Tag Archives: Hacking

How to Crash Your Computer Using a Batch File

Method 1 of 2

start %0
%0
  1. Crash Your Computer Using a Batch File Step 1
    1
    Open Notepad and paste the text above.
  2. Crash Your Computer Using a Batch File Step 2
    2
    Save the file as anything.bat removing the trailing .txt.
  3. Crash Your Computer Using a Batch File Step 3
    3
    Find and run anything.bat to cause your computer to crash.
  4. Crash Your Computer Using a Batch File Step 4
    4
    Finished.

Method 2 of 2: Using up resources on the computer

This method is similar to the first one, but it does not open any windows or programs, making it much more discreet.

  1. Crash Your Computer Using a Batch File Step 5
    1
    Copy and paste this code into Notepad or whatever text program you’re using.

    • @echo off
      A
    • start
    • goto A:
  2. Crash Your Computer Using a Batch File Step 6
    2
    Save as a batch file. It’s ready.
     Source:wikihow.com
Advertisements

How to find a bug in application for penetration ?

A very good and important point. Right? If you are a software tester or a QA engineer then you must be thinking every minute to find a bug in an application. And you should be!

I think finding a blocker bug like any system crash is often rewarding! No I don’t think like that. You should try to find out the bugs that are most difficult to find and those always misleads users.

Finding such a subtle bugs is most challenging work and it gives you satisfaction of your work. Also it should be rewarded by seniors. I will share my experience of one such subtle bug that was not only difficult to catch but was difficult to reproduce also.
I was testing one module from my search engine project. I do most of the activities of this project manually as it is a bit complex to automate. That module consist of traffic and revenue stats of different affiliates and advertisers. So testing such a reports is always a difficult task. When I tested this report it was showing the data accurately processed for some time but when tried to test again after some time it was showing misleading results. It was strange and confusing to see the results.

There was a cron (cron is a automated script that runs after specified time or condition) to process the log files and update the database. Such multiple crons are running on log files and DB to synchronize the total data. There were two crons running on one table with some time intervals. There was a column in table that was getting overwritten by other cron making some data inconsistency. It took us long time to figure out the problem due to the vast DB processes and different crons.

My point is try to find out the hidden bugs in the system that might occur for special conditions and causes strong impact on the system. You can find such a bugs with some tips and tricks.

So what are those tips:

1) Understand the whole application or module in depth before starting the testing.

2) Prepare good test cases before start to testing. I mean give stress on the functional test cases which includes major risk of the application.

3) Create a sufficient test data before tests, this data set include the test case conditions and also the database records if you are going to test DB related application.

4) Perform repeated tests with different test environment.

5) Try to find out the result pattern and then compare your results with those patterns.

6) When you think that you have completed most of the test conditions and when you think you are tired somewhat then do some monkey testing.

————

7) Use your previous test data pattern to analyse the current set of tests.

8) Try some standard test cases for which you found the bugs in some different application. Like if you are testing input text box try inserting some html tags as the inputs and see the output on display page.

9) Last and the best trick is try very hard to find the bug .As if you are testing only to break the application!

Source:http://www.softwaretestinghelp.com/

Hack Mobile Phones With Bluetooth

You must have seen in movies that a HACKER accessing mobile phones to steal their important data. Bluetooth hacking is the most popular way to hack or to steal data from any phone.

There are lot of tools and softwares available on internet that can be used to hack any phone.
One of the most popular ways to transfer data between two mobile devices, in range, is via Bluetooth. But Bluetooth just like any other wireless network is prone to attackers. Bluetooth hacking could be classified into the following ways.
  • BlueJacking
  • BlueSnarfing
  • BlueBugging

In this post I have outlined only some Bluetooth hacking software.

1. Bluescanner :

The first thing one would need in bluetooth hacking, is to identify all the devices ahve their blutooth turned on. Bluescanner is a tool for windows OS , which help in discovering the Bluetooth devices as well as tries to get all the information for a newly discovered device.

2. Super Bluetooth Hack

This is one of the best tool used in hacking and is used to read information and controlling any phone with remote cell phone via Bluetooth.The Phone call list and SMS can be stored in the HTML type. In addition, it can also show the information about the battery, Sim network and many more.
If you want to download the software (Super Bluetooth Hack) simply download it and use it. It is quite easy to use. Follow these steps to install SBH(Super Bluetooth hack) directly to your phone :
1.Go to m.brothersoft.com.
2.Find Quick Download Page link at the bottom of the page.
3.Enter this Code: 127249
4. And your download will start Automatically.

3. BTbrowser

It is a J2ME mobile application which offers the same functionality similar to that BlueScanner.With this tool you can the browse and explore files. This application works on phones , which support JSR-82 such as Nokia 6600 and Sony Ericssion P900.  Download

4. BTCrawler

The BT Crawler is a device scanner for window Based mobiles. It can also perform other bluetooth hacking techniques, namely Bluesnarfing and bluejacking, to vulnerable bluetooth devices in range.
Download BTCrawler  Download.

Collect Email Addresses from Websites using Harvester

The information gathering steps of  footprinting  and scanning are the most importance before hacking. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client.

We can say that Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking. So, gathering valid login names and emails are one of the most important parts for penetration testing.

TheHarvester has been developed in Python by Christian Martorella. It is a tool which provides us information of about e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key server.

This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use. The sources supported are:

Google – emails, subdomains/hostnames

Google profiles – Employee names

Bing search – emails, subdomains/hostnames, virtual hosts

Pgp servers – emails, subdomains/hostnames

LinkedIn – Employee names

Exalead – emails, subdomain/hostnames

New features:

Time delays between requests

XML results export

Search a domain in all sources

Virtual host verifier

Getting Started:

If you are using kali linux, go the terminal and use the command theharvester.

In case, if it is not available in your distribution, than you can easily download it fromhttp://code.google.com/p/theharvester/downlaod, simply download it and extract it.

Provide execute permission to the theHarvester.py by [chmod 755 theHavester.py]

After getting in to that, simply run. /theharvester, it will display version and other option that can be used with this tool with detailed description.

#theHarvester -d [url] -l 300 -b [search engine name]

#theHarvester -d sixthstartech.com -l 300 -b google

-d [url] will be the remote site from which you wants to fetch the juicy information.

-l will limit the search for specified number.

-b is used to specify search engine name.

From above information of email address we can identify pattern of the email addresses assigned to the employees of the organization.

#theHarvester -d sixthstartech.com -l 300 -b all

Screenshot - Monday 11 August 2014 - 04:18:54 IST

This command will grab the information from multiple search engines supported by the specific version of theHarvester.

Save the result in HTML file. Command: 

#theHarvester.py -d sixthstartech.com  -l 300 -b all -f pentest

To save results in html file -f parameter is used as shown in this example.

Screenshot - Monday 11 August 2014 - 04:26:03 IST

CRACKSTATION:Best password cracking dictionary

What’s in the list?

The list contains every wordlist, dictionary, and password database leak that the creator could find on the internet (and he spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.

The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline “\n” character.

You can test the list without downloading it by giving SHA256 hashes to the free hash cracker or to @PlzCrack on twitter. Here’s a tool for computing hashes easily. Here are the results of cracking LinkedIn’s and eHarmony’s password hash leaks with the list.

The list is responsible for cracking about 30% of all hashes given to CrackStation’s free hash cracker, but that figure should be taken with a grain of salt because some people try hashes of really weak passwords just to test the service, and others try to crack their hashes with other online hash crackers before finding CrackStation. Using the list, we were able to crack 49.98% of one customer’s set of 373,000 human password hashes to motivate their move to a better salting scheme.

Download:https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Source:http://forum.top-hat-sec.com/index.php?topic=2371.0

The Hacker Search Engine “Shodan” is the Scariest Search Engine on Internet

Launched in 2009, Shodan is more of a prying eye across the world through the IoT rather than just a simple search engine. John Matherly, its creator, named his project after the villainous computer in the video game System Shock. As in present, Shodan is living up to his name. Already designated as ‘world’s scariest search engine’, it is commonly called the hacker search engine.

Shodan shows you what Google doesn’t. Designed with an aim to link all the devices connected to the Internet, it took no time to become a play zone for hackers and experimenters. Shodan works by collecting and stacking HTTP addresses from various devices linked over the Internet across the world. The indexing is done on the basis such as country, OS and brand.

Shodan’s scanning power can be assumed from the fact that it can detect the traffic lights, security cameras, control systems for gas stations, power grids, and even nuclear power plants. Most of these public services use little measures for online security and once exposed to hackers or terrorist organizations, the results could be disastrous.

If you have installed telnet enabled security cameras in your home for “security”, then you might want to put them away. Hackers can breach into your system if your IoT hub is exposed on the Internet using this hacker search engine. It won’t be easy, however, it is not impossible either.

There are a number of devices out there that still run on their default passwords or no passwords at all. Shodan crawls through the Internet for such accessible devices and you are shown 50 of those if you have an account on Shodan. If you could give the website the reason to check these devices with their fees, you would get information of all the devices.

Though, even if you can,  we highly recommend you to not misuse Shodan, the hacker search engine.

AnonSec Hack on NASA reveals Chemtrails and GPS locations

CROSS-POST from Cyberwarzone

Author: Reza Rafati

Incredible, the AnonSec hackers claim to have gained access to information which would verify that chem trails are being used by governments. Cyberwarzone has no experience regarding chem trails, but we can clearly see that this information has been gathered from official resources.

The AnonSec hackers claim to have hacked NASA servers which held classified information like GPS locations, Weather modification and Drone activity.

The AnonSec hackers have published the leaked information on MEGA and it can be downloaded by anyone as long as it is still online.

anonsec opnasadrone
Click on the picture to download the files.

ANONSEC ON THE CHEMTRAILS: CHEMTRAILS IS A FORM OF WEATHER MODIFICATION. ONE BY TRAPPING THE WHICH VIRTUALLY BLOCK OUT THE SUNLIGHT(WHILE ALSO POISONING EVERYONE ON EARTH) IT ALSO HEATS UP THE PLANET. NOT TO MENTION THESE CHEMTRAILS CAN BE CONTROLLED BY HARRP SINCE THEY ARE FILLED WITH ALUMINUM AND REACT TO ELECTROMAGNETIC PULSES.

Besides the Chemtrail information, it is important to remember that companies, governments and households fail to secure their private information.

So the next time, you see your company IT-staff, ask them about the security and if they think that it is important. It might shock you what some will answer.

Source: cyberwarzone