zip bomb , try it out .

A zip bomb, also known as a Zip of Death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, so that a more traditional virus sent afterwards could get through undetected.

Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.

A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.

The technique has been used on dialup bulletin board systems at least as long as compressing data archive programs have been around.

Today, most antivirus programs can detect whether a file is a zip bomb and so avoid unpacking it.

One example of a Zip bomb was the file "42.zip" which was 42 kilobytes of compressed data, containing six layers of nested zip files in sets of 16, each bottom layer archive containing a 4.2 gigabyte file for a total of 4.5 petabytes of uncompressed data. This file is still available for download on various websites across the internet.

Download Link:

http://downloads.securityfocus.com/vulnerabilities/exploits/42.zip

This zip is detectable by modern antivirus , u can make ur own zip bomb which is undetectable . 

for this open notepad type a blank space on it , save it in  a separate folder and name it 1.txt . Now in the directory copy the file   using ctrl+c and now paste it using ctrl+v , now duplicate copy of the files will  be created , similarly paste it so that the size of the folder becomes 50kb . now go to command prompt , change current directory to this folder then run this command 

copy /b *.txt b.txt

so more files will created , repeat the command so that the size of the folder becomes 3 to 4 GB , now right click that folder and click add to archive , thus a new archive file file will be created , which will be in few hundred KB or few MB , thus 4GB file is compressed to few kb sized zip , now sent this zip file to some private mail server like 

someone@example.com as attachment , the mail server tries to scan the file and if memory is not available it gets crashed .;)

u can use the command to create file size of petabytes(if u have disk space) and compress them , this would be more effective .

Read more »

sms bomber latest !

Hi t3ch viewer , i finally present u final working version of sms bomber through which u can sent many to a phone number .

cant guess , try this site out ,

http://smsattack.tk

Send sms to anyone in any amount using way2sms account ..

Enjoy my work , have any problems post your comments .

Read more »

American embassy secrets released on the internet .

The conversation between the various american embassies and american government were released online. Moreover various war diaries were also released online . These were made my a hacker called  Julian Assange.
The site is http://wikileaks.org/ .

 Here are some facts about WikiLeaks:

* WikiLeaks says it is a non-profit organization funded by human rights campaigners, journalists and the general public. Launched in 2006, it promotes the leaking of information to fight government and corporate corruption.

* In October, WikiLeaks released 400,000 secret U.S. files on the Iraq war. The documents involved sensitive subjects including abuse of Iraqi prisoners in U.S. custody, Iraqi rights violations and civilian deaths.

* In July, it released tens of thousands of secret U.S. military documents about the war in Afghanistan, offering them first to The New York Times, Britain's Guardian newspaper and Germany's Der Spiegel.

* The Pentagon said the Afghan war documents leak -- one of the largest in U.S. military history -- had put U.S. troops and Afghan informers at risk.

* Under the heading "Afghan War Diary," the 91,000 documents collected from across the U.S. military in Afghanistan cover the war from 2004 to 2010, WikiLeaks said in a summary.

* Although founder Julian Assange has given few interviews recently, a website, www.wikileaks.org, and a Twitter feed, www.twitter.com/wikileaks, occasionally release material.

* Assange is an Australian who spends much of his time in Sweden. Earlier this year, he was accused of molestation by two women there, a charge being investigated by the Swedish prosecutor's office. A complaint about attempted rape led to an arrest warrant, but that was quickly dropped. Assange has denied all charges.

* Sweden's media laws are among the world's most protective for journalists. In addition, Sweden's Pirate Party, which advocates reform of copyright law, has agreed to host WikiLeaks' servers, giving it additional legal protection.

* WikiLeaks has no connection to the popular online encyclopedia Wikipedia.

Read more »

Hack windows xp remotely !

Hi viewers , Windows XP is a os with 100's of bug in it , through which an attacker and access control to the system remotely and gain control over the entire system .
In this we are going to attack a XP system running on a remote system using a framework called metaspoilt it is a collections of various exploits and payloads to attack various operating systems and softwares .
This video covers the use of Metasploit, launched from the Auditor Boot CD, to compromise an unpatched Windows XP box by using the RPC DCOM (MS03-026) vulnerability. It then sends back a VNC session to the attacker. This is just one example of the many things Metasploit can do.
If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Read more »

BSNL modem hacks . .

According to a survey BSNL has largest number of broadband users in india , BSNL provides a modem called UT-STARCOM and series of its releases to its south indian broandband users .
This modem has several vulnerabilities .
some are ,

->Any one can login into the router . change password of Admin account by logging into User account.

-> Attacker can sniff the traffic of the router remotely .

->can change DNS server address and can perform spoofing and Phishing attacks easily in an un discoverable manner .

->Other DDos attacks can be performed .

here is a whitepaper presented by few students of panimalar collage , Chennai regarding this issue .
This proves 20% of the Broadband users in India are vulnerable to these attacks   . .

BSNL HACKS

Read more »

Email bomber .

Hi viewers ,
I wish u introduce Email bomber , it is a software/tool which can  be used to send 100's of email to any email account using gmail smtp server , for this u should use a gmail id through which email can be sent .

some features of it :

Uses port connection with gmail server and sends email  , so email sending rate  will be fast than http connection.

Uses random numbers in the email subject , so gmail doest queues email as single mail and prevent from spam detection .

download link:

http://www.mediafire.com/?kl7k9002krbq7x1




I used Auto-It scripting to create the bomber , hence it may be detected as Trojan by few antivirus , but i assure that it is 100 percent safe .

Antivirus reports by popular antivirus software for this file:

Antivirus	Version	Last Update	Result
AhnLab-V3	2010.11.28.00	2010.11.27	-
AntiVir	7.10.14.126	2010.11.27	-
Antiy-AVL	2.0.3.7	2010.11.28	-
Avast	4.8.1351.0	2010.11.27	-
Avast5	5.0.594.0	2010.11.27	-
AVG	9.0.0.851	2010.11.28	-
BitDefender	7.2	2010.11.28	-
CAT-QuickHeal	11.00	2010.11.27	-
ClamAV	0.96.4.0	2010.11.28	-
Command	5.2.11.5	2010.11.27	-
Comodo	6873	2010.11.28	TrojWare.Win32.Autoit.~d01
DrWeb	5.0.2.03300	2010.11.28	-
Emsisoft	5.0.0.50	2010.11.27	Trojan.Generic!IK
eSafe	7.0.17.0	2010.11.24	-
eTrust-Vet	36.1.8003	2010.11.26	-
F-Prot	4.6.2.117	2010.11.27	-
F-Secure	9.0.16160.0	2010.11.27	-
Fortinet	4.2.254.0	2010.11.27	-
GData	21	2010.11.28	-
Ikarus	T3.1.1.90.0	2010.11.27	Trojan.Generic
Jiangmin	13.0.900	2010.11.27	-
K7AntiVirus	9.69.3103	2010.11.27	Trojan
Kaspersky	7.0.0.125	2010.11.28	-
McAfee	5.400.0.1158	2010.11.28	-
McAfee-GW-Edition	2010.1C	2010.11.27	-
Microsoft	1.6402	2010.11.27	-
NOD32	5654	2010.11.28	-
Norman	6.06.10	2010.11.27	-
nProtect	2010-11-27.01	2010.11.27	-
Panda	10.0.2.7	2010.11.28	-
PCTools	7.0.3.5	2010.11.28	-
Prevx	3.0	2010.11.28	-
Rising	22.75.04.00	2010.11.27	-
Sophos	4.60.0	2010.11.28	-
SUPERAntiSpyware	4.40.0.1006	2010.11.28	-
Symantec	20101.2.0.161	2010.11.28	-
TheHacker	6.7.0.1.092	2010.11.27	Trojan/Dropper.gen
TrendMicro	9.120.0.1004	2010.11.27	-
TrendMicro-HouseCall	9.120.0.1004	2010.11.28	-
VBA32	3.12.14.2	2010.11.26	-
VIPRE	7431	2010.11.28	-
ViRobot	2010.11.19.4158	2010.11.27	-
VirusBuster	13.6.63.1	2010.11.27	-

Additional information
MD5   : 9b707bdde43c6b2ac9e848c5de57a96c
SHA1  : c31906d7cd6d08049e78036e50e828ec9a28ec8a
SHA256: 6afbf6f98bf1192952a43a5571611eb9704db838ba4da260533d38337f22e9d8

Read more »

Bluetooth hacks :)

Blue tooth is a device used for effective transmission of data at low power at the same with reasonable speed .
Each Bluetooth device has its own device address and it also has a name using which it communicates with another devices , what happens if we can change the blue tooth address and name similar to another Bluetooth thus we can gain access to devices controlled by the hacked Bluetooth .
This method of duplicating the address of a Bluetooth to resemble another Bluetooth device is called blue tooth spoofing .... how to do this ?

got curious , there are some other methods like sending 100's of files to a target device using spoofed Bluetooth device , thus the receiving Bluetooth device gets crashed  ....
want to know how to do these Bluetooth attacks , watch the slides below .. .

Defcon 18-dunning-breaking-bluetooth

Enjoy blue hacking .

Read more »

Bittorrent hacks .

Bit torrent is a protocol , that is used for sharing a large sized file over distributed peer to peer computers in a efficient way , in this protocol , the person downloading the file is called peer , the person who is uploading is called seed , a peer after sometime downloading sufficient data of a file began to act as a seed , thus when we download a file we should also upload the file to others peers , thus the files availability is increased and made easy to download .

some restrictions made by bit torrent are ,

you cannot download file without uploading few data for other , ie when u download a file using bit torrent client u should also upload some data that u have already downloaded on that file .

this restriction is made because file must be always made available,

there exist a vulnerability in this bit torrent protocol , so that we can cheat the bit torrent server by saying that we are uploading the data , but without actually uploading the data .

this software is called Stealth Bomber , which is a open source and available for download

http://code.google.com/p/bittorrenthacks/downloads/detail?name=StealthBomber.zip&can=2&q=

try this software at your own risk , using this spoils the bit torrents rules ..

may this bug in the protocol get fixed soon ... ;)

white paper on this hack , presented by a hacker at DEFCON ,
http://www.blackhat.com/presentations/bh-usa-09/BROOKS/BHUSA09-Brooks-BitTorrHacks-PAPER.pdf

Read more »

Hack any Nokia phone .

Nokia phones belonging to s60 series , ie nokia 6600 , Nokia - N series , E-series  etc has a bug through which we can hack them from remote and prevent them from receiving further sms messages on phone  ;) .

 for this we will send a specially crafted sms to our victim phone number , the victim after getting our message it will not get any more messages . :)


steps :

1.we can send sms from any phone , which has the ability to send text message as email , in most of the phones u can activate the feature as "send as email" option in the message profile settings .

2.change your email gateway number to the victim number whom u wish to hack .

3.now go to type new message , type anything , and now click send message , now u will be asked for email id to whom mail be sent , just enter any email id which is greater than 32 characters
ie abcdefghijklmnoefghijdfdfdfsdfdf@sdasdsadads.com etc

4.click send button .

5.thus we sent a exploit message to  the victim , whose number is given in the email gateway number .

6. repeat the steps , send more than 3 to 4 specially crafted sms to the victim phone , so thus it will create buffer overflow in the victim phone , thus he will not receive any more message from anyone .


tips for recovery ,
Once a phone got hacked by this method , it cannot receive any more messages .
to cure this , we have to factory reset the phone , to bring it to the normal state .







Phones that are vulnerable are ,

S60 3rd Edition, Feature Pack 1 (S60 3.1):
Nokia E90 Communicator
Nokia E71
Nokia E66
Nokia E51
Nokia N95 8GB
Nokia N95
Nokia N82
Nokia N81 8GB
Nokia N81
Nokia N76
Nokia 6290
Nokia 6124 classic
Nokia 6121 classic
Nokia 6120 classic
Nokia 6110 Navigator
Nokia 5700 XpressMusic

S60 3rd Edition, initial release (S60 3.0):
Nokia E70
Nokia E65
Nokia E62
Nokia E61i
Nokia E61
Nokia E60
Nokia E50
Nokia N93i
Nokia N93
Nokia N92
Nokia N91 8GB
Nokia N91
Nokia N80
Nokia N77
Nokia N73
Nokia N71
Nokia 5500
Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8):
Nokia N90
Nokia N72
Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6):
Nokia 6682
Nokia 6681
Nokia 6680
Nokia 6630

done for education purpose ;)

Read more »

join email and sms channels for free alerts .

Viewers of the blog , you can receive updates about the sites , new tips,  hacks etc by joining mailing list and sms channel ,
 joining them will help me in promoting my blog ,

so join to mailing list enter ur email id on right side widget ,


u can also join sms channel , if you are from india , u can receive free sms alerts from this site ,

click the below link to join sms channel for free

http://labs.google.co.in/smschannels/subscribe/t3ch-india

Read more »

Visit any forum without logging or registering in !!

In many forums , u are asked to register so that u can view the forum contents , it would be difficult for us to do so , hence there is a method called spoofing / changing user agent of browser , which makes our browser to act as google bot , since most of the forums allow google bots to view their contents  , we will also be able to view the forum without logging in :) , check this video tutorial .

Read more »

Which RDBMS is more secure? Microsoft vs. Oracle

This research paper by David Litchfield from Next Generation Security Software (NGSSoftware), examines the differences between the security posture of Microsoft’s SQL Server and Oracle’s RDBMS based upon security vulnerabilities reported by external security researchers and since fixed by the vendor in question.

You can download it from:

http://www.databasesecurity.com/dbsec/comparison.pdf

Read more »