April 27, 2009

Shell Listing

You have a Rapidleech script but don't have your server? Here is a trick how to find a server using Google. Yes!! using Google only, you can find yourself a server to upload your rapidleech script and start downloading with fast connection. This is the code that can be use in google text box to find yourself your own private server. Tadaa...

powered by captain crunch security team

safe-mode: off (not secure)


basel 2.2

safe-mode: off (not secure) drwxrwxrwx


c99shell [file on secure ok ]

c99shell v. 1.0 pre-release build #16


uid=99(nobody) gid=99(nobody) groups=99(nobody)

--[ c99shell v. 1.0 pre-release build #16


c99shell v. 1.0 pre-release build

powered by captain crunch security team | http://ccteam.ru |

safe-mode : off ( not secured ) drwxrwxrwx

safe-mode: off (not secure) drwxrwxrwx c99shell

!c99shell v. 1.0 pre-release build #16!

--[ c99shell v. 1.0 pre-release build

-[ c99shell v. 1.0 pre-release build #16 powered by captain cru


allintext:"safe-mode: off (not secure)"


basel documentation


c99shell safe-mode : off ( not secured ) drwxrwxrwx

c99shell v. 1.0 pre-release build #16 powered by captain crunch

c99shell v. 1.0 pre-release uname

c99shell v. pre-release build

captain crunch security team

code safe-mode: off (not secure) drwxrwxrwx c99shell

drwxrwxrwx c99shell filetype:php

encoder bind proc. ftp brute sec. sql php-code feedback self re

encoder tools proc. ftp brute sec. sql php-code update feedback

home updir search buffer tools proc ftp brute sec sql self remo

how to restore using !c99memory v. 1.0 pre-release build #16!

intext:c99memory v. 1.0

intext:safe-mode: off (not secure)

intext:safe-mode: off (not secure) tooling


name asc. size · modify · owner/group · perms action

php safe-mode drwxrwxrwx

php4 timezone database

powered by captain crunch security team drwxrwxrwx

powered by captain crunch security team | http://ccteam.ru

safe mode: off ( not secure )

safe mode: off (not secure)

safe-mode: off (not secure) / tmp/ drwxrwxrwx

safe-mode: off (not secure) site:pt

shell powered by captain crunch security team

site:www.astro.mat.uc.pt basel

uid= gid= groups= sql uname -a

uid=99 ( nobody ) gid=99 ( nobody )

uid=99(nobody) gid=99(nobody) groups=99(nobody)safe-mode: off



kuwait hacker

php safe-mode bypass (list directories):

safe-mode: off (not secure)

safe-mode: off (not secure) drwxrwxrwx c99shell

startpar -f


lejeune interpolate

name asc. size · modify · owner/group · perms action

shell c99 ccteam.r

.phpact=f shell

00007458 zip

allintitle: \locus7shell\

allintitle: c99memoryl


astro acrobat

basel stellar library



c99shell v. 1.0 pre-release build #16


efemerides del 22 de abril

encoder bind proc. ftp brute sec. sql php-

encoder bind proc. ftp brute sec. sql php-code feedback

encoder bind proc. ftp brute sec. sql php-code update feedback

encoder tools proc. ftp brute sec. sql php-code update feedback

filetype:php shell

foreach (array(sortsql_sort) as $v)

i.s.s.w team ...



inurl:php drwxrwxr-x ftp brute sql

lejeune interpolation

lejuene interpolate

lmgrd_start 47

mysqld usage of cpu suse httpd2-prefork

php echo getenv

php4 registered stream socket transports

powered by captain crunch filetype:php

powered by captain crunch security team drwxrwxrwx


select action/file-type:

software make dir upload file safe-mode

uid=30(wwwrun) gid=8(www)

"uname -a","uid=","drwxr-xr-x","r57shell"




locus7shell filetype:php

locus7shell uname

allintitle: locus7shell

- locus7shell

intitle:- locus7shell

x2300 locus7shell

--[ x2300 locus7shell v. 1.0a beta modded by #!physx^ |

allintitle:- locus7shell

intitle: - locus7shell

safe-mode: off (not secure)

locus7shell 2008

shell x2300 locus7shell

.br - locus7shell


allintext:--[ x2300 locus7shell v. modded by #!physx^

allintitle: - locus7shell

allintitle: locus7shell ext:php


allintitle:locus7shell filetype:php

free locus7shell

ftp brute sec. sql php-code


locus7s off secure

locus7s shell

ocus7shell apache

locus7shell edition 2008

locus7shell filetype: 'php'

locus7shell index:php

locus7shell linux 2008

locus7shell modified

php safe-mode bypass (list directories):

safe-mode: off (not secure) drwxrwxrwx locus7shell

%%% locus7shell

- locus7shell windows

--[ x2300 locus7shell v. 1.0a beta modded by #!physx^ | www.loc

--[ x2300 locus7shell v. modded by #!physx^ | www.locus7s.com |

--[ x2300 locus7shell v.1.0a beta modded by #!physx^ | www.locu


[enumerate] [encoder] [tools] [proc.] [ftp brute] [sec.] [sql]

allintext: locus7shell v. 1.0a beta

allintext:�safe-mode: off (not secure)�

allintitle: \locus7shell\

allinurl: .phpact=ls

apache aix aixthread_scope

ar ba locus7shell


basel 3.1 library

basel interpolation

basel interpolation engine

basel spectra


encoder bind proc. ftp brute sec. sql php-code feedback self re

filetype locus7shell

interpolation engine

intext:'' safe-mode:off (not secure)''

intitle:- locus7shell'

intitle:c99memoryl inurl:.php

intitle:locus7shell by filetype:php

intitle:locus7shell drwxr-xr-x


inurl:act intext:full hexdump

license.dat idl server bypass

locus7s uname

ocus7shell 2.0

locus7shell [file on secure ok ] drwxrwxrwx

locus7shell intext:x2300 intext:milw0rm.it enumerate uname

locus7shell inurl:php

locus7shell linux

locus7shell linux 2006

locus7shell safe-mode: off (not secure) drwxrwxrwx

locus7shell self remove drwxrwxrwx

locus7shell v. 1.0

locus7shell windows 2008


make dir make file ok read files locus7shell

modded locus7shell

php safe-mode bypass (list directories)

php safe-mode bypass (read file)

php safe-mode bypass (read files)

safe-mode: apache uname -a: linux filetype:php

safe-mode: off (not secure) locus7shell

safe_mode: off drwxr-xr-x locus7shell

software: safe-mode: off (not secure) your ip: - server ip: [ft

suhosin 5.1.2

sybase aixthread_scope

uploads/ drwxrwxrwx

warning kernel may be alerted using higher levels safe mode

x2300 locus7shell download

x2300 locus7shell modified by #!physx^

x2300 locus7shell v. 1.0a

x2300 locus7shell v. 1.0a beta

FTP password:

intitle:"index of" spwd.db passwd -pam.conf

filetype:bak inurl:"htaccess\passwd\shadow\htusers

filetype:inc dbconn

filetype:inc intext:mysql_connect

filetype:properties inurl:db intext:password

inurl:vtund.conf intext:pass -cvs

inurl:"wvdial.conf" intext:"password"

filetype:mdb wwforum

"AutoCreate:=TRUE password=*"

filetype:pwl pwl

filetype:reg reg +intext:"defaultusername" intext:"defaultpassword"

filetype:ref ref+intext:"internet account manager"

"index of/" "ws_ftp.ini" "parent directory"

filetype:ini ws_ftp pwd


only copy the text in bold. copy and paste it in Google text box and pick your desired server.

April 20, 2009

Lightbox Tutorial

How to add the Lightbox effect to your blog in Blogspot platform.
Before you continue, some of you might already know what can Lightbox do. See image below. What you see is just a regular image with no effect or blink-blink on them but try to click them. You'll see the difference now.

1. The first image, Jack Sparrow, has the lightbox effect but only showing the picture.
2. The second image, Punisher War Zone, has the lightbox effect and showing the picture with caption below the image.
3. The third image, Transformer Revenge of The Fallen, has the lightbox effect, showing picture, has caption below the picture, and the caption is hyperlink to other site (my blog).

Now you see what Lightbox can do.
Lightbox script is created by Lokesh Dhakar. You can download this script (for free) from his website: http://www.huddletogether.com.

Blogger system doesn't have the ability to upload script to their server. This is the main problem for blogger user. But, this is not a problem nowadays since there are many free hosting service available now.

you can sign-up for the free hosting service and you'll get free web server with your own storage. Some offer 1.5 Gb of storage for free. Below is my suggestion:
1. http://www.000webhost.com

it has faster connection and you can easily manage your FTP server.

I assume that you has downloaded the script by now and has your own server. if not, you can sign-up for free from the link above.

If you downloaded the latest script (v2.04), there is 3 folder and 1 html file name index. see image below:

Go to the images folder and copy close.gif, closelabel.gif, loading.gif, nextlabel.gif, and prevlabel.gif to other folder. Lets sat, Lightbox2 in Desktop.

Go to css folder and copy Lightbox.css. Paste it to Lightbox2, the folder where we paste the image.

Next, go to js folder, and copy all of the content inside and paste to Lightbox2 also.

Assume that your free server is this: http://mysite.site.com

Before you upload those files, we are going to edit it a little more.

You can do this with other tools also but i use CuteFTP to do it. You can use Dreamweaver or Notepadd++. I will show you how to edit it using Notepad++.

I assume that you have download Notepad++ now. Fire up Notepad++ and drag Lightbox.css to it's workspace. you'll get something like this:

We are going to edit some of code as follow. replace the highlighted code with your site name.

After edit:

You are done editing Lightbox.css

Now, we are going to edit Lightbox.js
Same as before, drag Lightbox.js to Notepadd++ work are and replace the these code with the same code you add in lightbox.css.

Change this too

Now, upload those files to you server using you FTP program such as CuteFTP (NOT FREE).

This is how you add the code to your template.
1. go to Edit Html
2. add this code at above the Header.

<script type="text/javascript" src="http://mysite.site.com/prototype.js"></script>

<script type="text/javascript" src="http://mysite.site.com/scriptaculous.js?load=effects,builder"></script>

<script type="text/javascript" src="http://mysite.site.com/lightbox.js"></script>

<link rel="stylesheet" href="http://mysite.site.com/lightbox.css" type="text/css" media="screen" />

Everytime you wan to use the effect with your picture, add this code to your image (Edit Html)

<a href="images/image-1.jpg" rel="lightbox" title="my caption">image #1</a>

If you want to make a group for your picture so that there is Next and Previous in that picture, add this code:

<a href="images/image-1.jpg" rel="lightbox[roadtrip]">image #1</a>

<a href="images/image-2.jpg" rel="lightbox[roadtrip]">image #2</a>

<a href="images/image-3.jpg" rel="lightbox[roadtrip]">image #3</a>

Delete these Highlighted code:

If you don't want to to waste your time doing all this stuff, you can always use my code. Just copy these code and paste it into your template. How to use it? follow the step above by adding REL attribute to your image

<script type="text/javascript" src="http://geolink.site40.net/prototype.js"></script>

<script type="text/javascript" src="http://geolink.site40.net/scriptaculous.js?load=effects,builder"></script>

<script type="text/javascript" src="http://geolink.site40.net/lightbox.js"></script>

<link rel="stylesheet" href="http://geolink.site40.net/lightbox.css" type="text/css" media="screen" />

have fun.
If you don't understand, just leave a comment and i will surely answer it.

April 19, 2009


My site is a MESS since i update to
new template and layout. But, i like this layout. BTW, i added some javascript to my blog so that user can view photo in different view. Try to read some of my blog that has some picture in it or you can read my other still-in-progress blog here to see this javascript in action.

i use the same script both of this blog but with different layout/template. because of this script, i waste 4+ hours just to figure out how to use it. but in the end, it paid. You can see that in my post here or in that other blog of mine. Try to click the picture below:

April 17, 2009

Findings Windows XP Product Key in Installation Dics

Have you lost your Windows CD Key and are desperately looking for it? No backups, nothing. What do you do now? Well till you have your Original installation you can easily find the Product key without breaking a sweat.

Here are the simple steps you need to perform in order to get your Product Key from the installation CD.

NOTE: This method may not work for certain OEM CD.

1. Insert the Installation CD into your CD / Drive Drive.
2. Explore the CD and navigate to the i386 folder.
3. Open the file UNATTEND.txt and scroll down to the last line.
4. You will find your Windows XP Product key there.


April 10, 2009


W32/VBWorm.QXE (bulubebek)

This is not a new virus that most people say. This virus has been detected back in 10 October 2008. Maybe you just get infected by it and no people reported it to antivirus company before. That's why your antivirus can't detected it.

This is the history about this so called new virue. Previously, there is this virus name Kenshin, Doraemon, and Naruto. Most of them has the same ability, that is to destroy and delete your System file. Actually, it's not being destroy. They only HIDE it in the same directory.
After Donal Bebek saw this virus, and somewhere in Jepang, someone is actually modify the virus and make more powerful. Donal Bebek come up with new idea and on 10 october 2008, the world has witnessed a new born virus called Bulubebek. But, recently the spreading rate has increase as even I do not know why and how.
Locally in Indonesia, a ten thousand plus computer has reported that they ara infected with virus.

Bulubebek is written in High Level Programming languange, the famous Visual Basic with it's file size 53 KB only. The virus has 2 original file, the EXE and it's INF.

what will happen if you are infected with the virus.

Norman security suite detected the virus as VbWorm.QXE.

After the virus is activated, it will write certain file so that it will automatically activated when you turn on your computer. It will also create file in your %systemroot% and in your Document Setting.
The file that the virus created:



C:\Document and Settings\%User%\autorun.inf

C:\Document and Settings\%User%\bulubebek.ini

This file will be created in every of your volume



This is how it auto start when you turn on your computer

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell = explorer.exe script.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell = explorer.exe script.exe

Defence System

To defend itself, it will prevent the user to access some Windows function such as Task Manager, Folder Option, and CMD. To do this, it write some script in your registry.


- CheckedValue=2
- DefaultValue = 2
- UncheckedValue = 2


- CheckedValue= 0
- DefaultValue = 0


- CheckedValue= 2
- DefaultValue = 2


- CheckedValue= 0
- DefaultValue = 0
- UncheckedValue = 0


- CheckedValue= 0
- DefaultValue = 0
- UncheckedValue = 0


- CheckedValue= 2
- DefaultValue = 2
- UncheckedValue = 2


- CheckedValue= 1
- DefaultValue = 1


- CheckedValue= 0
- DefaultValue = 0


- NoFolderOptions


- DisableRegistryTools


- Hidden = 2
- HideFileExt = 1
ShowSuperHidden = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor

AutoRun = exit

HKEY_CURRENT_USER\Software\Microsoft\Command Processor

AutoRun = exit

It also prevent Windows from using “Microsoft Visual Studio Debugging Tools”, file SPYXX.EXE. When Windows or certain drivers and program access the file, a message box will popup telling you that the file is unavailable. it actually because the virus altered some string in registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX.EXE

debugger = TAI BEBEK

Error message from SPYXX.EXE

Spreading method

Flash Disk is the major media where this virus spread itself by copying Autorun.inf and bulubebek.ini to your Flash Disk.

string inside the Autorun.inf

Unlike other viruses, this virus won't harm the host. The maker of this virus has no intention of harming the host. More likely, it's only because of the fun and competition between each virus maker.
The only effect that come out after this virus activated is:

1.Try to hide all of your File/Folder in the Flash Disk or the host (Computer).

2.Make a clone of your File/Folder (with the original name).

3.Used your system resources. It use the Folder icon in System32

See the type, it says Application. Not Folder. This is the virus!!!


Before you carry out this procedure, MAKE SURE:

1.You are OFFLINE

2.Disable your System Restore for the time being. (Windows ME/XP only)

3.Kill the virus process in memory using alternative program of Task Manager such as Procesxp or other similar tool that can access the Running Process Memory. You can use TuneUp Utilities but you have to buy it.

4.Bulubebek virus has the Folder icon with the name LSASS.EXE

5.Right click (in Procesxp) and select Kill Process Tree.

The sctipt below will revert your registry back to it original content. Copy the sciprt below to Notepad and save as “Repair.inf” with the quote. After that:

1.Right click Repair.inf

2.Click install and you're done.

********** copy below after this comment ******************








HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1

HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2

HKCU, Software\Microsoft\Command Processor, AutoRun,0,


HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe

HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

************ Do not copy this LINE *******

Search and destroy your file that has been duplicate by the virus.

If your Folder Option is still unavailable, Log Off your computer and recover you original File or Folder using the command and properties below.

To delete the duplicate file, please use the DETAIL view to make it for to spot for the virus and your original file. The properties below will help you to recognize the virus application:

1.Using the Folder icon
2.File size is only 53 KB
3.The extension is EXE
4.Filetype is Application

Use Search funtion to locate the virus.

Most of your originial file is not LOST but it is SUPERHIDDEN. It means, you file is treated as System File to prevent from being edited or recover. The next step will help you get your file back.

This will be done by using the ATTRIB command in Command Prompt.

Click “Start

Click “Run

Type “CMD”, press [ENTER]

Change the directory to your Flash Drive (i.e: the drive letter such as E:, F:, and so on)
Enter this command: cd /D [Drive Letter]: ***[ ] is not inluded

Enter this command: ATTRIB –s –h –r /s /d and then press [ENTER]

I didn't change my drive letter because I only change my directory.

To ensure that the virus has been cleaned, update your antivirus and scan.

If you have any comment or suggestion, please comment below.

April 7, 2009


If you like trivia, then this is the best place for you to get some Trivia.

1. Coca-cola was originally green.

2. The most common name in the world is MUHAMMAD.

3. The name of all the continent end with the same letter that they start with. (only applicable in English name)

4. The strongest muscle in the body is the tongue.

5. TYPERWRITER is the longest word that can be made using the letters only on one row of the keyboard.

6. Women blink nearly twice as men.

7. You can't kill yourself by holding your breath.

8. It is impossible to lick your elbow.

9. When you sneeze, your heart stop for a milliseconds (could be hazardous).

10. It is physically impossible for pigs to look up to the sky.

11. The "Sixth sicks sheik's sixth sheep's sick" is said to be the toughest twister in the English language.

12. If you sneeze too hard, you can fracture a rib. If you try to suppress a sneeze, you can rupture a blood vessel in your head or neck and die.

13. Each king in a deck of playing card represent a great king from history:
* Spades - King David
* Clubs - Alexander the Great
* Hearts - Charlemagne
* Diamonds - Julius Ceaser

14. About Statute:
>> If a statute of a person in the park on a horse has both front legs in the air, the person died in the battle.
>> If the horse has one front leg in the air, the person died as a result of wounds received in battle.
>> If the horse has all four legs in ground, the person died of natural cause.
15. What do bullet proof, fire escape, windshield wiper and laser printer all have in common?
Answer ->> ALL invented by women.

16. A crocodile cannot sticks it's tongue out.

17. A snail can sleep for three years straight.

18. All polar bears are left handed.

19. Butterfly taste with their feet.

20. Elephants are the only animals that can't jump.

21. In the last 4000 years, no new animals have been domesticated.

22. On average, people fear spider more than they do death.

23. Shakespeare invented the words "Assassination" and "Bump".

24. "Stewardess" is the longest word type with only the left handed.

25. The ant always falls over on its right side when intoxicated.

26. The electric chair was invented by a dentist.

27. The human creates enough pressure when it pump out to body to squirt blood 30 feet.

28. Wearing headphone for just an hour will increase the bacteria in your ear by 700 times.

29. Rats multiply so quickly that in 18 months, two rats could have over a million descendants.

30. The cigarette lighter was invented before the match.

31. Most lipstick contains fish scales.

32. Like finger prints, everyone's tongue print is different.

33. Finally, 99% of people who read this will try to lick their elbow!!!