Wednesday, January 18, 2012

Hacking Security Cameras | Hacking Through Google

There exists many security cameras used for monitoring places like parking lots, college campus, road traffic etc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter
inurl:”viewerframe?mode=motion”
Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls.
you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really a less refresh rate. But there are other search queries through which you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.
intitle:”Live View / – AXIS”
Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.

Hacking Personal and Confidential Documents | Hack Using Google


Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.
intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”
You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.
filetype:xls inurl:”email.xls”
Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query
intitle:index.of finances.xls

Saturday, January 14, 2012

Stolen Facebook Names, Passwords Mostly Old Data


The cyber bandits who nicked 45,000 Facebook user names and passwords with a computer worm Thursday got less than they bargained for.
 A “majority” of the credentials stolen by the thieves were “out of date,” according to a statement Facebook released to the media Friday. When pressed on the point by blogger Emile Protalinski, a Facebook spokesperson acknowledged that ”more than half” of the purloined data contained invalid logins or old or expired passwords.
“Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware,” Facebook explains in its statement. “Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts.”
Facebook says it is bolstering its antivirus protection and reminds users to “protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook.”
According to the Israeli security company Seculert, the Facebook credentials were stolen by the Ramnit worm. “We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further,” Seculert says in a company blog.
 Ramnit is a two-year-old worm that didn’t attract much attention from malware warriors in the past because it primarily uses antiquated techniques to infect executable files in Microsoft Windows. Recently, though, it has been reengineered using borrowed code from an extremely pernicious malware program called Zeus and has become a more powerful threat to all computer users. Seculert estimates that some 800,000 machines worldwide are infected by Ramnit.
In its statement, Facebook “encourage our users to become fans of the Facebook Security Page for additional security information.” Visitors to the page, however, will find no information on this latest security threat, and the last posting on the page’s “wall” is dated December 26. So if you’re really interested in Facebook security information, you might want to look elsewhere to find it.

Wednesday, January 11, 2012

Google Encrypted Search


The new encrypted Google search is easy enough to use. Simply type "https" at the beginning of the URL rather than "http". Doing so sets up an encrypted pipe between your Web browser and Google so that any search traffic is kept private between you and Google.
It is not completely private because obviously Google still has a record of what you searched for. Google has established its reputation based on the "Do No Evil" mantra, and most businesses and users implicitly trust that Google won't do anything insidious with its omniscient cataloging of every bit and byte that crosses the Web. But, Google has faced privacy challenges again and again, including the recent revelation that it has "accidentally" captured and archived intercepted wireless data with its Google Street View cars for years.






Assuming Google can be trusted not to abuse the data it has access to, and that it can be relied on to guard the data it stores from compromise by unauthorized users, that becomes a non-issue and IT administrators can focus on the benefits of the new encrypted Google search.
The most obvious benefit is that searches can't be intercepted. But, for businesses there is another feature of the encrypted Google search which has an even more relevant and directly applicable benefit. Searches conducted via Google encrypted search are not archived in history and won't appear in the autofill during a subsequent search.
While there may be some risk of a network sniffer or other unauthorized interception of search traffic as it crosses from your Web browser to Google and back, there is a much larger risk of intentional or inadvertent exposure of search terms or results from the history and cache data stored locally on the computer.
Searches may yield hints regarding ongoing research and development, confidential intellectual property, upcoming product or service announcements, or other sensitive information that is not intended for unauthorized consumption. Google encrypted search does not store that information, so there is no risk of someone stumbling onto it later.
The Internet Explorer 8 Web browser has an InPrivate Browsing mode which behaves similarly on the local computer. InPrivate Browsing protects the entire browsing session by not saving Web history, cookies, temporary Internet files, or other data. However, it doesn't protect the data as it is crossing the Internet.
The beta of Google's encrypted search only works with the core search functionality--not Images, or Videos, or Maps, etc. It also doesn't keep the browser history clear of URL's that are entered directly (as opposed to via a Google search). Perhaps an even more secure solution is to use the encrypted Google search from within an InPrivate Browsing session on Internet Explorer 8.

Sunday, January 8, 2012

Download Torrents In Your College Without Using Torrent Client


A unique online service called Torrent2exe allows users to download torrents without having to install a torrent client by converting the torrent file into a standalone EXE file. Using Torrent2exe is very simple. Copy the URL of the torrent file or browse to the location of the torrent file in your hard disk to automatically upload it to their site. Once you they have got the URL of the torrent file, they will convert it into a self extracting EXE file.
Here you get the option to select the size of the EXE file to be downloaded. Suppose you want to see a movie. What will you require? A media player and the movie. Now you get two choices.
Firstly, you download the movie and the media player, which needs to be downloaded only once. Subsequent movie downloads do not require you to download the movie player since you have already downloaded it.
However, if you move to another computer you will need to download the movie player once again. This is the "small size".
In the second choice, you download the movie along with the media player every time you download a new movie. This is the "normal size"
After you have download the converted EXE file, just run it and it will automatically start downloading the torrent.
The standalone EXE file makes it easier for people to share files and applications on the Internet. You can publish the EXE files on your site or blog to make the downloads easy for visitors, send EXE files to your friends who don't want to be bothered with installing the client.
Torrent2exe is available both as an online service and as a desktop application.

TCP 3-Way Handshake (SYN,SYN-ACK,ACK)

The TCP three-way handshake in Transmission Control Protocol (also called the three message handshake) is the method used to establish TCP socket connections and tear down TCP socket connections over the network. TCP's three way handshaking technique is referred to as the 3-way handshake or as "SYN-SYN-ACK" (or more accurately SYN, SYN-ACK, ACK). The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of thenetwork TCP socket connection before beginning communication. This three way handshaking process is also designed so that both ends can initiate and negotiate separate TCP socket connections at the same time. Being able to negotiate multiple TCP socket connections in both directions at the same time allows a single physicalnetwork interface (such as ethernet) to be multiplexed.

3-Way Handshake Description

Below is a (very) simplified description of the TCP 3-way handshake process. Have a look at the diagram on the right as you examine the list of events on the left.

EVENTDIAGRAM

Host A sends a TCP SYNchronize packet to Host B

Host B receives A's SYN

Host B sends a SYNchronize-ACKnowledgement

Host A receives B's SYN-ACK

Host A sends ACKnowledge

Host B receives ACK.
TCP socket connection is ESTABLISHED.

tcp three-way handshake,syn,syn-ack,ack
TCP Three Way Handshake
(SYN,SYN-ACK,ACK)

SYNchronize and ACKnowledge messages are indicated by a bit inside the header of the TCP segment.

TCP knows whether the network TCP socket connection is opening, synchronizing, established by using the SYNchronize and ACKnowledge messages when establishing a network TCP socket connection.

When the communication between two computers ends, another 3-way communication is performed to tear down the TCP socket connection. This setup and teardown of aTCP socket connection is part of what qualifies TCP a reliable protocol. TCP also acknowledges that data is successfully received and guarantees the data is reassenbled in the correct order.

Note that UDP is connectionless. That means UDP doesn't establish connections asTCP does, so UDP does not perform this 3-way handshake and for this reason, it is referred to as an unreliable protocol.

Sunday, January 1, 2012

Nmap other scan types


Other frequent used options

-v:  Verbose mode. You will see ports come up as they’re found
-h:  To get nmap help
-R: In random order which the target host’s ports are scanned
-F:  Fast mode

Nmap Main Scan types -sA, -sL, -P0


ACK scanning (-sA)

The ACK scanning is an advanced method in Nmap, usually used to map out firewall rulesets. It helps to determine whether  a firewall is stateful or not. ACK scanning sends an ACK packet to the specified ports. If an RST comes back, the specified ports are classified as ‘unfiltered’. If nothing comes back, the ports are determined as ‘filtered’. The scan never showing ports indicates they’re in the ‘open’ state.
Below is the example in our laboratory.

#nmap –sA –v 10.50.1.254
Starting Nmap V. 2.54BETA30
Host vpn1-gw.lab.tct.hut.fi (10.50.1.254) appears to be up ... good.
Initiating ACK Scan against vpn1-gw.lab.tct.hut.fi (10.50.1.254)
The ACK Scan took 1 second to scan 1549 ports.
All 1549 scanned ports on vpn1-gw.lab.tct.hut.fi (10.50.1.254) are: UNfiltered

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

List scanning (-sL)


List scanning generates and prints a list of IPs/Names without actually pinging or port scanning them. The outputs are shown below.
#nmap –sL –v 10.50.1.254
Starting Nmap V. 2.54BETA30
Host vpn1-gw.lab.tct.hut.fi (10.50.1.254) not scanned

Nmap run completed -- 1 IP address (0 hosts up) scanned in 0 seconds

P0 option (-P0)

An option that is useful with scans is "-P0". Also called ‘Don’t ping host.’  Do not try and ping host at all before scanning them. This option allows the scanning of networks that don’t allow ICMP echo requests (for example, Microsoft.com) through their firewalls. Since Nmap will ping a target with both TCP "ping" and ICMP echo before attempting a port scan, sites blocking ICMP and TCP probes will not be scanned by default.
#nmap –p0 –v 10.50.1.254

Starting Nmap V. 2.54BETA30
Interesting ports on vpn1-gw.lab.tct.hut.fi (10.50.1.254):
(The 1543 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet                 
24/tcp     open        priv-mail               
80/tcp     open        http                   
139/tcp    open        netbios-ssn            
515/tcp    open        printer                
1723/tcp   open        pptp                   


Nmap run completed -- 1 IP address (1 host up) scanned in 1 second