Cyberdyne Security
April 19, 2016 Leave a comment
HTTrack can be used to download any paid Website Templates, How to use HTTrack with an example is explained below, so enjoy your favorite template without paying any penny.
Installing HTTrack
Below is an Example, How to use HTTrack
October 14, 2011 Leave a comment
Well, they are not really the same regex as we can use on Linux or programming. But some of the “tags” are pretty good and can help you on a lot of searches.
Basic
– “+” – Result must contain word
– “-” – Result must not contain word
– “OR” and “|” – Applied between two words, it will find “this or that”, or both. The “OR” operator must be uppercase and have a space between the 2 words on each side. The “|” operator does not need a space between the words
– ” “” ” – Finds an exact match of the word or phrase
– “~” – Looks for synonyms or similar items. Eg: “~run” will match runner’s and marathon
– “..” – Indicates that there’s a range between number. Eg: 100..200 or $100..$200
– “*” – Matches a word or more. Eg: “Advanced * Form” finds “Advanced Search Form”
– “word-word” – All forms (spelled, singe word, phrase and hyphenated
Important
– “site:” – Search only one website or domain. Eg: “PC site:wazem.org” will find PC within wazem.org
– “filetype:” or “ext:” – Search for docs in the file type. Eg: “Linux tutorial filetype:pdf” will find Linux tutorial in the pdf format
– “link:” – Find linked pages (pages that point to the URL)
– “define:” – Provides definition for a word or a phrase
– “cache:” – Display Google’s cached version of a web page.
– “info:” – Info about a page
– “related:” – Websites related to the URL
– “allinurl:” – All words must be in the URL
– “allintitle:” – All words must be in the title of the page
– “intittle:” – Match words in the title of the page
– “source:” – News articles from a specific source
Calculations
– “+ – * /” – Normal math signs. Eg: 12 * 4 + 2 – 1 /2
– “% of” – Percentage. Eg:10% of 100
– “^” or “**” – Raise to a power
– units “in” units – Convert Units (currency, measurements, weight). Eg: 300 lbs in Kg, 40 in hex
Others
– “book” or “books” – Search books. Eg: book “LPI Linux Certification in a Nutshell”
July 20, 2011 Leave a comment
Hello Friends,
Today we will understand how we can intercept the HTTP request we send to a website and how we can analyse the response header.For this purpose we will use WebScarab which you can download by searching it on google.
Now in your browser type any url , for e.g , google.com and you will get a window that will show the intercepted HTTP Get request. Now if you click on the “Intercept Response” button then it will also intercept the response that is coming back to the browser from the google server.
This is a short tutorial on webScarab that will give you a basic understanding of how to use webscarab to intercept the HTTP values and analyse them > Rest is upto you how far you can take it .July 9, 2011 Leave a comment
Many of us may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. In this post I’ll show you how to find the IP address of a remote computer in simple steps.
I have created a PHP script to make it easier for you to find the IP address of the remote computer of your choice. Here is a step-by-step process to find out the IP address.
1. Download the IP Finder script (IP_Finder.ZIP) that I have created.
2. Open a new account in X10Hosting (or any free host that supports PHP).
3. Extract the IP_Finder.ZIP file and upload the two files ip.php and ip_log.txt into the root folder of your hosting account using the File Manager.
4. You can rename the ip.php to any name of your choice.
5. Set the permission to 777 on ip_log.txt.
Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of ip.php to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file ip_log.txt.
For your better understanding let’s take up the following example.
Suppose you open a new account in X10hosting.com with the subdomain as abc, then your IP Finder link would be
You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the ip_log.txt file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.
To find the recorded IP address check the logs using the following link.
The sample log will be in the following format
79.92.144.237 Thursday 07th of May 2009 05:31:27 PM
59.45.144.237 Thursday 07th of May 2009 05:31:28 PM
123.92.144.237 Thursday 07th of May 2009 05:31:31 PM
NOTE: You have to replace abc with your subdomain name.
May 17, 2011 Leave a comment
1. Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
2. Nessus Remote (Security Scanner)
Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
3. John the Ripper
Yes, JTR 1.7 was recently released!
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
4. Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
5. SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
6. p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
7. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
8. Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
9. Eraser
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.
10. PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
11. LCP
Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.
12. Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
13. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
14. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
15. hping
To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
May 12, 2011 Leave a comment
A new search engine has been introduced named ‘SHODAN’ that help u search various information using filters.Many people describe it as a public port scanner.
Following things could be searched for:
• country: 2-letter country code
• hostname: full or partial host name
• net: IP range using CIDR notation (ex: 18.7.7.0/24 )
• port: 21, 22, 23 or 80
This is a great search engine that provides very useful information about a target.
To visit shodan click the below link:
http://www.shodanhq.com/
May 9, 2011 Leave a comment
This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio.
1) Make a.txt file
2) Open and type the null character (alt + 255)
3) Press ctrl + a then ctrl + v a couple times to make some null bytes
4) If u have a hexeditor make the hex 00 for about 50 kilobytes.
5) Now make several copies of a.txt and name accordinly
6) Open cmd.exe
7) Type copy /b *.txt b.txt
8 ) Now every copy is made into a super copy and repeat
9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes…..!
The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555
Just add some more and the file will expand amazingly
Make sure to not open this after
You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz
April 13, 2011 Leave a comment
Read Legal Disclaimer Before Continue This Post
I am going to tell you how password is being sniffed in a windows network. When you are in a wifi connection or in a LAN network. If you login to a website which does not support ssl then your username and password can be sniffed.
As when you enter username and password on your login page. It being send to router in clear text as no SSL( Secure Socket Layer) Secure Socket Layer is being used. So it can be sniffed by software like Cain & Abel.
First turn OFF your window firewall -> Control Panel –> Security Center –> Manage Settings for —> Windows Firewall (Turn It Off)
1. Download, install and run Cain & Abel at http://www.oxid.it/cain.html
2. Click “Configure” in the top bar.
3. In the “Sniffer” tab, click the adapter which is connected to the network to be sniffed, then Click “Apply”, then “OK”.
4. Click the “Sniffer” tab in the main window.
5. Click the network card in the top bar (2nd icon from the left).
6. Click the “+” button in the top bar.
Select “All hosts in my subnet”, click “OK”. Entries should appear in the main window under the “IP address”, “MAC address” and “OUI fingerprint” headings.
7. From the “Sniffer” tab, click “APR” in the bottom tab.
8. Click the top right pane in the main window. Click the “+” button in the top bar.
9. Click on the router in the left pane. The router is generally the entry which has the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right pane. Click “OK”.
10. Click the ARP icon in the top bar (3rd icon from the left). Wait until other users have logged into websites on other computers. Depending on the size of the network and the traffic which this network receives, this can range from minutes to hours.
After some time has passed, click “Passwords” in the bottom tab.
11. In the left pane, select the bolded entries. The right pane should show the time, server, username, password (in plaintext) and site accessed.
March 31, 2011 Leave a comment
Close All Open Programs With One Click : Close All
You are in front of your office PC having 20-30 windows open and everything messed up… You are called for an emergency… Urghh…What to do now?? Use Close All.
This tiny tool helps you to close all running applications with one click. It does not use system resources because it only flashes a “close” signal to all open windows on the desktop and then ceases. Just place a shortcut to the tool in the Start Menu, Quick Launch or elsewhere.
You can always add a hotkey to this shortcut. It is really very handy if you are running ~20 applications and want them all to quit instantly. It works just as if you were pressing the close button for each application.
Click to download this tool :-
March 11, 2011 Leave a comment
But, from now on, you can turn any USB flash drive into a secure token! No need to purchase an additional expensive device. All you need is about 2 megabytes of free space on your flash drive or other USB gadget, such as an MP3 player, PDA or even a USB-pluggable mobile handset.
How does it work? Our software, Double Password, installs onto your flash drive. When you type a password, the program intercepts it and converts it into a super-strong password string on-the-fly. You can use simple, easy-to-remember passwords without the risk of being cracked.
Another benefit of using Double Password is that nobody can steal your passwords. Spy programs are useless. Even if someone gets the “weak” password that you type on the keyboard, it means nothing. This password will only work when your USB flash is inserted.
While typical hardware locks will work only with software that supports secure tokens, Double Password works with any software. It simply substitutes your weak password with a strong one.
Double Password can be effectively used to securely lock your Windows account, to protect your laptop and to bring a new level of security to all software that uses password authentication.
Harjinder Pal Singh Mann
MANN'S 