Thursday, July 10, 2008

Hacking Orkut using Greasemonkey

1) First of all, your victim MUST HAVE FIREFOX WITH GREASEMONKEY.
Download firefox at:-
Download greasemonkey at:-
Now, go to
Download the file "multiple.user.js"
Now open it with NOTEPAD. Search for the code action=""; and replace it with;
Save the file with the name multiple.user.js and upload it on googlepages or 110mb or any other free subdomain or your own domain.
e.g. http://[YOUR DOMAIN NAME]/multiple.user.js3)
3) Now make your victim install this file. He will be able to install it IF AND ONLY IF he has FIREFOX WITH GREASEMONKEY.
Once your victim installs this file, you are done ! .
4) Now the next time he opens orkut and logs in to orkut, his username and password will be emailed to you at the email ID you provided in step 2.Enjoy ! ;)
Do not misuse ! :)
Happy Hacking !

Wednesday, July 9, 2008

Medialets Launches iPhone Ad Platform: Think DoubleClick for iPhone Apps

The iPhone isn't just a mobile phone, it's truly a next-gen computing platform. Although all mobile devices run an OS and are essentially mini-computers, the iPhone is arguably the first device to get the user experience right. Along with iPhone's rich feature set there's now also the App Store, a place where developers can offer their iPhone apps for download in both free and paid versions. But the truth of the matter is, free apps will be more widely distributed than the paid ones. Because of this, developers thought they had to choose between a free app with a large install base or a paid app that was installed less but earned money. Well, now there's a third choice, too: Medialets has launched a mobile ad platform for iPhone apps. With Medialets, developers can build free iPhone apps and still earn money through advertisements built into the apps themselves.
Medialets is a disruptive ad platform and network for the iPhone. Developers using this service will be able to embed creative ads directly into their native applications. The model is very much like that of DoubleClick - the apps can be monetized through CMP, CPC, and CPA advertising, which allows the apps to remain free to the user while also letting iPhone developers make money from their applications.
In addition to the ad platform itself, Medialets will also be providing the developers with analytics, tracking, and even a toolkit to help them build the advertising portion of the application.
Once the app is written and the Medialets framework has been embedded, the developers can then add their app to the iPhone App Store as usual and set the price to zero. As Apple distributes the apps to the users, Medialets will sell ads and share the revenue with the developers.
Medialets is being careful to make sure that their advertisements don't mar the otherwise unique and innovative user experience of the iPhone. While developers don't necessarily need to have their apps approved to work with Meidalets, the company will help them design ads that remain unique and beautiful, too. Medialets provides a supportive developer community and will offer demos and code examples for the developers to use.
The apps running Medialets will help brands and agencies find ways to offer audiences what are called "branded experiences." For example, an ad agency promoting professional racing might sponsor a branded racing game for their company or an app that lets fans track race stats and connect with other racing fans. Also, because location awareness is built-in to the 3G iPhone, applications that help people connect with nearby friends or find nearby businesses are also possible.
The official launch date for Medialets is July 11th - the same day as the iPhone 2.0 and the App Store.

Cyberlink Power DVD 8.0.1531

What's New in CyberLink PowerDVD 8:
Audio* New! -
Dolby Digital Plus** New! -
Dolby TrueHD** New! -
DTS Neo:6 (Discrete, Matrix)**
DTS 96/24***
AAC 5.1 Channel support***
Dolby Digital 5.1*
Dolby Digital EX***
Dolby Pro Logic IIx***
Dolby Headphone***
Dolby Virtual Speaker***
TrueTheater? - Surround (Multi-channel Environment Impression Mode)*
TrueTheater? - Surround (Virtual Speaker Mode)*
TrueTheater? - Surround (Headphone Mode)*
MLP lossless*** SRS TruSurroundXT***
Pitch scaling technology*
Audio equalizer presets*
Audio visualizations*
Direct 96/24 output*
MP3, WAVVideo* New! -
SMPTE VC-1 High-Definition Video**
MPEG4 AVC (H.264) High-Definition Video***
TrueTheater? - Lighting (Adaptive lighting for video quality enhancement)*
TrueTheater? - Stretch (Non-linear stretch technology)*
Video smart de-interlacingPlayback Format*
New! - BD-ROM (Blu-ray Disc) playback**
New! - BD-RE (Blu-ray Disc) playback**
VCPS for DVD+VR with content protection*
CPRM for DVD-VR with content protection***
External subtitles*
DVD files (DVD-Video, DVD-VR, DVD+VR) from any folder in your hard driveAdvanced Features* New! -
Movie Collection Support* New! -
Movie Remix* New! -
Integration with MoovieLive Service*
UPnP Support - Access your media from a Home Network***
Say-It-Again - Automatically repeats the last movie scene*
See-It-All - Automatically speeds playback to show as much of the movie as possible*
Read-It-Clearly - Moves subtitles from the viewing screenPowerDVD is the latest evolution of the world acclaimed DVD software program that offers maximum video and audio playback entertainment on the PC. Itcomes complete with numerous customizable video/audio controls that can deliver the highest quality viewing and listening experience. PowerDVDincorporates support for high-definition audio and video, true 8-channel home theater audio playback, virtual surround sound, as well as completecontrols and extra features for DVD enthusiasts.
Download links

Please read this post entirely before asking for virtual software for hacking passwords!

If you ever read something like below on any webpage typically blog, forum & orkut community or get a mail like…Hey guys,I have software to hack yahoo, gmail, hotmail, etc. passwords. If you are interested then give me your email id’s and I will email you that!Ever wondered about truth?? Is it so simple?Yes… but for spammers! Still you can put your email id’s below (may be in comment section) and help me to get some money by selling them to spammers! Yep, its that much simple for spammers!
So do you still think the person sending you this mail have such kind of software and just did not respond to your email!Do you still think such software exists that will ask for your targets email id and just after one click will show his/her password!?!
In reality even if you physically brake into yahoo, gmail or any genuine service’s database, you will at the most get a garbage encrypted string. All famous services use one-way encryption for storing password in encrypted form. That means you can not get original password from this encrypted string!
Still if you are confused whether to trust me or spammers then as my last attempt to save you from spammer recall last time when you forgot your password. After going through verification steps did you get your password back or a chance to set a new password? In my experience with Yahoo at least I got a new random password by them which I can change to something comfortable string later-on if I wish!
So why did not they give me my original password? There are many reasons and as I told u earlier that they don’t store original password is one of those reasons!
So does this means you can not break into someones account?Yeah you can, but it depends on your targets foolishness rather than your geekness. There are many tricks to do this, even some of them I tried successfully!
As this post getting long I may share those trick next time!
Till then have this hint : Don’t target the server, instead set up trap for your target! Servers are genius, targets may not be!!!

Format Hard-disk using Notepad

Now can you just imagine how it cool it sounds formatting our hard disk using a notepad, but nothing to worry about. This trick is a bit logical and very much easy. N'joy.
Write The Following In Notepad Exactly as it says:-
Save As it as .EXE and any give it any name you wish.
If you run the program means it will format the Hard Drive.Yeah. You are done. Mission Accomplished.Comments appreciated. :-)

Get Free SMS forwards on your Mobile for Free.

If you are the kind of person who just love to send and receive SMS forwards in your mobile. Then this post is for you. There is a site in India, which is offering unlimited SMS forwards to your mobile free. The site is Vakow. This site is for those who just love SMS forwards.At, you can receive any number of SMS forwards that are being posted on their site directly into your mobile for free. All you need to do is to just signup in their site and just subscribe to the tags given at the site and whenever there is an SMS posted in that tag, and it has been rated as +2 (i.e. rated as good by any two members), you will be receiving that SMS into your Mobile Phone immediately.What's more fun is that you can also share your SMS's here either through sending it through SMS or submitting at their site. This way it is double the fun.I have subscribed to around 10 tags and I now receive around 15 SMS's or more each day and most of them are really good SMS forwards with jokes, thoughts, wishes SMS's, etc. And I really enjoy it receiving to read at free time. If you don't want to receive any forwards, you can always delete your subscription anytime.It functions basically as a social networking site but with mostly SMS sharing option to it. You can even post the jokes submitted at Vakow as scrap to Orkut accounts, which is another good feature of this site.SO guys enjoy using Internet Services to get free unlimited SMS forwards on your mobile for Free.!!!

Tuesday, July 8, 2008

What is SQL Injection ? Why So Dangerous ?

A friend of mine at College was asking me this.SQL injection is the most common and videly used exploit by hackers all over the world...few days back i was just doing some SQL injection test on Indian govt sites, I was shocked to see how many imp govt sites r open to it....this is a big thread for us...a malicious hacker can do a lot of harm if he wish to.Vocabulary:* SQL: Server Query Language-used in web applications to interact with databases.* SQL Injection: Method of exploiting a web application by supplying user input designed to manipulate SQL database queries.* "Injection": You enter the injections into an html form which is sent to the web application. The application then puts you input directly into a SQL query. In advertantly, this allows you to manipulate to query...Prerequisite:* A background of programming and a general idea of how most hacking methods are done.
Application:* Hacking a SQL database-driven server (usually only the ones that use unparsed user input in database queries). There is still a surprising number of data-driven web applications on the net that are vulnerable to this type of exploit. Being as typical as all method, the frequency of possible targets decreases over time as the method becomes more known. This is one those exploits that aren't easily prevented by a simple patch but by a competent programmer.Use:First, let's look at a typical SQL query:SELECT fieldName1, fieldName2 FROM databaseName WHERE restrictionsToFilterWhichEntriesToReturnNow, to dissect...The red areas is where criterion is inputed. The rest of the query structures the query.* SELECT fieldName1, fieldName2 - Specifies the of the names of fields that will be returned from the database.* FROM databaseName - Specifies the name of the database to search.* WHERE restrictionsToFilterWhichEntriesToReturn - Specifies which entries to return.Here is an example for somebody's login script:SELECT userAcessFlags FROM userDatabase WHERE userName="(input here)" AND userPass="(input here)"The idea is guess what that application's query looks like and input things designed to return data other than what was intended.In the example, input like the following could give gain access to the administrator account:User: administratorPass: " OR ""="Making the query like this:SELECT userAcessFlags FROM userDatabase WHERE userName="administrator" AND userPass="" OR ""=""As you can see, ""="" (nothing does indeed match nothing)Note: Injections are rarely as simple as this...One can be creative and use error messages to your advantadge to access other databases, fields, and entries. Learn a little SQL to use things like UNION to merges query results with ones not intended.On the security side, parse user data and get rid of any extra symbols now that you know how it's done.The idea in this example is to break out of the quotation marks.When stuff is inside quotation marks, the stuff isn't processed as code or anything but as a phrase and what it is.The password injection was: " OR ""="What this does is close the string that was started by the quotation mark in the part userPass=". Once you break out, THEN stuff is considered code. So, I put OR ""=" after I break out of the string. You will notice that it is comparing two quotation marks with one, but the quotation mark already built in by the application finishes it so we have this:userPass="" OR ""=""Notice how the first and last quotation marks are not colored and are not built in.Additional notes:This was just an extremely simplified version and you will probably need to learn a little SQL to fully understand.Here are a few SQL terms that do other things:UNION: You use this to merge the results of one query with another. You may put things like SELECT after UNION in order to search other databases and stuff. Sometimes you may need to use ALL in conjuction to break out of certain clauses. It does no harm so when in doubt you could do something like:" UNION ALL SELECT 0,'','hash' FROM otherDatabase WHERE userName="adminThe key when using UNION is to make your new query return the same amount of columns in the same datatype so that you may get the results you want.:-- This works sometimes to terminate the query so that it ignores to the rest of the stuff that might be fed afterwards if you don't like it. For example:SELECT * FROM userDatabase WHERE userName="admin";--" AND userPass="aH0qcQOVz7e0s"NOT IN: If you have no idea which record you want you could record cycle (you request vague info, and you put what you already got in the NOT IN clause so that you can get the next entry)Usage:SELECT userName userPass FROM userDatabase WHERE userName NOT IN ('Dehstil','Twistedchaos')EXEC: This command should never work, but if it win; you could do anything. For instance, you could inject something like this:';EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:All my examples so far have dealt with read processes. To manipulate a write process, here is an example for those who know what their doing:INSERT INTO userProfile VALUES(''+(SELECT userPass FROM userDatabase WHERE userName='admin')+'' + 'Chicago' + 'male')This example would theoretically put the admin's password in your profile.



About Us

Trix World Copyright © 2009 BeepTheGeek is Designed by Gaganpreet Singh