Monday, July 21, 2014

To Hack Windows Administrator Password


This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.
Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So, if you are somewhat in a same kind of situation, here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer.
You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features:
  • You do not need to know the old password to set a new one.
  • This tool can detect and unlock locked or disabled out user accounts!
  • There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence, it is necessary that you boot off your computer and access this sam file via the boot menu. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.
The download link for both CD and floppy drives along with the complete instructions is given below:
It is recommended that you download the CD version of the tool since the floppy drive is outdated or doesn’t exist in today’s computer. After the download, you’ll get a bootable image which you need to burn it onto a blank CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords:

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task:
  1. Open the command prompt (Start->Run->type cmd->Enter)
  2. Now type net user and hit Enter
  3. Now the system will show you a list of user accounts on the computer. Say for example, you need to reset the password of the account by name John, then do as follows:
  4. Type net user John * and hit Enter. Now, the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.
So, in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Friday, May 9, 2014

Make your Windows Xp GENUINE



This will allow you to bypass the Microsoft Genuine Validation thing by this method works better than many others I've tried before.
forget the cracks and injectors etc... this is the BEST WAY

1) start > run > "regedit" (without the quotes of course)

2) go to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\WPAEvents\OOBETimer    and doubleclick on it.
Then change some of the value data to ANYTHING ELSE...delete some, add some letters...just change it!now close out regedit.

3) go to start > run > "%systemroot%\system32\oobe\msoobe.exe /a" (again, dont type the quotes)

4) the activation screen will come up, click on register over telephone, then click on CHANGE PRODUCT KEY, enter in this key: JG28K-H9Q7X-BH6W4-3PDCQ-6XBFJ.
Now you can do all the updates without activating,
and the Genuine Microsoft Validation won't bug you no more!!
Works with most WinXP versions though there are some exceptions...

Monday, April 14, 2014

Never seen before XP Secrets !!!!!!

Hidden Programs In Windows Xp
1) Private Character Editor
This program is for designing icons and Characters(Alphapet)
Click :start
Then :run
type :EUDCEDIT
.................................................. .................................................. .............................................
2) iExpress

This Program is for converting your files to EXECUTABLE files
Click : start
Then : run
type : iexpress
.................................................. .................................................. .............................................
3)Disk Cleanup
This program used for cleaning harddisk to offer space
Click : start
Then : run
type : cleanmgr

.................................................. .................................................. .............................................
4)Dr Watson
This program Is for repairing problems in Windows
Click : start
Then : run
type : drwtsn32
.................................................. .................................................. .............................................
5)Windows Media Player 5.1
Opens the old media player
Click : start
Then : run
type : mplay32
.................................................. ..................................................





Program ............. CODE

__________ __________
Character Map = charmap
------------------------------------
DirectX diagnosis = dxdiag
------------------------------------
Object Packager = packager
------------------------------------
System Monitor = perfmon
------------------------------------
Program Manager = progman
------------------------------------
Remote Access phone book = rasphone
------------------------------------
Registry Editor = regedt32
------------------------------------
File signature verification tool = sigverif
------------------------------------
Volume Control = sndvol32
------------------------------------
System Configuration Editor = sysedit
------------------------------------
Syskey = syskey
------------------------------------
Microsoft Telnet Client = telnet
------------------------------------

Friday, April 11, 2014

Heartbleed bug leaves millions of users vulnerable






Web administrators and computer security researchers on Tuesday scrambled to fix a serious vulnerability in OpenSSL encryption used by thousands of web servers, including those run by email and web chat providers. The bug, dubbed Heartbleed, "allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software".

In other words hackers or cyber criminals can use the Heartbleed bug to steal private encryption keys from a server that is using OpenSSL protocols of SSL/TLS encryption and then snoop on the user data, including passwords. There are reports that servers of Yahoo, Imgur and Flickr have been affected. However, this is around two-year-old bug and hence no one knows for sure how many people have exploited it at how many servers have been compromised.

The bug is so serious and widespread that Tor Project, which manages the anonymous Tor network, has advised web users to go offline for a while. "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," it said in a blog post.

OpenSSL Project has created a website called www.heartbleed.com to inform web users and web masters about the bug."The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users," explained a note posted on the website.

In a separate note OpenSSL Project said that the bug was discovered by Neel Mehta, a security researcher working with Google. It also said the "affected users should upgrade to OpenSSL 1.0.1g". The key bit to note here is that by users OpenSSL doesn't mean the web users but web server administrators who use OpenSSL protocols.
The reason why the Heartbleed bug has caused panic among server administrators and security researchers is because how it affects servers. "This bug has left large amount of private keys and other secrets exposed to the internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously," explained the Heartbleed website. "Leaked (private) secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will."

In an answer to a question — Am I affected by the bug? — the OpenSSL website notes, "you are likely to be affected either directly or indirectly".

"OpenSSL is the most popular open source cryptographic library and TLS implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS," noted the website.

To Consumers:

There are complex conditions as to whether your data may or may not have been retrieved, and you should assume details like passwords may have been stolen, but a blind reset of everything could actually make it more likely that you lose your details. You need to reset passwords once a provider has patched.

Attackers may soon start sending fake notifications and links pretending to offer help or magic solutions. Be extra cautious on the web, not just because of Heartbleed but also the cyber criminals tend to jump on hot topics to launch nasty code and secondary attack campaigns.

Fix / Solution:
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS

Mitigation Perspective:

From a technical mitigation perspective, check that your IT security team do the following. If you just apply the patch you haven’t really mitigated the risk. In some cases the vulnerability may have allowed attackers access to other sensitive security information or tokens, so additional steps may be required.

  • · Apply the patch
  • · Generate a new certificate and a new key (failure to do this and patch means attackers may still be able to intercept and man in the middle customers private content)
  • · Revoke the old certificate and key (important, many are forgetting this)
  • · Restart the service (many also forgetting this leaving the old secrets or version loaded)
  • · Validate you are no longer vulnerable with the numerous test scripts available.
  • · Check all your servers and services, not just the most obvious candidates. Backup servers, hot stand by and others may still be vulnerable.
  • · Check for any evidence of malpractice (though unlikely available) and instigate incident response procedures and customer notification as required. Perform a risk assessment too to identify any tokens or sensitive data that may have been lost which provide attackers with alternative channels.



Affected / Unaffected versions of Open SSL :


We are listing the affected / unaffected versions of Open SSL software’s as below:

Affected :

OpenSSL 1.0.2-beta

OpenSSL 1.0.1 - OpenSSL 1.0.

UnAffected :

OpenSSL 1.0.2-beta2 (upcoming)

OpenSSL 1.0.1g

OpenSSL 1.0.0 (and 1.0.0 branch releases)

OpenSSL 0.9.8 (and 0.9.8 branch releases)



Vulnerable OS:


Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Red Hat Enterprise Virtualization Hypervisor for RHEL 6 0
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Cisco TelePresence Video Communication Server (VCS) 0
Cerberus Cerberus FTP Server 4.0.9.8
CentOS CentOS 6


Cisco Vulnerable Products: 




Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
Cisco Desktop Collaboration Experience DX650
Cisco Unified 7800 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
Cisco IOS XE [CSCuo19730]
Cisco Unified Communication Manager (UCM) 10.0
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Small Cell factory recovery root filesystem V2.99.4 or later
Cisco MS200X Ethernet Access Switch
Cisco Mobility Service Engine (MSE)
Cisco TelePresence Conductor
Cisco WebEx Meetings Server versions 2.x

Tuesday, March 25, 2014

Changing your MAC on Windows XP

There are two ways two change your MAC Address on Windows, the easy way and the hard way. Mostly hacker use this for hiding or changing your indentity. . I'll discuss how to do both of them in this tutorial. 


Easy Way:

The first way to change it is, if your NIC (Network Interface Card) supports cloning your MAC Address. If this is the case then you go to.
Start > Control Panel > Network Connections

Right Click on your NIC card and goto properties. Then click the button labeled Configure. It should bring up another form. Click on the advanced tab. You should see under Property "Locally Administered Address" or "Network Address". Click the radio button next to the text box, and type in your new MAC address. (note you do not use the "-" when you enter your no MAC Address.

To check and see if it worked or not go to

Start > Run > and type in "cmd"

When the terminal comes up issue the command.

ipconfig /all
-----------------------------------------------------------------------------------------------------------------------------------------------
Hard Way:

To change your MAC Address the hard way, you first go to

Start > Run > and type in "cmd"

Once the terminal comes up type in

"net config rdr"

It should bring up alot of things, but what you are worried about is

NetBT_Tcpip_{ The Numbers Between here}

Copy the numbers in between there and write it down somewhere, seeing that you will need them later.

After you are done with that go to

Start > Run > and type in "regedt32"

That should bring up the windows registry. Once the registry is up go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

Click on the drop down menu and you should see the sub-categories

0000
0001
0002
and so on.

Click on each one and compare the "NetCfgInstanceId" Key with the number you wrote down earlier. Once you find a match double click on the key "NetworkAddress" and change the value to your new MAC address. Hit ok and reboot your system.