Ethical Hacking

Hacking Whatsapp With Kali Linux

2018-12-21T18:21:00.001-08:00

Hacking whatsapp is the major thing these days as every one are on whatsapp and information on whatsapp is crucial for business and personal use. Whatsapp is an app which is used for real time communication between the users by providing unique id (phone number).

The real time communication helps people to text, call and video chat through application.
The following information which we provide must only use for learning purposes and to to find exploits in an apps.

List Of Best Google Dorks To Find Juicy info

2018-12-21T17:56:00.000-08:00

Its been so long that i havent been posted on my blog.
I am developing so much stuff so i couldn't focus much on my blog, so these days exploiting servers, people and their passwords became relatively too easy. Social engineering became easy with dumb users and for clever ones its quite sort of hard.
Back to post now, i am providing list of dork which will display passwords, admin names, usernames, vulnerable directories etc., list goes as follows.

inurl:wp-config.bak

Dork is used to find the useful data of wordpress cms, as 70% of internet is powered by php and wordpress, so this dork helps to find the usernames and passwords in wp-config.bak file.

inurl:"trello.com" and intext:"username" and intext:"password"

The above dork is used to find juicy info like usernames and passwords from trello website. You may find useful.

intext:password "Login Info" filetype:txt

The above dork displays lot of information, its better you find out by searching the information and juicy stuff.

"index of /" authorized_keys

helps to find authorized_keys ssh and some rsa files in a server

"password.xlsx" ext:xlsx

The followng dork is used to find excel files which containing passwords from google search engines

inurl:wp-config-backup.txt

You can see username and password of wordpress database by this dork, try this dork. It will help you to secure your server if youre using the wordpress

inurl:/host.txt + filetype:txt + "password"

The following dork helps to find host, usernames and passwords of website, take a look at it and happy hacking.

There are many more dorks available in the internet where you can get lot of juicy information. I found these dorks are good example for learning google search exploit finding

Find ajax calls fields in your web browser

2015-07-02T16:14:00.000-07:00

most of the coders don't know,how the values are updated to database, but when you make an ajax call it will show in your browser.
For example if i do any change which was directed by ajax function then script automatically sends data to database.

This is image when we does not make ajax call.

This is the image when we make an ajax call.

Exploiting Server Tutorial

2013-12-13T03:44:00.000-08:00

A simple tutorial on exploiting the server.

Tutorial On XSS[Video]

2013-12-01T10:04:00.004-08:00

A simple video on Cross site scripting, a website hacking technique which is used for injecting malicious javascript with the help of browser.

Find Out Name Of Unknown Number

2013-12-01T05:29:00.001-08:00

Now a days many prank are going over the mobile. People might be friends, enemies, relatives or anybody.
We dont know who is pranking with us. In this post i will explain to you to find out the name of the person who is pranking with you.

Actually this is so simple to find out the person name by visiting to Truecaller.
True caller is an app which helps us to find out the numbers which are provided in their directory. If you install this app on your mobile which has internet, then you can easily find out a person name who is pranking with you.

All you have to do is go truecallers website or to have a true caller app on your mobile.

Enter the number in true caller you will get the person's name of an unknown number.

Google Dorks Helps Hackers To Find Passwords In Search engines

2013-12-01T04:12:00.001-08:00

Most of the people know that, passwords of the users may be found on Google. Question arises how??
Its simple previously some body might have been hacked the passwords of them.
If you search any email address in Google , then list of sites in which your email address has been registered will be displayed on it.

Most of the people like bloggers use this technique for getting mails of the users who are active in internet and do some malicious activity to them by sending phishing or by spamming. Google is too powerful for security researchers to undergo any process of hacking.

Dorks are nothing but queries of Google which help you get information, passwords, data etc., in security point of view. When you query out any dork in Google, you will get list of sites with information, it may be passwords, data,texts, audios and my be videos too.
I dont want to prolong too much about this, so in order to find out passwords here is the list of dorks which help you get passwords online. Simple query it in Google , you will find the passwords.

ext:sql intext:@gmail.com intext:password
site:github.com inurl:sftp-config.json
filetype:config inurl:web.config inurl:ftp

and the complete list can be found here.

Ethical Hacking Tools

2013-11-24T01:36:00.002-08:00

Ethical Hacking , as you know protecting corporate or users from the unprotected world. Most of the companies hire people to test their product by hacking in to it. Hackers who are good are known as ethical hackers(white hat hackers) and hackers who are bad, i mean who steal credit cards, money, hack passwords for personal and commercial use are know black hat hackers.

So in order to hack we need some of the tools to play around. Here are the listof tools which comes handy for the hackers to use. But i suggest you to use Backtrack Linux or Kali Linux, as linux is most used operating system by hackers.

Lets jump in to handy tools for hackers.

1. Cain & Abel:

Cain is one of the awesome tool which is used for cracking passwords, networking sniffing, MITM(Man In The Middle Attack) and many more attacks. With the help of this tool we hackers mostly sniff networks and crack simple passwords of windows, MD5 etc.,

If you want some serious action of hacking scene then use this tool. It is real handy tool for hackers. As it is not supported in Linux you must Install It by Wine in Linux.

2. Ettercap:

Ettercap is my favorite tool which is used for network sniffing and man in the middle attacks. With the help of this tool i hacked many networks. When i log in my PC , i do attack entire network and i do sniff many passwords with the help of this tool. I recommend to use this tool of educational purposes. This tool can hack Yahoo, Google , Msn passwords by sniffing in to their networks.

There is a little disadvantage of this tool, we cannot use this in windows, it only supports linux. Dont forget to use Ettercap for hacking networks, i almost hacked 1,00,000 of my network account.

3. Nmap:

Nmap as you know famous tool for scanning networks , i mainly use nmap for exploiting loop hole , reverse ip, mail servers, FTP's and etc., Nmap is really handy tool for scanning part. Best part of nmap is that it supports windows and linux.

4. WireShark:

Wireshark is famous tool which is used for Complete Network sniffing, it sniff each and every packet of the network. Wireshark helps us to detect each and every detail of the packet from where it is getting from and where it going to. These packets play crucial role in network sniffing.

5. SET:

SET is known as social engineering tool kit, which is used for phishing purposes, this is one of the best app for phishing. In backtrack, SET is built in so there is no need to install it again.

How I Do Social Engineering

2013-10-15T10:44:00.000-07:00

How I Do Social Engineering

Humans non sense is the main thing for hacking lot of websites, even weak passwords also helps users to hack accounts. Due to Social Engineering many accounts are getting hacked. In order to make some sense here is a simple example , i do social engineering.

1. I ll give a call or ping up my friend, who is amateur who don't know about hacking or phishing.
2. Next i will send him a simple link for download or to get cookies, which i made with set(Social Engineering Tool Kit).
3. When a victim clicks the link, his browser cookies are stored on to my terminal.
4. Next thing i do is session hijacking.

This is the simple procedure, i use to hack victims by social engineering.
Above is the simple scenario, when i want to hack anyone which i have physical access to it.

I will explain a scenario , i created a metasploit shell and executable which i stored in my pendrive.
I will make my executable to Fully Undetectable and i will add the file to my friends PC and i will get access to that PC. In this way i will create different scenarios for gaining access by social engineering.

Share your type of social engineering in comments.

How To Hack Unprotected FTP's

2013-09-09T20:54:00.002-07:00

Google is one of the powerful search engine and every body knows that. Google helps us to find passwords with its search ability, so in order to hack unprotected and low secure FTP's passwords, this method will help out.

So go to Google and search in a keyword below, which displays the list of unprotected FTP Server passwords.

inurl:ftp "password" filetype:xls

Brute Forcing Wordpress

2013-09-08T22:35:00.001-07:00

IN the hacking world , brute force attack became the common answer to get the passwords, in order to crack the passwords we need to brute force.
WordPress which is the biggest CMS platform used by millions of users has a brute force attack vulnerability, In the below video you will know how to brute force the passwords.

Facebook 0day Vulnerability To Get Message From Any One

2013-08-29T12:52:00.002-07:00

I was browsing over the internet, then i found many 0day exploits but interestingly i found out facebook 0day vulnerability. This exploit has not been reported to facebook but this is the exploit which is to be taken care of.
Watch the video and you will get to know about the vulnerability.

Social engineering tips

2013-05-24T10:06:00.001-07:00

Do you know social engineering is the best method to hack human passwords. Social engineering is easy when you know how to get passwords by hacking humans nature.

I never found this method as hard. When I tried to social engineer by boss password , it was too easy to gain access to my boss Facebook id.

I simply sent malicious phishing link to him. He opened the link and got phished easily.

There are most of morons to hack in the web with this simple social engineering tip.

In the previous tutorial I explained how to create fake pages ie phishing pages .

You can create any phishing pages with the help of simple tools in backtrack 5.

As you know Set is the tool kit used to create phishing pages .

When it comes to social engineering , you need to have good communication skills.

Lot off leverages we get by simple human stupidity.

Simple tips to know to do best social engineering methods are as follows

1. Make victims to believe that you are true.

2. Transfer malicious links in undoubted way.

3. Run a metasploit in a proper way , Sk that victim does not know our malicious nature.

4. Be creative while sending malicious links .

5. Send emails in a genuine format.

6. Don't give up until you get password.

VLC Media Player Trick

2013-03-29T01:25:00.001-07:00

Most of the people does not now what is vls media player trick. If you know no body will search for this trick.mostly you end up here because you are searching for that trick. So forget about that lets get in to this trick.

1. Open VLC media player.
2. Press CTRL + N in your VLC media player and type the following

Screen://

3. Click on play , trick will be working !!!!

Enabling God Mode In Windows

2013-03-29T00:12:00.003-07:00

In the following tutorial i will show you how to enable god mode in your windows machine.
By enabling god mode you will have complete access to the windows settings. To enable this god mode follow this tutorial.

1. Right on your desktop free space.
2. create new folder and rename the folder with the following name.

{ED7BA470-8E54-465E-825C-99712043E01C}

3. After renaming the following folder now open the following folder , now god mode will be enabled on your computer and you can access every setting in the windows.

How To Hack People Who Use Roboform

2013-03-29T00:07:00.001-07:00

Hacking people is really fun , only thing is to target the user and get the passwords. This is too main stream for hackers. So in order to hack the passwords, we should know some knowledge about the coding stuff. So forget all these now start hacking and stop blabbering.

Now hacking the people who are using roboform right? What is roboform?
Roboform is an application which is used for storing the passwords and the details of the users.
If you want to know more about the roboform , please google about it , i have no patience to explain about it ;)
So if you serach the following query in google the list of the roboform files wil appears there for you can extract the deatils of the users.

1. Open up Google.
2. Type the following in the query.

"My RoboForm Data" "index of"

3. Now get the Roboform files.
4. That's it!!!!

How To Make Web Browser As Text Editor

2013-03-29T00:00:00.000-07:00

Make your web browser as text editor , have ever wondered making your wb browser as text editor?
IF not then follow this simple tutorial on making your web browser as text editor.

1. Open your browser.
2. Type the following in the url bar.

data:text/html, <html contenteditable>

3. Now hit enter, your web browser will acts as text editor.
4. That's it!!!!

How To Hack WEP Wifi

2013-03-28T23:49:00.000-07:00

This is video tutorial for the users to hack the wifi network which are using WEP networks.

<iframe width="640" height="360" src="http://www.youtube.com/embed/Qy8Cc_qPRHA?feature=player_detailpage" frameborder="0" allowfullscreen></iframe>

What is ARP Spoofing?

2013-03-02T10:44:00.000-08:00

What is ARP Spoofing?

ARP(Address Resolution Protocol) Spoofing is a method where attacker sends fake(ARP) messages in wired or wireless LAN(Local Area Network).

ARP spoofing allows an attacker to do different kinds of attacks like session hijacking,DNS Spoofing, DOS(denial of service attacks),MITM(Man In The Middle) attacks.

List of tools used for ARP Spoofing.

1. Cain For Windows. Here is the tutorial to for ARP poisioning In Cain
2. Ettercap (Linux and Windows).

ARP Poisoning With Cain[video]

2013-03-02T10:43:00.000-08:00

ARP Poisoning With Cain

Cain can sniff passwords in the network, watch this video to sniff passwords with cain.
Thanks for Eric Roberts for providing awesome videro for ARP Poisoning With Cain for Network Sniffing

Useful Commands In Backtrack

2013-03-01T04:59:00.000-08:00

Backtrack is a hacking linux, as most of the people do know about it right. So basically backtrack is powerful and useful linux for security researchers. Security researchers always penetrate in to web applications and find vulnerabiltis in an application. In order to use Backtrack Linux these commands will be helpful to you.

1. ls

ls command is for listing all the files.

2. startx

This command is used to start the backtrack GUI(graphical user interface) to an Linux.

3. logout

This command is use to logout the present session of an user in backtrack.

4. shutdown

Shutdown command is used to shutdown the backtrack linux.

5. msfconsole(Metasploit Framework)

msfconsole command is used to start the metasploit framework, Metasploit is used for penetrating web applications and other applications

6. apt-get install

This command helps Backtrack user to install applications in a linux.

7. apt-get update

This command is used for updating backtrack linux from their repositories.

How To Upload A Shell In Web Applications

2013-03-01T03:22:00.001-08:00

How To Upload A Shell In Web Applications

Most of the people will exploit servers with file upload vulnerability , as it is very simple to find out this exploit by an simple dork

inurl:upload.php or inurl:upload.html

Now you have upload a shell file in the upload option. Normally upload option of an web Apps never accepts php files, as most of the shells are php.
In order to upload php shell in web apps follow these steps

Rename the shell abc.php to abc.php.txt and upload that shell and run the /path/xyz.php.txt
Rename the shell as abc.php.xyz which will bypass a simple filter on .php and Apache will still use .php as extension; since this configuration it doesn't have handler for .xyz
Rename the shell as .php3 and upload it to server(web apps).

How To Clone Sim Cards

2012-10-29T08:44:00.001-07:00

Have you ever tried of hacking sim cards. IF not follow this tutorial on cloning sim cards.
This is simple video tutorial where creating sim card reader is hard work and brute forcing is time consuming work. If you really want to clone sim card, you must have sim card reader and sim card reader application. I guess you can understand by watching this video.

We Are Back

2012-10-29T08:29:00.001-07:00

Sorry for keeping you wait with out any updates on the hacks. So From now there will be daily updates on this blog.

We are accepting guest posting on our blog. If any one interested in sharing information about hacking,then they can post info.

For submitting hacks mail me @ 13downloads@gmail.com

Encrypt Your Files With Secure USB

2012-09-29T11:26:00.002-07:00

Encrypt Your Files With Secure USB

Recently i found an application which encrypts and decrypts file and folders . Actually it is the tool which is used for encryption of USB's but it also encrypts iles and folders too.

Secure-USB is an easy-to-use portable file encryption software.
It implements strong 256-bit AES encryption to encrypt data.

It uses users hashed password as key to encrypt & decrypt data,
so it is strictly adviced to decrypt all files before changing password.

Secure-USB runs on Windows XP/2003/Vista/7 or above.

Requirement: .NET Framework 2.0

Features:
• Portable.
• Intuitive & easy-to-use interface.
• Implements 256-bit AES (Rijndael) to encrypt files.
• Effective password protection.
• Removing or uninstalling will not uncover encrypted files.
• Fully compatible with Windows XP, 2003, Vista, 7 (32 & 64-bit)

Home page:http://securefolder.tk

Download