Home » Archives for April 2011
Download Ubuntu 11.04
Ubuntu 11.04 (Natty Narwhal)
Download Ubuntu 11.04 Desktop CD
- Download PC (Intel x86) desktop CD
- For almost all PCs. This includes most machines with Intel/AMD/etc type processors and almost all computers that run Microsoft Windows, as well as newer Apple Macintosh systems based on Intel processors. Choose this if you are at all unsure.
- Download 64-bit PC (AMD64) desktop CD
- Choose this to take full advantage of computers based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2). If you have a non-64-bit processor made by AMD, or if you need full support for 32-bit code, use the Intel x86 images instead.
- Download 64-bit Mac (AMD64) desktop CD
- Choose this to take full advantage of computers based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon). If you have a non-64-bit processor made by AMD, or if you need full support for 32-bit code, use the Intel x86 images instead. This image is adjusted to work properly on Mac systems.
- Download Mac (PowerPC) and IBM-PPC (POWER5) desktop CD
- For Apple Macintosh G3, G4, and G5 computers, including iBooks and PowerBooks as well as IBM OpenPower machines. Warning: This image is oversized (which is a bug) and will not fit onto a standard 700MiB CD. However, you may still test it using a DVD, a USB drive, or a virtual machine.
Name Last modified Size Description
-MD5SUMS 27-Apr-2011 17:09 237
MD5SUMS-metalink 27-Apr-2011 17:10 257
MD5SUMS-metalink.gpg 27-Apr-2011 17:10 198
MD5SUMS.gpg 27-Apr-2011 17:09 198
SHA1SUMS 27-Apr-2011 17:10 269
SHA1SUMS.gpg 27-Apr-2011 17:10 198
SHA256SUMS 27-Apr-2011 17:10 365
SHA256SUMS.gpg 27-Apr-2011 17:10 198
natty-desktop-amd64+mac.iso 27-Apr-2011 17:06 694M
natty-desktop-amd64+mac.iso.zsync 27-Apr-2011 17:09 1.4M
natty-desktop-amd64+mac.list 27-Apr-2011 17:06 4.1K
natty-desktop-amd64+mac.manifest 25-Apr-2011 23:10 40K
natty-desktop-amd64+mac.metalink 27-Apr-2011 17:10 1.0K
natty-desktop-amd64.iso 27-Apr-2011 17:05 698M
natty-desktop-amd64.iso.zsync 27-Apr-2011 17:09 1.4M
natty-desktop-amd64.list 27-Apr-2011 17:05 4.0K
natty-desktop-amd64.manifest 25-Apr-2011 23:10 40K
natty-desktop-amd64.metalink 27-Apr-2011 17:10 1.0K
natty-desktop-i386.iso 27-Apr-2011 17:07 685M
natty-desktop-i386.iso.zsync 27-Apr-2011 17:09 1.3M
natty-desktop-i386.list 27-Apr-2011 17:07 3.7K
natty-desktop-i386.metalink 27-Apr-2011 17:10 1.0K
natty-desktop-powerpc.OVERSIZED 27-Apr-2011 17:09 0
natty-desktop-powerpc.iso 27-Apr-2011 17:08 707M
natty-desktop-powerpc.iso.zsync 27-Apr-2011 17:09 1.4M
natty-desktop-powerpc.list 27-Apr-2011 17:08 1.3K
natty-desktop-powerpc.manifest 25-Apr-2011 23:13 38K
natty-desktop-powerpc.metalink 27-Apr-2011 17:10 1.0K
Download Ubuntu 11.04,Download Ubuntu,Ubuntu 11.04, ,natty-desktop-i386.iso

Creating and Executing a Dev-C++ 4 Application
- Start Dev-C++ 4
- On the main menu, click File -> New Project...
- On the New Project dialog box, click the Project property sheet if necessary.
Click Console Application
- Click OK.
- On the subsequent New Project dialog box, type Exercise to change the name of the project:
- Click OK. You will be asked to create a location for the project.
- Click the Create New Folder button
.
- Type Exercise1 and press Enter.
- Double-click Exercise1 to display it in the Save In combo box:
- Click Save.
- Because the project has already been saved, it is better to save your C++ files as you go. As it happens, Dev-C++ has already created the first C++ file for you.
Change the contents of the file as follows:
#include
#include int main(int argc, char *argv[]) { cout << "C++ is Fun!!!"; getchar(); return 0; }
- To save the current C++ file, on the Main toolbar, click the Save button
- Type Exo as the name of the file.
- Click Save.
- To execute the program, on the main menu, click Execute -> Compile
- After the program has been compiled, click Execute.
- After viewing the program, press Enter to close the DOS window to return to Dev-C++
Borland C++BuilderX |
Borland C++BuilderX is a commercial programming environment developed by Borland. To help programmers, Borland published a free version, called Personal Edition, that you can download and use for your lessons. |
- On the main menu of C++BuilderX, click File -> New...
- In the Object Gallery dialog box, click New Console
- Click OK
- In the New Console Application - Step 1 of 3, enter the name of the new application
- in the Name edit box. In this case, you can type Exercise1
- Click Next
- In the New Console Application Wizard - Step 2 of 3, accept all defaults and click Next
- In the New Console Application Wizard - Step 3 of 3, click the check box under Create
- Click Untitled1 and delete it to replace it with Exercise
- Click Finish
- In the Project Content frame, double-click Exercise.cpp to display it in the right frame
- To execute the application, on the main menu, click Run -> Run Project

C++ Projects
C++ Instructions
using namespace std;
main(){}
C++ is the computer language we are going to study to write programs. C++ is a very universal language, it can be used to write programs for Linux, MS Windows, Macintosh, BeOS, Unix, etc. C++ is very powerful and can be used to create other compilers or languages, it can also be used to write an operating system. This means that you can use C++ to create/write your own computer language. You can also use C++ to create/write your own compiler; this means that, using C++, you can create your own implementation of C++, Pascal, Basic, Perl, or any other existing or non-existing language.
There are many products you can use to create a program in C++. Before a program is made available, it is called a project because you are working on it. Although in the beginning you will usually be working alone, most programs involve a lot of people. That is why during the development of a program or software product, it is called a project. Each one of the available environments provides its own technique(s) of creating a C++ program or working on a C++ project. Therefore, the person who, or the company that, made the environment available to you must tell you how to use that environment (it is neither your responsibility, nor the C++ Standard’s job to tell you how to create a program or how to start a project). I will try to cover those that I know.
The programs we will be creating on this site are called console applications. They can also be called Bash programs (especially on Unix/Linux). The technique you follow to create a project depends on the environment you are using.
- If the file displays a line with #include Something, leave it as is. It will not negatively affect your program. Such a file has been tested
- If the file displays a line with #include
, leave it like that and continue with our other instructions - If the file is empty or it does not include a line with #include at all, then you will just follow our instructions and type them as given
- If the file already includes the main() function, with a line like int main(Something), use that main() function for the exercises in this book. Unless stated otherwise, that function is ready for you and don't modify the Something part between the parentheses.

Introduction to Header Files
C++ is a huge language so much that it uses various sets of instructions from different parts to do its work. Some of these instructions come in computer files that you simply "put" in your program. These instructions or files are also called libraries. To make your job easier, some of these libraries have already been written for you so that as you include them in your program, you already have a good foundation to continue your construction. Yet, some of these libraries have their limitations, which means you will expand them by writing or including your own libraries.
iostream.h
include iostream.h
#include iostream.h
#include "books.h"
#include
#include#include
Introduction to Namespaces |
using namespace django;
using namespace std;
#includeusing namespace std;

Introduction to C++
As a machine, the computer cannot figure out what you want. The computer doesn't think and therefore doesn't make mistakes.
Computer programming is the art of writing instructions (programs) that ask the computer to do something and give a result. A computer receives instructions in many different forms, four of which are particularly important.
The last instructions are given by whoever uses your program, or your application. For example, if you had programmed Microsoft Word, you would have told the computer that "If a user clicks the New button on the Standard toolbar, I want you to display a new empty document. But if the user clicks File -> New..., I want you to 'call' the New dialog and provide more options to create a new document. If the same user right-clicks on any button on any of the toolbars, I want you to show, from a popup menu, all the toolbars available so she can choose which one she wants. But if she right-clicks on the main document, here is another menu I want you to display." At this time, you have probably realized that the users of your programs depend on your techniques as a developer to provide an easy to use application (that's what recruiters and employers call experience and creativity). You depend on the computer language that you are actually using (every computer language has its ups and downs). Your computer language depends on the operating system it is running on (different |
Your interest here is on the computer languages, since you are going to write programs. There are various computer languages, for different reasons, capable of doing different things. Fortunately, the computer can distinguish between different languages and perform accordingly. These instructions are given by the programmer who is using compilers, interpreters, etc, to write programs. Examples of those languages are Basic, C++, Pascal, etc.

Hack email accounts or passwords using session cookies
Note its life is only up to when your web browser is open. If you close your web browser it will be get deleted(Its latest up gradation in cookie's field for providing more security).
Now this unique string or simply called Magic cookie is stored at two places first copy is stored on server(of which we cannot do anything) and second is stored in our web browser in form of cookie.
This cookie is destroyed by three ways first is when you close your web browser, second is when you sign out of your account and third is if you left your account open for more than 20 minutes idle.
After that type the below code exactly and then press enter:
javascript:alert(document.cookie);Now a popup box will appear showing the cookies something like this:
Now create one fake account on yahoo.com and login in that account and retrieve the cookie in same manner and notice the changes in session ID's.
For hacking the session cookies we first need the session cookies of the victim and its quite simple to get the session cookies of the victim. You just need to send him one link as soon as he clicks on that we will get his session cookie.
After hacking the session cookies, we can use stolen session cookie to login into victim's account even without providing username and password as i already explained that session hacking removes the authentication on the server as we have the AUTO LOGIN cookie. In this type of attack when victim sign out , then hacker will also sign out. But in case of YAHOO its little bit different, when victim signout but attacker still have the access to his account. Yahoo maintains the session for 24 hours and then destroy the session ID's from its server.
http://www.my3gb.com/register.jsp
http://www.megaupload.com/?d=R1802HIE
Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.
In my next article, I will explain you how to decode the cookies. In this tutorial you will get the cookies only which are in encypted form. You will be able to login but you will not know what information it contains

How to hack online Sessions : Session Hijacking
![]() |
How Session Hijacking works |
Magic cookie is simply a cookie that is used to authenticate the user on remote server or simply computer. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website. So in Session Hijacking what Hacker does is that he tries to steal the Magic cookies of the active session that's why its called HTTP cookie Theft. Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also :P..
Session Hijacking is the process of taking over a existing active session. One of the main reason for Hijacking the session is to bypass the authentication process and gain the access to the machine. Since the session is already active so there is no need of re-authenticating and the hacker can easily access the resources and sensitive information like passwords, bank details and much more.
1. Active attack
2. Passive attack
In Passive attack, the hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more...
In Active attack, hacker finds the active session and takes over it. This is done by forcing one of the parties offline which is usually achieved by DDOS attack (Distributed Denial of service attack) . Now the hacker takes control over the active session and executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time.
There are also some hybrid attacks, where the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.
- Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
- Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
- Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.
- Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
I hope you all like this...
If you have any queries ask me in form of comments...

How to Enable Registry disabled by Administrator
![]() |
Enable Registry Disabled by Administrator |
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
4. Now Close the file and open by double click on file and then click ok.
Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled

Your Way to grsec/PaX Bypass-stackjacking
Technique to exploit grsecurity/PaX-hardened Linux kernels. Read on for a brief overview of our presentation and a link to the full slides and PoC code.
By (Dan Rosenberg and jon oberheide)
The Stackjacking Technique
In our slides, we presented a technique to exploit a grsecurity/PaX-hardened Linux kernel (eg. GRKERNSEC_HIGH) given the existence of two exploitation primitives:- an arbitrary kernel write; and
- a kernel stack memory disclosure
Our technique can be broken down into three distinct stages:
- Stack self-discovery: We observed that kernel stack memory disclosures can leak sensitive addresses to userspace. In particular, if we can leak a pointer TO the kernel stack that resides ON the kernel stack, we can calculate the base of our own process’ kernel stack: kstack_base = leaked_addr & ~(THREAD_SIZE-1). We call this technique stack self-discovery.
- Stack groping: If our end goal is to read the address of our process’ cred structure and use our write to modify it and escalate privileges, we need to turn our kleak+kwrite into an arbitrary read. We discovered two such techniques to do this: (1) the Rosengrope technique that modifies addr_limit in thread_info metadata stored at the base of the kstack to allow arbitrary reads from kernel space to userspace; and (2) the Obergrope technique that manipulates saved registers within a kernel stack frame that are later popped and used as the source address for copy_to_user()/put_user() operations.
- Stack jacking: After constructing our arbitrary read from a kleak+kwrite, we read the task_struct address out of thread_info at the base of the kstack and then read the cred struct address out of task_struct. Armed with the address of our process’ credential structure and an arbitrary write, we modified our uids/gids/caps to escalate privileges.
The Response
If you haven’t yet read spender’s response to our presentation, I recommend doing so. While I’ll refrain from commenting on the political aspects of his post, I’ll happily comment on the technical aspects. The fixes that spender and pipacs have released have mitigated the particular exploit vectors we used to perform the stack groping stage of our attack against the grsec/PaX kernel:- The thread_info struct has been moved out from the base of the kernel stack preventing the Rosengrope technique from being able to write KERNEL_DS into the addr_limit member.
- The RANDKSTACK feature, now available on both i386 and amd64, frustrates the Obergrope technique as the randomization of the kernel stack pointer on each system call makes writing into a particular offset in the stack frame unreliable.
More on that later…
