Sunday, 18 March 2012

ASF Files Structure

The Advanced Systems Format (ASF) is the file format used by Windows Media. Audio and/or Video content compressed with a wide variety of codecs can be stored in an ASF file and played back with the Windows Media Player (provided the appropriate codecs are installed), streamed with Windows Media Services or optionally packaged with Windows Media Rights Manager. ASF is an extensible file format designed to store synchronized multimedia data.

The base unit of organization for ASF files is called an object. An ASF file object contains the following data.

DataSize
A GUID that identifies the object128 bits
The size of the object64-bits
Object data. The object data can contain other ASF objectsVaries 

Read More »
Posted by at 09:55 0 comments

Magic Number

Magic numbers are common in programs across many operating systems. Magic numbers implement strongly typed data and are a form of in-band signaling to the controlling program that reads the data type(s) at program run-time. Many files have such constants that identify the contained data. Detecting such constants in files is a simple and effective way of distinguishing between many file format and can yield further run-time information
Posted by at 07:37 0 comments

Unallocated Space

computer operating systems, such as Windows, allocate space on the hard drive as adjacent groups of sectors, known as allocation units, or clusters. When you create a new file, the operating system finds available space and allocates that space to the file. Unallocated space is space that is not allocated to active files within a file system.

The type of object that you can create in unallocated space depends on whether your hard disk is a basic disk, containing primary partitions, extended partitions and logical drives, or a dynamic disk, containing volumes that span multiple disks. In the case of a basic hard disk, you can use unallocated space outside an existing partition, or logical storage unit, to create a primary partition -- typically, the partition used to start the operating system -- or an extended partition. Similarly, you can use unallocated space inside an existing partition to create logical drives, or parts of the same physical disk that are managed as independent units.

Posted by at 06:56 0 comments

Slack Space

Slack space is the unused space between the end of the actual file and the end of the the defined data unit (cluster).cluster is the smallest unit of storage that the operating system can deal with.

For example, assume that the OS uses a 4k cluster and 512 byte sector, meaning it writes data in 4k increments made up of eight 512 byte sectors, regardless of the actual size of the file being written. This means that if a 2000 byte file were written to this cluster the remaining 2096 bytes would be slack. Within this slack space there are two areas to consider – the first is that between the end of the actual file and the sector in which the file ends, and the second is the remaining sectors in the cluster that contain no data as depicted below.

Read More »
Posted by at 06:38 0 comments

Wednesday, 14 March 2012

File System Structured

FAT (File Allocation Table) system is a file system that uses a file allocation table structure as the way he operates

FAT 16 is a file system that use allocation unit have limit until 16-bit. so can save unit allocation until 65536. This file system has a capacity limit of up to 4 Gigabyte sizes only. Allocation unit size used by the FAT16 partition depends on the capacity that was about to be formatted: if the partition size is less than 16 megabytes, then Windows will use the FAT12 file system, and if the partition size larger than 16 megabytes, then Windows will use the FAT16 file system.  below is layout of FAT16

Read More »
Posted by at 12:23 0 comments

Introduction about MBR (Master Boot Record)

MBR is a small program which runs whenever a computer boots up. MBR is stored in the first sector of the boot disk. This very important sector contains a number of things that the Operating System and the computer BIOS need to start the system. If the contents of this sector are lost or damaged you can not access the data on the hard disk. Please note that each hard disk has a MBR, so if you have 2 or more hard disks in your computer, each has its own MBR. If multiple disks are configured as an array there is usually 1 MBR that services the entire array, placed on the 1st disk in the array . It should be clear that the MBR is one of the most important  sectors on your hard disk. The following explanation is mainly about using the MBR with Windows or DOS based operating systems. The MBR is somewhat different when used with Unix based systems.

The smallest addressable space on a hard disk is 512 bytes at a time. A hard disk sector is 512 bytes long, so 1 sector is the smallest addressable space on a hard disk. The MBR is 1 sector, so the MBR is 512 bytes long. These 512 bytes are divided into several parts that each have their own function in getting the computer to start. The 4 main parts of the MBR are (in the order as they appear in the MBR):

          1. the bootcode
          2. the volume byte
          3. the partition table 
          4. the signature bytes

The bootcode: this part of the MBR gets read by the computer BIOS when the computer is started. When the computer finishes its own startup procedures (getting the disks spinning, doing some checks) and gets ready to start the operating system, the bootcode in the MBR is read first. This allows the computer to interpret the rest of the MBR.
The volume bytes: these are 4 bytes that are located after the bootcode and just before the partition table. Windows 2000 and Windows XP use these 4 bytes to identify the mountable volumes on the hard disk. If these bytes are changed or erased from the MBR, Windows 2000/XP will go through a simple hardware detection round that will re-identify all the volumes on the disk. This is done during the next Windows startup after changing the volume bytes. Drive letters assigned to volumes might change after this. This goes for simple volumes, I have at this point no information on the effect of removing the volume bytes when using dynamic volumes.
The partition table: this is a sequence of 64 bytes (4 x 16) that identify the first 4 (or less) primary partitions on a hard disk. There is space for identifying 4 partitions. Each partition-identification is made up of 16 bytes that describe a number of things about the partition, such as: where it starts, what type it is, how big it is, is it an active partition or not, etc. One of these 4 partition descriptions can be used to describe an extended partition, which itself can then contain logical drives. The logical drives are not described in the MBR.
An active partition is the partition from which the Operating System is started. This must be a primary partition, and there can only be 1 primary partition active at any time.
If there are for instance only 2 partitions on a hard disk, the first 32 bytes of the partition table (2 x 16) would contain the descriptions of those partitions. The other 32 bytes would contain all zeros. So deleting a partition consists of putting zeros in the chosen partition description.
The signature bytes: these are 2 bytes that are used to signify an important sector. They can be found trailing the MBR, but there are other sectors that contain these bytes as well. If they are not trailing the MBR the computer will not be able to read the MBR (because it will not be recognized as an important sector).

Posted by at 10:46 0 comments

Monday, 5 March 2012

Advance Web Hacking

this article is about web hacking, to practice i use DVWA (Damn Vulnerable Web Application) as victim, DVWA provide any web vulnerabilities. in this article i try to exploits command execution Vulnerability in DVWA.
firts open DVWA from your browser




Read More »
Posted by at 13:21 0 comments
Subscribe to: Posts (Atom)