Nearly all wireless access points and routers allow an administrator to manage their WiFi network through a special administrative account. This account provides complete "superuser" access to the device's configuration utilities with a special username and password.
Manufacturers set both the account username and password at the factory. The username is often simply the word admin or administrator. The password is typically empty (blank), the words "admin," "public," or "password," or some other simple word.
To improve the security of a Wi-Fi network, you should change the administrative password on your wireless access point or router immediately when installing the unit. The default passwords for popular models of wireless network gear are well-known to hackers and often posted on the Internet. Most devices do not allow the administrative username to be changed, but if yours does, seriously consider changing this name as well.
Finally, to maintain home network security in the future, continue changing this administrative password regularly, not just one time. Many experts recommend changing passwords every 30 to 90 days. Use words that would be very difficult for others to guess
So what next................
visit this website to get default user name and password for all wifi product
http://www.phenoelit-us.org/dpl/dpl.html
or
www.defaultpassword.com
Securing your Wireless Network
Secure Your LAN
LAN Security Threats
LAN Security Tools
Wireless Networking Security
These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders lurking within range of your home or office WLAN.
What can I do?
Most WLAN hardware has gotten easy enough to set up that many users simply plug it in and start using the network without giving much thought to security. Nevertheless, taking a few extra minutes to configure the security features of your wireless router or access point is time well spent. Here are some of the things you can do to protect your wireless network:
1) Secure your wireless router or access point administration interface
Almost all routers and access points have an administrator password that's needed to log into the device and modify any configuration settings. Most devices use a weak default password like "password" or the manufacturer's name, and some don't have a default password at all. As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else. You may not use this password very often, so be sure to write it down in a safe place so you can refer to it if needed. Without it, the only way to access the router or access point may be to reset it to factory default settings which will wipe away any configuration changes you've made.
2) Don't broadcast your SSID
Most WLAN access points and routers automatically (and continually) broadcast the network's name, or SSID (Service Set IDentifier). This makes setting up wireless clients extremely convenient since you can locate a WLAN without having to know what it's called, but it will also make your WLAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by (though it will still be detectible by WLAN "sniffers").
3)Enable WPA encryption instead of WEP
802.11's WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren't limited to 0-9 and A-F as they are with WEP. WPA support is built into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware and operating systems. A more recent version, WPA2, is found in newer hardware and provides even stronger encryption, but you'll probably need to download an XP patch in order to use it.
4) Remember that WEP is better than nothing
If you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a string of the same or consecutive numbers. Also, although it can be a pain, WEP users should change encryption keys often-- preferably every week. See this page if you need help getting WEP to work.
5) Use MAC filtering for access control
Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump.
6) Reduce your WLAN transmitter power
You won't find this feature on all wireless routers and access points, but some allow you lower the power of your WLAN transmitter and thus reduce the range of the signal. Although it's usually impossible to fine-tune a signal so precisely that it won't leak outside your home or business, with some trial-and-error you can often limit how far outside your premises the signal reaches, minimizing the opportunity for outsiders to access your WLAN.
7) Disable remote administration
Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it's best to keep remote administration turned off. (It's usually turned off by default, but it's always a good idea to check.)
Thursday, December 2, 2010
default passwords
Contribute to the default password list. Add your own experience. Manufactor: Product: ... contact at defaultpassword dot com
www.defaultpassword.com
This is a best website for newbies who would like to get default password for diff kind of Manufacture.......................
www.defaultpassword.com
This is a best website for newbies who would like to get default password for diff kind of Manufacture.......................
Tor Project: Anonymity Online
A free software implementation of second-generation onion routing, a system enabling its users to communicate anonymously on the Internet.
http://www.torproject.org/
visit this site and download the version base on ur operating system.
It's free once your download this setup, you don't have to install it just need to extract it and start the exe. it's a portable application ,without no virus
Note:- This is educational purpose,I am not responsible for any harm,use it on your own responsibility.................
http://www.torproject.org/
visit this site and download the version base on ur operating system.
It's free once your download this setup, you don't have to install it just need to extract it and start the exe. it's a portable application ,without no virus
Note:- This is educational purpose,I am not responsible for any harm,use it on your own responsibility.................
SQL injection
SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data.
SQL injection techniques may differ, but they all exploit a single vulnerability in the application
I would like you can shoot below link to know SQL Injection with some example.this is educational purpose.
http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm
SQL injection techniques may differ, but they all exploit a single vulnerability in the application
I would like you can shoot below link to know SQL Injection with some example.this is educational purpose.
http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm
Tuesday, October 26, 2010
Send fake mail to any mail ID
Did you ever want to send an email from your friend's Email ID? But could not just because you didn't have the password to his mail account. Had it been your wish to get a mail from a celebrity so that you could show off to your friend's? Then PHP mail is just what you need. From this page you can send email to anyone (including yourself) using a name and email id that does not belong to you
you can check my link here
dude you can't use my website without my credentials
so drop me a mail,bcz I periodically change my password
http://freemail.6te.net
Note- this is only for educational purpose......
If you wanna know how to make this kind of webpage you can hit me a mail
crackmindd717@gmail.com
you can check my link here
dude you can't use my website without my credentials
so drop me a mail,bcz I periodically change my password
http://freemail.6te.net
Note- this is only for educational purpose......
If you wanna know how to make this kind of webpage you can hit me a mail
crackmindd717@gmail.com
Thursday, October 14, 2010
Track Somebody
Learn how to find anyone on internet
follow the below link
http://tracksomebody.com/?page_id=6
follow the below link
http://tracksomebody.com/?page_id=6
Wednesday, October 13, 2010
Social Engineering Works
Social Engineering Works (Part 1)
Why Social Engineering Works
By:The_Eccentric
Most company’s don’t really take social engineering seriously. Many penetration testers and computer security experts will tell you most company’s don’t care about security until they get hacked. This is a depressing thing to see and hear for the guys you are entrusted with protecting your company but joyful news to someone who has intent on doing some social engineering attacks on your company. In this weeks post where not focusing on what is Social Engineering but the philosophical question WHY social engineering works and types of targets to exploit using social engineering.
Why perform a social engineer attack?
To test the stability of physical security controls.
To test the level of (and even improve) security conscience among staff.
To give your staff experience at identifying the tactics that social engineers may use.
To teach your staff on how to deal with social engineering situations.
To provide valuable data to support your recommendations on both security awareness training and physical security improvements.
In (part1) we will go through the reasons behind and motivation of “why” along with examples of types of targets to use social engineering exploints against.
Reasons and Motivations
*People follow gernally instructions – If you can convince someone that you are someone in a position of authority, they are more than willing to follow any instructions that you give them, sometimes even if it goes against their better judgement.
*People want to be helpful - For those of us that live in the United States, apologies to my international friends, the environment we live in is very service oriented, it values helping other people and being generous, also it is a basic human nature to want to help others.
* People are trusting by nature - It is also a basic human nature to be trusting people. This sets up prefectly for a social engineer because they are masters in lies and deception. How many times have you seen people willing say yes to most request from you, by just being polite and respectful. This tendency to trust authority persists even in adults. In fact, some people have noticed that simply by pretending that they are important they can get people to regard them as an authority. (Note: 1)
Greed
The “Passwords for candy” law of reciprocal works great here. Also the “I scratch your back you scratch mine” type of logic and “if I give you X amount of money will you give me documents or information about client Y”. People always want to know what’s in it for them, what are they going to be getting out of the deal. Unfortunately this is one of the most unethical but widely used mindsets in todays culture.
Complacency
It’s easier to give people information to get rid of them :) This type of exploit works good on lone wolfs or the independent worker that can’t stand to work with someone they believe to be less incompetence and or more emotional than themselves. The very thought of groups project annoy’s them. They prefer to avoid having to deal with mundane politics and gossip without logic. Their logic tells them that the quickest and easiest way for them to get you out of their face is give them what you want (intel), so often they would not have to think twice about giving you what you seek just to get rid of you.
Fear(of getting into trouble for not doing their job)
People don’t like confrontations. When your are impersonating someone important or superior the average Joe won’t normally be willing to confront you about your credentials. He or she doesn’t want to risk the embarrassment of looking stupid or fear of loosing his or her job by questioning someone who asserts to have positional authority over them. Doing things such as walking around with confidence and assertiveness, carrying a clip board, wearing the proper clothes, etc all are effective in helping to pull off this role. Just as pets can smell fear humans, people can tell if you are not confident or fearful, so you will be unsuccessful at trying to play the role of someone superior.
Type of targets where social engineer is likely to be successful
In this section, I go a little further in types of targets where social engineering is most likely to success. This is not a golden rule but some good guidelines which you can follow.(This is not intended to offend any individual or group. Please do not take this information out of context)
Elderly People
This has been going on by insurance salesmen for a very long time. Elderly people are very easy to target because they can be more sympathetic and more likely to fall for a charity scam. One that they can relate would be something associated with AARP, Red Cross, American Cancer Society, etc.. The elderly can be kind-heated and overly trusting and easy to confuse with technical talk.
Women
They have been getting exploited with superficial social norms for years ranging from make up, fashion, material possessions, jewelry, etc.. With women your more likely to get far if you attack their emotions (get in touch with your emotional side). Women are more comfortable talking about emotions than about logic. They also pay attention to detail on fashion. Wear some name brand clothing that will help you to get noticed in a positive way, or bring up a converstion on subjects dealing with fashion. One quick way to build some rapport, is to avoid sports and or technical subjects, unless you see evidence that she’s interested in these subjects (wearing a hockey jersey, carrying a laptop, has books on technical subjects, etc.) Complements go far with women. Using compliments or talking fashion normally plays of well when social engineering the lady at the front desk. Try to play off her insecurity’s as-well, Toss light compliments if you envision some steady work at the site. Tell her she looks nice with whatever shes wearing. Pay a lot of attention to detail, especially her hair. If she changes her hair style compliment her on it. Trust me women love the attention. After softening her up in this manner, then see how willingly she beomes to handing over information. I cannott stress this any more don’t OVER do it. You might come off as creepy or seen as being a sexual harasser. You need to be smooth. If you are not smooth today, shadow and learn from someone who is. Its all about progression.
Disgruntled Employees
The only thing worse then getting social engineered is getting social engineered from within your own company. There is no better person to get valuable and accurate information about a company than a person who works inside the company and hates it there. A good way to go about a company your work is to try to befriend employees who seem to be disgruntled. Try to start up conversations with them on topics about work, have an pessimistic view about it to gain rapport quickly. Agree with the negative things they say. After gaining more rapport, ask little yes or no question about their job and other specific things. Try to let them do all the talking. Your are just there to lead them into the areas where you need the information. After a while they should be have spilled all they know about what ever you wanted to know.
Why Social Engineering Works
By:The_Eccentric
Most company’s don’t really take social engineering seriously. Many penetration testers and computer security experts will tell you most company’s don’t care about security until they get hacked. This is a depressing thing to see and hear for the guys you are entrusted with protecting your company but joyful news to someone who has intent on doing some social engineering attacks on your company. In this weeks post where not focusing on what is Social Engineering but the philosophical question WHY social engineering works and types of targets to exploit using social engineering.
Why perform a social engineer attack?
To test the stability of physical security controls.
To test the level of (and even improve) security conscience among staff.
To give your staff experience at identifying the tactics that social engineers may use.
To teach your staff on how to deal with social engineering situations.
To provide valuable data to support your recommendations on both security awareness training and physical security improvements.
In (part1) we will go through the reasons behind and motivation of “why” along with examples of types of targets to use social engineering exploints against.
Reasons and Motivations
*People follow gernally instructions – If you can convince someone that you are someone in a position of authority, they are more than willing to follow any instructions that you give them, sometimes even if it goes against their better judgement.
*People want to be helpful - For those of us that live in the United States, apologies to my international friends, the environment we live in is very service oriented, it values helping other people and being generous, also it is a basic human nature to want to help others.
* People are trusting by nature - It is also a basic human nature to be trusting people. This sets up prefectly for a social engineer because they are masters in lies and deception. How many times have you seen people willing say yes to most request from you, by just being polite and respectful. This tendency to trust authority persists even in adults. In fact, some people have noticed that simply by pretending that they are important they can get people to regard them as an authority. (Note: 1)
Greed
The “Passwords for candy” law of reciprocal works great here. Also the “I scratch your back you scratch mine” type of logic and “if I give you X amount of money will you give me documents or information about client Y”. People always want to know what’s in it for them, what are they going to be getting out of the deal. Unfortunately this is one of the most unethical but widely used mindsets in todays culture.
Complacency
It’s easier to give people information to get rid of them :) This type of exploit works good on lone wolfs or the independent worker that can’t stand to work with someone they believe to be less incompetence and or more emotional than themselves. The very thought of groups project annoy’s them. They prefer to avoid having to deal with mundane politics and gossip without logic. Their logic tells them that the quickest and easiest way for them to get you out of their face is give them what you want (intel), so often they would not have to think twice about giving you what you seek just to get rid of you.
Fear(of getting into trouble for not doing their job)
People don’t like confrontations. When your are impersonating someone important or superior the average Joe won’t normally be willing to confront you about your credentials. He or she doesn’t want to risk the embarrassment of looking stupid or fear of loosing his or her job by questioning someone who asserts to have positional authority over them. Doing things such as walking around with confidence and assertiveness, carrying a clip board, wearing the proper clothes, etc all are effective in helping to pull off this role. Just as pets can smell fear humans, people can tell if you are not confident or fearful, so you will be unsuccessful at trying to play the role of someone superior.
Type of targets where social engineer is likely to be successful
In this section, I go a little further in types of targets where social engineering is most likely to success. This is not a golden rule but some good guidelines which you can follow.(This is not intended to offend any individual or group. Please do not take this information out of context)
Elderly People
This has been going on by insurance salesmen for a very long time. Elderly people are very easy to target because they can be more sympathetic and more likely to fall for a charity scam. One that they can relate would be something associated with AARP, Red Cross, American Cancer Society, etc.. The elderly can be kind-heated and overly trusting and easy to confuse with technical talk.
Women
They have been getting exploited with superficial social norms for years ranging from make up, fashion, material possessions, jewelry, etc.. With women your more likely to get far if you attack their emotions (get in touch with your emotional side). Women are more comfortable talking about emotions than about logic. They also pay attention to detail on fashion. Wear some name brand clothing that will help you to get noticed in a positive way, or bring up a converstion on subjects dealing with fashion. One quick way to build some rapport, is to avoid sports and or technical subjects, unless you see evidence that she’s interested in these subjects (wearing a hockey jersey, carrying a laptop, has books on technical subjects, etc.) Complements go far with women. Using compliments or talking fashion normally plays of well when social engineering the lady at the front desk. Try to play off her insecurity’s as-well, Toss light compliments if you envision some steady work at the site. Tell her she looks nice with whatever shes wearing. Pay a lot of attention to detail, especially her hair. If she changes her hair style compliment her on it. Trust me women love the attention. After softening her up in this manner, then see how willingly she beomes to handing over information. I cannott stress this any more don’t OVER do it. You might come off as creepy or seen as being a sexual harasser. You need to be smooth. If you are not smooth today, shadow and learn from someone who is. Its all about progression.
Disgruntled Employees
The only thing worse then getting social engineered is getting social engineered from within your own company. There is no better person to get valuable and accurate information about a company than a person who works inside the company and hates it there. A good way to go about a company your work is to try to befriend employees who seem to be disgruntled. Try to start up conversations with them on topics about work, have an pessimistic view about it to gain rapport quickly. Agree with the negative things they say. After gaining more rapport, ask little yes or no question about their job and other specific things. Try to let them do all the talking. Your are just there to lead them into the areas where you need the information. After a while they should be have spilled all they know about what ever you wanted to know.
Subscribe to:
Posts (Atom)