Saturday 10 March 2012

Send Images in Facebook Chat-

                                     Hello Friends,today in this post i will be providing you with the codes to send images in facebook chat/messages.Here I have used the concept of image processing - Image Segmentation.
                                       Many of you would be knowing that we can send small sized profile pics in chat by sending the following code in chat-     [[username]] or the id as well .Just copy the code below and send it in chat to a friend.
[[zuck]]
You can see that the a tiny size profile pic of Mark Zuckerberg appeared in the chat window.So we will be using same concept of image matrix to send larger size images in facebook chat by


-Segmenting the image.
-Converting each segment into its matrix.
-Combining the matrices to form the image.


                                             I have already designed the codes for many images,you have to just copy paste the entire code in chat,hit enter and they will turn into full images :)


Click on me to get the code
Alternate link   
Copy the entire code in chat,then hit enter.

Click on me to get the code
Alternate link


Click on me to get the code
Alternate link


Click on me to get the code
Alternate link


Click on me to get the code
Alternative link

Click on me to get the code
Alternate link


Click on me to get the code
Alternate link 

So its quiet a simple trick of copy pasting codes in chat and we can send images .With help of these,chatting can be even more cool .
Similarly codes for other images can also be generated.But remember,these codes work only on facebook chat/messages,not in posts and comments.
                                       Wait for another new cool trick i will be posting about facebook....
Posted by at 05:50 0 comments
Labels:

Wednesday 1 February 2012

IIS Hacking

                                         Well,this is an old exploit that exists in websites
running on an older version of IIS server.IIS or Internet Information
Services is a web server application created by Microsoft.
                                     This exploit affect websites running on IIS
version 6.0 or below.So the best way to protect a website against this exploit is to upgrade to new versions of IIS.The latest version being IIS 7.5 .
                                    Well now coming to the exploit part.There is
not really a google dork to check for sites vulnerable to IIS attack.
The best way is footprinting of the site you are looking to penetrate.
For performing this attack,we require windows OS.
Windows 7 users,need follow these steps-


-Right click My Computer,Click on "Map Network Drive".
-Just enter the URL of vulnerable website in 'Folder' option,and
 click finish.
-If the website would be vulnerable,you would get a new folder in
 your network location,otherwise an error message.
-Now that you have got a new location,you can copy any malicious
 script(Shell),and hence do anything with the website :)
-To access the file you copied,just open up your browser,and goto
 http://site.com/file and you can access the file you uploaded.
-To remove that network location,just right click on it and then
 click "disconnect" .
Here's a list of few sites vulnerable to this attack,try them-
http://pastebin.com/5LTPim5z




This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
Posted by at 13:03 0 comments
Labels:

Monday 16 January 2012

Free Online Proxy Sites-

                   Here's a list of some free online proxy sites which can be used to Open Blocked Sites Anonymize yourself.These have the 
features of supporting HTTPS and Video Streaming.So use them to
anonymize yourself even more along with the services of Real time
streaming protocol(RTSP) and Secure Socket Layer(SSL).Just enter
the URL of the site you want to visit in the textbox in these sites-


https://schoolisgood.com/                   (Supports HTTPS & RTSP)


https://aniscartujo.com/webproxy/     (Supports HTTPS,RTSP & also for phone)


https://browse007.com/                      (Supports HTTPS & RTSP)


http://www.surfagain.com/


http://www.ninjacloak.com/

                         For free,fast proxy servers,especially meant for 
downloading large files,get them from this site-
http://aliveproxy.com/fastest-proxies/

For downloading large files,use a transarent proxy server,unless you want to anonymize your downloading as well , Else use an anonymous proxy server.For tutorial on proxy servers use just refer this link- Proxy Server Tutorial




This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......




Posted by at 09:29 0 comments
Labels:

Thursday 12 January 2012

Download Torrent File using DAP/IDM-

Here in this post,I will be providing a possible method by which we can download a torrent file directly without using any torrent clients like bitTorrent or utorrent.


Method 1-
This is a three step process-


Step1- Goto torrentz.eu or any other site and download the torrent 
           of that file.


Step2- Now,after downloading the torrent,Goto torcache.net.Upload
           the torrent there and click on Cache .You will get a link , just
           copy that .


Step3- Now in this final step,Goto www.torrific.com,Create a free
           account there.They would just require your email id.
           No need of verification.After creating the account
           Just login and Paste the link which you copied(in step2) in 
           the text box and click on get .After that , click on the button
           initiate bittorrent transmission .



          Then,you would get new links which would contain the
          different files in that torrent.Just Right click and select the 
          download with desired accelerator or download manager.




Method 2-
This is a simpler way,but not that effective-Just open this site zbigz.com 
and enter the torrent file link or upload the torrent,
then click 'go'.You would get the direct HTTP link to download the
file which could be enhanaced with help of IDM or any other accelerator or download manager.


So in this way,you could get the ultimate speed of accelerators while
downloading torrent files as well..............
Posted by at 03:51 0 comments
Labels:

Sunday 1 January 2012

Hacking Windows XP Administrator using Guest Account-

                            In this post,i will be telling you how to bypass windows xp administrator account using guest account.Yes....it is very much possible.
During the windows log on,if we press shift key five times,then sticky keys dialog appears.So using this we can somehow try to bring the command prompt when shift key is pressed 5 times.
                                        


-Just log on from the guest account.


-Goto the system32 folder. C:\Windows\System32


-Then,copy cmd.exe to desktop and rename it to sethc.exe.


-Now copy the new sethc.exe to System32 folder,when windows
 asks for overwriting,then click "yes" .


-Now log off from guest account and at user select window,press
 shift key 5 times.


-Instead of stick key,command prompt would appear :)


-Type the command net user administrator 1234,hit enter where    "1234" can be any password you like .


-You will get a response "The command completed successfully".


-Close the command prompt and log into the Administrator with the
 new password(1234 in this case) and congrats,you hacked the 
 administrator account :)


This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
Posted by at 06:36 0 comments
Labels:

Friday 30 December 2011

Admin Page & SQL Strings-

                       For hacking into websites,the most common approach is finding the admin page of that website and then somehow get into the admin panel.So here in this post,i will be discussing the methods to find the admin page of a website and telling you how to get into admin panel of sites....

Method 1-Using Google Dorks-


Use the following Google dorks to find the admin page of a website-

inurl:admin.asp
inurl:admin.php
intitle:admin
intitle:admin login
intitle:administrator
inurl:adminlogin.asp
inurl:adminlogin.php
inurl:administrator




For example,if you want to find the admin page for http://target.com/  ,
Just go to Google,and search(without quotes) "site:target.com intitle:admin" or "site:target.com inurl:admin" or you can try any other combination .
You can even use a combination of three or more dorks in the search query to get the results.
In this way we can reach to the admin page of a website with help of Google . 

Method 2- Using Software's-


Here,we will be using a software "Reiluke's Admin Finder",Its quiet simple to use,just enter the website whose Admin you need to find and click "Scan".It will provide you the Admin link in sometime depending on Net Speed.


 There is another software named "Havij" and that can also be used for the same-


After you have found the admin page of a website,next is hacking into the Admin Panel of the 
website.Now before doing so...do not forget to mask your identity.So that you dont get caught.
Refer this post for hiding your IP Address-

Now after you have spoofed your IP,we proceed to the hacking part-

We require a username and a password to login as admin.
A lot of website suffer the SQL Injection Vulnerability.Now I will be discussing SQL injection later in detail,and telling you how to penetrate into a database using SQL injection.
                                 For now,if the website is vulnerable to sql injection,we can get into the admin panel.You have to just enter a string in Username & Password and we can get into the admin panel.
            Just enter this String in both username & Password    1'or'1=1  Then click Login and you could reach the admin control panel of the Website :)
There are other SQL Strings as well-
' or 1=1--

" or 1=1--

or 1=1--

') or ('a' = 'a

') or ('1'-'1

'or''='

' or'1=1

But 1'or'1=1 works most of the time so must be always tried first.
The concept of these SQL Strings and there working will be discussed by me later...so plz wait for my next post on SQL Injection . Till then try this and find sites which are vulnerable to this,Trust me....there are many sites still vulnerable to this attack...



This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
Posted by at 06:54 0 comments
Labels:

Tuesday 2 August 2011

Windows Password Cracking-

               Now in this post we are going to discuss the ways of cracking windows passwords,i mean the passwords for users like administrator etc which we are not familiar with.There are basically two methods for cracking a password for windows-
-Brute force attacks/Dictionary attacks
-SAM file method


SAM or Security Accounts Manager is a registry file in all types of windows OS.The location of a SAM file is C:\Windows\System32\config\sam
A SAM cannot be copied or moved while windows is running.All types of passwords of the system are stored in a SAM file encrypted with a key.But to open a SAM file we can use another OS like Ubuntu/Backtrack,using that we can see the contents of a SAM file.


                                 There is a very famous software called Ophcrack which is widely used for cracking these kinds of passwords.Ophcrack is a kind of a virtual operating system based on linux which uses the SAM file of windows and cracks the password of all users from that.Its ISO image is available on the net for free which can be downloaded and burned onto a disk which is bootable and while booting,we can get the passwords using it.

Now we will be discussing password cracking using a software called Cain & Abel.
Download Cain & Abel for free here.

              If you want to crack the password for admin,you must be logged in as admin.This is a drawback with this method.But many a times administrators secretly type the password and provide you with all the authorities,so at that time this method can be used.
                           
                                           Install this software on your system,open the software and then click on cracker->LM&NTLM Hashes->File->Add to list->Next.Refer to the snap shot below




Then select the user whose password you wish to see,right click and select an appropriate attack like dictionary attack if you know that the password is a dictionary word,else use brute force attack.Then click on NTLM hashes...





If you have any idea regarding the password like number of characters in the password or you know a few characters used in the password or you know the starting character of the password etc,input it in appropriate fields so that the calculation becomes easy.....Number of passwords that have to be checked would be given.




After that,just click on Start.It will take time depending upon the number of passwords that have to be matched...Usually it is capable of executing 25000 passwords in a second.




While it is matching the passwords,when the correct password appears,the execution stops and it gives the correct password.Like password of my system was "*333"
                                                      This technique of Brute force however cannot be used on email account hacking and facebook hacking.The reason being that if we enter an incorrect password thrice,Captcha appears to verify that input is from a human and not from a machine.........




This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......
Posted by at 09:02 1 comments
Labels:
Subscribe to: Posts (Atom)