Phishing Page Maker Tool

 Phishing Page Maker Phisher Creator Software

Most of us know phishing page is required for hacking, but creating phishing page manually takes lot of our valuable time. So here is the tool through which you can create unlimited phishing page in a short time.

This is the screenshot of that software and below is the link for downloading. Just install it and type the name of the site and after that the phishing login page and login.php file will be automatically created.

Note: Net Frame Work Required 

Rar Pass: canuhack.blogspot.com

Share Powerfull Dork

Code:

"you have an error in your sql syntax" inurl:/details.php?id=

Code:

"you have an error in your sql syntax" inurl:/events.php?id=

Code:

"you have an error in your sql syntax" inurl:/articles.php?id=

Code:

"you have an error in your sql syntax" inurl:/artist.php?id=

Code:

"you have an error in your sql syntax" inurl:/viewarticle.php?id=

For Making a Carding :-

Code:

"you have an error in your sql syntax" inurl:/products.php?id=

Code:

"you have an error in your sql syntax" inurl:/price.php?id=

Code:

"you have an error in your sql syntax" inurl:/buy.php?id=

Code:

"you have an error in your sql syntax" inurl:/cart.php?id=

To Find Email and Password :-

Code:

"you have an error in your sql syntax" inurl:/member.php?id=

Code:

"you have an error in your sql syntax" inurl:/comments.php?id=

[Download] 14 million password list for Crack Anthing you want :D

[Download] 14 million password list for Crack Anthing you want :D

Salamz ML ,

Well i was thinking to share some cracking stuff with you guys ,
The list i'm providing here its a huge list , i use to crack Hashes , SSH Logins and RDP etc etc. you can break into almost anything with this file , but yes , the caracking will took so much time.

i remember , a year back i use to crack yahoo email id , file hosting ids like : fileserve.com , mediafire , megaupload ( Busted ) , uploading.com and much more ,
i even use this list with other programs such as john the ripper, other simple bruteforcing python/perl scripts depending on what i am trying to break into.

But i most prefer hydra for bruteforcing and cracking logins for special ports 

so what em saying is i tested the password list on yahoo once using some yahoo cracker tools and in 2 days of continuous Cracking i break into random 250 yahoo Accounts ...lolx  just for fun 

Anyway .. you can use it for anything , just explore your mind 

Here is the Download Link : http://www.mediafire.com/?glyzo6ubjgo0n7k


NOTE : Also if you open in notepad you will see the words are stuck together open in notepad ++ or even with wordpad to see the the words normally.

How I Hacked A Remote Computer By Just IP Address

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.

It was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.

Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.

Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.

Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.

I came across to my terminal and open telnet to the victim by using the default password and I was in and now I was able to take control of this computer but this was not include in the plan.

FTP (file transfer protocol), I came to my terminal again and this time I have used FTP command with the same combination of user name and password and successful. Remember FTP access means you can download and upload files on remote computer means full access. You can use some GUI ftp client but I used command.

Countermeasure

• Always use a strong password
• Turn on your Firewall (both on router and computer)

Uploading Shell In Wordpress

Posted By Maher Bro

Hey all in this tutorial i will tell you all how to upload shell in wordpress. 

So first of all we must have access to wordpress. As many of you must  have tried symlink and got worpress and joomla databases but what about uploading shell in them.

 So here we go just follow me 


1. Log in to your worpress site and after logging in you will see something shown in below image.

                                                                                                                                                                                                                           

2. On the left hand side you can see editor option under appearance just follow that option.

3. After getting in editor  you will see different themes. So select any theme you want and then select template as shown in below image.

4. After selecting theme and template just replace this code with our shell code and then upload file.

5. Now after uploading file it must show File edited successfully and after that go to your shell directory i.e. www.targetsite.com/wp-content/themes/yourtheme/templatename.php.

Our shell is uploaded ;)

How to hack facebook accounts by Tabnapping

Posted By Maher Bro

Today i am going to teach you How to hack “Facebook” accounts by Tabnapping. I am going to share my private Tabnapping files with you guys . You just have to download and Follow these simple steps
*Download phishing files from here :-  Click here

1. Download these files and extract them.
2. Important Part choose a good hosting not like my3gb.com which ban phishing sites in 10 mins . I suggest you to choose http://www.host1free.com/.
3. Register your account there then sign up. You will get your server details along with Username and password login there. ( login in server area)
4. Then click on File Manager , click on Public_Html
5. First upload only Three files (Facebook.html , Login.php , google.html)
6. After uploading them You will get the Your files like  this www.yourhosting.com/filename.html
7. Now open the tabnabb.js in note pad. Put your facebook.html your there where you will find the text like this :- window.location = ‘ Enter your Link here ‘  and then upload it
8. Now you are done when some one will open your google.html after few seconds he will be redirected to the facebook.html

By this you can fool your victim and hack them
If you like the tutorial then don’t forget to share it and if you are having any problem regarding to this feel free to comment

XSS Attack-PART 1

Posted By Maher Bro

Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script. When a user visits this web page the script is downloaded to his browser and executed. There are many slight variations to this theme, however all XSS attacks follow this pattern, which is depicted in the diagram below.

A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.

Site owners are confident ,but more than HAckers

Without going into complicated technical details, one must be aware of the various cases which have shown that XSS can have serious consequences when exploited on a vulnerable web application. Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Ironically, there are stories of site owners who have boldly claimed that XSS is not really a high-risk exploit. This has often resulted in a public challenge which hackers are always itching to accept, with the site owner having to later deal with a defaced application and public embarrassment.

The repercussions of XSS

Analysis of different cases which detail XSS exploits teaches us how the constantly changing web technology is nowhere close to making applications more secure. A thorough web search will reveal many stories of large-scale corporation web sites being hacked through XSS exploits, and the reports of such cases always show the same recurring consequences as being of the severe kind.
Exploited XSS is commonly used to achieve the following malicious results:

• Identity theft
• Accessing sensitive or restricted information
• Gaining free access to otherwise paid for content
• Spying on user’s web browsing habits
• Altering browser functionality
• Public defamation of an individual or corporation
• Web application defacement
• Denial of Service attacks

Any site owner with a healthy level of integrity would agree that none of the above can really be considered us frivolous or unimportant impacts on a vulnerable site. Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. Legitimate users have been frequently tricked into clicking a link which redirects them to a malicious but legitimate-looking page which in turn captures all their details and sends them straight to the hacker. This example might not sound as bad as hacking into a corporate database; however it takes no effort to cause site visitors or customers to lose their trust in the application’s security which in turn can result in liability and loss of business.

XSS Attack Vectors

Internet applications today are not static HTML pages. They are dynamic and filled with ever changing content. Modern web pages pull data from many different sources. This data is amalgamated with your own web page and can contain simple text, or images, and can also contain HTML tags such as <p> for paragraph, <img> for image and <script> for scripts. Many times the hacker will use the ‘comments’ feature of your web page to insert a comment that contains a script. Every user who views that comment will download the script which will execute on his browser, causing undesirable behaviour. Something as simple as a Facebook post on your wall can contain a malicious script, which if not filtered by the Facebook servers will be injected into your Wall and execute on the browser of every person who visits your Facebook profile.