Lesson one: How to find peoples photobucket links

Many people do not rename their image files before they upload them, so they still have the default name format of their scanner, image editor, or digital camera. For instance, Sony phones and cameras use the file name format DSCxxxxx.jpg, where "x" can be any number from 0 to 9. One could search for all the images manualy, but i made a program that makes this a lot easier and faster:


Download it at: http://sourceforge.net/projects/efd/

If you want to try find someones photobucket pictures, Copy the link to one of his pictures. This could look something like this:
http://i3.photobucket.com/albums/y56/au ... C00212.jpg

To find out if a person has got more images named like that on his photobucket, insert the url into the program (1), and delete the filename of the image except for the letters "DSC".

Select the folder on your PC where you want to save any images you might find (2).

The enumeration of the original picture was "00212" and consists of 5 ciphers, which must be selected in the "ciphers" drop down menu (3).

The "start index" (4) indicates the enumeration of the first image in the series to look for, wich usualy can be set to the value "1" (the "ciphers" function will add the leading zeros).

"End index" (5) should be the enumeration of the last picture in the series to look for. To be sure to find all images with this name format, set it to "99999". It will take very long to search for and download that many images, so you might want to concider to start out with something lower like "5000".

The "file extension" field (6) should contain the last part of the filename that isnt part of the enumeration, wich in this case is ".jpg".

If everything has been entered corectly, the example URL field should look like the original link format, only with the enumeration changed, and you are ready to go! Press the "download" button, and the program will download every image named DSC00001.jpg to DSC99999.jpg from the persons photobucket folder. If you want to find more pictures, try use filenames such as (the numbers in the brackets indicates the enumeration range and should be excluded):
IMG_[0000-9999].jpg
Picture[000-999].jpg
[0-9999].jpg
pic[000-999].jpg

This program also works with "Fusker" URL's (just check the "Fusker" check box), and it can download any kind of enumerated files like for example split ZIP or RAR archives, and not only images.


Tomorrow: How to make your own myspace tracker

B-b-but, this cannot be true!

It can I will tell you tomorrow how to do it. It will be a little more complicated to set up than the trackers that already exist, but it will be stealthy, add free, and you wont risk having your account phished.

I always thought they should have a thing that allows you to see who has you in their Top Friends.

Lesson two: How to make your own MySpace tracker

Myspace does not allow trackers, but here is a guide to how you install your own stealthy tracker to see who visits your profile. This may be a bit hard to understand for many, but i will try to keep it as simple as possible.

Tools needed:
First of all you need to download this ZIP archive:
http://www.zshare.net/download/461744749ddbbe/

The second thing you will need is web hosting where you can upload the tracker. Please note that it has to support PHP, htaccess, hotlinking and FTP file upload. I dont know of any free web hosting that offers these services, but you can rent web space for around 1 euro per month that can do the trick, or you can pay some more and get a professional web host like for example www.servage.net .

The third and last thing you need is an FTP program, like FileZilla (free).

Instalation of the tracker:
Unzip the 4 files in the ZIP archive, and open the file called ".htaccess" with notepad. In this file there is some code saying:
RewriteEngine on
RewriteRule \mypicture.jpg$ http://yourhost.com/image.php [R,L]
Replace "yourhost.com" with the address of your web server.

Now, upload all 4 files from the ZIP archive to the web server via your FTP client.

After successful upload, you must change chmod of "image.php" to 755. In many FTP clients (like FileZilla), this can be done by rightclicking on the file when it has been uploaded to the server and edit the file properties. "log.txt" must be set to chmod 666 (is done in the same way).

Somewhere on your myspace page, add the image code:
<img src="http://yourhost.com/mypicture.jpg">
where "yourhost.com" must be replaced with the address of your own web server. It is important that you do not have a file called "mypicture.jpg" on the web server (This will be explained later if you really want to know why).

Now, everytime someone views your profile and thereby loads "mypicture.jpg", information about them will be saved in "log.txt", which you can download from the web server and view whenever you want. Enjoy!

Tips:
You cant see your visitors MySpace ID's, but you can see their IP address, web browser, operating system, time and date of visit, language of the system, and weither the image was viewed from your myspace profile or someone else is linking to your picture. To find out more about who visited your profile, submit their IP address to http://network-tools.com/ and do a "lookup". You will then be presented with info on which country the person is from (sometimes even the city), and which internet service provider they have. This together with the other information (and for example if someone wrote a comment on the same time as the visit was registered) will make you able to identify most of your visitors.

How this works (this is not nessesary to understand in order to use the tracker):
The image "mypicture.jpg" does not actualy exist on your web server. But, the code in the .htaccess file redirects requests for "mypicture.jpg" to "image.php". "image.php" is an invisible script that registers information on who requested "mypicture.jpg" and saves the info to "log.txt" without anyone but you knowing it. It also sends back the data from the image file called "image.jpg" so that the browser thinks that it is actualy recieving "mypicture.jpg" even though it does not exist. In this way, MySpace or others will not find out that you are loging information about them, as all they will ever see is an innocent jpg file. "image.jpg" can be replaced with any image you like, if just it has the filename "image.jpg".

The disadvantage is that you do not get exact informatin on which MySpace user actualy visited your profile, but only information that will make you able to guess who they are with some precision. A solution to this would be to write a tracker in JavaScript, that people could add to their profiles. But since MySpace does not allow JavaScript code in profiles, this would have to be implemented in a flash file, like the visitor maps that many people have. The disadvantage of this method is that MySpace and others will be able to see this code and find out that you are tracking your visitors, and this is why many visitor maps from time to time gets removed from peoples profiles. And in the worst case, they could delete your profile for violating their rules. Therefor, the method i described in this post is the safest one to use at the moment.


Tomorrow: How to recover lost (or break) Windows passwords

all links are filtered into msplinks soon or later mods will see it and remove the page for using one

Lies lies lies

This one DOES work.
It has been working for weeks.
And it will keep working as long as you can insert your own images on your myspace profile.

It can not be found by myspace, as the code that logs the visitors is hidden inside image.php and is only visible to the webserver. There is no way they will ever be able to find the code and bust your ass unless they break into the webserver (which is very dificult and very ilegal). The tracker uses basic HTTP protocol features invented more than 10 years ago that myspace cant do a flying fuck about no matter how much they wish they could and no matter how much they claim they can.
Besides, this tracker has nothing to do with linking, so it will not be turned into a msplink. And if it did, it wouldnt do anything.

Lesson three: How to recover lost (or break) Windows passwords

We have all tried it. You or someone else forgot his windows logon password, and now you cant recover your encrypted files or important emails (or maybe they didnt forget their password, but you will be helpful and find it for them anyway ). But fear not, here is a guide on how to solve the problem. It is much much easier than it may sound, thanks to the open source project "Ophcrack".

Ophcrack is a linux live CD, that does not require any instalation or modyfication of the target computer. Just burn the CD image image to an empty CD, insert it in the PC's CD-ROM drive, and turn on the PC. Then the linux operating system will start up directly from the CD, and an automated process will break the passwords without you having to press a single key. Just wait and let it do its magic.
Download the CD image here:
http://sourceforge.net/projects/ophcrack/
(To break passwords)

Ophcrack is only able to break passwords that consists of alpha-numeric letters. If the password contains any special letters like )"!.-£# and so on, it will not be able to break the password. But if Ophcrack didnt find the password, use Ophcrack to see the LM or NTLM "hash" value (encrypted password) for the password and write it down. You can then submit it to http://plain-text.info/add/ which is a place where they crack lots of passwords fast, and there is a good chance that they will find it.

If you think "hash" values, LM, and NTLM is way too complicated, you can get another bootable linux live CD that can overwrite the existing passwords, and replace them with which ever password you like instead. Note that this will modify the windows instalation and can not be undone.
Download the CD image here:
http://home.eunet.no/pnordahl/ntpasswd/
(To overwrite passwords)

While it may not be very nice or very legal, it can be somewhat amusing to change peoples passwords, and make a treasure hunt they must complete in order to find their new password Not that anyone would ever do such a mean thing...

Tomorrow: Sunday... just realxing unless someone has got a request

heres a suggestion to firefox users

Is there already a tool wich speed up the standard internet explorer by microsoft ?

dunno mate. haven't used IE long time, only if some crappy websites dont support Firefox.

Zumo any suggestion about password on rar. cant remember a password from a file i compressed moths ago, probably was drunk at the time (tried all my usual and unusual passwords, but none did match). tried RAR password recovery, but it takes ages.

As far as i remember, there is an exploit in the encryption for rar archives if it is not compressed as a solid archive. If you have one of the files from the archive (prefereably a small one) there is a way to reverse the process to find the encryption key by comparing the the unencrypted file with the encrypted copy in the archive somehow. It has been a while since i have worked with it so i dont remember wich program can do it, and it may even have been for ZIP archives Else there is always deadly slow bruteforcing as you already tried.


Tried https://sourceforge.net/projects/aapr/ ?

tried but couldnt figure out how to make it work. just gonna wait some years to get the password back

There is a readme in the zip file. If the password is more than 8 letters long, im afraid that you are out of luck.

I just want to ad that the tracker is still working and nothing have happened.