Share BLOG

Share/Bookmark

Mara Marath mahan

Hacking Videos Help

Citizen_Engineer from citizen engineer on Vimeo.

How to Make A Nuclear Reactor
How to Make A Nuclear Reactor How to make a nuclear reactor using materials that you have at home. From "The Nuclear Boy Scout" Copyright Eagle &...

Real INDIA

Real INDIA

Saturday, February 25, 2012

Cpanel Hacking/Cracking Tutorial

"Index of /sh3llZ" Upload your shell

while Late Night Browsing Random websites I saw a website with a directory "sh3llz", this directory contain many shells like c99, c100 r57 and others,
it was intresting, i dont know its a Bug or These files was uploaded by any hacker, when I googled it I got Many similar websites
so its Devil's Cafe New exploit, shells already Uploaded and you Can Upload your new one or use and already Uploaded shell and deface the website ..=)

cats.jpg (363×506)


Exploit Title : "Index of /sh3llZ"
Google and Big Dorks : 
"Index of /sh3llZ"
"/sh3llZ/uploadshell/uploadshell.php"
intitle:index of/sh3llZ
and you can make own dorks for getting more results =)
Lets Start : Goto Google or Bing.com and type any  Dork "Index of /sh3llZ"
"/sh3llZ/uploadshell/uploadshell.php"  or intitle:index of/sh3llZ
After Going to Serach result, you will Shell There
Now upload your new shell, or upload Your deface using old shell =) enjoy!!
Must Leave a Comment below to say Thanks !!
Live Demo :
Shell : http://john.itscool.sx33.net/sh3llZ/uploadshell/d3v1l5c4f3.php
shell password : www.devilscafe.in (its 404 Not Found Shell Download it here )


Demo Deface : http://john.itscool.sx33.net/sh3llZ/uploadshell/backlinks.html
(click here to Get Best Deface Pages)


More Shells : 
http://sqladminportal.com/sh3llz/
http://phpadmin.org/sh3llz/
http://donate-for-charity.com/sh3llz/
http://php-admin.org/sh3llz/
http://smf-forum.org/sh3llz/
http://netdesigns.org/sh3llZ
http://www.admin-portal.com/sh3llZ/
http://www.sexymodelforum.net/sh3llZ/
http://active-layout.org/sh3llZ
http:// blog.dark-action.net/sh3llZ/
http://blog.brainshots-blog.com/sh3llZ/
http://activedesigns.org/sh3llZ/
http://john.charity-zone.com/sh3llZ/
http://donate-for-charity.net/sh3llZ/
http://balcesishop.com/sh3llZ/
http://to-charity.com/sh3llZ/
http://smf-forum.org/sh3llZ/
http://darkactioncomics.org/sh3llZ/
http://active-designer.net/sh3llZ/
http://www.balcesi-online.com/sh3llZ/
http://fisher-freelance.org/sh3llZ/
http://donate-for-charity.com/sh3llZ/
http:// Forum.brainshotsblog.com /sh3llZ/
http://sexymodelsmf.com/sh3llZ/
http:// john.shots-blog.com/sh3llz/
http:// fisher.active-styles.com/sh3llz/
http:// blog.balcesionlineshop.org/sh3llz/
http://forum.phpadmin.org/sh3llZ/

Today we will Learn CPANEL cracking or Hacking  i.e gaining password for port no 2082 on website first of all we need a cpanel cracking shell on the server because we are going to crack those websites cpanels which are hosted on the shelled server.
so lets start i am using cpanel.php [download it here]shell for cracking :) we need two things in cracking first one is usernames of the websites that are hosted on the server second is a good password dictonery [Get Passwords List Here]

so
in first step :-
grab the usernames of the websites using command ls /var/mail
or use the "Grab the usernames from /etc/passwd" option in the shell
 
 
press the go button
we have done from our side
lets wait and watch ,if we have supplied good passwords then shell will show a message
" [~]# cracking success with username "xyz" with password "xyz" "
otherwise it will show
"[~] Please put some good passwords to crack username "xyz" :( "
so chances of success depends on password list that we are using in cracking process 
 
[GUEST POST]

havij 1.15 PRO, cracked licence.

Download Free Havij 1.15 Pro [Final Crack Fixed/+Exidous License]

Free Download : Havij 1.15 pro Final

gggggggggggg
Instructions

1.Run Havij.exe
2. Once it opens you will see register..
3. Click Register
Make sure you are connected to the internet
4. Under Name:
You write: Cracked@By.Exidous
5. Under File:
You select the folder where you are currently running the Havij program from and select Havij Key
6. Done....

Download
Or
Or

Steps To Register : (Screen Shots)
 :gggggggggggg 
gggggggggggg 
gggggggggggg 
gggggggggggg


About the Author : This Post was written by Ashell India, visit his blog http://www.zplanet.in/ 
for every kind of Softwares, Craked softwares and serial keys, Just visit :http://www.zplanet.in/

Download
Havij 1.15 pro

Enjoy....

Hacking Tools


  1. Armitage : Graphical Cyber Attack Management Tool
  2. BSQL Hacker : automated SQL Injection Framework Tool
  3. BlaZer's Tool Kit - All in One Hacking Tools Pack : Free Download
  4. Collection Of Best PHP and ASP shells
  5. Collection of best SQL injection Tools
  6. Collection of best SQL injection Tools : Part 2
  7. Dark-Jumper v5.8 : SQLi, LFi RFi Scanner
  8. Free Download : Anti Hacker Toolkit
  9. Free Download : Hackers professional toolkit : collection of Hacking tools
  10. Free Download : Havij 1.15 pro Final
  11. Free Download : Pangolin Professinal Usb Edition
  12. Free Download : Wireless Hacking Tools 2011
  13. Hack SQLi Vulnrable Websites with SQL map : Automatic SQL Injection Tools
  14. Hexjector : Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
  15. How to hack Websites using Havji (all Versions)
  16. Mr.Dark Soul's Wordpress Blog Hacker
  17. OpenSCAP : open-source framework
  18. PHP Dos/DDOS (Denial Of Service) Attack Script
  19. Paki Hacking Tool kit By Dr. Trojan
  20. Pangolin : Automatic SQL Injection & PenTesting Tool
  21. Pesca 0.75 local stealer Ftp+Mail+Php Uploader + Php logger
  22. Remote Administrator with ProRat v1.9
  23. SQLYog : MySQL injection Tool
  24. Safe3SI : SQLi vulnerabale websites & Database Hacking Tool
  25. Web Hacking with DVNA
  26. Website Vunerablity Scanner : SQLi | LFI | XSS | Shell Upload
  27. website Hacking With Real SQL : Automatic SQL Injection Tool

SQL injection Tutorials and SQL injection Tools

image_1808649.original.jpg (255×299)
  1. BSQL Hacker : automated SQL Injection Framework Tool
  2. Blind SQLi Tutorial
  3. Collection of best SQL injection Tools
  4. Collection of best SQL injection Tools : Part 2
  5. Free Download : Pangolin Professinal Usb Edition
  6. Hack SQLi Vulnrable Websites with SQL map : Automatic SQL Injection Tools
  7. Pangolin : Automatic SQL Injection & PenTesting Tool
  8. Popular Ways To Hack And Crack A Website
  9. SQL Injection + Shell Upload Tutorial Video Tutorial
  10. SQLYog : MySQL injection Tool
  11. Safe3SI : SQLi vulnerabale websites & Database Hacking Tool
  12. sql poison 1.1- sqli exploit scanner+search hunter+injection builder tool
  13. website Hacking With Real SQL : Automatic SQL Injection Tool
  14. wordpress SQL Injection Hacks
  1. BSQL Hacker : automated SQL Injection Framework Tool
  2. Collection of best SQL injection Tools
  3. Collection of best SQL injection Tools : Part 2
  4. Dark-Jumper v5.8 : SQLi, LFi RFi Scanner
  5. Free Download : Havij 1.15 pro Final
  6. Free Download : Pangolin Professinal Usb Edition
  7. Hack SQLi Vulnrable Websites with SQL map : Automatic SQL Injection Tools
  8. Hexjector : Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
  9. How to hack Websites using Havji (all Versions)
  10. Pangolin : Automatic SQL Injection & PenTesting Tool
  11. SQLYog : MySQL injection Tool
  12. SQLmap Step by Step Tutorial -
  13. Safe3SI : SQLi vulnerabale websites & Database Hacking Tool
  14. sql poison 1.1- sqli exploit scanner+search hunter+injection builder tool
  15. website Hacking With Real SQL : Automatic SQL Injection Tool

Popular Ways To Hack And Crack A Website

Posted on


  • Wednesday, 2 November 2011





  • by


  • Minhal Mehdi





  • in


  • Labels: , , , , , ,





  • Hacking a website not only means taking the whole control of website but can be either changing the website datas or make the website down by making denial of serviceattack.Here in this article we will see some possible ways of attacking a website.A website can be attacked in any one of the following ways.

    • Password Cracking
    • Simple SQL Injection Hack
    • Brute force attack for servers
    • Denial of service
    • PASSWORD CRACKING

    The first and foremost thing that every hacker must need to hack a website is the hostingIP address of the website.You can directly find the IP address of any website from yourcommand prompt itself.

    1. For that open command prompt (window + r) and type cmd and hit enter.
    2. Type the following command followed by the URL of the website

    nslookup URL addressFor example

    nslookup www.realhackings.comand hit enter.you can see a window as shown below with the ip address of the website


    Now you have got the IP address of the website.next step is to scan the IP we have got just now to see which protocols the Website at this IP is using 

    For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.


    In the above image FTP is shown,That means this website is using FTP to access to its servers.just double click on the FTP to see a window as shown below


    Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to dobrute force attack

    BRUTE FORCE ATTACK

    In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters

    Denial of service ( Ddos attack ):

    A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actuallyhacking a webite but it is used to take down a website.

    If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for websitehacking

    SQL INJECTION

    SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applicationswork.

    Exploits and Vulenrablities

    397746_274681849258541_149359271790800_811784_34845433_n.jpg (450×371)


    1. " Image Uploader" Shell Upload Vulnrability
    2. "Add Testimonial" ~ remote File upload vulnerability.
    3. "Encodable" ~ another Deface and shell upload Vulnerablity
    4. "File thingie" ~ Deface & Shell Upload vulnerability
    5. "Portail Dokeos" deface and Shell Upload vulnerability
    6. "QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability" Upload shell and deface easily
    7. "Simple Upload 53" : Shell Upload Vulnerability
    8. Ajax File Manager ~ Shell and Files Upload Vulnerability
    9. Another Eeasy Method of wordpress Blog Hacking (Wordpress Easy Comment)
    10. Another Wordpress Exploit : 10,000+ Websites are Vunerable For this attack
    11. Asset Manager :Shell and Files upload Vulnerability
    12. EzFilemanager Deface Upload vulnerability
    13. GarageSales Shell Upload Vulnerability
    14. Geeklog Remote Deface Upload Vunerablity
    15. How to Hack IIS Exploit in Windows 7 : Detailed Tutorial with homepage hacking
    16. Html editor File Upload vulnerability
    17. KindEdior Remote File Upload exploit 
    18. New shell & Deface Upload Vulnerability
    19. Nineboard Admin Panel Exploit
    20. RTE remote File Upload Vulnerability
    21. TinyFileBrowser ~ Remote file Upload Vulnerability
    22. TinyMCE ajaxfilemanager remote File Upload Vulnerability
    23. Webdav Hacking & Defacing : n00b Friendly : Detailed Tutorail
    24. Website Hacking with Moxiecode File Browser : Upload Deface Remotly
    25. WordPress plugin tdo mini File Upload Vunerablity
    26. XSS : Cross Site Scripting Tutorial
    27. collection of Local r00t exploits
    28. phUploader Remote File Upload Vulnerability
    29. phpmyadmin exploit
    30. spaw : Deface and Shell Upload Vunerablity
    31. wordpress fckeditor upload Vunerablity : Upload Your Deface Remotly
    32. Portal Hacking (DNN) | Dot Net Nuke Website Hacking Tutorial
    33. How to Hack IIS Exploit in Windows 7 : Detailed Tutorial with homepage hacking
    34. How to Hack IIS Exploit websites : The Most Easiest way of Website Hacking 


    Hacking And Security E-books



    1. Buffer Overflow (How to rOOt On Server Part -II)
    2. Free Download : Gmail Hacking E-Book
    3. Free Download : The Application Hacker's Handbook
    4. Free Download Ghost in the Wires by Kevin Mitnick
    5. Free Download PHP5 and MySQL Bile & Php6 MySQL Bible
    6. Free Download XSS Attacks : Cross Site Scripting Exploits & Defence
    7. How to r00t on server : E-book by Black -X Genius
    8. Social Engineering: The Art of Hacking Human Mind
    9. The Secret of Hacking : Free Download E-Book

    Friday, November 11, 2011

    A Brief Introduction To Internet Threat DDOS

    Why DDOS became a world's number one threat to IT Business?

    What is DDOS?
    DDOS is known as Distributed Denial of Service. DDOS attack is intent to cause a web service incurable, unavailable or unusable. Specialty of DDOS attack is that there is no limit of the number of the machines which are going to target a particular website or the host. The nature is in his name quoted "Distributed". In simple words the number of machines from the world sends unlimited number of connections to a particular single domain or the website. Suddenly traffic increases and that site or domain would not able to bare a sudden load and it goes down or temporary unavailable. Due to coming traffics from various IP addresses at a time, it is more difficult to detect and block traffic of all IP addresses.

    Let's Go To Year 2000
    First ever DDOS attack was faced by a famous search engine yahoo. Due to this attack yahoo got unavailable for 2 or 3 hours in worldwide. In a result of that yahoo had to face a big amount of loss in money in advertising revenue. E-Bay and CNN was also the victim of DDOS attack.

    How Does Actually Attack Happen?
    Here I have mentioned some common detailed steps that how this attack is actually done.
    Step 1:-
    First of all attackers scans a large amount of computers or networks for the open vulnerability. There are 65,535 port of any single machine. Attacker scans this all ports of each machine. This scenario is hard to accept theoretical but the logic is that this can be done within an hour with the automated tools. It can be done with the help of various port scanners. As a result of that port scanners gives attacker the list of the IP address of the machines on which the ports are open.

    Step 2:-
    As I have told, after the scan it gives attacker a vulnerable machine's ip address list. Then attacker decides to involve all machines in his attack. These systems are known as handlers. The common method of this is stack based buffer overflow. When this process is done then buffer gets overflowed. And the particular malicious data is stored on the Vitim's machine. This victim is not the real victim on which attacker is going to attack. He or she uses this victim to attack main victim. Now on that machine, attacker has his or her control. He can send commands to and the vulnerable machine will execute that command. This senerio doesn't happen to only one but it happens in 1000 or may be more vulnerable machines. That's why it is more difficult to catch the actual attacker in DDOS attack.

    Step 3:-
    After the gaining access to the system another attack is generated in order to take command in his/her hand whenever they want in future. This can be done with the help of RATs, Backdoors, Root kits or a Trojan

    Step 4:-
    Final attack takes place here. Hacker or attacker sends commands to their handlers or the vulnerable machines on which he has gained access. The attack can be in a manner of flooding.

    For example if an attacker has command over 100 machines and if he sends instruction that each machines has to ping a particular websites 100 times then, simple calculation 100* 100 = 10000 hits goes to the website and it may go down.

    To put in a nutshell, DDOs attack is very advance attack, executed by hackers to crash a whole network. There would be a large number of impact goes on a business like cost impact, delay of work impact, E-Reputation impact. Internet became more users friendly and handy in last 15 years. So it is obvious that hacking activity will take place for a sure later or sooner. To cure this big flaw there should be a recruitment of the ethical hacker, network administrators and cyber security experts who has an ability to detect and mitigate the attack in organization. Because, prevention is better than cure.

    Controversial secret court order to force Google & Sonic.net to turn over information from the email accounts of WikiLeaks volunteer

    The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal.
    [WIKILEAKS] 
    Attorney General Eric Holder, top, has said the U.S. is pursuing an 'active criminal investigation' of WikiLeaks.

    Sonic said it fought the government's order and lost, and was forced to turn over information. Challenging the order was "rather expensive, but we felt it was the right thing to do," said Sonic's chief executive, Dane Jasper. The government's request included the email addresses of people Mr. Appelbaum corresponded with the past two years, but not the full emails.

    Both Google and Sonic pressed for the right to inform Mr. Appelbaum of the secret court orders, according to people familiar with the investigation. Google declined to comment. Mr. Appelbaum, 28 years old, hasn't been charged with wrongdoing.

    The court clashes in the WikiLeaks case provide a rare public window into the growing debate over a federal law that lets the government secretly obtain information from people's email and cellphones without a search warrant. Several court decisions have questioned whether the law, the Electronic Communications Privacy Act, violates the U.S. Constitution's Fourth Amendment protections against unreasonable searches and seizures.

    WikiLeaks is a publisher of documents that people can submit anonymously. After WikiLeaks released a trove of classified government diplomatic cables last year, U.S. Attorney General Eric Holder said the U.S. was pursuing an "active criminal investigation" of WikiLeaks.

    Passed in 1986, the Electronic Communications Privacy Act is older than the World Wide Web, which was dreamed up in 1989. A coalition of technology companies—including Google, Microsoft Corp. and AT&T Corp.—is lobbying Congress to update the law to require search warrants in more digital investigations.
    The law was designed to give the same protections to electronic communications that were already in place for phone calls and regular mail. But it didn't envision a time when cellphones transmitted locations and people stored important documents on remote services, such as Gmail, rather than on their own computers.

    Law enforcement uses the law to obtain some emails, cellphone-location records and other digital documents without getting a search warrant or showing probable cause that a crime has been committed. Instead the law sets a lower bar: The government must show only "reasonable grounds" that the records would be "relevant and material" to an investigation.

    As a result, it can be easier for law-enforcement officers to see a person's email information than it is to see their postal mail.

    Another significant difference: A person whose email is inspected this way often never knows a search was conducted. That's because court orders under the 1986 law are almost always sealed, and the Internet provider is generally prohibited from notifying the customer whose data is searched. By contrast, search warrants are generally delivered to people whose property is being searched.

    The secrecy makes it difficult to determine how often such court orders are used. Anecdotal data suggest that digital searches are becoming common.

    In 2009, Google began disclosing the volume of requests for user data it received from the U.S. government. In the six months ending Dec. 31, Google said it received 4,601 requests and complied with 94% of them. The data include all types of requests, including search warrants, subpoenas and requests under the 1986 law.

    At a Senate hearing in April on whether the 1986 law needs updating, Associate Deputy Attorney General James A. Baker cautioned Congress "that raising the standard for obtaining information under ECPA may substantially slow criminal and national security investigations."

    In May, the ECPA's author, U.S. Sen. Patrick Leahy (D., Vt.), said the original law is "significantly outdated and outpaced by rapid changes in technology." He introduced a bill adopting many of the recommendations of the technology coalition lobbying for changes to the law.

    Some federal courts have questioned the law's constitutionality. In a landmark case in December, the U.S. Court of Appeals for the Sixth Circuit ruled that the government violated the Fourth Amendment when it obtained 27,000 emails without a search warrant.

    "The police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call—unless they get a warrant," Judge Danny Boggs wrote in the 98-page opinion. "It only stands to reason that, if government agents compel an [Internet service provider] to surrender the contents of a subscriber's emails, those agents have thereby conducted a Fourth Amendment search."

    In August, the U.S. District Court of the Eastern District of New York over-ruled a government request to obtain cellphone location records without a warrant, calling it "Orwellian." Judge Nicholas Garaufis wrote: "It is time that the courts begin to address whether revolutionary changes in technology require changes to existing Fourth Amendment doctrine." The government has appealed.

    The WikiLeaks case became a test bed for the law's interpretation earlier this year when Twitter fought a court order to turn over records from the accounts of WikiLeaks supporters including Mr. Appelbaum.

    Mr. Applebaum is a developer for the Tor Project Inc., a Walpole, Mass., nonprofit that provides free tools that help people maintain their anonymity online. Tor's tools are often used by people living in countries where Internet traffic is monitored by the government. Tor obtains some of its funding from the U.S. government.

    Mr. Appelbaum has also volunteered for WikiLeaks, which recommends people use Tor's tools to protect their identities when submitting documents to its website. In April 2010, Mr. Appelbaum's involvement in WikiLeaks was inadvertently disclosed publicly in a blog post on the website of the Committee to Protect Journalists. The reporter, Danny O'Brien, said Mr. Appelbaum had thought he was speaking anonymously. Mr. O'Brien said he later offered to remove Mr. Appelbaum's name from the post.
    WIKILEAKS2
    London News Pictures/Zuma Press
    WikiLeaks was founded by Julian Assange.

    After the blog post appeared, Mr. Appelbaum became a public advocate for WikiLeaks. In June, he gave a speech at a Northern California technology camp where he called WikiLeaks founder Julian Assange one of the "biggest inspirations in my life."

    On Dec. 14, the U.S. Department of Justice obtained a court order for information from the Twitter account of people including Mr. Appelbaum and WikiLeaks supporters Birgitta Jonsdottir, a member of the Icelandic parliament, and Rop Gonggrijp, a Dutch computer programmer. Neither has been charged with wrongdoing.

    The order sought the "Internet protocol," or IP, addresses of the devices from which people logged into their accounts. An IP address is a unique number assigned to a device connected to the Internet.

    The order also sought the email addresses of the people with whom those accounts communicated. The order was filed under seal, but Twitter successfully won from the court the right to notify the subscribers whose information was sought.

    On Jan. 26, attorneys for Mr. Appelbaum, Mr. Gonggrijp and Ms. Jonsdottir jointly filed a motion to vacate the court order. They argued, among other things, that because IP addresses can be used to locate a person in "specific geographic destinations," it constituted a search under the Fourth Amendment and thus required a warrant.

    The government argued that IP addresses don't reveal precise location and are more akin to phone numbers. At a Feb. 15 hearing, Assistant U.S. Attorney John S. Davis said, "this is a standard… investigative measure that is used in criminal investigations every day of the year all over this country."

    On March 11, U.S. Magistrate Judge Theresa Carroll Buchanan denied the WikiLeaks supporters' motion. They have appealed.

    Twitter hasn't turned over information from the accounts of Mr. Appelbaum, Ms. Jonsdottir and Mr. Gonggrijp, according to people familiar with the investigation.

    The court orders reviewed by the Journal seek the same type of information that Twitter was asked to turn over. The secret Google order is dated Jan. 4 and directs the search giant to hand over the IP address from which Mr. Appelbaum logged into his gmail.com account and the email and IP addresses of the users with whom he communicated dating back to Nov. 1, 2009. It isn't clear whether Google fought the order or turned over documents.

    The secret Sonic order is dated April 15 and directs Sonic to turn over the same type of information from Mr. Appelbaum's email account dating back to Nov. 1, 2009.
    On Aug. 31, the court agreed to lift the seal on the Sonic order to provide Mr. Appelbaum a copy of it. Sonic Chief Executive Mr. Jasper said the company also sought to unseal the rest of its legal filings but that request "came back virtually entirely denied."

    What is DoS or DDoS attacks: Denial of Service Attack Tutorial

    For any attack to be successful, there should be a vulnerability which exists in the system.  Generally the vulnerabilities that exist in the software such as Operating System and Applications can be removed by implementing proper patch management solutions. But there exists an inherent vulnerability in all the systems which is called “Limitations” and that is the vulnerability that is being targeted by DoS or DDoS attacks.
    To better understand that let us take an example of a fully patched web server hosting an e-commerce application, and availability of that application stands at the core of business for it to succeed.  Now since the server that hosts the applications is most critical business asset it has been properly patched and any operating system or application assumingly does not have any vulnerabilities. But as any other system the server has following limitations.
    • Bandwidth
    • Memory
    • Processing Power
    If any or all of these resources are consumed to the fullest, the end user access to e-commerce application service would get affected, thus creating a denial of service affect.
    An attack that would make a service go unavailable is called DoS attack. Apart from exploiting vulnerabilities as discussed above, the DoS attack can also be performed by exploiting resources limitations.  Some of the attacks that are possible on any computer system are given below: 
    • Syn Flood
    • UDP Flood
    • Malformed Packets
    • TCP RST Attack
    • ICMP Flood

    Since the attacker also uses a very similar computer system as that of Target, the attacker also suffers the same problem. That is to make the Target’s CPU go high, the attacker’s computer will also have to work hard enough thus making its own CPU go high. To over come these issues, attackers came with a new method where a small amount of attack can be initiated from large number of computer systems towards same target thus creating a DoS affect for target without creating one for self, and that method of attack is called Distributed Denial of Service Attack or in short DDoS attack. 

    Learn How To Hack!


    Monday, July 18, 2011

    Hacker group launches online Social Network ??

     A screenshot of anonplus.com - DC

    Infamous hacker group Anonymous has launched its own social network after being rejected by Google's freshly-launched online community.
    "Today we welcome you to begin anew," the hacker alliance said at the website anonplus.com, which it described as a platform to distribute information.
    "Welcome to the Revolution - a new social network where there is no fear...of censorship...of blackout...nor of holding back."
    The drive to build a social network came after the Anonymous account was suspended at the Google+ online community, which was launched last month by the Internet giant as a challenge to Facebook.
    A message on the anonplus.com website promised that the Anonymous social network would be for everyone and listed online monikers of developers taking part in the project.
    Anonymous, which rose to infamy last year with cyber attacks in support of controversial whistle-blower website WikiLeaks, posted the suspension notice from Google on its blog at Tumblr.
    The group has been linked to attacks on Visa, Mastercard and Paypal, which blocked donations to WikiLeaks after it published thousands of US diplomatic cables.
    Early this year, Anonymous took credit for breaking into the website of HBGary Federal because the firm was working with federal agents to expose the hackers' identities.
    Anonymous last week released a trove of military email addresses and passwords it claimed to have plundered from the network of US defense consulting firm Booz Allen Hamilton

    Investigative Innovation: Anonymous and Presstorm Present – Anon+

    As some of you know [YourAnonNews] got banned from Google+  due to some of their content. What they didn’t know at the time is that they were just one of a handfull of Anonymous accounts that were silenced. This is the sad fact that happens across the internet when you march to a different beat of the drum. We’ve all heard the stories of activists being banned from FaceBook, Twitter, and Governments blocking their people from these sites as well through organized black outs. That day has came to an end. Not only did a few people organized an Operation against Google+, but we have started to build our own Social Network.
    This is one social network that will not tolerate being shut down, censored, or oppressed – even in the face of blackout.
    We the people have had enough…enough of governments and corporations saying what’s best for us – what’s safe for our minds.
    The sheep era is over.  The interwebz are no longer your prison. 

    Welcome to Anon+

    Thursday, July 14, 2011

    ClubHack Mag is 1st Indian "HACKING" Magazine

    According to NULL Community:
      All, after a slight delay, here we are with issue18 of ClubHack Mag for the month of July2011. Like most of the times, this issue is also theme based and the theme for issue18 is Metasploit.We have some good news for our readers. CHMag is now partners with Hakin9 and PenTestMag. Also starting from June 2011, CHMag is available in ePUB format also for eBook readers like Kindle & iPad.This issue covers following articles:-0x00 Tech Gyan - Using Metasploit with Nessus Bridge on Ubuntu0x01 Tool Gyan - Armitage – The Ultimate Attack Platform for Metasploit0x02 Mom's Guide - Penetration Testing with Metasploit Framework0x03 Legal Gyan - Trademark Law and Cyberspace0x04 Matriux Vibhag - The Exploitation Ka Baap MSFCheck http://chmag.in for articles.PDF version can be download from:- http://chmag.in/issue/jul2011.pdfHope you'll enjoy the magazine. Please send your suggestions, feedback toinfo@chmag.inClubHack Mag is also seeking submissions for next issue, Issue19-August 2011. Topics of interest include, but not limited to:-
      Mobile (Cellular), VOIP Exploitation and SecurityFirewall Evasion techniquesMalware AttacksSniffingForensicsProtocol Security and Exploitation
    According to official website chmag.in:

    Coming back to this issue, this time the theme is Metasploit.
    Yes, the "ultimate tool" in every hacker's arsenal! This issue covers the topics such as basics of Metasploit in Mom's guide, the Metasploit GUI - Armitage in Tools Gyan, How to run nessus from within Metasploit in Tech Gyan, exploiting a machine using Metasploit in Matriux Vibhag and Trademark Law and Cyberspace in Legal Gyan.
    Starting with June 2011 issue, CHMag will be available in ePUB format which readers can download on their kindle/ipad/other ebook readers. Thanks to our new online friend Jason Barnett for volunteering for this initiative. To download epub check chmag.in Do let us know what topics you would like us to cover. We are also open to criticism, it helps us to improve :) And of course you can send your articles also to info@chmag.in We love to publish ;)
    ALL ISSUES

    Saturday, July 9, 2011

    How To Make Money With Facebook Hacks, Tips & Tricks ??

    Cyber Crime Expands: Hackers can rent Botnets ??

    If the unlimited virus concerns are troubling you, then there's more. Now, botnets are available on rent for as cheap as $67 for 24 hours or $9 for an hour. This empowers anyone to launch distributed denial of service (DDoS) attacks, sell fake antivirus software and relay spam to unsuspecting email users via millions of compromised PCs.

    The cyberpunks are unanimously, hawking their wares via online forums and banner advertising. This readily reduces the barriers to entry for criminals who can't code, empowering relatively unskilled cyber criminals to inflict major damage and financial loss. "Organizations need to be wary of the fact that their critical online applications or services could be taken down in under a day by a criminal renting services from bot herders," said Rick Howard, director of intelligence at iDefense, a VeriSign's security intelligence service. It was an iDefense report that highlighted the entire botnet selling picture.

    The business impact is witnessed when it's revealed that Zeus, a botnet which is around 3.6 million compromised PCs in the U.S. alone, is sold in the criminal underground as a kit for around $3,000-4,000. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek The full-fledged botnet comes with different add-ons and price tags for, instance an upgrade for attacking Windows 7 or Vista is priced at $2,000 or for Jabber IM broadcasting to receive stolen data in real time it costs $500. So, soon any whiz kid, who wants to opt for easy money can ease his appetite with a little cash, at the cost of financial security of others. 

    How To Make Money With Facebook Hacks, Tips & Tricks

    Who else wants to learn how the big boys make upwards of $300 a day on Facebook?

    - Learn why 99% of people fail putting CPA offers on Facebook.
    - Learn how to not get caught by the "Facebook police" - it's not what you think.
    - Learn how you could be making a full time income off Facebook - in just a few days!

    $300/day Method Revealed!

    WHAT YOU NEED:

    • A Facebook Account
    • A Freelancer Account
    • An Account on any CPA network

    6 STEP METHOD:

    1. Login to your CPA network (for example CPALead.com). Browse through all of the offers with “first page submit” short forms where you get paid per lead. The reason for this is because people are most likely to fill out a short first page form than a long 3 page submit. These offers usually payout between $2 to $5. Find offers that have good looking landing pages that are trustworthy and easy to fill out. The less personal information the user has to submit the more likely they are to fill out your offer.

    2. Login to your Facebook account and create a fan page. The name of your fan page should attract the type of people who are likely to fill out your CPA offer. This is one of the most cost effective ways to target people on Facebook. REMEMBER: the name of your page is what attracts your target market. Then go to Google images and select an appropriate image for your group. Make sure to find an image that is professional looking (think stock image quality). Save this image to your desktop. Choose the appropriate category for your page, publish it, upload your image to the profile picture, and fill out the information on your “Info” tab.

    3. Login to your Freelancer account and post a project for someone to “add fans” to your Facebook fan page. You’re essentially hiring a promoter or someone to do the work for you. Your title should read something like: “I need someone to add 100,000 fans to my Facebook page.” The description does not need to be too long, just copy your title and tell them to PM you if they have questions. Wait about a day or two to let the bids build up before selecting a winner. When you select the winning bidder it takes you to a screen where you can “check” the box next to each bidders name. This is a sneaky way to hire multiple people if you want to. Once the winning bidder has accepted your job, email them the link to your Facebook page along with a more in depth job description.

    4. Once your page reaches 10,000+ people, Facebook will make you verify that you are the owner of the page. If you do not verify it they will block your publishing rights to the page, making this whole process a big waste of time. Here’s how to verify: Get an account at blogger.com. Post some BS blog entries. Use this new blogger domain as your official URL. Go to your Facebook page and click “Edit Page.” Under “Promote Your Page” click “Promote with a fan box” and click the Blogger icon. You will then log into your blogger account and the Facebook fan box will be present on your blog. Now your page is verified and set to go!  
    DO NOT POST ANY CPA OFFERS BEFORE YOUR PAGE IS VERIFIED!

    5. Now that you have more than 10k fans in your fan page and have verified it, you can start promoting your CPA offer. You can do this by updating the status of your group or sending out a mass message to all members. To update your status, put the text portion of your ad into the text field and copy and paste the link into the link box in the tool bar below the text field. Once your link is attached and your message is crafted, press submit. This status update will be sent to all of your fans’ mini feeds and will be available for new fans to see. Don’t forget to mix your CPA posts with normal posts that fit in with the flow of your page. You want the fans to think it’s a legit page (which it is) not a spam page. Do the same for messages.

    6. Now that your page is big, create more Facebook pages and use your original page to drive traffic to those pages. Eventually you will have a large network of Facebook pages…a network that will eventually span more than 1 million people! You can now drive this traffic wherever you want! Make sure your users do not become immune to your page updates. If you’re constantly posting new updates they may get turned off. However, if one CPA offer is doing well, keep reposting it every other day (Just remove the original update from your page before you re-submit it). I recommend only a few NEW updates per week per page.

    You don't Need Hacking skills to be a cyber criminal ??

    Are you digitally challenged? Don’t know a byte from a bit? Have a limited command of Unix? Don’t worry: With a new generation of professionally packaged exploit kits, you, too, can become a successful cyber criminal.

    New attack kits, which package proven exploits for vulnerabilities in popular software for easy installation and management, are bringing cyber crime to a new generation of criminals who have only limited technical skills, according to a new report from M86 Security.

    The existence of exploit kits, which date back to at least 2006, is no secret. But they are becoming increasingly user-friendly, lowering the bar for entry to the cyber underground and creating a new source of revenue for the coders and hackers who devise them. One such kit, the Eleonore Exploit Pack, apparently was used in recent attacks on three Treasury Department sites.

    “Cyber criminals find it easier, faster and more cost-effective to make money by buying exploits rather than taking the time to create exploits themselves,” states the report, titled “Web Exploits: There’s an App for That.”

    Browser vulnerabilities usually are the most common targets for the kits. But M86 reported that exploits for vulnerabilities in Adobe Flash, Java and PDF are on the rise. The kits are designed for easy installation on a Web server and are linked to a database for logging and reporting.

    Reporting can be critical because the kits can be used to distribute pay-per-install code, for which the kit owner is paid to install third-party malware on compromised computers. Rates range from a modest $50 per 1,000 installs on European and Australian computers to a healthy $170 per 1,000 U.S. computers.

    The criminals can drive victim traffic to the exploit Web page with techniques such as spam that contains malicious links or by setting up a bogus Web site and using search engine optimization to popularize it. But the most common technique is to inject malicious iFrames into legitimate sites and redirect traffic to the exploit page. Some entrepreneurs will even sell redirected Web traffic at a reasonable rate.

    But don’t get any ideas about reselling these exploit kits. These guys might be criminals, but they don’t tolerate piracy. “You are not allowed to resell/share, if we catch you doing this your license will be revoked,” the purveyors of Crimepack warn.

    Wednesday, July 6, 2011

    Top 10 Windows Built-In Command Line Tools

    For many Windows users, the thought of using the Command Prompt is either a scary experience or something that they will never need. But for some, the command prompt is a powerful tool that can be far more useful than many graphical tools available in Windows.
    Being a System Administrator, I constantly use the command prompt, mostly because I access systems remotely and many tasks can be performed quickly with out the graphics over head (even though connecting via Terminal Server is very convenient).
    So if you are an avid user of the command line, here are my top 10 built-in (non third party) command line tools for XP, Vista and WIndows server versions (remember these commands are not your typical tools, such as find, copy, move, dir, etc..).
    1 - systeminfo - Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user
    2 - ipconfig - This tool may be most useful tool for viewing and troubleshooting TCP/IP problems. It's capability includes release or renew an adapter IP Address, display and flush DNS cache, re-register the system name in DNS. WIth Vista and some server versions, ipconfig includes support for IPv6.
    Some examples when usinging ipconfig.
    • To view all TCP/IP information, use: ipconfig /all
    • To view the local DNS cache, use: ipconfig /displaydns
    • To delete the contents in the local DNS cache, use: ipconfig /flushdns
    3 - tasklist and taskkill - If you are used to Windows Task Manager, then you'll find tasklist very easy to use. This tool displays a list of currently running processes, including image name, PID (Process ID) and memory usage on local or remote machines. Using the /V switch displays more information in verbose mode that includes, CPU Time, user name, and modules. Tasklist includes a filter option to display a set of task based on the criteria specified. But the best use of the filter is using it to display programs running inside svchost.exe process.
    Of course, there will be times when a process needs to be killed and taskkill can be used to terminate those trouble processes. A single or multiple processes can be killed using the PID (/PID ) or image name (/IM ). Here are two examples for doing just that:
    TASKKILL /IM notepad.exe
    TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
    Both tasklist and taskkill can connect to remote systems using the /S (system name) /U (user name) switches.
    4 - netstat - Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a (displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.
    5 - type - A lesser known tool to those who don't work with the command prompt. For Administrators, the type command is the perfect tool for viewing text files. But what many people don't know about the type tool, is it's capability to read multiple files at once. For example to view multiple text files, just separate each file with a space:
    type firstfile.txt secondfile.txt thirdfile.txt
    For files that are large, you can control text scrolling using the more command.
    6 - net command - Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.
    It is mostly used for viewing (only services that are started), stopping and starting services:
      • net stop server
      • net start server
      • net start (display running services)
    and for connecting (mapping) and disconnecting with shared network drives:
      • net use m: \\myserver\sharename
      • net use m: \\myserver\sharename /delete
    Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).
    Below are all the options that can be used with the net command.
    [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]
    To display the complete syntax for each command, just type net help followed by the command - net help use .
    7 - nslookup - With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.
    Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:
    To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.
    Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
    set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).
    set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).
    set type (sets the query record type that will be returned, such as A, MX, NS)
    server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
    To exit out of interactive mode, type exit .
    8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
    To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ).
    To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
    9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
    10 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:
    • Configure interfaces
    • Configure routing protocols
    • Configure filters
    • Configure routes
    • Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
    • Display the configuration of a currently running router on any computer
    Some examples of what you can do with netsh:
    • Enable or disable Windows firewall:
    netsh firewall set opmode disable
    netsh firewall set opmode disable
    • Enable or disable ICMP Echo Request (for pinging) in Windows firewall:
    netsh firewall set icmpsetting 8 enable
    netsh firewall set icmpsetting 8 disable
    • Configure your NIC to automatically obtain an IP address from a DHCP server:
    netsh interface ip set address "Local Area Connection" dhcp
    (For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection).
    As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.
    The use of Windows command line tools can be a powerful alternative when only a command prompt is available. I'm sure there are plenty more commands that I have not mention.
    Let us know what your favorite command line tool is and leave a comment below.

    Hide Your Files In A JPEG



    Add Your Gmail To Windows Live Mail


    The cool thing with email these days is you can pretty much use any client you want and still be able to check most of your web based accounts. Most POP accounts such as hotmail or Gmail are able to be checked with any client. Here we will take a look at how to get your Gmail into Windows Live Mail. ** Note: This is for Windows Live...


    Cool Javascript Trick

    Its an old Orkut trick already which used to stumble upon at Orkut and various forums. you probably would have seen it but its a memorable one.Try this Go to http://www.google.com Click "images" Fill in "bikes, flowers, cars" or any other word. You will get a page with alot of images thumbnailed. Now delete the URL on the addressbar (example:http://images.google.com/images?hl=en&q=flowers&um=1&ie=UTF-8&sa=N&tab=wiCopy...


    Dark Mailer- Fast Bulk Email Software

    Dark Mailer is a super fast bulk email software that sends out at speeds greater than 50,000 emails per hour on a dedicated mailing server. Dark Mailer has the capability to use Proxies and Relays and also to send directly. Some of the features include: Anonymous Mailing using Proxies Message Randomization to bypass Spam Filters Speeds over 500K emails per hour on Turbo Mode Up to 1000 Threads The software taps...


    Hacking the Logon Screen using Resource Hacker

    This trick is very easy to do but it needs Resource Hacker and If you don't already have Resource Hacker go download it now . I have tried this on Windows XP..StepsBrowse to C:\windows\system32 and copy logonui.exe and paste it to C:\ Now, open C:\logonui.exe with Resource hacker. Click on Action and then on Replace bitmap. If you are good with graphics you can make your own logon screen, you should be able to scroll thru the...


    COPY PASTE FROM COPY PASTE DISABLED BLOGS

    COPY PASTE FROM COPY PASTE DISABLED BLOGS This is a small trick for those who are pissed with pages which say - “YOU CANT RIGHT CLICK HERE !!!” “SORRY..COPY PASTING IS DISABLED !!!” “RIGHT CLICK IS DISABLED !!11” Okay..You wanna that excellent content of that Blog/Website/Forum post and you cant just copy that because some stupid message box pops up everytime you right click that page..Worse,Some times even you cant...

    Basics of Javascript Injection

    JavaScript is a widely used technology within websites and web based applications. JavaScript can be used for all sorts of useful things and functions. But along with this comes some additional security issues that need to be thought of and tested for. JavaScript can be used not only for good purposes, but also for malicious purposes.JavaScript injection is a nifty little technique that allows you to alter a sites contents without...


    Prank Codes and Programming in VB


    Temporarily Disable "Restart Now" Dialog from XP's Automatic Updates


    Automatic Updates is a great feature. Your computer stays protected from threats without worrying about it… but if it's 3am and I'm trying to play a video game, the last thing I want is for the automatic updates to pop up and remind me every 5 minutes that I need to reboot, interrupting my game… Drives me crazy! Dear Restart Dialog, I...
     Recovering Scratched CD's
    Here's an easy home remedy, which might give you the desired results. Rub a small amount of toothpaste on the scratch and polish the CD with a soft cloth and any petroleum-based polishing solution (like clear shoe polish). Squirt a drop of Brasso and wipe it with a clean cloth.

    Technology to the rescue: There are many softwares available on the net, which enable the recovery of the CD data. BadCopy Pro is one such software, which can be used to recover destroyed data and files from a range of media.

    Just a few clicks is all it requires to recover the disc from almost all kind of damage situation; be it corrupted, lost data, unreadable or defective.

    DiskDoctors is another popular company, which offers both software and solutions to recover data from a scratched CDs and DVDs

    General Tips:
    * Always wipe the CD from the center outward with straight spoke-like strokes. Wiping CDs in circles will create more scratches.

    * Do not scratch the graphics layer as you cannot repair the disc.

    HINT: Hold the disc up to a light with the graphics layer facing the light source. If you can see light thru the scratches at any point then the disc may be irreparable and or exhibit loading or playing errors.

    * Clean your Disc players lens regularly with a suitable product to ensure optimal viewing pleasure.

    * Make sure to use a soft, lint-free cloth to clean both sides of the disc. Wipe in a straight line from the centre of the disc to the outer edge.

    * If wiping with a cloth does not remove a fingerprint or smudge, use a specialized DVD disc polishing spray to clean the disc.