Admin Page & SQL Strings-

                       For hacking into websites,the most common approach is finding the admin page of that website and then somehow get into the admin panel.So here in this post,i will be discussing the methods to find the admin page of a website and telling you how to get into admin panel of sites....

Method 1-Using Google Dorks-

Use the following Google dorks to find the admin page of a website-

inurl:admin.asp

inurl:admin.php

intitle:admin

intitle:admin login

intitle:administrator

inurl:adminlogin.asp

inurl:adminlogin.php

inurl:administrator

For example,if you want to find the admin page for http://target.com/  ,

Just go to Google,and search(without quotes) "site:target.com intitle:admin" or "site:target.com inurl:admin" or you can try any other combination .

You can even use a combination of three or more dorks in the search query to get the results.

In this way we can reach to the admin page of a website with help of Google . 

Method 2- Using Software's-

Here,we will be using a software "Reiluke's Admin Finder",Its quiet simple to use,just enter the website whose Admin you need to find and click "Scan".It will provide you the Admin link in sometime depending on Net Speed.

Download Reilukes Admin Finder 

 There is another software named "Havij" and that can also be used for the same-

 Download Havij here

After you have found the admin page of a website,next is hacking into the Admin Panel of the 

website.Now before doing so...do not forget to mask your identity.So that you dont get caught.

Refer this post for hiding your IP Address-

http://pawangup0.blogspot.com/2011/07/proxy-server-tutorialip-spoofing.html

Now after you have spoofed your IP,we proceed to the hacking part-

We require a username and a password to login as admin.

A lot of website suffer the SQL Injection Vulnerability.Now I will be discussing SQL injection later in detail,and telling you how to penetrate into a database using SQL injection.

                                 For now,if the website is vulnerable to sql injection,we can get into the admin panel.You have to just enter a string in Username & Password and we can get into the admin panel.

            Just enter this String in both username & Password    1'or'1=1  Then click Login and you could reach the admin control panel of the Website :)

There are other SQL Strings as well-

' or 1=1--

" or 1=1--

or 1=1--

') or ('a' = 'a

') or ('1'-'1

'or''='

' or'1=1

But 1'or'1=1 works most of the time so must be always tried first.

The concept of these SQL Strings and there working will be discussed by me later...so plz wait for my next post on SQL Injection . Till then try this and find sites which are vulnerable to this,Trust me....there are many sites still vulnerable to this attack...

This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......

Windows Password Cracking-

               Now in this post we are going to discuss the ways of cracking windows passwords,i mean the passwords for users like administrator etc which we are not familiar with.There are basically two methods for cracking a password for windows-
-Brute force attacks/Dictionary attacks
-SAM file method


SAM or Security Accounts Manager is a registry file in all types of windows OS.The location of a SAM file is C:\Windows\System32\config\sam
A SAM cannot be copied or moved while windows is running.All types of passwords of the system are stored in a SAM file encrypted with a key.But to open a SAM file we can use another OS like Ubuntu/Backtrack,using that we can see the contents of a SAM file.


                                 There is a very famous software called Ophcrack which is widely used for cracking these kinds of passwords.Ophcrack is a kind of a virtual operating system based on linux which uses the SAM file of windows and cracks the password of all users from that.Its ISO image is available on the net for free which can be downloaded and burned onto a disk which is bootable and while booting,we can get the passwords using it.

Now we will be discussing password cracking using a software called Cain & Abel.
Download Cain & Abel for free here.

              If you want to crack the password for admin,you must be logged in as admin.This is a drawback with this method.But many a times administrators secretly type the password and provide you with all the authorities,so at that time this method can be used.
                           
                                           Install this software on your system,open the software and then click on cracker->LM&NTLM Hashes->File->Add to list->Next.Refer to the snap shot below

Then select the user whose password you wish to see,right click and select an appropriate attack like dictionary attack if you know that the password is a dictionary word,else use brute force attack.Then click on NTLM hashes...

If you have any idea regarding the password like number of characters in the password or you know a few characters used in the password or you know the starting character of the password etc,input it in appropriate fields so that the calculation becomes easy.....Number of passwords that have to be checked would be given.

After that,just click on Start.It will take time depending upon the number of passwords that have to be matched...Usually it is capable of executing 25000 passwords in a second.

While it is matching the passwords,when the correct password appears,the execution stops and it gives the correct password.Like password of my system was "*333"
                                                      This technique of Brute force however cannot be used on email account hacking and facebook hacking.The reason being that if we enter an incorrect password thrice,Captcha appears to verify that input is from a human and not from a machine.........




This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......

Proxy Server Tutorial (IP Spoofing)-

                                              Now in this blog,we will be discussing about Proxy Servers and using them to spoof our IP Address.First question which arises in our mind is that what is a proxy server?
                                                         A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.                
                                       You can get proxy servers for free from the links given below-
http://samair.ru/proxy
http://proxysites.com
                                   Goto one of the above websites and select a proxy server.Like we have used http://samair.ru/proxy.If you are doing a critical job like hacking a website,then use a Highly anonymous proxy server,means that a log of websites we surf wont be made(Most Russian Proxy Servers are Anonymous).Otherwise a Transparent proxy server can be used.
                                  Now select a proxy server from the list and copy its address-

    

After selecting a proxy,open Firefox browser and click on options

 Again click options and then click Advanced->Network->Setting Click on Manual proxy configuration radio button and paste the address copied earlier at HTTP Proxy,Also enter the port,It would be given after the HTTP Proxy in the proxy server following ":"

Click on OK.Now you are connected with that proxy server,Just open whatismyip.com and you would get the Proxy Address of that Proxy Server as your IP.In this way you can spoof your real IP Address and hide your identity.This trick can also be applied to Open blocked websites in your college labs or office.It is quiet capable of opening any kind of website blocked by the admin......

IP Spoofing using Ultrasurf-

Ultrasurf is a free software and can be used for hiding IP Address without losing much speed of internet.Just download it,open it and it will automatically spoof your IP.There is no need of doing any 

manual change in proxy settings.Ultrsurf is totally an automated tool.

Download Ultrasurf

This post is meant only for educational purpose,any misuse of the above information shall not be the responsibility of publisher.......

                                                                                    

Windows 7 Activation Free-

Now activate Windows 7 which is running as an evaluated version for free.You will just need this software-Open 7 Activator.You can download this software for free-
Download here

Just enter your pc's brand and click Install.It would generate a key and hence activate windows forever.After activation is completed it would appear as-

***Use of software at owner's risk.Although it has been tested and
      has successfully activated windows several times.          

Facebook hacking in Wi-fi or LAN

Facebook is one of the favorite social networking sites of all people.It is a very secure site containing a four phase security,unlike orkut which contains three phase security.It is not easy to hack a facebook account.But there are vulnerabilities which still exist in facebook.So we shall be discussing one of them in this article to hack a facebook account.
                             Cookies is a very important part of all social networking sites as well as email websites.The username and password which we enter at the login page gets encrypted and saved as a cookie.If yor are browsing facebook,just try going to your browser settings and clear the cookies.Then you shall not be able to  access your account and you will be redirected to the login page.Login again to access your account.
                                 Here in this article we shall be using cookie stealing to hack a facebook account in LAN or wi-fi.This process of  hacking a facebook account is divided into two phases-
-Cookie Stealing
-Cookie Injecting


For cookie stealing part,we shall be using packet sniffing technique,means that we shall capture the data packets sent/received to the server.For that we require a good packet sniffer.Wireshark can be used for that.It is one of the better packet sniffers.You can download wireshark here for free.
                       After installing wireshark,run it and set the filter at the top left to http.cookie contains datr (It should appear green,if red then there's some problem.)Then hit Enter.

This should show you only packets captured which contain the cookie we’re looking for. You can see that in this screenshot we’ve already captured a cookie.

Once you’ve found a suitable cookie, you can copy it into the buffer by right clicking on the cookie line, and clicking Copy -> Bytes (Printable Text Only)

So the first phase of cookie stealing is done.Now the second phase,which is cookie injecting.

For this phase, we require mozilla firefox browser.This browser has got many add ons so it is the most preferred browser for hackers.For cookie injecting,we require the gresemonkey and the cookieinjector scripts.Open firefox and download these scripts from the links given below-

Download Gresemonkey

Download Cookieinjector

Install these add ons,Restart firefox if needed.Then log on to facebook.com(Make sure you are not logged in) and then hit Atl+C to bring the cookie injector dialog box.Then Paste the captured cookies.

Click Ok and then reload the page..........you’re now logged in as your victim!!!!!

Inorder to protect your account from this kind of attack,Enable HTTPS browsing(Account->Account settings->Account Security).Many people avoid using HTTPS because while using third party games/applications,they have to turn off HTTPS,but a secured connection is again established upon the next login.So HTTPS must be enabled otherwise you could be easily hacked while you are browising facebook in a public wi-fi network or in your computer labs especially if you have got hackers in your class :)




This post is meant only for educational purposes,any
misuse of the above information shall not be the
responsibility of publisher

GMAIL ACCOUNT HACKING USING PHISHING PAGE-

                             Gmail is one of the most popular email site right now.It is so common now that every Tom,Dick and Harry use gmail.It is far most one of the safest site amoung email sites.When it comes to hacking a gmail account,there are several methods,but we will discuss the method of phishing page here.Phishing page is a fake page which is designed to gain sensitive information like usernames/passwords.It looks exactly like the original page but the control is in someone else's hand.So now starting with gmail hacking.The method is given below-


1)Create an account on the given web host site http://my3gb.com/
   This website allows you to store data upto 3 GB online.On
   this website,we shall be storing the data of the phishing page.


2)Download the gmail phisher from the link given below
   Download Gmail Phisher


3)Goto file manager and upload all the files in the gmail phisher on your account on 
    my3gb.com.

4)After that just goto ServiceLoginAuth.htm and try out whether its working


5)After opening it,you just enter any user name and password  And after you type a password file will  be created in the same directory named as passwd.htm.Refresh the page if passwd.htm is not created.


6)Then you can see what username and password you have entered.That’s it now you can give this link to your victim and when the victim login through you fake login page his passwords will get saved into the passwd.htm file.
                                         Here we have used the PHP scripting.The ServiceLoginAuth.htm
 file is the html page which looks exactly like the gmail login page.Here the victum enters his
 user id and password in the text box and password box.
                                        PHP script(input.php file) is used to link the input from the text boxes
 to our passwd.htm file and in this way we get the username and the password of the victum.
    
    Just email that link to a victum along with a message like-"Login to your gmail account within 48 hours otherwise your account will be terminated or something like that."
If the victum logs in,u would be at the driver seat :)


How to protect yourself against this attack-


                    A phishing page is detected by most browsers including IE,Mozilla,Chrome,
Safari,Opera etc.Keep your browser updated.Besides that,make sure that the page from which you are logging in is not a phishing page by keeping a check on its URL.Don't use any third party applications like chat messengers etc,they save your password and can access your account without your permission.Use only the software's designed by that site.

This post is meant only for educational purposes,any

misuse of the above information shall not be the

responsibility of publisher