Hackers Lab Experiments: 2010

Sunday, October 24, 2010

Protecting email address on web pages from spambots

This tip will help you in protecting your email address from spambots. Avoiding spam is not easy and there are several steps you can take to stop spam. However, this tip describes just one of ways of protection against it. The tip describes how to prevent spambots from picking your email address from your web site.

What is 'spam' and how to they get your email from a web page?

SPAM is unsolicited email. It's something you never asked for and most of the times, it's garbage!
When you include a mailto tag in a web page, you expose your email to spammers. Getting an email address from a mailto tag is quite easy. You would have noticed that email addresses follow a set format. Spambots are spider like programs that move around on the internet checking HTML documents for this format. When they find it, they extract the email address and store it for their diabolical needs.
But there is a way to fool spambots. If you write the email address as a series of special characters, instead of alphabet, it's highly unlikely that spambots would be able to pick it up.
Each lowercase alphabet has a corresponding special character that we call a Character Entity. In addition to lowercase alphabet, there are special characters for @, the underscore, the period and the hyphen. You can find the full list of HTML Special Characters of Character Entities in the Web Design section.
Each special character starts with an ampersand sign, followed by a hash, then a specific numeric value and ends with a semicolon. Thus, the special character for a is a for b is b and so on.
Now if you have an email address like bard@somewhere.com, you should write it as a series of special characters:

bard@somew
mere.com
This looks really messed up.. but that's the price you have to pay to protect yourself from spam.

However, the above method is not foolproof. Addition of a few lines of code to the spambot can ensure that the script searches for email addresses in both human and character entity formats. The safest way to display an email address on a page is to use it as an image or a Flash file. However, with images if you use mailto, the purpose is lost. So a Flash file would be the best.
Update: Google search engine can now read flash files so I guess spambots would be able to read these too (if not now then sometime in the near future).
So what are you left with? - Use HTMl forms and server-side programming to receive visitor inputs.

An example of munging "user@example.com" via client-side scripting would be:

< (remove this text)script type="text/javascript">
var name = 'user';
var at = '@';
var domain = 'example.com';
document.write(name + at + domain);

Monday, October 18, 2010

tutorial of telnet session with gmail to send mail via smtp protocol

hi friends here is working tutorial of telnet session with gmail to send mail via smtp protocol

basic
go to
http://www.motobit.com/util/base64-decoder-encoder.asp
convert your username and password to hex string
then

go to command prompt
type
telnet smtp.gamil.com 587
then

##########################################3

250 mx.google.com at your service
auth login
334 VXNlcm5hbWU6
uuuuuuuuuuuuuuu1111111111<-------user name hex string
334 UGFzc3dvcmQ6
pppppppppppppppp222222222<-------password hex string
235 2.7.0 Accepted
MAIL FROM:
250 2.1.0 OK f14sm12564610wbe.20
RCPT TO:
250 2.1.5 OK f14sm12564610wbe.20

data i lake this telnet stuff
354 Go ahead f14sm12564610wbe.20
subject: smtp
.
250 2.0.0 OK 1287428373 f14sm12564610wbe.20
quit
221 2.0.0 closing connection f14sm12564610wbe.20

Connection to host lost.

C:\Documents and Settings\omie>
rock on ...........check your inbox you have mail now...how to put data u work out...

Saturday, October 16, 2010

Google finely crafted searches

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:intitle:"Index of" passwords modifiedallinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:microsoft filetype:iso
You can change the string to watever you want, ex. microsoft to adobe, iso to zip etcâ€¦
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing
"http://bob:bob@www"

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let's pretend you need a serial number for windows xp pro.
In the google search bar type in just like this - "Windows XP Professional" 94FBR
the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR

Google Login Searches

intitle:”remote assessment” OpenAanval Console
intitle:opengroupware.org “resistance is obsolete” “Report Bugs” “Username” “password”
“IMail Server Web Messaging” intitle:login
“Login – Sun Cobalt RaQ”
“Login to Usermin” inurl:20000
“Microsoft CRM : Unsupported Browser Version”
“OPENSRS Domain Management” inurl:manage.cgi
“please log in”
“powered by CuteNews *.* © * CutePHP
“SysCP – login”
“ttawlogin.cgi/?action=”
“VHCS Pro ver” -demo
“VNC Desktop” inurl:5800
“Web Control Panel” “Enter your password here”
“WebExplorer Server – Login” “Welcome to WebExplorer Server”
“WebSTAR Mail – Please Log In”
(inurl:”ars/cgi-bin/arweb?O=0″ | inurl:arweb.jsp) -site:remedy.com -site:mil
4images Administration Control Panel
allinurl:”exchange/logon.asp”
ASP.login_aspx “ASP.NET_SessionId”
CGI:IRC Login
ez Publish administration
filetype:php inurl:”webeditor.php”
filetype:pl “Download: SuSE Linux Openexchange Server CA”
filetype:r2w r2w
intext:”"BiTBOARD v2.0″ BiTSHiFTERS Bulletin Board”
intext:”Mail admins login here to administrate your domain.”
intext:”Storage Management Server for” intitle:”Server Administration”
intitle:”Athens Authentication Point”
intitle:”ColdFusion Administrator Login”
intitle:”Dell Remote Access Controller”
intitle:”ePowerSwitch Login”
intitle:”Icecast Administration Admin Page”
intitle:”ISPMan : Unauthorized Access prohibited”
intitle:”ITS System Information” “Please log on to the SAP System”
intitle:”Login – powered by Easy File Sharing Web Server”
intitle:”MailMan Login”
intitle:”microsoft certificate services” inurl:certsrv
intitle:”MikroTik RouterOS Managing Webpage”
intitle:”MX Control Console” “If you can’t remember”
intitle:”Novell Web Services” intext:”Select a service and a language.”
intitle:”oMail-admin Administration – Login” -inurl:omnis.ch
intitle:”Philex 0.2*” -script -site:freelists.org
intitle:”PHP Advanced Transfer” inurl:”login.php”
intitle:”php icalendar administration” -site:sourceforge.net
intitle:”php icalendar administration” -site:sourceforge.net
intitle:”please login” “your password is *”
intitle:”Remote Desktop Web Connection” inurl:tsweb
intitle:”teamspeak server-administration
intitle:”Tomcat Server Administration”
intitle:”TUTOS Login”
intitle:”vhost” intext:”vHost . 2000-2004″
intitle:”Virtual Server Administration System”
intitle:”VitalQIP IP Management System”
intitle:”VNC viewer for Java”
intitle:”WebLogic Server” intitle:”Console Login” inurl:console
intitle:”Welcome Site/User Administrator” “Please select the language” -demos
intitle:”welcome to netware *” -site:novell.com
intitle:”ZyXEL Prestige Router” “Enter password”
intitle:Group-Office “Enter your username and password to login”
intitle:Login * Webmailer
intitle:Login intext:”RT is © Copyright”
intitle:Node.List Win32.Version.3.11
intitle:Novell intitle:WebAccess “Copyright *-* Novell, Inc”
intitle:plesk inurl:login.php3
inurl:”1220/parse_xml.cgi?”
inurl:”631/admin” (inurl:”op=*”) | (intitle:CUPS)
inurl:”:10000″ intext:webmin
inurl:”Activex/default.htm” “Demo”
inurl:”calendar.asp?action=login”
inurl:”gs/adminlogin.aspx”
inurl:”typo3/index.php?u=” -demo
inurl:”usysinfo?login=true”
inurl:”utilities/TreeView.asp”
inurl:/admin/login.asp
inurl:/cgi-bin/sqwebmail?noframes=1
inurl:/Citrix/Nfuse17/
inurl:/dana-na/auth/welcome.html
inurl:/eprise/
inurl:/webedit.* intext:WebEdit Professional -html
inurl:1810 “Oracle Enterprise Manager”
inurl:administrator “welcome to mambo”
inurl:cgi-bin/ultimatebb.cgi?ubb=login
inurl:confixx inurl:login|anmeldung
inurl:coranto.cgi intitle:Login (Authorized Users Only)
inurl:default.asp intitle:”WebCommander”
inurl:irc filetype:cgi cgi:irc
inurl:login filetype:swf swf
inurl:login.asp
inurl:login.cfm
inurl:login.php “SquirrelMail version”
inurl:metaframexp/default/login.asp | intitle:”Metaframe XP Login”
inurl:mewebmail
inurl:names.nsf?opendatabase
inurl:orasso.wwsso_app_admin.ls_login
inurl:postfixadmin intitle:”postfix admin” ext:php
inurl:search/admin.php
Login (“Powered by Jetbox One CMS ª” | “Powered by Jetstream © *”)
Novell NetWare intext:”netware management portal version”
Outlook Web Access (a better way)
pcANYWHERE EXPRESS Java Client
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
phpWebMail
Powered by INDEXU
Ultima Online loginservers
url:”webadmin” filetype:nsf

Hacker’s Laws

Hacker’s Laws

LAWS OF COMPUTER PROGRAMMING
—————————-
1. There is always one more bug.
2. Any given program, when running, is obsolete
3. If a program is useless, it will have to be documented.
4. If a program is useful, it will have to be changed.
5. Any program will expand to fill all available memory.
6. The value of a program is proportional to the weight of its output.
7.Program complexity grows until it exceeds the capability of the programmer to maintain it.
8. Make it possible for programmers to write in English and you will find out that programmers cannot write in English.

WEINBERG’S LAW
————–
If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.

HARE’S LAW OF LARGE PROGRAMS
—————————-
Inside every large program is a small program struggling to get out.

TROUTMAN’S PROGRAMMING LAWS
—————————
1.If a test installation functions subsequent systems will malfunction.
2. Not until a program has been in production for at least six months will the most harmful error then be discovered.
3. Job control cards that cannot be arranged in improper order will be.
4. Interchangeable tapes won’t
5. If the input editor has been designed to reject all bad input,an ingenious idiot will discover a method to get bad data past it.
6.Machines work, people should think.

GOLUB’S LAWS OF COMPUTERDOM
—————————
1. A carelessly planned project takes three times longer to completed than expected; a carefully planned project will take only twice as long.
2. The effort required to correct the error increases geometrically with time.

BRADLEY’S BROMIDE
—————–
If computers get too powerful, we can organize them into a committee – that will do them in.

Thursday, October 14, 2010

How To Find Secret Private Security Web Cams using google

To find secret private home and business security cams, copy and paste one of the entire search string lines below into Google and click away...
Weeeee!!!

Some of them are controllable and have audio!

Have fun...search following strings in google

inurl:/view/index.shtml
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
http://site:.viewnetcam.com -www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"

Sunday, October 10, 2010

examples of boot.ini files

**Some examples of boot.ini files**
A typical simple example	[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
Example with Recovery Console as an option	[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Example of a dual-boot system with XP on partition 2. Note that the location of Windows Me is given as C:\	[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect C:\ = "Microsoft Windows Me "
Example with Safe Mode as an option and "timeout" =10 seconds	[boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos /bootlog

How to Edit Boot.ini File of window

How to Edit Boot.ini Files

Since boot.ini is a text file, it can be edited with a text editor such as Notepad. However, the attributes must first be changed, Also, care must be taken to preserve the correct extension. Since any mistakes in editing might very well render your system unbootable, it is better to use one of the safer methods that are available. Before using any method, be sure to make a backup copy.

One of the most common reasons for editing boot.ini is to reduce the "timeout" setting.in order to speed up booting. This is easily accomplished by using the System Configuration Utility (often called msconfig).

Using Msconfig to edit Boot.ini

Open Start-Run and enter "msconfig". The box shown below will open. Click the tab "BOOT.INI" and the figure shown next will open. The contents of the boot.ini file are shown and a number of configuration settings are available. In the middle right is a box where the settings for Timeout can be changed. This example is for a dual-boot system and another common reason for editing is to change the default operating system in dual-boot setups. Note that there is a button "Set a Default" as well as buttons "Move Up" and "Move Down" (grayed out here). If there are multiple entries in the boot display, their order can be rearranged here. There are also a number of advanced options that experienced computer users may look at. These other functions are discussed in the Microsoft references given at the end of the article.

Another way to configure Boot.ini

these two most commonly edited settings is to open the Start menu, right-click on "My Computer" and choose "Properties" from the context menu. The System Properties dialog box will open as shown below. In the section "Startup and Recovery" click the button "Settings".

Using System Properties dialog to edit

The dialog box shown in the next figure will open. Both the Timeout setting and the default operating system can be changed here.

Startup and Recovery dialog

To add or delete an operating system or program from the boot display menu, use the "Edit" button on the right of the entry "To edit the startup options file manually, click Edit" as shown in the figure below. For example, if it is no longer desired to dual-boot a system, the unwanted operating system can be removed from the boot display menu this way.

using command line tool bootcfg.exe

Windows XP Professional also has a command line utility for manipulating boot.ini called bootcfg.exe. (It may or may not be in a Home Edition installation.) It is described in this Microsoft reference. It can be used in the Recovery Console to repair a damaged boot.ini file or in a command window to edit entries to the file. There are a number of different switches and these are illustrated in the output to a command window shown below.

Syntax and switches for command-lineuse of Bootcfg.exe

There is another set of switches for bootcfg when it is being run in the recovery console. These are discussed at this Microsoft reference. A discussion of using the tool to repair a damaged setup is discussed here. For example, a damaged boot.ini file can be scanned or deleted and a new version built.

Introduction of boot.ini file of window

Boot.ini is one of the very first files that come into play when a Windows XP system is started up. It is a plain text file that is kept in the system root, so it is usually C:\boot.ini. Because it is an essential system file, the attributes are set to hidden, system, read-only to protect it. That means that it will not appear in the file lists in My Computer or Windows Explorer unless the default Windows settings are changed to show hidden files.

Boot.ini contains the location of the Windows XP operating system on the computer. If there is a multi-boot system, the locations of of any other operating systems are also contained. During the startup process, functions from the Windows XP file named "Ntldr" are in charge of getting the proper operating system loaded and Ntldr looks at boot.ini to find out where the operating systems are located and whether a menu should be displayed. Boot.ini can also include entries giving boot options such as Safe Mode or the Recovery Console.

Thursday, October 7, 2010

SQL Inject Me tutorial

What is Exploit-Me?

A suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. Back to top

What is SQL Inject Me?

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. Back to top

How does SQL Inject-Me work?

The tool work by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page. The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool. You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields. Back to top

How much does SQL Inject Me cost/ Is it open source/ What license is it under?

Exploit-Me tools are free of charge. They are all open source, under Gnu Public License (GPL) v.3. Back to top

Does SQL Inject Me perform source code or network analysis?

No, it is only used for run-time application security testing. Back to top

What is the target audience of SQL Inject Me?

SQL Inject-Me is aimed at developers, testers/ QA staff, and security auditors. Back to top

Will SQL Inject Me detect all SQL injection vulnerabilities?

No. SQL Inject Me looks for unexpected responses from the server; as a result, its ability to detect SQL Injection is limited by the responses from received the sever. Testing for advanced attacks, such as blind SQL injection, may require additional manual testing (e.g. attempting to bypass authentication). Back to top

I have some ideas for improvements, how do I let you know?

Please submit any feature requests or improvement ideas to tools at securitycompass.com. Back to top

Who makes SQL Inject Me?

SQL Inject Me is part of the Exploit-Me series, which is a set of open source tools. The first release was created by Security Compass. A full list of contributors will be maintained. Back to top

Will Security Compass or any other third party have access to my results?

Absolutely not. Neither Security Compass, nor any third party, maintains data on testing results. Back to top

What are the system requirements?

Firefox 2.0.0.9+ Back to top

How do I run SQL Inject Me?

Download the XPI package and install it through Firefox. Once the tool is installed, restart Firefox. You can then start the Exploit-Me tools by using the top-level menu: Tools -> SQL Inject Me -> Open SQL Inject Me Sidebar.

You can also use the context menu by right-clicking on the page that you wish to test and selecting “Open SQL Inject Me Sidebar”.

All the forms in your current web page will appear in a series of tabs in the sidebar, and each tab will have all the corresponding visible and hidden fields listed.

The current value for each field will appear with a corresponding combo box. You can change the values directly in this combo box. The default value is the current value of that field, or if none is specified then you will see the string “Change this to the value you want tested” (as shown for the “keywords” field in the above example). If you check the box next to a field name, then that field will be tested for SQL injection. If the box is not checked, then the field will not be tested for SQL Injection and the current value listed in the combo box will be submitted every time. SQL Inject Me works by testing each checked value one at a time. In the above example, the tool would attempt to test the “keywords” field and then the “searchType” field for SQL Injection. The parameters for the submission would look something like: keywords=SQLInjection_ATTACK_STRING&searchType=web when the “keywords” field is being tested and keywords=&searchType= SQLInjection_ATTACK_STRING when the “searchType” field is being tested. The tool will substitute SQLInjection_ATTACK_STRING with the list of strings specified in the options. This is called “fuzzing” in application testing terminology. You can choose to fuzz all the attack strings by selecting the “Run all tests” option and pressing execute, or you can choose to fuzz a few of them by selecting the “Run top X attacks” option and pressing execute. Running all tests with the default list of attack strings can be very time consuming if the server responses are not instant or if there are several fields to be tested. Running the top attacks is usually not as thorough but generally allows you to test much quicker, depending on how many attacks you specify to be “top attacks” (see “What are the Options” for SQL Inject Me below). There are also options at the top of the side bar to “Test all forms with all attacks” and “Test all forms with top attacks”. This will automatically test every field in every form with either all attack strings or the Top X attacks. If you select this option then the checkboxes next to field names will be ignored. Back to top

What are the Options for SQL Inject Me?

There are currently five options in SQL Inject Me that you can access through the top-level menu Tools->SQL Inject Me->Options.

Show Context Menu
Toggle whether or not the open “SQL Inject Me sidebar” option should be shown in the context menu
Preferred Number of Attacks to Test
This specifies the number of attacks that should be tested when you select the “Test All Forms with Top Attacks” or “Run Top X Attacks” options in the SQL Inject Me sidebar. If you enter “5″ for this value, then the first 5 values listed in the “SQL Injection Strings” table will be tested.
Number of Tabs to Use For Running Tests
This specifies how many concurrent tabs can be opened to run the SQL injection tests. More concurrent tabs may mean quicker overall testing, but will also incur greater memory impact. Opening too many concurrent tabs may cause Firefox to crash.
SQL Injection Strings
SQL Inject Me will enter these strings as the values in the fields that you specify for testing. The tool starts testing from the first string to the last; if you select the “Test All Forms with Top Attacks” or “Run Top X Attacks” options then only the first X attacks will be tested (where “X” is specified in option #1 above). In order to change the order of a particular string in the list, use the “Up” and “Down” buttons. You can also add or remove individual strings by clicking on them and pressing the “Add” and “Remove” buttons. Finally, you can export the entire list or import another list using the export and import buttons located above the list of strings.
Result Strings
SQL Inject Me looks for the presence of these strings in the HTTP response returned from the server. If any of these strings are found then the attack string is listed as a potential SQL injection.

How do I add my own signatures to the files?

Use the SQL Injection Strings tab in the Tools->SQL Inject Me->Options menu. Click on the “Add” button, and the “Attack String” menu will pop up. Enter the attack in the “Attack String” text field. Note that your attack string should run “document.vulnerable=true” in the resulting JavaScript for the tool to work properly. E.g. is a valid SQL Inject Me string. The “Your signature” field allows you to specify your name to associate to the attack string. This feature was added to allow people to take credit for their attack string contributions.

How do I interpret the SQL Inject Me results?

SQL Inject Me has three result types: Failures The number of tests that resulted in high likelihood of SQL injection vulnerabilities (e.g. Result string from the user-supplied list is detected) Warnings Number of tests that resulted in some likelihood of SQL injection vulnerabilities (e.g. there was a difference in the server response between the submission of a normal value and an SQL attack string value) Pass Number of tests that did not result in any detection of SQL injection Each result is specified in the detailed section below. Test results are grouped by field name. Failures are listed first, followed by warnings, and then passes.

For each field the following details are given: Form state Values of all other parameters during submission of the form Result details Individual failures, warnings and passes including the test value that lead to that individual result. This information is important in determining how a particular field may be vulnerable; you can take any of the test values that resulted in a failure and write your own injection string to manually verify.

Why does my form or field have no name on the SQL Inject Me Sidebar?

In some cases a web page may create a form without specifying a corresponding name, or a form field without specifying a field name. In those cases, there is no name given in the SQL Inject Me sidebar. Back to top

I’m getting an error, what should I do?

Check this FAQ. If there is no suitable answer then submit a bug request with as much detail as possible to bugs at securitycompass.com. We anticipate having public bug tracking setup for January 2008. Back to top

I deleted the default attack and/or error strings but I want to get them back.

Don’t worry, SQL Inject-Me has a list of attack and error strings embedded inside. Type ‘about:config’ in your url bar. Then extensions.sqlime in the filter text box. Attack strings are in “extenions.*.attacks” and error strings are in “extensions.*.errorstrings”. Right click on the row with the preference you want to restore and click on “reset”. On some platforms you may have to restart Firefox for it to register the changes. Now when you go to Tools->SQL Inject Me->Options you will see the original strings. Back to top

Wednesday, September 29, 2010

chatbot example Alicebot

A chatbot (or chatterbot, or chat bot) is a computer program designed to simulate an intelligent conversation with one or more human users via auditory or textual methods. Traditionally, the aim of such simulation has been to fool the user into thinking that the program's output has been produced by a human (the Turing test). Programs playing this role are sometimes referred to as Artificial Conversational Entities, talk bots or chatterboxes. More recently, however, chatbot-like methods have been used for practical purposes such as online help, personalised service, or information acquisition, in which case the program is functioning as a type of conversational agent. What distinguishes a chatbot from more sophisticated natural language processing systems is the simplicity of the algorithms used. Although many chatbots do appear to interpret human input intelligently when generating their responses, many simply scan for keywords within the input and pull a reply with the most matching keywords, or the most similar wording pattern, from a textual database. (or chatterbot, or chat bot) is a computer program designed to simulate an intelligent conversation with one or more human users via auditory or textual methods. Traditionally, the aim of such simulation has been to fool the user into thinking that the program's output has been produced by a human (the Turing test). Programs playing this role are sometimes referred to as Artificial Conversational Entities, talk bots or chatterboxes. More recently, however, chatbot-like methods have been used for practical purposes such as online help, personalised service, or information acquisition, in which case the program is functioning as a type of conversational agent. What distinguishes a chatbot from more sophisticated natural language processing systems is the simplicity of the algorithms used. Although many chatbots do appear to interpret human input intelligently when generating their responses, many simply scan for keywords within the input and pull a reply with the most matching keywords, or the most similar wording pattern, from a textual database.

here is the Alicebot for your service Galaia Project.

visit http://mysamsungstar3g.blogspot.com/
due to bandwidth problem i moved from my blog

hi friends check out new hackers lab experimets

Earth tracking Program By http://hackerslabrotary.blogspot.com

Mapping The Earth Program By http://hackerslabrotary.blogspot.com

at the end of blog...

Tuesday, September 28, 2010

Here’s a 11th Order quine (11 languages) by Yusuke Endoh

# ruby
l=92.chr;eval s="s=s.dump[r=1..-2].gsub(/("+l*4+"){4,}(?!¥")/){|t|'¥"+l*%d+¥"'%(t
.size/2)};5.times{s=s.dump[r]};puts¥"# python¥¥nprint(¥¥¥"# perl¥¥¥¥nprint(¥¥¥¥¥¥
¥"# lua"+l*4+"nprint("+l*7+"¥"(* ocaml *)"+l*8+"nprint_endline"+l*15+"¥"-- haskel
l"+l*16+"nimport Data.List;import Data.Bits;import Data.Char;main=putStrLn("+l*31
+"¥"/* C */"+l*32+"n#include"+l*32+"nint main(void){char*s[501]={"+l*31+
"¥"++intercalate"+l*31+"¥","+l*31+"¥"(c(tail(init(show("+l*31+"¥"/* Java */"+l*32
+"npublic class QuineRelay{public static void main(String[]a){String[]s={"+l*31+"
¥"++intercalate"+l*31+"¥","+l*31+"¥"(c("+l*31+"¥"brainfuck"+l*64+"n++++++++[>++++
<-]+++++++++>>++++++++++"+l*31+"¥"++(concat(snd(mapAccumL h 2("+l*31+"¥"110"+l*31
+"¥"++g(length s)++"+l*31+"¥"22111211100111112021111102011112120012"+l*31+"¥"++co
ncatMap("+l*32+"c->let d=ord c in if d<11then"+l*31+"¥"21002"+l*31+"¥"else"+l*31+
"¥"111"+l*31+"¥"++g d++"+l*31+"¥"22102"+l*31+"¥")s++"+l*31+"¥"2100211101012021122
2211211101000120211021120221102111000110120211202"+l*31+"¥"))))))++"+l*31+"¥","+l
*63+"¥""+l*64+"n"+l*63+"¥"};int i=0;for(;i<94;i++)System.out.print(s[i]);}}"+l*31
+"¥")))))++"+l*31+"¥",0};int i=0;for(;s[i];i++)printf("+l*63+"¥"%s"+l*63+"¥",s[i]
);puts("+l*63+"¥""+l*63+"¥");return 0;}"+l*31+"¥");c s=map("+l*32+"s->"+l*31+"¥""
+l*63+"¥""+l*31+"¥"++s++"+l*31+"¥""+l*63+"¥""+l*31+"¥")(unfoldr t s);t[]=Nothing;
t s=Just(splitAt(if length s>w&&s!!w=='"+l*31+"¥"'then 501else w)s);w=500;f 0=Not
hing;f x=Just((if x`mod`2>0then '0'else '1'),x`div`2);g x= reverse (unfoldr f x);
h p c=let d=ord c-48in(d,replicate(abs(p-d))(if d

<'else '>')++"+l*31+"¥"
."+l*31+"¥");s="+l*31+"¥"# ruby"+l*32+"n"+l*31+"¥"++"+l*31+"¥"l=92.chr;eval s=¥"+
(z=l*31)+¥"¥¥¥"¥"+s+z+¥"¥¥¥""+l*31+"¥"++"+l*31+"¥""+l*32+"n"+l*31+"¥""+l*15+"¥""+
l*7+"¥")"+l*4+"n¥¥¥¥¥¥¥")¥¥¥")¥"########### (c) Yusuke Endoh, 2009 ###########¥n"

The Ruby code above generates Python code, which generates Perl code, which generates Lua code, which generates OCamlcode, which generates Haskell code, which generates C code, which generates Java code, which generates Brainfuck code, which generates Whitespace code, which generates Unlambda code, which generates the original Ruby code again.
more such crazy stuff at International Obfuscated C Code Contest (IOCCC)
Conway’s Game of Life in one line of APL

To properly try this, you’ll require the following versions of each compiler:

* ruby 1.8.7-p72
* Python 2.5.2
* perl v5.10.0
* Lua 5.0.3
* OCaml 3.10.2
* ghc-6.8.2
* gcc 4.3.2
* java "1.5.0_17"
* beef 0.0.6-2
* whitespace 0.3-2
* unlambda 2.0.0-5

Credit goes to Yusuke Endoh for this masterpiece of programming art.

A Quine is a computer program which produces a copy of its own source code as its only output.

`1`	`main() {` `char` `s="main() { char s=%c%s%c; printf(s,34,s,34); }";` `printf(s,34,s,34); }`

Cryptic quote c++ code

`1`	`double` `m[]= {7709179928849219.0, 771};int` `main(){m[1]--?m[0]*=2,main():printf(m);}`

This cryptic code when run outputs “C++ sucks”

Searching for personal data and confidential documents

Searching for personal data and confidential documents

filetype:xls inurl:”email.xls”

email.xls files, potentially containing contact information

“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”

CVs

“not for distribution”

confidential documents containing the confidential clause

buddylist.blt

AIM contacts list

intitle:index.of mystuff.xml

Trillian IM contacts list

filetype:ctt “msn”

MSN contacts list

filetype:QDF

QDF database files for the Quicken financial application

intitle:index.of finances.xls

finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers

intitle:”Index Of” -inurl:maillog maillog size

maillog files, potentially containing e-mail

Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”

reports for network security scans, penetration tests etc

Dork for locating passwords

Dork for locating passwords

http://*:*@www” site

passwords for site, stored as the string “http://username:password@www…”

filetype:bak inurl:”htaccess|passwd|shadow|ht users”

file backups, potentially containing user names and passwords

filetype:mdb inurl:”account|users|admin|admin istrators|passwd|password”

mdb files, potentially containing password information

intitle:”Index of” pwd.db

pwd.db files, potentially containing user names and encrypted passwords

inurl:admin inurl:backup intitle:index.of

directories whose names contain the words admin and backup

“Index of/” “Parent Directory” “WS _ FTP.ini”

filetype:ini WS _ FTP PWD

WS_FTP configuration files, potentially containing FTP server access passwords

ext:pwd inurl:(service|authors|administrators |users) “# -FrontPage-”

files containing Microsoft FrontPage passwords

filetype:sql (“passwd values ****” | “password values ****” | “pass values ****” )

files containing SQL code and passwords inserted into a database

intitle:index.of trillian.ini

configuration files for the Trillian IM

eggdrop filetype:user

user configuration files for the Eggdrop ircbot

filetype:conf slapd.conf

configuration files for OpenLDAP

inurl:”wvdial.conf” intext:”password”

configuration files for WV Dial

ext:ini eudora.ini

configuration files for the Eudora mail client

filetype:mdb inurl:users.mdb

Microsoft Access files, potentially containing user account information

Error message queries

Error message queries

“A syntax error has occurred”filetype:ihtml

Informix database errors, potentially containing function names, filenames, file structure information, pieces of SQL code and passwords

“Access denied for user” “Using password”

authorisation errors, potentially containing user names, function names, file structure information and pieces of SQL code

“The script whose uid is ” “is not allowed to access”

access-related PHP errors, potentially containing filenames, function names and file structure information

“ORA-00921: unexpected end of SQL command”

Oracle database errors, potentially containing filenames, function names and file structure information

“error found handling the request” cocoon filetype:xml

Cocoon errors, potentially containing Cocoon version information, filenames, function names and file structure information

“Invision Power Board Database Error”

Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code

“Warning: mysql _ query()” “invalid query”

MySQL database errors, potentially containing user names, function names, filenames and file structure information

“Error Message : Error loading required libraries.”

CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information

“#mysql dump” filetype:sql

MySQL database errors, potentially containing information about database structure and contents

dork for finding admin page

admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
adm/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp

Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/

sql injection dorks

sql injection dorks
allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”

google Querying for application-generated system reports

Querying for application-generated system reports

“Generated by phpSystem”

operating system type and version, hardware configuration, logged users, open connections, free memory and disk space, mount points
“This summary was generated by wwwstat”
web server statistics, system file structure
“These statistics were produced by getstats”
web server statistics, system file structure
“This report was generated by WebLog”
web server statistics, system file structure
intext:”Tobias Oetiker” “traffic analysis”
system performance statistics as MRTG charts, network configuration
intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
server version, operating system type, child process list, current connections
intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos”
web server activity, lots of visitor information
intitle:”Multimon UPS status page”
UPS device performance statistics
intitle:”statistics of” “advanced web statistics”
web server statistics, visitor information
intitle:”System Statistics” +”System and Network Information Center”

system performance statistics as MRTG charts, hardware configuration, running services
intitle:”Usage Statistics for” “Generated by Webalizer”
web server statistics, visitor information, system file structure
intitle:”Web Server Statistics for ****”
web server statistics, visitor information
nurl:”/axs/ax-admin.pl” -script
web server statistics, visitor information
inurl:”/cricket/grapher.cgi”
MRTG charts of network interface performance
inurl:server-info “Apache Server Information”
web server version and configuration, operating system type, system file structure
“Output produced by SysWatch *”
operating system type and version, logged users, free memory and disk space, mount points, running processes, system logs

Querying for application-generated system reports

Queries for discovering standard post-installation

intitle:”Test Page for Apache Installation” “You are free”
Apache 1.2.6
intitle:”Test Page for Apache Installation” “It worked!” “this Web site!”
Apache 1.3.0 – 1.3.9
intitle:”Test Page for Apache Installation” “Seeing this instead”
Apache 1.3.11 – 1.3.33, 2.0
intitle:”Test Page for the SSL/TLS-aware Apache Installation” “Hey, it worked!”
Apache SSL/TLS
intitle:”Test Page for the Apache Web Server on Red Hat Linux”
Apache on Red Hat
intitle:”Test Page for the Apache Http Server on Fedora Core”
Apache on Fedora
intitle:”Welcome to Your New Home Page!”
Debian Apache on Debian
intitle:”Welcome to IIS 4.0!”
IIS 4.0
intitle:”Welcome to Windows 2000 Internet Services”
IIS 5.0

intitle:”Welcome to Windows XP Server Internet Services”
IIS 6.0

Google queries for locating various Web servers

“Apache/1.3.28 Server at” intitle:index.of
Apache 1.3.28
“Apache/2.0 Server at” intitle:index.of
Apache 2.0
“Apache/* Server at” intitle:index.of
any version of Apache
“Microsoft-IIS/4.0 Server at” intitle:index.of
Microsoft Internet Information Services 4.0
“Microsoft-IIS/5.0 Server at” intitle:index.of
Microsoft Internet Information Services 5.0
“Microsoft-IIS/6.0 Server at” intitle:index.of
Microsoft Internet Information Services 6.0
“Microsoft-IIS/* Server at” intitle:index.of
any version of Microsoft Internet Information Services
“Oracle HTTP Server/* Server at” intitle:index.of

any version of Oracle HTTP Server
“IBM _ HTTP _ Server/* * Server at” intitle:index.of
any version of IBM HTTP Server
“Netscape/* Server at” intitle:index.of
any version of Netscape Server
“Red Hat Secure/*” intitle:index.of
any version of the Red Hat Secure server
“HP Apache-based Web Server/*” intitle:index.of
any version of the HP server

hi friends check out new hackers sphere

hi friends we are no less than google
check out my hacker sphere
at
http://moneyguru.clanteam.com/hp/hackers%20Sphere.htm

Comment if you like it.............................

New Orkut – Upload Images/Songs/Videos in Profile

New Orkut! The latest Buzz in the E-World. But now almost all have it. And its still fresh. Owing to the fact that its like Windows Vista compared to XP. [A huge copy of something else, but who cares as long as it looks good on your screen]. Well I am not here to write about the various new features and how it is different from old Orkut. But basic stuff which will help you make your profile more attractive.
For starters, if you don’t have the new Orkut yet, there are 2 ways to get it.
è Join the official New Orkut community [http://www.orkut.co.in/Main#Community?cmm=95114051
è Ask any of your friends to send you a invite
Ok, with the basic requirements fulfilled, lets get to some serious matter. Today I will be posting methods for 3 things basically
[1] To insert a Image in your about me
[2] To insert a song in your profile
[3] To insert a Video in your profile
First of all, switch to new Orkut
How to insert a pic in about me

Just copy-paste the pic using cntrl + a, cntrl + c, cntrl + v into your about me
OR
Else upload your own pic to some site, right click on it, select copy image location
Paste it in your about me, keep in mind to keep it free of any other tags, it should not be inside some italics, or color or some other tags, else it might not work properly

]
How to put a song in your profile
Follow the below steps exactly
Select the code of a available song from www.123orkut.com or www.orkutfunda.com
Open your scrapbook
Click on HTML once
Paste the code
Edit it to make favorable changes, like delete the gif image, the anchor tag for the site etc
To make the player invisible, set height n width as 0
Click on HTML once again
Now you must hear ur song playin with nothing on ur scrapbook
Select whatever is on ur typing region using cntrl + a, copy it n paste it in ur about me somewhere on top, (here too it should be free of all other tags)
Click Save
If you want to upload your own song in your profile :
Upload your song to any website,
Copy the link of your song’s location (URL)
<* embed src=”http://www.mp3orkut.com/wp-content/plugins/xspf_player/xspf_player_slim.swf” flashvars=”&song_url=”UR mp3 URL “&autoplay=true” width=”1″ height=”1″ *>

remove *

How to add a Video in ur Profile
Go to Youtube
Select the Video you want to put on ur profile
Copy the embed code
Switch back to older version
Paste the code
Click preview
Copy the Whole video thumbnail
Paste it in your about me
Save
Also you can apply the above method of clicking HTML twice J
Pls leave any doubts or suggestions here if you find any.

hi friends check out new hackers sphere technology

hi friends we are no less than Google
check out my hacker sphere
at

http://moneyguru.clanteam.com/hp/hackers%20Sphere.htm

check out you will love this experiment....

detect browesr type and redirect the page

A browser detection script can check for browser types, browser versions, available plug-ins, languages, and platforms. Depending on the purpose, you can have the script write a message to your visitors, notify them about plug-ins required for the site, or automatically redirect visitors to a different Web page.

The first step is to decide which browsers you need to check for. While Netscape and Explorer are the most obvious choices, you should at least consider checking for WebTV if your site is designed to appeal to the consumer audience. While WebTV only has 2 million subscribers at this writing, half of them have purchased online.

The JavaScript code in this example queries the "navigator" object, which contains information about which browser and browser version your visitors are using to view your site. This simple detection script will identify the application name (appName) in use and display an alert box.

Friday, September 24, 2010

virus code with study manual

hello friends i have uploaded my virus source codes along with self made study manual i hope this will be helpful for you to study virus technology..........

download from here
http://rapidshare.com/files/421038295/virus_codes.rar |

And don't worry these viruses are not harmful but teamed
i recommend you please read the manual before playing with those...

Wednesday, September 22, 2010

create your business website ,hacking website,or website for earning money

Hi friends

use

co.cc domain

http://www.co.cc/?id=192749

its totally free for one year

you can earn money with that.

my website is:-

http://www.moneyguruonline.co.cc

i am earning good money from it .

CREATE YOUR WEBSITE NOW.

Tools for Analyzing Viruses (With Download)

There are many viruses spread rapidly in the days, therefore many Antivirus vendor like Kapersky, McAfee, Norton and others are compete to create an antivirus which more powerful and secure.The making of Antivirus itself will not separated from the virus itself. We must analyze how it works, what it is capable of doing by the virus, what will infected by the virus. To do an analysis of a virus usually requires tools that can analyze a virus in details and quick.

Here are some tools you can use to analyze a virus:

1. Malcode Analysis Pack

(http://labs.idefense.com/software/download/?downloadID=8)

This tool consists of a variety of applications that can help you analyze a malcode.
For example, such as ShellExt, socketTool, fakeDNS, Sheilcode2Exe and so forth

.
2. Autoruns For Windows
(http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)

This application is used to determine the location of auto-starting of the startup monitor which is located in the windows.
This application will show the program which is running while the system booting up or logon.

3. RegMon for Windows

(http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx)

This tool can display the applications which are accessing to your system registry.
All will be displayed in real-time

4. Filemon for Windows

(http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx)

This tool will display the system activity of a file in the operating system in real-time.

5. Multipot

(http://labs.idefense.com/software/download/?downloadID=9)

This application is designed to collect a lot of malicious code found on the internet.

6. Process Explorer for Windows

(http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)

This tool handles information about the process dal DLLs that are currently open.
This application shows the list of processes that are active at that time.

7. Resource Hacker

(http://www.angusj.com/resourcehacker/)

Tool that can be used to change the resource on the Win32 executables and the other resource files.

8. Rootkit Unhooker

(http://www.antirootkit.com/software/RootKit-Unhooker.htm)

Application to detect the rootkit.
Some of the features which where offered are Ultimate Drivers Detection, Hidden Files Detection and so on.

9. SysAnalyzer

(http://labs.idefense.com/software/download/?downloadID=15)

This tool is able to analyze malcode automatically run time to monitor what is being done by the system and the process which is running.

10. PE Identifier

(http://www.peid.info/)

This application is used to detect the packers, cryptors.
This tool is able to detect more than 600 signatures from a different PE file.

11. VB Decompiler Lite

(http://www.vb-decompiler.org/download.htm)

A decompiler for programs which have extension like EXE, DLL and OCX.

12. MiTec EXE Explorer

(http://www.mitec.cz/exe.html)

This tool made as an executable reader.
This application is able to read and displays executable file properties and structure of a file which are analyzed.

I collect This information from some other source sites,Please test the above tools and post a responce ,below in comments.
Thankyou,