What is Metasploit? [Explained for Beginners]

Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world's largest database of public, tested exploits. In simple words, Metasploit can be used to test the Vulnerability of computer systems in order to protect them and on the other hand it can also be used to break into remote systems.

Its a powerful tool used for penetration testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience

Download Metasploit from here
http://www.metasploit.com/download/

 Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.

1. Select a right exploit and then set the target.
2.Verify the exploit options to determine whether the target system is vulnerable to the exploit.
3.Select a payload
4.Execute the exploit.

You must be confused !!!!

Now carefully read the following basic terms to get an idea about these four steps mentioned above .I have defined the terms technically and side by side explained in layman language to clarify the things. I have taken an example that an attacker wants to break into a house . I hope my this approach will give you a great idea about these basic terms .

Vulnerability -A weakness which allows an attacker to break into or compromise a system's security.

Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.

Exploit - Code which allows an attacker to take advantage of a vulnerability system.

The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits.

Payload- Actual code which runs on the system after exploitation

Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can Steal Money destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.

I hope its enough friends, You will learn more with further tutorials when you will start working with metasploit practically.

How to Crack WEP Key With Backtrack 5 [wifi hacking]

As announced before we would be writing related to wifi attacks and security, This post is the second part of our series on wifi attacks and Security, In the first part we discussed about various terminologies related to wifi attacks and security and discussed couple of attacks. This post will also show you how one can easily crackWEP keys in no time.


Security Issues With WEP


WEP (Wired Equivalent Privacy) was proved full of flaws back in 2001, WEP protocol itself has some weakness which allows the attackers to crack them in no time. The biggest flaw probably in a WEP key is that it supports only 40bit encryption which means that there are 16million possibilities only.

For more information on WEP flaws, kindly read the WEP flaws section here.

Requirements :-

Here is what you would require to crack a WEP key:

1. Backtrack or any other Linux distro with aircrack-ng installed

2. A Wifi adapter capable of injecting packets , For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack

You can find compatible wifi card lists here.

Procedure :-

First Login to your Backtrack / Linux distro and plug in your Wifi adpter , Open a new konsole and type in the following commands

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type in " iwconfig ".

Top 10 Facebook Hacks [Userscript Hacks]

NOTE:  This is an old post that has been modified with new links and text, so few userscripts may or may not work according to recent facebook privacy changes :)

Userscripts have taken our entire online experience to a new level, with userscripts we can easily add any kind of JavaScript activity to our online service's like I posted YouTube Center Script that enhances the YouTube experience by providing you various playback options and much more, so today I will be posting 10 great userscript hacks that will allow you to modify your facebook experience.
So using these userscripts I have posted below you will be able to view albums, change your facebook layout and much more so jump in and lets get started.

1. View Private Albums - well you can easily view private albums of any person if he or she is not your friend too, well just install this userscript [Link] and see links to original image to their albums.
2. Remove Facebook Advertisements - facebook cleaner is another good userscript that simply allows you to remove that bad sponsored and advertisement area from facebook so to do that just install this userscript[Link] and see them vanished away.
3. Redirect Real Profile's - normally when searching about any person you come across your public pages, well using this userscript [Link] you can get redirected to real people's profile, well make sure that you are logged in to facebook for avoiding infinite loop's.
4. Undo Facebook Changes - facebook always come's with something special and unique but everyone does not accept those changes, so if you are one of them then this simple userscript [Link] will allow you to undo an facebook change by choosing at what level you want to undo at, so its really a good hack.
5. Viewing all Photo's - well sometimes you may try to view every photo related to that person, well you can not do that if that person has some tight privacy settings or something by using this easy userscript [Link]you can do that.
6. Find More New Friends - sometimes your known friends join facebook but you do not know about that thing, well using this official facebook feature [Link] you can find them by checking your friends list.
7. Sharing File from Facebook - well are wondering how to share file's from facebook well these 30 apps [Link]will allow you to desktop share anything using Facebook.
8. Get Job from Facebook - well if you are a facebook addict then this could be the easiest way to get job on facebook as this apps [Link] include easy job opportunities and other stuff for you.
9. Tighten Privacy on Facebook - well if you consider a good privacy plan for your facebook profile then these privacy checking tool's [Link] will allow you to check your online facebook privacy and will tell you what to tighten up for more optimum level of facebook experience.
10. Cheat Facebook Texas Poker - well using this simple tool [Link] you can see cards of any player's and hence you could cheat out virtually.

Protect Your Website Against SQL Injection

one of the common methods that are being used by hackers is SQL INJECTION.

Sites get hacked by the sql injection due to the loop hole that is left by developers most of the times while developing a web application.

I will be explaining you today how to avoid SQL INJECTION when you are developing a web application with PHP.

I will be explaining with the help of an example, suppose we have text fields on our form

1. User Name

2. Password

and a login button.

When we login, the validation for the valid user is checked on the back-end. If the user is a valid user, he logs into the system else an error message “incorrect username or password” is shown.

What happens on the back-end,

$userName=$_POST[‘userName’];


$password =$_POST[‘password’];

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ;  ”;

This is where the developer has left a loop hole if instead of password I enter  ‘ or ‘a’=’a the password field has the value


$password is  ‘or ‘a’=’a

Lets place this value in query and the query becomes

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password=’ ‘or ‘a’=’a’;   ”;

You can see clearly , password doesn’t match but the other statement  a=a matches so  OR operator will work and the user will login into the system without knowing the actual password. I can even give you the names of some famous websites  where you can inject sql or use this technique.

HOW TO AVOID IT ???

Don’t treat the field values as mentioned above

Use this function

function BlockSQL Injection($str){           

return str_replace(array("'",""","'",'"'), array("'",""","'","""), $str);

}

This will replace the characters( that can break the string) in the string.

So you can use this function as

$userName= BlockSQL Injection ($_POST[‘userName’]);


$password = BlockSQL Injection ($_POST[‘password’]);


Now the hacker wont be able to break the QUERY STRING.

We have many frameworks in PHP that provide this functionality such as quotes_to_entities($string) in CODE IGNITER.

Use some design pattern when you are building a big application, model, controller, your view layers and DAO (data access object layer) must be implemented to make it loosely coupled and extensible.

A huge number of sites have been developed in core php, where we don’t use any framework. Wordpress is very secure but when it comes to PLUGINS (that we download and use), they can have the loop holes inside them. Stay alert while developing web applications, you never know when you are gonna get hacked. Stay blessed! :)

Good Luck !

How You Can Claim A New Site Or Blog On Alexa.

ALEXA is the Web Information Company, powered by AMAZON which contains all the records and information about the websites or blogs all around the online world. You can Write A Review On ALEXA about a certain website. You can also claim your blog/website on ALEXA to check the status, there where it’s standing globally and within a certain country. Today in this tutorial, i am going to share with you the two features of ALEXA:

1. How You Can Claim A New Site Or Blog On Alexa.

This feature is used when you have a new website or blog and you want to claim it on ALEXA to keep updated with the Ranking, Reviews, and Sites Linking status about your blog/site. To claim new website or blog at ALEXA, follow the steps below:

(A) Go to ALEXA and get yourself register first if you are not register.

(B) Click On “Create An Account” Button. A “Register An Account” window will open, register yourself by filling the Email & Nickname Form Or either with Facebook.

(C) If you have registered yourself by Filling The Form, confirm your registration by either clicking the link or copy the link in your email and paste it in the URL bar in your browser.

(D) In “Choose A Password” window “SET and VERIFY the Password” and click Submit button.

(E) After register, go to your DASHBOARD and click on Do You Have A Website “ADD IT NOW” button.

(F) Select your subscription plan as “FREE”.

(G) Enter your "Website URL" and click “CONTINUE”.

(H) A “CLAIM YOUR SITE” window will open, select the method you want to verify with, and click“VERIFY” button.

(I) If everything goes fine, you will see the message in green “YOUR SITE SUCCESSFULLY CLAIMED”,click “CONTINUE.”

(J) Then a ”SITE LISTING” window will open, enter your all details and select the country from the list if you want to show the rank in the specific country as well and click “SAVE CHANGES”.

That’s all set, ALEXA will start ranking your log or website in few days.

TIP: To increase your ALEXA rank fast, daily update your website or blog.

2. How To Remove The Claimed Website Or Blog URL From Alexa.

This feature can be used, when you want to permanently remove or replace your old URL of blog/website with new URL. e.g. You were using a free sub-domain and claimed the blog with that certain URL on ALEXA and now you purchased the new custom domain, and you want to remove that sub-domain and claim this custom domain. To remove the claimed website or blog URL, follow the steps below:

(A) Log in to ALEXA Dashboard.

(B) Click on “SITE MANAGEMENT” & select “SUBSCRIPTION” from the drop down menu.

(C) A “Manage Subscription” window will open, click “CANCEL SUBSCRIPTION” button in Subscription Information box.

(D) A “Message and Feedback” windows will appear, select the options as you like.

That’s all, go back to your ALEXA dashboard, and you will see no site URL there.

- If you have any questions, please feel free to ask and drop your comments below

EARN MONEY ONLINE WITH PTC SITES

On internet, you have seen that there are different people and companies advertise to earn money online. Since it has become an easiest way of advertising and earns money. Here online some people and companies are scam, who charge the money and in return no reward given. So I advise everyone to beware of these people and companies and never pay anything to anyone for earning online. On the other hand there are some companies and sites which are 100% legitimate and give you reward according to your efforts. There are different ways to earn money online, like earn money by advertisements, by Google AdSense, by PTC (PAID TO CLICK), by reading mails, writing articles and etc. In this post, i am going to discuss the way to earn money online with PTC (PAID TO CLICK).

What is PTC?

PTC means PAID-TO-CLICK, there are some sites which provide this facility that when you click on an advertisement, it loads for 10 to 15 seconds and some cents or pennies credited to your account. The process is a bit slow to earn with PTC sites, but once you get used to it and understand all the features of the certain PTC site, you can definitely earn a huge amount monthly.

Which PTC sites are legitimate and genuine?

There are thousands of PTC sites online, which advertise to earn with just click on advertisements. But majority of the sites are fake and did not process your payment. So here i am going to show the two of the best, 100% legitimate and genuine PTC sites.

1. NeoBux
2. ClixSense

 NeoBux:

NeoBux is one of the best and top rated website in PTC industry. Each advertisement package has its own payment when you click on them. Except that, NeoBux has some more exceptional features through which you can earn even more.

• Direct Referrals - Who register under your referral link, when they click on daily advertisements, you will get the commission.
  
  
• Rented Referrals - You Can Pay and hire other NeoBux users, when they click on daily advertisements, you will get the commission.
  
  
• Mini Jobs – There are some mini CROWD FLOWER tasks, by doing so you can earn even more.
  
  
• AD Prize – AD Prize is activated when you click on an advertisement and against each advertisement there are 3 chances added to AD Prize and when you click on them, it’s your luck that either you have won something or not or if you have won, how much prize is it?

The minimum payout at NeoBux starts with $2 USD.

ClixSense:

ClixSense is another one of the best PTC site online. It also has each advertisement package which has its own payment when you click on them and it’s with loaded with various great features. It does not have rented referrals features instead of that it has CLIXGRID game.

• ClixGrid: It’s a grid game in which you get 50 chances (As A Premium User) and 25 Chances (As A Standard User) to click on a grid and it’s your luck that either you have won something or not or if you have won, how much prize is it? 

The minimum payout at ClixSense is $8 USD, if you are a STANDARD user and if you are a PREMIUM user, the minimum payout will be $6 USD.

To start earning through these PTC sites you first need to register an account on PAYZA/PAYPAL.

Register yourself on PAYZA/PAYPAL with the following links:

PAYZA: https://secure.payza.com/?BXupLllmE6UMsby1HtWlyg%3d%3d

 

PAYPAL: www.paypal.com

 

PAYZA/PAYPAL are the E-Wallets which are supported by the PTC sites for making money transactions.

 

If want to register:

At NEOBUX visit the following link:

http://www.neobux.com/?r=ubaidh09

 

OR

At CLIXSENSE visit the following link:

http://www.clixsense.com/?2638260

- If you like my post, please take seconds to share.

4 Steps To Delete All Facebook Messages With A Single Click

As you know about Facebook, it's the biggest platform among all the social networks. It is consider as one of the best social networks, because it provides with each and every feature a user needs to socialize. But there are many things which a user needs and Facebook does not provided the specific features like "Delete All Facebook Messages At Once/With Single Click" and many other features like this etc. All though, Facebook better knows that why they have not given the access to the certain features. So we are talking about the missing feature which is to select and all the messages at once. If you have 1-2 messages in your Facebook inbox then it’ easy to open them one by one and delete conversation but if you have a lot of messages in your inbox then it becomes really hectic and irritating to open them one by one and erase them. Many people are in search of this trick/method to select and delete all the message sin their Facebook inbox at once which saves time and energy. Therefore I wrote this tutorial to help the no. of people with this simple trick. You just have to follow the simple steps below.

• Must Read This: Invite Multiple Facebook Friends To A Page/Event By A Click 

1. Enable the Bookmarks Toolbar In Your Browser. 

If You Are Using Google Chrome Then:

Click the Menu Icon At The Top Right > Bookmarks > Show Bookmarks Bar. 

OR 

Press Ctrl + Shift + B To Display the Bookmarks Bar.

If You Are Using Firefox Then:

Go to Options > Check Bookmarks Toolbar. 

2. Once you have enabled the Bookmarks Toolbar in your browser, drag and drop the following “DELETE FACEBOOK MESSAGES” button to your toolbar. 

3. Now open your Facebook inbox and click the “DELETE FACEBOOK MESSAGES” button in the toolbar. 

4. Press the “DELETE FACEBOOK MESSAGES” button in the toolbar again and again until all of your messages are deleted. 

Facebook Inbox After Deleting All Messages:

That’s it. Doesn't matter how many messages are there in your Facebook inbox, it will be cleaned with this easy way.