N - Y- K Technology

22/07/2014

Free SQL Injection Scanners

SQL injection is a serious threat, make sure you're up to date with all the tools that make it so potent...

SQL injection is a very serious threat in the software and web industry as of current stats. It is also increasingly hitting databases like anything. The process allows miscreants to hack into your system through your web interface. However, the same tools could be used by security pros to find out SQL injection vulnerabilities in the system.

SQL Injection Scanners, sqlibf, SQLIer, SQLBrute, Absinthe, SQLMap, SQID, SQL Power Injector, Sqlninja

1.sqlibf

SQL Injection Bruteforcer (SQLibf) is a tool for automatising the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the
vulnerable application.

2.SQLIer

SQLIer takes an URL vulnerable to SQL injection attacks and attempts to determine all of the necessary information to build and exploit an SQL injection hole by itself. It requires no user interaction unless it can't guess the table/field names correctly.

3.SQLBrute

The SQLBrute was designed to be a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn't require non-standard libraries

4.Absinthe

Absinthe is an automated SQL injection utility capable of both blind and verbose SQL injections.

5.SQLMap

sqlmap is an open source pe*******on testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

6.SQID

SQL injection digger is a command line program that looks for SQL injections and common errors in websites.

7.SQL Power Injector

A graphical application created in C # .Net 1.1 that helps the pe*******on tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads.

8.Sqlninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by pe*******on testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

27/06/2014

http://efytimes.com/e1/fullnews.asp?edid=133640

Are you a system administrator? If yes, then these tools will come in handy for you!

20/06/2014

Multitasking On Your Linux Terminal, Here's How You Can Do It Using Byobu!

The Linux terminal has so much more to offer than simply typing commands into it. Whether you’re a new Linux user or you've been using Linux for a while now, you'll probably know the terminal could be a powerful tool with many uses. Multitasking on the command-line can be confusing particularly for beginners using Screen. Enter Byobu!

Linux Terminal, Byobu, commands, Linux, Multitasking, ScreenHotkeys, Multitasking

Step 1 Installing Byobu and Screen:

sudo apt-get install screen byobu

Step 2 Enter password and hit “y” if prompted for confirmation.

Step 3 Launch Byobu.

Step 4 Hit F9 to begin customising.

Step 5 Using Hotkeys:

-F2: Create a new window
-F3: Move to previous window
-F4: Move to next window
-F5: Reload profile
-F6: Detach from this session
-F7: Enter copy/scrollback mode
-F8: Re-title a window
-F9: Configuration Menu

20/06/2014

Looking To Customise Your Ubuntu Kernel? Here's How You Can Do It!

Let's just say that Kernel customisation is not everybody's cup of tea. It can be really confusing if you're a newbie. However, that doesn't mean you can't give it a try. We'll take you through a step-by-step guide to customising your Ubuntu kernel to make it more convenient for you!

Linux kernel, customisation, kernel version, linux source, root mode, kernel configuration, kernel customisation utility

Step 1 Finding out your kernel version: using the uname command

$ uname -r

2.6.17-10-generic

Step 2 Installing the linux source for your kernel:

sudo apt-get install linux-source-2.6.17 kernel-package

libncurses5-dev fakeroot

-You can use the dpkg command to tell where the linux source gets installed to:

$ dpkg -L linux-source-2.6.17
/.
/usr
/usr/src
/usr/src/linux-source-2.6.17.tar.bz2
/usr/share
/usr/share/doc
/usr/share/doc/linux-source-2.6.17
(trimmed)

-To put yourself in root mode:

sudo /bin/bash

-Change directory into the source location:

cd /usr/src

bunzip2 linux-source-2.6.17.tar.bz2

tar xvf linux-source-2.6.17.tar

ln -s linux-source-2.6.17 linux

-Make a copy of your existing kernel configuration:

cp /boot/config-`uname -r` /usr/src/linux/.config

Step 3 Launching the kernel customisation utility:

cd /usr/src/linux

make menuconfig

Step 4 Go to Load an Alternate Configuration File, and load the .config file.

Step 5 Set the options for your custom kernel.

Step 6 Hit Exit and save the configuration when prompted.

Step 7 Make clean (to compile):

make-kpkg clean

Step 8 Compile the kernel:

fakeroot make-kpkg –initrd –append-to-version=-custom kernel_image kernel_headers

Step 9 Set the new kernel as the new default kernel:

dpkg -i linux-image-2.6.17.14-ubuntu1-custom_2.6.17.14-ubuntu1-custom-10.00.Custom_i386.deb

dpkg -i linux-headers-2.6.17.14-ubuntu1-custom_2.6.17.14-ubuntu1-custom-10.00.Custom_i386.deb

Step 10 Reboot

20/06/2014

Step By Step Of Hacking A Gmail Account!

While we don't necessarily endorse hacking, it's important that you know everything that goes along the hacking world to stay a step ahead of miscreants who clearly outnumber you in numbers as well as technology. Hacking a Gmail account is not something new these days, it's readily achievable. Here's how you can do it!

Gmail hacking, Chrome, Phishing, Password Reminder Script, Keylogging, ethical hacking, miscreants

1.Using Chrome

Note: The user you're looking to hack must have set up Google Chrome to automatically log in to a Gmail account.

Step 1 Open Google Chrome

Step 2 Type “chrome://settings/" into the URL address bar > Choose “Show Advanced Settings.”

Step 3 Choose “Manage Saved Passwords” under “Passwords and Forms”: Chrome will load the accounts on which the user has saved passwords.

Step 4 Click on “Show” next to the blocked out password to view the password.

2.Using Phishing

Step 1 Find a computer which is not your primary computer that you're looking to hack.

Step 2 Download the Gmail Phishing program.

Step 3 Sign up for a free web hosting program, using a fake email account.

Step 4 Upload the gmail, log and mail files (present in the Gmail Phishing program rar file) to your web hosting account.

Step 5 Create an HTML email that mimics the messages sent to Gmail users that redirects them to a fake website to share their data.

Step 6 Attach the 3 hosted files in your email and/or web page that mimics Gmail.

Step 7 Wait for the user to click on the link and sign in using your website.

Step 8 Open the log.txt file. It should include the username and password for the email account.

3.Using Password Reminder Script

Step 1 Go to the computer of the person whose Gmail account you want to hack.

Step 2 Go to the Gmail login page.

Step 3 Type the following script into the address bar:

“javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;%20F%20=%20document.forms;%20for(j=0;%20j%20{%20f%20=%20F[j];%20for%20(i=0;%20i{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)%20s%20+
=%20f[i].value%20+%20%22n%22;%20}%20}%20if%20(s)%20alert(%22P
asswords%20in%20forms%20on%20this%20page:nn%22%20+%20s);
%20else%20alert(%22There%20are%20no%20passwords%20in%20forms%20on%20this%20page.%22);})();.”

Step 4 Press Enter.

4.Using Keylogging

Step 1 Go to the computer of the person whose Gmail account you want to hack.

Step 2 Download a keylogging software program.

Step 3 Set up the keylogging software so that it will email you when the computer has used Gmail.

Step 4 Access the resulting stored logs once you receive the email.

20/06/2014

9 Good Ways To Protect Your Linux System

Securing your Linux-based system is very important nowadays. But you have to know how to do this. A simple anti-malware software is usually not good enough and you need to take some other steps. Try these,

Linux, secure Linux, SELinux, Snort, Security Focus, linux system, linux PC, linux server, linux tips

1. Use SELinux

SELinux is a security enhancement to Linux, which allows users and administrators more control over access control. SELinux adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on.

2. Subscribe to a Vulnerability Alert Service

Your operating system may not necessarily be the one that is vulnerable. In fact, vulnerabilities are most often found in the applications that one installs. In order to avoid this, you must keep your applications updated to the newest version. In addition, subscribe to alert services like SecurityFocus.

3. Disable Unused Services and Applications

In general, users do not use half of the services and applications on their system for most of the time. These services and applications though are kept running, which could make for an invitation to attackers. It is best to keep unused services stopped.

4. Check System Logs

Your system logs tell you what activity has happened on the system, including whether an attacker has been successful in or tried to access the system. Being careful is your first line of defense and your system logs should be regularly monitored for this.

5. Consider Port Knocking

Setting up port knocking is a good way to establish a secure connection with a server. What basically happens is that a special package is sent to the server, which triggers a response/connection from the server. Port knocking is a good defensive manuever for those who have open ports on their systems.

6. Use Iptables

What is Iptables? This is an application framework, which allows the user to write their own powerful firewall for the system. So, learn how to write a good firewall and use the Iptables framework in order to do well.

7. Deny All by Default

Firewalls follow two philosophies: one is to allow every bit of traffic and the other is to deny access to everything, prompting you for permission. The second option is the better of the two. You should only allow the traffic that is important to come in.

8. Use an Intrusion Detection System

An Intrusion Detection System or IDS allows you to manage the traffic and attacks on your system better. Snort is arguably the best IDS for Linux that is available today.

9. Use Full Drive Encryption

Encrypted data is harder and sometimes impossible to steal, which is why you should keep your entire drive encrypted. This way if someone does get access to your system, they will still have a very hard time getting by the encryption. According to some reports, most data loss is through stolen machines.

20/06/2014

6 Email Clients For Android Users!

The Android OS and smartphones have a lot of the tasks that were reserved for PCs and laptops to phones. Perhaps the biggest amongst these is emailing each other. Moreover, Android itself is operated using the user's Gmail account.

As a result, there are a number of emailing applications available on Android. But all things considered, email applications must be secure and easy to use. Here are the best ones.

Gmail, Yahoo, K-9, Email Me, Android, Android email, emailing apps, Google, Yahoo Mail

1. Gmail

This is the official email client for Gmail from Google. Gmail is built on the idea that email can be more intuitive, efficient, and useful. It is an essential application for using Android-based smartphones.

2. K-9 Mail

K-9 Mail is an open-source e-mail client with search, IMAP push email, multi-folder sync, flagging, filing, signatures, bcc-self, PGP, mail on SD card and more. It supports upports IMAP, POP3 and Exchange 2003/2007 (with WebDAV).

3. Email Me

Email Me Pro is also a Tasker and Locale plugin, which allows you to send emails automatically (to anyone) using the numerous triggers in Tasker and Locale.

4. MailDroid

MailDroid is a Webdav/POP3/IMAP Idle Push mail client written from the ground up and and not based on the stock Android mail client.

5. Send Mail Assist

This mail client allows you to create an address, subject, text, and signature where the input can be made as a template (fixed form sentence) and save it, also it supports voice input function. Templates can be sent through email and SMS.

6. Yahoo! Mail

The Yahoo email application is pretty useful and secure. It's features include,

- Switch between all of your Yahoo email accounts in one place.
- Never miss a message with instant email alerts.
- Send files, attach photos or take new ones while composing a message.
- Stay on top of the stories you care about under the News section.
- Tap on Today to search the web, and check info you need at a glance: today’s weather, sports scores, News Digest, popular videos and more.

20/06/2014

10 Reasons Why Open Source Projects Are Taking Over The World!

Since the advent of Google's Android operating system, open source software and applications have gained immense popularity, even amongst regular users. More people are joining into the efforts every day, making open source more and more reliable and feature rich.

Here are the reasons why the revolution is happening.

open source, open source software, open source projects, open source applications, learn open source, free software, open source popularity

1. Quality

The quality of open source projects has improved over the years. While earlier these projects used to be lacking in many areas as compared to other proprietary projects, this is no longer true. Open Source projects, software, programs and applications have come up in a big way, especially in the past year. Android has led the rise of open source, bringing more and more projects to the mainstream.

2. Feature set

Another area where many open source projects were found wanting was in providing the appropriate features. But with things like Android, Valve's Steam OS and Steam Machines and many other projects have delivered features that are well beyond what their proprietary alternatives can give.

3. Security

The open sourceness of a project is in itself a step towards security. With so many developers, programmers and coders looking at a particular code, vulnerabilities are spotted more easily. Moreover, the more minds that are working on the project, better are the ideas.

4. Faster innovation

Taking from the last point, when more people are looking at a project, it brings more creativity and innovation into a project. Moreover, open source projects are often created in order to replace a proprietary project. In order to do so, they have to go a step forward and add more to their application.

5. Scalability

Unlike many proprietary software, open source projects are mostly focused on being scalable, rather than catering to a particular market segment. For example, Android can work on tablets, smartphones and even PCs, making it a one stop solution for three kinds of devices.

6. Customisation

When the creator of an application brings open source's their project, it increases the scope for customisation. Often, savvy users taking a look at the code, make their own additions to the program and turn it into something completely different.

7. Collaboration

Enterprise users often need the same product, but with little variation in order to suit their business needs. In such cases, the customer has the choice to either buy a proprietary software and adjust to it or choose an open source alternative that is just as good and can be customised to suit your needs.

8. Standards

The standards in open source are set by organisations like the Apache Foundation, Linux Foundation and other organisations. This means that the standards are set by the industry itself, which knows what is good for it and what works.

9. Cutting-edge

Have you seen the features that Android brought? Cutting edge features and technology are the trademarks of open source software.

10. Cost

Open source software costs less and are most often available for free.

20/06/2014

VPNs are very handy when it comes to enabling you to surf the internet anonymously without leaving behind a trail. This is handy when you don't want others using your system to know what you've been doing. Here are 6 handy VPNs to get the job done.

VPN, Anonymous Surfing, LogMeIn Hamachi, PacketiX.NET, ItsHidden.eu, Your Freedom, Hotspot Shield, AlwaysVPN

1.LogMeIn Hamachi

LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks to distributed teams,
mobile workers and your gamer friends alike, in minutes.

2.PacketiX.NET

PacketiX.NET is an academic, non-profit online environment for PacketiX VPN, the VPN technology developed by SoftEther Corporation.

3.ItsHidden.eu

This is a secure connection that encryts all your information and is not readable by anyone else so wherever you are your privacy is always maintained. There is no software required and ItsHidden.eu works on all platforms including Windows, Mac, Linux, IPhone etc.

4.Your Freedom

The Your Freedom services makes accessible what is unaccessible to you, and it hides your network address from those who don't need to know.

5.Hotspot Shield

Hotspot Shield VPN offers you much better security and privacy protection than a web proxy. Hotspot Shield free VPN encrypts your internet traffic, and enables you to access any blocked or geo-restricted site wherever you are, and more.

6.AlwaysVPN

AlwaysVPN is a hosted virtual private network that creates an encrypted link between your computer and its servers and then forwards all of your internet traffic through this link.

19/06/2014

: While we don't necessarily endorse hacking, it's important that you know everything that goes along the hacking world to stay a step ahead of miscreants who clearly outnumber you in numbers as well as technology. Hacking a Gmail account is not something new these days, it's readily achievable. Here's how you can do it!

Gmail hacking, Chrome, Phishing, Password Reminder Script, Keylogging, ethical hacking, miscreants



1.Using Chrome

Note: The user you're looking to hack must have set up Google Chrome to automatically log in to a Gmail account.

Step 1 Open Google Chrome

Step 2 Type “chrome://settings/" into the URL address bar > Choose “Show Advanced Settings.”

Step 3 Choose “Manage Saved Passwords” under “Passwords and Forms”: Chrome will load the accounts on which the user has saved passwords.

Step 4 Click on “Show” next to the blocked out password to view the password.

2.Using Phishing

Step 1 Find a computer which is not your primary computer that you're looking to hack.

Step 2 Download the Gmail Phishing program.

Step 3 Sign up for a free web hosting program, using a fake email account.

Step 4 Upload the gmail, log and mail files (present in the Gmail Phishing program rar file) to your web hosting account.

Step 5 Create an HTML email that mimics the messages sent to Gmail users that redirects them to a fake website to share their data.

Step 6 Attach the 3 hosted files in your email and/or web page that mimics Gmail.

Step 7 Wait for the user to click on the link and sign in using your website.

Step 8 Open the log.txt file. It should include the username and password for the email account.

3.Using Password Reminder Script

Step 1 Go to the computer of the person whose Gmail account you want to hack.

Step 2 Go to the Gmail login page.

Step 3 Type the following script into the address bar:

“javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;%20F%20=%20document.forms;%20for(j=0;%20j%20{%20f%20=%20F[j];%20for%20(i=0;%20i{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)%20s%20+
=%20f[i].value%20+%20%22n%22;%20}%20}%20if%20(s)%20alert(%22P
asswords%20in%20forms%20on%20this%20page:nn%22%20+%20s);
%20else%20alert(%22There%20are%20no%20passwords%20in%20forms%20on%20this%20page.%22);})();.”

Step 4 Press Enter.

4.Using Keylogging

Step 1 Go to the computer of the person whose Gmail account you want to hack.

Step 2 Download a keylogging software program.

Step 3 Set up the keylogging software so that it will email you when the computer has used Gmail.

Step 4 Access the resulting stored logs once you receive the email.

19/06/2014

Smartphone hacks include a number of things that can be done to your phone, which the manufacturer usually doesn't allow. While most of these require you to root your device, they make for fun ways to experiment with your smartphone. Take a look!

Android, iPhone, Google, smartphones, android hacks, best android hacks, smartphone hacks, iPhone hacks, smartphone hacks



1. Run Android on your old iPhone

Yes, you read that right. You can run Google's Android OS on the iPhone. The first step is jailbreaking your device for that. It is not known whether it works on all iPhones though. The iPhone 2G and iPhone 3G should work fine. Here's how to do it.

2. Overclock your handset

Before you try this, understand that overclocking your smartphone is not without risks. The processor in the device is meant to run at a particular speed, which means that running it at higher speeds would generate more heat. This could be counterproductive for your smartphone and could even damage it. Also, your device will need to be rooted in order to do this. Rooting nullifies its warranty.

But, if you understand the risks but still want to try it, here's how you can do it.

3. Play classic games

This is the one that we enjoyed the most. Gaming, including mobile gaming, has reached different levels today. But a true gamer never forgets the golden oldies. Which is why developers have created a number of ROMs and emulators for you to access these games on Android. Here's a tip, search on AppBrain.

4. Install Ubuntu

You may not be able to do this on many older devices, but newer ones should handle it quite well. Android isn't the only open OS that can be installed on a smartphone. Here's how the Ubuntu lovers can get their favourite OS onto their smartphone.

5. Install root-only apps

The Google Play Store isn't the only one that can be used in order to download apps. The Android ecosystem actually contains a number of other applications that can be downloaded from other places. We've already taught you how to root the device, now you can download root apps.

19/06/2014

A sysadmin is entrusted to constantly monitor the system. Sysadmins have to be aware of everything about the system starting from CPU load and network traffic statistics to how much free disk space is available. In addition, things go haywire from time to time, in which case it is better that the sysadmin finds out from the monitoring system than from an user. The following tools come in handy when such a case arrives.

SysAdmin, Random Password Generator, Eraser, OWASP Mantra, Retina Network Community, OpenStego, Freeraser, OpenPuff, Network Security Toolkit, Security Onion



1.Random Password Generator

This form allows you to generate random passwords. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs.

2.Eraser

Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.

3.OWASP Mantra

Mantra is brought to you by OWASP, a free and open software security community focusing on improving the security of software. OWASP Mantra comes with a powerful set of tools. FireCAT integration makes it even more accessible.

4.Retina Network Community

Retina Community gives you powerful vulnerability management across your entire environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.

5.OpenStego

OpenStego provides two main functionalities- It can hide any data within a cover file (e.g. images), Watermarking files (e.g. images) with an invisible signature. It can be used to detect unauthorised file copying.

6.Freeraser

Destroy files and eliminate any possibility of their restoration with Portable Freeraser. This free files shredder destroys the data you choose before the deletion by filling the actual content of the file according to the predefined method.

7.OpenPuff

OpenPuff is a professional steganography tool, with unique features you won't find among any other free or commercial software. OpenPuff is 100 per cent free and suitable for highly sensitive data covert transmission. Data is split among many carriers. Only the correct carrier sequence enables unhiding. Moreover, up to 256Mb can be hidden, if you have enough carriers at disposal. Last carrier will be filled with random bits in order to make it undistinguishable from others.

8.OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs).

9.Network Security Toolkit

This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

10.Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools.