Posts from the ‘Awsome tricks’ Category

Access Restricted Sites And Internet From Lan Office School college!!!

How to access the protected and so called phished out sites in a college subnetwork or office subnetwork….ALso access the GTALK and Yahoo and any messenger and chatting softwares….?


lets say that ur behind a firewall in a lan subnet in which ur college school or office provides u internet but with restricted sites…that is u cant open any other site except those allowed….in my college we use a software to access sites out of restriction by a software named ultrasurf…its completely automatic and actually works….our college tried to stop us very vehemently but failed to restrict this software as its coding is just like vry hard to decrypt…anyways lets go!!!


Download a software from this site
….
http://www.wujie.net/downloads/ultrasurf/u.zip
(tested TROJAN FREE)
its called ultrasurf !!! 
see how it works… u just have to extract the exe file outta zip file….then run the exe file…it will automatically detect ur network and router or proxy server…theere are 3 bars which will be flooded with connectivity indicators….now ur free to access anything…..just change ur browsers ip to 127.0.0.1 and port to 9666 and u can access anything….works for chat softwares too..like gtalk and yahoo////


our college had restricted our download limit to 1 mb…but using this we had been downloading one whole movie everyday…..with full speed of 136kbp/s …since am in lan but can access internet as my college provides me so basicallyall i do gets recorded in college server logs…but using ultra doesn’t even leaves a piece of log behind u…..

Finding IP Address of the sender in the email

Finding IP Address Of the Sender In Hotmail!!


* Log into your Hotmail account with your username and password.
* Click on the Mail tab on the top.
* Open the mail.
* If you do not see the headers above the mail message, your headers are not displayed . To display the headers, follow these steps:


* Click on Options on the top-right corner
* In the Mail Options page, click on Mail Display Settings
* In Message Headers, make sure Advanced option is checked.
* Click on Ok button
* Go back to the mails and open that mail.


* If you find a header with X-Originating-IP: followed by an IP address, that is the sender’s IP address
* Hotmail headers : Daniel ,In this case the IP address of the sender is [68.34.60.59]. This is be the IP address of the sender.
* If you find a header with Received: from followed by a Gmail proxy like this
* Hotmail headers : Daniel
* Look for Received: from followed by IP address within square brackets[]. In this case, the IP address of the sender is [69.140.7.58].
* Or else if you have headers like this
* Hotmail headers : Daniel
* Look for Received: from followed by IP address within square brackets[].
* In this case, the IP address of the sender is [61.83.145.129] .
* If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.


Finding IP Address of the sender in Yahoo Mail!!


* Log into your Yahoo! mail with your username and password.
* Click on Inbox or whichever folder you have stored your mail.
* Open the mail.
* If you do not see the headers above the mail message, your headers are not displayed . To display the headers,
* Click on Options on the top-right corner
* In the Mail Options page, click on General Preferences
* Scroll down to Messages where you have the Headers option
* Make sure that Show all headers on incoming messages is selected
* Click on the Save button
* Go back to the mails and open that mail.
* You should see similar headers like this:
* Yahoo! headers : Daniel.
* Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109
* That is be the IP address of the sender!


Finding IP Address of the sender in Gmail !!


When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender.


* Log into your Gmail account with your username and password.
* Open the mail.
* To display the headers,


>> Click on More options corresponding to that thread. You should get a bunch of links. Click on Show original


* You should get headers like this:


>> Gmail headers : Daniel


* Look for Received: from followed by a few hostnames and an IP address between square brackets. In this case, it is 65.119.112.245.
* That is be the IP address of the sender!!


NOTE:=
This will not work if the sender uses anonymous proxy servers.

You can’t do this !

You can not make any folder named any of the following :

CON, PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9

And many more…

Reason :

This is because these are windows inbuilt ‘Reserved Device Names’ .

Just avoid these words and name anything else !

Tricks for how to hide the files in image files

** You require WinRAR installed on your PC for this trick.

** First add your files to .rar and i.e. say files.rar

** Say you have a image as img.jpg

** Now, save files.rar and img.jpg in c:\ drive.

** Click start >> Run

** Type cmd

** Now in command prompt type cd..

** Again type cd..

** Type copy /b img.jpg + files.rar new.jpg

————– Please Note ————–

>> This command will concatenate the two files into the new file new.jpg

>> Don’t type files.rar + img.jpg instead of img.jpg + files.rar.

>> Now, (size of new.jpg) = (size of img.jpg) + (size of files.rar) .

——————————————-

*** Mission Accomplished !!! ***

Now, we have new.jpg consisting of both img.jpg and files.rar .

Accessing the files :

** Double click new.jpg and img.jpg can be viewed.

** Now, to access files.rar :

# Right click on new.jpg >> Select Open With >> Choose Program…

# Select WinRAR archiver.

# Now, simply Extract your files !

Trace Websites !

My Exclusive… another contribution to Computer Tricks !

Surfing Internet…

Type in the url and Hit Enter, that’s it ?

But…

Have you ever thought what happens after that ?

Lets Trace n see what happens !

Do the following :

# Start >> Run

# Type cmd

# This will open the Command Prompt

# Type cd\

# Type tracert http://www.google.com

———————- Note —————————

You can replace http://www.google.com with any website url.

———————————————————

Results :

$ First line shows the IP address of the website…

$ You’ll be shown steps in which the website gets load !

$ More is the number of steps more is time taken to load the website !

That’s all !

Firewall bypass via protocol stegnography


::::::::::::::::::::::::::::::::::::::::
This paper demonstrates flaws in current firewall architecture through the use of protocol stenography.

Overview of Firewall Design
::::::::::::::::::::::::::-
Firewall design is basically split into three main areas:

Port blocking –
A port blocking firewall, does exactly what is says on the tin, it just blocks ports.
e.g. you want to allow traffic to travel from your network to only webservers, you would block all ports outgoing except port 80.

It is a very fast, cheap and very lightwieght on hardware. Unfortunatly it is very easy to bypass.

This type a firewall _should_ not be in use today as it is a trivial case to bind your RAT (Remote Access Trojan) to use port 80 on the way out.

Proxy –
A proxy firewall takes requests from an internal client for the relevant protocol and then passes it out as a request from itself to the internet. Then the reply is passed back to
the originating client. This is inherently secure because the client themselves have no _real_ connection to the outside world.
e.g. you only need a http proxy to only allow web access.

As there is no real connection a trojan has no route back to the attacker.

This is a very clunky solution, there is a need for a seperate proxy for every protocol the firewall needs to allow through, and the lack of transparency to the end user (every
client app need to be configured to use the proxy) bought up the third design.

Stateful Inspection –
Stateful inspection is similar to a port blocking firewall, except that when traffic travels out through port 80, to a web server, it is checked to make sure it is really http stuff. This
is a very effective method for firewalling as it makes the rebinding of a trojan a pointless task as the firewall will drop non (in this example) http traffic.

Bypass
::::::
In order to communicate with a RAT we need to be able to send AND recieve data to AND from the trojan and its control. We need an upstream and a downstream.

To communicate with a RAT through a firewall we need to identify an upstream and a downstream we can hijack to put our data in. I choose http. (It is usally allowed..)

Using http it is possible to bypass both http proxy firewalls and stateful inspection firewalls.

Upstream
::::::::
As a upstream, from the RAT to it’s control, I choose http GET request. A typical http get looks like this :

GET /somedir/somefile.html HTTP/1.0

Now to use this a covert data path is fairly easy, the RAT already inside the network, (sent as email, browser bug etc.) only has to append its data to the end of the GET
request and send it to the control (fake) webserver. e.g.

GET /somedir/somefile.html?covertdataleakingaway HTTP/1.0

The fake webserver at the control end will the pickup the sent URL drop everything before the question mark, leaving just our data, successfully sent out and through the
firewall, because it looked like a valid http GET request.

Downstream
::::::::::
For the downstream from the control to the RAT, a fake webserver is required, when sent a GET, after the control decodes the upstream, a webpage complete with images,
is served to our RAT via a standard http 200 OK reply. The data to be sent in the downstream can be anywhere in that 200 OK reply. I use stenography on the images, but
you could place it in the html if you wanted to.

Diagram
::::::-

RAT<::::stenographied images<::::control
RAT::::>http GET request::::::::>webserver

Conclusion
::::::::::
Using protocol stenography it is possible to bypass probably all firewalls. You would need to find out which protocols the firewall allowed and then locate redundant
information in that particular protocol. I use http as an example as it is the most usally allowed on a firewall.

This is a very hard hole to plug as a firewall needs to let through some valid traffic, and by hiding as that valid traffic we circumvent it’s security.

Demo client/server coming soon..

Top password hacking sites for free