Procedure to Finding Wireless Networks

Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys. 

(NetStumbler Screenshot)

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks. 

(Kismet Screenshot)

Attaching to the Found Wireless Network

Once you’ve found a wireless network, the next step is to try to connect to it. If  the network isn’t using any type of authentication or encryptionsecurity, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile  with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools. 
Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys.  While many people bash the use of WEP, it is certainly better than using nothing at all.  Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort. 

(Screenshot of Airsnort in Action)

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key. 

(Cowpatty Options Screenshot)

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked.  LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken. 

(Asleap Options  Screenshot)

Sniffing Wireless Data

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data. 
Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs. 

(Screenshot of Ethereal in Action)

(Yahoo IM Session being sniffed in Ethereal)

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet

Protecting Against These Tools

Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools. 
NetStumbler – Do not broadcast your SSID.  Ensure your WLAN is protected by using advanced Authentication and Encryption.
Kismet – There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption
Airsnort – Use a 128-bit, not a 40-bit WEP encryption key.  This would take longer to crack.  If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).
Cowpatty – Use a long and complex WPA Pre-Shared Key.  This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer.  If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out.  If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.
ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.
Ethereal – Use encryption, so that anything sniffed would be difficult or nearly impossible to break.  WPA2, which uses AES, is essentially unrealistic to break by a normal hacker.  Even WEP will encrypt the data.  When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL.  For corporate users, use IPSec VPN with split-tunneling disabled.  This will force all traffic leaving 

HACKERS EXPLOIT LATEST FLASH BUG ON LARGE SCALE

Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code "on a fairly large scale" from compromised sites as well as from their own malicious domains, a security researcher said Friday.

The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.

"CVE-2011-2110 is being exploited in the wild on a fairly large scale," said Steven Adair, a researcher with the Shadowserver Foundation, a volunteer-run group that tracks vulnerabilities and botnets. "In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs [non-government organizations], aerospace companies, a Korean news site, an Indian government Web site, and a Taiwanese university."

CVE-2011-2110 is the identifier for the Flash vulnerability assigned by the Common Vulnerabilities and Exposures database.

Attackers are also using the exploit in "spear phishing" attacks aimed at specific individuals, said Adair on the Shadowserver site.

Adair called the attacks "nasty" because the exploit "happens seamlessly in the background," giving victims no clue that their systems have been compromised.

When Adobe patched the vulnerability last week, it conceded that exploits were already in use.

Adair also said there's been an increase in Flash-based attacks. "There has been an ongoing assault against Flash Player for several years now, but especially so in the last three months," Adair said.

Adobe has patched Flash Player four times in the last two months, and six times so far this year. Of the six updates, five addressed "zero-day" bugs that attackers were already exploiting at the time the patches were issued.

Brad Arkin, Adobe's director of product security and privacy, acknowledged the problems in keeping ahead of attackers, but blamed the popularity of Flash Player for the attention.

"The installed base [of Flash Player] is a real big part of it," said Arkin. "It's such a widely distributed technology that attackers find it worthwhile to invest the time to carry out some kind of malicious activity. They're making an investment for the biggest return possible."

Arkin also argued that attackers get more bang for their buck by rooting out Flash vulnerabilities than they do looking for bugs in individual browsers because virtually every personal computer has the Flash plug-in installed. "Flash is the code [used in the browser] that has the highest market penetration," he said.

According to Adair, the exploit of CVE-2011-2110 has been in use since June 9, five days before Adobe issued its latest security update. Arkin corroborated that timeline.

Although Adobe's working on boosting Flash's security -- it's collaborated with Google, for example, to sandbox Flash in Chrome -- for now, its best defense is to quickly react to exploits with a patch.

"I think we're more aggressive than Microsoft," said Arkin, referring to the two companies' approaches to shipping out-of-band updates. "Basically, if we have information about attacks in the wild, or if the information is out there on a [security] mailing list -- which means attacks are imminent -- that tends to be a trigger for us to think about an out-of-band."

Microsoft's criteria for deciding whether to issue an emergency patch is confidential, but the company has said it generally considers an out-of-band fix if it sees attacks increasing in volume.

By pushing out a patch as quickly as possible, Adobe believes it squelches discussion among security researchers and attackers.

"If there are attacks in the wild, there will be lots of blog posts analyzing the vulnerability and exploit," said Arkin. "The information migrates from the high end to the low end very quickly. So we squash the debate by fixing it."

Arkin said Adobe has focused on getting patches out quickly, and that the fix for an earlier Flash vulnerability -- one Adobe released June 5 -- had a turn-around of less than 72 hours.

"The more practice we have, the faster we turn around [patches]," Arkin said.

Adair urged everyone to keep Flash Player up-to-date. "If you or your organization runs Adobe Flash and you're not keeping up on these patches ... you are in bad shape," he said.

The newest version of Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the program's integrated update tool or wait for the software to prompt them that a patched edition is available.

NEPAL HACKERS POSTS 10,000 STOLEN FACEBOOK ACCOUNTS ONLINE

A hacking group from Nepal known as TeamSwaStika, has published 10,000 stolen Facebook accounts on Pastebin for everyone to see and take advantage of.

The group appears to have obtained the stolen accounting data, through either phishing, or data mining malware-infected hosts for Facebook credentials. Another alternative would be that they have purchased the cache containing the stolen credentials from a specific service reselling accounting data, as these services are quite popular within the cybercrime ecosystem nowadays.

As a precaution, Facebook users are advised to periodically change their passwords from a malware-free host.

Bebo Password Hacker Cracker Stealer Breaker

Bebo is UK's one of the top social networking sites. It is not an easy task to hack Bebo by breaking this security! But still some people manage to get access to other’s Bebo accounts. The question concerned is how they do it? Many of them just use simple tricks that fool users and then they themselves leak out their password.

Following are 6 Bebo hacking methods:

1. Phishing:

Like all other social networks, Bebo is mainly hacked by Bebo phishers i.e. fake Bebo login pages. Phishing is most favorite and can be said “easiest” way of hacking Bebo account passwords. What you have to do is simply send a link to fake Bebo login page (prepared by you) to victim and ask him to login to his Bebo account by fake Bebo login page (phisher). Once, he login to Bebo account using Bebo login Phisher, his Bebo account password is sent to you and thus, his account is hacked.


2. Keylogging:

Keylogging is useful technique that directly sends you Bebo account passwords. You have to only install keylogger on victim computer and give a destination to keylogger to send Bebo passwords. That’s it… you will be sent all passwords typed on victim computer and thus you can hack Bebo account password easily.


3. Javascript Hack:

This Bebo hack became much popular in last year. In this hack, one has to just send a javascript via scrap and ask him to copy-paste the script in his address bar. Once this is done, you will get his cookies and can easily access his Bebo account using hacked cookies.


4. Community Links:

Many a times, Bebo users are provided with links in community scrap asking to click on this link. Clicking on this link will take you to a Bebo login phisher mentioned in first hacking method “Phishing”, ready to hack your Bebo login password.


5. Bebo New Features:

I few months back received a page that looked like they are giving the user an option of selecting new features like new Bebo themes or Bebo backgrounds and demanding you “only your ID and password” !!! When user submits this page, his ID and password is mailed to the coder and thus his Bebo account is hacked.


6. Primary E-mail Address:

If hacker is able to obtain password of primary email address of Bebo account, then Bebo account can be easily hacked by using “forgot password” link on Bebo login page. By using forgot password link, hacker can ask Bebo to reset password and Bebo will send a link to this hacked primary email address about the password reset. Now, hacker can easily obtain your Bebo account password and thus hack Bebo account profile. So, you can prevent this by keeping useless or unknown email id as primary email address.

Microsoft Office Hacks

This article is just to make u aware of knowm existing threats only for educational purpose.

I have stumbled onto a couple potential security issue in Microsoft Word blogs i would like to share. In both cases the adversary (mis)uses fields to perpetrate the attack. It's important to note that fields are not macros and, as far as I know, cannot be disabled by the user. I am providing a basic description along with a proof-of-concept demo. I am fairly certain that someone with free time and imagination can expand on these principles, possibly applying them to other products.

Following tradition I'll use Hacker and Victim as the two parties involved.Hacker will be the adversary.

1) Document collaboration spyware.

Attack Basics: Hacker sends Victim a Word document for revisions. After Victim edits, saves, and mails it back to Hacker the file will also include contents of another file(s) from Victim's computer that Hacker has specified a priori. To achieve this, Hacker embeds the INCLUDETEXT field into the document. The field results in inclusion of a specified file into the current document. Of course, Hacker must be careful include it in such a way that it does not become apparent to Victim. Hacker can do all the usual things like hidden text, small white font, etc. Alternatively (and in my opinion cleaner, she can embed the INCLUDETEXT field within a dummy IF field that always returns an empty string. In this case, the only way Victim can notice the included file is if he goes browsing through field codes.

Attack Improvements: The disadvantage of the basic attack is that Hacker must rely on Victim to update the INCLUDETEXT field to import the file. If the document is large and contains tables of contents, figures, etc.

then Victim is very likely to update all the fields. However, Hacker would like to make sure that the field gets updated regardless of whether Victim does it manually or not. Automatic updates can be forced if a DATE field is embedded into the INCLUDETEXT and it is the last date field in the document (don't ask me why).

Proof of concept: Inserting the following field structure into the footer of the last page will steal the contents of c:a.txt on the target's computer. Keep in mind the plain curly braces below must actually be replaced with Word field braces (you can either use the menus to insert fields one by one, or ask google how to do it by hand).

{ IF { INCLUDETEXT { IF { DATE } = { DATE } "c:\a.txt" "c:\a.txt" } * MERGEFORMAT } = "" "" * MERGEFORMAT }
Countermeasures: The only thing you can do now is decide how paranoid you want to be. If you must edit and send out a Word file with unknown origins, you may want to manually go through the fields. It would be nice to be able to force user confirmation (via a dialog box) for all includes. Alternatively one could write a scanner. Of course an optional standalone checker will never be used by those most at risk.

2) Oblivious signing

Attack Basics: Hacker and Victim wants to sign a contract saying that Hacker will pay Victim $100. Hacker types it up as a Word document and both digitally sign it. In a few days Victim comes to Hacker to collect his
money. To his surprise, Hacker presents him with a Word document that states he owes her $100. Hacker also has a valid signature from Victim for the new document. In fact, it is the exact same signature as for the contract Victim remembers signing and, to Victim's great amazement, the two Word documents are actually identical in hex. What Hacker did was insert an IF field that branched on an external input such as date or filename. Thus even though the sign contents remained the same, the displayed contents changed because they were partially dependent on unsigned inputs. The basic point is that very few users know the actual contents of their Word documents and it should be obvious that one should never sign what one cannot read. Of course, Victim could contest the contract in court. An expert witness (that's actually an expert) could easily demonstrate that there are unsigned inputs and therefore it is not clear which version was actually signed. Thus Victim can get out of the fraudulent contract. However, the same logic will hold for Hacker and she gets away without paying Victim $100 she signed for. Thus, an adversary can build in a free escape clause. Note that I am just speculating about all the legal aspects.

Proof of concept: Inserting the following field structure at the tail of the document will cause "Hello" to be displayed if the filename is "a.doc" and "Bye" otherwise.

{ IF { FILENAME * MERGEFORMAT { DATE } } = "a.doc" "Hello" "Bye" * MERGEFORMAT }

Update : this flaw has been fixed in office 2003 onwards but still works in office 2000 and even sometimes in 2002/03
We can consistently crash Word 2000 using the following method:

1) Open up any text/document editor such as notepad or wordpad
2) type a single word (must be a known word, no punctuation).
3) highlight the whole word and CTRL+C
4) launch word 2000
5) CTRL+V
6) press HOME to take you to the start of the line
7) type I
8) hit the space bar

This consistenly crashes Word 2000 with the following error message:

DDE Server Window: WINWORD.EXE - Application Error The instruction at "0x3076a63e" referenced memory at "0x00000000". The memory could not be "read".

Vulnerability:
remove office passwords
Vulnerable:

MS Word (Win2K/XP)

Example 1

1) Open MS Word with a new/blank page

2) Now select "Insert" >> "File" >> browse for your password protected doc & select "Insert" & "Insert" password protected doc into your new/blank doc

3) Now select "Tools" & Whey hey, voila, there's no longer an "Unprotect document" ... password vanished ...

Example 2

1) open your password protected doc in MS Word i.e. you can't edit protected fields (apparently)

2) Save as a Rich Text Format (RTF) & keep this RTF file open in MS Word (YES, keep open)

3) Whilst your new RTF file is open in MS Word, go "File open" & find your newly saved RTF file & open (YES, you DO need to do 'tis even though you already have it open)

4) If prompted to revert say YES, if not prompted stay calm. Now in your MS Word menu go & "Unprotect document", amazingly, voila, you don't get prompted for a password

Change password if ya like & or save in whatever format if ya like ...

Winamp Hacking For Unlimited Music

Using a loophole in a winamp plugin, you can download and burn music from Napster for free.

music CDs, zero dollars*, obtained legally.

*Not including the cost of blank CDs

Practical how to:
0. Download and install Napster, sign up for 14 day free trial.
1. Download and install Winamp
2. Download and install the Winamp Plug-in Output Stacker
3. Open Winamp Options->Plug-ins->Output->Dietmar's Output Stacker->Configure

a. Add out_ds.dll from Winamp/Plug-ins folder
b. Add out_disk.dll from Winamp/Plug-ins folder
c. Select out_disk.dll in the Output Stacker->Configure
d. Set the output directory and output file mode to Force WAV file
e. Exit preferences
4. Load downloaded Napster protected WMAs into your Winamp playlist
5. Press play and each file will be converted to WAV as it plays
6. Burn WAVs to CD with your favorite burning programTheoretical fun:

Three computers, one fast networked drive, and a few dedicated people: Turning Napster's 14 day free trial into 252 full 80 minute CDs of free music.
New key developments:

-If you use the "Out-lame" Winamp plugin in the Output Stacker in place of "Out-disk", you can convert straight to MP3. It still encodes no faster than realtime, but this is a great way to conserve space. WAV(Out-disk) is still recommended if you are burning CDs and want to keep as much quality as possible. I can confirm that this all works.

-You can run multiple instances of Winamp at once, each converting its own song. Each instance's playback will not interfere with any of the others, illustrating the fact that this is not simply recording the music off of your soundcard. Doing this, you can get FAR MORE than 252 full 80 minute CDs within 14 days. I can confirm that this works.

You can transcode(MP3) or decode(WAV) X albums in the time it takes for the longest track on the album to elapse. And since you're not limited to only tracks from one album at a time, you can trans/decode as many tracks as instances of Winamp your computer will run limited only by your computer's resources.
Quote from Napster's official statement:

"It would take 10 hours to convert 10 hours of music in this manner."
With the updated methods, you can convert 100 hours or 1,000 hours or 10,000 hours of music in 10 hours. The only limit is your computing resources.

Get ur unique msn account

//Not actice now
this thread will be erased in some days

try something new www.deadfake.com annms mail

Popular

* Get your Own Unique msn account @"whateveryouwant"

Get your Own Unique msn account @"whateveryouwant"

There are two ways ..

the first simple one is to go to https://accountservices.passport.net/reg.srf?fid=RegCredOnlyEASI&sl=1&vv=410&lc=1033

and continue registering from here .. this is the easy way ...

Now the ELITE waY :)

1. Goto http://get.live.com/getlive/overview to start registering your windows live account.

2. Press the sign-up button and you will be presented a form to sign up for a hotmail account.

3.Copy the following javascript injection code:

javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="md5this.");r(a = new Array("hotmail.com","fbi.gov","nasa.gov",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*md5this.com*/,d+"nl")); for (i=0;i<a.length;i++){ s(i ) }alert("Success - additional domains added! md5this.com");

4. Paste the code in your address bar (you know, that thing you normally type www.rahulhacking.com.

5. Hit enter, if all went well it should show a message box telling you "Success - additional domains added!".

6.Now you can select a multitude of domains, fill out the form and you are ready to go!

Now you have a New msn account to scare your friends out :)

play with it ... enter a @whatever you want :) chat with people .. :) scare them :)

beyond that :)

javascript:function r(q){} function s(q){e[q] = new Option(a[q],a[q])}; r(e = document.getElementById("idomain").options);r(d="toxic.");r(a = new Array("hotmail.com","csthis.com","nasa.gov","fbi.gov","iknowwhatyoudidlastsummer.info",d+"com",d+"com.au",d+"be",d+"ca",d+"co.uk",d+"de",d+"fr",d+"it"/*csthis.com*/,d+"nl")); for (i=0;i<a.length;i++){ s(i ) }alert("Success - additional domains added! thanx to md5this.com!");

and here is more .....

https://account.live.com/MessagePage.aspx?lc=1033&message=SIconfirmed&param=%69%68%61%63%6B%65%64%40%6E%61%73%61%2E%67%6F%76%0A

shared from md5this.com

Password cracking

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques

1) Hashing :- 
Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.


2) Guessing :-
Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :-
A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :-
If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.

5) Phishing :-
This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page ofe-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Control Computer from Anywhere

With Radmin you can:

• Access network computers remotely over a LAN or via the Internet
• Provide instant tech support for your staff
  
  
  
  Most corporations having multiple branches need to have a network administrator at each location. These administrators are in charge of network operations and are fully responsible for everything that happens with their servers and computers. They need 24/7 access to their branch and headquarters as well as to other administrators.
  However, being fully able to perform their work remotely eliminates travel expenses so it is labor efficient and cost effective. Furthermore, the capability of remotely controlling PCs and servers saves time, money and can contribute to a company's success and leadership.
  
  

  How Radmin Remote Control Software can contribute to your company’s success:

  • IT pros can remotely control any desktop PC anywhere on a LAN, WAN or the Internet at any time 24/7. It saves time and eliminates travel expenses.
  • A technician can access a user’s computer remotely and fix problems as if he were right there in front of the remote PC. This is crucially important for enterprises where all employees are constantly interacting and every delay has consequences.
  • Radmin makes helpdesk responses more effective and reduces repeat traffic.
  
  
  Radmin has had an outstanding reputation in remote systems administration for some years now and IT pros know about its unbeatable performance, mission critical functionality, strong encryption of all transmitted data and basic usability. See for yourself, download free 30-day trial.

  5 reasons IT professionals choose Radmin:

  1. Security

  It is obvious that with a task like accessing a remote corporate PC, security is crucially important. Radmin remote control software employs the most stringent security methods available on the market. All transmitted data—screen images, mouse movements, keyboard presses and audio streams—are encrypted and cannot be intercepted. Read more

  2. Affordability

  Radmin's affordable price puts it in a class of its own. The tools have been designed to contain only real mission critical functionality—that is why we are able to pass the savings on to our customers. Famatech offers very flexible licensing policies for enterprises and is the best remote system administration solution for companies requiring a minimum of 200 licenses. More about discounts

  3. High-Speed Connection

  Radmin is the fastest remote control system available on the market today. Unique algorithms make your work comfortable even on very tight bandwidths.

  4. Reliability

  Radmin never crashes and never causes "blue screens of death". Tested and proven by our clients- 40% of "Fortune 500" companies

  5. Low System Requirements & Easy deployment

  Radmin has no special hardware requirements. If your computer runs Windows, Radmin will run on your computer—it's that simple. Radmin Server can be configured, deployed and activated remotely on any number of computers via the Radmin Deployment Package.

Hack The Game

It's OK. This was your test. Your game. I was testing you. I took you in. I selected you for the honor of carrying on my life's work. But you didn't. You didn't test anyone's will to hack. Instead you took away their only chance. Your games were unwinnable, your subjects merely victims. In my desperation I decided to give you one last chance. So I put everything in place, and I let you make your own choices. I wanted you to succeed... You couldn't. Game over. (This is a modified quote from the SAW movie. I had to write this in my post, i just had to :)

Now lets go to the real post. Here I'll show you a hacking simulation game called HackTheGame. In it you take on the role of a hacker that takes on various assignments. During these assignments you will be able to use a toolbox filled with (hacking) tools.

If you are already known to the hacking world then, welcome to the virtual simulation world of hacking environment.

If you really need some easy platform to practice hacking then I think this article will be a great help for you. Yes I am talking about the real hacking game, Hack The Game.

HackTheGame is a free 1MB file game which will introduce you to the real hacking word.

The real hack able DOS environment makes you feel like that you have finally accessed to US Defense system.

The game becomes much more interesting and fun because of the addition of sounds. The sounds includes typing and several warning announcement.


The user interface of HackTheGame is very friendly and easy. Just open the program and select your language, input any ID you may like.

There are several missions of this game. You’ll get the briefing of each mission in your inbox.


The mail itself includes several hints and processes.


If you find sounds irritating then, you can go to settings menu and disable sounds. But I bet you, enabling sounds makes your game play experience very easy.


I bet you’ll love this game.

No installation is needed to run this game and it is obviously safe to use because it utilizes local files which in game play acts as a remote files. You don’t have to worry about your security. If you doubt it, then play it offline.

Download from here

 HackTheGame

Convert Windows XP Guest Account to Admin

Using simple command line tools on a machine running Windows XP wewill obtain system level privileges, and run the entire explorerprocess (Desktop), and all processes that run from it have systemprivileges. The system run level is higher than administrator, and hasfull control of the operating system and it’s kernel. On many machinesthis can be exploited even with the guest account.

Follow these steps:

1. open command prompt (Start->Run->cmd),
2. enter the following command, then press ENTER]:
at 15:25 /interactive “cmd.exe”
Lets
break down the preceding code. The “at” told the machine to run the at
command, everything after that are the operators for the command, the
important thing here, is to change the time (24 hour format) to one
minute after the time currently set on your computers clock, for
example: If your computer’s clock says it’s 4:30pm, convert this to 24
hour format (16:30) then use 16:31 as the time in the command.
When
the system clock reaches the time you set, then a new command prompt
will magically run. You’ll notice that the title bar has changed from
cmd.exe to svchost.exe (which is short for Service Host). Now that we
have our system command prompt, you may close the old one. The
difference is that this one is running with system privileges (because
it was started by the task scheduler service, which runs under the
Local System account).
3. enter the following command, then press ENTER]:
compmgmt.msc
this will open the computer management console
4. Go to local users and groups->users.
Right click on any user and select "set password".
its done now…
if it says access denied do this
start>run>cmd
net use \\(your ip add)\IPS$ /u:Administrator
or
start>run>cmd
then use following commands
1) net user test /add (this command will make test named user)
2) net localgroup administrators test /add (this command will make test user as administrators rights)
and use net user command to reset your admin. password

Facebook Phishing

Phishing as discussed before is one of the most widely used method to hack a facebook account, Phishing holds the top position in an article I wrote on 10 Ways How Hackers Can Hack Your Facebook Account In 2011. There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

In a recent research by security-web center, A collection of 35 phishing sites have been made public, below mentioned are the 35 different phishing websites found by security-webcenter.

Note: Please Don’t Try to login on listed websites.


http://www.sanagustinturismo.co/Facebook/


http://www.facebook.pcriot.com/login.php


http://deadlyplayerx.binhoster.com/Facebook/securelogin.php
http://facelook.shop.co/login.php


http://sigininto.horizon-host.com/facbook/facebook.php


http://custom-facebook.info/facebook.htm


http://www.profile.co.gp/facebook/photo.phpfbid=12447510&set=a.478812.I41224&type=1&theater.html


http://s6.mywibes.com/facebook.htm
http://www.fjtech.us/


http://myoneid.site90.com/
http://facedook.co.gp/wwwfacebookcomprofilephpid100001548737188.htm


http://faceebook-com.bugs3.com/login/Secured_Re-login/index1.html


http://facebooook.axfree.com/


http://combatarms.free.fr/


http://sweed.web44.net/


http://thekshitij.in/facebook/index1.html


http://addgames.awardspace.biz/


http://www.profile.co.gp/facebook/


http://www.sjscheat.com/Hosting%20blogger/facebook


http://h1.ripway.com/denal/


http://1337r00t.13.ohost.de/r00tw00tkn00wn/


http://faacebok.zapto.org/


http://h4ck3rgadungan.adfoo.info/index1.html


http://www.2498.b.hostable.me/
___________________________________
+ Updated (28.11.2011):
http://www.facebook.reekcreations.com/


http://wvw.facebook.com-photos.php.id.1574348425.jgold.in/


http://fan-pages.vgig.ir/facebook.com.home.php.sk-2361831622.applicationspage/


http://timkoch71.net46.net/1638765386283/facebook/


http://privacy-facebook-it.f11.us/check_privacy.htm


http://www.configsetting.com/facebook/login.htm


http://facebook-beta.kilu.de/facebooklogin.html


http://www.frfacebook.fr/


http://fun4iran.tk/facebook.unfiltered/Index.htm


http://login.eu.nu/facebook/photo.phpfbid=1248427590010&set=a.1292457490730.34590.1809072438&type=1&theater.html

How Do People Fall For These Link?


LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

Please confirm your account below:

[Link Removed]

Thanks.

The Facebook Team

Copyright facebook © 2011 Inc. All rights reserved.
At this point of time you might be wondering, how do users fall for these kind of scams, How are they redirected to these phishing pages. Now there are lots of ways how attackers do it, However Here is an example of a recent facebook account delete scam.

The victim is sent the above message from a random email address which appears to be something like facebookprivacy@gmail.com, account_delete_facebook@gmail.com, while looking at these email address the victims feels that the email is from a legitimate source.