Hack Web Sites Using IIS Exploit [For XP Users]

Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"

3). Now type the following code in "RUN"

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..

5). Now paste the url of the Vulnerable site And CLick Next..

6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..

7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....

Read more

Reset Samsung Mobile Tracker Code

These Code Reset All Code In Your Samsung Mobile(Any Model)

Samsung Tracker Code Also Reset By These Codes:-
If You Forget Your Code Don't Worry

>> Turn Off Your Mobile
>> Remove The SIM
>> Turn On Your Mobile Without SIM
>> Enter The Code *2767*637# (Universal Unlock Code)(Reset Mobile Tracker Code)
>> Enter The Code *2767*3855#(Full EEPROM Reset)(Reset All Type Of Code)

Read more

Make free Mobile calls And Fake Call for India, US and Canada with Dingaling

Hey Guyz !..Calling to other number using any number is also called as call spoofing but its not possible in all countries . Here we are going to show you one newly launched App which allows you to call other number using any number and also gives you free minutes to call :D. This App is called DINGALING

What is DINGALING ?
DINGALING is the free calling app for Android or IOS devices and it got web interface also that means if you don't have Android or IOS device then also you can use these amazing features. It has the ability to make free calls to your friends mobile or landline numbers that means your friend need not have the app installed in his smartphone, just enter the phone number in dial pad of app and hit on free call.

Each call have a minimum duration Of:

-10 mins for India 

-30 mins for countries like US, Canada & China.

There are 2 ways in which you can use this service:-

1). Via Web : If you want to call any number using any number(FAKE CALL) then just register to web interface by clicking Here . After successful registration, just login and enjoy free call from Start new call section by putting From and To Numbers.

2).  Via App To App or App To Other Numbers : If you have a Android app then you can use this application freely. You can call any number from your smartphone using this superb app. Main features of this app is that receiver will receive call from same registered number which you registered in dingaling, that means no one can caught you that you are calling him using any third party app.

Note:-

1). You can only use calling to any number using any number by using Web.

2). Upto 10 mins calling allow to Indian numbers and upto 30 mins allowed for US, Canada & China numbers.

3). You can send free sms only to Dingaling app users.

4). Dingaling will show the number that you used during registration .

Hope you like this ..Please leave your Valuable comments and visit again :)

Soure: OMGTricks

Read more

#OpSriLanka: Hackers from around the world launches Cyber war against Sri Lanka

In protest of attacks taking place on Srilankan Tamils, Hackers hit Srilanka with cyber attack that resulted in defaced of some sites, as well as database being leaked.



"Shawdowforce" who conduct the Operation report that representative from more than 13 teams including Anon Ghost -Indian Haxors Team - Indian Cyber Rakshak - RedCult (Lebanon) - Muslim Cyber Corporation(Indonesia) - Pakistan Haxors Crew - Ip Sova Crew(Malaysia) - Indonesian Red Code -Team - Elite Cyber Army (Philippines) - Afghan Cyber Army - Indian Cyber Devils - Sec~Team-7 - Sec_dark participated in the operation.



Several Government websites were defaced and others were brought down using DDOS. More than 100 websites including websites of  government, big Organisations and local business were defaced too.

This is a part of the joint event that we are conducting #OpSrilanka (April 15-16).  

We will Speak against your government's AirStrike on the "NO FIRE ZONE" !  

We will Speak against the attrocities committed by Srilankan Army on innocent Tamil population !  

We will Speak against the War Crimes committed by your government!  

We will Speak against the Genocide committed by Your Government ! 

stop this !!!!! 

Deface message shows.

Paste Released by Afghan Cyber Army CLICK HERE

Screenshots showing websites were down during the Operation,

• http://prntscr.com/3a8a1q             
• http://prntscr.com/3a5yoj              
• http://prntscr.com/3a5tnp

A paste released by the organisers of the Operation:-

CLICK HERE

At the time of writing the post most of the websites were restored and working back to normal.

Source:- thehackerspoint.com

Read more

Adobe Reader App for Android Vulnerable to Remote Code Execution

Security on the Android device is getting more high as the new and latest vulnerabilities are addressed. Again one popular app of Android "Adobe Reader" is found to be vulnerable. About 400 million android users have installed Adobe reader on their device. If you are among these, then you must update your Adobe Reader from Google Play store.

Adobe has just released the latest version of Adobe reader after fixing the Remote Code Execution on its previous version. Adobe have published the report for the vulnerability code (CVE-2014-0514) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader.

A security researcher Yorick Koster from Securify BV, have noted the vulnerability to Adobe. Explaining the vulnerability, Koster claims that attacker can craft a PDF file with malicious java script that can exploit the victim when he/she open it in affected version of the Adobe Reader.

Successful exploitation allows the attacker, to access the files stored on the Micro SD card and also can read the other personal information present on the device. So it is recommended to update your Adobe Reader from Google Play store.

Read more

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork

Google Dork :"Portail Dokeos 1.8.5"

2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..

To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork

Dork: "intext:File Upload by Encodable"

Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..

2). After click the link you'll got a upload form...

3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url

/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

Read more

How to avoid becoming a victim of keyloggers

Know how it works:

Knowing how it works will help you make a better decision. A keylogger is a little piece of software that normally stays hidden in your system and collects information on the keys you press on your keyboard. This coupled with its ability to match these keystrokes with the application for which they are being pressed, make a keylogger an extremely dangerous hacking tool. As normally it resides in a system hidden, it can steal your information without you even noticing anything.

Use good quality anti-keylogger software:

Anti-virus anti-malware software are a requirement for every user. But they may not be able to detect and remove keylogger software. For this, you should use specific anti-keylogger software. In fact, according to a report almost all anti-virus software failed to detect a keylogger in a controlled lab test. Only a specifically tailored anti-keylogger can make sure that your information stays safe and secure.

Use secure communication channels:

As important and useful the worldwide web is, it is as much dangerous because of some people who use it for their nefarious designs. Some steal your information while others just like to bog down a system with excessive virus attacks. Make sure that you are using only secure websites for your communication, like emails, instant messaging and video calls etc. It is these unprotected sites that can spread these keylogger software easily. Avoid them at all costs for your communication needs.

Be on alert:

The best possible way to protect your computer and your information is to be on alert. It is almost always when you do not take care and follow security precautions that you fall victim to these tricks and get your system infected with viruses. Putting your information at risk is not a good idea. But thinking that anti-virus software, or anti-keylogger software for that matter, will keep your system 100% secure is a mistake. If you are not on your guard, anyone can access your system physically and compromise your security wall, thus eliminating the need of tackling anti-virus over the internet. You also need to know which sites you are visiting and whether there is any Google or other security software advisory on that site. You should also avoid clicking on suspicious links, particularly those appearing in your email, asking for your private information.

Stay updated:

You should also make sure that your system is updated with the latest system and anti-virus software security patches. This will ensure that your system is protected and can withstand attacks over the internet. In any case, you are the one who needs to be on guard more than your system.

Read more