// ----------------------------------------------------------------------------------------------//
RSS

CapoO_TunisiAnoO Attacks Syrian Government Sites

More than 90% of the Internet was shut down in Syria Thursday as Freedom fighters clashed with Bashar al-Assad's forces were reported near the Damascus airport.

Hacktivist around the world

have united in support for the Syrian people for their given right to ‘’FREEDOM’’.

A hacker that goes by the handle CapoO_TunisiAnoO has been showing his support by hacking and defacing three very high profiled government websites, in protest against Assad and his supporters.

Bashar Hafez al-Assad is the current President of Syria and Regional Secretary of the Syrian-led branch of the Arab Socialist Ba'ath Party. His father Hafez al-Assad ruled Syria for 29 years until his death in 2000.

Bashar Hafez al-Assad has been butchering, torturing his people (Syrians) and from what we can see he is prepared to do anything he can to remain in power. The people of Syria need our help, not just for their right to have access to the internet but their right to live a normal, free and happy life.

Hacked sites and mirrors

[TARGET 1]

Ministry of Interior of Souria

[Site 1] http://syriamoi.gov.sy/magazin/
[Mirror 1] http://www.zone-h.org/mirror/id/18667415

[TARGET 2]

Ministry of Interior of Oman

[Site 2] http://shuraelection.gov.om/index.htm
[Mirror 2] http://www.zone-h.org/mirror/id/18667628

[TARGET 3]

Syrian Embassy - Belgium

[Site 3] http://www.syrianembassy.be/
[Mirror 3] http://www.zone-h.org/archive/notifier=CapoO_TunisiAnoO

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Teamr00t Send Message to President Bashaar Al-Assad

Teamr00t has been showing their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet.

This hacking team have hacked and defac

ed three Syrian government websites in protest against the current conditions inflicted upon the innocent people of Syria by President Bashaar Al-Assad and his supporters.

A clear and direct message was left on each hacked site by Teamr00t for President Bashaar Al-Assad and also some comforting words for the Syrians suffering under Al-Assad’s dictatorship.

Deface message

President Bashaar Al-Assad You have taken a step too far in shutting down the internet so the outside world cannot see the horrific crimes you are committing upon your own people and this will not be tolerated by the world watching!

The Syrian people have the right to freedom of speech, the right to live a normal happy life and the right to have access to the internet to connect with the rest of the world. By shutting down the internet you have denied your people their rights, and this will no longer be tolerated.

We have seen too many massacres, too much corruption, too much brutality inflicted upon the Syrian people and enough is enough! By shutting down the internet you have taken a step too far and you will not escape justice nor will you escape Teamr00t!

To the people of Syria we would like to assure you that we will do everything in our power to help you. You will not be the forgotten minority nor will we sit back and allow the world to forget you the Syrian people who so desperately need our help. Stay strong for you are not alone. We will do whatever it takes to help you gain back your freedom.

"Teamr00t Has Arrived!!! We are the voice for the suppressed people of the world, and we will show you the truth!"

Sites and mirrors

[Target 1]

[Site 1] http://www.experts-sy.org/
[Mirror 1] http://zone-h.org/mirror/id/18674217

[Target 2]

http://www.syriaspin.org/user/?page=home
http://mirror-ma.com/mirror/id/136161/

[Target 3]

[Site 3] http://www.qasyoun.edu.sy/
[Mirror 3] http://mirror-ma.com/mirror/id/136139/

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Operation Israel -- FOR IMMEDIATE RELEASE

Greetings from Anonymous, The challenge of combating oppression in Gaza is far from over. It is an intense, emotional issue that has left many homes divided. The Israeli-Palestinian peace process i

s a complex issue with many sides and many stories. There are those who support Anonymous in their efforts to promote awareness of Palestinian oppression and those who believe our logic is flawed.

Here are the facts: 24 civilians were murdered within the first 24 hours of the eight-day offensive led by Israel in strikes that were proudly tweeted out by the their government. There were nearly a thousand injuries in Gaza with some reports estimating at least 60% were non-combatants. Gaza city is roughly 17 square miles (45 km) leaving little room for separation of civilians and members of Hamas. Israel made no efforts to distinguish between the two. In one instance, the all-civilian family of al-Dalu's home was hit by an Israeli rocket; not a single member of the family survived; in all, 4 children, 4 women and 1 man died. Their names were Tahani, Ranin, Yara, Mohamed, Samah and the children were named Sarah, Jamal, Yousef and Ibrahim. The eldest Suhaila died in her wheelchair.

It is important to note that while we pay special attention to the death toll in Gaza, we are not neglecting the loss of Israeli lives. The fact of the matter is, it's simply difficult to determine what losses were experienced by Israel. The media has done an excellent job of ignoring the fact that most estimate that only 4 Israelis died during those 8 days of intense bombing; none of them were children and 3 were confirmed members of the Israeli Defense Force.

There is no equilibrium in these figures.

The Deputy Defense Minister of Israel promised in a statement on Army Radio a Gazan "Sho'ah", a term generally used to expressly describe the Nazi Holocaust inflicted upon the Jews in World War II. It is the use of this language by Israel, this type of thought process by their commanders, politicians, and public figures, which we intend to expose to the world. It is our mission to raise awareness of the genocide which is taking place in the Palestinian State every day.

We told the press that Anonymous would drawback operations in accordance with the cease fire that was acknowledged by both the Palestinian Resistance and the Israeli Government, but while a leading Islamic cleric in Palestine declared: "Honouring the truce, which was sponsored by our Egyptian brethren, is the duty of each and every one of us. Violating it shall constitute a sin", members of the Israeli military murdered an unarmed Palestinian civilian on the first day of the truce.

See: Video of shooting in Khan Younis on Nov. 22nd: https://www.youtube.com/watch?feature=player_embedded&v=CTt4wxdwhh4#

Operation Israel must not focus solely on problems, but on solutions and that is why we are supporting 'Palestine 194' diplomatic campaign to gain membership for the State of Palestine in the United Nations. The Palestinian people must be allowed to be the masters of their own destiny. The people of the world can no longer leave this up to chance. It is our choice. We will not wait for it to happen. We will achieve it through perseverance, self-denial and dedication. We are legion. We will be heard.

- Anonymous.

Please support the Palestinian right to be recognized by the United Nations by promoting the hashtag #Palestine194. Follow #OpIsrael for updates from Anonymous concerning Operation Israel.

The corrupt fear us.
The honest support us.
The heroic join us.
WE ARE ANONYMOUS.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Hackers steal $150,000 from school district

Money taken from Stanley-Boyd payroll system

CHIPPEWA FALLS (AP) - A school district in western Wisconsin says hackers have stolen nearly $150,000 after breaking into its payroll system.

A La Crosse Tribune report says the hackers targeted the Stanley-Boyd School District in Chippewa County.

Superintendent Jim Jones says the hackers apparently accessed direct-deposit files from the Nov. 23 payroll. He says the district's liability insurance will cover the loss.

The district's payroll services are handled by Anchor Bank. Anchor spokeswoman Jennifer Ranville says the bank is helping district employees close out their accounts and open new ones in case their account information was compromised.

She says no other Anchor Bank customers were affected.

Jones says the district is working with bank officials to improve the payroll system's security.

The FBI is handling the investigation.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Worm manipulates databases in Iran

Security firm Symantec has discovered a specialised worm called W32.Narilam that can compromise SQL databases. Symantec reports that the malware "speaks" Persian and Arabic and appears to target mainly companies in Iran. Narilam is, therefore, reminiscent of Stuxnet and its variants.

Narilam spreads via USB flash drives and network shares. Once inside the system, the worm searches for SQL databases that are accessible via the Object Linkin

g and Embedding Database (OLEDB) API. Rather than steal found target data for intelligence purposes, the worm proceeds to modify or delete the data and can, says Symantec, cause considerable damage. Stuxnet similarly served no intelligence purpose and was designed to sabotage its target – an uranium enrichment facility in Natanz, Iran.

The purpose of Narilam, or that of the worm's authors, remains unknown. However, Symantec says that its analysis suggest that the saboteurs appear to have targeted corporate data records. Apparently, the worm's translated instructions include object names such as "sale", "financial bond" and "current account". Due to the malware's level of specialisation, Symantec rates the infection risk as low. The security firm notes that current analysis results indicate "that the vast majority of users impacted by this threat are corporate users."

Some of the worm was written in the Delphi programming language. Symantec says that the worm takes its name from its own attributes, because it searches for SQL databases with three specific names: alim, shahd and maliran.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Moroccan Hunters 53 Israeli Sites Hacked

Hacktivist around the world have continued with their attacks against Israel and that includes Moroccan Hunters, who have hacked and defaced 53 Israel sites in their on-going support for Palestine.


Earlier this year a Dutch woman and several Palestinians were violently arrested today during an attempt to reclaim a Palestinian house at the entrance of the old city in occupied Al Khalil (Hebron).

About 30 Palestinians and international ISM activists from Canada, Finland, United States and the Netherlands entered a Palestinian house that was taken over by Israeli army around eight years ago. The re-occupation of the house was an attempt to return the house its rightful owner and was a response to the takeover of a Palestinian house on Shuhada street by settlers under the protection of the Israeli army and border police.

“I was dragged out down a flight of stairs by my ankle by a soldier” said an ISM activist from Canada. “The soldier had his boot on my face,” said an ISMer from Finland. [Read more] http://palsolidarity.org/2012/04/israeli-brutality-violent-arrests-of-palestinians-in-hebron-and-disappearance-of-dutch-volunteer/

While Palestine is still suffering at the hands of the Zionist state of Israel Morrocan Hunters team will continue to hack and deface Israeli websites in support for Palestine.

All sites hacked and defaced posted in pastebin: http://pastebin.com/5UKYUPmR

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

#OpIsrael - @LIberoamericaMu Destroys 110+ Israeli Sites

[T]eam [H]acking [A]rgentino hacking team have continued with their attacks against Israel cyber space and have taken down a total of 22 Israeli government sites within the las

t 24hrs by hacking and defacing each site.

It was only a week ago we published an article on this hacking team taking down 110+ Israeli Sites for #OpIsrael.

  #OpIsrael - @LIberoamericaMu Destroys 110+ Israeli Sites
http://www.facebook.com/media/set/?set=a.476906402361431.130736.336264806425592&type=3

The cease fire may have been agreed between Hamas and IDF but no ceasefire agreement has been agreed between the hacktivist who will no doubt continued with their hard attacks against the government of Israel by attacking all Israeli sites until Palestine is free.

Between 500 and 700 Palestinian children are arrested by Israeli soldiers each year, mostly accused of throwing stones at Israeli Defense Forces who are armed to the teeth and occupying their land.

“Fifty percent of the children were interrogated without their parents or a lawyer present and many were threatened and assaulted,” Gerard Horton, a lawyer from the rights group Defense International for Children, told Mel Frykberg of Inter Press Service.

[T]eam [H]acking [A]rgentino have been kind enough to put together a youtube video for some of the sites taken down by them for #OpIsrael.
[Video] #OpIsrael (has started): Websites was hacked by Anonymous! (by @LIberoamericaMu) http://www.youtube.com/watch?v=f7RfE9kWF1k&feature=youtu.be

You can also view all sites attacked directly on their fan page via link : https://www.facebook.com/photo.php?fbid=177776479028645&set=a.146297828843177.32920.135418259931134&type=1

Some sites were restored at the time of publishing this article.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Syria Virtual University Hacked – Data Leaked

A hacker that is known by the handle Gsec aka Grey Security has announced via twitter @gsec_ that he has hacked and leaked data to pastebin for Syria Virtual University www.svuonline.org.

From

our understanding this attack was not carried out for any particular cause but purely to show the world how weak security still remains against websites. Especially important sites like University’s. When these type of sites are attacked and data leaked, this does not only effect the University itself but also effects student whose data has been released to the public.

Pastebin message:

This database leak, isn't for any specific reason, nor an operation.
This was done, just to prove one simple point, there is no such thing as security.


But, simply because I'm a dick. Only email and usernames will be leaked, LOL.
So, enjoy the lulz and stay tuned.

#GreySecurity
#Xecurity.

[Date leak] http://pastebin.com/zrkiuk1Q

No doubt it will make us all question as parents why University websites are not equipped with better security against the sites to protect student data. Is it because hackers are becoming more and more sophisticated at what they do, or are websites becoming more and more relaxed when it comes to website security.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

@Ur0b0r0x Hacks & Leaks Data for Columbian Military Sites

A hacker that goes by the handle @Ur0b0r0x has announced on twitter that he has hacked the official Columbian Military websites and data leaked for five of the subdomains.

It was only two weeks ago we published an article on this hacker, who leaked over 12k data. @Ur0b0r0x ~ Leak 12k Data for LG Smart World Website
http://www.facebook.com/media/set/?set=a.472355466149858.129561.336264806425592&type=3


Breached subdomains:

[1] http://sanidadfuerzasmilitares.mil.co/
[2] http://reclutamiento.mil.co/
[3] http://fac.mil.co/
[4] http://ejercito.mil.co/
[5] http://armada.mil.co/

Message left in pastebin:

300 USER PWNED OF COLOMBIA ARMY <<< BREACHED ACCOUNTS + 0DAY/WEBAPPS >>> | PWNED BY UR0B0R0X

All the data leaked for each subdomain contained email addresses and passwords etc which have been posted in pastebin: http://pastebin.com/KMBpjcpJ

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Google Dorks for Backdorr C99Shell

safe-mode: off (not secure) drwxrwxrwx c99shell
inurl:c99.php
inurl:c99.php uid=0(root)
root c99.php
"Captain Crunch Security Team" inurl:c99
inurl:c99.php
allinurl: c99.php
inurl:c99.php
inurl:"c99.php" c99shell
inurl:c99.php uid=0(root)
c99shell powered by admin
c99shell powered by admin
inurl:"/c99.php"
inurl:c99.php
c99 shell v.1.0 (roots)
inurl:c99.php
allintitle: "c99shell"
inurl:"c99.php
allinurl: "c99.php"
inurl:c99.php
intitle:C99Shell v. 1.0 pre-release +uname
allinurl: "c99.php"
inurl:c99.php
inurl:"c99.php" c99shell
inurl:"/c99.php
inurl:/c99.php+uname
allinurl:"c99.php"
inurl:"c99.php"
allinurl:c99.php
"inurl:c99..php"
c99shell [file on secure ok ]?
powered by Captain Crunch Security Team
allinurl:c99.php
"c99.php" filetype:php
allinurl:c99.php
inurl:c99.php
allinurl:.c99.php
"inurl:c99.php"
c99. PHP-code Feedback Self remove
allinurl:c99.php
download c99.php
allinurl:c99.php
inurl:c99.php
allinurl: "c99.php"
intitle:C99Shell v. 1.0 pre-release +uname
allinurl:"c99.php"
inurl:c99.php
safe-mode: off (not secure) drwxrwxrwx c99shell
c99.php download
inurl:c99.php
c99shell filetype:php -echo
inurl:"c99.php"
inurl:c99.php uid=0(root)
allinurl:c99.php
inurl:"/c99.php" intitle:"C99shell"
C99Shell v. 1.0 pre-release build #5
--[ c99shell v. 1.0 pre-release build #16
c99shell linux infong
C99Shell v. 1.0 pre-release build
!C99Shell v. 1.0 beta!
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
!c99shell v. 1+Safe-mode: OFF (not secure)
"C99Shell v. 1.0 pre-release build "
intitle:c99shell +filetype:php
inurl:c99.php
intitle:C99Shell v. 1.0 pre-release +uname
intitle:!C99Shell v. 1.0 pre-release build #16! root
!C99Shell v. 1.0 pre-release build #5!
inurl:"c99.php"
C99Shell v. 1.0 pre-release build #16!
intitle:c99shell intext:uname
allintext:C99Shell v. 1.0 pre-release build #12
c99shell v. 1.0 pre-release build #16
--[ c99shell v. 1.0 pre-release build #15 | Powered by ]--
allinurl: "c99.php"
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
"c99shell v 1.0"
ftp apache inurl:c99.php
c99shell+v.+1.0 16
C99Shell v. 1.0 pre-release build #16 download
intitle:c99shell "Software: Apache"
allinurl: c99.php
allintext: Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove
intitle:c99shell uname -bbpress
intitle:"index.of" c99.php
inurl:admin/files/
intitle:"index of /" "c99.php"
intitle:"index of" intext:c99.php
intitle:index.of c99.php
intitle:"index of" + c99.php
intitle:index/of file c99.php
intitle:index/of file c99.php
index of /admin/files/
intitle:"Index of/"+c99.php
c99.php "intitle:Index of "
intitle:index.of c99.php
img/c99.php
intitle:index.of c99.php
img.c99.php
intitle:"Index of/"+c99.php
"index of /" c99.php
c99.php
intitle:"Index of" c99.php
"index of" c99.php
"Index of/"+c99.php

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

DDOS tools

This tool is useful for DDOS a website and create a web server in the Down, ...
Download HERE


pass : badwolves1986

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

How to hack a Youtube account

A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmailyoutube,friendster etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.



Download Youtube Phising in HERE


PROCEDURE:

1.once you have downloded youtube fake login page,now extract contents in a folder
2.In that ,find (CTRL+F) ‘http://hackingaday.com’ then change it to your destined URL but don’t forget ‘\’.
Save it .
3.Open Fake page in wordpad
4.Now press ctrl+F and search for the term “action=” now change its value to pass.php i.e. action=pass.php
5.Create an id in http://www.110mb.com , because i know about that site quite well.

6.Then upload the contents into a directory

7.For that,after creating an id you should go to file manager and upload all these files.

8.Then just got to youtube.htm and try out whether its working .
After you type in the file , a password file named pass.txt will be created in the same directory.Then you can see what username and password you have entered.



  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Hack email accounts using google

Google Dorks:


Quote:ext:sql intext:@hotmail.com intext:e10adc3949ba59abbe56e057f20f883e

Quote:ext:sql intext:"INSERT INTO" intext:@hotmail.com intext:password

Quote:ext:sql intext:@hotmail.com intext:password
Online hash cracker:
http://md5crack.com/

Ok lets begin:

Lets go to http://www.google.com and paste one of our dorks

 Select one of displayed pages,as you see we now have a bunch of email accounts+ hashes



 I selected a random account
zhaokailun92@yahoo.com.cn
d2491b289b6be1fd0bb0c8d60 e053d3d



As you see we just hacked our fist account:
Email:zhaokailun92@yahoo. com.cn
Password:19920707
Its very easy,have fun and enjoy unlimited accounts 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Colorful Alphabets For Facebook Chat

We normallychat with simple alphabets but now you can use colorful alphabets to make chat so interesting.
how beautiful it looks when you will this kind of message to your friends. So now if you like this thing and you wanna start a colorful alphabets emoticon chatting than you wanna use below code for different alphabets mentioned. SO whenever you paste code for any alphabet and you hit enter you will get colorful alphabetslike above. So copy codes from below and start chatting.
Below is the list:
[[107015582669715]] = A
[[116067591741123]] = B
[[115602405121532]] = C
[[112542438763744]] = D
[[115430438474268]] = E
[[109225112442557]] = F
[[111532845537326]] = G
[[111356865552629]] = H
[[109294689102123]] = I
[[126362660720793]] = J
[[116651741681944]] = K
[[115807951764667]] = L
[[106596672714242]] = M
[[108634132504932]] = N
[[116564658357124]] = O
[[111669128857397]] = P
[[107061805996548]] = Q
[[106699962703083]] = R
[[115927268419031]] = S
[[112669162092780]] = T
[[108983579135532]] = U
[[107023745999320]] = V
[[106678406038354]] = W
[[116740548336581]] = X
[[112416755444217]] = Y
[[165724910215]] = Z

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Location Of Saved Passwords of Browser In Computer


Internet Explorer 4.00 & 6.00:

The passwords are stored in a secret location in the Registry known as the Protected Storagey�.
The base key of the Protected Storage is located under the following key:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider�.
You can browse the above key in the Registry Editor (RegEdit), but you won't be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.


*
Internet Explorer 7.00 & 8.00:
The new versions of Internet Explorer stores the passwords in 2 different locations.
AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.


*
Firefox:
The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.


*
Google Chrome Web browser:

The passwords are stored in [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
(This filename is SQLite database which contains encrypted passwords and other stuff)


*
Opera:
The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile


*
Outlook Express (All Versions):

The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.


*
Outlook 98/2000:

Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.


*
Outlook 2002-2008:

All new versions of Outlook store the passwords in the same Registry key of the account settings.The accounts are stored in the Registry under HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.


*
Windows Live Mail:

All account settings, including the encrypted passwords, are stored in [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name]
The account filename is an xml file with .oeaccount extension.


*
ThunderBird:
The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.


*
Google Talk:
All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]


*
Google Desktop:
Email passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]


*
MSN/Windows Messenger version 6.x and below:
The passwords are stored in one of the following locations:
1. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2. Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerServ ice
3. In the Credentials file, with entry named as “Passport.Net\\*�. (Only when the OS is XP or more)


*
MSN Messenger version 7.x:

The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\C reds\[Account Name]


*
Windows Live Messenger version 8.x/9.x:

The passwords are stored in the Credentials file, with entry name begins with WindowsLive:name=.


*
Yahoo Messenger 6.x:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager
(�EOptions string value)


*
Yahoo Messenger 7.5 or later:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager ETS� value.
The value stored in ETS value cannot be recovered back to the original password.


*
AIM Pro:
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]


*
AIM 6.x:
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords.


*
ICQ Lite 4.x/5.x/2003:
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners \[ICQ Number]
(MainLocation value)


*
ICQ 6.x:
The password hash is stored in [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database)
(The password hash cannot be recovered back to the original password)


*
Digsby:
The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers.


*
PaltalkScene:
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name]

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

PHPMaker v3.2.1

Tool (for Windows) that can generate a full set of PHP quickly from MySQL Database. Using PHPMaker, you can instantly create Web sites that allow users to view, edit, search, add and delete records on the Web. PHPMaker is designed for high flexibility, numerous options enable you to generate PHP applications that best suits your needs. The generated codes are clean, straightforward and easy-to-customize. PHPMaker can save you tons of time and is suitable for both beginners and experienced develpers alike.

Code:
http://www.hkvstore.com/phpmaker/download.asp

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

PHDays Online HackQuest 2012

The PHDays 2012 program will include Online HackQuest, a competition for the Internet users that offers participants to try their hands at solving various information security tasks. On the forum’s second day, Online HackQuest participants will have a chance to influence the results of PHDays CTF 2012, an on-site contest.

Rules

For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant’s personal page. If the flag is valid, the participant gains the corresponding number of points.
All flags are in the MD5 format. The winner is the first participant to gain 100 points (which is the maximum possible amount). Participants who manage to gain more than 100 points are traditionally awarded with individual prizes Smile

Participation Terms

Any Internet user is welcome to participate in the competition. The registration will open on the PHDays 2012 web site after the forum begins. Moreover, the Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.

Prizes

Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.

Technical Details

The participation requires Internet connection and a possibility to establish connection to a VPN gateway via PPTP or IPSec.

More Info http://phdays.com/program/contests/

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

WOW..EVERYONE READ THIS -- #1 Method For Making Insane Money Online

Create your very own method, its that simple.
learn to brain storm, stop trying to use a method someone else has already made public.

Brain Storm. find something that NO ONE is doing, and work on it. keep it 100% TO YOUR SELF!

I can't stress it enough, STOP PAYING PEOPLE FOR THEIR EBOOKS ABOUT JUNK GET RICH QUICK.
Think about it for a min..
If the method works so well why would someone sell it so damn cheap?

I know damn well id never tell anyone a method i was earning $100k/year for anything lower then say $50,000.00. so why on earth would you think an ebook you can get online for around $10.00-300.00 would ever make you decent money? Come on now.. stop being foolish.

If you don't have a creative mind, well get used to them small check/wire transfers.
And for all you people that were told "you have a creative mind" when you were younger PUT IT TO USE

please don't read this and think its some kind of joke.
its the best info you have read about making money online.

If you can't do this yourself then look for other members here to brainstorm with, start your own group here. Two brains are always better then one.

Now stop reading this post, and start using your head.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Website Hacking Methods

Remote File Inclusion (RFI):
A method of uploading a shell by an off-site link.

Local File Inclusion (LFI) AKA Directory traversal attack:
A method of pulling usernames and passwords off a website vulnerable to the exploit of
insufficient security validation / sanitization of user-supplied input file names.

Blind Structured Query Language Injection (blind SQLI):
Method of once again insufficiant security validation and sanitization of user-input.

Basic SQLi
This is the easiest method of SQLi. This method allows you to enter codes such as ' or '1'='1
into the username and password fields to gain access. E.g. you find the admin login on a site
and you may enter the correct username admin and the password as: ' or '1'='1.

Cross Site Scripting (XSS):
A method of injection html/javascript into a website. The can be both persistent attacks, and
non-persistant.


Cross site request forgery (CSRF):
An attack that is commonly sent by e-mail or other means and often tricks a user. Links given to a target may include HTML, something like this:
Code:

And this will be activated through the victims browser and the site will think it was a valid and intentional move.

Public Exploits:
Public exploits are just scripts that people have released for others to use. Such as
this exploit which exploits a webserver
running this program on one of its open ports. I suggest you have a quick look through the
script to see how/why it works. The way of finding which software you target is using is by using Namp or the GUI Zenmap

DNS hijacking:
This is the method or redirecting the domain name to a rouge domain name. This method is used
particually in phishing attacks.

Bruteforcing:
This method is the practise of running a program to keep guessing the password and username of
a site. This method is fastly going out of fashion as the max login attempts are added and even
without this obstical, it can take weeks to gain the correct password. Programs commonly used
for this are hydra and Brutus.

Password Guessing:
Yes, just as it sounds. This is the method of just guessing common passwords such as:

Code:
admin
admin123
321admin123
password
toor
thesitesname

Packet Sniffing:
If you find a site with FTP access, there may be a chance you can use a tool such as
cain and abel to sniff their password and username when
the login. Not a very easy task as the trafic is sometimes encrypted.

RCE (Remote Command Execution):
This is the method of making the server read command that you have entered for it to.
E.g.
Code:
index.php?cmd=whoami
index.php?cmd=net user


Social Enginering:
A common method used to gain information. This can be a long process, but an effective one.
They can patch software, but it will always be people's ignorance that will let you/your target
down.

Cookie poisoning:
This is a method of editing cookies you have already gained, to gain extra privileges. Not a very common method now as of cookies being encrypted, and having to be signed. This exploit can work on some surprising sites, take a look, you may be surprised.

Parameter tampering:
An attack usual done by moderfying values in the url. E.g. changing a value to decrease the amount you have to pay on something.
Code:


In this example, an attacker can modify the “value” information of a specific item, thus lowering its cost.
source: http://www.owasp.org/index.php/Web_Parameter_Tampering

Tamper Data:

A very nifty Firefox addon which is used to modify http/https headers and post parameters.

Admin Auth bypass:
This exploit can be as simple as adding:
Code:
?action=edit
To a URL. This exploit when a server/application allows you to edit by having the valid URL, instead of by cookies. Another method of admin auth bypass is editting the html to proceed even if the password is wrong.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS