest, and that is where earlier botnets operated before HTTP came along. IRC is used by a wide variety of applications to allow users to have simple text based chatting environments. Infected IRC clients log into a specific IRC server and wait for specially formatted text messages that contain commands. Commands can also be encoded into the title or name of the chat channel, so that every bot entering can be given commands. More sophisticated versions of this will group bots into sub-nets based on the tasks to be performed, or some other distinction. IRC Botnets are generally the most complex and the hardest to detect.





this is the diagram which shows how an attacker spread his bots on victims computer and control those bot program. Mostly these Affected systems are use for illegal activities by attacker without the knowledge of system owner. 

Look at the figure which shows how botnets are used in DDos attacks.

How to Avoid Botnets: 
  • Install an antivirus program from a trusted provider.
  • Make sure the operating system’s firewall is turned on, as well as the firewall of any connected router(s).
  • Keep your operating system, web browser, firewall and antivirus applications up to date.
  • Keep all media players up to date.
  • Pay close attention to the options available when installing downloaded software. Installing toolbars or other gadgets that come from sources other than the site they were created on may have bots attached to the install. Also be skeptical of installation options that ask for permission to change your browser’s home page.
  • Learn to be very critical of emails containing links of any kind or ask you to go to a specific site that you’re unfamiliar with.
if you have any query regarding this post please comment.

Buffer Overflow tutorial

Buffer Overflow tutorial

Buffer overflow vulnerabilities are one of the most common vulnerablities. For understanding buffer overflow you must have the knowledge of c or any other high level language.


When a program is executed, a specific amount of memory is assigned for each variable. The amount of memory is determined by the type of data the variable is anticipated to hold. The memory set aside is used to store information that the program needs for its execution. The program stores the value of a variable in this memory space, then pulls the value back out of memory when it's needed. 



Buffer overflow occurs when a program allocates a block of memory of a fixed length and then tries to fill the data of more length in this memory.


take a look at the simple c program:
int main()
{
int buffer[10];
buffer[20]=10
}
The above C program is a valid program, and every compiler can compile it without any errors. However, the program attempts to write beyond the allocated memory for the buffer, which might result in unexpected behavior.


In tha case of buffer over flow in a software program, data runs over the memory section it was alloted. The extra data overwrites the another portion of memory address that was meant to held something else, like part of the programmer's instruction. This can allow attacker to overwrite data that controls the program and can take over control of the program to execute the attacker's code insted of program. The overflow consequence could result in the program crashing or allowing the attacker to execute their own code on the target system.


This problem exists because C++ and some other programming language do not perform bound checking when passing data to the memory.


Defences:


for coder:
The defence is to have perfect programs. Every input in every programs should do bound checks to allow only given numbers of characters.


for user:
Make sure your systems are fully patched in order to protect yourself from exploits targeting vulnerabilities. 
Apply vendors patch or install the latest version of the software.
No unnecessary privileges should be granted to users or applications. This is a best practice.
All suspicious traffic should be routed at the perimeter itself.



please comment below if this post is useful for you..
:)

Critical vulnerability found in VLC player

Critical vulnerability found in VLC player


A critical vulnerability is found in the latest version of VLC media player. These are heap corruption vulnerabilities. VLC p;ayer is a powerful cross-platform multimedia player. It is capable of playing most media formats, without the need to install additional codecs.
These flaws were reported by Dan Rosenberg from Virtual Security Research (VSR). The VLC media player includes a decoder for the relatively rarely used CD+G format; this has two critical
heap corruption vulnerabilities.If you use VLC to play manipulated video of this format, it could cause heap corruption. This could in turn be exploited to inject and execute malicious code. The bug has already been eliminated in the corresponding repository, but not in the the official binaries of the VLC player. 
A source code patch for VLC version 1.1.5 is available from Git. Since the code of the decoder has undergone only minor changes since previous versions of VLC, the patch can probably be used to fix the vulnerability in older versions prior to 1.1.5.

How to create proxy chaining

How to create proxy chaining


Download Proxy server Agent from the given link.
http://www.proxyserveragent.com/DOWNLOAD/



  • Open 'Proxy Server Agent' and then click on 'Proxy Chains' and then click 'Add' to open the 'Add new proxy chain' window.
  • change the proxy chain name and port number. The port number must be unique.
  • Select the proxy chain type
  • Add proxies to the proxy chain by clicking the 'Add proxy' or 'Add random proxy' button.
  • The type of a proxy chain and last proxy in a chain should be the same.
  • then Click OK.


Comment if you like this post or any query

Free Proxy Servers and Hide Your IP

I have collected a lots of url of proxy servers and create a proxy server list.Use any of these to hide your ip address.



http://www.perfectproxy.com/
http://www.primeproxy.com/
http://www.proxyaware.com/
http://www.proxycraze.com/
http://www.proxygasp.com/
http://www.proxyplease.com/
http://www.someproxy.com/
http://www.stupidproxy.com/

http://ipchicken.com



http://www.Stealth-ip.com
http://www.Stealth-ip.org
http://www.Stealth-ip.us
http://www.Stealth-ip.info
http://poxy.us.to/
http://www.BlockFilter.com

http://www.ecoproxy.com/
http://www.coreproxy.com/
http://proxymy.com/
http://www.illegalproxy.com/
http://www.filterfakeout.com/
http://www.privacybrowsing.com/
http://www.w00tage.com/
http://www.aplusproxy.com/
http://www.arandomproxy.com/
http://www.w3privacy.com/

http://argentinaproxy.com
http://hotyogasite.com
http://damaliens.com
http://swagproxy.com
http://cloak-me.info
http://247websurf.com
http://proxify.net
http://salemguide.info
http://your-proxy.org
http://amandas-proxy.info
http://co-i.info
http://w3privacy.com
http://thecrazynetwork.com
http://pajaxy.com
http://mtgtv.com
http://visitriga.info
http://gfun.info
http://surfsizzle.com
http://thecrazycall.com
http://proxify.com

http://www.proxy1.info/
http://www.proxy2info/
http://www.proxy3.info/
http://www.proxy4.info/
http://www.proxy5.info/
http://www.proxy6.info/
http://www.proxy7.info/
http://www.proxy8.info/
http://www.proxy9.info/
http://www.proxy10.info/
http://www.proxy11.info/
http://www.proxy12.info/
http://www.proxy13.info/
http://www.proxy14.info/
http://www.proxy15.info/
http://www.proxy16.info/
http://www.proxy17.info/
http://www.proxy18.info/
http://www.proxy19.info/
http://www.proxy20.info/
http://www.proxyok.com/

http://www.boredatwork.info/
http://www.anonymousurfing.info/
http://www.browsingwork.com/
http://www.freeproxyserver.org/
http://www.browseany.com/
http://www.browsesecurely.com/
http://IEproxy.com/
http://www.sneak3.po.gs/
http://www.proxytastic.com/
http://www.freewebproxy.org/
http://www.thecgiproxy.com/
http://www.hide-me.be/
http://www.anotherproxy.com/
http://www.proxy77.com/
http://www.surf-anon.com/
http://www.free-proxy.info/
http://www.theproxysite.info/
http://www.proxyify.info/
http://www.concealme.com/

http://imsneaky.com
http://lawi.info
http://fieldcollege.info
http://bigredhot.com
http://portugalproxy.com
http://aboutgreatbritain.info
http://surf24h.com
http://xoxy.com
http://proxyparadise.info
http://proxycrib.com
http://unblock.biz
http://newzealandproxy.com
http://your-proxy.info
http://privatproxy.com
http://filterfreesurfing.com
http://allaccessproxy.com
http://hotwinebaskets.com
http://spainwine.info
http://couldfind.info
http://proxy-blog.com
http://serfs.info
http://macaoguide.info
http://proxoid.com
http://rentaustin.info
http://safesurfingweb.com
http://proxyfans.com
http://metnyc.info
http://speedroxi.com
http://ehide.info
http://ipow.info
http://babyboomerco.com
http://proxclub.com
http://anonysurf.nl
http://mylittleproxy.com
http://gz299.com
http://us-proxy.com
http://goinvis.com
http://freeproxy.in
http://onesimpleproxy.com
http://supaproxy.net
http://dedicatedproxy.com
http://india-proxy.com
http://greekdating.info
http://reliableproxy.com
http://dontshowmyip.info

http://proxcool.com
http://prxy.net.ms
http://hidip.info
http://cutmy.info
http://hidelink.ingo
http://xoogie.net
http://oproxy.info
http://stealth-ip.net
http://safeforwork.net
http://vtunnel.com
http://freeproxy.ru/en/free_proxy/cg...
http://proxydrop.com/
http://proxydrop.net/
http://proxydrop.biz/
http://proxydrop.info/
http://proxydrop.org/
http://backfox.com
http://ninjaproxy.com/
http://atunnel.com
http://vpntunnel.net
http://btunnel.com
http://ctunnel.com
http://dtunnel.com
http://proxyhost.org
http://webproxy.dk
http://phproxy.frac.dk
http://phproxy.1go.dk
http://proxify.com
http://home.no.net/roughnex
http://nomorefilter.com
http://rapidwire.net
http://oproxy.info
http://stealth-ip.net
http://cooltunnell.com
http://schoolsurf.com
http://anonymouse.org

http://megaproxy.com/
http://amegaproxy.com/
http://theproxy.be/
http://newproxy.be/
http://projectbypass.com/
http://smartproxy.net/
http://proxy.org/cgi_proxies.shtml
http://hidebehind.net
http://Proxy7.com
http://pcriot.com/
http://tools.rosinstrument.com/cgi-p...
http://www.proxyspider.com/index.php
http://welazy.com/nick
http://reallycoolproxy.com
http://vidznet.com/index.php?pid=3
http://proxyholic.com

http://www.freeproxy.ru/index.htm
http://www.freeproxy.ru/ru/index.htm
http://www.freeproxy.ru/
http://www.freeproxy.info/
http://www.freeproxy.ru/ru/index.htm
http://www.freeproxy.ru/en/programs/
http://www.freeproxy.ru/en/free_proxy/
http://www.freeproxy.ru/en/misc.htm
http://www.freeproxy.ru/en/news.htm
http://www.freeproxy.ru/en/contacts/
http://www.checker.freeproxy.ru/checker/
http://www.freeproxy.ru/shop/
http://www.forum.freeproxy.ru/
http://anonymouse.ws/




please comment below if this post is useful for you..
:)

Seven Steps to become a world class / professional computer Engineer

Reasons for writing this post:

  • I feel I have not done enough to become a good computer engineer. May be I did not have someone who could guide me properly. We were only the second batch of Computer Engineering at Nirma Institute of Technology, Ahmedabad, so we had no mentors in the industry.
  • Second reason, may be we were not mature enough.
  • Third reason, 3 Idiots was not released at that time.
  • So this post is dedicated to all the fellow computer engineering students who are still having a good time by bunking the classes but not doing good enough to become a world class computer engineer otherwise.
But what can I do?

1. Have the right infrastructure

  • Get yourself a decent laptop. (I prefer Mac but any decent Dell laptop is also ok)
  • Get yourself a nice internet connection with highest speed available. (Take a cut from your pocket money if you have to but this is a must)
  • Get yourself an iPhone (I know it is expensive in India but you will have to use world class gadgets to become world class engineer)
  • Make your home or hostel room WiFi enabled. (This is not expensive. You will get a decent router in 2-3k.)
  • If you are not able to do any or all of the above things, don’t worry you can still become a good computer engineer. So hang on and keep reading.

2. Learn to use Google Reader

  • Google reader will become the best companion of yours for lifetime if you use it properly.
  • It is nothing but a cool RSS reader from Google using which you can subscribe to blogs to get latest updates and posts. So if you have a gmail account you are ready to go. What? You do not have a gmail account yet!! Go get one right now. Stop reading. Open a gmail account now and come back. I am waiting.
  • I am still waiting.
  • Ok great, so you have a gmail account now, good. Watch this video . It explains in plain english how to use google reader.
  • Software, Web Search Strategies, Wikis, Social Bookmarking, Social Networking, Blogs, Podcasting and Cloud computing on http://www.commoncraft.com/ (Now you understand why I told you get the fastest internet connection available?). You don’t have to see them all at once but do check them all and understand.
  • Done? Ok so you are ready to become a world class computer engineer now.
  • Now you understand Google Reader, so it’s time to subscribe to interesting blogs. Subscribe to following blogs.
  • There are many such blogs but to start with these are ok. You will keep finding other interesting blogs as and when you will come across some.
  • Getting used to read on computer takes time and patience so just keep reading it.
  • So I guess we are done with Google Reader part here. This means you have to open up Google Reader as soon you bunk the classes or as soon as you get the time to check your mails.

3. Academic Earth

  • Do you want to see how professors teach in Harvard and Stanford? Do you want to see how their lectures are conducted? You can now, we were not able to do that in our time.
  • Go to www.academicearth.org and you will see videos of actual lectures and courses of Harvard, Yale, Stanford. Now you know whose lectures to watch after bunking the classes or after getting back to home.
  • You do not want to miss the chance of studying in these universities without going to US to giving them millions in fees right? and guess what? Attendance is not compulsory here :)

4. Learn any web language quickly and start building

  • I would suggest PHP or Ruby. ASP.NET C# is also fine if you already know something about it.
  • And start building something on it. It can be anything. But start programming on web now. Most of you are never going to write a program C, C++ or COBOL in your lifetime. I would not advise against learning them though.
  • After you know something about web programming, read “Getting Real” from 37Signals.
  • Now again build something using whatever you learned from the above book.

5. Assume you are in Sillicon Valley

  • I know this sounds little weird but that’s the way it is.
  • The best of the minds in the world are there and you do not want to miss out on that right?
  • Thousands of things happen everyday in Sillicon Valley and you can remain updated by reading above blogs I mentioned.
  • So start feeling the air :)

6. Start asking why?

  • When you are attending a lecture or reading anything, have a habit of asking why?
  • For e.g. Why we have to study “Strength of Materials” when most of us are going to write web applications in PHP or ASP.NET?
  • When you ask why often, you start understanding the logic, the reason behind doing anything.
  • Same as they have said in 3 Idiots, don’t learn to get marks but learn to know something, to achieve the excellence. When you start asking why, you start on the right path.

7. Understand computer hardware

  • Most people thinks this is boring and unnecessary.
  • May be it is, but it will certainly make you better programmer, even if you will never touch the inside of the computer again.
  • Basic understanding of hardware is necessary to understand how computer works.
  • You have to understand following 100% without any doubt in your mind.
    • How your high level programming code becomes 0s and 1s and execute?
    • The text which you are reading now is also consisting of 0s and 1s only then how come you are reading the alphabets here?
    • FYI I am still not 100% clear on this. But I will be one day. Till then I am not a good computer engineer.
I guess I have get you started here.
By following any or all of the above steps you are destined to become world class computer engineer. By no means I am asking you to stop whatever you are doing right now in your college.

These are additional things you have to do. It takes hard work to become world class right?

You are always on your own to achieve the path of excellence. Friends and Tutors can only guide you, they can not make you one.

I would request my fellow classmates to add points in this post. I believe our batch 99CE in Nirma Institue of Technology had one of the best and brightest minds in the world. Do you have any doubt? Well this guy is one of them. 99CE people are in MIT, Google, Apple, Barclays, Bank of America to name a few. They are spread across the world and are on their way to become future leaders.

I would also request people who have read this post and feel they can add something here to help students of computer engineering. My aim is to have great people coming out of Nigeria Engineering Colleges.

Last words, by no means above list is exhaustive and complete. There are “n” number of ways to achieve excellence. These are my personal views and I have learned them long and hard way. I hope to make your journey little easier by this post.

Microsoft launches new tool,"YourBrowserMatters" to check your browsers security


Microsoft launches new tool,"YourBrowserMatters" to check your browsers security


Microsoft has announced a new tool that will help users to know more about their web browser and its security features. This new tools aims to show users how secure their browser is and how they can improve their security.
On the visit of the website, it detects the visitors web browser and returns a browser security score on a scale of 4 points.
When i tested the tool, it shows 2-2.5 points for mozilla and chrome browsers and full points for IE9. i think little biased. It shows 1 pint for IE7 ad no points for IE6. This web tool refused to test safari web browser.

create your own online free sms bomber with firefox


hello readers this is my first post on the www.hackingtricks.in.today i will teach you about how to create your personal sms bomber and flood victim's mobile with lots of sms's.you can create your personal sms bomber in just 8 easy steps-
1.first of all you need moziilla firefox browser download and install it.
https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/
2.after installing mozilla go on add-on market of firefox and search for add-on named as imacros.
3.install imacros on mozilla.
4.search for any free sms sending website which not gives captcha challenge.
5.open website in firefox and press F8 imacros will open.
6.after opening imacros click on record and then type your message and and victim's mobile number and after typing message and mobile
7.after that click on play and give maximum value to 500 and click on play loop.
8.you have done now go and take rest(ha ha). 


for step 4 do some googling you will find a lot of sites.

Tuesday, October 25, 2011

Writing Kernel Modules for 2.6



hello.c
1 #include
2 #include
3
4 int init_module(void)
5 {
6 printk(KERN_INFO "Hello world \n");
7 return 0;
8 }
9
10 void cleanup_module(void)
11 {
12 printk(KERN_INFO "Goodbye world \n");
13 }

Makefile
1 obj-m += hello.o
2
3 all:
4 make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
5
6
7 clean:
8 make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
9 fresh: clean all

Commands:

Install Module# insmod hello.ko
Remove Module # rmmod hello.ko
Module info # modinfr hello.ko
List Module # lsmod
Check Log # tail /var/log/messages

Files :
/proc/modules | List of modules |
/proc/kallsyms | List of Symbols |

Sumit..

How to set up thinclient in Linux



Thin Client How to by Sumit Shukla
How to set up Thintux Server
You need to setup dhcp server and copy thintux folder on the server.
Setting up dhcp server
a. Make dhcpd configuration file :-> /etc/dhcpd.conf
b. Starting dhcpd :-> /etc/init.d/dhcpd start
Configuring dhcpd.conf Manually:-
1. Set subnet,netmask,router and range of IPs.
2. Set Thintux session server address, resolution and color depth.
3. Detailed Information man dhcpd, man dhcpd.conf
4. Get Sample Configuration dhcpd.conf (For Linux)[dhcpd.conf]="" Format of dhcp.conf :-
[code]
#global parameters...
subnet 10.105.0.0 netmask 255.255.128.0 {
# subnet-specific parameters...
range 10.105.13.101 10.105.13.210;
option routers 10.105.1.250;
option THINTUX_SESSION_SERVER "10.105.11.23";
option THINTUX_SCREEN_RESOLUTION "800x600";
option THINTUX_SCREEN_COLOR_DEPTH "8";
}
group {
#group-specific parameters...
host abc.iitb.ac.in {
#host-specific parameters...
}
}
[/code]
Configuring using config-dhcpd :-
1. http://config-dhcpd.sourceforge.net/

Start X Display Manager
1. vim /usr/X11R6/lib/X11/xdm/xdm-config
2. Comment the last line as below :-
!DisplayManager.requestPort: 0
3. Save and Exit
4. vim /usr/X11R6/lib/X11/xdm/Xaccess
5. uncomment the following line (By removing #)
#* #any host can get a login window
6. Save and Exit
7. Start xdm :-> xdm

Help and Debug :-
1. man xdm
2. Error Logs :-> /var/log/xdm-errors
or :-> /usr/X11R6/lib/X11/xdm/xdm-errors
3. X -query 10.105.11.23

Check tftp is enable on server
1. vim /etc/xinetd.d/tftp
2. Change the disable option to "no" as Below.
disable = no
3. Save file and exit
4. Restart xinitd
Copy /thintux folder in /tftboot on server
[thintux][tgz]
http://thintux.sourceforge.net/

How to setup thinclient
Client already contaning Linux OS
1. Copy "localdsk" as /root/thinlinux on Client [localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">

[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">default=thin-linux # Add or Modify this line for default Booting from N/w
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">image=/root/thinlinux
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">label=thin-linux
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">read-only
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">Client that doesnot contain Linux OS
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">For all the following steps you have to use Dos Bootable Floopy
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">containg fdisk, format, syslinux.com and linux image(thintux) [as
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">downloaded above].
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">1. Delete all partitions on Hard Drive using fdisk.
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">2. Execute :-> fdisk /mbr
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">3. Create 20MB Dos Partion and Make active
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">4. Reboot
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">5. Execute:-> Format C:
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">6. Execute:-> syslinux c:
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">7. Execute:-> copy linux c: The above file "linux" is same as "localdsk". Only the name is
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">changed in this case.
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">8. Remove Floppy and Reboot
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">For Debugging
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">1. Use tcpdump as
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">tcpdump -n port 7100
[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">tcpdump -n port tftp

[localdsk][x86="" 2.="" 3.="" 4.="" <="" a="" add="" boot="" div="" entries="" etc="" following="" href="thintux/localdsk" lilo.conf:-<="" lilo.conf="" lilo="" modify="" pc="" restart="" run="" sector]="" the="" to="">Links
http://thintux.sourceforge.net
http://www.dhcp.org
http://www.dhcp-handbook.com/dhcp_faq.html
http://syslinux.zytor.com
http://www.vlug.org/vlug/meetings/X-terminal_presentation/overview.html