Friday, December 28, 2012

How to remove your private data from Spokeo

How to remove your private data from Spokeo

Find your link on Spokeo:

Then go to their privacy website and ask for removal:

How to control of your Google privacy

How to control of your Google privacy

Go to:

From here you can easily see everything you have ever done on Google.

Here are only some of the applications that you can control.

Wednesday, December 26, 2012

How to remove accounts connected to your Google account

How to remove accounts connected to your Google account

Go to:
From here you can easily de-select all the associated accounts that Google has found.

Go to:
From here you can easily de-select all the associated accounts that are actually connected to your account.

How to remove your Photo from Youtube

How to remove your Photo from Youtube

Go to:

Click on Rename > Check "I understand that my channel will be renamed." > Click Rename Channel

This will simply revert your Youtube account back to the way it should be. It should remove the Google+ photo as well as other information.

How to remove your Google+ +1's

How to remove your Google+ +1's

Go to > Click on Profile > Click on "+1's"

From here, simply remove all the unwanted "+1's"

Tuesday, December 25, 2012

How to turn off Sharing Options in Windows

How to turn off Windows Sharing Options - prevent intrusions

Start > Control Panel > Network and Internet > Network and Sharing Center > Advanced sharing settings

From here, you can simply un-check Network Discovery, File and Printer sharing and Public folder sharing.

How to turn off UAC(User Account Control) in Windows

How to turn off Windows UAC(User Account Control)

Start > Control Panel > User Accounts and Family Safety > UAC

From here, you can simply turn off UAC

How to turn off IPV6 in Windows

How to turn off IPV6

Method #1
Start > Control Panel > Network and Internet > Network and Sharing Center > Wireless Connection uncheck ipv6

From here, you can simply turn off IPV6.

Method #2
Start > regedit.exe > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > services > TCPIP6 > Parameters key new DWORD, DisabledComponents, val = 0

How to turn off Remote Desktop in Windows

How to turn off Windows Remote Desktop - prevent intrusions

Start > Control Panel > System and Security > System > Advanced System Settings

From here, you can simply un-check remote desktop.

Wednesday, December 19, 2012

How to turn the SNMPD Service off in Ubuntu

How to disable the SNMPD service

Check to see if it running:
sudo netstat -tupln

Open this configuration file:
sudo nano /etc/default/snmpd

Change the 'yes' to the 'no' and restart the service, disabling it.

Sunday, December 16, 2012

How to hack Facebook account pictures

A simple explanation of the Facebook photo URLs

Let's get an example Facebook URL and see what information can be found: =

Example URL:

This is the photo's album id: 449111435102735

Here are different pictures that every user has stored, simply changing the letter at the end of the URL will change it's size.

Normal Picture:
Small Picture:
Square Picture:

I found this on Pastebin a long time, so for the older Facebook photo ids:

      ^                    ^                       ^                  ^             ^
      |                      |                        |                   |               |
     No            image id                pid               id            No
    idea                                                                           idea
Example URLs:
    image id: 1531425252044
    redirects to the photo page
    pid: 31473272
    id of the picture page, needs user id too to work
    id: 1427142689
    user id

Cell Phones - Service Menus and Special Numbers

How to get to your phone's service menu

Everyone knows about the 'secret' menus in your phone and I just wanted to make my own list.

Dial and call these numbers to access the hidden menus and if any menu asks for a password, its usually very simple:
  • SPC password - 000000
  • IMEI number - *#06#
  • Programming menu - ##7764726
  • Phone information - *#*#4636#*#*

  • Phone activcation - *228
  • Update coverage area - *22899

Saturday, December 15, 2012

How to port Nmap to your Android Phone

Porting Nmap to Android

I was trying to port Nmap to Android and I was running into plenty of compiling and linking errors until I realized, thanks to Vlatko Kosturjak, this has already been done.

First, download the package:

Open it:
tar -xvjf nmap-5.50-android-bin.tar.bz2

Go into the directory and push to your phone:
cd nmap-5.50/bin
adb push . /data/local/tmp

Obviously, if you have root, you can push these binaries anywhere you would like.

How to install GNUTLS on Ubuntu

How to install GNUTLS

I an ran into this problem the other day while compiling GNU tools. Some require GNU TLS.

To install them:

sudo apt-get install gnutls-bin

How to install the D compiler on Ubuntu

How to install the D compiler

Install command:

sudo apt-get install gdc

Sunday, December 9, 2012

How to easily find and remove your comments from Youtube

How to remove Youtube comments easily from a video

Most of the time when you comemnt on a video it is for a good reason; however, Google indexes these comemnts and puts them in the Google search. The easiest way to remove these comments is to list as many as you can and then simply remove them:


The video ID:

Put that ID here:

Now you can easily page through comments and delete what you need.

Saturday, December 8, 2012

How to hack Facebook accounts using the Facebook Query Language

How to use the FQL(Facebook Query Language)

Get the page you want to lookup:

Obtain the id:

Go to Facebook Developer Tools:

Go to FQL:

Click on "Get Access Token" and obtain all the permissions you want to use. After you have an active access token, you can now play with FQL. The queries you make are very similar to MySQL and SQL.

Here are some examples to have fun:
Basic information about yourself:
SELECT uid, username, name, sex, pic FROM user WHERE uid = me()

Shows BurrowsApp's stream:
SELECT updated_time, type, timeline_visibility, targeting, target_id, tagged_ids, source_id, privacy.value, privacy.description, post_id, permalink, message, likes, is_hidden, description, created_time, comments FROM stream WHERE source_id = 140257159405760

Shows the user's information from profile:
SELECT about_me, activities, affiliations, allowed_restrictions, birthday, birthday_date, books, can_message, can_post, contact_email, currency,,, devices, education, email, email_hashes, first_name, friend_count, friend_request_count, hometown_location, inspirational_people, install_type, interests, is_app_user, is_blocked, is_minor, languages, last_name, likes_count, locale, meeting_for, meeting_sex, middle_name, movies, music, mutual_friend_count, name, name_format, notes_count, online_presence, payment_pricepoints, pic, pic_big, pic_big_with_logo, pic_cover, pic_small, pic_small_with_logo, pic_square, pic_square_with_logo, pic_with_logo, political, profile_blurb, profile_update_time, profile_url, proxied_email, quotes, relationship_status, religion, search_tokens, security_settings, sex, significant_other_id, sort_first_name, sort_last_name, sports, status.message, status.time, subscriber_count, third_party_id, timezone, tv, uid, username, verified, video_upload_limits, wall_count, website, work FROM user WHERE uid = USERIDHERE

How to hack Facebook user ID's using the API

How to obtain a user's ID from their username

There are many ways to do this such as simply get the URL of the user's photo. Here is how to do it with curl and the Facebook API:

Example Facebook Page:


Use the Facebook API:

Open Terminal:
curl ""

It should return a JSON string:
{"about":"Burrows Apps - https:\/\/\/store\/apps\/developer?id=Burrows+Apps - Applications - http:\/\/","awards":"http:\/\/\/watch?v=bpOY-sa1sCI","description":"Programming and Mobile Applications\nSecurity Fixes and Exploits\nCourses Notes and Solutions","is_published":true,"mission":"To provide top of the line mobile applications and support for all users.","products":"Applications: \ncrypTo: https:\/\/\/store\/apps\/details?id=burrows.apps.crypto\nRoot Checker: https:\/\/\/store\/apps\/details?id=burrows.apps.rootchecker\nApp Manager:\nhttps:\/\/\/store\/apps\/details?id=burrows.apps.appmanager\nProjects:\nCourse Notes:\nhttp:\/\/\/p\/notes.html","talking_about_count":3,"username":"burrowsapps","website":"http:\/\/\/","were_here_count":0,"category":"Computers\/technology","id":"140257159405760","name":"BurrowsApps","link":"http:\/\/\/burrowsapps","likes":56,"cover":{"cover_id":341087719322702,"source":"http:\/\/\/hphotos-snc7\/s720x720\/598549_341087719322702_28686629_n.jpg","offset_y":0}}

Look for the "id" object:

Check for yourself: =

Tuesday, November 6, 2012

How to purge memory on Google Chrome

How to purge memory on Google Chrome


Shift + Esc

From here, you can easily end the process that is using the most ram and then reload the page.

Sunday, October 21, 2012

How to compile inline Assembly in C

How to compile Assembly inline with C

Make sure you have 32-bit libraries, install them:
apt-get install gcc-multilib

#include <stdio.h>

char Format[] = "Hello world, %d\n"; 

int main (void) { 
 asm ( "subl $8, %esp\n" 
 "movl $3, 4(%esp)\n" 
 "movl $Format, (%esp)\n" 
 "call printf\n" "addl $8, %esp\n" ); 
 return 0; 

gcc -m32 test.c -o test.o; ./test.o

Friday, October 5, 2012

How to install Sublime Text 2 on Ubuntu

How to install Sublime Text 2 for Ubuntu

To install them:

sudo add-apt-repository ppa:webupd8team/sublime-text-2
sudo apt-get update
sudo apt-get install sublime-text

Note: "sublime-text" is the latest Sublime Text 2

Saturday, September 22, 2012

How to install Gnome 3 on Ubuntu

How to install Gnome 3 on Ubuntu:

To install them:

sudo add-apt-repository ppa:gnome3-team/gnome3
sudo apt-get update
sudo apt-get install gnome-shell
sudo apt-get install gnome-tweak-tool *optional*

This is less glitchy and much smoother than Unity!

How to completely remove Unity from Ubuntu

How to completely remove Unity from Ubuntu:

Make sure to have another Desktop installed!

Remove the packages for Unity:

sudo apt-get remove unity unity-2d-places unity-2d unity-2d-panel unity-2d-spread unity-asset-pool unity-services unity-lens-files unity-lens-music unity-lens-applications gir1.2-unity-4.0 unity-common indicator-sound indicator-power indicator-appmenu libindicator6 indicator-application evolution-indicator indicator-datetime indicator-messages libnux-1.0-0 nuxtools

Monday, September 17, 2012

How to install Subversion in Ubuntu

How to install subversion

To install the packages:

sudo apt-get install subversion

Then you can download copies of svns:

svn checkout SVN_LINK

Monday, September 10, 2012

How to install the WX Python package in Ubuntu

How to install Python WX for creating Python GUIs

WX is a cross-platform GUI kit for Python.

To install the packages:

sudo apt-get install python-wxgtk2.8

Thursday, August 30, 2012

How to install Objective C on Ubuntu

How to install Objective C packages:

To install them:
sudo apt-get install gobjc gnustep gnustep-make gnustep-common

To compile files:
gcc -o hello hello.m -Wall -lobjc

Saturday, August 25, 2012

How to play .mp4 files on Ubuntu

How to play .mp4 files

Simply install these packages:

sudo apt-get install gstreamer0.10-plugins-bad gstreamer0.10-plugins-ugly

Wednesday, August 15, 2012

How to disable AppleMobileDeviceService.exe on Windows

How to disable AppleMobileDeviceService.exe

To disable the service, launch services.msc

Windows + R > Type services.msc

Right click on the service and set the Start Up type to "Disable" and hit "Stop" service

Friday, August 3, 2012

How to disable IPV6 in Ubuntu

How to disabled IPV6

First, check to see if you are running IPV6(there is more than just one way to check):
ip a | grep inet
netstat -tupln

Try blacklisting: /etc/modprobe.d/blacklist.conf add this to the file(have to restart):
blacklist ipv6

/etc/sysctl.conf add this to the file and then run "sudo sysctl -p":
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

/etc/default/grub and then run "sudo update-grub2":

Always check your work:

Monday, July 23, 2012

How to burn ISOs to CD-RW/DVD-RW in Linux

How to burn ISO files to CD-RW/DVD-RW in Linux

List the devices to write with:
cdrecord -scanbus

After running this command, match the "dev=NUM,NUM,NUM" with the next command to make sure your are writing the ISO with the correct device.
cdrecord -v -pad speed=1 dev=0,0,0 FILE.iso

-v - verbose(shows my information)
-pad speed=1 - change the write speed
dev=0,0,0 - this is your device

How to erase CD-RW/DVD-RW in Linux

How to wipe a CD-RW/DVD-RW on linux

Run this command to make sure that the cd is unmounted:
umount /dev/cdrom

Use the "cdrecord" command to quickly erase the CD-RW/DVD-RW
cdrecord dev=/dev/cdrom blank=fast

How to remove EXIF data from Images in Linux

Ubuntu Linux

Install jhead:
sudo apt-get install jhead

To see all the extra data that is stored in the JPG, run this:
jhead -v FILE.jpg

To remove the extra data such as "geo-tagging(location data)", your name and the type of phone or camera that look the picture, run this command on the image:
jhead -purejpg FILE.jpg

Mac OS X

Install exiftool:

To see all the extra data that is stored in the JPG, run this:
exiftool -v FILE.jpg

To remove the extra data such as "geo-tagging(location data)", your name and the type of phone or camera that look the picture, run this command on the image:
exiftool -all= FILE.jpg

Thursday, July 19, 2012

How to take screenshots on your Android Phone

How to take screenshots with Android 4.0(Ice Cream Sandwich)

Simply hit these buttons at the same time:

Power Button + Volume Down

Wednesday, July 11, 2012

How to fix random Youtube sound glitch in Ubuntu

How to fix Adobe Flash Player on Youtube

It seems that sometimes when I upgrade my Abode Flash Player, both of my web browsers, Firefox and Chrome, seem to have their flash player's play obscure videos. In Chrome, the flash videos on Youtube are "fast-forwarded" and in Firefox, they are very choppy and unbearable to watch.

Try Fix 1:
System Settings > Sound > Hardware Tab > Profile > Select "Off" and then Turn it back to its previous setting.

Try Fix 2:
sudo apt-get install pavucontrol
And then run "PulseAudio Volume Control" and repeat the steps in "Fix 1".

Saturday, July 7, 2012

How to Extract a .7z file in Linux

How to extract a .7z files

To install the packages:
sudo apt-get install p7zip

In Linux, when you would like to extract a ".7z" file, you need to open your terminal and type this in:
7za e FILE.7z

How to install Microsoft Fonts for LibreOffice on Ubuntu

How to install Microsoft fonts

When installing Ubuntu, it may not come with Microsoft Fonts such as "New Times Roman" and "Verdana". Therefore, Ubuntu applications such as LibreOffice will not have them.

To install them:
sudo apt-get install msttcorefonts

Thursday, July 5, 2012

How to use crontabs in Linux

How to create a crontab

Open your terminal and run:

crontab -e
This will be for your user. 

Usually this should open up your crontab file in nano. Today, we will run our crontab to execute hourly:
0 * * * * /bin/sh /PATH/TO/SCRIPT
Now, this runs hourly shell scripts(/bin/sh).

 If you would like to run other scripts, obviously you simply change the "/bin/sh" to whatever you would like(python, perl, bash, etc...).

minute 0-59
hour 0-23
day 1-31
month 1-12
day-of-week 0-7 (0/7 Sunday, 1 = Monday, 2 = Tuesday, etc...)
command-line the command to execute

Tuesday, July 3, 2012

How to Extract a Tar Ball on Linux

How to extract a Tar Ball in Linux

In Linux, when you would like to extract a "tar.gz" file, you need to open your terminal and type this in:

tar -zxvf FILE.tar.gz

tar xvjf FILE.tar.bz2

How to install the Android SDK

How to install the Android SDK

First, install Eclipse here.

After installing Eclipse, install the Android ADT plugin for Eclipse:
 - Click on Help > Then click on
 - Install New Software Copy and paste this and click "Add":
 - Click "OK"

Eclipse will ask you to restart. After you restart, the Android ADT plugin will ask you to either download and install the Android SDK for you or you can do it yourself.

If you are using an existing SDK or downloading it yourself:

Download the SDK:

The file should look like:


Extract the file to your /home/USER directory by either double clicking on the file or command line:

tar -zxvf android-sdk_r20-linux.tgz
Next you will go into Eclipse and use the Android ADT plugin to use with the /home/USER/android-sdk that you have extracted.

Installing Android Versions

 - Go to Window > then click on Android SDK Manager

 From here, you can select the Android Packages that you would like.

How to remove bloatware that comes with Ubuntu

How to safely strip(uninstall) Ubuntu Bloatware

Package List (Last Updated 10/4/2012):

sudo apt-get remove --purge --ignore-missing gbrainy aisleriot gbrainy gnome-games-* gnome-sudoku gnomine libgme0 mahjongg bogofilter* empathy* thunderbird* remmina gwibber* tomboy avahi-daemon transmission-* whoopsie samba* modemmanager ubuntuone* rhythmbox* activity-log-manager-common python-zeitgeist zeitgeist-core deja-dup pidgin* apport*
* Note: this is for standard Unity

Remove Unity Completely:

Make sure to have a new Desktop(default theme):

How to install Google Chrome on Ubuntu

How to install Google Chrome

Fast Way:

Download the ".deb" file and install through the software store.

Command Line:
First, you need to get the repository:

wget -q -O - | sudo apt-key add -

Next, you need to edit your source list:

sudo nano /etc/apt/sources.list

Add this:

deb stable main

Crtl + x, then Enter to save

Followed by updating your package list:

sudo apt-get update

Finally install Google Chrome:

sudo apt-get google-chrome-stable

How to install Dropbox on Ubuntu

How to install Dropbox - the fastest way

Go to their install page:

Download the ".deb" file and it will install through the store.

How to fix Eclipse library errors on Ubuntu

Here is a list of Eclipse Errors:

Eclipse - Indigo
On start, it will load and then soon crash stating that the

java.lang.UnsatisfiedLinkError: Could not load SWT library. Reasons:
no swt-gtk-3740 in java.library.path
no swt-gtk in java.library.path
Can't load library: /.swt/lib/linux/x86_64/
Can't load library: /.swt/lib/linux/x86_64/

Ubuntu 12.04 32 bit
sudo ln -s /usr/lib/jni/libswt-* ~/.swt/lib/linux/x86_64/

Ubuntu 12.04 64 bit
sudo ln -s /usr/lib/jni/libswt-* ~/.swt/lib/linux/x86_64/

How to install Eclipse on Ubuntu

How to install Eclipse

Open your terminal:

sudo apt-get install eclipse

This is will install the stable version from the repositories.

How to switch your Java version on Ubuntu

How to easily change your Java version

This is how you can get the versions you are using now:

java -version
javac -version
javaws -version

Easily change which Java installation you would like to use:

sudo update-alternatives --config java
sudo update-alternatives --config javac
sudo update-alternatives --config javaws

If you have installed this repository:

sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt-get update

You can install a graphical version to easily change your Java version:

sudo apt-get install update-java
sudo update-java

How to install Java 7 on Ubuntu

How to install Java 7 - fastest way
Add this repository:

sudo add-apt-repository ppa:webupd8team/java

Update your package list:

sudo apt-get update

Add this, in case you don't have it:

sudo mkdir -p /usr/lib/mozilla/plugins

Finally install Java 7:

sudo apt-get install oracle-jdk7-installer

How to install Gnome on Ubuntu

How to install Gnome on Ubuntu

Open your terminal:

sudo apt-get install gnome-panel

Now when you log out, you can log back in with Gnome or Gnome Classic.

How to add Swap Drives on Linux

How to add swap drives after installation

After installing Ubuntu and you would like to install a swap partition, make sure there is an empty partition.

Let's list your partitions:

ls /dev/sda*

Let's say that your the partition your going to make a swap is "/dev/sda3":

sudo mkswap /dev/sda3

Mount the swap partition:

sudo swapon -U xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

This command will give you the UUID of the drive:

sudo blkid /dev/sd3

Open your "/etc/fstab":

sudo nano /etc/fstab

Add the following but make sure to replace the UUID:

UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none swap sw 0 0

To save, hit Ctrl + x, then Enter.

In the end, make sure your swap is loading properly

sudo blkid
Make sure the UUID for "swap" matches the one in the "/etc/fstab".

Further testing:

sudo mountvall -v

How to install Adobe Reader on Ubuntu

How to install Adobe Reader

First open the terminal and type this in:

sudo apt-add-repository "deb $(lsb_release -sc) partner"

Update your package list:

sudo apt-get update

Finally install:

sudo apt-get install acroread

How to open .rar files in Ubuntu

How to open .rar files in Ubuntu

Default installation doesn't can not open .rar files

sudo apt-get install unrar

Wednesday, May 30, 2012

How to turn off DNSMASQ in Ubuntu

If you sudo netstat -tupln, you will notice DNSMASQ running.

Edit the file: /etc/NetworkManager/NetworkManager.conf

sudo gedit /etc/NetworkManager/NetworkManager.conf

Simply comment out:

Now restart to make sure it is off.
sudo restart network-manager

Tuesday, May 8, 2012

How to Reverse Engineer Android Malware

Reverse Engineer Android Malware

Tools you may need for decompiling Android malware:

apktool – a tool used for manipulating .apk files
jad – a Java decompiler (Windows only)
JD-Core + JD-GUI – another Java decompiler, supporting newer Java versions and features
dex2jar – a tool for converting .dex files to .class files
   Download: (dex2jar)
apkinspector - all in one tool

However, this tutorial is fairly easy and simple and I will only be using dex2jar and jd-gui. This tutorial is a standard for all apps. You can use the same tools and methods to help decompile your applications and other applications, especially malware, in order to see and understand what the code is actually doing.

So, say we have our malicious malware such as "file.apk".

A lot of these tools can be used in Windows as well as Linux, however I happen to be using Windows for this tutorial.
For Linux: sh file.apk
For Windows: dex2jar.bat file.apk

This will create the file called file_dex2jar.jar. Now we can easily view our app's code with jd-gui.
Simply just click on the jd-gui and open the file_dex2jar.jar.

 Now we can easily read and see the code.

Further Research/Advanced Topics:

  • Code Obfuscation 
  • Decompiling Manifest Files
  • Obtaining the Resources - images, etc.

For Related Articles:

Saturday, May 5, 2012

How to setup Environment Variables in Linux/Windows

Open your .bashrc, located in your /home/"user"/ and add this:

export PATH=${PATH}:~/path/to/your/executeable

Start > Control Panel > System and Security > System > Click on "Advanced system settings" > Click on "Environment Variables"

Under user variables, click on "new" and then give your new variable a name such as "PATH" and for the Path, input the absolute directory of the file you wish to run.

For example: ";C:\Windows;C:\Windows\System32;C:\Program Files (x86)\Nmap;C:\Program Files (x86)\Python;C:\"

I have Nmap and Python executable from my Windows Command Prompt.

For Related Articles:

Friday, April 27, 2012

Android - Text Bomber/Spammer

A Simple Text Spamming App

This is only for proof of concept, please only use for educational purposes only.

Make sure the app contains:

Java Code -

XML code - main.xml

Thursday, April 5, 2012

HelloWorld in Assembly

Assembly - HelloWorld
[bits 64]
global _start

section .data
message db "Hello, World!"

section .text
mov rax, 1
mov rdx, 13
mov rsi, message
mov rdi, 1

mov rax, 60
mov rdi, 0
Then run it:
nasm -f elf64 hello.asm
ld hello.o -o hello

Sunday, February 19, 2012

What is Wifi Security?

Everyone's on Wifi
In today's society almost every one has a cell phone and/or laptop or tablet. Either way everyone has used a wifi connection at least once before. Wifi is available almost anywhere you go, in cafes, restaurants and of course, our homes.

Summary of Topics:
- No matter where you are always use HTTPS which is a secure protocol for protecting the data you send and receive on your computer. This is the first line of defence for Data Encryption.
- Attackers can steal/view packets, if they not encrypted, they can read passwords and credit card information in plain text.
- It's always good not to broadcast your SSID, make it slightly harder for the curious.
- Hidden SSIDs are hidden but their BSSIDs aren't.
- Always filter MAC addresses because some people are very curious and like to poke around.
- Attackers can easily spoof accepted MAC addresses.
- Always use WPA2-PSK with AES encryption, this way even if people steal your packets, it will be very hard to read encrypted packets, especially if you are also using HTTPS as well.
- No encryption makes it easy for attackers and WEP is easy to crack.
- Keep good passwords on local computers as well as the router/access points.

Some terms to know(there's more that could be added):
ESSID = Extended Service Set Identification
SSID = Service Set Identification
- This is the name of the network that is being broadcasted
- Ex. "Tom's House"
BSSID = Basic Service Set Identification
- This is the MAC(Media Access Control)
- Ex. "01:23:45:67:89:ab"
WEP = Wired Equivalent Privacy
- Encryption that has 40 and 128 bit keys
WPA = Wi-Fi Protected Access
- Passworded wifi uses TKIP
WPA2-PSK = Wi-Fi Protected Access with Pre-Shared Keys
- Passworded wifi that uses AES and can use TKIP
- Uses "handshakes" for authentication
HTTP = Hypertext Transfer Protocol
- Common used on port 80 for standard web surfing
HTTPS = Hypertext Transfer Protocol Secure
- Secure web surfing that is tunnelled(SSL/TLS) on port 443

When settings up a router we configure the following:

At Home or in the Office (there are more than one way for the methods shown)

It doesn't add much security, however I suggest that everyone should hide their router/wifi networks. Simply hiding the broadcast of the SSID from the world will help deter hackers and annoying gamers from wanting break into your router/network to see if they can and poke around or simple just to obtain free Internet. Let alone, this doesn't do much because people can still find and attempt to connect to routers/networks that are hiding their SSID by simply scanning or by turning their wireless cards in monitor mode, you can view network BSSIDs as well as client's MAC addresses:
sudo iwlist wlan0 scan
sudo airmon-ng wlan0 start
sudo airodump-ng mon0

2. MAC Address Filtering
Everyone's first line of defence by far should be MAC address filtering. There are two types of MAC address filtering: MAC address control for wifi and wired connections and MAC address filtering for just wireless connections. The most important one to use is MAC address filtering for wifi connections. Someone would have to break into your house or office to use the wired connection anyway and if someone breaks into your facility there are way bigger problems than connecting to a network. MAC address filtering will stop most people who usually poke around at other people's wifi networks. Routers have a list of MAC address that are either "Allowed" or "Denied" to connect to the router. This allows you to simply control who can connect and those who cannot. However, once again, this hardly does much to stop an attacker or someone who simply wants free Internet. If someone is near by, they can simply scan for networks nearby. After scanning nearby networks, attackers can change or "spoof" their MAC address temporarily:
sudo ifconfig wlan0 down
sudo ifconfig wlan0 hw ether 01:23:45:67:89:ab
sudo ifconfig wlan0 up
or another way
sudo ip addr
sudo ip link set dev wlan0 address 01:23:45:67:89:ab
The easiest way it use GNU MAC Changer.
3. Wifi Encryption
Today there are generally three types of encryption for wireless networks: None, WEP(40-bit and 128-bit keys), WPA(WPA-TKIP and WPA2-CCMP). I can't stress this enough to use encryption because attackers do not even need to be on your network to steal your data. If you are not using encryption attackers can simply use tools to capture your wireless packets and steal your data. (more on Packet Analysis) It is also very important that you always use HTTPS when available. Secure sessions are important to prevent session hijacking or phishing websites because it encrypts the data coming in and leaving port 443 instead of using the default port of 80 for HTTP that is not encrypted. So even if the attacker scans for hidden SSIDs and finds some client's MAC addresses that are connected to some routers and spoofs his MAC address in order to connect to the network of his choice, wifi encryption is the next line of defence. While connecting to the network the attacker will be prompted with a password/passphrase in order to actually access and gain Internet access. Obviously these can be guessed or brute-forced, that's why it is very important to have a very hard and obfuscated password.(generate one here Random Password Generator) Create passwords that are very long and use random characters. Since passwords can be brute-forced, it is important to implement "passphrases". A pass phrase a group of a words for a password, which makes it harder to guess because it is longer and uses many words which helps defeat the purpose of brute-forcing(dictionary attack). When choosing an encryption, it is best to go with the latest and greatest WPA2-PSK which is more secure than WPA. WEP, can be easily cracked with tools such as Aircrack and CoWPAtty. Attackers that are not even connected to your network can capture your packets and then crack the WEP key. WPA2 uses a better encryption, AES encryption and isn't crackable because of the handshakes it uses for authentication. Even if the attacker catches your packets and you were using WEP or WPA/WPA2 it would make it very hard for the attacker to read them. To crack WPA2, an attacker would have to capture your packets and then run a dictionary attack which would take a very long time, making WPA2-CCMP(AES encryption) the best standard to use.

4. Inside the Network/Router
So say if the attacker simply logged in your router because you have no encryption or cracked your WEP key, he can now see all the computer on the network by scanning the network by using tools such as Nmap:
ifconfig - view internal ip
Ex. "" - usually means he is the 64th client, being that the router/access point is on
nmap - the "/24" indicates " -
sudo nbtscan -r - scans the local network, shows hostnames
Since the attacker can see everything on the network they can try to attack individual computers, the router itself or just capture packets. Since the attack is on the network, regardless of encryption or not, they are physically on the network and can see what you are doing. If they try to access the router, it is very important that you have strong passwords on the router as well. Since the router is usually on the "", attackers can type that in the address bar of their browsers and see if there is a router admin page. It is very important to change the default passwords because an attacker can simply just guess or Google the default password. If they still can't get in the easy way, they can try brute forcing the password using tools such as THC Hydra.

Topics to Read:

Saturday, February 11, 2012

How to Spoof Processes

Creating a Fake Process

This can be easily done in plenty of languages, however I believe this is easily implemented in Perl:

$0="Test Process";

while(true) {
The "$0" is equivalent to "argv[0]" in C and other languages. You can simply change the application name that is running. The loop keeps the process running. You can run your own spoofed process via command line by:
perl &
The "&" tells Linux to run the process in the background.
You can check the process is running via the command line by:
ps aux | grep "Test";
Example Output:
noname    7769  0.0  0.0  25084  1696 pts/0    S    15:19   0:00 Test Process
noname    7771  0.0  0.0  14560   892 pts/0    S+   15:19   0:00 grep Test
To kill the process via the command line:
kill 7769

Monday, February 6, 2012

How to hack the Facebook for Android App

Source Code
I always liked to poke around at things to see how they worked. A while ago I wanted to look inside some of my favorite apps such as the Facebook for Android app:

This is old, however we felt like making a video. So please comment and add helpful suggestions. And there are more ways than one for doing this.

Decompiling *.apks using Dex2Jar and viewing the compiled *.class files in JD-GUI
Dex2Jar -
ApkTool -

sh com.facebook.katana.apk
 - dumps the compiled java *.class files - creates com.facebook.katana_dex2jar.jar
 - finally, run jd-gui and click on com.facebook.katana_dex2jar.jar
For the resources, use apktool
./apktool d com.facebook.katana.apk
 - this will dump the source files, the xml and images

Dex2Jar is a very powerful tool that dumps the Java compiled *.class files into a folder and then JD-GUI can easily read the compiled *.class files. From here you can read the source code and do whatever you would like.

Wednesday, February 1, 2012

How to capture packets using Wireshark/Aircrack/TCPDump

Capturing Packets
Analyzing packets is very important in order to see where your data is being sent and received. Here are some good tools and commands to get you going:

Install: sudo apt-get install wireshark
Different filters:
port 80
http contains msg_text
ip.addr ==
ip.dst ==
ip.src ==
tcp.port == 80 || http
http.request.method == "GET"
http.request.method == "POST"

Aircrack suite:
Install: sudo apt-get install aircrack-ng
Different examples:
sudo airmon-ng start wlan0
sudo airodump-ng mon0 -w OUTPUTFILE

Analyzing Packets:
TCP Dump:
Install: sudo apt-get install tcpdump
Different examples:
tcpdump -ttttnnr tcp_dump.pcap
tcpdump -qns 0 -A -r blah.pcap
tcpick -C -yP -r tcp_dump.pcap
tcpdump -qns 0 -A -r tcp_dump.pcap
tcpdump -qns 0 -X -r tcp_dump.pcap