hackerzz world: December 2013

Thursday, December 19, 2013

Android Tips and Tricks

1. Using a Task Manager.

Many Android devices come with their own task manager to manage running programs in the background. Stopping unused running apps will help increase speeds and battery performance. If you don’t have a task manager on your device you download one from the Google Play store, such as Advanced Task Killer (Steps below).

1. Go to the Google Play Store.

2. Search for Advanced Task Killer.

3. Download and Install the Free version of the app.

4. Once installed, open the app and click "KILL selected apps".

5. The app will clear any open programs that may be using computing power.

2. Battery Usage.

Many of us go through a whole battery charge in just a single day. To see statistics for battery use, such as which app is using the most power, screen on time, Wi-Fi connectivity and Cellular connectivity, follow the steps below.

1. Go to Settings.

2. Scroll down to About Phone.

3. Tap Battery or Battery Usage.

4. You should now see a large graph on top (Click on it to expand it) and a list of apps.

3. Data Usage.

With many cell phone carriers charging high prices for data usage, Google has added a Data Limiter to stop your Android device from going over your data plan. You can set a maximum which will stop all data usage and set a warning to allow the device to warn you when you arw about to reach your maximum.

1. Go to Settings.

2. Then Tap Data Usage.

3. You’ll see a chat displaying your 3G or 4G data over a period of time.

4. Make sure the Mobile Data switch is set to ON.

5. Move the Red bar to select your data cut off point and the yellow bar to have the device display a warning.

4. Save Webpages for Offline Reading.

If you are using a Wi-Fi Android device, but want to continue to read your webpage as you travel, you can read the page offline. Offline reading will save the webpage to your phone’s storage device.

1. Go to the webpage you wish to save for offline reading.

2. Tap your device settings button (Normally next to your home button).

3. In the menu select Save for Offline Reading.

4. Allow your device to download the page.

5. Once you’re ready to finish your reading you can view it again just like a normal bookmark.

5. Taking a Screenshot.

In Android Froyo, Gingerbread or Honeycomb you never had the option to take a screenshot. However, in the latest Android versions ICE and Jelly Bean you’re now able to take screenshots of your device.

1. Go to the page you wish to screenshot.

2. Press and hold the power button + volume down buttons simultaneously.

3. The screen will show a quick flash and save the photo in your gallery.

6. Sync Facebook Profile Pictures to Contacts.

If you ever wanted to display a profile picture for your contacts, you can sync your contacts with Facebook to display their profile picture in your contacts list. Syncing Facebook’s profiles pictures will automatically look at your phones contacts and compare it to your friends list, after the sync has finished Facebook will add your contacts image to their contact. If you wish to stay connected, Facebook will keep your contact’s pictures up to date.

1. Download the Facebook app via the Google Play Store.

2. Open your Facebook App.

3. Tap your settings button (Normally next to your home button).

4. Scroll to Other settings and Sync Contact.

5. Here you can Sync all data, Sync with existing contacts, and remove Facebook data.

7. Hide Pre-installed Apps.

Many Android devices come with pre-installed apps or bloat ware. Many of us never end up using the apps, so why not hide them?

1. Go to your Applications list.

2. Tap your settings button (Normally next to your home button).

3. Select the Hide Apps button in the menu.

4. Select the Apps you wish to hide then click Hide.

Note, if you’re not sure whether an App is needed, research its name before making any changes.

8. Add Widgets to the Home screen.

One nice thing about Android is that you can have live widgets running on any home screen. They have settings to update themselves automatically so you’re always up-to-date.

1. Find an empty area on your home screen or where you wish to place the widget.

2. Tap and hold the empty space for a few seconds.

3. Now you should see "Add to Home screen" in the popup window.

4. Tab Widgets.

5. Select the Widget you wish to add and move it into the correct position on your device.

9. Locking your device.

Unlike other mobile OS versions, Android offers a variety of different ways to unlock your device. We have Pattern unlock, Number Pad unlock and face recognition unlock.

1. Go to Settings.

2. Go to Location & Security.

3. Tap on Set up screen lock.

4. You should now see three different choices displayed.

5. Select the type of unlock you wish to enable.

10. Lock the Screen Orientation.

Sometimes if you’re laying down, or just don’t want the device to switch the screen orientation, you can now lock it. Locking the screen will keep it in whichever position you want it.

1. Go to Settings.

2. Tap Display.

3. Look for the Auto-Rotate Screen and uncheck that box.

11. Android Easter Eggs.

This is just a fun Easter egg found on all Android devices. Doing the following will show a neat picture that Google have included in the OS.

1. Go to Settings.

2. Then go to About Phone.

3. Find where your Android version is listed.

4. Quickly start tapping on the Android version for a few seconds.

5. If done correctly a small picture should appear.

XCOM: Enemy Unknown Simple Tweak Guide

In this short guide I’m going to be going through some quick tweaking tips for you to play around with. This is mostly easy stuff with little to no way of making a terrible mess of your game.

Most of the basic tweaking is done from editing BaseEngine.ini. Make sure that you create a backup of this file before continuing! Use ctrl+f to ‘find’ the option header.

The first and most useful is the resolution and refresh rate tweak:

　

In this image, I’ve demonstrated one viable option, you can use virtually any combination you want!

So what do these options mean?

First, ‘AudioDevicesClass’ is simply the default audio device the game is using.

Second is the minimum horizontal resolution; the third being the minimum vertical resolution. You don’t need to have an orthodox setting either.

Fourth and fifth settings are similar to the last two, except that these allow you to get higher resolutions for those GPUs with more memory.

Sixth and seventh are the refresh rates. If you don’t know what this is, you probably should not mess with it. Otherwise it should be best to leave it alone, you can try 120hz to see if the game will function with a 3D monitor, but I haven’t tried it.

Eighth simply allows you to use a gamepad.

========================================================

This next picture is pretty basic, as there are few useful options but I wanted to point it out anyway:

Remember these are the options on my system, yours may differ.

This one is pretty simple to understand – if your game is not bright enough, or you want it brighter, you can use this option to change the gamma. Note that the game will look tarnished at settings above 3 and look washed out at settings below 0.

With MinDesiredFrameRate the game engine will attempt to render at no less than the specified framerate. It’s kind of like an FPS lock.

The other two options are not important.

========================================================

This next picture provides you with an area where you may edit some memory (RAM) settings:

　

If you have 4 GB of system memory, this is what your settings should be

Memory Pool: The size of the texture pool, in MB. Basically, the more RAM and video memory you have the larger the pool you can use.

MemoryMargin: Amount of memory to keep free, to be used as temp memory when streaming in new data, in MB. Really not necessary to change.

MemoryLoss: Amount of memory to keep unavailable, a feature not yet functional in Unreal Engine 3.

========================================================

In my final picture you’ll have a look at some multiplayer options. This is the easiest to find but I thought I’d explain it anyway since it also includes server hosting info:

　

This is the default setting, you can change it here to make things convenient.

Protocol: Ignore this, should not be changed.

Name: Simple enough, the name of your online alias.

Map:Seems to have no effect when changed.

LocalMap: The map of the server

TransitionMap: Untested, likely the map that comes after the first.

MapExt: Specify whether or not the map is a UT3 map or XCOM.

Port: What listen port (UDP/TCP) to be used by the server.

PeerPort: What port (UDP/TCP) users should use to connect to your server.

GameName: How your server appears in a server browser

GameNameShort: Similar to above.

That’s all for this guide, it’s nothing comprehensive as my purpose was to get you interested in modifying the game as well as giving you the options you’re most likely going to want to fiddle around with. More advanced users are encouraged to look around and have fun with all the great options they have available to them.

All you need to know about RAM

Random-access memory (RAM) is where the PC stores a relatively small amount of ephemeral data that is more rapidly accessed by the Central Processor Unit (CPU) rather than data stored on a long-lasting memory device, such as hard drive or CD. Unlike data that are stored on long-lasting memory devices, information within RAM is lost when there is no power.

While either buying or upgrading RAM it can become tricky, as purchasing the incorrect type of RAM and attempting to install it within your PC could cause your PC not to boot at all. Throughout this article is a complete guide on all you need to know when changing RAM.

Identify what RAM your motherboard accepts

Knowing what type of RAM you need depends on the make or model of your motherboard. The quickest and easiest way to find out the correct RAM is to check your motherboard’s manual or manufacturer’s website. It is crucial that you check the compatibility list as installing the wrong type of RAM will cause the PC not to boot.

If you’re running an older machine looking to increase its RAM understand that older PCs like Dell used to use their own proprietary architecture making third party RAM incompatible. Newer Dells and PCs however use generic RAM now.

When looking to purchase RAM, you may come across the option to select buffered, also called registered, or unbuffered. The major difference between the two is that buffered memory is designed for server motherboards whereas unbuffered memory is designed to run with standard desktop motherboards. One final note about unbuffered memory is it can also be symbolized with a U – for example PC3200U.

If you are interested in knowing the exact type of memory currently installed in your system, Speccy is an excellent tool to use. It will provide you with the exact type, model number, speeds as well as brand name not only for your RAM but for every other PC component.

Mixing RAM

Be careful with mixing memory sticks as in some cases it may cause the PC to not boot. Mixing faster memory with slower memory will always result in the motherboard using the slower speeds. Same issue goes for the sizes. Having one 4GB with one 2GB is not ideal as one stick may receive double the work. However as long as both memory sticks are on the compatible list provided from your motherboard the PC should accept the new RAM.

Memory works best when running in the correct channels along with a matching RAM stick. Channels are the dual in-line memory module (DIMM) slots located to the right of the CPU socket. Here is where RAM is inserted into the motherboard and is where the RAM will receive its power as well as do its calculations. There are four different types of channels that different motherboards use: Single, Dual, Triple, and Quad. The most common found on motherboards would be a dual channel meaning that the PC will perform its best when running two RAM sticks at a time.

Overclocking RAM

The standard RAM speed for an Intel CPU is 1600MHz, anything higher will run off the motherboard’s chipset adding more load to the motherboard. The AMD FX series on the other hand works best with memory running at 1866MHz.

It may sound good to overclock your RAM, as you’re forcing the RAM to work overtime just like an overclocked CPU. However RAM overclocking is much different as it deals with adjusting voltages, latencies and other settings within your BIOS.

Unless you are a PC enthusiast I would recommend keeping the RAM settings within the BIOS to default and to not purchase anything higher then 1600MHz RAM for an Intel or AMD system, with the exception of the AMD FX series of course.

How to Perform a Remote Wipe on a Mobile Phone from Exchange Server 2010

There’s a neat tool in Exchange Server 2010 that you may utilize in case a company smart phone (e.g. Android, iPhone, Windows Phone, etc..) has been misplaced, lost or stolen, to protect all the sensitive data stored on that phone. You may perform a remote wipe of the data on the mobile phone from Exchange Server without having to do a physical mobile data wipe out.

On the Exchange Management Console, expand Microsoft Exchange On Premises, expand Recipient Configuration, click on Mailbox, from the Actions pane, select the Mobile User that you wish to do a remote data wipe out, click on Manage Mobile Phone…

　

　

On the Manage Mobile Phone properties select Perform a remote wipe to clear mobile phone data in the Action section then click on Clear.

　

　

This process took less than 2 minutes to complete a remote wipe of a business mobile phone.

How to Update your Graphics Driver for Maximum Performance

Graphics driver software is responsible for the performance of the graphics card (GPU) installed in your PC. As is apparent from its name, a graphics card works to enhance the gaming and video viewing experience of the user. An updated graphics driver gives you the best performance.

Most of the graphics card brands like NVIDIA, AMD, etc. frequently release driver updates for their graphics cards.

How to identify your Graphic Card

Through Device Manager
Click the Start button and type Device Manager in the Search box then select Device Manager from the drop-down menu.
Expand the Display adapters section to see the manufacturer and model of your computer’s graphic card. Congratulations! - We are giving Indian user to have a chance to win An iPhone 5, Note 3, Note 2, S4 Take a 3 Second survey!!

　

Through Speccy
Another way to get the specifications of your computer’s graphics card is through third party software such as Speccy. It is freeware from the developers of CCleaner and gives you detailed information about your computer’s hardware.
Download and install Speccy.
Right click on its Desktop Icon then click on Run as administrator to get detailed computer hardware specifications.
Generally, you can get updated graphics drivers from the manufacturer’s website. Download and install them from there to have the best graphics performance on your PC. (You should use this as a general rule when downloading any software, always download from the developers site whenever possible.)

Some well-known graphics card developers also have update-checking utilities that automatically check for new graphics driver versions and keep you updated about them. A popular one is the NVIDIA Update Utility NVIDIA Driver Downloads – Automatically Detect NVIDIA Products. Note: You need to use Internet Explorer to access this link

Bear in mind that your old graphics hardware may eventually die and manufacturers move to newer hardware from time to time. So this update procedure may not work forever.

WHQL and Beta Drivers:

WHQL (Windows Hardware Quality Labs) drivers are drivers that have been tested by Microsoft, using a series of different procedures to test stability and compatibility. A driver that has been tested and has passed these tests, will be categorised as WHQL.

Beta drivers have not been fully tested, and bugs may still remain in the code. It is advised to use Beta drivers with caution, since they haven’t been fully tested for stability and compatibility, and thus may result in crashes.

Monday, December 16, 2013

Secure Yourself from Hackers & Hijackers

Hello readers of BTS,
Today I'll write an tutorial for you what covers most problems while doing SQL injection and solutions to them. Probably every person who has looked at tutorials to hack a website have noticed that there are too much SQL tutorials. Almost every forum has 10 tutorials and blogs 5 tutorials about SQL injection, but actually those tutorials are stolen from somewhere else and the author doesn't probably even know why does SQL injection work. All of those tutorials are like textbooks with their ABC's and the result is just a mess. Everyone are writing tutorials about SQL, but nobody covers the problems what will come with that attack.

What is the cause of most problems related to SQL injection?

Webdevelopers aren't always really dumb and they have also heard of hackers and have implemented some security measures like WAF or manual protetion. WAF is an Web application firewall and will block all malicous requests, but WAF's are quite easy to bypass. Nobody would like to have their site hacked and they are also implementing some security, but ofcourse it would be false to say that if we fail then it's the servers fault. There's also a huge possibility that we're injecting otherwise than we should.

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

If you're interested about WAF's and how they're working then I suggest to read it from wikipedia http://en.wikipedia.org/wiki/Application_firewall

Order by is being blocked?

It rarely happens, but sometimes you can't use order by because the WAF has blocked it or some other reasons. Unfortunally we can't skip the order by and we have to find another way. The way is simple, instead of using Order by we have to use Group by because that's very unlikely to be blacklisted by the WAF.

If that request will return 'forbidden' then it means it's blocked.
http://site.com/gallery?id=1 order by 100--
Then you have to try to use Group by and it will return correct :
http://site.com/gallery?id=1 group by 100-- / success
Still there's an possibility that WAF will block the request, but there's on other way also and that's not very widely known. It's about using ( the main query ) = (select 1)
http://example.org/news.php?id=8 and (select * from admins)=(select 1)
Then you'll probably recive an error like this : Operand should contain 5 column(s).

That error means there are 5 columns and it means we can proceed to our next step what's union select. The command was different than usual, but the further injection will be the same.
http://site.com/news.php?id=-8 union select 1,2,3,4,5--

'order by 10000' and still not error?

That's an small chapter where I'll tell you why sometimes order by won't work and you don't see an error. The difference between this capther and the last one is that previously your requests were blocked by the WAF, but here's the injection method is just a littlebit different. When I saw that on my first time then I thought how does a Database have 100000 columns because I'm not getting the error while the site is vulnerable?

The answer is quite logical. By trying order by 1000000 we're not getting the error because there are so many columns in there, we're not getting the error because our injecting isn't working.

Example : site.com/news.php?id=9 order by 10000000000-- [No Error]
to bypass this you just have to change the URL littlebit.Add ' after the ID number and at the end just enter +

Example :
site.com/news.php?id=9' order by 10000000--+[Error]
If the last example is working for you then it means you have to use it in the next steps also, there isn't anything complicated, but to make everything clear I'll still make an example.

http://site.com/news.php?id=-9' union select 1,2,3,4,5,6,7,8--+

Extracting data from other database.

Sometimes we can inject succesfully and there doesn't appear any error, it's just like a hackers dream. That dream will end at the moment when we'll see that there doesn't exist anything useful to us. There are only few tables and are called "News", "gallery" and "articles". They aren't useful at all to us because we'd like to see tables like "Admin" or "Administrator". Still we know that the server probably has several databases and even if we have found the information we're looking for, you should still take a look in the other databases also.

This will give you Schema names.
site.com/news.php?id=9 union select 1,2,group_concat(schema_name),4 from information_schema.schemata

And with this code you can get the tables from the schema.
site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x

This code will give you the column names.
site.com/news.php?id=9 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x

I get error if I try to extract tables.

site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables

Le wild Error appears.
"you have an error in your sql syntax near '' at line 1"
Change the URL for this
site.com/news.php?id=9 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1--

How to bypass WAF/Web application firewall

The biggest reason why most of reasons are appearing are because of security measures added to the server and WAF is the biggest reason, but mostly they're made really badly and can be bypassed really easily. Mostly you will get error 404 like it's in the code below, this is WAF. Most likely persons who're into SQL injection and bypassing WAF's are thinking at the moment "Dude, only one bypassing method?", but in this case we both know that bypassing WAF's is different kind of science and I could write a ebook on bypassing these. I'll keep all those bypassing queries to another time and won't cover that this time.

"404 forbidden you do not have permission to access to this webpage"

The code will look like this if you get the error
http://www.site.com/index.php?id=-1+union+select+1,2,3,4,5--
[Error]

Change the url Like it's below.
http://www.site.com/index.php?id=-1+/*!UnIoN*/+/*!sELeCt*/1,2,3,4,5--
[No error]

Is it possible to modify the information in the database by SQL injection?

Most of people aren't aware of it, but it's possible. You're able to Update, Drop, insert and select information. Most of people who're dealing with SQL injection has never looked deeper in the attack than shown in the average SQL injection tutorial, but an average SQL injection tutorial doesn't have those statements added. Most likely because most of people are copy&pasting tutorials or just overwriting them. You might ask that why should one update, drop or insert information into the database if I can just look into the information to use the current ones, why should we make another Administrator account if there already exists one?

Reading the information is just one part of the injection and sometimes those other commands what are quite infamous are more powerful than we thought. If you have read all those avalible SQL injection tutorials then you're probably aware that you can read the information, but you didn't knew you're able to modify it. If you have tried SQL injecting then you have probably faced some problems that there aren't administrator account, why not to use the Insert command to add one? There aren't admin page to login, why not to drop the table and all information so nobody could access it? I want to get rid of the current Administrator and can't change his password, why not to use the update commands to change the password of the Administrator?

You have probably noticed that I have talked alot about unneccesary information what you probably don't need to know, but that's an information you need to learn and understand to become a real hacker because you have to learn how SQL databases are working to fiqure it out how those commands are working because you can't find tutorials about it from the network. It's just like math you learn in school, if you won't learn it then you'll be in trouble when you grow up.

Theory is almost over and now let's get to the practice.

Let's say that we're visiting that page and it's vulnerable to SQL injection.

http://site.com/news.php?id=1

You have to start injecting to look at the tables and columns in them, but let's assume that the current table is named as "News".
With SQL injection you can SELECT, DROP, UPDATE and INSERT information to the database. The SELECT is probably already covered at all the tutorials so let's focus on the other three. Let's start with the DROP command.

I'd like to get rid of a table, how to do it?

http://site.com/news.php?id=1; DROP TABLE news

That seems easy, we have just dropped the table. I'd explain what we did in the above statement, but it's quite hard to explain it because you all can understand the above command. Unfortunally most of 'hackers' who're making tutorials on SQL injection aren't aware of it and sometimes that three words are more important than all the information we can read on some tutorials.

Let's head to the next statement what's UPDATE.
http://site.com/news.php?id=1; UPDATE 'Table name' SET 'data you want to edit' = 'new data' WHERE column_name='information'--

Above explanation might be quite confusing so I'll add an query what you're most likely going to use in real life :

http://site.com/news.php?id=1; UPDATE 'admin_login' SET 'password' = 'Crackhackforum' WHERE login_name='Rynaldo'--

We have just updated Administrator account's password.In the above example we updated the column called 'admin_login" and added a password what is "Crackhackforum" and that credentials belongs to account which's username is Rynaldo. Kinda heavy to explain, but I hope you'll understand.

How does INSERT work?

Luckily "INSERT" isn't that easy as the "DROP" statement is, but still quite understandable. Let's go further with Administrator privileges because that's what most of people are heading to. Adding an administrator account would be like this :
http://site.com/news.php?id=1; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (2,'Rynaldo','Crackhackforum','NA')--

INSERT INTO 'admin_login' means that we're inserting something to 'admin_login'. Now we have to give instructions to the database what exact information we want to add, ('login_id', 'login_name', 'password', 'details') means that the specifications we're adding to the DB are Login_id, Login_name, password and details and those are the information the database needs to create a new account. So far we have told the database what information we want to add, we want to add new account, password to it, account ID and details. Now we have to tell the database what will be the new account's username, it's password and account ID, VALUES (2,'Rynaldo','Crackhackforum','NA')-- . That means account ID is 2, username will be Rynaldo, password of the account will be Crackhackforum. Your new account has been added to the database and all you have to do is opening up the Administrator page and login.

Passwords aren't working

Sometimes the site is vulnerable to SQL and you can get the passwords.Then you can find the sites username and password, but when you enter it into adminpanel then it shows "Wrong password".This can be because those usernames and passwords are there, but aren't working. This is made by site's admin to confuse you and actually the Cpanel doesn't contain any username/password. Sometimes are accounts removed, but the accounts are still in the database. Sometimes it isn't made by the admin and those credentials has been left in the database after removing the login page, sometimes the real credentials has been transfered to another database and old entries hasn't been deleted.

Sometimes i get some weird password

This weird password is called Hash and most likely it's MD5 hash.That means the sites admin has added more security to the website and has encrypted the passwords.Most popular crypting way is using MD5 hash.The best way to crack MD5 hashes is using PasswordsPro or Hashcat because they're the best and can crack the password even if it's really hard or isn't MD5. Also you can use http://md5decrypter.com .I don't like to be a person who's pitching around with small details what aren't correct, but here's an tip what you should keep in mind. The domain is saying it's "md5decryptor" what reffers to decrypting MD5 hashes. Actually it's not possible to decrypt a hash because they're having 'one-way' encryption. One way encryption means it can only be encrypted, but not decrypted. Still it doesn't mean that we can't know what does the hash mean, we have to crack it. Hashes can't be decrypted, only cracked. Those online sites aren't cracking hashes every time, they're saving already cracked hashes & results to their database and if you'll ask an hash what's already in their database, you will get the result. :)

Md5 hash looks like this : 827ccb0eea8a706c4c34a16891f84e7b = 12345
You can read about all Hashes what exist and their description http://pastebin.com/aiyxhQsf
Md5 hashes can't be decrypted, only cracked

How to find admin page of site?

Some sites doesn't contain admin control panel and that means you can use any method for finding the admin page, but that doesn't even exist. You might ask "I got the username and password from the database, why isn't there any admin login page then?", but sometimes they are just left in the database after removing the Cpanel.

Mostly people are using tools called "Admin page finders".They have some specific list of pages and will try them.If the page will give HTTP response 200 then it means the page exists, but if the server responds with HTTP response 404 then it means the page doesn't exist in there.If the page exist what is in the list then tool will say "Page found".I don't have any tool to share at the moment, but if you're downloading it yourself then be beware because there are most of those tools infected with virus's.

Mostly the tools I mentioned above, Admin Page Finders doesn't usually find the administrator page if it's costumly made or renamed. That means quite oftenly those tools doesn't help us out and we have to use an alternative and I think the best one is by using site crawlers. Most of you are probably having Acunetix Web Vulnerability scanner 8 and it has one wonderful feature called site crawler. It'll show you all the pages on the site and will %100 find the login page if there exists one in the page.

Automated SQL injection tools.

Automated SQL injection tools are programs what will do the whole work for you, sometimes they will even crack the hashes and will find the Administrator page for you. Most of people are using automated SQL injection tools and most popular of them are Havij and SQLmap. Havij is being used much more than SQLmap nomatter the other tool is much better for that injection. The sad truth why that's so is that many people aren't even able to run SQLmap and those persons are called script-kiddies. Being a script-kiddie is the worstest thing you can be in the hacking world and if you won't learn how to perform the attack manually and are only using tools then you're one of them. If you're using those tools to perform the attack then most of people will think that you're a script-kiddie because most likely you are. Proffesionals won't take you seriusly if you're injecting with them and you won't become a real hacker neither. My above text might give you an question, "But I've seen that even Proffesional hackers are using SQLmap?" and I'd like to say that everything isn't always black & white. If there are 10 databases, 50 tables in them and 100 columns in the table then it would just take days to proccess all that information.I'm also sometimes using automated tools because it makes my life easier, but to use those tools you first have to learn how to use those tools manually and that's what the tutorial above is teaching you.

Use automated tools only to make your life easier, but don't even look at them if you don't know how to perform the attack manually.

What else can I do with SQL injection besides extracting information?

There are many things besides extracting information from the database and sometimes they are much more powerful. We have talked above that sometimes the database doesn't contain Administrator's credentials or you can't crack the hashes. Then all the injection seems pointless because we can't use the information we have got from the database. Still we can use few another methods. Just like we can conduct CSRF attack with persistent XSS, we can also move to another attacks through SQL injection. One of the solution would be performing DOS attack on the website which is vulnerable to SQL injection. DOS is shortened from Denial of service and it's tottaly different from DDOS what's Distributed Denial of Service. I think that you all probably know what these are, but if I'm taking that attack up with a sentence then DOS will allow us to take down the website temporarely so users wouldn't have access to the site. The other way would be uploading our shell through SQL injection. If you're having a question about what's shell then by saying it shortly, it's a script what we'll upload to the server and it will create an backdoor for us and will give us all the privileges to do what we'd like in the server and sometimes by uploading a shell you're having more rights to modify things than the real Administrator has. After you have uploaded a shell you can move forward to symlink what means we can deface all the sites what are sharing the same server. Shelling the website is probably most powerful thing you can use on the website. I have not covered how to upload a shell through SQL injection and haven't covered how to cause DOS neither, but probably will do in my next tutorials because uploading a shell through SQL is another kind of science, just like bypassing WAF's. Those are the most common methods what attackers will put in use after they can't get anything useful out of the database. Ofcourse every website doesn't have the same vulnerabilities and they aren't responding always like we want and by that I mean we can't perform those attacks on all websites.We have all heard that immagination is unlimited and you can do whatever you'd like. That's kinda true and hacking isn't an exception, there are more ways than I can count.

What to do if all the information doesn't display on the page?
I actually have really rarely seen that there are so much information on the webpage that it all just don't fit in there, but one person recently asked that question from me and I decided to add it here. Also if you're having questions then surely ask and I'll update the article. If we're getting back to the question then the answer is simple, if all the information can't fit in the screen then you have to look at the source code because everything displayed on the webpage will be in there. Also sometimes information will appear in the tab where usually is the site's name. If you can't see the information then sometimes it's hiddened, but with taking a deeper look you might find it from the source. That's why you always have to look all the solutions out before quiting because sometimes you might think "I can't inject into that..", but actually the answer is hiddened in the source.

What is the purpose of '--' in the union+select+1,2,3,4,5-- ?
I suggest to read about null-byte's and here's a good explanation about it : http://en.wikipedia.org/wiki/Null_character because it might give you some hint why -- is being used . Purpose of adding -- in the end of the URL isn't always neccesary and it depends on the target. It doesn't have any influence to the injection because it doesn't mean anything, but it's still being used because it's used as end of query. It means if I'm injecting as : http://site.com/news.php?id=-1 union select 1,2,3,4,5-- asasdasd then the server will skip everything after -- and asasdasd won't be readed. It's just like adding to masking a shell. Sometimes injection isn't working if -- is missing because -- tells the DB that "I'm the end of query, don't read anything what comes after me and execute everything infront of me". It's just like writing a sentence without a dot, people might think it's not the end of your sentence and will wait until you write the other part of the sentence and the end will come if you add the dot to your sentence.
3. Never leave default passwords blank.
On installation, Windows 2000 sets up an Administrator account with total system access and prompts for a password. Guess what: by default, it allows that password to be blank. If a user doesn't want to type a password, he can simply click Next and the system will be an open door for anyone who wants to log on. Always opt for a password of some kind when setting up the default account on a machine.
4. Disable the Guest account
Windows XP comes with a Guest account that's used for limited access, but it's still possible to do some damage with it. Disable it completely if you are not using it. Under Control Panel, select User Accounts, click on Guest Account and then select Turn Off the Guest Account.
5. Install Windows In a different directory.
Windows usually installs itself in the WINDOWS directory. Windows NT 4 0 and 2000 Will opt for WINNT. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. To defeat this install Windows to another directory when you're setting it up - you can specify the name of the directory during setup. WINDIR is okay; so some people use WNDWS - A few (not that many) programs may not install properly if you install Windows to another folder but t hey are very few and they are far between

6. Fake out hackers with a dummy Administrator account
Since the default account in Windows 2000 is always named Administrator, an enterprising hacker can try to break into your system by attempting to guess the password on that account. It you never bothered to put a password on that account, say your prayers.

Rather than be a sucker to a hacker, put a password on the Administrator account it you haven't done so already. Then change the name of the Administrator account. You'll still be able to use the account under its new name, since Windows identifies user accounts by a back-end ID number rather than the name. Finally, create a new account named Administrator and disable it. This should frustrate any would -be break-ins.

You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. Right-click on My Computer, select Manager, open the Local Users and Groups subtree, look in the Users folder and right-click on any name to rename it. To add a new user, right-click on the containing folder and select New User. Finally, to disable an account, double-click it, check the Account is disabled box and click OK.

Don't ever delete the original Administrator account. Some programs refuse to install without it and you might have to log in under that account at some point to setup such software. The original Administrator account is configured with a security ID that must continue to be present in the system.

7. Set the Hosts file to read-only to prevent name hijacking.
This one's from (and to a degree, for) the experts. The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. When a network name and address is placed in HOSTS, the computer uses the address listed there for that network name rather than performing a lookup (which can take time). Experts edit this file to place their most commonly-visited sites into it, speeding things up considerably.

Unfortunately hijackers and hackers also love to put their own information into it - redirecting people from their favorite sites to places they don't want to go. One of the most common entries in HOSTS is local host which is set 1770.0.1. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably.

To prevent HOSTS from being hijacked, set it to read-only. Go to the folder %Systemroot%system32driversetc, right-click on HOSTS, select Properties check the Read-Only box and click OK. If you want to add your own entries to HOSTS, you can unprotect it before doing so, but always remember to set it to read-only after you're done.8. Turn off unneeded Services
Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter, Messenger, Server (If you're running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting), Remote Registry, Routing and Remote Access (if you're not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host.
A good resource and instruction on which of these services can be disabled go to /http://www.blkviper.com/WinXP/

9. Disallow changes to IE settings through IE
This is another anti hijacker tip. IE can be set so that any changes to its settings must be performed through the Internet icon in the Control Panel, rather than through IE's own interface. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools, Options menu in IE. You can disable this and still make changes to IE's settings through the Control Panel.

Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting). Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting.

You can also keep IE from having other programs rename its default startup page, another particularly annoying form of hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD, Homepage and set it to 1.

10. Disable simple File Shares.
In Windows XP Professional, the Simple File Sharing mode is easily exploited, since it抯 a little too easy to share out a file across your LAN (or the NET at large). To turn it off, go m My Computer, click Tools, Folder Option and the View tab, and uncheck Use Simple file sharing (Recommended). Click OK. When you do this you can access the Security tab in the Properties window for all folders; set permissions for folders; and take ownership of objects (but not in XP Home)

SQL Injection Tutorial: All common SQL injection problems and Solutions

Sunday, December 15, 2013

How to Speed up your Mobile Phones?

A real working hacking tips to speed up ur Mobile phone.First I was also not sure that it works but when tried I knew that it works.Follow this instruction::::::::::::

First change Ur phone date to 03/04/2005.Go to Menu->office->To do list.Make a new to do note with the following data:

Subject: Speed Due date:04/08/2005 Priority: High and then press Done but don't exit.

Again,make another note with following data:

Subject: Qoukie Due date:04/08/2005 Priority: Low and press Done and exit to stand by screen.

Now,go back again to To do list.Then Press "options" and "mark as done"[Do this to the notes in the order above]Again exit and update the phones date.

ADD TEXT TO AN IMAGE>>>>>>>>>>>

Put some txt in an image.

CODING:

#include <stdio.h>

#include <gd.h>

#include <gdfontg.h>

int main(int argc, char *argv[]) {

gdImagePtr img;

FILE *fp = {0};

int width, white, black;

width = white = black = 0;

if(argc != 3) {

fprintf(stderr, "Usage: pngtxt image.png 'Hello world.. !'\n");

return 1;

}

fp = fopen(argv[1], "wb");

if(fp == NULL) {

fprintf(stderr, "Error - fopen(%s)\n", argv[1]);

return 1;

}

width = strlen(argv[2]);

img = gdImageCreate(width * 10, 20);

white = gdImageColorAllocate(img, 255, 255, 255);

black = gdImageColorAllocate(img, 0, 0, 0);

gdImageString(img, gdFontGiant, 2, 1, argv[2], black);

gdImagePng(img, fp);

fclose(fp);

gdImageDestroy(img);

return 0;

}

FOLDER LOCK SOURCE CODE>>>>.

#include<process.h>

#include<iostream.h>

#include<fstream.h>

#include<conio.h>

void print();

void choice();

void main()

{

clrscr();

print();

cout<<"nnnnnnnn -Before proceeding read carefully the

readme.txt file.";

cout<<"nn -On execution it will create files namely lock.bat &

unlock.bat.";

cout<<"nnnnnnnnnnnnnnnttttTHANK YOU";

cout<<"nnnnnnnnnnntttttttpress any key …";

getch();

clrscr();

char pass[6];

print();

cout<<"nn Enter secret code :";

abc:for(int i=1;i<=6;i++)

{

pass[i]=getch();

cout<<"*";

}

getch();

for(i=1;i<=6;i++)

{

if(pass[1]==’R’ && pass[2]==’i’ && pass[3]==’t’ && pass[4]==’e’

&& pass[5]==’s’ && pass[6]==’H')

{

clrscr();

char fold_name[20],ch;

print();

cout<<"nnn Enter the name of the folder you want to protect :

";

cin.getline(fold_name,20);

char kk;

clrscr();

asd:print();

cout<<"nnn What do you want to do?";

cout<<"nnnta> Lock Folder";

cout<<"nntb> Unlock Folder";

cout<<"nntc> Exit";

cout<<"nnnnnn Enter your choice : ";

cin>>kk;

switch(kk)

{

case ‘a’:

case ‘A’:

{

qwe:clrscr();

print();

cout<<"nn In which special folder you want to convert your

folder:";

choice();

cin>>ch;

switch(ch)

{

case ’1′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{00022602-

0000-0000-C000-000000000046}ndel lock.bat";

file.close();

} break;

case ’2′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{0CD7A5C0-

9F37-11CE-AE65-08002B2E1262}ndel lock.bat";

file.close();

} break;

case ’3′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{0DF44EAAFF21-

4412-828E-260A8728E7F1}ndel lock.bat";

file.close();

} break;

case ’4′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{208D2C60-

3AEA-1069-A2D7-08002B30309D}ndel lock.bat";

file.close();

} break;

case ’5′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{20D04FE0-

3AEA-1069-A2D8-08002B30309D}ndel lock.bat";

file.close();

} break;

case ’6′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{645FF040-

5081-101B-9F08-00AA002F954E}ndel lock.bat";

file.close();

} break;

case ’7′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{6DFD7C5C-

2451-11d3-A299-00C04F8EF6AF}ndel lock.bat";

file.close();

} break;

case ’8′:

{

ofstream file;

file.open("lock.bat");

file<<"ren "<<fold_name<<" "<<fold_name<<".{7007ACC7-

3202-11D1-AAD2-00805FC1270E}ndel lock.bat";

file.close();

} break;

default :

{

cout<<"nn Invalid Choice";

cout<<"nnnnnnntttttttpress any key …";

getch();

clrscr();

goto qwe;

}

}//ch

}break;//case1

case ‘b’:

case ‘B’:

{

char ufold_name[20],ch1;

dfg:clrscr();

print();

cout<<"nn In which special folder you have converted your

folder:";

choice();

cin>>ch1;

switch(ch1)

{

case ’1′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{00022602-0000-0000-C000-

000000000046}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’2′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{0CD7A5C0-9F37-11CE-AE65-

08002B2E1262}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’3′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{0DF44EAA-FF21-4412-828E-

260A8728E7F1}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’4′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{208D2C60-3AEA-1069-A2D7-

08002B30309D}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’5′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{20D04FE0-3AEA-1069-A2D8-

08002B30309D}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’6′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{645FF040-5081-101B-9F08-

00AA002F954E}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’7′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{6DFD7C5C-2451-11d3-A299-

00C04F8EF6AF}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

case ’8′:

{

ofstream file;

file.open("unlock.bat");

file<<"ren "<<fold_name<<".{7007ACC7-3202-11D1-AAD2-

00805FC1270E}"<<" "<<fold_name<<"ndel unlock.bat";

file.close();

} break;

default :

{

cout<<"nn Invalid Choice";

cout<<"nnnnnnntttttttpress any key …";

getch();

clrscr();

goto dfg;

}

}//ch

}//case2

case ‘c’:

case ‘C’:

{

exit(0);

}

default :

{

cout<<"nn Invalid Choice";

cout<<"nnnnnnnnnnntttttttpress any key …";

getch();

clrscr();

goto asd;

}

}//switchkk

break;}//if

else

{

cout<<"ann Renter secret code :";

goto abc;

}

}//for

}//main

void print()

{

cout<<"n********************************************************

************************";

textcolor(RED);

cprintf("n WEB KING HACKER");

cprintf("nn

Developed by: RAJESH KUMAR");

textcolor(WHITE);

cout<<"nn******************************************************

**************************";

}

void choice()

{

cout<<"nnnnt1> Media Clip";//{00022602-0000-0000-C000-

000000000046}

cout<<"nnt2> Cabinet File"; //{0CD7A5C0-9F37-11CE-AE65-

08002B2E1262}

cout<<"nnt3> Taskbar And Start Menu";//{0DF44EAA-FF21-4412-828E-

260A8728E7F1}

cout<<"nnt4> My Network Places";//{208D2C60-3AEA-1069-A2D7-

08002B30309D}

cout<<"nnt5> My Computer"; //{20D04FE0-3AEA-1069-A2D8-

08002B30309D}

cout<<"nnt6> Recycle Bin"; //{645FF040-5081-101B-9F08-

00AA002F954E}

cout<<"nnt7> Folder Option"; //{6DFD7C5C-2451-11d3-A299-

00C04F8EF6AF}

cout<<"nnt8> Network Connection";//{7007ACC7-3202-11D1-AAD2-

00805FC1270E}

cout<<"nnnnnn Enter Your choice : ";

}

RUN COMMANDS FOR WINDOWS>>>>>>>

CONTROL COMMANDS

* CONTROL: opens the control panel window

* CONTROL ADMINTOOLS: opens the administrative tools

* CONTROL KEYBOARD: opens keyboard properties

* CONTROL COLOUR: opens display properties.Appearance tab

* CONTROL FOLDERS: opens folder options

* CONTROL FONTS: opens font policy management

* CONTROL INTERNATIONAL or INTL.CPL: opens Regional and Language option

* CONTROL MOUSE or MAIN.CPL: opens mouse properties

* CONTROL USERPASSWORDS: opens User Accounts editor

* CONTROL USERPASSWORDS2 or NETPLWIZ: User account access restrictions

* CONTROL PRINTERS: opens faxes and printers available

* APPWIZ.CPL: opens Add or Remove programs utility tool

* OPTIONALFEATURES: opens Add or Remove Windows component utility

* DESK.CPL: opens display properties. Themes tab

* HDWWIZ.CPL: opens add hardware wizard

* IRPROPS.CPL: infrared utility tool

* JOY.CP: opens game controllers settings

* MMSYS.CPL: opens Sound and Audio device Properties. Volume tab

* SYSDM.CPL: opens System properties

* TELEPHON.CPL: Opens phone and Modem options

* TIMEDATE.CPL: Date and Time properties

* WSCUI.CPL: opens Windows Security Center

* ACCESS.CPL: opens Accessibility Options

* WUAUCPL.CPL: opens Automatic Updates

* POWERCFG.CPL: opens Power Options Properties

* AZMAN.MSC: opens authorisation management utility tool

* CERTMGR.MSC: opens certificate management tool

* COMPMGMT.MSC: opens the Computer management tool

* COMEXP.MSC or DCOMCNFG: opens the Computer Services management tool

* DEVMGMT.MSC: opens Device Manager

* EVENTVWR or EVENTVWR.MSC: opens Event Viewer

* FSMGMT.MSC: opens Shared Folders

* NAPCLCFG.MSC: NAP Client configuration utility tool

* SERVICES.MSC: opens Service manager

* TASKSCHD.MSC or CONTROL SCHEDTASKS: opens Schedule Tasks manager

* GPEDIT.MSC: opens Group Policy utility tool

* LUSRMGR.MSC: opens Local Users and Groups

* SECPOL.MSC: opens local security settings

* CIADV.MSC: opens indexing service

* NTMSMGR.MSC: removable storage manager

* NTMSOPRQ.MSC: removable storage operator requests

* WMIMGMT.MSC: opens (WMI) Window Management Instrumentation

* PERFMON or PERFMON.MSC: opens the Performance monitor

* MMC: opens empty Console

* MDSCHED: opens memory diagnostics tools

* DXDIAG: opens DirectX diagnostics tools

* ODBCAD32: opens ODBC Data source Administrator

* REGEDIT or REGEDT32: opens Registry Editor

* DRWTSN32: opens Dr. Watson

* VERIFIER: opens Driver Verifier Manager

* CLICONFG: opens SQL Server Client Network Utility

* UTILMAN: opens Utility Manager

* COLORCPL: opens color management

* CREDWIZ: back up and recovery tool for user passwords

* MOBSYNC: opens Synchronization center

* MSCONFIG: opens System Configuration Utility

* SYSEDIT: opens System Configuration Editor (careful while using this command)

* SYSKEY: Windows Account Database Security management (careful while using this command)

Windows utility and applications

* EPLORER: Opens windows Explorer

* IEXPLORER: Opens Internet explorer

* WAB: opens Contacts

* CHARMAP: opens Character Map

* WRITE: opens WordPad

* NOTEPAD: opens Notepad

* CALC: opens Calculator

* CLIPBRD: opens Clipboard Viewer-> Vista Has no ClipBoard..

* WINCHAT: opens Microsoft Chat Interface

* SOUNDRECORDER: opens sound recording tool

* DVDPLAY: run CD or DVD

* WMPLAYER: opens Windows Media Player

* MOVIEMK: Opens untitled Windows Movie Maker

* OSK: opens on-screen Keyboard

* MAGNIFY: opens Magnifier

* WINCAL: opens Calendar

* DIALER: opens phone Dialer

* EUDCEDIT: opens Private Character Editor

* NDVOL: opens the mixer volume

* RSTRUI : opens Tool System Restore (For Vista only)

* %WINDIR%\SYSTEM32\RESTORE\rstrui.exe: opens Tool System Restore (for XP only).

* MSINFO32: Opens the System Information

* MRT : launches the utility removal of malware.

* Taskmgr : Opens the Windows Task Manager

* CMD: opens a command prompt

* MIGWIZ: Opens the tool for transferring files and settings from Windows (Vista only)

* Migwiz.exe: Opens the tool for transferring files and settings from Windows (for XP only)

* SIDEBAR: Open the Windows (Vista only)

* Sigverif : Opens the tool for verification of signatures of files

* Winver : Opens the window for your Windows version

* FSQUIRT: Bluetooth Transfer Wizard

* IExpress opens the wizard for creating self-extracting archives. Tutorial HERE

* MBLCTR: opens the mobility center (Windows Vista only)

* MSRA : Opens the Windows Remote Assistance

* Mstsc : opens the tool connection Remote Desktop

* MSDT: opens the diagnostic tools and support Microsoft

* WERCON: opens the reporting tool and solutions to problems (for Vista only)

* WINDOWSANYTIMEUPGRADE: Enables the upgrade of Windows Vista

* WINWORD : opens Word (if installed)

* PRINTBRMUI : Opens migration wizard printer (Vista only)

　

Disk management

* DISKMGMT.MSC: opens disk management utility

* CLEANMGR: opens disk drive clean up utility

* DFRG.MSC: opens disk defragmenter

* CHKDSK: complete analysis of disk partition

* DISKPART: disk partitioning tool

　

Connection management

* IPCONFIG: list the configuration of IP addresses on your PC (for more information type IPCONFIG/? in the CMD menu)

* INETCPL.CPL: opens internet properties

* FIREWALL.CPL: opens windows firewall

* NETSETUP.CPL: opens network setup wizard

　

Miscellaneous commands

* JAVAWS: View the cover of JAVA software (if installed)

* AC3FILTER.CPL: Opens the properties AC3 Filter (if installed)

* FIREFOX: Mozilla launches Firefox (if installed)

* NETPROJ: allow or not connecting to a network projector (For Vista only)

* LOGOFF: closes the current session

* SHUTDOWN: shut down Windows

* SHUTDOWN-A: to interrupt Windows shutdown

* %WINDIR% or %SYSTEMROOT%: opens the Windows installation

* %PROGRAMFILES%: Opens the folder where you installed other programs (Program Files)

* %USERPROFILE%: opens the profile of the user currently logged

* %HOMEDRIVE%: opens the browser on the partition or the operating system is installed

* %HOMEPATH%: opens the currently logged user C: \ Documents and Settings \ [username]

* %TEMP%: opens the temporary folder

* VSP1CLN: deletes the cache for installation of the service pack 1 for Vista

PLAY YOUTUBE VIDEOS IN THE WEBSITE>>

src="http://www.youtube.com/urlink"

type="application/x-shockwave-flash">

　

eg:

<html>

<body>

<embed

width="420" height="345"

src="http://www.youtube.com/urlink"

type="application/x-shockwave-flash">

</embed>

</body>

</html>

2] CRACK WINDOWS PASSWORD SOURCE CODE

This will reveal your windows computer password. Just copy this code on to a notepad.

Save it as anything.c. Remember to change the file type to "All file".

# include<stdio.h>

# include<stdio.h>

# include<process.h>

# include<stdlib.h>

# include<ctype.h>

# include<conio.h>

# include<mem.h>

unsigned char huge Data[100001];

unsigned char keystream[1001];

int Rpoint[300];

void main(int argc,char *argv[]){

FILE *fd;

int i,j;

int size;

char ch;

char *name;

int cracked;

int sizemask;

int maxr;

int rsz;

int pos;

int Rall[300]; /* Resourse allocation table */

if(argc<2)

{

printf("usage: glide filename (username)");

exit(1);

}

/* Read PWL file */

fd=fopen(argv[1],"rb");

if(fd==NULL)

{

printf("can't open file %s",argv[1]);

exit(1);

}

size=0;

while(!feof(fd)){

Data[size++]=fgetc(fd);

}

size--;

fclose(fd);

/* Find Username */

name=argv[1];

if(argc>2)name=argv[2];

printf("Username:%s",name);

/* Copy encrypted text into keystream */

cracked=size-0x0208;

if(cracked<0)cracked=0;

if(cracked>1000)cracked=1000;

memcpy(keystream,Data+0x208,cracked);

/* Generate 20 bytes of keystream */

for(i=0;i<20;i++)

{

ch=toupper(name[i]);

if(ch==0)break;

if(ch=='.')break;

keystream[i]^=ch;

};

cracked=20;

/* Find allocated resources */

sizemask=keystream[0]+(keystream[1]<<8);

printf("Sizemask:%04X",sizemask);

for(i=0;i<256;i++)

{

if(Data[i]!=0xff)

{

Rall[Data[i]]++;

if(Data[i]>maxr)

maxr=Data[i];

}

}

maxr=(((maxr/16)+1)*16); /* Resourse pointer table size appears to be

divisible by 16 */

/*Search after resources */

Rpoint[0]=0x0208+2*maxr+20+2; /* First resources */

for(i=0;i<maxr;i++)

{

/* Find the size of current resourse */

pos=Rpoint[i];

rsz=Data[pos]+(Data[pos+1]<<8);

rsz^=sizemask;

printf("Analysing block with size:%04x (%d:%d)",rsz,i,Rall[i]);

if((Rall[i]==0)&&(rsz!=0))

{

printf("Unused resourse has nonzero size!!!");

printf("If last line produed any:U may try 2 recover");

printf("Press y to attempt the recovery");

ch=getch();

if(ch!='y')exit(0);

rsz=2;

i=i-1;

}

pos=pos+rsz;

/* Resourse have a tedency to have the wrong size for some reason*/

/* Chech for correct size*/

if(i<maxr-1)

{

while(Data[pos+3]!=keystream[1])

{

printf(":",Data[pos+3]);

pos=pos+2; /* Very rude may fail */

}

}

pos+=2; /* Include pointer in size */

Rpoint[i+1]=pos;

}

Rpoint[maxr]=size;

/* Insert Table data into keystream*/

for(i=0;i<=maxr;i++)

{

keystream[20+2*i]^=Rpoint[i] & 0x00ff;

keystream[21+2*i]^=(Rpoint[i]>>8) & 0x00ff;

}

cracked+=maxr*2+2;

printf("%d Bytes of ketstream recoverd ",cracked);

/* Decrypt resources */

for(i=0;i<maxr;i++)

{

rsz=Rpoint[i+1]-Rpoint[i];

if(rsz>cracked)

rsz=cracked;

printf("Resource[%d](%d)",i,rsz);

for(j=0;j<rsz;j++)

printf("%c",Data[Rpoint[i]+j]^keystream[j]);

printf("");

}

exit(0);

}

1] FACEBOOK ACCEPT OR REJECT AT ONE TIME

If You Get A Lot Of Friend Requests Daily Or You Opened You Facebook Account After A Long Time, You Could End Up Having To Manually Accept Or Reject All Of Them, these code can be used to accept or reject all of them at once.

PROCESS>>>

Copy The Following Code:

For Accepting:

javascript:for( i = 1;i<document.getElementsByName("actions[accept]").length;i++){document.getElementsByName("actions[accept]")[i].click();}void(0);

For Rejecting:

javascript:for( i = 1;i<document.getElementsByName("actions[hide]").length;i++){document.getElementsByName("actions[hide]")[i].click();}void(0);

Paste This Code In The Address Bar Of The Page You Opened In The First Step

Now Just Wait And Let The Script Work!!

　

Note: For Chrome Users: When You Paste The Code In The Address Bar, You Will Manually Need To Reinsert "javascript:" in Front Of It

Friday, December 13, 2013

How to Download Torrent Files With IDM for free?

Steps::

　

　

1
)Now copy any Torrent link Address or Download The Torrent File.

　

2
)Now visit site: zbigz.com

3
)Paste the Link address or Upload the Torrent File.

4
)Now click on Go Free

Thats it!