ACTIVE HACKERS

Some programming website links on the internet for programming

amit.hak50@gmail.com — Mon, 07 Dec 2009 11:02:00 +0000

Know a lot about programming ,Let's see ......you can earn money and improve your programming skills on these websites

1.www.topcoder.com

2.www.codechef.com

Turn Monitor off with one click

amit.hak50@gmail.com — Tue, 01 Sep 2009 18:45:00 +0000

Whether your computer monitor is bit far or the turn off button is jammed, you can still turn off your Computer monitor screen with just a single click on Keyboard.

The application is very helpful if you want to save some power by turning the monitor off without being turning again and again to the Monitor.

This task is accomplished by an application called PushMonitOff. After downloading the tool you just need to press the default combination of Shift + F1 (customizable) keys and your screen will get turned off. Amazing isn’t it?

Features:

1. Requires no installation.

2. Free and small in size.

Download PushMonitOff

Dim Monitor screen from keyboard

amit.hak50@gmail.com — Tue, 01 Sep 2009 18:44:00 +0000

It is a good idea to adjust your computer screen’s brightness according to background lighting conditions. But in order to accomplish this you would be required to press the monitor’s buttons and come across many options.

Wouldn’t it be great if you can change the brightness of your computer monitor just by pressing some keyboard shortcuts?

Just use the program called DimScreen and setup your own key combination to start dimming or increasing the screen brightness. The tool does not require any installation.

Download DimScreen

Test and Diagnose your Monitor Screen

amit.hak50@gmail.com — Tue, 01 Sep 2009 18:41:00 +0000

Thinking to buy a new LCD monitor for your desktop then I am sure that this post will help you a lot.

You may want to diagnose your monitor and find if there are any defects in it like the skewing of colours on the sides. Well if this is the case then the following free tool will surely help you.

The tool is called TIREAL TFT TEST and using this you would be able to test and configure your TFT monitor fully for color, brightness and contrast and other things.

Testing is very easy and to get started just download it and get going.

Download TIREAL TFT TEST

Hack Website Admin Panel

amit.hak50@gmail.com — Mon, 31 Aug 2009 18:20:00 +0000

SQL injection attack

amit.hak50@gmail.com — Mon, 24 Aug 2009 17:34:00 +0000

The Target Intranet

This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code: this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server.

The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system.

When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything.

So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL string literally without sanitizing. When submitting the form with a quote in the email address, we get a 500 error (server failure), and this suggests that the "broken" input is actually being parsed literally. Bingo.

We speculate that the underlying SQL code looks something like this:

SELECT fieldlist
 FROM table
WHERE field = '$EMAIL';

Here, $EMAIL is the address submitted on the form by the user, and the larger query provides the quotation marks that set it off as a literal string. We don't know the specific names of the fields or table involved, but we do know their nature, and we'll make some good guesses later.

When we enter steve@unixwiz.net' - note the closing quote mark - this yields constructed SQL:

SELECT fieldlist
 FROM table
WHERE field = 'steve@unixwiz.net'';

when this is executed, the SQL parser find the extra quote mark and aborts with a syntax error. How this manifests itself to the user depends on the application's internal error-recovery procedures, but it's usually different from "email address is unknown". This error response is a dead giveaway that user input is not being sanitized properly and that the application is ripe for exploitation.

Since the data we're filling in appears to be in the WHERE clause, let's change the nature of that clause in an SQL legal way and see what happens. By entering anything' OR 'x'='x, the resulting SQL is:

SELECT fieldlist
 FROM table
WHERE field = 'anything' OR 'x'='x';

Because the application is not really thinking about the query - merely constructing a string - our use of quotes has turned a single-component WHERE clause into a two-component one, and the 'x'='x' clause is guaranteed to be true no matter what the first clause is (there is a better approach for this "always true" part that we'll touch on later).

But unlike the "real" query, which should return only a single item each time, this version will essentially return every item in the members database. The only way to find out what the application will do in this circumstance is to try it. Doing so, we were greeted with:

Your login information has been mailed to random.person@example.com.

Our best guess is that it's the first record returned by the query, effectively an entry taken at random. This person really did get this forgotten-password link via email, which will probably come as surprise to him and may raise warning flags somewhere.

We now know that we're able to manipulate the query to our own ends, though we still don't know much about the parts of it we cannot see. But we have observed three different responses to our various inputs:

"Your login information has been mailed to email"
"We don't recognize your email address"
Server error

The first two are responses to well-formed SQL, while the latter is for bad SQL: this distinction will be very useful when trying to guess the structure of the query.

Schema field mapping

The first steps are to guess some field names: we're reasonably sure that the query includes "email address" and "password", and there may be things like "US Mail address" or "userid" or "phone number". We'd dearly love to perform a SHOW TABLE, but in addition to not knowing the name of the table, there is no obvious vehicle to get the output of this command routed to us.

So we'll do it in steps. In each case, we'll show the whole query as we know it, with our own snippets shown specially. We know that the tail end of the query is a comparison with the email address, so let's guess email as the name of the field:

SELECT fieldlist
 FROM table
WHERE field = 'x' AND email IS NULL; --';

The intent is to use a proposed field name (email) in the constructed query and find out if the SQL is valid or not. We don't care about matching the email address (which is why we use a dummy 'x'), and the -- marks the start of an SQL comment. This is an effective way to "consume" the final quote provided by application and not worry about matching them.

If we get a server error, it means our SQL is malformed and a syntax error was thrown: it's most likely due to a bad field name. If we get any kind of valid response, we guessed the name correctly. This is the case whether we get the "email unknown" or "password was sent" response.

Note, however, that we use the AND conjunction instead of OR: this is intentional. In the SQL schema mapping phase, we're not really concerned with guessing any particular email addresses, and we do not want random users inundated with "here is your password" emails from the application - this will surely raise suspicions to no good purpose. By using the AND conjunction with an email address that couldn't ever be valid, we're sure that the query will always return zero rows and never generate a password-reminder email.

Submitting the above snippet indeed gave us the "email address unknown" response, so now we know that the email address is stored in a field email. If this hadn't worked, we'd have tried email_address or mail or the like. This process will involve quite a lot of guessing.

Next we'll guess some other obvious names: password, user ID, name, and the like. These are all done one at a time, and anything other than "server failure" means we guessed the name correctly.

SELECT fieldlist
 FROM table
WHERE email = 'x' AND userid IS NULL; --';

As a result of this process, we found several valid field names:

email
passwd
login_id
full_name

There are certainly more (and a good source of clues is the names of the fields on forms), but a bit of digging did not discover any. But we still don't know the name of the table that these fields are found in - how to find out?

Finding the table name

The application's built-in query already has the table name built into it, but we don't know what that name is: there are several approaches for finding that (and other) table names. The one we took was to rely on a subselect.

A standalone query of

SELECT COUNT(*) FROM tabname

Returns the number of records in that table, and of course fails if the table name is unknown. We can build this into our string to probe for the table name:

SELECT email, passwd, login_id, full_name
 FROM table
WHERE email = 'x' AND 1=(SELECT COUNT(*) FROM tabname); --';

We don't care how many records are there, of course, only whether the table name is valid or not. By iterating over several guesses, we eventually determined that members was a valid table in the database. But is it the table used in this query? For that we need yet another test using table.field notation: it only works for tables that are actually part of this query, not merely that the table exists.

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x' AND members.email IS NULL; --';

When this returned "Email unknown", it confirmed that our SQL was well formed and that we had properly guessed the table name. This will be important later, but we instead took a different approach in the interim.

Finding some users

At this point we have a partial idea of the structure of the members table, but we only know of one username: the random member who got our initial "Here is your password" email. Recall that we never received the message itself, only the address it was sent to. We'd like to get some more names to work with, preferably those likely to have access to more data.

The first place to start, of course, is the company's website to find who is who: the "About us" or "Contact" pages often list who's running the place. Many of these contain email addresses, but even those that don't list them can give us some clues which allow us to find them with our tool.

The idea is to submit a query that uses the LIKE clause, allowing us to do partial matches of names or email addresses in the database, each time triggering the "We sent your password" message and email. Warning: though this reveals an email address each time we run it, it also actually sends that email, which may raise suspicions. This suggests that we take it easy.

We can do the query on email name or full name (or presumably other information), each time putting in the % wildcards that LIKE supports:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x' OR full_name LIKE '%Bob%';

Keep in mind that even though there may be more than one "Bob", we only get to see one of them: this suggests refining our LIKE clause narrowly.

Ultimately, we may only need one valid email address to leverage our way in.

Brute-force password guessing

One can certainly attempt brute-force guessing of passwords at the main login page, but many systems make an effort to detect or even prevent this. There could be logfiles, account lockouts, or other devices that would substantially impede our efforts, but because of the non-sanitized inputs, we have another avenue that is much less likely to be so protected.

We'll instead do actual password testing in our snippet by including the email name and password directly. In our example, we'll use our victim, bob@example.com and try multiple passwords.

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'bob@example.com' AND passwd = 'hello123';

This is clearly well-formed SQL, so we don't expect to see any server errors, and we'll know we found the password when we receive the "your password has been mailed to you" message. Our mark has now been tipped off, but we do have his password.

This procedure can be automated with scripting in perl, and though we were in the process of creating this script, we ended up going down another road before actually trying it.

The database isn't readonly

So far, we have done nothing but query the database, and even though a SELECT is readonly, that doesn't mean that SQL is. SQL uses the semicolon for statement termination, and if the input is not sanitized properly, there may be nothing that prevents us from stringing our own unrelated command at the end of the query.

The most drastic example is:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x'; DROP TABLE members; --';  -- Boom!

The first part provides a dummy email address -- 'x' -- and we don't care what this query returns: we're just getting it out of the way so we can introduce an unrelated SQL command. This one attempts to drop (delete) the entire members table, which really doesn't seem too sporting.

This shows that not only can we run separate SQL commands, but we can also modify the database. This is promising.

Adding a new member

Given that we know the partial structure of the members table, it seems like a plausible approach to attempt adding a new record to that table: if this works, we'll simply be able to login directly with our newly-inserted credentials.

This, not surprisingly, takes a bit more SQL, and we've wrapped it over several lines for ease of presentation, but our part is still one contiguous string:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x';
       INSERT INTO members ('email','passwd','login_id','full_name') 
       VALUES ('steve@unixwiz.net','hello','steve','Steve Friedl');--';

Even if we have actually gotten our field and table names right, several things could get in our way of a successful attack:

We might not have enough room in the web form to enter this much text directly (though this can be worked around via scripting, it's much less convenient).
The web application user might not have INSERT permission on the members table.
There are undoubtedly other fields in the members table, and some may require initial values, causing the INSERT to fail.
Even if we manage to insert a new record, the application itself might not behave well due to the auto-inserted NULL fields that we didn't provide values for.
A valid "member" might require not only a record in the members table, but associated information in other tables (say, "accessrights"), so adding to one table alone might not be sufficient.

In the case at hand, we hit a roadblock on either #4 or #5 - we can't really be sure -- because when going to the main login page and entering in the above username + password, a server error was returned. This suggests that fields we did not populate were vital, but nevertheless not handled properly.

A possible approach here is attempting to guess the other fields, but this promises to be a long and laborious process: though we may be able to guess other "obvious" fields, it's very hard to imagine the bigger-picture organization of this application.

We ended up going down a different road.

Mail me a password

We then realized that though we are not able to add a new record to the members database, we can modify an existing one, and this proved to be the approach that gained us entry.

From a previous step, we knew that bob@example.com had an account on the system, and we used our SQL injection to update his database record with our email address:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x';
     UPDATE members
     SET email = 'steve@unixwiz.net'
     WHERE email = 'bob@example.com';

After running this, we of course received the "we didn't know your email address", but this was expected due to the dummy email address provided. The UPDATE wouldn't have registered with the application, so it executed quietly.

We then used the regular "I lost my password" link - with the updated email address - and a minute later received this email:

From: system@example.com
To: steve@unixwiz.net
Subject: Intranet login

This email is in response to your request for your Intranet log in information.
Your User ID is: bob
Your password is: hello

Now it was now just a matter of following the standard login process to access the system as a high-ranked MIS staffer, and this was far superior to a perhaps-limited user that we might have created with our INSERT approach.

We found the intranet site to be quite comprehensive, and it included - among other things - a list of all the users. It's a fair bet that many Intranet sites also have accounts on the corporate Windows network, and perhaps some of them have used the same password in both places. Since it's clear that we have an easy way to retrieve any Intranet password, and since we had located an open PPTP VPN port on the corporate firewall, it should be straightforward to attempt this kind of access.

We had done a spot check on a few accounts without success, and we can't really know whether it's "bad password" or "the Intranet account name differs from the Windows account name". But we think that automated tools could make some of this easier.

Other Approaches

In this particular engagement, we obtained enough access that we did not feel the need to do much more, but other steps could have been taken. We'll touch on the ones that we can think of now, though we are quite certain that this is not comprehensive.

We are also aware that not all approaches work with all databases, and we can touch on some of them here.

Use xp_cmdshell: Microsoft's SQL Server supports a stored procedure xp_cmdshell that permits what amounts to arbitrary command execution, and if this is permitted to the web user, complete compromise of the webserver is inevitable.; What we had done so far was limited to the web application and the underlying database, but if we can run commands, the webserver itself cannot help but be compromised. Access to xp_cmdshell is usually limited to administrative accounts, but it's possible to grant it to lesser users.
Map out more database structure: Though this particular application provided such a rich post-login environment that it didn't really seem necessary to dig further, in other more limited environments this may not have been sufficient.; Being able to systematically map out the available schema, including tables and their field structure, can't help but provide more avenues for compromise of the application.; One could probably gather more hints about the structure from other aspects of the website (e.g., is there a "leave a comment" page? Are there "support forums"?). Clearly, this is highly dependent on the application and it relies very much on making good guesses.

Mitigations

We believe that web application developers often simply do not think about "surprise inputs", but security people do (including the bad guys), so there are three broad approaches that can be applied here.

Sanitize the input

It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes, whether to the SQL server or to HTML itself. One's first idea is to strip out "bad stuff", such as quotes or semicolons or escapes, but this is a misguided attempt. Though it's easy to point out some dangerous characters, it's harder to point to all of them.

The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters), and efforts to authoritatively identify all "bad stuff" are unlikely to be successful.

Instead, rather than "remove known bad data", it's better to "remove everything but known good data": this distinction is crucial. Since - in our example - an email address can contain only these characters:

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0123456789
@.-_+

There is really no benefit in allowing characters that could not be valid, and rejecting them early - presumably with an error message - not only helps forestall SQL Injection, but also catches mere typos early rather than stores them into the database.

Sidebar on email addresses

It's important to note here that email addresses in particular are troublesome to validate programmatically, because everybody seems to have his own idea about what makes one "valid", and it's a shame to exclude a good email address because it contains a character you didn't think about.

The only real authority is RFC 2822 (which encompasses the more familiar RFC822), and it includes a fairly expansive definition of what's allowed. The truly pedantic may well wish to accept email addresses with ampersands and asterisks (among other things) as valid, but others - including this author - are satisfied with a reasonable subset that includes "most" email addresses.

Those taking a more restrictive approach ought to be fully aware of the consequences of excluding these addresses, especially considering that better techniques (prepare/execute, stored procedures) obviate the security concerns which those "odd" characters present.

Be aware that "sanitizing the input" doesn't mean merely "remove the quotes", because even "regular" characters can be troublesome. In an example where an integer ID value is being compared against the user input (say, a numeric PIN):

SELECT fieldlist
 FROM table
WHERE id = 23 OR 1=1;  -- Boom! Always matches!

In practice, however, this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters. For "dates" or "email addresses" or "integers" it may have merit, but for any kind of real application, one simply cannot avoid the other mitigations.

Escape/Quotesafe the input

Even if one might be able to sanitize a phone number or email address, one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill O'Reilly from one's application: a quote is simply a valid character for this field.

One includes an actual single quote in an SQL string by putting two of them together, so this suggests the obvious - but wrong! - technique of preprocessing every string to replicate the single quotes:

SELECT fieldlist
 FROM customers
WHERE name = 'Bill O''Reilly';  -- works OK

However, this naïve approach can be beaten because most databases support other string escape mechanisms. MySQL, for instance, also permits \' to escape a quote, so after input of \'; DROP TABLE users; -- is "protected" by doubling the quotes, we get:

SELECT fieldlist
 FROM customers
WHERE name = '\''; DROP TABLE users; --';  -- Boom!

The expression '\'' is a complete string (containing just one single quote), and the usual SQL shenanigans follow. It doesn't stop with backslashes either: there is Unicode, other encodings, and parsing oddities all hiding in the weeds to trip up the application designer.

Getting quotes right is notoriously difficult, which is why many database interface languages provide a function that does it for you. When the same internal code is used for "string quoting" and "string parsing", it's much more likely that the process will be done properly and safely.

Some examples are the MySQL function mysql_real_escape_string() and perl DBD method $dbh->quote($value).

These methods must be used.

Use bound parameters (the PREPARE statement)

Though quotesafing is a good mechanism, we're still in the area of "considering user input as SQL", and a much better approach exists: bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form.

Later, this prepared query is "executed" with a list of parameters:

Example in perl

$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;");

$sth->execute($email);

Thanks to Stefan Wagner, this demonstrates bound parameters in Java:

Insecure version

Statement s = connection.createStatement();
ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = "
                            + formField); // *boom*

Secure version

PreparedStatement ps = connection.prepareStatement(
   "SELECT email FROM member WHERE name = ?");
ps.setString(1, formField);
ResultSet rs = ps.executeQuery();

Here, $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks.

There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application.

Limit database permissions and segregate users

In the case at hand, we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". The web application ought to use a database connection with the most limited rights possible: query-only access to the members table, and no access to any other table.

The effect here is that even a "successful" SQL injection attack is going to have much more limited success. Here, we'd not have been able to do the UPDATE request that ultimately granted us access, so we'd have had to resort to other avenues.

Once the web application determined that a set of valid credentials had been passed via the login form, it would then switch that session to a database connection with more rights.

It should go almost without saying that sa rights should never be used for any web-based application.

Use stored procedures for database access

When the database server supports them, use stored procedures for performing access on the application's behalf, which can eliminate SQL entirely (assuming the stored procedures themselves are written properly).

By encapsulating the rules for a certain action - query, update, delete, etc. - into a single procedure, it can be tested and documented on a standalone basis and business rules enforced (for instance, the "add new order" procedure might reject that order if the customer were over his credit limit).

For simple queries this might be only a minor benefit, but as the operations become more complicated (or are used in more than one place), having a single definition for the operation means it's going to be more robust and easier to maintain.

Note: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection - it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection.

Isolate the webserver

Even having taken all these mitigation steps, it's nevertheless still possible to miss something and leave the server open to compromise. One ought to design the network infrastructure to assume that the bad guy will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things.

For instance, putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting complete control of the webserver doesn't automatically grant full access to everything else. This won't stop everything, of course, but it makes it a lot harder.

Configure error reporting

The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users. Imagine how much easier a time it makes for an attacker if the full query is shown, pointing to the syntax error involved.

This information is useful to developers, but it should be restricted - if possible - to just internal users.

Note that not all databases are configured the same way, and not all even support the same dialect of SQL (the "S" stands for "Structured", not "Standard"). For instance, most versions of MySQL do not support subselects, nor do they usually allow multiple statements: these are substantially complicating factors when attempting to penetrate a network.

We'd like to emphasize that though we chose the "Forgotten password" link to attack in this particular case, it wasn't really because this particular web application feature is dangerous. It was simply one of several available features that might have been vulnerable, and it would be a mistake to focus on the "Forgotten password" aspect of the presentation.

This Tech Tip has not been intended to provide comprehensive coverage on SQL injection, or even a tutorial: it merely documents the process that evolved over several hours during a contracted engagement. We've seen other papers on SQL injection discuss the technical background, but still only provide the "money shot" that ultimately gained them access.

But that final statement required background knowledge to pull off, and the process of gathering that information has merit too. One doesn't always have access to source code for an application, and the ability to attack a custom application blindly has some value.

Other resources

(more) Advanced SQL Injection, Chris Anley, Next Generation Security Software.
SQL Injection walkthrough, SecuriTeam
GreenSQL, an open-source database firewall that tries to protect against SQL injection errors
"Exploits of a Mom" — Very good xkcd cartoon about SQL injection
SQL Injection Cheat Sheet — by Ferruh Mavituna

Fine Tuning compiz

amit.hak50@gmail.com — Wed, 19 Aug 2009 18:44:00 +0000

amit.hak50@gmail.com — Sat, 20 Jun 2009 17:40:00 +0000

Rahul notifies that a reader has discovered a bug in Google Talk’s “Invisible status mode” feature in Gmail Chat, that let you find, if one of your Google Talk contacts is offline or using “invisible mode”. The trick takes advantage of Google's off the record feature which lets you chat with your contacts without saving the conversations in Gmail.

“Chats that have been taken off the record aren't stored in your Gmail chat history, or in the Gmail chat history of your contact. You and the person you're talking to can both see when a chat is taken off the record, and you'll be notified if off the record mode is disabled. Your off the record settings will apply whenever you chat with this person, until one of you makes a change.”

Lets begin, you want to find the status of a co-worker: If you start a chat with your co-worker, when he is “online”, and set the chat as “off the record”.

Now if you send a message to that user when he is invisible or offline:

“if the user is invisible, then he will receive your chat message, but if he is offline, then you will receive error “ did not receive your chat”. Why? because —

When a chat is set off the record, it will no longer get stored in your Gmail account.
When you send a chat message to offline or invisible user, it gets delivered by default. At receiving end if user is online, a chat screen pops up showing him your message. If he is offline, your chat message will go to inbox as a mail.

The conclusion is that, when you set chat off the record it can’t be delivered to inbox as mail, so it will be delivered only if user is online (no matter if he is invisible).

“Now the only tricky part is finding a user online for once to set chat off the records. This doesn’t seem hard as invisible status is still limited to Gmail version of Google Talk and you may be in luck if your friend uses Google Talk desktop clients/gadgets or third party IM client to chat.” It's important to note that the invisible status is available in Gmail Chat, Google Talk gadget, Google Talk Labs Edition and Google Talk for iPhone, not just in Gmail Chat. Of co

Hacking password protected sites

amit.hak50@gmail.com — Sat, 13 Jun 2009 17:01:00 +0000

i know dis is lame but just would like to share wid u.have nothing for next half an hour so typing it.

here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .

Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.

We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.

HOW TO ADD TWITTER TO ORKUT

amit.hak50@gmail.com — Thu, 11 Jun 2009 15:51:00 +0000

Twitter and Orkut have attracted millions of people in the world into social networking. To each, its own. Now is the time to join them so that you can display your Twitter in orkut profile too. It was much awaited as Twitter is already configurable with Facebook, Myspace and other notable social media networks.

To have that you need to install an application named Twitkut. From the right pane , select install Twitkut . Now you can enter your twitter User name in the settings tab .

Scope of Improvement

The only disadvantage with Twitkut Orkut application is that it will not display the tweets automatically .Your Twitter time line will only be updated when you visit your Orkut profile or application page .

It would be better if this app adds a facility to display Twitter tweets along with normal Orkut updates which is usually accessible to all the the friends in the network.

Again, only recently there is been an issue with this app which isn't accepting Twitter ids.

I hope they solve it as soon as possible and add some extra features because I have used this app and its pretty cool. Use it and post me with updates if you like the idea.

Some php tweaks

amit.hak50@gmail.com — Fri, 05 Jun 2009 06:46:00 +0000

Setting up LAMP in an ubuntu

amit.hak50@gmail.com — Fri, 05 Jun 2009 03:08:00 +0000

Lighting up LAMP in Ubuntu 8.04 Hardy Heron

02Jun08

This guide will help newbies set up a fully working LAMP (Linux, Apache, MySQL, PHP) server using on Ubuntu 8.04 Hardy Heron. Doing do will allow you to use various PHP applications such as the popular phpBB forums and WordPress blog in addition to the basic HTML pages and files. I write this based on an “out of the box” Ubuntu.

Let’s begin…

Install Packages

First, install the required packages by typing the following into the terminal:

sudo apt-get install apache2 php5 libapache2-mod-php5 mysql-server libapache2-mod-auth-mysql php5-mysql phpmyadmin

This will install Apache, PHP, MySQL, their respective modules, and phpMyAdmin. Enter your preferred root password for mySQL when prompted and choose apache2 to be automatically configured.

If you’d like, you can test whether if Apache is working properly by going to http://localhost/ in your web browser.

Letting Other Computers on the Same Network Connect (Optional)

Optionally, if you want computers on the same network to connect to the server you may want to edit /etc/mysql/my.cnf by invoking the command:

sudo gedit /etc/mysql/my.cnf

Then, replace the following line with your own IP address.

bind-address = 127.0.0.1

Configuring

To enable PHP and MySQL to work together, edit the php.ini file:

sudo gedit /etc/php5/apache2/php.ini

Then un-comment the following line. Save and close the file.

;extension = mysql.so

Accessing PHPMyAdmin

Edit the Apache configuration file:

sudo gedit /etc/apache2/apache2.conf

Add the following line to the bottom of the file. Save and close.

Include /etc/phpmyadmin/apache.conf

Restart Apache.

sudo /etc/init.d/apache2 restart

Testing PHP

Create and edit a file called testphp.php in your /var/www/ folder:

sudo gedit /var/www/testphp.php

Insert the following text inside that file and save:

Go back to your web browser and navigate to:

http://localhost/testphp.php

The PHP page should display. If a download window appears instead, something went wrong. Try reinstalling php5 and libapache2-mod-php5.

Testing phpMyAdmin

Navigate your web browser to:

http://localhost/phpmyadmin/

If the phpMyAdmin login page displays, then…

You are done. That wasn’t so hard.

Now that you have LAMP running, why not try some applications? To manage your server remotely, it would probably be a good idea to install SSH.

Note: The root directory of your web server is /var/www/

Source: HowtoForge, Highub

Shutdown your friend's computer remotely

amit.hak50@gmail.com — Fri, 29 May 2009 18:46:00 +0000

Phasing you out of you tube

amit.hak50@gmail.com — Fri, 29 May 2009 18:34:00 +0000

Some funny google hacks

amit.hak50@gmail.com — Tue, 26 May 2009 20:28:00 +0000

amit.hak50@gmail.com — Tue, 26 May 2009 18:09:00 +0000

Are you fed up with your slow PC? Well you can Speed Up your PC by 3 times. In this post you’ll find some of the most significant ways to speed up your PC. For your convenience, I ’ll split this post into 2 parts.

1. Automatic Ways to Speed Up PC (Using PC Speed Up Softwares)

2. Manual Ways to Speed Up PC

Automatic Ways to Speed Up PC

You can use a PC Optimizer Tool to automatically boost the Speed of your PC without the need to worry about the manual ways of doing it. These tools will automatically find and fix upto 99% of your PC errors by optimizing the Windows registry, cleaning up junk files, removing unwanted items from the start up etc. This can speed up your PC and Internet speed by upto 3 times. Here are some of the best PC Optimizer Programs that I recommend.

1. Perfect Optimizer

2. Registry Easy

Using a PC Optimizer is the easiest way to speed up your PC. This is because, most of the performance tweaks such as Registry Cleanup cannot be done manually.

Manual Ways to Speed Up Your PC

1. Free Up Disk Space to increase the speed of your PC

Remove temporary Internet files.
Empty the Recycle Bin.
Remove Windows temporary files.
Uninstall Programs that you no longer use.

2. Periodically Perform Hard Disk Defragment. This can Speed Up your PC significantly.

3. Clean Up your Registry (Highly Recommended)

Cleaning Up your Windows Registry is very much necessary to speed up your PC. Unfortunately you cannot do this manually. You have to use a Registry Cleaner to do this. Here is the best registry cleaner on the web.

Registry Easy

A complete review of registry cleaners can be found at Registry Cleaner Reviews

4. Clean Up the browser cache to Speed Up your Internet.

5. Install a good Antispyware software

Spywares can really hurt the performance of your PC. So, install a good anti-spyware to protect your PC from spywares and improve the speed of your PC. I recommend the following Antispywares to protect your PC.

1. Spyware Cease

2. Nodware Anti-Spyware

Which is the Best Way to Speed Up my PC? (Auto or Manual)

The best way to speed Up your PC is by using a PC Optimizer such as Perfect Optimizer or Registry Easy. This is because, manual ways can only perform 30-40% of the tweaks to improve the speed of your PC, but the most important aspect of the Speed Up process such as Registry clean Up and other advanced performance tweaks can only be done using a PC Optimizer software. So if you are serious about improving the speed of your PC, then you need to use a PC Optimizer.

How to hack myspace

amit.hak50@gmail.com — Tue, 26 May 2009 18:05:00 +0000

TWO WAYS TO HACK A MYSPACE ACCOUNT

1. If you have physical access to the victim’s computer

If you have physical access to victim’s computer then it’s just a cakewalk to hack myspace account. This can easily be done by just installing a keylogger. A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack a Myspace account.

Keyloggers can be installed just like any other program. At the installation time, you need to set your secret password and hotkey combination, to unhide the keylogger program when it is needed. This is because, after installation the keylogger becomes completely invisible and start running in the background. So once installed, the keyloggers hide themsleves from the Start menu, Add/Remove Programs, Task Manger, Program Files etc. Because of it’s stealth behaviour the victim can never come to know about that the presence of the keylogger software on his/her computer. In addition to this it can also give details such as the time and location at which the password was entered. For example if the victim enters his password in the Myspace login page at 2:30 PM, the keylogger will record this and later tell you that the password was entered in the Myspace login page at 2:30 PM. So, using the keylogger we can not only hack the Myspace password but also track all the activities on the computer.

2. If you do not have physical access to the victim’s computer

What will you do if you do not have access to the computer whose Myspace account is to be hacked ? In this case you can hack Myspace using the Keyloggers that support Remote Installation. This is another variation of a simple keylogger software. These keyloggers will have an option where in you can attach it to any legitimate files such as images, programs (exe files), Microsoft Excel files etc. and send it to the victim via email or by any other means. For example you can attach the keylogger to an image and ask your friend to download it. Once he clicks on it, the keylogger will get installed automatically without his knowledge.

Here are some of the best keyloggers that I have used. These also support remote installation.

1. Win-Spy Monitor

2. Realtime Spy

Which Keylogger is the best?

According to me Win-Spy Monitor is the best. This is because, it has the ability to hide itself from most of the antivirus softwares and works completely in stealth mode. Win-Spy Monitor can disable the anti-virus/anti-spywares before they can detect it. Moreover it can be remotely installed without the need to have a physical access to the victim’s computer. With these features it remains on top of the existing keyloggers. In addition to this, it is one of the cheapest keylogger program compared to other keyloggers which offer the same list of features.

I have tested tons of keylogger programs on the internet and Win-Spy Monitor turned out to be the best one. When I tested it on my friend’s comp, it worked like a charm. I was able to monitor his chat logs, webcam etc. and was able to control his PC from my comp. Simply speaking this is a great software and the amount that we pay is nothing in front of the features offered by it. Do you know Keyloggers are the easiest way to hack a Myspace Account. So, if you are looking for the best keylogger then Win-Spy Monitor is your ultimate choice. I promise, you cannot get a better keylogger than this. Go grab your copy of Win-Spy Monitor Here .

You can find a Complete Installation Guide along with the screenshots for Win-Spy Monitor HERE

For more information on keyloggers and their usage, refer the following posts

Hacking an Email Account

How to Monitor a Local or Remote PC

OTHER WAYS TO HACK MYSPACE

Phishing

Phishing is the most commonly used method to hack a MySpace account. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc. But once the user attempts to login through these pages, his/her login details are stolen away.

Phishing is proved to be the most effective way of hacking passwords and also has high success rate. The reason for this is quite simple. The users are not aware of the phishing attack. Also the users are fooled, since the fake login pages imitate the appearance of the original pages. So, you may use the phishing technique to hack your friend’s MySpace account (just for fun). But you must have a detailed technical knowledge of HTML and server side scripting languages (php, perl etc.) to create a fake login page.

I hope this helps. Please pass your comments and opinions…

how to watch ABC TV streams outside the USA

amit.hak50@gmail.com — Sat, 23 May 2009 18:39:00 +0000

ABC started their streaming service on their website today. Users from the USA are able to watch episodes of Lost, Desperate Houswives, Alias and others right from the website. Unfortunatly they check your IPs origin and decline access if the whois turns out to be from outside the USA. But as always, there is a way around this restriction.

This is slighty complex but you should get used to the procedure. All you need is a http proxy that is hosted inside the USA and does not spill your IP address. To achieve this you need a application that checks proxy servers for those variables. I recommend Charon for this task but you could use other tools as well.

Download Charon from the website mentioned, you don´t need to install it at all, just extract the contents to a directory of your choice.

Fire it up, you have no proxy list yet so you could use google to find some lists or let charon do that for you. Simply select Check Proxies and then Scan Search Engines for new Proxies. Charon will find some proxies that are then displayed in the table. Those are unverified, now select Check Proxies and Check Anonymity of all Proxies. This might take some time. If you only recieve bad and timeouts you have to change one option in charon.

Select Connect Options and chose Use External Judge(s).

Let it test the proxies. If you have enough good ones or a finished test sort the proxies by the Country tab. Only USA proxies are working so we need one of those. The Anonymity tab should state YES. If both are correct right click the line and select Copy to clipboard and Copy selected IP:Port.

Open your browser and paste the proxy address into its proxy settings. For firefox you select Tools >> Options >> Connection Settings >> Manual Proxy Configuration and add the proxy and port there. Close the options and visit the abc streaming site. If you see a Launch button you are ready to enjoy the tv shows. If not try another proxy from the list.

I checked the service with this proxy and it worked flawlessly: 192.104.67.250 port:8080

Enjoy the shows.

Hacking cameras through google(Best links)

amit.hak50@gmail.com — Sat, 23 May 2009 18:21:00 +0000

These Google search links will get you started on finding live streaming feeds that are publicly accessible. Most of them are meant to be publicly viewable.

inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”

hack any internet camera

amit.hak50@gmail.com — Sat, 23 May 2009 18:13:00 +0000

Hacking Internet Cameras - The best video clips are here

G-mail video chat

amit.hak50@gmail.com — Sat, 23 May 2009 17:27:00 +0000

hack remote pc while chatting through yahoo messenger

amit.hak50@gmail.com — Sat, 23 May 2009 08:21:00 +0000

Hack any website

amit.hak50@gmail.com — Sat, 23 May 2009 08:06:00 +0000

change your MAC address in an xp/vista

amit.hak50@gmail.com — Fri, 15 May 2009 17:30:00 +0000

Goto 'Device manager' (right click 'My Computer' -> click 'Device Manager')
-> click 'Network Adapters'
-> right click the name of your NIC (Network Interface Card)
-> click 'Properties'
-> click the tab 'Advanced'
-> select 'Locally Administered Address'
-> choose the option button besides 'Value' text box
-> enter your desired MAC address of 12 characters without dashes
-> click 'OK'
-> disable your NIC and then enable it again
-> enjoy

have a nice day!

How to make my own web server

amit.hak50@gmail.com — Mon, 11 May 2009 17:40:00 +0000

If you want to avoid costs of hosting your files for use on the Internet, you can make your own web server to handle hosting your files. You need a decent computer with plenty of storage space, RAM, and something that can always be connected to the Internet. When your server is not on the Internet, none of the files on your server will be on the Internet. Follow these steps to turn your computer into your web server. Difficulty: Moderate

Instructions

Things You'll Need:

Computer with at least 1ghz processor and 1GB ram, and plenty of HD space
Router
High-speed Internet service
Domain name

How to Make My Own Web Server

Step 1

If you don't have a high-speed Internet connection, secure one with a local provider in your area.
Step 2

Secure your own domain name. This will help people get to and from your files on the Internet. This will also give you a place to send and receive email. If you do not have a static web address (if you have cable or DSL connection, you probably will not have a static address) there are several places you can go to secure your domain. Check the resources section.
Step 3

Get your router. Use a regular router, because wireless routers are not suggested for home server set-ups. Your router should have Ethernet jacks and should be capable of port forwarding in order to allow outside Internet traffic.
Step 4

Set up your computer. Make sure that you have your standard computer items including a keyboard, mouse, and a 10/100 Ethernet Network Card. Make sure to have an uninterrupted power supply to keep your system safe in the event of a power outage.
Step 5

To configure your web server, you should start system-config services. Make sure that httpd and mysqld are started and selected to start on boot, then save the service configuration.
Step 6

Verify that your web server is working correctly by opening a browser and pointing it at http://localhost/ (which always points to the web server on your computer). You should see the test page for apache, the web server application.
Step 7

Set up port forwarding as directed by your router. Make sure that all http services or port 80 traffic is sent to the IP address of your web server.