Thursday 30 October 2014

How to hack a website..

Hi, all....
Today we'r going to learn how to hack a website with sql injection. Sql injection is a mostly used method to gain access to a website's admin panel and the detabase.
There are other methods to hack websites too but sql  is so far famous. here are few methods to hack a website:
1 : SQL injection
2 : XSS also called css (cross site scripting)
3 : CLICKJACKING
4 : Broken authentication and session management atack
5 : Cross Site Request Forgery Attack


NOTE : THIS BLOG IS FOR EDUCATIONAL PURPOSE ONLY .

So now let's get started...

1:)  firstly we have to find a website to attack which is vulnerable to injection
      you can use google dorks for this here are few

inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=

Just copy one of the above and paste in google search it will bring up many website that may be vulnerable to sql injection

to check if the website is vulnerable or not all you have to do is to add a ( ' ) after the url in address bar
if the website results into an sql syntex error something like following

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

then BiNgo!!!! we're on!!!

if not u better switch to other websites...


now after finding a targate lets try exploiting it
 There are several ways to get our job done manually but i prefer using havij
the tool named havij is an sql injecter one could find it on google easily.. any version will do..

now when you've got what it takes  bigens the interesting part

a havij windows would look close to the  following


now paste the url where is says targate.. and click analyze

and sit back.. let it exploit vulnerabilities

after the scanning is completed the status will display idle again in front of it..
now click to tables tab -} now click on get tables... and be patient..
 it will now collect all the tables present in the website it'll look like below


Now select the tables in which u think the deta like user id and passwards may be stored..
generally it is something like usr_id,user,admin , administrator, id_pwd etc..

and after selecting the desired table click on Get columns..
like i found following


and now u got the juicy stuff...!!!!!

select the columns like admin, password, user id etc and click on get data....

and it will show u something like this.....
and now we've got the password but it's encrypted... lets crack that key.. there is a tool inbuilt in havij but most of the time it doesn't decrypt hash so i prefer online decryption  here
now when we have id and password lets find out the admin page of this website


just click on the find admin tab in havij and start...

congo! u've just hacked a website to ground..... well there is a manual way too i'll explain how to do all this process manually in my next artical... till then stay tuned....

Thursday 27 February 2014

How to hack facebook account

Hi, today let's learn few tricks to hack facebook..... Professionals would think this trick is old and boring but I'm posting it for newbies and please use this trick for ur personal practise and educational purpose only..........

Here are some comman ways of hacking facebook accounts..


1. Keylogging.
2. Phishing.

So now first let me explain what is keylogging

keylogging

is a method in which we use a software to interpret between cpu and moniter
keylogger is able to record all the keystrokes typed by a user and all the programs,browsing,and even mouse activities performed on a pc by silently working in background and without leaving its footprints in taskmanager  or program files or even in tray icon...
this shitzz awesome!!! but this things for newbees... who just want to prank some of their friends..
here are few infamous keyloggers. ardamax keylogger, refog keylogger, kgb keylogger, isafe keylogger

the most intresting thing is some of these keylogger send the log files to the configured mailo id that too without user knowing that he's privecy is breached...

phishing

is a method usually performed by pros.. in this method what exactly happens is as follows..

the actual login process goes this way...

we open up facebook.com login page and there are two columns asking for id and passwrd..
as we enter our credentials the code that is written behind the login button is triggered..
and the code sends our credentials to facebook authentication center where it approves our info and switch us to our homepage...

now lets take a look at our phisher

in phishing we change the code that is behind the login button which is orignally to authenticate user id pass to send that info to a perticuler address which is ours.. that means as the user will enter his info and click on login he will be redirected to a page that we want him to.. and his info will be sent to our page where we can read it in plain text format.

this is easy but only after u have done it on ur own for atleast 2 to 3 times..

ill post how to hack facebook account with keylogger and phishing both but in my next post..
untill that do some research on ur own and findout something new each day u spend...

bcoz... hackers are those who do! even if they don't know anything they don't stop performing..


Wednesday 19 February 2014

what is hacking actually about....

Where to start with hacking
There are three types of hackers:
White Hats:
The White Hat hacker has dedicated himself to
fight malware and help others with their
computer problems. He is a person you can
trust, and he will most likely end up in a good
paying job as a computer programmer or a
security consultant. He will most certainly not
end up in jail. ha ha ha like me in future
Grey Hats:
The Grey Hat hacker are in between white Hats
and Black Hats. He will most likely commit
pranks at people that he thinks is harmless,
but it can also be illegal. He can at one time
be helpful and help you with a computer
problem, but at the same time infect you with
his own virus. There is a chance that the grey
hat will end up in prison.
Black Hats:
The Black hat hacker also known as a cracker
is the one who deface websites, steal private
information and such illegal activity. It is very
time consuming to become a black hat. It can
be very hard for them to get a job because of
the illegal activity. If law enforcements gets
you, you can expect jail time.
So where to start?
You should know the answer to these
questions before you start your hacking career.
Which type of hacker do you want to be (white
hat, grey hat or black hat)?
I consider White , i don't know about u
Which type of hacking do you want to work
with (website hacking, system exploits,
pentesting etc.)?What is your end-goal?
You should meet these requirements to
become a successful hacker.
1.You shall be patient.
2.You shall dedicate a lot of time to hacking.
You will never stop learning, since hacking is a
lifestyle.
3.You should have a computer (I expect you to
have one since you are reading this).
4.You shall be interested in how the different
computer systems works, and how to control
them.
Now that you have an idea of what kind of
hacker, you want to be we will look closer into
the different topics you can work with as a
hacker.
Website Hacking:
You properly already guessed it, but website
hacking is about hacking websites. You use
your skills to find exploits and vulnerabilities in
websites and web applications. Almost all
major hacking stories in the news are about
websites and databases that have been
hacked. Once you have enough experience in
website security you will be amazed about how
easy it is to find vulnerabilities in websites.
However, it will take a lot of effort and time to
reach that level of skills. You will need to know
a large amount of server-side languages and
website construction languages like PHP,
HTML, JavaScript, SQL, ASP, ASP.NET and
Perl. This was just some of the languages you
should know about. I will recommend you to
take JavaScript, SQL and PHP very serious
since it is in those languages you will find the
most vulnerabilities.
Pen testing and Forensics: ( my Dream Job )
Pen testing and forensics can earn you big
money. It is these guys the company’s call
when they have been hacked. They are experts
in operating systems, wireless connections and
exploiting computers. This way will take A LOT
of time and effort since there is so much you
should know about. You shall know about how
the different operating systems works, which
exploit there is to them, how to exploit them,
routers, encryption, malware etc. the list is
almost endless.
Code exploiting:
Not many people know about this. This will
require you to be a complete expert at
programming. You shall be at least as good at
these programming languages as your main
language like English This kind of hacking is
taking a lot of time, and will require you to be
patient. Do not get me wrong, every company
that releases software like Symantec, Google,
Microsoft, Adobe, and Oracle have hackers with
these skills employed to check their software
for vulnerabilities. Sadly, they cannot find every
security hole and therefore some very smart
black hat hackers are able to find them, and
exploit them before the companies get the
vulnerability patched. You should know the
most popular languages like C++, Java and C
etc.
Computer security:
The work these people do looks a lot like the
pentesters. These people is able to detect and
analyze new viruses and malware. They are
working for companies like Symantec,
KasperSky and Avira etc. Some of them are
also working on labs that tests AV’s and new
viruses. They are experts in how viruses works
and how they infect systems.
Try yourself until succeed

batch file tricks

lets make a fake and really simple batch file virus here...

1 : Open up ur notepad and type the following code ....

start matrix.bat

2: now save it as matrix.bat on desktop or any desired location..

NOTE:  you should save it with the same name you have typed inside the code ex. matrix.bat
              This will rapidly open cmd (cammad prompt) windows as we have given the cammand to do so..
              Here we gave a cammand to start the same batch file that we created .. and each time                    the cammand executes it reads the code again and the same process repeats....
hey all myself pratik kulkarni ... (gray) from now on i'll keep posting latest tricks,tips, and hacks on this blog.. stay tuned to learn some intresting stuff...