NullSec - IT Security and stuff: Ιουλίου 2012

Τρίτη 24 Ιουλίου 2012

setup xampp (apache,php,mysql)

About XAMPP

XAMPP is a free and open source cross-platform web server solution stack package, consisting mainly of the Apache HTTP Server, MySQL database, and interpreters for scripts written in the PHP and Perl programming languages.

XAMPP's name is an acronym for:

X (to be read as "cross", meaning cross-platform)
Apache HTTP Server
MySQL
PHP
Perl

Download xampp for Windows

XAMPP Setup Tutorial

immunizing your hosts file

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? ... because in certain cases "Ad Servers" like Doubleclick (and many others) will try silently to open a separate connection on the webpage you are viewing, record your movements then yes ... follow you to additional sites you may visit.

In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".

For Windows XP SP2 users you should see a Security Center prompt about allowing this connection.

Simply click No and continue. Yes the prompts can be annoying but at least you'll know, however you should not see these prompts if these entries are included in the HOSTS file.

Note: this prompt only occurs if (example) *.doubleclick.net is included in the "Restricted Zone".

Windows 7/Vista/XP	=	C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K	=	C:\WINNT\SYSTEM32\DRIVERS\ETC

watch your wireless network "guests"

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name.

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.

Download Wireless Network Watcher

remove winrar reminder with reshack

DONT DOWNLOAD SHIT FROM VIDEO DESCRIPTION!

You can find the official page of Resource Hacker here for free.

some free and lite text editors

Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License.

Based on the powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment.

Download Notepad++

Sublime text 2 is another text editor but this one is mostly used from web developers as it is and easy and fast web editor. It has a lot of options such as a lot of keyboard shortcuts and syntax highlighting.

Sublime Text is a sophisticated text editor for code, markup and prose.
You'll love the slick user interface, extraordinary features and amazing performance.

Download Sublime Text 2

ConTEXT is a small, fast and powerful freeware text editor, developed to serve as a secondary tool for software developers.

ConTEXT has not been developed for a long while. This is because ConTEXT was originally written using Delphi which requires a licence for users to develop with the components used.

Download conTEXT

php and vb.net example

In this tutorial I will show you how you can make a vb.net application communicate with a php one.

Supposing you have php and web server installed in your computer, I will show you how to do that in another tutorial, I can start.

First of all I just make a simple php page containing the following code:

<?php
if (isset($_GET['password'])) {
$password = $_GET['password'];

if ($password == 'somepass123')
echo 'You won!';
else
echo 'Invalid password!';
}
?>

So now we have our simple php which actually checks for a get request with a parameter called password and if we set it to be "somepass123" (without the quotes) then it produces a message saying You won! in any other situation it just produces a message of an Invalid password!

This is the url in which I have uploaded the php page.

http://localhost/test/index.php?password=test

http://localhost/test/index.php?password=somepass123

So now we just have to connect our vb.net application to that url, ok first things first we open our VB.NET IDE (I have Microsoft Visual Basic 2008 Express Edition) but any version with VB.NET would do just fine.

We make a new Console application and paste this code inside it.

Module Module1
Sub Main()
Dim remoteURL As String = "http://localhost/test/"
Dim page As String = "index.php"
Dim parameter As String = "?password="
Dim password As String = String.Empty
While (password = String.Empty)
Console.WriteLine("Please enter your password:")
password = Console.ReadLine
End While
Dim C As New System.Net.WebClient
Dim remoteOutput As String = C.DownloadString(remoteURL & page & parameter & password)
MsgBox(remoteOutput)
End Sub
End Module

Well this is pretty self-explainable, we have our url and parameter and etc..
We just read a password from the user and then we use it as the parameter value on our php website and then we get the output from the website using a WebClient class, after that we just show the output to the user and we are done! Hope it was easy!

anonymous browsing with tor

What is the Tor Browser Bundle (TBB)?

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

https://www.torproject.org/download/download-easy.html.en

data recovery with recuva

Accidentally deleted an important file? Lost something important when your computer crashed? No problem! Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player. And it's free! It's pretty easy to use it, it has a straight-forward wizard that helps you select the drive from which the files were erased and the directory, file size and other stuff.

Download here from official website

hack windows xp login screen

Another method to login to a password protected Windows even if you do not have the password is by making Windows accepting any passwords and this is a far better way to get into Windows XP. It is easy and it does not reset the password which will definitely alert the administrator of the computer. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorization. The method described below works only on Windows XP, but you can use a commercial tool called Kon-Boot that will allow access to Windows Vista, Windows 7 and even Linux without knowing the password!

Steps to Hack into a Windows XP Computer without changing password:

1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
2. Download DreamPackPL HERE.
3. Unzip the downloaded dpl.zip with the password raymond and you’ll get dpl.ISO.
4. Use any burning program (we recommend ImgBurn) that can burn ISO images.
5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.
6. Press “R” to install DreamPackPL.
7. Press “C” to install DreamPackPL by using the recovery console.
8. Select the Windows installation that is currently on the computer (Normally is “1? if you only have one Windows installed)
9. Backup your original sfcfiles.dll by typing:
“ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)
10. Copy the hacked file from CD to system32 folder. Type:
“copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)
11. Type “exit”, take out disk and reboot.
12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.
13. Click the top graphic on the DreamPack menu and you will get a menu popup.

14. Go to commands and enable the options and enable the god command.

15. Type “god” in the password field to get in Windows.

You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

WARNING: Your antivirus may see this application as a potential threat, I mean c'mon its a hacking tool what d' you expect!

md5 crackers

Here are some useful md5 crackers:

do not track plus

Stop companies from tracking you.
Nowdays social networks and companies track everything you do on the web.
They know what website you visit, when you visit it, how often and who you are.
DNT+ blocks them so you can browse the web freely and safely.

http://www.abine.com/dntdetail.php

removing this new greek virus

A lot of Greek computers appear to have been infected with this new virus, which asks you to pay in order to remove itself, however there is a way to remove that virus.

You need to boot into safe-mode by pressing F8 while the computer is booting before Windows starts loading.

Then you need to download combofix. You can do that by clicking here.

Just run combofix and let it do its magic, then reboot your computer into normal mode and all will be fine, just remember to install a better antivirus next time to keep yourself safe.

LOLOLOL

multiple app installation after format

Ninite is the fastest and easiest way to install a lot of applications together at once.

It doesn't install toolbars and stuff like that only the actual needed files in order for the applications to work.

Interested? have a look.

http://ninite.com/

how to remove surveys

If you want to remove these annoying surveys when downloading from a website you can try this.

http://survey-remover.com/addon/

creating clean urls with php

how to dox

Doxing for documents is the act of finding personal information about a person or a group on the internet or real life. It's a great skill to have especially in online communities.

These websites and tools may appear helpful:

http://www.spokeo.com/username-search (username and phone)
http://www.lullar.com/ (same as spokeo)
http://www.ip-address.org/tracer/ip-whois.php (mostly for websites)
http://www.facebook.com (you can find people on the popular social website)
http://www.blackbookonline.info/ (free public records)
http://www.tineye.com/ (reverse image search HOT!)
http://www.phonevalidator.com/default.aspx (great phone WHOIS)
http://www.argali.com/download.asp
http://www.192.com/ (search for people,business etc...)

And last but not least google.com, the best website/tool of them all,

hf and always care!

fiddler 2

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application that supports a proxy, including Internet Explorer, Google Chrome, Apple Safari, Mozilla Firefox, Opera, and thousands more. You can also debug traffic from popular devices like Windows Phone, iPod/iPad, and others.

Download Fiddler2

hide file inside a picture

This tutorial can be used for any type of file.

Here is how it goes:

1. Open C: Drive and make a folder in it e.g. "hacks". Put both the files i.e. the file that you want to hide and the image inside which want to hide the file into this folder.

2. Select both the files and make a compressed RAR archive e.g. "secret.rar" out of them.

3. Open Run and type in cmd to open the command prompt. Now type "cd.." and press enter and repeat this again. Type cd sizlopedia where hacks is the folder I am using in this tutorial.

4. Type the command "copy /b maria.jpg + secret.rar safe.jpg" and press enter.

5. The new picture safe.jpg is now the nested picture file which has the hidden file saved inside it.

Now if you change its extension from .jpg to .rar you can access or extract the hidden file.

Cool stuff huh? credits to sizlopedia.

HOWEVER IF SOMEONE OPENS THE PICTURE IT DOESNT MEAN THAT THE CODE INSIDE IT WILL BE EXECUTED!

NullSec - IT Security and stuff