Hack For Life!

We all Just Luv Google.. Now dun we, kids?

2006-09-12T22:26:00.000+04:00

WOW! Seems that Google isn't for safe-only nerds after all... Oh now, don't get so hasty... :D

I'm compiling up this site-hacking using Google syntax list... Just gonna spice things up over here first ;). Here you go :D.

Now, be kind and tell me how easy it was defacing some MySqLs :P.
Hacks are hacks, to hack a hack is hacking, but hacking isn't to hack :D . I-Hack - Computers and Technology Weblog

I Want a Freakin LinuX!

2006-09-08T01:24:00.000+04:00

This just can't be.. I'm supposed to be a hacker, but I have a MS.. That's BS IMO. I have to do something about this.. *Depressed*.. *Too much distributions to choose from* :D//

Hacks are hacks, to hack a hack is hacking, but hacking isn't to hack :D . I-Hack - Computers and Technology Weblog

A Word about Adwares

2006-08-16T19:12:00.000+04:00

Hiya!

Thought long b4 I make a post today, settled with adwares. An adware is a program that usually executes on startup which reacts to an event or on a certain time to show you an advertisement or just pop something up that would also be for advertising purposes.

Some examples of adwares would be, showing an affiliate page on 12 o'clock, open up an advertising page on an internet explorer click and another example which I really like the idea of is show a page as the #1 result in major search engines, which BTW, I was infected with :D.

Anyhow, this post isn't to only examine adwares but also improve their quality. Ok, seriously, I won't ever click an ad which just keeps showing up..!! So, what I want to, by this post, think of some new ways to embed ads and show them in a way where the user could hardly notice this is an evil work of an adware.

The first idea I got is related to the mIRC IRC client. Most of the world's programmers practicaly live on it. What I thought is to make an adware that will make it seem that this is just a link from a member on the irc channel.

The second idea I got is making a [searchengine] result clone, printing out your site as the first, highlighting the keywords that were used in the search query, in the title all the serach query, in the desc. make some kindof sentence.

The third idea is about the instant messaging clients. An adware could print a message-like string which has something like "yo dude try this link out" formatted with a contact's name and a messenger-like format.

There are lots more, just keepin them for later blog entries :D . My last words; think smarter not harder, making an adware that pops an ad every damn 30 seconds won't be of any help, I look for the fastest way to delete it, not click it out ;) . Be creative..!! :D

Hacks are hacks, to hack a hack is hacking, but hacking isn't to hack :D . I-Hack - Computers and Technology Weblog

Having Fun With Pinball Coded in ASM

2006-08-15T19:00:00.000+04:00

Hi,

This is the 3rd blog entry today, the more the better :D. Pinball has always been, between some of my family "members" and I, as a competition. "Yay! I just whooped your ass!", my sis would usually say :D . But not for long...

Basically, what I'm talkin about right now, is memory editing on a shallow level. So, ::i sigh:: and start hacking :D .

The computer's memory, or Windows' altleast is divided into addresses, each address is assigned a unique value. So, what we'll be doing is trying to edit the value of these addresses. I'll divide this process into steps. In the first step, we get, didn't say try as I won't take a no for an answer, the pinball's window handle using the FindWindow() API function. In this API function, the first parameter is the window's class and the second is the window's title. Only putting one is nec. the other can be NULL. I'll use the window title, it's easier to get :D. '3D Pinball for Windows - Space Cadet'. [That's the title:D].

Now, that we have pinball's window handle, we'll use GetWindowThreadProcessId() to get the process id of pinball. It takes the window's handle as the first parameter and the second one as a pointer to a variable that will store the process Id.

Next, we need to get access to Pinball's process so we can edit it's memory. OpenProcess() does that for us. In the first parameter, we put in the type of access we need. I'm too lazy, so I'll just put in PROCESS_ALL_ACCESS, granting us every damn hacking provilege we need. In the 2nd parameter just put false :P , and in the the third, we put in pinball's process ID we got using GetWindowThreadProcessId(). OpenProcess() returns a handle to the process, this handle can make us do anything at this point.

To do the actual editing, we use WriteProcessMemory() . The first parameter of WriteProcessMemory() should have the pinball's process handle we got from OpenProcess(). In the second parameter we put in the memory address we want to edit. For the mean time I'm not gonna go in how I'm gonna get the specific address that pinball's score is stored in. In the 3rd parameter we put in a pointer to a variable that has the new value. The 4th parameter is the number of bytes to write and the forth is just NULL in my world :D .

Overall, here is the hack's code, in ASM.

.586
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib ; calls to functions in user32.lib and kernel32.lib
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib

.data

windowname db '3D Pinball for Windows - Space Cadet',0
addy db '007ACB72',0
value db '5555555',0

.data?

pid dd ?

.code
start:
Invoke FindWindow,0,addr windowname

Invoke GetWindowThreadProcessId,eax,addr pid

Invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,pid

Invoke WriteProcessMemory,eax,007ACB72h,addr value,8,NULL

Invoke ExitProcess,0

end start

That's all. This is supposed to give an xtra boost to your pinball score :D. Have fun! I know I will..

Hacks are hacks, to hack a hack is hacking, but hacking isn't to hack :D .
I-Hack - Computers and Technology Weblog

Run a Program On Windows Startup

2006-08-15T15:01:00.000+04:00

Hiiiii,
Aaah at last I figured it out. Been tryin forever now :D. 2 days ago I was working on this buggy program that I wanted to run on startup. Ugh! I thought I'd just ask Google and it'll hand it over, but for some reason it didn't. So I had to go on and dig it up by myself. In an hour, all what I concluded was that it was a registry-related matter, which I kinda knew : . So, just I just ran my regedit, and again, dugg up the answers I wanted. First of all, I took a look at a program that executes with the Windows Startup, the so damnly buggy Windows Messenger, not Windows LIVE Messenger, I'm talking about that old, life disasturous messenger :D. Anyways, so I searched for msmsgs.exe and after something like 99 Ctrl+F3 (Next result..) I found it..Ugh at last...!!Why was it so hard to find..??
Anyways to make a program run on startup add a String Value to this Registrey addy:
"My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
For the name value in the String, dunno, just add the name of th exe, BUT in the Data value I'm positive you have to add your excutable's path. Quotes aren't nec.
Congrats, you just figured out how to hack your registries to make a program run on startup. Just imagine if that was a virus, spyware, adware or malware :D. That's a suggestion ;) :p , Just dun send it to me, eh!!

I-Hack - Computers and Technology Weblog

Sending E-mails Using Telnet

2006-08-15T11:19:00.000+04:00

Hi,

Just took a look at my e-mail and damn is it spammed! Where do all these people get e-mails from??! So, this inspired me to give you an idea of how to send e-mails using telnet, witht the SMTP protocol.

First of all I hope you know what telnet is, BTW: I'm talking about Windows telnet :D . If you don't, I'll tell you why we need it now. It is as [protocol here] client. You just open it, connect to a site or IP, define the port and just send messages by yourself and see the responses. There will be a special blog entry for telnet, so don't worry if you son't get it yet.

Now to the real part. First of all, you need to have an SMTP server that allows you to send e-mails.
So here we go, open up run and put this in "telnet yoursmtpserver 25".

You'll get a response similar to "220 yoursmtpserver ESMTP Postfix".
Now put in "HELO yoursmtpserver"[ENTER] <--Identify who you are You should get a "250 HELLO yoursmtpserver" Now put in "MAIL FROM:[youremail]"[ENTER] <--The from part :D You should get something similar to "250 OK" Now type "RCPT TO:[recieveremail]" <--The to part =D Another "25o ok" Here comes the whole message part. Type in "DATA" response: "354 End data with ."
Here is the message part, remember when you want t end the email use [enter].[enter] ;).
Type in
"Subject: [subject] [enter]
From: [sender][enter]
To: [rcpt][enter]
[enter]
Here relies the e-mail's text :D. I like to hack and I G2g GooooooD Bye![enter]
[enter].[enter]"
response:"250 Ok: queued as [number]"
then type "QUIT"[enter]
response: "221 Bye"

That's it. You just sent an e-mail using telnet! Cool,maybe, hard, naa.

I-Hack - Computers and Technology Weblog

Brute Forcing: Strings making Visual Basic Example

2006-08-14T00:12:00.000+04:00

Hi,

I just re-read by previous blog entry and could honestly say it kinda of makes no sense. So, I thought I'd write a simple code snippet to give you a small look at what it might look like. Because of my no time to spare status and not really into coding heavily at this sole moment I had to write it in VisualBasic. But plz know I would never endorse using it =) .

Long story cut short here's the code **This snippet suposedly open a passwords.lst in passwords directory and writes in 30000000 strings into a file. Each string has 10 characters. These strings only have numerical and alphabetical characters. BTW: 30000000 is actually nothing for a 10 characters string**::

Open "D:\passwords\passwords.lst" For Binary As #1
Dim int1, int2, int3, int4, int5, int6, int7, int8, int9, int0 As Integer
Dim all As String
Dim chars(62) As Variant
chars(0) = Chr(48)
chars(1) = Chr(49)
chars(2) = Chr(50)
chars(3) = Chr(51)
chars(4) = Chr(52)
chars(5) = Chr(53)
chars(6) = Chr(54)
chars(7) = Chr(55)
chars(8) = Chr(56)
chars(9) = Chr(57)
chars(10) = Chr(65)
chars(11) = Chr(66)
chars(12) = Chr(67)
chars(13) = Chr(68)
chars(14) = Chr(69)
chars(15) = Chr(70)
chars(16) = Chr(71)
chars(17) = Chr(72)
chars(18) = Chr(73)
chars(19) = Chr(74)
chars(20) = Chr(75)
chars(21) = Chr(76)
chars(22) = Chr(77)
chars(23) = Chr(78)
chars(24) = Chr(79)
chars(25) = Chr(80)
chars(26) = Chr(81)
chars(27) = Chr(82)
chars(28) = Chr(83)
chars(29) = Chr(84)
chars(30) = Chr(85)
chars(31) = Chr(86)
chars(32) = Chr(87)
chars(33) = Chr(88)
chars(34) = Chr(89)
chars(35) = Chr(90)
chars(36) = Chr(97)
chars(37) = Chr(98)
chars(38) = Chr(99)
chars(39) = Chr(100)
chars(40) = Chr(101)
chars(41) = Chr(102)
chars(42) = Chr(103)
chars(43) = Chr(104)
chars(44) = Chr(105)
chars(45) = Chr(106)
chars(46) = Chr(107)
chars(47) = Chr(108)
chars(48) = Chr(109)
chars(49) = Chr(110)
chars(50) = Chr(111)
chars(51) = Chr(112)
chars(52) = Chr(113)
chars(53) = Chr(114)
chars(54) = Chr(115)
chars(55) = Chr(116)
chars(56) = Chr(117)
chars(57) = Chr(118)
chars(58) = Chr(119)
chars(59) = Chr(120)
chars(60) = Chr(121)
chars(61) = Chr(122)
Do While i < 30000000
int0 = Int((62) * Rnd + 0)
int1 = Int((62) * Rnd + 0)
int2 = Int((62) * Rnd + 0)
int3 = Int((62) * Rnd + 0)
int4 = Int((62) * Rnd + 0)
int5 = Int((62) * Rnd + 0)
int6 = Int((62) * Rnd + 0)
int7 = Int((62) * Rnd + 0)
int8 = Int((62) * Rnd + 0)
int9 = Int((62) * Rnd + 0)
all = chars(int1) & chars(int2) & chars(int3) & chars(int4) & chars(int5) & chars(int6) & chars(int7) & chars(int8) & chars(int9) & chars(int0) & vbCrLf
Put #1, , all
i = i + 1
Loop

This is it, just put it in any event and u'll get a rainbow file maker ;) . Cheers..!!

Brute Forcing: The HOW TO(make the strings)

2006-08-13T17:03:00.000+04:00

Hi,

In the last blog entry, or something like that, I talked about what u have to make sure of b4 u start brute forcing a string or password off. Mainly, I mentioned speed, efficiency and stealth. BTW: I'm open for suggestions =D . Anyways, after all this talk, u'r probably wondering "When the hell is this idiot gonna tell me how to brute force". Too bad, I won't as I too am still learning and just mentioning what I know. BUT I am gonna mention the way I'll brute force if I need to. Ima put em into steps for ya guys:

(In Code):

Make a single dimentioned array with all the VALID characters that can be used in the string or password you're brute forcing for. I'd use the chr() function if I were you :P .(Efficiency).
Make a loop. This loop should loop the exact number of possiblities possible for the string to be. (Efficieny and speed too).
Listen up, this is the important part. In the loop you'll have to make an attempt for an x number of random numbers where x is the number of characters allowed in the string. "Blog" has 4 characters and so on. These random numbers should have a minimum number of 0 (the array's first entry) and a maximum number of i where i is the number of entries in the blog :D .
Assign each random number to a variable.
Then use these variables to make a string, in PHP, i'd make the string like this:
"$string="thearray[rndvar]"."thearray[2rndvar]";" and so on.

By these steps I dearly hope you understood anything, heck! I know I did :D . Right now, your supposed to get a picture of how to make the strings to brute force. Still didn't make up my mind about what the next blog entry should be about, argh just gonna have to figure that out later ;) . Cheers! .

Things To make sure of, b4 u start to Brute Force!

2006-08-12T11:31:00.000+04:00

Hiya,

Back today to mind storm about the things that have to link up altogether so you can accomp. a powerful brute force attack =) . Among these things, these things stand-out in ma mind:

Speed: Brute Forcing usually means trying MILLIONS of strings up upon one string to check if you found what you're looking. These MILLIONS can add up to make you sit on your computer for years :D . So you have to make sure you're using fast protocls(internet), use the best performing language to code your brute forcer.
Efficiency: As I've already said, Brute Forcing is alot of work. So, you have to cut short anything that can get cut short. In brute forcing, what you do is try a chain of characters and check if it's correct. Now, to make your code efficient, you have to make sure you're not trying extra characters for example and not waiting for extra responses to be recieed which aren't really nec.
Stealth: To Brute Force, you're usually gonna be sending hundreds, heck, millions of messages to web servers. These messages are usually logged by security softwares. These logs can find everything about you as they log in your IP address.Using it, they can find out where you live, what your name is. Now, there are many things you can do about that. You can use a snooped IP address or you can just use a computer in an internet cafe =D .

That's all for now. G2G . Hope you liked this blog entry. Next topic in this series will be "Brute Forcing: The technique".

.:A Word About Brute Forcing:. Just a cheesy intro

2006-08-11T21:29:00.000+04:00

You have probably heard about brute forcing before, wether you're a hacker, cracker, web master or just read the news papers. Heck! I'm positive you have an idea about what the hell I'm talkin about. According to Wikipedia brute forcing is a trivial but very general problem-solving technique, that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement. In the last past years, brute forcing has been given a bad reputation. It was more of a loser's way to find out a password, but it never worked and he was always tracked down using logs.
Well, in most occasions that's true =p . But this isn't always true.

In general, for those that aren't familiar with brute forcing, is to try all possibilities of a string with X number of characters untill you track down the correct string you need. For example, let's say I have a password made of 5 integers *0-9*. So basically i'll need to try out the strings "00000" to "99999". There is no chance I can't track down the string/password I wanted using this way. Later in my blog entries, I'll show you how to brute force in an 3133t3 manner so that you can never get tracked down. I know this blog entry isn't anything big but I just needed to clear things out before I start the Brute Forcing serial.

PS: Not all the upcoming posts will necc. be parts of the Brute Forcing serial ;) .

HTML & JavaScript Source Code Viewer

2006-08-10T12:12:00.000+04:00

There are many low security sites on the net. Most of them check passwords by just prompting a window or hiding the password in the javascript source. Some others tend to hide their source code, using on mouseclick() =) . Now, lets say I found this very interesting site that I wanna open but it only grants access to people with a certain pass phrase. However, this site hides it's prompt action in it's javascript and html code. Now, that changes everything. As there will always be a var=prompt() and then a if var==pass in the code. So if we can see the code then we can get the password. Too bad browsers won't let you see the code while you're prompted to enter the password. So, the easiest way is to think of another way to get the code :P . First, we have to see how browsers get the code. They send a GET request to the page we want then they get the code, and if it has a prompt, pop it out and not let you see the code. This sentence explains the solution. So, all what we have to do is get the code, like a browser does. Now, PHP makes that alot easier for us. It allows you, with some certain functions to just get the source code of a file without any requests. So i'll use php. Basically, what the php file will need to do is check if the user entered a file's url, if not, show him the form, if he did see the form then get the file's source code and then modify it using htmspecialchars() to be able to view the code on the browser's page :D. It took me about 5 minutes to make a tool that would be very helpful if you're trying to hack into a javascript secured site and I believe you could write one too. To take a look at the one I wrote check out the links belows:

Hope this works out for you =) and not for unfortunate newbish webmasters :D .

Visitors Counter Thriller Hack ^^,

2006-08-09T19:19:00.000+04:00

Hiya,

When I first started making sites I always had one problem. My visitors counter was always still. Only increasing by my own lame visits :D . So, lately I came up with a new prank that I felt was kind of funny. The pranks is based on: one, locating a site that merely has any visitors, two, increase that sites counter, big time, then just leave it stay still as it used to be. This way we could give some *lame* webmasters a shred of hope, the no shread of hope :P . Okay, so in order for us to find out how we're supposed to do this, we have to take a look on how browsers work. When you open any site, a GET request is made to that site. In response, the website's server sends back some headers(which right now we don't care about) and the html code. Ofcourse this only implies when you're calling a page that you wanna view in a browser that results in html code =p . Anyways, currently, and as far as I'm concerned there are 2 types of counters:

Server-side: these reside in the server or are hidden in the code itself and is processed inside the server.
Client-side: these are usually from free services on the internet that tell you to put a certain chunk of code in your site and it will provide you with logs and stats.

Now, in order for us to perfectize this code we have to be able to increase stats for both ways. Now, I don't want to get into finding out which type of counter does he/she use I just wanna do it. So, I'll use a technique that will fulfill both situations' needs. This could happen through:

Sending a GET request, then taking the html code it and make the browser we're calling process the javascript it has(as most services use javascript :D), this should be easy using a PHP print() =D .

By this I believe all the techiniques are explained, now to the actual code :D . Actually it's not much, all it does in a summary is after getting the code is to print it to the browser as html code and the java script will get processed. The code can be found here Counter Thriller. BTW it's coded in PHP ;)

Hehehe =).

PhpBB Reply Spammer Hack

2006-08-08T18:54:00.000+04:00

Hiya,

We all know I don't like idiotic-like systems :D . So, phpBB forum goes under my hated things. =) Just joking. Phpbb is a good system but honsetly I find it kind of lame, lots of things could be done to improve it. Anways, I had a phpBB forum, v.2.0.17 if you need to know. So, I thing that really bugged me was that it defaulted to allow guests to make topics and reply to users posts. Just that small rule caused me to waste 3 hours of my life changing it to a more sense making forum xD . However when I was thinking of something to blog about, this was the first thing that came to mind was that I could actually use this default setting to myself. A SpamBot!!.

The first thing that came to my consideration was that the newer versions of phpBB default to NOT allow guests to post..About time I must say. However lots of webmasters don't really bother to update the phpBB software when a new version is release. I don't like that either :P . In short, I'm going to have to go serach for some older versions running onle. Peace of cake, Google makes that easy for us and so do the phpBB developers. In old phpBB softwares a note with the value "Powered by Phpbb 2.x" where (x) is a decimal integer refering to the version. So here comes Google's part and its lovely ""s :D. So what I'll do, aiming for a phpbb forum version 2.0.15 is in the search box put in "Powered by Phpbb 2.0.15". This will give out as much phpbb forums that are crying out to get spammed that you will ever wish for.

Note: Google doesn't like this type of serach and could ban you from Google and give you a "You're a virus or worm or you're trying to hack etc" page. So be careful. Now comes in the coding part. I took a look at a local phpbb copy and extracted all the info I need. In short this info is:

Phpbb needs all these parameters to make a post(put into a php array):

$tosend= array( "username" ,"subject" , "addbbcode18" ,"addbbcode20" , "message" , "disable_bbcode", "disable_smilies", "mode", "t", "post");

An Explanation of these parameters:

username: The name you want to be shown with your topic.
subject: Subject of reply
addbbcode18: font color
addbbcode20: font size
message: post text
disable_bbcode= S/E
disable_smilies = S/E
mode: reply or newtopic
t: thread id to reply to
post: the submit button's value

/* This part is done :D */

Now that we know the POST message parameters I'll write a hack that opens a socket with the domain that has the forum, then send a POST request to the posting.php in the forum software.

The hack code can be found here. Comments explain the hack's code ;)

Try to develop one for threads. Or you know what? Don't bother I'll just make a blog entry for it later ;) .

Google Results in XML Hack =)

2006-08-07T16:41:00.000+04:00

Hiya,

XML is the language of this computer generation. All great web services communicate use APIs made with XML, all RSS feed is XMLated =p. Enough talk. In this entry I'll show you how to display Google's first 10 results for any query you want in an xml way on a PHP page.

This hack will require you to:
Have the nusoap library installed on your web server, use Google to download it :D.
Have a Google API key.
##That's it :D.

So, basically what we'll be doing is using Google's API to find out the first ten results in a search query, then display the results in an XML page.

The php code is(I believe my comments do all the explanation:

Argh.. For some stupid reason, Blogger doesn't show the code I put so here is
just a link to download the .txt file with the code. http://4getschool.net/files/xml-google.txt . Windows is having some problem with this as it is opening as xml although it isn't. So if you wanna see the contents, just right click the link above and save it, and when you have downloaded it, right click and Open With Notepad. Now, you can see the code ;=).

That's all, but remember PARSE errors may exist if you just copy the code :/ . I have has some troubles with people using html in their description so I just took out all the html from the results I recieve.

Faking a Website Deface :D

2006-08-06T17:39:00.000+04:00

Hey,

So this is this blog's first actual so I'll try and make it seem kewl :P. Anyways so in this entry I'll show you how to *fake* that you defaced a site, err popularity reasons. So, this trick is basically showing someone a different web site (B) while he believes he's on a site (A).

To do this trick you need:

Have a Windows OS running :D.
Having access to your system root.
Have a text editor :P :P.

Okay, so Open up %SYSTEM_ROOT%\system32\drivers\etc\ and the "hosts" file where %SYSTEM_ROOT% is actually your windows directory, most probably "C:\Windows\", fine till here?

Now when you open the file you'll find some comments and probably a line saying "127.0.0.1 localhost". For me to further explain I have to explain how this works. The files lines are divided into two columns, the first column is the IP address of the site you want to actually be shown and in the browser while in the second column is the name of the site or it's domain that you want to lie there although its not really there :s .

So lets say I want to redirect "hack.com" to Google. I will first have to get Google's IP address which is "66.102.7.99". So I just put

66.102.7.99 hack.com

Haha hope it works XD. -_- Cheers! You just defaced hack.com ;).

Introduction =)

2006-08-06T16:17:00.000+04:00

SO, I'm new to all this hacking stuff, but hopefully, I'll be posting everything I find out as I learn :D.

I-Hack Reciprocal Links

2006-08-05T12:57:00.000+04:00

Easy Seek - Free Search & Directory

Subscribe to this blog's feed =)

2006-08-04T01:07:00.000+04:00

You can subscribe to these =D :

That's all for today :D .