Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.
In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.
The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker
Example 2: You receive an e-mail saying that your computer is infected by a virus. The message suggests that you install a tool available on an Internet site, to eliminate the virus from your computer.
The real function of this tool and does not eliminate a virus, but I give someone access to your computer and all data stored on it.
Example 3: a stranger calls your house and says it is the technical support of your ISP.
In this connection he says that his connection to the Internet is presenting a problem and then, ask your password to fix it. If you give your password, this so-called technical can perform a multitude of malicious activities, using your
access accountInternet and therefore such activities relating to its name.
Practical Examples:
Retail Paging Systems
---------------------
Wal-Mart store phones have clearly marked buttons for the paging system. Wal-Mart is
the exception, not the rule. So how do you get on the paging system to have a little
fun when you're bored out of your mind shopping with your girlfriend? Social
engineering, my whipped friend. Find a phone and dial an extension, preferably the
store op. The key here is to become a harried employee, saying something similar
to..."This is Bill in shoes. What's the paging extension?" More often than not,
you'll get the extension without another word. Now, get some by saying something
sweet over the intercom.
Airport White Courtesy Phones
-----------------------------
Imagine you've already been stripped searched and you're waiting for your delayed
flight. Naturally, you gravitate to a phone. Is it white? Then you've got a free
call right in front of you. Just pick up to get the op. "This is Bill at Southwest,
Gate A5. We're swamped and our phones are tied. Can I get an outside line?" If
the phone does not have DTMF, or the op wants to dial the call for you, do not call
a number related to you.
Hotels
------
Hotels hold such promise. Some hotels have voice mail for each room, guests
receiving a PIN when they check in. Hotels also have "guest" phones; phones outside
of rooms that connect only to rooms or the
front desk. Pick up a guest phone, make
like a friendly guest and say, "I forgot my PIN. Could I get it again? Room XXX."
Knowing the
registered name of the target room helps, for the Hotel and Restaurant
Management Degree Program graduate may ask for it.
Do not follow through with the next social engineering example. Or, like the author,
try it on a friend. Go to the front desk and tell the attendant that you've locked
your key (card) in the laundromat, in your room, lost it, etc. Do not try this with
the attendant that checked you in. And again, do not enter someone's room without
permission.
Calling Technical Support
-------------------------
So you've found a new-fangled computerized phone and you want to learn more about it.
Do the same thing you do when you have trouble with your AOL - call tech support.
First, do a little planning (after getting the tech support number off of the phone
or the web). Get some info on the phone, like phone number, model number, other
identifying numbers, etc. Also, know the name of the facility in which the phone is
located. Now that you've got some ammo, you're ready to make the call. Posing as an
employee of the facility, call tech support and make up a problem for the phone
you've identified. Act a little dumb and be apologetic, acting like you don't want
to waste their time. All the while, pumping them for information - "I hate to bug
you for this, but <insert problem here>." <You'll get some info from tech support
here.> <Build on what you've learned and curiously ask another question.> And so
on until you reach the point where you can feel that it's time to end the call.
Occasionally acting amazed at their knowledge may be helpful.
Methods of Social Engineering
Phishing Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or
credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update
a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed
credit card numberswith eBay legitimately, who might respond.
Vishing or Phone Phishing:This technique uses an Interactive Voice Response (IVR) system to recreate a legit sounding copy of a bank or other institution's IVR system. The slave is prompted to call in to the "bank" via a phone number provided in order to "verify" information.
BaitingBaiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the slave. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the slave to use the device.
What is Malware?:
Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
Types of Malicious Softwares:There are three characteristics of malwares:
1 Self-replicating malware actively attempts to
propagate by creating new
copies, or instances, of itself. Malware may also be propagated passively,
by a user copying it accidentally, for example, but this isn't self-replication.
2 The population growth of malware describes the overall change in the number
of malware instances due to self-replication. Malware that doesn't selfreplicate
will always have a zero population growth, but malware with a
zero population growth may self-replicate.
3 Parasitic malware requires some other executable code in order to exist.
"Executable" in this context should be taken very broadly to include anything
that can be executed, such as boot block code on a disk, binary code
Trojan Horse:
The most famous malicious software is Trojan Horse.
There was no love lost between the Greeks and the Trojans. The Greeks had
besieged the Trojans, holed up in the city of Troy, for ten years. They finally
took
the city by using a clever ploy: the Greeks built an enormous wooden horse,
concealing soldiers inside, and tricked the Trojans into bringing the horse into
Troy. When night fell, the soldiers exited the horse and much unpleasantness
ensued.
In computing, a Trojan horse is a program which purports to do some benign
task, but secretly performs some additional malicious task. A classic example is
a password-grabbing login program which prints authentic-looking "username"
and "password" prompts, and waits for a user to type in the information. When
this happens, the password grabber stashes the information away for its creator,
then prints out an "invalid password" message before running the real login
program. The unsuspecting user thinks they made a typing mistake and reenters
the information, none the wiser.
Logic Bomb:Self-replicating: no
Population growth: zero
Parasitic: possibly
The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is fixed by attacer. It will be included in legitimate or
authorized person like this:
legitimate code
if date is Friday the 13th:
crash_computerO
legitimate code
Eg:
if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
Back Door or Trap Door:
Self-replicating: no
Population growth: zero
Parasitic: possibly
A back door is any mechanism which bypasses a normal security check. Programmers
sometimes create back doors for legitimate reasons, such as skipping
a time-consuming authentication process when debugging a network server.
As with logic bombs, back doors can be placed into legitimate code or be
standalone programs.
username = read_username()
password = read_password()
if tisername i s "133t h4ck0r":
return ALLOW^LOGIN
if username and password are valid:
return ALLOW_LOGIN
e l s e:
return DENY^LOGIN
One special kind of back door is a RAT, which stands for Remote Administration
Tool or Remote Access Trojan, depending on who's asked. These programs
allow a computer to be monitored and controlled remotely;
Virus:
Self-replicating: yes
Population growth: positive
Parasitic: yes
A virus is malware that, when executed, tries to replicate itself into other executable
code; when it succeeds, the code is said to be infected. The infected
code, when run, can infect new code in turn. This self-replication into existing
executable code is the key defining characteristic of a virus.
Types of Virus1.Parasitic virus:
Traditional and common virus. This will be attached with EXE files and
search for other EXE file to infect them.
2. Memory Resident Virus:
Present in your system memory as a
system program. From here onwards it will infects all program that executes.
3. Boot Sector Virus:
Infects the boot record and spread when the system is booted from the disk containing the virus.
4. Stealth Virus:
This virus hides itself from detection of antivirus scanning.
Worm:Self-replicating: yes
Population growth: positive
Parasitic: no
A worm shares several characteristics with a virus. The most important characteristic
is that worms are self-replicating too, but self-replication of a worm
is distinct in two ways. First, worms are standalone, and do not rely on other
executable code. Second, worms spread from machine to machine across networks.
Rabbit:Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies rapidly. Rabbits
may also be called bacteria, for largely the same reason.
There are actually two kinds of rabbit.The first is a program which tries
to consume all of some system resource, like disk space. A "fork bomb," a
program which creates new processes in an infinite loop, is a classic example
of this kind of rabbit. These tend to leave painfully obvious trails pointing to
the perpetrator, and are not of particular interest.
The second kind of rabbit, which the characteristics above describe, is a
special case of a worm. This kind of rabbit is a standalone program which
replicates itself across a network from machine to machine, but deletes the
original copy of itself after replication. In other words, there is only one copy
of a given rabbit on a network; it just hops from one computer to another.
Rabbits are rarely seen in practice.
Spyware:
Spyware is software which collects information from a computer and transmits
it to someone else.
The exact information spyware gathers may vary, but can include anything
which potentially has value:
1 Usernames and passwords. These might be harvested from files on the
machine, or by recording what the user types using a
key logger. A keylogger
differs from a Trojan horse in that a keylogger passively captures keystrokes
only; no active deception is involved.
2 Email addresses, which would have value to a spammer.
3 Bank account and
credit card numbers.
4 Software license keys, to facilitate software pirating.
Definitions
Adware:Self-replicating: no
Population growth: zero
Parasitic: no
Adware has similarities to spyware in that both are gathering information about
the user and their habits. Adware is more marketing-focused, and may pop up
advertisements or redirect a user's web browser to certain web sites in the hopes
of making a
sale. Some adware will attempt to target the advertisement to fit
the context of what the user is doing. For example, a search for "Calgary" may
result in an unsolicited pop-up advertisement for "books about Calgary."
Adware may also gather and transmit information about users which can be
used for marketing purposes. As with spyware, adware does not self-replicate.
Zombies:
Computers that have been compromised can be used by an attacker for a
variety of tasks, unbeknownst to the legitimate owner; computers used in this
way are called zombies. The most common tasks for zombies are sending spam
and participating in coordinated, large-scale denial-of-service attacks.
Signs that your system is Infected by Malware:
Slow down, malfunction, or display repeated error messages
Won't shut down or restart
Serve up a lot of pop-up ads, or display them when you're not surfing the web
Display web pages or programs you didn't intend to use, or send emails you didn't write.
Top 10 Important command prompt's commands
1. ipconfig :
This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.
- To view ip ,subnet mask address : ipconfig
- To view all TCP/IP information, use: ipconfig /all
- To view the local DNS cache, use: ipconfig /displaydns
- To delete the contents in the local DNS cache, use: ipconfig /flushdns
2.systeminfoHave a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool
I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax:
SYSTEMINFO /S system /U user3. tasklist and taskkill If you work with Task Manager (ctrl+alt+del) ,you can easily understand this. Task list is list of task which are
running on windows currently. If you open any application,it will be added to task.
To List the Tasks type in cmd as :
tasklist
This will show the list of task which are running as shown in the picture
To stop the Process or task ,there is two methods :
Using Image Name: We can kill the task using its Image Name as follows:
tasklist /im notepad.exe
Using Process Id: we can stop the process using its process id as follows :
tasklist /pid 1852
4. type type is used to read the text document in command prompt . You can read multiple text in continuously
type filename.txt
5.netstatNeed to know who (or what) is making a
connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host
IP Addresses to a fully qualified domain name. I usually run the netstat command using the
-a (displays all connection info),
-n (sorts in numerical form) and
-b (displays executable name) switches.
6.net commandAlthough this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.
It is mostly used for viewing (only services that are started), stopping and starting services:
- net stop server
- net start server
- net start (display running services)
and for connecting (mapping) and disconnecting with shared network drives:
- net use m: \\myserver\sharename
- net use m: \\myserver\sharename /delete
Other commands used with net command are,
accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).
Below are all the options that can be used with the net command.
[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]
7 -
nslookup - With the Internet, DNS (
Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting
DNS servers.
Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful
when only a single piece of data needs to be returned. For example, to resolve google.com:
To use the interactive mode, just type
nslookup at the prompt. To see all available options, type
help while in interactive mode.
Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).
set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).
set type (sets the query record type that will be returned, such as A, MX, NS)
server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
To exit out of interactive mode, type
exit .
8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
To ping a system just type at the prompt:
ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (
-n ), and to resolve IP addresses to hostname (
-a ).
To use tracert, type at the prompt:
tracert www.google.com. You can force tracert to not resolve address to hostnames by using the
-d switch, or set the desired timeout (milliseconds) for each reply using
-w switch.
9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the
/S and
/U switches.
10 -
netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and
monitoring Windows computers from the command prompt. It capabilities include:
- Configure interfaces
- Configure routing protocols
- Configure filters
- Configure routes
- Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
- Display the configuration of a currently running router on any computer
Some examples of what you can do with netsh:
- Enable or disable Windows firewall:
netsh firewall set opmode disable
netsh firewall set opmode disable
- Enable or disable ICMP Echo Request (for pinging) in Windows firewall:
netsh firewall set icmpsetting 8 enable
netsh firewall set icmpsetting 8 disable
- Configure your NIC to automatically obtain an IP address from a DHCP server:
netsh interface ip set address "Local Area Connection" dhcp
(For the above command, if your NIC is named something else, use
netsh interface ip show config and replace the name at Local Area Connection).
As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following
Microsoft article for more info on netsh.
Different types of Email Account Hacking
The Basic level Hacking is
Email Account Hacking. Everyone like to do first email account hacking only. So here is the tutorial for budding hackers about email Hacking.
There are different types of Email Account Hacking . Here is some of them :
![[Image: 2_25_10%252520volusion%252520keyloggers.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTZcvdgGQOzdfiWF7CVSoiqexSEGxyPjPFGus5O5UeQ13ytkMAP5DRhTdZY5tWz5CPWW38ZEVnr_LU4_ePlejMlgl-9Pmz7YMDG0K-TVvOTB1se4v8a5NSRgmNP2u3FtN9D-GIPSrFhN8/s320/2_25_10%252520volusion%252520keyloggers.jpg)
![[Image: 1.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgT5KyWLV8ATy1QIQMmrcfTn5OD5oxFF7zbABtNvt74BoOGCO1eedRPiQahuslC53nZ4PkcV2zA4VZCZd9Pk8_7HQxzkzRh9_b_kL0EIHwiBFSBf96wnOh1HPKBuWJh15X_RR_IP9siHHI/s320/1.png)
![[Image: 2.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCOBDf2Sf_vyGdrQVaw7MxGCO1_TVoj-HDQFtA46k9ZWR9cp9rhJFekP3ll7_shErrfALtck2dPHLjahPL3Y03bPqBbXnb4qf86xxB1yhZFnJudmVfdtGULbRYwvbx3zD9wr2AvvYaLnw/s320/2.png)
