Command Prompt Short Keys

F1: Pastes the last executed command
(character by character)
F2: Pastes the last executed command (up to
the entered character)
F3: Pastes the last executed command
F4: Deletes current prompt text up to the
entered character
F5: Pastes recently executed commands
(does not cycle)
F6: Pastes ^Z to the prompt
F7: Displays a selectable list of previously
executed commands
F8: Pastes recently executed commands
(cycles)
F9: Asks for the number of the command
from the F7 list to paste

SAAS ( Software as a service )

Software as a service is a software licensing
and delivery model in which software is
licensed on a subscription basis and is
centrally hosted. It is sometimes referred to
as "on-demand software". SaaS is typically
accessed by users using a thin client via a
web browser. SaaS has become a common
delivery model for many business
applications, including office & messaging
software, DBMS software, management
software, CAD software, development
software, gamification, virtualization,
accounting, collaboration, customer
relationship management (CRM), management
information systems (MIS), enterprise
resource planning (ERP), invoicing, human
resource management (HRM), content
management (CM) and service desk
management. SaaS has been incorporated
into the strategy of all leading enterprise
software companies. One of the biggest
selling points for these companies is the
potential to reduce IT support costs by
outsourcing hardware and software
maintenance and support to the SaaS
provider.
According to a Gartner Group estimate, SaaS
sales in 2010 reached $10 billion, and were
projected to increase to $12.1bn in 2011, up
20.7% from 2010. Gartner Group estimates
that SaaS revenue will be more than double
its 2010 numbers by 2015 and reach a
projected $21.3bn. Customer relationship
management (CRM) continues to be the
largest market for SaaS. SaaS revenue within
the CRM market was forecast to reach
$3.8bn in 2011, up from $3.2bn in 2010.
The term "software as a service" (SaaS) is
considered to be part of the nomenclature of
cloud computing, along with infrastructure as
a service (IaaS), platform as a service (PaaS),
desktop as a service (DaaS), backend as a
service (BaaS), and information technology
management as a service (ITMaaS).

10+ linux OS for hacking-

1. Kali Linux - http://www.kali.org/
2. BackBox - http://www.backbox.org/
3. DEFT - http://www.deftlinux.net/
4. Live Hacking OS - https://
www.livehacking.com/
5. Samurai Web Security Framework - http://
sourceforge.net/projects/samurai/
6. Network Security Tool Kit - http://
sourceforge.net/projects/nst/
7. Parrot-sec Forensic OS – http://
www.parrotsec.org/index.php/Main_Page
8. Bugtraq - http://bugtraq-team.com/
9. Nodezero - http://www.nodezero-lin
ux.org/
10. Pentoo - http://www.pentoo.ch/
11. Gnacktrack - http://www.gnacktrack.c
o.uk/

Man in the middle attack-

The man-in-the-middle attack (MITM, MIM,
MITMA) in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays messages between them, making them
believe that they are talking directly to each other over a private connection, when in fact
the entire conversation is controlled by the attacker.it means attacker is in between both
victim and watch thier messages.
required tool-
1. Arpspoof
2. Driftnet
3. Urlsnarf
Arpspoof:- We use it twice
1. To lie to the Gateway about the MAC
address of victim
MAC Address of Victim is that of Back-
Track’s
2. To lie to the Victim about the MAC address of Gateway
MAC Address of Gateway is that of Back-Track’s
Driftnet:- Displays the Graphics, that Victim browses over Internet

Urlsnarf:- Gives the details of URLs, that Victim visits
Steps for that attack-
1) To accomplish this we will modify the IP
Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward
2) The default value is “0”. It should be set
to 1. To change the value to 1 enter the
following command:
sudo echo 1 >> /proc/sys/net/ipv4/
ip_forward
3) Now go ahead and check out the
ip_forward file and make sure the value
equals “1”
cat /proc/sys/net/ipv4/ip_forward
4) An arp poisoning attack will redirect data
from the victim’s PC going to their gateway
to be redirected to our box (note you have to
be on the same physical device, such as a
switch or access point to accomplish this).
sudo arpspoof –i eth1 –t 192.168.1.138
192.168.1.1
5) We will now use another arp poisoning
attack to redirect data from the gateway
destined for the victim’s PC back to our
Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1
192.168.1.137
6) Now we launch driftnet. It is listening.
sudo driftnet –i eth1
7) As the victim’s PC browsing the Internet,
images that show up in his web browser are
also displayed on the attacker’s Linux server.
8) The attacker PC launches urlsnarf. URLs
that are accessed on the victim’s PC are
displayed on the attacker’s Linux server

Ten hacking tools for android

1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice
Changing and Call Recording mobile app for
your iPhone, BlackBerry and Android phone.
It's a decent mobile app to help protect your
privacy on the phone. However, it has been
banned from the Play Store for allegedly
being in conflict with The Truth in Caller ID
Act of 2009.

2.Andosid
The DOS tool for Android Phones allows
security professionals to simulate a DOS
attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from
mobile phones.

3.Faceniff
Allows you to sniff and intercept web session
profiles over the WiFi that your mobile is
connected to. It is possible to hijack sessions
only when WiFi is not using EAP, but it
should work over any private networks.

4.Nmap
Nmap (Network Mapper) is a security
scanner originally written by Gordon Lyon
used to discover hosts and services on a
computer network, thus creating a "map" of
the network. To accomplish its goal, Nmap
sends specially crafted packets to the target
host and then analyses the responses.

5.Anti-Android Network Toolkit
zANTI is a comprehensive network
diagnostics toolkit that enables complex
audits and penetration tests at the push of a
button. It provides cloud-based reporting
that walks you through simple guidelines to
ensure network safety.

6.SSHDroid
SSHDroid is a SSH server implementation for
Android. This application will let you connect
to your device from a PC and execute
commands (like "terminal" and "adb shell")
or edit files (through SFTP, WinSCP,
Cyberduck, etc).

7.WiFi Analyser
Turns your android phone into a Wi-Fi
analyser. Shows the Wi-Fi channels around
you. Helps you to find a less crowded
channel for your wireless router.

8.Network Discovery
Discover hosts and scan their ports in your
Wifi network. A great tool for testing your
network security.

9.ConnectBot
ConnectBot is a powerful open-source
Secure Shell (SSH) client. It can manage
simultaneous SSH sessions, create secure
tunnels, and copy/paste between other
applications. This client allows you to
connect to Secure Shell servers that typically
run on UNIX-based servers.

10.dSploit
Android network analysis and penetration
suite offering the most complete and
advanced professional toolkit to perform
network security assesments on a mobile
device.

What is a digital signature?

Part 1
There are different types of digital
signatures; this tip focuses on digital
signatures for email messages. You may have
received emails that have a block of letters
and numbers at the bottom of the message.
Although it may look like useless text or
some kind of error, this information is
actually a digital signature. To generate a
signature, a mathematical algorithm is used
to combine the information in a key with the
information in the message. The result is a
random-looking string of letters and
numbers.
Why would you use one?
Because it is so easy for attackers and
viruses to "spoof" email addresses , it is
sometimes difficult to identify legitimate
messages. Authenticity may be especially
important for business correspondence—if
you are relying on someone to provide or
verify information, you want to be sure that
the information is coming from the correct
source. A signed message also indicates that
changes have not been made to the content
since it was sent; any changes would cause
the signature to break.
How does it work?
Before you can understand how a digital
signature works, there are some terms you
should know:
Keys - Keys are used to create digital
signatures. For every signature, there is a
public key and a private key.
Private key - The private key is the portion of
the key you use to actually sign an email
message. The private key is protected by a
password, and you should never give your
private key to anyone.
Public key - The public key is the portion of
the key that is available to other people.
Whether you upload it to a public key ring
or send it to someone, this is the key other
people can use to check your signature. A
list of other people who have signed your
key is also included with your public key.
You will only be able to see their identities if
you already have their public keys on your
key ring.
Key ring - A key ring contains public keys.
You have a key ring that contains the keys of
people who have sent you their keys or
whose keys you have gotten from a public
key server. A public key server contains keys
of people who have chosen to upload their
keys.
What is a digital signature? Part 2

Fingerprint - When confirming a key, you will
actually be confirming the unique series of
letters and numbers that comprise the
fingerprint of the key. The fingerprint is a
different series of letters and numbers than
the chunk of information that appears at the
bottom of a signed email message.
Key certificates - When you select a key on a
key ring, you will usually see the key
certificate, which contains information about
the key, such as the key owner, the date the
key was created, and the date the key will
expire.
"Web of trust" - When someone signs your
key, they are confirming that the key
actually belongs to you. The more signatures
you collect, the stronger your key becomes.
If someone sees that your key has been
signed by other people that he or she trusts,
he or she is more inclined to trust your key.
Note: Just because someone else has trusted
a key or you find it on a public key ring does
not mean you should automatically trust it.
You should always verify the fingerprint
yourself.
The process for creating, obtaining, and
using keys is fairly straightforward:
Generate a key using software such as PGP,
which stands for Pretty Good Privacy, or
GnuPG, which stands for GNU Privacy Guard.
Increase the authenticity of your key by
having your key signed by co-workers or
other associates who also have keys. In the
process of signing your key, they will
confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they
verify your identity and indicate trust in your
key.
Upload your signed key to a public key ring
so that if someone gets a message with your
signature, they can verify the digital
signature.
Digitally sign your outgoing email messages.
Most email clients have a feature to easily
add your digital signature to your message.