Minggu, 20 April 2008

Video : Advanced Mysql Injection in Joomla

this will be straight post , i’ll share you the latest video hacking tutorial from milw0rm.com. it’s Advanced Mysql Injection in Joomla by bi_gys, it tested localy to prove the bug. it provide the the bug and complete step how to use this bug. and why i share here, cause some people doesn’t know how to download the vidoe from milw0m.so to help you you can download the damn video here. LoL


Enjoyed

Hacking Router and Switch

the hacking technique that i will tell to you is very old technique , what we will do is very depend of your luck. :D but we also have some literatur to make you success percentage become higher. what you only need to know is the type and the brand of the Switch and Router. if you don’t know it you still have a chance to get “in” but it not easy of course.the first technique i tell(you know the type and brand the target) you is depend of your luck because it will brute force.but the second is depend of your skill fo “social enginering”. this technique is not common hacking technique it not need any tools. its just use your head. your intellegence will tested here because you need to guess the passowrd and the username with only chat and asking random question to the network administrator. you now , yesterday i read some one post that tell that we can hack yahoo! or hotmail email just use this technique. of course we can , but it very difficult to guess the password since we may only have to pick one password from everthing you can think!!.First how can we hack a switch just use one tools . and this tools is very common tools.we will use port scanner. and this is the step :

* Scan your Local Network using some tools you can use Angry IP Scanner like i do. and you only need Scanning for OPEN port 23.this port is usually use for switch
* after getting the IP you can try the telnet connection to that IP. telnet [IP target] 23

and now your intellegence will tested. of course we don’t know the username and password for that switch. but i bet the username “administrator” or “admin” that standart username for network engine like that will work. you can use one of that username and now all depend of your luck. to higher our chance to get pass you can read the default password list for all type.but i dont have the list of default password for switch so you need to use “social enginering” technique. good luck :D just incase try to keep the password (empthy) maybe it will work.because it works for me.. :D

and now for Router. luckly i have the list of default pasword for Router. and it hundreds !! and over. you can chose one of this. or you can read here router-default-password. that al l happy hacking..

Friendster Password BruteForce Script

To download this Friendster.com Password BruteForce Script , you can get it directly from http://www.darkc0de.com/bruteforce/friendsterbf.py .


Another Friendster hacking post .. (I’m actually tired of this topic , but since most of the visitors of this blog have asked me a lot about Friendster hacking topics through email , I decided to keep posting on this topic :) )

Today I just want to share a python script that I found in the wild , It’s called Friendster.com BruteForce . And as You expected , it’s a script to automate the bruteforce attack against Friendster.com ’s login form . That’s How you would break into someone’s Friendster.com account.

The preview of the working script :

[+] Testing Proxy…
[+] Proxy: 148.233.159.58:3128
[+] Verbose Mode On

[+] BruteForcing: http://www.friendster.com/login.php
[+] Email: @yahoo.com
[+] Words Loaded: 2290

[-] Login Failed: 12345
[-] Login Failed: abc123
[-] Login Failed: password
[-] Login Failed: passwd
[-] Login Failed: 123456
[-] Login Failed: newpass
[-] Login Failed: notused
[-] Login Failed: Hockey
[-] Login Failed: internet
[-] Login Failed: asshole
[-] Login Failed: Maddock
[-] Login Failed: 12345678
[-] Login Failed: newuser
[-] Login Failed: computer
[-] Login Failed: Internet
[-] Login Failed: Mickey
[-] Login Failed: qwerty
[-] Login Failed: fiction
[-] Login Failed: Cowboys
[-] Login Failed: Jordan
[-] Login Failed: Hatton
[-] Login Failed: test
[-] Login Failed: Michael
[-] Login Failed: ou812
[-] Login Failed: orange
[-] Login Failed: 1234
[-] Login Failed: Beavis
[-] Login Failed: 123
[-] Login Failed: tigger
HTTP Error 500: Server Error

[!] Login Successfull: @yahoo.com Soccer





CMD Windows like shell Linux

Sometimes

I use windows. I know and like linux but not as a desktop operating system.
I often find myself typing “ls” or “cat” inside the windows shell, which obviously returns an error.

I started to P.I.M.P. my windows shell (cmd.exe)

  1. I downloaded unxutils from sourceforge unpacked the archive,
    went to usr\local\wbin copied every file that is there and pasted them in c:\windows\system32\ without replacing the windows utilities (there are 3 files that i don’t recommend overwriting)
    Now i have ls, cat, tee, grep …
  2. Downloaded netcat for windows copied all the files in c:\windows\system32\
    Now i have nc - a very good telnet client, and can also be used as a server :)
  3. I got pstools from sysinternals put the executables in c:\windows\system32\
  4. Plus nmap for windows put it in the same windows path.
    A must use tool…
  5. I also like hping2, for those who don’t know it, it’s a packet crafter.

Now you can use your windows command line. Until now it was pretty much useless.

Now you can
nmap -A -O -vv websecurity.ro | tee websecurity_report.txt | grep open

Setting Speed Faster Windows

——————————————-
PC MORE FASTER MORE THAN BEFORE
================================
HKEY_CURRENT_USER\Control Panel\Desktop
then select
MenuShowDelay
change 400 to 0

——————————————
MAKE COPY EASY N FASTER
==========================
HKEY_CURRENT_USER\Control Panel\Desktop
then change PaintDesktopVersion from 0 to1

———————————————–
CHANGE THE ORGANIZATION OR THE OWNER NAMES
========================================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
then on RegisteredOrganization and RegisteredOwner
you can type any thing you want

—————————————————-

MAKE APPLICATION OPEN MORE POWER
===========================================
HKEY_CLASSES_ROOT\exefile
then right click on shell and make new key and putit name is
high priority
and then click on high priority and make new key and put it name is
command
and in the other side modify the value to
c:\WINDOWS\System32\cmd.exe /c start “runhigh” /high “%1

——————————————————-

MAKE A COPY TO FOLDER AND MOVE TO FOLDER IN CONTEXT MENU OPTION
===================================
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex
AND ON THE “ContextMenuHandlers”
RIGHT CLICK AND MAKE A NEW KEY AND NAME IT “COPY TO FOLDER…”
THEN IN OTHER SIDE DOUBLE CLICK AND PUT THE FOLLWING
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
REPET ONE MORE AND MAKE NEW KEY BUT TIS TIME NAME IT TO ” MOVE TO FOLDER…”
{C2FBB631-2971-11d1-A18C-00C04FD75D13}

AND RESTART THE PC

————————————————————
INCREASE YOUR CONNECTION
========================
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings

then make 3 new values
MaxConnectionsPer1_0Server value (a)
MaxConnectionsPer1_0Server value (b)
MaxConnectionsPerServer value (a)-

——————————–
START MENU
===========
RUN
TYPE “SYSTEM.INI”
AND IN THE END
PUT THE FOLLWING

page buffer=100000kbps
load=100000kbps
Download=100000kbps
save=100000kbps
back=100000kbps

——————————————————–
PUT YOU NAME ON WINDOW TITLE
===============================

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
and type
WINDOW TITLE
================================================== =====