Hack secured sites

DISCLAIMER:
THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.


NOTE:
USE ANONYMOUS PROXY!


Tools required:

Hacking Knowledge



Introduction
Sometimes the site that is your TARGET just isn't hackable. Even Acunetix Web Security Scanner can't find useful vulnerability. In that kind of situation the only thing that might work is to hack site (backdoor site) that
is on same server and through that site and through server to penetrate the site.



Finding Backdoor Site

To find backdoor site go to

http://www.domaintools.com/

and in Whois Lookup enter your TARGET site




Record




Look for Reverse IP
In our case 25 other sites hosted on this server.
Click on it to see names of the hosted sites on the same server.



You will see few of them, to see all, click on more...

To see them all you must be a member.
You can easily Sign up for a FREE account by cicking on Create an Account >
(use some anonymous email service for that)
As a member you can see all 25 other sites hosted on that server.

Hacking Backdoor Site

Here we have 25 potentional backdoor sites and our target one.
Let's say after analysing we find that our backdoor sites No17 (as example) and target No22



Backdoor site can be any one from the list who can be hacked and shell uploaded



Penetrate Target Site
By cicking on var/ at www.backdoorsite.com we go straight to root of the server



Where we can find our www.target.com dir.
Sometimes premisions isn't drwx but dr-x which is more then enough to read configuration file.



With data from that file we can hack unhackable site...

Posted by warwolf on 18:41 in Website hacking

Hack a Gmail account using GX cookies

Posted by warwolf on 18:28 in Gmail hacking

Hack a website using Directory Transversal attack

What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is placed in root directory. The visitor can not step out of root directory.

what does ../ or ..\ (dot dot slash) mean ?

The ..\ instructs the system to go one directory up. For example, we are at this location C:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.


Again on typing ..\ , we would rech at C:\xx .

Lets again go at location C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.

Note : Its ..\ on windows and ../ on UNIX like operating syatem.

What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The goal of this attack is to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This webserver is running on UNIX like operating system. There is a directory 'etc' on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin placed in 'etc' directory.

The file etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.


We do not know the actual names and contents of directories except 'etc' which is default name , So I have
marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.


Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing

Now type
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd
Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd

Now this will step up two directories (to directory D ) and look for 'etc' but again it will return nothing.

So by proceeding like this, we we go for this URL
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to 'etc' directory and show us contents of 'passwd' file.
To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format



You can also view etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.

Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.

Counter Measures

1. Use the latest web server software
2. Effectively filter the user's input

Posted by warwolf on 07:37 in Website hacking

Hack a Website With SQL Injection

Hey this is the war wolf and In this Tutorial I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x' or 'a' = 'a

If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:

x' or 1=1--

Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.

The technical stuff

If you were able to log in, then the code which generates the SQL for the login looks something like this:

$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of $username and secret is put in place of $password. The SQL that is generated then looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'

But when you enter x' or 'a' = 'a as the password, the SQL which is generated looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'

Notice that the string: x' or 'a' = 'a has injected an extra phrase into the WHERE clause: or 'a' = 'a' . This means that the WHERE is always true, and so this query will return a row contain the user's details.

If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?

How to defend against this type of attack

Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:

$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

Now when the SQL is built, it will come out as:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'

Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.

Posted by warwolf on 08:14 in Website hacking

Crash a website with Ddos attack

What is Ddos used for?

When we Ddos a website, the website does not responds or responds at a very slow speed. The hackers use The Ddos attack to panic the owners, that's when they open up their ports and hence the vulnerabilities increase. Using these open ports and vulnerabilities, the hackers then exploit you mainframe and get into your website with ease!

Here's how you do it:
1 Go to the start button And open up CMD

2 Now after the CMD opens, type ping (site name) -t -l 1000 and press enter

3 when you press enter,your ddos attack will begin and after sometime the site won't respond

Note:To ddos websites like Facebook,Google,youtube e.t.c multiple users should attack at a time

Posted by warwolf on 03:48 in Website hacking

Hack a Facebook account with cookie stealing or session hijacking

© Copy rights 2012. This is a copy right material. Do not copy any thing from this blog. View Google Copy rights policy to learn more about copy rights and penalties for copy rights violation.©

Description:

In this article i am describing a way of hacking a Facebook account with wireshark (stealing your victim's cookies) also known as session hijacking

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc; 

How To Steal Facebook Session Cookies And Hijack An Account?

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 - First of all download wireshark from [here] and install it.

Step 2 - Go to Facebook or any other social media websites, Chat with your victim for 5 to 10 minutes. File sharing is better like shown in the image below:

Step 3 - Next open up wireshark click on capture and then click on interfaces.

Step 4 - Next choose the appropriate interface and click on start.

Step 5 - Continue sniffing for around 10 minutes. 

Step 6 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop. 

Step 7 - Next set the filter to http.cookie contains datr at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookies 

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and thecookieinjector script. Now open up Facebook.com and make sure that you are not logged in. 

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it. 

Step 10 - Now refresh your page and voilla!! you are logged in to the victims facebook account. In the picture below, I hacked into the girl;s account i was chatting with. You can send any file like .jpg image etc during file sharing

© Copy rights 2012. This is a copy right material. Do not copy any thing from this blog. View Google Copy rights policy to learn more about copy rights and penalties for copy rights violation.©

Posted by warwolf on 07:40 in Facebook Hacking

hack facebook accounts with phishing

Ads :A humbling view on where children sleep around the globe. http://bit.ly/19OfNs9

Hey guys this is the warwolf  and i am going to teach you how to hack a facebook account with phishing (make fake log in page)
1) Download the Phishing files from here

2) Now Go to your web browser and open Byethost.com/ in a new tab.Click on free hosting on the top of the page.After clicking on free hosting a new page will appear.Click on "Click here to Sign up for free hosting" option. Fill the form with all the necessary Details in the sign up form.

3) Now after registering to the Byethost.com/ , go to your Email account e.g Yahoo,Gmail,Hotmail e.t.c. Open inbox you will receive an Email like this one .

Click on the link and your account will be activated. After some time you will receive another Email Containing
your byethost account details E.g Username,Password e.t.c

4) Now go to cpanel.byethost.com./ and log in by filling the details you received in the Email.

6 After Signing in, you will see a new page that indicates that you have successfully loged in . On this page,under the File management section,click on "online File manager" button. A new tab will open.

5) Now open your drive in which you downloaded the phishing files and open the phishing file named folder.In this folder double click on the "index.html".Press ctrl+f to find action.Type action in the find what section like in the image below

7 After finding the Action, there will be a highlighted action word followed by a link (https://yoursite.com/action.php) remove https://yoursite.com and type your website url you received in the byethost user details like the following image

Now save the file.

6) Now go to your web browser and go to the Online file manager Page.After that click on your root File ".htdocs".When you open the  root File,there will be two files dont open them just delete them.and upload the two files you saved in the folder "Phishing files" i.e "index.html" and "action"

7) Now type your website url in the new tab that you received in the Email and voila,your fake log in page is created ;)

copy your website link,send it to your friends and ask them to like your page.When they sign in they , A page will appear so they won't even get a single thing about you hacking their accounts .. ;) :).To view the victims Email ID and password type /victims.html after your website url .

I hope you guys like it .. subscribe to the blog ..also like my facebook page and get new updates about hacking :)

Posted by warwolf on 09:57 in Facebook Hacking