Monday, February 17, 2014

How to bomb an email account

Bombing an email account

In this tutorial I'll show you how to bomb an email account using php. It's not a difficult thing to do. You don't even need any programming skills. Although I will say that to accomplish anything substantial, you need to have a knowledge of coding. For anyone interested in becoming a real hacker, I would suggest the enigma group website. On this website you go through a series of missions, aimed at developing your logical thinking and programming skills. If you come up against a mission you can't pass, it only means you're not at that learning curve yet. Plus it's a legal environment to practice hacking skills. Although it's without doubt, that if you want to get any good, you will at some point have to break the law.

Setting up your own web domain

The first step we have to take is setting up your web domain. I'll be a bit cheeky here and suggest a good web hosting site to you. On the image you see below, click on the order now tab :

Your browser will now navigate to the form page of 000webhost.com. I recommend this web hosting site because email activation for you account isn't required. In this form page I suggest you provide all fake details. Click on the thumbnail image below to see the details I imputed into this form :


Notice that I have provided all fake details. Click on the Create my account submit button at the bottom of the page. A new page should now load, with details of build status on your domain :


screenshot of domain build

Notice in the above screenshot that my domain bomberman.comli.com will be built in 1 minute.


Navigate to the text editor

After your domain has been built you will be taken to the account details overview page. Click on Enter Control Panel :

screenshot

In the new page that loads, double click on file manager as shown below :


screenshot

You will now be prompted to enter your password again. Once you have entered your password you will be directed to the file manager. Go the sub-directory public html by clicking on it :


screenshot

Now click on new file as shown below :


screenshot

PHP bombing script


Now this is were we create our php bombing script. Simply copy and paste the following code into the text editor that has opened up :


<?php
$mail = 1;
do {
   mail ("Victim E-Mail", "subject", "message", "From Email Can Be Fake");
}   while($mail < 50000);
?>

In the above script, replace "Victim E-Mail" with the email of the person you intend to wreak havoc on. Replace "subject" with what you want the subject of your mail to be. With "message" replace this with what you want your email message to be (the actual content or body of the email), and with "From Email Can Be Fake", replace this with a fictitious email of your choosing.
Double click on the thumbnail image below to see a screenshot of the code I entered into the text editor. I used my own email address in the script, for the purpose of taking a screenshot of my inbox :
Once you've inputed the php code, save the document as index.php, enter this file name into the field at the top (as shown in the below screenshot). Click on the small disk icon to save the document, then click on the blue arrow to navigate back :

screenshot

Executing our email bombing script

This is were it all comes together, were we execute our little script. This is very easy to do, simply type the URL of your web domain into your browsers address bar. Pour example :

screenshot image

Once you've entered the URL of your domain into your address bar, hit Enter.. You will see the following while you're script is being executed :


screenshot image

Your script will run as long as it takes for your domain to be closed down. The script basically runs on a do while loop. So you can send anything up to 50,000 emails to someone. Lets have a look at the damage done to my email account. The email account I used to bomb was my own. Click on the thumbnail image below to see a small section of my inbox : 


Note:- The above information has it uses. I'll let you decide what you want to do with it. A problem I've noticed inherent in bombing an email account, is that the majority of your emails will be sent into the victims junk box. You may now be thinking well what's the point then?. Trust me though, if you're trying to get a message across to someone, they'll notice the addition of 1000 + emails a day in their junk box. This isn't your ordinary load of junk mails. You can combine the php email bombing script along with other forms of attack too. I once had someone frozen out of all their IM (instant messenger accounts). While they were frozen out of their accounts, I was repeatedly bombing the persons email accounts. I got my message across.

Tuesday, February 11, 2014

Know about Networking


Appin Kankarbagh  Patna

What are some Popular Networks?

Over the last 25 years or so, a number of networks and network protocols have been defined and used. We're going to look at two of these networks, both of which are “public'' networks. Anyone can connect to either of these networks, or they can use types of networks to connect their own hosts (computers) together, without connecting to the public networks. Each type takes a very different approach to providing network services.

 

UUCP

UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix (surprise!) hosts together. UUCP has since been ported to many different architectures, including PCs, Macs, Amigas, Apple IIs, VMS hosts, everything else you can name, and even some things you can't. Additionally, a number of systems have been developed around the same principles as UUCP.

Implementation Environment

UUCP networks are commonly built using dial-up (modem) connections. This doesn't have to be the case though: UUCP can be used over any sort of connection between two computers, including an Internet connection.
Building a UUCP network is a simple matter of configuring two hosts to recognize each other, and know how to get in touch with each other. Adding on to the network is simple; if hosts called A and B have a UUCP network between them, and C would like to join the network, then it must be configured to talk to A and/or B. Naturally, anything that C talks to must be made aware of C's existence before any connections will work. Now, to connect D to the network, a connection must be established with at least one of the hosts on the network, and so on. Figure 2 shows a sample UUCP network.
Figure 2: A Sample UUCP Network
In a UUCP network, users are identified in the format host!userid. The “!'' character (pronounced “bang'' in networking circles) is used to separate hosts and users. A bangpath is a string of host(s) and a userid like A!cmcurtin or C!B!A!cmcurtin. If I am a user on host A and you are a user on host E, I might be known as A!cmcurtin and you as E!you.
 Because there is no direct link between your host (E) and mine (A), in order for us to communicate, we need to do so through a host (or hosts!) that has connectivity to both E and A. In our sample network, C has the connectivity we need. So, to send me a file, or piece of email, you would address it to C!A!cmcurtin. Or, if you feel like taking the long way around, you can address me as C!B!A!cmcurtin.
The “public'' UUCP network is simply a huge worldwide network of hosts connected to each other.

Security


UUCP, like any other application, has security tradeoffs. Some strong points for its security is that it is fairly limited in what it can do, and it's therefore more difficult to trick into doing something it shouldn't; it's been around a long time, and most its bugs have been discovered, analyzed, and fixed; and because UUCP networks are made up of occasional connections to other hosts, it isn't possible for someone on host E to directly make contact with host B, and take advantage of that connection to do something naughty.
On the other hand, UUCP typically works by having a system-wide UUCP user account and password. Any system that has a UUCP connection with another must know the appropriate password for the uucp or nuucp account. Identifying a host beyond that point has traditionally been little more than a matter of trusting that the host is who it claims to be, and that a connection is allowed at that time. More recently, there has been an additional layer of authentication, whereby both hosts must have the same sequence number , that is a number that is incremented each time a connection is made.
Hence, if I run host B, I know the uucp password on host A. If, though, I want to impersonate host C, I'll need to connect, identify myself as C, hope that I've done so at a time that A will allow it, and try to guess the correct sequence number for the session. While this might not be a trivial attack, it isn't considered very secure.

Tuesday, March 12, 2013

Summer Industrial Training In Appin Patna


Our Industrial training programs are designed for students who are looking to master their technical skills. Appin gives students to get hands on experience. Appin's project based Summer training program and guidance is the preferred choice ofEngineering Students/ IT Students/MCA Student /Science graduate & Professionals as it gives students to get Hands on Experience, unlike any other training in industries where students/professionals are not allowed working on the real equipment/software during their internships. Our project based training programs are exhaustive and covering the latest and upcoming technologies. Along with project based training, we give students Placement Assistance when they graduate via the Campus Connect Placement Programs.Last year most of all participants were placed in top MNCs. It is attended by selected 4890 engineering & IT students from across the world and it was attended by students from India, China, Nigeria, Australia, and Middle East, UK among other countries and comprised of 3230 male and 160 female students in Hi-technology training areas.
Why Appin?
·  Over half a decade of experience in IT & Security training over seventy cities and hundred plus centers affecting lives of over eighty-three thousand students.
·  Training partnerships with recognized govt and international bodies includingSTQC,TMVIADL among others.
·  Global leaders in Ethical hacking & Information security training program with over fourteen thousand students placed world-wide
·  Economical training programs that fulfills college & school summer training requirements, job placement assistance available after graduation including first preference for over 78 companies fresher job postings.
·  Appin is among top 5 IT training companies in south Asia (The Week magazine) and a venture of alumni & professors from prestigious IITs.
·  Hostel facility available
·  Courses available ranging for 4-6 weeks to 4-6 Months training.
Technologies Available 
Software Designing
Web Site Designing  
Mobile Application Designing
Embedded Robotics
Android Programming 
Microsoft .Net
Java Programming
PHP Programming 
C/C++ Programming
Networking & Communication
GSM Communications

1st Floor, Vijyanan Complex, Beside Tiwari Bechar, Main Road, Kankarbagh Patna 20
Call Us :- 0612 – 6544454, 9031044450/51/52/53
Website:- www.appinpatna.com




Sunday, March 10, 2013

Appin Patna


Our Industrial training programs are designed for students who are looking to master their technical skills. Appin gives students to get hands on experience. Appin's project based Summer training program and guidance is the preferred choice ofEngineering Students/ IT Students/MCA Student /Science graduate & Professionals as it gives students to get Hands on Experience, unlike any other training in industries where students/professionals are not allowed working on the real equipment/software during their internships. Our project based training programs are exhaustive and covering the latest and upcoming technologies. Along with project based training, we give students Placement Assistance when they graduate via the Campus Connect Placement Programs.Last year most of all participants were placed in top MNCs. It is attended by selected 4890 engineering & IT students from across the world and it was attended by students from India, China, Nigeria, Australia, and Middle East, UK among other countries and comprised of 3230 male and 160 female students in Hi-technology training areas.
Why Appin?
·  Over half a decade of experience in IT & Security training over seventy cities and hundred plus centers affecting lives of over eighty-three thousand students.
·  Training partnerships with recognized govt and international bodies includingSTQC,TMVIADL among others.
·  Global leaders in Ethical hacking & Information security training program with over fourteen thousand students placed world-wide
·  Economical training programs that fulfills college & school summer training requirements, job placement assistance available after graduation including first preference for over 78 companies fresher job postings.
·  Appin is among top 5 IT training companies in south Asia (The Week magazine) and a venture of alumni & professors from prestigious IITs.
·  Hostel facility available
·  Courses available ranging for 4-6 weeks to 4-6 Months training.
Technologies Available 
Software Designing
Web Site Designing  
Mobile Application Designing
Embedded Robotics
Android Programming 
Microsoft .Net
Java Programming
PHP Programming 
C/C++ Programming
Networking & Communication
GSM Communications

1st Floor, Vijyanan Complex, Beside Tiwari Bechar, Main Road, Kankarbagh Patna 20
Call Us :- 0612 – 6544454, 9031044450 , 9279444450
Website:- www.appinpatna.com

Monday, July 30, 2012

Application Security With Apache Shiro

 
Are you frustrated when you try to secure your applications? Do you feel existing Java security solutions are difficult to use and only confuse you further? Les Hazlewood is the Apache Shiro PMC Chair and co-founder and CTO of Katasoft, a start-up focusing on application security products and Apache Shiro professional support. Apache Shiro, a Java security framework that provides a simple but powerful approach to application security.
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management and can be used to secure any application – from the command line applications, mobile applications to the largest web and enterprise applications. Shiro provides the application security API to perform the following aspects :
  • Authentication – proving user identity, often called user ‘login’.
  • Authorization – access control
  • Cryptography – protecting or hiding data from prying eyes
  • Session Management – per-user time-sensitive state
Shiro also supports some auxiliary features, such as web application security, unit testing, and multithreading support, but these exist to reinforce the above four primary concerns.
The framework landscape has changed quite a bit since 2003, so there should still be a compelling reason to use Shiro today. There are quite a few reasons actually. Apache Shiro is:
  • Easy To Use - Ease of use is the project’s ultimate goal. Application security can be extremely confusing and frustrating and thought of as a ‘necessary evil’. If you make it so easy to use that novice programmers can start using it, it doesn’t have to be painful anymore.
  • Comprehensive – There is no other security framework with the breadth of scope that Apache Shiro claims, so it can likely be your ‘one stop shop’ for your security needs.
  • Flexible – Apache Shiro can work in any application environment. While it works in web, EJB, and IoC environments it does not require them. Nor does Shiro mandate any specification or even have many dependencies.
  • Web Capable – Apache Shiro has fantastic web application support, allowing you to create flexible security policies based on application URLs and web protocols (e.g. REST), while also providing a set of JSP libraries to control page output.
  • Pluggable - Shiro’s clean API and design patterns make it easy to integrate with many other frameworks and applications. You’ll see Shiro integrated seamlessly with frameworks like Spring, Grails, Wicket, Tapestry, Mule, Apache Camel, Vaadin, and many others.
  • Supported - Apache Shiro is part of the Apache Software Foundation, an organization proven to act in the best interest of its community. The project development and user groups have friendly citizens ready to help.

Monday, June 18, 2012

Port Blocking Using By IPTABLES In Linux .



Port numbers which are recognized by Internet and other network protocols, enabling the computer to interact with others. Each Linux server has a port number (see /etc/services file). For example:

  1. TCP port 80 - HTTP Server
  2. TCP port 443 - HTTPS Server
  3. TCP port 25 - Mail Server
  4. TCP port 22 - OpenSSH (remote) secure shell server
  5. TCP port 110 - POP3 (Post Office Protocol v3) server
  6. TCP port 143 - Internet Message Access Protocol (IMAP) — management of email messages
  7. TCP / UDP port 53 - Domain Name System (DNS)

Block Incoming Port

The syntax is as follows to block incoming port using IPtables: /sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP

### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP

### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
To block port 80 (HTTP server), enter (or add to your iptables shell script)

# /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP
# /sbin/service iptables save

Block Incomming Port 80 except for IP Address 1.2.3.4

# /sbin/iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 --dport 80 -j DROP

Block Outgoing Port

The syntax is as follows:
 
/sbin/iptables -A OUTPUT -p tcp --dport {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
 
/sbin/iptables -A OUTPUT -i eth1 -p tcp --dport {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
 
/sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
 
To block outgoing port # 25, enter:

# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/service iptables save

You can block port # 1234 for IP address 192.168.1.2 only:
# /sbin/iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 1234 -j DROP
# /sbin/service iptables save

Friday, May 11, 2012

Taskmanager Implemented In Excel/VBA

If You Are in a restricted environment where You could not use Task Manager or Process Explorer. It will also come in handy when fixing an infected machine, where the malware prevents one from launching Task Manager or Process Explorer.
Push  button “List processes” to list all processes:


Here’s how you would use it to disable malware. List processes, identify malicious processes, type command s (suspend) in column Command for the malicious processes you want to disable. Push button “Execute commands”, this will suspend the selected processes.


Now terminate them with the t command:


Doing this in 2 steps (suspend and terminate) in stead of just terminating, is more suited for multi-process malware that monitors itself.
Download:
TaskManager_V0_0_1.zip (https)

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | cheap international voip calls