Dear Readers: HWS has recently started a new project for the students of engineering ====> The Engineering Projects


Write at HWS !!!

Guest Posting

How secure is your Computer ?

Check out your computer safety here . A lot of tools , tricks and hacks related to computer .

Blogger Tips and Tricks

A Lot of tips ,tricks and hacks related to blogger . Seo tricks to get maximum targetted traffic to your blog.

Easy ways to Earn Online

Online earning is not so difficult but it needs a lot of patience and hardwork. Here are some techniques to earn money through internet.

Facebook Tricks

A lot of facebook tips , tricks and hacks.It requires a lot of time but reading is must.

Pro Hacking

If you have knowledge about basic techniques then try this,but be careful as it is highly toxic.

Monday, August 13, 2012

Web Hacking with DVNA - Free to Download

(DVNA) Damn Vulnerable Web Application  is a collection of website hacking tool based on PHP / mySQL. DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch. Various techniques web hacking attacks can be obtained from this tool. Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.

Key Features

DVWA include some web hacking tools such as :
  • SQL Injection
  • XSS (Cross Site Scripting)
  • LFI (Local File Inclusion)
  • RFI (Remote File Inclusion)
  • Command Execution
  • Upload Script
  • Login Brute Force

Download

Collection Of Best PHP and ASP shells : Free

Monday, August 6, 2012

BSQL Hacker : Automated SQL Injection Framework Tool

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

Videos

Download

  • New version is out, it's mostly bug fixed, CLICK HERE to download.

Screenshot


Key Features

  • Easy Mode
    • SQL Injection Wizard
    • Automated Attack Support (database dump)
      • ORACLE
      • MSSQL
      • MySQL (experimental)
  • General
    • Fast and Multithreaded
    • 4 Different SQL Injection Support
      • Blind SQL Injection
      • Time Based Blind SQL Injection
      • Deep Blind (based on advanced time delays) SQL Injection
      • Error Based SQL Injection
    • Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
    • RegEx Signature support
    • Console and GUI Support
    • Load / Save Support
    • Token / Nonce / ViewState etc. Support
    • Session Sharing Support
    • Advanced Configuration Support
    • Automated Attack mode, Automatically extract all database schema and data mode
  • Update / Exploit Repository Features
    • Metasploit alike but exploit repository support
    • Allows to save and share SQL Injection exploits
    • Supports auto-update
    • Custom GUI support for exploits (cookie input, URL input etc.)
  • GUI Features
    • Load and Save
    • Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
    • Visually view true and false responses as well as full HTML response, including time and stats
  • Connection Related
    • Proxy Support (Authenticated Proxy Support)
    • NTLM, Basic Auth Support, use default credentials of current user/application
    • SSL (also invalid certificates) Support
    • Custom Header Support
  • Injection Points (only one of them or combination)
    • Query String
    • Post
    • HTTP Headers
    • Cookies
  • Other
    • Post Injection data can be stored in a separated file
    • XML Output (not stable)
    • CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)

Friday, August 3, 2012

Attack An IP With Metasploit & NMAP

Hello guys, howz you all ? Vandan here. First of all I want to say thanks to XEO Hacker for giving me chance to write for this blog and I will try my best to give you guys the best I can. I have chosen "GOOGLE WORM" as my nick in hacking world hope you guys like it as well.Lets come to the tutorial. Tomorrow I have posted about ClickJacking Attack in which I have given an idea about ClickJacking and the ways how to do it. Today I am going to write about Nmap with Metasploit. Let's start .

Steps to Follow

  • First download Metasploit 3.3 from the official website.
  • Let it install and towards the end of the installation it will ask if you would like Nmap installed also, choose YES. 
  • Once you have installed the Metasploit, the below screen will open up.

  • Now type db_create. 
  • Once you have typed that type nmap, it will load nmap as shown in below image.
  • You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer. 
  • Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number)
  • Now give it 5 minutes to complete the scan,Once that is complete if you are lucky you should get a response like this...
  • This is basically a list of the open ports and services running on the target machine. 
  • Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.
  • Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e.
  • From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. 
  • Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.But if you are in luck and the targeted computer is vulnerable to exploits then BOOM.
  • Good luck. Have fun !!!
Note : This tutorial is just for educational purposes and HWS team is not responsible for any kind of misusse. Use it on your own risk. This tutorial is written by " Google Worm ".

Wednesday, August 1, 2012

Click Jacking Attack

Definition

"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages."

Introduction

A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins like Flash."

How It Works?

ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.

ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.

So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.

In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.

JavaScript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.

Examples

  • Malicious camera spying using Adobe's Flash.
  •  Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.
  • The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed.    

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 

Recent Posts

Join Me On Facebook

700+ Followers

Followers


meet women in Ukraine contatore visite website counter
DMCA.com

Recent Comments

Follow Me On Twitter

1112+ Followers