What is WEP Encryption and its Security

WEP encryption (Wired Equivalent Privacy, or Wired Equivalent Privacy) is a cipher, implemented in the 802.11 wireless connection protocol, which encrypts the information we will pass between two points so that it can only be access to them and interpret them the points that have the same key.

In general, a wireless router or Access Point will only allow access to those terminals that have the same WEP encryption key.

This key can be of three types:

64-bit WEP key .-, 5 characters or 10 hexadecimal digits (0 to 9””””A to F preceded by the string”0x”).

128-bit WEP key .-, 13 characters or 26 hexadecimal digits (0 to 9””””A to F preceded by the string”0x”).

256-bit WEP key .-, 29 characters or 58 hexadecimal digits (0 to 9””””A to F preceded by the string”0x”).

The one most often used is 128 bit, offering a good level of protection without being overly long and complicated.
The 256-bit WEP encryption is not supported by many devices.

A WEP key can decipher (there are programs for it), but this requires an uninterrupted traffic data for a given time (in fact, enough data and enough time).

Obviously, the higher the level of encryption and key more complicated the more difficult it will be to decipher.

It does not take the same (given data volume and time) to crack the WEP encryption key of 64 bits of 128 bits, and there are also no relationship between arithmetic, ie it does not take twice as crack a WEP key of 128 bits a 64-bit.

Although it is possible to crack these encryption keys, do not think that is easy or quick. A good key 128-bit WEP encryption (if not a 256-bit) can be almost unreadable if we have ensured that is sufficiently complicated.

Most key-cracking programs are based on a series of more or less logical sequence with which it begins to attack our system to enter. Obviously, a key rate takes seconds 1234567890 be located, but no one thinks (or should it occur) to this key.

We should avoid keys that contain sequences related to us (dates, names, places), and phrases, as it is the first thing you try this type of program. This is not only valid for a WEP key, but for any kind of key you say. We should also avoid key easy as consecutive sequences of keys or numbers.

For safety it is strongly recommended wherever possible to enable MAC address filtering. An also read my post on Wifi Security

A MAC (Media Access Control address) is a hexadecimal identifier of 48 bits. This address is unique for each device, not being a user-modifiable parameter (each card or network interface has its own MAC address, set by the manufacturer.)

Read More

Firesheep:Trick to Hack Facebook and Twitter Password on Wifi

Do you access your Facebook or Twitter account while you are on a public network like your college’s or office’s unsecured wifi.Then this is the time that you should think about your account security.If you think that facebook or Twitter are secured websites then it’s the time to face the reality they are not secured.Whenever you login into your facebook or twiiter account check the address bar of your browser you will see something like http://www.facebook.com/home.php? Similar is the case with twitter.They use http protocol instead of secured https protocol.But if you login into your gmail account you will notice that it uses https protocol.

So, the trick I am telling you works only on websites like facebook,twiiter,flickr but not on secured websites like Gmail.So here is Trick to Hack Facebook and Twitter Password on Wifi and also the method of protection from this hack.This trick doesnot require any programming knowlege and everyone can use this trick easily.

1.Download firesheep Firefox extension.This is a freeware extension for firefox browser.

2.  Once installed it will open a sidebar window into your firefox browser.

3.Now it will show all the people who are connected to unsecured wifi network.Once they login into your facebook or twitter account you will get a notification and with a single click you can login into their account.

This whole thing work on the technique of cookie hijacking.Once your session cookie is hacked then anybody can login into your account.These cookies can be easily caputered on unsecured wifi network.

The best way to protect yourself from such a hacking trick is to avoid using your facebook or twitter accounts on unsecured wifi networks as it is a security lapse from the websites not on your side.

Note:-This article is to inform you about how your password can be hacked and how to prevent it.This article is purely for educational purposes.

Read More

Trick for Advanced SQL Injection : Havij

I got a tremendous response for my earlier post on SQL injection.A lot of people request for advanced SQL injection tutorial.Before I give you a complete layout of how to do Advanced Sql injection on vulnerable website I recommend you to go through the earlier post so get a slight idea about What Sql injection Is And How It Works.

Well to make the Sql injection easier for you I would be using a tool Havij.Its has both a free version and and a paid version.In this tutorial I will be demonstrating how to use the free version of Havij.The success rate for this tool is more then 94% on the vulnerable website.

It is automated tool for SQL injection for penetration testers to check whether a website is vulnerable to SQL injection or not.All you need to do is to enter the URL of the site that you want to test for the vulnerability and click on ANALYZE button.It will automatically scan the website for Sql Injection.

Below Is the Download link For Havij

CLICK HERE TO DOWNLOAD HAVIJ

Here Are the Features of Havij

Supported Databases with injection methods:
a. MsSQL 2000/2005 with error
b. MsSQL 2000/2005 no error (union based)
c. MySQL (union based)
d. MySQL Blind
e. MySQL error based
f. Oracle (union based)
g. MsAccess (union based)

Automatic database detection

Automatic type detection (string or integer)

Automatic keyword detection (finding difference between the positive and negative response)

Trying different injection syntaxes

Proxy support

Real time result

Options for replacing space by /**/,+,… against IDS or filters

Avoid using strings (magic_quotes similar filters bypass)

Bypassing illegal union

Full customizable http headers (like referer and user agent)

Load cookie from site for authentication

Guessing tables and columns in mysql<5 (also in blind) and MsAccess

Fast getting tables and columns for mysql

Multi thread Admin page finder

Multi thread Online MD5 cracker

Getting DBMS Informations

Getting tables, columns and data

Command executation (mssql only)

Reading system files (mysql only)

Insert/update/delete data

What Havij can do for you ?

By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

How to Find A vulnerable website

Go to google homepage and search for inurl:php?id=

You will get probably thousands of result.Now open any page and add a apostrophe ( ‘)to the end of the url.Example if the Url was http://www.mytargetsite.com/php?id=34it should be now http://www.mytargetsite.com/php?id=34’

If you get a SQL syntax error then this website can be vulnerable to SQL injection.Now you should use Havij on this URL.

NOTE:This tutorial is for only educational and testing purposes.In some countries SQL injection is an offence.

Read More

Trick on How To Download Songs From Raag.fm

Raag.fm is one of the most popular online songs streaming website.It has some very rare songs and latest arrivals especially Punjabi songs that are sometimes not available on other websites.So, In this post I will tell you the trick on How you can Download Songs from raag.fm

This trick is not limited only for raag.fm but it can be used for most of the online streaming websites.Before I give you the whole trick let me explain the basic concept of how online streaming works so that you can know where this trick will work and on which websites it wont work.

How Online Streaming of Songs Work?

The songs that are streamed are stored on the server of the websites.Whenever you play a song usually a Flash/javascript player opens so that you cannot get the direct links of the song on the server.But you may have noticed that if you play the complete songs once it will can be played again (if you haven’t closed the music player) even if you disconnect your Internet connection.This is because the song is already stored in the cache of the web Browser.

Trick to Locate The Cache Folder

If you are able to locate the cache of the song which has been already played in the music player then it means that you have downloaded the song.It is quite easy to locate the cache folder in google chrome so I recommend you that you you should use google chrome for this trick.

Make Sure that you have enabled to View hidden Files and Folders.

• The cache folder for Google Chrome in Windows 7 can be located at

C:\Users\USER_NAME\AppData\Local\Google\Chrome\UserData\Default\Cache

C, being the system root. If you are not sure about the system root you can replace C: with %systemroot%.

Also donot forget to replace USER_NAME to your windows username

• The cache folder for Google Chrome in Windows Xp can be located at

C:\Documents and Settings\USER_NAME\Local Settings\Application Data\Google\Chrome

Once you go to the cache folder you will probably see hundreds of files.

Trick to Find Song In cache folder

As you will probably see hundreds of files with random names and no extensions it can be quite difficult to locate the song.But you will see that most of the files will have very small size like less then 500 kb.So sort the files according to their size.

As songs have usually size of 3 mb to 8 mb you can easily recognize you song.Play the file with Vlc player.If this is song you were looking for then copy it and paste it at your desired location by renaming the song with the extension of .MP3 (Make sure you haveunchecked hide files files extension in folder options in control Panel)

Websites On which this Trick Will not Work

There are some famous websites like in.com and probably others which do not save any cache file on your browser.So this trick will not work on these type of website.To test whether this trick will work or not the website simply play the complete song replay it and disconnect the Internet in between if the songs plays continuously the this trick will work else Find Another Website

Note:-Cache of the song will be stored on when you have played the complete song.So,Do Not panic if the cache doesn’t appear.Wait for the song to be completed.

Read More