How hack WEBSITE ???

How hack WEBSITE ???

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

Note : This post is only for Educational Purpose only.

What are basic things you should know before website hacking?

First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..

1. Basics of HTML, SQL, PHP.

2. Basic knowledge of Javascript.

3. Basic knowledge of servers that how servers work.

4. And most important expertize in removing traces otherwise u have to suffer consequences.

Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

http://www.w3schools.com/

And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.

METHODS OF HACKING WEBSITE:

1. SQL INJECTION

2. CROSS SITE SCRIPTING

3. REMOTE FILE INCLUSION

4. LOCAL FILE INCLUSION

5. DDOS ATTACK

6. EXPLOITING VULNERABILITY.

1. SQL INJECTION

First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

2. CROSS SITE SCRIPTING

Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

I will explain this in detail in later hacking classes. So keep reading..


3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :

• Code execution on the web server
• Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
• Denial of Service (DoS)
• Data Theft/Manipulation

4. LOCAL FILE INCLUSION
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:

www.target-site.com/index.php?p= ../../../../../../../etc/passwd

I will explain it in detail with practical websites example in latter sequential classes on Website Hacking.

5. DDOS ATTACK

Simply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.

6.EXPLOTING VULNERABILITY

Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.

READ MORE -

How to Create Your Own Customized Run Commands

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

 

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

 

1. Right click on your Desktop and select New -> Shortcut.

 

2. You will see a “Create Shortcut” Dialog box as shown below

 

 

 

 

 

 

 

 

 

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

 

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

 

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

 

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.

I hope you like this post! Pass your comments.

READ MORE - How to Create Your Own Customized Run Commands

Hack Websites Top 10 Tricks to Exploit SQL Servers

 

Whether it is through manual poking and prodding or the use of securitytools, malicious attackers employ a variety of tricks to break into SQL server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.testing


1. Direct connections via the Internet
These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield?s Port Report shows just how many systems are sitting out there waiting to be attacked. I don?t understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.


2. Vulnerability scanning
Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or thedatabase system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assesment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.?s NGSSquirrel for SQL Server (for database-specific scanning). They?re easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

Figure 1: Common SQL injection vulnerabilities found using WebInspect.


3. Enumerating the SQL Server Resolution Service
Running on UDP port 1434, this allows you to find hidden database system. Chip Andrews? SQLPing v 2.5 is a great tool to use to look for SQL server system(s) and determine version numbers (somewhat). This works even if your SQL Server instances aren?t listening on the default ports. Also, a buffer overflow can occur when an overly long request for SQL Servers is sent to the broadcast address for UDP port 1434.


4. Cracking SA passwords
Deciphering SA passwords is also used by attackers to get into SQL Server databases. Unfortunately, in many cases, no cracking is needed since no password has been assigned (Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool mentioned earlier. The commercial products AppDetective from Application Security Inc. and NGSSQLCrack from NGS software Ltd. also have this capability.


5. Direct-exploit attacks
Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities found during normal vulnerability scanning. This is typically the silver-bullet hack for attackers penetrating a system and performing code injection or gaining unauthorized command-line access. 

Figure 2: SQL Server vulnerability exploitable using Metasploit?s MSFConsole.

6. SQL injection
SQL injection attacks are executed via front-end Web applications that don?t properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informativeprefer to perform the follow-through using an automated tool, such as SPI Dynamics? SQL Injector, shown in Figure 3.

Figure 3: SPI Dynamics? SQL Injector tool automates the SQL injection process. errors, commands being executed and more. These attacks can be carried out manually ? if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I


7. Blind SQL injection
These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn?t receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that?s where Absinthe, shown in Figure 4, comes in handy.

Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.


8. Reverse engineering the system
The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you?ll find a discussion about reverse engineering ploys.


9. Google hacks
Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors ? such as ?Incorrect syntax near? ? leaking from publicly accessible systems. Several Google queries are available at Johnny Long?s Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web Servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google?s ?site:? operator often turns up juicy info you never imagined you could unearth.

10. Perusing Web site source code
Source Code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.

READ MORE - Hack Websites Top 10 Tricks to Exploit SQL Servers

Unlock ZTE HSDPA modems

Just clcik on this link & signup than u can download just 1 minute step......... & enjoy. Its not a survey...........

 

 

Unlock ZTE HSDPA modems

Some ZTE modems not asking unlock code.so no where to input our code.
so you can't do it like above method.you have to use some software for this.

Download software click here

i. First of all, if you use some memory card, remove it. remove sim  card
   and put sim card what you want to unlock.(it will display invalid sim)

ii.Plug your modem  in to your computer,sometime connection manager will display,close it.

iii. Unzip what you download and open dccrap.exe

iv. First select the manufacture as ZTE datacards  ( No: 1)

v. Select the model as Auto detect (recommended)  (No : 2 ) If you know the model and
     which com port you use.u can do that way also

vi. Click find button  (No: 3) . after your modem model will display below box

vii. After detect modem click unlock button (No: 4 )

cheers you are done.After few seconds modem will unlock restart your computer and use
your modem.This connection manager also working for this.
But if you want to use  ZTE connection manager click below link to download.

click here to download.
Thank you.

For any support or request any tools leave message ..............

READ MORE - Unlock ZTE HSDPA modems

Real Ip hide

Real Hide IP v4.1.2.2 + Crack

---

Are you aware that your IP address is exposed every time you visit a website? Do you know that many websites and hackers use your IP address to monitor your home address and other personal information?

READ MORE - Real Ip hide

Share your Pc Internet Connection with other device

Share Your Pc Internet Connection with Other Devices by Using Connectify Software

You might be using a Hi Speed dongle for 3G  internet access or a Broadband Connection using LAN Cable, if you do not have a  Router installed in your home than you cannot access a Internet Connection on  your other handheld devices, but with Connectify this can be connected easily with just one click.Well it worked good but now I tried and came across some limitations so I found another good one and its working simply
fine for me.

READ MORE - Share your Pc Internet Connection with other device

VLC Media Player Twfower 2.0

Download VLC Media Player Twoflower 2.0 Version with loads of new Features

VideoLan Project’s very popular media player, VLC, 
just received a major release. The new version, VLC 
2.0, comes with loads of new features, bug fixes and
supports for pretty much any OS – Windows, OS X, 
Android & iOS. Heck, the 2.0 release even features 
a OS/2 video output renderer. VLC is known to play 
anything that you throw at it, kitchen sink included.

READ MORE - VLC Media Player Twfower 2.0

Tera copy pro v2 -27 full verison

TeraCopy Pro V2-27 Full vesion Incl. Genuine Key

TeraCopy Pro v2.27 • Incl .Genuine key  Copy and
move files at the maximum possible Speed


TeraCopy is a great utility designed to copy/move files faster and more secure.TeraCopy can resume broken file transfers.


TeraCopy is skips bad files during  copy  and even 
shows the skipped files at the end of files transfer.
Calculates files CRC checksum on the fly to speed
up source and  target files comparison.Seamless is
the integration with Windows Explorer allows you to
keep working with files as usual.


TeraCopy is a compact programme designed to copy
and move files an the max possible speed , providing
the user a lot of features:

Features Of TeraCopy : -

• Copy Files Faster
• Pause and Resume File Transfers
• Error Recovery.
• Shell Integration.
• Intreactive File List.
• Copy / Move to favourite folders.
• Select Files with the Same Extension.
• Remove Selected files from the copy queue.
• Full Unicode support.

Whats New In TeraCopy v 2.27

• Added: 'Remove other' to remove non-selected files from the list [Pro].
• Added: Better handling multiple copy processes.
• Added: Multiple retries to delete source files and folders after moving.
• Added: Tray notification when adding files to the existing process.
• Fixed: Problem with some non-latin filenames.
• Fixed: Copied files now have a correct creation time.
• Added: WaitBeforeMinimize option to ini file.
• Compatible With : Windows XP, Vista and Win 7 (32&64-bit) 

               CLICK HERE TO DOWNLAOD

READ MORE - Tera copy pro v2 -27 full verison

Avast antivirus for android

Avast Antivirus For Your Andriod Device For Free

    

   Now Android has Launched the Officially
 Antivirus Tool For Your Andriod  Device. It Is 100% Free and best its has many kind of  Features. As usually we Know that the Best Antivirus is  Avast Antivirus in  Pc 's and Laptops . In the Andriod  device also Avast Antivirus works well and Detects&fix all viruses,mall wares and Trojans.And you Can install directly From Andriod Market.

   Features : -


   Virus Scanner 
   Privacy Report 
   App Manager 
   Firewall 
   SMS/Call Filtering 
   Web Shield 
   App Disguiser 
   Anti - Theft


  Click Here To Download

READ MORE - Avast antivirus for android

TATA DOCOMO UNIMITED GPRS HACKS

Free Tata Docomo Unlimited GPRS Trick & Hack 2012

Hello Friends !! Iam with Some New Trick For Unlimited
GPRS Hack by HACKLABS


Follow the Steps Below : -

You  should gonna do to have unlimited gprs.



Tata docomo users now browser free gprs in opera mini 6 
use this proxy settings 203.101.45.215 for all s60 user int
erface now get unlimited access to free net using this pro
xy change in docomo divein settings,


No balance will be deduced form ur account.

Settings:-



    Account Name : docomo divein
    Homepage: http://divein.tatadocomo.com
    Accespoint :TATA.DOCOMO.DIVE.IN
    Leave username and password as blank 
    Proxy address:10.124.94.7
    Proxy port :8080
    Data bearer : GPRS/ Packet Data
    Authentication Type : Normal

READ MORE - TATA DOCOMO UNIMITED GPRS HACKS

Airtel unlimited 3g hack

Airtel Unlimited 3G Free GPRS Trick And Hack 2012

                                          

Hello Friends Iam With New Gprs Trick,recently i give
you to the Free Tata Docomo Unlimited GPRS 
Trick & Hack 2012.Today me with the post here is
another working Airtel Free 3G GPRS trick forPC and
Mobile.This trick provides resume support.The 3g tricks
are continuously blocking in various states so don´t
hesitate to comment whether it´s working or not.

Steps for proxy setup in PC:

1) Open Mozilla Firefox
2) Go to TOOLS -> OPTIONS -> ADVANCED ->
NETWORK -> SETTING -> MANUAL CONFIGURATION
3) Enter anyone Proxy and Port
4) 91.143.83.139 with 80 port 
5) Then Go to TOOLS -> OPTIONS -> GENERAL -> HOMEPAGE
6) Enter this url in homepage:
http://fb.me/11010101.php?u=http://www.google.com



To download files in Internet Download Manger (IDM),
you need to change the proxy like this 91.143.83.139
with 80 port

READ MORE - Airtel unlimited 3g hack

Reliance 3G Hack 2012

Reliance 3G Free Gprs Trick and Hack 2012 with Super Fast

In this Atricle enjoy Free GPRS for your Reliance Mobile.
And Browse With Super Fast 3G and Downloading Speeds
Upto 3 Mbps. By Using this trick get free internet on your
mobile without any datacard recharge.


Note :-


Try this Trick at your Own Risk.
Keep Your Sim Balance Low .
And This trick is working at the time of Publishing.

Follow the Instructions Below :-
                                     

1 ) Make a New Connection with the Below Details :-

•     Profile Name: Reliance Free
•     APN (Access Point Name) : rcommms
•     Use Proxy: No or Disabled.

2 ) And Next Download Proxyfire From Below Link 
     Download Link :- ProxyFire


3 ) Then Run the Proxyfire and Goto Options.


4 ) Click on proxy settings. then click on Add.


5 ) Now Fill the Details as Below :-

• Proxy Address or Server: 68.84.122.254
• Proxy Port: 3178
• DNS : 198.153.192.1
• Now use APN as rcommms and dial this connection
with number : *99#

Thats It ,you Will Get Free Gprs Access to your Mobile  if
you like this post share and +1 this and keep contact with us.

READ MORE - Reliance 3G Hack 2012

MAKE YOUR WINDOWS 7 GENUINE

  Just clcik on this link & signup than u can download just 1 minute step......... & enjoy. Its not a survey...........

HELLO FRIENDS... MANY WILL HAVE THE PROBLEM OF PROMPTING THE WINDOWS GENUINE WHILE UPDATING THE WINDOWS...  MANY USERS WITHOUT KNOWING ABOUT IT WILL IGNORE.. BUT AFTER AFTER A PARTICULAR TIME, IT WILL GET BLOCKED COMPLETELY NEEDING TO RE-INSTALL THE OPERATING SYSTEM..


I HAVE TRIED SO MUCH AND FINALLY I HAVE GOT A WAY TO SOLVE IT..


DOWNLOAD THESE FILES FIRST  WHICH ARE GIVEN BELOW....::(links)


1) GENUINE

2) REMOVE WAT


NOW FIRST INSTALL THE WAT REMOVER..(only if ur system is asking you to make it genuine.... or else dont needed it) AFTER THAT U NEED TO RESTART YOUR SYSTEM..

THEN INSTALL THE GENUINE FILE. IT MAKES YOUR WINDOWS 7 ULTIMATE GENUINE..

SO FRNDZ, ENJOY..

If you like the post share and +1 this , thanku for visiting ...
Keep  Contact with us.

READ MORE - MAKE YOUR WINDOWS 7 GENUINE