Sunday, March 27, 2011

Advanced Internet Search

Advanced Internet Search or AIS
is an program that speeds up the search process
this program goes to Google and looks want you gave it to search
then collect a number of results (number may differ when using different settings), each result will be analyzed by the application, if it found anything useful then it will be displayed in Results (see screenshot)

AIS comes with an build in Console to see what is has done or is doing (can be turned off), contents of the console can be copied or saved.

Saturday, March 26, 2011

Ultimate guide to bypass bios passwords

BIOS passwords can add an extra layer of security for desktop and laptop computers. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. Unfortunately, BIOS passwords can also be a liability if a user forgets their password, or changes the password to intentionally lock out the corporate IT department. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. Never fear, all is not lost. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS.

A complete collection of windows command

 a
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations•
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
b
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
c
CACLS Change file permissions
CALL Call one batch program from another•
CD Change Directory - move to a specific Folder•
CHANGE Change Terminal Server Session properties

Cross Site Request Forgery

 Through CSRF you can change the admin password,is not so inoffensive. Can be used with XSS,redirected from XSS.


 Basic example
- Code snippet from test.php

-----------------------------------------
<?php
check_auth();
if(isset($_GET['news']))
{ unlink('files/news'.$news.'.txt'); }
else {
die('File not deleted'); }
?>

Cross-Site Scripting

You can use alot of vectors,can try alot of bypass methods,you can find them around the web.



Basic example
- Code snippet from test.php

---------------------------------
<?php
$name=$_GET['name'];
print $name;
?>
---------------------------------

The input is not filtered,an attacker can inject Javascript code.Example :

http://127.0.0.1/test.php?name=<script>alert("XSS")</script>

How to bypass Admin/user login through SQL Injection

- Code snippet from /admin/login.php

------------------------------------------------------------------------------------------------------------------------------
$postbruger = $_POST['username'];
$postpass = md5($_POST['password']);
$resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE brugernavn = '$postbruger' AND password = '$postpass'")
or die("<p>" . mysql_error() . "</p>\n");

How to Bypass Youtubes copyright system.

This was my worst nightmare with my old youtube channel. Imagine you have more then 200.000 views on your video and suddenly your video got disabled, and you got a warning "Video disabled | Matched third party content". Few days ago i found a working method to get your video backup on youtube for copyright claims and here i'm going to show you how to do that.

1. Login with your youtube account and go to "My Videos"

Wednesday, March 2, 2011

2 things Before you attack your Victim



2 things before you Attack your victim! What’s that? When you using rat or any other key logger or Trojan, it’s get detected by Antivirus application or get blocked by Firewall. 

So we need make those application shutdowns before we attack.  How? There is various ways to make them shutdown. I personally prefer batch coding. There is application Win RAR, with that application you can make deadly combination of various batches. Today we will learn how to code those batches.