Friday, October 29, 2010

Unlock Huawei modem


I've read many places where people r demanding money for unlocking modem.They write Email and Bank A/C details for money transfer, its funny.For only few digits they r charging money so I've decided to disclose all the science behind this.
Commonly the unlock code depends upon the IMEI no. and that IMEI no. uniquely identify each modem.
To calculate unlock code u can use online calculator from given url http://a-zgsm.com/huawei.php
or if u want to get own calculator, u can download from this link http://www.mediafire.com/?dtm5kwjmomx.
This is a universal calculator that can unlock Huawei,Nokia,Zte,Nec and others.
If u feel any problem u can write here.

Monday, October 25, 2010

Hosting own webserver without static IP

Hosting own server always a risky and expensive job but if u don't know hosting process you don't know any thing in real environment.Hosting is a process where we connect our own server to the web and people can access my site from my own server not any other.So here your responsibility is not only development but also to secure server.
This tutorial will teach you how can we publish own website -
1-) In the first step you'll create your website , it may be in any language.
2-)Now the next step, u have to purchase own Domain name like www.example.com . here example.com is your domain name.Domain price depend on the name like .com,.net,.org etc.
You can purchase it from godaddy or other.The payment can be done by VISA or MASTER card only .
3-)If u r not able to host own server u can purchase hosting environment and it depend on the language which u've used in web development.
if u have 24hours internet connection and a old computer u can create own webserver by installing Server program like APACHE and other and then u'll make environment according to your web application.If your website is written in PHP then u've to install Linux and then LAMP.
Linux is more secure as compare to other.
4-)Now the next step, u've to purchase Static IP for your Internet connection.and connect that server to your internet.In india BSNL,AIRTEL,MTNL etc provide Static IP.You can purchase from these.
5-)Now the final stage is to set your IP to that Domain which u purchased from Godaddy or other.They provides option to set your static IP for that Domain.
Now your server is ready to accept request from all over world.
If u don't have money to set own webserver due to Static Ip don't mind there is a another option
you can use http://dyndns.dk/ service. If u r using Broadband or other connection most of the time u'll get different IP when u start your internet .So http://dyndns.dk/ provides fascility where they'll give u domain name and u'll get register on this.Now whenever u'll start your system http://dyndns.dk/ will record your IP with your Domain name and when any user request for page first it'll go to the http://dyndns.dk/ with your Domain and then that request will come to your server.
Enjoy webhosting without Static IP....

Sunday, October 24, 2010

Free php hosting


Everyone who use internet want own website , it really attract to other and best way to connect the whole cyber world.But when we search for Domain charge and hosting we found that it is very expensive and out of reach from simple people but do u know there is a large no. of free domain and Hosting providers, who provide all these service free of cost.
I've used http://www.freewebhostingarea.com/ for my drupal based website.it is totally free and there is no any hidden cost for Domain and Hosting .
I'm writing some important features of freewebhostingarea.com
- They provide a real environment where user can install own Drupal, phpBB and other PHP based CMS.
- you'll feel like u r working on own hosting server because they provide a good GUI control panel .
- There is a limitation of database but it is enough for a small business and people.
-It's a best plateform to publish Php based application.
-you've to compromise with only domain name because they provide subdomain to each user
.You can choose own domain name which u want.

Thursday, October 14, 2010

Stuxnet virus

I think most of the people who have interest in hacking they've heard about Stuxnet.If not its Ok, It is a windows based virus targeting Siemens’ SCADA software and have capability to reprogramme according to the situation.According to the Wiki it was first discovered in june 2010 by VirusBlokAda, a security firm based in Belarus. it is also work as a rootkit to conceal its presence.
It is not possible to design a this type of virus without any government support because it is about 500kb in size. it has many new features which haven't seen before and stolen two security certificate from Realtek and Jmicron.
I've search a lot to find signature information of Stuxnet virus but haven't find yet because most of the popular Antivirus companies are reading the code and they r trying to find signature. I found some very important information regarding Stuxnet that how can we safe our computer from Stuxnet.
I m giving the url where i found this information
http://gretonger.blogspot.com/2010/08/tips-cleaning-stuxnet-virus-hardisk.html

1. Using Dr. Web CureIt , u can download from FreeDrWeb.com
2. Registry Fix

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

[del]
HKLM, SYSTEM\CurrentControlSet\Services\MRxCls
HKLM, SYSTEM\CurrentControlSet\Services\MRxNet
HKLM, SYSTEM\ControlSet001\Services\MRxCls
HKLM, SYSTEM\ControlSet002\Services\MRxNet
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXNET
HKLM, SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\ControlSet002\Services\Enum\Root\LEGACY_MRXNET

save as 'repair.inf'. Use the Save as type option to Text Document in order to avoid mistakes. Then, right click the file 'repair.inf', select 'Install' and restart the computer.

"Clean up temporary files, this in order to prevent the rest of the trojan is trying to become active again. Use tools such as ATF Cleaner or use the features of Windows that is the Disk Clean-Up," wrote Adi.

3. Emergency Solutions

In addition, the following is a script that can be used in emergencies to prevent re-infecting Winsta not. Save the following script with the name Winsta.bat (file type: Text)

@echo off
del /f c:\windows\system32\winsta.exe
rem rd c:\windows\system32\winsta.exe
md c:\windows\system32\winsta.exe
del /f c:\windows\system32\drivers\mrxnet.sys
rem rd c:\windows\system32\drivers\mrxnet.sys
md c:\windows\system32\drivers\mrxnet.sys
del /f c:\windows\system32\drivers\mrxcls.sys
rem rd c:\windows\system32\drivers\mrxcls.sys
md c:\windows\system32\drivers\mrxcls.sys
attrib +r +h +s c:\windows\system32\winsta.exe
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys

Once completed, double-click the resulting file Winsta.bat. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
Most of the Nuclear center of Iran are infected by the Stuxnet because they were using Simens hardware in their center and Indian Inset also use this Siemens hardware but according to ISRO chief we are in safe because we are using own software for Siemens tools.After the reading Stuxnet code many researcher are saying that behind all this there is only one nation Israel, because lots of words which are used in code like MYRTUS are Hebrew and they also don't like Iran Nuclear program. Now we are able to make own operating system to secure our research program.I think now we should work in this area because hackers are now targeting to crack the ISRO,BARC sytem to steal sensitive information we can't believe on others OS and at last I want to say please check your Huawei modem and its firmware program, u cant believe , there might be a loopholes......

Friday, October 8, 2010

Security Vulnerability in Asp.net

Few days back some expertise found security flaw in all asp.net version.This was publicly disclosed in a security conference on Friday Sept 17 2010.
problem:
Config is a file where user store sensitive information related to his site but an attacker can download or access this file and decrypt the data to sent to the client( like view state data in page)because there is vulnerability in the asp.net.
Actually the problem is in asp.net cryptographic system which provides hints to the attacker to know the pattern of the original data.and attacker can collect much information to decrypt the rest cipher data with the help of error message and request.
Solution:
Microsoft released a security patches for this u must download and install in your server.
u can also make custom error message for all types of error.
Everytime when an error occurred if u r showning system error message , it might be help to the attacker to know the flaw so please use own custom error message and try to redirect on your error message page when an error occurred.

Don't make a special error page for 400,500 etc. error

if u want to know the vulnerability of config file
type this command on root where your application installed
cscript DetectCustomErrors.vbs
now it will show the vulnerability message with config file if your config file is vulnerable.
to solve this problem just make an error message page


http://www.youtube.com/watch?v=yghiC_U2RaM
Two researcher Thai Duong and Juliano Rizzo demonstrated flaw in a video
In the first step they r showing that how we get key from a DotnetNuke CMS application with the help of POET.and then generate a cookies to login as superuser and same process can be used with any dotnet application.
In the next phase they use Cesar Cerrudo’s Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.



Making Own search engine

Making own search engine is always a difficult task ,I've been working on this area for about 6-7 months ago when first time i heard about Google secret page ranking algo. I'm not going to make a search engine like Google i am working on a search engine that will crawl MP3,video songs file like beemp3 search engine.
beemp3 is a world most popular mp3 search engine that doesn't store any mp3 file in their database but they only believe to crawl.
Before search engine a lots of different programs were used like Gopher,Veronica and Jughead to make indexing of web pages. first search engine created was Archie, created in 1990 by Alan Emtage, a student at McGill University in Montreal.
and after that many search engine came.
Search engine functionality can be divided in to three parts:
1-Web Crawler: It is a program that send HTTP request to URL and receive page content and again it identify new URL and push these new URL into the Queue and again retrieve new URL from Queue to find out new URL. This process work infinite till the condition satisfied.condition can be only find URL given Host or Out side.
2-Search engine indexer: I've found many places where people say that indexer used to make Queue only but I think it is not limit to only Queue it means also to make index of database to perform fast query operation .
3-Query engine: This is the again very critical part , Google uses different mechanism like Boolean expression,Logical etc. to retrieve a good result from database.But most of the time we get unnecessary link.They are working in this field to improve the query output.
The new era would be where search engine will be based on natural language Query Like ASK.COM.










It is a single search engine that works on Natural Language.
Before 1998 web crawlers mostly used BFS And DFS algo to travesre each URL but
In 1998 first Lary page and sergey brin proposed a new technique that is page rank .
In page rank web crawler decide special rank for each page on the basis of in linking and out linking of a single page.They proposed this method in his research paper "The Anatomy of a Large-Scale Hyper textual Web Search Engine" This research paper is available on this link http://infolab.stanford.edu/~backrub/google.html but it is not complete and after that they hide their secrets and now many companies are trying to make a Page rank based search engine but it is not possible yet.
On that time Google crawler crawl 100-200 pages in just one 1 second . Now u can imagine the speed of crawling .
Today they r using Distributed environment for web crawling.
After the completion of module I'll post remaining part
If u have any doubt , feel free to ask..