Powered by Blogger.

Translate

Popular Posts

About

IP Address Checker
IP Address Checker

Blogger news

Blogroll

Search

Blogger templates

RSS
Showing posts with label Website Hacking. Show all posts
Showing posts with label Website Hacking. Show all posts

List Of 7000 Dorks For Hacking Into Various Websites

Posted by Unknown | Labels: ,


Finding Vulnerable Website Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google.

Some Examples:
 inurl:index.php?id=
 inurl:gallery.php?id=
 inurl:article.php?id=
 inurl:pageid=

How to use?
 copy one of the above command and paste in the google search engine box.
 Hit enter.
 You can get list of web sites.

 List of 7000 Dorks.....
DOWNLOAD HERE

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(1)
Posted by Unknown

How to Upload PHP Shell Through Tamper Data an Firefox Add-on?

Posted by Unknown | Labels: ,

Many times you get login of a website, but you are unable to upload your PHP shell !
Today i'll show you how to upload your PHP shell through Tamper Data an Firefox Add-on

Install Tamper Data firefox add-on:
Download Tamper Data here
Now Install it and Restart Firefox

Rename shell:
Note: You have to rename you .php shell to .jpg to bypass the website's security
To upload a shell, of-course you needed a upload option in login page or anywhere !

Demo:
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so i got a upload option there !
Find your upload option click on browse, locate you .jpg shell and select it !

Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data plugin will open in a new window !

Before Clicking on Upload button click on "Start Tamper" in Tamper Data window..
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.. If you want this tutorial to be open... Just open it in another browser

Now click on upload button !

After clicking on upload button "Tamper with request?" window will appear !
Click on "Tamper" button

After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad

After Copying it to Notepad... "Find yourshell.jpg" and rename it to .php.
Now copy Notepad's text back to "POST_DATA" field..and click OK
It will Upload the shell as .php and you can execute it easily !
Find your .php shell & do whatever you wanted with that website
that's all !

Note: Website Taken as example is patched by the webmaster !

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(3)
Posted by Unknown

Symlink Tutorial

Posted by Unknown | Labels: ,



Hello Guys, Today I'm going to explain how to symlink websites in two different methods.
So Lets Start!

[#] Explanation
First I will explain what symlink can do, Symlinking is making Symbolic links to other websites on the same server to read their configuration files, connect to their database, and get the information needed to get access to their Control panel.
and that's about it :)

[#] Method #1

After uploading you shell on the server make a directory with the command bellow: 
mkdir sym


NOTE:- The directory can be called whatever you want, just change the "sym" to any name.

Enter your new directory then upload OR create a file called ".htaccess" in the new directory with the code bellow inside it: 

Options all 

DirectoryIndex Sux.html 

AddType text/plain .php 

AddHandler server-parsed .php
  AddType text/plain .html 

AddHandler txt .html 

Require None 

Satisfy Any
Like this picture:

After that, we will run the command bellow to create a symlink to "/" directory: 
ln -s / root
and it will look like this:

And if we opened the directory "sym" from our browser like "www.website.com/sym" it should look like this:

in the image above my shell was in /downloads so I made "sym" directory inside /downloads
and our process is almost done, now we just have to get the user of the target website.
I've provided user.php code in the bottom of the post, this script will give you all the websites on the server and their username.

when you get the username of your target, just open the link like this:

www.website.com/sym/root/home/(user)/public_html
where (user) = the user of the target
here is a picture for example:

where the user was "hillock"
now the next step is easy, we will start looking for the configuration its usually called config.php, or configuration.php. here are the location of configuration files in the most famous webapps out there. 
vBulletin -- /includes/config.php

IPB -- /conf_global.php

MyBB -- /inc/config.php

Phpbb -- /config.php

Php Nuke -- /config.php

Php-Fusion -- config.php

SMF -- /Settings.php

Joomla -- configuration.php , configuration.php-dist

WordPress -- /wp-config.php

Drupal -- /sites/default/settings.php

Oscommerce -- /includes/configure.php

e107 -- /e107_config.php

Seditio -- /datas/config.php


when you find the configuration file, it will contain the database details.
it will look like the image bellow (image bellow is joomla configuration file):

now upload SQL.php (code provided bellow)
and connect to the database.
Congrats :) now you can get all the details from admin table, and even change it.

[#] Method #2

In this method, we wont symlink the root directory, we will symlink the target's public_html dir directly.
To do this, just follow those steps,
1. Make the a new directory, just like method 1
2. make ".htaccess" OR upload it with the code bellow:
 
Options Indexes FollowSymlinks

DirectoryIndex z0mbie.htm

AddType txt .php

AddHandler txt .php

3. run the following comman:
 
ln -s /home/(user)/public_html (user)
where (user) = the target's user
and it will look like this when we open it in our browser:
in the picture the user name of my target was "csseipsn"
now you just have to find the configuration and connect :)
Scripts Needed:

User.php Source Code
SQL.php Source Code

LIKE ALWAYS ITS ONLY FOR EDUCATIONAL PURPOSE ONLY!
Source: Security Geeks

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(1)
Posted by Unknown

Hack Website Using Havij

Posted by Unknown | Labels:


Now we move to some serious hacking. It is Website Hacking. We can hack any small scall website by using Havij.

Havij is a nice injecting tool used to hack many small websites. But you can not hack websites like google, facebook, yahoo etc. with Havij.

Firstly, if you haven’t downloaded havij full version, I strongly advice you download it before you continue. You can download it from the following link.
Havij1.16 Pro
Link 2

Now run Havij. Now copy paste the SQL Injection vulnerable website into TARGET and click the ANALYZE BUTTON



Now be patient while havij get information about the website like Database Name, Server, Etc.
Secondly, we need to get the table of the website. Now click on Tables and click on Get tables and exercise some patience 

to get the database tables.



Thirdly, after getting the tables, Scroll through the entire tables founded, If you suspect any field where admin usernames 

or password are stored, Thick on it and click on get columns




Now to the final stage, Click on get data to get the password and username of admin. Now you have the admin usernames 

and password. Simply take note of only the username.

The password you got is in Md5 format and cannot be used to login to the website directly. What we need to do is too 

simply click on the MD5 tab on havij and paste the password into the text field and click on start. Now havij gives you the 

real password.

       - Now click on the get admin tab to get the admin login page of the website.

       - After getting the admin login page URL, Simply open it in your browser and login using the username and 

passwords we got previously.

That it, you are now the admin of the website. You can simply change and delete whatever you want on the server.

NOTE : These tutorials is only for educational purposes, do not implement it on innocent people websites. If you find 

vulnerabilities on any website, simply report it to the admin of the website via the contact form.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(6)
Posted by Unknown

DDOSing Without Any Software

Posted by Unknown | Labels: ,



DDOSing without any software :D

First open your CMD from run ( window + r )


Now the important thing what we want is the ip address of the

site that we are going to attack.

To get the ip of any site just type nslookup in cmd followed by

the address of website

for eg: if you want the ip address of google just type

nslookup http://www.google.com/ 

or
ping www.google.com


these command will give you the ip address

Ok , now you got the ip address of the site you are going to

attack,

then type the following command in your CMD and hit enter

ping website-IP -l 65500 -n 10000000 -w 0.00001

-n 10000000= the number of DoS attemps.. u can change the

value "10000000" with ur desiredvalue u want to attempt attack.

website-IP= Replace the text with the ip address of the site u

want to be attacked..

-w 0.00001 = It is the waiting time after one ping attack.

for eg: if the ip address is 112.158.10.2

just type

ping 112.158.10.2 -l 65500 -n 10000000 -w 0.00001

And thats it you are done . Dont Change or Remove -l, -n and -w

in this command.. otherwise it wont work
 enjoy hacking !!! :D


  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(0)
Posted by Unknown

BLOCK OR UNBLOCK WEBSITES

Posted by Unknown | Labels:

                                                 BLOCK OR UNBLOCK WEBSITES

There are many people who want some website unaccessible from their computer. Most of the parents want to block some websites on their computer system. Here i am going to write a well known an easy way to do this.

Steps:
 

1- go to C:\WINDOWS\system32\drivers\etc
 2- Find a file named "HOSTS"
 3- Open this file in notepad
 4- Under "127.0.0.1 localhost" Add 127.0.0.2 www.xyz.com , Now www.xyz.com site will no longer be accessable.
 5- Thats Done....
you can add as many url of websites under this by increasing last no. of ip
 as
 127.0.0.3 www.abcxyz.com
 127.0.0.4 www.xyzas.com

an so on.
 To unblock these website only erase the line corresponding to that website.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read User's Comments(1)
Posted by Unknown
Subscribe to: Comments (Atom)