You all might be knowing about the “Write for Hungry Hackers” program that we had started few years back. This program has always got us some great minds. This time we have got another Hacker who will teach you some amazing and hardcore hacking stuff. I would like to introduce you to Irfan Shakeel, a new author for our blog. Irfan Shakeel is an Ethical Hacker/Security Researcher. He is a Telecommunication engineer and he is from Pakistan. He currently runs his own blog at http://www.ehacking.net and now he will write for us.

Irfan’s Expertise

Irfan’ s expertise include Penetration Testing. He has done a great job in the field of penetration testing. He has found some amazing loop holes in websites like Google, Facebook, Daily Motion etc. The following pic is just one of the example. If you want to read more about his endeavors you can click here.

I would like to wish him luck for his journey as an author on Hungry Hackers.

• XSS Cross Site Scripting Attack
• Hack a Website Using Remote File Inclusion

Yes! He is Rafay Baloch. For those who don’t know him, Rafay is an  Ethical Hacker, Internet marketer and a Web Entrepreneur. So I decided to take an interview of Rafay Baloch to know some of his secrets about Hacking and what all projects he is working on right now.

Hungry Hacker: “How did you get into the Hacking scene?”

Rafay: “4 years back I was one of the newbie trying to learn Hacking. I used to ask stupid questions to the people whom I admired as Hacker and you were one of them. Subsequently, as I went deep into this subject I found that there is no silver bullet to Hacking. I did a lot of research on many topics and understood what Hacking was.”

Hungry Hacker: “I am very pleased to hear that Hungry Hacker played a role in making you such a good Hacker. Tell my users some thing about Hacking that others don’t know?”

Rafay: “Lot of people are curious to learn Hacking but they usually don’t know where to start. Getting started is one of the most difficult thing in becoming a Hacker. If you get good start, it becomes a lot easier for you. For example If you fill air in a balloon you will notice that first two breaths are difficult to make once you make them it gets lot easier for you to fill rest of air.”

Hungry Hacker: “Yes. That is true and I think your book ‘A Beginner’s Guide to Ethical Hacking‘ is one of the best ways to Start. Tell us something about it?”

Rafay: “Well I wrote my book for absolute beginners who are willing to get in the field of Ethical Hacking. It is a complete package for all those who are curious to become Hackers. It covers a wide variety of topics which includes password hacking, windows hacking,  email hacking, social engineering and much more.”

Hungry Hacker: “What are the projects that you are currently working on?”

Rafay: “I have just launched my new ‘Facebook Hacking Course‘  and currently working on a new book ‘An Introduction to Keyloggers, Rats and Malware‘”.

Hungry Hacker: “What did you include in this Facebook Hacking Course and who all should take up this course?”

Rafay: “The reason why I formed this course is because everyday my users used to ask me questions like ‘How do I hack facebook‘, ‘How do I hack myspace‘ or ‘How do I hack orkut’. Technically the methods used by hackers to hack either a facebook account, myspace account or any other email account are same. Moreover, a lot of people have a misconception that there is a ready made program or software which can hack a password for you but in reality all these programs are scams and are there to take your money. So I decided to form a course which is basically a video set to teach people the exact methods used by hackers to hack your facebook accounts. So the users can protect themselves from getting hacked. In short this course is for those people who would like to learn how hackers hack email accounts and want to protect their own email accounts from getting hacked.”

Hungry Hacker: “Lastly, what would you like to tell all the newbie hackers?”

Rafay: “Newbies make this mistake that they pick any topic related to hacking try it once or twice after failing to succeed they rush to different topic, Instead stick to that topic and do not move to another topic until and unless you are finished.”

Hungry Hacker: “Thank you Rafay for your time and sharing your thoughts with us.”

Friends, to get your copy of Rafay’s E-book on ‘A Beginner’s Guide to Ethical Hacking‘ just Click Here. You can also get enrolled into to Rafay’s newly launched ‘Facebook Hacking Course‘ by visiting his Website.

The Oracle database is popular with large corporations and governments for recording large volumes of online transactions.

The hacking tool was developed in the open source Metasploit cooperative, which had hosted a seminar at the conference. According to the Metasploit website, students will learn how to create custom modules to solve specific tasks, launch widescale client-side attacks, operate a malicious wireless access point, generate custom backdoors, bypass intrusion prevention systems, and automate the post-exploitation process. The course shows how to use new features in the Metasploit softwre for penetration tests.

In February security researcher and Metasploit co-developer Chris Gates, who runs the Carnal0wnage website, showed how to attack Oracle using Metasploit. A video of the attack (below) was posted on the Toolbox for IT blogs.

Attacking Oracle with the Metasploit Framework Shmoocon Firetalk Demo Video from carnal0wnage on Vimeo.

Reuters reported that Oracle has released a patch that protects against Metasploit. However, many firms are lax about applying patches, opening their information to hackers.

Metasploit has created other tools to hack other software programs, including Microsoft Windows, Apple’s OSX, Linux and Posix operating systems, as well as the Firefox and Internet Explorer browsers and applications such as Office and Adobe’s PDF applications.

Meanwhile, Mandiant, another security firm, says it has developed a tool that can detect Metasploit attacks. It says Metasploit’s Meterpreter software lets developers write code in DLL files and execute everything in memory. This means nothing is written to disk where it might be detected.

Testers and hackers can use Meterpreter to download and upload files, execute code, and open its own command shell. The new tool can tell if Meterpreter is still in memory, and, if so, which files Meterpreter has accessed, and whether it has changed a registry key.

You all might be knowing about the “Write for Hacking Truths” program that we had started few months back. As I have entered the Final year of my B. Tech I am not getting much time to post and manage this Community and so I was searching for a new writer who could join hands with me and serve you all with useful hacks and tutorials which will help you to raise your level of Hacking Knowledge.

Finally I have found a new hungry hacker who will write on Hacking Truths along with me. Let me introduce you to Amol Wagh, who himself is owner of more than 5 blogs and has proved himself with very detailed Hacks and Tutorials that he has posted on his blog. He would be writing on topics like ‘Network Hacking‘ and ‘Penetration Testing‘. Lets hear it from the Amol himself.

Amol : “Its been a great pleasure to introduce myself to Hacking Truths Community, But just wish to let you know that I am not new to the blogsphere. I am blogger since 2007 started of with www.hackersenigma.com and now I own more than 5 blogs on digital technology (www.digitalconqurer.com), SEO (www.seobloggingtips.com), computer graphics  & Eco friendly constructions.

I am also a column writer at Nashik Times (Times of India). Besides that I am also working with www.devilsworkshop.org & www.geniushackers.com

I was like always passionate about the hacking stuff. It took almost 2 years, when I actually hacked some thing & thereby my journey as a hacker started & I am living it from last 4  years. At hackers enigma I blog about ethical hacking, network security & all subsequent topics like penetration tests, vulnerabilities, exploits & something that real hackers does. I don’t believe in ‘How To’ stuff, because you could never explorer your own potential to do things with such stuff.

I can assure that I will provide you all things including information about tools, techniques & information about ‘Black ‘ & ‘White hat hackers’

I was always afraid that Before some years when I started learning this ‘hacking things’ No clear guidelines were defined even on internet, all books I came across was outdated & all fake things & How to’ s were spread all over internet.

With this blog I would like to initiate some posts that can actually take you to level of being hacker.

Hacking is all about curiosity, It gives birth to creativity, everything that come across you – you look at it by your own way, wish to use it as you want it. All you want to do is have whatever you want it.

Its like leaving a dream when you can crack & hack things. But not simple as I am saying it. It takes years of practice with constant & never ending improvement.

You need to learn all the things – Networks, Open source, mobile phones, coding , web programming & what ever else that came across you. But you can become expert in one of it. Still you have to go through all. Trial & error method is adopted & it is only method you can try.

So folks, Get ready for some real hacking stuff. Hoping for positive response from all of you, ask questions, make criticism – That is all I wish to go thing like. So that Your & my knowledge could raise standards. . .”

Here is a list of 50+ FTP sites that will allow you download content for free. Don’t forget to share and bookmark this page so that everyone can take advantage of it.

1. ftp://ftp.freenet.de/pub/filepilot/
2. ftp://193.43.36.131/Radio/MP3/
3. ftp://195.216.160.175/
4. ftp://207.71.8.54:21/games/
5. ftp://194.44.214.3/pub/music/
6. ftp://202.118.66.15/pub/books
7. ftp://129.241.210.42/pub/games/
8. ftp://clubmusic:clubmusic@217.172.16.3:8778/
9. ftp://212.174.160.21/games
10. ftp://ftp.uar.net/pub/e-books/
11. ftp://129.241.210.42/pub/games/
12. ftp://193.231.238.4/pub/
13. ftp://207.71.8.54/games/
14. ftp://194.187.207.98/video/
15. ftp://194.187.207.98/music/
16. ftp://194.187.207.98/soft/
17. ftp://194.187.207.98/games/
18. ftp://ftp.uglan.ck.ua/
19. ftp://159.153.197.74/pub
20. ftp://leech:l33ch@61.145.123.141:5632/
21. ftp://psy:psy@ftp.cybersky.ru
22. ftp://130.89.175.1/pub/games/
23. ftp://194.44.214.3/pub/
24. ftp://195.116.114.144:21/
25. ftp://64.17.191.56:21/
26. ftp://80.255.128.148:21/pub/
27. ftp://83.149.236.35:21/packages/
28. ftp://129.241.56.118/
29. ftp://81.198.60.10:21/
30. ftp://128.10.252.10/pub/
31. ftp://129.241.210.42/pub/
32. ftp://137.189.4.14/pub
33. ftp://139.174.2.36/pub/
34. ftp://147.178.1.101/
35. ftp://156.17.62.99/
36. ftp://159.153.197.74/pub/
37. ftp://193.140.54.18/pub/
38. ftp://192.67.63.35/
39. ftp://166.70.161.34/
40. ftp://195.161.112.15/musik/
41. ftp://195.161.112.15/
42. ftp://195.131.10.164/software
43. ftp://195.146.65.20/pub/win/
44. ftp://199.166.210.164/
45. ftp://195.46.96.194/pub/
46. ftp://61.136.76.236/
47. ftp://61.154.14.248/
48. ftp://62.210.158.81/
49. ftp://62.232.57.61/
50. ftp://212.122.1.85/pub/software/
51. ftp://193.125.152.110/pub/.1/misc/sounds/mp3/murray/

Hello Friends,

Today the RSS Feed Subscribers of Hungry Hacker has crossed 3000 and the Hungry Hacker’s Community has crossed 1000 Registered Members. So to Celebrate this we are going to give away free Genuine Kaspersky Anti Virus 2009 Keys with 6 months of Validity to all the Subscribers. We will be giving Genuine Kaspersky Anti Virus 2009 Keys with 6 months of Validity to 20 randomly selected subscribers. The Users who win Key will be Selected by Random function.

Who are the Eligible Participants?

All the Users who have Subscribed to Hungry Hacker’s Feed via any Reader or via Email upto Midnight 31st March 2009 are eligible to Win a Genuine Kaspersky Anti Virus 2009 Key with 6 months of Validity.

Subscribe Now

If you are not a Subscriber of Hungry Hacker’s feed still it is not Late. You can Subscribe to Hungry Hacker’s Feed via any Reader or via Email:

Winners Announced on 1st April

To check if you have won visit this Link. There also a Surprise Gift for all of you so make sure that visit the given link.

Myth 1 – I don’t keep important things on my PC, so I don’t have to worry about security. Your PC can be infected over internet

Long time ago,this was partially true… but the hybrid worms and viruses of today like Blaster, hidrag and others blindly spread across internet to thousands or millions of PCs in a matter of hours, without regard for who owns them, what is  stored there, or the value of the information they hold for the sole purpose of wreaking havoc. Even if your computer is not attacked directly, it can be used as a zombie to launch a denial-of-service or other attack on a network or to send spam or pornography to other PCs without being traced. Therefore, your civic responsibility is to protect your PC so that others are protected.

Myth 2 – I can protect my PC if I disconnect from the Internet or turn it off when I’m not using it.

Wrong. You are a target, If you connect to the Internet at all. You could download a virus when you connect to internet and it may not be activated immediately, not until you read your email offline days after. Viruses nowadays spread wildly through USB/Pen drives, pirated cd’s or torrents or file from networks. But now you can protect your business from internet threats with the top web security software

Myth 3 – I can protect myself from viruses by not opening suspicious e-mail attachments. Some viruses simply get activated by reading or previewing an e-mail

Wrong again. The next virus you get may come from your best friend’s or boss’ computer if his e-mail address book was compromised for simulating an attack. Hybrid worms can enter through the Web browser through loopholes and it is possible to activate some viruses simply by reading or previewing an e-mail. You simply must have a PC-based antivirus package or a firewall.

Myth 4 – I have a Macintosh (or a Linux-based system), not a Windows system, so I don’t have to worry about being attacked.

It is true that most attacks target Microsoft Windows–based PCs, but there have been attacks against Mac OS and Linux systems as well. Some experts have predicted that the Mac virus problem will get worse, because Mac OS X uses a version of Unix. And although these systems have some useful security features, they can still be attacked.

Myth 5 – My system came with an Anti-virus package, so I’m protected.

Not quite. Firstly, if you haven’t activated your antivirus to scan incoming web traffic automatically, you don’t have a good Anti-virus and malware protection software. Secondly, new threats appear daily, so an antivirus package is only as good as its last update so its a must to activate the auto-update features to keep your guard up against the latest  threats. Thirdly, an antivirus package can’t protect you from every threat. Malwares, spywares are running in the wild out there and every now and then malicious code penetrate weak systems. You need a combination of solutions, including, at minimum, antivirus, a personal firewall ,an anti spyware/malware package and a plan for keeping your operating system and software up to date with security patches.

If you receive a phone call on your Mobile from any person saying that they are checking your mobile line, and you have to press #90 or #09 or any other number. End this call immediately without pressing any numbers. Friends there is a fraud company using a device that once you press #90 or #09 they can access your SIM card and make calls at your expense. Forward this message to as many friends as u can, to stop it. This information has been confirmed by both Motorola and Nokia. There are over 3 million affected mobile phones. You can check this news at CNN web site also.

Regards,
Hungry Hacker

Just give a missed call on +41445804650 and u’ll get a call back from your own number…

U wont be charged anything for giving missed call.

I did try to google it and came accross this article in yahoo answers.

Seems to be a new Telecom technology. Whatever it is surely it is a strange!!! [ A bit like chetan bhagat`s "one night @ a call center"]

But most people don’t use it to its best advantage. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number.

But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Google’s search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of Google’s lesser-known options.

Syntax Search Tricks

Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages. Google has a fairly complete list of its syntax elements at:

www.google.com/help/operators.html

Here are some advanced operators that can help narrow down your search results.

Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.

Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as

www.mysite.com/index.html

You can also enter intext:html.

Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in

link:http://www.hungry-hackers.com

Try using site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.

Swiss Army Google

Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

Lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”

Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.

Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Extended Googling

Google offers several services that give you a head start in focusing your search. Google Groups

(http://groups.google.com)

indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: Froogle
CODE
(http://froogle.google.com),

which indexes products from online stores, and Google Catalogs
CODE
(http://catalogs.google.com),

which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at

www.google.com/options/index.html

You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(www.googlealert.com)

monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).

This service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com),

a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out). With Google Voice Search

(http://labs1.google.com/gvs.html),

you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free from
CODE
www.google.com/apis

Thanks to its many different search properties, Google goes far beyond a regular search engine. Give the tricks in this article a try. You’ll be amazed at how many different ways Google can improve your Internet searching.

Online Extra: More Google Tips

Here are a few more clever ways to tweak your Google searches.

Search Within a Timeframe

Daterange: (start date–end date). You can restrict your searches to pages that were indexed within a certain time period. Daterange: searches by when Google indexed a page, not when the page itself was created. This operator can help you ensure that results will have fresh content (by using recent dates), or you can use it to avoid a topic’s current-news blizzard and concentrate only on older results. Daterange: is actually more useful if you go elsewhere to take advantage of it, because daterange: requires Julian dates, not standard Gregorian dates. You can find converters on the Web (such as

CODE

http://aa.usno.navy.mil/data/docs/JulianDate.html

excl.gif No Active Links, Read the Rules – Edit by Ninja excl.gif), but an easier way is to do a Google daterange: search by filling in a form at

www.researchbuzz.com/toolbox/goofresh.shtml or www.faganfinder.com/engines/google.shtml

If one special syntax element is good, two must be better, right? Sometimes. Though some operators can’t be mixed (you can’t use the link: operator with anything else) many can be, quickly narrowing your results to a less overwhelming number.

More Google API Applications

Staggernation.com offers three tools based on the Google API. The Google API Web Search by Host (GAWSH) lists the Web hosts of the results for a given query

(www.staggernation.com/gawsh/).

When you click on the triangle next to each host, you get a list of results for that host. The Google API Relation Browsing Outliner (GARBO) is a little more complicated: You enter a URL and choose whether you want pages that related to the URL or linked to the URL

(www.staggernation.com/garbo/).

Click on the triangle next to an URL to get a list of pages linked or related to that particular URL. CapeMail is an e-mail search application that allows you to send an e-mail to google@capeclear.com with the text of your query in the subject line and get the first ten results for that query back. Maybe it’s not something you’d do every day, but if your cell phone does e-mail and doesn’t do Web browsing, this is a very handy address to know.