WEBSITE HACKING WITH DOT NET NUKE EXPLOIT
A google dork is an act of using google provided search terms to obtain a specific result and this DNN vulnerability occurs only in those websites which have “/portals/0″ in their navigation, So goahead and search for inurl:”/portals/0″ where inurl asks the google to display all the url’s who have /portals/0 in their navigation
1.Lets say the vulnerable website is:
www.vulnerablewebsite.com/portals/0
2.Now we will just add Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx after the url so http://www.vulnerablewebsite.com/portals/0 will become http://www.vulnerablewebsite.com/portals/0Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
3.Now a website is vulnerable to this type of attack you will get a similar windows like the below one:
javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
What this javascript will do is that it will enable us to upload our image to the server:
Countermeasures
1.The easiest method is to rename your fcklinkgallery to some thing else but it will not prevent this attack, but you can protect it from script kiddie’s in this way, A skilled hacker can easily find the renamed file by using some Footprinting methods
2.Another way to prevent this attack is to upgrade to IIS 7 or higher and a DNN version of 4.9.4 or higher
LEARN WEBSITE HACKING AND SECURITY WITH DVWA TOOLS
Basically Damn vulnerable web app(DVWA) PHP/MySQL web app which is Damn vulnerable, DVWA web app allows you to learn and practice web application attacks in a safe environment, It’s latest version is DVWA 1.7.
Vulnerabilities
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute Force
- Blind SQL Injection
And much more.
Official warning
It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.
FREE HACKING TOOLS ESSENTIAL FOR EVERY HACKER
Free Essential Hacking tools For every Hacker:
IP Tools:
IP-Tools offers many TCP/IP utilities in one program. This award-winning Free Hacking tool can work under Windows 98/ME, Windows NT 4.0, Windows 2000/XP/2003, Windows Vista and is indispensable for anyone who uses the Internet or Intranet.
It includes the following utilities
Brutus ( Password Cracker):
Brutus is a remote online password cracker for windows, good for HTTP,POP3,FTP,SMB,Telnet and lots others.. it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords.you can Download Brutus Password Cracker Here
A very nice Hacking tools.Its general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It cracks hashes with rainbow tables,
Features:
Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
Support rainbow table of any hash algorithm
Support rainbow table of any charset
Support rainbow table in raw file format (.rt) and compact file format (.rtc)
Computation on multi-core processor support
Computation on GPU (via NVIDIA CUDA technology) support
Computation on multi-GPU (via NVIDIA CUDA technology) support
Runs on Windows XP 32-bit, Windows Vista 32-bit and Windows 7 32-bit
Command line and graphics user interface Download Rainbow Cracker Here
LC5(LophtCrack):
Windows password auditing and recovery application L0phtCrack or LC5 attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and reborn as LC6 in 2009.
Download LC5 here
John the Ripper:
A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find Here and download john ripper here.
HOW TO CRACK WINDOWS ADMINISTRATION PASSWORD
There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password . This might come handy in places like schools ,collages where you cant use your live Linux cds , usb ..etc because your being watched
Things we need :
1. Pwdump or Fgdump to extract password hashes
In this tutorial I will be using Pwdump
Extracting Password hashes :-
1. Open My computer and go to C:\Windows\system32 . now place the Pwdump file which we download earlier
2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump
Using c d command and click enter
Example :-
Cd C:\Windows\system32 \Pwdump
3. Now you can see a list of Pwdump commands as shown
Example :-
Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt
Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt
Cracking The Hashes
Considering that we are in school/collage were we cant use tools to crack passwords so as an alternative we are using online password cracking sites
1. Go to online password cracking sites like http://www.cracker.offensive-security.com , http://www.onlinehashcrack.com and paste the hash select hash type as LM and click decode
2.By this way we are able to crack windows password using a single tool
Note:- If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house
FACEBOOK ACCOUNT HACK-WHAT TO DO ?
1.Reset Facebook Password with Secondary email address:
When ever you sign up for a Facebook account,they ask for your Secondary email address,In case if you loose your Password you can reset it with your Secondary email address.
2.Secret Answer:
Yes you can also reset a Facebook password with a Secret Answer which you provided to the Facebook while Signing up For a Facebook account
3.Contacting Facebook:
Lastly if Hacker has changed your Secondary Email address and Secret Question then you have only one way left i.e. Contacting Facebook team for the issue.
Below i am also writting some ways to Protect your Facebook account from getting Hacked
Protect your Facebook account from getting Hacked:
1.Use Strong Passwords:
In order to keep your Facebook account From Getting Cracked with a Brute force,Dictionary or Rainbow tables you need to keep Strong password usually more than 10 letters or else it will be damn easy for the Hacker to Hack a Facbebook password
2.Use Phishing filter:
Phishing filter is a sheild which protects you from Fake login pages,These fake login pages are made to steal your passwords and Phishing filter will prevent you from logging into these kinds of pages
3.Use a good Antivirus and Antispyware:Yes,this is the most crucial step in all the above mentioned,It is highly recommended that you use a Good antivirus and antispyware program,I would recommend Kaspersky as an antivirus and as an spyware spyware cease and dont forget to update them regularly,Remember one trojan takes it all.
4.Use a Good antilogger:
Antilogger is a program which lets you know if a keylogger is present on your computer,Keylogger is a spyware program which helps you track of what is happening on your Computer.
5.Use a Good Firewall:
If you want to prevent a Hacker to enter in your Computer and Hack your Facebook password than you must use a good firewall,I personally Recommend Zonealaram firewall.Firewall is a Hindrance in Hacking,A hacker may bypass antivirus but its very difficult for a Hacker to bypass a Firewall
Hope Methods will help you to prevent your Facebook account from getting hacked,It is higly recommended that you must follow all the above Methods to ensure maximum security.
HOW TO VIEW PRIVATE LOCKED PROFILE
In post i will tell you how to view private facebook profiles,This latest hack proves that anyone in the world is able to view anyone’s private tagged pictures,This is why facebook is not privite is still open even after such publicity all over the web.Major security threat.
Have you ever wanted to see pictures of an enemy but you couldn’t because her or his facebook account was set to private. Well thats all going to change because I will show you very simple way to view private facebook profiles
Method:
1. Login in your Facebook Account
http://www.facebook.com
2. Search for the person
3. Find the persons ID # by Clicking on Send messages
http://www.facebook.com/photo.php?pid=1234567&id=%5BPerson’s ID]&op=1&view=all&subj=[Person’s ID]
6. Copy and paste the link in your browser
7. You should be able to see 10-20 pictures before facebook denies you access.
HOW TO HACK FACEBOOK-FACEBOOK HACKS
- The scripts in these hacks to hack facebook require Firefox. Firefox is a free web-browsing program similar to Internet Explorer with additional security features and options.After you install Firefox, you’ll need Greasemonkey. Greasemonkey is a Firefox extension which lets you to add bits of DHTML (“user scripts”) to any web page to change its behavior. In much the same way that user CSS lets you take control of a web page’s style, user scripts let you easily control any aspect of a web page’s design or interaction. Greasemonkey is free. You can download it here: Download Greasemonkey (note: this link will not work in Internet Explorer – you must have Firefox installed to install and use Greasemonkey. If you don’t have Firefox, you can download it here for free.)
- After you’ve installed Firefox and Greasemonkey, you can install these scripts:
- AutoLogin: Facebook autologin automatically logs you in to Facebook (it stops asking you to log in every time!)
- Change the color of Facebook: This script changes the default color of your Facebook. By modifying the code you can make it whatever color scheme you want.
How to access Facebook if your school blocks it?- Many schools and businesses use a firewall to block access to websites like Facebook, Friendster, Hi5, MSN Spaces, Hotmail, Yahoo email, and other email sites, making it difficult (but not impossible) to access them.
- If your school or office firewall blocks access to Facebook, Friendster, Hi5, Gmail, or Yahoo email you may be able to use a few internet privacy tricks get get around the firewalls and access any website you want.
- The easy way: Try Firefox to get around the firewall
- “Firefox has built-in proxy connection settings”
- Try the built-in proxy connection settings with an Anonymizer service to access Facebook from school or work
- Firefox is not affected by many network restrictions that system administrators may automatically apply to Internet Explorer every time you use it. More importantly, Firefox has built-in proxy-connection settings, which when used with settings that you can get from an anonymous web surfing or anonymizer service, can allow you to get to virtually any website you want even if it is blocked by a firewall. Firefox has several other features such as Google-integration for faster searches, automatic pop-up blockers and more. Firefox is free.
- To hack Facebook from work or school, even through a firewall by using an Anonymizer or Private web surfing site
- For years internet privacy experts have been using anonymizers, private web-surfing services
HACK FACEBOOK ACCOUNT-FACEBOOK FREEZER
Principle behind working:
Facebook has security feature in which after 25 or so logins the account is temporarily disabled,to enablethe account the account owner must reset his/her account
Thus, even when victim tries to login his Facebook account using correct password, he is not able to login to his Facebook account, thus you can hack Facebook account thanks to Facebook Freezer.
This Facebook Freezer works cool on windows xp and windows vista (even supports earlier version of windows).
1.Download Facebook freezer to hack facebook account.
2.Now extract the files into a folder
3.Now, run FacebookFreezer.exe file to get this:
4.Simply enter email id of victim whose you wanna hack Facebook account using Facebook freezer and hit “Freeze“.
5.That’s it. You will now be able to hack Facebook account using this Facebook freezer. This freezing will continue until you hit “Stop Freezing”.
This will not hack facebook account for you but it will prevent the victim to login into hisher account.
What is Hacking ?
This is My First Tutorial Of Hacking . In this tutorial I will Tell you what is hacking.. ethical hacking security…who are hackers…why we do hacking…and Introduction to some basic terms…
First of all I will try Explain what the Hacking really is… What Is Hacking??
Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer.Everyone here thinks that hacking is just stealing of data and information illegally but this perception is absolutely wrong
“Hacking is unauthorized use of computer and network resources. (The term “hacker” originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)” – wikipediaHacking definition by me –
“
Hackers are categorized in to three Parts :-
1.White Hat Hacker : – A
white hat hacker or “Ethical Hacker” is a white hat because he/she doesn’t destroy/exploit systems he/she has broken into. and instead somehow notifies the admin of the cracked systems security holes and flaws.2.Black Hat Hacker : – A black hat or “CRACKER” on the other hand is a hacking into systems (usually) only to destroy something or to steal information like bank information.
3.Grey Hat Hacker : – the grey hat is just in between them in some way maybe not always leaving a note to the admin telling about the flaws in the system or the loop hole he/she used. or maybe just peeking abit in the logs.
Some Terms in Hacking you have to be know :- Threat –An action or event that might compromise security. A threat is a potential violation of
security.
Vulnerability –Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
Exploit –A defined way to breach the security of an system through vulnerability. i.e Use the vulnerability to damage the database or system.
Attack –An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
Security – A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable.
That’s all for today I think You all would have like this and want to see more.. I will regularly post material. THANKS FOR READING !!
Have Fun and keep Hacking 🙂
HOW TO HACK A GMAIL ACCOUNT OR PASSWORD
- Index.htm
- Isoftdl_log.txt
- next.php