Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

When both Domain Name & IP Address are banned, Use Calculator to Access that Website

This unique Mathematics based trick will probably work when websites are blocked in your institution or corporate network based on the host name or their IP address.The trick is to convert the human readable website address that's blocked (like Link:) into an IP address (208.75.184. 160) and again translate this value to a decimal address which is probably not blocked by the website filters.

Here's a step by step guide to render Link:. com to a decimal address:How to Access Restricted Websites
1) get its IP address (216.178.39. 74), by pinging the name (if you have a direct internet connection) or if you only have access via a web proxy then find it out by using a networking website like network-tools. com.

2) start your PC's calculator, and change it to scientific mode (using the "View" menu)

3) enter each of the four IP octets, one by one, converting them to binary (enter number and click on the "Bin" radio button)
Thus 216.178.39.74 becomes
216 = 11011000
178 = 10110010
39 = 00100111
74 = 0100101

Notice how any binary numbers less than 8 digits long have had leading zeroes added to pad them out. Reassembled into IP address order, you get 11011000.10110010. 00100111. 010010104)
Remove the dots, so you get one huge line of binary, thus: 1101100010110010001 00111010010105) Copy this binary string.........

6) Go to your scientific calculator, and hit the "Bin" button FIRST (as you are about to enter binary), THEN paste in the binary string.

7) Click on the "Dec" button on your calculator, and you will get the converted value of 36355541228) Add the hypertext protocol prefix and paste into your browser's address bar: Link:
Wuntoo adds: I used to be in a place that had websense, where both website names and their corresponding IP addresses were blocked. However was able to get limited access by converting the IP address to decimal, which websense (at the time) did not know about.

This might have changed since, or if your school runs an old version it might still work. Note that if you surf away from the page you might hit websense blocks again unless you manually reconstruct the next address you want to get to.

After installing Windows XP Home Edition or Windows XP Professional Edition onto a computer, officially it’s impossible for user to convert, or upgrade from Windows XP Home to Pro edition, or downgrade from Windows XP Professional to Home edition without reformatting and reinstalling the operating system from clean and fresh state.

A lot of people always associate conversion of Windows XP edition to illegitimate or privacy reason, but sometimes, there may be legitimate and genuine reason for change, such as customer, who all the while using Windows XP Home Edition (HE) finally buy a genuine license product key for Professional edition to replace the illegal pirated version installed, or user receives additional license as gift, but don’t want to go through clean install Windows XP again, or want to keep using the computer with all data intact without interruption.

Here’s a trick to convert and turn Windows XP Home Edition to Windows XP Pro Edition, from within the operating system without going through installation again. Ok, let’s be frank. The hack doesn’t actually install and add in all the features from Windows XP Professional that Windows XP Home lacks of, such as Remote Desktop Server and Group Policy Editor (GPedit) utility tools, which has been removed on Windows XP Home edition. Some functions which turned off and disabled via integrated switches which read from registry flag whether it’s Home or Professional edition, such as EFS, RAID support and ability to join domain, may or may not work after migration. Basically, the trick only work to let Windows XP recognizes itself as Professional edition.

To convert and upgrade Windows XP Home to Windows XP Professional, follow procedure below.

  1. Open Registry Editor (regedit).
  2. Navigate toHKEY_LOCAL_MACHINE/SYSTEM/ControlSet00X/Control/ProductOptions, where ControlSet00X is the one with the highest number.
  3. Delete the ProductSuite registry key.
  4. Then, create a new DWORD value and named it as Brand.
  5. Set the “Brand” value data as 0.
  6. Reboot the system.
  7. On boot up after the BIOS screen, press F8 to display Windows XP Startup Menu.
  8. Choose Last Known Good Configuration (LNG) and hit Enter.

Windows XP will start up as usual. After logging into the desktop, check the system properties to verify that it’s now Windows XP Professional.

_______________________________________

Source : www.mydigitallife.info



1. What are some password basics?

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.
On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not "decrypt" the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.
Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here -- NT, Netware, and Unix -- all use an algorithm that has been made publically available and has been scrutinized to some degree.
To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.

2. Why protect the hashes?

If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this -- dictionary and brute force.
Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.

3. What is a dictionary password cracker?

A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.
Some of these dictionary crackers can "manipulate" each word in the wordlist by using filters. These rules/filters allow you to change "idiot" to "1d10t" and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.
If your dictionary cracker does not have manipulation rules, you can "pre-treat" the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

4. What is a brute force password cracker?

A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.
Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

5. Which method is best for cracking?

It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let's go through several scenarios.
If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.
If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.
If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.
You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program's manipulation filters do their thing.
A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

6. What is a salt?

To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.
Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can't be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.

7. What are the dangers of cracking passwords?

The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else's systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is -- cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).
Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you'll still be the first to be blamed whether the cracking software is yours or not!
Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.

Acrobat PDF documents can be protected or locked with password to secure the confidential and private by restricting others from opening the PDF file altogether by PDF creator, or limiting ability by readers to modify, print, copy or extract text and graphics from the PDF contents. The later case, where printing is allowed, but copying is not allowed, has an easy workaround that can unlock and remove the password protection.

Removing the password is useful if you have legal rights or are genuine owner to the PDF documents, but forget the password. The hack only works to disable the password protection if the PDF file’ security settings has password protected from allowing readers from modify or copy and paste, but allow users to print the document.

To remove such password which restricts users from content copying or text and image extraction, try to print the PDF document to a PDF printer or save as a new copy to create another PDF document stripped of the password protection. You will get another PDF document and it will be password-free. However, the new PDF document will probably treat its contents as a set of pictures, rather than text.

After installing Windows XP Service Pack 3 (SP3), the system may encounter an error code 0×80070002 that saying “A problem is preventing Windows from accurately checking the license for this computer.” The computer boots up and log on to desktop, but the error dialog pops up. Cancel the dialog will log off user. Attempt to login will fail again and logout. The process repeats endlessly in loop, and users cannot access the desktop. The only thing user can do is to restart the computer.

To recover from the unable to logon to desktop due to failure to checking the license error after installing Windows XP SP3, there is various solutions available. If the solutions suggested not working, try one of the following resolutions to fix the error.

Boot up to Safe Mode (by pressing F8 during initial startup), then copy the oembios.bi_ and expand.exe from the Windows XP installation CD (locate both files in i386 folder) to local hard disk, such as C:\ drive. Then open a command prompt window (Cmd), and run the following command to expand or unpack the compressed file:

expand oembios.bi_ oembios.bin

Alternatively, use WinRAR to extract oembios.bin from oembios.bi_ if expand command fails. Then, copy the the oembios.bin to C:\Windows\System32 folder (replace C to your system drive letter if applicable). Restart the computer.

If the above method fails to fix the problem, or you can’t find oembios.bi_ on your retail Windows XP setup CD, try to uninstall the Windows XP SP3 to revert back to error-free Windows XP SP2 which working properly. To uninstall Windows XP SP3 manually, restart computer and go into Safe Mode (press F8 on system startup), then run the following command in the Run command box or command prompt window:

C:\WINDOWS\$NtservicePackUnistall$\spuninst\spuninst.exe

Alternatively, go to Folder Options’s View tab to uncheck the option to hide protected system files. Then manually traverse the folder tree above, and double click on spuninst.exe to start uninstallation process of Windows XP SP3. After able to boot into XP desktop, you may want to fix the issue before reinstalling again.

If you getting tired of everytime have to clicking Start menu, and then click on Turn Off Computer, and then still have to click on Turn Off or Restart or Log Off in order to log off, restart or shut down your computer, and feel that it’s time wasting, you can create a one-click shortcut that allows the user to shutdown or restart Windows, or go into standby or hibernate mode, with just a single click on the shortcut itself. Best of all, the shortcut can be put at any place - desktop, Quick Launch bar, or Start Menu, and can even launch the shutdown or restart process from command line or command prompt.

In order to shutdown or restart the Windows with just one click shortcut or from command prompt or command line, users can use shutdown command line utility/command that comes with Windows 2000 (with the Resource Kit installed) and Windows XP or Windows Vista (native). To access shutdown command, simply go to DOS command prompt by clicking on Start -> All Programs -> Accessories -> Command Prompt or Start -> Run and then type in Cmd to launch a command prompt window.

To create a one-click shortcut to shutdown the Windows computer, right click on your desktop or any folder (or click at File at toolbar), and then select New, and then click on Shortcut. A New Shortcut wizard will ask for location of this item. In the textbox, type “shutdown -s -t 01″ (without quotation marks). Click on Next when done. When ask for a name for the shortcut, give any descriptive name you prefer, such as Shutdown. Then click on Finish, and you can now use the shortcut created to shut down PC immediately after click.

If you want to create a shortcut that quick restart the Windows instead of shutting down the computer, follow the above instruction, but “shutdown -s -t 01″, key in “shutdown -r -t 01″ for location of this item. Again, give a proper descriptive name to the shortcut, such as Restart, and the shortcut is ready to be used to restart the Windows right after click.

As in the shutdown command above, -s parameter will shutdown the computer, while -r will shutdown and restart the computer. -t 01 set the timeout or time to lapse in seconds for a shut down or restart to begin. By default, if no -t argument is specified, shutdown command will wait for 30 seconds countdown before shutdown or restart. The best part for shutdown command is that it can abort a system shutdown, by using -a as the option for shutdown, i.e. “shutdown -a”. There are other options or parameters that available, and users can view all of the flags with “shutdown /?” command at command prompt.

The options available for shutdown are:

No arguments : Display this message (same as -?)
-i : Display GUI interface, must be the first option
-l : Log off (cannot be used with -m option)
-s : Shutdown the computer
-r : Shutdown and restart the computer
-a : Abort a system shutdown
-m \\computername : Remote computer to shutdown/restart/abort
-t xx : Set timeout for shutdown to xx seconds
-c “comment” : Shutdown comment (maximum of 127 characters)
-f : Forces running applications to close without warning
-d [u][p]:xx:yy : The reason code for the shutdown

Lazy to type “CMD” or pressing any keyboard keys just to elevate the opened command prompt window with full administrator credentials and privileges mode? The following registry hack for Windows Vista will allow you to open an elevated command window by simply right click on Computer (formerly known as My Computer in Windows XP) icon at Start Menu or Desktop, and select Run Command Prompt as Administrator from the contextual menu.

To add and place a new menu item to right click context menu for Computer so that whenever you right click on the icon, a contextual menu item of Run Command Prompt as Administrator will be shown, and then you can straight away click on the entry to immediately open the elevated command prompt, copy and paste the following code to a text editor such as Notepad, and save it to a file with filename with .reg extension. Double click on the file or right click on registry file and then choose “Merge”.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\runas]
@=”Run Command Prompt as Administrator”

[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\runas\command]
@=”cmd.exe”


Google is an extremely powerful search engine, in the sense that it will crawl, grab and remember whatever web pages and files that its crawlers come across in the Internet, no matter whether they’re intended for public viewing. Beside, Google also provides powerful search filters and operators to return accurate search results. Thus you can find many interesting results using Google, such as unprotected live webcam.
You can also search for passwords which accidentally expose in various files by using Google, especially the unprotected or improperly protected password information in plain text format that resides on a web server. Most serious security leak happens on misconfigured web server that shows directory listing or expose PHP code. Typical example is plain text passwords used by FrontPage, a simple Web publishing software provided by Microsoft which has now been discontinued. Nevertheless, somebody out there in the Internet is still using FrontPage, and continue to expose the passwords to the world via Google. Try the following search queries to search for FrontPage password stored in service.pwd file.


ext:pwd inurl:(service | authors | administrators | users) “# -FrontPage-”

Other examples include password.log and password.list, .inc files with PHP code that contain unencrypted usernames, passwords, and addresses for the databases authentication, usually MySQL (filetype:inc intext:mysql_connect), config.php used by hackers to hack phpBB forums (ext:php intext:”$dbms”"$dbhost”"$dbuser”"$dbpasswd”"$table_prefix”"phpbb_installed”) and many many more. GHDB provides a long list of possible passwords that can be found via Google.

So, remember to check for your web server vulnerability to fix any security issue, threats and possible leakage. If you do not intend to publish the information to the Web and it’s for internal viewing only, use robots.txt to exclude all crawling and spidering by search engines.

Bookmark and Share