Tools used for Website Download or Website Copier

In this post i am going to share a list of tools through which you can copy entire website and its depend how these tools will help you. These tools are listed as a Website copier. It downloads all items like videos , images, texts, etc. After downloading you can access entire site even when you are not connected with Internet.

Website copier is a valuable Footpriting tool. This tool mirrors an entire website to the desktop.You can footprint the contents of an entire website locally rather than visiting the individual pages.

Tools used for Website Download or Website Copier
Tools used for Website Download or Website Copier

the level of copying depend on the tool which you use and it also depends on your query. These are an easy-to-use offline browser utility. It allows you to download a Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. These tools arranges the original site’s relative link-structure. Simply open a page of the mirrored Web site in your browser, and you can browse the site from link to link, as if you were viewing it online. Some of them can also update an existing mirrored site, and resume interrupted downloads.

It will help you when you don’t have Internet access. Whether you’re on a plane or your grandparent’s place in the country, life occasionally brings all of us to places where WiFi and 3G can’t reach.

  • Reamweaver – when a visitor visits a page on your Reamweaver site, Reamweaver gets the page from the target  domain , changes the words as you specify,and stores the result (along with images etc.)
  • Website Watcher – it can be used to get updates on the website , used for competitive purpose.
  • HTTrack Web Site Copier – Free tool
  • Website Ripper Copier – http://download.tensons.com/download/WRCsetup.exe
  • SurfOffline 2.1 – Website downloader
  • WinWSD WebSite Downloader -its  a freebie

Keep Visiting !!

Competitive Intelligence Gathering

In this post i will try to make you learn a Competitive Intelligence Gathering to be used as a tool For footprinting. Because that’s the sole purpose why we are here.
Its a intelligent way to find the info. , basically its a process of gathering information about your competitors from resources such as the Internet.

Competitive Intelligence Gathering
Competitive Intelligence Gathering

We try to cover as Competitive Intelligence Gathering in Footprinting sense. Now the next thing is Why its needed ???
In today’s scenario, there is a cut throat competition in every sector. so it’s our work to keep an eye on our competitors. So Competitive Intelligence is needed to

  • compare your product with competitors product ,
  • Analyze your company position wrt competitiors
  • produce a profile of entire team
  • predict there tactics and method on their previous track record

Now next thing is how it should be done, so here are some ways by which you can perform Competitive Intelligence Gathering.

Competitive Intelligence Resource Index – “ bidigital.com/ci “a search engine and list of sites for finding CI resources.

  1. Companies providing Competitive Intellience Services
  2. Carratu International (www.carratu.com)
  3. CI Centre (cicentre.com)
  4. Corporate Crime management (www.assesstherisk.com)
  5. Marven Consulting Group (www.marwen.ca)
  6. Security Sciences Corporation (securitysciences.com)
  7. Lubrinco (www.lubrinco.com)

Competitive Intelligence Tool

Trellian – Trellian compiles and analyzes internet usage statictics to create a powerful competitive
tool that no buisness should be without

Web Investigator – its check sources , public databases and proprietary search databaese and allows to download and view reports of records

Relevant noise – Its a subscription based online search service that mines social media for buisness intelligence.

Reputica – The Reputica dashboard provides online source of information abou you repuation, with links to the primary sources which causes you reputica rating to go up or down.

Its enough information regarding Competitive intelligence gathering because our sole purpose is to use it as tool for Footprinting.

Keep visiting !!

Reconnaissance as Footprinting

The objective of this post is about to learn about First phase of  attack that is Reconnaissance. How Reconnaissance perform ???. if you join our session from this post so i will suggest to read further post in categories of Learn Abc of ethical hacking

As we already read about Reconnaissance ie its is a preparatory phase where we gather all the information regarding Victim.Its the first step of Steps perform by hacker.

Reconnaissance as Footprinting
Reconnaissance as Footprinting

Footprinting is the blueprint of the security profile of an Organization undertaken in a methodological manner. We already talk about Footprinting. Now we discuss further

Steps of Footprinting

  1.  Find companie’s external and internal URLs
  2. Perform Whois lookup for personl detail
  3. Extract DNS information
  4. Mirror the entire websie an look up names
  5. Extract archives of the website
  6. Google search for company’s news and press releases
  7. Use people search for personal information of employees
  8. Find the physical location of the web server like neo tracer tool
  9. Analyze company’s infrastructure details from job postings
  10. Track the email.

There are certain things which is required for Reconnaissance phase is like Footprinting , Competitive Intelligence Gathering , E-mail Spiders , List of Footprinting tools and Website Copier. Some of these topic are already posted and some of will be publish as soon as possible.

Next Phase is should be Scanning which will be published shortly.

Keep visiting !!

GNIIT course some real insights

I was wondering in country like India where you can find a computer center in every other home , a college offering computer course in every other street do joining GNIIT course give you edge over others ?
Is it worth investing your time and money in GNIIT course ? what should be the parameters of judging whether GNIIT course is good or bad . My mind was boggling very hard . i did my research . Took part in various discussions , talked to current and previous students who had taken a GNIIT course

Although you can see very beautiful adds of GNIIT course all over the media including newspapers and TV , i don’t think joining GIIT course is any worth .

GNIIT course some real insights
GNIIT course some real insights

Here are the reasons and comment

comparison between various centers like delhi center and pune center

By one student
The entire team of NIIT staff, faculty, centre head, accountants. it’s a complete mess out there.NiiT South Ex which claims to be one of the Best Centers in Asia i don’t even consider it to be a Model Centre any more.
It’s A Complete mess out there and best exapmle of highly mismanaged institute.
It’s not worth Being A Student Of NIIT

of course this student is very aggressive.

Faculty

In terms of faculty i don’t think it’s even eligible for rating .Half the time our staff never turned up for classes. They never completely taught us the syllabus . During the final online exams they simply helped us to answer all the questions correctly .i have witnessed NIIT faculty helping students during exams for the GNIIT course.In some other batch the faculty are so bad that they walked out of the room and the students are having a gala time.

A GNIIT course

wish you could have posted it earlier. i wasted nearly 27k in NIIT Nungambakam. Guys don’t ever think of joining niit.i took .NET course which cover C#,ADO.NET and ASP.NET.first i was given a good trainer ( by luck it seems ) but it lasted only a couple of months.then comes the interesting part.A new MCA guy who don’t even have a basic qualification of proper communication started teach us.he never thought us actually he use to skip a lot and in fear treated people like a kid in schools.i reported about him to GL guess what they told “i only have problem” damn it and i silently studied my self from Microsoft materials.

Placement

Don’t bother to join it for placement . there are absolutely 0 placements.

This was my research on NIIT and GNIIT course offered at their centers across country. Do your own research if you want to be completely sure .

Facebook Tips – Check who Unfriend you

Facebook Tips – Check who Unfriend you

Facebook – A book who don’t have a face …. Apart from the joke , Today i will share a small trick with you , to how to check that who unfriend you from Facebook. Yesterday i got a mail , asking a same thing so i got a ideas to make a post on it.

Facebook tips and tricks
Facebook tips and tricks

Check Which of Friend Unfriended You or Deleted

Use the Unfriend Alerts Extension to Check Which of Your Friend have Unfriended You or Deleted from their Friends List.

Download Unfriend Alerts Extension For Chrome – Download Link

Download Unfriend Alerts Extension For Firefox – Download Link

Hope it will work for you !!

Steps Of Hacking

Hello friends, Welcome back to the module of learning ABC of Ethical Hacking. I got various mails regarding the module to add several topics and believe me friends i try my best to improve the module. Now today’s post is on Step of hacking. In this post i elucidate all task perform by hacker to hack.

Steps of Hacking

Hacker performs his Task in 5 Phases.

Steps Of Hacking
Steps Of Hacking

Steps Of Hacking

  1. Reconnaissance
  2. Scanning
  3. Gaining Scanning
  4. Maintaining access
  5. Clearing Tracks

Phase 1 – Reconnaissance

Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack. In this phase hacker simply gather all the information regarding Target.

This Reconnaissance phase can be perform in two way

  • Passive reconnaissance involves acquiring information without directly interacting with the target.

• For example, searching public records or news releases

  • Active reconnaissance involves interacting with the target directly by any means

• For example, telephone calls to the help desk or technical department

Phase 2 – Scanning

Scanning refers to the pre-attack phase when the hacker scans the network for specific information on the basis of information gathered during reconnaissance. Hackers have to get a single point of entry to launch an attack Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability and so on. In this phase we simply find the loop of hole of Target.

Phase 3 – Gaining Access

Gaining access refers to the penetration phase. The hacker exploits the loop hole (vulnerability) in the system. The attack can occur over a LAN, the Internet, or as a deception, or theft. Examples include buffer overflows, denial of service, session hijacking, and password cracking

Influencing factors include architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. In this phase we attack the Victim.

Phase 4 – Maintaining Access

Maintaining access refers to the phase when the hacker tries to retain his/her ownership of the system, The hacker has compromised the system

Hackers may harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, or Trojans. Hackers can upload, download, or manipulate data, applications, and configurations on the owned system.

In simple manner Hackers put the compromised system in that where again he will get access easily.

Phase 5 – Covering Tracks

Covering Tracks refer to the activities that the hacker does to hide his misdeeds. In simple language hacker remove his all foot print so he will not caught.
Reasons include the need for  continued use of resources, removing evidence of hacking, or avoiding legal action
Examples include Steganography, tunneling, and altering log files.

All the above phase , and tools involved in these Phase;s will be cleared in further posts.

Keep visiting !!

Google Tips and Tricks

We all love Google , In fact many of us opening Google to check the our Internet connection is working or not !! I know its funny but its True.Google is the best place to search and find things that we do not know about. In this post i am sharing about Some Great Tips and Tricks for Googling. In my previous post Google Hacking i provided some tricks for Hacking aspirant but now today i provide information for the normal users.

Google Tips and Tricks
Google Tips and Tricks

Here are some crucial Way to refining your googling.

Google tips and tricks

Trick #1 : Find the definition of a word:

Google Tips and Tricks

 

Trick #2 : Identify Local Time for Any City in the World using Google

Google Tips and Tricks
Google Tips and Tricks

 

Trick #3 : Exclude Keywords in the Search

If you want Google to exclude a word while searching the web page, use – (minus) before the search as shown below. This example searches for the download ebooks, and without the word paid.

Google Tips and Tricks

 

Trick #4 : Movie Listings

Google can list the movies playing in your town with showtimes

Google Tips and Tricks

 

Trick #5 : Get all results from one specified site :

Google Tips and Tricks
Google Tips and Tricks

 

 Trick #6 : Identify Local Weather for Any City in the World using Google

To see the current weather in Mumbai do the following. Go-ahead and try this yourself for your local city and see how it works

Google Tips and Tricks

 

Trick #7 : Wildcard Search

The following search string can be very useful if you forgot the words in a lyric of a song you listened earlier. the wildcard symbol “*” will compare the possible results using the Google algorithm

Google Tips and Tricks

 Trick #8 : Accessing blocked websites

Want to catch up on the latest celebrity gossip from a site banned in your corporate firewall? Google can help you through cache option.

Google Tips and Tricks

Trick #9 : Convert Currency

To converter currency, simply enter the conversion you’d like done into the Google search box and Google will provide your answer directly on the results page.

Google Tips and Tricks
Google Tips and Tricks

 

Trick #10 : Tracking Flight Status

If you know the flight number, you don’t have to be calling the airline to check the status

 

Google Tips and Tricks

Trick #11 : Unit Conversion:

You can do unit conversion from one to another just by typing in Google as 12.5 cm in

Google Tips and Tricks
Google Tips and Tricks

 

Trick #12 : Searching for specific filetypes

If you are looking for a specific filetype, say a PowerPoint file to learn about Hacking, this is the right search string for you

Google Tips and Tricks

Trick #13 : Phonebook Search

Google can be your very own online phonebook

Google Tips and Tricks

Trick #14 : Mathematical Calculations using Google

Normally for doing the metric conversions we will be using some online conversion websites or conversion softwares. However just by using Google search box you can do calculations, unit conversions and money conversions as explained below.

You can use the Google search box as your scientific calculator as

 

Google Tips and Tricks

 

Trick #15 : Google Advanced Search Page

If you are not able to remember some of the advanced search syntax mentioned in this article, then use the Google Advanced search page as shown below.

Google Tips and Tricks
Google Tips and Tricks

Hope you enjoy above best 15 Google tricks , we will shortly publish more tricks.
Keep visitng

ClickJacking Example

ClickJacking Example

Clickjacking takes the form of embedded code, or the script that can execute without user’s knowledge, such as clicking on a button (or a link) that appears to perform another function. Clickjacking attack generally allows to perform an action on victim’s website, mostly cyber criminals target on Facebook and Twitter accounts.

Clickjacking, put simply, is when a button, image, video, or some form of embedded content on a website is overlaid by an invisible layer that sits on top of the site underneath it.

ClickJacking-Example
ClickJacking Example

clickjacking facebook

Clickjacking Facebook – Likejacking is type of clickjacking attacks that targets Facebook’s ‘Like’ button. So, suppose the user visits the attacker’s website. The attacker can embed Facebook’s ‘Like’ button on his page and the attacker wants to trick the user to click on the “Like” button, so, how can he do that? First, he can create a decoy button that lures the user to click on it to claim a free iPad.

clickjacking-facebook
clickjacking facebook

Then, he can reposition the ‘Like’ button exactly on top of the decoy button and, finally, he can make the ‘Like’ button completely transparent using CSS, so, when the user tries to click on the decoy button he ends up getting tricked to click on something he didn’t intend to click on

ClickJacking Example

1] Cursor spoofing attack to steal webcam access : In this attack , attacker shows a you a screen where a video is popup with some amazing title with a button known as ” Click to watch “. And suppose the user moves the cursor over to the ‘Click to watch’ link and clicks. How many of you noticed that the real cursor was hidden all the time and now the cursor is on the ‘Allow’ webcam access button

 

ClickJacking-Example-hacking
ClickJacking Example

2] Double-click attack to steal user private data :In the second attack the attacker asks the user to double-click a blue button on the page. When the user clicks on the button the attacker yields the screen real state to the Google auth dialog in the pop-up window, and the second click goes to that dialogue

ClickJacking-Example-hacking-gmail
ClickJacking Example

As a result, the attacker was granted access to the user’s Google account.

3] Whack-a-mole attack to compromise web surfing anonymity : In the third attack the user is asked to play whack-a-mole game. We encouraged users to click on a sequence of buttons as fast as possible. From the beginning the real cursor is hidden and the user is tricked to control a fake cursor. So, after the user has successfully clicked on several buttons, a Facebook ‘Like’ button is repositioned under the user’s real pointer and which users may not notice while clicking.

ClickJacking Example
ClickJacking Example

The attack combines cursors spoofing and fast-paced clicking techniques and was the most effective attack, we found that 98% of users fell for it. So, once the user clicks on the ‘Like’ button the attacker can instantly reveal the user’s identity.

Security in terms of Hacking

Hello friends , welcome back in the session of learning hacking. I think today post is also started from overview of hacking. Hope you read my earlier post on Hacking Overview

Hacking isn’t about a quick way to own people, it’s about experimentation, exploration, learning and experience. Sure, it might be hilarious to eject someone’s CD tray 50 times per minute, it might be side-splittingly funny to send messages across the network, it might even make your piss yourself when everyone’s network shares quit responding… but who did this benefit? What did you get out of it besides 5 minutes of shits and giggles? What did the victim get out of it? A broken machine? If someone trashed or hijacked your pride and joy, your main or only computer, how would you feel? Think about things before you do them, think of what the outcomes will be, consider whether there’s a point to what you’re doing. Security is the most essential factor of hacking.

Security –

Any hacking event will affect any one Security or more of the essential security elements.

The Security, Functionality, and Ease of Use Triangle

Security in terms of Hacking
Security in terms of Hacking

Security in terms of Hacking

The number of exploits is minimized when the number of weaknesses is reduced => greater security

Takes more effort to conduct the same task => reduced functionality

So when we design any system , we have to keep these three factors in our mind which is mention in above Figure.
Keep visiting

 

Social Engineering

Social engineering

Social Enginerring is the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks. Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information.  Social engineers use psychological tricks on humans

Social Engineering
Social Engineering

Social Engineering is the tactic or trick of gaining  sensitive information by exploiting the basic human nature such as :
Trust
Fear
Desire

Social engineering is the hardest form of attack to defend against because it  cannot be defended with hardware or software alone.

Social Engineering
Social Engineering

“Rebecca” and “Jessica”
Hackers uses the term “Rebecca” and “Jessica” to denote social engineering attacks

“Rebecca” and “Jessica” mean a person who is an easy target for social engineering,
such as an receptionist of a company.

In many cases, these hackers use small pieces of information to gain trust or access so they can then carry out their cons fully. Here are a few examples:

  • A hacker might call saying your credit card has been flagged for unusual activity and the bank needs to verify your information (credit card number, mother’s maiden name, etc.) before issuing a replacement. He or she will offer up the last four digits of your card and perhaps the date and amount of a recent transaction (things easily found in your trash) to gain your confidence and make this sound legit.
  • Hackers might even pose as your Facebook friends or other social media connections and then glean information from your profile or your posts

Social Engineering can be  categoriesed as

  • Human Based

Gather sensitive information by interaction.

Attacks of this catogory expolits trust , fear and helping nature of human for eg .

  1. Calls as a technical support staff , and request id & passwords to retrive data.
  2. Survey a target company to collect information
  3. Refer to an important person in the organisation and try to collect data
  • Eavesdropping or unauthorised listening of conversation or reading messages

  • Shoulder surfing

Looking over your shoulder as you enter a password

Shoulder-Surfing
Shoulder Surfing
  • Dumpster Driving

Search for sensitive information at target company’s

  • Trash bin
  • Printer trash bin
  • User desk for sticky notes
Dumpster Driving
Dumpster Driving

 

Spam email

Email sent to many recipients without prior permission intended for commercial  purposes. Irrelevant , unwanted and unsolicited email to collect financial info. social security members, and network information

Phases in social Engineering Attack

Phases in social Engineering Attack
Phases in social Engineering Attack

Keep Visiting and Enjoy our session on how to start learn hacking