1:>Run Havij.exe

2:> Once it opens you will see register..







3:> Click Register Make sure you are connected to the internet





4:> Under Name: You write:Your Name or anything
5:>Under File: You select the folder where you are currently running the Havij program from and select Havij Key

6:> Done....

Hello friends, this is my 3rd article on HTP. Hope you are liking my articles.

There are several ways to hack a website
By Spl Injection read this article here.

Now you accessed admin panel of a website and you want to edit its
file. To edit files you need a php shell.


What is a php shell?

PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use
to execute arbitrary shell- commands or browse the filesystem on your
remote webserver. This replaces, to a degree, a normal telnet
connection, and to a lesser degree a SSH connection. You use it for
administration and maintenance of your website, which is often much
easier to do if you can work directly on the server. For example, you
could use PHP Shell to unpack and move big files
around. All the normal command line programs like ps, free, du, df,
etc… can be used.

C99 is the shell by which you can manage the files of a website. Let
me explain practically :-

 Create a fake account on http://www.my3gb.com and download c99
shell(link given below in step 1) in zip extract it to your pc. After
extracing upload c99.php file to your my3gb account and logout from
your account. Now just go to the link of the shell i.e.
Yourusername.my3gb.com/c99.php
Now you can access control panel of the website without login into your account.

To hack the website's control panel Just follow these steps :

Step 1 : Download a php shell. I recommended c99 because of its
extended features. For download go to http://sh3ll.org/ and download
c99 shell in zip.
Then extract it.

Step 2 : Now find a place where you can upload photos in website.

Step 3 : Upload your shell here. If the website dont allow to upload
.php file then change it to .php.gif or .jpg

Step 4 : Now go to the link of the file that should be
www.abc.com/yourfilename.extension of your file

or
abc.com/images/yourfilename.andextension

Now here you can see all the files of that website. Now you can access cpanel. Written by Mafiya Boy Ankit who is 13 years old hacker. http://undergroundhackerz.blogspot.com

> Use any of the google dork to find the admin login page of a website.

inurl:admin.asp 

inurl:admin.php

intitle:admin

intitle:admin login

intitle:administrator

inurl:adminlogin.asp inurl:adminlogin.php

inurl:administrator

There are many websites which can be hacked by this. Open anyone and you will see the login page. Type this SQL query in form. 

This is a really effective way of hacking a website. This way is very common and according to some research 10% of sites are vulnerable to this.
 So to start first thing that we need is vulnerable site which can be found from the following dork :


inurl:"Fck/fcklinkgallery.aspx" (for all the sites)
 inurl:"Fck/fcklinkgallery.aspx" site:{domain of site} (for specified attack)

 Now select any site and following page will appear :



NOW Select the third option and type following into the address bar:


javascript:__doPostBack(‘ctlURL$cmdUpload’,”)

NOW IT WILL LOOK LIKE SHOWN BELOW:


Now if you are lucky and site is vulnerable a upload Bar will appear from which you can upload .txt .html or pictures from your computer in to the site.

HOW TO FIND YOUR UPLOADED FILE.


To Get to the file that you have uploaded just goto the domain of the website and put this in the end "portals/0/[Your files name]" e.g " www.blahblah.com/portals/0/a.txt"
I hope you people like it!!!!



Note: Use Google Chrome for this Attack it is DEADLY EFFECTIVE!!!!

 

Audit your website security with Acunetix Web Vulnerability Scanner 

As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. 

Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases. 

Firewalls, SSL and locked-down servers are futile against web application hacking! 

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers. 

Acunetix - a world-wide leader in web application security 

Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection. 

Acunetix Web Vulnerability Scanner includes many innovative features: 

AcuSensor Technology An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications Industries' most advanced and in-depth SQL injection and Cross site scripting testing Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer Visual macro recorder makes testing web forms and password protected areas easy Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms Extensive reporting facilities including VISA PCI compliance reports Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease Intelligent crawler detects web server type and application language Acunetix crawls and analyzes websites including flash content, SOAP and AJAX Port scans a web server and runs security checks against network services running on the server

Description:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.




What's New?

* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.


Download:
Register on:  Cracked@By.Exidous
http://www.flashcrew.in/2012/03/havij-152-pro-fucked-up-by-exidous.html

Lic file
http://www.sendspace.com/file/r5ifpo
OCX Files
http://www.sendspace.com/file/gwl2cd

In IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest  way to Hack any site.

STEP 1: Click on Start button and open "RUN".
Now A Folder named "Web Folders" will open.


STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".


STEP 4: Now type the name of the Vulnerable site in this. e.g." http://autoqingdao.com/ " and click "Next".
Now to view the uploaded site i will go to "http://autoqingdao.com/securityalert.txt"
In your case it will be " www.[sitename].com/[file name that you uploaded] "

• Coderz.txt
• 
  
• g00n.txt
• 
  
• N3fa5t1cA.txt
• 
  
• m1n1shell.txt
• 
  
• lama.txt
• 
  
• rootaccess.txt
• 
  
• DarkShell.txt
• 
  
• lostDc.txt
• 
  
• r57_Original.txt
• 
  
• .htaccess
• 
  
• GSCshell.txt
• 
  
• CShell.txt
• 
  
• dc3Shell.txt
• 
  
• StakerShell.txt
• 
  
• s72.txt
• 
  
• HiddenShell.txt
• 
  
• LocusShell.txt
• 
  
• phpjackal.txt
• 
  
• Andr3a.txt
• 
  
• blood3rpriv8.txt
• 
  
• Sniper_shell.txt
• 
  
• OnBoomShell.txt
• 
  
• IronShell.txt
• 
  
• GNY_Shell.txt
• 
  
• StressBypass.txt
• 
  
• nexpl0rer.txt