Author Archives: writerscope

Hide any Drive


Most of you must have wondered if there exists a way without using software to Hide A Drive completely so that it cannot be viewed or accessed without unlocking it. so, here is a easiest method to hide drive simple 4 steps.

BitLocker_icon1. Goto run type “gpedit.msc” (without quotes)

2. select user configuration —> administrative templates —> windows components —> windows explorer(click on it)

3. On right panel search for hide theses specified drives in my computer.

4. Double click it mark on enable to hide the drive and select drive the which you want to hide. If u wanted to hide all the drives which are on your system then select restrict all drives.

to make it unhidden mark on disable option.


Trace E-MAIL Sender


Many people have never seen an email header, because modern email clients often hide the headers from view. However, headers are always delivered along with the message contents. Most email clients provide an option to enable display of these headers if desired.

What is an email header?
The email header is the information that travels with every email, containing details about the sender, route and receiver. It is like a flight ticket: it can tell you who booked it (who sent the email), the departure information (when the email was sent), the route (from where it was sent and how did it arrive to you) and arrival details (who is the receiver and when it was received). As when you would book a flight ticket with a false identity, the same goes for emails: the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers or viruses).
How do I get the header to trace email process?

Each E_MAIL program will vary as to how you get to the message options. The basic email client I’ve covered and rest is up to you!!

Outlook – Right click the message while it’s in the inbox and choose Message Options. A window will open with the headers in the bottom of the window.
Windows Live – Right click the correspondence while it’s in the inbox, choose Properties, then click the Details tab.
Gmail – In the upper right corner of the email you’ll see the word Reply with a little down arrow to the right. Click the down arrow and choose Show Original.
Hotmail – Right click the memo and choose View Message Source.
Yahoo! – Right click the note and choose View Full Headers.
AOL – Click Action and then View Message Source.
You can see that no matter the program, the headers are usually just a right click away.

Got the Header, Now how to find the sender IP address to trace the sender:

How to read email headers:

In the example shown above, there are four Received: stamps. Reading from the bottom upwards, you can see who sent the message first, next and last, and you can see when it was done. This is because every MTA(Mail Transfer Agent) that processed the email message added a Received: line to the email’s header. These Received: lines provide information on where the message originated and what stops it made (what computers) before reaching its final destination. As the example shows, these Received: lines provide the email and IP address of each sender and recipient. They also provide the date and time of each transfer. The lines also indicate if the email address was part of an email list. It is all this information that is valued by computer programmers and IT department associates when making efforts to track and stop SPAM email message. And it is this information that arguable makes headers the most important part of an email.

To find the first computer that originally sent the email, you’ll have to find the Received From that’s farthest DOWN. As you can see from the above image, By reading the Receving From tag, we can notice that the email was sent via corporate2.fx.ro, which is the ISP domain of the sender, using the IP 193.231.208.28. The email was sent using SMTP (“with ESMTP id“) from the mail server called mail.fx.ro.

Looking further into the message, you will see the tag called X-Originating-IP: this tag normally gives the real IP address of the sender. The X-Mailer tag says what email client was used to send the email (on our case, the email was sent using FX Webmail).
Tracking the location of an IP address:

Now that we have our originating IP address, let’s find out where that is! You can do this by perform a location lookup on the IP address. My favorites are IP2Location and GeoBytes IP Locator.

GeoBytes gave me a big map of New Orleans, LA along with a bunch of other information about the location itself.

IP2Location also gave me the same information pretty much, including the ISP (Cox Communications). Of course, this is correct since I live in New Orleans!

If you want more information, you can do a WHOIS database search also. one is the ARIN WHOIS Database Search. This will give you information on who hosts that IP address and their registration information. You can always contact them to try and find more information on that particular IP address.


Google Hacking


What is Google Hacking?

Google hacking is the term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine. In Google hacking hackers use search engine commands or complex search queries to locate sensitive data and vulnerable devices on the Internet.

google_hackGoogle advanced operators:

Google allows the use of certain operators to help refine searches. The use of advanced operators is very simple as long as attention is given to the syntax. The basic format is: operator:search_term

Operator

Description

arguments required?
site:

find search term only on site specified by search_term

YES
filetype:

search documents of type search_term

YES
cache:

display the cached version of page

NO
link:

find sites containing search_term as a link

NO
intitle:

find sites containing search_term in the title of a page

NO
inurl:

find sites containing search_term in the URL of the page

NO
1. site: find web pages on a specific web site:-

This advanced operator instructs Google to restrict a search to a specific web site or domain. When using this operator, an addition search argument is required.

Example: site:harvard.edu fees

This query will return results from harvard.edu that include the fees tuition anywhere on the page.
2. filetype: search only within files of a specific type.:-

This operator instructs Google to search only within the text of a particular type of file. This operator requires an additional search argument.

Example: filetype:pdf communication

This query searches for the word ‘communication’ within standard pdf documents. This query is very helpful for you to finding presentation, seminar etc.. In place of pdf you can give any extension which you want like doc,txt,ppt etc…
3. link: search within links:-

The hyperlink is one of the cornerstones of the Internet. A hyperlink is a selectable connection from one web page to another. Most often, these links appear as underlined text but they can appear as images, video or any other type of multimedia content. This advanced operator instructs Google to search within hyperlinks for a search term. This operator requires no other search arguments.

Example: link:www.microsoft.com

This query query would display web pages that link to microsoft.com’s main page.
4. cache: display Google’s cached version of a page:-

This operator displays the version of a web page as it appeared when Google crawled the site. This operator requires no other search arguments.

Example: cache:www.apple.com

These queries would display the cached version of apple web page.
5. intitle: search within the title of a document:-

This operator instructs Google to search for a term within the title of a document. Most web browsers display the title of a document on the top title bar of the browser window.

Example: intitle:hack

This query would only display pages that contained the word ‘hack’ in the title.
6. inurl: search within the URL of a page:-

This operator instructs Google to search only within the URL, or web address of a document. This operator requires no other search arguments.

Example: inurl:download

This query would display pages with the word ‘download’ inside the web address. One returned result, ‘http://www.abc.in/images/download/’ contains the word ‘download’ as the name of a directory.

The site: search is invaluable in all directed Google searches. Combined with a host or domain name, the results are listed in page-ranked order. Type site:pacific.edu into the Google search bar.

After site:pacific.edu, type in login | logon and run the search. login | logon finds login pages associated with any particular website – the significance of this is that login pages are the “front door” and often reveal the nature of the operating system, software, and even offer clues for gaining access to the site.

intitle: The intitle prefix will cause Google to search for any terms within the title (the html tag) of the document. As with inurl, intitle can be used with any other search term to produce useful results. intitle:index.of.config – These directories can give information about a web servers configuration, such as ports, security permissions, etc. intitle:index.of.etc – The /etc/ directory often contains password files which are usually protected with an md5 hash.

intitle:index.of mp3 jackson – Brings up listings of files and directories that contain “mp3” and “jackson.”

intitle:index.of passwd passwd.bak – similar to above, only with password files

intitle:error/intitle:warning – Finds error and warning pages, often revealing server version numbers

phonebook: – Gives the home phone and often the address of any name you put in.

“robots.txt” “disallow:” filetype:txt – searches for the text file “robots,” which specifies to the Google crawler what pages on a particular website the webmaster does not want searchable;
using this search returns a list of all those locations.

intitle:”Live View / – AXIS 206W”
WebcamXP – “powered by webcamXP” “Pro|Broadcast“
inurl:axis-cgi/mjpg
inurl:view/indexFrame.shtml
inurl:ViewerFrame?Mode=Refresh
inurl:”viewerframe?/mode=motion”
site:axiscam.net

Above are some searches for servers with network cameras, including traffic, weather, office, and pet-cams. Unsecured cameras allow the camera to be tilted, panned, zoomed, etc. Look for results that use an IP address, beware of malware sites.


IP Spoofing


What Is IP Spoofing?

IP spoofing is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. There are a few variations on the types of attacks that using IP spoofing.

19366_23791_128_internet_globe_earth_terra_iconIP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send.

An IP (Internet Protocol) address is the address that reveals the identity of your Internet service provider and your personal Internet connection. The address can be viewed during Internet browsing and in all of your correspondences that you send.

How IP Spoofing Works?
The Internet Protocol or IP is used for sending and receiving data over the Internet and computers that are connected to a network. Each packet of information that is sent is identified by the IP address which reveals the source of the information.

When IP spoofing is used the information that is revealed on the source of the data is not the real source of the information. Instead the source contains a bogus IP address that makes the information packet look like it was sent by the person with that IP address. If you try to respond to the information, it will be sent to a bogus IP address unless the hacker decides to redirect the information to a real IP address.

Why IP Spoofing is Used?
IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address.

IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.

Spoofing Attacks:

1.Non-blind spoofing:
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack
machine.

2.Blind spoofing:
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.

3.Man in the Middle Attack:
This is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by spoofing the identity of the original sender or receiver. Connection hijacking exploits a “desynchronized state” in TCP communication. When the sequence number in a received packet is not the same as the expected sequence number, the connection is called
“desynchronized.” Depending on the actual value of the received sequence number, the TCP layer may either discard or buffer the packet. When two hosts are desynchronized enough, they will discard/ignore packets from each other. An attacker can then inject forged packets with the correct sequence numbers and potentially modify or add messages to the communication. This requires the attacker to be located on the communication path between the two hosts in order to replicate packets being sent. The key to this attack is creating the desynchronized state.

4.Denial of Service Attack:
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.

Misconception of IP Spoofing:
A common misconception is that “IP Spoofing” can be used to hide your IP address while surfing the Internet, chatting online, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection. However, IP spoofing is an integral part of many networks that do not need to see responses.

Detection of IP Spoofing:
We can monitor packets using network-monitoring software. A packet on an external interface that has both its source and destination IP addresses in the local domain is an indication of IP spoofing. Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of

your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access.

IP Spoofing Protection:
1. It is possible to protect a network against IP spoofing by using Ingress filtering which uses packets to filter the inbound traffic. The system has the capability to determine if the packets are coming from within the system or from an outside source.

2. Transmission Control Protocols can also be deployed through a number sequence that is used to create a secure connection to other systems. This method can be enhanced by disconnecting the source routing on the network to prevent hackers from exploiting some of the spoofing capabilities.

3. Configuring your network to reject packets from the Net that claim to originate from a local address.

4. If you allow outside connections from trusted hosts, enable encryption sessions at the router.


Lock folder on windows using recycle bin


This tip will help you to lock folder for protecting your important data as well as data that required to lock for preventing access. there are lots of utilities

available that will help you to achieve this, but all are some how trial version or limited version.

So, if you want to lock folder on your pc please follow below steps. note that these changes are under windows registry so, avoid to implement if you are not

well enough technically known person
here are the way you can lock any folder using recycle bin :
open Run in your computer or press (ctrl +R) and type ‘regedit‘ command
You can list of keys and relates values.navigate through list until you find CLSIDno of recycle bin in registry editor

For example:

CLSID no of recycle bin is >> {645FF040-5081-101B-9F08-00AA002F954E}

Now its time to lock folder using recycle bin so, lets say you want to lock folder named ‘Folder1′

so inside notepad editor type following text like

ren folder1 recycle.{645FF040-5081-101B-9F08-00AA002F954E}

and save that files as lock.bat

To unlock related Lock folder , you can create another batch file which will unlock folder.Type below line in another notepad file and save that as ‘unlock.bat’

ren recycle.{645FF040-5081-101B-9F08-00AA002F954E}

So, when ever you want to lock folder execute created lock.bat and reverse execute unlock.bat for locking folder


create invisible folder in Windows


Before I’ll explain you this trick, I want to warn you that you don’t want to mess with your computer, please don’t try this trick.its a funny trick at the same time its complicated.

now look at me.the procedure is given below.
1. Create New folder.
2. Right-click on it, then choose rename.
3. After that delete the name New Folder and press Alt+0160
4. That’ll create invisible space in the folder name, press Enter.
5. Right-click that folder, choose properties, then go to Customize tab
6. Click Change Icon and then choose invisible icon as in below screenshot.
Finish.


Make your Pendrive more beautifull


Are you bored of seeing blank wallpaper at the background of your Pendrive?
Then you must try this, this is a new trick to set a Wallpaper in the background of your USB Drive.
copy the code given below and paste it into a notepad

[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
IconArea_Image=img.bmp
IconArea_Text=0×00000000

And save it as desktop.ini and you must also put the image
in your Pendrive. Also you can change the name in
the second line ‘img.bmp’ with the name of the image.
I also want to tell you something more you must hide both of the files
so that no one could understand what is happening.
Remember, here the name of the image file is ‘img.bmp’


%d bloggers like this: