Tuesday, October 19, 2010

Rapid7 Introduces Metasploit Pro - The World’s First Penetration Testing Solution That Achieves Unrestricted Remote Network Access Through Firewalls

Rapid7®, the leading provider of unified vulnerability management and penetration testingsolutions, today announced the availability of Metasploit Pro™, the new software for security professionals in enterprises, government agencies and consulting firms who need to make network security testing more efficient to reduce costs. Unlike alternative products, Metasploit Pro improves the efficiency of penetration testers by providing unrestricted remote network access and enabling teams to collaborate efficiently. Metasploit Pro exceeds the functionality of Metasploit Express™ with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.
“Enabling penetration testers to share findings and notes definitely helps keep everyone in synch and productivity moving. It’s also a great time saver at the end of an assignment because you can create a single report including everyone’s findings at the push of a button.”
“Metasploit Pro completes our suite of penetration testing products and addresses the needs of the penetration testing expert who requires advanced features,” said Mike Tuchen, Rapid7 president and CEO. “We built Metasploit Pro with the same intuitive interface and efficient workflows of Metasploit Express and added advanced features that enable penetration testers to compromise networks deeper and faster. As a result, they can complete their security testing in less time, greatly reducing the overall impact on security budgets.”
The Metasploit® Framework is the most widely used and mature solution in the market with more than one million unique downloads in the past year and the world’s largest, public database for quality assured exploits. As organizations face increasing threats to complex, business-critical systems, the ability to simulate realistic attacks on their infrastructure in a fast and cost-effective manner is critical. Only Metasploit products are based on the Metasploit Framework, the gold standard for penetration testing, and are therefore best suited to emulate realistic attacks.
To efficiently ensure the highest possible security of their IT infrastructure, enterprises need to prioritize the mitigation of vulnerabilities. Metasploit is the world’s only penetration testing solution that directly launches NeXpose® vulnerability scans to verify vulnerabilities. Based on this enterprise risk scoring, organizations can make informed decisions about which vulnerabilities should be addressed first.
“We’ve been thrilled with all the capabilities of Metasploit Express and were excited to try the advanced features of the new Metasploit Pro, especially team collaboration,” says Jim O'Gorman, security systems specialist at Continuum Worldwide, a leading independent provider of business assurance solutions and a Rapid7 customer. “Enabling penetration testers to share findings and notes definitely helps keep everyone in synch and productivity moving. It’s also a great time saver at the end of an assignment because you can create a single report including everyone’s findings at the push of a button.”
Metasploit Pro:
  • Scans and exploits Web applications. Metasploit Pro enables you to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.
  • Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.
  • Achieves unprecedented network access. Metasploit Pro is the world’s only penetration testing solution to achieve unrestricted remote network access through a compromised host. Unlike alternative products, which provide proxy-based pivoting that is restricted to certain protocols, Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.
  • Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.
“I firmly believe that Metasploit Pro combines best-of-breed tools in a sane, easy-to-use format, enabling us to do our job quickly and thoroughly,” says Joshua Brashars, senior security consultant at AppSec Consulting, an information security firm and a Rapid7 consulting partner. “With Metasploit Pro, my team can maximize the efficiency of our penetration tests while minimizing the number of tools we require. Metasploit Pro combines the power of the Metasploit Framework with a simple-to-use interface that allows us to hit the ground running.”
“With Metasploit Pro, we’ve delivered a solution for penetration testers who love the workflow of Metasploit Express but needed to go even further with their security assessments,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “Rapid7 is uniquely positioned to offer a multi-tiered product that solves the real-world challenges of hundreds of thousands of security professionals and researchers. And, as a result of our success with commercial products, we’re able to drive higher quality, additional features and faster exploit development in the free, open-source framework, giving directly back to the community that sustains us.”
Pricing and Availability
Metasploit Pro is available immediately for $15,000 per named user, per year and includes support with dedicated SLAs provided by Rapid7 staff. To learn more, visit http://www.rapid7.com/products/metasploit-pro.jsp.
To download a fully featured trial version, visit http://www.rapid7.com/downloads/metasploit-pro.jsp.

Source : http://eon.businesswire.com/news/eon/20101019006738/en/Rapid7-Introduces-Metasploit-Pro---World%E2%80%99s-Penetration

My New tutorial on Advanced HOST URL redirection

Tuesday, October 5, 2010

TR Dojo: Lock down Windows 7 to run only specified applications

src: http://video.techrepublic.com.com/2434-13789_11-167680.html

Stop the Internet Blacklist!

How could US government come up with things like that banning and censorship of websites which could lead to a Internet blackout across the world . What really Concerns President Obama and his congress men to be upto such a decision ?

Will that really mean a total monitored internet access with no privacy?

What does that mean to other nations of the World?

Just the other day, President Obama urged other countries to stop censoring the Internet. But now the United States Congress is trying to censor the Internet here at home. A new bill being debated this week would have the Attorney General create an Internet blacklist of sites that US Internet providers would be required to block.
This is the kind of heavy-handed censorship you'd expect from a dictatorship, where one man can decide what web sites you're not allowed to visit. But the Senate Judiciary Committee is expected to pass the bill this week -- and Senators say they haven't heard much in the way of objections! That's why we need you to sign our urgent petition to Congress demanding they oppose the Internet blacklist.
PETITION TO THE SENATE: Censoring the Internet is something we'd expect from China or Iran, not the U.S. Senate. You need to stop this Internet blacklist in its tracks and oppose S. 3804.

Details of the Petition :http://demandprogress.org/blacklist/coica
source : http://demandprogress.org/blacklist

Stuxnet Trojan attacks could serve as blueprint for malware writers

The Stuxnet Trojan remains a danger to a small minority of firms that run specialized control equipment, but security experts say it could serve as a guide for copycat malware writers, who can reproduce parts of its processes and take better aim at other companies.

"How do you know that the software you are using to support sophisticated manufacturing processes, ranging from uranium centrifuges to automobiles, is not being targeted by some cyberweapon, throwing off your tolerances and measurements?" asked Paul B. Kurtz, managing partner at Arlington, Va.-based GoodHarbor Consulting LLC. "It's something that can be very costly to private industry and ultimately very disruptive to economies."
The worm surfaced in July when it was discovered exploiting a Microsoft Windows file sharing zero-day vulnerability, spreading using the AutoPlay feature for USB sticks and other removable drives. Microsoft issued an emergency update to close the hole, but researchers discovered several other methods used by Stuxnet, including a printer sharing vulnerability, which was patched this month by Microsoft.
Stuxnet was unique in that it contains code that could identify Siemens' Supervisory Control and Data Acquisition (SCADA) software and then inject itself into programmable logic controllers, which automate the most critical parts of an industrial facility's processes -- temperature, pressure and the flow of water, chemicals and gasses. Kurtz, who served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Bill Clinton and George W. Bush, is convinced that the Trojan's end game is to wreak havoc or even destroy critical infrastructure facilities by altering their vital processes.
"When you get into some of the other manufacturing processes today, the fault tolerance is so miniscule that it doesn't take much for a targeted piece of malware to cause problems," Kurtz said. "They can produce products that are inherently flawed and that can have disastrous effects."
Dave Marcus, director of security research at McAfee Avert Labs, draws parallels to the Google Aurora attacks, which surfaced in January. Like the Aurora attacks, which exploited a zero-day vulnerability in Internet Explorer to infiltrate Google and dozens of other firms, the cybercriminals behind Stuxnet had specific knowledge of their target environment, Marcus said. Those behind both attacks had a level of financing that enabled intelligence gathering prior to the attacks.

Thursday, September 30, 2010

A YouTube Phishing site

A youtube phishing site has newly come into existance with URL http://youtube.com-prizes.com/win/

This link claims to be a survey to help youtube to understand the viewer/user feedback and a prize money of  $2741.88 to answer some stupid questions like your sex and age . So tricky that it nearly makes you think that its a authentic youtube site.

This is how it works,

A quiz of two questions sex/age and then click to claim the reward.

It then redirects you to https://www.5staroutlet.com/crown/v95/weborder.asp?sk=LZXA91&oid=12345678

When the user credentials and certain personal data like the Creditcard details are collected as you are
redirected to https://www.5staroutlet.com/

it is something similar which follows the same process of collecting your Credit Card details as you fill the details around 32$ will be charged from your CC 

Here is how the page looks like

Note : Stay away from such sites ....Google/Youtube never comes with such stupid offers!!!!

Wednesday, September 29, 2010

Tab Nabbing Explained

           Just when you thought you'd seen it all, a new and particularly nasty form of Internet phishing, called tab-nabbing, poses a new identity theft threat to web users.

               Phishing, just to remind you, happens when a scammer deceives you into giving away information about yourself, mostly account details such as username and password.

Usually via an email or a link on another web page, they direct you to a bogus site that looks exactly like the genuine article -- like PayPal or Amazon for example -- and captures your login details when you try to sign in.
The crook can then use those details to sign on and remove money or make purchases on your account.

You can read more about Internet phishing in some of our earlier issues.

1Phishing Scams: How You Can Protect Yourself
2.New Clever PayPal Scam
3 New Phishing Scams: Clever Chase Bank Customer Survey Phishing Scam

               All of these previous online phishing scams rely on the user being fooled into clicking a link, whereas the tab-nabber plays a different and much less obvious trick.

             If you're a regular Internet user, you'll know how tabs work. In your browser -- for example, Internet Explorer, Firefox, Safari or Google Chrome -- they allow you to have several pages open at once, and to hop from one to the other.

             Sometimes, when you click on a link in one page, it opens the new page in a separate tab, and it's not unusual to have half a dozen or more tabs open at once.
You even forget which ones you had open, which helps the tab-nabber immensely.
The way this particularly evil form of Internet phishing works goes like this:
  • You already have a couple of tabs open when you land on a page controlled by the tab-nabber (though you won't know this).

  • While you're viewing this page, the tab-nabber accesses your browsing history to see which sites you regularly visit that have value to him -- again like Amazon, PayPal or an email Account like Gmail.

  • He (or she) then changes one of your tabbed pages to mimic one of these sites, complete with what looks like the genuine logo on the tab itself, hoping, when you return to this tab, you will think you must have visited that page earlier and just forgotten.

  • Even better, from the tab-nabber's point of view, you may really have just visited the genuine site (your bank, for example), left it open in the tab, and then returned to it to discover you seem to have been logged out.

  • Either way, the aim is to get you to think you're logging in again and, hey presto, the scammer has pulled off his cunning Internet phishing trick.
             Two key aspects make this much more effective than previous online phishing scams:
First, you don't have to click a link to get to the bogus page; you just click on what looks like a genuine page tab.

              Second, it uses sites you habitually visit whereas phishing emails often seem to come from organizations you've had no dealings with, so you would immediately suspect something was wrong.
In addition, if you do your banking online, the bank often will actually sign you out if there's no activity on their page, even if you still have it open in a tab. It's not unusual to be asked to sign on again.
However, two other things give the tab-nabbing trick away: First, although the page may look genuine, the Internet address or URL (the name of the site given in the address bar at the top of your browser) won't.

            So, the real Amazon home page for instance will show "amazon.com" but a bogus page will have something quite different, even if it has the word "amazon" in it.

Second, the little padlock icon that appears in your browser (usually bottom right), when you visit a secure website, will be missing.

                       Still, it's a wicked deception, highlighted recently by a specialist who works for Mozilla, the organization that makes the Firefox browser. You can see his video demonstration of tab-nabbing (sometimes also called "tabnabbing" or "tabnapping") here if you have Adobe Flash installed.
What can you do to ensure you don't fall victim to this new type of Internet phishing? To be doubly-secure, here's what you should do.
  1. Get into the habit of glancing at the address bar for every page you visit or revisit. This makes good secure-surfing sense anyway.

  2. Look for that padlock on what should be a secure site page.

  3. After visiting a secure page, close it when you're done, rather than keeping it open in a tab.

  4. If a site invites you to sign on again, close the tab and re-key the correct address.
Any one of these four steps should help steer you clear of a tab-nabbing scam -- and if you have security software integrated with your browser, that should flag bogus sites too. With Internet phishing, you just can't be too cautious.

Source : http://www.scambusters.org/internetphishing.html  

Monday, September 27, 2010

Twitter gets a new makeover

Twitter just got a new makeover
now You will now find @mentions, retweets, searches, and lists just above your timeline – creating a single, streamlined view on the left of the screen. On the right, you can see the features you’re familiar with, including whom you recently followed and who recently followed you, favorites, and Trending Topics.
Looks more interactive and simple, richer and faster interface.

No redirections to the site to view the media content they can now be directly viewed on the right side as you click the arrow next to the tweet along with the information of the user and his/her recent tweets.

To get the newtwitter activated you need to tweet with #newtwitter and then you get a bar on the top asking if you would like to change to it

However i find the right part is a little wide and a lots of space is wasted.

Saturday, September 25, 2010

Tips for securing your wireless connection

With over 50% of people admitting to having used someone else's wireless internet without permission, how can you stop your neighbours from stealing your Wi-Fi connection? Securing your wireless network is just a matter of following a few simple tips:

  • Use encryption
    Wireless routers give you the option of encrypting your data, so bank details and passwords can't be intercepted. Wi-Fi Protected Access (WPA and WPA2) is a much stronger encryption system for securing your communications than WEP, which can be easily cracked by hackers.

  • Use a password
    Set up a password for your wireless internet connection. Choose a strong password for securing your network - don't use the one that came with your Wi-Fi router or a dictionary word that is easy to guess or crack. (You may wish to read our article on sensible password use for help with this.)

  • Don't broadcast the name of your wireless network
    The name of your wireless network, known as the SSID, should not be broadcast to passers by. In addition, choose an obscure hard-to-guess SSID name to make life harder for Wi-Fi hackers. SSIDs such as 'home', 'wireless' or 'internet' are not good choices.

  • Use MAC address filtering
    Wi-Fi routers and access points normally have the ability to prevent unknown wireless devices from connecting to the network. This works by comparing the MAC address of the device trying to connect to the Wi-Fi router with a list held by the router. Unfortunately, this feature is normally turned off when the router is shipped because it requires some effort to set up properly. By enabling this feature, and only telling the router the MAC address of wireless devices in your household, you'll be securing your wireless network against neighbors stealing your internet connection.

    Securing your wireless network using MAC address filtering is not a total solution as it is possible for a determined hacker to clone MAC addresses and connect to your Wi-Fi network, but this measure should still be taken to reduce the risks.

  • Restrict internet access to certain hours
    Some wireless routers allow you to restrict internet access to certain times of the day. For instance, if you know you will not need to access the internet from home between 9-5, Monday to Friday, then schedule your router to disable access between those hours.

  • Make sure your computers are properly secured
    Check you have up-to-date anti-virus, security patches, and client firewall software, this will help to protect your wireless network by stopping malware-based connection to your Wi-Fi.

"Bom Sabado! " A new worm Hits google's Orkut

A new worm has Hit Google's Orkut early today and its spreading fast, the Infection looks pretty stubborn .

This wierd worm appears to be similar to one that appeared in Dec' 2007 and the people behind are suspected to be the same. A Portuguese Greeter worm

It appears that the communities like "Somente você me COMPLETA!, O virus Que Contagia, ADA - Adoro Dormir Abraçado, Eu tenho um grande AMOR" and few more random Communities

This greets you in the scrap book "Bom Sabado! " which translates to "Good Saturday" in contrast to the earlier on with 2008 vem ai… que ele comece mto bem para vc.” This translates to “2008 is coming…I wish that it begins quite well for you”.
No external links are involved just viewing the scrap spreads the worm. Although no cases of account infringement are noticed yet . This worm look to be having only a intention of fairly "Spamming" with greets.

Once the user views the scrap the account gets infected and runs a Javascript to post the scrap to all persons in the victims contact.

The javascripts look to appear from TPTOOLS (http://tptools.org/)

meanwhile the browser looks to be freezed however the code is executed in the background.

No official reports are out yet in this matter on the statistics and its impact.

The best countermeasure is to stay away from viewing the scrap or use "Noscripts" addon or block the scripts on the browser.

Friday, September 3, 2010


Skipfish [General Tutorial]

Start skipfish in Matriux

Code: (type following to check the various options)
./skipfish -h

Code: ( various options are listed )
tiger@tiger-desktop:/pentest/web/skipfish$ ./skipfish --h
skipfish version 1.01b by
./skipfish: invalid option -- '-'
Usage: ./skipfish [ options ... ] -o output_dir start_url [ start_url2 ... ]

Authentication and access options:

-A user:pass - use specified HTTP authentication credentials
-F host:IP - pretend that 'host' resolves to 'IP'
-C name=val - append a custom cookie to all requests
-H name=val - append a custom HTTP header to all requests
-b (i|f) - use headers consistent with MSIE / Firefox
-N - do not accept any new cookies

Crawl scope options:

-d max_depth - maximum crawl tree depth (16)
-c max_child - maximum children to index per node (1024)
-r r_limit - max total number of requests to send (100000000)
-p crawl% - node and link crawl probability (100%)
-q hex - repeat probabilistic scan with given seed
-I string - only follow URLs matching 'string'
-X string - exclude URLs matching 'string'
-S string - exclude pages containing 'string'
-D domain - crawl cross-site links to another domain
-B domain - trust, but do not crawl, another domain
-O - do not submit any forms
-P - do not parse HTML, etc, to find new links

Reporting options:

-o dir - write output to specified directory (required)
-J - be less noisy about MIME / charset mismatches
-M - log warnings about mixed content
-E - log all HTTP/1.0 / HTTP/1.1 caching intent mismatches
-U - log all external URLs and e-mails seen
-Q - completely suppress duplicate nodes in reports

Dictionary management options:

-W wordlist - load an alternative wordlist (skipfish.wl)
-L - do not auto-learn new keywords for the site
-V - do not update wordlist based on scan results
-Y - do not fuzz extensions in directory brute-force
-R age - purge words hit more than 'age' scans ago
-T name=val - add new form auto-fill rule
-G max_guess - maximum number of keyword guesses to keep (256)

Performance settings:

-g max_conn - max simultaneous TCP connections, global (50)
-m host_conn - max simultaneous connections, per target IP (10)
-f max_fail - max number of consecutive HTTP errors (100)
-t req_tmout - total request response timeout (20 s)
-w rw_tmout - individual network I/O timeout (10 s)
-i idle_tmout - timeout on idle HTTP connections (10 s)
-s s_limit - response size limit (200000 B)

For a general complete scan type:

./skipfish -o outputdirectory targeturl

and the output is listed in a very good webpage. like this

or check the video here

Tuesday, August 31, 2010

New Security Distribution Node Zero

Just another security Distribution into the list Node Zero Linux.

As the site says:

"NodeZero is Ubuntu based linux designed as a complete system which can also be used for penetration testing. NodeZero uses Ubuntu repositories so your system will be always up to date. The system setup is basic and it's primarly designed for disk installation and customization as you want."

Node zero is coming with a good set of tools for penetration testing and claims to be 300 applications based on penetration testing.

The UI of the desktop looks great with a very good eye catching theme .

Source : http://www.netinfinity.org/

Sunday, August 29, 2010

A little photography along the nature

At Munnar (Kerala)


I just came across conference on Malware
According to the site it claims to be the worlds first platform bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Proving a hands on with the various Malware fields

A post on Infoworld quotes :

"MalCon organizers want us to believe that security community can benefit from an event showcasing and teaching malware"

The organisers of the conference came up with an idea looking onto the various conferences already existing with tags "security" "ethical hacking". And good to hear a new dimension coming up with malcon.
A platform bringing in all the malware coders.

The conference also puts on the Whitepapers under the CFP contest and also providing workshop and training on malware coding , analysis and reverse engineering. The conference is being held on Dec 2nd and 3rd . The first day being the training and Hands-on while the conference on the latter day

And rest details go on their site http://malcon.org/

Ethical Hacking @ TKR college n GRIET college

w3af at null Hyderabad meet

Monday, June 7, 2010

Microsoft vs General Motors

At a recent computer expo, Bill Gates reportedly compared the computer industry with the auto industry and stated "If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon.

In response to Bill's comments, General Motors issued a press release stating: If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:

For no reason whatsoever, your car would crash twice a day.

Every time they repainted the lines in the road, you would have to buy a new car.

Occasionally your car would die on the freeway for no reason. You would have to pull over to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some reason you would simply accept this.

Occasionally, executing a maneuver such as a left turn would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.

Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive - but would run on only five percent of the roads.

The oil, water temperature, and alternator warning lights would all be replaced by a single "General Protection Fault" warning light.

The airbag system would ask "Are you sure?" before deploying.

Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.

Every time GM introduced a new car, car buyers would have to learn to drive all over again because none of the controls would operate in the same manner as the old car.

You'd have to press the "Start" button to turn the engine off.

Found this at some blogs

Sunday, May 9, 2010

Facebook redirection XSS

Exploit: Facebook Xss Redirection

The above mentioned URL can can be manipulated by appending some malicious encoded URL and can be used for phishing purposes. However facebooks doesnt allow illegitimate redirections so a warning page is displayed

However if this redirection is through a facebook application or trusted source the person can be redirected to a phishing page.

Tuesday, April 27, 2010

Microsoft Office Labs vision 2019

Microsoft Office Lab - Future Vision Montage (2019)

Video of how Microsoft Office team envisions future of the communications.

Friday, April 16, 2010

Hacking Windows XP with Metasploit tutorial - VNC remote control

Security researchers demo Cisco Wi-Fi flaws

Two generations of Cisco wireless LAN equipment contain a range of vulnerabilities, researchers have told the Black Hat security conference.

Enno Rey and Daniel Mende from German testing firm ERNW demonstrated how to hack into two separate generations of Cisco Wi-Fi kit. They said that the flaws were fairly easy to find and exploit.

Read more at ZDNET

Sunday, April 4, 2010

Mozilla Crash exploit

Found a crash exploit with mozilla firefox browser

working pretty cool with 3.6.3 the version I am using right now

here is the vulnerability .

visit Here

and click over the button there
BINGO mozilla crashes !!!!

How to Hack Windows Administrator Password

Thishack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

  • You do not need to know the old password to set a new one
  • Will detect and offer to unlock locked or disabled out user accounts!
  • There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below

Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name Raj, then do as follows

4. Type net user Raj * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for Raj without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Saturday, March 27, 2010


We need you! Getting involved is easy. Here are three simple ways you can help everyone switch to Firefox:The Spread Firefox community has grown to over 225,000 members from all over the world. There are so many great people to get to know and learn from that we wanted to make sure there was a centralized place for our members to hang out when not working on their individual projects. The Community @ SFx project is the place to go to get to know other Spread Firefox contributors and get their help navigating the site or starting projects of your own.

And you could also get a Firefox Badge to add up to your resume
This could help you enhance your resume

This is not all you get a free T-shirt from Mozilla as a part of Spread Firefox community


1.Click the button here and get started

Spread Firefox Affiliate Button

2.After this log into Spread FireFox Create a account there

3.Login and join various boards and projects and effectively participate in spread
firefox .

4. The more active you are the more you get back !!

All the Best and get started.

Monday, March 1, 2010

Hack Misc. Accounts on Facebook and Myspace

You can hack some random accounts in facebook and myspace

Lets take a example of Myspace

go to Myspace website and search for a user "familiarname"@mailinator.com

here i typed george@mailinator.com in the search box (search people)

IF you are lucky you will get to find a user with an account like this

now go to Sign In and type forgot password

Type the Email ID (george@mailinator.com) and captcha

after that you will get a confirmation that the password reset is being sent to you

Now visit www.mailinator.com type the email ID you just entered( george@mailinator.com in my case) and check the Inbox you get a link to redirect to RESET PASSWORD change it and BINGO !!

you successfully hijacked the account !!