domingo, 28 de enero de 2024

How To Repair A Crashed SD Card And Protect Your Data

One of the many reasons users prefer Android devices is the ability to expand the amount of available storage space using the MicroSD Card. Since we have the ability add up to 256GB of external storage to Android devices today, you're bound to choke up when the SD card crashes without any tell-tale signs.
If you're experiencing issues on how to repair a crashed SD card on your Android device, there are certain fixes you can try out. Since there's not a singular solution to SD Card issues, we've created a guide to help you detect the issue with your external storage and mentioned multiple solutions to get your SD card working and even retrieve your stored data along with it.


Before you start

Don't format the card if you want to retain any of the photos on it. You can follow the tips in our separate article on how to format a write-protected SD card after you've tried to recover any files that are on your card.

Now, try and find a different card reader. If you've inserted an SD card into your laptop or PC's built-in slot and nothing happens, try using a different computer or a USB card reader.
Sometimes it's the reader at fault – not the card. You can buy a USB SD card reader online for just a couple of pounds which will accept both microSD and standard SD cards.

Steps to Repair a Crashed SD Card and Protect your Data:

Step 1 – Physically clean the SD Card

Despite being durable and built to last, SD cards are prone to crashing sometimes due to physical damage. Since you carry your phone around everywhere, some dirt and dust are bound to fill up in the cracks, that can make SD card stop working from time to time.
The first thing you can try to do on how to repair a crashed SD card is physically scrub and clean it.
  • Remove the MicroSD card from your Android device and place it on a clean surface. Make sure that you turn off your phone before pulling out the SD card for safety.
  • Flip the MicroSD card and using a white eraser, gently scrub the gold contact pins of the SD card to get rid of any residual dirt or grime.
  • If you have an alcohol-based cleaning solution or even nail polish remover around, dab it on to the connector pins using a Q-tip and gently rub it.
Once the SD card has dried out, you can plug it back into your Android device and turn it on to see if the solution has worked.


Step 2 – Format the SD Card

If your SD card is being detected by the Android device but you're having trouble accessing the saved files, there's a good chance that the files are corrupt. This could either be due to a particular broken file in the saved storage, or a virus that is causing the issue.
Either way, the only option there is left for you to try out is make the SD card reusable for formatting it.
  • From the home screen of your Android device, head over to the Settings app and then scroll down to find the Storage
  • In the Storage tab, you'll be able to find the Erase SD Card option, so go ahead and select it.
  • Confirm your action to delete all of the files and folders stored on your SD card and this should effectively solve the issue.

Step 3 – Check the SD card compatibility

If you are trying to figure out how to repair a crashed SD card on an older Android device, you might just need to look at the details more carefully. If your SD card fails to be recognized on the mobile device but works with your computer, the problem could be related to compatibility.
  • If the MicroSD card that you are trying to use with your older phone is SDXC version (built for higher transfer speeds), it will not be recognized.
  • Look up the maximum capacity of expandable storage that is supported by your device, since they can vary from starting at 64GB to all the way up to 256GB.

Step 4 – Diagnose the SD card using a PC

If a simple format did not help you solve the SD card problem, you might need a more technical analysis of the issue. To do so, you can plug in your SD card into a computer and use the diagnostic tools to find out the pertaining errors and effectively fix them.
  • Connect your Android mobile device to a computer using a USB cable.
  • Make sure that you connect Android as MSC (Mass storage mode) and not MTP (Media transfer mode). You can do this using the notification menu once you connect the phone to your computer.
  • Launch the Windows Explorer and right click on the SD card driver you see on the screen. In the options menu, choose Properties – Tools – Error Checking and wait for the entire process to complete.
  • The computer will try to update the software for your SD card and fix any errors that are causing it to crash.

Step 5 – Use chkdsk to fix/repair a corrupted SD card without data loss

The "chkdsk" command is your first choice for damaged SD card repair. Requiring no format, it allows you to fix or repair a corrupted SD card and regain access to all your important files on the device. Let's see how it works. (I'm using Windows 7 for this demonstration)
1. Plug in your SD card to your computer with a card reader.
2. Go to the start menu, type in "cmd" in a search bar, hit enter and then you can see something named "cmd. exe" in a list of programs.
3. Right-click "cmd. exe" and then you will get the following command windows that allow you to fix your corrupted SD card without formatting.
4. Type in "chkdsk /X /f sd card letter:" or "chkdsk sd card letter: /f ", for example,"chkdsk /X /f G:" or "chkdsk h: /f".
After finishing all the steps, Windows will have checked and fixed the file system of the SD card. It usually takes several minutes. After that, if you see "Windows has made corrections to the file system" in the command window, then congratulations! The damaged SD card is successfully fixed and you can see your data again. If not, you should try a third-party data recovery software to retrieve your files from the damaged SD card and repair it by formatting.
Once the process has been completed, you can go ahead and pop the SD card back into your Android device and see if the issue has been resolved.

Step 6 : Use EaseUS Data Recovery Wizard to recover data from damaged SD card

1. Connect the corrupted SD card to your PC, launch EaseUS's data recovery software, select the card and click "Scan".
2. A quick scan will first start to search all the lost and existing data on the SD card. And after that, a deep scan will automatically launch in order to find more files.
3. After the scan, choose those files you want to recover and click the "Recover" button to retrieve them back.

Final Words :

So finally through this article, you have got to know about the method by which the SD card could be repaired and hence the data in it could be saved for the further access. We have tried to present the method in easy to grab manner and we believe that you could possibly get to know about it easily. Hope that you would have liked the information in this post, if it is so then please share it with others. Also, do not forget to share the post with others, let most of the people know about the method. Share your comments about the post through using the comment box below. At last never the fewer thanks for reading this post!
Read more

How To Connect Database With PHP | Cool Interface Software | Tutorial 2


Welcome to my 2nd tutorial of PHP and MYSQL. In the previous video I've discussed How to download and install a server PHP and also How to create databases and How to create tables in the databases in the form of rows and columns.

In this video I've discussed multiple ways to connect database with PHP such as by using variables etc. First of all you have need to install a cool interface software for coding. I suggested you to download any one of them such as Dreamweaver, Notepad++, Sublime Text Editor and Atom etc. I'm using sublime text editor in this series of tutorial.

Syntax of PHP

<?php

//type here the code

?>


How to save the PHP file

You should save your PHP file in the root directory of the server. In XAMPP the "htdocs" is the root directory of the server. In WAMPP "www" is the root directory. Now how to save the file?

Step 1:

Press CTRL + S button to safe the file.

Step 2:

Go to the server location where it has been installed. By default it is installed in Local Disk C. Got C drive.

Step 3:

Go to XAMPP directory.

Step 4:

Go to htdocs diretory.

Step 5:

Save a file there with extension ".php". You can create a different folders for different projects in htdocs directory. So first create the folder in htdocs and then save your files in the folder.

How to Run PHP Script

Step 1:

Open a XAMPP control panel and start Apache and Mysql services.

Step 2:

Open your web browser.

Step 3:

Type localhost/yourFolderName/yourFileName.php and hit enter. For example: localhost/myFolder/index.php.



More info


DOWNLOAD XSSTRIKE – ADVANCED XSS EXPLOITATION SUITE

XSSTRIKE – ADVANCED XSS EXPLOITATION SUITE

XSStrike is really advanced XSS exploitation and detection suite, which contains a very powerful XSS fuzzer and provides no false positive results using fuzzy matching. XSStrike is the first XSS scanner that generates its own payloads. Download xsstrike and test it out.
It also has built in an artificial intelligent enough to detect and break out of various contexts.

FEATURES:

  • Powerful Fuzzing Engine
  • Context Breaking Intelligence
  • AI Payload Generation
  • GET & POST Methods Support
  • Cookie Support
  • WAF Fingerprinting
  • Handcrafted Payloads to Filter and WAF Evasion
  • Hidden Parameter Discovery
  • Accurate Results

DOWNLOAD XSSTRIKE – ADVANCED XSS EXPLOITATION SUITE

Click here to download xsstrike.

More articles


  1. Hacker Tools List
  2. Kik Hack Tools
  3. Hacking Tools And Software
  4. Hack Tools For Ubuntu
  5. Hacking Tools 2020
  6. Hack Tools For Pc
  7. Hacker Tools Apk Download
  8. Pentest Reporting Tools
  9. Hackers Toolbox
  10. Hack Tool Apk No Root
  11. Hack Tools
  12. Hacker Tools Free
  13. Hacking Tools 2019
  14. Tools 4 Hack
  15. Pentest Recon Tools
  16. Hacker Tools Github
  17. Pentest Tools Windows
  18. Hacking Tools Mac
  19. Nsa Hacker Tools
  20. Ethical Hacker Tools
  21. Beginner Hacker Tools
  22. Blackhat Hacker Tools
  23. Pentest Tools Subdomain
  24. Easy Hack Tools
  25. Nsa Hack Tools Download
  26. Hacking Tools For Windows
  27. Hacking Tools Name
  28. Beginner Hacker Tools
  29. Pentest Tools Kali Linux
  30. New Hacker Tools
  31. Github Hacking Tools
  32. Hacking Tools For Games
  33. Hack App
  34. Hack Tools For Windows
  35. Hacker Tools Software
  36. What Are Hacking Tools
  37. Pentest Tools Bluekeep
  38. Hack Tools For Ubuntu
  39. Hacker Tools For Ios
  40. Hacker
  41. Black Hat Hacker Tools
  42. World No 1 Hacker Software
  43. Pentest Tools Linux
  44. Hacking Apps
  45. Hacking Tools For Windows 7
  46. Pentest Tools Alternative
  47. Pentest Tools Bluekeep
  48. What Is Hacking Tools
  49. Github Hacking Tools
  50. Hacker Search Tools
  51. Hack Rom Tools
  52. Hacker Tools Online
  53. Pentest Box Tools Download
  54. Hacker Tools Hardware
  55. Hack Website Online Tool
  56. Pentest Tools Apk
  57. Hack Tools For Windows
  58. Pentest Tools For Ubuntu
  59. Hacker Tools Windows
  60. Bluetooth Hacking Tools Kali
  61. Hack Tools
  62. Growth Hacker Tools
  63. Bluetooth Hacking Tools Kali
  64. Pentest Tools Kali Linux
  65. Pentest Tools Website
  66. Hacker Tools For Pc
  67. Hacker Tools Hardware
  68. Pentest Tools Windows
  69. Ethical Hacker Tools
  70. World No 1 Hacker Software
  71. Pentest Tools Github
  72. Hackrf Tools
  73. Pentest Tools Alternative
  74. Hacking Tools Download
  75. Game Hacking
  76. Pentest Tools Tcp Port Scanner
  77. Hacker Tools For Mac
  78. Hacking Tools Name
  79. Hacking Tools For Windows
  80. Pentest Tools Github
  81. Hacking Tools Github
  82. Beginner Hacker Tools
  83. Hacker Tools 2020
  84. Pentest Tools Url Fuzzer
  85. Hacking Tools For Kali Linux
  86. Hacker Tool Kit
  87. Pentest Tools List
  88. Best Hacking Tools 2019
  89. Hacking Tools Windows
  90. Hack Tools Github
  91. Hacker Tools Apk Download
  92. World No 1 Hacker Software
  93. Install Pentest Tools Ubuntu
  94. Hacking Tools Free Download
  95. Pentest Tools Website
  96. Hacker Tools Free Download
  97. Hacking Tools 2020
  98. Wifi Hacker Tools For Windows
  99. Hacker
  100. Hack Tool Apk
  101. Hacking Tools For Windows
  102. Hacking Tools For Windows 7
  103. Hack Tools For Windows
  104. Hacking Tools Github
  105. Best Hacking Tools 2020
  106. Android Hack Tools Github
  107. Pentest Tools Free
  108. Hack App
  109. Hacking Tools Windows 10
  110. Hacker
  111. Hacking Tools Usb
  112. Pentest Tools Alternative
  113. Pentest Tools Android
  114. Hack Tools For Ubuntu
  115. Pentest Tools Github
  116. Hacker Hardware Tools
  117. Hacker Tools For Mac
  118. Nsa Hacker Tools
  119. Hack Tools Github
  120. Hack Tools Online
  121. Hacking Tools Kit
  122. Nsa Hack Tools Download
  123. Hacking Tools For Mac
  124. Ethical Hacker Tools
  125. Hack Tools Pc
  126. Wifi Hacker Tools For Windows
  127. Pentest Tools For Android
  128. Hack And Tools
  129. Hack And Tools
  130. Hack Tools For Ubuntu
  131. Hacking Tools Hardware
  132. Hacking Tools For Windows Free Download
  133. Github Hacking Tools
  134. Hacking Tools For Windows Free Download
  135. Hacker Tools Mac
  136. Hacking Tools Hardware
  137. Pentest Reporting Tools
  138. Pentest Tools Website Vulnerability
  139. Hacking Tools For Windows
  140. Hacker Tools

sábado, 27 de enero de 2024

Change Passwords Regularly - A Myth And A Lie, Don'T Be Fooled, Part 1


TL;DR: different passwords have different protection requirements, and different attackers using various attacks can only be prevented through different prevention methods. Password security is not simple. For real advise, checking the second post (in progress).

Are you sick of password advices like "change your password regularly" or "if your password is password change it to pa$$w0rd"? This post is for you!

The news sites are full of password advises nowadays due to recent breaches. When I read/watch these advise (especially on CNN), I am usually pissed off for a lot of reasons. Some advises are terrible (a good collection is here), some are good but without solutions, and others are better, but they don't explain the reasons. Following is my analysis of the problem. It works for me. It might not work for you. Comments are welcome!

Password history

Passwords have been used since ancient times.


Because it is simple. When I started using the Internet, I believe I had three passwords. Windows login, webmail, and IRC. Now I have ~250 accounts/passwords to different things, like to my smartphone, to my cable company (this password can be used to change the channels on the TV), to my online secure cloud storage, to full disk encryption to start my computer, to my nude pictures, to my WiFi router, to my cloud server hosting provider, etc etc etc. My money is protected with passwords, my communication is protected with passwords/encryption, my work is protected with passwords. It is pretty damn important. But yet people tend to choose lame passwords. Pretty lame ones. Because they don't think it can be significant. But what is not essential today will be relevant tomorrow. The service you used to download music (iTunes) with the lame password will one day protect all your Apple devices, where attackers can download your backup files, erase all your devices, etc. The seven-character and one capital rule is not enough anymore. This advice is like PDF is safe to open, Java is secure. Old, outdated, untrue.

Now, after this lengthy prologue, we will deep dive into the analysis of the problem, by checking what we want to protect, against whom (who is the attacker), and only after that, we can analyze the solutions. Travel with me, I promise it will be fun! ;)

What to protect?

There are different services online, and various services need different ways to protect. You don't use the same lock on your Trabant as you do on your BMW.

Internet banking, online money

For me, this is the most vital service to protect. Luckily, most of the internet banking services use two-factor authentication (2FA), but unfortunately, not all of them offer transaction authorization/verification with complete transactions. 2FA is not effective against malware, it just complicates the attack. Transaction authorization/verification is better, but not perfect (see Zitmo). If the access is not protected with 2FA, better choose the best password you have (long, real random, sophisticated, but we will get to this later). If it is protected with 2FA, it is still no reason not to use the best password ;) This is what I call the "very high-level password" class.


Credit card data

This system is pretty fucked up bad. Something has to be secret (your credit card number), but in the meantime that is the only thing to identify your credit card. It is like your username is your password. Pretty bad idea, huh? The problem is even worse with a lot of different transaction types, especially when the hotel asks you to fax both sides of your CC to them. Unfortunately, you can't change the password on your credit card, as there is no such thing, but Verified by VISA or 3-D Secure with 2FA might increase the chances your credit card won't get hacked. And on a side note, I have removed the CVV numbers from my credit/debit cards. I only read it once from the card when I received it, I don't need it anymore to be printed there.
And sometimes, you are your own worst enemy. Don't do stupid things like this:


Work related passwords (e.g. Windows domain)

This is very important, but because the attack methods are a bit different, I created this as a different category. Details later.

Email, social sites (Gmail/Facebook/Twitter), cloud storage, online shopping

This is what I call the "high level password" class.
Still, pretty important passwords. Some people don't understand "why would attackers put any energy to get his Facebook account?" It is simple. For money. They can use your account to spread spam all over your Facebook wall. They can write messages to all of your connections and tell them you are in trouble and send money via Western Union or Bitcoin.


They can use your account in Facebook votes. Your e-mail, cloud storage is again very important. 20 years ago you also had letters you didn't want to print and put in front of the nearest store, neither want you to do that with your private photo album. On a side note, it is best to use a cloud storage where even the cloud provider admin can't access your data. But in this case, with no password recovery option, better think about "alternative" password recovery mechanisms.

Other important stuff with personal data (e.g. your name, home address)

The "medium level password" class. This is a personal preference to have this class or not, but in the long run, I believe it is not a waste of energy to protect these accounts. These sites include your favorite pizza delivery service, your local PC store, etc.

Not important stuff

This is the category other. I usually use one-time disposable e-mail to these services. Used for the registration, get what I want, drop the email account. Because I don't want to spread my e-mail address all over the internet, whenever one of these sites get hacked. But still, I prefer to use different, random passwords on these sites, although this is the "low level password" class.

Attackers and attack methods

After categorizing the different passwords to be protected, let's look at the different attackers and attack methods. They can/will/or actively doing it now:

Attacking the clear text password 

This is the most effective way of getting the password. Bad news is that if there is no other factor of protection, the victim is definitely not on the winning side. The different attack methods are:

  • phishing sites/applications,


  • social engineering,
  • malware running on the computer (or in the browser), 
  • shoulder surfing (check out for smartphones, hidden cameras), 
  • sniffing clear-text passwords when the website is not protected with SSL,
  • SSL MiTM,
  • rogue website administrator/hacker logging clear text passwords,
  • password reuse - if the attacker can get your password in any way, and you reuse it somewhere else, that is a problem,
  • you told your password to someone and he/she will misuse it later,
  • hardware keyloggers,
  • etc.

The key thing here is that no matter how long your passwords are, no matter how complex it is, no matter how often do you change it (except when you do this every minute ... ), if it is stolen, you are screwed. 2FA might save you, or might not.

Attacking the encrypted password 

This is the usual "hack the webserver (via SQL injection), dump the passwords (with SQLMap), post hashes on pastebin, everybody starts the GPU farm to crack the hashes" scenario. This is basically the only scenario where the password policies makes sense. In this case the different level of passwords need different protection levels. In some cases, this attack turns out to be the same as the previous attack, when the passwords are not hashed, or are just encoded.

The current hash cracking speeds for hashes without any iterations (this is unfortunately very common) renders passwords like Q@tCB3nx (8 character, upper-lowercase, digit, special characters) useless, as those can be cracked in hours. Don't believe me? Let's do the math.

Let's say your password is truly random, and randomly choosen from the 26 upper, 26 lower, 10 digit, 33 special characters. (Once I tried special passwords with high ANSI characters inside. It is a terrible idea. Believe me.). There are 6 634 204 312 890 620 different, 8 character passwords from these characters. Assuming a 2 years-old password cracking rig, and MD5 hash cracking with 180 G/s speed, it takes a worst case 10 hours (average 5) to crack the password, including upgrading your bash to the latest, but still vulnerable bash version. Had the password been 10 characters long, it would take 10 years to crack with today hardware. But if the password is not truly random, it can be cracked a lot sooner.

A lot of common hashing algorithms don't use protections against offline brute-force attacks. This includes LM (old Windows hashes), NTLM (modern Windows hashes), MD-5, SHA1-2-512. These hashing algorithms were not developed for password hashing. They don't have salting, iterations, etc. out of the box. In the case of LM, the problem is even worse, as it converts the lowercase characters to uppercase ones, thus radically decreasing the key space. Out of the box, these hashes are made for fast calculation, thus support fast brute-force.


Another attack is when the protected thing is not an online service, but rather an encrypted file or crypto-currency wallet.

Attacking the authentication system online

This is what happened in the recent iCloud hack (besides phishing). Attackers were attacking the authentication system, by either brute-forcing the password, or bypassing the password security by answering the security question. Good passwords can not be brute-forced, as it takes ages. Good security answers have nothing to do with the question in first place. A good security answer is as hard to guess as the password itself. If password recovery requires manual phone calls, I know, it is a bit awkward to say that your first dog name was Xjg.2m`4cJw:V2= , but on the other hand, no one will guess that!


Attacking single sign on

This type of attack is a bit different, as I was not able to put the "pass the hash" attacks anywhere. Pass the hash attack is usually found in Windows domain environments, but others might be affected as well. The key thing is single sign on. If you can login to one system (e.g. your workstation), and access many different network resources (file share, printer, web proxy, e-mail, etc.) without providing any password, then something (a secret) has to be in the memory which can be used to to authenticate to the services. If an attacker can access this secret, he will be able to access all these services. The key thing is (again) it does not matter, how complex your passwords are, how long it is, how often do you change, as someone can easily misuse that secret.

 

Attacking 2FA

As already stated, 2 factor authentication raises the efforts from an attacker point of view, but does not provide 100% protection. 
  • one time tokens (SecurID, Yubikey) can be relayed in a man-in-the-middle attack
  • smartcard authentication can be relayed with the help of a malware to the attacker machine - or simply circumvented in the browser malware, 
  • text based (SMS) messages can be stolen by malware on the smartphone or rerouted via SS7, 
  • bio-metric protection is constantly bypassed,
  • SSH keys are constantly stolen,
  • but U2F keys are pretty good actually, even though BGP/DNS hijack or similar MiTM can still circumvent that protection,
  • etc. 


Others

Beware that there are tons of other attack methods to access your online account (like XSS/CSRF), but all of these have to be handled on the webserver side. The best you can do is to choose a website where the Bug Bounty program is running 24/7. Otherwise, the website may be full of low hanging, easy-to-hack bugs.

Now that we have covered what we want to protect against what, in the next blog post, you will see how to do that. Stay tuned. I will also explain the title of this blog post.More info