Showing posts with label List of Best hacking Articles. Show all posts
Showing posts with label List of Best hacking Articles. Show all posts

Wednesday, October 5, 2011

11. How to do MAC Cloning or NIC switching to Bypass Rapidshare Time Restriction and Download Limit


Though here are so many Rapidshare tricks we already have, but still hunger for the always new tips or tricks seems at not end. So now in the series there are two new latest tip here have been posted to how can be the bypass the Time Restriction or Download Limit. These are some how said to be the most advanced and may require additional software or hardware.
First Method we will use here MAC cloning application, which will allow you to change your MAC address of your NIC.
First of all Install MAC cloaning app (search Google from appz) Different appz have different procedures, read the help file to figure out what you are doing. I use SMAC, it is pretty simple.
1. Download file from RapidShare.
2. Change MAC address (don’t change until the current file is finished downloading)
3. Restart Modem, ISP will issue a new IP for new MAC address. Takes less then 15 seconds.
4. Download another file from RapidShare
This was all what we have to do with MAC Cloning now the second trick is having two NICs and a hub as I have static IPs (Roadrunner).
1. Download a file from RapidShare.
2. Disable one nic and activate another after download is complete.
While NIC is activating restart Modem. IPS will assign a new IP.
3. Download another file.
4. When download is complete, create a bridge between NICs while restarting modem. Your ISP will assign a new IP.
This will get you three files in time limit set by RapidShare.
This method is not that high speed but is better then one file an hour.
Second method uses MAC cloaning application.
It will allow you to change your MAC address of your NIC.
Though I know these methods are not much easier as were the previous one but are worth to be tried if you have the hardware.
Posted by at No comments:
Labels: , , , ,

1. How do online accounts hacked using Session Hijacking? Explained View


Yesterday I have written an article how an Yahoo account using Session Cookies Hacking.. though in that article Session Hijacking has only informative ideas which makes today to think more about and let me write an another article describing whole… about what are the session cookies what are the methods or the types…
In this today’s article we will discuss more about online session hacking and session hacking attacks and different methods of Hijack the Sessions.
Though in the previous article I have already explained what the session cookies are but here I am posting it again just to recal…
Session Cookies are the string stored when we tends to login our account. But with unfortunate with hackers luck these strings have very short span of life i.e. gets automatically deleted after a set period of time. Now the question where these strings are stored -  In any situation there are only two places where these keys gets stored first one is itself the server and the second one is the browser cookies. And the destruction takes place at three ways first is when you close your web browser, second is when you sign out of your account and third is if you left your account open for more than 20 minutes idle. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website.
Now when these session cookies are exploited in any ways to gain unauthorized access over any computer system or network then this whole process is termed as Session Hijacking.Sometime if said more technically it is called the HTTP Cookie Theft or Magic Cooke Theft… Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also…
So now the question arises why the session cookie is hijacked and how it helps a hacker to gain access over to a system…
As it has already been mentioned that Session Cookies are the responsible keys to a person authentication so if any one gets these id… then he can easily bypass the authentication process and gain the access to the machine.  It would not require any reauthentication because the session is already active so the hacker can easily access the resources and sensitive information like passwords, bank details and much more. Isn’t this very terrific…
As we have got information what these “Session Cookies” are now let we see what are the ways…..
Session Hijacking involves two types of attacks :
1. Active attack
2. Passive attack
First Avtive Attack; in this type of attack Hackers tries to find an active session and takes control over it by forcing one of the parties makind offline forcibely. This is generally achieved by DDOS attack (Distributed Denial of service attack). Once if a hacker taken over this under his control then he can executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time. Though the mentioned is the most common but there are also a hybrid attack , here the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.
Now lets we Come to Passive attacks; in this type of attack a hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more…
As you learned the whole what Session hacking are and its types. Now its turn to Methods Involved; There are four main methods used to perpetrate a session hijack. These are:
  • Session fixation, where the attacker sets a user’s session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
  • Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
  • Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user’s computer or the server.
  • Cross-site scripting, where the attacker tricks the user’s computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Posted by at 2 comments:
Labels: , , , , ,

Looking for Hacking Tricks: List of Best hacking Articles Published till Date


These days hacking word has become too much popular; and its craze among the users is tremendous… Now even if you are also fond of Hacking Articles then below is the complete list of article you may love to read published on Tricksnhacking.com… Here goes the list Enjoy
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)