GoOgle Hackz - Its Hacking

Orkut Hacks

2007-10-08T21:52:00.000-07:00

As I'm Orkut user I like these sites and Orkut hacks on it, the following are some of my collection regarding Orkut hacks

1) Zeetab(Orkut Star) - Computer World, Orkut Computer Tips and Tricks, Free Sms, Wallpaper, Mobile Software Game Ringtone Themes, Free games, Orkut Software, Bollywood wallpaper, MP3, FM Rradio and many more

2) Thisisorkut.org (TIO) - This Is Orkut (T.I.O) was created to provide more info and help tracks to Orkut users for their convenience. Easy to use Java Scripts, Online Toolbars, Help References, Trouble shooters, and lot more....

3) CrazySouls.com - Crazy souls have created many orkut scripts and they are really useful and working. Not only scripts they also profide stuffs for MSN, Cheets and many more

4) Trickfriend.com - Here, on this website, you will find tips and tricks that will help in making your life easier on Orkut. This webpage also contains many sftware related to Orkut

5) Tools Home - This site is developed by 15 yr Old boy, this site contains some cool stuffs and software

6) ScrapMania.com - This site provide services like Messages, Generators, ASCII Art, Bar Arts, Images, Emotions, Smailies and many more

7) Orkut Underworld - This is blog which have awesome collection of orkut tips and tricks, softwares and many more. In short simple blog but useful blog

8) Orkutrix.com - In the world of Orkut tricks! You find only GENUINE and popular orkut tricks and scripts here. Browse through the menu for those tricks but they also provide some hacking tricks of orkut

9) InsideOrkut.com - According to me this is the best of all because this website posts all the current information in orkut, this website is very useful for begineers and also for everyone

10) OrkutPlus! - Orkut plus is really a Plus to Orkut they are providing Best Compilation of Orkut Hacks, Tips-Tricks and Cheat Scripts ! as they are publishing

11) Devils workshop - This blog contains not only tips and tricks for Orkut it also having some best collection for My space, You tube, Google, Ad sense, and many more. More over I like the labels cloud on that blog

12) Digital Me - this blog just started before 2 months but it contains wide range of softwares, Java scripts, GM scripts, etc..

I'm still having many collection of website but this dozen of sites will do all what you want to known about orkut, so it wont be useful even if I provide more, from this website you can communication in orkut reaches next generation

Enhance Your Mobile Pics

2007-10-08T21:50:00.000-07:00

Mobile Phones with camera are widely available, even inside the budget range of 5K, everyone uses it these days, however hardly any one enhances them. I am making this tutorial for everyone who wants to enhance their photos taken from mobile phone.

1) Make sure there is enough light in the area. Sometimes even if you are inside a room with tube light, the light is not enough for a Mobile Phone's camera, in that case, turn on night mode & reduce the white balance.

2) Don't move the cam while taking picture. When you click for a photo, you hear the sound now that is not the exact time when the pic is taken, it takes like half a second more for the real frame to capture. So click on the button, but do not move the cam or the subject, till you see the final pic on the screen. This is because the shutter speed in Camera phones is never as fast as dedicated digital cameras. They cannot be made that fast

3) Do not take full 2 MP or 3 MP pics, unless u have enough light. Like either you are outside somewhere, in a park or market, as there is lots of sunlight. When inside somewhere like a room, take pics at 640X480 or 1.3 MP. The thing is the mobile cams change dark colors to Hotspots, also known as grains or noise. Take a photo in low lights & you will see yourself that maximum noise appears at black color spots

These were tips when taking pics, now to enhance them in computer, you need to learn a bit of Photoshop.

1) Start Photoshop, open the image. Now go to Image menu ->Adjustment->Auto color, for the simplest method.

Advanced method = Apply auto color correction like above. Now make the base locked layer, an open layer. In the layer palate the base layer is locked & named "background". Double click on it & make it a layer. Now drag this layer to the “New layer button” in the layer palate at the bottom, to make a new layer by the default name of “Layer 0 copy”.

Look just above there is a menu with normal as the default selection. If your images are underexposed, like a bit dark, then select the new layer & from the “normal” menu just above the layer palate, select “Screen” & then set the “fill” accordingly as desired.

Now click on the spall circle next to the new layer button, which is half black & half white, to open another menu & select “Curves”. Now click on the line to create set point & set them accordingly as you desire for the color. Usually a slight S shape will do.

Now the second part:

Photoshop : Mobile Phone cam Noise Removal :

when one takes pictures from a low quality or MP based Digital cams or specially Mobile phones, U will notice noise in the image, it is in the form of pixels which are over-exposed, or much brighter then normal, these such pixels are called Hot Pixels, which are over-exposed, they usually appear in low light condition specially in the case of dark color like black, maroon, etc. This tutorial teaches you how to remove that, remember, noise is both subjective as well as required in some cases so use with precaution.

1) First off all you will need a plug-in called Noise Ninja for Photoshop; it can be downloaded from here. It is compatible with Photoshop 7 & CS, & all other software which accept Photoshop compatible plug-ins. Download it, it is a self extracting archive, I managed to remove all the extras as the help file is given in both PDF & normal html format, so I removed the extras & got the file size as low as 2.6 MB, but I cannot distribute it as such. Copy the noisenija_... folder to your Photoshop Plug-ins folder

2) Now open Photoshop, open any image you want to retouch, as a precaution, save it as a PSD first, go to Filters -> Picture Code -> Noise Ninja, this will bring the Noise Ninja plug-in settings windows, maximize if required

3) The left side windows shows the un-optimized, real image while the right side window shows the modified image, now click on the Profile Image button on the right side Click on the Profile tab. A profile characterizes the noise in different colors and tones for an image, in other words, automatically checks where & what settings should be applied. Make your choice from Luminance or Chrome, depending on your image

4) Now go to the filter Tab, here you will see sliders for , Luminance , Strength, Contrast & smoothness, noise removal is basically applying effective blur to the hot pixels only, You will see that the preview windows above is changed a bit, move the sliders in any direction to get the desired results. Donot forget to check the Coarse Noise checkbox. Do not use anything with the USM, (Unsharp mask), set it to 0 & set it accordingly later At the far right side U will see a button like <-, click to see what the image was & what it is now

5) Now, here comes the tricky part, if you think that some part of the image should be sharp as before, with noise, as I mentioned above noise can be subjective, so go to the Noise brush Tab, select Paint mask as the mode, to un-noise the image at the place where U use the brush, like if you have taken a pic of a Saree & with auto tweaking the embroidery is gone, you can use paint mask, to un-noise only the embroidery & leave the other smoothed part as such, you donot need to go to the other tabs, as they are for real pro guys, copyright etc, Click on Ok, when you are done

6) Now go to filter ->sharpen -> unsharp mask & Sharpe as required, this depends on what you are editing, human figure or objects, save the file, you are done.

As an example, I took a photograph of my keyboard from my k500i; it had some noise, but then edited it, mouse over above the image to check the real & modified image. One thing you should remember that this noise gets less as you use a high Mega pixel camera, however above 3 MP this noise is hardly visible even in RAW quality, so it is not like that U will get low noise with a 8 MP cam then a 3 MP cam, as noise also depends on a lot of other factors, shutter speed, lighting conditions...

Hide Any File Inside *.JPG Image File

2007-10-08T21:42:00.000-07:00

Few months ago , USA Today story claimed that al-Qaeda operatives were sending out encrypted messages by hiding them inside digital photographs [jpg files] on eBay.

While the claim was never proved, it is very easy to hide [or embed] any other file[s] inside a JPEG image. You can place video clips, pdf, mp3, Office documents, zipped files, webpage or any other file format inside a JPEG image.

And when a suspecting user [read CIA, FBI] tries to open that jpeg file [with concealed information] in either a photo editing software or as a thumbnail inside Windows Explorer, it would be tough to make out if this camouflaged jpg file is different from any standard jpg image.

Let's say you want to hide a confidential PDF document from the tax investigation officers. What you can do is convert that file into a regular jpg image so even if anyone double-clicks this file, all he will see is a preview of the image and nothing else. And when you want to work on the actual PDF, just rename the extension from jpg to pdf.

Here's the full trick:

Step 1: You will need two files - the file you want to hide and one jpg image - it can be of any size or dimensions. [If you want to hide multiple files in one jpeg image, just zip them into one file]

Step 2: Copy the above two files to the C: folder and open the command prompt window.

Step 3: Move to the c: root by typing cd \ [if the files are in another folder, you'll have to change the prompt to that folder]

Step 4: The most important step - type the following command:

copy /b myimage.jpg + filetohide.pdf my_new_image.jpg

To recover the original PDF file, just rename my_new_image.jpg to filename.pdf.

Here we illustrated with an pdf file as that works with simple renaming. If you want to apply this technique to other file formats like XLS, DOC, PPT, AVI, WMV, WAV, SWF, etc, you may have to first compress them in RAR format before executing the copy /b DOS command.

To restore the original file, rename the .jpg file to .rar and extract it using 7-zip or Winrar.

That's it - No advanced Steganography tricks involved here.

Recover Corrupted Data From Hard-Disk

2007-10-08T21:40:00.000-07:00

Ever had a hard drive get all corrupted by money and power? Or just overuse…

I found a good tutorial on how to recover your data from a corrupted hard drive, but it needed some tweaking so I moved some stuff around. This should be more efficient.

First things first, you need a new hard drive. It can be external if you want. But you HAVE to be able to mount it as a directory in DSL (damn small linux)

Now you need to borrow someone elses computer (cause yours is screwed right?).

Download DSL (damn small linux)

Just google “Damn Small Linux Download”, you’ll find it.
Got it? Good, now boot it.

after booting you will see the GUI of the DSL, run TERMINAL
and follow this command

*Note: this command will make you a super user in DSL

#sudo su

*Note: this command will mount you HDD on DSL

#mount /dev/hda1 /mnt/hda1

*Note: this command will check if your data is still on the HDD

#cd /mnt/hda1
#ls -al

Found any data? If not stop here and cry.

If yes move on.
Since you already have you new hard drive connected to your PC just run this command series.

#mount /dev/hdc1 /mnt/hdc1
#cd /mnt/hdc1
#mkdir backup
#cp -R /mnt/hda1/*.* /mnt/hdc1/backup

Password Cracking Revealed!

2007-10-05T00:15:00.000-07:00

Password Cracking Revealed! -
Click here for more
hacking ideas

Why should you use strong passwords? This video shows how to crack windows passwords. It is only intended for educational purposes, to show you why it is important to use... strong passwords. Don't use this information illegally

Google Brain

2007-10-04T01:22:00.001-07:00

Xp Registry tricks II

2007-10-04T00:59:00.000-07:00

Easy Text Size Change in Help & IE Tip:
I mentioned a way that you can change the size of the text that is display in the Help file and in Internet Explorer. As it turns out if you have a "wheel mouse," there is an even easier way to change the text size. In Internet Explorer or when viewing a Help file, simply hold the ctrl key while you spin the mouse wheel up to increase text size, or down to decrease text size.
Java VM: Java applets run in Internet Explorer 6 (a component of Windows XP) just as they run in older versions of Internet Explorer. The Java VM is not installed as part of the typical installation, but is installed on demand when a user encounters a page that uses a Java Applet. For more information see the Microsoft Technologies for Java Web site.

--------------------------------------------------------------------------------
Windows XP Shutdown and Power Off Tip:

On some computers, by default, Windows XP doesn't power off the computer when you tell it to shut down. However, if your computer is relatively new, it can probably by shut completely off by WinXP. To configure your computer for this behavior, simply open the Control Panel, open Performance and Maintenance, then Power Options. On the APM tab, check next to "Enable Advanced Power Management support," then click OK. The next time you choose "Shut Down" from the Start Menu, your computer should shut down completely and then power off.

Customize Explorer Toolbar Tip:

--------------------------------------------------------------------------------
Customize Explorer Toolbar Tip:

In Windows Explorer, you can customize the toolbar to make Explorer even more handy. The Toolbar is the bar of icons directly underneath the menu bar. It contains icons for going back, up one level, displaying folders or search, etc. You can right-click an open area of this Toolbar and choose Customize to change the order of these icons, and even to add new icons to it. For instance, I like to add the Map Drive and Disconnect buttons. In Windows XP, you may have to unlock the Taskbar before you can make changes in Windows Explorer.
Lock the Taskba - If you find that your Windows XP Taskbar keeps being changed, or moved to one side or the top of your screen, and you didn't mean to have it do that, this tip is for you. Once you have your Task Bar arranged the way you like it, in the right location on the screen, and with all the right toolbars and icons, you can lock it, so that it won't get changed accidentally. To lock the Taskbar, simply right click it and choose Properties. In the window that appears, check the box (click) next to "Lock the Taskbar." Now you won't accidentally bump the mouse and have your Task bar end up on another side of the screen.

--------------------------------------------------------------------------------
Check Personal Firewall Status Tip:

In the previous tip, I mention how to turn on Windows XP's Personal Firewall feature. But once you turn it on, your connection looks just the same as it did before. How can you check the status of the connection and the firewall? Simply open Control Panel from the Start Menu, open Internet and Network Connections, then Network Connections. By default the view is of large icons.
Click the View Menu, and choose "details" in order to reveal several more columns of information about the connections that your computer has. Check the Status column to see if your connection is currently connected, and whether or not it is "firewalled." You can even drag the column headings around (I like to slide the Status column right next to the Name column. You can even remove entire columns by right-clicking the column heading and unchecking it.

Where does Window's Product Id get stored Tip:
By Raymond

There are two places at least where ProductId gets stored. To see the first place, open Registry by going to START-RUN and entering REGEDIT and Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]. In right pane, look for key by the name "ProductId". This is your Windows Product Id. Alternatively you can navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] and still find same field with the name ProductId.

--------------------------------------------------------------------------------

You can Keep Your Favorite Programs on Top of the Start Menu tip:

Do you have a favorite program that you frequently use? Elevate its priority on the Start menu by putting it at the top of the list. This ensures that the program will remain on the Start menu and cannot be bumped by other programs, even if you use the others more frequently.
Right-click the link to your favorite program on the Start menu and select Pin to Start Menu.
Your program will be moved permanently to the top part of the list, just below your browser and e-mail programs.

--------------------------------------------------------------------------------

Having problems with Outlook Express ? Does it ask for password everytime you connect tip:

If this is problem for you. Sometimes no matter what you do, Outlook Express forgets your password and asks you to enter it again each and every time you connect to your mail server.I have a solution that may work for you. Open Registry by going to START-RUN and entering REGEDIT and Navigate to HKEY_CURRRENT USER\Software\Microsoft and look for "Protected Storage System Provider". There is a good chance that you will see this folder. If you have it. Simply delete it. More than likely, you have solved your problem.

--------------------------------------------------------------------------------

How to avoid autoplay of CD ? Way I like best tip.

Hey this time no registry trick even though there are ways in registry to do it. In earlier operating systems only those CD that had autorun.inf file in their root directory were able to execute on its own but with advent of WINDOWS XP it has become possible with just about anything. Well sometimes it is good but there are other times when you want to avoid this part of automation. What would I do. Simply press SHIFT key when you enter a CD in your CD drive. It won't Auto play. For those of you, who do want a registry hack. Here it is:
Open Registry and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] and look for key "NoDriveTypeAutoRun" and set its value to 185 (decimal). This would stop autoplay.

--------------------------------------------------------------------------------
This tip to speed up the Start Menu in Windows XP.
Did you know you can customize the speed of the Start Menu by editing a Registry Key.

* Click Start, and then click Run.
* Type Regedit in the box, and then click OK.
* Expand the menu in the left panel and select the HKEY_CURRENT_USER\Control Panel\Desktop folder.
* Scroll down in the right panel and double click on the MenuShowDelay file.
* In the Value Data box, change to default value for the menu speed from 400 to a lesser number, such as 1.
*Click OK.
Caution: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you may want to back up any valued data on your computer.

--------------------------------------------------------------------------------
Customizing Windows Explorer Context menu (right click menu in windows explorer)

Ever wondered how does the right click menu (which is actually a context menu) work ? For example, when I right click in windows explorer, I see an option which says "open command window here". Do You know why I see this ? Well I see this because I have following entries in my registry.

[HKEY_CLASSES_ROOT\Drive\shell\cmd]
@="Open Command Window Here"
[HKEY_CLASSES_ROOT\Drive\shell\cmd\command]
@="C:\WINDOWS\System32\cmd.exe /k cd "%1""
If You have never used a tweaking utility and have newly installed Windows XP, You would not see this option. You would have to navigate to [[HKEY_CLASSES_ROOT\Drive] go and create two subkeys ("cmd" and within that "command" and would have to put the text "Open Command Window Here" without quotes in default string value of "cmd" key and the text "C:\WINDOWS\System32\cmd.exe /k CD"%1"" without quotes in default string value of command key). After this You need to REBOOT for these changes to take effect.
Trick is in adding similar entries for other applications as well even though its much harder to come with ideas about what to put in the context menu!!!! .

Xp Registry tricks

2007-10-04T00:56:00.000-07:00

Display Your Quick Launch ToolbarTip:

Is your Quick Launch toolbar missing from the taskbar?
To display your familiar Quick Launch toolbar:
Right-click an empty area on the taskbar, click Toolbars, and then click Quick Launch.

Easy as that your Quick Launch bar appears. To add items to your Quick Launch toolbar, click the icon for the program you want to add, and drag it to the Quick Launch portion of the taskbar.

--------------------------------------------------------------------------------

How to remove recycle bin from your desktop Tip:

Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.

--------------------------------------------------------------------------------

How to stop new programs installed balloon from coming up tip:

Right click on START button and select properties. Click on Customize and go to Advanced tab and deselect check box saying "Highlight newly installed programs". This would help you stop this annoying feature from popping up every now and then.

--------------------------------------------------------------------------------
Unlock Toolbars to Customize Them Tip:

The new Windows XP now features locking toolbars, and you can adjust them. You may customize a lot of the Windows XP features such as the Taskbar, Start Menu, and even toolbar icons in Internet Explorer and Outlook Express. Remember your right-click:
* Right-click on a toolbar, and then click Lock the Toolbars to remove the check mark.
* Right-click on the toolbar again, and then click Customize.

You may add or remove toolbar buttons, change text options and icon options. When you've got the toolbar customized, click Close. Now right-click on the toolbar and then click Lock the Toolbars to lock them in place. com

--------------------------------------------------------------------------------

Want to remove shared documents folder from My Computer window tip:

Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

How to improve on shutdown time ? Close apps automatically & quickly at shutdown tip:

Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)

--------------------------------------------------------------------------------
Are you missing icons Tip:

Are you missing icons? You may be wondering where all the icons from your desktop are in Windows XP? Well if you're like me, you like to have at least My Computer, My Network Places, and My Documents on the your desktop.
You need to:
* Right-click on the desktop, and then click Properties.
* Click the Desktop tab and then click on Customize Desktop.
* Put a check mark in the box next to My Document, My Computer, My Network Places, or Internet Explorer, to add those familiar icons to your desktop. Easy yes!

--------------------------------------------------------------------------------

How to login as administrator if you don't see it available tip:

Unless and until you have run into issues and fixing XP (underwhich case you have to go to Safe Mode to login as Administrator), you can get to administrator screen by simply pressing CTRL+ALT+DELETE twice at the main screen.

--------------------------------------------------------------------------------

Speedup boot up sequence by defragmenting all key boot files tip:

Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction. In right hand panel look for Enable. Right click on it and set it 'Y' for enable. This is the way I have it set on my computer. This will help speedup boot time.

Use a Shortcut to Local Area Network Connection Information:

--------------------------------------------------------------------------------

Use a Shortcut to Local Area Network Connection Information Tip:

Here's something new in Windows XP, instead of using the command line program and typing ipconfig to get local area network information, you can try using the following shortcut:
* Click on Start, point to Connect to, and then click Show All Connections.
* Right–click the connection you want information about, and then click Status.
* In the connection Properties dialog box, click the Support tab.
* For more information, click on the Advanced tab.

To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box.

--------------------------------------------------------------------------------

Do you know you can have Virtual Desktops (like in Linux) with PowerToys ?

If you have powertoys installed on Windows XP Its available for free at Microsoft download webpage. It is very easy to enable Microsoft Virtual Desktop Feature. Simply right click on the Start Panel Bar also called TaskBar, Click on Tool Bar and select Desktop manager.
You would see a set of 5 icons placed on the right portion of the TAskBar. Click on number 1 to 4 to go to any of the desktops. Now you have have four different Active Desktops.
IMPORTANT NOTE: You may see a little degradation in performance.

--------------------------------------------------------------------------------

Customize Internet. Explorer Title bar tip:

This tip won't make your computer any faster but may help personalize your computer experience. Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet. Explorer\Main. In right hand panel look for string "Window Title" and change its value to whatever custom text you want to see.
--------------------------------------------------------------------------------

adding content to Right click credit :

Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path.

First we will add the copy and move options to the right click menu of all FILES.
CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers
Right click the ContextMenuHandlers key and choose New>Key.
Name the new key “Copy To” (without the quotes).
Repeat the above and create another new key named Move To.
You should now have two new subkeys under the ContextMenuHandlers key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Copy To
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Move To
Select the Copy To key and in the right hand pane, double click “Default”
Enter this clsid value as the value data:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
Next , select the Move To key and in the right hand pane set the default value to:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
This now takes care of the Copy and Move options for the right click context menu of all your files.
Now all that is left is to add the same options to the right click menu of all your folders.
The procedure will be the same as for files but at a different key:
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
Right click ContextMenuHandlers and create a new key named Copy To.
Right click it again and create another new key named Move To.
left click on the right hand pane, add the same default values as you did for Files:
For Copy To:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
For the Move To:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
Exit the registry and you are done.
Now when you right click on a file or folder, you should see two new options: Copy to Folder and Move to Folder

Stealing Search Engine Queries with javascript

2007-10-03T03:36:00.000-07:00

Download The PDF Doc here : http://www.spidynamics.com/assets/documents/JS_SearchQueryTheft.pdf

Password Stealing For Dummies

2007-10-03T03:31:00.000-07:00

Password stealing for dummies

... or why Cross Site Scripting really matters

Ever wondered why Cross Site Scripting (XSS) is said to be such a bad thing? Who on Earth clicks on links that are 8 inches long, contain funny characters en masse and still enters valid log-in data? Our little demo shows that XSS can be hidden everywhere and it makes your password an easy prey.

The whole security model of JavaScript depends on the origin of code. Code that comes from the same server as a web page that has just been loaded is automatically trusted; it can therefore read and modify most aspects of such a web page whilst it is displayed in the browser. Cross Site Scripting is a method to grab those rights by pushing malicious code into your browser in a way that makes it appear as if it is coming from the same server as, say, a log-in page.

A little demo

Imagine that this Demo log-in is the regular log-in page of our server. Click on that link to open it, use it, and take a look at the code. It is nothing special, just a plain form submitting the access data back to itself, when you press "log-in". After you click on log-in, your data is sent back to the form in clear text and displayed as "username=" and "password=" in the address bar of the browser window. So, when trying this out, don't use real passwords.

Now imagine that this article that you are reading was a page containing evil code, that had somehow been injected by an attacker. Now we can adjust our demo accordingly. If you press the Demo button below, the Demo log-in page will again open. Note that this is not a fake such as used to be used in old phishing attacks. It is the real log-in page, as you can see by checking the address bar of the new window. You can even check the source code – it's still the same simple log-in form.

However, things are different with this second stage of the demo because our evil code is in control in the background. It plants an invisible bug into the Demo log-in page, that watches what you do. When you click on "log-in", an alert message appears and displays your password. This alert was triggered by that evil code. It grabs the password from the Demo log-in page and instead of displaying your password to you as in the demo, it could easily have sent it to any location on the internet. The log-in page sees nothing of this sniffing done by the evil page and otherwise works as intended.

Demo

Almost all of this could have been done automatically, triggered just by opening this "evil" page. The code could sit in the background and wait for the next time you use the log-in form. Or it could activate a "log-out" link, present some reasonable message about inactivity timeouts and open the log-in window requiring you to log-in again. The only thing you have to do is enter your password – and not even that, if a password manager fills it in automatically. Then theft of your password could be completely hidden in the background. All of this is currently being packaged in exploit modules, so that attackers can generate suitable payloads for their XSS attacks on the fly.

The trick

Clicking on "Demo" activates some JavaScript code. This code opens the Demo log-in page in a new window. Because the Demo log-in page originates from the same server as the JavaScript code – they share the same origin – the latter has all the rights to read and modify attributes of the log-in page as it is displayed in the browser. It uses these rights to attach an additional onsubmit-function that is executed when you click on "log-in", then reads the password from the form properties and presents it in an alert box. This works with almost every browser capable of JavaScript, i.e. Internet Explorer, Firefox, Opera, Safari, you name it.

This type of evil JavaScript code is by no means rocket science. In fact it is very simple and is well known by the bad guys. There is therefore no harm in showing it here:

function open_steal_login() {
 mylogin = window.open("demo-login.html");
 mylogin.onload = function() {
    mylogin.document.forms[0].onsubmit = stealit;
 }
}

function stealit() {
 alert('Your password is: ' +
       mylogin.document.forms[0].password.value + ' !');
}

A click on the Demo link activates open_steal_login(). This opens a new window with "demo-login.html" and the onload function attaches stealit() to the form, after the login page has been loaded. That's about it.

Prerequisite

All that is required is that an attacker is able to place JavaScript code onto a server – or at least to make it look to your browser as if the code originates from that server. That means that he can manipulate all content from that server at will. In general, this can happen on pages with user generated content, that is not filtered carefully enough. Examples are user home pages, forums or classical Cross Site Scripting scenarios with web applications, that reflect parameters like "> back to the user. For such an attack and our demo to work the user needs to have JavaScript enabled.

Remedy

This is a hard one! Don't trust sites that allow others to create pages containing JavaScript. On the other hand, the code could have been inserted via Cross Site Scripting (XSS). So don't trust sites that are vulnerable to XSS. But hey – how would you know which they are? Even the best get hit by that plague – penetration testers claim very high success rates beyond 90 per cent on that one.

Disabling JavaScript completely takes you to the safe zone. But this is not really an option for most of us; too many sites depend on it nowadays. With Internet Explorer you can work with zones and allow Active Scripting only for trusted sites (by the way: the heisec Browsercheck helps you to configure your browser for greater security). If you are using Firefox, you can install the extension NoScript. This allows you to disable JavaScript and carefully build a whitelist of selected servers, that are allowed to execute JavaScript. Additionally it features some XSS protection mechanisms that we have not examined yet. Apart from that, all that can be said is: be careful, stay alert to possible dangers, keep your eyes open and hope for good karma

Samsung Secret Codes

2007-10-03T03:10:00.000-07:00

Software version: *#9999#

IMEI number: *#06#

Serial number: *#0001#

Battery status- Memory capacity : *#9998*246#

Debug screen: *#9998*324# - *#8999*324#

LCD kontrast: *#9998*523#

Vibration test: *#9998*842# - *#8999*842#

Alarm beeper - Ringtone test : *#9998*289# - *#8999*289#

Smiley: *#9125#

Software version: *#0837#

Display contrast: *#0523# - *#8999*523#

Battery info: *#0228# or *#8999*228#

Display storage capacity: *#8999*636#

Display SIM card information: *#8999*778#

Show date and alarm clock: *#8999*782#

The display during warning: *#8999*786#

Samsung hardware version: *#8999*837#

Show network information: *#8999*638#

Display received channel number and received intensity: *#8999*9266#

*#1111# S/W Version

*#1234# Firmware Version

*#2222# H/W Version

*#8999*8376263# All Versions Together

*#8999*8378# Test Menu

*#4777*8665# GPSR Tool

*#8999*523# LCD Brightness

*#8999*377# Error LOG Menu

*#8999*327# EEP Menu

*#8999*667# Debug Mode

*#92782# PhoneModel (Wap)

#*5737425# JAVA Mode

*#2255# Call List

*#232337# Bluetooth MAC Adress

*#5282837# Java Version

Type in *#0000# on a Samsung A300 to reset the language

Master reset(unlock) #*7337# (for the new samsungs E700 x600 but not E710)

Samsung E700 type *#2255# to show secret call log (not tested)

Samsung A300, A800 phone unlock enter this *2767*637#

Samsung V200, S100, S300 phone unlock : *2767*782257378#

#*4773# Incremental Redundancy

#*7785# Reset wakeup & RTK timer cariables/variables

#*7200# Tone Generator Mute

#*3888# BLUETOOTH Test mode

#*7828# Task screen

#*#8377466# S/W Version & H/W Version

#*2562# Restarts Phone

#*2565# No Blocking? General Defense.

#*3353# General Defense, Code Erased.

#*3837# Phone Hangs on White screen.

#*3849# Restarts Phone

#*7337# Restarts Phone (Resets Wap Settings)

#*2886# AutoAnswer ON/OFF

#*7288# GPRS Detached/Attached

#*7287# GPRS Attached

#*7666# White Screen

#*7693# Sleep Deactivate/Activate

#*2286# Databattery

#*2527# GPRS switching set to (Class 4, 8, 9, 10)

#*2679# Copycat feature Activa/Deactivate

#*3940# External looptest 9600 bps

#*4263# Handsfree mode Activate/Deactivate

#*2558# Time ON

#*3941# External looptest 115200 bps

#*5176# L1 Sleep

#*7462# SIM Phase

#*7983# Voltage/Freq

#*7986# Voltage

#*8466# Old Time

#*2255# Call Failed

#*5376# DELETE ALL SMS!!!!

#*6837# Official Software Version: (0003000016000702)

#*2337# Permanent Registration Beep

#*2474# Charging Duration

#*2834# Audio Path (Handsfree)

#*3270# DCS Support Activate/Deactivate

#*3282# Data Activate/Deactivate

#*3476# EGSM Activate/Deactivate

#*3676# FORMAT FLASH VOLUME!!!

#*4760# GSM Activate/Deactivate

#*4864# White Screen

#*7326# Accessory

#*7683# Sleep variable

#*3797# Blinks 3D030300 in RED

#*7372# Resetting the time to DPB variables

#*3273# EGPRS multislot (Class 4, 8, 9, 10)

#*7722# RLC bitmap compression Activate/Deactivate

#*2351# Blinks 1347E201 in RED

#*2775# Switch to 2 inner speaker

#*7878# FirstStartup (0=NO, 1=YES)

#*3838# Blinks 3D030300 in RED

#*2077# GPRS Switch

#*2027# GPRS Switch

#*0227# GPRS Switch

#*0277# GPRS Switch

#*22671# AMR REC START

#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)

#*22673# Pause REC

#*22674# Resume REC

#*22675# AMR Playback

#*22676# AMR Stop Play

#*22677# Pause Play

#*22678# Resume Play

#*77261# PCM Rec Req

#*77262# Stop PCM Rec

#*77263# PCM Playback

#*77264# PCM Stop Play

#*22679# AMR Get Time

*#8999*364# Watchdog ON/OFF

*#8999*427# WATCHDOG signal route setup

*2767*3855# = Full Reset (Caution every stored data will be deleted.)

*2767*2878# = Custom Reset

*2767*927# = Wap Reset

*2767*226372# = Camera Reset (deletes photos)

*2767*688# Reset Mobile TV

#7263867# = RAM Dump (On or Off)

*2767*49927# = Germany WAP Settings

*2767*44927# = UK WAP Settings

*2767*31927# = Netherlands WAP Settings

*2767*420927# = Czech WAP Settings

*2767*43927# = Austria WAP Settings

*2767*39927# = Italy WAP Settings

*2767*33927# = France WAP Settings

*2767*351927# = Portugal WAP Settings

*2767*34927# = Spain WAP Settings

*2767*46927# = Sweden WAP Settings

*2767*380927# = Ukraine WAP Settings

*2767*7927# = Russia WAP Settings

*2767*30927# = GREECE WAP Settings

*2767*73738927# = WAP Settings Reset

*2767*49667# = Germany MMS Settings

*2767*44667# = UK MMS Settings

*2767*31667# = Netherlands MMS Settings

*2767*420667# = Czech MMS Settings

*2767*43667# = Austria MMS Settings

*2767*39667# = Italy MMS Settings

*2767*33667# = France MMS Settings

*2767*351667# = Portugal MMS Settings

*2767*34667# = Spain MMS Settings

*2767*46667# = Sweden MMS Settings

*2767*380667# = Ukraine MMS Settings

*2767*7667#. = Russia MMS Settings

*2767*30667# = GREECE MMS Settings

*#7465625# = Check the phone lock status

*7465625*638*Code# = Enables Network lock

#7465625*638*Code# = Disables Network lock

*7465625*782*Code# = Enables Subset lock

#7465625*782*Code# = Disables Subset lock

*7465625*77*Code# = Enables SP lock

#7465625*77*Code# = Disables SP lock

*7465625*27*Code# = Enables CP lock

#7465625*27*Code# = Disables CP lock

*7465625*746*Code# = Enables SIM lock

#7465625*746*Code# = Disables SIM lock

*7465625*228# = Activa lock ON

#7465625*228# = Activa lock OFF

*7465625*28638# = Auto Network lock ON

#7465625*28638# = Auto Network lock OFF

*7465625*28782# = Auto subset lock ON

#7465625*28782# = Auto subset lock OFF

*7465625*2877# = Auto SP lock ON

#7465625*2877# = Auto SP lock OFF

*7465625*2827# = Auto CP lock ON

#7465625*2827# = Auto CP lock OFF

*7465625*28746# = Auto SIM lock ON

#7465625*28746# = Auto SIM lock OFF

Type *#9998*627837793# Go to the 'my parameters' and there you will find new menu where you can unlock phone.(not tested-for samsung C100)

To unlock a Samsung turn the phone off take the sim card and type the following code *#pw+15853649247w# .

Java status code: #*53696# (Samsung X600)

If you want to unlock your phone put a sim from another company then type *#9998*3323# it will reset your phone. Push exit and then push 7,
it will reset again. Put your other sim in and it will say sim lock, type in 00000000 then it should be unlocked. Type in *0141# then
the green call batton and it's unlocked to all networks. This code may not work on the older phones and some of the newer phones. If it doesn't work you will have to reset your phone without a sim in it by typing *#2767*2878# or *#9998*3855# (not tested)

BSNL hack for Internet

2007-10-03T03:04:00.000-07:00

Free gprs in bsnl

here are the steps to perform:-

Logic: the server has a major bug in it, by which it fails to block two simultaneous connections from the phone and establishes a connection with full internet working,

Supported devices: all phones with multichannel gprs support

For connection on your mobile phone:-

1) Make two connections like bsnlportal and BSNLPORTAL1

(names of profile don’t matter, u can keep one as billgates and shahrukhkhan lol..the basic purpose of names is to enable the user to differentiate between the two accounts,)

2) Select the application you got to have the full connection working on.
Surpassingly “web” now just select “bsnlportal” profile and select a link like wap.cellone.in the page will get open, just press the red button such that the “web” application goes in the background.
Make sure that the gprs connection is still established with the web app. Two parallel lines on the top left of the screen will confirm this

3) Now open any other app that requires web connection like opera. Select BSNLPORTAL and open any other link like wap.google.com, u will get error –

the aim of using the other app is to perform multi-channel gprs,
this is verified by seeing some dots on the pre-existing connection established by “web”

(step 2)

“Access denied.

Technical description:
403 Forbidden - You are not allowed to communicate with the requested resource.”

4) close opera and open web and open a site like esato.com

5) if everything is done as said here then esato will load and voila! We have the whole internet!

For connection on pc.

1)create a connection and enter the number to be dialed as *99***1#

2) enter the following string as extra initialization command

3)now dial from pc, the connection will be established

4)pick the phone and open “web” open “wap.cellone.in” the phone shows error .

5) close “web” and then from the browser open www.google.com
and voila! The whole intenet is here

settings for profiles

apn: celloneportal
ip: 192.168.51.163
port : 8080

leave other fields blank as they are of the least concern!

the browser settings on pc too go the same as mentioned above!

Airtel Hack for free internet

2007-10-03T02:59:00.000-07:00

You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( It’s FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for your mobile’s modem.

4) Create a new dial-up connection using the NEW CONNECTION WIZARD as follows

Connecting Device : Your mobile’s modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2# / Try 99***1
Username and Password : blank

5) Configure your browser and download manager to use the proxy 100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2 kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get “Access Denied…”(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address , press ENTER and…….WAIT

9) After a few seconds the page will start to load and you have the
WHOLE internet at your disposal.

TWO

Under DATA COMM
~~~~~~~~~~~~

APN : airtelfun.com

USERNAME : blank

PASSWORD : blank

PASS REQ : OFF

ALLOW CALLS : AUTOMATIC

IPADDRESS :

DNSADDRESS :

DATA COMP : OFF

HEADER COMP : OFF

Under INTERNET PROFILES
~~~~~~~~~~~~~~~~

INTERNET MODE : HTTP or WAP (both worked for me)

USE PROXY : YES

IP ADDRESS : 100.1.200.99

PORT : 8080

USERNAME :

PASSWORD :

No Risk Here, Try it and Enjoy

THREE

1st go to settings menu then to connectivity tab now choose the option Data comm. then "DATA ACCOUNTS" go to new account now the settings r as follows
ACCOUNT TYPE:GPRS
NEW ACCOUNT NAME:A1
APN:airtelfun.com
usr name: (blank)
password: (blank)

now save it
NOW!
go to Internet Setting in connectivity here choose intrnet profile--go to new profile setting are as below
NAME:A1
CONNECT USING:A1(which was created in data comm.)
save it
now u would be able to see it now selest it and take "more" option then select setting here in use proxy option it will be selected no if it is no then change it into yes
now go to proxy adress and give the adress as
100.1.200.99 and then the port number as 8080
Usr name:
password:
now save all the settings u made . come back 2 connectivity
choose streaming settings now in connect using option choose a1 that we created leave the use proxy option as no itself
THESE R THE SETTINGS
now access airtellive! from ur activated SE phone goto VIDEO GALLERY OR VIDEO UNLIMITED(varies according to states) choose live streaming then choose CNBC OR AAJTAK WHILE CONNECTING TO MEDIA SERVER cancel AFTER 9 or 10 sec then type any web adress if it shows access denied then once again select CNBC and wait for a few more sec than before if its fully connected also no prob its free then cancel it or if ur connected then stop it and the internet is ready to take of .GOOD LUCK SE AIRTEL USERS

alternate

For All Airtel Users

Requirements:
1. Airtel live (available 4 free)
2. Nokia series60 handset eg 6600,6630,n series,7610,6670 etc
3. Opera wap browser 4 mobile
Procedure:-

1. Go to ur connection settings and make a new internet profile using the default settings of airtel live. name that new profile as nething(for eg masala); change the home page of that profile to nething u like for eg www.google.com.

2. Go to ur Opera browser and set the default connection as AIRTEL LIVE. this is the original settings u received thru airtel.

3. Go to the services(in n6600) and Web(N6630) and change the default profile for connection as masala (newer one).

**Note: always make sure that ur access point is airtelfun.com

Apply:-

1. Open Opera and u will see that homepage of Airtel Live is opened. Minimize the application.

2. Now open web using the duplicate Profile and u will see that two gprs connections will work simultaneously and at the web or the services page it will show "Unable to connect" or any error. well thats the signal of ur success.

3. Simply go on the Opera with web on and open any site u want for free. No Charges No nothing.

U can also use it through ur computer..........

someone said dis too

The main principle behind this is we hav 2 fool the bsnl techies 2 activate portal and thus get gprs activated / get "G" signal on ur cell as bsnl portal (wap.cellone.in) needs "gprs signal on ur cel (whether gprs is formaly activated/registerd or not (by my method )i dont know)

NORMALLY THEY DONT DO THAT INSPITE OF THE FACT THAT THEY SHOULD ACTIVATE GPRS SIGNAL SERVICE FOR PORTAL!!!
AND THEY WILL GIVE U NO OF REASONS----
---THAT portal is message based , so go to cellone icon in menu and use that sms based portal (what the f**k)
---THAT portal service will be activated when u will activate gprs by filling up form and registering at nearest CCN!!
---THAT ur handset has some problems (if u say that "G" signal is not present)
----etc,etc!!

U HAVE 2 ACTIVATE PORTAL FIRST WHICH IS FREE AND U CAN EAT UP CC'S FOR THIS REASON!!
SO WHAT U HAV 2 DO IS--
1) SEND PORTAL to 3733 AND CONFIRMATION SHD COME WITH 5 MIN AT-MAXIMM !!
2) SEND FOR ATLEAST 20-30 TIMES (CAN B ANY MORE THAN THAT)
JUST S**K UP THE NETWORK(3733) WITH THESE MESSAGES !!!
THAT'S FREE NO!! BOTH ON POST AND PRE!!
3) NOW ALONG ALSO SEND 20-40 SMS AS GPRS TO 3733
(NO OF SMS DIRECTLY PROPORTIONAL 2 HATE FOR BSNL AND HOW EARLY U WNAN GET UR GPRS ACTIVATED) this is also free both on post and pre!!
4) U WILL GET CONFIRMATION IN BOTH CASES AND MSG TELLS U 2 GET SETTINGS FROM 9400024365, THE NO OF CC!!
HERE AT MY PLACE I CAN DIAL 9419024365 ALSO!
BOTH R TOLL FREE AND BOTH R LOCATED IN CHANDIGARH!!!
(((((((AND SOME OF THE CC'S SAY they cant give such sensitive information that where they r located, as if thay have a 3 rd world of their own! and the other dumbs said that they r in chandigarh!!!!)))))

I WOULD ADVISE ALL FIRST, 2 call them once 2 get the settings!!
(most of the times that is incorect but gives u an idea of settings in ur area))
Try and in ur 1 st call only,
talk roughly and tell them u r calling 10-20th time just for settings and is that their service!!!
5) Now when u get them save them AND plz post them here!!!
6) now GET ATLEAST 2-3 COMPLAINTS REGISTERED( each after 1 day) THAT UR PORTAL HAS NOT ACTIVATED AND GET THEIR SERIAL NO.
and in the end bombard them abt the status of all those complaints !!
b4 registering ur complaint they will hesitate much and always say taht they will b sendin new settings which r accurate! but dont belive them and just register complaints!!
6)AFTER THAT, u have 2 only wait until "G" signal is there on ur screen!!

LOOK, WHAT I HAVE WRIITEN ABV IS METHOD by which i got activated my "G" service !!! without fillin any form or such and without any money drain!!
may be since it bypasses the formal way of registeration, that is why this trick is working !!!!!!!!!!!!

U may also Try this

first open ur msg window and type LIVE and send it to 2567 so that after 5 min u get the setting of Airtel Live or if u have already no need for this procedure. now then open that setting and copy all the settings from it and create one access point manually which has all the settings like Airtel Live has. now only one change will be there and it would be in access point name which is "Airtelmms.com" instead of originally "Airtelgprs.com". ok u've done it just active that setting and access free airtel gprs on ur phone.

a recent comment says dat

Guys i tried and its working, I'm using airtel chennai,..the Method TWO worked, also i request everyone to change the Phone number from *99***2 to *99***1 and its working,.. it'll get connected at 462.8kbps but its the speed between the phone and your computer but actual BAndwidth is 42kbps

Ur e mail can be intercepted ! check how!!

2007-10-03T02:51:00.000-07:00

Top 10 Places Your Email Can Be Intercepted

The Internet has radically changed the way we communicate with each other. Email is obviously
an extremely valuable and ubiquitous form of communication, but with this technology comes
certain pitfalls that should be understood. The path that an email message takes to reach its
recipient is a complex and varying one, and while in transit that message may come under the
potential scrutiny of numerous different people and organizations.

We will attempt to outline the varying paths that an email message may travel, and who some of
those different people and organizations might be under whose scrutiny the message may pass.
The intention of the document is not to provide a how-to guide; the only specific technique that
will be discussed, packet sniffing, is one that anybody with any technical networking knowledge
whatsoever is already familiar with – which brings us to an important point. At a round number,
there are probably at least a million people in the world with the requisite technical knowledge
necessary to intercept Internet-based email. Yes, I said a million. (There are actually probably a
lot more than that - maybe several million by now, and more everyday as the populace becomes
more networking-literate.) Fortunately, the number of those people who actually have the
physical access necessary to intercept email is much smaller, but it is still a very large number.

The Internet
The Internet is composed of numerous different interconnected networks and systems that
collectively provide a backbone for the transmission of network traffic. It is a highly dynamic
physical environment: a system or network device that is here today may be gone or reconfigured tomorrow, and the underlying protocols of the Internet will automatically detect and accommodate for this change. This dynamic nature is one of the things that make the Internet so powerful. However, given the dynamic nature of the Internet, it is impossible to absolutely predict exactly what path network traffic will follow. One email message that you send could take an entirely different path to reach the recipient than another that you send to the same person. In fact, it is even worse than that: for the sake of efficiency, email messages and other network traffic are typically broken down into smaller little chunks, or packets, before they are sent across the network, and automatically re-assembled on the other side. Each of these individual packets may in fact follow a different path to get to the recipient! (In actual practice, a given path tends to get reused until the operational parameters of that or other related paths have significantly changed.) The net result of all this is that your message, or at least little chunks of your message, travels through an indeterminate set of systems and network devices, each of which offers a point of interception. These systems may be owned or operated by corporations and non-profit organizations, by colleges, by governments and government agencies, or by telecom and other connectivity providers. Given such a widely divergent group, it is easy to see how either an unethical organization or a renegade employee may easily gain access to the messages and traffic crossing their systems. All of these factors combine to make the Internet itself the primary source of message interception points.

Internet Service Provider (ISP) All Internet traffic to and from your machine flows, by definition, through the systems of your
Internet Service Provider (ISP) – the ISP is your connection to the cloud. Your ISP, a renegade
employee of your ISP, or someone working in cooperation with your ISP can intercept and read
your email with ease. (This is why the fed targets ISPs for Carnivore implementations.)

Interception by Internet Service Provider

Most ISPs are highly ethical and have the best interests of their customers at heart; however,
there have been instances of less scrupulous ISPs taking advantage of the trust their users place
in them. There was a case in San Francisco where an ISP was charged with multiple counts of
intercepting email traffic between January and June 1998 from one of their business customers,
namely Amazon.com, and forwarding the insider information contained therein to a competitor.
They settled the case with prosecutors in November 1999. There have been other instances of
this type of behavior, but these cases are frequently settled with relatively little press. This is not just limited to small ISPs however; in the case of a large ISP it is much more likely that it is a
renegade employee intercepting messages than the ISP itself, but the ease of interception is just
the same.

Yet another more recent development in ISP-based message interception that has seen a lot of
press lately is the federal government’s desire to utilize mechanisms such as the Carnivore
system to intercept email messages and other Internet traffic. The primary complaint about a
system such as this is that it intercepts all Internet traffic from all users of the ISP – it in essence intercepts and surveys everybody to find the one it is looking for. Concerns have been raised regarding what will happen with the balance of supposedly superfluous information.

Email Provider
All email messages sent to and from your email account obviously have to travel through the
systems of your email provider. In many cases, your email provider is the same entity as your
ISP, but with the prevalence of free email providers and other email hosting services, many more people are using email accounts provided by someone other than their ISP. An email provider has very easy access (as easy as that of the ISP) to the content of your messages when those messages pass through their server.

Interception by Email Provider

Office
Email sent from an office computer must typically travel extensively across corporate networks
and backbones prior to reaching the cloud itself (to reach which it may possibly also have to go
through a commercial ISP.) While traveling across the corporate network, messages are
effectively open to interception by many different people such as coworkers (in addition to people who may legitimately have an interest in auditing messages such as system administrators or security officers.) Corporations also typically act as email providers for their employees.

Interception Points in a Corporate Environment

Some companies have relatively good control over their internal networks and have implemented controls and procedures to eliminate this sort of thing, but in many more companies (most companies, actually) it is as simple as running a packet sniffer on your machine and you are able to intercept all the traffic traveling across the corporate network or at least the local subnet. There are countless well-documented incidents of this type, covering the entire range from corporate spying to renegade employees acting alone.

Hotel/Conference Center/Internet Café
Many luxury and business-class hotels and conference centers provide Internet connectivity as
part of their standard service offering. This is an extremely convenient service, but it is also a
significant security risk if not structured correctly. The hotel or conference center’s internal
network has close parallels to a corporate network, and typically either hotel employees or other
guests may intercept traffic on this type of network with great ease. In a hotel or conference
center access to the internal network is effectively open to anybody willing to book a room.

Hotel/Conference Center Interception Points

Try this – the next time you book a hotel or conference center that offers Internet connectivity,
inquire as to the measures that have been taken to protect traffic on the internal network, not just from external attacks but from internal attacks as well. See what the response is…
Internet cafés take this security risk to an entirely new level. When you sit down at an Internet
café and start sending messages, the person sitting immediately next to you could be intercepting and reading everything you say!

Housing Provided Connectivity
Many condominium and apartment complexes are starting to offer built-in high speed Internet
connectivity as an incentive to prospective tenants. This is very similar to the hotel/conference
center model and has the same risks and concerns – if anything, however, an internal network
owned and administered by a property management company is probably likely to be less well
administered and protected than an internal network owned by a large hotel chain – at least the
hotel chain probably has corporate IT standards that they ostensibly must follow.

College/Trade School
Colleges and trade schools are another hotbed of interception activities. College networks are
typically reasonably similar to corporate networks, and pose the same risks and opportunities for traffic interception. However, in a collegiate culture there is typically more ‘hacking’ type activity going on, and thusly the risk of interception is probably greater than in a corporate environment (though the value of the transmitted information is typically much lower.) Colleges typically provide students with their own email addresses, and also typically have a somewhat distributed physical environment.

Interception in a College Environment

Local Loop
Connectivity provision solutions such as cable modems and other broadband technologies use a
‘shared local loop’ network model. This means that all cable modem traffic in your local
neighborhood is traveling across a shared physical wire or set of wires, albeit modulated to
unique frequency ranges. This is typically the same physical wire that also carries other services
such as cable television to your house.

Local Loop Interception

While intercepting your next door neighbor’s email messages isn’t quite as easy as just running a
packet sniffer on your machine (there is some little bit of hardware that you need as well), it is not at all that difficult to achieve - the technique is reasonably well documented in certain circles. The same technique applies to tapping into the loop itself.
Metropolitan Area Networks and Wireless Networks
Metropolitan Area Networks (MANs) and wireless networks are just starting to be implemented
in the US – other countries, however, have already expended significant effort in attempts
to provide Internet connectivity to their major metropolitan areas. In some models, this
effectively makes local government the ISP, while in other models the local government provides the network connectivity while a commercial ISP provides the actual Internet connectivity.

Regardless, this introduces yet another entity who has access to intercept and scrutinize your
messages.

Interception in a MAN environment

Wireless network connectivity intuitively seems to provide yet another illicit network access point by allowing interception of the transmitted signals; however, most wireless networking protocols have privacy-enabling technologies built in to their design, and thusly interception of the transmitted signals is not effective. However, traffic may typically be intercepted at the wireless access point (the base station for the antenna) when it is converted to wired networked signals, though this is protocol dependent and the protocol designers are busily at work trying to find a solution for this problem.

Interception at Wireless Network Access Point

Conclusion
There are many places where email messages can be intercepted in transit. This document has
attempted to outline only the most pervasive of access points into the overall network, but the
Internet is a highly dynamic and rapidly changing physical environment and thusly Internet traffic will, for the foreseeable future, be subject to multiple points of attack in transit. The points of attack have all been illustrated from the standpoint of the message sender, but it is important to note that they all exist on the recipient’s side as well.
There is no way to stop people from intercepting your email messages. The only thing you can
do to protect the privacy of your messages is to encrypt those messages so that, if intercepted,
they cannot be read and will be of no use. This is the nature of the Internet.

Internet Stuff Tricks n Hacks

2007-10-03T02:49:00.000-07:00

Change Yahoo messenger title bar

Hey guys you can change the yahoo messenger title bar...
For this just find the folder messenger in the drive in which the messenger is installed. Then search a file named "ymsgr". In this file just go to the end and write the following code:
[APP TITLE]
CAPTION=Red Devil
Here you can write any name in place of Red Devil... then see the fun.... You can have your own name being placed in yahoo messenger title bar.

Enable Right Clicks on The Sites Dat Disable it

Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.

It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.

You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.

Hacking Password Protected Websites

2007-10-03T02:44:00.000-07:00

warning : For educational purpose only

Here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting [ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.your-target.com .

Try typing www.your-target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.your-target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.

For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.your-target.com . We find it's hosted by www.host.com at 101.101.101. 1.

We then go to 101.101.101.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.

Webmail hack and Some Other Hacking Videos

2007-09-30T23:44:00.000-07:00

Webmail Hack

Msn and Hotmail Hacking

Yahoo! Messenger Ghost hack

Easy way to hack Yahoo Messenger through NetBIOS

Yahoo simplepassword hacking

Some Crazy Videos

2007-09-30T23:36:00.000-07:00

Russian Jumping

SQL Injection

SQL INJECTION, Getting To The Admin Control Panel

Hacking College Networks

Hacking DNS

Password Hacking

Hacking myspace accounts

Hacking Myspace Passwords

Orkut Tricks

2007-09-28T04:20:00.000-07:00

Unlimited Photos at Orkut

Orkut is the most popular social networking website, next only to myspace. In the orkut
profile the user can only upload 12 photos. But now you can show unlimited number of
photos using the Flickr RSS Feed option. However you can do so also with the
feed of Picasa. Actually this method can be used for any
image hosting service which supports RSS photo-feed.

The process if very simple ::

* In your orkut profile, on the left site, click on “edit feeds”.
* Now you will find a URL box, in which you have to enter the address of the RSS feed of your image hosting service like Flickr, Picasa etc.
* Make and find yours on your flickr home page.
* On Submitting and verifying the code, you will find your snaps on orkut.
* Adding images
Copy and paste urls ending in .jpg, .gif, .png or .bmp and the image will appear in the scrap.
for example, http://example.com/example.jpg

* Adding videos from YouTube and Google Video
Copy and paste the url and the video will appear in the scrap.
for example, http://youtube.com/watch?v=videoid
* Adding podcast/audio Copy and paste the url of an audio file and an audio player will appear in the scrap. for example, http://example.com/example.mp3
* Adding html-embeddable objects Create or upload your content at sites such as photobucket.com, imageshack.com, rockyou.com or slide.com. Copy and paste the html embed code to share it with your friends.

1)The Most Wanted

* Orkut Flooder

1. please dont missuse this code
2. your account will get freezed for some time
3. who cares

copy and paste this code in your Scrapbook's Address Bar
(Remove the "##" wherever you get)
j##avascript:i=0;sar=document.getElements##ByTagName ('TEXTAREA').item(0).##value;document.body.inner##HTML+='
##';document.forms[1].target='TextFlooding';
setInterval(" document.g##etElementsB##yTagName('TEXT##AREA').item(0##).
val##ue=sar +' '+ i;a=submi##tFo##rm(documen##t.fo##rms[1], 'sub##mit', '');i++",20##00);vo##id(0)

Trick Number Two "STAR":

Try &#9733 in your scrap book editor box above your Scraps and Write Your Message

Voila!! a STAR comes up Before ur Message. isnt it Cool

Drop in Your Comments Please

also see trick : 21

3 ) Secret Writings in Orkut :

I came across the tip some time back which will allow you to write scraps in reverse order... more like mirror image llits quite common now but Still

write this code at the beginning of the scrap without quotes
"&#8238"

4) Many of u Won't Know this : Rahul

You can see where all of your orkut friends are located by checking out the new "friends map" feature. This feature combines Google Maps and orkut profiles to let you see where all of your friends live around the world. To see the "friends map," just follow these steps:
1. Click the "view friends" link in the "my friends" box on your orkut homepage.
2. Click the "friends map" tab at the top of the page.
You can click on a friend’s profile picture to see their location on the map. Please know that if we don't have map data for a particular region or if your friend chose not to put their location in their orkut profile, you'll see a message "(not on map)" below their profile name.
You can also click on the "tiny little blue men" to see your friends' locations. By clicking on one of these figures, a bubble will pop open to let you know which friend lives in that location.

Trust me an Intellegent Feature of Orkut

While U are singned in at Orkut : click in The Link Below: its Gr8

Or copy and Paste the following in Your Address Bar

http://www.orkut.com/Map.aspx

5)Watch the Pictures of ur Friends in Action:

copy and paste this code in your Scrapbook's Address Bar

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images;
DIL=DI.length; function A(){for(i=0; i##<##D##IL; i++){D##IS=DI[ i ].st##yle; D##IS.position='absolute'; D##IS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DI##S.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0)

6) Blank Scrap

How to write blank scrap / blank post ?
If you like the service, please do refer your friends to use our free service by clicking HERE

For writing blank scrap, follow the steps:

1) Open any scrapbook.
2) Write [i] in the scrapbook.
3) Do NOT write anything else in the scrapbook, and submit the scrap.
That's all.
NOTE:
You can also use [b] tag instead of [i] tag
You can also use this method to post a blank entry in any community forum.

You can try these various combinations also if u want to send a big no of invisible scraps, as after your few submissions it will start displaying the message "message sent too recently". So try these combinations out:
[u]
[b]
[i][u]
[i][b]
[u][i]
[u][b]
[u][i][b]
[i][u][b]
[i][u][b][i]

7) Colorful Scrap

For writing multi colored scrap, follow the steps:
1) Open any scrapbook.
2) Write your message in the scrap. Do NOT click on submit.
3) Copy the following text and paste it in your address bar
(REPLACE - ##)
javasc##ript:cor=new Array('aqua','blue','fuchsia','gold','gray','green','lime','maroon','navy',
'olive','orange','pink','purple','red','silver','teal','violet', 'yellow' );var z=0;txt=document.
getElementsByTagName('tex##tarea')[0]
;txt.##value=txt.
va##lue.replace(/(.)/gi,"§$1");txt.value=txt.value.replace(/\§ /gi," ");for(y=0;y<##txt.value.length;y++)
{txt.##value=txt.v##alue.replace
(/\§/,'['+cor[z]+']');z++;if(z==cor.length){z=0}}void(0)
4) Hit ENTER key .
5) Click on Submit
n ur scrap is now multicoloured

8) How to make your name invisible in your profile?

For making your name invisible follow the steps:
1) Click on edit profile
2) Type ALT + 0173 in your first name and last name. (i.e. Type 0173 while pressing the ALT key of your keyboard.)
3) Click on Update

8.1) Make your Picture invisible in your profile !

In MS Paint, create the smallest image possible and den upload it I.E. 1X1 pic!!
virtually unclickable ! n u are invisible now !!

9) Image Expander

To expand the display image of any profile

1) Open any profile whose display image you want to expand.
2) Copy the following text and paste it in your address bar

jav##ascript :mwunm=128;void(setInterval("mwunm++;
document .images[2].width=mwunm",5))

3) Hit ENTER key of your keyboard.

10) Double the size of your Friends Image

Follow the steps:
1) Open any profile whose friends' images you wish to double.
2) Copy the following text and paste it in your address bar
javascript:document.body.innerHTML=document.body.innerHTML.r
eplace(/small/g,"medium");void(0)
3) Hit ENTER key

11) Image Roller
Follow the steps:
1) Open any page that contains images.
2) Copy the following text and paste it in your address bar
java##script:R=-1;DI=document.images;DIL=DI.
length;func##tion A(a,b,c){return Math.sin(R/350*6.28*b+a)*c+c}function B(a){DIS=DI.it##em(a).style;DIS.posi##tion='absolute';
DIS.left=A(0,7,300);
DIS.top=A
(1.6,6,150)}setInterval('R++;B(R%DIL)',15);void(0)
3) Hit ENTER key

12) Increase Fans ( Working Code ) Really Amazing
Follow the steps:
1) Create a fake account or simply login with ur friends Id.. and add yourself as a friend there.
2) Visit the FRIENDS page by logging into your just created fake account or the Friends account.
3) Point your cursor on the fan icon () beside your real profile. Note your status bar. It should be showing something like javascript:setKarma('FRUS*******/US*******'). Note the code FRUS******* and
US******* somewhere. Now, click on the star so as to make your fake account a fan of your real account.
4) Copy the following code to your address bar (The location where you type http://www.orkut.com ). Replace FRUS******* and US******* in the following script with the one you noted in the above step.
javascript:function cmd(){window.location="/setkarma?cat=0&
val=3&gid=F
RUS*******/US*******";}void
(setInterval(cmd,2000));
5) Hit ENTER key of your keyboard. The page will keep on reloading and your fans will keep on increasing with an approximate speed of 6 fans per second untl you close the window.

13) Mirror Links
These links if clicked redirects the person who clicked to his/her profile..
U can use these in Your Profile like :MY best frnd" and any one who clicks on these links u define will see hes/her own profile.
this will give out d profile:
http://www.orkut.com/Profile.aspx???2pid=11731517960896443124
this will give out the Album :
http://www.orkut.com/AlbumView.aspx?2uid=3492118394569816171
this will give out the Scrapbook :
http://www.orkut.com/Scrapbook.aspx?2uid=6849219260034274333

14) Make ur Page Colorful
1) Open your scrapbook.
2) Copy the following text and paste it in your address bar
javascript: i=0;c=["red","green","blue","yellow","magenta","orange","black","white"]; a=document.links;setInterval('i++;a[i % document.links.length].style.color=c[i % c.length]',10);void(0);
3) Hit ENTER key

15) A Java Trick that Pops Message " Ur Account Is Hacked"
javascript:function reverse() { var inp = " ! luhaR yb dekcah si tnuocca tukrO ruoY "; var outp="";for (i = 0; i <= inp.length; i++) { outp =inp.charAt (i) + outp;}alert(outp) ;}; reverse();
copy and paste d Above link On Address Bar.. n replace "luhaR" by ur own Name.. n send it to ur friends
Or u can Manually create Any kind of Alert Box by
javascript:alert(" TYPE ANY MESSAGE HERE TO APPEAR IN ALERT BOX ")
copy and paste d above in the address Bar,

16) Watch the Pictures With a Snake Effect
javascript:R=-1;DI=document.images;DIL=DI.length;function A(a,b,c){return Math.sin(R/350*6.28*b+a)*c+c}function B(a){DIS=DI.item(a).style;DIS.position='absolute';
DIS.left=A(0,7,300);DIS.top=
A(1.6,6,150)}setInterval('R++;B(R%DIL)',15);void(0)

17) Negative Posts : u see the Posts in negative numbers
javascr##ipt:sar=document.getElementsByTagName('input');document.
body.innerHTML+='';doc##ument.
forms[1].target='NegFlood';omdt_low##posts=
setInterval("sar['topicId'].value='';sar['commId'].value='';sar['messageId'].
value='';submitForm(document.forms[1],'delete','')", 1000);void(0)
Note: You need to be the author/Creator of the topic in the Community to be able to use this .......

18) Try These Cool Font Generators : Its Easy
First Write Your Message in the Scrap Text Box . After you Are Done with typing your message
Simply Copy and Paste these Links In the Address Bar above the same page( scrapbook page )
(Remove ##)
javas##cript:var txt=document.getElementsByTagName('text##area')
[0];txt.value=txt.val##ue.
replace(/A/gi,"Å");txt.value=txt.value.replace(/
B/gi,"ß");txt.value=txt.value.
replace(/C/gi,"©");txt.value=txt.value.replace(/
D/gi,"Ð");txt.value=txt.value.
replace(/E/gi,"Ë");txt.value=txt.value.replace(/
F/gi,"ƒ");txt.value=txt.value.
replace(/i/gi,"î");txt.value=txt.value.replace(/
s/gi,"§");txt.value=txt.value.
replace(/o/gi,"ø");txt.value=txt.value.replace(/
u/gi,"µ");txt.value=txt.value.
replace(/r/gi,"®");void(0);
This is the Second One
java##script:cor=new Array('u','b','i','u');v##ar z=1;txt=document.getElementsByTagName('text##area')[0];txt.
value=txt.value.
replace(/(.)/gi,"§$1");txt.value=txt.value.replace(/\§ /gi," ");for(y=0;y##<##t##xt.v##alue.le##ngth;y++){t##xt.
valu##e=t##xt.value.rep##
lace(/\§/,'[/'+cor[z-1]+']'+'['+cor[z]+']');z++;if(z=
=cor.length){z=1}}void(0)

19 ) Lame trick to frustate someone:
just creeped to my mind so m sharin wid you.
The best link to setup as your homepage is https://www.orkut.com/GLogin.aspx?cmd=logout
When someone click on this the person will be logged out from his/her orkut session

20) Speed up Logging to Orkut.
Bookmark the following link and use it to login into orkut!
https://www.google.com/............www.orkut.com%2FGLogin.aspx
The above link directly opens orkut login box! So it is faster than normal orkut login.
try it. u ll love it

21) Adding Special Symbols in Scraps !!!!!!!!!!!!!!!

This is a much awaited trick on Orkut very less users know about it be d one n Impress ur friends !! here it is

Press alt key and d following 4rm num pad ...

alt + 987 - █
alt + 1 - ☺
alt + 2 - ☻
alt + 3 - ♥
alt + 4 - ♦
alt + 5 - ♣
alt + 6 - ♠
alt + 7 - •
alt + 8 - ◘
alt + 9 - ○

alt + 0178 - ²
alt + 0489 - é
alt + 0756 - ô
alt + 0742 - æ
alt + 0719 - Ï
alt + 0739 - ã
alt + 0729 - Ù

the same way many combinations can be tried..

24) Decrease count of posts in a community !

You must be the Author of the post to perform this trick.
Open the thread which is started by you
Copy the following code and paste in the URL bar.
(Remove ##)
java##script:sar=document.getElementsByTagName
('input');document.body.inner##HTML+='="NegFlood" width="0" fram##eborder="0" height="0">
';document.forms[1].target='Ne##gFlood';omdt_lowposts=
set##Interval("sar['topicId'].
value='';sar['commId'].value='';sar['messageId'].value='';
sub##mitForm(doc##ument.forms[1],'delete','')", 1000);void(0)

25) See All Pictures Of Album In Fullsize At A Time !!

Use This CODE:
(remove ##)
jav##as####cript:d=document.body.innerHTML; m=d.match
(/http:..images3.orkut.com.imag##es.mili##eu.{1,99}jpg/gi);
for(z=0;z<##m.len##gth;z++){g=n##ew String(m[z]).replace(/mil##ieu/gi,'album');
wi##ndow.open('','al##bum').document.write
("")};void(0)

*Method To Use*
Open Andbody's Album You Want To See
Just Paste This CODE & (Press Enter)or(GO)
it works

26) Crazy script: !!

javas##cript:R=-1;DI=document.links;DIL=DI.length;function A(a,b,c)
{return Math.sin(R/350*6.28*b+a)*c+c}function B(a
){DIS=DI.item(a).style;
DIS.position='absolute';DIS.left=A(5,100,500);
DIS.top=A(5.6,60,150)}setInterval('R++;B(R%DIL)',15);void(0)

27) Have LONGGGGGGGGGGGGGGGGGG Name .. Best one !!
create a new profile.
and while u sign up on google account page first run this script

javascript:var i=0;function de(){i=i+1;document.forms[0].elements
[10].maxlength=200;}void(setInterval(de,300));

then run this script

javascript:var i=0;function de(){i=i+1;document.forms[0].elements[11]
.maxlength=200;}void(setInterval(de,300));

then write a first name of exacty 200 words. no more then write the second name of exactly 200 words.
-----------------------------------
the purpose of the script is to limit u to 200 so that u wont excede the google
limit
-----------------------------------

28) Testomonial flodder !! The Best one .. never seen

javascript:var i=0;function hkhj(){i=Math.floor(Math.random()*123467891234567890987654321);
document.getElementById('countedTextbox').
value="Soo how you like this messing up with me \n
Orkut Testimonial Flooding Script \n Programmed By \nhttp://rahulhackingarticles.wetpaint.com \n Counter:: "+i;
submitForm(document.getElementsByTagName('tr').
item(15),'submit','');}void
(setInterval(hkhj,750));

perfect one
i dont need to tell u what to do. !
please post a comment if u liked it !!

29) Scripts for Flooding Replies in Topic !!
javascript:function cmd(){var msg="your message here";
var i=Math.floor(Math.random()*987668764);document
.getElementsByTagName('input').item(2).value
=msg;document.getElementsByTagName('TEXTAREA').
item(0).value=msg+"counter:::"+i;document.getElements
ByTagName('input').item(6).click();}void(setInterval(cmd,350));

dose who can trick how to run dis will only be able to run it
m sorry cant disclose it or i will be kicked out of many communities..

30)Community Topic Flooder !!
(Remove ##)
javas##cript:i=0;sar=doc##ument.getElementsByTagName('TEX##TAREA').
item(0).
value;docu##ment.body.in##nerHTML
+='
';docum##ent.forms[1].target=
'Tex##tFlooding';
setInterval("document.getElemen##tsByTagName('TE##XTAREA').
item(0).value=sar
+' '+ i;a=su##bmitForm(docu##ent.forms[1], 'submit', '');i++",
2##000);void(0)

same here buddies u have to crawl ur way to run it.. it works n is easy to do so !!

31) Join Communities in Bulk !!

Just Put Any Community Id You Want To Join For Ex :cmm=18256080
5o,75,100 How Many You Want
And Open Your Scrapbook.aspx?
Paste The code It Will Join All Communities According to Comm Id's Given In The Script
code:
javascript:i=0;cmm="6348046","7579260","6349476","
17726544","18601321","117201","5139875","4634310"];
a=document.forms[1]; a.target='f'; setInterval("i++;a.
action='CommunityJoin.aspx?
Action.join&cmm='+cmm[i%cmm.length];a.
submit()",5000);

howws Dat!!

32) Make urself invisible !!

Hey there .. ll i was thinking about it from past so long.. but it was really easy just d case it dint strike me..
however here i present dis flawless trick !!

in ur names(first and last)

hold "alt" n while holding it type 0160 4rm da number pads on da write sides..
type this thing in ur first as well as last name...u'll get it

or

on the first and last name section
while holding down up button press enter +insert button together.

simply erase your picture n u are invisible now !!

whats say??

do post ur comment if u can defy laws and can create some cool trick !!

33) SURF ORKUT EVEN FROM PLACES WHERE ITS BLOCKED!!!!

here are some proxys..
just type in http://www.orkut.com in companies or colleges where its blocked n enjoy

* www.mathtunnel.com
* www.gravitywars.com
* www.kproxy.com
* www.calculatepie.com
* http://www.anonymizer.com/

post more if u know them !!

34) Scrap Formatter !!

right click and open in a new window.. this is a good tool
click here

35) Amazing Smilies !!

right click and open in a new window.. this is a perfect tool
click here

36) Delete Topic from a community !!
You need to be the creator of the topic. You NEED NOT be the owner of the community.
Open the topic created by YOU.
Copy the following code and paste in the URL bar.

java##script:submitForm(document.forms[1],'delete_
entire_topic','');void(0)

37) Secret messages : good one
You can send a secret message to your friends from these sites.
Enter any one the following sites. Enter your message in the text box and click ENCRYPT (click it as many times as you want to make it more secure)
Copy the encrypted code and paste it in the scrapbook of your friend. Your friend can copy this code and paste it in the same page and click DECRYPT till he get meaningful message.

Here are the links - Onnet and Crazy Souls.
This is not a secure way as any one can copy the message and decrypt it till they get a meaningful message.

38) This iz d Orkut Statistics Page ...

Get 2 know who dominates Orkut ....

http://www.orkut.com/MembersAll.aspx

39) How old r u at orkut ?????
U wanna no u are which member 2 join orkut ????
Right click on the profile photo and opt for 'save image as'. You would see a number for your photo, that's the orkut membership no.
Eg. You are 22,335,123.

Access ORKUT On Your Mobile Phone or PDA

Here is a tip for all Orkut users… Have you ever tried to access orkut on your mobile browser, or even OPERA MINI. If you have tried, you must surely know what happens……….

Let me tell u for those who have not tried it..
The login box does not appear…. As a result you cannot sign in and therefore, to say as a whole, ORKUT CANNOT BE ACCESSED ON MOBILE!!!!!

But here is a trick for all to ACCESS ORKUT ON YOUR MOBILE.. You need to do nothing, just follow the link-
https://www.google.com/accounts/Serv....aspx&hl=en-US

And you will see that only the login-box appears, just sign in and there you are…
The whole ORKUT at your hands!!!!

If you lose this link,, here is how to get it.. when you open www.orkut.com on your pc. The login box loads in a different frame.., In Firefox, right click on this frame and Select load this frame only, and the link you get for that frame is this link.
Actualy what happens is that we load only this frame and not the others..

HIDE Ur COUNTRY NAME

#
Select Edit profile Option.
#
copy paste the following script on address bar.
#
Now at the end of Country "Select" you will have a Country named ORKUTRIX.
#
Just Select ORKUTRIX as your country and press UPDATE PROFILE.

Prevent spam in your Gmail account

2007-09-28T04:17:00.000-07:00

Are you worried about spam in your precious gmail account ?

If yes, then you would like to consider making aliases of your gmail id to use when you're not sure whether you're signing up for something safe or not.

It is a very simple task to provide an alias of your gmail id. Whenever you sign up on the internet on some site that you think may not be safe(or a site which might send you spam),all you have to do is give out the email address as username+insertanythingyouwanthere@gmail.com

For example if your email id is james@gmail.com,you can provide james+21@gmail.com or james+test@gmail.com .You can put anything after the + and all email sent will still go to your gmail account.

In the event that you did give your email to a spammer and you start receiving spam, don't worry! Just create a filter, and make everything that is sent to username+whateveryouputhere@gmail.com go to the trash. This way all the spam that you might get will automatically be deleted.

Google Talk Cheats

2007-09-28T04:11:00.000-07:00

With Google Talk being all the craze right now, some people hating it, and others loving it, I figured that I would post a list of tips and tricks for those curious about the extra "features" Google implemented and has not said much about.

Registry Tweaks

You can edit most settings by opening regedit (start -> regedit),
and navigating to the key HKEY_CURRENT_USER\Software\Google\Google Talk.
The "Google/Google Talk" key has several sub-keys that hold different option values:
Accounts: This one has subkeys for each different account that has logged in on the client. These keys have different values that store the username, password and connection options.
Autoupdate: Stores the current version information. When the client checks for updates it compares Google's response with these values. If an update is needed, it will download and update the new version.
Options: This is the most interesting part, where most of the current hacks should be used (keep reading).
Process: Stores the process ID. Probably used by Google Talk to detect if it's already running or not.
1.) HKEY_CURRENT_USER\Software\Google\Google Talk\Options\show_pin
If 1, shows a "pin" next to the minimize button that keeps the windows on top of all the other open windows when clicked.
2.)HKEY_CURRENT_USER\Software\Google\Google Talk\Options\view_show_taskbutton
If 0, hides the taskbar button, and leaves the tray icon only, when the window is shown
3.)HKEY_CURRENT_USER\Software\Google\Google Talk\Options\away_inactive
If 1, status will be set as Away after the specified number of minutes.
4.)HKEY_CURRENT_USER\Software\Google\Google Talk\Options\away_screensaver
If 1, status will be set as Away after the specified number of minutes.
5.)HKEY_CURRENT_USER\Software\Google\Google Talk\Options\inactive_minutes
Number of inactive minutes to become away if auto-away is on.

More Tips & Tricks
Change the font size - While holding the control key, move the scroll wheel on your mouse either up or down. This trick works while being focused in either the read or write area.
Insert line breaks - If you want to have a message that spans multiple paragraphs, just hold shift and hit enter. You can add as many new lines as you want to create.
Bold Text - To write something bold, you can use an asterisk before and after the word, like *this* .
Italic Text - To use italics, use an underscore before an after the word, like _this_ .

Switch windows - Hitting tab will cycle through open windows. It will select minimized conversations, to expand them just hit enter. If you just want to cycle through IM's and don't care about the buddy list, control-tab will do that and will automatically expand a minimized conversation if you settle on one.

Invitation Tips - You don’t need to say Yes or No when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this in the options). ]

Show Hyperlinks - You can show your homepage or blog URL simply by entering the it in your away message (at the top of the main window). It will automatically turn to a link visible to others.

A message can be 32767 characters long.

How To
Conference Calls :

What you need to do to have conference calls: Open up a copy of Google Talk on all computers with which you wish to conference. After one copy is opened make a new shortcut for Google Talk but at the end of it add /nomutex. If you installed it to the default folder then your shortcut should read "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex. Open 2nd instances of the software on every user's computer. After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.

Nickname & Status Message :
You can't change your nickname in a way that other people will see it change. Every nickname in the Google Talk contactlist is the part that is before @gmail.com (only the alphabetical characters are used) or the name you chosen for your GMail account. To change the nickname need to go to your Gmail account and change the name there. Choose Settings, Accounts, and then Edit info. Click on the second radio button, and enter your custom name. As a result all of your emails will have that nick as well, there is no way to seperate the two. You can add a website in your custom message, it will be clickable when someone opens a conversation window with you.

Contacts :

You don't need to say Yes or No when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this).
The Gmail account 'user@gmail.com' can't be invited as your friend.

Play Music :
It's possible to broadcast music, MP3, etc.. through Google Talk.
Unplug your microphone. Double click on the speaker icon in the lower right corner. This will open up "Volume Control". Select "Options" and then "Properties". Then check the button next to "Recording" then click OK. You may also have to change your setting under Mixer Device. Now the Recording Control screen should be up. On my computer I selected "Wave Out Mix". Click on the green phone in Google Talk and call your friend.

Keyboard Shortcuts

Ctrl + E - It centralizes the selected text, or the current line.
Ctrl + R - It justifies to the right the selected text, or the current line.
Ctrl + L - It justifies to the left the selected text, or the current line.
Ctrl + I - The same thing does that Tab.
Tab - It is giving the area to each of the windows opened by Google Talk.
Ctrl + Tab - The same thing does that Shift + Tab .
Shift + Tab - The same thing does that Tab but in reverse.
Ctrl + Shift + L -Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers
Ctrl + 1 (KeyPad) - It does a simple space between the lines.
Ctrl + 2 (KeyPad) - It does a double space between the lines.
Ctrl + 5 (KeyPad) - A space does 1.5 between the lines.
Ctrl + 1 (NumPad) - It goes at the end of the last line.
Ctrl + 7 (NumPad) - It goes at the begin of the last line.
Ctrl + F4 - It closes the current window.
Alt + F4 - It closes the current window.
Alt + Esc - It Minimize all the windows.
Windows + ESC - Open Google Talk (if it's minimized, or in the tray)
F9 - Open Gmail to send an email to the current contact.
F11 - It initiates a telephonic call with your friend.
F12 - It cancels a telephonic call.
Esc - It closes the current window.

[HOWTO] Use multiple identities on Google Talk

Want to run Google Talk with multiple Gmail identities? If you have several Google Gmail accounts you also may want to run multiple instances of Google Talk This is especially important for families that share a single PC. Nothing worse than a family member signing you out so they can sign in under their own account!
Basically, to have "Google Polygamy" you need to run Google Talk with the following switch: /nomutex
Step 1: Right-click on the desktop
Step 2: Select New
Step 3: Select Shortcut
Step 4: Paste this into the text box:
"c:\program files\google\google talk\googletalk.exe" /nomutex
Step 5: Click Next and choose a shortcut name such as Google Talk1, Google Talk2, or something related to your Gmail account for easy remembering which account is which.
Step 6: Click OK a few times.

[HOWTO] Use Google Talk via a Web Browser

You want to use Google Talk anywhere ? Follow these guidelines :)
Step 1: Opens your favorite web browser at the following address :
http://www.webjabber.net:8080/jim/
Step 2: Follow the instructions of the Page.
Step 3: You can talk with your friends
Google's Secret Command-Line Parameters
There are a few secret parameters you can add to Google Talk and make it function differently.
The most important, I think, is /nomutex, which allows you to run more than one instance of GT. Here are the others:
/nomutex: allows you to open more than one instance of Google Talk
/autostart: when Google Talk is run with this parameter, it will check the registry settings to see if it needs to be started or not. If the "Start automatically with Windows" option is unchecked, it won't start.
/forcestart: same as /autostart, but forces it to start no matter what option was set.
/S upgrade: Used when upgrading Google Talk
/register: registers Google Talk in the registry, includig the GMail Compose method.
/checkupdate: check for newer versions
/plaintextauth: uses plain authentication mechanism instead then Google's GAIA mechanism. Used for testing the plain method on Google's servers.
/nogaiaauth: disables GAIA authentication method. The same as above.
/factoryreset: set settings back to default.
/gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
/mailto email@host.com: send an email with Gmail
/diag: start Google Talk in diagnostic mode
/log: probably has something to do with the diagnostic logging
/unregister: ?
/embedding: ?
To add these, open up your GT shortcut, and where it says "Target:" add one or more of these inside the quotations, but after the .exe part.

Command Line stuff

There are a few secret parameters you can add to Google Talk and make it function differently. The most important, I think, is /nomutex, which allows you to run more than one instance of GT. He Talk is run with this parameter, it will check the registry settings to see if it needs to be started or not. If the "Start automatically with Windows" option is unchecked, it won't start.
/forcestart: same as /autostart, but forces it to start no matter what option was set.
/S upgrade: Used when upgrading Google Talk
/register: registers Google Talk in the registry, includig the GMail Compose method.
/checkupdate: check for newer versions
/plaintextauth: uses plain authentication mechanism instead then Google's GAIA mechanism. Used for testing the plain method on Google's servers.
/nogaiaauth: disables GAIA authentication method. The same as above.
/factoryreset: set settings back to default.
/gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
/mailto email@host.com: send an email with Gmail
/diag: start Google Talk in diagnostic mode
/log: probably has something to do with the diagnostic logging
/unregister: ?
/embedding: ? To add these, open up your GT shortcut, and where it says "Target:" add one or more of these inside the quotations, but after the .exe part. ere are the others:
/nomutex: allows you to open more than one instance of Google Talk
/autostart: when Google

Emotions :

All these emotions appears in color in a conversation : (but having them in an image would be better, like iChat or MSN)
:-|
:-O
:-x
:-P
:-D
;-)
:-(
:-)
B-)
:'(
:|
:O
:x
:P
:D
:)
:(
:)

Misc Gtalk information
1. You don’t have to say YES or NO when someone adds you. Simply ignore it and the request will go away.

2. A message can be 32767 characters long.

3. You can change your Gtalk chat name in Account Page

4. Adding a web URL in custom message will result it to be clickable.

5.Gtalk supports these following emotions and they are in blue colors

:-| :-O :-x :-P :-D ;-) :-( :| :O :x :P :D :) :( ;-| ;-O ;-x ;-P ;-D ;-) ;-( ;| ;O ;x ;P ;D ;) ;( B-| B-O B-x B-P B-D B-) B-( B’( BO Bx BD B) B( B)

6.Gmail talk supports these following emotions and they are animated

:-| :=P :-D ;-):-( :P :D :) :( ;-) ;) B-)

More parameters for Gtalk Start -> Run
Here’s a complete list of what you can do with Gtalk in run command prompt.

"C:\Program Files\Google\Google Talk\googletalk.exe" /parameter

/nomutex: Open more than 1 Gtalk.
/autostart: Check the registry settings to see if Gtalk needs to be started. If the “Start automatically with Windows” option is unchecked, it won’t start.
/forcestart: Similar to /autostart, but forces Gtalk to start.
/S upgrade: Used when upgrading Google Talk
/register: registers Google Talk in the registry, includig the GMail Compose method.
/checkupdate: check for newer versions
/plaintextauth: uses plain authentication mechanism instead then Google’s GAIA mechanism. Used for testing the plain method on Google’s servers.
/nogaiaauth: disables GAIA authentication method. The same as above.
/factoryreset: set settings back to default.
/gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
/mailto email@host.com: send an email with Gmail
/diag: start Google Talk in diagnostic mode
/log: probably has something to do with the diagnostic logging
 4. Adding a web URL in custom message will result it to be clickable. 5.Gtalk supports these following emotions and they are in blue colors <blockquote> :-| :-O :-x :-P :-D ;-) :-( :| :O :x :P :D :) :( ;-| ;-O ;-x ;-P ;-D ;-) ;-( ;| ;O ;x ;P ;D ;) ;( B-| B-O B-x B-P B-D B-) B-( B’( BO Bx BD B) B( B) </blockquote> 6.Gmail talk supports these following emotions and they are animated <blockquote> :-| :=P :-D ;-):-( :P :D :) :( ;-) ;) B-) </blockquote> More parameters for Gtalk Start -> Run Here’s a complete list of what you can do with Gtalk in run command prompt. <blockquote class="code"> "C:\Program Files\Google\Google Talk\googletalk.exe" /parameter </blockquote> /nomutex: Open more than 1 Gtalk. /autostart: Check the registry settings to see if Gtalk needs to be started. If the “Start automatically with Windows” option is unchecked, it won’t start. /forcestart: Similar to /autostart, but forces Gtalk to start. /S upgrade: Used when upgrading Google Talk /register: registers Google Talk in the registry, includig the GMail Compose method. /checkupdate: check for newer versions /plaintextauth: uses plain authentication mechanism instead then Google’s GAIA mechanism. Used for testing the plain method on Google’s servers. /nogaiaauth: disables GAIA authentication method. The same as above. /factoryreset: set settings back to default. /gaiaserver servername.com: uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers. /mailto email@host.com: send an email with Gmail /diag: start Google Talk in diagnostic mode /log: probably has something to do with the diagnostic logging <h2></h2>

Google Search Hacking II

2007-09-28T04:08:00.001-07:00

But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy

So how bt if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement ur Creativity to Keep it rolling.

http://googlehackz.blogspot.com/

Salary

Salary filetype: xls site: edu

Security social insurance number

Intitle: Payroll intext: ssn filetype: xls site: edu

Security Social Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls

Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)

Financial Information

Intitle: “Index of” finances.xls (9)

Personal Mailbox

Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)

Confidential Files

“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)

OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page

OS Detection-Windows
“Microsoft-IIS/5.0 server at”

OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0

OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead

OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)

Search Passwords

Search the well known password filenames in URL
Search the database connection files or configuration files to find a password and username
Search specific username file for a specific product

Search Passwords
Inurl: etc inurl: passwd

Search Passwords
Intitle: “Index of..etc” passwd

Search Passwords
Intitle: “Index of..etc” passwd

Search Passwords
Inurl: admin.pwd filetype: pwd

Search Passwords
Filetype: inc dbconn

Search Passwords
Filetype: inc intext: mysql_connect

Search Passwords
Filetype: ini +ws_ftp +pwd (get the encrypted passwords)

Search Passwords
Filetype: log inurl: “password.log”

Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”

License Key
Filetype: lic lic intext: key (33) (license key)

Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names

Sensitive Directories Listing
“index of cgi-bin” (3590)

Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)

Sensitive Directories Listing
Intitle: index.of.winnt

Get the serial number you need ! (For Certain Things)

1) Go to Google.

2) Use Keyword as "Product name" 94FBR

3) Where, "Product Name" is the name of the item you want to find the serial number for.

4) And voila - there you go - the serial number you needed.

HOW DOES THIS WORK?

Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.

See these example searches:
Code:

"Photoshop 7"+94FBR
"Age of Mythology"+94FBR
"Nero Burning Rom 5.5"+94FBR

Google Search Hacking

2007-09-28T04:04:00.000-07:00

Google Operators:

Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators:

+, -, ~ , ., *, “”, |,

OR

Advanced Operators:

allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange

Basic Operators !!

(+) force inclusion of something common

Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I

(-) exclude a search term
Example: apple –red

(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”

Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results

Basic Operators

(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking information

( . ) a single-character wildcard:
Example: m.trix

Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard

Advanced Operators: “Site:”

Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain

Examples:

site:http://googlehackz.blogspot.com/

Advanced Operators: “Filetype:”

Filetype: extension_type

Find documents with specified extensions

The supported extensions are:

- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)

Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.

Example: Budget filetype: xls

Advanced Operators “Intitle:”

Intitle: search_term

Find search term within the title of a Webpage

Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words

These operators are specifically useful to find the directory lists

Example:
Find directory list:
Intitle: Index.of “parent directory”

Advanced Operators “Inurl:”

Inurl: search_term
Find search term in a Web address

Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address

Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password

Advanced Operators “Intext;”

Intext: search_term
Find search term in the text body of a document.

Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.

Examples:
Intext: Administrator login
Allintext: Administrator login

Advanced Operators: “Cache:”

Cache: URL
Find the old version of Website in Google cache

Sometimes, even the site has already been updated, the old information might be found in cache

Examples:
Cache: http://googlehackz.blogspot.com/

Advanced Operators

..
Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents

Examples:
Computer $500..1000
DVD player $250..350

Advanced Operators: “Daterange:”

Daterange: -

Find the Web pages between start date and end date

Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122

Examples:
2004.07.10=2453196
2004.08.10=2453258

Vulnerabilities date range: 2453196-2453258

Advanced Operators “Link:”

Link: URL
Find the Web pages having a link to the specified URL

Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL

Present some information that Google has about that Web page
Define: search_term

Provide a definition of the words gathered from various online sources

Examples:
Link: googlehackz.blogspot.com
Related: googlehackz.blogspot.com
Info: googlehackz.blogspot.com

Define: Network security

Advanced Operators “phonebook:”

Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only

Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A

Google Hacking

2007-09-28T03:48:00.000-07:00

Using Google, and some finely crafted searches we can find a lot of interesting information.
For Example we can find:

Credit Card Numbers Passwords Software / MP3's

...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
More searches which Mother Nature never intended! Most of these are handy for finding security exploits on your own site; simply add a string from your own domain’s URL to check. But really, why limit ourselves? If it has an evil purpose, I’m including it. By the way, there is nothing illegal about typing in a search string; it is up to the website to secure this data. It’s what you DO with this information that you find which makes all of the difference. signin filetype:url - OK, class, this is how we do NOT use Javascript to manage our passwords. Any questions?

“index of /” ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl ) - A great way to find file upload pages on websites. Most of these will be password protected; every now and then you find one that isn’t! Like this German Spanish site…

I guess some civic-minded folk want to provide you with free file storage… (intitle:”WordPress › Setup Configuration File”)|(inurl:”setup-config.php?step=1″) - WordPress has become one of the leading blog systems out there. So you should be aware that if you run WordPress, there are black-hat hackers out there working around the clock to find a vulnerability on your site. Some of the hits returned from this search will be people who never configured it after they installed it, so it’s waiting for anyone to find it and take over. Now that we’re done plowing through all of the boring security research stuff, here’s a couple of cute tricks. In these last two cases, these may not be security violations at all; they might be intentionally giving the stuff away and the worst you’re doing is bypassing an ad or two. DSC00001.JPG - This was in a lot of bookmark sites lately. What you do is search Google images for this string… and if nobody else is looking, turn “safe search” off! What this is is the default naming scheme for image files taken on Sony digital cameras. People post the picture without renaming it. And don’t forget DSC00002.JPG, DSC00003.JPG, and so on. Judging by my browsing so far, the first thing most people photograph is their girlfriend. intitle:”index of” ”last modified” ”parent directory” (wmv|mp3) - At last the one everybody was waiting for: finding free media! Now, this example gives you directories with movie files in either MWV (Windows Media Viewer) or MP3. To find files on a particular subject, just enter the name of that subject. I’ll not speculate on what kind of movies you might be looking for - but I’m sure you’ll think of something! To change that to some other media file, you can try replacing wmv with jpg for images, wav for sounds, etc. The trouble is, this hack is so old that a number of adult porn sites have deliberately set up their web pages to mimic this result, where, of course, you end up with a pop-up demanding credit card data or getting link-jacked to a malware site. Have fun, and remember that I gave you all this handy info in the good faith that you’ll only use it responsibly.

intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999

visa 4356000000000000..4356999999999999

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:
?intitle:index.of? mp3

You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:
inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

"# -FrontPage-" inurl:service.pwd

Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer"
, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"

This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
allinurl: admin mdb

Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt

DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php

This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc

This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).

Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences. Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to

find the serial for winzip 8.1 - "Winzip 8.1"

Tips and Tricks about GMAIL

2007-09-28T03:41:00.000-07:00

Keep scrolling down it goes Better : RON

While Web-based email is nothing new, Gmail introduces some new and unique concepts. Managing email has become very easy while at the same time having powerful tools to find and review information.

1.) Advertizing:

This is probably the single most controversial aspect of Gmail. Opponents have said that Google's approach to inserting ads based on message content is a huge privacy breach.
Gmail does not "read" your email. Gmail does not breach your privacy. Gmail does not care about your message content. All Gmail is doing is running your message through a "processor" that looks for ad-related keywords so that it can display unobtrusive targeted ads.
Another important point about Gmail's ads is that they are VERY unobtrusive. They are much like the "Sponsored ads" you see on the right of a Google Search results screen. In fact, they don't even show up on every email message that you read, and so far, that's the only place you see the ads: when reading messages. They don't appear in any other screen. Gmail's ads are FAR less annoying than the flashy lights and huge billboards that services like Yahoo Mail and Hotmail use. And, given that the ads are intended to be targeted based on message content, you shouldn't see inapropriate or unrelated ads.

2.) Reading Messages:

Note a couple things: First, no external graphics are displayed. By default, Gmail disables displaying externally referenced graphics. The reason is that many spam messages contain externally referenced graphics. When they are displayed, the email sender can use this to track that you opened the message thus validating your email address for future spam. Clicking on the "Display External Images" link will display the images if you want.
There is one glaring problem: If the original email is HTML or Rich Text formatted, Gmail will strip out ALL formatting including links, fonts, and images. ie: you can only reply in plain text.

3.) Archiving :

One of the first concepts that you have to get used to with Gmail is that of "Archiving". The overall power of Gmail is in its message management, searching and archival capabilities. With 1GB of storage, the average email user will have enough storage space to hold several years worth of emails. Yes, there will always be emails that you simply don't want to keep.
Archiving a message simply tells Gmail to remove the message from your Inbox screen and keep it in your "All Mail" screen. All emails will remain in your inbox until you specifically "Archive" them. Archiving simply removes the message from your inbox screen.But what happens to it? Don't worry, all messages are always accessible through the "All Mail" screen. Archiving simply cleans up your inbox. Once a message has been archived, should you ever want to, you can easily move it back to the inbox, but there really isn't a need for that.

4.) Labels :

A Label is a way of classifying an email. It's similar to "folders" but it goes much farther: You can optionally assign a user-definable Label to any email. Then, when you click on a specific label in the label list on the left of the screen, Gmail displays only those emails under that label. Sounds a lot like folders, right?
The power of Labels shows in being able to assign multiple labels to an email. When you organize emails in folders, an email can reside in only one folder at a time. Say you have one folder called "Family" and another called "Jokes". Your brother sends you a joke email, so where do you put it--the Family folder or the Jokes folder? Gmail's Labels let you assign multiple labels to each email, so you could label your brother's joke email with both "Family" AND "Jokes" labels.
At first, this may not seem too exciting, but after a while, you will see how this could be very powerful, especially with large numbers of accumulated emails.

Gmail Tip #1: All About Labels

You can add a Label to a message in one of two ways:
If you are viewing a message listing, you can just click the checkbox next to the message, click on the "Apply label..." dropdown, and select the Label you want to apply. Gmail will display the Label just to the left of the message's Subject.
If you are viewing a message, just click on the "Apply label..." dropdown, and select the label you want to apply. Gmail will display the new label to the right of the Subject line.
OK, you assigned a Label to a message, but at a later time, you want to remove it. How do you do that? Just select the Label view from the Labels box on the left, "select" the specific message by clicking the checkbox next to the message, and then click on the "Remove label 'xxxx'" button at the top of the listing. Your label has now been removed!

Gmail Tip #2: How to Maintain 'Notes'

Some email providers provide a "Notes" function to let you maintain a list of notes. For example you might keep Web site links, random thoughts, etc. Gmail doesn't offer this feature, but by using some of Gmail's other features, you can set up a very nice, easy to maintain group of notes...
Here's what you do:
First, create a Contact with a Name of "Notes" and an Email Address of "username+Notes@gmail.com"
Next, create a new Label called "Notes"
Finally, create a Filter to add the "Notes" Label any email addressed to "username+Notes@gmail.com". Also, check the "Skip the Inbox (Archive it)" checkbox.
The effect is this:
When you email yourself from an email account other than your own Gmail account, address the email to "username+Notes@gmail.com". When the message arrives in your Gmail account, it will automatically be archived into your "Notes" Label view, bypassing the Inbox. Nice and organized.

Gmail Tip #3: The 'Plus' Side of Gmail

Like many Email providers, Gmail supports the standard "plus" addressing scheme. But just what is it, and how can it help me?
The "plus" method of addressing lets you add additional words to your account name (the "left side" of your email address.) For example, if your email address is "john.doe@gmail.com", you could add "+club" when you give your email address to members of a club to which you belong. So, your email address would now be "john.doe+club@gmail.com". But why would you want to do this? Think of the "plus" word as an extra "keyword" or "tag" that you can use to better manage your messages.
Using our example, say you email an invitation to your friends in a club asking them to rsvp to the invitaion. You ask them to reply to "john.doe+nope@gtmail.com" when sending you a responseif they don't want to come, and reply to "john.doe+ofcourse@gmail.com". Assuming they follow your directions, You can then set up a Gmail Filters to automatically route emails to specific Labels based on the addresses. It's a simple example, but the uses can be numerous.
Another use is when you are shopping online. When asked for an email address, use something like "john.doe+amazon@gmail.com". That way, whenever you get future emails addressed to that address, you'll know that it's either from Amazon directly or from someone to whom they sold your email address. This can be a somewhat effctive way to track spam. Just be aware that not all email systems recognize or accept "plus" addresses. In fact, some spammers even strip it out completely, but it's a cool tool, none the less. The best way is to just try it and see if it works for your application!

Gmail Tip #4: What Happens To Sent Messages?

When you "send" a message, two things happen to it:
it gets copied into your "All Mail" view, and
it is visible in the "Sent Mail" view.
Many email clients and Webmail services let you optionally delete all sent messages by default, but Gmail doesn't offer this feature. Here's why...
One of Gmail's intentions is to get you out of the "trash everything" mindset. This is one of the reasons why they offer 2GB of storage.

Gmail Tip #5: Advanced Search - View Multiple Labels

Gmail has some advanced searching capabilities that, if you take the time to learn, enables you drill down to very specific information.
If you want to search for all messages having a specific label, you can click on the "Show search options" link, click the "Search" dropdown, select the desired Lable, and click the "Search Mail" button.
But a shortcut is to type the Label prefixed with the "label:" query word in any simple search field at the top of any Gmail page:
label:Label1
If you want to view all messages that have selected multiple Labels, for example messages having both 'Label1' and 'Label2', enter the following into the simple search field at the top of any Gmail page:
label:Label1 label:Label2
To see all messages with either 'Label1' or 'Label2', you can enter:
label:Label1 OR label:Label2
Note: the specific label names are NOT case sensitive, but the "OR" operator is case sensitive, and must be in uppercase. The pipe operator '|' can also be used in the same manner as 'OR'.
label:Label1 | label:Label2

Gmail Tip #6: Advanced Search - 'Query Words'

One of Gmail's excellent features is its Search function.Searching can be as simple as entering a keyword or two into the Search field at the top of any page to very complex using Gmail's advanced "Query Words" to better constrain searches.
Clicking the "Show Search Options" link will open up a pane containing several entry fields and dropdowns. This lets you easily specify more detailed search criteria. For example, say you want to search for all email that is unread, regardless of under what Label it is filed. Simply click the "Search:" dropdown, select "Unread Mail" and click the "Search Mail" button. Gmail will display a list of all unread mesasges. Likewise, you can select specific Labels and you can enter specific terms. It's very powerful and useful.
Gmail also provides users the ability to prefix their search keywords with "query words" that instruct Gmail how to search. And there is no need to open the Search Options--these can be entered in the simple search window at the top of any page.
For example, say you want to search for messages containing attachments from your family sent before May 21, 2004? You would simply enter the following advanced search criteria:
label:family has:attachment before:2004/5/21
Yes, this could actually be done in the Search Options pane, but in addition to the available search criteria fields, query words not only let you search using criteria not included in the Search Options pane, (like "cc:" and "bcc:") but you can do "compound" searches otherwise not available in the Search Options pane. For example:
label:doctors label:statements has:attachment before:2004/5/21 in:anywhere
would return all messages with both Labels of "Doctors" and "Statements" containing attachments, sent before May 21, 2004, existing anywhere in my account including the Trash and Spam views.
It's pretty powerful, and fairly intuitive once you get the hang of it.
For more information, you should check the direct link to Gmail's "How do I use advanced search?" help page found [here] (You may need to be logged into your Gmail account to access this page.)

Gmail Tip #7: 'Official' Features and Bugs Status Page

Want to know what features and bugs the Gmail developers are currently working on? Read on to learn how to access Gmail's new "Features, Fixes, & Feedback" page...
First, log into your Gmail account. You must be logged into your account to access the help screens. Next, click on the "Help" link located at the top of any Gmail page. Next, click on the "Send Feedback" link on the left column. You'll be taken to a page detailing features Gmail is working on and bugs being squashed!

Gmail Tip #8: Cleaning Your Contacts

One of Gmail's "features" can leave you with extra entries in your Contacts list. Gmail has a (debatably) nice feature that automatically adds to your Contacts list the email addresses of those to whom you send emails. While this can be helpful at times, just remember that EVERY unique email address you send to gets auto-added.
Log into your Gmail account and click on the "Contacts" link at the top of any Gmail page. A window will open displaying any Contacts you may have. Any you have manually edited will typically have a "Name" and possibly a "Note" associated with it. By default, any Contact Gmail auto-adds and is unedited will not contain any "name" or "note" information, just the email address. Visually scan down the list and look for any that fall into this category. If you find one, determine what to do with it: Delete is, Edit it, or leave it alone. Obviously what you do with it is up to you,

Gmail Tip #9: New feature! Import Contacts

For the best explanation of just how to Import Contacts, log into your Gmail account, click on Contacts, and click on the new "Import Contacts" link at the top of the Contacts screen.
But what can you import and how do you import? Gmail will let you import address books into Contacts from Yahoo!, Orkut, Outlook, and pretty much any other service by uploading CSV (Comma Separated Value) files to your Gmail account. You can even manually edit and create CVS files for importing using Microsoft Excel.
Just remember that currently, Gmail's Contacts fields are limited to just "Name", "Email Address", and "Notes". According to the Help screen, all other fields will be imported into the Notes field.

Gmail Tip #10: Find Your Unread Messages

Want a quick and easy way to view all of your "Unread" messages? If you have assigned Labels and archived unread messages, finding them later can sometines be challenging. Simply create a Gmail Label named "Unread", and you will see all of your unread mail in that folder. Though there are other ways to display unread messages, the nice thing about this method is that it displays the number of unread messages right in the Label list.

Gmail Tip #11: Creating a Pseudo Address Group!

Although Gmail doesn't currently support Groups in your Contacts, you can simulate a Group list by doing the following:
Create a new Contact
In the "Name" field, enter the name of your Group (eg "My Friends")
In the "E-mail" field, enter your list of email addresses in the following format

Gmail Tip #14: Improved and New Contacts Features!

The "Contacts" function has been enhanced to provide some additional functionality, and now adopts the familiar Gmail interface.
Gmail now displays a "Contacts" link in the left column under the "standard views" (Inbox, Starred, etc.) and just above the Labels. Clicking on the link brings up a nicely formatted display that matches the style of the rest og GMail. It displays the contact name, email address, Note, and any additional information (see below). At the top are two "tabs" that display "Frequently Mailed" and "All Contacts". I don't know what the criteria for "Frequently Mailed" is, but it does contain the most-used contacts.
Here are some new or expanded features:
RECENT CONVERSATIONS
Clicking on a contact displays the contact information as well as "Recent Conversations" associated with that contact. Clicking on one of these entries opens it normally with all options available. Very nice.
ADD MORE CONTACT INFO
Clicking on "Edit" allows you to update the basic contact information (Names, Email Address, Note). But there's a new link: "Add More Contact Info" which lets you add additional "Sections" of information. For example, by default there are "Personal" and "Work" sections defined. Each section contains a Section Name field, Two user-selectable "fields" and an "Address" block. Each User Field has a drop-down label containing the following selectable labels: Phone, Mobile, FAX, Pager, Email, IM, Company, Title, Other. You can also add additional fields as needed.
SEARCH CONTACTS
Near the top of the Contacts screen is a Search field and a "Search Contacts" button. Entering text into this field and clicking the button returns all contacts that BEGINS WITH the text. This is important to know because it will search ALL contact fields (even the :extended fields) for words beginning with the entered text. For example, entering "Ste" would return "Stephanie", "Steve", and "Stewart" but entering "phani" would not return "Stephanie". Obviously, it would be nice to have extended search capabilities, but this is an excellent start!

Gmail Tip #15: Auto-forward received Gmail!

Want to use your Gmail account as your main email account but have some or all email auto-forwarded to other email accounts? Well, now you can!
Gmail has added tha ability to forward received emails in two ways: "All" or "Selective"
"ALL" FORWARDING
This is a "global" setting that lets you optionally forward all received email to another email address. Click on the "Settings" link, and click on the new "Forwarding" tab. In there, you have the option do Disable or Enable email forwarding. Click on Enable, enter the email address to which you want to forward, and then select one of the following self-explanatory actions from the associated dropdown:
-keep Gmail's copy in the Inbox
-archive Gmail's copy
-trash Gmail's copy
This setting will forward all received email to another email address and take the appropriate action on the received email.
"SELECTIVE" FORWARDING
Filters have also been enhanced with a new "Forward it to: emailaddress" action letting you selectivly forward emails based on filter criteria. You can use the same or different email addresss for each filter if you choose providing very powerful email management. For example, I may get statement notifications from a bank and want to auto-copy it to my wife. I just set up a filter to select emails with the bank's sending email address and then select the "Forward it to:" action and enter my wife's email address. Now, she'll get notified also!

Gmail Tip #16: Google Gmail Minibrowser

"The Google Deskbar includes a minibrowser that you can use to quickly open your Gmail account in convenient window that automatically hides and can be accessed with a keyboard shortcut. Read on for more information about this tool...
The Google Deskbar is a little Google search tool for Windows taskbar. It can do most of the Google searches using shortcut keys too. (See the link for a picture.) It also include Google's "Minibrowser" which is fast and cute. If you press Ctrl-Alt-G—by default, you can turn it off—you'll go right to the bar. Typing a search, by default, will open in the mini browser—again you can turn it off if you want or have it use your default browser (Firefox, etc).
So here's the tip: Go to Options > Customized Searches > Add. Name it "Gmail" and put in the url: http://gmail.google.com/gmail. For the shortcut I used Ctrl M. So if I press Ctrl alt G, then Ctrl M, instant GMail window in the Google Minibrowser! Awesome.
(Google Desktop isn't included in the default searches either. (Yet!) But you can also add it in the customize dialogue to search your desktop just as easily. Since the minibrowser vanishes automatically it's tres convenient to find a file!)

Download Youtube Videos

2007-09-28T03:37:00.000-07:00

Open http://www.videodl.org to download youtube videos.
Alternately you can also sign-up and embed youtube code at http://www.funzooz.com and download them from their "Download this video" link.

Google Stuff

2007-09-28T03:29:00.000-07:00

Querying for vulnerable sites or servers using Google’s advance syntaxes Using “Index of ” syntax to find sites enabled with Index browsing A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. Here
I shall discuss how one can use “index of” syntax to get a list links to webserver which has got directory browsing enabled.

This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.

Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"

Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and are able to execute it then you can go ahead in further escalating your privileges over the server and compromise it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”.