Tuesday 26 June 2012
You can do easily by just typing the cots in your chat box
1. Like Button Smiley :
To add Facebook like button smiley , type this in your chat without quotes : “(y)”
2. The Pac Man Smiley :
To add Pac Man smiley , type this in your chat without quotes : “:v”
3. The Robot Smiley :
To add Robot smiley , type this in your chat without quotes : “:|]”
4. The Shark smiley :
To add Shark smiley , type this in your chat without quotes : “^^^”
5. The Human Head :
To add the human head to your chat , type this in your chat without quotes : “:putnam:”
6. The Angle smiley :
To add an Angel to your chat , type this in your chat without quotes : “O:)” or “O:-)”
7. The Demon smiley :
To add an Demon to your chat , type this in your chat without quotes : “3:)” or “3:-)”
1. Like Button Smiley :
To add Facebook like button smiley , type this in your chat without quotes : “(y)”
2. The Pac Man Smiley :
To add Pac Man smiley , type this in your chat without quotes : “:v”
3. The Robot Smiley :
To add Robot smiley , type this in your chat without quotes : “:|]”
4. The Shark smiley :
To add Shark smiley , type this in your chat without quotes : “^^^”
5. The Human Head :
To add the human head to your chat , type this in your chat without quotes : “:putnam:”
6. The Angle smiley :
To add an Angel to your chat , type this in your chat without quotes : “O:)” or “O:-)”
7. The Demon smiley :
To add an Demon to your chat , type this in your chat without quotes : “3:)” or “3:-)”
Tuesday 26 June 2012 0
How To Apply a Password on RAR File :
1. First you must have WinRAR installed on your computer.
2. Right click on the folder or the file you want to lock with WinRAR.
3. Select "Add to archive..."
4. You will see a window like below. First go to the "Advanced" tab. Second, click on "Set password...".
1. First you must have WinRAR installed on your computer.
2. Right click on the folder or the file you want to lock with WinRAR.
3. Select "Add to archive..."
4. You will see a window like below. First go to the "Advanced" tab. Second, click on "Set password...".
5. Now you will again see a pop-up as shown above. Tick the "Encrypt file names" option and input the password you want to set for your RAR file. Now click on OK and you will have a RAR file of the data you selected.
Hope You like It! If you do pls like the facebook page for faster updates from us!!
This is a tutorial about how you can reset the password if you forget or registered the password unfortunately on your computer and also used to crack and to change the password of your friends pc.
Requirements:
1. Any Accessible Computer.
2.USB Drive or CD/DVD
Step 1: Install Password Killer
Download the Windows Windows Password Killer from Here
Install the windows Password Killer in your friends or any accessible computer.
Step 2:Burn a bootable CD/DVD or an USB drive
Insert the USB Drive or CD/DVD.
Run the Windows Password Killer.
Select the USB drive or CD/DVD.
click the Create button.
It will ask you to verify whether you select correct disk or not. Click "Yes" button.
Step 3: Boot from USB Drive OR CD/DVD
Now let us come to our locked computer.
Insert your USB Drive before turn on the system(if you are using CD/DVD, you have to turn on and insert).
Now turn on the system, press F10 or F12(it may vary for your system) to choose the booting device.
Select the USB drive or CD/DVD.
It will boot into Windows Password Killer.
Step4 : Reseting Password
After program starts, select Windows 7 system on the start page, click 'Next'.
Select your target user accounts, and then click 'Next' to proceed the Windows 7 password recovery/unlock process.
The Windows 7 Administrator password or other user accounts password is reset successfully now. Take out the password reset CD/DVD, click 'Reboot' to restart your computer.
Hope You like! If you do pls like our page Facebook. And pls do comment!!
Requirements:
1. Any Accessible Computer.
2.USB Drive or CD/DVD
Step 1: Install Password Killer
Download the Windows Windows Password Killer from Here
Install the windows Password Killer in your friends or any accessible computer.
Step 2:Burn a bootable CD/DVD or an USB drive
Insert the USB Drive or CD/DVD.
Run the Windows Password Killer.
Select the USB drive or CD/DVD.
click the Create button.
It will ask you to verify whether you select correct disk or not. Click "Yes" button.
Step 3: Boot from USB Drive OR CD/DVD
Now let us come to our locked computer.
Insert your USB Drive before turn on the system(if you are using CD/DVD, you have to turn on and insert).
Now turn on the system, press F10 or F12(it may vary for your system) to choose the booting device.
Select the USB drive or CD/DVD.
It will boot into Windows Password Killer.
Step4 : Reseting Password
After program starts, select Windows 7 system on the start page, click 'Next'.
Select your target user accounts, and then click 'Next' to proceed the Windows 7 password recovery/unlock process.
The Windows 7 Administrator password or other user accounts password is reset successfully now. Take out the password reset CD/DVD, click 'Reboot' to restart your computer.
Hope You like! If you do pls like our page Facebook. And pls do comment!!
Wednesday 20 June 2012
WAY-1:
By default all Windows systems reserves 20% of your bandwidth speed. This is done so that any specific application should not overpower other applications for bandwidth. Though this setting is done for good purpose it limits connection speed even though only one application is using bandwidth. By the way even though this setting is disabled no application will conflict with each other on bandwidth. So turning it off can give you boost of 20% in your bandwidth speed.
To turn this feature off,
Click Start-->Run-->type gpedit.msc
This opens the group policy editor. Then go to:
Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->Limit Reservable Bandwidth
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab :
"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO.
This will allow the system to reserve nothing, rather than the default 20%.
WAY-2:
Click Start button-->select Connect To
Now right click on your modem and select Properties now select configure and disable all “Hardware Features”
Now disconnect and connect to your network. You’ll find 20% increase.
Before you apply these tweaks open http://www.speedtest.net/ from your browser and check your connection speed. Then apply both tweaks and recheck your speed.
By default all Windows systems reserves 20% of your bandwidth speed. This is done so that any specific application should not overpower other applications for bandwidth. Though this setting is done for good purpose it limits connection speed even though only one application is using bandwidth. By the way even though this setting is disabled no application will conflict with each other on bandwidth. So turning it off can give you boost of 20% in your bandwidth speed.
To turn this feature off,
Click Start-->Run-->type gpedit.msc
This opens the group policy editor. Then go to:
Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->Limit Reservable Bandwidth
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab :
"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO.
This will allow the system to reserve nothing, rather than the default 20%.
WAY-2:
Click Start button-->select Connect To
Now right click on your modem and select Properties now select configure and disable all “Hardware Features”
Now disconnect and connect to your network. You’ll find 20% increase.
Before you apply these tweaks open http://www.speedtest.net/ from your browser and check your connection speed. Then apply both tweaks and recheck your speed.
Wednesday 20 June 2012 2
Key-loggers or keystroke loggers are programs that can log keystrokes and save them as log files or send them via emails or ftp to the person who has installed key-logger. It can record date and time of application which was opened and capture what was typed in it may it be notepad, wordpad, MS word or any website URL, user name, password
in your web browser. It can also distinguish between other keys pressed other than character keys including ctrl, alt, enter, win etc.
If you install keystroke logger in victim's PC you will not only get his/her user name and password of facebook account but username and password of every site he/she visits from that computer.
Monday 18 June 2012
How would you like to change the logon screen background in Windows 7 so as to give your Windows a customized look and feel? With a small tweak it is possible to customize the Windows 7 logon screen and set your own picture/wallpaper as the background. Changing logon screen background in Windows 7 is as simple as changing your desktop wallpaper. Well here is a step by step instruction to customize the logon screen background.
1. The image you need to set as the background should be a .jpg file and it’s size should not exceed 245KB.
2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.
3. You will need to copy this image to
C:\Windows\system32\oobe\info\backgrounds
You will need to create that path if it does not already exist on your computer.
4. Now open the Registry Editor (Start -> Run -> Type regedit) and navigate to the following key
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\
LogonUI\Background
If Background does not exist rightclick LogonUI, select New and then Key, and then name it Background. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.
5. Double-click on OEMBackground and set the Value Data to 1.
6. Now log-off to see the new logon screen background. If you would like to revert back to the default background, just set the Value Data back to 0.
OR
U can use TWEAK for an easy tune up of your log on screen!
Hope You like it! Get your logon Screen as you like!!
1. The image you need to set as the background should be a .jpg file and it’s size should not exceed 245KB.
2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.
3. You will need to copy this image to
C:\Windows\system32\oobe\info\backgrounds
You will need to create that path if it does not already exist on your computer.
4. Now open the Registry Editor (Start -> Run -> Type regedit) and navigate to the following key
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\
LogonUI\Background
If Background does not exist rightclick LogonUI, select New and then Key, and then name it Background. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.
5. Double-click on OEMBackground and set the Value Data to 1.
6. Now log-off to see the new logon screen background. If you would like to revert back to the default background, just set the Value Data back to 0.
OR
U can use TWEAK for an easy tune up of your log on screen!
Hope You like it! Get your logon Screen as you like!!
Monday 18 June 2012 0
Most of you might be aware of the fact that it is possible to use Windows 7 and Vista for 120 days without activation. This is actually possible using the slmgr -rearm command which will extend the grace period from 30 days to 120 days. However in this post I will show you a small trick using which it is possible to use Windows 7 without activation for approximately an year! Here is a way to do that.
1. Goto “Start Menu -> All Programs -> Accessories” . Right click on “Command Prompt” and select “Run as Administrator“. If you are not the administrator then you are prompted to enter the password, or else you can proceed to step-2.
2. Now type the following command and hit enter
slmgr -rearm
3. You will be prompted to restart the computer. Once restarted the trial period will be once again reset to 30 days. You can use the above command for up to 3 times by which you can extend the trial period to 120 days without activation.
4. Now comes the actual trick by which you can extend the trial period for another 240 days. Open Registry Editor (type regedit in “Run” and hit Enter) and navigate to the following location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
5. In right-side pane, change value of SkipRearm to 1.
6. Now you will be able to use the slmgr -rearm command for another 8 times so that you can skip activation process for another 240 days. So you will get 120 + 240 = 360 days of free Windows 7 usage.
120 days using “slmgr -rearm” command before registry edit +
240 days using “slmgr -rearm” command after registry edit = 360 Days
Saturday 16 June 2012
Is it Really Possible to Hack Yahoo?
Yes! As a matter of fact, it is possible to hack almost any email password. But before I tell you the real and working ways, the following are the things you should be aware of:
- Never trust any hacking service that claims to hack Yahoo password for just $100 or $200. In most cases they will rip off your pockets with false promises. Sometimes they may even start to threaten you by blackmailing that they are going to inform the victim or the cyber crime officials about your hack attempt. So, to be on the safer side, it is better to stay away from such scam websites.
- Beware! On many websites and web portals you will often come across a fake tutorial on email hacking. The tutorial will tell you something like “You need to send the target email address along with your username and password to something like [yahoo_pass_reset@yahoo.com] (or similar)” to hack the password of the target account.
This method seems too good to be true! If you follow this method, you will end up losing your own password in attempt to hack someone else’s password.
With my experience of over 9 years in the field of ethical hacking and cyber security, I can tell you that there are only TWO ways to hack Yahoo password. They are keylogging and phishing.
None of the other email hacking methods (if you come across any on the Internet) are simply scam or don’t work! The following are the only 2 foolproof methods that work:
1. Keylogging: Easiest Way to Hack Yahoo Password
Using a keylogger is the easiest way to hack Yahoo or any other email password. A keylogger is a small program that records each and every keystroke (including passwords) that a user types on a specific computer’s keyboard.
A keylogger is also called as spy program or spy software. To use it, you don’t need to have any special knowledge. Anyone with a basic knowledge of computer should be able to install and use this software. With my experience, I recommend any of the following two keyloggers as the best for hacking Yahoo password.
I don’t have physical access to the target computer, what can I do?
You need not worry! Since both SniperSpy and WinSpy offers Remote Installation Feature, it is possible to remotely install the keylogger on the target computer.
How it Works?
- After you download it, you will be able to create the installation module. You need to email this module to the remote user as an attachment. You can easily drop the installation module onto a word document or an image file so as to hide it’s identity.
- When the remote user opens the attachment, it will get installed silently and the monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continuously.
- You can login to your online account (you get this after purchase) to see the logs which contains the password.
NOTE: If you have physical access to the target computer, you can simply install the module by yourself without the need to email it as an attachment.
The working of Winspy is same as that of SniperSpy.
Can I be traced back for installing the keylogger?
No. The victim will never come to know about it’s presence on his/her computer. This is because, after the installation, the software will run in a total stealth mode. Unlike other spy programs, it will never show up in start-menu, start-up, program files, add/remove programs or task manager. Thus you need not worry about being traced back
Other Ways To Hack Yahoo Password
The other most commonly used trick to hack Yahoo password is by using a fake login Page (also called as Phishing). Today, phishing is the most widely used technique to hack Yahoo password. A fake login page is a page that appears exactly similar to the login pages of sites like Yahoo, Gmail, Facebook etc. The victim is tricked to believe this fake login page to be the real one. But once he/she enters the password there, they end up losing it.
Phishing can be very effective when implemented successfully. But creating a fake login page and taking it online to make the hack attempt successful is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP or JSP.
Carrying out a phishing attack is a criminal offense and if caught, one can be behind the bars! So, if you are novice computer user with a very basic knowledge, then I recommend the use of keyloggers as the best to hack Yahoo password.
Saturday 16 June 2012 0
Did you know that you can login to your Facebook account using 3 different passwords? Seems interesting isn’t it? Yep! Unlike any other online account which has only one password to access, Facebook lets you log in using 3 different variants of your password.
Only a few Facebook users are aware of this fact but, for many others this might seem a bit surprising. Facebook accepts the following forms of your password:
1. Your Original Password
Let me explain this to you with the following example. Assume that your default Facebook password that you created during the sign-up process is:
2. Password with the Case Toggled
In the above password the letters ‘F’ and ‘P’ are in uppercase and the remaining are in the lowercase. If you TOGGLE the case where all the UPPERCASE characters are converted into the lowercase and vice versa, your default password “myFacebookPass” would become:
Now if you log in using the above toggled password, your Facebook will accept it and welcomes you! This is the first variation of your default password which is accepted by Facebook.
3. Password with the First Letter Capitalized
If the first character of your password is in the lowercase, you may just change that first letter to UPPERCASE and Facebook will again accept it and let you in. As in case of the above example where your default password is “myFacebookPass”, if you just change the first letter to UPPERCASE your password would be “MyFacebookPass” and this should work fine as well:
Please note that this option will work for Mobile users only!
Why 3 Passwords?
Now, you all know that Facebook can be accessed using 3 different passwords. But you may be curious to know the actual reason behind it.
Well, this is definitely not because Facebook has a bug or a serious vulnerability. In fact this is just an option provided by Facebook itself to make the sign-in process easier for the users. Here’s how:
The most common reason for the authentic logins to be rejected is when the CAPS LOCK is ON. This is where the first variation comes in handy. That means, when the CAPS LOCK is ON the case gets reversed (toggled) for your password but Facebook will accept this as well.
In case of mobile, users it is a common for the first letter of the password to get capitalized which often leads to the login failure. So, in order to tackle this issue, Facebook will also accept the password where only the first letter is capitalized.
Thus if the CAPS LOCK is accidentally enabled, the toggled password feature would still let you log in to your account!
Hello Friends,You can now delete the Facebook TIME LINE easily by using the extensions for your browser.you can get it from here:
Google Chrome :GOOGLE CHROME
Mozilla FireFox : FIRE FOX-ie!
Internet Explorer : I-E
Friday 15 June 2012
1. Google trick to search different file formats (keyword filetype:doc)
2. Google trick to search educational resources (keyword site:.edu) example (computer site:.edu)
3. Finding the time of any location (time romania)
4. Finding the weather of any location (boston weather)
5. Tracking commentary of live events (Olympic games Beijing 2008)
6. Using Google as a calculator (9 * 10)(143+234)(119-8)
7. Converting currencies (1 USD in INR)(10 US Dollars in Indian Rupee)
8. Find how many teaspoons are in a quarter cup (quarter cup in teaspoons)
9. How many seconds there are in a year (seconds in a year)
10. Tracking stocks (stocks:MSFT)
11. Finding faces (add imgtype=face to the URL)
Friday 15 June 2012 0
Thursday 14 June 2012
First, what is “syskey”?
SYSKEY is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit encryption key.
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks so that the SAM database would still be secure even if someone had a copy of it. However, in December 1999, a security team from Bind View found a security hole in SYSKEY which indicates that a certain form of cryptanalytic attack is possible offline. A brute force attack then appeared to be possible.
Microsoft later collaborated with Bind View to issue a fix for the problem (dubbed the ‘Syskey Bug’) which appears to have been settled and SYSKEY has been pronounced secure enough to resist brute force attack.
According to Todd Sabin of the Bind View team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
So this is pretty cool, right? Well, I really like the idea of keeping this on Floppy so that it requires a floppy disk (a sort of 2 factor (hardware/software) authentication?).
Naturally I wanted to go a bit further and use this on a USB drive instead of storing to a Floppy. I can’t see myself carrying a floppy and a USB floppy drive around with me. After all, this provides another layer of security.
NOTE: I haven’t tested copying data from 1 USB to another USB to see if it works as a backup. This way you could lock up a USB drive as a spare if needed.
Here’s how to get this to work using a USB drive.
1. Insert your USB drive into your system and wait for it to be recognized and install any necessary drivers.
2. Fire up disk management and re-assign the drive letter it was given to “A”.
Start up disk management by clicking Start and typing diskmgmt.msc
Right-click the USB drive and choose to assign driver letter or path.
Assign it to letter “A”
Accept the warning message.
Now your USB drive is “A”
3. Run Syskey and save encryption to USB Drive “A”
Click Start and type syskey followed by hitting Enter
Syskey launched; Click “Update”
Choose “Store Startup key on floppy disk” and click “OK”
You’ll be prompted to enter your diskette. Make sure your USB drive is inserted and writable.
4. Reboot and have fun. Don’t lose your USB disk! Also, to revert this, you can run syskey again and choose to store it locally instead of “on a floppy disk”.
Hope You Like It! If you do Pls Like our facebook page and Comment!!
SYSKEY is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit encryption key.
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks so that the SAM database would still be secure even if someone had a copy of it. However, in December 1999, a security team from Bind View found a security hole in SYSKEY which indicates that a certain form of cryptanalytic attack is possible offline. A brute force attack then appeared to be possible.
Microsoft later collaborated with Bind View to issue a fix for the problem (dubbed the ‘Syskey Bug’) which appears to have been settled and SYSKEY has been pronounced secure enough to resist brute force attack.
According to Todd Sabin of the Bind View team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
So this is pretty cool, right? Well, I really like the idea of keeping this on Floppy so that it requires a floppy disk (a sort of 2 factor (hardware/software) authentication?).
Naturally I wanted to go a bit further and use this on a USB drive instead of storing to a Floppy. I can’t see myself carrying a floppy and a USB floppy drive around with me. After all, this provides another layer of security.
NOTE: I haven’t tested copying data from 1 USB to another USB to see if it works as a backup. This way you could lock up a USB drive as a spare if needed.
Here’s how to get this to work using a USB drive.
1. Insert your USB drive into your system and wait for it to be recognized and install any necessary drivers.
2. Fire up disk management and re-assign the drive letter it was given to “A”.
Start up disk management by clicking Start and typing diskmgmt.msc
Right-click the USB drive and choose to assign driver letter or path.
Assign it to letter “A”
Accept the warning message.
Now your USB drive is “A”
3. Run Syskey and save encryption to USB Drive “A”
Click Start and type syskey followed by hitting Enter
Syskey launched; Click “Update”
Choose “Store Startup key on floppy disk” and click “OK”
You’ll be prompted to enter your diskette. Make sure your USB drive is inserted and writable.
4. Reboot and have fun. Don’t lose your USB disk! Also, to revert this, you can run syskey again and choose to store it locally instead of “on a floppy disk”.
Hope You Like It! If you do Pls Like our facebook page and Comment!!
Thursday 14 June 2012 0
Play with your Desktop Screen
Here is cool trick to rotate your computer screen. you can rotate it by 90 or 180 or 360 angle. You can invert your window screen an d can impress your friends, This is one of the scariest tricks which turns Windows upside down.
Here are the steps:
Press Ctrl, Alt and then any of the four arrow keys .
Down arrow key rotate by 180 degree, invert screen.
Left arrow key rotate by 90 degree.
Right arrow key rotate by 270 degree
Up arrow key make it normal again.
Here is cool trick to rotate your computer screen. you can rotate it by 90 or 180 or 360 angle. You can invert your window screen an d can impress your friends, This is one of the scariest tricks which turns Windows upside down.
Here are the steps:
Press Ctrl, Alt and then any of the four arrow keys .
Down arrow key rotate by 180 degree, invert screen.
Left arrow key rotate by 90 degree.
Right arrow key rotate by 270 degree
Up arrow key make it normal again.
Wednesday 13 June 2012
Wireless Hacking :-
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-
1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.
2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.
3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.
4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.
6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning
7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.
Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.
10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.
11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.
12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.
13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.
14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.
15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces
16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.
17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.
18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.
19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.
Wednesday 13 June 2012 0
Subscribe to:
Posts (Atom)
