This document provides instructions on how to hack passwords and create an FTP server on a PC. It discusses techniques like hashing, guessing, using default passwords, brute force attacks, and phishing to hack passwords. It also describes how to crack Windows passwords using tools like Cain and Abel. Additionally, it outlines the steps to obtain a static IP address, install and configure an FTP server software, and set up user accounts on the server.

1. TEKNIK HACK PASSWORD DALAM WAKTU SINGKAT 75%
-: Password Hacking :-
Password cracking is the process of recovering secret passwords from data that has been stored
in or transmitted by a computer system. A common approach is to repeatedly try guesses for the
password.
Most passwords can be cracked by using following techniques :
1) Hashing :- Here we will refer to the one way function (which may be either an encryption
function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can
recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords
that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately,
allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert
when used correctly.
2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking
programs armed with dictionaries (dictionary based) and the user's personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some
way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen
passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf,
or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order
of the letters.
and so on....
www.fadliwirya.com

2. In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a
single word found in a dictionary, and another 12 percent were a word plus a final digit; two-
thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special
characters too; is a strong password and can never be guessed.
Check Your Password Strength
3) Default Passwords :- A moderately high number of local and online applications have inbuilt
default passwords that have been configured by programmers during development stages of
software. There are lots of applications running on the internet on which default passwords are
enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive
information. A list containing default passwords of some of the most popular applications is
available on the internet.
Always disable or change the applications' (both online and offline) default username-
password pairs.
4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking
technique. Here an automatic tool is used which tries all possible combinations of available keys
on the keyboard. As soon as correct password is reached it displays on the screen.This
techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique
which is generally used to crack the passwords of e-mail accounts, and all those accounts where
secret information or sensitive personal information is stored by user such as social networking
websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the
victim, hoping that the victim gets fooled into entering the account username and password. As
soon as victim click on "enter" or "login" login button this information reaches to the attacker
using scripts or online form processors while the user(victim) is redirected to home page of e-
mail service provider.
Never give reply to the messages which are demanding for your username-password,
urging to be e-mail service provider.
www.fadliwirya.com

3. It is possible to try to obtain the passwords through other different methods, such as social
engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder
surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity
management system attacks (such as abuse of Self-service password reset) and compromising
host security.
However, cracking usually designates a guessing attack.
-: Windows-XP Password Cracking :-
Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.
First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.
Make sure that you have disabled the antivirus/firewall running on your system before installing
and throughout this process.
Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".
Brute-Force:- As this techniques takes more time to complete, the attacker prefer this
technique only when there is a hope that the password contain same type of characters or may be
two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should
contain less than 7 characters. Otherwise it takes more time to crack password, which may be the
mixture of all types of characters along with special symbols.
The step-by-step explaination for this technique is given below-
1) Open the tool "Cain and Abel"
www.fadliwirya.com

4. 2) Go into the category "Cracker" it displays all sub-categories under "Cracker"
in left panel.
www.fadliwirya.com

5. 3) Select "LM & NTLM Hashes" from left panel and then click on symbol, you will be
greeted by a window as shown.
www.fadliwirya.com

6. 4) Check "import hashes from local system" and then click "Next". This shows all the active
accounts on local system like administrator, guest, etc. along with LM and NT hashed values of
their respective passwords, as shown below.
www.fadliwirya.com

7. 5) Right clicking on any username shows all available options using which we can crack it's
password.
www.fadliwirya.com

8. 6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM
hashes to store local users' passwords.
7) You will be greeted by a window where you can modify properties for brute-force attack such
as password length, character set, etc.
www.fadliwirya.com

9. 8) Click on "Start" button.
9) On completion it will reveal the exact password.
www.fadliwirya.com

10. ShareThis
NEXT
-: Windows-XP Password Cracking :-
Cryptanalisys :- Basically, Cryptanalisys means Operations performed in converting
encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key
employed in the encryption.
This is the fastest technique of password cracking possible due to "Rainbow Tables".
A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for an
algorithm that does not usually permit this operation.
Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.e
brute-force). The steps coming after that are as follows-
5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables".
Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are
available free to download on internet.
Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can also
www.fadliwirya.com

11. create at own just by downloading rainbow table generator (winrtgen.zip of 181KB) free
download at "http://www.oxid.it/downloads/winrtgen.zip"
6) Click on "Add Table"
www.fadliwirya.com

12. 7) Browse for the location of rainbow table on your system, select proper table and click "open".
www.fadliwirya.com

13. 8) Select the loaded table and then click on "Start" button.
9) On completetion it will show the exact password.
www.fadliwirya.com

14. To learn windows password cracking techniques properly, one must understand "LM"
& "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow
Tables, etc.......!
ShareThis
-: IP Spoofing :-
The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged
(spoofed) source IP address with the purpose of concealing the identity of the sender or
impersonating another computing system.
Why it works ?
IP-Spoofing works because trusted services only rely on network address based authentication.
Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number
prediction.
How it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the
TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial
www.fadliwirya.com

15. to the process.
Internet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless
model, meaning there is no information regarding transaction state, which is used to route
packets on a network. Additionally, there is no method in place to ensure that a packet is
properly delivered to the destination.
Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header)
contain various information about the packet. The next 8 bytes (the next 2 rows), however,
contains the source and destination IP addresses. Using one of several tools, an attacker can
easily modify these addresses – specifically the “source address” field.
Transmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented
simply means that the two hosts participating in a discussion must first establish a connection via
the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and
acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and
all data segments recieved from the other end.
www.fadliwirya.com

16. As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing
information.
TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to
4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags)
is sequenced. The sequence number field in the TCP header will contain the sequence number of
the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP
header holds the value of next *expected* sequence number, and also acknowledges *all* data
up through this ACK number minus one.
TCP packets can be manipulated using several packet crafting softwares available on the
internet.
The Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is
discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP
sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed,
and a connection attempt is made to a service that only requires address-based authentication. If
successful, the attacker executes a simple command to leave a backdoor.
Spoofing can be implemented by different ways as given below -
Non-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as
the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the
potential difficulty of calculating them accurately.
Blind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order
to circumvent this, several packets are sent to the target machine in order to sample sequence
numbers.
www.fadliwirya.com

17. Both types of spoofing are forms of a common security violation known as a Man In The Middle
Attack. In these attacks, a malicious party intercepts a legitimate communication between two
friendly parties. The malicious host then controls the flow of communication and can eliminate
or alter the information sent by one of the original participants without the knowledge of either
the original sender or the recipient. In this way, an attacker can fool a victim into disclosing
confidential information by “spoofing” the identity of the original sender, who is presumably
trusted by the recipient.
IP spoofing is almost always used in what is currently one of the most difficult attacks to defend
against – Denial of Service attacks, or DoS.
CounterMeasures
1) Filtering at the Router :- Implementing ingress and egress filtering on your border
routers is a great place to start your spoofing defense. You will need to implement an
ACL (access control list)
2) Encryption and Authentication :- Implementing encryption and authentication will
also reduce spoofing threats. Both of these features are included in Ipv6, which will
eliminate current spoofing threats.
3) Initial Sequence Number Randomizing.
ShareThis
-: The ZIP of Death :-
1)
This is a exploit of the compression algorithms to make a small zip that will extract into extream
amounts their are more ways and better ones than this one but i will only show how to make a
simple 1k = 1m ratio.
1) Make a.txt file
2) Open and type the null character (alt + 255)
3) Press ctrl + a then ctrl + v a couple times to make some null bytes
4) If u have a hexeditor make the hex 00 for about 50 kilobytes.
5) Now make several copies of a.txt and name accordinly
www.fadliwirya.com

18. 6) Open cmd.exe
7) Type copy /b *.txt b.txt
8) Now every copy is made into a super copy and repeat
9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes.....!
The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555
Just add some more and the file will expand amazingly
Make sure to not open this after
You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz
ShareThis
-: Create An Ftp Server On Your PC :-
Process-1:
First of all u have to get an static IP-Address.
Need a a static ip-address for ur FTP Server.Necessity for getting this static ip-address is ur not
suppose to use ur own IP-Address.The main reason is u dont want to show ur IP-Address to
everyone , there are many other reasons too but leave them aside..
1) Goto no-ip & create urself a free account.
2) Now ur account been created & ll receive ur account password via mail to ur email address.
3) After getting ur password login to ur account of no-ip.com
4.After getting logged in, click upon add a HOST its on the left menu.
5) Type any hostname u want (eg:-abc) & select any domain from da given list (eg:-
ftpserve.com) Click on Submit.
6) Now u have owned ur own static address (example: abc.serveftp.com)
www.fadliwirya.com

19. 7) Now click downloads button which is present above on the page & click on which operating
system ur using & den download DNS update client or u can download it from here directly, this
is for microsoft window users..
8) After getting downloaded, u have to install this software & login here with ur email addresss
& p/w wen asked for it.
9) At last tick on da check box present at the static address.
10) U have ur own static web address.
Process-2:
Installation & setting of the FTP-Server
1) You have to install Serv-U 4.1.03 , download this software from here
2) Run Serv-U & use da wizard to setup ur FTP.
3) Click on next until u have been asked for IP-Address, leave it as it is & click upon next.
4) Enter ur domain name u have registered (example: abc.serveftp.com) it above in da domain
field & click upon next.
5) U ll be asked for anonymous access, select No & click upon next.
6) Next u ll be asked for creating a named account, select yes & click upon next.
7) Choose any user name u wish (eg:-xyz) & clcik upon next.
8) Enter password for dis account (eg:-adc341) for security purpose choose difficult password.
9) U ll be asked for da home directory for the account which u have created above.Select
directory & click upon next.
10) Click on yes for locking dis account to da home directory, doing dis da user cannot further
move up into home directory, click upon next.
11) At last ur account has been created click finish.
Process-3:
Configuring the user accounts which u have been created.
1) On the left tree-menu, select da account which u have been created above & den click upon
General Tab.
www.fadliwirya.com

20. 2) Goto Hide 'Hidden' Files.
3) Check Allow only and enter the number one in the box.
4) Set da maximum downloading speed upto wat extent u want.As this is an account so many ll
be using so set it low(eg:-10-20) to save ur bandwidth.Don't leave it blank as uers can download
with full bandwidth.
5) choose how many users u want to login at on time.It depends on ur connection speed try these
(56 - 1, ISDN - 3, ADSL or cable - 5-6 users.)
6) Click upon Dir Access Tab.
7) Now u can c home folder here.Highlight it & make ur permission.
8) If u want only users to download check only these Read,List & Inherit.
9) If u want ur users to upload into ur server & bu tto only 1 particular folder but not to
downlaod, click upon dat add button & then select dat folder, Now u have to highlight dat folder
& set these permissions on dat folder.Check,Write,Appened,List,Create & Inherit after setting
these permissions click on the arrow which is present at the bottom right-hand corner.U want dis
upload folder 2 be list first, before da home folder.
10) If der is any folder which u dont want anyone to access it, & it is present in the home folder,
den click da add button & den select da folder.Now u have to highlight dat folder & see dat no
all da checkboxes are left.After doing this click upon upper arrow which is present at bottom
right hand corner.
11) There are many things u can do, These are only the basics....
12) Your server is now ready to be connected..
13) Login with your username & password...
1)
ShareThis
2) -: Reveal *****(Asterisk) Passwords Using Javascript :-
3)
Want to Reveal the Passwords Hidden Behind Asterisk (****) ?
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
www.fadliwirya.com

21. 2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and
press 'Enter'.
4) javascript: alert(document.getElementById('Passwd').value);
5)
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
Note :- This trick may not be working with firefox.
-: Increase Broadband Speed Using Simple Tweak :-
A Simple Tweak (XP Pro only) which will increase your Broadband Speed.
Make sure you Log on as Administrator, not as a user with Administrator
privileges.
Follow the steps as given below-
1) Click on Start Button.
2) Select Run From Start Menu.
3) Type gpedit.msc
4) Expand the [Administrative Templates] branch.
5) Then Expand the [Network] branch.
6) Highlight(Select by Single Click) [QoS Packet Scheduler]
7) Double-click [Limit Reservable Bandwidth] (Available in Right Side
Panel)
8) Check(Select By Single Click on it) [Enabled]
9) Change [Bandwidth limit %] to 0 %
www.fadliwirya.com

22. 10) Click [OK] Button.
11) Restart Your PC.
12) Now Check Your Broadband Speed.
-: Wireless Hacking :-
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A
modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the
fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as
follows:-
1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a
station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated
with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service
Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment
the airwaves for usage.
2) Channels :- The stations communicate with each other using radio frequencies between 2.4
GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using
neighboring channels may interfere with each other.
3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to
encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to
protect wireless communication from eavesdropping. A secondary function of WEP is to prevent
unauthorized access to a wireless network. WEP encrypts the payload of data packets.
Management and control frames are always transmitted in the clear. WEP uses the RC4
encryption algorithm.
4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is
a program that intercepts and decodes network traffic broadcast through a medium. It is easier to
sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning
for open access points that allow anyone to connect, or capturing the passwords used in a
connection session that does not even use WEP, or in telnet, rlogin and ftp connections.
5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the
devices. A passive network scanner instructs the wireless card to listen to each channel for a few
messages. This does not reveal the presence of the scanner. An attacker can passively scan
without transmitting at all.
6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive
www.fadliwirya.com

23. scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe
Responses, Association Requests, and Reassociation Requests. Recall that management frames
are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning
7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use
later in constructing spoofed frames. The source and destination MAC addresses are always in
the clear in all the frames.
8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP
shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking
tool is AirSnort ( http://airsnort.shmoo.com ).
9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-
silent, through network security measures is virtually impossible. Once the attacker begins
probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can
be detected.
10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both
wired and wireless networks. The attacker constructs frames by filling selected fields that contain
addresses or identifiers with legitimate looking but non-existent values, or with values that
belong to others. The attacker would have collected these legitimate values through sniffing.
11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing
activity injects frames that are observable by system administrators. The attacker fills the Sender
MAC Address field of the injected frames with a spoofed value so that his equipment is not
identified.
12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination)
with a different address is known as IP spoofing. This is a necessary operation in many attacks.
13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is
carefully spoofed.
14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a
target that trigger useful responses. This activity is known as probing or active scanning.
15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user
interfaces
16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal
from it than what it receives from a legitimate AP.
17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing
services to authorized clients because of resource exhaustion by unauthorized clients. In wireless
networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the
www.fadliwirya.com

24. victim and its clients may not even detect the attacks. The duration of such DoS may range from
milliseconds to hours. A DoS attack against an individual station enables session hijacking.
18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens,
baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An
attacker can unleash large amounts of noise using these devices and jam the airwaves so that the
signal to noise drops so low, that the wireless LAN ceases to function.
19) War Driving :- Equipped with wireless devices and related tools, and driving around in a
vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless
networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as
“The benign act of locating and logging wireless access points while in motion.” This benign act
is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an
attacker can listen in without gaining physical access.
Tips for Wireless Home Network Security
1)
1) Change Default Administrator Passwords (and Usernames)
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely
2) -: BlueTooth Hacking :-
3)
Discovering Bluetooth Devices :-
Before any two bluetooth enabled devices can start communicating with one another,
they must carry out a procedure known as discovery. It can be carried out by scanning for
other active devices within the range.
Recommended Tools
BlueScanner
It will try to extract as much information as possible for each
newly discovered device Download
BlueSniff
It is a GUI-based utility for finding discoverable and hidden
Bluetooth-enabled devices Download
BTBrowser
It is a J2ME application that can browse and explore the technical
specification of surrounding Bluetooth enabled devices. It works
on phones that supports JSR-82 - the Java Bluetooth specification
Download
BTCrawler It is a scanner for Windows Mobile based devices. It also -----
www.fadliwirya.com

25. implements the BlueJacking and BlueSnarfing attacks
4)
Hacking Bluetooth Devices :-
There are a variety of different types of bluetooth related threats and attacks that can be
executed against unsuspecting mobile phone users. Following are some of the most
common types of threats :-
1) BluePrinting Attack :- Information gathering is the first step in the quest to break into
target system. Even BlueTooth devices can be fingerprinted or probed for information
gathering using the technique known as BluePrinting. Using this one can determine
manufacturer, model, version, etc. for target bluetooth enabled device.
Recommended Tools
BluePrint As the name suggests Download
BTScanner
It is an information gathering tool that allows attacker to query
devices without the need to carry out pairing Download
5)
2) BlueJack Attack :- Bluejacking is the process of sending an anonymous message
from a bluetooth enabled phone to another, within a particular range without knowing the
exact source of the recieved message to the recepient.
Recommended Tools
FreeJack Bluejacking tool written in JAVA -----
CIHWB
Can I Hack With Bluetooth (CIHWB) is a Bluetooth security
auditing framework for Windows Mobile 2005. Supports
BlueSnarf, BlueJack, and some DoS attacks. Should work on any
PocketPC with the Microsoft Bluetooth stack
Download
6)
3) BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile
phones through bluetooth, without knowing the victim. It involves OBEX protocol by
which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile
phone, hence also known as OBEX pull attack.
This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME
enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc.
an attacker can break into target mobile phone for stealing sensitive data such as address
book, photos, mp3, videos, SMS, ......!
Recommended Tools
Blooover
It is a J2ME-based auditing tool. It is intended to serve as an
auditing tool to check whether a mobile phone is vulnerable. It
can also be used to carry out BlueBug attack
Download
RedSnarf One of the best bluesnarfing tool -----
BlueSnarfer
It downloads the phone-book of any mobile device vulnerable to
Bluesnarfing Download
www.fadliwirya.com

26. -: BlueTooth Hacking :-
4) Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing
mechanism that is used to establish a connection between two bluetooth enabled devices.Not
only does it gives the attacker complete access and control over the target but also allows the
attacker to place strategic backdoors for continued access and entry.
5) BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain
complete control over the data, voice and messaging channels of vulnerable target mobile
phones.
Recommended Tools
BlueBugger Exploits the BlueBug vulnerability Download
Bluediving
It is a Bluetooth penetration testing suite. It implements attacks
like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, etc. Download
6) The bluetooth protocol allows devices to use 16 digit long pairing codes.
Unfortunately many applications continue to use only 4 digit pairing codes which can be
easily brute-forced. This is known as short pairing codes.
Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111,
1234, etc. So, easy to crack and gain access...!
Recommended Tools
BTCrack
BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack
aims to reconstruct the Passkey and the Link key from captured
Pairing exchanges
Download
-: Other Powerful BlueTooth Hacking Tools :-
Transient Bluetooth Environment Auditor :- T-BEAR is a security-auditing platform for
Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing
tools and various cracking tools. Download
BlueTest :- BlueTest is a Perl script designed to do data extraction from vulnerable
Bluetooth-enabled devices. Download
BTAudit :- BTAudit is a set of programs and scripts for auditing Bluetooth-enabled
devices. Download
www.fadliwirya.com

27. RedFang :- It is a brute force tool that finds even non-discoverable device.
Download
BlueAlert :- A windows based tool that runs on bluetooth enabled computer and alerts
the user each time a blurtooth device leaves or enters into its range.
BlueFang :- Similar to BlueAlert.
Bluestumbler :- One of the best BluePrinting tool.
Super Bluetooth Hack :- With this java software you can connect to another mobile
and ….
Once connected to a another phone via bluetooth you can-
 Read his/her messages
 Read his/her contacts
 Change profile
 Play ringtone even if phone is on silent
 Play songs
 Restart the phone
 Switch off the phone
 Restore factory settings
 Change ringing volume
 Call from his phone it includes all call functions like hold, etc.
Notes:-
1) When connecting devices use a code 0000
2) At start of program on smartphones do not forget to turn on bluetooth before start of
the mobile .
Download- Super_Bluetooth_Hack_v1.07.zip (99 KB)
What is 94FBR ??
goto google type like this–>
94fbr kaspersky
94fbr nero
94fbr winrar
94fbr avast
www.fadliwirya.com

28. 94fbr adobe photoshop
etc
94fbr followed by software name or software name followed by 94fbr,then click search you will
get the serial and cracks.
94FBR was part of a Microsoft Office 2000 product key that was released on the internet that
bypassed Microsofts activation system.Because it is a relatively uncommon term, when you add
it to your search queries, it will generally return results of pages listing illegal serial numbers.
enjoy it….
Get free domain names
There are many website which offer free domain names for some time.You can register and try
them
www.co.cc
you can register 3 domains as a free member and 100 domains if you pay them a fee of about $10
www.eu.tv
This is a new domain and you can register 3 domains for free and then you must pay.
www.co.tv
you can register 3 domains for free and pay from your 4th domain
There are many others
Display Message at Windows Startup
This is a simple registry trick by which you can display your message at windows startup.You
have to edit your registry.It will pop message just before a user is going to log on.Check the
following steps
1.Go to your registry
2. Navigate to
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and enter the value
that you want to see in the Menu Bar. Now create another new string value and name it:
LegalNoticeText
Now insert the message you want to display each time Windows startup
www.fadliwirya.com

29. Change My documents location in xp
I think many of you don’t know about this fact that the storage location of “My Documents” can
be changed. Its is safe , when crash or need to be formatted
Normally windows save the “My Documents” folder on your C-drive. But when you right-click
on it and go to properties, you can change the location where you want windows to save your
Documents folder.
Steps
1.Right-click on My documents
2.Go to properties
3.Change your location
This can be very useful when If windows hangs or become crupt and you have to format your C-
drive again,Then you documents will not be lost due to formating.
Hack Windows XP Administrator Password
This is one of the best method to Hack Windows XP Administrator Password.For hacking
admin you must have log in as guest or limited account.This methodod hacking sdmin is very
easy.You don’t need any software or live cd.All hacking is done manual.To hack XP admin
password follow these steps.Please backup your files which we are going to use here.
Method
1.Go to C:/windows/system32
2.Copy cmd.exe and paste it on desktop
3.Rename cmd.exe to sethc.exe
4.Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click
yes
5.Now press shift key 5 times you will get cmd prompt close that
6.Now Log out from your guest account and at the login screen,press shift key 5 times.
7.You will get commmand prompt there
Now type “ NET USER ADMINISTRATOR mypassword” where “mypassword” can be any
password and Administrator is name of admin account ,then press enter.
8.You will see “ The Command completed successfully” and then exit the command prompt.
www.fadliwirya.com

30. Thats done…You have hacked administrator password
If you have any problem comment here.Please backup your cmd.exe and sethc.exe if you are
trying this on your own computer.This works because of sethc.exe process Vulnerability in
Windows XP.You can search google for more information about it.
This method of hacking XP admin password can be used in your college lab where you have
limited or guest access to computers.
How to Send Fake & Anonymous email To Friend
There are many website which allows you to send fake and anonymous email.You can put your
own From address, To address, Subject and message and can play a prank with your friend or
whoever you want.Here is a list of some websites which you can use.You can play prank and fun
with your friend by sending fake email with his girlfriend email address.
Check it out
1.http://deadfake.com/
Deadfake – a site that lets you send free fake emails to anyone you like. Not only is it
anonymous, you can make it appear to come from anyone you choose.This is a good site to send
fake emails.This is best site to send fake emails.
2.http://funworld-free-mail.emailsender.mobi/
This a another site to send fake emails
http://www.anonymailer.net/
Anonymous email, often referred to as prank email, allows the user to send an email without
disclosing their identity. This site is not fully free you have to paid.You can check this by
sending fake emails to yourself.
If you have more sited to send fake Email To your Friend share it here.
Enjoy fake email prank
Don’t send any spam or other illegal things . Email is never really fully anonymous
Incoming search terms:
How to change START Text in XP
Its a very powerful tool & you can do almost anything wid this tool. Now since you just wanna
know how to change the “start” button…follow the steps:
1) After downloading the file….open ResHacker.exe
www.fadliwirya.com

31. 2) B4 dat go 2 C:WINDOWS n take d backup of explorer.exe & copy it to a different location.
Just 4 safety…there’s no danger in the method
3) Now as you’ve opened ResHacker.exe…goto File –> Open
Now look for explorer.exe in the path C:WINDOWS… click on it & open it
4) Once u open it u’ll see a list of items on d left side starting form Bitmap to 240
5) Now double click on “String Table”
6) Now if you have a “Classic look/style” for windows….double click on 38 else if you are
having a “Windows XP style” click on 37
7) When you double-click on either of these. you will see a no. 1033…click on it
Now if you are following a Windows XP style then on d text area u will see “start” written in d
manner i’ve written on line no. 578. Give d name u wnt but within d quotes. And 4 Windows
Classic Style…its written on line no. 595
9) After you write the name you want….click on compile script, a tabular button on top of text
area
10) Now most important…go 2 File & click on SAVE AS button & not save
11) Save it with any name u want…in C:WINDOWS folder. For e.g. explorerrahul.exe.
Don’t 4get 2 end the name u’ve given with d extention .exe & write the word “explorer” in front
of name u’ve given. It may work if u don’t write explorer too. But i haven’t tried it
12) Now exit ResHacker.exe & goto Start –> Run….type regedit & hit enter
13) Now goto HKEY_LOCAL_MACHINE –> SOFTWARE –> MICROSOFT –> WINDOWS
NT –> Winlogon & single click on it. On d right side look 4 “Shell REG_SZ Explorer.exe”.
Double click on Shell & write thename u’d given along with the extention .exe and remember,
the name that u had given for the “start”button and the name with which you saved it need not be
the same.
Click on Ok & exit. Log off & Log on, That DONE. Guyz it SAFE, plz don’t worry. Just do
exactly as i’ve said…and everything will run accordingly. You can try different things too…if
You dare. I’ve done it !!! ResHacker is power tool. Play around with it. And u’ll get to know
more.
Add Photos in My Computer Properties..
Add your Photos in My Computer Properties
www.fadliwirya.com

32. Todo this:
1. Open Notepad.
2. Type the following:
[General]
Manufacturer=”Your company name”
Model=Intel® Core™2 Duo
[Support Information]
Line1= Your phone number
Line2= address
Line3= Your email or website
3. Save as “oeminfo.ini” in the System32 folder.(Without Quote)
4. Create a bmp file(Your Photo) and save it the System32 folder as “oemlogo.bmp”(Without Quote).
5. Now Check your My Computer Properties.
And I just have done it………..!
XP game cheats:
Freecell
Secret – Instant Win
Instructions – Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you
want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.
Secret – Hidden Game Modes
Instructions – In the “Game” menu choose “Select Game”. Enter -1 or -2 to activate the hidden
game modes.
Hearts
Secret – Show All Cards
Instructions – Go to Start, Run, Type: ‘Regedit’, OK. Edit this registry key:
HKEY_CURRENT_USERSoftwareMicrosoft
WindowsCurrentVersionAppletsHearts
Right click on the Hearts folder, select New, String Value and name it ZB. Right-click on ZB,
select Modify and enter a Value Data of 42, OK and close Regedit. Start Hearts (not Internet
Hearts). Once in a game Press Ctrl + Alt + Shift + F12 to show all the cards.
How to make file undetectable
Use binding ,this is simple binding.In this tutorial you will see how to bind two files together
using WinRAR.This is useful if you are sending a file and you want it to extract and run straight
away.For this tutorial I will be using a simple .exe file (command[1].exe) and game.exe file
www.fadliwirya.com

33. Step 1:Get the files you want to bind.
Step 2:Highlight them both and add to archive.
Step 3:Change the name and select “Create SFX archive”
Step 4:Go to the “Advanced” tab at the top and click on “SFX options”
Step 5:In the “General” tab type in the name of the file you want to run after the extraction.
Step 6:Go to the “Modes” tab and select “Hide all”
Step 7:Go to the “Text and icon” tab and change the icon to something other than the WinRAR
icon
Step 8:Click “OK” on the advanced window and “OK” in the main window and it will create the
file.
Now when the user clicks on it extracts and automatically runs command[1].exe
This can be used in a variety of ways, you can experiment with the options to get different
results.
Incoming search term
How to Protect Your Web Server From Hackers ?
Creating your own website is not simply about putting some pages and information online.
Ensuring the security of your website is a bigger and highly crucial task. Most websites these
days have a dedicated web server that gives them the leverage to grow and develop further.
Basically the websites with a high volume of web traffic, a heavy database and complex
application specifications require an exclusive web server. It is extremely important to hack
proof your web server in order to protect your website and business.
There are a great number of hackers out there in the web world who are looking for opportunities
to exploit your web server and cause serious damage. These hackers look to deface the websites
with malicious content, use the scripts on the server to send out spam or phish out the personal
sensitive information of the website users. Such attacks also attempt to tamper with parameters
and gain access to confidential files or cross-site scripting or cookie poisoning to alter the
customer data. These kinds of invasions can prove to be fatal for e-commerce and finance based
websites. To prevent your web server from falling prey to such web attacks, here are some
important recommendations and anti hacking tips.You need to follow a two-pronged approach
to safeguard your web server from any hackers.
The first layer is a firewall that exists to block any unwarranted unused Internet ports. A good
firewall will use a rule based access system to allow only the legitimate users to enter and filter
www.fadliwirya.com

34. out as well as obstruct any malicious traffic from accessing the server. Also create strong
passwords that use a combination of characters, numbers and special characters in order to keep
the password hackers at bay.
The second element is to put in place an intrusion protection service. This is a more sophisticated
approach to deal with hackers wherein you stop the illegitimate entry of users at the source itself.
If a firewall works on the front line, an intrusion protection system works on the back end to deal
with the enemies. This involves putting all the compromised hosts in the quarantine section and
letting the genuine users move through efficiently. But setting up such an anti-hacking
arrangement is only the first step. The hackers are moving fast and ahead with newer techniques
to break into and sabotage the web servers. So, you need to continually update and monitor the
filters, blacklists and all other aspects.
Incoming search terms:
Command Prompt Tricks Tips & Hacks
There are lot of command prompt tricks and tips which many of us don’t know about.Command
prompt can be very useful if you know how to use.Just go to cmd and check the following cool
commands
1. systeminfo
With this command, you can retrieve the following information:
Host Name
OS Name
OS Version
OS Manufacturer
OS Configuration
OS Build Type
Registered Owner etc
2. driverquery
Get Installed Driver Information
3. ipconfig /all
information about your network connection and IP address
4. subst W: C:windows
Map A Drive Letter to a Folder
www.fadliwirya.com

35. 5. tasklist
List All Tasks Running On The Computer
6.taskkill /im programnames.exe /f
to Kill A Program
There are many other also will update soon
Blocking unblocking websites manually
Do The Following :
For eg you want to block www.xyz.com !
1. Open the folder C:WINDOWSsystem32driversetc
2. There you will find a file named HOSTS
3. Click on the file and press SHIFT and now right click on it .
4. From the right click menu select Open with .
5. Now, select Notepad to open the file from the list !
6. Now, in the file under the line 127.0.0.1 localhost add another line as 127.0.0.2 www.xyz.com.
7. Now, File>>Save !
For unblocking just follow the same procedure vice versa.
Ntoskrnl.exe Missing or Corrupt XP
Try the following method to fix this ntoskrnl.exe problem.Hope this will fix your problem
1.Start the computer by using your Windows XP CD-ROM. Press any key to boot from the CD.
2.After the setup files are finished loading press R to repair using Recovery Console.
3.When you are in the recovery console, select the installation to log on to (usually number 1),
and then press ENTER.
www.fadliwirya.com

36. 4.Login to the Administrator account by typing the password for this account, and then press
ENTER.
5.At the recovery console command prompt, type the following command, and then press
ENTER:
For Uni-Processor systems:
expand :i386ntoskrnl.ex_ :Windowssystem32ntoskrnl.exe For Multi-Processor systems:
expand :i386ntkrnlmp.ex_ :Windowssystem32ntoskrnl.exe Note In these two commands, the
placeholder represents the drive letter of your CD drive, and the placeholder represents the drive
letter of the hard disk on which windows is installed.
6.If you receive a prompt to overwrite the file, press Y.
7.Type exit, and press ENTER at the command prompt.
This method from microsoft support .If this does not work check the following help link
http://support.microsoft.com/kb/314477
Mozialla FireFox tricks
copy the line written in bold in address bar and hit enter..
chrome://browser/content/browser.xul
Opens another Firefox inside a tab in the the existing Firefox window.
chrome://browser/content/preferences/preferences.xul
:: Opens the Options dialog box inside the Firefox tab.
chrome://browser/content/bookmarks/bookmarksPanel.xul
:: Opens the “Book Marks Manager” inside a tab in the Firefox window.
chrome://browser/content/history/history-panel.xul
:: Opens the History Panel in the Firefox tab.
chrome://mozapps/content/extensions/extensions.xul?type=extensions
:: Opens the Extensions window in the current tab.
chrome://browser/content/preferences/cookies.xul
:: Opens the “cookies window” inside a tab in the Firefox window.
chrome://browser/content/preferences/sanitize.xul
:: Opens the “Clear Private Data” window inside the current tab.
www.fadliwirya.com

37. chrome://browser/content/aboutDialog.xul
:: Opens the “About Firefox” Dialog box inside the tab.
chrome://browser/content/credits.xhtml
:: A scrolling list of name.
www.fadliwirya.com