HideMan2 Premium vpn Life Time

Hideman 2

Hideman application creates VPN connection to one of our servers located in 16 countries around the world. We try to add new servers as fast as we can.
VPN connection protects your privacy and increase security level.
This crack will remove the hour limit of Hideman 2,letting you to be connected to the VPN Server forever

• How to Crack ?

  1. Install Hideman 2
  2. Exit from Hideman using system tray icon (important)
  3. Turn off any virus guards
  4. Run Hideman 2 Crack, and press crack button
  5. If asked browse and select ‘Hideman.exe’ file from Hideman installation path
  6. Done   
  How to fix Disconnected issue ?
  sometimes you will continuously get disconnected message in hideman after applying crack.follow the steps given below to fix it
  
• Run Hideman
• Press +1/1 button under Hours (nothing will happen other than loading,its OK)
• Go to Payment Menu > Click 1 Month option (it will open a web page,just close it)
• Now close Hideman completely using system tray icon
• Go to Hideman installation path and delete ‘pref.cdat’ file (example path : C:\Program Files\Hideman\bin)
• Now open Hideman and it will work normally [If this didnt work, re-apply the crack at step 5]

 Download:

HideMan2+cracke.rar 

Read more ...

#opSaveGaza / #opIsrael -- Ultimate Hackers

You Can Burn Our Mosques, Our Homes , 

* Our Schools And Whatever You Want  

 But !

* Our Sprit Will Never Die!  

* We Will Never Go Down! * Stop Killing Innocents

#opSaveGaza / #opIsrael

 

[Some Israel websites hacked]

http://bodyguard.co.il/save_gaza.html
http://text2join.co.il/save_gaza.html
http://derech-eretz.co.il/save_gaza.html
http://warranty.roltime.co.il/save_gaza.html
http://frogs.co.il/save_gaza.html
http://psychoblog.co.il/save_gaza.html
http://www.3access.com/index.html

[Gov + UseFul Sites Down]

 

http://gov.il

http://mossad.gov.il

http://health.gov.il

http://bankmassad.co.il

http://act.co.il

http://president.gov.il

http://kranoth.org.il

http://mfa.gov.il 

http://investinisrael.gov.il

http://agri.gov.il

http://wiezmann.ac.il

and many more!

./Ultimate hackers

Greetz to : 1337kh4n , 4n0nkh4n ,r007 ,d4rk1337 ,Cyb3rd0n ,baby<3 And all other Ultimate Hackers Members!

#-Proof

 

 

Read more ...

Secure Your PC by using Image as Login Password

In this post i am sharing a new way you can set password for your laptop or PC if you are using Windows 8. You can secure your Computer Easily by using Image as password for your Login. Yes, It is possible now,
In windows 8 you can Use image as your password. Using Text password is old and Boring way, Why not try something different. Their are many benefits of using Image as wallpaper, most important is that it is more secure than any text password. Read The full Post, I have mentioned Each step that you can follow to change or Use Any picture as Password. Using Image Gesture is very easy to use in windows 8

Steps To Create a Picture Password for Windows 8 :

Step 1: First Step is to creating a text password. Press Win key + I , Then click on Change PC settings. Than you will see an option of Create password below Sign-in Options. Just click on create password and Type any safe password for you.

Step 2: Now a new option for Create a picture password will be visible to you. Like in Below given Screenshot. Just Tap on it and choose a New Picture you want to set as password

 Step 3: Now the Third Step is very important. You have to Make 3 Gestures on the picture you choose as password for your PC. Making Gesture is very Easy, but you have to keep that gesture in your mind as that gesture will allow you to login in your PC after setting picture as password. You can make a line, circle or box or anything. But Make it easy to remeber. You can check below screenshot. This arrow is my first gesture.

Also Check :   Setting Up Port Forwarding In Router :D

Step 4: Now Click on next and Make another gesture. You have to make 3 gesture.  After Making Click Save.

Its done, Now you had set an picture as password for your window 8. If you like this article, comment below and Support me to bring such more interesting Article for you.

Below given screenshot is the 3 gestures i have used for my password. You can also create any gesture like me.

               

Read more ...

infosec interview questions

1) What do you see as the most critical and current threats effecting Internet accessible websites?
2) What online resources do you use to keep abreast of web security issues?
3) Give an example of recent security vulnerability or threat?
4) Difference between a threat, vulnerability and risk?
5) What do you see as challenges to successfully deploying/monitoring web intrusion detection?
6) Definition of XSS and its impact on servers and clients?
7) What are the important steps you would recommend to secure a new web application and web server?
8) What is DOM based XSS?
9) What is Blind SQL injection?
10) Where do you get security news from?
11) If you had to both encrypt and compress data during transmission, which would you do first, and why?
12) Difference between HTTP and HTML?
13) Difference between stored and reflected XSS?
14) Common defenses against XSS?
15) Difference between Stateful and Stateless firewall?
16) What kind of network do you have at home?
17) What port does ping work?
18) Explain CSRF?
19) How to defend against CSRF?
20) Difference between XSS and CSRF?
21) As a corporate Information Security professional, what’s more important to focus on: threats or vulnerabilities?
22) What are Linux’s strengths and weaknesses vs. Windows?
23) What’s the difference between Diffie-Hellman and RSA?
24) What kind of attack is a standard Diffie-Hellman exchange vulnerable to? 
25) What’s the goal of information security within an organization?
26) Are open-source projects more or less secure than proprietary ones?
27) What’s the difference between encoding, encryption, and hashing?
28) What is salting?
29) Who do you look up to within the field of Information Security? Why?
30) What is NMAP? Show some nmap commands.(avoid firewall/ids, noping etc.,)
31) What is Key Escrow?
32) What is nonce?
33) What does RSA stand for?
34) What is DES?
35) What is triple DES?
36) What is the difference between Symmetric and Asymmetric?
37) How does HTTP handle state?
38)  In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which?
39) How exactly does traceroute/tracert work at the protocol level?
40) What is a Buffer Overflow?
41) What is a NOP Sled?
42) Design a secure network
43) How do you securely link two offices together?
44) What is the security threat level today at the Internet Storm Center (ISC)?
45) What is SSL?
46) How do you create SSL certificates, generically speaking?
47) What is DNS Hijacking?
48) What is the latest security breach you’re aware of?
49) Have you hacked any system?
50) Can a Virtual Operating System be compromised?
51) What is UPX?
52) What is meterpreter?
53) What is LDAP?
54) Why is LDAP called Light weight?
55) What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
56) What are rainbow tables?
57) What is dsniff?
58) Other than Wireshark, what sniffers have you used?
59) What was the last course you attend? Where? When? Why?
60) What was the last technical book you read?
61) Describe the last security implementation you were involved with.
62) What is a honeypot?
63) Are there limitations of Intrusion Detection Signatures?
64) Describe TCP 3-way Handshake?
65) Difference between pen testing and vulnerability assessment?
66) Difference between vulnerability and mitigation?
67) Give me an example of a vulnerability at each layer of the OSI reference model.
68) Give me a type of mitigation for each of the vulnerabilities you have just provided.
69) OSI(Open System Interconnection) model
70) What is MITM?
71) What is a Syn Flood attack, and how to prevent it?
72) What’s the difference between a router, a bridge, a hub and a switch?
73) Your network has been infected by malware. Please walk me through the process of cleaning up the environment.
74) What’s the difference between a Proxy and a Firewall?
75) Why should I use server certificates on my e-commerce website?

76) What’s port scanning and how does it work?
77) Process of pen testing a system
78) What is NAT and how does it work?
79) What is false positive and false negative?
80) Please detail 802.1x security vs. 802.11 security
81) How would you harden a Windows Server? What about a Linux Server?
82) What are the latest threats you foresee for the near future?
83) What is ISO 27001 and why should a company adopt it?
84) What is the Microsoft Baseline Security Analyzer?
85) Define Security 
86) MAC OS vs. WINDOWS
87) Ping uses TCP or UDP?
88) Explain Authentication and authorization?
89) What is a Brute force attack?
 90) What is meant by client-side scripting?
 91) What is a cookie?
 92) Explain DOS, DDOS
 93) What is directory traversal attack?
 94) What is meant by reconnaissance?
 95) What is forced browsing?
 96) What is meant by session ID?
 97) Define Web application?
 98) What is meant by WAF?
 99) Explain different types of hackers?
100) what are the different types of penetration testing?
101) Explain CIA triad
102) what are Google hacks/dorks?
103) List out OWASP top 10
104) Define Hacking? What is ethical hacking?
105) what are the various penetration testing methodologies?
106) what is social engineering?
107) In the context of Metasploit, explain what is meant by exploit, payload, auxiliary, encoders, NOP, post
108) what are root kits?
109) Explain Steganography
110) Difference between autopwn and armitage
111) what is meant by backdooring?
112) what is INCIDENT RESPONSE?
113) what is chain of custody?
114) what are the different port’s used commonly and list out their port no’s?
115) what is imaging?
116) what is padding?
117) what is pivoting?
118) what is SSH, FTP, TSL?
119) what is HTTP response splitting?
120) what is RFI, LFI?
121) what do you know about encryption?
122) Can CSRF be done for POST and GET methods?
123) what is the encryption of ssl certificate in a website?
124) Difference between public and private key?
125) what is chain of custody?
126) what is meant by incident response?
127) what is hacktivism?
128) what is a firewall? types of firewall?
129) what is ssl, how do you create ssl certificates?
130) what is a spoofed packet
131) what is IDS or IDP? Give example?
132) what would you do if your system is compromised?
133) what is web-caching?
134) what is use of proxy servers?
135) what would you do if your network device is compromised?
136) what is GPG/PGP?
137) what is log host?
138) how do you manage a firewall?
139) if you were not using Apache as the reverse proxy, what Microsoft application/tool could you use to mitigate this attack?
140) Why we use firewall for security when we have facilities like access-list on routers ?
141) what is the difference between an SSL connection and an SSL session?
142) List and briefly define four techniques used to avoid guessable passwords.
143) what is a salt in the context of UNIX password management?
144) what is the difference between rule-based anomaly detection and rule-based penetration identification?
145) what is the difference between statistical anomaly detection and rule-based intrusion detection?
146) Describe SOAP and WSDL
147) what protocols comprise SSL?
148) what are hidden fields in HTTP?
149) what steps are involved in the SSL Record Protocol transmission?
150) what is file enumeration?
151) what tools can you use to validate the strength of SID (session ID)?
152) what is phishing attack?
153) what is cookie gathering?
154) what is a dual signature and what is its purpose?
155) how can you ensure that all input fields are properly validated to prevent code injection attacks?
156) why do we need port scanning?
157) what are format string vulnerabilities?
158) Example of broken authentication and command injection
159) what is sql injection?
160) what are fuzzers?
161) what is runtime inspection?
162) what is ISO 17799
163) what is integer overflow?
164) what type of security testing have you performed? 
165) what is ARP spoofing?
166) During an audit, an interviewee is not disclosing the information being requested. How would you overcome this situation? 
167) Why should I use server certificates on my e-commerce website? 
168) Can a server certificate prevent SQL injection attacks against your system? Please explain.
169) What are the most common application security flaws?
170) What do you understand by layered security approach? 
171) Difference between virus, Trojan, spyware, malware and a worm
172) Can Linux be compromised? How secure is Linux? How would you compromise a LINUX system?
173) What do you do if you are a victim of a DoS attack?
174) What is a log host?
175) what are the security functions of SSL?
176) what is a 0 by 90 bytes error.
177) what is the problem of having a predictable sequence of bits in TCP/IP?
178) what is heap memory?
179) what is a system call?
180) what is 2 factor authentication?
181) what is IIS lockdown tool?
182) what is disaster recovery?
183) what is a null session?
184) what is incident management?
185) what is SAM (Security Account Manager)?
186) what is a SID (Security ID)?
187) what is the difference between TCP and IP?
188) what is the difference between TCP and UDP?
189) Explain IP Address?
190) what is Public IP and Private IP?
191) Define subnet mask, default gateway, loopback address and IPID?
192) what is Hypertext Transfer Protocol (HTTP)? What are request methods?
193) Difference between IPv4 and IPv6
194) what is the difference between stateful and stateless protocol? Explain with example?
195) how would you prevent man-in-the-middle attacks?
196) Example, recommendation and affect of DOM based XSS?

197) what is XSP(Cross site printing)?

198) Describe OSPF routing?

199) what are the consequences of HTTP trace request?

200) what is session hijacking?

201) how would you convince a client to use your security product?

202) how do you secure a Wi-Fi network?

203) what is a protocol, socket and port?

204) what is your area of expertise and why?

205) what is the difference between routing protocols and routed protocols?

206) Difference between session and cookie?

Read more ...

Top 10 basic networking commands in linux/unix

Networking is an essential part Unix and it offer lots of tools and command to diagnose any networking problem. When I was working on FIX Protocol we get lot of support queries to see whether FIX Sessions are connected or not. Since FIX Protocol uses sockets you can use net stat , telnet and other networking command available in Linux for finding problem and solve that.In this article I will show you basic networking commands in Unix and for what purpose they are used. with the combination of grep and find command on them you can troubleshoot most of networking problem

Networking Commands Example in Unix and Linux

These are most useful commands in my list while working on Linux server , this enables you to quickly troubleshoot connection issues e.g. whether other system is connected or not , whether other host is responding or not and while working for FIX connectivity for advanced trading system this tools saves quite a lot of time

• finding host/domain name and IP address - hostname
  • test network connection – ping
  • getting network configuration – ifconfig
  • Network connections, routing tables, interface statistics – netstat
  • query DNS lookup name – nslookup
  • communicate with other hostname – telnet
  • outing steps that packets take to get to network host – traceroute
  • view user information – finger
  • checking status of destination host - telnet
  
  

Example of Networking commands in Unix

let's see some example of various networking command in Unix and Linux. Some of them are quite basic e.g. ping and telnet and some are more powerful e.g. nslookup and netstat. When you used these commands in combination of find and grep you can get anything you are looking for e.g. hostname, connection end points, connection status etc.


hostname

hostname with no options displays the machines host name
hostname –ddisplays the domain name the machine belongs to
hostname –fdisplays the fully qualified host and domain name
hostname –idisplays the IP address for the current machine


ping
It sends packets of information to the user-defined source. If the packets are received, the destination device sends packets back. Ping can be used for two purposes

1. To ensure that a network connection can be established.
2. Timing information as to the speed of the connection.

If you do ping www.yahoo.com it will display its IP address. Use ctrl+C to stop the test.

ifconfig
View network configuration, it displays the current network adapter configuration. It is handy to determine if you are getting transmit (TX) or receive (RX) errors.


netstat
Most useful and very versatile for finding connection to and from the host. You can find out all the multicast groups (network) subscribed by this host by issuing "netstat -g"

netstat -nap | grep portwill display process id of application which is using that port
netstat -a or netstat –allwill display all connections including TCP and UDP
netstat --tcp or netstat –twill display only TCP connection
netstat --udp or netstat –uwill display only UDP connection
netstat -gwill display all multicast network subscribed by this host.

nslookup
If you know the IP address it will display hostname. To find all the IP addresses for a given domain name, the command nslookup is used. You must have a connection to the internet for this utility to be useful.
E.g. nslookup blogger.com

You can also use nslookup to convert hostname to IP Address and from IP Address from hostname.

traceroute
A handy utility to view the number of hops and response time to get to a remote system or web site is traceroute. Again you need an internet connection to make use of this tool.


finger
View user information, displays a user’s login name, real name, terminal name and write status. this is pretty old unix command and rarely used now days.

telnet
Connects destination host via telnet protocol, if telnet connection establish on any port means connectivity between two hosts is working fine.
telnet hostname port will telnet hostname with the port specified. Normally it is used to see whether host is alive and network connection is fine or not.

Read more ...

Auto Post In All Groups [ Facebook ]

Hello friends, If you wanna more friends, like and comment for your status update or if you wanna hug traffic for your blog/website then its good news for you. By this simple tutorial, we will show that how you can post to all facebook groups in a single click. There many fb groups on this social site, If you share one by one its take minimum 2 minutes for post in a a group, So if you have for example 15 groups its 30 minutes for this and using this tricks you can do in less than 1 minute.

Follow Simple Steps:

• Login to your Facebook account
• Go to your fb home page or Click here
• Open the Console Box in Google Chrome or Morzila Firefox

1. Google Chrome user press F12 or Ctrl+Shift+J to open Console Box
2. Mozilla Firefox uers Press Ctrl+Shift+K to open Console Box.

• Now Click Here Open The Script or Click Here to Download the Script
• Press Ctrl+A to select all then Ctrl+C to copy. Finally press Ctrl+V to paste into console box & Hit Enter

Write/make your post in the box appears and press the POST button.

Your Done, You Have Successfuly Posted Into All Groups. Any Problem/Help/Suggestion Feel Free To Contact Us!
Hope You Are Enjoying Our Article, Must Give Your Feedback

Read more ...

Free VPN • 100% Free PPTP and OpenVPN Service

Vpnbook

Free Open Vpn And PPTP
Surf Anonymously
100% Free Vpn Service

PPTP VPn :

• Free PPTP VPN Account (Easy to setup, no need to download any software, works with all Windows, Mobile and PS3 Devices)
  • Server #1: euro195.vpnbook.com
  • Server #2: euro213.vpnbook.com
  • Server #3: uk180.vpnbook.com (UK VPN - optimized for fast web surfing; no p2p downloading)
  • Server #4: us1.vpnbook.com (US VPN - optimized for fast web surfing; no p2p downloading)
  • Server #5: us2.vpnbook.com (US VPN - optimized for fast web surfing; no p2p downloading)
  • Username: vpnbook
  • Password: spa5urEp
  • More servers coming...

OpenVPn :

• Free OpenVPN Account (Requires Download of the free opensource OpenVPN Client, OpenVPN offers the best anonymity and is impossible to block by your government, school or Internet Service Provider.) - You should try all the profiles and see which provides the fastest and most stable speeds.
  • Server #1: Download Euro1 Server OpenVPN Certificate Bundle
  • Server #2: Download Euro2 Server OpenVPN Certificate Bundle
  • Server #3: Download UK Server OpenVPN Certificate Bundle (UK VPN - web surfing only; no p2p)
  • Server #4: Download US1 Server OpenVPN Certificate Bundle (US VPN - web surfing only; no p2p)
  • Server #5: Download US2 Server OpenVPN Certificate Bundle (US VPN - web surfing only; no p2p)
  • All bundles include UDP53, UDP 25000, TCP 80, TCP 443 profile
  • Username: vpnbook
  • Password: spa5urEp

Read more ...

How Hackers Hack Any Account Using Authenticaion Flaw - 2nd Part

                         Hello, folks! after a short break i'm back with an interesting post, How Hackers Hack any account using Authentication Flaws - 2. You might had read my previous 1st part on Authentication Flaws, it is amazing article for beginners who wants to learn basic about Authentication Flaws. So today we'll learn second method of Authentication, well there are many methods lets explore this Basic one.

Requirements :

• OWASP-BWA Pentest lab or WebGoat
• Strongly recommend you to read my previous article
• Burp Suite
• Brain, Understanding and Little knowledge of Web Architecture

Short Description and Explanation : I'd already gave all explanation of Authentication flaws in previous post, today we'll learn another method of Authentication Flaw. As from the beginning i m telling finding authentication flaw in website is little harder, researcher or hacker need to understand how web application, server, and other protocols are communicating with each others, Always remember that HTTP is stateless protocol it is like artificial intelligence it works same as developer programmed it. If you've good knowledge of Web technology, Application, Programming and hacking so you can understand how it is working & then you'll be able to find it's vulnerable point & Exploit it.


Multi Level Login Authentication Flaw Exploitation :

• Start WebGoat Click on Authentication Flaws > Multi-Level Login 2
  
  Click on Image to Enlarge it
  
  
  
• You can see that red highlighted text : It is explanation of this flaw read it properly it is important, and Go on next step.

So, assume that you're an attacker and you've an active account on WebGoat website with the username : Joe and Password : banana but your main target is to get into Jane's account without her knowledge, so you've to find that flaw and exploit it to get into her account. So let's do it. First of all lets understand how the server authenticating users and allowing them to access private information, Remember Tokens : (#TAN) is mostly in all websites but in different methods and logic.

• Start Burp Suite : Setup Proxy connection between client (Browser) and server so you can easily intersect any request sent from client.
  
• Back to WebGoat : Type Username and password and Hit Submit.
  
  
  
  
• Analyze every request and response from Client and Server, and look for something that looks little suspicious. (Just for your knowledge)
  
  Click on Image to Enlarge it
  

  (Intercepting Client's request in Burp)
  
• There you can clearly see application is using Post based form and by analyzing that we didn't got anything pretty interesting because its simple Post Based Form, i thought may be it is vulnerable to SQL injection but it's Authentication Flaw tutorial. Lets Look at server response message.
  
  Click on Image to Enlarge it
  
  
  
• Same here nothing pretty interesting, it just leaked server information which is really very useful and juicy information for hackers to find more vulnerabilities components in Web Server. This is also called Fingerprinting victim OS.
  
• Go back to browser and you'll see it is asking for Token (TAN). It says enter TAN #1 so here TAN 1 is 15161, lets do this also and analyze the application working method to get vulnerable point.
  
  
  
  
• Let's look at request we intercepted into Burp Suite and here is only vulnerable point, please guys try to understand little from yourself also - don't only depend upon tutorial. Try to understand how it is validating and how server knows which user has to be logged in.
  
  Click on Image to enlarge it
  
  
  
• Go Back to browser and see it allowed you to access your private information such as credit card info and number.
  
  Click on Image to enlarge it
  
• Wow! now the question is how Server got to know i should allow this client to access Joe information, once again look back into second request you intercepted into Burp Suite. (That TAN Request)
  
  Click on Image to enlarge it
  
  
  
• Cool, please check above image properly and read that 3 lines properly to understand The Vulnerable point of this application.
  
• Now the question is : How does Server knows which user has to be logged in ? .. Come-on lets change username value from Joe to Jane in TAN request. Again you've to go back to Multi-Level login and login with Joe Username and password, when it comes to TAN - enter TAN and capture request in Burp Suite and Change username Joe to Jane (You can also use Burp Suite Repeater to repeat same request) and Server will get confused with this request and you'll easily allowed to access Jane confidential data and information.
  
  Click on Image to enlarge it
  
  
  
• Send that request and check response in Web Browser, you'll be in Jane's account without any password or Social engineering you hacked Jane's account, this is called Multi-Level login Authentication Flaw.
  
  
  
  

Every Web Application works in their own logic and method just you need to understand that how Web Application and Server is validating the user and allowing them to access private information. Here developers left great flaw in Validating users, if they'd used password over TAN verification also then there would no authentication flaw because we don't know Jane's password, but mostly web developers don't connect their database to every application in fear of SQL Injection or any other Attack.

If still you're not able to understand this Tutorial you can watch out Video Tutorial with simple explanation

Click on below image to watch it on Youtube

Thank you for reading my post, if you've got any doubt please free to comment and let me know your problem. If you liked it please share it and increase us. - 

#Copied

Read more ...