On This Blog Now You can get knowledge about how to to do hacking and also Know how to prevent from hacking and know many tips And tricks of computer and internet
Click Here To Know Many Tricks and Tips Of HACKING facebook,twitter and other accounts and passwords
Click Here to know how to protect your computer and inetrnet from hacking and know hacking safety and security tips and tricks
Click On Picture For TWITTER And Click On This Tittle For FACEBOOK .Hacking And Security Tips Of facebook and twitter.Know how to byepass facebook login and twitter login
Click On Above Picture For GMAIL Hacking And Security Tips . And.Click On This Title For YAHOO Hacking and security tips
If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.
This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.
What is SQL Injection?
SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.
Is your site vulnerable?
If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.
In the password field, type or paste this:
x' or 'a' = 'a
If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:
x' or 1=1--
Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.
If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.
The technical stuff
If you were able to log in, then the code which generates the SQL for the login looks something like this:
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'
But when you enter
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'
Notice that the string:
If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?
How to defend against this type of attack
Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:
$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
Now when the SQL is built, it will come out as:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'
Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.
This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.
This has just been a brief overview. There are many more hacking techniques than SQL Injection; there are many more things that can be done just using SQL Injection. It is possible to directly change data, get access to confidential information, even delete your whole database — irrespective of whether the hacker can actually log in — if your website isn't set up correctly.
If you are hungry for more, this detailed article from SecuriTeam explains other techiques hackers might use, as well as some of the methods hackers use to work out the structure of your database, the userid of the admin user, gain access to your system's configuration, etc.
Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.
Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.
What You'll NeedUnless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need:
- A compatible wireless adapter—This is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon. Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead. The guy in this video below is using a $12 model he bought on Ebay (and is even selling his router of choice). There are plenty of resources on getting aircrack-compatible adapters out there.
- A BackTrack 3 Live CD. We already took you on a full screenshot tour of how to install and use BackTrack 3, the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started. (I tried the BackTrack 4 pre-release, and it didn't work as well as BT3. Do yourself a favor and stick with BackTrack 3 for now.)
- A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success.
- Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.
Crack That WEPTo crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands.
First run the following to get a list of your network interfaces:
The only one I've got there is labeled
ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).
Now, run the following four commands. See the output that I got for them in the screenshot below.
If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.
airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)
Now it's time to pick your network. Run:
To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.
Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.
Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:
Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)
You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:
Here the ESSID is the access point's SSID name, which in my case is
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face.
You're almost there. Now it's time for:
Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
yoyonetwork on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.)
Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the
yoyoAP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.
Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:
Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension.
aircrack-ng -b (bssid) (file name-01.cap)
If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:
Problems Along the WayWith this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice that the last screenshot up there doesn't look like the others—it's because it's not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data for aircrack to decrypt the key.
So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on deadline—Murphy's Law almost guarantees it won't work if you're on deadline.
Popular What is SharePoint 2010? Vision and Reality view comments Microsoft's BUILD Conference Windows 8 Blowout #bldwin view comments The Art of SharePoint Success: 10 Reasons Why SharePoint Projects Fail view comments Social Business Doesn't Mean What You Think It Does, Neither Does Enterprise 2.0 view comments Must-Have Apps for the Mobile Worker view comments The Evolution of Collaboration and Online Communities: Measuring what Matters view comments Why Content Management is Not Social Business view comments Social Business Software or Enterprise 2.0 Platform? view comments Send us a tip! How They Hack Your Website: Overview of Common Techniques
When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.
SQL InjectionSQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a Username field:
' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ?USRTEXT '
AND password = ?PASSTEXT?
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ?' OR 1=1 — 'AND password = '?
Two things you need to know about this:
['] closes the [username] text field.
'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.
But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
- ') or ('a'='a
- ”) or (“a”=”a
- hi” or “a”=”a
Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view this PDF if you'd like to learn more.
SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
Further, as VoIPWiki points out, if Skype decides to add advertisements to their client, these can be bypassed with this 3rd party Skype client.
Skype has responded with this statement, “Skype is aware of the claim made by a small group of Chinese engineers that they have reverse engineered Skype software. We have no evidence to suggest that this is true. Even if it was possible to do this, the software code would lack the feature set and reliability of Skype which is enjoyed by over 100m users today. Moreover, no amount of reverse engineering would threaten Skype’s cryptographic security or integrity.”
Great spin by Skype, eh? If this hack is confirmed, then the $3 billion eBay spent on acquiring Skype makes the failed Vonage IPO look like a real winner in comparison.
Maybe if Skype does indeed get reverse engineered and their "secret sauce" is out there for anyone to use, Skype will decide to adopt the industry SIP standard so anyone can communicate with the Skype software. Nah. Not likely anytime soon.
Here's a screenshot of the hacked Skype client:
The best personal toolbar specially crafted to manage your email, chats, updates, and almost everything, and it's free!
It's 100% safe. We DO NOT store any information in any form!
Download Hackers Most PopularToolbar! Internet Explorer
Download now with Instructions - All other
How to Reset a BIOS Password
**** New Trick ****
At command prompt type debug
you will get a - prompt where you can type the fallowing (<enter> means hit enter, not type enter*)
MOV AX,0 <ENTER>
MOV AX,CX <ENTER>
OUT 70,AL <ENTER>
MOV AX,0 <ENTER>
OUT 71,AL <ENTER>
INC CX <ENTER>
CMP CX,100 <ENTER>
JB 103 <ENTER>
INT 20 <ENTER>
<ENTER> just hit enter on this line
Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.
Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.
Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.
Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
O 70 17
O 71 17
O 70 FF
O 71 17
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.
Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.
Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.
To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.
Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.
Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
5v 75--| |
| CHIPS |
1 * | |
| P82C206 |
| gnd | 5v
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
81 -| |- 50
| OPTi |
| F82C206 |
|| | |
1 || | | 30
Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
24 20 13
| DALLAS |
| DS12885S |
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13
Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .
Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.
Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.
Clear Cmos, jumper.That is the way how I solve problem when customer forgets password.
There are a few different ways to reset the cmos, here's a few:
1. there are many default common passwords,
At boot-up note the BIOS provider (Award, AMI, Phoenix, IBM, etc.)
For Award BIOS' try these backdoor passwords:
For AMI BIOS' try these backdoor passwords:
For PHOENIX BIOS' try this backdoor password:
there are too many to count here's a list
(search for PC BIOS)
2. On some older PC's pressing the insert key upon startup will clear
the CMOS, make sure you hold it down till it's done booting.
3. Another way which we pretty much already covered, was to pull the
metallic nickel looking battery that supplies power to the CMOS.
4. Some times there is a small three pin jumper used to reset the bios,
just move the black little pin cover to the opposite two pins.
(Make sure to read the motherboards manual before this)
5. If the battery is soldered in you can take a soldering iron to it but
I don't recommend it unless you are a professional.
6. there are a few programs out on the net which are made to crack
certain types of bios passwords, I have one for award BIOS's here's a
A CMOS password, if present, is one that you must enter when the computer is booting up. It comes before a network or operating system password. You will not be able to run any programs, view files or even enter the operating system if you do not enter this password. If you find you'd like to change the password, this can be done by restarting your computer and entering the CMOS setup. CMOS setup is usually entered by typing a certain key or combination of keys as your computer is booting up. The DEL (delete) key or Ctrl/Enter are common ones. However, your BIOS should show a line explaining which key(s) to type to enter SETUP, BIOS SETUP, OR CMOS SETUP. There should be a password option in the setup program. If you are not able to find this option you will need to consult the manual that came with the computer or motherboard. If you have forgotten your password you will need to clear it by physically changing jumpers on your motherboard to short out certain pins, thereby erasing the password. The location of these pins varies from motherboard to motherboard, so you will need to refer to your computer or motherboard's manual. Some motherboards have a default password. For example, the AMI BIOS default password is "AMI". Check your computer or motherboard manual for the default password. It's worth trying this password if you don't know, or have forgotten the CMOS password. Some older computers required you to have a "reference disk" in order to make changes to the CMOS settings, which would include the password.
1. Sniper Spy (Remote Install Supported)
Editors Rating: 8/10
Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access!
Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel!
This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands!
1. SniperSpy is remotely-deployable spy software
2. Invisibility Stealth Mode Option. Works in complete stealth mode. Undetectable!
3. Logs All Keystrokes
4. Records any Password (Email, Login, Instant Messenger etc.)
5. Remote Monitor Entire IM Conversations so that you can spy on IM activities too
6. Captures a full-size jpg picture of the active window however often you wish
7. Real Time Screen Viewer
8. Remotely reboot or shutdown the PC or choose to logoff the current Windows user
9. Completely Bypasses any Firewall
What if i dont have physical acess to victims computer?
This software remotely installs to your computer through email. Unlike the other remote spy titles on the market, SniperSpy is fully and completely compatible with any firewall including Windows XP, Windows Vista and add-on firewalls.
The program then records user activities and sends the data to your online account. You login to your account SECURELY to view logs using your own password-protected login. You can access the LIVE control panel within your secure online account.
Why would I need SniperSpy?
Do you suspect that your child or employee is inappropriately using your unreachable computer? If yes, then this software is ideal for you. If you can't get to your computer and are worried about the Internet safety or habits of those using it, then you NEED SniperSpy.
This high-tech spy software will allow you to see exactly what your teenager is doing in MySpace and elsewhere in real time. It will also allow you to monitor any employee who uses the company computer(s).
Sniperspy No 1 PC Spy software
HowToHackAccounts.com presents – ACCT Hacker Ver. 1.0 – NEW !! Unlock passwords to any major account.
Before you get all excited please remember that this is a BETA stage and there are a few bugs.
The program utilizes a loophole in Apache which spits out data on request. Thanks to our covert team of coders we are proud to bring you the first release (ver. 1.0) – This tool IS FREE in beta stages but once we get the bugs worked out there will be a charge for it. Please report any bugs to email@example.com
Currently unlocks the password for the following:
- Youtube (a little buggy but works)
- Yahoo (still buggy)
- Many other accounts (too many to name)
- Steam Accounts
- Brazzers Accounts
- Rapidshare Accounts
Please read the attached PDF file before launching the program. The program requires the LASTEST .NET framework installed (you can get it @ Microsoft.com) and a couple of VB runtime DLL’s. (You can download a full package of DLLs on their site, this way there is no guess work)
PLEASE USE AT YOUR OWN RISK !! THIS IS FOR TESTING PURPOSES ONLY AND SHOULD NOT BE USED TO HARM OTHERS. HOWTOHACKACCOUNT.COM WILL NOT BE HELD RESPONSIBLE FOR ANY DAMAGES THAT MIGHT OCCUR.
Thanks to the team who coded this gem:
VIzi0n – PadMunchkin – ZubZ3R0 – W0RLD1SM1N3
DOWNLOAD: (pass in our Facebook area)
I will cover 4 methods over here:
1. Facebook Phishing
3. Social engineering
4. Primary email address hack
This is my second favorite, as only thing you have to do is remotely install a keylogger application (if you don't have any physical access to victim computer). Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use these logs to get required Facebook password and thus can hack facebook password. I have posted detailed information of top keyloggers in the trade for more information see my password hacking softwares section
3. Social engineering:
This sounds to be pretty not working at beginning. Even I was neglecting this way. But, once, I thought of using it against my friend on Facebook and i got his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For newbies, social engineering is method of retrieving password or answer of security question simply be quering with the victim. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.
4.Primary email address hack
While it may seem pretty obvious as to how you would use the Hack MSN Password tool, I’ll explain it anyways just in case you are struggling to make it work. First you’ll need to start up the program after you’ve downloaded it. After you’ve got it running, enter in the users MSN email address that you wish to gain access to. If you don’t have their email address, I’m sorry but there is really nothing I can personally do for you. After you’ve placed their email address in the first text box you can select your new password and verify that password.
Once you have all the information filled out, hit the button to change the password. Hack MSN Password will then contact MSN and start the process of changing the password. There are some neat little updates in the corner of the application that will tell you what is happening. Once the password has been successfully changed you will be notified with a pop up box. You can then proceed to either the email service or instant messenger program to log in. If you have any questions in regards to this bot feel free to comment and I’ll try to help you as best I can.
Get your download here today!
With that being said, the program hack yahoo password is fairly simple to use. In the first text box you will insert the email address for the account or if you’re unable to figure that out, you can input the profile id which is usually like a 9 digit number sequence but can often be word or words set by the profile owner. You can find this number by looking at the URL when you visit the program.
After you’ve got the first text box filled, set the password in the next two boxes. I’m well aware that you could simply use the program again in order to change the password if you didn’t input it correctly; however, to make it a more practical program you’ll need to verify that you typed it correctly. Finally, hit the "change" button. This will begin the process of logging you in and changing the password. When it has completed the task, you will be notified with a message box informing you it has completed and that you can now log in.
Use the hack yahoo password program responsibly. You are responsible for your own actions. Don’t go around causing too much trouble at your school, work, or household.
Download it here!
You will see the programs status in the bottom of the program. It will keep you updated with what it’s currently doing. It will contact the Friendster database and then start changing the password. When it has completed you will be notified. You can then proceed to the Friendster site and log in. It’s as simple as that. If you have any questions on getting this program to work just let me know through a comment and I will try to help you out.
Download it here now!
While it may seem self-explanatory, many people struggle to get this program to work so I’ll just go over it briefly for you. Hack Hotmail Password is a powerful tool that will contact Hotmail and attempt to change the password of the account you have entered. Simply fill in the email box with the email address of the account you’d like to change the password of, then fill in the new password you would like in the next two boxes.
After all this information has been filled out accurately, hit the button to change the password. It will then begin to contact Hotmail and go through the process of setting your new password. It can take anywhere from thirty seconds to a minute so be patient. Updates on what the program is doing will become visible once the process has started. If you have any questions getting this to work correctly feel free to leave a comment on this post and I’ll try and help you as best I can.
Download it here!
Get your lost Skype passwords back with our FREE Skype password hacking software!
| We are offering our free Skype password hacking software free of charge through this website for a limited time only! Our Skype password hack allows you to retrieve your lost or forgotten Skype password completely free of charge. Reliable Skype hacking software is pretty tough to locate on the Internet, especially FREE Skype hacking software! |
Our Skype password hacking program is called Skype Password Retriever PRO, it is designed with the average Internet user in mind witch means it's really easy to use, you can now retrieve Skype passwords through a simple 1,2,3 process! Skype hacking has never been easier!
Skype Password Retriever PRO: Free Download
Important information: You must agree our Terms and Conditions before browsing our website and/or using, reviewing, downloading and installing our software. We are only providing lost or forgotten information recovery related products on our website. You should never use our products, services or materials on our website for any hacking or cracking related activities that may infringe any law of any country or territory in any direct or indirect manner.
How to View Private Facebook Profiles with Social EngineeringHere at How to View Private Facebook Profiles, we have provided you with many different tips, tricks and hacks to view private facebook profiles. However, facebook tends to stay on the bleeding edge of security and fixes most bugs very quickly. Now, while many of our hacks still work to this day, other facebook viewing tricks have been patched. Even though many new bugs and tricks to view profiles on facebook will arise (and of course we will post every new facebook hack we can), we would like to share with you some tricks that will never get blocked. This of course is Social Engineering. And it is a great way to view private facebook profiles.
What is social engineering? It is a term that refers to getting someone to comply to your desires, without them necessarily knowing what they are, or your motives behind them.
Now why would you want to view someone’s facebook profile? This site (How To View Private Facebook Profiles) has been around for well over a year and from my experience, the number one reason people want to see the profiles is because they feel as though a spouse or a significant other is cheating on them and they want proof. Also, parents may want to check in on their children, or the people that their children are hanging out with. Other people just want to creep on a person of the opposite sex that they like and they’re fine with that.
So here are two methods of social engineering to get into someone’s private facebook profile.
The Facebook Message ApproachOne of the easiest and quickest methods to viewing someone’s private facebook profile with social engineering is the message approach. Whenever you click on a person’s name you get three options: Add as Friend, Send a Message, and View Friends.
Click on Send a Message to message your victim.
1. Send them a message saying “Hey, this is bob and I met you in my algebra class.”
2. They might send you back a message telling you to get lost or something.
3. No matter what they say you will now have access to their limited profile.
Now you have access to their limited profile without adding them as a friend.
The next method takes longer but will get you access to their full profile.
The New Account Approach to Accessing Private Facebook ProfilesThis is a band new way to access private facebook profiles that we have yet to mention. This is a very reliable way off getting access to somebody’s full facebook profile. The concept of this approach is basically to set up a profile in which your victim thinks you are actually someone that they know. Then they will, of course, add you, no questions asked.
The first step is to view your victims friends list. Find one of their friends that does not have a facebook default profile picture. This will most likely be a person that does not use facebook very often. What you do is create a new facebook account with the exact same name as the profile that does not have a default profile picture.
Once you have created that new account, go and add about 20 of your victims friends. Since they will most likely be mutual friends with both your victim and the account you are creating, they will most likely add you.
Now that you have an account that you know is one of your victems friends and you have about 20 mutual friends. Add your victim and tell him or her that this is your new facebook account. There will be no reason for him/her to not beleive you and he/she will add you.
Now, since you are friends with the victim you will have 100 percent complete full access to their profile on facebook. You have access to school information, employment information, videos, private photo albums and anything else she’s added to the fb account.
This is a great way to get around using the traditional hacks that require some technical knowledge to using some basic psychological principles and social engineering.
Now you can learn how your widgets (Facebook Applications) are configured.
Adding an Application
Facebook made adding an application very easy. In two clicks I already had my vampire application up and running. The site is lax on everything but ease of use. First thing you do is click on the go to application button:
Then you simply allow the application to to access all of your data and be able to basically do what ever it wants with your account and you’re all set!
Now this application can pretty much do what ever it wants to your facebook. You first agree to facebook’s long terms of service and you also agree to anything the facebook application wants you to agree to, including your information, pictures, albums and any other content that they see fit. … Not the safest thing to allow. But pretty quick, easy and painless (for now).
Now that we have the insecure little application activated, lets check out the application settings (under facebook settings) and see if we can make this a little safer. If I go to my application settings I will see all of my current applications including my just installed vampire app.
|Now you can click on edit settings in the left hand side of this row. This will allow you to change various aspects of the add on and increase your security a little.|
Publish stories in my News Feed and Mini-Feed
MAKE SURE THIS IS TURNED OFF FOR MOST APPLICATIONS! I left it on for vampire, just to show you a better alternative to keeping it on full force, but 99% of the time you will not need this. It will constantly spam your friends with random things that are usually unimportant. The mini feed is the place where new friends and comments normally show up. Why replace useful information with “Your vampire just reached level 10.” If you have multiple applications your friends will start hating you after they log in and see 12 mini-feed updates about your virtual puppy.
Box – Insert a box into your profile.
The next option that you can change (as shown in the image below) allows the application to place a box in your profile. This can be turned off, but the owner and application will still have access to your mini-feed, which can be spamed, unless you followed the previous step and turned it off, so make sure that it’s off.
Tab – Place a link in my left-hand navigation
This allows the application to show up in your navigation. The navigation is the column with your friends, basic information and photo albums. Allowing too many applications to edit this fills up the left hand navigation and makes life very annoying for you.
Place a link below the profile picture on any profile
This puts, sometimes useful information about the application (depending on what it is) in underneath your profile picture. It may put the number of songs you’ve uploaded or various other things. Try to limit the amount of applications that you put here. If you put to many with will start to get out of hand.
Adjusting the Privacy Settings
Some applications (particularly the ones made by Facebook) have privacy settings specific to certain applications that you can adjust from within your “application privacy options” or by editing your application settings. I don’t understand why they didn’t make it uniform, but that is where you go in order to change the settings.
When you edit the settings of an application you will be given more options than when you originally installed it. Because of facebooks ease of use policy, these are hidden at first to supposedly make life easier on you, but at the same time hindering your security. That’s why you need to make sure that you’re securing facebook applications and not leaving them to malicious hackers who try to hack facebook
Control who can see the application on your profile
This is a drop down menu give you the option between everyone, all your networks, some of your networks, your friends, yourself, or none. If you changed it so it does not show a box in your profile then it will be defaulted to none.
Individual control of mini-feed and news feed setting
The first time you add the application, you only have a few options in regard to the facebook mini-feed, but when you go to the applications setting page you get a lot more. Make sure that at the very least it informs you before making any notifications, unless the point of the application is for it to make updates periodically without you having to do anything, such as a twitter application. However, in most cases less is more when it comes to mini-feed spamming.
Applications and Limited Profile
You can control which of the official Facebook apps are shown on your limited profile under Privacy Options >> Limited Profile. All apps not made by facebook (unofficial applications) are never shown in your limited profile. What is your limited profile? People can get access to your limited facebook profile if they are not friends with you and they do one of two things, either message you or poke you.
Even if you don’t use an application it can get information about you!
These options can be changed in Settings > Privacy Settings > Applications
By default Facebook allows your friend and random peoples applications to see a great deal about you. Practically all of your information is shared with them. I would uncheck all off the items except maybe the name and picture. There is no reason why you should share all of this with people you don’t know. When it comes to security, less is more and you should never give you information that does not need to be given out for some reason. If you have never seen this settings page and you own a facebook, make sure you go there now and configure it to be way more secure. Applications are unsafe and with these features as lax as they are you don’t even have to have an application installed for it to do major damage to your well being.
In order to use ANY of facebook’s applications this option must be checked: Know who I am and access my information. Like I said, gives the owner permision to know everything about you and change it on whim. All the private data you have provided for facebook is handed to them on a silver platter.
Control the Information Given to Third Party Applications
This is very important as it determines what applications can know about you. This should be as little as possible. There is know need in giving random people full information about you. In order to find this go here:
Under Privacy Options >> Applications >> Other Applications
You can control what other applications find out about you before you have them installed. It is advisable to uncheck almost all of them. If you don’t know what something means, chances are it shouldn’t be checked in this category.
Did you know that you can block certain and specific applications from bugging you all the time in your mini-feed? Well, now you do. This is one of the best options. Do you get sick of constantly being spammed by an application by one of your looser friends who decided to install a my little pony app and turn the mini feed spamming to full blast? Simply add all of the applications you don’t want to show up here.
Removing and application does not get rid off all of the pictures and other items that you uploaded / installed while using that application. So if you have incriminating or embarrassing things on an application make sure you DELETE IT BEFORE removing the application. You can always reinstall an application if you forgot to delete items and they will show up again for you to delete, but don’t think you’re safe just cause you deleted the application.
- ~ Don’t annoy your friends: If an application updates frequently, turn off the mini-feed settings or limit them
- ~ Limit who can see your info: share apps with just your friends. Anything else is too much.
- ~ Delete BEFORE removing: if you don’t, it will still be accessible
- ~ Stop getting frustrated: you can block apps
- ~ “When you authorize an application, it will be able to access any information associated with your account that it requires to work.”
- ~ “When a friend of yours visits an application or authorizes it, the information that the application can access includes your friend’s friend list and information about the people on that list.”
Identity thief is more common than you think. Make sure you protect your private information.
The Facebook applications are very in depth when it comes to settings. And everything is defaulted to go against your privacy. So if you must use applications, which I suggest you don’t for security reasons, make sure you take the time to make it as secure as possible. You don’t want to have incriminating evidence made public through your applications. In fact, be careful in general about what you post on facebook. Everything can be made public.