Compress 1GB File to 10MB with KGB Archiver

KGB Archiver is an opensource software which can compress 1 GB file to 10 MB file. This software  is based on PAQ6 algorithm which has AES-256 powerful encryption. KGB archiver is available for Linux and Windows both. 
This software case too much time to compress a file as we can see that the compression ratio is very hign. But the time depends on the size of file being compressed. File compressed with KGB Arciver can only be decompressed with this tool only. If you are compressing any file with KGB archiver and sending the comprssed file to your friends then he must have KBG archiver installed on his computer to decompress the file.
Note: Some of you may not feel happy after reading this not. Because this tool can not compress video files. This tool can only compress 

Features of KGB Archiver: These are some features of this cool compression software.

• Supports native .kgb files and .zip files
• AES-256 Encryption
• Able to create self-extracting archives.
• Multilanguage supports like Arabic, German, Greek, Japanese, Spanish many more.
• Unicode is supported in both User Interface and File Systems.
• An Explorer shell extension is available for the windows version.
• Make Password protected compressed file.

Download

Introduction to ping sweep

Before writing about Ping sweep, i would like to introduce Ping. Ping is a network based utility which is used to know if a host is alive or dead on the network. Suppose i want to check for hackingtricks.in
 if we get the response it means website is live. You can check for a system by its IP address or a website by its domain name. We can use this program to detect host like website, computer system, printer, network or any device.


Ping Sweep:Ping Sweep also known as ICMP sweep is a network scanning technique which is used to determine which of a range of IP addresses map to live hosts. As we have seen in Ping, which is used for single computer. This is used for a renge of IP address for various computers. ping sweep consists of ICMP (Internet Control Message Protocol) ECHO requests sent to multiple hosts. If a system (HOST) is live, it will reply with ICMP ECHO reply.
There are a various tools available that can be used to do a ping sweep, such as fping, gping, and nmap.
Download Fping here: http://fping.sourceforge.net/

FBI and SOCA Seize 36 Websites For Card Fraud

Federal Bureau of Investigations (FBI) and Serious Organized Crime Agency (SOCA) has worked together and seized 36 domains. All these 36 websites were involved in the credit card frauds. These websites were all found to be trading illegally-obtained payment card details.

Organization has also informed the financial institutions and banks whose customers have been affected by these cybercriminal websites. They also claimed to prevented fraud that might have cost individuals and companies more than £500 million. So we can say that this is one of biggest anti-fraud operation of recent days.

“This operation is an excellent example of the level of international cooperation being focused on tackling online fraud,” said Lee Miles, Head of Cyber Operations for SOCA.

“Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime.”

In past two years, law enforcement agencies from many countries have worked together to prevent online fraud and cyber crimes. Although, cyber crimes are increasing day by day but this kind of strong steps against cyber criminals will surely make some positive impact.

Law enforcement agencies claim to save many personal accounts which can be misused by these fraudster websites. And these websites can help in identifying more websites which are involved in these kinds of crimes.

At last, it’s my personal advice to all internet users to be safe as much as they can. If they want to purchase something online, then take care while choosing the merchant. Try to purchase only from the trusted vendors and ensure that your personal and card information don’t end up in the wrong hands.

5 things a Beginner Hacker Should Know

Here are few points for beginners which they should know.

1. At this stage, most of the students search for hacking tools and software. But Here i want to make this clear that no tool and software exists which can hack Gmail, Facebook, Yahoo, twitter or any aother website or email account in just few clicks. These types of posts on internet are just for attracting visits and spread spams. Most of this type of hacking tools are binded with trojans which leads your system at risk. The recent example it Anonymous LOIC tool which is used to hack members to use their system in criminal activities.
2. Never use any premium keylogger which is available free on filehosting websites. Hackers always host this type of tool with Trojans. After installing this type of keyloggers you will be hacked. 
3. Never pay for hacking on the websites which are asking money in return of hacking. If you want to pay for any hacking book, tool or other kit, pay only on the trusted websites. 
4. Join any good hacking forum and learn new things from the experts. Never follow a person just for his claims. Always follow a person who has real knowledge. Adding hacker word is not going to make anyone hacker. There are many Javascript pranks and online websites are available which are used to create fake screenshot and defacing pages. These are used by many noobs to create some fake hacking screenshot to share on Facebook. And beginners follow them thinking as a hacker.
5. Learn Programming languages and networking. These are must to be a hacker. Most of the hacking attacks such as SQL injection, PHP injection, XSS, Phising and many other needs the knowledge of programming.

Hacker is not the person who use keyloggers for hacking email ids and deface low secure innocent websites. Hacker is the person with indepth knowledge of computer who can create his own exploits to hack in the secure systems and servers. hacker is the person who is ready to take challenges. You may heard the name of many hacking groups who deface innocent websites just for fame. I think they are nothing just a noob. Hacking a school website or a shop website is not going to make you a hacker.  

what is Ethical hacking and penetration testing

Cyber world, the virtual world on the internet is now a part of our daily life. Every person, who use internet either by computer or by any other gadgets, is a part of the cyber world. But Cyber world is also full of thieves as real world. So security is must. If you do proper security for all your physical things in real world, you must be aware of the security of the things you have in cyber world. If you think, you are not a computer person and why should you need to know about cyber crimes and its protections, and then just think about your bank account which you use and your credit cards and your online purchase. All these things are the main target of hacker which you use daily in your life.

Cyber crimes

All the organizations and companies have a network of systems for storing and accessing their private information which are confidential. These data is the top secret part of the company. But hackers always try to break the security of these systems to get that secret information of the company. According to the latest cyber crime report by Symantec, cyber crime costs more that $114 billion annually. This is a huge loss by cyber crimes.  The report also says that 14 adults become the victim of cyber crimes in a minute. You can imagine the dangers.  Most of the hackers work individual and hack only for their profit. But there are many companies who hire hackers to know the hidden secrets of the competitors company. So the world is full of hackers and threats. Do you know how to be safe and what to do in this bad cyber world.

Hackers or cyber criminals are the persons who use their computer knowledge for accessing or stealing without authorization. Now most of the security organizations have proposed to declare cyber criminal as terrorists. Hacking is the biggest problem now a day.  We can see the past 6 months. Some hacker groups have costs a lot to Sony and some other organizations. They had also accessed and published secret data of some security organizations. They had also hacked some networks and website. Lulzsec and Anonymous are the main 2 hackers groups and cyber police of many countries are in search of the members of these groups. Hackers use all the latest bugs and vulnerabilities to hack and the most dangerous thing is that they know how to hide their real identity in the cyber world.  If you look at the recent high profile cyber crime cases, you will see that the hackers have cost a lot to the most reputed companies by stealing their network data and secret information. But they are still unknown. No one knows who are they? where they live?, how they do?
Sometimes I think they are most advanced than the security experts working on those companies but they do not have that much educational qualification. They are talented but use their knowledge in bad works.

Working process of hackers is similar. The complete hacking can be defined as a set of steps performed by hackers.  These are Information gathering, scanning, gaining access, maintaining access and clearing tracks. Information gathering and scanning involves getting knowledge about the target system or victim whom they want to hack. After having enough knowledge about the target system, hackers try to exploit vulnerabilities of the target and gain access to unauthorized data. Then they maintain access to get some secret data of the company and steal important information. Finally they clear all the tracks so that no one will able to find them. This is what they are invisible on the internet.

Figure1: Steps performed by hacker

Catching a hacker is not so easy. But securing your network is much easy and recommended.

Need of Ethical hackers

So most of the organization now hire hackers who try to secure the company system security by finding vulnerabilities and security holes. These hackers are called Ethical hackers. An Ethical Hacker will follow the same Techniques and Methodologies as a Malicious Hacker, however, in the end, The found vulnerabilities of Security Flaws are either Reported (Responsible Disclosure/Open Disclosure) or Fixed. This is also called Penetration Testing which is also called as pentest in short.  Working of ethical hackers can also be shown as a graphical image which is given below.

Figure2: Steps performed by Ethical hacker

If you take a look on the steps performed by hackers and ethical hackers, you will see that the starting 3 steps are similar in both hackers. But the last steps are different. Ethical hacker reports the vulnerabilities to the organization while hackers maintain the access to access secret data of the company and then clear all the tracks. Reporting vulnerability is the main work of Ethical hacker. Now company will have to work on patching those found vulnerabilities. This is what we called best step of protection against hackers.

“One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems.”

Skills Required Becoming an Ethical Hacker

Ethical hackers are those persons who stay 1 step ahead from the malicious hackers so they must be computer system experts having knowledge about computer programming, networking, operating systems, web programming and various security aspects. Ethical hackers do not need to have strong command of the countermeasure that can prevent attacks. Their work is only to report the vulnerability to the organization’s security team.

Ethical hacking has following steps:

1. Talk to the client, and discuss the needs to be addressed during the testing of system, network or application.

2. Prepare and sign nondisclosure agreement (NDA) documents with the client.

3. Organize an ethical hacking team, and prepare a schedule for testing.

4. Conduct the test.

5. Analyze the results of the testing, and prepare a report.

6. Present the report to the client about the vulnerabilities.

But the most important things which an Ethical hacker should know that No ethical hacking activities or testing associated with a network security test or system security audit should be start until a signed legal document has been given to ethical hacker express the permission to perform the hacking and testing activities on network or system is received from the target organization. This type of legal document is necessary because it can cause a trouble to the ethical hacker if he does not have proof to show that he has been allowed from the company.

The other important thing which he should know is that the details of the ethical hacking report must be kept confidential, because they highlight the organization’s security risks and vulnerabilities. If this document falls into the wrong hands, the results can be harmful for the organization.

In security field one more term is used vulnerability assessment which is simply identifies and reports noted vulnerabilities. But it is not the same thing as Penetration testing. Penetration testing tries to exploit those vulnerabilities for unauthorized access. It’s not a onetime action. It should be done regularly.

Penetration testing

Penetration testing is very important for anyone who stores important and sensitive information in systems. The only way anyone can be sure there are no security risks are if they have had their entire security system assessed and then made adjustments as necessary. This can only be done by penetration testing.  You can see the steps in process of penetration testing in the figure below.

Figure 3: steps in penetration testing

You can see that the last step is re test. Now you can understand why I wrote that penetration testing should be done regularly.

With the advancement in technology, hackers try to create new type of attacks, so all the older countermeasures will not work against these attacks. This is the reason why ethical hackers need to update their information on these types of new attacks so that they can create a good protection against these attacks. They should learn how these attacks are performed and then try to attack it on the network or systems, to check if systems are really secure. If not, then they try to secure systems and networks to prevent these attacks. So the new attacks are the reason why penetration testing is a regular process.

“The Information Assurance Certification Review Board (IACRB) manages a penetration testing certification known as the Certified Penetration Tester (CPT). The CPT requires that the exam candidate pass a traditional multiple choice exams, as well as pass a practical exam that requires the candidate to perform a penetration test against live servers.”

Penetration testing can be carried out by several ways but in general we define as following 2 types

Black box penetration testing: In this type of penetration testing tester have no prior knowledge of the infrastructure to be tested. He should get all the information about the infrastructure of the network by some testing, guessing and skills. This testing is like the real attack on the system or network by the hackers. Because tester also has no given information about the infrastructure. Many companies use this type of penetration testing because this is the real time testing which feels like real hackers are doing on the network. But it slows down the system and network performance during testing time because there are so many testing tools used by the testers which use bandwidth and resources.

White box penetration testing: In white box penetration testing tester has complete knowledge of the infrastructure to be tested such as network diagram, source code of application, server settings. This information helps tester in his work. But this type of testing is not so effective.

Gray box penetration testing: This is the combination of black box and white box testing. In this some information are given to the tester not all. This type of testing is used in most of the organizations. It takes less time with more vulnerability exposure. It is easy to work for testers in this type of testing.

Risks involved in penetration testing

But penetration testing must be done carefully. It also has some risk. In white box testing, tester has access to the code and during testing it can harm the code by mistakes. And in black box testing tester use so many tools to scan and attack on the network or systems which slow down the system performance of the network or system. The possibility exists that systems may be damaged in the course of penetration testing. Every attack has some negative impact on the network and the system and it may cause some times loss to the company. But it can be minimized by hiring experienced professionals and monitoring all the steps. Backup of all the things is also necessary. But the most dangerous risk is information leakage of the company. The person hired for the penetration testing of the company should work under proper guidance of the company. As part of company’s penetration testing team, he will be able to know all the hidden secrets of the company. The hidden infrastructures and network loop holes. If he is not monitored properly, he can misuse those information are leak the information to other companies which are your competitors in the market

Conclusion

So we can say that ethical hacking and penetration testing are related to each other. Penetration testing is done with Ethical hacking with protection against attacks.  In general the testers in the process of penetration testing are Ethical hackers. They can be the part of the company or some individual persons hired by the company for the network and system testing. Most of the company hire some certified ethical hackers to be a part of the company’s security team but most of the famous ethical hackers work on hourly basis and do not want to join any company. So companies hire them for their work. But company should track all the work done by Hired Ethical hacker because he is not the company person but he will have all the secret details such as security infrastructure of the company. He may leak the company secret information to other company. So it’s really important to take care while hiring any Ethical hacker for the company.

Cyber crimes are increasing day by day so need of ethical hackers and penetration testers are also increasing. Having a permanent Ethical hacker is secure than hiring some out members. SO many companies are now hiring permanent Ethical hackers for the company.  This can be a better career option for a person having interest in computers and network security. There are many reputed organizations which conduct exams and running courses for penetration testing and ethical hacking. One can join those institutes for being a certified ethical hacker and penetration tester.

In this post i will explain about Caching Proxy servers and Web Proxy Server


This is the first type of proxy servers. 


Caching Proxy servers


 These are the proxy servers which keeps a copy of the previously accessed pages, images and other type of media in the server cache for some period of time. If the same user or any other user requset for the same file, the file is served from the cache of the server. After the cache time period expired, the file is removed from the cache. Most ISPs and large businesses have a caching proxy. Caching proxies were the first kind of proxy server.


Advantages of the Cache Proxy servers: As we can see that the web page, images and other media accessed by a user is stored in the cache. Next time these previously accessed pages are served directly from the cache not from the original server. So it reduces bandwidth consumption and faster access. The time of response is faster now. This is really good when you want to access some blogs which you have accessed before. Proxy server will serve the page from the serve cache even if the website is currently offline.


Disadvantages of Cache Proxy servers: Although Cache Proxy servers provide faster access to some frequent resources. But it has a big advantage. It is not good for those website which changes the content and media frequently.
Some poorly configured proxy servers also have some big advantages which creates problem in logging into a website. So use this proxy server with a good server administrator only.


This post is published on hackingtricks.in and may be reproduced on some content theft websites which copy my posts daily. Try to avoid those websites


But this advantage is not big now as most of th web masters are also optimize their website for caching and use some server side caching mechanisms by using CDNs. CDN cache static data of the website for the long period of time on the distributed servers.


This is the second type of proxy servers. 




Web Proxy Servers


 Web Proxy Servers are those Proxy servers which only serves the HTTP traffic. These are mostly used in Schools, organizations and corporate world to block websites on the base of URLs. All the proxy websites which we used to access some other websites in order to hide out IP address are called web proxy servers.
But Web Proxies are some thing wider than we think. It can be the combination of some other type of proxy servers. A web proxy can also do the job of a cache proxy server to cache the recently requested pages to serve those pages next time from the cache.




Types of Web Proxy:




Transparent Proxy: These are the simpler type of proxy servers which keeps every thing transparent identifies itself as a proxy server . It reveals the IP address of the Proxy server and the IP address of the client who is using the proxy. These proxies are used to get around the simple IP ban but it do not provide the anonymity.




Anonymous Proxy: These type of Proxy servers identifies itself as a proxy server and reveals the ip only of the the server. This hides the IP of the client who is using the server. This type of proxy server is detectable, but provides reasonable anonymity for most users.




Elite Proxy: These are the most advanced proxy servers which do not identifies iself as a proxy server. So it is hard to detece whether the request is coming from the proxy server of coming from the original users. It provides an advance level of anonymity. These servers are usually paid and available only after paying. Hackers used this type of proxy servers for high profile hacking. These are also called High Anonymity Proxy servers

How to extract data from a Web Page into an Excel Spreadsheet

Do you know? you can extract the data of a website into a excel spreadsheet. This feature is very useful when you found some useful data on a webpage and you want to save it into your system. You can save Google search results, your bank ministatments and other records with just a mouse clicks.


To import a webpage into excel sheet click on  Data and then go it Get External Data group. In this you will find an option "From Web". Click on this and  then "From Web".


There is another way of doing this in which you do not need to open Microsoft excel each time to import a webpage. 
Open Internet Explorer and then navigate to the website you want to import. Then right click on the page where you will find an option to "Export to Excel"


Once the data is inside Excel, you can do all sort of complex things like conditional formatting, sorting, create charts, etc. If you set the data auto-refresh, Excel will update the worksheet whenever the source web page changes.

Download Ice Cream Sandwich source code

Google has made available the source code of its latest mobile operating system, Android 4.0, Ice Cream Sandwich. With this release, the mobile OS is now opensource for all developers which want to create their custom applications for this.


According to a post from Jean-Baptiste M. “JBQ” Queru, a software engineer on the Android Open Source Project, the code is still in the process of being uploaded, and developers are advised to wait til it’s fully complete before they start downloading it themselves. But it’ll be available very soon.


This is more important because this operating system is the latest version of Android which is fully optimized for tablets as well as phones. So all the mobile companies who develeop low cost tablets can use it easily.


get it from download link
http://source.android.com/source/downloading.html

Whats the difference between a virus, spyware, Malware, and adware?

In the old days we used to call everything a virus, however now days we have more precise names to further categorize them. Below I will show you the difference between a virus, spyware, malware, and adware. It is important to protect your computer from viruses but how can you do that when you do not know what you are dealing with?

What is Malware?

Malware is a software program that has bad intentions. It can either be installed by the computer user accidentally or it can sneak into your computer through various avenues. Its not the same as a piece of software that by chance causes harm to your computer, malware is software that has been developed with the intent of causing problems with your computer.

What is Spyware?

Spyware is a type of malware program that invades your computer and basically spies on you. There are different types of spyware that collect different information. A common spyware type is a keylogger which records keystrokes typed on your keyboard. This is how people lose their bank account details. Other spyware will record your actions and browsing habits on the internet. Any information collected by spyware is usually with the intent to sell.

What is Adware?

Adware is another form of malware and is exactly as the name suggests, software with advertising. Adware can be downloaded and sometimes included in free programs. For example Windows Live messenger and Yahoo messenger contain adware. Although some programs give the option not to install the extra adware, others seem to sneak it in without permission.

What is Virus?

A virus is a small program designed to infect your computer and cause errors, computer crashes, and even destroy your computer hardware. Unlike spyware, a virus can grow and replicate itself. It can also travel from one computer to another via an internet connection. Of course you can get viruses from discs with virus infested files stored on them, however the internet is the most common entry point. Some common symptoms of a virus are emails being sent to all contacts when you didn’t send them, being taken to webpage’s that you didn’t choose, or being told you have a virus and to download a program to fix it.