Chat in MS-DOS using IP address

it is easy and simple trick.  We can chat using MS-DOS(we have did this as college experiment in network lab with java code).  But i am not going to give you the java code.  Our usual Batch Programming.

You can try this in your school or college systems(it should be networked systems).

Step 1: 
 Get  the ip address of your friend's system.
if you are using college or school system,then ip address will be in particular range.



Step 2:
copy the following Batch code in notepad:

@echo off
:A
Cls
echo TypeIPAddress
set /p n=IPAddress:
set /p m=Message:
net send %n% %m%
Pause
Goto A

Save the file with .bat extension(For Eg: message.bat)

Step 3:
Open command prompt and navigate to that batch file location.
open the file in notepad.

If you don't know how to move to that path,simply drog and drop in cmd.Then hit enter.

Step 4:
Now it will ask you for the IPAddress.
Enter the IP address which you want to send message.
Hit enter
Now it will ask you for the message.
Enter and hit enter

Havij Tool - SQL Injection Withoug Much Effort

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Download It from Here:

http://www.itsecteam.com/en/projects/project1_page2.htm

SQL ninja 0.2.6-rc2 is now available

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Have a look at the flash demo and then feel free to download. It is released under the GPLv3
Features

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:

    * Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
    * Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)
    * Privilege escalation to sysadmin group if 'sa' password has been found
    * Creation of a custom xp_cmdshell if the original one has been removed
    * Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
    * TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
    * Direct and reverse bindshell, both TCP and UDP
    * ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
    * DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
    * Evasion techniques to confuse a few IDS/IPS/WAF
    * Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
    * Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
    * Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

Platforms supported
Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:

1. Linux
2. FreeBSD
3. Mac OS X

Sqlninja does not run on Windows and I am not planning a port in the near future

Download Here:

http://sqlninja.sourceforge.net/download.html

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

sslsniff v0.7 – SSL Man-In-The-Middle (MITM) Tool

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.


The three steps to get this running are:

1. Download and run sslsniff-0.7.tar.gz
2. Setup iptables
3. Run arp-spoof

Download Here:
http://www.thoughtcrime.org/software/sslsniff/sslsniff-0.7.tar.gz

How to hack twitter account

Many of readers sent me emails for writing a post on twitter account hacking. Before writing more on topic i want to say one thing that there is no any software tool which can give you passwords of any twitter account by entering the user name. If you are here for any this type of software then please leave this website. Twitter is one of the top 10 most visited website having a lots of security features. No tool can intrude or hack its database to give you passwords. If you want to hack a twitter account, you have to use your hacking skills with a good use of social engineering. I think social engeering is the best way to trick a person to give his passwords to you. If you had read my older post on facebook hacking, no trick is new for you. 


1: phishing: phishing is the best way to hak any account. If you think only saving a webpage and creating a fake login page with this is phishing, then you are wrong. Phishing is just create a webpage which can trick users to give their passwords. It does not mean that it is a login page or any other page which offers a service to that website. I used a page for finding invisible in orkut for orkut phishing. So think what you can do in this. I am not uploading any phishing page. If you do not know what is phishing, read my old post.


2: Keylogger: keylogger is another way to hack into twitter account by getting the keystrokes from a user's system. download remote keyloggers from keylogger section.



3: Firesheep: If your victim uses unsecure wireless network then you can hack him easily by using mozilla firefox and a simple firefox plugin. Firesheep. read this post to know about firesheep and dowload it from that post. Firesheep 
use this tool to hack.


You can also try to hack primary email id hacking attached with the twitter account. But hacking a Gmail or yahoo account also need above method. Try above given methods and trick users to explore their passwords.

Disable Windows Messenger on a Windows XP machine

If you’re using MSN Messenger as your chat and videoconferencing tool, you may never use
Windows Messenger anymore and have removed it from the startup group to keep it out
of your way. However, you may have seen it pop up on occasion and had to struggle with
closing it down. The reason that Windows Messenger makes these impromptu appearances
is that Outlook, Outlook Express and even some Microsoft Web pages can still make it load
automatically. Fortunately, you can banish Windows Messenger from your desktop by making
an alteration to the local group policy with the Group Policy Editor. Here’s how:
1. Access the Run dialog box by pressing [Windows][R]
2. In the Open text box type Gpedit.msc and click OK to launch the Group Policy Editor.
3. Go to Computer Confi guration | Administrative Templates | Windows Components |
Windows Messenger.
4. Double-click the Do Not Allow Windows Messenger To Be Run setting.
5. In the resulting dialog box, select the Enabled option, and click OK
6. Close the Group Policy Editor.

How do I... Force Disk Cleanup to delete all temporary fi les?

If you’ve ever run the Microsoft Windows XP’s Disk Cleanup utility, you probably discovered
that your temporary fi les occupy a signifi cant amount of space. You might select the
Temporary Files check box in order to allow the Disk Cleanup utility to delete the fi les in
the Temp folder, but the Disk Cleanup utility will not remove all the fi les. The reason for this
oddity is that the confi guration for the Disk Cleanup utility does not allow deletion of fi les
accessed in the last seven days.
Alter the parametersBy altering the LastAccess value in the registry, you can confi gure the Disk
Cleanup utility to delete all the fi les in the Temp folder regardless of the last accessed date. Here’s
how:
1. Launch the Registry Editor (Regedit.exe).
2. Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\VolumeCaches\Temporary Files
3. Locate and double-click the LastAccess value.
4. When you see the Edit DWORD Value dialog box, change the Value Data setting from 7 to 0
and click OK.
5. To complete the operation, close the Registry Editor and restart Windows XP.
Changing the value to 0 will force the Disk Cleanup utility to delete all the fi les in the Temp
folder every time you select the Temporary Files check box.
Notes: Since editing the registry is risky, be sure you have a verifi ed backup before saving any
changes. This tip applies to both Windows XP Home and Windows XP Professional.