Skip to main content

Posts

Showing posts with the label Hacking

Simplest way to Hack IBM BladeCenter Management Devices

Hi Everyone, Today I will show you the simplest way to hack IBM BladeCenter devices whose password has not been changed i.e. using the default credentials. Before beginning this tutorial you should know the default credentials used by most IBM BladeCenter devices : Username : USERID ; Password : PASSW0RD (it’s Zero not O) So lets begin, Step 1 : Click on the Link to open Shodan website -> Shodan.io About Shodan , Shodan is a very powerful tool which helps to find different vulnerable network devices and helps us to gather ample amount of information about a network. Step 2 : Once the Url is loaded, type /private/main.php in the search box which will basically help you to get multiple IBM Management console list available publically . See the image below for reference. Step 3 : It will list lots and lots of Vulnerable devices,now just try out your luck . Some or more devices might be using the default credentials. I got one!! Step 4 : Once you g...

How To Hack WAP or WPA2 WiFi Security Fully Explained

As Compared to WEP WiFi Hacking as explained on our previous tutorial, WPA/WPA2 is quite difficult and time consuming because of its Security. Cracking the password sometimes depends on your luck and success is not guaranteed. ..:: How to launch a Dictionary Attack on WPA Handshake ::.. You might get lucky and your nearest WiFi password may be based on a common dictionary word or number sequence. In such a case, you may succeed with a dictionary attack. Step 1: Enable monitor mode on wireless interface #airmon-ng start wlan0 This will start the monitor mode. Step 2: Take note of the nearest WiFi networks. #airodump-ng mon0 Step 3: Take note of the channel of your target network, dump packets from that channel and save them to a local capture file. #airodump-ng -c6 mon0 -w capture_file Step 4: Wait for WPA handshake capture At this point, you can use 'aireplay-ng' to de-authenticate an associated legitimate client from the network. The point ...

How To Hack WEP WiFi Security Fully Explained

Hello Friends, Today We are going to learn the methods to hack any WEP WiFi by cracking its Password. WiFi Security mostly contains WEP, WPA or WPA2 Psk Security. Out of which WEP is the weakest and the easiest to hack while WPA and WPA2 contains advance Encryption Security. In this tutorial we will cover WEP Hacking. Things Required -> Backtrack or Kali Linux ..:: WEP Cracking ::.. No doubt, WEP is the easiest to crack .Here's how to crack WEP: Step 1 : First we need to start the Monitoring Mode. Many people may face the no interface issues while giving the command airmon-ng so check the solution here -> http://sh.st/cXO1I #airmon-ng start wlan0 Notice that the monitor mode is enabled on mon1 on wlan0 ,take note of this. We will need this interface later on. Step 2 : Now Start dumping data packets with airodump #airodump-ng mon1 You'll see all the WiFi Channels available in your area. Here we see different security like WEP, WPA and WPA...

Resolution Airmon-ng showing No Interface

Today we are going to show you all a solution for the most common Error people face while performing Airmon-ng i.e. there will be no interface as shown below : So how to fix this issue? Step 1 : Before starting Make sure that you have Internet connection on your Backtrack or Kali Linux machine.If you are using  VM then make sure your VM network adapter is Bridged with the Physical Network. Step 2 : Next Click here : http://linuxwireless.org/download/compat-wireless-2.6/  and Download  compat-wireless-2010-06-26-p.tar.bz2  file on your Backtrack or Kali Machine. Step 3 : After downloading we have to extract the file since its in compressed form(*.tar).so to extract it Go to the path where you have saved that file and then give the command : tar -jxvf compat-wireless-2010-06-26-p.tar.bz2 Step 4 : After extracting go to that folder that is created after extraction, and give the command > make unload  and then make load   (for load...

How to hack VP-ASP Shopping websites and get all the Database details

Hello Friends, Today we are going to learn how to hack VP-ASP cart of a Shopping website and download all their Database details like Customer details, Credit card details, Product details etc. So some basic idea before starting the Tutorial,  What we are going to do here? Firstly we will hack a shopadmin website then we will download the database file which will be in the form of *.mdb. This database file contains all the client details like credit card information and also login name and passwords. How to do this ? Note : This tutorial is tested on "VP-ASP Shopping Cart Version:5.00" Step 1 : First thing to do is to find VP-ASP 5.00 Sites, to do this -> Go to Google.com -> Type "VP-ASP Shopping Cart 5.00"[ Without Quotes ] . See the image for reference  Step 2 : In this tutorial, we are going to target www.surfstats.com  You can also select your website which is having "shopdisplaycategories.asp","sho...

Hacking Facebook or any Email Account using IP Tab napping Method

Hi guyz, Today we r going to learn how to hack any Facebook or Email accounts using IP Tabnapping method. IP Tabnapping is similar to "Phishing technique" but here instead of using a web hosting site we will use own system IP address to get he email id and password. So for this you will require : 1. BackTrack OS ( We are using Backtrack5 R2 version, download it frm  www.backtrack-linux.org ) 2. Some social engineering tricks + Brain (most important thing) okay so lets begin : Step 1 : Open Backtrack, Click on  Applications  >  BackTrack  >  Exploiting Tools  >  Social Engineering Tools  >  Social Engineering Toolkit  >  Set Step 2 :  Now u are in the set console, you can see several options there like Social Engineering attack, Fast track penetration testing etc. Just type 1 and press Enter . This will open " Social Engineering attack ".  Step 3 : Now another window will appear Just typ...

How to find Someone's IP & Location details in just 1 mins

Hello guyz, Today I'm gonna show you "How to find the IP address and Geographical Location of someone in just 1 minute", Easy and quick. This method is 100% working and accurate as tested by me so no useless comments! So lets start : Step 1 : Go to this website :  http://www.whatstheirip.com/ Step 2 : Enter your mail id and click get link . See the image for details. Step 3 : You'll see 2 links, Just copy either one of the link and send to your victim and make him open it, say "check out my new pic" or something like that (Don't open it by yourself). Step 4 :  Check your Inbox in the mail provided in step2. You'll see a mail with an IP address, You got his IP and Geo Location !! When your Victim or Friend opens that link he'll see an error page and he'll think it as a random error. Hope u guyz like this trick. Do comment if u have any problem in the above steps. Credits :- Amar Helloween, Haxor...

How to hack websites using Manual SQL injection

Hello Friends, Today we are going to learn how to hack a website using Manual SQL injection. The website which we will be using in this demo is :  www.unitedpurpose.org/ So, here is the Vulnerable link :  www.unitedpurpose.org/archive/article.php?id='100 So lets begin : Step 1 : First we have to find the number of columns present in the database. So to do that we have to implement the "order by" command in the vulnerable site. Example:  http://www.unitedpurpose.org/archive/article.php?id=100  order by 7 (any no. u have to guess it, i m using 13 ) *Remember if u get error in "order by 7" that means site has less than 7 columns,if we get the same page then the no. of columns is more than 7.. In my case the number of columns are 13. Step 2 : After getting the columns, its time to get the vulnerable column by using "UNION SELECT" no. of all columns 1 after another separated by commas(,). See the example for more clarification : Example :  ...

Find Usernames and Passwords of several Databases

This Tutorial is about Finding Username, Passwords and other Database informations using Google . Follow the below Steps : Step 1- Open Google.com Step 2- Enter This Dork filetype:ini "pdo_mysql" (pass|passwd|password|pwd)  See the Search Results Hope You all like this . Now go to the website and search for Database login connections and input the Username and Password and begin Hacking !!

IMCE Mkdir remote deface,upload & exploits

What is IMCE Mkdir ? IMCE Mkdir is a remote file upload vulnerability on drupal platform, normally you can upload .txt, .png , .jpg and .gif extensions on websites but some sites allows you to upload .html files , if you want to upload shell on website then try in .phtml extension . Google Dork inurl:"/imce?dir=" intitle:"File Browser" Exploit http://website.com/imce?dir= Shell Access http://website.com/files/yourfilehere* ----or----- http://www.website.com/abc/files/abc/yourfilehere* * Change the website name with your vulnerable website and abc with directory Step 1 : First of all find a vulnerable website using google dork stated above . Step 2: After opening site go to http://website.com/imce?dir= and find upload option there . Example :   http://www.somaly.org/imce?dir= Step 3 : Now Upload your file which must be in either of the format : .jpg , .gif , .png , .html , .phtml , .pdf etc. Step 4 : To access your shell/...

Facebook Hack ( using Phishing )

Step 1 :  Create An Account on any Free Webhosting Site like http://www.000webhost.com/  or http://www.byethost.com/ Step 2: Now , Download Facebook Phishing Files from here :  Link : http://www.mediafire.com/?cluwk3gqu4f9qgq Password : amar121 After Downloading the Facebook Phishing Files.rar ,exract its contents.You'll get the three files. Now Upload the three files to your http://www.000webhost.com/  or any other webhosting site. Now here's the most IMPORTANT step--->Sending the link of the Fake page to your victim via email. 1.) Now Click on the INDEX.HTML file that you have uploaded on www.000webhost.com . A Facebook Fake page will open.You can easily recognize its fake by looking at the URL in the address bar(Fake pages do not contain HTTP) 2.) Copy the Address of the fake page from the Address bar. 3.) Now Go to ---> www.goo.gl  , a GOOGLE URL SHORTNER will open. 4.) Paste the link Of your Facebook Fake page th...

Google Searching Tricks

Well let me tell You what actually google tricks mean. Google tricks or google tips, does not mean hacking google. Using the below Google operators or codes, we can get the desired google result very quickly. Well we can name this as hidden google secrets or Advanced google searching. Google Trick 1 : Google Codes Type the following highlighted words in google search box. Google has several google codes that can help you find specific information, specific websites or inquire about the indexing of your own site, below you will find the most important ones: Click on the example google trick, and You will be redirected to google. For definitions   This google operator will find definitions for a certain term or word over the Internet. Very useful when you come across a strange word when writing a post. I use this as a google dictionary. Example : define Computer For information The google info operator will list the sets of information that Google has ...

How to crack or Reset BIOS Password

BIOS password is usually used to protect the user's BIOS settings on the computer. BIOS password can be reset basically in 2 ways: 1. By Clearing CMOS Battery I consider this is the most an cient and easy way to break down the password on the BIOS. The steps are easy, first open the casing cover computer CPU. Then find the bios battery that looks something like the battery just a little more big clock (see the pic below for details ). In the area around the battery there is usually a jumper with 3 pins, 2 pins and 1 pin not connected.  Suppose the three pins with the code 1 - 2 - 3 connector that connects the initial position usually is 2-3. To reset the bios move the position of the plug that connects pins 2-3 to position 1-2 for about 5 seconds. Then plug it back into the starting position (2-3). Try restarting the computer back on, secured the bios password is gone. If the above looks complicated, then it is easy to clear CMOS by unplugging the BIOS battery and ...