Shutdown & Restart Shortcuts

Don’t you think the process of shutting down or restarting the computer consumes a lot of time??
Let’s cut-short this process…its really easy :)
Just create a shortcut to “Shutdown” or “Restart” and assign a shortcut key to it.

For Creating a Shutdown Shortcut

  1. Right-click anywhere and in the menu, go to “New” and then click on “Shortcut“.
  2. A dialogue box would pop-up asking for the Target or the Location of the item for which you’re creating the shortcut.
  3. In that box, type “shutdown -s -t 000“. The “-t 000” in this command stands for the timer of shutdown, the “000” is the time after which Windows will Shutdown.
  4. Then, give a name to the shortcut which will help you to identify it.

Now, assign a shortcut key to your shortcut…

  1. Right-click on your shortcut that you made just now, and click on the “Properties”.
  2. In the “Properties“, go to the “Shortcut” tab. Look for “Shortcut Key” over there.
  3. In the “Shortcut Key” box, press the keys that you want to assign to your shortcut (Mine is “Ctrl + Alt + S“)

For Creating a Restart Shortcut

Follow the same steps taken for creating a Shutdown Shortcut, just replace the “shutdown -s -t 000” command with “shutdown -r -t 000” and give it a diferent name.
Then you can create a Shortcut Key using the steps given earlier.

I gurantee that if you shutdown or restart your computer using the Shortcut Keys, the time taken in the process will be 70% less than the total time that was taken before. :P

XSS (cross site scripting)

XSS is an abbreviation of cross-site scripting.

About

XSS is a security breach that takes advantage of dynamically generated Web pages.
In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user?s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests.
It won’t give u a ‘root‘ or SYSTEM access on a web server.As it lives purely on application level,so it will get u some information about the web application.Its mere an ability of injecting HTML tags in the input of a web application.It is generally believed to be one of the most common application layer hacking techniques.It refers to that hacking technique that leverages vulnerabilities in the code of a web application which allow an attacker to send malicious content from an end-user .Its attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.Flaws that allow these attacks to succeed are wide spreaded and occur anywhere were a web application uses input from a user in the output it generates without validating or encoding it.
It is also referred to as malicious tagging because its a type of computer security vulnerability typically found in web applications which allow code injection by malicious
web users into the web pages viewed by other users.
Examples of such code include HTML code and client-side scripts.
Common exploitations include search engine boxes, online forums and public-accessed blogs,etc.
Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements.
The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags.
Scripting tags that take advantage of XSS include <SCRIPT>, <OBJECT>, <APPLET>,
<EMBED> ,<FORM> & many more.
Common languages used for XSS include JavaScript, VBScript, HTML, Perl, C++, ActiveX
and Flash.
In short, its a common flaw found in today’s web applications & can cause serious
damage to a web application. Detecting these vulnerabilities early in the development process will help protect a web application from unnecessary flaws.
These are executed on the client-side (ie in the user?s web browser) rather than on the server-side. In itself its a threat which is brought about by the internet security weaknesses of client-side scripting languages. Its concept is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user.
Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed. Its a trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following tricked? code which would be encoded and therefore inconspicuous.It can be used to steal sensitive data from a back-end database Exploited XSS is commonly used to achieve the malicious results such as Identity theft , Accessing sensitive or restricted information,Gaining free access to otherwise paid for content, Spying on user?s web browsing habits , Altering browser functionality, Public defamation of an individual or corporation, Web application defacement, Denial of Service attacks & many more !

Types

Three distinct types of XSS vulnerabilities exist: non-persistent, persistent and DOM-based (which can be either persistent or non-persistent).

Remedy (in short)

To check for Cross site scripting vulnerabilities, use a Web Vulnerability Scanner.A Web Vulnerability Scanner crawls your entire website and automatically checks for Cross Site Scripting vulnerabilities. It will indicate which URLs/scripts are vulnerable to these attacks so that you can fix the vulnerability easily. Besides Cross site scripting vulnerabilities a web application scanner will also check for SQL injection & other web vulnerabilities.To prevent these attacks, dangerous characters must be filtered out from the web application inputs. These should be filtered out both in their
ASCII and HEX values.A quick fix we can do being an end user is turning off javascript,
but having an Internet so polluted by active menu’s & javascript enabled forms,
a part of the internet might not function properly.The real fixing should be done on the application developer side. Filter & check all user input.SQL injection would be a problem that should be dealt with,but XSS isn’t always !
Many web application security do filter on certain characters such as single quote but many don’t filter on HTML code.Many automated security scanners give false positives while acessing a web server’s security.Some input fields might not be filterd but other
users can’t edit them.The danger of XSS lies in passing the data on to other ,
malicious , parties.

Get System Info using Command Prompt

How well do you know your system?
Do you know what is your OS’s version, System Model, System Type (x64 or x86), Processor(s) etc.?

It’s not so easy to get such infos…but you can get it easily using CMD (Command Prompt).

Go to “Run” (Windows Key + R) and type “cmd.exe” and hit “Enter“. This will pop-up “Command Prompt” window.
In Command Prompt, type “systeminfo” and hit “Enter“.
After sometime, you would see extended/advanced info of your System.

These infos are very useful, if you want, you can store it in a text file by entering the following line in Command Prompt:
systeminfo >D:\systeminfo.txt

In the above command, the “>” arrow tells Command Prompt to write the output to “systeminfo.txt” in the location “D:\” .?You can also replace the file’s name and the location where you want your file to be.

Bypass MegaUpload Download Limits

MegaUploadIt was a good evening & I had planned to download some cool stuff. I got the download links and started downloading the files, the files were hosted on MegaUpload.com. Downloaded two files and then came the number of third one, tried to download it and got a message that my download limit has exceeded or else I had to wait for some additional time to the default waiting time (45 seconds).

This seemed very annoying to me, and I wanted to download the files somehow without waiting for a long time. After thinking for a some time, an idea came up in my mind. It was “cookies” (not the cookies you eat :P), the browser cookies!

Every site uses cookies to store specific data on your computer, and so is the case with MegaUpload.com It stores the download data in the cookies, so when you visit Megaupload for another download, it check for the cookies…if it finds that you have downloaded several files in the past time, you’ll have to wait for some extra time…

And if you clear those cookies, Megaupload would think that you haven’t downloaded files in the past time and you would have to wait the default 45 seconds.

Here are the steps:

  1. After downloading one or two files, go to the download link of the third file. Don’t enter the code and don’t start the download.
  2. Now go to” Tools->Options…” in the Menubar. Switch to the “Privacy” tab in the “Options” window.
  3. In “Privacy” tab, under the subheading “Cookies”, click on “Show Cookies…”.
  4. A window would pop-up with the title “Cookies”, there would be a search box in that window. In that search box, type “MegaUpload.com”.
  5. This will filter all the cookies and bring up the cookies which are from MegaUpload. Then, select all those MegaUpload cookies using shift, and press the “Remove Cookies” option at the bottom.
  6. Then refresh the download page and start the download.
  7. Repeat these steps to continue downloading more file. :)

BackTrack Linux – The Penetration Tool

According to Remote-Exploit.org:

“BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.”

BackTrack Logo
BackTrack Logo

The BackTrack Project was created by Mati Aharoni & Max Moser. The first n0n-beta version of BackTrack was released on May 26, 2006. The latest version of BackTrack is 4 Beta, the major change in this version is that, BackTrack is now Debian-based.

BackTrack is bundled with 300+ Security Tools, it has what all a security expert needs. BackTrack is also the favorite tool of security testers worldwide.

BackTrack has many added apps. to its default suite. The notable additions are:

  • Metasploit integration
  • RFMON Injection capable wireless drivers
  • Kismet
  • Autoscan-Network (AutoScan-Network is a network discovering and managing application)
  • NMap
  • Ettercap
  • Wireshark (formerly known as Ethereal)

Get BackTrack to get these features +a lot more :)

Download:

Hacker Evolution (Game)

Hi guys,

Time for some fun…

I came across a wonderful hacking game some days ago, thought to share it with you all today.

The game’s name is “Hacker Evolution”, it is a console oriented simulator game for hackers. Its a really nice game which makes the player feel like he’s hacking in real, but its just a game so the player isn’t doing any real hacking and he’s not doing a crime too :P

The advantage of playing “Hacker Evolution” is that the player comes to know how hacking is carried out and what procedures are taken by the real hackers (nothing unethical in my mind right now). :)
It also helps the player to gain knowledge in the field of hacking.

The game has nothing to do with the real world…whatever hacking is carried out, is done in the virtual world.

Download: Hacker Evolution (6.56MB)

Do try it, and drop a comment here about what you feel about the game.