Website Ripper Copier 3.0.0.0
Website Ripper Copier is an award-winning,
all-purpose, high-speed Internet tool for
getting any data from the Internet easily.
It can download all or part of a website to
your computer for offline browsing, grab
site files of certain sizes and types
(picture, movie, MP3, PDF, Flash, document,
archive), teleport files as a download
manager with resumption support, and mirror
sites. Plus, it is a sitemap explorer and
tabbed antipop-up Web browser.
Product Benefits:
-- Copy Web sites to your computer for
offline browsing
-- Grab files of certain sizes and types
from Web sites
-- Download huge number of files from the
Web with resumption support
-- Create exact copies or mirrors of Web
sites
-- Explore link structures of Web sites
-- Tabbed Web browser with pop-up controls
-- Access copied Web sites anywhere without
an Internet connection
-- Save useful or important Internet
information for later use easily
-- Browse Web pages at the fastest speed
-- Lower your risks of getting viruses or
being spying
-- No more annoying pop-ups
-- Save you a tremendous amount of valuable
time
Product Features:
-- Easy to use: The program is designed to
everyone and it has a friendly and easy
user interface. You can start running a new
project with a few easy steps!
-- Reliability: The program can resume
broken downloads from the HTTP, HTTPS and
FTP connections. You may pause a running
project and run it later on. It will resume
from the point where it's previously
stopped. It's extremely useful when
downloading large-size Web resources.
Furthermore, the program gives you the
power to retry any completed or failed Web
pages or downloads.
-- Flexibility: You can view any project
properties and even job properties at any
time. Plus, you can save and run any
projects at any time.
-- Controllability: You can edit or delete
whatever jobs whenever you want. You can
also modify any project properties at any
moment. Hence, you have full control over
your projects.
-- Extensibility: You can define references
to the page parser of the program, such as
the associated file-extensions of parsable
pages and link-tag collection. -- This
feature enables you to extend the power of
the program to adapt the rapid changes of
the Internet!
-- HTTP, HTTPS and FTP protocols support
-- Web authentication support: You can
retrieve files from password protected Web
sites.
-- Web cookies support: The program can
accept and return Web cookies; it can also
import Internet Explorer cookies. In
addition, it allows you to define your own
cookies!
-- Web proxy servers support
-- Web connection settings and server
overload protection: You can define Web
connection settings, such as number of
concurrent connections, number of retries
and pause between connections which can
prevent overloading Web servers.
-- Powerful Web page and download filters:
The program offers powerful Web page
filters and download filters (Internet
resources filtration with exploration
depth, server names, URL descriptions, file
names, file types, file sizes and more) to
increase the accuracy of the retrieval of
your desired Web resources.
-- File Organizer: The program can download
and well organize your needed Web resources
to your computer. You may specify how files
are organized (save all downloaded
resources under one directory, organize
them by their servers names or file
extensions, or save them with their
directory structures preserved).
-- Project information and statistics: The
program shows you project information and
statistics in details. You know how your
projects are going at any moment.
-- Program and project automation: The
program offers you automation options to
the program and your projects, such as
auto-run, auto-save, auto-shutdown,
auto-exit and more.
-- True Multi-threaded
-- Password protection: You can password
protect your projects; it prevents
unauthorized people from running your
projects.
-- File name pollution control: You can
specify how to handle Web resources that
share the same file names. The program can
automatically assign unique names to
name-conflicting files, which can maximize
the amount of Internet resources to your
projects.
-- Unique retrieval: The program keeps a
retrieval history to ensure each Internet
resource is retrieved only once, which can
eliminate redundant works!
-- Favorite URLs and file types: You can
define your favorites (Internet URLs and
file types) to speed up project creation.
download link:
http://rapidshare.com/files/122193293/Websi
te.Ripper.Copier.v3.0.0.0.rar
Saturday, July 19, 2008
JAVASCRIPT for dummies
JAVASCRIPT for dummies
Wiley - Javascript For Dummies, 4th Edition
Product Description
Responding to reader feedback, the author has thoroughly revamped the book with more step-by-step coverage of JavaScript basics, an exclusive focus on Internet Explorer, and many complete sample scripts
Updated to cover JavaScript 1.5, the latest release of this popular Web scripting language
Using lots of examples, including a sample working Web site, the book shows how to create dynamic and interactive pages, build entire sites, and automate pages
Book Info
Explains, in plain English for the nonprofessional, how to use JavaScript to write programs for the Internet. The CD-ROM is packed with bonus and trial software and HTML scripting and editing tools. Previous edition not cited. Softcover. --This text refers to an out of print or unavailable edition of this title.
Wiley - Javascript For Dummies, 4th EditionProduct Description
Responding to reader feedback, the author has thoroughly revamped the book with more step-by-step coverage of JavaScript basics, an exclusive focus on Internet Explorer, and many complete sample scripts
Updated to cover JavaScript 1.5, the latest release of this popular Web scripting language
Using lots of examples, including a sample working Web site, the book shows how to create dynamic and interactive pages, build entire sites, and automate pages
Book Info
Explains, in plain English for the nonprofessional, how to use JavaScript to write programs for the Internet. The CD-ROM is packed with bonus and trial software and HTML scripting and editing tools. Previous edition not cited. Softcover. --This text refers to an out of print or unavailable edition of this title.
http://rapidshare.com/files/129932259/Javascript.rar.html
File size: 6.54 MbHacking For Dummies
Hacking For Dummies
"...should be of interest to both ethical and malicious hackers" --This text refers to an out of print or unavailable edition of this title.
Product Description
Are you worried about external hackers and rogue insiders breaking into your systems? Whether it’s social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself—an ethical hacker.
Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You’ll discover how to:
Work ethically, respect privacy, and save your system from crashing
Develop a hacking plan
Treat social engineers and preserve their honesty
Counter war dialing and scan infrastructures
Understand the vulnerabilities of Windows, Linux, and Novell NetWare
Prevent breaches in messaging systems, web applications, and databases
Report your results and managing security changes
Avoid deadly mistakes
Get management involved with defending your systems
As we enter into the digital era, protecting your systems and your company has never been more important. Don’t let skepticism delay your decisions and put your security at risk. With Hacking For Dummies, you can strengthen your defenses and prevent attacks from every angle!
file size: 5.38 Mb
"...should be of interest to both ethical and malicious hackers" --This text refers to an out of print or unavailable edition of this title.Product Description
Are you worried about external hackers and rogue insiders breaking into your systems? Whether it’s social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself—an ethical hacker.
Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You’ll discover how to:
Work ethically, respect privacy, and save your system from crashing
Develop a hacking plan
Treat social engineers and preserve their honesty
Counter war dialing and scan infrastructures
Understand the vulnerabilities of Windows, Linux, and Novell NetWare
Prevent breaches in messaging systems, web applications, and databases
Report your results and managing security changes
Avoid deadly mistakes
Get management involved with defending your systems
As we enter into the digital era, protecting your systems and your company has never been more important. Don’t let skepticism delay your decisions and put your security at risk. With Hacking For Dummies, you can strengthen your defenses and prevent attacks from every angle!
file size: 5.38 Mb
TweakNow PowerPack Proffesional 2.1.0.1
TweakNow PowerPack Proffesional 2.1.0.1
TweakNow PowerPack Professional 2.1.0.1
http://rapidshare.com/files/129553831/TweakNow.PowerPack.smforum.net.rar.html
TweakNow PowerPack Professional 2.1.0.1TweakNow PowerPack is a fully-integrated suite of utilities
that let you fine-tune every aspect of your computer's
operating system and Web browser. The RAM Idle program
manages the free memory that is available to run Windows
programs. It prevents performance from degrading as you swap
files and programs in and out of memory. The AutoShutdown
program lets you suspend, hibernate, or shut down your
computer after a specified period of time. In addition to
saving resources, this program keeps your system more secure
by making it unavailable to unauthorized people. The CD
AutoRun is an extension of Windows' CD and DVD autorun
features, giving you additional options for starting
programs or listening to music.
The Virtual Desktop program lets you run as many as four
custom-designed desktop configurations simultaneously,
allowing you to tailor your computer screen to your mood and
your work requirements. The suite gives you a complete
picture of all aspects of your computer's hardware,
including detailed information about your motherboard,
processor, video card, memory, hard disk and network
that let you fine-tune every aspect of your computer's
operating system and Web browser. The RAM Idle program
manages the free memory that is available to run Windows
programs. It prevents performance from degrading as you swap
files and programs in and out of memory. The AutoShutdown
program lets you suspend, hibernate, or shut down your
computer after a specified period of time. In addition to
saving resources, this program keeps your system more secure
by making it unavailable to unauthorized people. The CD
AutoRun is an extension of Windows' CD and DVD autorun
features, giving you additional options for starting
programs or listening to music.
The Virtual Desktop program lets you run as many as four
custom-designed desktop configurations simultaneously,
allowing you to tailor your computer screen to your mood and
your work requirements. The suite gives you a complete
picture of all aspects of your computer's hardware,
including detailed information about your motherboard,
processor, video card, memory, hard disk and network
http://rapidshare.com/files/129553831/TweakNow.PowerPack.smforum.net.rar.html
JAVA 2: The Complete Refrence, Fifth Edition
JAVA 2: The Complete Refrence, Fifth Edition
Herbert Schildt “Java 2: The Complete Reference, Fifth Edition”
McGraw-Hill Osborne Media | 2002-08-13 | ISBN: 0072224207 | 1184 pages | PDF | 4,4 MB
This book is the most complete and up-to-date resource on Java from programming guru, Herb Schildt — a must-have desk reference for every Java programmer.
Wednesday, July 16, 2008
How to become a hacker?
Why This Document?
What Is a Hacker?
The Hacker Attitude
1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.
Status in the Hacker Culture
1. Write open-source software
2. Help test and debug open-source software
3. Publish useful information
4. Help keep the infrastructure working
5. Serve the hacker culture itself
The Hacker/Nerd Connection
Points For Style
Other Resources
Frequently Asked Questions
log on to the site below for more info...about the above topics
http://www.catb.org/~esr/faqs/hacker-howto.html
What Is a Hacker?
The Hacker Attitude
1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Basic Hacking Skills
1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.
Status in the Hacker Culture
1. Write open-source software
2. Help test and debug open-source software
3. Publish useful information
4. Help keep the infrastructure working
5. Serve the hacker culture itself
The Hacker/Nerd Connection
Points For Style
Other Resources
Frequently Asked Questions
log on to the site below for more info...about the above topics
http://www.catb.org/~esr/faqs/hacker-howto.html
SQL Injection Attack And Defence
What is SQL Injection?
Normally web applications provide interface to the user to input the information. These user inputs are further used for many purposes one of which is to query the databases. The user input as part of SQL statements gets executed on the RDBMS. SQL injection is trying to input such data through the web application’s user interface that would give malicious user the sensitive information, edit/modify the protected data or crash the entire system etc. In the worst-case scenarios the malicious user is able to even penetrate further into the network by compromising the security of the database host machine.
There are four main categories of SQL Injection attacks against databases
1. SQL Manipulation: manipulation is process of modifying the SQL statements by using various operations such as UNION .Another way for implementing SQL Injection using SQL Manipulation method is by changing the where clause of the SQL statement to get different results.
2. Code Injection: Code injection is process of inserting new SQL statements or database commands into the vulnerable SQL statement. One of the code injection attacks is to append a SQL Server EXECUTE command to the vulnerable SQL statement. This type of attack is only possible when multiple SQL statements per database request are supported.
3. Function Call Injection: Function call injection is process of inserting various database function calls into a vulnerable SQL statement. These function calls could be making operating system calls or manipulate data in the database.
4. Buffer Overflows: Buffer overflow is caused by using function call injection. For most of the commercial and open source databases, patches are available. This type of attack is possible when the server is un-patched
Detection of SQL Injection Vulnerability
Detection of SQL injection is tough because it may be present in any of the many interfaces application exposes to the user and it may not be readily detectable. Therefore identifying and fixing this vulnerability effectively warrants checking each and every input that application accepts from the user.
2.1 How to find if the application is vulnerable or not
As mentioned before web applications commonly use RDBMS to store the information. The information in RDBMS is stored/retrieved with the help of SQL statements. Common mistake made by developers is to use, user supplied information in the ‘Where’ clause of the SQL statement while retrieving the information. Thus by modifying the ‘Where’ clause by additional conditions to the ‘Where’ clause; entire SQL statement can be modified. The successful attempt to achieve this can be verified by looking at the output generated by the DB server. Following Example of ‘Where’ clause modification would explain this further.
If the URL of a web page is:
1. http://www.prey.com/sample.jsp?param1=9 The SQL statement the web application would use to retrieve the information from the database may look like this: SELECT column1, column2 FROM Table1 WHERE param1 = 9 After executing this query the database would return data in columns1 and column2 for the rows which satisfy the condition param1 = 9. This data is processed by the server side code like servlets etc and an HTML document is generated to display the information.
2. To test the vulnerability of the web application, the attacker may modify the ‘Where’ clause by modifying the user inputs in the URL as follows. http://www.prey.com/sample.jsp?param1=9 AND 1=1 And if the database server executes the following query: SELECT coulmn1, column2 FROM Table1 WHERE param1 = 9 AND 1=1 . If this query also returns the same information as before, then the application is susceptible to SQL injection
Query Enumeration with Syntax errors
Many web servers return the incorrect syntax error along with the part of the SQL statement that was sent to database server for execution. This situation provides an opportunity to the hacker’s to generate errors by trying various input combinations and get the SQL statement in the error message. After getting the good idea about the existing SQL statement like this, hacker may try other SQL constructs in the injection.
Suggested attack strings are
Attack Strings
The above listed malicious inputs may or may not give same results. Therefore it will be good to try all the inputs.
Analyzing the result set
After trying to inject a single quote (‘) and it’s above mentioned combinations or trying to attach and AND condition that is always true, the returned message needs to be analyzed. If the return message contains some kind of database error then SQL injection was definitely successful. In case there isn’t a direct database error message, it is worth checking on previous pages or in the header information for the SQL words like ODBC, SQL Server etc All the places need to be checked including the hidden variables.
A secure web application would validate the user inputs and would reject such values. So ideally such values input by the user should cause errors that are handled by the application and no error message hinting failure of the database command will get displayed to the user. If the database errors were directly displayed to the user, which is the default behavior of the ASP/JSP then the attacker, would be able to get entire structure of the database and read data in the database that the application user account can potentially read.
Read More:
http://www.securitydocs.com/library/3587
Normally web applications provide interface to the user to input the information. These user inputs are further used for many purposes one of which is to query the databases. The user input as part of SQL statements gets executed on the RDBMS. SQL injection is trying to input such data through the web application’s user interface that would give malicious user the sensitive information, edit/modify the protected data or crash the entire system etc. In the worst-case scenarios the malicious user is able to even penetrate further into the network by compromising the security of the database host machine.
There are four main categories of SQL Injection attacks against databases
1. SQL Manipulation: manipulation is process of modifying the SQL statements by using various operations such as UNION .Another way for implementing SQL Injection using SQL Manipulation method is by changing the where clause of the SQL statement to get different results.
2. Code Injection: Code injection is process of inserting new SQL statements or database commands into the vulnerable SQL statement. One of the code injection attacks is to append a SQL Server EXECUTE command to the vulnerable SQL statement. This type of attack is only possible when multiple SQL statements per database request are supported.
3. Function Call Injection: Function call injection is process of inserting various database function calls into a vulnerable SQL statement. These function calls could be making operating system calls or manipulate data in the database.
4. Buffer Overflows: Buffer overflow is caused by using function call injection. For most of the commercial and open source databases, patches are available. This type of attack is possible when the server is un-patched
Detection of SQL Injection Vulnerability
Detection of SQL injection is tough because it may be present in any of the many interfaces application exposes to the user and it may not be readily detectable. Therefore identifying and fixing this vulnerability effectively warrants checking each and every input that application accepts from the user.
2.1 How to find if the application is vulnerable or not
As mentioned before web applications commonly use RDBMS to store the information. The information in RDBMS is stored/retrieved with the help of SQL statements. Common mistake made by developers is to use, user supplied information in the ‘Where’ clause of the SQL statement while retrieving the information. Thus by modifying the ‘Where’ clause by additional conditions to the ‘Where’ clause; entire SQL statement can be modified. The successful attempt to achieve this can be verified by looking at the output generated by the DB server. Following Example of ‘Where’ clause modification would explain this further.
If the URL of a web page is:
1. http://www.prey.com/sample.jsp?param1=9 The SQL statement the web application would use to retrieve the information from the database may look like this: SELECT column1, column2 FROM Table1 WHERE param1 = 9 After executing this query the database would return data in columns1 and column2 for the rows which satisfy the condition param1 = 9. This data is processed by the server side code like servlets etc and an HTML document is generated to display the information.
2. To test the vulnerability of the web application, the attacker may modify the ‘Where’ clause by modifying the user inputs in the URL as follows. http://www.prey.com/sample.jsp?param1=9 AND 1=1 And if the database server executes the following query: SELECT coulmn1, column2 FROM Table1 WHERE param1 = 9 AND 1=1 . If this query also returns the same information as before, then the application is susceptible to SQL injection
Query Enumeration with Syntax errors
Many web servers return the incorrect syntax error along with the part of the SQL statement that was sent to database server for execution. This situation provides an opportunity to the hacker’s to generate errors by trying various input combinations and get the SQL statement in the error message. After getting the good idea about the existing SQL statement like this, hacker may try other SQL constructs in the injection.
Suggested attack strings are
Attack Strings
The above listed malicious inputs may or may not give same results. Therefore it will be good to try all the inputs.
Analyzing the result set
After trying to inject a single quote (‘) and it’s above mentioned combinations or trying to attach and AND condition that is always true, the returned message needs to be analyzed. If the return message contains some kind of database error then SQL injection was definitely successful. In case there isn’t a direct database error message, it is worth checking on previous pages or in the header information for the SQL words like ODBC, SQL Server etc All the places need to be checked including the hidden variables.
A secure web application would validate the user inputs and would reject such values. So ideally such values input by the user should cause errors that are handled by the application and no error message hinting failure of the database command will get displayed to the user. If the database errors were directly displayed to the user, which is the default behavior of the ASP/JSP then the attacker, would be able to get entire structure of the database and read data in the database that the application user account can potentially read.
Read More:
http://www.securitydocs.com/library/3587
Boost Surfing Speed
Boost your surfing speed with just some tweaks. Most of the users using these tweaks give a pretty positive feedback of a boost in their surfing speed.
Firefox + IDM + TCP Optimizer
Plz do a speed test of your net connection before & after at http://speedtest.net/ to know what difference this software has made.
1) Every1 knows that how to Speed Up the Firefox.
Who dont know, just do the following.
* Type “about:config” into the address bar and hit return. Scroll down and look for the following entries:
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests
* Alter the entries do as follows:
Set “network.http.pipelining” to “true”
Set “network.http.proxy.pipelining” to “true”
Set “network.http.pipelining.maxrequests” to some number like 30.
* Lastly right-click anywhere and select New-> Integer.
Name it “nglayout.initialpaint.delay” and set its value to “0″.
2) Now Download & Install IDM. ( The Best Download Manager I’ve ever used. )
Download IDM
3) Now Download TCP Optimizer
Download TCP Optimizer
When u open TCP Optimizer, dont do anything, just select the option ‘Optimal Settings’ & apply the changes.
In the next box, press OK and reboot.
Use Of TCP Optimizer
The TCP optimizer works on the principle of bandwidth-delay. TCP optimizer uses product of bandwidth and delay of connection to find the best TCP window for your specific connection speed, thereby providing easy tuning of all related TCP/IP parameters, such as Maximum Transmission Unit, RWIN(The TCP receive window), and even advanced ones like QoS and ToS/Diffserv prioritization.
Then newer programs for TCP optimization also include the feature of testing average latency over multiple hosts, and finding the largest possible packet size (MTU). So this boosts up the speed upto 20 to 25 percent of the usual one
Firefox + IDM + TCP Optimizer
Plz do a speed test of your net connection before & after at http://speedtest.net/ to know what difference this software has made.
1) Every1 knows that how to Speed Up the Firefox.
Who dont know, just do the following.
* Type “about:config” into the address bar and hit return. Scroll down and look for the following entries:
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests
* Alter the entries do as follows:
Set “network.http.pipelining” to “true”
Set “network.http.proxy.pipelining” to “true”
Set “network.http.pipelining.maxrequests” to some number like 30.
* Lastly right-click anywhere and select New-> Integer.
Name it “nglayout.initialpaint.delay” and set its value to “0″.
2) Now Download & Install IDM. ( The Best Download Manager I’ve ever used. )
Download IDM
3) Now Download TCP Optimizer
Download TCP Optimizer
When u open TCP Optimizer, dont do anything, just select the option ‘Optimal Settings’ & apply the changes.
In the next box, press OK and reboot.
Use Of TCP Optimizer
The TCP optimizer works on the principle of bandwidth-delay. TCP optimizer uses product of bandwidth and delay of connection to find the best TCP window for your specific connection speed, thereby providing easy tuning of all related TCP/IP parameters, such as Maximum Transmission Unit, RWIN(The TCP receive window), and even advanced ones like QoS and ToS/Diffserv prioritization.
Then newer programs for TCP optimization also include the feature of testing average latency over multiple hosts, and finding the largest possible packet size (MTU). So this boosts up the speed upto 20 to 25 percent of the usual one
Javascript Injection Attack
Javascript Injection is a facility by which we can insert our own javascript codes into the websites, either by entering the code into the address bar, or by finding an XSS(Cross site Scripting) vulnerability in a website. Note that the changes can only be seen by you and are not permanent. This is because JavaScript is a ‘client-side’ language.
This can be very useful when one needs to spoof the server by editing some form option.
Javascript Injection Shall be briefly covered up in the following three parts
1. Injection Basics
2. Cookie Editing
3. Form Editing
1. Injection Basics
Javascript injections are run from the URL bar of the page you are visiting. To use them, you must first completly empty the URL from the URL bar.
Javascript is run from the URL bar by using the javascript: protocol. If you are a Javascript expert, you can expand on this using plain old javascript.
The two commands covered in this Article are the alert(); and void(); commands. These are pretty much all you will need in most situations. For your first javascript, you will make a simple window appear, first go to any website and then type the following into your URL bar:
javascript:alert(’Hello, World’);
You should get a little dialog box that says “Hello, World”. This will be altered later to have more practical uses.
You can also have more than one command run at the same time:
javascript:alert(’Hello’); alert(’World’);
This would pop up a box that said ‘Hello’ and than another that says ‘World’.
2. Cookie Editing
DO NOT USE THIS INFORMATION TO COMMIT CYBER CRIMES
First off, check to see if the site you are visiting has set any cookies by using this script:
javascript:alert(document.cookie);
This will pop up any information stored in the sites cookies. To edit any information, we make use of the void(); command.
javascript:void(document.cookie=”Field = myValue”);
This command can either alter existing information or create entirely new values. Replace “Field” with either an existing field found using the alert(document.cookie); command, or insert your very own value. Then replace “myValue” with whatever you want the field to be. For example:
javascript:void(document.cookie=”Authorized=yes”);
Would either make the field “authorized” or edit it to say “yes”… now whether or not this does anything of value depends on the site you are injecting it on.
It is also usefull to tack an alert(document.cookie); at the end of the same line to see what effect your altering had.
3. Form Editing
Sometimes, to edit values sent to a given website through a form, you can simply download that html and edit it slightly to allow you to submit what you want. However, sometimes the website checks to see if you actually submitted it from the website you were supposed to. To get around this, we can just edit the form straight from javascript. Note: The changes are only temporary, so it’s no tuse trying to deface a site through javascript injection like this.
Every form on a given web page (unless named otherwise) is stored in the forms[x] array… where “x” is the number, in order from top to bottom, of all the forms in a page. Note that the forms start at 0, so the first form on the page would actually be 0, and the second would be 1 and so on.
How Does Computer Worms Work
People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.
Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.
So what exactly is a computer worm?
A computer worm is different from its other infamous sibling - the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.
How do they spread?
Where do newly cloned computer worms march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place.
Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the “Jitux” worm is an example).
Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.Other worms spread only by using Backdoor infected computers. E.g. the “Bormex” worm relies on the “Back Orifice” backdoor to spread.
There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm “Axam” gets top honours for such devious activity.
Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers - the “Spida” worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like “Slammer”".
When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).
If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.
After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.
Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.
What do they do?
The nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs.
Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do - subvert the computer so that the worm’s creator can use it often without the owner of the computer knowing anything about it.
Worm writers nowadays work together with Spammers to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor trojans to convert the home computer into a “zombie”. the countless variants of the “Bagle” worm are the best known examples.”Phishing” is the latest fad in town. It tries to prise those secret passwords of bank accounts and credit cards from you… all courtesy of a piggy back ride on the worm’s powerful shoulders.
Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.
But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.
The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.
How do I get rid of them?
The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.
Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)
Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.
Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.
As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems.
bios password hacking
bios password hacking
some of trick might not work
if u wanna to hack the windows BIOS password then u have to do nothing more....... U have to just follow some steps
1)first reboot the pc if it is first booted
2)press f8 key
3)boot the computer in ms-dos mode(command prompt)
4)then just write c:\>ren *.pwl *.abc and just press enter
5)this will break any of ur windows bios password
6)this command is dangerous if used in a wrong manner then it must change the windows registry
u can also search for default password of bios according to your version of bios and name of bios
like most of award bios will open with j2f2 password
phoenix bios has password phoenix
most of the Toshiba which is with phoenix bios has default password toshiba
u can google for more bios password
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard
manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256,
j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER,
SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA,
ZAAADA, ZJAAADC, djonet,
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME,
Syxz, Wodj
via debug command
If you have access to the computer when it's turned on, you could try one of those
programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access
to the computer, so you'd better learn how to do manually what they do. You can reset
the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the
command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell
window in Windows). Once you are in the debug environment enter the following
commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two
bytes in hex format.
Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper
on the motherboard (for "switching a jumper" I mean that you find a jumper that joins
the central pin and a side pin of a group of three pins, you should then unplug the
jumper and then plug it to the central pin and to the pin on the opposite side, so if the
jumper is normally on position 1-2, you have to put it on position 2-3, or viceversa).
This jumper is not always located near to the BIOS, but could be anywhere on the
motherboard.
To find the correct jumper you should read the motherboard's manual
Once you've located the correct jumper, switch it (or plug or unplug it, depending from
what the manual says) while the computer is turned OFF. Wait a couple of seconds then
put the jumper back to its original position. In some motherboards it may happen that
the computer will automatically turn itself on, after flashing the BIOS. In this case, turn
it off, and put the jumper back to its original position, then turn it on again. Other
motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "bruteforce" it... trying out all
the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the
BIOS, and the ones you can switch (as I explained before). If all them fail, try all the
others. However, you must modify the status of only one jumper per attempt, otherwise
you could damage the motherboard (since you don't know what the jumper you
modified is actually meant for). If the password request screen still appear, try another
one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and
wait some seconds before to retry.
Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can
remove the battery that keeps the BIOS memory alive. It's a button-size battery
somewhere on the motherboard (on elder computers the battery could be a small,
typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side
to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it
away for 15-30 minutes or more, then put it back and the data contained into the BIOS
memory should be volatilized. I'd suggest you to remove it for about one hour to be
sure, because if you put it back when the data aren't erased yet you'll have to wait more
time, as you've never removed it. If at first it doesn't work, try to remove the battery
overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power
batteries (which would be useless), but you should open your computer and remove the
CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the
BIOS chip for a few seconds. You can do that with a small piece of electric wire or with
a bended paper clip. Always make sure that the computer is turned OFF before to try
this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may
find similar chips with different names if they are compatible chips made by another
brand. If you find the BIOS chip you are working on matches with one of the following
you can try to short-cicuit the appropriate pins. Be careful, because this operation may
damage the chip.
Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy
from your specialized electronic shop or your computer supplier. It's a quick operation if
the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have
to unsolder it and then put the new one. In this case would be more convenient to solder
a base on which you'll then plug the new chip, in the eventuality that you'll have to
change it again. If you can't find the BIOS chip specifically made for your motherboard,you should buy one of the same type (probably one of the ones shown above) and look
in your motherboard manufacturer's website to see if there's the BIOS image to
download. Then you should copy that image on the chip you bought with an EPROM
programmer.
some of trick might not work
if u wanna to hack the windows BIOS password then u have to do nothing more....... U have to just follow some steps
1)first reboot the pc if it is first booted
2)press f8 key
3)boot the computer in ms-dos mode(command prompt)
4)then just write c:\>ren *.pwl *.abc and just press enter
5)this will break any of ur windows bios password
6)this command is dangerous if used in a wrong manner then it must change the windows registry
u can also search for default password of bios according to your version of bios and name of bios
like most of award bios will open with j2f2 password
phoenix bios has password phoenix
most of the Toshiba which is with phoenix bios has default password toshiba
u can google for more bios password
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard
manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256,
j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER,
SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA,
ZAAADA, ZJAAADC, djonet,
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME,
Syxz, Wodj
via debug command
If you have access to the computer when it's turned on, you could try one of those
programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access
to the computer, so you'd better learn how to do manually what they do. You can reset
the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the
command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell
window in Windows). Once you are in the debug environment enter the following
commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two
bytes in hex format.
Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper
on the motherboard (for "switching a jumper" I mean that you find a jumper that joins
the central pin and a side pin of a group of three pins, you should then unplug the
jumper and then plug it to the central pin and to the pin on the opposite side, so if the
jumper is normally on position 1-2, you have to put it on position 2-3, or viceversa).
This jumper is not always located near to the BIOS, but could be anywhere on the
motherboard.
To find the correct jumper you should read the motherboard's manual
Once you've located the correct jumper, switch it (or plug or unplug it, depending from
what the manual says) while the computer is turned OFF. Wait a couple of seconds then
put the jumper back to its original position. In some motherboards it may happen that
the computer will automatically turn itself on, after flashing the BIOS. In this case, turn
it off, and put the jumper back to its original position, then turn it on again. Other
motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "bruteforce" it... trying out all
the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the
BIOS, and the ones you can switch (as I explained before). If all them fail, try all the
others. However, you must modify the status of only one jumper per attempt, otherwise
you could damage the motherboard (since you don't know what the jumper you
modified is actually meant for). If the password request screen still appear, try another
one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and
wait some seconds before to retry.
Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can
remove the battery that keeps the BIOS memory alive. It's a button-size battery
somewhere on the motherboard (on elder computers the battery could be a small,
typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side
to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it
away for 15-30 minutes or more, then put it back and the data contained into the BIOS
memory should be volatilized. I'd suggest you to remove it for about one hour to be
sure, because if you put it back when the data aren't erased yet you'll have to wait more
time, as you've never removed it. If at first it doesn't work, try to remove the battery
overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power
batteries (which would be useless), but you should open your computer and remove the
CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the
BIOS chip for a few seconds. You can do that with a small piece of electric wire or with
a bended paper clip. Always make sure that the computer is turned OFF before to try
this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may
find similar chips with different names if they are compatible chips made by another
brand. If you find the BIOS chip you are working on matches with one of the following
you can try to short-cicuit the appropriate pins. Be careful, because this operation may
damage the chip.
Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy
from your specialized electronic shop or your computer supplier. It's a quick operation if
the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have
to unsolder it and then put the new one. In this case would be more convenient to solder
a base on which you'll then plug the new chip, in the eventuality that you'll have to
change it again. If you can't find the BIOS chip specifically made for your motherboard,you should buy one of the same type (probably one of the ones shown above) and look
in your motherboard manufacturer's website to see if there's the BIOS image to
download. Then you should copy that image on the chip you bought with an EPROM
programmer.
How To play RAR movies without extracting
To play RAR movies without extracting:
1. Download Dziobas Rar Player
2. Extract and run DziobasPlayer.exe
3. You can either drag and drop RAR files to Dziobas RAR Player window or go to File and select Open RAR.
To play RAR movies while downloading:
1. Completely download first and last part file from movie CD.
Example:
CD2/movie.rar (first part)
CD2/movie.r47 (last part)
2. The first and last parts above must be set as high priority in your torrent client. Wait for download and play in Dziobas Rar Player.
3.If the file is from Torrent, even if it is half downloaded you can watch it how much you have downloaded.
Here are Dziobas Player advantages:
1. Preview partial downloaded movie
2. Watch downloaded movie without extracting
3. Watch downloaded movie even if RAR is corrupted
4. Don’t need to worry about installing the correct codec to watch video
5. Stream from torrent
6. Support automatic download subtitles using hash
7. Portable
8.Watch movie by rotating.
9.Watch movie in full screen/Stamp size.
10.Remove/Add sub titles.
11.FREE
Download:http://www.ziddu.com/download.php?uid=aqqdlZ2ta7CbmZzza6qZnJGlb6eanZuoag%3D%3D9
1. Download Dziobas Rar Player
2. Extract and run DziobasPlayer.exe
3. You can either drag and drop RAR files to Dziobas RAR Player window or go to File and select Open RAR.
To play RAR movies while downloading:
1. Completely download first and last part file from movie CD.
Example:
CD2/movie.rar (first part)
CD2/movie.r47 (last part)
2. The first and last parts above must be set as high priority in your torrent client. Wait for download and play in Dziobas Rar Player.
3.If the file is from Torrent, even if it is half downloaded you can watch it how much you have downloaded.
Here are Dziobas Player advantages:
1. Preview partial downloaded movie
2. Watch downloaded movie without extracting
3. Watch downloaded movie even if RAR is corrupted
4. Don’t need to worry about installing the correct codec to watch video
5. Stream from torrent
6. Support automatic download subtitles using hash
7. Portable
8.Watch movie by rotating.
9.Watch movie in full screen/Stamp size.
10.Remove/Add sub titles.
11.FREE
Download:http://www.ziddu.com/download.
how to make a hidden account in xp.
Hi guys i m going to tell u how to make a hidden account in xp.
Step1
first create a new user account in xp,through user accounts.
Step2
go to RUN type regedit open key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" .
Step3
In the right side u can see list just right click in empty area and select a new DWORD
value. and rename it to your user account's name(user name).
Step4
just close registry press F5(refresh) and go to your user account what u see.......
wow! your account is not displayed in user account.
step5
Now u can't see your account in logon screen so how to access it , just press ctrl+alt+del twice a new window opens enter your username and password(if not set leave it blank).
Thats all, plz don't misuse this trick
Step1
first create a new user account in xp,through user accounts.
Step2
go to RUN type regedit open key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W
Step3
In the right side u can see list just right click in empty area and select a new DWORD
value. and rename it to your user account's name(user name).
Step4
just close registry press F5(refresh) and go to your user account what u see.......
wow! your account is not displayed in user account.
step5
Now u can't see your account in logon screen so how to access it , just press ctrl+alt+del twice a new window opens enter your username and password(if not set leave it blank).
Thats all, plz don't misuse this trick
Improve XP Shutdown Speed
This tweak reduces the time XP waits before automatically closing any running programs when you give it the command to shutdown.
Go to Start then select Run
Type 'Regedit' and click ok
Find 'HKEY_CURRENT_USER\Control Panel\Desktop\'
Select 'WaitToKillAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now select 'HungAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now find 'HKEY_USERS\.DEFAULT\Control Panel\Desktop'
Select 'WaitToKillAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now find 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\'
Select 'WaitToKillServiceTimeout'
Right click and select 'Modify'
Change the value to '1000'
Go to Start then select Run
Type 'Regedit' and click ok
Find 'HKEY_CURRENT_USER\Control Panel\Desktop\'
Select 'WaitToKillAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now select 'HungAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now find 'HKEY_USERS\.DEFAULT\Control Panel\Desktop'
Select 'WaitToKillAppTimeout'
Right click and select 'Modify'
Change the value to '1000'
Click 'OK'
Now find 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\'
Select 'WaitToKillServiceTimeout'
Right click and select 'Modify'
Change the value to '1000'
ADMIN PASSWORD FINDER
ADMIN PASSWORD FINDER
http://rapidshare.com/files/80946280/admin_pass_finder_v4.0.rar.html
Hacking Tools
WIRESHARK
NETBUS
NetBus is a program used to control microsoft windows computer systems over a network. (what we say as "Breaking into Computer System")
OPHCRACK
Ophcrack is an open source program that cracks Windows password (LM HASHES) using rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.
Wireshark (Known as Ethereal) is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, and Linux. It is freely available as open source.
NETBUS
NetBus is a program used to control microsoft windows computer systems over a network. (what we say as "Breaking into Computer System")There are two components in this program a client and a server. The server must be installed and run on the computer that should be remotely controlled.
The client program allows the hacker to control the target system. Some of its features includes-
1). Keystroke Logging.
2). Capturing Screen Shots.
3). Shutting down the system, etc...
OPHCRACK
Ophcrack is an open source program that cracks Windows password (LM HASHES) using rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.It recovers 99.9% of alphanumeric passwords in seconds.
LC5
LC 5 includes a remote agent that lets you centrally manage audits of multiple cross-domain computers and gather all account information at one location. After completing an audit, you can review risk scores, audit method, and character-set or password-length distribution. LC 5 also lets you disable accounts or force users to reset weak passwords.
SUPERSCAN v4.0
A Powerful TCP port scanner, pinger, resolver. Here are some of the features in this version-
Hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Brutus is one of the fastest and most flexible remote
password crackers available for Windows 9x, NT and 2000, there is no UNIX version available. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc.
THC HYDRA>>>Networking Login Hacking Tool
LCP
MASTER CREDIT CARD GENERATOR
NMAP
MESSENGER PASSWORD CRACKER GOES PUBLIC
This Trojan targets MSN's user and the hacking is done in real time i.e. face to face - i mean while you are chatting with someone on a messenger. This Trojan has been made public by “Our Godfather” - just a name - on the Bit Torrent network. And the worst part is that hundreds of people have already installed it.
Fire Master 2.1 - Firefox Master Password Recovery Tool
If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost information. It uses various methods such as dictionary, hybrid and brute force attack to crack the password.
John the Ripper
LC5
LC 5 supports most password-cracking methods and comes in four versions (professional, administrator, site, and consultant—available features vary depending on version).
LC 5 includes a remote agent that lets you centrally manage audits of multiple cross-domain computers and gather all account information at one location. After completing an audit, you can review risk scores, audit method, and character-set or password-length distribution. LC 5 also lets you disable accounts or force users to reset weak passwords.
SUPERSCAN v4.0
A Powerful TCP port scanner, pinger, resolver. Here are some of the features in this version-
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
| ||
|
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. A subset of the stuff you can do using hping:
- Firewall testing
- Advanced port scanning
- Network testing, using different protocols, TOS, fragmentation
- Manual path MTU discovery
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing
- hping can also be useful to students that are learning TCP/IP.
Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.
Brutus is one of the fastest and most flexible remote
password crackers available for Windows 9x, NT and 2000, there is no UNIX version available. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. THC HYDRA>>>Networking Login Hacking Tool
Hydra is a software project developed by "The Hacker's Choice" (THC) that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different service.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that; it is flexible and very fast.
Currently this tool supports:TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2,
Cisco AAA (incorporated in telnet module).
LCP
LCP program is used for auditing and recovering user account passwords in Windows NT/2000/XP/2003. Some other functions include Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing, etc.
MASTER CREDIT CARD GENERATOR
By using a program such as Master Credit Card Generator, hackers could create fictitious credit card numbers to help them set up Internet accounts through online services. Once the online service verified that the credit card number wasn't valid, they would shut down the hacker's account, but with the aid of a few dozen more credit card numbers, hackers could simply create new accounts over and over again.
NMAP
Considered one of the best scanning tools for probing a system, Nmap incorporates almost every scanning technique known into one single program. Depending on the scanning option you use, Nmap can offer you speed or stealth (to prevent a target computer from knowing it's being probed) using a variety of different protocols (ICMP, UDP, TCP, etc.). You can safely assume that given enough time, Nmap can find an opening in practically any computer.
Nmap runs on UNIX-based operating systems such as Linux and comes with full C/C++ source code that you can study and modify. Nmap is the most powerful scanning tool available to both system administrators and hackers.
ObiWan is written to check Webserver. The idea behind this is: Webserver with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she like it.
MESSENGER PASSWORD CRACKER GOES PUBLIC
This Trojan targets MSN's user and the hacking is done in real time i.e. face to face - i mean while you are chatting with someone on a messenger. This Trojan has been made public by “Our Godfather” - just a name - on the Bit Torrent network. And the worst part is that hundreds of people have already installed it.
So from now onwards be a little bit more careful while chatting with an unknown person on messenger.
YOU too CAN Become a VICTIM OF TROJAN.......Fire Master 2.1 - Firefox Master Password Recovery Tool
If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost information. It uses various methods such as dictionary, hybrid and brute force attack to crack the password.John the Ripper
John the Ripper is another fast password cracker available for Unix, DOS, Win32, etc.. Its primary purpose is to detect weak Unix passwords.
Cain & Abel
My favorite password cracking tool.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
breaking security
Port Scanning
Every computer connected on internet has a unique Internet Protocol (IP) address that identifies them over the Internet. Hackers use a hacking tool called a scanner to search for a range of IP addresses for a computer to attack.
When the scanner finds a computer at a particular IP address, it then examines the ports on that computer to see which ones could be exploited.
A port represents a specific way for a computer to communicate over the Internet. When a computer connects to the Internet, it needs to know when it's receiving email and when it's accessing a web page. Since information from the Internet flows into the computer through the same physical connection (a telephone line or cable modem), computers create separate ports to accept certain data. This way the computer knows how to handle data.
Each port is assigned a number and every computer connected to the Internet uses ports, which means that ports open up a door that hackers can use to access a computer.
SERVICE | PORT |
File Transfer Protocol (FTP) | 21 |
Telnet | 23 |
Simple Mail Transfer Protocol (SMTP) | 25 |
Gopher | 70 |
Finger | 79 |
Hypertext Transfer Protocol (HTTP) | 80 |
Post Office Protocol, version 3 (POP3) | 110 |
To attack a computer, you need the target computers IP address. There are lots of software’s available on net for this purpose one way is by looking up for the domain name on the Network Solutions website. Once you know a computer's IP address, the next step is to find which ports are open in order to access the target computer.
Ways to check which port is open-----
TCP connect scanning – Hacker sends a SYN packet to the target computer and waits for a return acknowledgment packet (SYN/ACK), and then sends another acknowledgment packet (ACK) to connect. This type of scanning is easily recognized by target computers to alert them of a possible hacker attack.
TCP SYN scanning – Same as above but when the acknowledgement is received the hacker does not sent back the ACK packet to connect. By doing this the hacker knows that the port is listening and hence open. This technique has less chances of getting detected.
TCP FIN scanning – Hacker sends a "No more data from sender" (FIN) packet to a port. A closed port responds with a Reset (RST) message, while an open port simply ignores the FIN packet.
The next task is to find the target computer’s operating system in order to know the commands for guessing the computer's password.
<FIN probing: Hacker sends a FIN ("No more data from sender") packet to a port and waits for a response. Windows responds with RST (Reset) messages.
<FIN/SYN probing: Hacker sends a FIN/SYN packet to a port and waits for a response. Linux systems respond with a FIN/SYN/ACK packet.
<ICMP message quoting: Hacker sends data to a closed port and waits to receive an error message. All computers send back the initial IP header of the data with an additional eight bytes tacked on. Solaris and Linux systems, however, return more than eight bytes.
IMPORTANT TOOLS FOR SECURITY BREACHING
First Step – Finding a computer to attack
Second Step – Breaking into it
Third Step – Crack the password
A hacker can find the password in the following ways:
1).Keystroke Logger-
A Keystroke Logger can record each and everything a person types. A logger can either send the recording to a monitoring computer or saves it to a file in the same computer. The key logger run’s in hidden mode i.e. they hide their presence from the user, although a professional person can check their existence in the computer system.
When the user leaves the target computer, the hacker can recover the log file in which every entry is recorded be it an email id username, password, credit card number, etc. Some key loggers can even mail the log file to the hacker so that they can monitor the target’s activity from another location.
For using a key logger the hacker must have access to target computer system on a regular basis.
2).Desktop-Monitoring Programs-
If the hacker doesn’t have access to the target computer on a regular basis then a desktop monitoring program is the solution. If the hacker is successful in installing this program on the target computer, then, whatever the user types on the target computer will appear on the hacker’s computer screen.
3). Brute-Force Attack-
The brute-force method simply tries every possible combination of alphabets, (small + caps), special characters and numbers of varying lengths. However, this method can take days to crack a password.
Brute-force attacks are very much successful in cracking Windows 98 and UNIX passwords. In windows 98 the user name and password is stored in the windows/*.pwl files whereas most of UNIX systems store the list of account names and passwords in the /etc/passwd file.
A Basic Approach - Attacking a Remote Computer
In this lesson we will try to explain the following topics------
2).The necessary tools used for this purpose.
3).Some tips and tricks.
4).A little description about Trojans, etc…
NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. Datagram mode is "connectionless" (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery.
2).NBTSTAT - Nbtstat is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.
The nbtstat command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat - a <name> command performs a NetBIOS adapter status command on the computer name specified by < name> . The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name.
3).NET VIEW - The NET VIEW command displays a list of computers in the specified workgroup, or shared resources available on the specified computer.
4).NET USE - Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections.
5).NETSTAT - Netstat provides statistics for the following:
- Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
- Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
- State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT.
For all these commands you need to have the IP address of the target computer. Also, you can try all these commands on your own IP address.
Let’s see how NBTSTAT works---
Open command prompt and type NBTSTAT /?, this will show the help for using this command (Note: /? Applies for all other commands also)
If I have the ip address xxx.xxx.xx.x
nbtstat –A xxx.xxx.xx.x
This will give the NetBIOS Remote Machine Name Table.
Net view \\xxx.xxx.xx.x
Subscribe to:
Comments (Atom)
