How to Hack websites using IIS exploit | IIS File Upload exploit

This tutorial is about website hacking that are working on older versions of IIS server. We will be discussing about what is a IIS server and how to upload deface pages on it.

 

Q) What is IIS Server ?
A) IIS [Internet Information Service] is a web server developed by Microsoft to use with Mircosoft Operating systems.

How to Use IIS exploit :-

For Windows XP :
1)Go to start the click on run.
2)Copy the folowing code and paste it in run command:-

%WINDIR%EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::     {BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3)Click on ok.
4)A folder named “Web Folders” will open.
5)Right click in the folder and click on “New” and then click on “Web folder”.
6)A dialogue box will open.
7)Enter the url of the vulnerable site and click on next.
8)If no error comes up the sites is vulnerable else try any other siite.
9)After pressing “Next” in step 7 it will ask you to name that web folder, enter any name you want.
10)Open that folder and copy your defaced html page to that folder.
 
For windows 7:
1) Go to My computer >> Right Click >> Select “Add a Network Location” .
2) Click on “Next” >> Choose the first option in the next screen >> Click “Next “.
3) Now enter the URL of the Vulnerable Site and Click on “Next” .
4) Now you will see a folder with name of that site, Open that folder and upload that file.

The link to your defaced page will be like “”http://vulnerablesite.net/mypage.html”" 
where mypage.html is the defaced page i uploaded.


Dork : “Powered By IIS ”
Search this dork in google to search for vulnerable sites.
Some Vulnerable site:-
z6.cn
derakhshan.parniansis.com
ebnesina.parniansis.com
emkhaleghiyeyzd.parniansis.com

Read More

DNS Hijacking | How to hack Facebook accounts using it

Hi Guys, I am back after a long time and I have got something amazing for you guys. In this tutorial I am going to show you how to Hack facebook accounts by DNS hijacking!

WHAT IS DNS?

 is a network protocol whose job is to map a user friendly name like tutorials for you to its corresponding IP address like “173.245.61.120″.

What is DNS Hijacking?

DNS HIjacking also known as (DNS redirection), is a kind of malicious attack that overrides a computer’s TCP/IP settings to direct it at a fake DNS server, thereby disconfirming the default DNS settings.As we tend to all recognize, the “Domain Name System (DNS)” is there to translate a user friendly name like “google.com” to its corresponding IP Address “74.125.235.46″.

So How DNS Hijacking Works?

As mentioned before, DNS is that the one that’s responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is closely-held and maintained by your Internet service Provider(ISP) and lots of alternative business organizations.
By default, your laptop is organized to use the DNS server from the ISP. In some cases, your laptop could even use the DNS services of alternative organizations like Google or OpenDNS. Imagine a scenario wherever a hacker or a malware program gains unauthorized access to your laptop and changes the DNS settings, so your laptop currently uses one amongst the malicious DNS servers that’s maintained by the hacker. once this happens, the malicious DNS server could translate domain names of interesting websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites having a similar design to original site. As a result, you will be taken to a pretended web site rather than the one you’re intending for.

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking will vary and depend upon the intention behind the attack. several ISPs like “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or aggregation statistics. Even though doing this may cause no serious harm to the users, it’s thought-about as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking :

Pharming: This is often a sort of attack wherever a web site’s traffic is redirected to a different website that’s a faux one. As an example, once a user tries to go to a social networking web site like Facebook.com he is also redirected to a different web site that’s stuffed with pop-ups and advertisements, this is often done by hackers so as to come up with advertising revenue.

Phishing: This is often a sort of attack wherever users is redirected to a malicious web site whose style (look and feel) matches specifically with the initial one. As an example, once a user tries to log in to his checking account, he is redirected to a malicious website that steals his login details.
So this way 1 can hack facebook accounts. He can create a program to change your DNS address and could redirect it to his rogue DNS address. That DNS will redirect the request of facebook.com to some fake Facebook site, a Facebook phisher which could steal your login credentials.
To know more about Phishing, read What is Phishing How to Hack Facebook accounts using Phishing

How to Prevent DNS Hijacking?

In most cases, attackers create use of malware programs like a worm to carry out DNS hijacking. These DNS hijacking trojans are usually distributed as video and audio codecs, video downloaders, YouTube downloaders or as alternative free utilities. So, so as to remain protected, it’s suggested to remain aloof from untrusted websites that supply free downloads. The DNSChanger trojan is a very good example of 1 such malware that hijacked the DNS settings of over four million computers to drive a profit of concerning fourteen million USD through deceitful advertising revenue.

Also, it’s necessary to change the default password of your router, in order to stop someone to change your router settings to exploit your DNS settings to hack you.
Installing an original antivirus program and keeping it up-to-date offers an excellent deal of protection to your pc against any such attacks.

What if you are already a victim of DNS hijacking?

If you think that your laptop is infected with a malware program like DNSChanger, do not panic. All you have got to try and do is, simply verify your current DNS settings to check if the DNS address is the same as that provided by your ISPs. Otherwise re-configure your DNS settings as per the rules of your ISP.

I hope you would like my articles related to Hacking and Security!
Leave your queries and feedbacks in comments.

Read More

5 Things Every Beginner Hacker Should Know

Hello All,
This is my first blog post!

This post is for everyone out there who actually want to become a true hacker:-

1) Never trust sites that ask you for money in return of Hacking Softwares or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.

2) There is NO DIRECT SOFTWARE  to Hack Facebook , Google , Yahoo or any other big website. All the softwares that claim to do so are scam. They are just meant to take your money and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked trying to hack others.

3) NEVER EVER use the keyloggers or trojans you find as freeware on internet. Hackers are not fools. They compile keyloggers and trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.

4) You are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made softwares and would depend on them for hacking anything then your functionality would be limited upto the functionality of the software. When you are not going to use your brain , just doing the copy paste thing, then how can you even think of being a good hacker.

5) If you are a good Hacker, you already become a good programmer , a good script writer , a good web developer and an excellent security expert. Well any good Hacker will/should have good knowledge of various aspects and programming languages. to do XSS (Cross Site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING , FOOTPRINTING etc… you will have to be good at programing and scripting. And when you know the Various loop holes , vulnerabilities and security tips, you already become a Computer Security Expert.

So Never Ever Under estimate the term Hacker. A Hacker Is Not a person who just hacks email id’s or servers but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.

Next time think before asking the question – “How much Will I get in this field?” because, if you have so many skills , you really don’t have to run after money. Success comes and money follows itself.

Read More