See Yourself..
go here
LINK 1
or
LINK 2
simply Enter
' or '1'='1
In password field
and
ENJOY..!
NOTE: It is for educational Purpose Only
- Find out what I'm doing, Follow Me :)
Showing posts with label hacked. Show all posts
Showing posts with label hacked. Show all posts
Wednesday, December 8, 2010
BSNL website HACKED by Ashish :)
See Yourself..
go here
LINK 1
or
LINK 2
simply Enter
' or '1'='1
In password field
and
Saturday, November 6, 2010
Guaranteed Method to Hack a gmail account
first get a hacking tool no need to worry where to find just go to http://www.youtube.com and search "Runescape Hacker" or "Runescape Hacker Download Link"
you will get the downloading link in comments zone
now you have downloaded the hacker tool but -Don't open the Runescape Hacker Tool, It may be Backd00red Instead place it in a Safe area!
download and install hexworkshop now dont ask for link...google is your friend
now right click on tool ,,you will see "Edit this with HexWorkshop"...click it
you will see a mess of words and alphabets symbols....dont worry dont get confused believe me its easy to do!
now press ctrl+f... a boz will appear
-Now Before start Finding Anything Make sure you change the "Hex" to "String" value.
-Now Enter "Gmail" to the Box and Hit "Find".
-You will Get Popping Up a Black area. Don't touch it. Instead see on your Right for the Texts.
-Copy the Highlighted text and Paste it in a Text document (Newly Created).
-Remove the [.]>DOTs and You will see The Email ID + the Passwd.
Njoy Hacking!!
you will get the downloading link in comments zone
now you have downloaded the hacker tool but -Don't open the Runescape Hacker Tool, It may be Backd00red Instead place it in a Safe area!
download and install hexworkshop now dont ask for link...google is your friend
now right click on tool ,,you will see "Edit this with HexWorkshop"...click it
you will see a mess of words and alphabets symbols....dont worry dont get confused believe me its easy to do!
now press ctrl+f... a boz will appear
-Now Before start Finding Anything Make sure you change the "Hex" to "String" value.
-Now Enter "Gmail" to the Box and Hit "Find".
-You will Get Popping Up a Black area. Don't touch it. Instead see on your Right for the Texts.
-Copy the Highlighted text and Paste it in a Text document (Newly Created).
-Remove the [.]>DOTs and You will see The Email ID + the Passwd.
Njoy Hacking!!
Thursday, April 29, 2010
Side Jacking - Hack accounts on LAN or Wifi
In this tut, I will explain the process of side jacking thru various tools with special focus on Hamster and Ferret
Contents:
I. SideJacking without hamster
-Ethereal/Wireshark, Cain And Abel, Network Miner
II SideJAcking with Hamster and Ferret
-Preparation
-Starting Up
-Using the console
I. Sidejacking without Hamster
All you need to do in order to sidejack is sniff cookies off the wire and edit cookies. This can be done with a wide variety of tools.
You should be comfortable with using a packet-sniffer like Wireshark/Ethereal. For example, the following is a screenshot of sniffing the cookie for Slashdot:
Another useful tool is an extension for Firefox called “Edit Cookies”. The following screens show what it looks like:
You should be comfortable with using a packet-sniffer like Wireshark/Ethereal. For example, the following is a screenshot of sniffing the cookie for Slashdot:
Another useful tool is an extension for Firefox called “Edit Cookies”. The following screens show what it looks like:
Once you can make your cookies the same in the browser that you sniffed from the wire, then you have sidejacked the person’s session. Note that the above information is correct, so that you can successfully sidejack our Slashdot test
You can use this erethreal method, another method can be using cain and abel, network miner and cookie editor which you can read here -> http://tinypaste.com/2b87c2
I am avoiding pasting that part here to focus on hamster and ferret.
II. Sidejacking without hamster and ferret
Now as you saw above the above process was quite cumbersome, especially if u want to repeatedly attack different users this would take a lot of time, to delete old cookies, try new ones and check. Also reading the erethreal dump is not easy hence, hamster is our wizard. So starting with it--->
Download HAmster and Ferret tools Here
http://rapidshare.com/files/381668823/ha
These are command line tools, but for those afraid of command line, dont worry, u wont have to do much.
Unzio these into a directory that u can goto easily e.g. C:\hamster
Note:There is one major problem with the Intel® PRO/Wireless 2200BG and some other intel adapters: it doesn’t do promiscuous mode. This means that unlike most other wifi adapters, you can’t use it for sidejacking. To get around this, you would need to buy a cheap USB wifi adapter (usually 1000 rs)
First step is to set you’re a browser’s proxy to Hamster, which will be on port 3128. I strongly recommend that you DON’T use your normal browser, because Hamster totally screws up the cookies in the browser. There are 3 options I have used:
1. used Internet Explorer for sidejacking, because Firefox is my default browser
2. created a second account called “hamster” on my computer, and did the browsing from that account
3. used the alternate “profile” feature of Firefox to have two profiles running at the same time
I'll explain the third step in detail now-->
(If you get server not found, you didnt set proxy correctly or you didnt start hamster in cmd)
Now u get this
As Ferret is running in the background, it will be updating this list. You’ll need to manually refresh it to see if any information has been added.
In the right-hand window, you’ll get a list of targets. Most targets will have just the IP address. Some will have additional identifying information that Ferret finds. This identifying information is only names associated with the IP address, it’s not cookie information.
When you click on an IP address, you “clone” it. At this point, all the cookie are set for that IP address. Keep that in mind – a lot of problems people have is because they set the current IP address to something else, thereby erasing the cookies of a site they want to access.
Cloning an IP address by clicking on it will cause the window to the left to be filled in, as in the following example:
http://rapidshare.com/files/381668823/ha
These are command line tools, but for those afraid of command line, dont worry, u wont have to do much.
Unzio these into a directory that u can goto easily e.g. C:\hamster
Note:There is one major problem with the Intel® PRO/Wireless 2200BG and some other intel adapters: it doesn’t do promiscuous mode. This means that unlike most other wifi adapters, you can’t use it for sidejacking. To get around this, you would need to buy a cheap USB wifi adapter (usually 1000 rs)
First step is to set you’re a browser’s proxy to Hamster, which will be on port 3128. I strongly recommend that you DON’T use your normal browser, because Hamster totally screws up the cookies in the browser. There are 3 options I have used:
1. used Internet Explorer for sidejacking, because Firefox is my default browser
2. created a second account called “hamster” on my computer, and did the browsing from that account
3. used the alternate “profile” feature of Firefox to have two profiles running at the same time
I'll explain the third step in detail now-->
Firefox allows two profiles to be running at the same time. You can launch them from the command line as follows:
You will have to use these at c:\Program Files\Mozilla Firefox\
The following screen will popup
Click on create profile, select any name.. Next tym u start mozilla use that one for hamster.
Now open your created profile inn Firefox, go to the [Tools / Options] menu. Select the [advanced] Tab, open Network tab under it. Under connections click on settings. Now set up as following:
Set your proxy as shown and click ok.
You will have to use these at c:\Program Files\Mozilla Firefox\
The following screen will popup
Click on create profile, select any name.. Next tym u start mozilla use that one for hamster.
Now open your created profile inn Firefox, go to the [Tools / Options] menu. Select the [advanced] Tab, open Network tab under it. Under connections click on settings. Now set up as following:
Set your proxy as shown and click ok.
Part B. Starting Up
To run Ferret, open command prompt ( In administrator mode is better):
Goto ferret directory (C:\ham for e.g) and type ferret-W.
Now choose your wifi or LAN interface (u can try using the company names or try again)
Now type ferret.exe –i to start sniffing cookies
e.g ferret -i 4 for above one
Note(Only for those who understand):
You might also want to capture packets at the same time:
ferret.exe –i 4 sniffer.mode=most sniffer.directory=\pcaps
The advantage of sniffing packets at the same time is that you can later replay them through Ferret in order to generate a hamster.txt. The cookies last for a long time. To run a packet capture, do something like:
ferret -r \pcaps\sniff-2007-08-04-eth.pcap
Goto ferret directory (C:\ham for e.g) and type ferret-W.
Now choose your wifi or LAN interface (u can try using the company names or try again)
Now type ferret.exe –i to start sniffing cookies
e.g ferret -i 4 for above one
Note(Only for those who understand):
You might also want to capture packets at the same time:
ferret.exe –i 4 sniffer.mode=most sniffer.directory=\pcaps
The advantage of sniffing packets at the same time is that you can later replay them through Ferret in order to generate a hamster.txt. The cookies last for a long time. To run a packet capture, do something like:
ferret -r \pcaps\sniff-2007-08-04-eth.pcap
Open another command prompt without closing the previous one ( Run as Administrator necessary)
Go to hamster directory(C:\ham for e.g.)
type 'hamster' and enter to start hamster proxy.
Now if you have already done the browser configuration as above move on to next part.
else set the browser proxy to 127.0.0.1 port 3128.
Go to hamster directory(C:\ham for e.g.)
type 'hamster' and enter to start hamster proxy.
Now if you have already done the browser configuration as above move on to next part.
else set the browser proxy to 127.0.0.1 port 3128.
Part C. Using it!!
Open your configure browser and got to http://hamster/ remember NO . com or www in the name.(If you get server not found, you didnt set proxy correctly or you didnt start hamster in cmd)
Now u get this
As Ferret is running in the background, it will be updating this list. You’ll need to manually refresh it to see if any information has been added.
In the right-hand window, you’ll get a list of targets. Most targets will have just the IP address. Some will have additional identifying information that Ferret finds. This identifying information is only names associated with the IP address, it’s not cookie information.
When you click on an IP address, you “clone” it. At this point, all the cookie are set for that IP address. Keep that in mind – a lot of problems people have is because they set the current IP address to something else, thereby erasing the cookies of a site they want to access.
Cloning an IP address by clicking on it will cause the window to the left to be filled in, as in the following example:
You have three options here. You can view the raw cookies for this IP address (discussed below). You can click on a URL that has a HIGHER probability of being Sidejacked. Or you can choose from the URLs below, which have a lower probability of being Sidejacked.
At this point, just click the URL. For example, I clicked on the http://slashdot.org URL in the above example, and the following window popped up:
The name “sidejacking” in the mid-left of that screenshot is because I created a test account with the username of “sidejacking”. This shows how I’ve successfully cloned the cookies to get to that Slashdot account.
Clicking on the Gmail one, I get the following screen:
And here is the Facebook account:
At this point, just click the URL. For example, I clicked on the http://slashdot.org URL in the above example, and the following window popped up:
The name “sidejacking” in the mid-left of that screenshot is because I created a test account with the username of “sidejacking”. This shows how I’ve successfully cloned the cookies to get to that Slashdot account.
Clicking on the Gmail one, I get the following screen:
And here is the Facebook account:
FootNotes:
When things work well, its point-and-click. They don’t always work well.
The first thing that sucks is you have to figure out which interface to sniff on and make sure that you have a proper wifi adapter. I recommend downloading Wireshark and make sure that you’ve got the packet sniffing working with that product before you start Ferret.
Both Ferret and Hamster will crash or hang. You’ll be restarting the programs a lot. Right now, Ferret overwrites ‘hamster.txt’ every time it restarts, so if you’ve got a good session, make copies of it (or log to sniffer files, and recreate it).
The Hamster proxy is really slow. You’ll click on a link and have to wait patiently sometimes. Check the Hamster console window in order to see what’s going on.
Cloning sites is finicky. Sometimes you have to choose the right URL from the list, and choosing the wrong URL will cause the server to reset the cookies, locking you (and the original person) out from the account until a re-login. It takes practice to figure out what you can, and cannot, clone.
Finally, when the original session cookies expire, you can’t clone them. This is rarely a problem in a live environment, but if you work from capture files, it becomes more difficult.
The first thing that sucks is you have to figure out which interface to sniff on and make sure that you have a proper wifi adapter. I recommend downloading Wireshark and make sure that you’ve got the packet sniffing working with that product before you start Ferret.
Both Ferret and Hamster will crash or hang. You’ll be restarting the programs a lot. Right now, Ferret overwrites ‘hamster.txt’ every time it restarts, so if you’ve got a good session, make copies of it (or log to sniffer files, and recreate it).
The Hamster proxy is really slow. You’ll click on a link and have to wait patiently sometimes. Check the Hamster console window in order to see what’s going on.
Cloning sites is finicky. Sometimes you have to choose the right URL from the list, and choosing the wrong URL will cause the server to reset the cookies, locking you (and the original person) out from the account until a re-login. It takes practice to figure out what you can, and cannot, clone.
Finally, when the original session cookies expire, you can’t clone them. This is rarely a problem in a live environment, but if you work from capture files, it becomes more difficult.
ENJOY..!
Saturday, April 24, 2010
How to hack websites using Auto SQL I Helper
At the begening "SQLIHelperV.2.7" is a tool that will hack vulnerable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.
Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.
After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"
I will explain my tut on how to hack this website.
Check if your website can be hacked by trying to go this address :
you should get this message:
Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
This mean that this website can be hacked because you get an error.
Now open your SQL I Helper V.2.7
and write the link :
and press the inject button.
Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
Make sure that the website support union otherwise the injection won't work.
Now select any element from the "database name" box and press the "Get tables" button
then select any element from the "table name" box and press the "Get columns" button
then select any elements you want from the "columns name" box and press "Dump Now"
After clicking "Dump Now" , u will see some hashes
Now copy the hash on a peace of paper and go to this website:
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
Friday, April 23, 2010
How to Crack Hotfile Accounts
Tools needed:-Elite Hotfile Cracker+Checker-Checks if the cracked account is Premium or just Regular while cracking.
-Hotfile Validity Scanner-This tool scans for valid Hotfile usernames so you dont go nuts trying a 28MB wordlist when theres less than 1000 valid HF users.
Tools needed are at the end.
1.You need a good wordlist.One good tip
is to LEECH usernames from warez sites.They download games from the net
so out of 10 usernames about 5 would have a premium account.You just
need the correct password.
Dont forget extensions.
Theres lots of good wordlist on the net,you can google them.
Like American Names,Chinese Names,Nigg3r names wordlist etc.
Please dont ask me about the username leecher.
Please dont ask me whats an extension.
-------------
2.Passwords-Think of good passwords.There are many common passwords people use like:123456,qwerty,f*cker,pen1shead or something like that.
It just depends on your creativity.
Sometimes you might have the right wordlist but the wrong password or vice versa.
Please dont ask me what password i use.
-------------
3.Sockets-
Sockets = Number of connections.
More sockets = Faster connection = Cracker will tend to skip more often.The speed depends on your own connection too.Put mine at 20-30(usually 20 is the default number)
Screenshot
Dont forget extensions.
Theres lots of good wordlist on the net,you can google them.
Like American Names,Chinese Names,Nigg3r names wordlist etc.
Please dont ask me about the username leecher.
Please dont ask me whats an extension.
-------------
2.Passwords-Think of good passwords.There are many common passwords people use like:123456,qwerty,f*cker,pen1shead or something like that.
It just depends on your creativity.
Sometimes you might have the right wordlist but the wrong password or vice versa.
Please dont ask me what password i use.
-------------
3.Sockets-
Sockets = Number of connections.
More sockets = Faster connection = Cracker will tend to skip more often.The speed depends on your own connection too.Put mine at 20-30(usually 20 is the default number)
Screenshot
That's it for Hotfile.Now you're ready to crack accounts.
GOOD LUCK!
And yeah this tut is short.
New look but has almost the same function as the previous hotfile checker + cracker but with lesser options.
I would suggest putting the sockets at 5 - 10.
Hotfile Validity Scanner
http://hotfile.com/dl/32571777/8771fb5/Hotfile_Validity_Scanner.zip.htmlHotfile Cracker + Checker by Reaper
http://hotfile.com/dl/32571423/75adb33/Hotfile_Cracker__Checker-Reaper.zip.html
Hotfile Cracker + Checker 1.1
http://hotfile.com/dl/32571043/e764a0c/Hotfile_Cracker__Checker_1.1.zip.html
Password for the RAR files:
crackingforum.com/undiesman.html
Friday, April 9, 2010
LAN SNIFFING- Hacking Local Area Network
(THIS POST IS FOR EDUCATIONAL USE ONLY)
Before I start, there are a few requirements.
- Download Cain and Abel from www.oxid.it
- Should have a switched LAN. (Most ISPs other than BSNL provide broadband via LAN, e.g. SIFY, HATHWAY, local Cable internet connections)
- Any Microsoft Windows Operating System.
If you are not sure about being on a switched network, continue the steps, until you find out.
- Download and install Cain and Able from the link given above.
- Start Cain and Abel (requires admin privileges in Vista), go to the sniffer tab, click on the configure menu, select your NIC, check 'start sniffer on startup', press 'OK'.
- Click on the 'Start / Stop Sniffer' (the 2nd) button on the toolbar. Now click the blue '+' (plus) sign (this is the 7th button on the toolbar). Check 'All Tests' and click 'OK'.
- After the scan is complete, if you are on a switched network then, you must be able to see many IP and MAC addresses in this pane. If you don't see any IP other than your own, probably you are not on a switched network.
- Notice the tabs on the bottom, HOSTS, APR, Routing, Passwords, and VoIP. You are currently on the HOSTS tab, select the APR tab click on the 'top pane' and click the 'blue +' (7th on toolbar).
- Now you will again see the IP & MAC address (in the left pane) you saw in Step 5. From this list, select your 'Gateway IP', (this will mostly be something like 192.xxx.xxx.1 or 10.xxx.xxx.1 etc; check your network properties for more info on gateway.) after selecting your 'Gateway IP Address' (now some IP will appear on the right); drag and select all the entries in the right pane, and click 'OK'.
- Now click on the 'Start/Stop APR' (the 3rd) button on the toolbar. You will see 'HALF ROUTING' and 'FULL ROUTING' entries in the lower pane.
- Now go to the Passwords tab on the bottom. Slowly you will see passwords appearing in this section; most will be under HTTP.
The password section gives you full details on the capture, including Username, password, URL, etc. Any person who was online during the time you completed Steps 3 – 5, will be affected, and you will have access to their passwords.
Beware: What this program does is send all the traffic through your computer, so the LAN speeds slow down drastically. On my home network, LAN transfer speeds reduced from 10MB/s to 100Kb/s in 10 minutes.
Also according to me, any network can be efficiently analyzed with a combination of 'Cain and Abel' (http://www.oxid.it/cain) and 'Wireshark' (http://www.wireshark.org/).
Tuesday, April 6, 2010
How To Login Hacked Facebook Accounts
But he/she can't because they get this message:
to bypass it we just have to login through the following link ;]
i.e.
http://www.facebook.com/login.php?
^
here it'll not ask for verification :)
Subscribe to:
Posts (Atom)
Subscribe To
Posts
All Comments