04/25/10 | Learn Ethical Hacking Tools Free Hacking Tricks How To Hack Hacking Passwords & Email Hacking

Saturday, May 1, 2010

Hack Gmail: How to Hack Gmail Account Password Using PRORAT Trojan & Phishing Attack

How to Hack Gmail Account Password

Note: This below mentioned methods are used to Hack Gmail Account Password. These methods can also be used to hack any other email account. I have just demonstrated it on how to hack Gmail Account Password.

You can also check how to hack a PC or remote system using Trojan & Backdoor

METHOD-1: How to Hack Gmail Account Passwords Using Phishing Attack

Step 1: Download Gmail fake login page and extract the contents into a folder. Visit here to download GMAIL FAKE PAGE

Step 2: Create your free account at , or and upload the extract files here.

Step 3: I have uploaded all files at t35.com. Simply upload all the extracted files here.

Step 4: Open you fake page, enter user name and password and try out whether its working. You fake page will be located at http://yoursitename.t35.com/Gmail.htm

Step 5: A password file will be created in the same directory and you can check it at http://yoursitename.t35.com/GmailPasswords.htm.

Now you are ready to hack Gmail accounts password. If you face any problem, post your comments here.

How hack Facebook accounts passwords -
How hack Twitter accounts passwords -

This post is for educational purpose only. holds no responsibility how you are using the downloaded files.

METHOD-2: How to Hack Gmail Account Passwords Using Trojans & Keyloggers

Here I am demonstrating using PRORAT trojan. You can also check the list of trojans & Keyloggers here which I have already posted few months back. You can use any trojan or keylogger as per your ease. The basic functionality of all backdoors are same. Pls make note that all these hacking tools and softwares are detected by antivirus. You have to uninstall or close you running antivirus first. I strictly recommend you to try these trojans & keyloggers on some testing system first.

Step-1: Download latest version of ProRat v1.9 Fix2. CLICK HERE to download. The ZipPass is : pro

STEP-2: Creating the ProRat server. Click on the "Create" button in the bottom. Choose "Create ProRat Server".

STEP-3: Open Notifications. Select second option "Mail Notification". In the E-MAIL field you will see a mail

id: . Remove this mail ID and give your own mail id here. You will receive a notification

email on this email id whenever you victim will be connected to internet from the infected system.

STEP-4: Open General settings. This tab is the most important tab. In the check boxes. here is a quick overview

of what they mean and which should be checked.

Key:

[ ] = dont check

[x] = check

[ ] Give a Fake Error Message. (when they open the file, it gives an error message.

[x] Melt server on install. (this will cause the server to ALWAYS connect to the internet when the victim gets

online)

[x] Kill AV - FW on Install. (this causes the anti-virus and firewalls to SHUT DOWN and stay off once installed

on the victim's computer.

[x] Disable Windows XP SP2 security center

[x] Disable Windows XP Firewall

[x] Clear Windows XP Restore Points

[ ] Dont send LAN notifications ( keeps other computers on the victim's network from knowing about you )

[ ] Protection for removing local server

In the Invisibility Box, check all 4 boxes.

STEP-5: Open Bind With File. You can bind your server\downloader server with a file that you want. You must

click on the ''Bind the server with a file'' button and then the file button will be activated. You can choose

a file to be binded with the server now. A good suggestion is a picture because that is a small file and its

easer to send to the people you need.

STEP-6: Open Server Extensions. I prefer using .exe files, because it is cryptable. Mostly crypters don't

support .bat/.pif/.com etc. So use .exe files.

STEP-7: Open Server Icon. You can select the one you want to use with the server from the small pictures on the

menu. You can use an icon from your computer also. Press the "Choose new icon" button.

STEP-8: After this, press "Create server", your server will be in the same folder as ProRat. A new file with

name "binded_server" will be created. Rename this file to something describing the picture.

[NOTE: PLS DO NOT OPEN THE FILE "binded_server" on your system.]

STEP-9: Sending this file "binded_server" to victim. You can send this trojan server via email, pendrive or if

you have physical access to the system, go and run the file.

From EMAIL, you can not send this file as it is because it will be detected as TROJAN OR VIRUS. Password protect this file with

ZIP and then email it. Once your victime download this ZIP file, ask him to unlock it using ZIP password. When

the victim will double click on the file, he will be in your control.

STEP-10: Connecting to the victim's computer. Once the server has been sent and the person has opened this ZIP

folder, they will now be infected with it. AND HAVE NO CLUE ABOUT IT!. On the top of the ProRat program you

will see a box in the upper left corner. Type in the victim's IP address and make sure the port is 5110. Now

press Connect. You should now see a pop-up box wanting to know a password. Remember the password you entered

while creating the server? that is what you need to type. By default, it is "123456" without quotes.

STEP-11: Check your email, (junk in needed), and find the “Your victim is online”. Copy and paste the IP

address onto ProRat where it says “IP:[127.0.0.1]“. Press CONNECT, DO NOT CHANGE THE PORT, if u did change it

back to 5110. Type in the password (default is usually 123456, it is in the email). Your done, now you can mess

with the buttons on the program. Especially the GIVE DAMAGE button. It will damage their pc by format, and will

make the computer useless.

FAQ:

Q: Error message:Windows cannot access the specified deice, path, or file. You may not have the appropriate

permissions to access the item. What do I do?

A: Simple! Delete the ProRat program. Delete it. What happen was, your AV has altered the file. OR it could be m

alacious content. Either way, delete it. NEXT, remember the file you downladed? Un extract the file again and

re run. You will not need to remake a server file and such if it has been sent to the victim. Just open ProRat

and make sure your AV is shut off. Reconnect. There ya go.

Q: What operating systems are supported by ProRat?

A: Windows 95/95B

Windows 98/98SE

Windows ME

Windows NT 4.0

Windows 2000

Windows XP

Windows Vista

Q: When I have downloaded ProRat, my antivirus detect it as virus. What should I do?

A: Well, since RATs are hacktools, and all the hack tools are detected as viruses, ProRat is detected as virus

also. To download and install ProRat you will need to turn off your anti-virus.

Q: What should I do after I install my server?

A: After you install your server, you should spread it. Few years back I have installed my server manually on

1000's of cyber cafe in my city. I hacked almost the entire city cafe users secret information. This is the

best way. Go to nearest cyber cafe's and manually install your trojan server.

Q: I've created a server, but I don't see it in the directory. Why?

A: That's caused by your antivirus. The server is detected, and it won't let it. I suggest you to remove your

antivirus if you are going to use RATs.

Q: I've send my server to a friend on MSN, but he doesn't connect.

A: That's because he has an antivirus or firewall and it won't let him to connect in your RAT. To make it

FUD(Fully Undetectable), you should use a crypter.

Q: Is ProRat illegal?

A: No. ProRat is a legal RAT. The author of ProRat created his program for legitimate purposes. For example,

there are many legal activities. Parents can use keyloggers to protect their children from online abuse etc.

Some people use it for stealing passwords, credit cards and more but it's not a software which breaks the law,

but the person who uses it.

Q: Can ProRat be used for legitimate purposes?

A: Yes. You can monitor your children online activity.. to make sure they don't visit pornographic websites.

You can find out if someone uses your computer while you are away, ensure no one is accessing your personal

files while you are away and more.

Q: How do I make my server FUD?

A: You should use a binder or crypter. Also check the below links how to make trojan or keylogger fully undetectable from antivirus.

Wrappers
How to bypass antivirus

THIS TUTORIAL HAS BEEN CREATED WITH THE HELP OF AN UNDERGROUND HACKER flAmingw0rm. THANKS TO YOU MAN TO MAKE

THIS POSSIBLE.

Readers, we don't want any thing from you in return except a thanks. Pls comment here so that we can post

better contents and improve the stuff quality.

Bangkok is an expansion city that is available for level 18+ players assuming they have Triad Coin, Yakuza Sake, Thai Note (collected from NY jobs) and Thai Passport. The energy and experience values for Bangkok jobs are different for players between levels 18-200 and 200+.

Bangkok has many new or updated aspects that are not seen in earlier cities, such as reputation, faction stores, boost producing businesses, four mastery levels and dynamic energy, experience and money payout values.

Factions and Reputation

The most visible new feature in Bangkok is the reputation system where you can earn reputation points towards either of the Bangkok factions, Triad or Yakuza.

As you gain more reputation with the factions you will be able to buy exclusive faction store items, unlock new episodes and businesses.

To gain reputation with a faction you must perform a choice point job for that faction or attack someone of the opposing faction in fight list. Doing a job will award you +3 (AND -1 for the opposing faction) reputation points while fighting awards +2 and -1. This means you can achieve maximum reputation with both factions at the same time and therefore get access to all reputation rewards.

Faction standing thresholds:

Hostile: 0 - 200 points

Suspicious: points

Neutral: points

Trusted: 0 points

Honored: 10 points

Allied: 10 points

The initial standing is 50/1500 towards both factions.

Noteworthy Reputation Rewards

Yakuza Assassin, strongest amassable offensive armor - Allied with Yakuza Gun Running Operation, offensive boost production business – Trusted with Yakuza Unlock Episode 5B – Trusted with Yakuza

Shaolin Bodyguard, strongest amassable defensive armor - Allied with Triad Yaa Baa Parlor, defensive boost production business – Trusted with Triad Unlock Episode 5A – Trusted with Triad

For a high energy account without much fighting capabilities a great way to gain reputation fast is to do FIRST mastery choice point jobs in the early Bangkok episodes when the energy costs are at their lowest, you will still gain +3 and -1 per job done but gaining mastery will increase energy costs significantly but reputation point gains per job remain unchanged.

For normal accounts, fighting in Bangkok will give you all the reputation you need (while giving you $B as well).

Dynamic payouts and energy costs

In order to master an episode in Bangkok you need to fully complete it four times instead of the normal three. This makes for a whole lot of extra skill points but acquiring the mastery item from each episode takes significantly longer than you might be used to.

On top of this, energy costs increase each time you master an episode. The energy cost increases by 33% in the second level, by 66% in the third level and by 100% in the fourth level. Also, mastery % progression works a bit differently in Bangkok. The second level mastery increases are 75% of the first level, the third level mastery increases are 50% of the first level and the fourth level mastery increases are 25% of the first level.

For example: (standard rounding is used)

First level % mastery increase = 6% per job.

Second level % mastery increase = 0.75 * 6 = 5% per job

Third level % mastery increase = 0.5 * 6 = 3% per job

Fourth level % mastery increase = 0.25 * 6 = 2% per job

First level energy cost = 39

Second level energy cost = 39 * 1.33 = 52

Third level energy cost = 39 * 1.667 = 65

Fourth level energy cost = 39 * 2 = 78

What’s interesting is that the experience amounts (and money payouts) grow as well but in different proportion. Meaning that the exp/energy ratios change as well, for example a job might have 1.5 ratio on the first mastery but 1.97 on the fourth mastery. This makes it very beneficial for energy accounts to achieve 4th mastery of an episode so they can abuse the high ratio for consecutive level ups (energy refills).

So if you are wondering what a farmer account should do: keep farming with low energy costs and low drop rate or master first for higher drop rate AND a ratio that supports consecutive leveling? The answer is pretty clear that you should master first as you will be stuck after one load of energy when doing a bad ratio job anyway.

Bangkok Business

The money making businesses in Bangkok are a horrible, horrible investment. Currently it takes 50 days to get your initial investment back, twice as long as in Cuba! So I don’t recommend buying the businesses in their current state at all.

Buying businesses for drug shipments and pirates is a necessity unless you can get them from somewhere else. Pirates especially are needed even after mastering Bangkok to farm the only upgrade from Moscow.

The boost producing businesses are a good investment (if you fight). The boosts produced give a noticeable difference (+32 attack or defense) unlike hot coffees and pairs of eyes but most importantly they are amassable and therefore you will actually use them for most of your fights, unlike smoke grenades or other high end boosts which you don’t even notice before they are gone. Unfortunately it takes $B40,000,000 to fully upgrade both boost producing businesses and you’d probably be much better off with 90~ Yakuza Assassins or Shaolin Bodyguards.

Friday, April 30, 2010

Data Recovery Software Free Download Full Version

Try the Kernel TM Recovery range of Best Selling hard disk data recovery software & file repair products, for recovering deleted files or corrupt files data, which gets lost due to following reasons -

» Format of a hard drive partition

» Partition structures are damaged or deleted

» Unexpected system shutdown or software failure

» Accidental File Deletion

» Virus Infection or Corruption

» Various Kind of File System Corruption

» File Corruption

» Bad Sectors

Programs in the AIO:

Digital Media Data Recovery 4.02
Exchange OST to PST Conversion 4.04.03
FAT Partition Recovery 4.03
Foxpro DBF File Recovery 5.01
IncrediMail Email Recovery 4.02
Linux Data Recovery 4.03
Linux JFS Partition Recovery 4.02
Linux ReiserFS Partition Recovery 4.02
Macintosh Data Recovery 4.04
MS Access Recovery 4.04.05
MS Backup File Recovery 4.05.01
MS Powerpoint Recovery 4.05.01
MS Publisher Recovery 4.04.01
MS Word Recovery 4.03
NFTS Partition Recovery 4.03
Novell NSS Partition Recovery 4.03
Novell Traditional Partition Recovery 4.03
Outlook Express DBX Mail Recovery 4.02
Outlook Express Password Recovery 4.02
Outlook PST Password Recovery 4.02
Palm Pilot Database File Recovery 4.03
Paradox Database File Recovery 4.03
SCO OpenServer Data Recovery 4.01
Solaris Intel Data Recovery 4.04.01
SPARC Data Recovery 4.01
SQL Server Password Recovery 4.02
Tape File Recovery 4.02
Undelete 4.02
VBA Password Recovery 4.02
Universal keygen

DOWNLOAD HERE LINK-1

DOWNLOAD HERE LINK-2

Extract it
Mount it
Enjoy!

How to Access Blocked Websites at Work, Office & School Using UltraSurf

Download UltraSurf

UltraSurf is a free software which enables users inside countries with heavy Internet censorship to visit any public web sites in the world safely and freely. Users in countries without internet censorship also use it to protect their internet privacy and security.

Installation:

It's a small, green software. No installation needed. You need to unzip the file if you download the zip version. Double-click the UltraSurf executable file to start UltraSurf program.

DOWNLOAD HERE

Settings:

All best settings has been shown above to use this software. Follow the same.

Unzip the downloaded file.
Click on .exe
Click on option at top
In new windows, click on proxy settings in the bottom
Click on Auto-Detect Proxy Option as shown above
Click OK and close all windows.
Reopen the software by clicking in the .exe
Wait for few seconds to connecting the server.
Once the ultrasurf connected to server, it will show- Successfully connected to server
The right side speed bar will auto generated after connected to server.
IE will open automatically. Close this IE.
Download . This is my recommendation because this software is best compatible with google chrome.
PLS DNT TRY ULTRASURF WITH MOZILLA FIREFOX.

Once you successfully connected check the above settings in your IE. The Address will show 127.0.0.1 and port 9666. It means you are ready to open blocked websites.

Install Google chrome and open it. NOW OPEN ANY WEBSITE AND ENJOY.

If you face any problem using this software, just leave a comment here.

How to Block Porn & Adult Websites | Download Anti-Porn Pro 2010

Multilingual contents filtering - Anti-Porn supports real-time filtering or blocking porn websites, which is writed in English, Japanese, Korean, Russian, German, Franch, Spanish, simplified Chinese, traditional Chinese. AI to restrict games - Anti-Porn can determine which program is a game by itself. The parents needn't to add any game to a blacklist. Hide completely - You could not find Anti-Porn whether in the explorer or in the task manager. Everyone could not close or remove Anti-Porn without password.

DOWNLOAD HERE

CommView 'cv2k1.sys' Driver Local Denial of Service Vulnerability

Bugtraq ID: 39705

Class: Input Validation Error

CVE:

Remote: No

Local: Yes

Published: Apr 26 2010 12:00AM

Updated: Apr 27 2010 04:52PM

Credit: p4r4noid

CommView is prone to a local denial-of-service vulnerability. Successful exploits will allow attackers to cause a local denial-of-service condition; other attacks may be possible. The issue affects versions prior to CommView 6.1 Build 644.

Attackers can use standard tools to exploit this issue. CLICK HERE for code.

Solution:

Updates are available.

Thursday, April 29, 2010

How to Limit Denial of Service (DOS) Attack Damage

You may not think you are at risk of a DOS attack, especially if you operate a small web site, but if you cross paths with the wrong person, you could end up in the cross hairs of someone who could take your site down. Many smaller sites are finding themselves under attack these days because they are most vulnerable.

Resisting off a DOS attack can be a very difficult task. Once your site is under attack, you are really pretty limited in the way you can respond. The following steps will not only help you minimize the damage a DOS attack can inflict on your business, but help reduce the chances of one taking place at all.

1. Be familiar with your hosting company

As part of your hosting selection process, be sure you have a complete understanding of their security measures. Check with them on how they will help you should your site come under attack. Do they have a team of security experts that will assist you? What kind of prevention measures do they take at the network level?

2. Keep Operating Systems and Software up to date

Your host isn't the only responsible party. Security holes in operating systems as well as software programs can also be responsible for allowing DOS attacks. Be sure your anti virus and spyware programs are up to date at all times on all the machines you use in your business. Be sure you've got your computers set to download security updates to your OS and other software programs automatically.

3. Increase server capacity

The more server capacity you have, the better off you'll be to handle your traffic and fend off a DOS attack. A DOS attack works by increasing the demand on your site and takes it to a point where there is no more capacity to allow more visitors on the site. With larger capacities, you can help stave off smaller DOS attacks.

4. Report all attacks

If you find your site under attack, report the attack to the FBI immediately. The FBI maintains a specific division to handle these situations. The Internet Crime Complaint Center, or ICC, handle a myriad of Internet complaints, from fraud to DOS attacks. They can be reach at ic3.gov.

5. Block the additional traffic

Working with your hosting company, you can actually block traffic coming from what appear to be suspicious IP addresses. Your hosting company will likely have a list of known problem IP addresses and can also find out where the majority of the increased traffic is coming from and block it. Sure, you could end up blocking legitimate customers, but this until the problem is resolved, at least your site would continue to operate.

6. Be on top of things

As these DOS attacks continue to increase, both in the type of attacks as well as the frequency, you've got to stay on top of security issues. The best way to prevent attacks may just be with your knowledge of what's going on at any given point in time. Do a search online for message boards / forums / blogs that discuss such issues and read them on a regular basis so you'll know what's happening regarding DOS attacks. A great site for keeping on top Internet security issues is the Computer Crime Research Center. You can find them at crimeresearch.org

This article has been posted by Warren. Warren has been writing articles and producing how to courses online since 2005. He specializes in online business issues and currently operates a number of websites in a number of different niches.

Best Stress Management Book Review | Book on Human Relations by Dr.Pal

Hi readers...since long time, I am looking internet for some best stress management books. Few months back, I found this book. I am not a good reader but I have completed this 206 page book in just 2 days. I really found a change in me.

Only after reading the book and implementing the techniques mentioned in the book, I can feel the change myself. You can see that I have dedicated this blog to Life Care Foundation, only because the way of working of this NGO is full proof. They provide you 100% satisfaction.

I have discussed few thing with the MD of this NGO, and I really impressed the way of his thinking. He truly THINK OUT OF THE BOX.

Book your copy today online: CLICK HERE

After reading this book, I came to know that How to deal with worst situation and how to spread positive energy around you. The most enjoyable part of this book was, how to make happy your spouse. I am single, but the facts which are mentioned helped me a lot to understand my mother. Earlier I was bit confused that why sometimes she is behaving like this. After knowing the facts, now I am smiling even if she is shouting on me....and the best part is that, after looking on my smiling face.....she feel much better and all her tensions and stress vanished with in a second.

Here I concluded that, she is a mother...and she is a woman also...so to control her stress due to her BY DEFAULT nature.....the best way is to make her happy and satisfied her by fulfilling her basic needs and requirement...and it is to see her child happy and always smiling...and I have done the same.....keep smiling in front of her always.

The few terms coined in this book like I.C. therapy, human engineering and treat for tat are quite interesting. I would like to discuss all these 3 terms here.

I.C. Therapy: According to me, this is not a new therapy. The author named it as I.C. Therapy and presented in very effective manner. Whenever I am doing any wrong thing or make any wrong decision consciously or unconsciously, I usually think about it and again and again. Try to talk with myself and explore, which force driven me to make that wrong decision.

Here I would also like to share another effective therapy I am using to get effective results..and that is Doing the same thing over and over again and expecting different results.

Human Engineering: I am calling this as a SOCIAL ENGINEERING. It is art of manipulation. This term is very common in Internet world. This is one of the best and effective way of hacking. YES...I am talking about computer hackers. They are using social engineering to hack in to the networks. People are Easier to Hack then Networks.

A very good article is posted @

https://freehacking.net/2010/03/what-is-social-engineering-art-of.html

Treat for tat: This is a new term for me and I also recommend to all you readers that go thro once and you will feel the change.

I wish say you good luck to Life Care Foundation and awaiting the next book from Dr.Pal.

Book your copy today online: CLICK HERE

Other related posts:

Tit For Tat To Treat For Tat - A Holistic Journey | Book on Human Relations & Stress Management by Dr.Pal

Life Care Foundation: A Registered N.G.O dedicated in the field of stress management and drug de-addiction

Microsoft iGlobul IGB Technologies fraud & Complaints | A Gurgaon Based Company Make Fake Promises

Hi All.....few days back I met with an very funny incident, which I would like to share with all your guys. I am posting this article because I want to save all innocent guys. This is a case of 420 fraud. This is also a best example of social engineering. How ppl make fool you to get your secret information. All the below information is purely based on reviews available on internet & my personal experience. If you search on google, you will see a lot of fraud & Complaints against iGlobul IGB Technologies.

iGlobul Technologies is a company which promises to provide you the dealership of an online mall. This company "IGLOBUL" charges Rs.13000 (approx) for building you web site and SEARCH ENGINE OPTIMIZATION of your micro site. And if you type the name IGLOBUL in google search, the first search link you will get is www.consumercomplaints.in ... ha ha ha ha ha ha........ if this kind of SEO they are able to provide for their Parent site...GOD HELPS their micro site owners...

So the story begins....I received a call from one girl related to website. She said that they will create a online shopping portal for me and blah blah blah...... I tried to get rid from her but the poor lady might trying to sell me the website only to achieve her targets. As I am very well aware about all such websites related things so I fixed up meeting with the sales person.

HERE I AM NOT GOING TO HIDE ANY NAME OR MOBILE NUMBER. I AM GOING TO PUBLIC ALL SUCH CHU**YA LOG. EVERY NUMBER AND NAME PUBLISHED OVER HERE IS REAL. YOU CAN CALL THEM AND CHECK. IF YOU WANT TO F**K THEIR ASS ON PHONE....I DON'T HAVE ANY PROBLEM.

Once you fix up the meting with sales guy, he will come to you. The poor guy Shivendu mobile number +91-9582202004 came to me. Here I would like to mention that his dressing sense was pathetic. Well I am not going to explain his personality....becoz he was almost 6 feet tall...a very thin blackish dark complexion. From internet, I also found one more sales person. His name is Gautam mobile number is 9718277248.

They will try to excite like: "Sir, do you have money" , "Sir I don't understand why you are not interested with such a wonderful product" , "This is a saperate bussiness for you, and you can make upto 50,000 per month"....BULLSHIT MAN. If this is the case, why they themselves not doing the same.

The Sale pps will promise you that they will add at least two member under you & 11,000/- will be return after 3 referels (2000per referral and 5000 of bonus) ASAP, which is 100% fake. If you follow their promise, you will only get lame excuses like it's month closing & nothing else. If you take this matter to there seniors, they will direct deny we don't gives promises like this if sales person doing this promises it's his responsibility. we are not libel for this.

All the product which are listed on site like www.myebazaar.com are all actually priced in dollar. At the time of payment you will get total different amount to be pay . Excuse (iglobul):- We are trying to get indian payment gateway our deal is going on with ICICI and HDFC and soon we will get indian payment gateway till that we are using paisapay US gateway.

They are only interested in selling the online mall and not the products. Their major chunk of earning is coming by giving membership. And most importantly they control your eMalls entirely. Even the contact numbers at the bottom of the eMall belongs to them. Tomorrow when their website is popular all they will have to do is to put up a direct sales number in all the websites, and you will be able to do nothing about it.

As per Mr.Ashutosh Srivastav - One of my friend ordered Shirt and trouser (Order id # 214) using direct bank deposit in there ICICI bank account in Sec-14 Gurgaon. The payment was successful and it was cleared as soon as I made the payment. But now the condition is that the item is still in Open status. I have been trying to call them but still no body has responded me. If you call on the customer care number as mentioned on their web site, it seems that it's a Home phone connection and each time some ignorant person will pick your phone and say that the person who sees all these things is not here. And we will call you after some time. But I did not get a call back. At present my 15,000 INR are with them.

Also check the site they are providing is too dull and dead looking. It looks like developed by some school student. I can make better websites with good looking and fully customize..AND THE MOST AMAZING THING IS THAT THEY ARE CHARGING 13,000/- FOR SUCH A HEBETUDINOUS WEBSITE. YOU CAN CHECK IT @ . No server support & they are running there marketing portal on zencart which is free to use.

If you go to there office, its like AAJ HAI KEL KA PATA NAHI....A smoking khokhaa OR small tea stall is much better than iGlobul IGB Technologies office. They are just around 20 people company in Uddyog Vihar. You will never find CEO in office. All you will find is bunch of marketing guys.

As per neeraj83 - I have worked with this company for less than one month. When I came to know that this company is fraud, I resigned. They commits that they have franchise of more than 200 brands which they don't have. They say that they are the partner of Microsoft which they are not. Everything they commit is false. Prices on their portal are much hire then market. They never disclose the name of the owner of the company. Mr. Anant & Mr. Neeraj hire needy people and exploit them. All positive comments regarding this company on internet are written by the employees.. so ignore them.

iGlobul IGB Technologies claiming that they are registered under Mcrosoft Bizspark. So let me clear that any IT company can be registered under Mcrosoft Bizspark. There are so may companies under bizspark as there is no fees to register, only some conditions are there like its related to IT, turnover shud not be more than XX amount. Its mainly for 2 years and after 2 years there is a meagre fees of 200 to 300 dollars. Also their is no company tie ups. They prchase it from distributor and sell product at reduced price. Their is no dealers bills. They mainly earn thru delivery charges. They make fool of everybody.

AND MICROSOFT DOES NOT TAKE ANY GUARRANTY OF THESE BIZ SPARK COMPANIES.. ITS CLEARLY MENTIONED ON MICROSOFT WEBSITE...

This company is not even registered... So I suggest all of you (employees or non employees)... Do not go IGB as it is said that unregistered companies are fake companies.

As per Mr.Pritam Singh - A Gurgaon based company Iglobul pvt. ltd. provides IT related services. their marketing executive along with manager provide me fake information to convince me to purchase their E-Mall, they miss guide me like :

1) Their Company have partnership with more than 250 reputed companies like Samsung, HP, Sony, LG, Nokia, Adidas, etc. in sales

2) if some body purchase any thing from my e-mall the delivery will be free in gurgaon

3) Iglobul will provide the bill of the concern company not their, to customer so that he/she will get warranty directly from company

4) Company will do marketing of our E-malls

5) the rates will be unbeatable to market

6) regular update of website and products

After purchasing e-mall when I tried to contact marketing executive, he said that he left the company. I tried to contact their IT person Mr. Sandeep Yadav, he also told me to left company. This company is making fool & provides zero output. you can check their price updates on my e-mall at http://friendscomputersonline.com

Apna paisa bachana hai to Big Bazaar se product le lo.

Wednesday, April 28, 2010

Title: Google Apps Hacks

Author: Philipp Lenssen

Publish date: April 17, 2008

Format: CHM

Language: English

Size: 11,8 MB

ISBN-10: 059651588X

Description:

I happily take advantage of a number of Google applications such as Gmail, iGoogle, Google Calendar, and a few other things. But there's more to the Google Apps family than that, and I know I'm not getting all I can out of the offerings. After going through Google Apps Hacks by Philipp Lenssen, I have a number of new tricks to try out both on stuff I already use as well as a few other apps. Fun stuff!

Windows XP Hacks Download Second Edition

By Preston Gralla | Publisher: O'Reilly Media | Released: February 2005 | Pages: 576 | Size: 13 MB

A smart collection of insider tips and tricks, Windows XP Hacks, Second Edition covers the XP operating system from start to finish. Among the multitude of topics addressed, this must-have resource includes extensive coverage of hot-button issues such as: security web browsing controlling the control panel removing uninstallable XP components pop-up ads You'll also find timesaving hacks for file distribution; digital media, such as iTunes; and high-visibility web software, services

DOWNLOAD HERE

Free Hacking Softwares & Tools Download Here

ipEye 1.2 - ipEye is a TCP port scanner for Windows 2000 that can do SYN, FIN, Null and Xmas scans.

Click Here Read More

Click Here to Download

IPSecScan - IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled.

Click Here Read More

Click Here to Download

NetScanTools - NetScanTools consists of many independent network functions joined together in a single tabbed window.

Click Here Read More

Click Here to Download

SuperScan Network Scanner - SuperScan is a powerful TCP port scanner, that includes a variety of additional networking tools like ping, traceroute, HTTP HEAD, WHOIS and more.

Click Here Read More

Click Here to Download

Cheops (KEE-ops) is a Network management tool for mapping and monitoring the network. It has host/network discovery functionality as well as OS detection of hosts.

Click Here Read More

Click Here to Download

ARIN allows search on the whois database to locate information on networks autonomous system numbers (ASNs), network-related handles and other related point of contact (POC).

Click Here Read More

Click Here to Download

NeoTrace is a diagnostic and investigative tool. It traces the network path across the Internet from the host system to a target system anywhere on the Internet.

Click Here Read More

Click Here to Download

VisualRoute is a graphical tool that determines where and how traffic is flowing on the route between the desired destination and the user trying to access it, by providing a geographical map of the route, and the performance on each portion of that route.

Click Here Read More

Click Here to Download

SmartWhois is a network information utility that allows the user to find all the available information about an IP address, hostname, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information.

Click Here Read More

Click Here to Download

VisualLookout provides high level views as well as detailed and historical views that provide traffic information in real-time or on a historical basis.

Click Here Read More

Click Here to Download

I will post more hacking softwares & tools soon. Till then keep visiting. Don't forget to subscribe my feeds, so that you won't miss any latest post from this site. You can VISIT HERE for more similar hacking tools & softwares.

If you are looking for any specific software or tool, leave a comment here. I will try to get it.

CommView cv2k1.sys Denial of Service Vulnerability

Description

p4r4noid has reported a vulnerability in CommView, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the cv2k1.sys kernel driver when processing IOCTLs. This can be exploited to cause a system crash via a specially crafted 2578h IOCTL.

The vulnerability is reported in version 6.1 Build 642 and prior.

Solution

Update to version 6.1 Build 644.

Provided and/or discovered by

p4r4noid, Corelan

Original Advisory

http://www.corelan.be:8800/advisories.php?id=CORELAN-10-030

CLICK HERE FOR MORE DETAIL

Tuesday, April 27, 2010

Social Engineering Techniques & Attack Examples

Yesterday I received an Email from one of our reader regarding, "How I can perform social engineering attack?"

While reading books on Social Engineering, I have found few very nice attack methods which I would like to share with you guys. PLS USE AT YOUR OWN RISK.

During a penetration test on the physical security of an organization, if social engineering is used,

the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust towards the organization, leading to law suits and loss of productivity of the organization.

METHOD-1: Below is step by step method.

This method consists of four different characters

Security officer - an employee responsible for the security of the organization. The security officer orchestrates the penetration test.

Custodian - an employee who owns the assets, sets up and monitors the penetration test.

Penetration tester - This is the person who will perform SOCIAL ENGINEERING ATTACK.

Employee - person in the organization who has none of the roles above.

Below Tricks you can use If you are really hungry.

METHOD-2: You can go into a self-service cafeteria and finish the meal of someone who left a lot on the plate. Self-service restaurants are usually good places to cop things like mustard, ketchup, salt, sugar, toilet paper, silverware and cups for home use. Bring an empty school bag and load up after you've cased the joint. Also, if you can stomach the food, you can use slugs at the automat. Finishing leftovers can be worked in even the fanciest of restaurants. When you are seated at a place where the dishes still remain, chow-down real quick. Then after the waitress hands you the menu, say you have to meet someone outside first, and leave.

METHOD-3: In fancy sit-down restaurants, you can order a large meal and halfway through the main course, take a little dead cockroach or a piece of glass out of your pocket and place it deftly on the plate. Jump up astonished and summon the headwaiter. "Never have I been so insulted. I could have been poisoned" you scream slapping down the napkin. You can refuse to pay and leave, or let the waiter talk you into having a brand new meal on the house for this terrible inconvenience.

NOTE: In all these methods, you should leave a good tip for the waiter or waitress, especially with the roach-in-the-plate gambit. You should try to avoid getting the employees in trouble or screwing them out of a tip.

METHOD-3: One fantastic method of not only getting free food but getting the best available is the following technique that can be used in metropolitan areas. Look in a large magazine shop for gourmet digests and tourist manuals. Swipe one or two and copy down a good name from the masthead inside the cover. Making up a name can also work. Next invest 50/- RS to print business cards with the name of the magazine and the new "associate editor." Call or simply drop into a fancy restaurant, show a copy of the magazine and present the manager with your card. They will insist that the meal be on the house.

In the same manner, you can also perform your attacks.

What is Pen-Testing? | Pen-Testing vs.Vulnerability Assessment | How Vulnerabilities Are Identified?

What is Pen-Testing?

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, price lists, databases and other protected information.

The main thing that separates a penetration tester from an attacker is permission. The penetration tester will have permission from the owner of the computing resources that are being tested and will be responsible to provide a report. The goal of a penetration test is to increase the security of the computing resources being tested.

In many cases, a penetration tester will be given user-level access and in those cases, the goal would be to elevate the status of the account or user other means to gain access to additional information that a user of that level should not have access to.

Some penetration testers are contracted to find one hole, but in many cases, they are expected to keep looking past the first hole so that additional vulnerabilities can be identified and fixed. It is important for the pen-tester to keep detailed notes about how the tests were done so that the results can be verified and so that any issues that were uncovered can be resolved.

It’s important to understand that it is very unlikely that a pen-tester will find all the security issues. As an example, if a penetration test was done yesterday, the organization may pass the test. However, today is Microsoft’s “patch Tuesday” and now there’s a brand new vulnerability in some Exchange mail servers that were previously considered secure, and next month it will be something else. Maintaining a secure network requires constant vigilance.

Pen-Testing vs.Vulnerability Assessment

There is often some confusion between penetration testing and vulnerability assessment. The two terms are related but penetration testing has more of an emphasis on gaining as much access as possible while vulnerability testing places the emphasis on identifying areas that are vulnerable to a computer attack.

An automated vulnerability scanner will often identify possible vulnerabilities based on service banners or other network responses that are not in fact what they seem. A vulnerability assessor will stop just before compromising a system, whereas a penetration tester will go as far as they can within the scope of the contract.

It is important to keep in mind that you are dealing with a ‘Test.’ A penetration test is like any other test in the sense that it is a sampling of all possible systems and configurations. Unless the contractor is hired to test only a single system, they will be unable to identify and penetrate all possible systems using all possible vulnerabilities. As such, any Penetration Test is a sampling of the environment. Furthermore, most testers will go after the easiest targets first.

How Vulnerabilities Are Identified?

Vulnerabilities need to be identified by both the penetration tester and the vulnerability scanner. The steps are similar for the security tester and an unauthorized attacker. The attacker may choose to proceed more slowly to avoid detection, but some penetration testers will also start slowly so that the target company can learn where their detection threshold is and make improvements.

The first step in either a penetration test or a vulnerability scan is reconnaissance. This is where the tester attempts to learn as much as possible about the target network as possible. This normally starts with identifying publicly accessible services such as mail and web servers from their service banners.

Many servers will report the Operating System they are running on, the version of software they are running,patches and modules that have been enabled, the current time, and perhaps even some internal information like aninternal server name or IP address.

Once the tester has an idea what software might be running on the target computers, that information needs to be verified. The tester really doesn’t KNOW what is running but he may have a pretty good idea. The information that the tester has can be combined and then compared with known vulnerabilities, and then those vulnerabilities can be tested to see if the results support or contradict the prior information.

In a stealthy penetration test, these first steps may be repeated for some time before the tester decides to launch a specific attack. In the case of a strict vulnerability assessment, the attack may never be launched so the owners of the target computer would never really know if this was an exploitable vulnerability or not.

Other Useful Posts:

The best vulnerability scanner software and assessment tool: Nessus

Backtrack 4 Download for Windows VMWare & Torrents

The Best Penetration Testing and Vulnerability Exploitation Tool: Metasploit Framework

How to Hack Website | How to Hack Web Server | Step by Step Hacking Video Tutorial

Are Firewall & Intrusion Detection Systems (IDS) Enough?

Many organizations have deployed sophisticated security mechanisms, such as firewalls or intrusion detection systems (IDS), to help protect their information assets and to quickly identify potential attacks.

While these mechanisms are important, they are not foolproof. A firewall cannot protect against what is allowed through – such as online applications and allowed services.

While an IDS can detect potential intrusions, it can detect only what it has been programmed to identify, and it will not be effective at all if the company does not monitor or respond to the alerts. As well, firewalls and intrusion detection systems must be continuously updated or they risk losing their effectiveness at preventing or detecting attacks.

Penetration testing can help validate and confirm the effective configuration of an organization’s firewalls and its intrusion detection systems.

The scope of a penetration testing project is subject to negotiation between the sponsor of the project and the testing team, and will vary depending on the particular objectives to be achieved.

The principal objective of penetration testing is to determine whether an organization’s security vulnerabilities can be exploited and its systems compromised. Conducting such a test involves gathering information about an organization’s information systems and information security and then using this information to attempt to identify and exploit known or potential security vulnerabilities.

Evidence to support the penetration testing team’s ability to exploit security vulnerabilities can vary from gathering “computer screen shots” or copying sensitive information or files to being able to create new user accounts on the system or being able to create and/or delete particular files on the organization’s servers.

Penetration testing can have a number of secondary objectives, including testing the organization’s security incidents identification and response capability, testing employee security awareness or testing users’ compliance with security policies.

Readers, I would also like to hear from your side on this topic. Pls comment here your valuable views.

Safari 4.0.5 (531.22.7) Denial of Service

# Title: Safari 4.0.5 (531.22.7) Denial of Service

# EDB-ID: 12408
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Xss mAn
# Published: 2010-04-26
# Verified: yes
# Download Exploit Code
# Download N/A

Hackers Target iPad & Windows Users With Bogus Update

Dupe Windows users into downloading backdoor Trojan; Mac owners not at risk. Hackers are targeting iPad users with bogus update messages that dupe them into downloading malicious code onto their Windows PCs.

It is very important to keep the software on your iPad updated for best performance, newer features and security. To get the latest version of iTunes software, please go to ... and install the application.

The link in the message leads to a copycat of the legitimate iTunes download site, where users are asked to approve the download of a file dubbed "itunessetup.exe."

The file masquerading as the iTunes update is actually a Trojan horse that injects code into Windows' "explorer.exe" process and opens a backdoor for hackers, who then use that entrance to add more malware to the PC. The "Backdoor.Bifrose.AADY" Trojan also tries to snatch activation keys from various programs on the hacked machine and steals passwords for instant messaging clients and e-mail accounts.

Apple last refreshed the Windows and Mac software on March 30, when it updated iTunes to version 9.1; it has yet to release an update for the iPad.

Mac users are not vulnerable to the attack, even if they head to the bogus iTunes download site, the impact of the malware-planting campaign will likely be low. If hackers were able to target Mac customers, it would have spread like wildfire, but because most antivirus companies detect this [Trojan], it's aimed at Windows users who have bought an iPad and who also don't run a security product.

Monday, April 26, 2010

Blizzard Kicked Over 320,000 Hackers from Battle.net

Having trouble logging into your Blizzard account, well just remember cheaters never prosper. Anyone caught violating the TOS has been summarily and properly booted. This is not the first time Blizzard has done something like this. In November of 2008 they banned over 350,000 accounts from Battle.net stating, "Cheating ruins the game experience for legitimate players.

Alive YouTube Video Converter v2.3.0.8 | 3.37 MB

Alive YouTube Video Converter is a professional YouTube video downloader to download and convert youtube videos to popular formats directly, the output formats include AVI, MPEG, MP4, DivX, XviD, ASF, WMV, MOV, QuickTime, VOB, iPod, PSP, 3GP, iPhone, Zune, MP3, AAC, AC3 and M4A. So you are able to burn a CD or DVD for those videos, copy them to other computer, or upload them onto your iPod/iPhone, mobile phone, PocketPC, PDA, PSP or any other portable devices.

Alive YouTube Video Converter is a multi-thread program and supports batch conversion. This feature lets you download and convert diferrent videos at the same time. In addition, The intuitive interface makes Alive iPod Video Converter the perfect tool for both new and experienced users. It gives advanced users the ability to convert youtube videos with width*height, video size, bit rate, and frame rate adjusting! It makes downloading videos from the internet and watching them from your PC, cell phone, iPod, PSP, Zune, MP4 player or TV quick and easy.

Homepage - http://alivemedia.net

WIFI Hacking Software Free Download

This tool has many different tools to hack and cr@ck wifi so you can use your neighbours internet and do whatever. Tools for Windows and Linux also some nice extra tools!

Windows

* Aircrack

* Wireshark

* Ettercap

* Netstumbler

* Airsnare

* WIFIfofum

* Wdriver

* Pong

* CommView

* Airsnort

* AiroPeek

* Knsgem 2

* Aptools

* And A Nice PDF File

Linux Hacks:

* Airpwn

* WEPcrack

* Prismstumbler

* WIFIscanner

* Airfart

* Magicmap

* WPA-cracker

* Wellenreiter

* Void

* Kismet

* Cowpatty

* WIFIzoo

* And A Nice PDF File

DOWNLOAD HERE

What is Penetration Testing & Why We Do It ??

Few days back I have already posted an detailed article regarding how to do penetration testing OR how we can find the vulnerabilities in web-server and website . That post was related to How to Hack Website | How to Hack Web Server | Step by Step Hacking Video Tutorial.

Introduction

Penetration testing is an often confused term. Here I will provide you a broad overview of what it means, why you would want it, and how to get the most out of the process.

What is a penetration test?
Why conduct penetration testing?
What can be tested?
What should be tested?
What do you get for the money?
What to do to ensure the project is a success
What is a penetration test?

What is a penetration test?

Much of the confusion surrounding penetration testing stems from the fact it is a relatively recent and rapidly evolving field. Additionally, many organisations will have their own internal terminology (one man's penetration test is another's vulnerability audit or technical risk assessment).

At its simplest, a penetration-test (actually, we prefer the term security assessment) is the process of actively evaluating your information security measures. Note the emphasis on 'active' assessment; the information systems will be tested to find any security issues, as opposed to a solely theoretical or paper-based audit.

The results of the assessment will then be documented in a report, which should be presented at a debriefing session, where questions can be answered and corrective strategies can be freely discussed.

Why conduct a penetration test?

From a business perspective, penetration testing helps safeguard your organisation against failure, through:

Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.
Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organisation losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment.
Protecting your brand by avoiding loss of consumer confidence and business reputation.

From an operational perspective, penetration testing helps shape information security strategy through:

Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.

What can be tested?

All parts of the way that your organisation captures, stores and processes information can be assessed; the systems that the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it. Examples of areas that are commonly tested are:

Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
Bespoke development (dynamic web sites, in-house applications etc.)
Telephony (war-dialling, remote access etc.)
Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)
Personnel (screening process, social engineering etc.)
Physical (access controls, dumpster diving etc.)

What should be tested?

Ideally, your organisation should have already conducted a risk assessment, so will be aware of the main threats (such as communications failure, e-commerce failure, loss of confidential information etc.), and can now use a security assessment to identify any vulnerabilities that are related to these threats. If you haven't conducted a risk assessment, then it is common to start with the areas of greatest exposure, such as the public facing systems; web sites, email gateways, remote access platforms etc.

Sometimes the 'what' of the process may be dictated by the standards that your organisation is required to comply with. For example, a credit-card handling standard (like PCI) may require that all the components that store or process card-holder data are assessed.

What do you get for the money?

While a great deal of technical effort is applied during the testing and analysis, the real value of a penetration test is in the report and debriefing that you receive at the end. If they are not clear and easy to understand, then the whole exercise is of little worth.

Ideally the report and debriefing should be broken into sections that are specifically targeted at their intended audience. Executives need the business risks and possible solutions clearly described in layman's terms, managers need a broad overview of the situation without getting lost in detail, and technical personnel need a list of vulnerabilities to address, with recommended solutions.

What to do to ensure the project is a success

Defining the scope

The scope should be clearly defined, not only in the context of the components to be (or not to be) assessed and the constraints under which testing should be conducted, but also the business and technical objectives. For example penetration testing may be focussed purely on a single application on a single server, or may be more far reaching; including all hosts attached to a particular network.

Choosing a security partner

Another critical step to ensure that your project is a success is in choosing which supplier to use.

As an absolute fundamental when choosing a security partner, first eliminate the supplier who provided the systems that will be tested. To use them will create a conflict of interest (will they really tell you that they deployed the systems insecurely, or quietly ignore some issues).

Detailed below are some questions that you might want to ask your potential security partner:

Is security assessment their core business?
How long have they been providing security assessment services?
Do they offer a range of services that can be tailored to your specific needs?
Are they vendor independent (do they have NDAs with vendors that prevent them passing information to you)?
Do they perform their own research, or are they dependent on out-of-date information that is placed in the public domain by others?
What are their consultant's credentials?
How experienced are the proposed testing team (how long have they been testing, and what is their background and age)?
Do they hold professional certifications, such as PCI, CISSP, CISA, and CHECK?
Are they recognised contributors within the security industry (white papers, advisories, public speakers etc)?
Are the CVs available for the team that will be working on your project?
How would the supplier approach the project?
Do they have a standardised methodology that meets and exceeds the common ones, such as OSSTMM, CHECK and OWASP?
Can you get access to a sample report to assess the output (is it something you could give to your executives; do they communicate the business issues in a non-technical manner)?
What is their policy on confidentiality?
Do they outsource or use contractors?
Are references available from satisfied customers in the same industry sector?
Is there a legal agreement that will protect you from negligence on behalf of the supplier?
Does the supplier maintain sufficient insurance cover to protect your organisation?

FOR FULL STORY CLICK HERE