XXE Vulnerability allows hackers to get access to google's servers

Vulnerabilities are keys for hackers and security researchers which opens doors to sensitve and confidential information.Even google was not able to escape from them.

Recently security researchers have found a serious vulnerability in google which allows anyone to get access to google's servers.

It was google's tool bar button gallery which holds this XXE vulnerability.This allows its users to customize their toolbar by creating their own buttons.It can be done by uploading a XML file which consists metadata.


Security researchers from Dectify identified that It is clearly exposed to XML EXTERNAL ENTITY vulnerability which allows them to get access to google's internal server contents such as "etc/passwd" and  "etc/hosts" files.

Reseachers could have opened the door to any google's internal server files with this critical vulnerability.Also they could have gained access to internal systems using "SSRF Exploitation."

After getting report from researchers,Google has rewarded them with $10,000 for their work,and fixed the vulnerability later.

How to hide local drives in windows 7

Privacy matters when you are sharing your personal computer with your collegues,room mates,or friends.You may want to hide your personal drives which contains confidential information/files that your absolutely dont want to share with others.This post guides you how to get rid of that situation.

Here is how to hide your local drives in windows 7 by using some built in commands.Just follow the steps and you are good to go.

Follow this simple steps

  1. Go to start button and type run and press enter. or click WIN+R to open this utility.
  2. Type "diskpart" without quotes into the text box.
  3. Now command prompt should be opened.
  4. Type "list volume" command.
  5. This will display all your local disk volumes and their details.
  6. Now select the volume number which you want to hide by typing the command "select volume n"
  7. Note that "n" is the volume number.For example "select volume 2" if you wish to hide it.
  8. Now type "remove letter x" ,note "x" is the volume letter. For example "remove letter d" will hide the "D:" drive.
  9. Thats it,its done,now check your computer and viola.,the drive is hidden now.

Note : If  you want your hidden drive to re-appear.Just repeat the same procedure from step 1-6 .Now type "assign letter x" .Here "x" is the drive which was hidden by you.

How To Install Backtrack 5 On Virtual Machine

BackTrack provides users with easy access to a comprehensive and larger collection of security-related tools ranging from port scanners to SecurityAudit. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to harddisk and network is also an option.
  • BackTrack includes many well known security tools including:
  • Metasploit for integration
  • Wi-Fi drivers supporting monitor mode (rfmon mode) and packet injection
  • Aircrack-ng
  • Gerix Wifi Cracker
  • Kismet
  • Nmap
  • Ophcrack
  • Ettercap
  • Wireshark (formerly known as Ethereal)
  • BeEF (Browser Exploitation Framework)
  • Hydra
  • OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox
  • Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers with telnet and enabling of a default password.
  • A large collection of exploits as well as more commonplace software such as browsers.
But as a windows user,some of us may wish to use it simultaneously when using windows.So,now i am going to show how to install this backtrack 5 in windows running virtual box,you can try vmware also.But rely on virtual box for this tutorial.

Steps to install backtrack 5 on virtual box.

  • 1.Download virtual box from here
  • 2.Download backtrack from here
  • 3. Open VirtualBox and Click on New. Choose your Os name, type as Linux and Version as Ubuntu.Refer the image below.
  • 4. Now its time to allocate memory to your virtual machine. I recommend to allocate half of your RAM memory for your virtual os.Lets say if you have 4GB ,set 2GB as memory.Refer the image below.
  • 5. Now select second option Create Virtual Hard Drive Now from three options and then click on Next.
  • 6. Choose VDI(Virtual Disk Image) From all the options and click Next.
  • 7. Select Dynamically Allocated and click Next
  • 8. Then leave name as it is and allocate the size to arround 15-20GB(recommended) and click on Create.
  • 9. Now you will have your virtual machine ready for you.
  • 10.To start it double click the virtual machine.But you need to configure some options before using it.
  • 11.Navigate to the Backtrack 5 .iso file we downloaded by clicking on button i highlighted in red in below image and select it and click on start.
  • 12. After clicking on start click Enter and leave the setting as it is and press Enter again.
  • 13. Now it will ask for command so type startx and press Enter and it will load user interface ofbacktrack.
  • 14. Click on Install Backtrack icon from desktop and it will open installation window. Now leave language to English and click on Forward. It will now ask for location, Enter your location and press Forward.
  • 15. Follow the instuctions on the screen.It wil ask you basic details.
  • 16. Now will need to enter username and password to enter backtrack, the default username forbacktrack is root and password is toor. You can use passswd command to change your password.
Thats it,you now have Backtrack 5 running on your virtual machine.Experiment and enjoy with the hack and pentest tools. 

5 best services to search images online

Images,pictures,videos and raw text makes world wide web.While it is easy for us to search required information through search engines,On other side,we do struggle in finding right images.In the case of image search,We may not find exactly what we are looking for.Here are the top 5 services which contains features for searching the right and relevant image according to our keywords of the search.Logon to these websites,enter keywords or upload any image and bang the enter button.

1.Google image search

Google images search,The most comprehensive image search on the web.Here millions of users search related images using image search feature.

Website : http://www.google.co.in/imghp

Google also provides advanced image search for better results.Google Advanced Image Search is with lot of search options with ease to use interface.

Website : http://www.google.com/advanced_image_search

2.Yahoo image search

Well,right beside the king stays the queen.Yahoo stands next in providing relevant image search for its users.Yahoo image search,The search engine that helps you find exactly what you're looking for. Find the most relevant information, video, images, and answers from all across the Web

Website : http://images.search.yahoo.com/

3.Bing image search

Microsoft's search engine, Bing occupies third position in image search technology.Bing image search is also the best Image Search Engine which contains the features to search the right image. At the top it will show you related search terms according to your keyword and you can also use filters to search for the exact image in the directory. You can filter the image search according to its Type, Size, Color, Layout and Peoples.

Website : http://www.bing.com/images

4.Picsearch

Picsearch is the image search engine which is very useful to search images and it will also give you better search results like other big search engines. The Main Features of this Image Search Engine is that you can use filters to search the image type like Animation or faces.It contains four Filters Type, Size, Color and Orientation. It shows a database of 3 Billion Images.

Website : http://www.picsearch.com/

5.Tinyeye

TinEye is a reverse image search engine. It finds out where an image came from, how it is being used, if modified versions of the image exist, or if there is a higher resolution version.

Website : http://www.tineye.com/

If you are serious about searching accurate images as per your keywords,take a look and go through this Google's guide on "Google Image search"

Pakistani website defaced by Indian Cyber rakshak

It was known fact that On Republic Day, Pakistani hackers defaced 2,118 Indian websites.It included Ms. Pandey’s website, which was hacked by a group identifying itself as “Team Madleets”, displayed messages like “Pakistan Zindabad.”

Experts said that most of the Indian websites hacked and defaced by Pakistani hackers going with the handle “StrikerRude”, “KashmirCyberArmy”, “PakCyber Expert”, “HUnter Gujar” and the Operation was named as “#OP26jan”.

In response to this,Indian hackers defaced the homepages of more than 100 Pakistani websites on Wednesday in revenge of the republic day hacks.

The defacement displayed a message “Hacked by Indian Cyber Rakshak ” with a nice graphic page design

If you scroll down the page,you can see a greeting message "LOVE TO ALL INDIAN HACKERS OUT THERE" "Greetz to All indian hackers & friends".

Additionally,They also displayed their handles "kolhakzz","Indian Attacker","AnonIndian","~SaHoo~","Newbie Haxor","Venemous worm","R0wdy R0b0t","1ND14N 4$$4S1N"

You can access the following links to see defacements.

http://www.dgdp.gov.bd/
http://www.add-attack.com/mirror/466513/dgdp.gov.bd/

Visit Official facebook fanpage of INDIAN CYBER RAKSHAK:https://www.facebook.com/cyberrakshak1

Indian Railway website hacked again by Pakistani Hackers

Indian official railway website er.indianrailways.gov.in hacked again by Pakistani hacker group.However it is not the first time.The website was targeted two times by the Pakistani hackers in the past .

This time two hackers masked as "H4$N4!N H4XOR" and "HUNTER KHAN" from "PAKISTANI HACKERS CREW" managed to upload a .html file in sub-directory of the website.

The URL which they targeted is shown below
http://er.indianrailways.gov.in/cris/edrm_site/notice/index.html
The defacement is still visible to us,and the site admin have not taken any steps to remove it yet.
Refer the screenshot of the defacement below.

As stated earlier it was not the first time the website got attacked.

Last time in august 2013,The group masked "PAKISTANI CYBER ARMY" uploaded a defacement file which displayed a message

Hello Guys. Aooooo Indian Railway Pawned LOL. Go to Hell This hack in reply to Pak Army Website

It was in 2012 when a hacker named"AiNAB" uploaded defacements into subdomains of indian railways.
You can still access the defacement from web archieve link http://www.zone-h.org/archive/notifier=AiNAB/page=2
The government should take neccesary steps to prevent this type of attacks from pakistani hackers.