Sunday 15 December 2013

[Gyan/ Knowledge] A Hacker

Often misinterpreted by the public and hyped by the media, a HACKER is generally termed as a person who is a part of a system intrusion of some sort. There is always this division of Hackers that the media can't seem to put onto a hold. Yes, the White Hat, the Grey Hat and the Black Hat. They sound so cool, just imagining the regular villain characters wear a Black Hat. And most of the time you try to imagine a Black Hat, you'd only end up with Slender Man standing at a distance with a computer in his hand. Phew! Super modern Slender Man.

Another definition of this controversial term called "HACKER" would be the one that follows the classic Glider Symbol, termed in the Hacker Jargon Files by Eric S. Raymond. This is a more accepted definition of a Hacker by Hackers as it traces it back to the "Old School" MIT days. But again constraining the meaning of a Hacker to a bunch of Grammar Fanatics and Programmers.

But is this all that is there to become a Hacker? What about the B.C (Before Computers) era? Isn't the founder of the Computer himself a hacker? Hell yeah! He was! :)
So Charles Babbage was a HACKER? Well I never said that! Present day, even students learning about computers or pursuing Computer Science Degree, do not seem to know what was the machine that was built by Charles Babbage. But their ignorance can not be blamed on them! Since this is what they are always taught (Yes! It is all a part of a Plan!).
Ok, before I turn this post into a conspiracy theory post, let us shift back to Alan Turning, whom I consider the real father of Computers.

Alan Turning, in 1945, changed computing entirely. He was the first one to understand the concept of universality inherent in the stored program computer. He was among the few, who knew the power of computing after he designed "The Bombe" to break the then feared "Enigma Cipher", which was probably the hack of the millennium! This concept is what changed computing. And then brought in the machine that was meant to do bills for a department store to a machine that solved complex differential equations.

According to me, A HACKER can be defined by what Pablos said in his TEDx Talk, "Hackers are the ones that have the right mindset to discover what is possible. Hackers have the ability to interact with the world in a different way and find out what can be done."
You can be a hacker if you have enough passion to become one. After all, you can achieve anything if you have passion for that. Hacker is that one who thinks outside the box. Hacker is someone who can analyse without even trying. Hackers are not the guys who are introverts or geeks just sitting behind the computers, they are also the Social Engineers who talk you into doing things that you wouldn't or rather, shouldn't do! Hackers are those who inspect every aspect of existence, test every bit of a protocol, exploiting every inch of work done for flaws and hence becoming hated and rejected "intruders" by the society!
Being a genius is one thing, being a hacker is another. Genius men put in hard work, effort into solving the most complicated problems. A Hacker is a lazy person who provides simple solutions and work around(s) to any problem.
Anyone can become a genius, but you need to live like a HACKER!

Friday 23 August 2013

[Trick] [Android] Obtaining IP Address Error

I have been stuck up with a problem on my Android device for a long time. I do not have a wifi router and hence I tried and failed a million times, to share internet via Connectify on my laptop. Unfortunately even Google wasn't able to help solve my problem between the Infinite loop of
"Authenticating"-"Obtaining IP Address"-"Disconnected"-"Scanning".
After a lot of Google-ing I found a couple of softwares like "WiFix", that claim to fix the internet sharing problems like this one! However, due to my immense lack of trust in third party software, I figured it would be good if I myself tried to fix the problems rather than using something that was made by someone other than me!
Ultimately, the fix turned out to be pretty simple. All you need to do, is make your connection static!

On your computer:

Method 1: (recommended)

Open command dos prompt
Type "ipconfig" (at times, people like me have more than a 100 adapter interfaces, in such cases, type "ipconfig | more")
Note down the IP address and subnet mask
Ex: for me, IP is 192.168.108.1 and subnet mask is 255.255.255.0 which also means the prefix value is 24.

Method 2:

Hover your mouse over your connectify and get the IP address! The Subnet Mask however is a standard 255.255.255.0 in most cases.


On your Android Device:

Connect to the connectify SSID.
Go to Advanced Settings.
Check "Static IP"
Enter IP address as 192.168.108.2(The last octet (digit) is changed), Subnet Mask 255.255.255.0(based on your subnet mask in computer), DNS1: 8.8.8.8, DNS2: 8.8.4.4

Edit: Sometimes the gateway is missing from the mobile phone. So basically your PC's wifi IP is your "Gateway" to the internet. For such a scenario, just go ahead and directly enter your PC's IP.

Just this much should help you setup the wifi! Enjoy Browsing the internet from your device :)

Saturday 27 July 2013

[Trick] DotA2 Hack - Offline with Bots

Alright!
So myself being a hardcore DotA2 gamer, I used to get frustrated when my internet connection failed and Valve used to put me into the low priority! So here is to all the hardcore DotA2 gamers.
What motivated me to find this was the 70 days low priority ban I got!
This HACK mainly enables you to play practice games of DotA2 with Bots WITHOUT INTERNET! :D
So here it goes.

  1. Start Steam in offline mode!
  2. Go to the steam library, right click on DotA2 and select properties
  3. Click launch properties and type "-console" in it.
  4. Apply changes and start DotA2 in offline mode!


Once that is done, DotA2 would try loading for sometime and once it is unable to connect, it'd open with a "console" window!
After you reach this stage, you are needed to follow these commands:
sv_lan 1
sv_cheats 1
dota_start_ai_game 1
dota_bot_set_difficulty <0-4>
map <map_name, i.e, "dota.bsp">

Once this is done, your game should load up! And once that is done, you must jump into the All Pick Scene!
Choose your Hero and Game On :D :)

Thursday 13 June 2013

[Gyan/ Knowledge] 10 Steps to help write a readable code

10 Steps to help write a readable code


  • Commenting and documentation

IDE (integrated development environment) have come a long way and most are comfortable using these IDE’s because they save a lot of our time.
Comments should be simple and basic English understandable to everyone. Comments help us to understand the code even without going through the function. IDE’s help us by showing these comments to know what the function does while calling the function.

  • Consistent Indentation

It is very important to indent your code simply because it makes it readable
Ex: in C++
Cout<<”hello world”; if(i==0) cout<<”zero”; else cout<<”not zero”;
(will work perfectly fine)

Cout<<”hello world”;
If(i==0)
{
Cout<<”zero”;
}
Else
{
Cout<<”not zero”;
}

(brackets are not compulsory, code will work if not as well)
There are many styles of indentation, you can choose any style but it is very important to be consistent with your style.
But remember when in group doing a project it is always good when all the team follows the same style.

  • Avoid obvious comments

Commenting your code is fantastic however, it can be overdone or just be plain redundant. When the text is that obvious, it’s really not productive to repeat it within comments. If you must comment on that code, you can simply combine it to a single line instead.
Adding a comment at the beginning of each block of code also emphasizes the virtual separation.

  • Consistent naming scheme

Function names and variables names should be consistent, readable and understandable.
It is very important to have word boundaries in names, two ways to do:
    • camelCase: First letter of each word is capitalized, except the first word.
    • Underscore: underscore between words, like: mysql_real_escape_string().
Similar to indent this also has many ways. It is always advisable to follow certain convention in an existing project. There is no “best” style but always remember one thing be consistent.

  • DRY (dont repeat yourself)

The purpose for most application is to automate repetitive tasks. This principle should be maintained in all code, even web applications. The same piece of code should not be repeated over and over again.

  • Avoid deep nesting

Too many levels of nesting makes it harder to read and follow and sometimes even harder to remove errors (if any). For the sake of readability it is better to reduce deep nesting.

  • Limit line length

As humans we are more comfortable reading small horizontal lines. So it is good practice not to write long lines.

  • Use of files and folders

You can always write the entire program in a single file, but that would be a nightmare to read and follow. As the programs become huge it is advisable many files and use “include files” etc. Common files can be combined in a folder for better understanding.

  • Capitalize SQL Special words

Creation of database is a important part of any web application. If writing raw SQL queries, it is a good idea to them readable as well.
Even though SQL special words are case insensitive, it is common practice to capitalize them to distinguish them from table and column names.

  • Object oriented Vs. procedural

Object oriented programming can help you create well structured code. But that does not mean you need to abandon procedural programming completely. Actually creating a mix of both styles can be good. Objects should be used for representing data, usually residing in a database.


[Gyan/ Knowledge] Structured vs Object Oriented Programming

Arranging your codes

When we talk about the difference between C and C++(in this matter python and JAVA as well), we often come across the term "Structured" and "Object Oriented", w.r.t C and C++ respectively.
So, what are these?
What exactly is the difference between them?
Why is Object Oriented Programs more used and needed in this present world?
Let us understand these concepts and try to implement them in a program.


Data Structure:


It is a method of storing and organizing data. Examples would include an array, a struct, a class, etc.
Take for example, you own a company. Now you want to store some information of your employees, say Employee ID and Employee Name. You could save them just like that in a Alphabetical order. Now this becomes your Data Structure.


Structured Programming:


This is a older style of programming. It is said to have approximately been born in 1960s. It follow top-down logic.
Now what is top-down logic? Well, consider you are given a recipe to prepare a cup of tea. Assuming you accurately attempt each individual step, but you do not follow the order in which the recipe was given, i.e, you do not start from 1st step(top) and then go downwards. Rather you assume your own priorities and do the work. This would lead to a great tea massacre in the kitchen. Following the steps, in a procedural manner is what top down logic is all about!
Structured Programming was aimed at improving the quality, clarity and development time of a program by using subroutines(functions), block structures and loops(for and while loops). This technique emphasizes on the procedure. They are:


  1. Sequence: Executing one subprogram and then another subprogram (Ex: Addition of 2 numbers follows a specific procedure). Executing instructions one by one is nothing but the top-down logic.
  2. Selection: Executing one of the two subprograms according to the value of a Boolean expression (if loop)
  3. Repetition: Executing a subprogram until a Boolean expression is true (for loop)

Even though structured programming improved quality, clarity and development time, it failed to solve one problem, i.e, ABSTRACTION. Structure Programming has a lower level of Abstraction!
Ok, so now what is Abstraction?
As the name suggest, we try to give a abstract picture of the implementation of the code, to the programmer(us)  with the help of a representation relevant to the current perspective. Abstraction tries to reduce and factor out the details, so that the programmer(we) can focus on a few concepts at a time. We shall deal with this further, when we go into OOPS completely.


Object Oriented Programming:

In this style of programming, the programmer can not only define the data type, but also define functions that can be applied to the Data Structure. This is how a Data Structure turns into a Object!

What is an Object?

Just look around, you'll find many examples for an "Object"! Let us take a PEN. A pen is an object? How do we say that? By observing its characters! Any object has 2 qualities: State and Behavior.  For a PEN, the State would be its Shape, Color, Size, etc.  And Behavior?? Behavior is basically the operations it can perform. Like Pen can be used to write, draw, etc. Now look at it this way, the "State" of a object in your program is like your Data Types and the "Behavior" is the Functions defined to perform various activities in capability of that object! You can now use the PEN with the desired size and shape for playing pen fight. In this case you refer only the size and shape of the object,ie, using data types only. And if you are writing a exam paper, you'd probably look in the behavior of the pen (how smooth it writes, comfort it has, etc), ie, using its properties (defined functions).
In the Software world, the State is referred to as fields or variables and Behavior as Methods.
Methods use the objects internal state and help in object to object communication(MESSAGE PASSING).
Hiding the internal state and requiring interactions to be performed through an object's methods is called "DATA ENCAPSULATION". Such a kind of bundling code into objects has various advantages like:
  1. Modularity: The source code for an object can be written and maintained independently of the source code for other objects. Once created, an object can be easily passed around inside the system.
  2. Information-hiding: By interacting only with an object's methods, the details of its internal implementation remain hidden from the outside world.
  3. Code re-use: If an object already exists (perhaps written by another software developer), you can use that object in your program. This allows specialists to implement/test/debug complex, task-specific objects, which you can then trust to run in your own code.
  4. Pluggability and debugging ease: If a particular object turns out to be problematic, you can simply remove it from your application and plug in a different object as its replacement. This is analogous to fixing mechanical problems in the real world. If a bolt breaks, you replace it, not the entire machine.


What is a Class?

A set or category of things, having some property or attribute in commin and differentiated from others by kind, type or quality. In the software world, class is a collection of similar type of objects.It is like a blueprint (or prototype) that defines methods and variables common to all objects of that kind. For Example, take your own class. You would be a object(with your state and behavior), so would the other students in your class be as well. Additionally, your school would be the program and your principal would be the main routine. Now if your pricipal calls for Shubham, the class needs to be specified so that the specific Shubham in that class could be summoned in front of the principle(Assuming there is only one Object called Shubham).

Some Very Important terms and definitions in OOPS:


Instance

It is the actual object created at run-time. We can have instance of a object or a class (ie, During run-time the variables may change).


Abstraction

Refers to the act of representing essential features without including the background details or explanations. Classes use the concept of abstraction and are defined as a list of abstract attributes.


Encapsulation

It is the mechanism that binds together code and data in manipulates, and keeps both safe from outside interference and misuse. Like isolating one code from another. Like the medicinal capsule, even though the composition of the medicine is the same, we store them in capsules, so that the dosage is fixed! So classes can be thought of as a container and data present can't be accessed by outside world.


Inheritance

It is the process by which one object acquires the properties of another object. This helps in hierarchical classification, without which, we'd need to explicitly define all the characteristics. Inheritance is a property that generally passes from parent class to sub class. Kind of like the genes that is transferred from our parents to us to our children.


Polymorphism

The ability to take more than one form. An operation may exhibit different behavior in different instances. The behavior depends on data types used in the operation. To be precise, it means, one interface, multiple methods.


Generalization

It describes an is-a relationship which represent a hierarchy between classes of objects. Like PEN is a generalization of "black pen", "blue pen", etc.


Specialization

It means an object can inherit the common state and behavior of a generic object. To be more clear, each object needs to define its own special state and behavior. So specialization means to subclass Generalized class, ie, if Pen is generalization, Red pen is specialization, ie, Red-Pen is a special kind of Pen.

We shall utilize these concepts and build programs around these in the upcoming articles!

Sunday 5 May 2013

[Gyan/ Knowledge] Practicing Pentesting Skills


If you are interested in Info Sec like me, you would be needing a wide play ground to test and improve your skills. So, here is a nice offline hacking game, called Damn Vulnerable Web App.
There are other games like mutillidae, Damn Vulnerable Linux, etc (look for more).
To make the installation process easier on a linux machine, I put up a bash script here.
This script uses "root" as user and "toor" as password.
After downloading and saving a copy(on your desktop) of this script you will have to open your terminal, traverse to the Desktop directory and execute (you might need to change the permissions of the script first) the script (follow the below commands).

root@bt~:# cd /root/Desktop
root@bt~:# chmod +x dvwa.sh
root@bt~/Desktop:# sh dvwa.sh


Now sit back till it is installed, and keep watching.
Once it is done, Open http://localhost/dvwa or http://127.0.0.1/dvwa on your browser.
The login credentials could be found in the script or you could just bruteforce it :)
Happy Hacking :)

Saturday 4 May 2013

Choosing your Linux

Myself, not being much of a Windows fan (I use it only for my Steam Games, cuz they are not available for Linux), I recommend Linux based distributions for all necessities. Another thing I'd like to say is that, there is no such a computer having 100% security. If you think Linux doesn't have malware but windows does, guess again. Linux is hackable, just that malware writer do not write on Linux as much as Windows because Windows is way more used than Linux/Mac and hence more profit would come off them. Also, Android which is a distro on linux, definitely has malwares. Here are a few hacking tool equipped distributions that I recommend using for those interested in InfoSec field(like me):

BackTrack, the highest rated and acclaimed Linux security distribution. It is a Linux Based pen testing distro that aids security pros in the ability to perform assessments in a purely native environment dedicated to hacking!
The latest BackTrack version (now known as Kali OS) can be downloaded from here.

There are a few other known pen testing distro(s) loaded with the whole hacker's arsenal
Matriux
BugTraq

Tails(Live OS): A part of Tor Project, made not for pen testing but for maintaining the anonymity of the users online in this age of insecure internet. Equipped with Crypto tools, leaves almost no trace on a computer unless you ask it explicitly.

Remember to chose your distribution wisely. Always check reviews of any item you are about to download. There are a lot of distros like the infamous Anonymous OS which was released with a security hole for the attacker to gain more slave computers.

Also, always remember to update and upgrade.

For the normal coders and developers with "0" interest in hacking, you could go on with your normal Ubuntu, Fedora, or other well known Linux distro(s). I always use Debian Lenny based systems. But hey guys, come on... I am sure, some day, everyone of you coders and developers would come across getting your codes hacked by powerful minds of the hackers. So get prepared on how to tackle them and avoid such situations :)
=====================================================
A lot of tools are available in this world of script kiddies, how ever, as your experience grows, you would like to have your own custom distro, loaded with the tools you know you are going to use only!
You can add on more packages as and when you require them.
To build your custom distro, you can use SuseStudio, or just try making LinuxFromScratch.
=====================================================
 A Few more Linux Distros:
Debian 7.0 "Wheezy" (uses Debian kernel 3.2.41 and gnome 3, released on 4th May, 2013)
Ubuntu(Best Linux Gaming Distro)
Puppy Linux (Lightweight Linux)
Arch Linux (Best Multimedia Linux Distro)
Red Hat Enterprise Linux (Best Enterprise Linux Distro)
Fuduntu (Just for the heck of it)
Gentoo (Something awesome if you have enough time)
I'd recommend Debian based distros how ever!
=====================================================

Ok, all this should help you zero in on your desirable operating system and further on you could install it. I would love to make a tutorial and show you how to install it as well.
P.S:
I prefer installing them on my virtual box, even though I am not a very big Windows fan... As I said previously, make sure (if you are using an Ethernet cable to connect to the internet) to set your Network Adapter as PCnet-FAST III. Also, if u use wifi, then its better to install Linux on a dual boot basis and then install Virtual Box on that!
Virtual Box is a necessary tool, so that you can test run/exploit on other OS(s) from your computer. Also Virtual Box has the cool feature of taking a screenshot, so that you can keep taking your machine to the prev. state when you are testing.

Saturday 13 April 2013

c0de H0us3

<c0de> House


The home for coders/developers/hackers to gain knowledge, skills and experience.
We encourage Open Source and love people who share their knowledge with the world!

Our team is here to help people go professional and polish their skills. We love technology and we share technology.


P.S:
If you want to share something with us, write articles or help maintain the blog for us, you can contact us at c0dehouse@the-bose.com or c0d3house@gmail.com

We take in articles on any Open Source projects/New Technologies/New Ideas/Video Blog/Songs that you make or almost anything that you want to share with us, but keep it original (Even if u write a article on a Open Source project, not made by you, write the article on your own)!
Also, if you plagiarize any material from anywhere, please make sure that you give your source the appropriate credits!