Sunday, 22 March 2015

Hack Window / Linux Password Within 3 Seconds

Hye, Hack Defence Readers! Present Time Windows is Mostly Using operating System. So Today we will Hack Window password (of any User)....if You Wanna Bypass, Hack Window Password Within 3 Seconds This article is only for you :)   Well This Tutorial is Education Purpose Only. Hack Defence will not be Responsible For any illegal Activity Done by You. Don't  Try it on other Computers. In This Article We will Use Kon-Boot For Hack Window Password.

What Is Kon-Boot And How it Works ?

Kon-Boot is software which allows you to bypass a Windows or Linux password by temporarily modifying the kernel. This is great for those times when you are working on a client’s pc but forgot to ask for the password. Kon-Boot is one of the simplest programs I have ever used, and it works very well. Simply burn the iso Image into CD Or You can make Bootable Pendrive. It will automatically load and then start the Windows boot process. When you get to the login screen click on any user and hit enter and you will log into the desktop, no matter how strong password was used.
The process does not change, modify, or delete the user password, it simply bypasses it by temporarily modifying the kernel. When you are done Eject the CD and reboot or shutdown. The user login will again require a password and won’t log in unless it’s provided. It’s that simple.

Tested Operating Systems :


  • Microsoft Windows
  • Windows Server 2008 Standard SP2 (v.275)
  • Windows Vista Business SP0
  • Windows Vista Ultimate SP1
  • Windows Vista Ultimate SP0
  • Windows Server 2003 Enterprise
  • Windows XP
  • Windows 7
  • Window 8
  • Window 10



Download Kon-Boot :

                                   Click Here To Download Kon-Boot ~ Hack Defence

Watchout Out Our Video Demonstration  : 



Thanks! for reading, if you have any kind of doubt feel free to comment and Share it for increase us. 
Don't Be Selfish, Share it :) Thank You!



Read More

Thursday, 19 March 2015

Airtel : Use Free Net

Hye!, Guys Today i come with a interesting Hack  to use free net in Airtel Network Working in all over india. Well for Hack Airtel to use free net you Have not be with Ninja Skills. in this article we will use NMD VPN and Some Config Files. 


In this Post we will Show you How to Use NMD VPN for Free Internet : 


What Is VPN : 

  • NMD VPN is the Open VPN Software program which can be utilized or operated for creating or making the Secured Virtual Private Network.
  • However now-a-days it is most widely used for Free internet. All network operator trick can be used by NMD VPN Configuration.

Features Of NMD VPN : 

  1. Freeware: zero cost for downloading and using it.
  2. Supports: All TCP and UDP port.
  3. Requests: Supports all HTTP and HTTPS requests.

Download NMD VPN Software :

                                                        Click Here To Download NMD VPN

Download Config File : 

                                            Click Here To Download Config Files

Steps To Install NMD VPN : 

Users:
Windows XP – Direct install software without any Administrator Privileges.
Windows 7 & 8 – You are required to “Run as an Administrator”
  • Now follow the below Video to install the NMD VPN software.
  • Right click on NMD VPN software and click on “Run it as an Administrator”.
  • Now NMD VPN Software is installed in your computer. Config folder is been created in the program files.
Windows XP 7 & 8 (32 bit): C:\Program Files (x86)>NMDVPN>config.
Windows 7 & 8 (64 bit): C:\Program Files>NMD VPN>config.

Watchout How To Install NMd VPN ?


How To Use NMD VPN Software For Free Internet On PC :

Watchout Video Tutorial To Use Free Net ?

  • First of all you are required to connect your data card or modem or mobile with the respective settings.
  • Now you are required to put your config file to the NMD VPN config folder, Copy SERVER  FILES to C:\Program Files>NMD VPN>config
  • Now run NMD VPN software (Remember: Always Run nmd vpn as Administrator otherwise you will get an error in connecting).
  • Find NMD VPN icon on your taskbar right menu.
  • Right click on that NMD VPN Menu – select HackDefence SERVER  – Click connect it by Left click.
  • Now if your config is working then in a few seconds you will be connected to it.
  • NMD VPN icon Color Will be Green! its means config is connected.
Cheers! Enjoy the free internet on your pc without any paying. No further configuration now.

Notifications: NMD VPN Colors

  • RED: NMD VPN is Disconnected.
  • Yellow: In the process of Connecting.
  • Green: NMD VPN is Connected.
All Network Free Net Hack are Coming Soon! Stay Update With Us.
Thank You!

Read More

How Can I Secure My E-Mail Account

Hi, Guys Every Day i'm Hearing that everyday many e-mail account hacked because of Poor Passwords Combination, less Security/privacy setting or unknown about various technique used by hackers. if you crazy about how your facebook account Hacking can be Done, must read my Previous Article. you know our all accounts like social networking sites, online recharges, payment sites account are connected to e-mails  So if our e-mail account is hacked, hacker can hack your all accounts  by clicking on forget password button. so Today we want to show you Some essential, technical and non-technical tips that will further strengthen your account security from any possible threat and scheme. 

Follow  below Given tips :




[#] Use A Unique & Strong Password (Hard to Crack) :

                                                                        Many accounts can be  Hacked  by Guessing  password becoz many users use their phone number, nick name, Girlfriend name, or some words like I Love You etc. so First of all use Strong and Unique password with all characters combination ( include alpha-bate (upper, lower case), Numbers, Some Special Characters  ) that will be unable to guess.
                                             
  • Use unique passwords for your accounts, especially important accounts like email and online banking. Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office – if a criminal gains access to one, all of them are compromised. So don’t use the same password for an online newsletter as you do for your email or bank account. It may be less convenient, but picking multiple passwords keeps you safer.
  • Use a long password. The longer your password is, the harder it is to guess.
  • Use a password with a mix of letters, numbers, and symbols.
  • Try using a phrase that only you know. For example, for your email you could start with “My friends Ekta Bhardwaj and VivEk send me a funny email once a day” and then use numbers and letters to recreate it. “MfEB&Vsmafe1ad” is a password with lots of variations.

[#] Check The URL before Log In  :

                                                      Always Check your address or URL bar Before input your information  in page that connection should be https and exact url of website. becoz some dirty mind create phishing page (exact replica) The worst part – they install some scripts or malicious codes behind the fake login page and host the page in their web server. When you login to Gmail from a fake login page, your username as well as password is sent to the attacker.

[#] Setup Two-Step Authentication (a Password and Your Phone) : 

                                                                   This is one of the Best way to Secure your account  from Hackers. Well, the good news is that Google has been forging its Gmail security system by adding new security features, most of which we do not know about.  to combat the growing account theft issues, Google has introduced a security feature which will greatly strengthen your account: 2-step Verification. In general, it adds an extra layer of security by inquiring a code that will be sent to your phone a special code OTP (one time password) for login in addition to your password. The code comes through your phone and is valid for 30 seconds. every time you request for the account access, thus making it impossible for anyone to hack into your account without your phone. 
Sounds problematic? Probably not. The awesome thing is that the setup is fairly easy, you just need to visit the setup page and follow a series of simple instructions, and that’s all, you are good to go!

[#] Set Security Question : 

                                                You will be surprised to the fact that hackers love to hack into your account from your mail recovery’s security question, than to confront your already strong password directly. It’s really reasonable though, since most websites teach you to create a strong password, but they didn’t tell you to spawn a tricky recovery question and/or answer. For this one I will like to have my personal trick exposed to you: create a question with an absolutely wrong answer. It’s really simple, let’s say you made a question, “Who is the lover of my mother?” (please don’t use the combination of this question and the answer below since we covered it here), then you can put the answer as “my mother loves to eat burger“. Make it as nonsensical as possible, but keep the answer strongly related with your past, so you can remember it easily and only you will know the answer.
Once you got your own tricky question and answer, you can change your password recovery question by accessing your Gmail, clicking on the gear-like icon > Settings > Accounts and Import > Change password recovery options, then click “Edit” on the Security question option and replace it with your new question. 

[#] Set Up Your Password Recovery Options And Keep Them Up-To-Date : 

                                                                                                              If you forget your password or get locked out, you need a way to get back into your account. Many services will send an email to you at a recovery email address if you need to reset your password, so make sure your recovery email address is up-to-date and an account you can still access.
Sometimes you can also add a phone number to your profile to receive a code to reset your password via text message. Having a mobile phone number on your account is one of the easiest and most reliable ways to help keep your account safe.

[#] Regularly Monitor Gmail Account Activity :

                                                                      You can monitor the IP addresses of the computers used to log in to your Gmail account. To find the IP addresses, log in to Gmail, scroll down and click account activity details.
                                                                       This will show you a list of the last IP addresses used to log in to your Gmail account. You will notice the country and state name alongside date and time of your last Gmail activity. Should you find another unknown IP address or the name of a place, there are high chances that somebody else is logging in to your Gmail account from elsewhere.

                                        To solve this issue, click the “Sign out of all other sessions” button and Gmail will automatically delete all the active sessions of your account. Next, immediately change the password from your Google accounts settings page.

[#] Enable Https Security : 

                                     When it comes to accessing your Gmail account in public wireless or non-encrypted networks,HTTPS could mean your security. Leaving HTTPS disabled will only make it easier for attackers to crack open a path into your Gmail account. HTTPS is enabled by default, but past experience has taught me that it’s always better to perform a check to ensure that the HTTPS option is on.

[#] Do not Click on Suspicious Links : 

                                                      There are some websites which let’s anyone send fake emails to any email address. And the worst part is that the sender can customize the “From” address to anything – noreply@gmail.com or gmailteam@google.com.
Consider a scenario: Mr X uses some website and sends an email to you asking you to change your Gmail password due to security reasons. You see the from address field as something like “support@gmail.com” and think that it’s from Gmail. No, it’s not.                                                                          When you receive any emails which asks you to change your account password or enter login credentials, STOP. Do not ever click on any suspicious links from your inbox.Gmail will never ask you to change your password or enter login credentials without any reason. Hence, if you receive any email which claims to be from Google and wants you to change your password, be rest assured someone is trying to fool you and hack your email account.

[#] Avoid Checking Emails At Public Places : 

                                                                   A Keylogger is a computer program which can be used to record what you are typing in the keyboard The Keylogger records your keystrokes, saves them in a simple text file and sends it to an email address or to an FTP server. And you are completely unaware of the whole process, running in the background.
                                                                                                                            
You never know which programs are installed in a public computer. Consider a simple scenario: You went to a local internet cafe to check emails from your Gmail account. The cafe staff has installed a Keylogger in every computer and when you type the username and password, the Keylogger script comes into action, records both your username and password and sends it to another email address. You leave the cafe after checking emails and the cafe staff  retrieves your username and password and hacks your account.
Hence, never check emails at a local cafe or at public places or in any computer where you don’t have control.

[#] Never Trust Anyone :

                                   Even (and especially) when you receive emails from your loved ones, because their account might be hacked and those emails are actually sent not by them and without their permission. I believe that most people already know about this but I feel it important to list this advice down nonetheless.
                                                                             The fact is that I can’t really count how many scam or phishing mails I’ve received from my friends’ hacked accounts. Fortunately I was calm enough to not open the “I love you” email, but there could be certain mails like “Robbed in China” scams in which "your friend" asks for your emergency help, and these are the ones that could really trick you as the request for help is coming from your dear friend.
Normally your first reaction would be to ignore the mail, but if you’re really curious about the situation, then reach out to the friend or his/her family members to verify the crisis before extending any help . Otherwise, you’re the one who will face the crisis, so please keep the warning in at the back of your mind any time!

Some Other Tip : 

  • Don’t send your password via email. Legitimate sites and services won’t ask you to send them your passwords via email.
  • Keep your password reminders in a secret place that isn’t easily visible. Don’t leave notes with your passwords in plain sight, on your computer or desk.
  • Never Store Private information like as Credit, Debit card Details, Passwords, Commercial information on your e-mail account.

What To Do I Get Hacked : 


  1. Check Granted account access : The first thing you must check to see if you have suspicious activities happening in your Gmail account, is probably your granted account access settings. I guess if a hacker had a chance to infiltrate into your account, he will probably add his own created fake mail account into your Gmail for easier future access, or for a re-hacking session if his other tricks were exposed and removed.       
  2. Recover Your  Account :  Try to recover your account using e-mail address and phone number.    

Read More

Friday, 20 February 2015

Hello, everyone I'm really very excited to share this inspirational interview. Today we've Interview of Security Researcher Laxman Muthiyah ( Bug Bounty Hunter ). Recently  Who Have got awarded by Facebook Security Team. he had discovered very critical vulnerability in Facebook that led him to reward of $12,500 USD by Facebook for discovering a Facebook bug that allowed hackers to arbitrarily delete photos from any user account. Facebook fixed the bug Within two hours after it was Reported. He get lots of respect from many Newspaper.  He is also one of mine best friend. I'm proud to be his friend and glad to see his success.
                                                   Today Lax have shared his journey, motivation and lots of life experience, guides with me and our blog community HackDefence. i'm Sure you'll Enjoy it :)


 Hello Lax, Introduce yourself to Hack Defence readers : 


Hi, I am Laxman Muthiyah, 22 Years old, From Tamil Nadu,INDIA. passionate about computers and technology stuffs. I am good at exploring things, so its obvious for me to explore everything i see, especially in computers. I still do remember that i started using computer at the age of Fifteen. I have completed computer science engineering last year. Now working as a web developer. Gonna quit this job and will start blogging.

How  did you get into Information security field ?

I love to keep my things secure, this might be one reason why i got in to Information security Field. I know this answer may sounds silly but its truth. What if you want to keep an important information secure ? this question took me into infosec.


When did you begin to learn Hacking or  start Bug hunting ?

At the age of 18, started learning things related to hacking. After 2 years got in to bug hunting.

Where did you learn so many things ? Please share your learning sources.

  • "Google is God" this statement means alot! I use to google everything i don't know.
  • Ethical Hacking Workshop by Sunny Vaghela gave me new ideas. This type of workshops would be very useful for beginners.
  • Rafay Hacking Articles is one of the good websites to learn hacking stuffs. 
  • Forums is the best place to learn hacking related stuffs- Hack Forums is one nice website.
  • Beginners also Keep Update With Hack Defence Blog.
  • OWASP testing guide is very useful for those who are interested in web security.


Why did you choose to become a Security Researcher ? 


I am very interested in information security and i don't have any reason towards it.

What is your first finding , how did you feel at that time ?

My first finding was a input validation bug ( Web Parameter Tampering ) in a mobile recharge website. It allowed me to do Free mobile recharge. I was very happy and also scared because i have done a recharge of Rs.10 without payment Then raised a ticket about this issue to their support team.

What is the favorite vulnerability found by you ?

The first one in mobile recharge website, I like it because it is my first finding.

Which is your most favorite quote or thought that motivate you ?

"The Expert in anything was once a beginner."
 "Never give up There is no such thing as an ending, just a new beginning."


What is your future plans ?

#Entrepreneurship #Infosec #Blogging


What is your advice to Beginners in Hacking/ Penetration Testing field ?

Never give up. There are only two types of vulnerability in the Internet. One is named and other is unnamed. go and name it. The only thing we need is "Patience" (not only in the field of info.sec. ), you can do anything and Be honest.

What do you think about Hack Defence blog ?

Hack Defence is a nice startup website doing really well. Guiding the beginners in one distinct way. Good luck & Keep up the good work

Thanks for advice, Is there anything else you want to add ?

First of all, i thank the author of this blog "Gautam Kumawat" for this interview. I am not a expert in infosec. I just crossed the beginning stage. Lots more to go. I wish everyone to do well in infosec and lets make the internet more secure place.


Thank you Laxman bro for your precious time, and best of luck for your future life. 
Also Thanks for recommending our blog to beginners, I appreciate it. You can also Follow Laxman Muthiyah on Facebook  & TwitterThanks for reading Interview, If you've any kind of doubts  or Question for Laxman please Free to ask him in Comment. Don't forget to share it :)





Read More

Monday, 16 February 2015

OWASP Web App Testing Guide : E-Book

Hello Hack Defence Readers, Today i Have  Found a Very Useful E-Book For you Named OWASP Web App Penetration Testing  Guide. This Book is Latest Release by OWASP  Under RELEASE : “Release Quality” book content is the highest level of quality in a book title’s life cycle, and is a final product after alpha & Beta. This E-book Contain 224 Pages With OWASP 2014 Top Ten Vulnerability. 



[#] What is OWASP ?

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security “visible”, so that people and organizations can make informed decisions about application security risks and Every one is free to participate in OWASP and all of it's materials are available under a free and open software license. 

[#] Testing Guide Foreword - Table of contents : 


Frontispiece

About the OWASP Testing Guide Project

About The Open Web Application Security Project


Introduction :

  • The OWASP Testing Project.
  • Principles of Testing.
  • Testing Techniques Explained.
  • Deriving Security Test Requirements.
  • Security Tests Integrated in Development and Testing Workflows.
  • Security Test Data Analysis and Reporting.

The OWASP Testing Framework :


  • Phase 1: Before Development Begins.
  • Phase 2: During Definition and Design.
  • Phase 3: During Development.
  • Phase 4: During Deployment.
  • Phase 5: Maintenance and Operations SDLC Testing Workflow.

Web Application Security Testing :

  • Introduction and Objectives.
  • Configuration and Deployment Management Testing.
  • Identity Management Testing.
  • Authentication Testing.
  • Authorization Testing.
  • Session Management Testing.
  • Input Validation Testing.
  • Testing for Error Handling.
  • Testing for weak Cryptography.
  • Business Logic Testing.
  • Client Side Testing.

Appendix :

Appendix A: Testing Tools.

                  Black Box Testing Tools.
Appendix B: Suggested Reading.
                  Whitepapers 
                  Books
                  Useful Websites.
    Appendix C: Fuzz Vectors.
                      Fuzz Categories.
      Appendix D: Encoded Injection.
                        Input Encoding.
                        Output Encoding.



      Click Here to Download OWASP Web App Penetration Testing Guide v4.
             

      Read More

      Saturday, 31 January 2015

      How To Secure Facebook Account From Being Hacked

      Now Days Facebook is one of the most Target Site of Hackers. Everyday i'm lishning new news " My Facebook Account is Hacked ", what i do ? How to Get Back or Recover my account password ? How can i Secure My Facebook account ? So for giving your all questions answer i have created this Article. Account Security is not a very tuff job if you Follow some Given Tips you can secure your account from getting Hacked :)



      [#] Create a Strong Password :

                                                         Are you thinking why i suggest  you to Create or use Strong password Answer is simple "Attackers can Unable to Crack your password by Gussing or from many type of attacks like Brut-force, Dictionary attack, Rainbow attack etc. 
         

      What makes a password strong (or weak) ?

      • A strong password  is  mix of letters, numbers, and symbols. 
      • Is at least eight characters long.
      • Does not contain your user name, real name, or company name, Phone number.
      • Does not contain a complete word.
      • Is significantly different from previous passwords.
      • Contains characters from each of the following four categories:




      Character category
      Examples
      Uppercase letters
      A, B, C
      Lowercase letters
      a, b, c
      Numbers
      0, 1, 2, 3, 4, 5, 6, 7, 8, 9
      Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces
      ` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? /

      Check your Password Strength : Click Me

      How to Change your password : Settings > General > Password.



      [#] Check The URL before Log In  :

                                                            Always Check your address or URL bar Before input your information  in page that connection should be https and exact url of website. becoz some dirty mind create phishing page (exact replica) The worst part – they install some scripts or malicious codes behind the fake login page and host the page in their web server. When you login to Facebook from a fake login page, your username as well as password is sent to the attacker.
                             Log in only at www.facebook.com and not from any other link or website, unless you are accessing via Facebook App. 

      [#] Do not Click on Suspicious Links :

                                                                     Think Before Clicking on any Link, Never Click on any Suspicious link even they are come from your Friends or a Company you know. if one of your friend click on a spam link they could accidentally  send you and tag you in Spammy Post. you shold not download things(ex. a .exe File) if u are not sure what they are.

      [#] Verify Your Phone Number and Turn On Text Messaging  :  

                                                                                                      Confirming/Verify  your mobile number is one of many ways to enhance your account security on Facebook. This way, even when you lose or forget your password, Facebook will be able to send you a new one via SMS. or you will Get Notification if anyone Login or trying to log in your account.
      To add your mobile number, go to Account Settings > Mobile and click on Add a Phone.


      [#]  Verify Your E-mail and Add Secondary E-mail also : 

                                                                                               Verify Your E-mail address and also add another (Secondary) e-mail in your account, by the way if you forget your First email password + Facebook account password you can Easily  recover your Account using Secondary e-mail.
      To add your e-mail , go to Account Settings > General > Email.


      [#] Turn On Your Login Alerts : 

                                                          Turn on your login alert whenever anyone login from your account you will get notification on your mobile Number  and  E-mail .
      To Turn On Login Alert, go to Account Settings > Security> Login Alerts.
                                                           

      [#] Add Three Trusted Contacts :   

                                                            Trusted  Contacts are Friends that can Securely help you if you ever Have trouble in accessing your Facebook account. you can reach out to if ever need help getting into your Facebook account (ex. you forget your password and Can't get into your E-mail, Number to reset it )  after you setup 3 or 5 Trusted contact Next time if   you cant get into your account your Trusted Contacts can access Special, one time  Security Code From Facebook via URL . you can then call to your friends to get the security code  and use those code to access your Facebook account. Choose 3-5 Friends and Confirm your Choice :)
      To Add Trusted Contacts, go to Account Settings > Security > Trusted Contacts.



      [#] Always check your Active Sessions Or  Where You Are Logged in : 

                                                                                                                   If you notice any unfamiliar location or device, it means your Facebook Account is at risk. Just click on End Activity and dont forget to change your password after that.
      To Check Where you're Login, go to Account Settings > Security > Where You're Logged in.

      Some Other Tip : 

      • Don’t send your password via message becoz if your Friend account get hacked you will Surly in Trouble.
      • Never Store Private information like as Credit, Debit card Details, Passwords, Commercial information on your Message Box.
      • Don't Share your Password with anyone.
      • Don't Forget to LogOut From your Facebook Account After use.
      • Update your browser & Antivirus to its latest version to ensure your browser’s security is up to date so it would detect and alert you with a warning when you are navigating to a suspected phishing site.
      Wanna Know How Facebook Hacking Can Be Done Read our Previous Article : 
      Hack Facebook Account With Phishing


      Thanks For Reading our Post Stay Tuned with us :) 
      Please Give your valuable Feedback to increase us and  Feel Free to Comment & ask any kind of Doubts. 
      Read More