Bypass Login using SQL Injection

                                                        
For example, if a site has a login form to log into control panel & only registered users are allowed to enter the site. Now many times we want to login without such authentication i.e. bypassing the security barriers. If the programmer has properly sanitized the login scriptblock, then you be lucky to enter the site. But you may be able to login without knowing the actual username & password. This method basically deals with the DataBase server, so we use the term 'SQL Injection'. 
Let's consider an example, where username is 'administrator' and password is 'pass123' that is used to login to the site. Now the above authentication can be showcased using SQL as
SELECT USER from database WHERE username='administrator' AND password='pass123';
Here if you fire the query then it will be resulted as true and you would login successfully.
If this database is not properly sanitized by the programmer then it will automatically open the doors for Hackers.
So if you try the following combinations you would be able to login without knowing actual username and password
username: 'or1='1  password: 'or1='1
username: 'or'1'='1'  password: 'or'1'='1'
username: or1=1  password: or1=1
Thats all about bypassing login.


 

Hack Facebook using Keylogger

In this post i will discuss about how to hack facebook account without manually checking the victims computer. When you install a keylogger on the victims computer you need to manually check the tracked recorded activities. But in case of Emissary keylogger, it will mail you all the activities tracked by it and you also need not manually install the keylogger on the victims computer.

This keylogger will mail you all the keystrokes of the victim, screenshots,etc. It creates a server.exe file which is to be mailed to the victim after he clicks the server.exe file the kelogger is activated at this computer and all the activities are mailed to you after some time intervals. But to install this keylogger you need Microsoft's .net framework. Here is the stepwise procedure to use this keylogger.

Step 1:  Download Emissary Keylogger   

                                        

Step 2: Install by clicking the emissary.exe. Then enter you mail address where you want 

            the activities to mailed.

Step 3: After entering the mail address click on test to check the connection.

Step 4: After filling all the details click on build and file name as server.exe will be build in

           same directory on emissary keylogger.

Step 5: Now send this server.exe to the victim.

Step 6: Once the victim clicks the server.exe your keylogger will be activated.

Secure Surfing in Cyber Cafes!!!!!!

Many a times, we need to surf internet in cyber cafes which may not be secure because it is the system which is commonly shared by many people. So, there are many ways to capture your data through such an unsecured network. You may be aware that a keylogger or some screen shot saver may be tracking your activities which may be accessed by others. So there are some precautions that are to be taken while surfing in a cyber cafe.

                                                     

1. Check whether the system is protected by an antivirus.

2. While accessing your private account your browser asks whether to save your username 

    & password always select 'NO' for such questions.

3. Before leaving check whether you logged off your account properly.

4. While leaving your system always clear the history and alwo your file that you   

    downloaded

We say, IPv4 is depleting! but what about Class E addresses?

                                            
As per our basic knowledge of IP addresses,  they are divided into 5 classes i.e. from A to E. Class A,B & C addresses are used for general unicast addressing whereas Class D is used for multicast addressing and Class E was reserved for the future use.

There were two drafts proposed for resolving this situation. According to these two drafts, at the present time, most IP implementations consider any IP address in the range 240.0.0.0 through 255.255.255.255 to be invalid as the source or destination of a datagram. The check for such "illegal" addresses may occur in many places, including at datagram receipt, before IP datagram transmission, when an IP address is assigned to a network interface, or even by router and firewall configuration parsers.

Also the TCP/IP stack in Windows do not support Class E address so they were not in the position to communicate with each other.

Cisco Releases Security Specialist Certification in INDIA

Cisco has introduced new Security Specialist certifications to recognize individuals who have attained competencies in network security skills that align with evolving job roles, technologies and business requirements.

The Cisco Security certification portfolio now supports six key technologies with certifications for these Security Specialists including Cisco IPS Specialist, Cisco NAC Specialist, Cisco ASA Specialist, and the new Cisco IOS Security Specialist, Cisco Firewall Security Specialist and Cisco VPN Security Specialist

The Cisco IOS Security Specialist certification recognizes security professionals who demonstrate the hands-on knowledge and skills that are required to secure networks, using Cisco IOS Security features embedded in the latest Cisco routers and switches as well as the widely deployed Cisco security appliances.

The Cisco VPN Security Specialist certification recognizes security professionals with the skills and knowledge to configure, maintain, troubleshoot and support various VPN solutions, using Cisco IOS Software and the robust Cisco ASA adaptive security appliance.

Embedded Passwords can be Dangerous!!!!!!

                                                         

As the devices in a network from the home router to some systems uses a default or an in built password and some identity information. But such usernames and passwords may not be safe (i.e. they may be sometimes publicly known). But to avoid this the concerned authority may change their information to overcome such a setback but it is not the case always.

Facebook - Favorite Target of Phishers

                                                   
The report, which covered the period between January and March of this year, next stated, though, "Facebook popped up unexpectedly in fourth place. This was the first time since we started monitoring that attacks on a social networking site have been so prolific."

By way of explanation, the report then continued, "Having stolen users' accounts, the fraudsters can then use them to distribute spam, sending bulk emails to the account owners and their friends in the network. This method of distributing spam allows huge audiences to be reached. Additionally, it lets the fraudsters take advantage of the social networking sites' additional options, like being able to send different requests, links to photo's and invitations, all with the advertisement attached, both within the network and to users' inboxes."